Report - www.profitablecpmrate.com/api/users?in=false&pii=true&token=L2t5eTE5NjZ5P2tleT03MmY0Njc2ZGEzZTUxYjc0YjNjOGQ1OTRkOWNkNmIyMSZwc3Q9MTczMDEyNTc2MSZyZWZlcj1odHRwcyUzQSUyRiUyRm5pY29tYW5nYS5jb20lMkYmcm10Yz10JnNodT0zMGY0M2Q2MDRkODE5NjAzOTc1ZjFjYzBmZWU1OGM2YTc0ZDgwNzgyMmJlNTlmNjFjZWYyZWZiYTE5OTg4MDZlMDM4NWU2ZDdkNDI1Y2UyNjlmNWRhZWI5N2NkM2ZkZDczMTM2MzMwYzkzY2M0Mzc1M2UxMTQ0YjBiNDg5ZGZhZDNjMjkxN2I5YmRiNWEyOTFhMDM2YTczOTdiMzA1ODNlOWQyYmFiZDg4OTQ0MDUwYmQ4ODk&uuid=

Report Overview

Visited public
2024-10-29 02:34:31
Tags
URL
www.profitablecpmrate.com/api/users?in=false&pii=true&token=L2t5eTE5NjZ5P2tleT03MmY0Njc2ZGEzZTUxYjc0YjNjOGQ1OTRkOWNkNmIyMSZwc3Q9MTczMDEyNTc2MSZyZWZlcj1odHRwcyUzQSUyRiUyRm5pY29tYW5nYS5jb20lMkYmcm10Yz10JnNodT0zMGY0M2Q2MDRkODE5NjAzOTc1ZjFjYzBmZWU1OGM2YTc0ZDgwNzgyMmJlNTlmNjFjZWYyZWZiYTE5OTg4MDZlMDM4NWU2ZDdkNDI1Y2UyNjlmNWRhZWI5N2NkM2ZkZDczMTM2MzMwYzkzY2M0Mzc1M2UxMTQ0YjBiNDg5ZGZhZDNjMjkxN2I5YmRiNWEyOTFhMDM2YTczOTdiMzA1ODNlOWQyYmFiZDg4OTQ0MDUwYmQ4ODk&uuid=
Finishing URL
vaigreevouta.xyz/policy-sweep-check.htm?offer_id=99275599&geo=NO&oaid=00810464e27e432ee2253863c908e40b&s=874955834835350167&z=8268570&b=21546778&var=96&campaignid=14083&utm_campaign=96&utm_medium=8268570&utm_source=zd_14083&utm_term=21546778&utm_content=zd_public_v2&country=NO
IP / ASN
192.243.59.13
#39572 DataWeb Global Group B.V.
Title
404 Not Found

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.profitablecpmrate.com	unknown	2024-10-15	2024-10-23	2024-10-23	3.5 kB	5.5 kB	172.240.127.234
w0we.com	unknown	2022-04-18	2024-10-28	2024-10-28	866 B	556 B	104.18.36.38
ak.rousnoveron.com	unknown	2024-09-27	2024-10-22	2024-10-29	3.7 kB	21 kB	23.36.77.104
my.rtmark.net	9054	2014-10-29	2015-02-04	2024-10-23	529 B	678 B	139.45.195.8
vaigreevouta.xyz	unknown	2024-10-15	2024-10-20	2024-10-27	1.4 kB	3.0 kB	172.67.143.58

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Mnemonic Secure DNS

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-10-29	medium	rousnoveron.com	Sinkholed
2024-10-29	medium	rousnoveron.com	Sinkholed
2024-10-29	medium	rousnoveron.com	Sinkholed
2024-10-29	medium	rousnoveron.com	Sinkholed
2024-10-29	medium	rousnoveron.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (12)

URL IP Response Size

www.profitablecpmrate.com/api/users?in=false&pii=true&token=L2t5eTE5NjZ5P2tleT03MmY0Njc2ZGEzZTUxYjc0YjNjOGQ1OTRkOWNkNmIyMSZwc3Q9MTczMDEyNTc2MSZyZWZlcj1odHRwcyUzQSUyRiUyRm5pY29tYW5nYS5jb20lMkYmcm10Yz10JnNodT0zMGY0M2Q2MDRkODE5NjAzOTc1ZjFjYzBmZWU1OGM2YTc0ZDgwNzgyMmJlNTlmNjFjZWYyZWZiYTE5OTg4MDZlMDM4NWU2ZDdkNDI1Y2UyNjlmNWRhZWI5N2NkM2ZkZDczMTM2MzMwYzkzY2M0Mzc1M2UxMTQ0YjBiNDg5ZGZhZDNjMjkxN2I5YmRiNWEyOTFhMDM2YTczOTdiMzA1ODNlOWQyYmFiZDg4OTQ0MDUwYmQ4ODk&uuid=

172.240.127.234

307 Temporary Redirect

0 B

URL
www.profitablecpmrate.com/api/users?in=false&pii=true&token=L2t5eTE5NjZ5P2tleT03MmY0Njc2ZGEzZTUxYjc0YjNjOGQ1OTRkOWNkNmIyMSZwc3Q9MTczMDEyNTc2MSZyZWZlcj1odHRwcyUzQSUyRiUyRm5pY29tYW5nYS5jb20lMkYmcm10Yz10JnNodT0zMGY0M2Q2MDRkODE5NjAzOTc1ZjFjYzBmZWU1OGM2YTc0ZDgwNzgyMmJlNTlmNjFjZWYyZWZiYTE5OTg4MDZlMDM4NWU2ZDdkNDI1Y2UyNjlmNWRhZWI5N2NkM2ZkZDczMTM2MzMwYzkzY2M0Mzc1M2UxMTQ0YjBiNDg5ZGZhZDNjMjkxN2I5YmRiNWEyOTFhMDM2YTczOTdiMzA1ODNlOWQyYmFiZDg4OTQ0MDUwYmQ4ODk&uuid=
IP
172.240.127.234:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /api/users?in=false&pii=true&token=L2t5eTE5NjZ5P2tleT03MmY0Njc2ZGEzZTUxYjc0YjNjOGQ1OTRkOWNkNmIyMSZwc3Q9MTczMDEyNTc2MSZyZWZlcj1odHRwcyUzQSUyRiUyRm5pY29tYW5nYS5jb20lMkYmcm10Yz10JnNodT0zMGY0M2Q2MDRkODE5NjAzOTc1ZjFjYzBmZWU1OGM2YTc0ZDgwNzgyMmJlNTlmNjFjZWYyZWZiYTE5OTg4MDZlMDM4NWU2ZDdkNDI1Y2UyNjlmNWRhZWI5N2NkM2ZkZDczMTM2MzMwYzkzY2M0Mzc1M2UxMTQ0YjBiNDg5ZGZhZDNjMjkxN2I5YmRiNWEyOTFhMDM2YTczOTdiMzA1ODNlOWQyYmFiZDg4OTQ0MDUwYmQ4ODk&uuid= HTTP/1.1
Host: www.profitablecpmrate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Tue, 29 Oct 2024 02:34:05 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://www.profitablecpmrate.com/api/users?token=L2t5eTE5NjZ5P2tleT03MmY0Njc2ZGEzZTUxYjc0YjNjOGQ1OTRkOWNkNmIyMSZyZWZlcj1odHRwcyUzQSUyRiUyRm5pY29tYW5nYS5jb20lMkYmZGxydD10
Set-Cookie: u_pl24695921=1; expires=Wed, 30 Oct 2024 02:34:05 GMT; path=/
Host: www.profitablecpmrate.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: c44928e233202efba348a26986ef5e63
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

www.profitablecpmrate.com/api/users?token=L2t5eTE5NjZ5P2tleT03MmY0Njc2ZGEzZTUxYjc0YjNjOGQ1OTRkOWNkNmIyMSZyZWZlcj1odHRwcyUzQSUyRiUyRm5pY29tYW5nYS5jb20lMkYmZGxydD10

172.240.127.234

200 OK

1.4 kB

URL
www.profitablecpmrate.com/api/users?token=L2t5eTE5NjZ5P2tleT03MmY0Njc2ZGEzZTUxYjc0YjNjOGQ1OTRkOWNkNmIyMSZyZWZlcj1odHRwcyUzQSUyRiUyRm5pY29tYW5nYS5jb20lMkYmZGxydD10
IP
172.240.127.234:0
ASN
#7979 SERVERS-COM

File type
JavaScript source, ASCII text, with very long lines (448)
Size
1.4 kB (1350 bytes)
Hash
173ee9356b7bae5f3d8d2eaa0746963c
dce8cf35cbcb92d289b985cf80fa3b848e670710
59f1ed52c6d450b77d1ca26400c5b657569267e143e6039319c725f2b86ec4e6

HTTP Headers

GET /api/users?token=L2t5eTE5NjZ5P2tleT03MmY0Njc2ZGEzZTUxYjc0YjNjOGQ1OTRkOWNkNmIyMSZyZWZlcj1odHRwcyUzQSUyRiUyRm5pY29tYW5nYS5jb20lMkYmZGxydD10 HTTP/1.1
Host: www.profitablecpmrate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: u_pl24695921=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 29 Oct 2024 02:34:06 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyNDY5NTkyMSwiayI6IjcyZjQ2NzZkYTNlNTFiNzRiM2M4ZDU5NGQ5Y2Q2YjIxIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMDU2MjUwLCJwaWQiOjU4MTIwMiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozOCwiYWlkIjoyOCwicHQiOjQsInBrIjoia3l5MTk2NnkiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6ZmFsc2UsInIiOiJodHRwczovL25pY29tYW5nYS5jb20vIiwiYXIiOltdfX0.H3zFoiVsCXGQ2kTichJfSmmJ7SaUbD5iUv-u0bkQKAk; expires=Tue, 29 Oct 2024 02:35:06 GMT; path=/
Host: www.profitablecpmrate.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 7b1d846c3d1beb8a947542b782c62fac
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

www.profitablecpmrate.com/api/users?token=L2t5eTE5NjZ5P2RscnQ9dCZrZXk9NzJmNDY3NmRhM2U1MWI3NGIzYzhkNTk0ZDljZDZiMjEmcHN0PTE3MzAxNjkzMDYmcmVmZXI9aHR0cHMlM0ElMkYlMkZuaWNvbWFuZ2EuY29tJTJGJnJtdGM9dCZzaHU9MTdhZTFkMjQ5MzczNjM0NzI0OTBhZDU2MWEyZGRiMzk3MzVkZTk2NTA5NWJmOWZkYTU5NzJlMGFmNmQ1MWVlYTMwMDBjNzQ3NzNlMjk3Yjk3OTk3MzM5OWI5NWIzZmYyMDMwOTU4ZDI1MmQ5M2Y1NGU0NTk2MTg4MzA1YmFiYWI4OTNhOTk5NGY0OGUwYzM5Y2Q3ZTViODA2YWFmZGJmNzMwZTZhOGE5MzQyNTZhZGZkZjMyMDg&in=false&uuid=&pii=

172.240.127.234

302 Found

0 B

URL
www.profitablecpmrate.com/api/users?token=L2t5eTE5NjZ5P2RscnQ9dCZrZXk9NzJmNDY3NmRhM2U1MWI3NGIzYzhkNTk0ZDljZDZiMjEmcHN0PTE3MzAxNjkzMDYmcmVmZXI9aHR0cHMlM0ElMkYlMkZuaWNvbWFuZ2EuY29tJTJGJnJtdGM9dCZzaHU9MTdhZTFkMjQ5MzczNjM0NzI0OTBhZDU2MWEyZGRiMzk3MzVkZTk2NTA5NWJmOWZkYTU5NzJlMGFmNmQ1MWVlYTMwMDBjNzQ3NzNlMjk3Yjk3OTk3MzM5OWI5NWIzZmYyMDMwOTU4ZDI1MmQ5M2Y1NGU0NTk2MTg4MzA1YmFiYWI4OTNhOTk5NGY0OGUwYzM5Y2Q3ZTViODA2YWFmZGJmNzMwZTZhOGE5MzQyNTZhZGZkZjMyMDg&in=false&uuid=&pii=
IP
172.240.127.234:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /api/users?token=L2t5eTE5NjZ5P2RscnQ9dCZrZXk9NzJmNDY3NmRhM2U1MWI3NGIzYzhkNTk0ZDljZDZiMjEmcHN0PTE3MzAxNjkzMDYmcmVmZXI9aHR0cHMlM0ElMkYlMkZuaWNvbWFuZ2EuY29tJTJGJnJtdGM9dCZzaHU9MTdhZTFkMjQ5MzczNjM0NzI0OTBhZDU2MWEyZGRiMzk3MzVkZTk2NTA5NWJmOWZkYTU5NzJlMGFmNmQ1MWVlYTMwMDBjNzQ3NzNlMjk3Yjk3OTk3MzM5OWI5NWIzZmYyMDMwOTU4ZDI1MmQ5M2Y1NGU0NTk2MTg4MzA1YmFiYWI4OTNhOTk5NGY0OGUwYzM5Y2Q3ZTViODA2YWFmZGJmNzMwZTZhOGE5MzQyNTZhZGZkZjMyMDg&in=false&uuid=&pii= HTTP/1.1
Host: www.profitablecpmrate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.profitablecpmrate.com/api/users?token=L2t5eTE5NjZ5P2tleT05Y2E2MDFhOWY0N2M3MzVkZjc2ZDVjYTQ2ZmEyNmE2NiZzdWJtZXRyaWM9MjQ2OTU5MjE
Cookie: u_pl24695921=1; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyNDY5NTkyMSwiayI6IjcyZjQ2NzZkYTNlNTFiNzRiM2M4ZDU5NGQ5Y2Q2YjIxIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMDU2MjUwLCJwaWQiOjU4MTIwMiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozOCwiYWlkIjoyOCwicHQiOjQsInBrIjoia3l5MTk2NnkiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6ZmFsc2UsInIiOiJodHRwczovL25pY29tYW5nYS5jb20vIiwiYXIiOltdfX0.H3zFoiVsCXGQ2kTichJfSmmJ7SaUbD5iUv-u0bkQKAk; cjs=t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.21.6
Date: Tue, 29 Oct 2024 02:34:06 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://w0we.com/click?key=4790b6ff84d959f38ee5&SUB_ID_SHORT=44bf57f1d39474bc22311b2491cff381&COST_CPC=&PLACEMENT_ID=24695921&CAMPAIGN_ID=1149499&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Linux&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&REMOTE_LANGUAGE=11&BANNER_ID=3176649
Set-Cookie: iprcfb8ae7098ac19e97e05c6d7e7ec07be9=5647022; expires=Wed, 30 Oct 2024 02:34:06 GMT; path=/
pdhtkv=true; expires=Wed, 30 Oct 2024 02:34:06 GMT; path=/
uncs=1; expires=Wed, 30 Oct 2024 02:34:06 GMT; path=/
pdhtkv28=true; expires=Wed, 30 Oct 2024 02:34:06 GMT; path=/
uncs28=1; expires=Wed, 30 Oct 2024 02:34:06 GMT; path=/
Host: www.profitablecpmrate.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: cd609e365b8949dee084b21ad918bcad
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

w0we.com/click?key=4790b6ff84d959f38ee5&SUB_ID_SHORT=44bf57f1d39474bc22311b2491cff381&COST_CPC=&PLACEMENT_ID=24695921&CAMPAIGN_ID=1149499&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Linux&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&REMOTE_LANGUAGE=11&BANNER_ID=3176649

104.18.36.38

307 Temporary Redirect

0 B

URL
w0we.com/click?key=4790b6ff84d959f38ee5&SUB_ID_SHORT=44bf57f1d39474bc22311b2491cff381&COST_CPC=&PLACEMENT_ID=24695921&CAMPAIGN_ID=1149499&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Linux&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&REMOTE_LANGUAGE=11&BANNER_ID=3176649
IP
104.18.36.38:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /click?key=4790b6ff84d959f38ee5&SUB_ID_SHORT=44bf57f1d39474bc22311b2491cff381&COST_CPC=&PLACEMENT_ID=24695921&CAMPAIGN_ID=1149499&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Linux&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&REMOTE_LANGUAGE=11&BANNER_ID=3176649 HTTP/1.1
Host: w0we.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.profitablecpmrate.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 307 Temporary Redirect
date: Tue, 29 Oct 2024 02:34:06 GMT
content-length: 0
location: https://ak.rousnoveron.com/4/8268570?ymid=csg4j7n3dios7392osv0&var=96
set-cookie: uclick=kbnelg9bMds11+v9bmCYsziOJpTk5yMRkuq56xig6f7Vnf3kzE7UwseYaN5SO1thwduvdg==; Max-Age=31536000; SameSite=Lax
bcid=csg4j7n3dios7392osv0; Max-Age=31536000; SameSite=Lax
cid=csg4j7n3dios7392osv0; Max-Age=31536000; SameSite=Lax
x-request-id: cc0a31a5-84b7-4e12-9499-2296cdcf3b5f
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 8d9fc3bf9dfeb4f4-OSL
X-Firefox-Spdy: h2

ak.rousnoveron.com/4/8268570?ymid=csg4j7n3dios7392osv0&var=96

23.36.77.104

200 OK

15 kB

URL
ak.rousnoveron.com/4/8268570?ymid=csg4j7n3dios7392osv0&var=96
IP
23.36.77.104:0
ASN
#20940 Akamai International B.V.

File type
HTML document, ASCII text, with very long lines (17217)
Size
15 kB (14726 bytes)
Hash
e783d9c9e4e41cf0c6d6aae3dc740752
1dc20f739bb3cf14371c648e8dfa0b87f4e69a5c
b947dddd9ce6a6297e4b20af458248ce31b2a28bf6e05202db82cbefc20b1e30

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /4/8268570?ymid=csg4j7n3dios7392osv0&var=96 HTTP/1.1
Host: ak.rousnoveron.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.profitablecpmrate.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html; charset=utf8
x-trace-id: 1972292af6423f88b849a419dcbe1381
link: <https://yonmewon.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
vary: Accept-Encoding
x-akamai-transformed: 9 13762 0 pmb=mRUM,1
content-encoding: gzip
expires: Tue, 29 Oct 2024 02:34:06 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Tue, 29 Oct 2024 02:34:06 GMT
alt-svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
content-length: 14726
set-cookie: OAID=00810464e27e432ee2253863c908e40b; expires=Wed, 29 Oct 2025 02:34:06 GMT; path=/; secure; SameSite=None
oaidts=1730169246; expires=Wed, 29 Oct 2025 02:34:06 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
captcha=player; expires=Tue, 29 Oct 2024 03:34:06 GMT; path=/; secure; SameSite=None
server-timing: cdn-cache; desc=MISS, edge; dur=84, origin; dur=10, ak_p; desc="1730169246841_388255076_10887832_9417_808_2_22_41";dur=1
X-Firefox-Spdy: h2

ak.rousnoveron.com/sftouch?userId=00810464e27e432ee2253863c908e40b&z=8268570&p_rid=0c2ba781-7ee6-4da9-a607-becae19f5cf1&p_src=sf&branchId=0&rb=mTAAk3GtlTdisueIKjwcUbrVbKKZS2Zye_Z-pO5XGwwdi3jYUH1kLb5C2gLozot5GY_sb1ijU5tZ0TgiiQh0aDTLJhVPQ0W4JYWFT3T769uTfhxMKgfj_kvuQpL6bUXY148JaoIy-o5HeHvW0xBBpCHDp-OCYdjAFN2QmXhTpHFF5vBjuJqTsVnVouqpwS8lCguhfnYPtX8SPlbTKOd4tnq4Km9hOCQOkxmqLr5lj04yud3lex45WPQzLAjKCD75ruRBbEK6-D-sPS5uj2xX5dHP1YmaEGSeJqC6HNlvK4tL712jxBvyCvGKG66_thdKv42PkuR5Rq7eP-T6&w_img=1

23.36.77.104

200 OK

43 B

URL
ak.rousnoveron.com/sftouch?userId=00810464e27e432ee2253863c908e40b&z=8268570&p_rid=0c2ba781-7ee6-4da9-a607-becae19f5cf1&p_src=sf&branchId=0&rb=mTAAk3GtlTdisueIKjwcUbrVbKKZS2Zye_Z-pO5XGwwdi3jYUH1kLb5C2gLozot5GY_sb1ijU5tZ0TgiiQh0aDTLJhVPQ0W4JYWFT3T769uTfhxMKgfj_kvuQpL6bUXY148JaoIy-o5HeHvW0xBBpCHDp-OCYdjAFN2QmXhTpHFF5vBjuJqTsVnVouqpwS8lCguhfnYPtX8SPlbTKOd4tnq4Km9hOCQOkxmqLr5lj04yud3lex45WPQzLAjKCD75ruRBbEK6-D-sPS5uj2xX5dHP1YmaEGSeJqC6HNlvK4tL712jxBvyCvGKG66_thdKv42PkuR5Rq7eP-T6&w_img=1
IP
23.36.77.104:0
ASN
#20940 Akamai International B.V.

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sftouch?userId=00810464e27e432ee2253863c908e40b&z=8268570&p_rid=0c2ba781-7ee6-4da9-a607-becae19f5cf1&p_src=sf&branchId=0&rb=mTAAk3GtlTdisueIKjwcUbrVbKKZS2Zye_Z-pO5XGwwdi3jYUH1kLb5C2gLozot5GY_sb1ijU5tZ0TgiiQh0aDTLJhVPQ0W4JYWFT3T769uTfhxMKgfj_kvuQpL6bUXY148JaoIy-o5HeHvW0xBBpCHDp-OCYdjAFN2QmXhTpHFF5vBjuJqTsVnVouqpwS8lCguhfnYPtX8SPlbTKOd4tnq4Km9hOCQOkxmqLr5lj04yud3lex45WPQzLAjKCD75ruRBbEK6-D-sPS5uj2xX5dHP1YmaEGSeJqC6HNlvK4tL712jxBvyCvGKG66_thdKv42PkuR5Rq7eP-T6&w_img=1 HTTP/1.1
Host: ak.rousnoveron.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ak.rousnoveron.com/4/8268570?ymid=csg4j7n3dios7392osv0&var=96
Cookie: OAID=00810464e27e432ee2253863c908e40b; oaidts=1730169246; captcha=player
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: image/gif
content-length: 43
x-trace-id: 2274bd9943dd561c6e3b40e4b82901ea
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
expires: Tue, 29 Oct 2024 02:34:07 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Tue, 29 Oct 2024 02:34:07 GMT
alt-svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
server-timing: cdn-cache; desc=MISS, edge; dur=19, origin; dur=3, ak_p; desc="1730169246991_388255076_10887877_2212_855_-_-_-";dur=1
quic-version: 0x00000001

my.rtmark.net/img.gif?f=merge&userId=00810464e27e432ee2253863c908e40b&z=8268570&p_rid=0c2ba781-7ee6-4da9-a607-becae19f5cf1&p_src=sf

139.45.195.8

200 OK

43 B

URL
my.rtmark.net/img.gif?f=merge&userId=00810464e27e432ee2253863c908e40b&z=8268570&p_rid=0c2ba781-7ee6-4da9-a607-becae19f5cf1&p_src=sf
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

HTTP Headers

GET /img.gif?f=merge&userId=00810464e27e432ee2253863c908e40b&z=8268570&p_rid=0c2ba781-7ee6-4da9-a607-becae19f5cf1&p_src=sf HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ak.rousnoveron.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 29 Oct 2024 02:34:07 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=00810464e27e432ee2253863c908e40b; expires=Wed, 29 Oct 2025 02:34:07 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

ak.rousnoveron.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=0c2ba781-7ee6-4da9-a607-becae19f5cf1

23.36.77.104

200 OK

12 B

URL
ak.rousnoveron.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=0c2ba781-7ee6-4da9-a607-becae19f5cf1
IP
23.36.77.104:0
ASN
#20940 Akamai International B.V.

File type
JSON text data
Size
12 B (12 bytes)
Hash
adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=0c2ba781-7ee6-4da9-a607-becae19f5cf1 HTTP/1.1
Host: ak.rousnoveron.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1476
Origin: https://ak.rousnoveron.com
DNT: 1
Connection: keep-alive
Referer: https://ak.rousnoveron.com/4/8268570?ymid=csg4j7n3dios7392osv0&var=96
Cookie: OAID=00810464e27e432ee2253863c908e40b; oaidts=1730169246; captcha=player
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/json; charset=utf-8
content-length: 12
access-control-allow-origin: https://ak.rousnoveron.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
expires: Tue, 29 Oct 2024 02:34:07 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Tue, 29 Oct 2024 02:34:07 GMT
alt-svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
server-timing: cdn-cache; desc=MISS, edge; dur=21, origin; dur=2, ak_p; desc="1730169247325_388255076_10887928_2276_855_-_-_-";dur=1
quic-version: 0x00000001

ak.rousnoveron.com/favicon.ico

23.36.77.104

204 No Content

0 B

URL
ak.rousnoveron.com/favicon.ico
IP
23.36.77.104:0
ASN
#20940 Akamai International B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: ak.rousnoveron.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ak.rousnoveron.com/4/8268570?ymid=csg4j7n3dios7392osv0&var=96
Cookie: OAID=00810464e27e432ee2253863c908e40b; oaidts=1730169246; captcha=player
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
pragma: public
cache-control: public, must-revalidate, proxy-revalidate, max-age=2591994
date: Tue, 29 Oct 2024 02:34:07 GMT
alt-svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
server-timing: cdn-cache; desc=MISS, edge; dur=30, origin; dur=21, ak_p; desc="1730169247320_388255076_10887927_5081_777_-_-_-";dur=1
quic-version: 0x00000001

ak.rousnoveron.com/?z=8268570&syncedCookie=true&rhd=false

23.36.77.104

302 Found

0 B

URL User Request POST HTTP/3
ak.rousnoveron.com/?z=8268570&syncedCookie=true&rhd=false
IP
23.36.77.104:443
ASN
#20940 Akamai International B.V.

Certificate
IssuerLet's Encrypt
Subjectak.hetaruvg.com
Fingerprint95:8B:9B:BF:A5:62:65:E1:E2:F8:81:B2:44:6A:87:70:0E:BB:DD:3E
ValidityFri, 25 Oct 2024 23:17:34 GMT - Thu, 23 Jan 2025 23:17:33 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /?z=8268570&syncedCookie=true&rhd=false HTTP/1.1
Host: ak.rousnoveron.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 9146
Origin: https://ak.rousnoveron.com
DNT: 1
Connection: keep-alive
Referer: https://ak.rousnoveron.com/afu.php?zoneid=8268570&var=8268570&rid=BPTR34PbLD67mf1dYD5JaA%3D%3D&rhd=false&ab2r=0&sf=1
Cookie: OAID=00810464e27e432ee2253863c908e40b; oaidts=1730169246; captcha=player
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
content-length: 0
x-trace-id: 2d7b64fb1350a900d438c08adf74be4b
link: <https://vaigreevouta.xyz>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
referrer-policy: no-referrer
location: https://vaigreevouta.xyz/policy-sweep-check.htm?offer_id=99275599&geo=NO&oaid=00810464e27e432ee2253863c908e40b&s=874955834835350167&z=8268570&b=21546778&var=96&campaignid=14083&utm_campaign=96&utm_medium=8268570&utm_source=zd_14083&utm_term=21546778&utm_content=zd_public_v2&country=NO
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://ak.rousnoveron.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
expires: Tue, 29 Oct 2024 02:34:07 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Tue, 29 Oct 2024 02:34:07 GMT
alt-svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
set-cookie: OAID=00810464e27e432ee2253863c908e40b; expires=Wed, 29 Oct 2025 02:34:07 GMT; path=/; secure; SameSite=None
oaidts=1730169246; expires=Wed, 29 Oct 2025 02:34:07 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Tue, 05 Nov 2024 02:34:07 GMT; path=/; secure; SameSite=None
server-timing: cdn-cache; desc=MISS, edge; dur=19, origin; dur=22, ak_p; desc="1730169247408_388255076_10887943_4024_920_-_-_-";dur=1
quic-version: 0x00000001

vaigreevouta.xyz/policy-sweep-check.htm?offer_id=99275599&geo=NO&oaid=00810464e27e432ee2253863c908e40b&s=874955834835350167&z=8268570&b=21546778&var=96&campaignid=14083&utm_campaign=96&utm_medium=8268570&utm_source=zd_14083&utm_term=21546778&utm_content=zd_public_v2&country=NO

172.67.143.58

404 Not Found

146 B

URL User Request GET HTTP/2
vaigreevouta.xyz/policy-sweep-check.htm?offer_id=99275599&geo=NO&oaid=00810464e27e432ee2253863c908e40b&s=874955834835350167&z=8268570&b=21546778&var=96&campaignid=14083&utm_campaign=96&utm_medium=8268570&utm_source=zd_14083&utm_term=21546778&utm_content=zd_public_v2&country=NO
IP
172.67.143.58:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectvaigreevouta.xyz
FingerprintF4:70:E0:96:AE:37:17:B2:B8:3D:DF:EB:A0:59:3D:C1:13:7E:80:51
ValidityTue, 15 Oct 2024 11:21:47 GMT - Mon, 13 Jan 2025 11:21:46 GMT

File type
HTML document, ASCII text, with no line terminators
Size
146 B (146 bytes)
Hash
40b3fc14254227ec5012d996bf90c4e1
b0dd06eb5a779151151101337889ff09953f8ac0
740816c1b61e4a8443c26d30d3eecfea04815fca8cd605a142f9d8a35f86ceca

HTTP Headers

GET /policy-sweep-check.htm?offer_id=99275599&geo=NO&oaid=00810464e27e432ee2253863c908e40b&s=874955834835350167&z=8268570&b=21546778&var=96&campaignid=14083&utm_campaign=96&utm_medium=8268570&utm_source=zd_14083&utm_term=21546778&utm_content=zd_public_v2&country=NO HTTP/1.1
Host: vaigreevouta.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
date: Tue, 29 Oct 2024 02:34:07 GMT
content-type: text/html
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H9qCGJjLOHufphElgDu4GE7Q%2BxQJtr24MnnRyBTti8wguTOUS6T67pK8rS9Jz72%2BdIwMejRPwIH6LSdBz%2BC%2BR8I25L%2FK2f4aDlpnWyhFOz5JRz32g7svFIS5YjFxUhXZdxQh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d9fc3c558114057-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=24246&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3289&recv_bytes=1438&delivery_rate=178706&cwnd=34&unsent_bytes=0&cid=f078007303f36412&ts=104&x=0"
X-Firefox-Spdy: h2

vaigreevouta.xyz/favicon.ico

172.67.143.58

200 OK

1.2 kB

URL GET HTTP/3
vaigreevouta.xyz/favicon.ico
IP
172.67.143.58:443
ASN
#13335 CLOUDFLARENET

Requested by
https://vaigreevouta.xyz/policy-sweep-check.htm?offer_id=99275599&geo=NO&oaid=00810464e27e432ee2253863c908e40b&s=874955834835350167&z=8268570&b=21546778&var=96&campaignid=14083&utm_campaign=96&utm_medium=8268570&utm_source=zd_14083&utm_term=21546778&utm_content=zd_public_v2&country=NO
Certificate
IssuerGoogle Trust Services
Subjectvaigreevouta.xyz
FingerprintF4:70:E0:96:AE:37:17:B2:B8:3D:DF:EB:A0:59:3D:C1:13:7E:80:51
ValidityTue, 15 Oct 2024 11:21:47 GMT - Mon, 13 Jan 2025 11:21:46 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Size
1.2 kB (1150 bytes)
Hash
668ba1a9fa1890ba16cb8adc28d3dad8
5e35223b2541265114eaf61b9da2556c812fea17
7746cf1b553433822522f2dc432f55fe64eee1f1cf823ef6adfde02e58e1d7e2

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: vaigreevouta.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vaigreevouta.xyz/policy-sweep-check.htm?offer_id=99275599&geo=NO&oaid=00810464e27e432ee2253863c908e40b&s=874955834835350167&z=8268570&b=21546778&var=96&campaignid=14083&utm_campaign=96&utm_medium=8268570&utm_source=zd_14083&utm_term=21546778&utm_content=zd_public_v2&country=NO
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 29 Oct 2024 02:34:07 GMT
content-type: image/x-icon
last-modified: Thu, 26 Sep 2024 13:43:49 GMT
vary: Accept-Encoding
etag: W/"66f56515-47e"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5896
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dw6IjFlqhFj0X0ThKNYijKbMcfWlAPpdoa7dloveNVzD6RwZtQr4NZfTVt0KaXucA2Twon6SXHFjgQHS31arL%2FyVH%2FrrR%2FcyEMCafHemKqYfQJVi%2FBytrYb%2BCsAXg3JEKJ6a"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d9fc3c66b415311-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=29315&sent=11&recv=6&lost=0&retrans=0&sent_bytes=4056&recv_bytes=1284&delivery_rate=22097&cwnd=12000&unsent_bytes=0&cid=fc38c37f6c5395b2&ts=120&x=1", cfExtPri, cfHdrFlush;dur=0

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Mnemonic Secure DNS

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (12)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections