| nouneewaujy.com/contents/s/7f/e0/87/ec768bb6ac72e3c1728524a922/0138943266426.png |  172.67.217.146 | 200 OK | 18 kB |
URL GET HTTP/3nouneewaujy.com/contents/s/7f/e0/87/ec768bb6ac72e3c1728524a922/0138943266426.png IP172.67.217.146:443
Requested byhttps://nouneewaujy.com/?l=JojKjUcBbvClUwI&b=20484211&z=6330216&s=a170bntir6j7sfef82&campid=AGE_0_3&var=786250&ymid=a170bntir6j7sfef82 CertificateIssuerGoogle Trust Services LLC Subjectnouneewaujy.com Fingerprint23:3C:AC:CD:E5:E0:B2:05:3D:12:0F:4E:01:D2:EB:E7:9E:6C:8D:85 ValidityTue, 23 Apr 2024 11:11:53 GMT - Mon, 22 Jul 2024 11:11:52 GMT
File typePNG image data, 258 x 239, 8-bit colormap, non-interlaced Hash7fe087ec768bb6ac72e3c1728524a922 7abb136f8c33b8665c648da8ba80083b9c89db94 c3c21eae9131d8159ee9f1d66b1e35095c4292273290b2f1c73042231fe0c5e0
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /contents/s/7f/e0/87/ec768bb6ac72e3c1728524a922/0138943266426.png HTTP/1.1
Host: nouneewaujy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nouneewaujy.com/?l=JojKjUcBbvClUwI&b=20484211&z=6330216&s=a170bntir6j7sfef82&campid=AGE_0_3&var=786250&ymid=a170bntir6j7sfef82
Cookie: reverse=_y2bv6Fy27V1tI7vSLW_qHQhOvLGP7rpu3dZcDG6Uk4; OAID=742358a0d021867c7211c0e4d9f6ed74; oaidts=1715368541
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 19:15:41 GMT
content-type: image/png
content-length: 18434
last-modified: Tue, 13 Feb 2024 16:37:51 GMT
vary: Accept-Encoding
etag: "65cb9adf-4802"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=86400
cf-cache-status: HIT
age: 4967
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8FL7Nr7b3kEVDCQElkcMubIpLFk1ISbhNW36ZDUNQPD3jvbJiPqmu19%2Bi9ZaiqA9XiC9nXKSi2xX8zJzoUemVD0spv0hfyn4eluwngqI%2B9t8%2BFuJR%2Fqk%2BtHkq9bO8MbwhHc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881c42678f7656bb-OSL
alt-svc: h3=":443"; ma=86400
|
|
| littlecdn.com/apps/templates/modal/big-modal-bg-fullcolor/build/main.js?v3456623388005 | 172.67.10.98 | 200 OK | 1 B |
URL GET HTTP/2littlecdn.com/apps/templates/modal/big-modal-bg-fullcolor/build/main.js?v3456623388005 IP172.67.10.98:443
Requested byhttps://nouneewaujy.com/?l=JojKjUcBbvClUwI&b=20484211&z=6330216&s=a170bntir6j7sfef82&campid=AGE_0_3&var=786250&ymid=a170bntir6j7sfef82 CertificateIssuerLet's Encrypt Subjectlittlecdn.com FingerprintFF:86:21:24:8E:21:B3:E4:6D:43:EF:9E:9E:F0:C2:37:3D:27:04:67 ValidityThu, 09 May 2024 02:26:29 GMT - Wed, 07 Aug 2024 02:26:28 GMT
File typevery short file (no magic) Hash68b329da9893e34099c7d8ad5cb9c940 adc83b19e793491b1c6ea0fd8b46cd9f32e592fc 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
GET /apps/templates/modal/big-modal-bg-fullcolor/build/main.js?v3456623388005 HTTP/1.1
Host: littlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nouneewaujy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:15:41 GMT
content-type: application/javascript
content-length: 1
last-modified: Wed, 08 May 2024 13:30:45 GMT
vary: Accept-Encoding
etag: "663b7e85-1"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=3600
cf-cache-status: HIT
age: 30
accept-ranges: bytes
server: cloudflare
cf-ray: 881c4267ff9956c6-OSL
X-Firefox-Spdy: h2
|
|
| my.rtmark.net/gid.js?userId=742358a0d021867c7211c0e4d9f6ed74 |  139.45.195.8 | 200 OK | 65 B |
URL GET HTTP/2my.rtmark.net/gid.js?userId=742358a0d021867c7211c0e4d9f6ed74 IP139.45.195.8:443
Requested byhttps://nouneewaujy.com/?l=JojKjUcBbvClUwI&b=20484211&z=6330216&s=a170bntir6j7sfef82&campid=AGE_0_3&var=786250&ymid=a170bntir6j7sfef82 CertificateIssuerLet's Encrypt Subjectrtmark.net FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT
Hash57c0155169a8c8c15b2eb07541b090de 14aeca03774d85982447c12869ea6e08b1675185 05c87c674d833770a460f1a41ab4c314196943fb5975589265fde13e00578b12
GET /gid.js?userId=742358a0d021867c7211c0e4d9f6ed74 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nouneewaujy.com/
Origin: https://nouneewaujy.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 19:15:41 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://nouneewaujy.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=742358a0d021867c7211c0e4d9f6ed74; expires=Sat, 10 May 2025 19:15:41 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| my.rtmark.net/gid.js | 139.45.195.8 | 200 OK | 65 B |
IP139.45.195.8:443
Requested byhttps://nouneewaujy.com/?l=JojKjUcBbvClUwI&b=20484211&z=6330216&s=a170bntir6j7sfef82&campid=AGE_0_3&var=786250&ymid=a170bntir6j7sfef82 CertificateIssuerLet's Encrypt Subjectrtmark.net FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT
Hash6e2ba146941a981822cad58fa9b24a18 42c829236c5ac6e3d174a2e1357d75ca559264bc 95085ad75092c5ea30edc1c77bfa53277fcc4562d5af2227d5f97512abcbfc3f
GET /gid.js HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nouneewaujy.com/
Origin: https://nouneewaujy.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 19:15:41 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://nouneewaujy.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=0800580b7e664610e935727bd5a44a28; expires=Sat, 10 May 2025 19:15:41 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| nouneewaujy.com/zone?&pub=0&zone_id=6304462&is_mobile=false&domain=nouneewaujy.com&var=6330216&ymid=786250&var_3=20484211_AGE_0_3&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=f593c9cd-eb85-4165-b468-167324bb06a7&action=prerequest | 172.67.217.146 | 200 OK | 0 B |
URL POST HTTP/3nouneewaujy.com/zone?&pub=0&zone_id=6304462&is_mobile=false&domain=nouneewaujy.com&var=6330216&ymid=786250&var_3=20484211_AGE_0_3&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=f593c9cd-eb85-4165-b468-167324bb06a7&action=prerequest IP172.67.217.146:443
Requested byhttps://nouneewaujy.com/?l=JojKjUcBbvClUwI&b=20484211&z=6330216&s=a170bntir6j7sfef82&campid=AGE_0_3&var=786250&ymid=a170bntir6j7sfef82 CertificateIssuerGoogle Trust Services LLC Subjectnouneewaujy.com Fingerprint23:3C:AC:CD:E5:E0:B2:05:3D:12:0F:4E:01:D2:EB:E7:9E:6C:8D:85 ValidityTue, 23 Apr 2024 11:11:53 GMT - Mon, 22 Jul 2024 11:11:52 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
POST /zone?&pub=0&zone_id=6304462&is_mobile=false&domain=nouneewaujy.com&var=6330216&ymid=786250&var_3=20484211_AGE_0_3&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=f593c9cd-eb85-4165-b468-167324bb06a7&action=prerequest HTTP/1.1
Host: nouneewaujy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nouneewaujy.com
DNT: 1
Connection: keep-alive
Referer: https://nouneewaujy.com/?l=JojKjUcBbvClUwI&b=20484211&z=6330216&s=a170bntir6j7sfef82&campid=AGE_0_3&var=786250&ymid=a170bntir6j7sfef82
Cookie: reverse=_y2bv6Fy27V1tI7vSLW_qHQhOvLGP7rpu3dZcDG6Uk4; OAID=742358a0d021867c7211c0e4d9f6ed74; oaidts=1715368541
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 19:15:41 GMT
content-length: 0
x-trace-id: 1e32727c668700c4bb12d580034b8f2f
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://nouneewaujy.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V8CznOE2nh3xOaG7k6Ui0f%2B8dFGQg6QXSPn5L3lyTl9Q3fLFrTOSYc78QY8aVUqYt2qcRavfAlHePe8Wt0pDrLlBQGqsIhXdb8lb6Yg34e7m23kiYaUAQvFfHB8Hcs0fNoc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881c4268a8da56bb-OSL
alt-svc: h3=":443"; ma=86400
|
|
| jouteetu.net/custom | 139.45.197.251 | 200 OK | 39 B |
IP139.45.197.251:443
Requested byhttps://nouneewaujy.com/?l=JojKjUcBbvClUwI&b=20484211&z=6330216&s=a170bntir6j7sfef82&campid=AGE_0_3&var=786250&ymid=a170bntir6j7sfef82 CertificateIssuerLet's Encrypt Subjectjouteetu.net FingerprintF5:94:3C:5E:6B:54:1A:97:82:F8:7E:1F:C2:51:04:8C:FB:F5:CF:65 ValidityWed, 13 Mar 2024 19:38:02 GMT - Tue, 11 Jun 2024 19:38:01 GMT
Hash058b158c2be925f556454ef762d93538 cc6fc563b4b6baee880fdbc7fcfaa134978e33c9 ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 424
Origin: https://nouneewaujy.com
DNT: 1
Connection: keep-alive
Referer: https://nouneewaujy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 19:15:41 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: c3983c0552348a12597ebf0274d9a6d7
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://nouneewaujy.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| jouteetu.net/custom | 139.45.197.251 | 200 OK | 39 B |
IP139.45.197.251:443
Requested byhttps://nouneewaujy.com/?l=JojKjUcBbvClUwI&b=20484211&z=6330216&s=a170bntir6j7sfef82&campid=AGE_0_3&var=786250&ymid=a170bntir6j7sfef82 CertificateIssuerLet's Encrypt Subjectjouteetu.net FingerprintF5:94:3C:5E:6B:54:1A:97:82:F8:7E:1F:C2:51:04:8C:FB:F5:CF:65 ValidityWed, 13 Mar 2024 19:38:02 GMT - Tue, 11 Jun 2024 19:38:01 GMT
Hash058b158c2be925f556454ef762d93538 cc6fc563b4b6baee880fdbc7fcfaa134978e33c9 ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 422
Origin: https://nouneewaujy.com
DNT: 1
Connection: keep-alive
Referer: https://nouneewaujy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 19:15:41 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: ed9f57a8cec79922952e811797196ba5
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://nouneewaujy.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| jouteetu.net/custom | 139.45.197.251 | 200 OK | 39 B |
IP139.45.197.251:443
Requested byhttps://nouneewaujy.com/?l=JojKjUcBbvClUwI&b=20484211&z=6330216&s=a170bntir6j7sfef82&campid=AGE_0_3&var=786250&ymid=a170bntir6j7sfef82 CertificateIssuerLet's Encrypt Subjectjouteetu.net FingerprintF5:94:3C:5E:6B:54:1A:97:82:F8:7E:1F:C2:51:04:8C:FB:F5:CF:65 ValidityWed, 13 Mar 2024 19:38:02 GMT - Tue, 11 Jun 2024 19:38:01 GMT
Hash058b158c2be925f556454ef762d93538 cc6fc563b4b6baee880fdbc7fcfaa134978e33c9 ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 425
Origin: https://nouneewaujy.com
DNT: 1
Connection: keep-alive
Referer: https://nouneewaujy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 19:15:41 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 5c7c85b3964c2199c237be34ca507daf
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://nouneewaujy.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| amunfezanttor.com/event | 139.45.197.250 | 200 OK | 0 B |
IP139.45.197.250:443
Requested byhttps://nouneewaujy.com/?l=JojKjUcBbvClUwI&b=20484211&z=6330216&s=a170bntir6j7sfef82&campid=AGE_0_3&var=786250&ymid=a170bntir6j7sfef82 CertificateIssuerLet's Encrypt Subjectamunfezanttor.com FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://nouneewaujy.com/
Origin: https://nouneewaujy.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 19:15:41 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://nouneewaujy.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2
|
|
| nouneewaujy.com/track-impression-applab?z=6330216&b=20484211&ymid=a170bntir6j7sfef82&var=786250&var_3=20484211_AGE_0_3&redirect=false&redirectUrl=https%3A%2F%2Ftoplaying.pro%2Fyz992c%3Fexternal_id%3D%24%7BSUBID%7D%26source%3D6330216_786250%26ad_campaign_id%3Dzeydoocrypto%26land_state%3Dbefore_render%26land_id%3DJojKjUcBbvClUwI%26land_generation_time%3D2024-05-10_14%3A15%3A41%26land_error_code%3D%26ruid%3D%7Bruid%7D%26mgeo%3D%7Bmgeo%7D%26oaid%3D742358a0d021867c7211c0e4d9f6ed74%26land_type%3Drtr%26isPushSubscribed%3Dfalse%26isPushAlreadySubscribed%3Dfalse%26land_tracker%3Dmarker%26land_purchase_method%3Dapk&os_version=x86.64 | 172.67.217.146 | 200 OK | 522 B |
URL GET HTTP/3nouneewaujy.com/track-impression-applab?z=6330216&b=20484211&ymid=a170bntir6j7sfef82&var=786250&var_3=20484211_AGE_0_3&redirect=false&redirectUrl=https%3A%2F%2Ftoplaying.pro%2Fyz992c%3Fexternal_id%3D%24%7BSUBID%7D%26source%3D6330216_786250%26ad_campaign_id%3Dzeydoocrypto%26land_state%3Dbefore_render%26land_id%3DJojKjUcBbvClUwI%26land_generation_time%3D2024-05-10_14%3A15%3A41%26land_error_code%3D%26ruid%3D%7Bruid%7D%26mgeo%3D%7Bmgeo%7D%26oaid%3D742358a0d021867c7211c0e4d9f6ed74%26land_type%3Drtr%26isPushSubscribed%3Dfalse%26isPushAlreadySubscribed%3Dfalse%26land_tracker%3Dmarker%26land_purchase_method%3Dapk&os_version=x86.64 IP172.67.217.146:443
Requested byhttps://nouneewaujy.com/?l=JojKjUcBbvClUwI&b=20484211&z=6330216&s=a170bntir6j7sfef82&campid=AGE_0_3&var=786250&ymid=a170bntir6j7sfef82 CertificateIssuerGoogle Trust Services LLC Subjectnouneewaujy.com Fingerprint23:3C:AC:CD:E5:E0:B2:05:3D:12:0F:4E:01:D2:EB:E7:9E:6C:8D:85 ValidityTue, 23 Apr 2024 11:11:53 GMT - Mon, 22 Jul 2024 11:11:52 GMT
Hashccf6b7e19009b6740cd1263ab7ffe4d2 6b10e807ac4834418261ae9654ee2f4e80179ba1 2206c822110cb5e1c70d9b3a1bf47f3577e7ce9d0ca3eec5f413451710aee9ce
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /track-impression-applab?z=6330216&b=20484211&ymid=a170bntir6j7sfef82&var=786250&var_3=20484211_AGE_0_3&redirect=false&redirectUrl=https%3A%2F%2Ftoplaying.pro%2Fyz992c%3Fexternal_id%3D%24%7BSUBID%7D%26source%3D6330216_786250%26ad_campaign_id%3Dzeydoocrypto%26land_state%3Dbefore_render%26land_id%3DJojKjUcBbvClUwI%26land_generation_time%3D2024-05-10_14%3A15%3A41%26land_error_code%3D%26ruid%3D%7Bruid%7D%26mgeo%3D%7Bmgeo%7D%26oaid%3D742358a0d021867c7211c0e4d9f6ed74%26land_type%3Drtr%26isPushSubscribed%3Dfalse%26isPushAlreadySubscribed%3Dfalse%26land_tracker%3Dmarker%26land_purchase_method%3Dapk&os_version=x86.64 HTTP/1.1
Host: nouneewaujy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nouneewaujy.com/?l=JojKjUcBbvClUwI&b=20484211&z=6330216&s=a170bntir6j7sfef82&campid=AGE_0_3&var=786250&ymid=a170bntir6j7sfef82
DNT: 1
Connection: keep-alive
Cookie: reverse=_y2bv6Fy27V1tI7vSLW_qHQhOvLGP7rpu3dZcDG6Uk4; OAID=742358a0d021867c7211c0e4d9f6ed74; oaidts=1715368541; syncedCookie=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 19:15:41 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
x-trace-id: e6b6db664d67b5bb3601de6031acc12d
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: *
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WQaCwp0Dka17qoH51aKcO0d3YNU6DX0OBsCUFzRLz0P%2FiBXa2J7NmKUGFlqFnZ3jrSHj22%2F7LzERC5JCH7%2FYYpjiL1HBQpqiEldwkg4hoYczsQ6ndIyOq9H1Uou7r8OcCuo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881c4269196a56bb-OSL
alt-svc: h3=":443"; ma=86400
|
|
| datatechone.com/log/add?cid=79b8b31a-f5b5-449e-9c97-e907dd6cec81&ruid=a3874c7f-6a5b-4e33-ac64-9308fedf076c |  37.48.68.71 | 200 OK | 2 B |
URL POST HTTP/1.1datatechone.com/log/add?cid=79b8b31a-f5b5-449e-9c97-e907dd6cec81&ruid=a3874c7f-6a5b-4e33-ac64-9308fedf076c IP37.48.68.71:443 ASN#60781 LeaseWeb Netherlands B.V.
Requested byhttps://nouneewaujy.com/?l=JojKjUcBbvClUwI&b=20484211&z=6330216&s=a170bntir6j7sfef82&campid=AGE_0_3&var=786250&ymid=a170bntir6j7sfef82 CertificateIssuerSectigo Limited Subjectdatatechone.com FingerprintFD:AA:8A:21:49:9F:48:59:78:C7:B2:00:75:4F:CD:2C:AF:49:2C:37 ValiditySun, 10 Dec 2023 00:00:00 GMT - Mon, 23 Dec 2024 23:59:59 GMT
File typeASCII text, with no line terminators Hash444bcb3a3fcf8389296c49467f27e1d6 7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
POST /log/add?cid=79b8b31a-f5b5-449e-9c97-e907dd6cec81&ruid=a3874c7f-6a5b-4e33-ac64-9308fedf076c HTTP/1.1
Host: datatechone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1468
Origin: https://nouneewaujy.com
DNT: 1
Connection: keep-alive
Referer: https://nouneewaujy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Fri, 10 May 2024 19:15:41 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
Access-Control-Allow-Origin: https://nouneewaujy.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
|
|
| nouneewaujy.com/favicon.ico | 172.67.217.146 | 204 No Content | 0 B |
URL GET HTTP/3nouneewaujy.com/favicon.ico IP172.67.217.146:443
Requested byhttps://nouneewaujy.com/?l=JojKjUcBbvClUwI&b=20484211&z=6330216&s=a170bntir6j7sfef82&campid=AGE_0_3&var=786250&ymid=a170bntir6j7sfef82 CertificateIssuerGoogle Trust Services LLC Subjectnouneewaujy.com Fingerprint23:3C:AC:CD:E5:E0:B2:05:3D:12:0F:4E:01:D2:EB:E7:9E:6C:8D:85 ValidityTue, 23 Apr 2024 11:11:53 GMT - Mon, 22 Jul 2024 11:11:52 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: nouneewaujy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nouneewaujy.com/?l=JojKjUcBbvClUwI&b=20484211&z=6330216&s=a170bntir6j7sfef82&campid=AGE_0_3&var=786250&ymid=a170bntir6j7sfef82
Cookie: reverse=_y2bv6Fy27V1tI7vSLW_qHQhOvLGP7rpu3dZcDG6Uk4; OAID=0800580b7e664610e935727bd5a44a28; oaidts=1715368541; syncedCookie=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
date: Fri, 10 May 2024 19:15:41 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=86400
cf-cache-status: HIT
age: 4318
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cEV49fvVfJBa4TywFMSuLbZIR1%2BTMgJ5mYjo6hf5HyQJ4hiwhbMl9OuBIo%2F5VYpYajcrJHJlfNOo57ca%2Fvis9gd0wR8hJj2nLzyeqKmLvOsK36kDsvPdiBZ55rm%2BzfQTOqs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c426aebd556bb-OSL
alt-svc: h3=":443"; ma=86400
|
|
| nouneewaujy.com/?l=JojKjUcBbvClUwI&b=20484211&z=6330216&s=a170bntir6j7sfef82&campid=AGE_0_3&var=786250&ymid=a170bntir6j7sfef82&mprtr=1&os_version=x86.64 | 172.67.217.146 | 200 OK | 5.6 kB |
URL POST HTTP/3nouneewaujy.com/?l=JojKjUcBbvClUwI&b=20484211&z=6330216&s=a170bntir6j7sfef82&campid=AGE_0_3&var=786250&ymid=a170bntir6j7sfef82&mprtr=1&os_version=x86.64 IP172.67.217.146:443
Requested byhttps://nouneewaujy.com/?l=JojKjUcBbvClUwI&b=20484211&z=6330216&s=a170bntir6j7sfef82&campid=AGE_0_3&var=786250&ymid=a170bntir6j7sfef82 CertificateIssuerGoogle Trust Services LLC Subjectnouneewaujy.com Fingerprint23:3C:AC:CD:E5:E0:B2:05:3D:12:0F:4E:01:D2:EB:E7:9E:6C:8D:85 ValidityTue, 23 Apr 2024 11:11:53 GMT - Mon, 22 Jul 2024 11:11:52 GMT
Hash99914b932bd37a50b983c5e7c90ae93b bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
POST /?l=JojKjUcBbvClUwI&b=20484211&z=6330216&s=a170bntir6j7sfef82&campid=AGE_0_3&var=786250&ymid=a170bntir6j7sfef82&mprtr=1&os_version=x86.64 HTTP/1.1
Host: nouneewaujy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nouneewaujy.com
DNT: 1
Connection: keep-alive
Referer: https://nouneewaujy.com/?l=JojKjUcBbvClUwI&b=20484211&z=6330216&s=a170bntir6j7sfef82&campid=AGE_0_3&var=786250&ymid=a170bntir6j7sfef82
Cookie: reverse=_y2bv6Fy27V1tI7vSLW_qHQhOvLGP7rpu3dZcDG6Uk4; OAID=742358a0d021867c7211c0e4d9f6ed74; oaidts=1715368541
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 19:15:41 GMT
content-type: application/json
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GB4y6YA%2FIXsEaGpjvQ1qU6ZqasyCTkoAqo4QjZJGtucIAyolM7g%2FP2caZkmOub5C3WckceHI1dbDgghADJKycKCThq8p%2FH95TpXVYzbWX0%2BzsEe4IjiPXeLofyGNdDgBo8U%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881c426888a256bb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| cdntechone.com/stattag.js | 172.67.195.28 | 200 OK | 12 kB |
URL GET HTTP/2cdntechone.com/stattag.js IP172.67.195.28:443
Requested byhttps://nouneewaujy.com/?l=JojKjUcBbvClUwI&b=20484211&z=6330216&s=a170bntir6j7sfef82&campid=AGE_0_3&var=786250&ymid=a170bntir6j7sfef82 CertificateIssuerGoogle Trust Services LLC Subjectcdntechone.com Fingerprint3D:20:D4:11:5D:06:B3:63:9C:08:BF:D9:D9:16:22:D5:DC:3B:9A:CB ValidityMon, 22 Apr 2024 03:33:58 GMT - Sun, 21 Jul 2024 03:33:57 GMT
File typeJavaScript source, ASCII text, with very long lines (18452) Hashbec2755dff94190fec0365b0db53807b f98c36e7e9e06325d03fe39c3b98879062fc2704 ccb15ff22ece6946136f1501ab3ae74155399187c8e85beb10399d56bb8e149a
GET /stattag.js HTTP/1.1
Host: cdntechone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nouneewaujy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:15:41 GMT
content-type: application/javascript
last-modified: Wed, 07 Feb 2024 12:51:04 GMT
etag: W/"65c37cb8-4a9e"
link: <https://datatechone.com/>; rel=preconnect; crossorigin, <https://datatechonert.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 2320
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F9vwwh%2BtbJeb2SizSq8druXqIBnxZPqBmMJbi3iH%2FxB3WUNykrV8fQXTaVRo%2Fe2foIHjP1BiJ1mVV%2BY1AkZ81X%2Bm3c69QUhp%2FWdXwsDQIRpu%2Bdz5yH3PaX9OiDpmHuHexg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c4268e988568d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| nouneewaujy.com/rotate?zz=6355835&var=6330216&ymid=786250&uid=0800580b7e664610e935727bd5a44a28&var_4=a170bntir6j7sfef82&os_version=x86.64 | 172.67.217.146 | 200 OK | 677 B |
URL GET HTTP/3nouneewaujy.com/rotate?zz=6355835&var=6330216&ymid=786250&uid=0800580b7e664610e935727bd5a44a28&var_4=a170bntir6j7sfef82&os_version=x86.64 IP172.67.217.146:443
Requested byhttps://nouneewaujy.com/?l=JojKjUcBbvClUwI&b=20484211&z=6330216&s=a170bntir6j7sfef82&campid=AGE_0_3&var=786250&ymid=a170bntir6j7sfef82 CertificateIssuerGoogle Trust Services LLC Subjectnouneewaujy.com Fingerprint23:3C:AC:CD:E5:E0:B2:05:3D:12:0F:4E:01:D2:EB:E7:9E:6C:8D:85 ValidityTue, 23 Apr 2024 11:11:53 GMT - Mon, 22 Jul 2024 11:11:52 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (687), with no line terminators Hash12cee3b7cd850fc50573b0b8d8469d5b 2acac02c115b9503096d6af18e51f0ec12e216d7 5fe9ce79574d55d8d38045f8231b24f90e6eaecfd1b656a8377b957920f56fbc
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /rotate?zz=6355835&var=6330216&ymid=786250&uid=0800580b7e664610e935727bd5a44a28&var_4=a170bntir6j7sfef82&os_version=x86.64 HTTP/1.1
Host: nouneewaujy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nouneewaujy.com/?l=JojKjUcBbvClUwI&b=20484211&z=6330216&s=a170bntir6j7sfef82&campid=AGE_0_3&var=786250&ymid=a170bntir6j7sfef82
DNT: 1
Connection: keep-alive
Cookie: reverse=_y2bv6Fy27V1tI7vSLW_qHQhOvLGP7rpu3dZcDG6Uk4; OAID=742358a0d021867c7211c0e4d9f6ed74; oaidts=1715368541; syncedCookie=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 19:15:41 GMT
content-type: application/javascript
vary: Accept-Encoding, Origin
x-trace-id: ffbdc38ef4268a4c7d6458e5af50602c
pragma: no-cache
timing-allow-origin: *
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-origin: https://nouneewaujy.com/
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
set-cookie: OAID=0800580b7e664610e935727bd5a44a28; expires=Sat, 10 May 2025 19:15:41 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Wwxi2WxvTLhcim9Z6pWXz3jWxnqBC2ccXtRfeveSxvDgaxz0%2Fe4HRC78O3SIxFuE7eP6Sa1cUPh%2FvKsL7m9KwMpy%2Fm0buUpD8Mnyuh4OUuKhk8m1Sal7L1OggMdrcOzjGeo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881c4269196b56bb-OSL
alt-svc: h3=":443"; ma=86400
|
|
| nouneewaujy.com/sw-check-permissions/6304462?var=6330216&var_3=20484211_AGE_0_3&ymid=786250&uhd=1&zoneId=6304462 | 172.67.217.146 | 200 OK | 1.3 kB |
URL GET HTTP/3nouneewaujy.com/sw-check-permissions/6304462?var=6330216&var_3=20484211_AGE_0_3&ymid=786250&uhd=1&zoneId=6304462 IP172.67.217.146:443
Requested byhttps://nouneewaujy.com/?l=JojKjUcBbvClUwI&b=20484211&z=6330216&s=a170bntir6j7sfef82&campid=AGE_0_3&var=786250&ymid=a170bntir6j7sfef82 CertificateIssuerGoogle Trust Services LLC Subjectnouneewaujy.com Fingerprint23:3C:AC:CD:E5:E0:B2:05:3D:12:0F:4E:01:D2:EB:E7:9E:6C:8D:85 ValidityTue, 23 Apr 2024 11:11:53 GMT - Mon, 22 Jul 2024 11:11:52 GMT
File typeASCII text, with very long lines (1420), with no line terminators Hash8db347f42089ada5e925824cd1ecb975 f32c7d2de2d116c18e0e5e0677247edb4eeffe6b cfbd1ae8a6415930f771581963b3c613e592b8dd48de94280c73a1d00d42892b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /sw-check-permissions/6304462?var=6330216&var_3=20484211_AGE_0_3&ymid=786250&uhd=1&zoneId=6304462 HTTP/1.1
Host: nouneewaujy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Referer: https://nouneewaujy.com/?l=JojKjUcBbvClUwI&b=20484211&z=6330216&s=a170bntir6j7sfef82&campid=AGE_0_3&var=786250&ymid=a170bntir6j7sfef82
Cookie: reverse=_y2bv6Fy27V1tI7vSLW_qHQhOvLGP7rpu3dZcDG6Uk4; OAID=742358a0d021867c7211c0e4d9f6ed74; oaidts=1715368541; syncedCookie=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 19:15:41 GMT
content-type: application/javascript
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D4YvUpNgMNOurwN3M%2FT9d%2F599CLjgdXhHF6Ge4aYTxZonaFxC%2Bx5SgCuhloGJRbMRJr9br8sFgjLVIYLAPwPRlGhWOpjpUH72nBLXlD66dqiAr6tLgQre9GL2kY7y8MlLPA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881c426969df56bb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| nouneewaujy.com/?l=JojKjUcBbvClUwI&b=20484211&z=6330216&s=a170bntir6j7sfef82&campid=AGE_0_3&var=786250&ymid=a170bntir6j7sfef82 | 172.67.217.146 | 200 OK | 52 kB |
URL User Request GET HTTP/2nouneewaujy.com/?l=JojKjUcBbvClUwI&b=20484211&z=6330216&s=a170bntir6j7sfef82&campid=AGE_0_3&var=786250&ymid=a170bntir6j7sfef82 IP172.67.217.146:443
CertificateIssuerGoogle Trust Services LLC Subjectnouneewaujy.com Fingerprint23:3C:AC:CD:E5:E0:B2:05:3D:12:0F:4E:01:D2:EB:E7:9E:6C:8D:85 ValidityTue, 23 Apr 2024 11:11:53 GMT - Mon, 22 Jul 2024 11:11:52 GMT
File typeHTML document, ASCII text, with very long lines (3300), with CRLF, LF line terminators Hash96b98c750df2e3f80e0e9b57044a97cb 8ecb514091003b6b68aad169cbf00a25e4da40b2 38ce8efb1a416e126e3e54b5fb9ed7cc4af0d4c004dfa69c3896a1892f5c7c84
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /?l=JojKjUcBbvClUwI&b=20484211&z=6330216&s=a170bntir6j7sfef82&campid=AGE_0_3&var=786250&ymid=a170bntir6j7sfef82 HTTP/1.1
Host: nouneewaujy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:15:41 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
set-cookie: reverse=_y2bv6Fy27V1tI7vSLW_qHQhOvLGP7rpu3dZcDG6Uk4; expires=Fri, 10-May-2024 20:15:41 GMT; Max-Age=3600; path=/
OAID=742358a0d021867c7211c0e4d9f6ed74; expires=Mon, 18-Sep-2079 14:31:22 GMT; Max-Age=1746904541; path=/
oaidts=1715368541; expires=Mon, 18-Sep-2079 14:31:22 GMT; Max-Age=1746904541; path=/
syncedCookie=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HqRrLwTuoq5Rfie%2FJCEeOxOzqsKkbvuK6INbTcnigtal1O0U2zpr0uocQd%2FPyMg3%2FqMX6XJVSOokED3Exir3oYn5I0mVzr3O6stfJbk9DJ8BFBM37wfBQ7i3DgsQ5rj056A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881c4265aae71c12-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| littlecdn.com/apps/templates/modal/big-modal-bg-fullcolor/build/main.css?v3456623388005 | 172.67.10.98 | 200 OK | 2.8 kB |
URL GET HTTP/2littlecdn.com/apps/templates/modal/big-modal-bg-fullcolor/build/main.css?v3456623388005 IP172.67.10.98:443
Requested byhttps://nouneewaujy.com/?l=JojKjUcBbvClUwI&b=20484211&z=6330216&s=a170bntir6j7sfef82&campid=AGE_0_3&var=786250&ymid=a170bntir6j7sfef82 CertificateIssuerLet's Encrypt Subjectlittlecdn.com FingerprintFF:86:21:24:8E:21:B3:E4:6D:43:EF:9E:9E:F0:C2:37:3D:27:04:67 ValidityThu, 09 May 2024 02:26:29 GMT - Wed, 07 Aug 2024 02:26:28 GMT
File typeASCII text, with very long lines (2805), with no line terminators Hashd4620a0d1dd8e86202c5be0398048981 34e177b83d656d8885504162cbd3c45ce49fd174 542af7026df42ea19336febf968c4d9492e832dd053bad4a5d33c11ed975fc2c
GET /apps/templates/modal/big-modal-bg-fullcolor/build/main.css?v3456623388005 HTTP/1.1
Host: littlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nouneewaujy.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:15:41 GMT
content-type: text/css
last-modified: Wed, 08 May 2024 13:30:45 GMT
vary: Accept-Encoding
etag: W/"663b7e85-af4"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=3600
cf-cache-status: HIT
age: 3501
server: cloudflare
cf-ray: 881c4267ef8c56c6-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| nouneewaujy.com/pfe/current/micro.tag.min.js?uhd=1&z=6304462&ymid=786250&var=6330216&sw=/sw-check-permissions/6304462&var_3=20484211_AGE_0_3&os_version=x86.64 | 172.67.217.146 | 200 OK | 37 kB |
URL GET HTTP/3nouneewaujy.com/pfe/current/micro.tag.min.js?uhd=1&z=6304462&ymid=786250&var=6330216&sw=/sw-check-permissions/6304462&var_3=20484211_AGE_0_3&os_version=x86.64 IP172.67.217.146:443
Requested byhttps://nouneewaujy.com/?l=JojKjUcBbvClUwI&b=20484211&z=6330216&s=a170bntir6j7sfef82&campid=AGE_0_3&var=786250&ymid=a170bntir6j7sfef82 CertificateIssuerGoogle Trust Services LLC Subjectnouneewaujy.com Fingerprint23:3C:AC:CD:E5:E0:B2:05:3D:12:0F:4E:01:D2:EB:E7:9E:6C:8D:85 ValidityTue, 23 Apr 2024 11:11:53 GMT - Mon, 22 Jul 2024 11:11:52 GMT
File typeJavaScript source, ASCII text, with very long lines (37142), with no line terminators Hash32d6dbd00a639e2cd10d1704b9159bd5 0dab4c95675393f1d0e13d20f13d80ee12e41d95 9f339e5efd7c959419a4e86bb4c5e9f07eae2ed839484846157be981917743de
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /pfe/current/micro.tag.min.js?uhd=1&z=6304462&ymid=786250&var=6330216&sw=/sw-check-permissions/6304462&var_3=20484211_AGE_0_3&os_version=x86.64 HTTP/1.1
Host: nouneewaujy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nouneewaujy.com/?l=JojKjUcBbvClUwI&b=20484211&z=6330216&s=a170bntir6j7sfef82&campid=AGE_0_3&var=786250&ymid=a170bntir6j7sfef82
Cookie: reverse=_y2bv6Fy27V1tI7vSLW_qHQhOvLGP7rpu3dZcDG6Uk4; OAID=742358a0d021867c7211c0e4d9f6ed74; oaidts=1715368541
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 19:15:41 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 10:49:22 GMT
vary: Accept-Encoding
etag: W/"662a3532-9116"
access-control-allow-credentials: true
cache-control: max-age=86400
pragma: no-cache
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ydZU%2BgeyY6iAoiNY0YK9QqP7%2BqYIJ4kqF0WyWB00pieTAcOJsQS7jg6Mc5CNzZSUsK0tZ%2BTQLUwBgw7uFM0r4Zl5N622bd013wFYUAGcjYueZAD8G6qovWhBLWji0Jb5ljQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881c4267af9756bb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| www2.tr1aff.com/c.php?k=l9mk2sy4r55z8s29xumg&clickId=GFk4g4EBaIXwKXCq4n_oAcr-L4AC493gm7aE8tIB&Cost=0.0030&zoneId=786250&ageGroup=AGE_0_3&campaignId=686085&browser=Other&browserVersion=0&os=android&osVersion=android_13&feed=89&creativeId=2093354&device=mobile | 188.114.96.1 | 302 Found | 52 kB |
URL User Request GET HTTP/2www2.tr1aff.com/c.php?k=l9mk2sy4r55z8s29xumg&clickId=GFk4g4EBaIXwKXCq4n_oAcr-L4AC493gm7aE8tIB&Cost=0.0030&zoneId=786250&ageGroup=AGE_0_3&campaignId=686085&browser=Other&browserVersion=0&os=android&osVersion=android_13&feed=89&creativeId=2093354&device=mobile IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subjecttr1aff.com FingerprintC4:12:52:12:5C:A1:2F:40:DD:13:99:4B:47:EA:0A:98:0B:84:E6:9D ValidityThu, 18 Apr 2024 20:56:45 GMT - Wed, 17 Jul 2024 20:56:44 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c.php?k=l9mk2sy4r55z8s29xumg&clickId=GFk4g4EBaIXwKXCq4n_oAcr-L4AC493gm7aE8tIB&Cost=0.0030&zoneId=786250&ageGroup=AGE_0_3&campaignId=686085&browser=Other&browserVersion=0&os=android&osVersion=android_13&feed=89&creativeId=2093354&device=mobile HTTP/1.1
Host: www2.tr1aff.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Fri, 10 May 2024 19:15:40 GMT
content-type: text/html; charset=UTF-8
location: https://nouneewaujy.com/?l=JojKjUcBbvClUwI&b=20484211&z=6330216&s=a170bntir6j7sfef82&campid=AGE_0_3&var=786250&ymid=a170bntir6j7sfef82
set-cookie: uclick=ntir6j7sfe; expires=Sat, 11-May-2024 19:15:40 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclickhash=ntir6j7sfe-ntir6j7sfe-9ra7-0-pmgm6o-c8us3y-c8usfe-5bd7e6; expires=Sat, 11-May-2024 19:15:40 GMT; Max-Age=86400; path=/; secure; SameSite=none
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B65ujmx5UhGyDT6tzUOkYgsGIUhp%2Bo%2Bx8EakP5P%2FcdRnYtRTzL1lbmpne45Fz6vcPvJhodACGLnwnSz8QMzEP1yBZbHJ%2FRvq9NokXB9RtuauOUKoug04LTrhHaGWjsHefZk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881c4264b85fb52d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|