Report - beautycenter-wassenberg.de/index.php/rundgang

Report Overview

Submitted URL
beautycenter-wassenberg.de/index.php/rundgang
IP
92.205.53.9
ASN
#21499 Host Europe GmbH
Submitted
2024-05-07 07:34:03
Access
public
Website Title
beautycenter-wassenberg.de/index.php/rundgang
Final URL
beautycenter-wassenberg.de/index.php/rundgang
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
26

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
beautycenter-wassenberg.de	unknown	unknown	2018-06-30	2024-02-15	796 B	4.5 kB	92.205.53.9
bind.bestresulttostart.com	unknown	2024-03-04	2024-03-22	2024-04-26	857 B	9.0 kB	193.163.7.113
gate.getmygateway.com	unknown	2023-09-09	2023-09-09	2024-03-19	441 B	332 B	45.140.146.101
api.statisticsong.com	unknown	2024-01-30	2024-01-30	2024-03-02	420 B	0 B	0.0.0.0
lists.clickandanalytics.com	unknown	2023-05-17	2023-06-27	2024-02-20	420 B	16 kB	45.140.146.101
js.cdntoswitchspirit.com	unknown	2024-04-29	2024-05-06	2024-05-06	852 B	74 kB	172.67.209.227
jquery.restartyourchoices.com	unknown	unknown	No data	No data	456 B	12 kB	104.21.19.43
rest.cdntoswitchspirit.com	unknown	unknown	No data	No data	429 B	12 kB	172.67.209.227

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

Scan Date	Severity	Indicator	Alert
2024-05-07	medium	bestresulttostart.com	Sinkholed
2024-05-07	medium	bestresulttostart.com	Sinkholed

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-07	medium	beautycenter-wassenberg.de	Sinkholed
2024-05-07	medium	bestresulttostart.com	Sinkholed
2024-05-07	medium	beautycenter-wassenberg.de	Sinkholed
2024-05-07	medium	getmygateway.com	Sinkholed
2024-05-07	medium	bestresulttostart.com	Sinkholed
2024-05-07	medium	statisticsong.com	Sinkholed
2024-05-07	medium	cdntoswitchspirit.com	Sinkholed
2024-05-07	medium	cdntoswitchspirit.com	Sinkholed
2024-05-07	medium	cdntoswitchspirit.com	Sinkholed

ThreatFox

Scan Date	Severity	Indicator	Alert
2024-04-02	medium	bind.bestresulttostart.com	Unknown malware
2024-04-02	medium	bind.bestresulttostart.com	Unknown malware

JavaScript (16)

	URL	Size	First Seen	Last Seen
	beautycenter-wassenberg.de/index.php/rundgang	709 B	2024-05-01	2024-05-15
Pretty URL beautycenter-wassenberg.de/index.php/rundgang IP 92.205.53.9 ASN #21499 Host Europe GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-01 22:23:50 Last Seen2024-05-15 21:34:22 Times Seen10 Hash fb112a50a0a47a76392e5b807b4f969a 584f987e9d7f7e68c216b141ce4413c54becc99b 12301a23db1649373aa20aeed51d7fdfb331596aff386849c49e784698dca5af Loading...

	rest.cdntoswitchspirit.com/scripts/stack.js	11 kB	2024-05-01	2024-05-16
Pretty URL rest.cdntoswitchspirit.com/scripts/stack.js IP 172.67.209.227 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-01 22:23:50 Last Seen2024-05-16 01:19:47 Times Seen20 Hash e878b03a981d11cece993499461e5e06 31ebea7de3f1cfc6c81a9d37d8dfb3c3d7990e0e 857a06738b346b4d275749df845fb3fe2f296bfe49c031e170a1808478299198 Loading...

	jquery.restartyourchoices.com/cdncollect?r1=beautycenter-wassenberg.de	10 kB	2024-04-30	2024-05-19
Pretty URL jquery.restartyourchoices.com/cdncollect?r1=beautycenter-wassenberg.de IP 104.21.19.43 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-30 20:44:45 Last Seen2024-05-19 17:00:15 Times Seen514 Hash a670ec3dd6fa757de5d5aab7abddfe59 07efb08354a342ae821e52b60728a31945c95759 a9aa76d5655c965f1feceec22619fa26acb1c4832f76ea25a79201bbc2b2c2f0 Loading...

	bind.bestresulttostart.com/scripts/statistics.js?s=5.4.2	10 kB	2024-04-30	2024-05-19
Pretty URL bind.bestresulttostart.com/scripts/statistics.js?s=5.4.2 IP 193.163.7.113 ASN #204601 Zomro B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-30 17:38:54 Last Seen2024-05-19 17:00:15 Times Seen150 Hash 9d3a2c5feb7b6810bff5bdd9c6987a11 f96b5c4dcbed5e2abd7edb29dcefd1fb9fb28b4b c97d2621e7e098aab41dfae76dc18919579ef8c1e79dbb27d2172396da956829 Loading...

	js.cdntoswitchspirit.com/source/split.js	36 kB	2024-04-30	2024-05-14
Pretty URL js.cdntoswitchspirit.com/source/split.js IP 172.67.209.227 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-30 17:38:54 Last Seen2024-05-14 22:24:18 Times Seen425 Hash fe59aea1c787d361c69c43c46a747767 2cc61a29d05db4814718cc60450876419afc5d24 9763b6045876ff0f6ddf7f20e19d631346a2f132e675ff1601896b3625fd9816 Loading...

	lists.clickandanalytics.com/9BcW9F	15 kB	2024-02-29	2024-05-19
Pretty URL lists.clickandanalytics.com/9BcW9F IP 45.140.146.101 ASN #44477 Stark Industries Solutions Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-29 18:41:15 Last Seen2024-05-19 09:37:42 Times Seen277 Hash b0149465e313403016a11ea7df794a63 3818a94fc421c0788c7db55adc59d58318f26d4b 94b3871c5af9ca42f481e355e3183d28ba94ef16165db7b07873248898735dd0 Loading...

	gate.getmygateway.com/KQGrXb?c=beautycenter-wassenberg.de	0 B	2023-03-07	2024-05-19
Pretty URL gate.getmygateway.com/KQGrXb?c=beautycenter-wassenberg.de IP 45.140.146.101 ASN #44477 Stark Industries Solutions Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-19 17:23:05 Times Seen37836074 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	unknown	384 B	2024-05-01	2024-05-16
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-01 22:23:50 Last Seen2024-05-16 01:19:47 Times Seen11 Hash 8c7f66adf027171fc670a3c7a39ba03a a04c7c82c89f62649368c425bad7fa3193320530 07f6b67e36caf175acf1a6b0cd7bb19002743f01dc8a71776baa0ce0f42b917f Loading...

	beautycenter-wassenberg.de/index.php/rundgang	457 B	2024-04-14	2024-05-10
Pretty URL beautycenter-wassenberg.de/index.php/rundgang IP 92.205.53.9 ASN #21499 Host Europe GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-14 21:16:45 Last Seen2024-05-10 01:37:23 Times Seen4 Hash b6e457b894d6b4f86ac007ad5d4bef9e 6d3484c381e7344eb06e08bd8741a3725db829e0 8b720d84c63c7806aa7c6496faa79c914b8585bdd4e1e19b0073378abc7eccd0 Loading...

	beautycenter-wassenberg.de/index.php/rundgang	4.0 kB	2024-03-28	2024-05-17
Pretty URL beautycenter-wassenberg.de/index.php/rundgang IP 92.205.53.9 ASN #21499 Host Europe GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-28 05:26:43 Last Seen2024-05-17 13:43:16 Times Seen21 Hash e9d75c0cb231bb40afef85204d4092d4 da3e780e60c016920978a2a2bdb2f1b55ab945bd 35e461f1015a760a5711c96570ba3d7cc3159c94d87aadabbcf446154f2df9af Loading...

	beautycenter-wassenberg.de/index.php/rundgang	1.3 kB	2024-01-30	2024-05-19
Pretty URL beautycenter-wassenberg.de/index.php/rundgang IP 92.205.53.9 ASN #21499 Host Europe GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2024-01-30 20:12:02 Last Seen2024-05-19 04:36:21 Times Seen54 Hash 513c35c1da79ffdf0d7ecbdb6d0e141d ce6a06b1e8351d188719fe926f9e302eaf33b465 e0b80c1c19e40ea7dc60eb110b06fa0cccbecd9f6f1fde1cca3136451f27f552 Loading...

	beautycenter-wassenberg.de/index.php/rundgang	1.1 kB	2024-01-28	2024-05-07
Pretty URL beautycenter-wassenberg.de/index.php/rundgang IP 92.205.53.9 ASN #21499 Host Europe GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2024-01-28 12:45:44 Last Seen2024-05-07 09:34:09 Times Seen9 Hash 1d3838cdf9d06895ebbbddd6ef4f2110 448c1f8040114a162dbb5c3381e15792d32426a0 a41fc84d256780a9651e5590b0e9b52236af3b90e71bf885902df1514e570063 Loading...

	beautycenter-wassenberg.de/index.php/rundgang	1.0 kB	2024-05-07	2024-05-07
Pretty URL beautycenter-wassenberg.de/index.php/rundgang IP 92.205.53.9 ASN #21499 Host Europe GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-07 09:34:09 Last Seen2024-05-07 09:34:09 Times Seen1 Hash ac2eb70526ae2029e182cd7b52543f1e af2b51da819310ab61317d57670430e81b993065 b469463cfdf12ee30620b891c90b123efb814734bbd4195ce237108fe94b7541 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 26c52ef8f5d5811d8746112b7c68f438	228 B	2024-01-28	2024-05-07
Pretty Observations First Seen2024-01-28 12:45:45 Last Seen2024-05-07 09:34:09 Times Seen17 Hash 26c52ef8f5d5811d8746112b7c68f438 13dd9a5febd6d50b27a9ff15bf2957092137bd99 c246ffd90baa7fb2d36c5e606e9b173bae78dd7eba9131566e8fb50c554c5a28 Loading...

	#2 Eval - 72c4d12a34ef44de686431c50772a63d	323 B	2024-04-14	2024-05-10
Pretty Observations First Seen2024-04-14 21:16:45 Last Seen2024-05-10 01:37:23 Times Seen4 Hash 72c4d12a34ef44de686431c50772a63d 2fb55cede6a573ecf23392467d4e5f6fcaeaa228 59a9f0d49db171a6f87ee6bc61b70c5314e92f24ff196c0320709e571ab3750f Loading...

	#3 Eval - 52587b5d79728b99965e2e98e384fc77	448 B	2024-01-30	2024-05-19
Pretty Observations First Seen2024-01-30 20:12:04 Last Seen2024-05-19 04:36:22 Times Seen60 Hash 52587b5d79728b99965e2e98e384fc77 a635381039c36bb463d37e1c1b16bd701775f052 4f9584d7ad002f56671dad7f9c630e11eea746ff289435d1ccaa65665a4f2c48 Loading...

HTTP Transactions (11)

URL IP Response Size

beautycenter-wassenberg.de/index.php/rundgang

92.205.53.9

3.9 kB

URL User Request GET
beautycenter-wassenberg.de/index.php/rundgang
IP
92.205.53.9:0
ASN
#21499 Host Europe GmbH

File type
JavaScript source, ASCII text, with very long lines (11131), with CRLF, LF line terminators
Size
3.9 kB (3880 bytes)
Hash
826bee4fda4753129f0bc6f747711548
1424fd5366aa2c1453cee6e70cfbb749e8b01824
8fa4f5a98cdb5ecb8bb076eae251cde04ebd7290073705a05bdf60f17bb740ed

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index.php/rundgang HTTP/1.1
Host: beautycenter-wassenberg.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 07 May 2024 07:33:38 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Cache-Status: BYPASS
Content-Encoding: gzip

bind.bestresulttostart.com/m67LBk

193.163.7.113

404 Not Found

0 B

URL GET HTTP/2
bind.bestresulttostart.com/m67LBk
IP
193.163.7.113:443
ASN
#204601 Zomro B.V.

Requested by
http://beautycenter-wassenberg.de/index.php/rundgang
Certificate
IssuerLet's Encrypt
Subjectbestresulttostart.com
FingerprintF4:4C:F5:1D:A8:B6:9F:52:11:56:EC:A1:D7:C6:98:DF:2E:96:E0:4C
ValidityMon, 08 Apr 2024 08:36:22 GMT - Sun, 07 Jul 2024 08:36:21 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Unknown malware
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /m67LBk HTTP/1.1
Host: bind.bestresulttostart.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://beautycenter-wassenberg.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
server: nginx
date: Tue, 07 May 2024 07:33:38 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
strict-transport-security: max-age=31536000;
X-Firefox-Spdy: h2

beautycenter-wassenberg.de/favicon.ico

92.205.53.9

404 Not Found

173 B

URL GET HTTP/1.1
beautycenter-wassenberg.de/favicon.ico
IP
92.205.53.9:80
ASN
#21499 Host Europe GmbH

Requested by
http://beautycenter-wassenberg.de/index.php/rundgang

File type
HTML document, ASCII text
Size
173 B (173 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: beautycenter-wassenberg.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://beautycenter-wassenberg.de/index.php/rundgang
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx
Date: Tue, 07 May 2024 07:33:39 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip

gate.getmygateway.com/KQGrXb?c=beautycenter-wassenberg.de

45.140.146.101

200 OK

0 B

URL GET HTTP/2
gate.getmygateway.com/KQGrXb?c=beautycenter-wassenberg.de
IP
45.140.146.101:443
ASN
#44477 Stark Industries Solutions Ltd

Requested by
http://beautycenter-wassenberg.de/index.php/rundgang
Certificate
IssuerLet's Encrypt
Subjectgate.getmygateway.com
FingerprintF2:E0:B0:7B:1E:89:C9:4D:C8:55:A1:09:83:F6:7D:58:9F:98:0A:46
ValidityFri, 15 Mar 2024 02:12:16 GMT - Thu, 13 Jun 2024 02:12:15 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /KQGrXb?c=beautycenter-wassenberg.de HTTP/1.1
Host: gate.getmygateway.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://beautycenter-wassenberg.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 07:33:39 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
cache-control: no-cache, no-store, must-revalidate
expires: Tue, 07 May 2024 07:33:39 GMT
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
access-control-allow-origin: *
X-Firefox-Spdy: h2

bind.bestresulttostart.com/scripts/statistics.js?s=5.4.2

193.163.7.113

200 OK

8.4 kB

URL GET HTTP/2
bind.bestresulttostart.com/scripts/statistics.js?s=5.4.2
IP
193.163.7.113:443
ASN
#204601 Zomro B.V.

Requested by
http://beautycenter-wassenberg.de/index.php/rundgang
Certificate
IssuerLet's Encrypt
Subjectbestresulttostart.com
FingerprintF4:4C:F5:1D:A8:B6:9F:52:11:56:EC:A1:D7:C6:98:DF:2E:96:E0:4C
ValidityMon, 08 Apr 2024 08:36:22 GMT - Sun, 07 Jul 2024 08:36:21 GMT

File type
gzip compressed data, from Unix
Size
8.4 kB (8428 bytes)
Hash
e5eaefe921b4bdeb8a0e6901c690cb56
95b32ddc0fa8039e8f1b1c28d275252fceb6f565
0b21c2f0b1ad864d38a32cd9460c79b12a89da513ea991e357861c3c5a8de607

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Unknown malware
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /scripts/statistics.js?s=5.4.2 HTTP/1.1
Host: bind.bestresulttostart.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://beautycenter-wassenberg.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 07:33:38 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 30 Apr 2024 15:15:36 GMT
vary: Accept-Encoding
etag: W/"66310b18-285b"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000;
content-encoding: gzip
X-Firefox-Spdy: h2

api.statisticsong.com/scripts/r.js

0.0.0.0

0 B

URL GET
api.statisticsong.com/scripts/r.js
IP
0.0.0.0:0
ASN
#0

Requested by
http://beautycenter-wassenberg.de/index.php/rundgang

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /scripts/r.js HTTP/1.1
Host: api.statisticsong.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://beautycenter-wassenberg.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

lists.clickandanalytics.com/9BcW9F

45.140.146.101

200 OK

15 kB

URL GET HTTP/2
lists.clickandanalytics.com/9BcW9F
IP
45.140.146.101:443
ASN
#44477 Stark Industries Solutions Ltd

Requested by
http://beautycenter-wassenberg.de/index.php/rundgang
Certificate
IssuerLet's Encrypt
Subjectcollect.clickandanalytics.com
FingerprintF4:17:1E:5D:BF:87:33:FD:05:62:19:CA:43:50:59:23:2B:D3:13:C0
ValidityFri, 15 Mar 2024 02:13:25 GMT - Thu, 13 Jun 2024 02:13:24 GMT

File type
JavaScript source, ASCII text, with very long lines (15287), with no line terminators
Size
15 kB (15287 bytes)
Hash
b0149465e313403016a11ea7df794a63
3818a94fc421c0788c7db55adc59d58318f26d4b
94b3871c5af9ca42f481e355e3183d28ba94ef16165db7b07873248898735dd0

HTTP Headers

GET /9BcW9F HTTP/1.1
Host: lists.clickandanalytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://beautycenter-wassenberg.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 07:33:39 GMT
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
expires: Tue, 07 May 2024 07:33:39 GMT
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
access-control-allow-origin: *
X-Firefox-Spdy: h2

js.cdntoswitchspirit.com/source/split.js

172.67.209.227

200 OK

36 kB

URL GET HTTP/3
js.cdntoswitchspirit.com/source/split.js
IP
172.67.209.227:443
ASN
#13335 CLOUDFLARENET

Requested by
http://beautycenter-wassenberg.de/index.php/rundgang
Certificate
IssuerLet's Encrypt
Subjectcdntoswitchspirit.com
FingerprintDF:DB:EE:70:5A:39:BB:E7:A9:C6:4B:5C:24:04:56:6B:D0:D3:C0:AD
ValidityMon, 29 Apr 2024 10:49:03 GMT - Sun, 28 Jul 2024 10:49:02 GMT

File type
JavaScript source, ASCII text, with very long lines (36341), with no line terminators
Size
36 kB (36341 bytes)
Hash
fe59aea1c787d361c69c43c46a747767
2cc61a29d05db4814718cc60450876419afc5d24
9763b6045876ff0f6ddf7f20e19d631346a2f132e675ff1601896b3625fd9816

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /source/split.js HTTP/1.1
Host: js.cdntoswitchspirit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://beautycenter-wassenberg.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 07 May 2024 07:33:38 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 30 Apr 2024 15:35:14 GMT
vary: Accept-Encoding
etag: W/"66310fb2-8df5"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 220999
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LXTrnV19ObcEV17LV3HkULZrhbdMTbORjk%2F3l%2FwltK35v0lLqoUkBPSoiTxghOHQWUJSkIbTDDJqt2g7tHk4EFnD9h5uUTdUM2yVtSdQY4atZS71RcRl%2BboO5JXwwtLAqlCiO%2B5k4h76Gjg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ff85e59d1d1c06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

jquery.restartyourchoices.com/cdncollect?r1=beautycenter-wassenberg.de

104.21.19.43

200 OK

10 kB

URL GET HTTP/2
jquery.restartyourchoices.com/cdncollect?r1=beautycenter-wassenberg.de
IP
104.21.19.43:443
ASN
#13335 CLOUDFLARENET

Requested by
http://beautycenter-wassenberg.de/index.php/rundgang
Certificate
IssuerLet's Encrypt
Subjectrestartyourchoices.com
Fingerprint1E:64:C0:EA:CA:57:4F:66:CB:2A:33:CF:E5:2D:8D:F5:B1:21:CE:D6
ValidityThu, 02 May 2024 15:04:04 GMT - Wed, 31 Jul 2024 15:04:03 GMT

File type
JavaScript source, ASCII text, with very long lines (10370)
Size
10 kB (10371 bytes)
Hash
a670ec3dd6fa757de5d5aab7abddfe59
07efb08354a342ae821e52b60728a31945c95759
a9aa76d5655c965f1feceec22619fa26acb1c4832f76ea25a79201bbc2b2c2f0

HTTP Headers

GET /cdncollect?r1=beautycenter-wassenberg.de HTTP/1.1
Host: jquery.restartyourchoices.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://beautycenter-wassenberg.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 07:33:39 GMT
content-type: application/javascript
cache-control: no-cache, no-store, must-revalidate
expires: Tue, 07 May 2024 07:33:39 GMT
set-cookie: _subid=376l60jidc1br; expires=Fri, 07 Jun 2024 07:33:39 GMT; path=/
a4fba=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjQxXCI6MTcxNTA2NzIxOX0sXCJjYW1wYWlnbnNcIjp7XCIxM1wiOjE3MTUwNjcyMTl9LFwidGltZVwiOjE3MTUwNjcyMTl9In0.RsYI_DBhCzZ_LKELC-89YbpVwm0iaD9aYyJcGXoLTsE; expires=Mon, 12 Sep 2078 15:07:18 GMT; path=/
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S0vh2Q9CTDy9IEiwyB%2FvTxntayOwMB0UXpO2meeXnWR0Quh12bDf4CYh7q6%2BbSfPREiCWxpgQqx71OOgEczwT8K%2Bjp0omZAN5%2BlE%2Bt7xs84ZHcPcRWtchZPg3Ok808AiQVteY7RF%2FujAI0IZoFK5aQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ff85e6885cb521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

rest.cdntoswitchspirit.com/scripts/stack.js

172.67.209.227

200 OK

11 kB

URL GET HTTP/2
rest.cdntoswitchspirit.com/scripts/stack.js
IP
172.67.209.227:443
ASN
#13335 CLOUDFLARENET

Requested by
http://beautycenter-wassenberg.de/index.php/rundgang
Certificate
IssuerLet's Encrypt
Subjectcdntoswitchspirit.com
FingerprintDF:DB:EE:70:5A:39:BB:E7:A9:C6:4B:5C:24:04:56:6B:D0:D3:C0:AD
ValidityMon, 29 Apr 2024 10:49:03 GMT - Sun, 28 Jul 2024 10:49:02 GMT

File type
JavaScript source, ASCII text, with very long lines (10731), with no line terminators
Size
11 kB (10731 bytes)
Hash
e878b03a981d11cece993499461e5e06
31ebea7de3f1cfc6c81a9d37d8dfb3c3d7990e0e
857a06738b346b4d275749df845fb3fe2f296bfe49c031e170a1808478299198

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /scripts/stack.js HTTP/1.1
Host: rest.cdntoswitchspirit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://beautycenter-wassenberg.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 07:33:38 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 01 May 2024 16:05:11 GMT
vary: Accept-Encoding
etag: W/"66326837-29eb"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 220949
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xuqI3q1NIBjiRdA0PcjGDaeNp3k7BahALDYjLCBfKefK1%2FdBQGh3AHphF%2FUbwr0SIsFOaWsnn05ghlVQtgiFaO1RcCnkh0dLChGwXlsYeyWtJz59azj7fZGwmUHHAmNBS00FIxtZkVQ2w2VFxg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ff85e4881e7130-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

js.cdntoswitchspirit.com/source/split.js

172.67.209.227

200 OK

36 kB

URL GET HTTP/3
js.cdntoswitchspirit.com/source/split.js
IP
172.67.209.227:443
ASN
#13335 CLOUDFLARENET

Requested by
http://beautycenter-wassenberg.de/index.php/rundgang
Certificate
IssuerLet's Encrypt
Subjectcdntoswitchspirit.com
FingerprintDF:DB:EE:70:5A:39:BB:E7:A9:C6:4B:5C:24:04:56:6B:D0:D3:C0:AD
ValidityMon, 29 Apr 2024 10:49:03 GMT - Sun, 28 Jul 2024 10:49:02 GMT

File type
JavaScript source, ASCII text, with very long lines (36341), with no line terminators
Size
36 kB (36341 bytes)
Hash
fe59aea1c787d361c69c43c46a747767
2cc61a29d05db4814718cc60450876419afc5d24
9763b6045876ff0f6ddf7f20e19d631346a2f132e675ff1601896b3625fd9816

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /source/split.js HTTP/1.1
Host: js.cdntoswitchspirit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://beautycenter-wassenberg.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 07 May 2024 07:33:39 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 30 Apr 2024 15:35:14 GMT
vary: Accept-Encoding
etag: W/"66310fb2-8df5"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 221000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oG8uX2p44n7CKrQIbnRiKAe7tma95%2BLvPwtGfVmj7pENiMH7V7CV9MLHYG1L%2BXocECJThy0OXkGdXwBrcxNgs2jKF7cWsZoo0rTLX8B7Facom0IsOov6%2FOWT88or76lLCx9AYxiLR3zbWc4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ff85e6fed51c06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (16)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL