Report - user.wazhuti.com/wp-content/uploads/bfi_thumb/vernoniaceous/indivision

Report Overview

Submitted URL
user.wazhuti.com/wp-content/uploads/bfi_thumb/vernoniaceous/indivision_periodology.html?utyj=t3h81dg/
IP
122.226.191.231
ASN
#4134 Chinanet
Submitted
2024-05-10 21:02:26
Access
public
Website Title
Best dating worldwide
Final URL
befjajh.offerdate.link/s/62cf1c2250951?track=looker3
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
2
Threat Detection Systems
30

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-05-10	1.6 kB	102 kB	216.58.207.227
ocsp.r2m03.amazontrust.com	unknown	2007-05-11	2023-02-21	2024-05-09	338 B	863 B	143.204.53.97
guard.cdtbox.rocks	240008	2015-11-17	2020-08-11	2024-04-17	536 B	249 B	34.197.244.106
user.wazhuti.com	unknown	unknown	No data	No data	471 B	504 B	183.134.17.12
blueredapple.com	unknown	unknown	No data	No data	730 B	1.5 kB	88.214.27.56
openfpcdn.io	238589	2021-11-10	2021-11-11	2024-05-08	424 B	6.0 kB	54.230.111.24
befjajh.offerdate.link	unknown	unknown	No data	No data	30 kB	324 kB	176.123.10.32
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-05-10	545 B	2.0 kB	142.250.74.106

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-05-10 21:02:01	low	Client IP	54.230.111.24	ET INFO Observed FingerprintJS Domain (openfpcdn .io in TLS SNI)
2024-05-10 21:02:01	low	Client IP	54.230.111.24	ET INFO Observed FingerprintJS Domain (openfpcdn .io in TLS SNI)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-10	medium	blueredapple.com	Sinkholed
2024-05-10	medium	blueredapple.com	Sinkholed
2024-05-10	medium	offerdate.link	Sinkholed
2024-05-10	medium	offerdate.link	Sinkholed
2024-05-10	medium	offerdate.link	Sinkholed
2024-05-10	medium	offerdate.link	Sinkholed
2024-05-10	medium	offerdate.link	Sinkholed
2024-05-10	medium	offerdate.link	Sinkholed
2024-05-10	medium	offerdate.link	Sinkholed
2024-05-10	medium	offerdate.link	Sinkholed
2024-05-10	medium	offerdate.link	Sinkholed
2024-05-10	medium	offerdate.link	Sinkholed
2024-05-10	medium	offerdate.link	Sinkholed
2024-05-10	medium	offerdate.link	Sinkholed
2024-05-10	medium	offerdate.link	Sinkholed

ThreatFox

No alerts detected

JavaScript (8)

	URL	Size	First Seen	Last Seen
	befjajh.offerdate.link/s/62cf1c2250951?track=looker3	1.1 kB	2024-04-06	2024-05-23
Pretty URL befjajh.offerdate.link/s/62cf1c2250951?track=looker3 IP 176.123.10.32 ASN #200019 Alexhost Srl Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-06 17:29:42 Last Seen2024-05-23 04:21:20 Times Seen35 Hash 8dcffa91ec85cc95c95196d43f0885f5 e85ccbbf77b65233b50827650f3adaccf6c45473 e52641ab929ae3e2a68efa2a4e8a3a5f2479f084faeb8e97950cd751f5ec58b2 Loading...

	befjajh.offerdate.link/s/62cf1c2250951?track=looker3	68 B	2024-05-10	2024-05-10
Pretty URL befjajh.offerdate.link/s/62cf1c2250951?track=looker3 IP 176.123.10.32 ASN #200019 Alexhost Srl Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-10 23:02:35 Last Seen2024-05-10 23:02:35 Times Seen1 Hash 4a007f2ee2a8a935a00d774122f214d4 08407a4cceb26584fe8ca42496f510a74a2870e4 791a9a9341810bf578c18e2a4848714a859f3e053df524b932e41155cf5ce9a9 Loading...

	befjajh.offerdate.link/bundle/614/assets/js/jquery.js	135 kB	2023-03-14	2024-05-15
Pretty URL befjajh.offerdate.link/bundle/614/assets/js/jquery.js IP 178.162.199.80 ASN #28753 Leaseweb Deutschland GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 03:19:38 Last Seen2024-05-15 00:17:08 Times Seen47 Hash 03231e46bbea8a8d4df4702f5867a3fb 5398853ad81afa482282626672027df9644eb354 c9c92e3680539a7131456990fe5fe7355338885bd5490844681d433836c3f9dc Loading...

	befjajh.offerdate.link/s/62cf1c2250951?track=looker3	299 B	2023-12-22	2024-05-23
Pretty URL befjajh.offerdate.link/s/62cf1c2250951?track=looker3 IP 176.123.10.32 ASN #200019 Alexhost Srl Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-22 08:52:25 Last Seen2024-05-23 04:21:20 Times Seen201 Hash 15f926db63bf9306da0ffca2f7373f6b f9abe3973e107a4f9e0bcad33cf823aa2e2008dd 9735c70c0eb1a1ef02e61e4dd4978a0f8f1a3593f6b27243a4784ea190c11acb Loading...

	befjajh.offerdate.link/s/62cf1c2250951?track=looker3	31 kB	2023-03-07	2024-05-23
Pretty URL befjajh.offerdate.link/s/62cf1c2250951?track=looker3 IP 176.123.10.32 ASN #200019 Alexhost Srl Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:14:35 Last Seen2024-05-23 04:21:20 Times Seen1390 Hash e7d6b85edb141824af8951e19333337c 76600b2cb1978ca24d9fe39b1412f052da855ddb 6e1bf43d1d49858aacd5de53b32b551732bca4b2a46b1f808eb6d6d0f2b70c0e Loading...

	befjajh.offerdate.link/s/62cf1c2250951?track=looker3	7.4 kB	2024-01-25	2024-05-23
Pretty URL befjajh.offerdate.link/s/62cf1c2250951?track=looker3 IP 176.123.10.32 ASN #200019 Alexhost Srl Introduced by scriptElement Embedded in HTML true Observations First Seen2024-01-25 18:29:35 Last Seen2024-05-23 04:21:20 Times Seen126 Hash 847b110241d94d91e3deb85367b81009 6415627c723968a4bbcd4770db69b0c22a50a187 12eb8939aa5fe17526e90afca21f644f8959b3a56398392bb6bb4e85185f4356 Loading...

	befjajh.offerdate.link/bundle/614/assets/js/functions.js	556 B	2023-03-14	2024-05-15
Pretty URL befjajh.offerdate.link/bundle/614/assets/js/functions.js IP 178.162.199.80 ASN #28753 Leaseweb Deutschland GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 12:22:44 Last Seen2024-05-15 01:00:36 Times Seen79 Hash f4815c2a20151ac6069b03eb88d80292 3f951f963406e19aa509490deec23e3f44904c97 9ea1b5fed2553975afb17a55ef18dc5e715c3b2434c3b7229c8b16a089b4e346 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 444bcb3a3fcf8389296c49467f27e1d6	2 B	2023-03-08	2024-05-23
Pretty Observations First Seen2023-03-08 02:32:37 Last Seen2024-05-23 04:42:48 Times Seen115189 Hash 444bcb3a3fcf8389296c49467f27e1d6 7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df Loading...

HTTP Transactions (23)

URL IP Response Size

user.wazhuti.com/wp-content/uploads/bfi_thumb/vernoniaceous/indivision_periodology.html?utyj=t3h81dg/

183.134.17.12

96 B

URL
user.wazhuti.com/wp-content/uploads/bfi_thumb/vernoniaceous/indivision_periodology.html?utyj=t3h81dg/
IP
183.134.17.12:0
ASN
#136190 JINHUA, ZHEJIANG Province, P.R.China.

File type
HTML document, ASCII text
Size
96 B (96 bytes)
Hash
3c680862f83fbf9e4b5d4343783ad137
de41ae4b8266d0af9a0ae2dd8c7c3aa151ecd50b
488d357c8d025bdbbfb9f1d2eac0937467d4059ed7d4f775605ccbe2751d142a

HTTP Headers

GET /wp-content/uploads/bfi_thumb/vernoniaceous/indivision_periodology.html?utyj=t3h81dg/ HTTP/1.1
Host: user.wazhuti.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 21:01:58 GMT
Content-Type: text/html
Content-Length: 96
Connection: keep-alive
Set-Cookie: http_waf_cookie=f6bc3d67-0b8d-4230f4acdfc31d5b757c13110dc6d48d2dc4; Expires=1715382118; Path=/; HttpOnly
Server: WAF
Last-Modified: Mon, 22 Apr 2024 22:03:23 GMT
ETag: "6626deab-60"
X-Request-Id: 22983d0c18408ae49dceba8211bd96a6
X-Cache: BYPASS
Accept-Ranges: bytes

blueredapple.com/

88.214.27.56

719 B

URL
blueredapple.com/
IP
88.214.27.56:0
ASN
#209272 Alviva Holding Limited

File type
HTML document, ASCII text, with CRLF line terminators
Size
719 B (719 bytes)
Hash
bb74ce786971f4d876f64b646c1c93af
7aaf025f31c3e769d6931a14b42493d2e518430f
009a8645427f1e1b5ada711e78da2f4d905069b7e8e913c98874cb197358c7eb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: blueredapple.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 21:02:01 GMT
Server: Apache/2
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Sat, 04 May 2024 09:48:11 GMT
ETag: "6ed-6179dbbf58cc0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 719
Keep-Alive: timeout=2, max=100
Content-Type: text/html

openfpcdn.io/botd/v1

54.230.111.24

5.3 kB

URL
openfpcdn.io/botd/v1
IP
54.230.111.24:0
ASN
#16509 AMAZON-02

File type
JavaScript source, ASCII text, with very long lines (15005)
Size
5.3 kB (5330 bytes)
Hash
234a8c1c15df9b03c65e9e14c82fc872
e5ca36727846aede7dfbc07e88b2b025eb0cae90
29cb26e06f2a4a877f1134a46480d9b78f8b6e0e6f9b0fe67e34307c312b5a89

HTTP Headers

GET /botd/v1 HTTP/1.1
Host: openfpcdn.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://blueredapple.com
DNT: 1
Connection: keep-alive
Referer: http://blueredapple.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
server: CloudFront
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: br
date: Fri, 10 May 2024 19:09:59 GMT
cache-control: public, max-age=597418, s-maxage=10654
etag: W/"5co2cnhGrt59+8B+iLKwJesMrpA"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: -4i4CiZcIw4o83O-oB7kF1ClqULuYR2HM3RQuQLgv2nsHBYj1AA18A==
age: 6736
X-Firefox-Spdy: h2

blueredapple.com/favicon.ico

88.214.27.56

200 B

URL
blueredapple.com/favicon.ico
IP
88.214.27.56:0
ASN
#209272 Alviva Holding Limited

File type
HTML document, ASCII text
Size
200 B (200 bytes)
Hash
74562259c2de326b456802b6214c10a4
794e1debb058ce60c376b3c5b712a6813e23c5e1
8caec8fd649aa4490220685f8a8571491e1029a6400a5ef790375107c15001d5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: blueredapple.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://blueredapple.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Fri, 10 May 2024 21:02:01 GMT
Server: Apache/2
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 200
Keep-Alive: timeout=2, max=99
Connection: Keep-Alive
Content-Type: text/html

befjajh.offerdate.link/s/62cf1c2250951?track=looker3

176.123.10.32

200 OK

15 kB

URL User Request GET HTTP/1.1
befjajh.offerdate.link/s/62cf1c2250951?track=looker3
IP
176.123.10.32:443
ASN
#200019 Alexhost Srl

Certificate
IssuerLet's Encrypt
Subjectofferdate.link
Fingerprint73:51:3A:FA:D1:47:5F:89:83:B8:C9:7B:8B:EE:0C:59:3C:2C:D5:FD
ValidityThu, 25 Apr 2024 09:57:39 GMT - Wed, 24 Jul 2024 09:57:38 GMT

File type
HTML document, ASCII text, with very long lines (30569)
Size
15 kB (15052 bytes)
Hash
d6dba1ff99363e0141c6a62fd78c567b
125f127094388015ded4a0ede7cdefee66776908
2f78fefda04ec5c2e297ceecaa79b6644ba1c32d516acd3f28fa15a672be518e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /s/62cf1c2250951?track=looker3 HTTP/1.1
Host: befjajh.offerdate.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Fri, 10 May 2024 21:02:03 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding, Accept-Encoding
Set-Cookie: s=LGUkzcjlNoqpLIbU4PDUb7C2KSjXDPNODVr1wlX5O0BoZgSAtr2gSz%2BY%2Bnm0VSmzt3WC62P9BXPNQ87m36QoZyB%2B3vmXHuNZ%2FRe4zyBDYU3f4rvNscvnV8aQQGiTiGc%2FxjU0%2FtAmCSiEwCTDXczE%2BTo8cXUZuMBY2EzLZ%2BjK9V1FlaewI%2Fet9dLE41bYVX0lTdM8%2F01onZTEtXaSNzhyhXhksMvTl1NjTJzoDo7vIe7B5NEs5MnDKeqi%2BPxf03x9isjLf3JFT1p017FCntlNN82PUvyCuvaDRM8ntMC9ZjuB%2FUzZSDRpp854s3LnxOtxZ6WJ3sK1FynNgmtXs%2BElwysa9SUoq3NwMYmbP%2FXPbgTQc61HbC1Gf9A4%2FSug%2FKMNBU3ZfFstGIl4nGTCPc3RljJIJ4iokTZbtjBXaOlHOe4KYftpJBTZWzKN4RyMstklCf6jznBz2w%2BKZLWNCCit5RwrOx%2BHjODx0aVVzJCClhdOllkkv8JhCcfKTEqQKV3%2BTmEjmC5lGahTYPc%2Fj5i%2BLj05Yv%2BSbmDE%2BuGSkn044psyAJRukinqU0g77zabszfq0scW%2Br4xC9oxjnZn4XeAyplGyXLfwnqiD6ArZqWbjzepJOn7oL08%2BtLIAjO0RAuKY1Cm%2FwkMfzJrKp5B7lkvQkEVqcsS136tfoZkSa1is14MNELmujoxjxyiVrCSVQ22r%2FtvVcwmQZjw4dHXcRS6Rtj9F8Lnz7l1RYiu9PnAw6kxu5qHhIe%2Btnb2oxeI3rXVHQVFqKA4IBCz57w97B0l20leSfuYYztUkC9YKO8h8bGL0xdQukJOHaGDsjTdwGPiHi3gC6UVaX%2B%2Fx5QxUAFErFBIkXKtQhgwJofb7DQdwp9jxvzJZLW41h9xHWdhbzizD%2B%2Fh%2B3QQLcResTmRyjfjz1PFbJVjHXog1QAZrWpyJAgN516G1f%2BpSvGPcYZJ1%2FyEEpwxWUYcLDDcl8JozXQdTkgQIM4jinx0hoJp7CKsIK0zqNaZmUEoA49NyWzJc%2FMChhHmRZ9WA4%2BmknAX4SNdPOmif3bTPJNIgCXBh9WgFwLWrVEHMnLfQcGWeaLdYd7%2BXv1YEFjP25X6onBRUUpj3JiQ%2FC53Y4JrQ16Q%2FVZa4k0U7ZzKjn2VvhbZ5HrxLKn6dpbKx1vqVYaMK2IeLIBTd8L0MMg6i%2BeWFQQm0FmlS4Wn5ftJ7chvW3l4sn1B0Ls%2B7JkRjiHqFFEsr%2FvW2FQoAeTsK9vbi4KHBF%2Fmx%2FUlYi%2FUOPE0FB9OG3TUTly%2BR0P38zjmYzVdZQsaFhYiqT53a%2FmlXn%2FCI2C%2FQr4RsmIg0ISSgy799O5E1hERk62SIEZuwd3brQuhzmdpss4ZybyOFw8WuV4U%2BrPz7JOWoX7u2cRxcBktlJMFNgQ%2BCI8nkQmuVeVmsm1HjQiPBKz6G8n%2BoGy%2B4C4oibwpTmxgMtbVHRlG0VaAIsFYmwozSZhpSsMYWN7OrZX4pYFSc3%2FHI1tpo9a8mImObNDD4MgHY1MhwnlnJG9Sdhh0hoAgG6tHmLNHeUWSB2f13gK7YUPSoIGF8lsjj0BvYXI8dxaLHysSTQ15cjmaumkDPwfZ%2FKOuyuXij167VKP8DD0ZqmQwKXUQ5eKEd7cG7EwzHxmDAmbw2zpkpUqM%2Fgde27zZ5k5JsBi%2Fqsnx6zPwjTbiUsWAZ1Eqi%2F0lk0cUUC%2FeE4XXT%2B%2FVvMaiOeenlqBZj2BNMssEmBI7bLg0w5RPBA6zW29caBpmguZc5cWshpjKgg9NFTs9Hqdf1vc76GIlHntWyH6ccIAbCkGFXCtax97TItYTKzpRsgGsNxL68hckd7sbYAC6mXFhNMeEHe1L96Cn4%2BilYXQmN%2BK3; expires=Sat, 11-May-2024 21:02:03 GMT; Max-Age=86400; path=/; domain=offerdate.link
SID=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=offerdate.link
ESID=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=offerdate.link
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Content-Encoding: gzip

befjajh.offerdate.link/bundle/614/assets/css/style.css

176.123.10.32

200 OK

2.5 kB

URL GET HTTP/1.1
befjajh.offerdate.link/bundle/614/assets/css/style.css
IP
176.123.10.32:443
ASN
#200019 Alexhost Srl

Requested by
https://befjajh.offerdate.link/s/62cf1c2250951?track=looker3
Certificate
IssuerLet's Encrypt
Subjectofferdate.link
Fingerprint73:51:3A:FA:D1:47:5F:89:83:B8:C9:7B:8B:EE:0C:59:3C:2C:D5:FD
ValidityThu, 25 Apr 2024 09:57:39 GMT - Wed, 24 Jul 2024 09:57:38 GMT

File type
ASCII text, with CRLF line terminators
Size
2.5 kB (2451 bytes)
Hash
c40ca5d0b23290f5dad56d80cdb6d73a
c106ae740ad8be105f07c12c8173867d62697317
08cafe44276f0ec03270725086000222fea599b5f671cfbdb92aadfda1b49eaf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bundle/614/assets/css/style.css HTTP/1.1
Host: befjajh.offerdate.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://befjajh.offerdate.link/s/62cf1c2250951?track=looker3
Cookie: s=LGUkzcjlNoqpLIbU4PDUb7C2KSjXDPNODVr1wlX5O0BoZgSAtr2gSz%2BY%2Bnm0VSmzt3WC62P9BXPNQ87m36QoZyB%2B3vmXHuNZ%2FRe4zyBDYU3f4rvNscvnV8aQQGiTiGc%2FxjU0%2FtAmCSiEwCTDXczE%2BTo8cXUZuMBY2EzLZ%2BjK9V1FlaewI%2Fet9dLE41bYVX0lTdM8%2F01onZTEtXaSNzhyhXhksMvTl1NjTJzoDo7vIe7B5NEs5MnDKeqi%2BPxf03x9isjLf3JFT1p017FCntlNN82PUvyCuvaDRM8ntMC9ZjuB%2FUzZSDRpp854s3LnxOtxZ6WJ3sK1FynNgmtXs%2BElwysa9SUoq3NwMYmbP%2FXPbgTQc61HbC1Gf9A4%2FSug%2FKMNBU3ZfFstGIl4nGTCPc3RljJIJ4iokTZbtjBXaOlHOe4KYftpJBTZWzKN4RyMstklCf6jznBz2w%2BKZLWNCCit5RwrOx%2BHjODx0aVVzJCClhdOllkkv8JhCcfKTEqQKV3%2BTmEjmC5lGahTYPc%2Fj5i%2BLj05Yv%2BSbmDE%2BuGSkn044psyAJRukinqU0g77zabszfq0scW%2Br4xC9oxjnZn4XeAyplGyXLfwnqiD6ArZqWbjzepJOn7oL08%2BtLIAjO0RAuKY1Cm%2FwkMfzJrKp5B7lkvQkEVqcsS136tfoZkSa1is14MNELmujoxjxyiVrCSVQ22r%2FtvVcwmQZjw4dHXcRS6Rtj9F8Lnz7l1RYiu9PnAw6kxu5qHhIe%2Btnb2oxeI3rXVHQVFqKA4IBCz57w97B0l20leSfuYYztUkC9YKO8h8bGL0xdQukJOHaGDsjTdwGPiHi3gC6UVaX%2B%2Fx5QxUAFErFBIkXKtQhgwJofb7DQdwp9jxvzJZLW41h9xHWdhbzizD%2B%2Fh%2B3QQLcResTmRyjfjz1PFbJVjHXog1QAZrWpyJAgN516G1f%2BpSvGPcYZJ1%2FyEEpwxWUYcLDDcl8JozXQdTkgQIM4jinx0hoJp7CKsIK0zqNaZmUEoA49NyWzJc%2FMChhHmRZ9WA4%2BmknAX4SNdPOmif3bTPJNIgCXBh9WgFwLWrVEHMnLfQcGWeaLdYd7%2BXv1YEFjP25X6onBRUUpj3JiQ%2FC53Y4JrQ16Q%2FVZa4k0U7ZzKjn2VvhbZ5HrxLKn6dpbKx1vqVYaMK2IeLIBTd8L0MMg6i%2BeWFQQm0FmlS4Wn5ftJ7chvW3l4sn1B0Ls%2B7JkRjiHqFFEsr%2FvW2FQoAeTsK9vbi4KHBF%2Fmx%2FUlYi%2FUOPE0FB9OG3TUTly%2BR0P38zjmYzVdZQsaFhYiqT53a%2FmlXn%2FCI2C%2FQr4RsmIg0ISSgy799O5E1hERk62SIEZuwd3brQuhzmdpss4ZybyOFw8WuV4U%2BrPz7JOWoX7u2cRxcBktlJMFNgQ%2BCI8nkQmuVeVmsm1HjQiPBKz6G8n%2BoGy%2B4C4oibwpTmxgMtbVHRlG0VaAIsFYmwozSZhpSsMYWN7OrZX4pYFSc3%2FHI1tpo9a8mImObNDD4MgHY1MhwnlnJG9Sdhh0hoAgG6tHmLNHeUWSB2f13gK7YUPSoIGF8lsjj0BvYXI8dxaLHysSTQ15cjmaumkDPwfZ%2FKOuyuXij167VKP8DD0ZqmQwKXUQ5eKEd7cG7EwzHxmDAmbw2zpkpUqM%2Fgde27zZ5k5JsBi%2Fqsnx6zPwjTbiUsWAZ1Eqi%2F0lk0cUUC%2FeE4XXT%2B%2FVvMaiOeenlqBZj2BNMssEmBI7bLg0w5RPBA6zW29caBpmguZc5cWshpjKgg9NFTs9Hqdf1vc76GIlHntWyH6ccIAbCkGFXCtax97TItYTKzpRsgGsNxL68hckd7sbYAC6mXFhNMeEHe1L96Cn4%2BilYXQmN%2BK3
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Fri, 10 May 2024 21:02:04 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 04 Feb 2022 08:47:52 GMT
Vary: Accept-Encoding, Accept-Encoding
ETag: W/"61fce838-22c0"
Expires: Sun, 09 Jun 2024 21:02:04 GMT
Cache-Control: max-age=2592000, private
Content-Encoding: gzip

befjajh.offerdate.link/bundle/614/assets/js/functions.js

178.162.199.80

200 OK

278 B

URL GET HTTP/1.1
befjajh.offerdate.link/bundle/614/assets/js/functions.js
IP
178.162.199.80:443
ASN
#28753 Leaseweb Deutschland GmbH

Requested by
https://befjajh.offerdate.link/s/62cf1c2250951?track=looker3
Certificate
IssuerLet's Encrypt
Subjectofferdate.link
Fingerprint73:51:3A:FA:D1:47:5F:89:83:B8:C9:7B:8B:EE:0C:59:3C:2C:D5:FD
ValidityThu, 25 Apr 2024 09:57:39 GMT - Wed, 24 Jul 2024 09:57:38 GMT

File type
JavaScript source, ASCII text, with CRLF line terminators
Size
278 B (278 bytes)
Hash
f4815c2a20151ac6069b03eb88d80292
3f951f963406e19aa509490deec23e3f44904c97
9ea1b5fed2553975afb17a55ef18dc5e715c3b2434c3b7229c8b16a089b4e346

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bundle/614/assets/js/functions.js HTTP/1.1
Host: befjajh.offerdate.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://befjajh.offerdate.link/s/62cf1c2250951?track=looker3
Cookie: s=LGUkzcjlNoqpLIbU4PDUb7C2KSjXDPNODVr1wlX5O0BoZgSAtr2gSz%2BY%2Bnm0VSmzt3WC62P9BXPNQ87m36QoZyB%2B3vmXHuNZ%2FRe4zyBDYU3f4rvNscvnV8aQQGiTiGc%2FxjU0%2FtAmCSiEwCTDXczE%2BTo8cXUZuMBY2EzLZ%2BjK9V1FlaewI%2Fet9dLE41bYVX0lTdM8%2F01onZTEtXaSNzhyhXhksMvTl1NjTJzoDo7vIe7B5NEs5MnDKeqi%2BPxf03x9isjLf3JFT1p017FCntlNN82PUvyCuvaDRM8ntMC9ZjuB%2FUzZSDRpp854s3LnxOtxZ6WJ3sK1FynNgmtXs%2BElwysa9SUoq3NwMYmbP%2FXPbgTQc61HbC1Gf9A4%2FSug%2FKMNBU3ZfFstGIl4nGTCPc3RljJIJ4iokTZbtjBXaOlHOe4KYftpJBTZWzKN4RyMstklCf6jznBz2w%2BKZLWNCCit5RwrOx%2BHjODx0aVVzJCClhdOllkkv8JhCcfKTEqQKV3%2BTmEjmC5lGahTYPc%2Fj5i%2BLj05Yv%2BSbmDE%2BuGSkn044psyAJRukinqU0g77zabszfq0scW%2Br4xC9oxjnZn4XeAyplGyXLfwnqiD6ArZqWbjzepJOn7oL08%2BtLIAjO0RAuKY1Cm%2FwkMfzJrKp5B7lkvQkEVqcsS136tfoZkSa1is14MNELmujoxjxyiVrCSVQ22r%2FtvVcwmQZjw4dHXcRS6Rtj9F8Lnz7l1RYiu9PnAw6kxu5qHhIe%2Btnb2oxeI3rXVHQVFqKA4IBCz57w97B0l20leSfuYYztUkC9YKO8h8bGL0xdQukJOHaGDsjTdwGPiHi3gC6UVaX%2B%2Fx5QxUAFErFBIkXKtQhgwJofb7DQdwp9jxvzJZLW41h9xHWdhbzizD%2B%2Fh%2B3QQLcResTmRyjfjz1PFbJVjHXog1QAZrWpyJAgN516G1f%2BpSvGPcYZJ1%2FyEEpwxWUYcLDDcl8JozXQdTkgQIM4jinx0hoJp7CKsIK0zqNaZmUEoA49NyWzJc%2FMChhHmRZ9WA4%2BmknAX4SNdPOmif3bTPJNIgCXBh9WgFwLWrVEHMnLfQcGWeaLdYd7%2BXv1YEFjP25X6onBRUUpj3JiQ%2FC53Y4JrQ16Q%2FVZa4k0U7ZzKjn2VvhbZ5HrxLKn6dpbKx1vqVYaMK2IeLIBTd8L0MMg6i%2BeWFQQm0FmlS4Wn5ftJ7chvW3l4sn1B0Ls%2B7JkRjiHqFFEsr%2FvW2FQoAeTsK9vbi4KHBF%2Fmx%2FUlYi%2FUOPE0FB9OG3TUTly%2BR0P38zjmYzVdZQsaFhYiqT53a%2FmlXn%2FCI2C%2FQr4RsmIg0ISSgy799O5E1hERk62SIEZuwd3brQuhzmdpss4ZybyOFw8WuV4U%2BrPz7JOWoX7u2cRxcBktlJMFNgQ%2BCI8nkQmuVeVmsm1HjQiPBKz6G8n%2BoGy%2B4C4oibwpTmxgMtbVHRlG0VaAIsFYmwozSZhpSsMYWN7OrZX4pYFSc3%2FHI1tpo9a8mImObNDD4MgHY1MhwnlnJG9Sdhh0hoAgG6tHmLNHeUWSB2f13gK7YUPSoIGF8lsjj0BvYXI8dxaLHysSTQ15cjmaumkDPwfZ%2FKOuyuXij167VKP8DD0ZqmQwKXUQ5eKEd7cG7EwzHxmDAmbw2zpkpUqM%2Fgde27zZ5k5JsBi%2Fqsnx6zPwjTbiUsWAZ1Eqi%2F0lk0cUUC%2FeE4XXT%2B%2FVvMaiOeenlqBZj2BNMssEmBI7bLg0w5RPBA6zW29caBpmguZc5cWshpjKgg9NFTs9Hqdf1vc76GIlHntWyH6ccIAbCkGFXCtax97TItYTKzpRsgGsNxL68hckd7sbYAC6mXFhNMeEHe1L96Cn4%2BilYXQmN%2BK3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Fri, 10 May 2024 21:02:04 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 04 Feb 2022 08:47:54 GMT
Vary: Accept-Encoding, Accept-Encoding
ETag: W/"61fce83a-22c"
Expires: Sun, 09 Jun 2024 21:02:04 GMT
Cache-Control: max-age=2592000, private
Content-Encoding: gzip

befjajh.offerdate.link/bundle/614/assets/js/jquery.js

178.162.199.80

200 OK

35 kB

URL GET HTTP/1.1
befjajh.offerdate.link/bundle/614/assets/js/jquery.js
IP
178.162.199.80:443
ASN
#28753 Leaseweb Deutschland GmbH

Requested by
https://befjajh.offerdate.link/s/62cf1c2250951?track=looker3
Certificate
IssuerLet's Encrypt
Subjectofferdate.link
Fingerprint73:51:3A:FA:D1:47:5F:89:83:B8:C9:7B:8B:EE:0C:59:3C:2C:D5:FD
ValidityThu, 25 Apr 2024 09:57:39 GMT - Wed, 24 Jul 2024 09:57:38 GMT

File type
JavaScript source, ASCII text, with very long lines (699), with CRLF line terminators
Size
35 kB (34722 bytes)
Hash
03231e46bbea8a8d4df4702f5867a3fb
5398853ad81afa482282626672027df9644eb354
c9c92e3680539a7131456990fe5fe7355338885bd5490844681d433836c3f9dc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bundle/614/assets/js/jquery.js HTTP/1.1
Host: befjajh.offerdate.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://befjajh.offerdate.link/s/62cf1c2250951?track=looker3
Cookie: s=LGUkzcjlNoqpLIbU4PDUb7C2KSjXDPNODVr1wlX5O0BoZgSAtr2gSz%2BY%2Bnm0VSmzt3WC62P9BXPNQ87m36QoZyB%2B3vmXHuNZ%2FRe4zyBDYU3f4rvNscvnV8aQQGiTiGc%2FxjU0%2FtAmCSiEwCTDXczE%2BTo8cXUZuMBY2EzLZ%2BjK9V1FlaewI%2Fet9dLE41bYVX0lTdM8%2F01onZTEtXaSNzhyhXhksMvTl1NjTJzoDo7vIe7B5NEs5MnDKeqi%2BPxf03x9isjLf3JFT1p017FCntlNN82PUvyCuvaDRM8ntMC9ZjuB%2FUzZSDRpp854s3LnxOtxZ6WJ3sK1FynNgmtXs%2BElwysa9SUoq3NwMYmbP%2FXPbgTQc61HbC1Gf9A4%2FSug%2FKMNBU3ZfFstGIl4nGTCPc3RljJIJ4iokTZbtjBXaOlHOe4KYftpJBTZWzKN4RyMstklCf6jznBz2w%2BKZLWNCCit5RwrOx%2BHjODx0aVVzJCClhdOllkkv8JhCcfKTEqQKV3%2BTmEjmC5lGahTYPc%2Fj5i%2BLj05Yv%2BSbmDE%2BuGSkn044psyAJRukinqU0g77zabszfq0scW%2Br4xC9oxjnZn4XeAyplGyXLfwnqiD6ArZqWbjzepJOn7oL08%2BtLIAjO0RAuKY1Cm%2FwkMfzJrKp5B7lkvQkEVqcsS136tfoZkSa1is14MNELmujoxjxyiVrCSVQ22r%2FtvVcwmQZjw4dHXcRS6Rtj9F8Lnz7l1RYiu9PnAw6kxu5qHhIe%2Btnb2oxeI3rXVHQVFqKA4IBCz57w97B0l20leSfuYYztUkC9YKO8h8bGL0xdQukJOHaGDsjTdwGPiHi3gC6UVaX%2B%2Fx5QxUAFErFBIkXKtQhgwJofb7DQdwp9jxvzJZLW41h9xHWdhbzizD%2B%2Fh%2B3QQLcResTmRyjfjz1PFbJVjHXog1QAZrWpyJAgN516G1f%2BpSvGPcYZJ1%2FyEEpwxWUYcLDDcl8JozXQdTkgQIM4jinx0hoJp7CKsIK0zqNaZmUEoA49NyWzJc%2FMChhHmRZ9WA4%2BmknAX4SNdPOmif3bTPJNIgCXBh9WgFwLWrVEHMnLfQcGWeaLdYd7%2BXv1YEFjP25X6onBRUUpj3JiQ%2FC53Y4JrQ16Q%2FVZa4k0U7ZzKjn2VvhbZ5HrxLKn6dpbKx1vqVYaMK2IeLIBTd8L0MMg6i%2BeWFQQm0FmlS4Wn5ftJ7chvW3l4sn1B0Ls%2B7JkRjiHqFFEsr%2FvW2FQoAeTsK9vbi4KHBF%2Fmx%2FUlYi%2FUOPE0FB9OG3TUTly%2BR0P38zjmYzVdZQsaFhYiqT53a%2FmlXn%2FCI2C%2FQr4RsmIg0ISSgy799O5E1hERk62SIEZuwd3brQuhzmdpss4ZybyOFw8WuV4U%2BrPz7JOWoX7u2cRxcBktlJMFNgQ%2BCI8nkQmuVeVmsm1HjQiPBKz6G8n%2BoGy%2B4C4oibwpTmxgMtbVHRlG0VaAIsFYmwozSZhpSsMYWN7OrZX4pYFSc3%2FHI1tpo9a8mImObNDD4MgHY1MhwnlnJG9Sdhh0hoAgG6tHmLNHeUWSB2f13gK7YUPSoIGF8lsjj0BvYXI8dxaLHysSTQ15cjmaumkDPwfZ%2FKOuyuXij167VKP8DD0ZqmQwKXUQ5eKEd7cG7EwzHxmDAmbw2zpkpUqM%2Fgde27zZ5k5JsBi%2Fqsnx6zPwjTbiUsWAZ1Eqi%2F0lk0cUUC%2FeE4XXT%2B%2FVvMaiOeenlqBZj2BNMssEmBI7bLg0w5RPBA6zW29caBpmguZc5cWshpjKgg9NFTs9Hqdf1vc76GIlHntWyH6ccIAbCkGFXCtax97TItYTKzpRsgGsNxL68hckd7sbYAC6mXFhNMeEHe1L96Cn4%2BilYXQmN%2BK3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Fri, 10 May 2024 21:02:04 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 04 Feb 2022 08:47:54 GMT
Vary: Accept-Encoding, Accept-Encoding
ETag: W/"61fce83a-20f8f"
Expires: Sun, 09 Jun 2024 21:02:04 GMT
Cache-Control: max-age=2592000, private
Content-Encoding: gzip

befjajh.offerdate.link/bundle/614/assets/images/02.jpg

178.162.199.80

200 OK

40 kB

URL GET HTTP/1.1
befjajh.offerdate.link/bundle/614/assets/images/02.jpg
IP
178.162.199.80:443
ASN
#28753 Leaseweb Deutschland GmbH

Requested by
https://befjajh.offerdate.link/s/62cf1c2250951?track=looker3
Certificate
IssuerLet's Encrypt
Subjectofferdate.link
Fingerprint73:51:3A:FA:D1:47:5F:89:83:B8:C9:7B:8B:EE:0C:59:3C:2C:D5:FD
ValidityThu, 25 Apr 2024 09:57:39 GMT - Wed, 24 Jul 2024 09:57:38 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 450x630, components 3
Size
40 kB (40184 bytes)
Hash
0e4d6c401720a82a586578c3630078af
803e737b5640de5697bae6b1d0042109216d939b
898e3867a5ec39674298aca6a5ed9dad61ff8069c4dc328fa2c37c7c0a2b16f4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bundle/614/assets/images/02.jpg HTTP/1.1
Host: befjajh.offerdate.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://befjajh.offerdate.link/s/62cf1c2250951?track=looker3
Cookie: s=LGUkzcjlNoqpLIbU4PDUb7C2KSjXDPNODVr1wlX5O0BoZgSAtr2gSz%2BY%2Bnm0VSmzt3WC62P9BXPNQ87m36QoZyB%2B3vmXHuNZ%2FRe4zyBDYU3f4rvNscvnV8aQQGiTiGc%2FxjU0%2FtAmCSiEwCTDXczE%2BTo8cXUZuMBY2EzLZ%2BjK9V1FlaewI%2Fet9dLE41bYVX0lTdM8%2F01onZTEtXaSNzhyhXhksMvTl1NjTJzoDo7vIe7B5NEs5MnDKeqi%2BPxf03x9isjLf3JFT1p017FCntlNN82PUvyCuvaDRM8ntMC9ZjuB%2FUzZSDRpp854s3LnxOtxZ6WJ3sK1FynNgmtXs%2BElwysa9SUoq3NwMYmbP%2FXPbgTQc61HbC1Gf9A4%2FSug%2FKMNBU3ZfFstGIl4nGTCPc3RljJIJ4iokTZbtjBXaOlHOe4KYftpJBTZWzKN4RyMstklCf6jznBz2w%2BKZLWNCCit5RwrOx%2BHjODx0aVVzJCClhdOllkkv8JhCcfKTEqQKV3%2BTmEjmC5lGahTYPc%2Fj5i%2BLj05Yv%2BSbmDE%2BuGSkn044psyAJRukinqU0g77zabszfq0scW%2Br4xC9oxjnZn4XeAyplGyXLfwnqiD6ArZqWbjzepJOn7oL08%2BtLIAjO0RAuKY1Cm%2FwkMfzJrKp5B7lkvQkEVqcsS136tfoZkSa1is14MNELmujoxjxyiVrCSVQ22r%2FtvVcwmQZjw4dHXcRS6Rtj9F8Lnz7l1RYiu9PnAw6kxu5qHhIe%2Btnb2oxeI3rXVHQVFqKA4IBCz57w97B0l20leSfuYYztUkC9YKO8h8bGL0xdQukJOHaGDsjTdwGPiHi3gC6UVaX%2B%2Fx5QxUAFErFBIkXKtQhgwJofb7DQdwp9jxvzJZLW41h9xHWdhbzizD%2B%2Fh%2B3QQLcResTmRyjfjz1PFbJVjHXog1QAZrWpyJAgN516G1f%2BpSvGPcYZJ1%2FyEEpwxWUYcLDDcl8JozXQdTkgQIM4jinx0hoJp7CKsIK0zqNaZmUEoA49NyWzJc%2FMChhHmRZ9WA4%2BmknAX4SNdPOmif3bTPJNIgCXBh9WgFwLWrVEHMnLfQcGWeaLdYd7%2BXv1YEFjP25X6onBRUUpj3JiQ%2FC53Y4JrQ16Q%2FVZa4k0U7ZzKjn2VvhbZ5HrxLKn6dpbKx1vqVYaMK2IeLIBTd8L0MMg6i%2BeWFQQm0FmlS4Wn5ftJ7chvW3l4sn1B0Ls%2B7JkRjiHqFFEsr%2FvW2FQoAeTsK9vbi4KHBF%2Fmx%2FUlYi%2FUOPE0FB9OG3TUTly%2BR0P38zjmYzVdZQsaFhYiqT53a%2FmlXn%2FCI2C%2FQr4RsmIg0ISSgy799O5E1hERk62SIEZuwd3brQuhzmdpss4ZybyOFw8WuV4U%2BrPz7JOWoX7u2cRxcBktlJMFNgQ%2BCI8nkQmuVeVmsm1HjQiPBKz6G8n%2BoGy%2B4C4oibwpTmxgMtbVHRlG0VaAIsFYmwozSZhpSsMYWN7OrZX4pYFSc3%2FHI1tpo9a8mImObNDD4MgHY1MhwnlnJG9Sdhh0hoAgG6tHmLNHeUWSB2f13gK7YUPSoIGF8lsjj0BvYXI8dxaLHysSTQ15cjmaumkDPwfZ%2FKOuyuXij167VKP8DD0ZqmQwKXUQ5eKEd7cG7EwzHxmDAmbw2zpkpUqM%2Fgde27zZ5k5JsBi%2Fqsnx6zPwjTbiUsWAZ1Eqi%2F0lk0cUUC%2FeE4XXT%2B%2FVvMaiOeenlqBZj2BNMssEmBI7bLg0w5RPBA6zW29caBpmguZc5cWshpjKgg9NFTs9Hqdf1vc76GIlHntWyH6ccIAbCkGFXCtax97TItYTKzpRsgGsNxL68hckd7sbYAC6mXFhNMeEHe1L96Cn4%2BilYXQmN%2BK3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Fri, 10 May 2024 21:02:04 GMT
Content-Type: image/jpeg
Content-Length: 40184
Connection: keep-alive
Last-Modified: Fri, 04 Feb 2022 08:47:52 GMT
ETag: "61fce838-9cf8"
Expires: Sun, 09 Jun 2024 21:02:04 GMT
Cache-Control: max-age=2592000, private
Accept-Ranges: bytes

befjajh.offerdate.link/bundle/614/assets/images/05.jpg

176.123.10.32

200 OK

41 kB

URL GET HTTP/1.1
befjajh.offerdate.link/bundle/614/assets/images/05.jpg
IP
176.123.10.32:443
ASN
#200019 Alexhost Srl

Requested by
https://befjajh.offerdate.link/s/62cf1c2250951?track=looker3
Certificate
IssuerLet's Encrypt
Subjectofferdate.link
Fingerprint73:51:3A:FA:D1:47:5F:89:83:B8:C9:7B:8B:EE:0C:59:3C:2C:D5:FD
ValidityThu, 25 Apr 2024 09:57:39 GMT - Wed, 24 Jul 2024 09:57:38 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 450x630, components 3
Size
41 kB (40987 bytes)
Hash
56697b0fd6a35fdea82e24dbe769260a
67d898cd277d5f8c6ac0ddd82a8a1b029ae72773
ab4ba0acb874d0f1d2c31dd2ff58fd00db1f9557880da160bb0575491d12fac4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bundle/614/assets/images/05.jpg HTTP/1.1
Host: befjajh.offerdate.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://befjajh.offerdate.link/s/62cf1c2250951?track=looker3
Cookie: s=LGUkzcjlNoqpLIbU4PDUb7C2KSjXDPNODVr1wlX5O0BoZgSAtr2gSz%2BY%2Bnm0VSmzt3WC62P9BXPNQ87m36QoZyB%2B3vmXHuNZ%2FRe4zyBDYU3f4rvNscvnV8aQQGiTiGc%2FxjU0%2FtAmCSiEwCTDXczE%2BTo8cXUZuMBY2EzLZ%2BjK9V1FlaewI%2Fet9dLE41bYVX0lTdM8%2F01onZTEtXaSNzhyhXhksMvTl1NjTJzoDo7vIe7B5NEs5MnDKeqi%2BPxf03x9isjLf3JFT1p017FCntlNN82PUvyCuvaDRM8ntMC9ZjuB%2FUzZSDRpp854s3LnxOtxZ6WJ3sK1FynNgmtXs%2BElwysa9SUoq3NwMYmbP%2FXPbgTQc61HbC1Gf9A4%2FSug%2FKMNBU3ZfFstGIl4nGTCPc3RljJIJ4iokTZbtjBXaOlHOe4KYftpJBTZWzKN4RyMstklCf6jznBz2w%2BKZLWNCCit5RwrOx%2BHjODx0aVVzJCClhdOllkkv8JhCcfKTEqQKV3%2BTmEjmC5lGahTYPc%2Fj5i%2BLj05Yv%2BSbmDE%2BuGSkn044psyAJRukinqU0g77zabszfq0scW%2Br4xC9oxjnZn4XeAyplGyXLfwnqiD6ArZqWbjzepJOn7oL08%2BtLIAjO0RAuKY1Cm%2FwkMfzJrKp5B7lkvQkEVqcsS136tfoZkSa1is14MNELmujoxjxyiVrCSVQ22r%2FtvVcwmQZjw4dHXcRS6Rtj9F8Lnz7l1RYiu9PnAw6kxu5qHhIe%2Btnb2oxeI3rXVHQVFqKA4IBCz57w97B0l20leSfuYYztUkC9YKO8h8bGL0xdQukJOHaGDsjTdwGPiHi3gC6UVaX%2B%2Fx5QxUAFErFBIkXKtQhgwJofb7DQdwp9jxvzJZLW41h9xHWdhbzizD%2B%2Fh%2B3QQLcResTmRyjfjz1PFbJVjHXog1QAZrWpyJAgN516G1f%2BpSvGPcYZJ1%2FyEEpwxWUYcLDDcl8JozXQdTkgQIM4jinx0hoJp7CKsIK0zqNaZmUEoA49NyWzJc%2FMChhHmRZ9WA4%2BmknAX4SNdPOmif3bTPJNIgCXBh9WgFwLWrVEHMnLfQcGWeaLdYd7%2BXv1YEFjP25X6onBRUUpj3JiQ%2FC53Y4JrQ16Q%2FVZa4k0U7ZzKjn2VvhbZ5HrxLKn6dpbKx1vqVYaMK2IeLIBTd8L0MMg6i%2BeWFQQm0FmlS4Wn5ftJ7chvW3l4sn1B0Ls%2B7JkRjiHqFFEsr%2FvW2FQoAeTsK9vbi4KHBF%2Fmx%2FUlYi%2FUOPE0FB9OG3TUTly%2BR0P38zjmYzVdZQsaFhYiqT53a%2FmlXn%2FCI2C%2FQr4RsmIg0ISSgy799O5E1hERk62SIEZuwd3brQuhzmdpss4ZybyOFw8WuV4U%2BrPz7JOWoX7u2cRxcBktlJMFNgQ%2BCI8nkQmuVeVmsm1HjQiPBKz6G8n%2BoGy%2B4C4oibwpTmxgMtbVHRlG0VaAIsFYmwozSZhpSsMYWN7OrZX4pYFSc3%2FHI1tpo9a8mImObNDD4MgHY1MhwnlnJG9Sdhh0hoAgG6tHmLNHeUWSB2f13gK7YUPSoIGF8lsjj0BvYXI8dxaLHysSTQ15cjmaumkDPwfZ%2FKOuyuXij167VKP8DD0ZqmQwKXUQ5eKEd7cG7EwzHxmDAmbw2zpkpUqM%2Fgde27zZ5k5JsBi%2Fqsnx6zPwjTbiUsWAZ1Eqi%2F0lk0cUUC%2FeE4XXT%2B%2FVvMaiOeenlqBZj2BNMssEmBI7bLg0w5RPBA6zW29caBpmguZc5cWshpjKgg9NFTs9Hqdf1vc76GIlHntWyH6ccIAbCkGFXCtax97TItYTKzpRsgGsNxL68hckd7sbYAC6mXFhNMeEHe1L96Cn4%2BilYXQmN%2BK3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Fri, 10 May 2024 21:02:04 GMT
Content-Type: image/jpeg
Content-Length: 40987
Connection: keep-alive
Last-Modified: Fri, 04 Feb 2022 08:47:53 GMT
ETag: "61fce839-a01b"
Expires: Sun, 09 Jun 2024 21:02:04 GMT
Cache-Control: max-age=2592000, private
Accept-Ranges: bytes

befjajh.offerdate.link/bundle/614/assets/images/04.jpg

178.162.199.80

200 OK

36 kB

URL GET HTTP/1.1
befjajh.offerdate.link/bundle/614/assets/images/04.jpg
IP
178.162.199.80:443
ASN
#28753 Leaseweb Deutschland GmbH

Requested by
https://befjajh.offerdate.link/s/62cf1c2250951?track=looker3
Certificate
IssuerLet's Encrypt
Subjectofferdate.link
Fingerprint73:51:3A:FA:D1:47:5F:89:83:B8:C9:7B:8B:EE:0C:59:3C:2C:D5:FD
ValidityThu, 25 Apr 2024 09:57:39 GMT - Wed, 24 Jul 2024 09:57:38 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 450x630, components 3
Size
36 kB (36486 bytes)
Hash
93fae8d5c945e62424bbc0d02c67a9dc
7e71fc720b47a38c9649ee456f87f60fb9b70df1
e6ab65c89f1d5ebb127cf2c61f2f030789715a0974dd2a902dd6c8fb049013f4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bundle/614/assets/images/04.jpg HTTP/1.1
Host: befjajh.offerdate.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://befjajh.offerdate.link/s/62cf1c2250951?track=looker3
Cookie: s=LGUkzcjlNoqpLIbU4PDUb7C2KSjXDPNODVr1wlX5O0BoZgSAtr2gSz%2BY%2Bnm0VSmzt3WC62P9BXPNQ87m36QoZyB%2B3vmXHuNZ%2FRe4zyBDYU3f4rvNscvnV8aQQGiTiGc%2FxjU0%2FtAmCSiEwCTDXczE%2BTo8cXUZuMBY2EzLZ%2BjK9V1FlaewI%2Fet9dLE41bYVX0lTdM8%2F01onZTEtXaSNzhyhXhksMvTl1NjTJzoDo7vIe7B5NEs5MnDKeqi%2BPxf03x9isjLf3JFT1p017FCntlNN82PUvyCuvaDRM8ntMC9ZjuB%2FUzZSDRpp854s3LnxOtxZ6WJ3sK1FynNgmtXs%2BElwysa9SUoq3NwMYmbP%2FXPbgTQc61HbC1Gf9A4%2FSug%2FKMNBU3ZfFstGIl4nGTCPc3RljJIJ4iokTZbtjBXaOlHOe4KYftpJBTZWzKN4RyMstklCf6jznBz2w%2BKZLWNCCit5RwrOx%2BHjODx0aVVzJCClhdOllkkv8JhCcfKTEqQKV3%2BTmEjmC5lGahTYPc%2Fj5i%2BLj05Yv%2BSbmDE%2BuGSkn044psyAJRukinqU0g77zabszfq0scW%2Br4xC9oxjnZn4XeAyplGyXLfwnqiD6ArZqWbjzepJOn7oL08%2BtLIAjO0RAuKY1Cm%2FwkMfzJrKp5B7lkvQkEVqcsS136tfoZkSa1is14MNELmujoxjxyiVrCSVQ22r%2FtvVcwmQZjw4dHXcRS6Rtj9F8Lnz7l1RYiu9PnAw6kxu5qHhIe%2Btnb2oxeI3rXVHQVFqKA4IBCz57w97B0l20leSfuYYztUkC9YKO8h8bGL0xdQukJOHaGDsjTdwGPiHi3gC6UVaX%2B%2Fx5QxUAFErFBIkXKtQhgwJofb7DQdwp9jxvzJZLW41h9xHWdhbzizD%2B%2Fh%2B3QQLcResTmRyjfjz1PFbJVjHXog1QAZrWpyJAgN516G1f%2BpSvGPcYZJ1%2FyEEpwxWUYcLDDcl8JozXQdTkgQIM4jinx0hoJp7CKsIK0zqNaZmUEoA49NyWzJc%2FMChhHmRZ9WA4%2BmknAX4SNdPOmif3bTPJNIgCXBh9WgFwLWrVEHMnLfQcGWeaLdYd7%2BXv1YEFjP25X6onBRUUpj3JiQ%2FC53Y4JrQ16Q%2FVZa4k0U7ZzKjn2VvhbZ5HrxLKn6dpbKx1vqVYaMK2IeLIBTd8L0MMg6i%2BeWFQQm0FmlS4Wn5ftJ7chvW3l4sn1B0Ls%2B7JkRjiHqFFEsr%2FvW2FQoAeTsK9vbi4KHBF%2Fmx%2FUlYi%2FUOPE0FB9OG3TUTly%2BR0P38zjmYzVdZQsaFhYiqT53a%2FmlXn%2FCI2C%2FQr4RsmIg0ISSgy799O5E1hERk62SIEZuwd3brQuhzmdpss4ZybyOFw8WuV4U%2BrPz7JOWoX7u2cRxcBktlJMFNgQ%2BCI8nkQmuVeVmsm1HjQiPBKz6G8n%2BoGy%2B4C4oibwpTmxgMtbVHRlG0VaAIsFYmwozSZhpSsMYWN7OrZX4pYFSc3%2FHI1tpo9a8mImObNDD4MgHY1MhwnlnJG9Sdhh0hoAgG6tHmLNHeUWSB2f13gK7YUPSoIGF8lsjj0BvYXI8dxaLHysSTQ15cjmaumkDPwfZ%2FKOuyuXij167VKP8DD0ZqmQwKXUQ5eKEd7cG7EwzHxmDAmbw2zpkpUqM%2Fgde27zZ5k5JsBi%2Fqsnx6zPwjTbiUsWAZ1Eqi%2F0lk0cUUC%2FeE4XXT%2B%2FVvMaiOeenlqBZj2BNMssEmBI7bLg0w5RPBA6zW29caBpmguZc5cWshpjKgg9NFTs9Hqdf1vc76GIlHntWyH6ccIAbCkGFXCtax97TItYTKzpRsgGsNxL68hckd7sbYAC6mXFhNMeEHe1L96Cn4%2BilYXQmN%2BK3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Fri, 10 May 2024 21:02:04 GMT
Content-Type: image/jpeg
Content-Length: 36486
Connection: keep-alive
Last-Modified: Fri, 04 Feb 2022 08:47:53 GMT
ETag: "61fce839-8e86"
Expires: Sun, 09 Jun 2024 21:02:04 GMT
Cache-Control: max-age=2592000, private
Accept-Ranges: bytes

befjajh.offerdate.link/bundle/614/assets/images/03.jpg

178.162.199.80

200 OK

31 kB

URL GET HTTP/1.1
befjajh.offerdate.link/bundle/614/assets/images/03.jpg
IP
178.162.199.80:443
ASN
#28753 Leaseweb Deutschland GmbH

Requested by
https://befjajh.offerdate.link/s/62cf1c2250951?track=looker3
Certificate
IssuerLet's Encrypt
Subjectofferdate.link
Fingerprint73:51:3A:FA:D1:47:5F:89:83:B8:C9:7B:8B:EE:0C:59:3C:2C:D5:FD
ValidityThu, 25 Apr 2024 09:57:39 GMT - Wed, 24 Jul 2024 09:57:38 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 450x630, components 3
Size
31 kB (30765 bytes)
Hash
bd6420ba35dd2c6cca3157c2e2fc6483
f54f86cd5898d9a4df1dfa6bd15d38f977c4d402
c2c655b42ff15171b298b7a00c6fa53f71082a29c09d642f1fcd429ba5e1a676

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bundle/614/assets/images/03.jpg HTTP/1.1
Host: befjajh.offerdate.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://befjajh.offerdate.link/s/62cf1c2250951?track=looker3
Cookie: s=LGUkzcjlNoqpLIbU4PDUb7C2KSjXDPNODVr1wlX5O0BoZgSAtr2gSz%2BY%2Bnm0VSmzt3WC62P9BXPNQ87m36QoZyB%2B3vmXHuNZ%2FRe4zyBDYU3f4rvNscvnV8aQQGiTiGc%2FxjU0%2FtAmCSiEwCTDXczE%2BTo8cXUZuMBY2EzLZ%2BjK9V1FlaewI%2Fet9dLE41bYVX0lTdM8%2F01onZTEtXaSNzhyhXhksMvTl1NjTJzoDo7vIe7B5NEs5MnDKeqi%2BPxf03x9isjLf3JFT1p017FCntlNN82PUvyCuvaDRM8ntMC9ZjuB%2FUzZSDRpp854s3LnxOtxZ6WJ3sK1FynNgmtXs%2BElwysa9SUoq3NwMYmbP%2FXPbgTQc61HbC1Gf9A4%2FSug%2FKMNBU3ZfFstGIl4nGTCPc3RljJIJ4iokTZbtjBXaOlHOe4KYftpJBTZWzKN4RyMstklCf6jznBz2w%2BKZLWNCCit5RwrOx%2BHjODx0aVVzJCClhdOllkkv8JhCcfKTEqQKV3%2BTmEjmC5lGahTYPc%2Fj5i%2BLj05Yv%2BSbmDE%2BuGSkn044psyAJRukinqU0g77zabszfq0scW%2Br4xC9oxjnZn4XeAyplGyXLfwnqiD6ArZqWbjzepJOn7oL08%2BtLIAjO0RAuKY1Cm%2FwkMfzJrKp5B7lkvQkEVqcsS136tfoZkSa1is14MNELmujoxjxyiVrCSVQ22r%2FtvVcwmQZjw4dHXcRS6Rtj9F8Lnz7l1RYiu9PnAw6kxu5qHhIe%2Btnb2oxeI3rXVHQVFqKA4IBCz57w97B0l20leSfuYYztUkC9YKO8h8bGL0xdQukJOHaGDsjTdwGPiHi3gC6UVaX%2B%2Fx5QxUAFErFBIkXKtQhgwJofb7DQdwp9jxvzJZLW41h9xHWdhbzizD%2B%2Fh%2B3QQLcResTmRyjfjz1PFbJVjHXog1QAZrWpyJAgN516G1f%2BpSvGPcYZJ1%2FyEEpwxWUYcLDDcl8JozXQdTkgQIM4jinx0hoJp7CKsIK0zqNaZmUEoA49NyWzJc%2FMChhHmRZ9WA4%2BmknAX4SNdPOmif3bTPJNIgCXBh9WgFwLWrVEHMnLfQcGWeaLdYd7%2BXv1YEFjP25X6onBRUUpj3JiQ%2FC53Y4JrQ16Q%2FVZa4k0U7ZzKjn2VvhbZ5HrxLKn6dpbKx1vqVYaMK2IeLIBTd8L0MMg6i%2BeWFQQm0FmlS4Wn5ftJ7chvW3l4sn1B0Ls%2B7JkRjiHqFFEsr%2FvW2FQoAeTsK9vbi4KHBF%2Fmx%2FUlYi%2FUOPE0FB9OG3TUTly%2BR0P38zjmYzVdZQsaFhYiqT53a%2FmlXn%2FCI2C%2FQr4RsmIg0ISSgy799O5E1hERk62SIEZuwd3brQuhzmdpss4ZybyOFw8WuV4U%2BrPz7JOWoX7u2cRxcBktlJMFNgQ%2BCI8nkQmuVeVmsm1HjQiPBKz6G8n%2BoGy%2B4C4oibwpTmxgMtbVHRlG0VaAIsFYmwozSZhpSsMYWN7OrZX4pYFSc3%2FHI1tpo9a8mImObNDD4MgHY1MhwnlnJG9Sdhh0hoAgG6tHmLNHeUWSB2f13gK7YUPSoIGF8lsjj0BvYXI8dxaLHysSTQ15cjmaumkDPwfZ%2FKOuyuXij167VKP8DD0ZqmQwKXUQ5eKEd7cG7EwzHxmDAmbw2zpkpUqM%2Fgde27zZ5k5JsBi%2Fqsnx6zPwjTbiUsWAZ1Eqi%2F0lk0cUUC%2FeE4XXT%2B%2FVvMaiOeenlqBZj2BNMssEmBI7bLg0w5RPBA6zW29caBpmguZc5cWshpjKgg9NFTs9Hqdf1vc76GIlHntWyH6ccIAbCkGFXCtax97TItYTKzpRsgGsNxL68hckd7sbYAC6mXFhNMeEHe1L96Cn4%2BilYXQmN%2BK3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Fri, 10 May 2024 21:02:04 GMT
Content-Type: image/jpeg
Content-Length: 30765
Connection: keep-alive
Last-Modified: Fri, 04 Feb 2022 08:47:53 GMT
ETag: "61fce839-782d"
Expires: Sun, 09 Jun 2024 21:02:04 GMT
Cache-Control: max-age=2592000, private
Accept-Ranges: bytes

befjajh.offerdate.link/bundle/614/assets/images/wow.png

178.162.199.80

200 OK

18 kB

URL GET HTTP/1.1
befjajh.offerdate.link/bundle/614/assets/images/wow.png
IP
178.162.199.80:443
ASN
#28753 Leaseweb Deutschland GmbH

Requested by
https://befjajh.offerdate.link/s/62cf1c2250951?track=looker3
Certificate
IssuerLet's Encrypt
Subjectofferdate.link
Fingerprint73:51:3A:FA:D1:47:5F:89:83:B8:C9:7B:8B:EE:0C:59:3C:2C:D5:FD
ValidityThu, 25 Apr 2024 09:57:39 GMT - Wed, 24 Jul 2024 09:57:38 GMT

File type
PNG image data, 276 x 401, 8-bit/color RGBA, non-interlaced
Size
18 kB (18396 bytes)
Hash
006182cc9b4503e2309704ac104bcd61
83aac964715f1c7564412d620cbe72c3fcce5af1
74cdb81907a7c2a752b08990847b4834b2f304e8dbf0f4066f2b6f7e20ab53b9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bundle/614/assets/images/wow.png HTTP/1.1
Host: befjajh.offerdate.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://befjajh.offerdate.link/s/62cf1c2250951?track=looker3
Cookie: s=LGUkzcjlNoqpLIbU4PDUb7C2KSjXDPNODVr1wlX5O0BoZgSAtr2gSz%2BY%2Bnm0VSmzt3WC62P9BXPNQ87m36QoZyB%2B3vmXHuNZ%2FRe4zyBDYU3f4rvNscvnV8aQQGiTiGc%2FxjU0%2FtAmCSiEwCTDXczE%2BTo8cXUZuMBY2EzLZ%2BjK9V1FlaewI%2Fet9dLE41bYVX0lTdM8%2F01onZTEtXaSNzhyhXhksMvTl1NjTJzoDo7vIe7B5NEs5MnDKeqi%2BPxf03x9isjLf3JFT1p017FCntlNN82PUvyCuvaDRM8ntMC9ZjuB%2FUzZSDRpp854s3LnxOtxZ6WJ3sK1FynNgmtXs%2BElwysa9SUoq3NwMYmbP%2FXPbgTQc61HbC1Gf9A4%2FSug%2FKMNBU3ZfFstGIl4nGTCPc3RljJIJ4iokTZbtjBXaOlHOe4KYftpJBTZWzKN4RyMstklCf6jznBz2w%2BKZLWNCCit5RwrOx%2BHjODx0aVVzJCClhdOllkkv8JhCcfKTEqQKV3%2BTmEjmC5lGahTYPc%2Fj5i%2BLj05Yv%2BSbmDE%2BuGSkn044psyAJRukinqU0g77zabszfq0scW%2Br4xC9oxjnZn4XeAyplGyXLfwnqiD6ArZqWbjzepJOn7oL08%2BtLIAjO0RAuKY1Cm%2FwkMfzJrKp5B7lkvQkEVqcsS136tfoZkSa1is14MNELmujoxjxyiVrCSVQ22r%2FtvVcwmQZjw4dHXcRS6Rtj9F8Lnz7l1RYiu9PnAw6kxu5qHhIe%2Btnb2oxeI3rXVHQVFqKA4IBCz57w97B0l20leSfuYYztUkC9YKO8h8bGL0xdQukJOHaGDsjTdwGPiHi3gC6UVaX%2B%2Fx5QxUAFErFBIkXKtQhgwJofb7DQdwp9jxvzJZLW41h9xHWdhbzizD%2B%2Fh%2B3QQLcResTmRyjfjz1PFbJVjHXog1QAZrWpyJAgN516G1f%2BpSvGPcYZJ1%2FyEEpwxWUYcLDDcl8JozXQdTkgQIM4jinx0hoJp7CKsIK0zqNaZmUEoA49NyWzJc%2FMChhHmRZ9WA4%2BmknAX4SNdPOmif3bTPJNIgCXBh9WgFwLWrVEHMnLfQcGWeaLdYd7%2BXv1YEFjP25X6onBRUUpj3JiQ%2FC53Y4JrQ16Q%2FVZa4k0U7ZzKjn2VvhbZ5HrxLKn6dpbKx1vqVYaMK2IeLIBTd8L0MMg6i%2BeWFQQm0FmlS4Wn5ftJ7chvW3l4sn1B0Ls%2B7JkRjiHqFFEsr%2FvW2FQoAeTsK9vbi4KHBF%2Fmx%2FUlYi%2FUOPE0FB9OG3TUTly%2BR0P38zjmYzVdZQsaFhYiqT53a%2FmlXn%2FCI2C%2FQr4RsmIg0ISSgy799O5E1hERk62SIEZuwd3brQuhzmdpss4ZybyOFw8WuV4U%2BrPz7JOWoX7u2cRxcBktlJMFNgQ%2BCI8nkQmuVeVmsm1HjQiPBKz6G8n%2BoGy%2B4C4oibwpTmxgMtbVHRlG0VaAIsFYmwozSZhpSsMYWN7OrZX4pYFSc3%2FHI1tpo9a8mImObNDD4MgHY1MhwnlnJG9Sdhh0hoAgG6tHmLNHeUWSB2f13gK7YUPSoIGF8lsjj0BvYXI8dxaLHysSTQ15cjmaumkDPwfZ%2FKOuyuXij167VKP8DD0ZqmQwKXUQ5eKEd7cG7EwzHxmDAmbw2zpkpUqM%2Fgde27zZ5k5JsBi%2Fqsnx6zPwjTbiUsWAZ1Eqi%2F0lk0cUUC%2FeE4XXT%2B%2FVvMaiOeenlqBZj2BNMssEmBI7bLg0w5RPBA6zW29caBpmguZc5cWshpjKgg9NFTs9Hqdf1vc76GIlHntWyH6ccIAbCkGFXCtax97TItYTKzpRsgGsNxL68hckd7sbYAC6mXFhNMeEHe1L96Cn4%2BilYXQmN%2BK3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Fri, 10 May 2024 21:02:04 GMT
Content-Type: image/png
Content-Length: 18396
Connection: keep-alive
Last-Modified: Fri, 04 Feb 2022 08:47:54 GMT
ETag: "61fce83a-47dc"
Expires: Sun, 09 Jun 2024 21:02:04 GMT
Cache-Control: max-age=2592000, private
Accept-Ranges: bytes

befjajh.offerdate.link/bundle/614/assets/images/01.jpg

178.162.199.80

200 OK

44 kB

URL GET HTTP/1.1
befjajh.offerdate.link/bundle/614/assets/images/01.jpg
IP
178.162.199.80:443
ASN
#28753 Leaseweb Deutschland GmbH

Requested by
https://befjajh.offerdate.link/s/62cf1c2250951?track=looker3
Certificate
IssuerLet's Encrypt
Subjectofferdate.link
Fingerprint73:51:3A:FA:D1:47:5F:89:83:B8:C9:7B:8B:EE:0C:59:3C:2C:D5:FD
ValidityThu, 25 Apr 2024 09:57:39 GMT - Wed, 24 Jul 2024 09:57:38 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 450x630, components 3
Size
44 kB (43573 bytes)
Hash
ccf62b1d3c0184d4699f623efba47edd
c3c24d90733c0d49a4712818a224179bd53608d5
60e7b50c2cfe957c5c9ca4d4d13f5eb49f0b12178b7b3820f2a554dc0d76c78e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bundle/614/assets/images/01.jpg HTTP/1.1
Host: befjajh.offerdate.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://befjajh.offerdate.link/s/62cf1c2250951?track=looker3
Cookie: s=LGUkzcjlNoqpLIbU4PDUb7C2KSjXDPNODVr1wlX5O0BoZgSAtr2gSz%2BY%2Bnm0VSmzt3WC62P9BXPNQ87m36QoZyB%2B3vmXHuNZ%2FRe4zyBDYU3f4rvNscvnV8aQQGiTiGc%2FxjU0%2FtAmCSiEwCTDXczE%2BTo8cXUZuMBY2EzLZ%2BjK9V1FlaewI%2Fet9dLE41bYVX0lTdM8%2F01onZTEtXaSNzhyhXhksMvTl1NjTJzoDo7vIe7B5NEs5MnDKeqi%2BPxf03x9isjLf3JFT1p017FCntlNN82PUvyCuvaDRM8ntMC9ZjuB%2FUzZSDRpp854s3LnxOtxZ6WJ3sK1FynNgmtXs%2BElwysa9SUoq3NwMYmbP%2FXPbgTQc61HbC1Gf9A4%2FSug%2FKMNBU3ZfFstGIl4nGTCPc3RljJIJ4iokTZbtjBXaOlHOe4KYftpJBTZWzKN4RyMstklCf6jznBz2w%2BKZLWNCCit5RwrOx%2BHjODx0aVVzJCClhdOllkkv8JhCcfKTEqQKV3%2BTmEjmC5lGahTYPc%2Fj5i%2BLj05Yv%2BSbmDE%2BuGSkn044psyAJRukinqU0g77zabszfq0scW%2Br4xC9oxjnZn4XeAyplGyXLfwnqiD6ArZqWbjzepJOn7oL08%2BtLIAjO0RAuKY1Cm%2FwkMfzJrKp5B7lkvQkEVqcsS136tfoZkSa1is14MNELmujoxjxyiVrCSVQ22r%2FtvVcwmQZjw4dHXcRS6Rtj9F8Lnz7l1RYiu9PnAw6kxu5qHhIe%2Btnb2oxeI3rXVHQVFqKA4IBCz57w97B0l20leSfuYYztUkC9YKO8h8bGL0xdQukJOHaGDsjTdwGPiHi3gC6UVaX%2B%2Fx5QxUAFErFBIkXKtQhgwJofb7DQdwp9jxvzJZLW41h9xHWdhbzizD%2B%2Fh%2B3QQLcResTmRyjfjz1PFbJVjHXog1QAZrWpyJAgN516G1f%2BpSvGPcYZJ1%2FyEEpwxWUYcLDDcl8JozXQdTkgQIM4jinx0hoJp7CKsIK0zqNaZmUEoA49NyWzJc%2FMChhHmRZ9WA4%2BmknAX4SNdPOmif3bTPJNIgCXBh9WgFwLWrVEHMnLfQcGWeaLdYd7%2BXv1YEFjP25X6onBRUUpj3JiQ%2FC53Y4JrQ16Q%2FVZa4k0U7ZzKjn2VvhbZ5HrxLKn6dpbKx1vqVYaMK2IeLIBTd8L0MMg6i%2BeWFQQm0FmlS4Wn5ftJ7chvW3l4sn1B0Ls%2B7JkRjiHqFFEsr%2FvW2FQoAeTsK9vbi4KHBF%2Fmx%2FUlYi%2FUOPE0FB9OG3TUTly%2BR0P38zjmYzVdZQsaFhYiqT53a%2FmlXn%2FCI2C%2FQr4RsmIg0ISSgy799O5E1hERk62SIEZuwd3brQuhzmdpss4ZybyOFw8WuV4U%2BrPz7JOWoX7u2cRxcBktlJMFNgQ%2BCI8nkQmuVeVmsm1HjQiPBKz6G8n%2BoGy%2B4C4oibwpTmxgMtbVHRlG0VaAIsFYmwozSZhpSsMYWN7OrZX4pYFSc3%2FHI1tpo9a8mImObNDD4MgHY1MhwnlnJG9Sdhh0hoAgG6tHmLNHeUWSB2f13gK7YUPSoIGF8lsjj0BvYXI8dxaLHysSTQ15cjmaumkDPwfZ%2FKOuyuXij167VKP8DD0ZqmQwKXUQ5eKEd7cG7EwzHxmDAmbw2zpkpUqM%2Fgde27zZ5k5JsBi%2Fqsnx6zPwjTbiUsWAZ1Eqi%2F0lk0cUUC%2FeE4XXT%2B%2FVvMaiOeenlqBZj2BNMssEmBI7bLg0w5RPBA6zW29caBpmguZc5cWshpjKgg9NFTs9Hqdf1vc76GIlHntWyH6ccIAbCkGFXCtax97TItYTKzpRsgGsNxL68hckd7sbYAC6mXFhNMeEHe1L96Cn4%2BilYXQmN%2BK3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Fri, 10 May 2024 21:02:04 GMT
Content-Type: image/jpeg
Content-Length: 43573
Connection: keep-alive
Last-Modified: Fri, 04 Feb 2022 08:47:52 GMT
ETag: "61fce838-aa35"
Expires: Sun, 09 Jun 2024 21:02:04 GMT
Cache-Control: max-age=2592000, private
Accept-Ranges: bytes

befjajh.offerdate.link/bundle/614/assets/images/2.png

178.162.199.80

200 OK

50 kB

URL GET HTTP/1.1
befjajh.offerdate.link/bundle/614/assets/images/2.png
IP
178.162.199.80:443
ASN
#28753 Leaseweb Deutschland GmbH

Requested by
https://befjajh.offerdate.link/s/62cf1c2250951?track=looker3
Certificate
IssuerLet's Encrypt
Subjectofferdate.link
Fingerprint73:51:3A:FA:D1:47:5F:89:83:B8:C9:7B:8B:EE:0C:59:3C:2C:D5:FD
ValidityThu, 25 Apr 2024 09:57:39 GMT - Wed, 24 Jul 2024 09:57:38 GMT

File type
PNG image data, 1127 x 404, 8-bit/color RGBA, non-interlaced
Size
50 kB (49487 bytes)
Hash
c5c85d109ddb9500ac6f12c0ba057eb7
f952683c3bb440de3d246cf1c30854d233e5d095
bdcb16fa3df2da95595de74962a193b822a10ba38789a3eac56052e8a3b3a6de

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bundle/614/assets/images/2.png HTTP/1.1
Host: befjajh.offerdate.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://befjajh.offerdate.link/s/62cf1c2250951?track=looker3
Cookie: s=LGUkzcjlNoqpLIbU4PDUb7C2KSjXDPNODVr1wlX5O0BoZgSAtr2gSz%2BY%2Bnm0VSmzt3WC62P9BXPNQ87m36QoZyB%2B3vmXHuNZ%2FRe4zyBDYU3f4rvNscvnV8aQQGiTiGc%2FxjU0%2FtAmCSiEwCTDXczE%2BTo8cXUZuMBY2EzLZ%2BjK9V1FlaewI%2Fet9dLE41bYVX0lTdM8%2F01onZTEtXaSNzhyhXhksMvTl1NjTJzoDo7vIe7B5NEs5MnDKeqi%2BPxf03x9isjLf3JFT1p017FCntlNN82PUvyCuvaDRM8ntMC9ZjuB%2FUzZSDRpp854s3LnxOtxZ6WJ3sK1FynNgmtXs%2BElwysa9SUoq3NwMYmbP%2FXPbgTQc61HbC1Gf9A4%2FSug%2FKMNBU3ZfFstGIl4nGTCPc3RljJIJ4iokTZbtjBXaOlHOe4KYftpJBTZWzKN4RyMstklCf6jznBz2w%2BKZLWNCCit5RwrOx%2BHjODx0aVVzJCClhdOllkkv8JhCcfKTEqQKV3%2BTmEjmC5lGahTYPc%2Fj5i%2BLj05Yv%2BSbmDE%2BuGSkn044psyAJRukinqU0g77zabszfq0scW%2Br4xC9oxjnZn4XeAyplGyXLfwnqiD6ArZqWbjzepJOn7oL08%2BtLIAjO0RAuKY1Cm%2FwkMfzJrKp5B7lkvQkEVqcsS136tfoZkSa1is14MNELmujoxjxyiVrCSVQ22r%2FtvVcwmQZjw4dHXcRS6Rtj9F8Lnz7l1RYiu9PnAw6kxu5qHhIe%2Btnb2oxeI3rXVHQVFqKA4IBCz57w97B0l20leSfuYYztUkC9YKO8h8bGL0xdQukJOHaGDsjTdwGPiHi3gC6UVaX%2B%2Fx5QxUAFErFBIkXKtQhgwJofb7DQdwp9jxvzJZLW41h9xHWdhbzizD%2B%2Fh%2B3QQLcResTmRyjfjz1PFbJVjHXog1QAZrWpyJAgN516G1f%2BpSvGPcYZJ1%2FyEEpwxWUYcLDDcl8JozXQdTkgQIM4jinx0hoJp7CKsIK0zqNaZmUEoA49NyWzJc%2FMChhHmRZ9WA4%2BmknAX4SNdPOmif3bTPJNIgCXBh9WgFwLWrVEHMnLfQcGWeaLdYd7%2BXv1YEFjP25X6onBRUUpj3JiQ%2FC53Y4JrQ16Q%2FVZa4k0U7ZzKjn2VvhbZ5HrxLKn6dpbKx1vqVYaMK2IeLIBTd8L0MMg6i%2BeWFQQm0FmlS4Wn5ftJ7chvW3l4sn1B0Ls%2B7JkRjiHqFFEsr%2FvW2FQoAeTsK9vbi4KHBF%2Fmx%2FUlYi%2FUOPE0FB9OG3TUTly%2BR0P38zjmYzVdZQsaFhYiqT53a%2FmlXn%2FCI2C%2FQr4RsmIg0ISSgy799O5E1hERk62SIEZuwd3brQuhzmdpss4ZybyOFw8WuV4U%2BrPz7JOWoX7u2cRxcBktlJMFNgQ%2BCI8nkQmuVeVmsm1HjQiPBKz6G8n%2BoGy%2B4C4oibwpTmxgMtbVHRlG0VaAIsFYmwozSZhpSsMYWN7OrZX4pYFSc3%2FHI1tpo9a8mImObNDD4MgHY1MhwnlnJG9Sdhh0hoAgG6tHmLNHeUWSB2f13gK7YUPSoIGF8lsjj0BvYXI8dxaLHysSTQ15cjmaumkDPwfZ%2FKOuyuXij167VKP8DD0ZqmQwKXUQ5eKEd7cG7EwzHxmDAmbw2zpkpUqM%2Fgde27zZ5k5JsBi%2Fqsnx6zPwjTbiUsWAZ1Eqi%2F0lk0cUUC%2FeE4XXT%2B%2FVvMaiOeenlqBZj2BNMssEmBI7bLg0w5RPBA6zW29caBpmguZc5cWshpjKgg9NFTs9Hqdf1vc76GIlHntWyH6ccIAbCkGFXCtax97TItYTKzpRsgGsNxL68hckd7sbYAC6mXFhNMeEHe1L96Cn4%2BilYXQmN%2BK3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Fri, 10 May 2024 21:02:04 GMT
Content-Type: image/png
Content-Length: 49487
Connection: keep-alive
Last-Modified: Fri, 04 Feb 2022 08:47:53 GMT
ETag: "61fce839-c14f"
Expires: Sun, 09 Jun 2024 21:02:04 GMT
Cache-Control: max-age=2592000, private
Accept-Ranges: bytes

fonts.googleapis.com/css2?family=Montserrat:ital,wght@0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap

142.250.74.106

200 OK

1.4 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Montserrat:ital,wght@0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://befjajh.offerdate.link/s/62cf1c2250951?track=looker3
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
gzip compressed data, max compression
Size
1.4 kB (1394 bytes)
Hash
2ce8f94300c7b9be579132ffff0097ac
fed2a698eb35ddf241eea2f1903dffe060d04eae
b38d1225ffabc517f40a3a68478ef1a6c36a7be99b05b07f0fb22ef178e60ee1

HTTP Headers

GET /css2?family=Montserrat:ital,wght@0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://befjajh.offerdate.link/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 10 May 2024 21:02:04 GMT
date: Fri, 10 May 2024 21:02:04 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

216.58.207.227

200 OK

33 kB

URL GET HTTP/2
fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://befjajh.offerdate.link/s/62cf1c2250951?track=looker3
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 33092, version 1.0
Size
33 kB (33092 bytes)
Hash
057478083c1d55ea0c2182b24f6dd72f
caf557cd276a76992084efc4c8857b66791a6b7f
bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b

HTTP Headers

GET /s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://befjajh.offerdate.link
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 33092
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 10 May 2024 08:20:06 GMT
expires: Sat, 10 May 2025 08:20:06 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 13 Sep 2023 22:51:58 GMT
content-type: font/woff2
age: 45718
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

216.58.207.227

200 OK

33 kB

URL GET HTTP/2
fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://befjajh.offerdate.link/s/62cf1c2250951?track=looker3
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 33092, version 1.0
Size
33 kB (33092 bytes)
Hash
057478083c1d55ea0c2182b24f6dd72f
caf557cd276a76992084efc4c8857b66791a6b7f
bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b

HTTP Headers

GET /s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://befjajh.offerdate.link
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 33092
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 10 May 2024 08:20:06 GMT
expires: Sat, 10 May 2025 08:20:06 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 13 Sep 2023 22:51:58 GMT
content-type: font/woff2
age: 45718
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

216.58.207.227

200 OK

33 kB

URL GET HTTP/2
fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://befjajh.offerdate.link/s/62cf1c2250951?track=looker3
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 33092, version 1.0
Size
33 kB (33092 bytes)
Hash
057478083c1d55ea0c2182b24f6dd72f
caf557cd276a76992084efc4c8857b66791a6b7f
bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b

HTTP Headers

GET /s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://befjajh.offerdate.link
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 33092
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 10 May 2024 08:20:06 GMT
expires: Sat, 10 May 2025 08:20:06 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 13 Sep 2023 22:51:58 GMT
content-type: font/woff2
age: 45718
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

befjajh.offerdate.link/bundle/614/assets/images/favicon.png

178.162.199.80

200 OK

5.2 kB

URL GET HTTP/1.1
befjajh.offerdate.link/bundle/614/assets/images/favicon.png
IP
178.162.199.80:443
ASN
#28753 Leaseweb Deutschland GmbH

Requested by
https://befjajh.offerdate.link/s/62cf1c2250951?track=looker3
Certificate
IssuerLet's Encrypt
Subjectofferdate.link
Fingerprint73:51:3A:FA:D1:47:5F:89:83:B8:C9:7B:8B:EE:0C:59:3C:2C:D5:FD
ValidityThu, 25 Apr 2024 09:57:39 GMT - Wed, 24 Jul 2024 09:57:38 GMT

File type
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Size
5.2 kB (5244 bytes)
Hash
c2fe1015fe85531e035fa27a6453ea71
259defad6a22523a28819d27db7ce49a4732cac4
c41af06b0a27dde57701b160fb60f9cb07447740847fbb9d6254f4212d736927

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bundle/614/assets/images/favicon.png HTTP/1.1
Host: befjajh.offerdate.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://befjajh.offerdate.link/s/62cf1c2250951?track=looker3
Cookie: s=LGUkzcjlNoqpLIbU4PDUb7C2KSjXDPNODVr1wlX5O0BoZgSAtr2gSz%2BY%2Bnm0VSmzt3WC62P9BXPNQ87m36QoZyB%2B3vmXHuNZ%2FRe4zyBDYU3f4rvNscvnV8aQQGiTiGc%2FxjU0%2FtAmCSiEwCTDXczE%2BTo8cXUZuMBY2EzLZ%2BjK9V1FlaewI%2Fet9dLE41bYVX0lTdM8%2F01onZTEtXaSNzhyhXhksMvTl1NjTJzoDo7vIe7B5NEs5MnDKeqi%2BPxf03x9isjLf3JFT1p017FCntlNN82PUvyCuvaDRM8ntMC9ZjuB%2FUzZSDRpp854s3LnxOtxZ6WJ3sK1FynNgmtXs%2BElwysa9SUoq3NwMYmbP%2FXPbgTQc61HbC1Gf9A4%2FSug%2FKMNBU3ZfFstGIl4nGTCPc3RljJIJ4iokTZbtjBXaOlHOe4KYftpJBTZWzKN4RyMstklCf6jznBz2w%2BKZLWNCCit5RwrOx%2BHjODx0aVVzJCClhdOllkkv8JhCcfKTEqQKV3%2BTmEjmC5lGahTYPc%2Fj5i%2BLj05Yv%2BSbmDE%2BuGSkn044psyAJRukinqU0g77zabszfq0scW%2Br4xC9oxjnZn4XeAyplGyXLfwnqiD6ArZqWbjzepJOn7oL08%2BtLIAjO0RAuKY1Cm%2FwkMfzJrKp5B7lkvQkEVqcsS136tfoZkSa1is14MNELmujoxjxyiVrCSVQ22r%2FtvVcwmQZjw4dHXcRS6Rtj9F8Lnz7l1RYiu9PnAw6kxu5qHhIe%2Btnb2oxeI3rXVHQVFqKA4IBCz57w97B0l20leSfuYYztUkC9YKO8h8bGL0xdQukJOHaGDsjTdwGPiHi3gC6UVaX%2B%2Fx5QxUAFErFBIkXKtQhgwJofb7DQdwp9jxvzJZLW41h9xHWdhbzizD%2B%2Fh%2B3QQLcResTmRyjfjz1PFbJVjHXog1QAZrWpyJAgN516G1f%2BpSvGPcYZJ1%2FyEEpwxWUYcLDDcl8JozXQdTkgQIM4jinx0hoJp7CKsIK0zqNaZmUEoA49NyWzJc%2FMChhHmRZ9WA4%2BmknAX4SNdPOmif3bTPJNIgCXBh9WgFwLWrVEHMnLfQcGWeaLdYd7%2BXv1YEFjP25X6onBRUUpj3JiQ%2FC53Y4JrQ16Q%2FVZa4k0U7ZzKjn2VvhbZ5HrxLKn6dpbKx1vqVYaMK2IeLIBTd8L0MMg6i%2BeWFQQm0FmlS4Wn5ftJ7chvW3l4sn1B0Ls%2B7JkRjiHqFFEsr%2FvW2FQoAeTsK9vbi4KHBF%2Fmx%2FUlYi%2FUOPE0FB9OG3TUTly%2BR0P38zjmYzVdZQsaFhYiqT53a%2FmlXn%2FCI2C%2FQr4RsmIg0ISSgy799O5E1hERk62SIEZuwd3brQuhzmdpss4ZybyOFw8WuV4U%2BrPz7JOWoX7u2cRxcBktlJMFNgQ%2BCI8nkQmuVeVmsm1HjQiPBKz6G8n%2BoGy%2B4C4oibwpTmxgMtbVHRlG0VaAIsFYmwozSZhpSsMYWN7OrZX4pYFSc3%2FHI1tpo9a8mImObNDD4MgHY1MhwnlnJG9Sdhh0hoAgG6tHmLNHeUWSB2f13gK7YUPSoIGF8lsjj0BvYXI8dxaLHysSTQ15cjmaumkDPwfZ%2FKOuyuXij167VKP8DD0ZqmQwKXUQ5eKEd7cG7EwzHxmDAmbw2zpkpUqM%2Fgde27zZ5k5JsBi%2Fqsnx6zPwjTbiUsWAZ1Eqi%2F0lk0cUUC%2FeE4XXT%2B%2FVvMaiOeenlqBZj2BNMssEmBI7bLg0w5RPBA6zW29caBpmguZc5cWshpjKgg9NFTs9Hqdf1vc76GIlHntWyH6ccIAbCkGFXCtax97TItYTKzpRsgGsNxL68hckd7sbYAC6mXFhNMeEHe1L96Cn4%2BilYXQmN%2BK3; CF=fPyd4rkEZyzwzdDwS11NJg__
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Fri, 10 May 2024 21:02:04 GMT
Content-Type: image/png
Content-Length: 5244
Connection: keep-alive
Last-Modified: Fri, 04 Feb 2022 08:47:53 GMT
ETag: "61fce839-147c"
Expires: Sun, 09 Jun 2024 21:02:04 GMT
Cache-Control: max-age=2592000, private
Accept-Ranges: bytes

befjajh.offerdate.link/track.php

178.162.199.80

200 OK

20 B

URL POST HTTP/1.1
befjajh.offerdate.link/track.php
IP
178.162.199.80:443
ASN
#28753 Leaseweb Deutschland GmbH

Requested by
https://befjajh.offerdate.link/s/62cf1c2250951?track=looker3
Certificate
IssuerLet's Encrypt
Subjectofferdate.link
Fingerprint73:51:3A:FA:D1:47:5F:89:83:B8:C9:7B:8B:EE:0C:59:3C:2C:D5:FD
ValidityThu, 25 Apr 2024 09:57:39 GMT - Wed, 24 Jul 2024 09:57:38 GMT

File type
gzip compressed data, from Unix
Size
20 B (20 bytes)
Hash
7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /track.php HTTP/1.1
Host: befjajh.offerdate.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 2473
Origin: https://befjajh.offerdate.link
DNT: 1
Connection: keep-alive
Referer: https://befjajh.offerdate.link/s/62cf1c2250951?track=looker3
Cookie: s=LGUkzcjlNoqpLIbU4PDUb7C2KSjXDPNODVr1wlX5O0BoZgSAtr2gSz%2BY%2Bnm0VSmzt3WC62P9BXPNQ87m36QoZyB%2B3vmXHuNZ%2FRe4zyBDYU3f4rvNscvnV8aQQGiTiGc%2FxjU0%2FtAmCSiEwCTDXczE%2BTo8cXUZuMBY2EzLZ%2BjK9V1FlaewI%2Fet9dLE41bYVX0lTdM8%2F01onZTEtXaSNzhyhXhksMvTl1NjTJzoDo7vIe7B5NEs5MnDKeqi%2BPxf03x9isjLf3JFT1p017FCntlNN82PUvyCuvaDRM8ntMC9ZjuB%2FUzZSDRpp854s3LnxOtxZ6WJ3sK1FynNgmtXs%2BElwysa9SUoq3NwMYmbP%2FXPbgTQc61HbC1Gf9A4%2FSug%2FKMNBU3ZfFstGIl4nGTCPc3RljJIJ4iokTZbtjBXaOlHOe4KYftpJBTZWzKN4RyMstklCf6jznBz2w%2BKZLWNCCit5RwrOx%2BHjODx0aVVzJCClhdOllkkv8JhCcfKTEqQKV3%2BTmEjmC5lGahTYPc%2Fj5i%2BLj05Yv%2BSbmDE%2BuGSkn044psyAJRukinqU0g77zabszfq0scW%2Br4xC9oxjnZn4XeAyplGyXLfwnqiD6ArZqWbjzepJOn7oL08%2BtLIAjO0RAuKY1Cm%2FwkMfzJrKp5B7lkvQkEVqcsS136tfoZkSa1is14MNELmujoxjxyiVrCSVQ22r%2FtvVcwmQZjw4dHXcRS6Rtj9F8Lnz7l1RYiu9PnAw6kxu5qHhIe%2Btnb2oxeI3rXVHQVFqKA4IBCz57w97B0l20leSfuYYztUkC9YKO8h8bGL0xdQukJOHaGDsjTdwGPiHi3gC6UVaX%2B%2Fx5QxUAFErFBIkXKtQhgwJofb7DQdwp9jxvzJZLW41h9xHWdhbzizD%2B%2Fh%2B3QQLcResTmRyjfjz1PFbJVjHXog1QAZrWpyJAgN516G1f%2BpSvGPcYZJ1%2FyEEpwxWUYcLDDcl8JozXQdTkgQIM4jinx0hoJp7CKsIK0zqNaZmUEoA49NyWzJc%2FMChhHmRZ9WA4%2BmknAX4SNdPOmif3bTPJNIgCXBh9WgFwLWrVEHMnLfQcGWeaLdYd7%2BXv1YEFjP25X6onBRUUpj3JiQ%2FC53Y4JrQ16Q%2FVZa4k0U7ZzKjn2VvhbZ5HrxLKn6dpbKx1vqVYaMK2IeLIBTd8L0MMg6i%2BeWFQQm0FmlS4Wn5ftJ7chvW3l4sn1B0Ls%2B7JkRjiHqFFEsr%2FvW2FQoAeTsK9vbi4KHBF%2Fmx%2FUlYi%2FUOPE0FB9OG3TUTly%2BR0P38zjmYzVdZQsaFhYiqT53a%2FmlXn%2FCI2C%2FQr4RsmIg0ISSgy799O5E1hERk62SIEZuwd3brQuhzmdpss4ZybyOFw8WuV4U%2BrPz7JOWoX7u2cRxcBktlJMFNgQ%2BCI8nkQmuVeVmsm1HjQiPBKz6G8n%2BoGy%2B4C4oibwpTmxgMtbVHRlG0VaAIsFYmwozSZhpSsMYWN7OrZX4pYFSc3%2FHI1tpo9a8mImObNDD4MgHY1MhwnlnJG9Sdhh0hoAgG6tHmLNHeUWSB2f13gK7YUPSoIGF8lsjj0BvYXI8dxaLHysSTQ15cjmaumkDPwfZ%2FKOuyuXij167VKP8DD0ZqmQwKXUQ5eKEd7cG7EwzHxmDAmbw2zpkpUqM%2Fgde27zZ5k5JsBi%2Fqsnx6zPwjTbiUsWAZ1Eqi%2F0lk0cUUC%2FeE4XXT%2B%2FVvMaiOeenlqBZj2BNMssEmBI7bLg0w5RPBA6zW29caBpmguZc5cWshpjKgg9NFTs9Hqdf1vc76GIlHntWyH6ccIAbCkGFXCtax97TItYTKzpRsgGsNxL68hckd7sbYAC6mXFhNMeEHe1L96Cn4%2BilYXQmN%2BK3; CF=fPyd4rkEZyzwzdDwS11NJg__
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Fri, 10 May 2024 21:02:04 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding, Accept-Encoding
Content-Encoding: gzip

ocsp.r2m03.amazontrust.com/

143.204.53.97

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
143.204.53.97:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
990003181a115fe28f8a9214128a0a5e
0302cd3c73baa999a7de3aeeea0874673c3baebc
3fa58cfd83ab931958d2d7e412398933c1c8177eda265774ae681499e0a882b3

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: max-age=7200
Date: Fri, 10 May 2024 21:02:04 GMT
Server: ECAcc (amb/6BDA)
X-Cache: Miss from cloudfront
Via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: kNjA4jQE8G-sVzcSW9iV8wpo1YGwN87ObjYXuDDHSPcw-Y3ZqfJcyQ==

guard.cdtbox.rocks/color?x=1&forScheme=aHR0cHM6Ly9iZWZqYWpoLm9mZmVyZGF0ZS5saW5rL3MvNjJjZjFjMjI1MDk1MT90cmFjaz1sb29rZXIz

34.197.244.106

200 OK

2 B

URL GET HTTP/2
guard.cdtbox.rocks/color?x=1&forScheme=aHR0cHM6Ly9iZWZqYWpoLm9mZmVyZGF0ZS5saW5rL3MvNjJjZjFjMjI1MDk1MT90cmFjaz1sb29rZXIz
IP
34.197.244.106:443
ASN
#14618 AMAZON-AES

Requested by
https://befjajh.offerdate.link/s/62cf1c2250951?track=looker3
Certificate
IssuerAmazon
Subjectguard.cdtbox.rocks
Fingerprint13:8A:B9:08:45:9D:9D:0C:79:05:42:81:97:00:34:A5:FD:92:F8:97
ValiditySat, 13 Apr 2024 00:00:00 GMT - Sun, 11 May 2025 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

HTTP Headers

GET /color?x=1&forScheme=aHR0cHM6Ly9iZWZqYWpoLm9mZmVyZGF0ZS5saW5rL3MvNjJjZjFjMjI1MDk1MT90cmFjaz1sb29rZXIz HTTP/1.1
Host: guard.cdtbox.rocks
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://befjajh.offerdate.link
DNT: 1
Connection: keep-alive
Referer: https://befjajh.offerdate.link/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 21:02:05 GMT
content-type: application/json
content-length: 2
server: nginx
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: *
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (8)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (23)

URL

IP