Overview

URL bit.do/d4dUn
IP54.83.52.76
ASNAS14618 Amazon.com, Inc.
Location United States
Report completed2018-02-23 07:53:00 CET
StatusLoading report..
urlquery Alerts Crypto currency mining script


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2018-02-23 2 ee8f928b71ed0dc6033231fa0943d9f5.adsk2.co/ee8f928b71ed0dc6033231fa0943d9f5/ (...) Malware
2018-02-23 2 waframedia8.com/index.html Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 54.83.52.76

Date UQ / IDS / BL URL IP
2018-12-14 13:40:38 +0100
0 - 1 - 0 bit.do/eC7Xs 54.83.52.76
2018-12-14 07:35:50 +0100
0 - 0 - 3 bit.do/eC3ku 54.83.52.76
2018-12-14 04:09:28 +0100
0 - 0 - 3 https://bit.do/azsqsdfrgtpolkfcdazwsx 54.83.52.76
2018-12-14 04:07:55 +0100
0 - 0 - 0 https://www.bit.do/ 54.83.52.76
2018-12-13 21:10:43 +0100
0 - 0 - 2 bit.do/Purchase_Order-Nov 54.83.52.76
2018-12-13 21:09:17 +0100
0 - 0 - 0 bit.do/Importantfile 54.83.52.76
2018-12-13 20:59:57 +0100
0 - 0 - 3 bit.do/eC3ku 54.83.52.76
2018-12-13 15:28:38 +0100
0 - 0 - 1 bit.do/eC3ku 54.83.52.76
2018-12-13 15:08:46 +0100
0 - 0 - 1 bit.do/eC3ku 54.83.52.76
2018-12-13 13:32:31 +0100
0 - 0 - 3 https://bit.do/sffgfhjtrewesgdfgh 54.83.52.76

Last 10 reports on ASN: AS14618 Amazon.com, Inc.

Date UQ / IDS / BL URL IP
2018-12-14 14:12:23 +0100
0 - 0 - 1 ticketsquid.com/images/wellsfargo/index.html 23.20.239.12
2018-12-14 14:11:32 +0100
0 - 0 - 17 eye-watch.in/ 54.204.5.99
2018-12-14 14:04:48 +0100
0 - 1 - 0 accountlp.top/c1 52.71.119.60
2018-12-14 14:04:47 +0100
0 - 1 - 0 boxlp.top/c1 52.71.119.60
2018-12-14 13:58:06 +0100
0 - 1 - 0 app.gomlab.com/eng/gomenc/CoreAACSetup.exe 52.4.47.162
2018-12-14 13:40:38 +0100
0 - 1 - 0 bit.do/eC7Xs 54.83.52.76
2018-12-14 13:38:56 +0100
0 - 0 - 0 www.icd9data.com/Search/?q=G35 54.235.124.216
2018-12-14 13:34:48 +0100
0 - 0 - 0 scn001375.securefileshares.com/d89a77/bf35ae1 (...) 54.83.101.48
2018-12-14 13:30:09 +0100
0 - 0 - 0 api.ipify.org 23.21.121.219
2018-12-14 13:09:23 +0100
0 - 0 - 1 moztweak.com/downloads/bs-0216-softpublisher- (...) 54.84.55.49

Last 10 reports on domain: bit.do

Date UQ / IDS / BL URL IP
2018-12-14 13:40:38 +0100
0 - 1 - 0 bit.do/eC7Xs 54.83.52.76
2018-12-14 07:35:50 +0100
0 - 0 - 3 bit.do/eC3ku 54.83.52.76
2018-12-14 04:09:28 +0100
0 - 0 - 3 https://bit.do/azsqsdfrgtpolkfcdazwsx 54.83.52.76
2018-12-14 04:07:55 +0100
0 - 0 - 0 https://www.bit.do/ 54.83.52.76
2018-12-13 21:10:43 +0100
0 - 0 - 2 bit.do/Purchase_Order-Nov 54.83.52.76
2018-12-13 21:09:17 +0100
0 - 0 - 0 bit.do/Importantfile 54.83.52.76
2018-12-13 20:59:57 +0100
0 - 0 - 3 bit.do/eC3ku 54.83.52.76
2018-12-13 15:28:38 +0100
0 - 0 - 1 bit.do/eC3ku 54.83.52.76
2018-12-13 15:08:46 +0100
0 - 0 - 1 bit.do/eC3ku 54.83.52.76
2018-12-13 13:32:31 +0100
0 - 0 - 3 https://bit.do/sffgfhjtrewesgdfgh 54.83.52.76


JavaScript

Executed Scripts (11)


Executed Evals (0)


Executed Writes (1)

#1 JavaScript::Write (size: 285, repeated: 1) - SHA256: 98ec3ccd33a6530330b19c8d01d65538961baa03244a5d1a7aafd68950257ec8

                                        < iframe src = "http://wmedia.adk2x.com/imp?p=70874240&size=728x90&ap=1300&ct=html&u=http%3A%2F%2Fbit.do%2Fd4dUn&r=&iss=0&f=1"
height = "90"
width = "728"
frameborder = "0"
border = "0"
scrolling = "no"
marginheight = "0px"
marginwidth = "0px"
sandbox = "allow-forms allow-popups allow-scripts" > < /iframe>
                                    


HTTP Transactions (18)


Request Response
                                        
                                            GET /d4dUn HTTP/1.1 
Host: bit.do
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         54.83.52.76
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Fri, 23 Feb 2018 06:58:56 GMT
Server: Apache/2.2.34 (Amazon)
Connection: close
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  HTML document text
Size:   7511
Md5:    955df46fd23674af6f27f78087275461
Sha1:   764ffa59c7766aaef29c27476d2f9dde6c845c5f
Sha256: 51a1e82e4fe8093a83689683cedfe4cc4a617605149bc0ffca7fba4c39fca63e
                                        
                                            GET /images/bit-do-url-shortener-logo-66x66.png HTTP/1.1 
Host: bit.do
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bit.do/d4dUn

                                         
                                         54.83.52.76
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Fri, 23 Feb 2018 06:58:56 GMT
Server: Apache/2.2.34 (Amazon)
Last-Modified: Sun, 14 Sep 2014 02:11:51 GMT
Etag: "82c6a-fe9-502fd0a93e7c0"
Accept-Ranges: bytes
Content-Length: 4073
Connection: close


--- Additional Info ---
Magic:  PNG image, 66 x 66, 8-bit/color RGB, non-interlaced
Size:   4073
Md5:    bff83b87460c31c38fb192435b01665a
Sha1:   b6004a258c93ed6258c2ccadc12329d31f81dd69
Sha256: bc21f83d32c32e2d174138ec2bb7bb6954c673f82a1e8dcbe49b8a50f3ed8167
                                        
                                            GET /wmedia/tags/xbanner/xbanner.js?ap=1300 HTTP/1.1 
Host: cdn.waframedia30.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bit.do/d4dUn

                                         
                                         205.185.216.10
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
                                        
Date: Fri, 23 Feb 2018 06:58:56 GMT
Connection: Keep-Alive
Accept-Ranges: bytes
Etag: 1519367520
Cache-Control: public, max-age=1984
Content-Length: 1851
X-HW: 1519369136.dop006.sk1.t,1519369136.cds015.sk1.c
Last-Modified: Fri, 23 Feb 2018 06:32:00 GMT


--- Additional Info ---
Magic:  ASCII text, with very long lines, with no line terminators
Size:   1851
Md5:    84e3b5aab28a9cad1dd95820eca6acab
Sha1:   4fefa1058f6fd8b6e81489b2c60b49d4a3e4ef4e
Sha256: 8ef7489e26777dfd32b69d3bbe1736cf459db46e917f9a3c942acf15dfb90908
                                        
                                            GET /js/jquery/jquery.min.js HTTP/1.1 
Host: bit.do
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bit.do/d4dUn

                                         
                                         54.83.52.76
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Date: Fri, 23 Feb 2018 06:58:56 GMT
Server: Apache/2.2.34 (Amazon)
Last-Modified: Thu, 01 May 2014 17:59:34 GMT
Etag: "82c2e-1762a-4f85a6d756d80"
Accept-Ranges: bytes
Content-Length: 95786
Connection: close


--- Additional Info ---
Magic:  ASCII text, with very long lines
Size:   95786
Md5:    8101d596b2b8fa35fe3a634ea342d7c3
Sha1:   d6c1f41972de07b09bfa63d2e50f9ab41ec372bd
Sha256: 540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Cache-Control: max-age=172800
Date: Fri, 23 Feb 2018 06:58:57 GMT
Etag: "5a8f979f-1d7"
Expires: Sun, 25 Feb 2018 06:58:57 GMT
Last-Modified: Fri, 23 Feb 2018 04:25:03 GMT
Server: ECS (arn/45DF)
X-Cache: HIT
Content-Length: 471


--- Additional Info ---
Magic:  data
Size:   471
Md5:    0e2794b92bb2882ed063ae8ba3ac9325
Sha1:   b0e9afb4348863cf21f992adf69320bd22a4156d
Sha256: 2f5fac220b84679e1f8256a83d9918166b737eab6a6b25e503e2efd27a6b57a8
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Cache-Control: max-age=172800
Date: Fri, 23 Feb 2018 06:58:57 GMT
Etag: "5a8f6e9d-1d7"
Expires: Sun, 25 Feb 2018 06:58:57 GMT
Last-Modified: Fri, 23 Feb 2018 01:30:05 GMT
Server: ECS (arn/4667)
X-Cache: HIT
Content-Length: 471


--- Additional Info ---
Magic:  data
Size:   471
Md5:    f07ee274f61e7d331eded5750f7017ff
Sha1:   4d43dd33116bcf3a68aaebb7926ff4ea95effb32
Sha256: bf81676e5bd2317bfb7b0f488178c48950e34539afaf43dc64271d3a74b60d67
                                        
                                            GET /imp?p=70874240&size=728x90&ap=1300&ct=html&u=http%3A%2F%2Fbit.do%2Fd4dUn&r=&iss=0&f=1 HTTP/1.1 
Host: wmedia.adk2x.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bit.do/d4dUn

                                         
                                         130.211.54.133
HTTP/1.1 302 Moved Temporarily
                                        
Cache-Control: no-cache, no-store, must-revalidate
Content-Length: 0
Date: Fri, 23 Feb 2018 06:58:57 GMT
Location: http://wmedia.adk2x.com/ul_cb/imp?p=70874240&size=728x90&ap=1300&ct=html&u=http%3A%2F%2Fbit.do%2Fd4dUn&r=&iss=0&f=1
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: xuuid=9b023f95-a634-48cd-b5b9-c94e6e80d801; path=/; expires=Sun, 23-Feb-2020 06:58:57 GMT; domain=.adk2x.com xuuid_last_update=1519369137; path=/; expires=Sun, 23-Feb-2020 06:58:57 GMT; domain=.adk2x.com


--- Additional Info ---
                                        
                                            GET /ul_cb/imp?p=70874240&size=728x90&ap=1300&ct=html&u=http%3A%2F%2Fbit.do%2Fd4dUn&r=&iss=0&f=1 HTTP/1.1 
Host: wmedia.adk2x.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bit.do/d4dUn
Cookie: xuuid=9b023f95-a634-48cd-b5b9-c94e6e80d801; xuuid_last_update=1519369137

                                         
                                         130.211.54.133
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Cache-Control: no-cache, no-store, must-revalidate
Content-Length: 3680
Date: Fri, 23 Feb 2018 06:58:57 GMT
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: xuuid=9b023f95-a634-48cd-b5b9-c94e6e80d801; path=/; expires=Sun, 23-Feb-2020 06:58:57 GMT; domain=.adk2x.com xuuid_last_update=1519369137; path=/; expires=Sun, 23-Feb-2020 06:58:57 GMT; domain=.adk2x.com lrq3d=!bit.do,1,288611937; path=/; expires=Sun, 23-Feb-2020 06:58:57 GMT; domain=.adk2x.com lcri5m=!75086709,1,288611937; path=/; expires=Sun, 23-Feb-2020 06:58:57 GMT; domain=.adk2x.com lcai9h=!66191046,1,288611937; path=/; expires=Sun, 23-Feb-2020 06:58:57 GMT; domain=.adk2x.com ih=!75879299,288611937; path=/; expires=Sun, 23-Feb-2020 06:58:57 GMT; domain=.adk2x.com


--- Additional Info ---
Magic:  HTML document text
Size:   3680
Md5:    ff6694b31cc540cab30055faac6a6c48
Sha1:   572619872574b8bddc0e33767b3a76370ba11b26
Sha256: 2d7bc3dea5a0aa4b389a121cd7dba116c6cf3e9d1d160a2ecfbed58b65756aea
                                        
                                            GET /wafmedia6.com/m/p.js?a=70874227&p=70874233&f=45&t=Continue&n=top&s=1 HTTP/1.1 
Host: s3.amazonaws.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bit.do/d4dUn

                                         
                                         52.216.1.219
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
x-amz-id-2: bPWfsMg/YLR+TLoO4sgDv49/NiiH/6I2C2oUwTIyjmSV2tgw072sa1/I9qhHpjjEtltDAojEaew=
x-amz-request-id: FBEA6B81FF2E93B9
Date: Fri, 23 Feb 2018 06:58:58 GMT
Last-Modified: Thu, 28 Sep 2017 09:56:02 GMT
Etag: "fb57e3adc1cb66fc611486c03df38bc4"
Accept-Ranges: bytes
Content-Length: 8879
Server: AmazonS3


--- Additional Info ---
Magic:  ASCII text, with very long lines, with no line terminators
Size:   8879
Md5:    fb57e3adc1cb66fc611486c03df38bc4
Sha1:   75c042582fdc6a8777efaac2e2b259f9b07ec54a
Sha256: e3c07f23406d9c112470f38e5b5f6a96ace740b789b0501dc96be0021989b09f
                                        
                                            GET /track.js HTTP/1.1 
Host: d2nq0f8d9ofdwv.cloudfront.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://wmedia.adk2x.com/ul_cb/imp?p=70874240&size=728x90&ap=1300&ct=html&u=http%3A%2F%2Fbit.do%2Fd4dUn&r=&iss=0&f=1

                                         
                                         13.33.23.218
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Content-Length: 2778
Connection: keep-alive
Date: Thu, 05 Oct 2017 21:35:01 GMT
Last-Modified: Wed, 11 Mar 2015 11:35:48 GMT
Etag: "bb721701b45758bfbeba269eae98fe5f"
Accept-Ranges: bytes
Server: AmazonS3
Age: 83536
X-Cache: Hit from cloudfront
Via: 1.1 e1e28c40c1f14efa4ce4485bf952fa4c.cloudfront.net (CloudFront)
X-Amz-Cf-Id: t6ohnaOEyheiGawFndBX4L-Li-G5mWhv4H0e7ZI7ptTpSx-m_wvM6w==


--- Additional Info ---
Magic:  ASCII text
Size:   2778
Md5:    bb721701b45758bfbeba269eae98fe5f
Sha1:   49425e374c0202c7217d765f9bd56c18ea8eee52
Sha256: 65b2c73cd3843b21060678af8dd930bc229d8e7f5362af153516931ede311600
                                        
                                            GET /ee8f928b71ed0dc6033231fa0943d9f5/creatives/75086709 HTTP/1.1 
Host: ee8f928b71ed0dc6033231fa0943d9f5.adsk2.co
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://wmedia.adk2x.com/ul_cb/imp?p=70874240&size=728x90&ap=1300&ct=html&u=http%3A%2F%2Fbit.do%2Fd4dUn&r=&iss=0&f=1

                                         
                                         209.197.3.79
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Fri, 23 Feb 2018 06:58:57 GMT
Connection: Keep-Alive
Accept-Ranges: bytes
Etag: 1481616664
Cache-Control: public, max-age=1685837
Content-Encoding: gzip
Content-Length: 38893
X-HW: 1519369137.dop013.sk1.t,1519369137.cds030.sk1.c
Last-Modified: Tue, 13 Dec 2016 08:11:04 GMT


--- Additional Info ---
Magic:  gzip compressed data, was "75086709", last modified: Tue Dec 13 09:11:03 2016, max compression
Size:   38893
Md5:    bc04c34bc7b0c99958baad32b3ff7c67
Sha1:   41dc012add545c2680c240988b52dd3047eade17
Sha256: c85bc94cdcad15289524221f99076b7d9cd484219731c0a411fdabcb7d6e06bb

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /wmedia/tags/xdirect/xdirect.html?p=70874241&serverdomain=wmedia&size=300x250&ct=html&ap=1300 HTTP/1.1 
Host: cdn.waframedia8.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bit.do/d4dUn

                                         
                                         104.27.180.184
HTTP/1.1 301 Moved Permanently
                                        
Date: Fri, 23 Feb 2018 06:58:57 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Fri, 23 Feb 2018 07:58:57 GMT
Location: https://waframedia8.com/index.html
Server: cloudflare
CF-RAY: 3f184cb8329f427f-OSL


--- Additional Info ---
                                        
                                            GET /ga.js HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bit.do/d4dUn

                                         
                                         172.217.21.142
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
Timing-Allow-Origin: *
Date: Fri, 23 Feb 2018 05:16:58 GMT
Expires: Fri, 23 Feb 2018 07:16:58 GMT
Last-Modified: Mon, 13 Nov 2017 20:19:12 GMT
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Encoding: gzip
Server: Golfe2
Content-Length: 17172
Age: 6119
Cache-Control: public, max-age=7200


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   17172
Md5:    43adefe535269f3b75e0f229d0dba4d6
Sha1:   5e3bed19757401b3aa6c8ab8b5f26aa17add8a3a
Sha256: fc7f9d5234f97de0433021d02e8969a93003d90bf16d40a9cb2d8f5c7bfaa398
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca4.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         178.255.83.1
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 23 Feb 2018 06:58:58 GMT
Server: Apache
Last-Modified: Thu, 22 Feb 2018 07:51:48 GMT
Expires: Thu, 01 Mar 2018 07:51:48 GMT
Etag: A1D11542B8EE587E5A7AD297E92AAA9B82CC36F3
Cache-Control: max-age=520969,public,no-transform,must-revalidate
X-OCSP-Reponder-ID: rmdccaocsp18
Content-Length: 278
Connection: close


--- Additional Info ---
Magic:  data
Size:   278
Md5:    c332ddd36996bd3bc9e8fa06158159d6
Sha1:   a1d11542b8ee587e5a7ad297e92aaa9b82cc36f3
Sha256: cf7d21201070fd1b6a308c3e011e8e2aa52cbda5a44cb61e6f3d084c2ed2607a
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca4.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         178.255.83.1
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 23 Feb 2018 06:58:58 GMT
Server: Apache
Last-Modified: Thu, 22 Feb 2018 23:30:53 GMT
Expires: Thu, 01 Mar 2018 23:30:53 GMT
Etag: FCA0170F87E17CC23EC2BBB231E3DF9BCF0F170B
Cache-Control: max-age=577314,public,no-transform,must-revalidate
X-OCSP-Reponder-ID: rmdccaocsp18
Content-Length: 312
Connection: close


--- Additional Info ---
Magic:  data
Size:   312
Md5:    5a68cf52e29ab07a05d823da5cbcb48a
Sha1:   fca0170f87e17cc23ec2bbb231e3df9bcf0f170b
Sha256: 27a061cc79a4eceeb338452173e1b58abaa0d8d8d56ece173790f412578ce138
                                        
                                            GET /index.html HTTP/1.1 
Host: waframedia8.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://bit.do/d4dUn

                                         
                                         104.27.181.184
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Fri, 23 Feb 2018 06:58:58 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d19a073950c8a21026b627ab69b4832911519369138; expires=Sat, 23-Feb-19 06:58:58 GMT; path=/; domain=.waframedia8.com; HttpOnly
Last-Modified: Wed, 10 Jan 2018 14:47:37 GMT
Vary: Accept-Encoding
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 3f184cbb092142af-OSL
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   245
Md5:    64c5f6c5aacfd6472840c1db305d328a
Sha1:   172ade01ca6cdaa18e4929ec5bc06182e77ba132
Sha256: 4a80c217bfd59c2db8d1efdad93eb1fc1d5bd4fa2901b34d3874a314ac99e8c0

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /page/m.js HTTP/1.1 
Host: bemonero.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://waframedia8.com/index.html

                                         
                                         104.24.106.232
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Fri, 23 Feb 2018 06:58:58 GMT
Content-Length: 36243
Connection: keep-alive
Set-Cookie: __cfduid=d419121a454fbaf4843bd0f2b1a4e6a3f1519369138; expires=Sat, 23-Feb-19 06:58:58 GMT; path=/; domain=.bemonero.com; HttpOnly
Last-Modified: Wed, 10 Jan 2018 16:55:38 GMT
Etag: "214a6-5626ee69fbf6a-gzip"
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
CF-Cache-Status: HIT
Expires: Fri, 23 Feb 2018 10:58:58 GMT
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 3f184cbc8a644273-OSL


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   36243
Md5:    0332dcf01ecb0e4b6ba78991b86ec0cc
Sha1:   a3611b18e2856f03f84b20bd25d124d6a53ecad6
Sha256: f87f147934ac0156b6f354569dd48027eff77594a191c9a104b4b841d8dc73ec

Alerts:
  urlquery:
    - Crypto currency mining script
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: bit.do
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         54.83.52.76
HTTP/1.1 200 OK
Content-Type: image/vnd.microsoft.icon
                                        
Date: Fri, 23 Feb 2018 06:58:58 GMT
Server: Apache/2.2.34 (Amazon)
Last-Modified: Thu, 30 Dec 2010 13:31:24 GMT
Etag: "82b05-57e-498a0b3b4c300"
Accept-Ranges: bytes
Content-Length: 1406
Connection: close


--- Additional Info ---
Magic:  MS Windows icon resource - 1 icon
Size:   1406
Md5:    54255e7bcf5074bdd01cffcaf2df34d1
Sha1:   0f4ad8a83f040411d6dd5095355dc4630a906f88
Sha256: ff32a2cfeb11137c65fb67c6b7d982c1f07e8883e30f12625e38abedc07a6b38