Report - www.mediaglobal.store/go/13192cf5-89f9-4ec3-a8a2-b121a66bba4c?cost=0.001000

Report Overview

Submitted URL
www.mediaglobal.store/go/13192cf5-89f9-4ec3-a8a2-b121a66bba4c?cost=0.001000
IP
3.70.16.242
ASN
#16509 AMAZON-02
Submitted
2024-04-18 09:16:25
Access
public
Website Title
adserving.unibet.com/redirect.aspx?bid=37950&pid=79982261&sref=GIG&GIG=NO_DESK_SB_2
Final URL
adserving.unibet.com/redirect.aspx?bid=37950&pid=79982261&sref=GIG&GIG=NO_DESK_SB_2
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
1
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.mediaglobal.store	unknown	2024-01-19	2024-01-21	2024-03-28	529 B	1.7 kB	3.70.16.242
aff.telelime.space	unknown	2024-01-01	2024-02-06	2024-03-24	582 B	8.1 kB	184.154.47.14
www.trimbuilder.foundation	unknown	2024-04-08	2024-04-08	2024-04-18	1.8 kB	876 B	51.68.85.158
go.savethereef.xyz	unknown	2023-04-02	2023-04-11	2024-03-23	1.5 kB	700 B	198.134.116.30
t1.hightid.com	unknown	2022-08-03	2022-08-03	2024-03-15	553 B	549 B	51.161.115.163
ynnus4.life	unknown	2023-12-06	2023-12-07	2024-03-02	2.4 kB	2.1 kB	95.216.29.188
eptougry.net	unknown	2023-05-02	2023-05-02	2024-03-08	1.5 kB	2.3 kB	139.45.197.245
admoustache.aftrad-visit.com	unknown	2023-02-15	2024-01-24	2024-04-15	719 B	978 B	172.67.71.68
t3.blowingwnd.com	unknown	2022-08-03	2022-08-03	2024-03-16	613 B	484 B	51.161.115.163
my.rtmark.net	9054	2014-10-29	2015-02-04	2024-04-17	531 B	678 B	139.45.195.8
eu.can-get-so.me	unknown	2022-05-19	2022-05-24	2024-04-15	570 B	564 B	178.63.248.54
adserving.unibet.com	98000	1997-12-11	2015-05-26	2024-04-17	1.0 kB	1.3 kB	13.107.213.53

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-04-18 09:16:02	medium	198.134.116.30	Client IP	ET HUNTING Observed Let's Encrypt Certificate for Suspicious TLD (.xyz)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-18	medium	eptougry.net	Sinkholed
2024-04-18	medium	eptougry.net	Sinkholed

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (19)

URL IP Response Size

www.mediaglobal.store/go/13192cf5-89f9-4ec3-a8a2-b121a66bba4c?cost=0.001000

3.70.16.242

332 B

URL
www.mediaglobal.store/go/13192cf5-89f9-4ec3-a8a2-b121a66bba4c?cost=0.001000
IP
3.70.16.242:0
ASN
#16509 AMAZON-02

File type
HTML document, ASCII text, with very long lines (332), with no line terminators
Size
332 B (332 bytes)
Hash
74da26475e033d2e19f15ff80d0a2396
3fe0f9519f60708438c8642c6a3c5b9b76b0ff11
652a799181c40abfbe4b4a3aac4aebd62b0d0c58d4718af4e8c842e4ee16415a

HTTP Headers

GET /go/13192cf5-89f9-4ec3-a8a2-b121a66bba4c?cost=0.001000 HTTP/1.1
Host: www.mediaglobal.store
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: openresty
date: Thu, 18 Apr 2024 09:16:00 GMT
content-type: text/html; charset=utf-8
content-length: 332
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Full-Version,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Reduced
access-control-allow-origin: *
location: https://aff.telelime.space/?utm_medium=a403ed77cf7cee68a98b36c5224270cc02fcef9f&utm_campaign=target_DZ_dbd247&cid=9cTjTuP3FQs1wjbE2fjhiT
set-cookie: bemob-viewer-id=cc7ca270-68d0-4810-b827-423c9d3ce92c; Domain=www.mediaglobal.store; Path=/; Expires=Fri, 18 Apr 2025 09:16:00 GMT; HttpOnly; Secure; SameSite=None
bemob-uniq-visit:13192cf5-89f9-4ec3-a8a2-b121a66bba4c=1; Domain=www.mediaglobal.store; Path=/; Expires=Fri, 19 Apr 2024 09:16:00 GMT; HttpOnly; Secure; SameSite=None
bemob-rotation:13192cf5-89f9-4ec3-a8a2-b121a66bba4c:random:f68e788c4103589acb72c3a0cf7bc2f3=0-0-0; Domain=www.mediaglobal.store; Path=/; Expires=Fri, 19 Apr 2024 09:16:00 GMT; HttpOnly; Secure; SameSite=None
bemob-click-id=9cTjTuP3FQs1wjbE2fjhiT; Domain=www.mediaglobal.store; Path=/; Expires=Sat, 18 May 2024 09:16:00 GMT; HttpOnly; Secure; SameSite=None
vary: Accept
x-response-time: 50.383ms
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache
X-Firefox-Spdy: h2

aff.telelime.space/?utm_medium=a403ed77cf7cee68a98b36c5224270cc02fcef9f&utm_campaign=target_DZ_dbd247&cid=9cTjTuP3FQs1wjbE2fjhiT

184.154.47.14

7.6 kB

URL
aff.telelime.space/?utm_medium=a403ed77cf7cee68a98b36c5224270cc02fcef9f&utm_campaign=target_DZ_dbd247&cid=9cTjTuP3FQs1wjbE2fjhiT
IP
184.154.47.14:0
ASN
#32475 SINGLEHOP-LLC

File type
gzip compressed data, from Unix
Size
7.6 kB (7641 bytes)
Hash
724875ec5af2152bf861a93815311e8b
ff26ea3c21c10862f7d014ed337b1885caa221cb
c3d266523a3f9ce7469c182b2647dcb9fb690cb658f965fa6df5ce922f3e8e91

HTTP Headers

GET /?utm_medium=a403ed77cf7cee68a98b36c5224270cc02fcef9f&utm_campaign=target_DZ_dbd247&cid=9cTjTuP3FQs1wjbE2fjhiT HTTP/1.1
Host: aff.telelime.space
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 09:16:00 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
cache-control: no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
accept-ch: Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version
strict-transport-security: max-age=63072000; includeSubDomains; preload
alt-svc: h3=":443"; ma=604800; persist=1
content-encoding: gzip
X-Firefox-Spdy: h2

www.trimbuilder.foundation/?sl=5768231-bead7&data1=Track1&data2=Track2&tag=M7359133373144498244&website=24033-fd7afc9z&placement=24033&eyeg=181f5850342ef5975c665a0b4c39cae7&eyer=0.10867436559701538&eyei=0&eyew=1280&eyeh=1024&eyetd=220&eyef=aff.telelime.space

51.68.85.158

0 B

URL
www.trimbuilder.foundation/?sl=5768231-bead7&data1=Track1&data2=Track2&tag=M7359133373144498244&website=24033-fd7afc9z&placement=24033&eyeg=181f5850342ef5975c665a0b4c39cae7&eyer=0.10867436559701538&eyei=0&eyew=1280&eyeh=1024&eyetd=220&eyef=aff.telelime.space
IP
51.68.85.158:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?sl=5768231-bead7&data1=Track1&data2=Track2&tag=M7359133373144498244&website=24033-fd7afc9z&placement=24033&eyeg=181f5850342ef5975c665a0b4c39cae7&eyer=0.10867436559701538&eyei=0&eyew=1280&eyeh=1024&eyetd=220&eyef=aff.telelime.space HTTP/1.1
Host: www.trimbuilder.foundation
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Date: Thu, 18 Apr 2024 09:16:01 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-transform
Location: https://www.trimbuilder.foundation/?sl=5768231-bead7&data1=Track1&data2=Track2&tag=M7359133373144498244&website=24033-fd7afc9z&placement=24033&eyeg=3&eyer=0.10867436559701538&eyei=0&eyew=1280&eyeh=1024&eyetd=220&eyef=aff.telelime.space

www.trimbuilder.foundation/?sl=5768231-bead7&data1=Track1&data2=Track2&tag=M7359133373144498244&website=24033-fd7afc9z&placement=24033&eyeg=3&eyer=0.10867436559701538&eyei=0&eyew=1280&eyeh=1024&eyetd=220&eyef=aff.telelime.space

51.68.85.158

0 B

URL
www.trimbuilder.foundation/?sl=5768231-bead7&data1=Track1&data2=Track2&tag=M7359133373144498244&website=24033-fd7afc9z&placement=24033&eyeg=3&eyer=0.10867436559701538&eyei=0&eyew=1280&eyeh=1024&eyetd=220&eyef=aff.telelime.space
IP
51.68.85.158:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?sl=5768231-bead7&data1=Track1&data2=Track2&tag=M7359133373144498244&website=24033-fd7afc9z&placement=24033&eyeg=3&eyer=0.10867436559701538&eyei=0&eyew=1280&eyeh=1024&eyetd=220&eyef=aff.telelime.space HTTP/1.1
Host: www.trimbuilder.foundation
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Date: Thu, 18 Apr 2024 09:16:01 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-transform
Location: https://admoustache.aftrad-visit.com/track/smartlink?smartlink_id=1&publisher_id=441&network_id=5&click_id=330008ed7e5a5cba0fbf19bb15db913d998990418-202404-flb*5768231-bead7*M7359133373144498244*sl_5768231-bead7*0904f72f2ccc0ee8c73edf7ef43a6ce90de0288a*24033-fd7afc9z*24033

www.trimbuilder.foundation/favicon.ico

51.68.85.158

0 B

URL
www.trimbuilder.foundation/favicon.ico
IP
51.68.85.158:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.trimbuilder.foundation
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 204 No Content
Date: Thu, 18 Apr 2024 09:16:01 GMT
Connection: keep-alive

admoustache.aftrad-visit.com/track/smartlink?smartlink_id=1&publisher_id=441&network_id=5&click_id=330008ed7e5a5cba0fbf19bb15db913d998990418-202404-flb*5768231-bead7*M7359133373144498244*sl_5768231-bead7*0904f72f2ccc0ee8c73edf7ef43a6ce90de0288a*24033-fd7afc9z*24033

172.67.71.68

202 B

URL
admoustache.aftrad-visit.com/track/smartlink?smartlink_id=1&publisher_id=441&network_id=5&click_id=330008ed7e5a5cba0fbf19bb15db913d998990418-202404-flb*5768231-bead7*M7359133373144498244*sl_5768231-bead7*0904f72f2ccc0ee8c73edf7ef43a6ce90de0288a*24033-fd7afc9z*24033
IP
172.67.71.68:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text
Size
202 B (202 bytes)
Hash
886cdf0650c074e870da43ca3d063212
42becf7ea7f981f38c0bef346b980f1263c826e3
69296a6383b2fbf1b474c6fc03b7bc4bd94faef111c30532a9c0a2ccec2b5382

HTTP Headers

GET /track/smartlink?smartlink_id=1&publisher_id=441&network_id=5&click_id=330008ed7e5a5cba0fbf19bb15db913d998990418-202404-flb*5768231-bead7*M7359133373144498244*sl_5768231-bead7*0904f72f2ccc0ee8c73edf7ef43a6ce90de0288a*24033-fd7afc9z*24033 HTTP/1.1
Host: admoustache.aftrad-visit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Thu, 18 Apr 2024 09:16:01 GMT
content-type: text/html; charset=utf-8
content-length: 202
location: https://t3.blowingwnd.com/l.php?p=c:btrsnl901aaqozhg8&d=65ce2e32e492740f6e0cacf0&pid=201KCtw2X4W5UaiCoygQriYXxFv7frX57F3hFg3xLN4aCRcHvwNmJ8VFNXVbakHmsmcChS&s=1B7fmUHKE
referrer-policy: no-referrer
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cCUqCDnG48USVL%2F2MtWAuT%2BlZ%2BTWESqhqk3Q1HFIUd6QqlF94Q%2BaWaUZH99H6rHQLG8eBOguJAFWAjORLqOAD%2F3y%2Fa7YDpB53FnGT3%2F5pAvDV%2F%2FNJvwtlE7%2BCKGzJ8pBoOfkWyCzjNmMVUNsCj4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87638dbdfa145699-OSL
X-Firefox-Spdy: h2

t3.blowingwnd.com/l.php?p=c:btrsnl901aaqozhg8&d=65ce2e32e492740f6e0cacf0&pid=201KCtw2X4W5UaiCoygQriYXxFv7frX57F3hFg3xLN4aCRcHvwNmJ8VFNXVbakHmsmcChS&s=1B7fmUHKE

51.161.115.163

0 B

URL
t3.blowingwnd.com/l.php?p=c:btrsnl901aaqozhg8&d=65ce2e32e492740f6e0cacf0&pid=201KCtw2X4W5UaiCoygQriYXxFv7frX57F3hFg3xLN4aCRcHvwNmJ8VFNXVbakHmsmcChS&s=1B7fmUHKE
IP
51.161.115.163:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /l.php?p=c:btrsnl901aaqozhg8&d=65ce2e32e492740f6e0cacf0&pid=201KCtw2X4W5UaiCoygQriYXxFv7frX57F3hFg3xLN4aCRcHvwNmJ8VFNXVbakHmsmcChS&s=1B7fmUHKE HTTP/1.1
Host: t3.blowingwnd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Thu, 18 Apr 2024 09:16:02 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 13oes905nr
Raund: 313
Location: https://go.savethereef.xyz/redirect?feed=642698&url=t3.blowingwnd.com&subid=1B7fmUHKE&query=&pub_clickid=6620e4d27e6ad749a219214c&default_url=https%3A%2F%2Ft1.hightid.com%2Fr.php%3Fp%3Dc%3As_8942pgf_9qrwlx0%26d%3D653c9411464a4419c012ddb2%26s%3D%7Bpubfeed%7D%26d2%3D%7Breferrer_domain%7D

go.savethereef.xyz/redirect?feed=642698&url=t3.blowingwnd.com&subid=1B7fmUHKE&query=&pub_clickid=6620e4d27e6ad749a219214c&default_url=https%3A%2F%2Ft1.hightid.com%2Fr.php%3Fp%3Dc%3As_8942pgf_9qrwlx0%26d%3D653c9411464a4419c012ddb2%26s%3D%7Bpubfeed%7D%26d2%3D%7Breferrer_domain%7D

198.134.116.30

0 B

URL
go.savethereef.xyz/redirect?feed=642698&url=t3.blowingwnd.com&subid=1B7fmUHKE&query=&pub_clickid=6620e4d27e6ad749a219214c&default_url=https%3A%2F%2Ft1.hightid.com%2Fr.php%3Fp%3Dc%3As_8942pgf_9qrwlx0%26d%3D653c9411464a4419c012ddb2%26s%3D%7Bpubfeed%7D%26d2%3D%7Breferrer_domain%7D
IP
198.134.116.30:0
ASN
#27257 WEBAIR-INTERNET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=642698&url=t3.blowingwnd.com&subid=1B7fmUHKE&query=&pub_clickid=6620e4d27e6ad749a219214c&default_url=https%3A%2F%2Ft1.hightid.com%2Fr.php%3Fp%3Dc%3As_8942pgf_9qrwlx0%26d%3D653c9411464a4419c012ddb2%26s%3D%7Bpubfeed%7D%26d2%3D%7Breferrer_domain%7D HTTP/1.1
Host: go.savethereef.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Thu, 18 Apr 2024 09:16:02 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Location: https://t1.hightid.com/r.php?p=c:s_8942pgf_9qrwlx0&d=653c9411464a4419c012ddb2&s=642698&d2=t3.blowingwnd.com

t1.hightid.com/r.php?p=c:s_8942pgf_9qrwlx0&d=653c9411464a4419c012ddb2&s=642698&d2=t3.blowingwnd.com

51.161.115.163

0 B

URL
t1.hightid.com/r.php?p=c:s_8942pgf_9qrwlx0&d=653c9411464a4419c012ddb2&s=642698&d2=t3.blowingwnd.com
IP
51.161.115.163:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /r.php?p=c:s_8942pgf_9qrwlx0&d=653c9411464a4419c012ddb2&s=642698&d2=t3.blowingwnd.com HTTP/1.1
Host: t1.hightid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Thu, 18 Apr 2024 09:16:03 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 12mw6ufnb4
Raund: 2zt
Location: https://go.savethereef.xyz/redirect?feed=465513&url=https%3A%2F%2Fwww.twtch.co%2F&subid=custom_10utabg6hk.no.linux.firefox&query=642698&pub_clickid=6620e4d38694a05a7c079a2d&default_url=https%3A%2F%2Ft10.lowtid.com%2Fs.php%3Fp%3Dc%3A5mklge2tsml349y_c%26d%3D655744eb46c1f060291a7ac7%26s%3Ddu.%7Bpubfeed%7D%26d2%3D%7Breferrer_domain%7D%26d1%3D%7Bquery%7D

go.savethereef.xyz/redirect?feed=465513&url=https%3A%2F%2Fwww.twtch.co%2F&subid=custom_10utabg6hk.no.linux.firefox&query=642698&pub_clickid=6620e4d38694a05a7c079a2d&default_url=https%3A%2F%2Ft10.lowtid.com%2Fs.php%3Fp%3Dc%3A5mklge2tsml349y_c%26d%3D655744eb46c1f060291a7ac7%26s%3Ddu.%7Bpubfeed%7D%26d2%3D%7Breferrer_domain%7D%26d1%3D%7Bquery%7D

198.134.116.30

0 B

URL
go.savethereef.xyz/redirect?feed=465513&url=https%3A%2F%2Fwww.twtch.co%2F&subid=custom_10utabg6hk.no.linux.firefox&query=642698&pub_clickid=6620e4d38694a05a7c079a2d&default_url=https%3A%2F%2Ft10.lowtid.com%2Fs.php%3Fp%3Dc%3A5mklge2tsml349y_c%26d%3D655744eb46c1f060291a7ac7%26s%3Ddu.%7Bpubfeed%7D%26d2%3D%7Breferrer_domain%7D%26d1%3D%7Bquery%7D
IP
198.134.116.30:0
ASN
#27257 WEBAIR-INTERNET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=465513&url=https%3A%2F%2Fwww.twtch.co%2F&subid=custom_10utabg6hk.no.linux.firefox&query=642698&pub_clickid=6620e4d38694a05a7c079a2d&default_url=https%3A%2F%2Ft10.lowtid.com%2Fs.php%3Fp%3Dc%3A5mklge2tsml349y_c%26d%3D655744eb46c1f060291a7ac7%26s%3Ddu.%7Bpubfeed%7D%26d2%3D%7Breferrer_domain%7D%26d1%3D%7Bquery%7D HTTP/1.1
Host: go.savethereef.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Thu, 18 Apr 2024 09:16:03 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Location: https://ynnus4.life/click.php?key=py7mg5gkrb5zylpdk1zv&clickid=utm_source=465513_custom_10utabg6hk.no.linux.firefox&utm_medium=yeesshh&utm_content=6191310&utm_campaign=2739084&utm_conversion=R2E*Is7Lxfc&bid=0.00001&source=465513.custom_10utabg6hk.no.linux.firefox&pubfeed=465513&country=no

ynnus4.life/click.php?key=py7mg5gkrb5zylpdk1zv&clickid=utm_source=465513_custom_10utabg6hk.no.linux.firefox&utm_medium=yeesshh&utm_content=6191310&utm_campaign=2739084&utm_conversion=R2E*Is7Lxfc&bid=0.00001&source=465513.custom_10utabg6hk.no.linux.firefox&pubfeed=465513&country=no

95.216.29.188

1.1 kB

URL
ynnus4.life/click.php?key=py7mg5gkrb5zylpdk1zv&clickid=utm_source=465513_custom_10utabg6hk.no.linux.firefox&utm_medium=yeesshh&utm_content=6191310&utm_campaign=2739084&utm_conversion=R2E*Is7Lxfc&bid=0.00001&source=465513.custom_10utabg6hk.no.linux.firefox&pubfeed=465513&country=no
IP
95.216.29.188:0
ASN
#24940 Hetzner Online GmbH

File type
JavaScript source, ASCII text, with CRLF, LF line terminators
Size
1.1 kB (1075 bytes)
Hash
54d7fae1982e68c1d565ddff13036957
213edbd8566cec376f183a762735a35b2afdf241
f4f4e82dc999e4cfb126b7d5d3a9d3ea8383ac1124aaebd25acfe2c4555937ec

HTTP Headers

GET /click.php?key=py7mg5gkrb5zylpdk1zv&clickid=utm_source=465513_custom_10utabg6hk.no.linux.firefox&utm_medium=yeesshh&utm_content=6191310&utm_campaign=2739084&utm_conversion=R2E*Is7Lxfc&bid=0.00001&source=465513.custom_10utabg6hk.no.linux.firefox&pubfeed=465513&country=no HTTP/1.1
Host: ynnus4.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.24.0
Date: Thu, 18 Apr 2024 09:16:03 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: uclick=y9e21ng5i4; expires=Fri, 19-Apr-2024 09:16:03 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclickhash=y9e21ng5i4-y9e21ng5i4-dv-0-dv-du3y-du6o-ba40db; expires=Fri, 19-Apr-2024 09:16:03 GMT; Max-Age=86400; path=/; secure; SameSite=none
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip

ynnus4.life/favicon.ico

95.216.29.188

20 B

URL
ynnus4.life/favicon.ico
IP
95.216.29.188:0
ASN
#24940 Hetzner Online GmbH

File type
gzip compressed data, max speed, from Unix
Size
20 B (20 bytes)
Hash
a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: ynnus4.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ynnus4.life/click.php?key=py7mg5gkrb5zylpdk1zv&clickid=utm_source=465513_custom_10utabg6hk.no.linux.firefox&utm_medium=yeesshh&utm_content=6191310&utm_campaign=2739084&utm_conversion=R2E*Is7Lxfc&bid=0.00001&source=465513.custom_10utabg6hk.no.linux.firefox&pubfeed=465513&country=no
Cookie: uclick=y9e21ng5i4; uclickhash=y9e21ng5i4-y9e21ng5i4-dv-0-dv-du3y-du6o-ba40db
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.24.0
Date: Thu, 18 Apr 2024 09:16:04 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip

ynnus4.life/click.php?lp=1

95.216.29.188

0 B

URL
ynnus4.life/click.php?lp=1
IP
95.216.29.188:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /click.php?lp=1 HTTP/1.1
Host: ynnus4.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ynnus4.life/click.php?key=py7mg5gkrb5zylpdk1zv&clickid=utm_source=465513_custom_10utabg6hk.no.linux.firefox&utm_medium=yeesshh&utm_content=6191310&utm_campaign=2739084&utm_conversion=R2E*Is7Lxfc&bid=0.00001&source=465513.custom_10utabg6hk.no.linux.firefox&pubfeed=465513&country=no
Cookie: uclick=y9e21ng5i4; uclickhash=y9e21ng5i4-y9e21ng5i4-dv-0-dv-du3y-du6o-ba40db
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.24.0
Date: Thu, 18 Apr 2024 09:16:09 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://berebereuolakola.com/link?z=6218287&var=63&ymid=d5c1by9e21ng5i47d6
Strict-Transport-Security: max-age=31536000

my.rtmark.net/img.gif?f=merge&userId=008042c07c554586f32791be7df75ac5&z=6218288&p_rid=0c3f3d34-2486-43de-9aa1-6d996a0db7e2&p_src=sf

139.45.195.8

43 B

URL
my.rtmark.net/img.gif?f=merge&userId=008042c07c554586f32791be7df75ac5&z=6218288&p_rid=0c3f3d34-2486-43de-9aa1-6d996a0db7e2&p_src=sf
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

HTTP Headers

GET /img.gif?f=merge&userId=008042c07c554586f32791be7df75ac5&z=6218288&p_rid=0c3f3d34-2486-43de-9aa1-6d996a0db7e2&p_src=sf HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://berebereuolakola.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 09:16:09 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=008042c07c554586f32791be7df75ac5; expires=Fri, 18 Apr 2025 09:16:09 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

eptougry.net/sftouch?userId=008042c07c554586f32791be7df75ac5&z=6218288&p_rid=0c3f3d34-2486-43de-9aa1-6d996a0db7e2&p_src=sf&branchId=0&rb=27Bamo3HGAPI5Y18OL7JoEmd1V_FRGIqJAWcdEbUiprlROdN7hTWRaYUR2WUflHspnzhgkMbUtKRxrT4CrCq9TXxp2_0WzGPsGHlXRNkXY87Dlc9l84qFvg4A2hnf8AFsthbEkg4RY_Ig2rWBxs_G2P2r7_Bp6SQoOD-w5nba6JqdEWWtj1QcVEy6NTfkwVQ-ruZURwjiA9pCjlh9lvcGHnJPFlt1w7tzUAAqErDYXPgFJXMcbrwwYuwHWY3bPZM--KPktSwYbO9KR9t9o6oG1yybc8jrKnJ-EiNSOJNMWI=

139.45.197.245

2 B

URL
eptougry.net/sftouch?userId=008042c07c554586f32791be7df75ac5&z=6218288&p_rid=0c3f3d34-2486-43de-9aa1-6d996a0db7e2&p_src=sf&branchId=0&rb=27Bamo3HGAPI5Y18OL7JoEmd1V_FRGIqJAWcdEbUiprlROdN7hTWRaYUR2WUflHspnzhgkMbUtKRxrT4CrCq9TXxp2_0WzGPsGHlXRNkXY87Dlc9l84qFvg4A2hnf8AFsthbEkg4RY_Ig2rWBxs_G2P2r7_Bp6SQoOD-w5nba6JqdEWWtj1QcVEy6NTfkwVQ-ruZURwjiA9pCjlh9lvcGHnJPFlt1w7tzUAAqErDYXPgFJXMcbrwwYuwHWY3bPZM--KPktSwYbO9KR9t9o6oG1yybc8jrKnJ-EiNSOJNMWI=
IP
139.45.197.245:0
ASN
#9002 RETN Limited

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /sftouch?userId=008042c07c554586f32791be7df75ac5&z=6218288&p_rid=0c3f3d34-2486-43de-9aa1-6d996a0db7e2&p_src=sf&branchId=0&rb=27Bamo3HGAPI5Y18OL7JoEmd1V_FRGIqJAWcdEbUiprlROdN7hTWRaYUR2WUflHspnzhgkMbUtKRxrT4CrCq9TXxp2_0WzGPsGHlXRNkXY87Dlc9l84qFvg4A2hnf8AFsthbEkg4RY_Ig2rWBxs_G2P2r7_Bp6SQoOD-w5nba6JqdEWWtj1QcVEy6NTfkwVQ-ruZURwjiA9pCjlh9lvcGHnJPFlt1w7tzUAAqErDYXPgFJXMcbrwwYuwHWY3bPZM--KPktSwYbO9KR9t9o6oG1yybc8jrKnJ-EiNSOJNMWI= HTTP/1.1
Host: eptougry.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://berebereuolakola.com
DNT: 1
Connection: keep-alive
Referer: https://berebereuolakola.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 09:16:09 GMT
content-type: text/plain
content-length: 2
x-trace-id: 24c7daa5e5c2be60870bd018b1d0f12b
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://berebereuolakola.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

eptougry.net/?z=6218288&syncedCookie=true&rhd=false

139.45.197.245

302 Found

0 B

URL User Request POST HTTP/2
eptougry.net/?z=6218288&syncedCookie=true&rhd=false
IP
139.45.197.245:443
ASN
#9002 RETN Limited

Certificate
IssuerLet's Encrypt
Subjecteptougry.net
FingerprintC8:3B:C4:64:7F:01:38:96:B6:C7:22:F9:0B:B8:13:33:DD:0E:9C:E8
ValiditySun, 17 Mar 2024 05:35:52 GMT - Sat, 15 Jun 2024 05:35:51 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /?z=6218288&syncedCookie=true&rhd=false HTTP/1.1
Host: eptougry.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 666
Origin: https://berebereuolakola.com
DNT: 1
Connection: keep-alive
Referer: https://berebereuolakola.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx
date: Thu, 18 Apr 2024 09:16:09 GMT
content-length: 0
location: https://eu.can-get-so.me/pr?ids=wbwsdgevdua&hash=9d2e850da28b60f5&ext_req_id=804753763926807385&subid1=6218288&cost=0.001050
x-trace-id: ab13d09275f9fdfc7e19cb8dee9e0568
link: <https://eu.can-get-so.me>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
referrer-policy: no-referrer
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://berebereuolakola.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=0080424644de494ce527087409cc3406; expires=Fri, 18 Apr 2025 09:16:09 GMT; path=/; secure; SameSite=None
oaidts=1713431769; expires=Fri, 18 Apr 2025 09:16:09 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

eu.can-get-so.me/pr?ids=wbwsdgevdua&hash=9d2e850da28b60f5&ext_req_id=804753763926807385&subid1=6218288&cost=0.001050

178.63.248.54

302 Found

0 B

URL User Request GET HTTP/2
eu.can-get-so.me/pr?ids=wbwsdgevdua&hash=9d2e850da28b60f5&ext_req_id=804753763926807385&subid1=6218288&cost=0.001050
IP
178.63.248.54:443
ASN
#24940 Hetzner Online GmbH

Certificate
IssuerLet's Encrypt
Subjecteu.can-get-so.me
Fingerprint06:3A:29:D0:50:D1:F5:1E:18:2E:C7:A2:FC:B4:01:5D:7B:49:F5:0C
ValiditySun, 25 Feb 2024 03:31:23 GMT - Sat, 25 May 2024 03:31:22 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /pr?ids=wbwsdgevdua&hash=9d2e850da28b60f5&ext_req_id=804753763926807385&subid1=6218288&cost=0.001050 HTTP/1.1
Host: eu.can-get-so.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: Angie
date: Thu, 18 Apr 2024 09:16:10 GMT
content-length: 0
accept-ch: Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
referrer-policy: no-referrer
location: https://adserving.unibet.com/redirect.aspx?bid=37950&pid=79982261&sref=GIG&GIG=NO_DESK_SB_2
set-cookie: rauid=7Ll9jg45QXazlyZh7cbBlw; expires=Fri, 18 Apr 2025 09:16:10 GMT; path=/; secure; SameSite=None
X-Firefox-Spdy: h2

adserving.unibet.com/redirect.aspx?bid=37950&pid=79982261&sref=GIG&GIG=NO_DESK_SB_2

13.107.213.53

403 Forbidden

409 B

URL User Request GET HTTP/2
adserving.unibet.com/redirect.aspx?bid=37950&pid=79982261&sref=GIG&GIG=NO_DESK_SB_2
IP
13.107.213.53:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Certificate
IssuerTrustwave Holdings, Inc.
Subjectaffiliates.kindredplc.com
Fingerprint9C:1F:91:86:77:41:76:62:71:CD:11:FD:80:70:B7:83:58:47:BF:4F
ValidityThu, 17 Aug 2023 06:39:43 GMT - Fri, 16 Aug 2024 06:38:43 GMT

File type
ASCII text, with CRLF line terminators
Size
409 B (409 bytes)
Hash
c03f1a42fa0f9ccf434687649488a83e
37e83c05c334e0a7fd57f64201f4a56d8425a3c4
31c8fb35c4a51083ccdc5e579d081a4e277fabaed49f97c174e295a583ee3a28

HTTP Headers

GET /redirect.aspx?bid=37950&pid=79982261&sref=GIG&GIG=NO_DESK_SB_2 HTTP/1.1
Host: adserving.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
date: Thu, 18 Apr 2024 09:16:10 GMT
content-type: text/html
content-length: 409
x-azure-ref: 20240418T091610Z-17f9dd4c48b2smg4vb48rxw4zn00000001b000000000g8zm
x-cache: CONFIG_NOCACHE
X-Firefox-Spdy: h2

adserving.unibet.com/favicon.ico

13.107.246.53

403 Forbidden

409 B

URL GET HTTP/2
adserving.unibet.com/favicon.ico
IP
13.107.246.53:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://adserving.unibet.com/redirect.aspx?bid=37950&pid=79982261&sref=GIG&GIG=NO_DESK_SB_2
Certificate
IssuerTrustwave Holdings, Inc.
Subjectaffiliates.kindredplc.com
Fingerprint9C:1F:91:86:77:41:76:62:71:CD:11:FD:80:70:B7:83:58:47:BF:4F
ValidityThu, 17 Aug 2023 06:39:43 GMT - Fri, 16 Aug 2024 06:38:43 GMT

File type
ASCII text, with CRLF line terminators
Size
409 B (409 bytes)
Hash
e1aa847fc970fb8b698317e5486d82be
81ca663dc9a57a304a925603109d2f45fcfdabbb
c8245d3d0e5a9d7f7743e0df10b1dd97ab41ad863f56d4388fd7bdaa1013fd82

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: adserving.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://adserving.unibet.com/redirect.aspx?bid=37950&pid=79982261&sref=GIG&GIG=NO_DESK_SB_2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
date: Thu, 18 Apr 2024 09:16:10 GMT
content-type: text/html
content-length: 409
x-azure-ref: 20240418T091610Z-17f9dd4c48bwtsrhqn0xv2srp400000001z000000000ebn3
x-cache: CONFIG_NOCACHE
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (19)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type