Report - contrat-prime.com/

Report Overview

Submitted URL
contrat-prime.com/
IP
77.91.68.153
ASN
#203727 Daniil Yevchenko
Submitted
2024-04-18 12:31:07
Access
public
Website Title
OLX.PL - Zaloguj się
Final URL
contrat-prime.com/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
1
Threat Detection Systems
20

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdn.slots.baxter.olx.org	57211	2003-01-30	2021-09-07	2024-02-25	1.8 kB	1.0 MB	143.204.55.112
contrat-prime.com	unknown	2023-07-28	2023-07-28	2023-11-10	3.8 kB	42 kB	77.91.68.153
cdn.cookielaw.org	502	2011-06-20	2013-12-28	2024-04-18	873 B	11 kB	104.19.177.52
imasdk.googleapis.com	11661	2005-01-25	2014-10-30	2024-04-18	417 B	138 kB	142.250.74.106

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-04-18 12:30:39	medium	77.91.68.153	Client IP	ET DROP Spamhaus DROP Listed Traffic Inbound group 8

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-18	medium	contrat-prime.com	Sinkholed
2024-04-18	medium	contrat-prime.com	Sinkholed
2024-04-18	medium	contrat-prime.com	Sinkholed
2024-04-18	medium	contrat-prime.com	Sinkholed
2024-04-18	medium	contrat-prime.com	Sinkholed
2024-04-18	medium	contrat-prime.com	Sinkholed
2024-04-18	medium	contrat-prime.com	Sinkholed
2024-04-18	medium	contrat-prime.com	Sinkholed
2024-04-18	medium	contrat-prime.com	Sinkholed
2024-04-18	medium	contrat-prime.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (2)

	URL	Size	First Seen	Last Seen
	imasdk.googleapis.com/js/sdkloader/ima3.js	401 kB	2024-04-17	2024-04-23
Pretty URL imasdk.googleapis.com/js/sdkloader/ima3.js IP 142.250.74.106 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-17 19:37:40 Last Seen2024-04-23 14:34:59 Times Seen130 Hash 6b768f9a8ae41363d83fea0744d1a23b 728464f80764022db06bf578aceb1376e3a8656c c77c7fd724aa3cdea7658f1c56790cb2586867c498ab785cdd21b4942a80784e Loading...

	cdn.slots.baxter.olx.org/_assets/videojsima/2.1.0/videojsima-with-deps.min.js	660 kB	2023-03-29	2024-04-18
Pretty URL cdn.slots.baxter.olx.org/_assets/videojsima/2.1.0/videojsima-with-deps.min.js IP 143.204.55.112 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-29 23:26:56 Last Seen2024-04-18 14:31:07 Times Seen12 Hash 5785baef67c3a9ad8ac4942b5bd021e5 8d0eae76ee49becb43bf61e666147e53f51fc03a 4ff4723a3f448a31c8d2a1f1d1f3d3e2fb4cc5a5b3427ef8ac9ce4b537fd775f Loading...

HTTP Transactions (17)

URL IP Response Size

contrat-prime.com/

77.91.68.153

22 kB

URL User Request GET
contrat-prime.com/
IP
77.91.68.153:0
ASN
#203727 Daniil Yevchenko

File type
HTML document, Unicode text, UTF-8 text, with very long lines (33385), with CRLF line terminators
Size
22 kB (21578 bytes)
Hash
288de859d50473e273ab937fab9e7f39
46cfe684e3e6eafcd93c84f4a865b1fe4cb91e88
bcf146edc933b1352ee653cb0e50b606189fc812ae352b1274d3a21e922812e3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: contrat-prime.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 12:30:40 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 16 Apr 2024 16:26:21 GMT
ETag: "21cfb-6163932c54540-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 21578
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html

cdn.cookielaw.org/scripttemplates/otSDKStub.js

104.19.177.52

200 OK

6.9 kB

URL GET HTTP/2
cdn.cookielaw.org/scripttemplates/otSDKStub.js
IP
104.19.177.52:443
ASN
#13335 CLOUDFLARENET

Requested by
http://contrat-prime.com/
Certificate
IssuerCloudflare, Inc.
Subjectcookielaw.org
FingerprintC9:7F:A3:0A:53:6E:A6:6C:2F:D0:E2:2C:F5:35:B4:BC:81:90:40:31
ValidityFri, 01 Mar 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (21229)
Size
6.9 kB (6882 bytes)
Hash
0cd317a7b9c520801230e944f7d50e41
e3985ff0c2e8b1eaacb617c7c5af5bebfcbceda6
6f08699117c1f15f6d35e7b4380d12d18a1881f075e177b5853b1017a3307544

HTTP Headers

GET /scripttemplates/otSDKStub.js HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://contrat-prime.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:30:40 GMT
content-type: application/javascript
content-length: 6882
content-encoding: gzip
content-md5: zgTRIDojRJmnmBTwUyI2Vw==
last-modified: Wed, 17 Apr 2024 06:40:28 GMT
etag: 0x8DC5EA94574E6DA
x-ms-request-id: 4732fd52-501e-0032-7de1-9039f4000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
age: 66210
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8764aadd198356be-OSL
X-Firefox-Spdy: h2

cdn.cookielaw.org/consent/b42b2bad-9842-4fdb-98a1-bab6edd4a21d/OtAutoBlock.js

104.19.177.52

200 OK

2.1 kB

URL GET HTTP/2
cdn.cookielaw.org/consent/b42b2bad-9842-4fdb-98a1-bab6edd4a21d/OtAutoBlock.js
IP
104.19.177.52:443
ASN
#13335 CLOUDFLARENET

Requested by
http://contrat-prime.com/
Certificate
IssuerCloudflare, Inc.
Subjectcookielaw.org
FingerprintC9:7F:A3:0A:53:6E:A6:6C:2F:D0:E2:2C:F5:35:B4:BC:81:90:40:31
ValidityFri, 01 Mar 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (893)
Size
2.1 kB (2095 bytes)
Hash
e4f8ddbef83a3e40477617bd44428240
b881ac6629beb8b6ead0409044135a14a42e7307
deb432ea3841987eb57f575a87b22d0db85bf3c7c7b1e27615abe0714c9b00fa

HTTP Headers

GET /consent/b42b2bad-9842-4fdb-98a1-bab6edd4a21d/OtAutoBlock.js HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://contrat-prime.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:30:40 GMT
content-type: application/x-javascript
content-length: 2095
cf-ray: 8764aadd197756be-OSL
cf-cache-status: HIT
accept-ranges: bytes
access-control-allow-origin: *
age: 64147
cache-control: public, max-age=86400
content-encoding: gzip
etag: 0x8DC3D38365DC9A2
expires: Fri, 19 Apr 2024 12:30:40 GMT
last-modified: Tue, 05 Mar 2024 17:18:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-md5: YLuWVpxadvDwXep/40mYBw==
x-content-type-options: nosniff
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 1b313090-201e-0081-0621-6f9959000000
x-ms-version: 2009-09-19
server: cloudflare
X-Firefox-Spdy: h2

contrat-prime.com/fonts/geomanist-regular-webfont.woff2

77.91.68.153

404 Not Found

279 B

URL GET HTTP/1.1
contrat-prime.com/fonts/geomanist-regular-webfont.woff2
IP
77.91.68.153:80
ASN
#203727 Daniil Yevchenko

Requested by
http://contrat-prime.com/

File type
HTML document, ASCII text
Size
279 B (279 bytes)
Hash
107125393c6e3905984b3eb589ba30f2
1615c6da5153da13720005a95c8b0e5df84ac733
8046cd783f6cb6691f0f4b6fd576b72cdf5abcd96bcdee676272f05d16c22ae0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fonts/geomanist-regular-webfont.woff2 HTTP/1.1
Host: contrat-prime.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://contrat-prime.com/
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Thu, 18 Apr 2024 12:30:40 GMT
Server: Apache/2.4.52 (Ubuntu)
Content-Length: 279
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

contrat-prime.com/_next/static/css/96829c918c3877bf.css

77.91.68.153

404 Not Found

279 B

URL GET HTTP/1.1
contrat-prime.com/_next/static/css/96829c918c3877bf.css
IP
77.91.68.153:80
ASN
#203727 Daniil Yevchenko

Requested by
http://contrat-prime.com/

File type
HTML document, ASCII text
Size
279 B (279 bytes)
Hash
107125393c6e3905984b3eb589ba30f2
1615c6da5153da13720005a95c8b0e5df84ac733
8046cd783f6cb6691f0f4b6fd576b72cdf5abcd96bcdee676272f05d16c22ae0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/css/96829c918c3877bf.css HTTP/1.1
Host: contrat-prime.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://contrat-prime.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Thu, 18 Apr 2024 12:30:40 GMT
Server: Apache/2.4.52 (Ubuntu)
Content-Length: 279
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

contrat-prime.com/fonts/geomanist-500.woff2

77.91.68.153

404 Not Found

279 B

URL GET HTTP/1.1
contrat-prime.com/fonts/geomanist-500.woff2
IP
77.91.68.153:80
ASN
#203727 Daniil Yevchenko

Requested by
http://contrat-prime.com/

File type
HTML document, ASCII text
Size
279 B (279 bytes)
Hash
107125393c6e3905984b3eb589ba30f2
1615c6da5153da13720005a95c8b0e5df84ac733
8046cd783f6cb6691f0f4b6fd576b72cdf5abcd96bcdee676272f05d16c22ae0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fonts/geomanist-500.woff2 HTTP/1.1
Host: contrat-prime.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://contrat-prime.com/
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Thu, 18 Apr 2024 12:30:40 GMT
Server: Apache/2.4.52 (Ubuntu)
Content-Length: 279
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

contrat-prime.com/fonts/geomanist-bold.woff2

77.91.68.153

404 Not Found

279 B

URL GET HTTP/1.1
contrat-prime.com/fonts/geomanist-bold.woff2
IP
77.91.68.153:80
ASN
#203727 Daniil Yevchenko

Requested by
http://contrat-prime.com/

File type
HTML document, ASCII text
Size
279 B (279 bytes)
Hash
107125393c6e3905984b3eb589ba30f2
1615c6da5153da13720005a95c8b0e5df84ac733
8046cd783f6cb6691f0f4b6fd576b72cdf5abcd96bcdee676272f05d16c22ae0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fonts/geomanist-bold.woff2 HTTP/1.1
Host: contrat-prime.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://contrat-prime.com/
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Thu, 18 Apr 2024 12:30:40 GMT
Server: Apache/2.4.52 (Ubuntu)
Content-Length: 279
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

contrat-prime.com/interia/logowanie/public/img/header/interia-logo-ua.svg

77.91.68.153

200 OK

6.4 kB

URL GET HTTP/1.1
contrat-prime.com/interia/logowanie/public/img/header/interia-logo-ua.svg
IP
77.91.68.153:80
ASN
#203727 Daniil Yevchenko

Requested by
http://contrat-prime.com/

File type
SVG Scalable Vector Graphics image
Size
6.4 kB (6390 bytes)
Hash
1d3917d68bdd8976025acc94bab970d1
76882f40912e46153c8c807ccc2ced4062230c01
7f1548217dfdf7404544efc8e2104f611bf33456bac40f69aca770717e684612

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /interia/logowanie/public/img/header/interia-logo-ua.svg HTTP/1.1
Host: contrat-prime.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://contrat-prime.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 12:30:40 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 16 Apr 2024 10:54:09 GMT
ETag: "18f6-616348ebb1640"
Accept-Ranges: bytes
Content-Length: 6390
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/svg+xml

contrat-prime.com/o2/images/favicon.png

77.91.68.153

200 OK

2.1 kB

URL GET HTTP/1.1
contrat-prime.com/o2/images/favicon.png
IP
77.91.68.153:80
ASN
#203727 Daniil Yevchenko

Requested by
http://contrat-prime.com/

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Size
2.1 kB (2069 bytes)
Hash
c9fbfba3e7af2d9e93a579af6e67914a
6634524f4ba1cc776b4e5b49f973de2e05071521
3f311c328bfdd4aedaf21f2c30f6f7769e00d257935092a5c38a69194ea8e3a2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /o2/images/favicon.png HTTP/1.1
Host: contrat-prime.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://contrat-prime.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 12:30:40 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 16 Apr 2024 11:53:57 GMT
ETag: "815-6163564979f40"
Accept-Ranges: bytes
Content-Length: 2069
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

contrat-prime.com/gazeta/logo.png

77.91.68.153

200 OK

4.6 kB

URL GET HTTP/1.1
contrat-prime.com/gazeta/logo.png
IP
77.91.68.153:80
ASN
#203727 Daniil Yevchenko

Requested by
http://contrat-prime.com/

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 180x180, components 3
Size
4.6 kB (4559 bytes)
Hash
dc5e91851bb39097892fa08e192d32d7
70c37fb41c1a823b88308e9662a10590da2e68cb
d439563bed386d218c83807a2d4865af3e52b0025e5db38d0fd91bec995b83a7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /gazeta/logo.png HTTP/1.1
Host: contrat-prime.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://contrat-prime.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 12:30:40 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 16 Apr 2024 16:18:07 GMT
ETag: "11cf-6163915536dc0"
Accept-Ranges: bytes
Content-Length: 4559
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png

contrat-prime.com/wp/images/o2-logo.png

77.91.68.153

200 OK

3.1 kB

URL GET HTTP/1.1
contrat-prime.com/wp/images/o2-logo.png
IP
77.91.68.153:80
ASN
#203727 Daniil Yevchenko

Requested by
http://contrat-prime.com/

File type
PNG image data, 172 x 112, 8-bit/color RGBA, non-interlaced
Size
3.1 kB (3087 bytes)
Hash
46ce95a1fdd6d33fe0a37bdc973eaabb
b34f5065a6f7612cabab77f999757dba32551e72
d4104fcd89bc1e32e2c9bd3d474d2dc972493b9ff3cef597959ef3f690c638cd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp/images/o2-logo.png HTTP/1.1
Host: contrat-prime.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://contrat-prime.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 12:30:40 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 16 Apr 2024 14:08:12 GMT
ETag: "c0f-6163744b52b00"
Accept-Ranges: bytes
Content-Length: 3087
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png

contrat-prime.com/favicon.ico

77.91.68.153

404 Not Found

279 B

URL GET HTTP/1.1
contrat-prime.com/favicon.ico
IP
77.91.68.153:80
ASN
#203727 Daniil Yevchenko

Requested by
http://contrat-prime.com/

File type
HTML document, ASCII text
Size
279 B (279 bytes)
Hash
107125393c6e3905984b3eb589ba30f2
1615c6da5153da13720005a95c8b0e5df84ac733
8046cd783f6cb6691f0f4b6fd576b72cdf5abcd96bcdee676272f05d16c22ae0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: contrat-prime.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://contrat-prime.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Thu, 18 Apr 2024 12:30:40 GMT
Server: Apache/2.4.52 (Ubuntu)
Content-Length: 279
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

imasdk.googleapis.com/js/sdkloader/ima3.js

142.250.74.106

200 OK

138 kB

URL GET HTTP/2
imasdk.googleapis.com/js/sdkloader/ima3.js
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
http://contrat-prime.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E
ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT

File type
JavaScript source, ASCII text, with very long lines (2042)
Size
138 kB (137590 bytes)
Hash
6b768f9a8ae41363d83fea0744d1a23b
728464f80764022db06bf578aceb1376e3a8656c
c77c7fd724aa3cdea7658f1c56790cb2586867c498ab785cdd21b4942a80784e

HTTP Headers

GET /js/sdkloader/ima3.js HTTP/1.1
Host: imasdk.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://contrat-prime.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length: 137590
date: Thu, 18 Apr 2024 12:30:40 GMT
expires: Thu, 18 Apr 2024 12:30:40 GMT
cache-control: private, max-age=900, stale-while-revalidate=3600
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.slots.baxter.olx.org/olxpl/rweb/release/init.css

143.204.55.112

200 OK

21 kB

URL GET HTTP/2
cdn.slots.baxter.olx.org/olxpl/rweb/release/init.css
IP
143.204.55.112:443
ASN
#16509 AMAZON-02

Requested by
http://contrat-prime.com/
Certificate
IssuerAmazon
Subjectcdn.slots.baxter.olx.org
FingerprintA5:5E:33:BE:26:AD:C6:47:74:E1:26:80:50:D0:E1:84:8B:B1:DE:51
ValidityFri, 26 Jan 2024 00:00:00 GMT - Sun, 23 Feb 2025 23:59:59 GMT

File type
ASCII text, with very long lines (21313), with no line terminators
Size
21 kB (21313 bytes)
Hash
5fff507c7c596d8b5b920253f7671358
dce2996cf78c029e6432741c4eb9387c4ddb1253
bb1c16ab2e56121ee2474401b1a664ecfcb8071556f509b944430c1cffc86382

HTTP Headers

GET /olxpl/rweb/release/init.css HTTP/1.1
Host: cdn.slots.baxter.olx.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://contrat-prime.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css
date: Tue, 16 Apr 2024 11:54:35 GMT
last-modified: Tue, 16 Apr 2024 08:30:33 GMT
etag: W/"5fff507c7c596d8b5b920253f7671358"
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: br
x-cache: Hit from cloudfront
via: 1.1 6cb1d4b545e7beb4ead790454f4807c6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: ydvLqTMCrMmMNRdMJ1qtQPYB3DH3IRj76sKaMBaaNaFdWe0ospa7vA==
age: 174966
cache-control: max-age=900
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2

cdn.slots.baxter.olx.org/olxpl/rweb/release/init.min.js

143.204.55.112

200 OK

307 kB

URL GET HTTP/2
cdn.slots.baxter.olx.org/olxpl/rweb/release/init.min.js
IP
143.204.55.112:443
ASN
#16509 AMAZON-02

Requested by
http://contrat-prime.com/
Certificate
IssuerAmazon
Subjectcdn.slots.baxter.olx.org
FingerprintA5:5E:33:BE:26:AD:C6:47:74:E1:26:80:50:D0:E1:84:8B:B1:DE:51
ValidityFri, 26 Jan 2024 00:00:00 GMT - Sun, 23 Feb 2025 23:59:59 GMT

File type

Size
307 kB (307398 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /olxpl/rweb/release/init.min.js HTTP/1.1
Host: cdn.slots.baxter.olx.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://contrat-prime.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript
date: Tue, 16 Apr 2024 11:54:36 GMT
last-modified: Tue, 16 Apr 2024 08:30:33 GMT
etag: W/"e97df55ff9413300acf59524982823ab"
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: br
x-cache: Hit from cloudfront
via: 1.1 6cb1d4b545e7beb4ead790454f4807c6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: g3Id_YghRTSUZjmOW0B-GBqI-KbO3YlO2F0jYDKFDeTJZB40OWMc8A==
age: 174965
cache-control: max-age=900
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2

cdn.slots.baxter.olx.org/_assets/videojsima/2.1.0/videojsima-with-deps.css

143.204.55.112

200 OK

50 kB

URL GET HTTP/2
cdn.slots.baxter.olx.org/_assets/videojsima/2.1.0/videojsima-with-deps.css
IP
143.204.55.112:443
ASN
#16509 AMAZON-02

Requested by
http://contrat-prime.com/
Certificate
IssuerAmazon
Subjectcdn.slots.baxter.olx.org
FingerprintA5:5E:33:BE:26:AD:C6:47:74:E1:26:80:50:D0:E1:84:8B:B1:DE:51
ValidityFri, 26 Jan 2024 00:00:00 GMT - Sun, 23 Feb 2025 23:59:59 GMT

File type

Size
50 kB (50410 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /_assets/videojsima/2.1.0/videojsima-with-deps.css HTTP/1.1
Host: cdn.slots.baxter.olx.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://contrat-prime.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css
date: Tue, 16 Apr 2024 11:54:36 GMT
last-modified: Tue, 25 Oct 2022 07:34:05 GMT
etag: W/"e6fbc726fd46bac766acbd78d9f6dedd"
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: br
x-cache: Hit from cloudfront
via: 1.1 6cb1d4b545e7beb4ead790454f4807c6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: 1_RmKg8XYc_sLYMZpSnlDXmBVo60vQ5Wwx-Fbyws0f05S4nv98d_Pw==
age: 174965
cache-control: max-age=900
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2

cdn.slots.baxter.olx.org/_assets/videojsima/2.1.0/videojsima-with-deps.min.js

143.204.55.112

200 OK

660 kB

URL GET HTTP/2
cdn.slots.baxter.olx.org/_assets/videojsima/2.1.0/videojsima-with-deps.min.js
IP
143.204.55.112:443
ASN
#16509 AMAZON-02

Requested by
http://contrat-prime.com/
Certificate
IssuerAmazon
Subjectcdn.slots.baxter.olx.org
FingerprintA5:5E:33:BE:26:AD:C6:47:74:E1:26:80:50:D0:E1:84:8B:B1:DE:51
ValidityFri, 26 Jan 2024 00:00:00 GMT - Sun, 23 Feb 2025 23:59:59 GMT

File type

Size
660 kB (659854 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /_assets/videojsima/2.1.0/videojsima-with-deps.min.js HTTP/1.1
Host: cdn.slots.baxter.olx.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://contrat-prime.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript
date: Tue, 16 Apr 2024 11:54:36 GMT
last-modified: Tue, 25 Oct 2022 07:34:05 GMT
etag: W/"5785baef67c3a9ad8ac4942b5bd021e5"
server: AmazonS3
content-encoding: br
x-cache: Hit from cloudfront
via: 1.1 6cb1d4b545e7beb4ead790454f4807c6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: 2fEXY1Er_hxr7ejzCNoWs0L4L2cdJ2GOso6v1RnUuuy3yh7cMcTYBw==
age: 174965
cache-control: max-age=900
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (17)

URL User Request GET

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by