| app.bitdam.com/ | 20.69.135.253 | 308 Permanent Redirect | 164 B |
IP20.69.135.253:0 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
File typeHTML document, ASCII text, with CRLF line terminators Hashf23c4815ecaef1588f16ac735c0e15d6 026bf8cdd5076014b6fc822878e0086eb44da556 43a81fb3d47b34e7d42d6b8444f592ed9251b8e57db8f67d32419aa40b1480d0
GET / HTTP/1.1
Host: app.bitdam.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 308 Permanent Redirect
Date: Thu, 07 Nov 2024 00:03:47 GMT
Content-Type: text/html
Content-Length: 164
Connection: keep-alive
Location: https://app.bitdam.com
|
|
| app.bitdam.com/api/v1.0/links/rewrite_click/?rewrite_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJyZXdyaXRlX2lkIjoiNjcyOGQ2YzliOTFmMDRhNDE1NjM3NTRhIiwidXJsIjoiIiwib3JnYW5pemF0aW9uX2lkIjo1ODQwfQ.Uhd2nS1gN1sUzvqpPDTmoAH1ZU9vF-hNz1sM06cv-iA&url=https://www.google.it/url?q=https://www.google.it/url?q=https://www.google.it/url?q=https://www.google.ro/url?q=https://www.google.nl/url?q=ZFCKQSES42J831UCOWMB4MEAK36T3IE7YuQiApLjODz3yh4nNeW8uuQi&rct=XS%25RANDOM4%25wDnNeW8yycT&sa=t&esrc=nNeW8F%25RANDOM3%EF%BF%BDxys8Em2FL&source=&cd=tS6T8%25RANDOM3%25Tiw9XH&cad=XpPkDfJX%25RANDOM4%25VS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp/newhomesvn.com/cgi//3JN/amFuZWxsZS5mb3NzQHRlbm5hbnRjby5jb20= | 20.69.135.253 | 302 Found | 0 B |
URL app.bitdam.com/api/v1.0/links/rewrite_click/?rewrite_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJyZXdyaXRlX2lkIjoiNjcyOGQ2YzliOTFmMDRhNDE1NjM3NTRhIiwidXJsIjoiIiwib3JnYW5pemF0aW9uX2lkIjo1ODQwfQ.Uhd2nS1gN1sUzvqpPDTmoAH1ZU9vF-hNz1sM06cv-iA&url=https://www.google.it/url?q=https://www.google.it/url?q=https://www.google.it/url?q=https://www.google.ro/url?q=https://www.google.nl/url?q=ZFCKQSES42J831UCOWMB4MEAK36T3IE7YuQiApLjODz3yh4nNeW8uuQi&rct=XS%25RANDOM4%25wDnNeW8yycT&sa=t&esrc=nNeW8F%25RANDOM3%EF%BF%BDxys8Em2FL&source=&cd=tS6T8%25RANDOM3%25Tiw9XH&cad=XpPkDfJX%25RANDOM4%25VS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp/newhomesvn.com/cgi//3JN/amFuZWxsZS5mb3NzQHRlbm5hbnRjby5jb20= IP20.69.135.253:0 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/v1.0/links/rewrite_click/?rewrite_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJyZXdyaXRlX2lkIjoiNjcyOGQ2YzliOTFmMDRhNDE1NjM3NTRhIiwidXJsIjoiIiwib3JnYW5pemF0aW9uX2lkIjo1ODQwfQ.Uhd2nS1gN1sUzvqpPDTmoAH1ZU9vF-hNz1sM06cv-iA&url=https://www.google.it/url?q=https://www.google.it/url?q=https://www.google.it/url?q=https://www.google.ro/url?q=https://www.google.nl/url?q=ZFCKQSES42J831UCOWMB4MEAK36T3IE7YuQiApLjODz3yh4nNeW8uuQi&rct=XS%25RANDOM4%25wDnNeW8yycT&sa=t&esrc=nNeW8F%25RANDOM3%EF%BF%BDxys8Em2FL&source=&cd=tS6T8%25RANDOM3%25Tiw9XH&cad=XpPkDfJX%25RANDOM4%25VS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp/newhomesvn.com/cgi//3JN/amFuZWxsZS5mb3NzQHRlbm5hbnRjby5jb20= HTTP/1.1
Host: app.bitdam.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Thu, 07 Nov 2024 00:03:55 GMT
content-type: application/octet-stream
content-length: 0
location: https://www.google.it/url?q=https://www.google.it/url?q=https://www.google.it/url?q=https://www.google.ro/url?q=https://www.google.nl/url?q=ZFCKQSES42J831UCOWMB4MEAK36T3IE7YuQiApLjODz3yh4nNeW8uuQi&rct=XS%25RANDOM4%25wDnNeW8yycT&sa=t&esrc=nNeW8F%25RANDOM3%25A0xys8Em2FL&source=&cd=tS6T8%25RANDOM3%25Tiw9XH&cad=XpPkDfJX%25RANDOM4%25VS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%67%6F%69%63%61%6F%73%75%2E%63%6F%6D%2E%76%6E%2F%64%65%76%2F/31I/YnJpYW5nQHR1cm5pbmctcG9pbnQuY29t
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
|
|
| www.google.it/url?q=https://www.google.it/url?q=https://www.google.it/url?q=https://www.google.ro/url?q=https://www.google.nl/url?q=ZFCKQSES42J831UCOWMB4MEAK36T3IE7YuQiApLjODz3yh4nNeW8uuQi&rct=XS%25RANDOM4%25wDnNeW8yycT&sa=t&esrc=nNeW8F%25RANDOM3%25A0xys8Em2FL&source=&cd=tS6T8%25RANDOM3%25Tiw9XH&cad=XpPkDfJX%25RANDOM4%25VS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%67%6F%69%63%61%6F%73%75%2E%63%6F%6D%2E%76%6E%2F%64%65%76%2F/31I/YnJpYW5nQHR1cm5pbmctcG9pbnQuY29t | 142.250.74.67 | 302 Found | 280 B |
URL www.google.it/url?q=https://www.google.it/url?q=https://www.google.it/url?q=https://www.google.ro/url?q=https://www.google.nl/url?q=ZFCKQSES42J831UCOWMB4MEAK36T3IE7YuQiApLjODz3yh4nNeW8uuQi&rct=XS%25RANDOM4%25wDnNeW8yycT&sa=t&esrc=nNeW8F%25RANDOM3%25A0xys8Em2FL&source=&cd=tS6T8%25RANDOM3%25Tiw9XH&cad=XpPkDfJX%25RANDOM4%25VS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%67%6F%69%63%61%6F%73%75%2E%63%6F%6D%2E%76%6E%2F%64%65%76%2F/31I/YnJpYW5nQHR1cm5pbmctcG9pbnQuY29t IP142.250.74.67:0
File typeHTML document, ASCII text, with CRLF, LF line terminators Hash9cefeafd46b265dc69e4bed59911d7f1 2b9c6dcec242660570af8bc4fe2641b1ccfe31c1 545db1c7750444989ca2cd91661eaccf4c7226e863bada727acb13cb2f48b215
GET /url?q=https://www.google.it/url?q=https://www.google.it/url?q=https://www.google.ro/url?q=https://www.google.nl/url?q=ZFCKQSES42J831UCOWMB4MEAK36T3IE7YuQiApLjODz3yh4nNeW8uuQi&rct=XS%25RANDOM4%25wDnNeW8yycT&sa=t&esrc=nNeW8F%25RANDOM3%25A0xys8Em2FL&source=&cd=tS6T8%25RANDOM3%25Tiw9XH&cad=XpPkDfJX%25RANDOM4%25VS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%67%6F%69%63%61%6F%73%75%2E%63%6F%6D%2E%76%6E%2F%64%65%76%2F/31I/YnJpYW5nQHR1cm5pbmctcG9pbnQuY29t HTTP/1.1
Host: www.google.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: SOCS=CAESHAgBEhJnd3NfMjAyMjA5MjktMF9SQzEaAnJvIAEaBgiAkvOZBg
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
location: https://www.google.it/amp/goicaosu.com.vn/dev//31I/YnJpYW5nQHR1cm5pbmctcG9pbnQuY29t
cache-control: private
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=31536000
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-Fbe08IYOxEn-bZWsgjZX2w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
date: Thu, 07 Nov 2024 00:03:55 GMT
server: gws
content-length: 280
x-xss-protection: 0
set-cookie: __Secure-ENID=23.SE=HPzBGczVN4DC4fTMgg-s6QKr3AXR_lpdKQMNGYud5TfO-YKgpbjxjL7q2F-wElg5f58uInYyEEL9sd3vKfYvbkmE3RXmAmS0sHpt5IxQ58jGZD7c7cr3wkBsPPz0bKTDz3G7E_nxlnkw_USGinYNK9mN0UGXIKx69uNodLH4iAz7k4h_XsinmJ6ZWYH64Djw-Eqdz7jnerF509YlqjB9k1B885F4DQj4I8ieljnc; expires=Sun, 07-Dec-2025 16:22:13 GMT; path=/; domain=.google.it; Secure; HttpOnly; SameSite=lax
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| www.google.it/amp/goicaosu.com.vn/dev//31I/YnJpYW5nQHR1cm5pbmctcG9pbnQuY29t | 142.250.74.67 | 302 Found | 261 B |
URL www.google.it/amp/goicaosu.com.vn/dev//31I/YnJpYW5nQHR1cm5pbmctcG9pbnQuY29t IP142.250.74.67:0
File typeHTML document, ASCII text, with CRLF, LF line terminators Hash8d2a27efa204cc1c1c07f64930a10dc9 ca559c833710e0b70073b6801e9c1f327e7fc298 f74bfb5bee77a76cb75bed47edaac1e0cb1b41b1a01c309b519bdbda2caae424
GET /amp/goicaosu.com.vn/dev//31I/YnJpYW5nQHR1cm5pbmctcG9pbnQuY29t HTTP/1.1
Host: www.google.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: SOCS=CAESHAgBEhJnd3NfMjAyMjA5MjktMF9SQzEaAnJvIAEaBgiAkvOZBg; __Secure-ENID=23.SE=HPzBGczVN4DC4fTMgg-s6QKr3AXR_lpdKQMNGYud5TfO-YKgpbjxjL7q2F-wElg5f58uInYyEEL9sd3vKfYvbkmE3RXmAmS0sHpt5IxQ58jGZD7c7cr3wkBsPPz0bKTDz3G7E_nxlnkw_USGinYNK9mN0UGXIKx69uNodLH4iAz7k4h_XsinmJ6ZWYH64Djw-Eqdz7jnerF509YlqjB9k1B885F4DQj4I8ieljnc
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
location: http://goicaosu.com.vn/dev//31I/YnJpYW5nQHR1cm5pbmctcG9pbnQuY29t
cache-control: private
x-robots-tag: noindex
content-type: text/html; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-ANtbeackvADR-oAHNwLIHA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/fff
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/fff"}]}
date: Thu, 07 Nov 2024 00:03:56 GMT
server: gws
content-length: 261
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| goicaosu.com.vn/dev//31I/YnJpYW5nQHR1cm5pbmctcG9pbnQuY29t | 103.28.36.189 | 200 OK | 0 B |
URL goicaosu.com.vn/dev//31I/YnJpYW5nQHR1cm5pbmctcG9pbnQuY29t IP103.28.36.189:0 ASN#131353 NhanHoa Software company
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dev//31I/YnJpYW5nQHR1cm5pbmctcG9pbnQuY29t HTTP/1.1
Host: goicaosu.com.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.3.33
refresh: 0;url=https://dba.conitystabc.com/6J4Z/#Dbriang@turning-point.com
content-type: text/html; charset=UTF-8
content-length: 0
date: Thu, 07 Nov 2024 00:03:55 GMT
server: LiteSpeed
|
|
| dba.conitystabc.com/6J4Z/ | 0.0.0.0 | | 0 B |
URL User Request GET dba.conitystabc.com/6J4Z/ IP0.0.0.0:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /6J4Z/ HTTP/1.1
Host: dba.conitystabc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|