Report - naoficouatm.com/lpz/cb/CD/669e6e62f2eb3/?linkref=https://jump.zmobistein.com/?jp=624d45e2d6912&id=76_CD_1_xxxx_83_5_1t&nxl=6634f2427de6d_967051_17493&mjump=27x83x99ec9a4ad90&subzone=81H7OwA80U&visitorid=896804213416271872&zoneid=6915976

Report Overview

Visited public
2024-12-28 09:34:50
Tags
URL
naoficouatm.com/lpz/cb/CD/669e6e62f2eb3/?linkref=https://jump.zmobistein.com/?jp=624d45e2d6912&id=76_CD_1_xxxx_83_5_1t&nxl=6634f2427de6d_967051_17493&mjump=27x83x99ec9a4ad90&subzone=81H7OwA80U&visitorid=896804213416271872&zoneid=6915976
Finishing URL
naoficouatm.com/lpz/cb/CD/669e6e62f2eb3
IP / ASN
116.202.159.170
#24940 Hetzner Online GmbH
Title
As-tu plus de 18 ans?

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
woudaufe.net	unknown	2022-10-03	2022-10-03	2024-12-24	5.9 kB	28 kB	139.45.197.122
naoficouatm.com	unknown	2024-12-16	2024-12-16	2024-12-16	3.9 kB	251 kB	116.202.159.170
code.jquery.com	634	2005-12-10	2012-05-21	2024-12-25	409 B	32 kB	151.101.194.137
cdn.jsdelivr.net	439	2012-05-16	2012-09-30	2024-12-25	428 B	9.0 kB	151.101.1.229

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-12-28	medium	woudaufe.net	Sinkholed
2024-12-28	medium	woudaufe.net	Sinkholed
2024-12-28	medium	woudaufe.net	Sinkholed
2024-12-28	medium	woudaufe.net	Sinkholed
2024-12-28	medium	woudaufe.net	Sinkholed
2024-12-28	medium	woudaufe.net	Sinkholed
2024-12-28	medium	woudaufe.net	Sinkholed
2024-12-28	medium	woudaufe.net	Sinkholed
2024-12-28	medium	woudaufe.net	Sinkholed
2024-12-28	medium	woudaufe.net	Sinkholed
2024-12-28	medium	woudaufe.net	Sinkholed
2024-12-28	medium	woudaufe.net	Sinkholed

ThreatFox

No alerts detected

JavaScript (10)

	URL	From	Size	First Seen	Last Seen
	naoficouatm.com/lpz/cb/CD/669e6e62f2eb3/?linkref=https://jump.zmobistein.com/?jp=624d45e2d6912&id=76_CD_1_xxxx_83_5_1t&nxl=6634f2427de6d_967051_17493&mjump=27x83x99ec9a4ad90&subzone=81H7OwA80U&visitorid=896804213416271872&zoneid=6915976	ScriptElement	18 B	2023-06-30	2025-03-06
Pretty URL naoficouatm.com/lpz/cb/CD/669e6e62f2eb3/?linkref=https://jump.zmobistein.com/?jp=624d45e2d6912&id=76_CD_1_xxxx_83_5_1t&nxl=6634f2427de6d_967051_17493&mjump=27x83x99ec9a4ad90&subzone=81H7OwA80U&visitorid=896804213416271872&zoneid=6915976 IP 116.202.159.170 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-30 10:11 Last Seen2025-03-06 15:06 Times Seen44 Hash f426d8524269c97d8e1882f7ca79cd15 5e8b37528af54b899d1c115fb94d74ec991962d8 afacfdf073de7a74c5497aa4150bcd17e08698d7db851b628344d94cc90f7e68 Loading...

	naoficouatm.com/lpz/lpfiles/matilde/Miguel/504/script.js	ScriptElement	2.9 kB	2023-03-07	2025-03-06
Pretty URL naoficouatm.com/lpz/lpfiles/matilde/Miguel/504/script.js IP 116.202.159.170 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:40 Last Seen2025-03-06 12:11 Times Seen116 Hash c49fbfb6e77dac08ad09cc60511569d1 e8e47ee3e9865a0a9c2e555d0b6f1d5e83f67f58 fcd483177cc5b844bc9e649ad7bacc13f35eb77b3c8497c284f4990bddee23bc Loading...

	naoficouatm.com/lpz/cb/CD/669e6e62f2eb3/?linkref=https://jump.zmobistein.com/?jp=624d45e2d6912&id=76_CD_1_xxxx_83_5_1t&nxl=6634f2427de6d_967051_17493&mjump=27x83x99ec9a4ad90&subzone=81H7OwA80U&visitorid=896804213416271872&zoneid=6915976	ScriptElement	378 B	2024-06-02	2025-03-06
Pretty URL naoficouatm.com/lpz/cb/CD/669e6e62f2eb3/?linkref=https://jump.zmobistein.com/?jp=624d45e2d6912&id=76_CD_1_xxxx_83_5_1t&nxl=6634f2427de6d_967051_17493&mjump=27x83x99ec9a4ad90&subzone=81H7OwA80U&visitorid=896804213416271872&zoneid=6915976 IP 116.202.159.170 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2024-06-02 08:20 Last Seen2025-03-06 12:11 Times Seen31 Hash e9f9bacd30c4aa9ee6d1398dd1c77e9c 3b9682ad9db767223e28cc77205bef0fdc4766e5 7f8d045a6435cb8f0fe5ad6336ce2e9d52f6b7f1c251a93655e6ba57509b3870 Loading...

	woudaufe.net/5d2/59323/mw.min.js?z=8605974&sw=/sw-check-permissions.js	ScriptElement	5.5 kB	2024-12-13	2025-01-14
Pretty URL woudaufe.net/5d2/59323/mw.min.js?z=8605974&sw=/sw-check-permissions.js IP 139.45.197.122 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-13 14:12 Last Seen2025-01-14 05:55 Times Seen406 Hash 7421654261bc2c235052dd9acec96c39 3982b80f6e43dce58fe2b70a6d150e58131e5ca9 1ab740d610dcf399fa679f3b4d0abf8697b2cd31906c26d079b7c0889d439542 Loading...

	unknown	ScriptElement	45 kB	2024-12-13	2025-01-14
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-13 12:04 Last Seen2025-01-14 05:55 Times Seen716 Hash 041fa48fcbec41730ad964ca351963b9 221d78db1a3b436c0c677ba796f659709f6341ae 414cb60d56bf9841c45d281705f3b2f75cfa783a009375c8f77cbea79ead85e8 Loading...

	naoficouatm.com/propushscript.js	ScriptElement	1.0 kB	2024-12-21	2025-01-06
Pretty URL naoficouatm.com/propushscript.js IP 116.202.159.170 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-21 11:55 Last Seen2025-01-06 18:20 Times Seen7 Hash f3cfbb3b7430227c952f3b0b91cf194d 4bf54fe5b42cb00e18178463dc0eca73dbc24922 9fcc96c7c9d370742726c0a24631978e8a7f2bfa690c04853440c179d4c3257d Loading...

	code.jquery.com/jquery-3.6.0.min.js	ScriptElement	90 kB	2023-03-07	2025-06-14
Pretty URL code.jquery.com/jquery-3.6.0.min.js IP 151.101.194.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-06-14 16:06 Times Seen214590 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	naoficouatm.com/lpz/cb/CD/669e6e62f2eb3/?linkref=https://jump.zmobistein.com/?jp=624d45e2d6912&id=76_CD_1_xxxx_83_5_1t&nxl=6634f2427de6d_967051_17493&mjump=27x83x99ec9a4ad90&subzone=81H7OwA80U&visitorid=896804213416271872&zoneid=6915976	ScriptElement	784 B	2024-12-28	2024-12-28
Pretty URL naoficouatm.com/lpz/cb/CD/669e6e62f2eb3/?linkref=https://jump.zmobistein.com/?jp=624d45e2d6912&id=76_CD_1_xxxx_83_5_1t&nxl=6634f2427de6d_967051_17493&mjump=27x83x99ec9a4ad90&subzone=81H7OwA80U&visitorid=896804213416271872&zoneid=6915976 IP 116.202.159.170 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2024-12-28 09:34 Last Seen2024-12-28 09:34 Times Seen2 Hash 4edd6969898cbab892448fc175824ad5 f4a94e1e1b7828e82c51cc17cdfa28c7231db1de 3e0b4c77744eaf63a7ec226f6a38e99437350c20261e13eed974d3c30db75b32 Loading...

	cdn.jsdelivr.net/npm/ua-parser-js/src/ua-parser.min.js	ScriptElement	19 kB	2024-12-28	2025-05-28
Pretty URL cdn.jsdelivr.net/npm/ua-parser-js/src/ua-parser.min.js IP 151.101.1.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-28 09:34 Last Seen2025-05-28 06:18 Times Seen33 Hash f7a18be95aed5568b8e9658e39836335 768aa78d540cc52f7c4b198a3b07350caacc6c0e c47818ead555674c4406c4df2e79fb8b91f988f4c3cb9c42ee668645ea712d87 Loading...

	naoficouatm.com/lpz/cb/CD/669e6e62f2eb3/?linkref=https://jump.zmobistein.com/?jp=624d45e2d6912&id=76_CD_1_xxxx_83_5_1t&nxl=6634f2427de6d_967051_17493&mjump=27x83x99ec9a4ad90&subzone=81H7OwA80U&visitorid=896804213416271872&zoneid=6915976	ScriptElement	340 B	2024-12-28	2024-12-28
Pretty URL naoficouatm.com/lpz/cb/CD/669e6e62f2eb3/?linkref=https://jump.zmobistein.com/?jp=624d45e2d6912&id=76_CD_1_xxxx_83_5_1t&nxl=6634f2427de6d_967051_17493&mjump=27x83x99ec9a4ad90&subzone=81H7OwA80U&visitorid=896804213416271872&zoneid=6915976 IP 116.202.159.170 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2024-12-28 09:34 Last Seen2024-12-28 09:34 Times Seen2 Hash c176bfdafa2f382de16b87fa06da52a7 48d144d6d19aba2cce9bbe29944fd3864a1e80df 6ee6864ce48af02f381293fa0370e44793c70a3345b65e3095d083e4f9fc002d Loading...

HTTP Transactions (20)

URL IP Response Size

naoficouatm.com/lpz/cb/CD/669e6e62f2eb3/?linkref=https://jump.zmobistein.com/?jp=624d45e2d6912&id=76_CD_1_xxxx_83_5_1t&nxl=6634f2427de6d_967051_17493&mjump=27x83x99ec9a4ad90&subzone=81H7OwA80U&visitorid=896804213416271872&zoneid=6915976

116.202.159.170

200 OK

3.2 kB

URL User Request GET HTTP/1.1
naoficouatm.com/lpz/cb/CD/669e6e62f2eb3/?linkref=https://jump.zmobistein.com/?jp=624d45e2d6912&id=76_CD_1_xxxx_83_5_1t&nxl=6634f2427de6d_967051_17493&mjump=27x83x99ec9a4ad90&subzone=81H7OwA80U&visitorid=896804213416271872&zoneid=6915976
IP
116.202.159.170:443
ASN
#24940 Hetzner Online GmbH

Certificate
IssuerLet's Encrypt
Subjectnaoficouatm.com
Fingerprint95:F6:DE:C5:C5:86:14:32:EE:1E:47:63:54:0D:74:9E:AD:05:93:5E
ValidityMon, 16 Dec 2024 22:23:59 GMT - Sun, 16 Mar 2025 22:23:58 GMT

File type
HTML document, ASCII text, with CRLF, LF line terminators
Size
3.2 kB (3182 bytes)
Hash
ed18962bbff7216487f3ef2149fffea9
190df11bcc158dcf0f054df3266608c9c39df9c4
853b355f1f2f98e0417db111a475b7b3b7bc5afdfe637d47bcd0de84ecbcc767

HTTP Headers

GET /lpz/cb/CD/669e6e62f2eb3/?linkref=https://jump.zmobistein.com/?jp=624d45e2d6912&id=76_CD_1_xxxx_83_5_1t&nxl=6634f2427de6d_967051_17493&mjump=27x83x99ec9a4ad90&subzone=81H7OwA80U&visitorid=896804213416271872&zoneid=6915976 HTTP/1.1
Host: naoficouatm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.16.1 (Ubuntu)
Date: Sat, 28 Dec 2024 09:34:25 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip

naoficouatm.com/propushscript.js

116.202.159.170

200 OK

1.0 kB

URL GET HTTP/1.1
naoficouatm.com/propushscript.js
IP
116.202.159.170:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://naoficouatm.com/lpz/cb/CD/669e6e62f2eb3/?linkref=https://jump.zmobistein.com/?jp=624d45e2d6912&id=76_CD_1_xxxx_83_5_1t&nxl=6634f2427de6d_967051_17493&mjump=27x83x99ec9a4ad90&subzone=81H7OwA80U&visitorid=896804213416271872&zoneid=6915976
Certificate
IssuerLet's Encrypt
Subjectnaoficouatm.com
Fingerprint95:F6:DE:C5:C5:86:14:32:EE:1E:47:63:54:0D:74:9E:AD:05:93:5E
ValidityMon, 16 Dec 2024 22:23:59 GMT - Sun, 16 Mar 2025 22:23:58 GMT

File type
ASCII text, with very long lines (551), with CRLF line terminators
Size
1.0 kB (1044 bytes)
Hash
f3cfbb3b7430227c952f3b0b91cf194d
4bf54fe5b42cb00e18178463dc0eca73dbc24922
9fcc96c7c9d370742726c0a24631978e8a7f2bfa690c04853440c179d4c3257d

HTTP Headers

GET /propushscript.js HTTP/1.1
Host: naoficouatm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://naoficouatm.com/lpz/cb/CD/669e6e62f2eb3/?linkref=https://jump.zmobistein.com/?jp=624d45e2d6912&id=76_CD_1_xxxx_83_5_1t&nxl=6634f2427de6d_967051_17493&mjump=27x83x99ec9a4ad90&subzone=81H7OwA80U&visitorid=896804213416271872&zoneid=6915976
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.16.1 (Ubuntu)
Date: Sat, 28 Dec 2024 09:34:26 GMT
Content-Type: application/javascript
Content-Length: 1044
Last-Modified: Thu, 12 Dec 2024 10:13:03 GMT
Connection: keep-alive
ETag: "675ab72f-414"
Accept-Ranges: bytes

naoficouatm.com/lpz/lpfiles/matilde/Miguel/504/script.js

116.202.159.170

200 OK

2.9 kB

URL GET HTTP/1.1
naoficouatm.com/lpz/lpfiles/matilde/Miguel/504/script.js
IP
116.202.159.170:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://naoficouatm.com/lpz/cb/CD/669e6e62f2eb3/?linkref=https://jump.zmobistein.com/?jp=624d45e2d6912&id=76_CD_1_xxxx_83_5_1t&nxl=6634f2427de6d_967051_17493&mjump=27x83x99ec9a4ad90&subzone=81H7OwA80U&visitorid=896804213416271872&zoneid=6915976
Certificate
IssuerLet's Encrypt
Subjectnaoficouatm.com
Fingerprint95:F6:DE:C5:C5:86:14:32:EE:1E:47:63:54:0D:74:9E:AD:05:93:5E
ValidityMon, 16 Dec 2024 22:23:59 GMT - Sun, 16 Mar 2025 22:23:58 GMT

File type
ASCII text, with CRLF line terminators
Size
2.9 kB (2867 bytes)
Hash
c49fbfb6e77dac08ad09cc60511569d1
e8e47ee3e9865a0a9c2e555d0b6f1d5e83f67f58
fcd483177cc5b844bc9e649ad7bacc13f35eb77b3c8497c284f4990bddee23bc

HTTP Headers

GET /lpz/lpfiles/matilde/Miguel/504/script.js HTTP/1.1
Host: naoficouatm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://naoficouatm.com/lpz/cb/CD/669e6e62f2eb3/?linkref=https://jump.zmobistein.com/?jp=624d45e2d6912&id=76_CD_1_xxxx_83_5_1t&nxl=6634f2427de6d_967051_17493&mjump=27x83x99ec9a4ad90&subzone=81H7OwA80U&visitorid=896804213416271872&zoneid=6915976
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.16.1 (Ubuntu)
Date: Sat, 28 Dec 2024 09:34:26 GMT
Content-Type: application/javascript
Content-Length: 2867
Last-Modified: Fri, 27 Dec 2024 16:08:16 GMT
Connection: keep-alive
ETag: "676ed0f0-b33"
Accept-Ranges: bytes

code.jquery.com/jquery-3.6.0.min.js

151.101.194.137

200 OK

31 kB

URL GET HTTP/2
code.jquery.com/jquery-3.6.0.min.js
IP
151.101.194.137:443
ASN
#54113 FASTLY

Requested by
https://naoficouatm.com/lpz/cb/CD/669e6e62f2eb3/?linkref=https://jump.zmobistein.com/?jp=624d45e2d6912&id=76_CD_1_xxxx_83_5_1t&nxl=6634f2427de6d_967051_17493&mjump=27x83x99ec9a4ad90&subzone=81H7OwA80U&visitorid=896804213416271872&zoneid=6915976
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5
ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
31 kB (30875 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://naoficouatm.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Sat, 28 Dec 2024 09:34:26 GMT
age: 3901757
x-served-by: cache-lga21931-LGA, cache-hel1410023-HEL
x-cache: HIT, HIT
x-cache-hits: 71, 895810
x-timer: S1735378466.207580,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/ua-parser-js/src/ua-parser.min.js

151.101.1.229

200 OK

8.2 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/ua-parser-js/src/ua-parser.min.js
IP
151.101.1.229:443
ASN
#54113 FASTLY

Requested by
https://naoficouatm.com/lpz/cb/CD/669e6e62f2eb3/?linkref=https://jump.zmobistein.com/?jp=624d45e2d6912&id=76_CD_1_xxxx_83_5_1t&nxl=6634f2427de6d_967051_17493&mjump=27x83x99ec9a4ad90&subzone=81H7OwA80U&visitorid=896804213416271872&zoneid=6915976
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint6C:45:F5:9E:D3:37:60:0B:9C:A8:28:29:A4:E6:41:33:BB:2E:76:5C
ValidityTue, 30 Jul 2024 15:36:05 GMT - Sun, 31 Aug 2025 15:36:04 GMT

File type
JavaScript source, ASCII text, with very long lines (18404)
Size
8.2 kB (8196 bytes)
Hash
f7a18be95aed5568b8e9658e39836335
768aa78d540cc52f7c4b198a3b07350caacc6c0e
c47818ead555674c4406c4df2e79fb8b91f988f4c3cb9c42ee668645ea712d87

HTTP Headers

GET /npm/ua-parser-js/src/ua-parser.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://naoficouatm.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 1.0.40
x-jsd-version-type: version
etag: W/"4933-doqnjVQMxS98SxmKOwc1DKrMbA4"
content-encoding: br
accept-ranges: bytes
age: 13549
date: Sat, 28 Dec 2024 09:34:26 GMT
x-served-by: cache-fra-etou8220020-FRA, cache-hel1410022-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 8196
X-Firefox-Spdy: h2

naoficouatm.com/lpz/lpfiles/Animated-Flag-Congo.gif

116.202.159.170

200 OK

47 kB

URL GET HTTP/1.1
naoficouatm.com/lpz/lpfiles/Animated-Flag-Congo.gif
IP
116.202.159.170:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://naoficouatm.com/lpz/cb/CD/669e6e62f2eb3/?linkref=https://jump.zmobistein.com/?jp=624d45e2d6912&id=76_CD_1_xxxx_83_5_1t&nxl=6634f2427de6d_967051_17493&mjump=27x83x99ec9a4ad90&subzone=81H7OwA80U&visitorid=896804213416271872&zoneid=6915976
Certificate
IssuerLet's Encrypt
Subjectnaoficouatm.com
Fingerprint95:F6:DE:C5:C5:86:14:32:EE:1E:47:63:54:0D:74:9E:AD:05:93:5E
ValidityMon, 16 Dec 2024 22:23:59 GMT - Sun, 16 Mar 2025 22:23:58 GMT

File type
GIF image data, version 89a, 278 x 183
Size
47 kB (46865 bytes)
Hash
cf3e431364d3f92911f4568ab04ab40a
05920006fdb6aa7deb9bea3540a24cb3be8324f3
0efcf57d39693347213bb404c1664c76e685961f71bc2991fcc04648b3ec1de3

HTTP Headers

GET /lpz/lpfiles/Animated-Flag-Congo.gif HTTP/1.1
Host: naoficouatm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://naoficouatm.com/lpz/cb/CD/669e6e62f2eb3/?linkref=https://jump.zmobistein.com/?jp=624d45e2d6912&id=76_CD_1_xxxx_83_5_1t&nxl=6634f2427de6d_967051_17493&mjump=27x83x99ec9a4ad90&subzone=81H7OwA80U&visitorid=896804213416271872&zoneid=6915976
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.16.1 (Ubuntu)
Date: Sat, 28 Dec 2024 09:34:26 GMT
Content-Type: image/gif
Content-Length: 46865
Last-Modified: Mon, 22 Jul 2024 14:36:21 GMT
Connection: keep-alive
ETag: "669e6e65-b711"
Accept-Ranges: bytes

naoficouatm.com/lpz/lpfiles/pk/pk%20telenor.jpg

116.202.159.170

200 OK

196 kB

URL GET HTTP/1.1
naoficouatm.com/lpz/lpfiles/pk/pk%20telenor.jpg
IP
116.202.159.170:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://naoficouatm.com/lpz/cb/CD/669e6e62f2eb3/?linkref=https://jump.zmobistein.com/?jp=624d45e2d6912&id=76_CD_1_xxxx_83_5_1t&nxl=6634f2427de6d_967051_17493&mjump=27x83x99ec9a4ad90&subzone=81H7OwA80U&visitorid=896804213416271872&zoneid=6915976
Certificate
IssuerLet's Encrypt
Subjectnaoficouatm.com
Fingerprint95:F6:DE:C5:C5:86:14:32:EE:1E:47:63:54:0D:74:9E:AD:05:93:5E
ValidityMon, 16 Dec 2024 22:23:59 GMT - Sun, 16 Mar 2025 22:23:58 GMT

File type
JPEG image data, baseline, precision 8, 1920x1080, components 3
Size
196 kB (195655 bytes)
Hash
23398bbfc3f7a40432beca86fc166851
c988eb4f550ef479504674039dc8e574c7d29147
cf5b3d37d26b5b7c3be573cbd63b9ddd1e093ec0fbb679521cf77b2cefb18e76

HTTP Headers

GET /lpz/lpfiles/pk/pk%20telenor.jpg HTTP/1.1
Host: naoficouatm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://naoficouatm.com/lpz/cb/CD/669e6e62f2eb3/?linkref=https://jump.zmobistein.com/?jp=624d45e2d6912&id=76_CD_1_xxxx_83_5_1t&nxl=6634f2427de6d_967051_17493&mjump=27x83x99ec9a4ad90&subzone=81H7OwA80U&visitorid=896804213416271872&zoneid=6915976
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.16.1 (Ubuntu)
Date: Sat, 28 Dec 2024 09:34:26 GMT
Content-Type: image/jpeg
Content-Length: 195655
Last-Modified: Tue, 14 Dec 2021 15:26:09 GMT
Connection: keep-alive
ETag: "61b8b791-2fc47"
Accept-Ranges: bytes

naoficouatm.com/favicon.ico

116.202.159.170

404 Not Found

123 B

URL GET HTTP/1.1
naoficouatm.com/favicon.ico
IP
116.202.159.170:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://naoficouatm.com/lpz/cb/CD/669e6e62f2eb3/?linkref=https://jump.zmobistein.com/?jp=624d45e2d6912&id=76_CD_1_xxxx_83_5_1t&nxl=6634f2427de6d_967051_17493&mjump=27x83x99ec9a4ad90&subzone=81H7OwA80U&visitorid=896804213416271872&zoneid=6915976
Certificate
IssuerLet's Encrypt
Subjectnaoficouatm.com
Fingerprint95:F6:DE:C5:C5:86:14:32:EE:1E:47:63:54:0D:74:9E:AD:05:93:5E
ValidityMon, 16 Dec 2024 22:23:59 GMT - Sun, 16 Mar 2025 22:23:58 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
123 B (123 bytes)
Hash
661f125616424cb5e2f962d2b7135cb4
56a88217c061831e1d80792879042cb9f9311f3f
dc15b2d86cce242fae1901cb42953aece90954c28612dedd864fc28a4e7eedaa

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: naoficouatm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://naoficouatm.com/lpz/cb/CD/669e6e62f2eb3/?linkref=https://jump.zmobistein.com/?jp=624d45e2d6912&id=76_CD_1_xxxx_83_5_1t&nxl=6634f2427de6d_967051_17493&mjump=27x83x99ec9a4ad90&subzone=81H7OwA80U&visitorid=896804213416271872&zoneid=6915976
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx/1.16.1 (Ubuntu)
Date: Sat, 28 Dec 2024 09:34:26 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip

woudaufe.net/event

139.45.197.122

200 OK

0 B

URL OPTIONS HTTP/2
woudaufe.net/event
IP
139.45.197.122:443
ASN
#9002 RETN Limited

Requested by
https://naoficouatm.com/lpz/cb/CD/669e6e62f2eb3/?linkref=https://jump.zmobistein.com/?jp=624d45e2d6912&id=76_CD_1_xxxx_83_5_1t&nxl=6634f2427de6d_967051_17493&mjump=27x83x99ec9a4ad90&subzone=81H7OwA80U&visitorid=896804213416271872&zoneid=6915976
Certificate
IssuerLet's Encrypt
Subjectwoudaufe.net
Fingerprint2A:FD:DB:B9:60:41:B1:77:03:2C:7D:D7:2F:58:61:53:E1:AC:68:18
ValidityWed, 11 Dec 2024 05:12:06 GMT - Tue, 11 Mar 2025 05:12:05 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /event HTTP/1.1
Host: woudaufe.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://naoficouatm.com/
Origin: https://naoficouatm.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 28 Dec 2024 09:34:26 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://naoficouatm.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

woudaufe.net/event

139.45.197.122

200 OK

0 B

URL OPTIONS HTTP/2
woudaufe.net/event
IP
139.45.197.122:443
ASN
#9002 RETN Limited

Requested by
https://naoficouatm.com/lpz/cb/CD/669e6e62f2eb3/?linkref=https://jump.zmobistein.com/?jp=624d45e2d6912&id=76_CD_1_xxxx_83_5_1t&nxl=6634f2427de6d_967051_17493&mjump=27x83x99ec9a4ad90&subzone=81H7OwA80U&visitorid=896804213416271872&zoneid=6915976
Certificate
IssuerLet's Encrypt
Subjectwoudaufe.net
Fingerprint2A:FD:DB:B9:60:41:B1:77:03:2C:7D:D7:2F:58:61:53:E1:AC:68:18
ValidityWed, 11 Dec 2024 05:12:06 GMT - Tue, 11 Mar 2025 05:12:05 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /event HTTP/1.1
Host: woudaufe.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://naoficouatm.com/
Origin: https://naoficouatm.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 28 Dec 2024 09:34:26 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://naoficouatm.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

woudaufe.net/event

139.45.197.122

200 OK

26 B

URL OPTIONS HTTP/2
woudaufe.net/event
IP
139.45.197.122:443
ASN
#9002 RETN Limited

Requested by
https://naoficouatm.com/lpz/cb/CD/669e6e62f2eb3/?linkref=https://jump.zmobistein.com/?jp=624d45e2d6912&id=76_CD_1_xxxx_83_5_1t&nxl=6634f2427de6d_967051_17493&mjump=27x83x99ec9a4ad90&subzone=81H7OwA80U&visitorid=896804213416271872&zoneid=6915976
Certificate
IssuerLet's Encrypt
Subjectwoudaufe.net
Fingerprint2A:FD:DB:B9:60:41:B1:77:03:2C:7D:D7:2F:58:61:53:E1:AC:68:18
ValidityWed, 11 Dec 2024 05:12:06 GMT - Tue, 11 Mar 2025 05:12:05 GMT

File type
JSON text data
Size
26 B (26 bytes)
Hash
de2c78e0c56306634970985c622f636b
568abada083d032cdc5de0f306e98837d241fbc4
235b928085dcdeafdaa0dbaae6ce1ef5329805c32938e258e8287df0fae2e3f9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: woudaufe.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 259
Origin: https://naoficouatm.com
DNT: 1
Connection: keep-alive
Referer: https://naoficouatm.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 28 Dec 2024 09:34:26 GMT
content-type: application/json; charset=utf-8
content-length: 26
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://naoficouatm.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

woudaufe.net/event

139.45.197.122

200 OK

0 B

URL OPTIONS HTTP/2
woudaufe.net/event
IP
139.45.197.122:443
ASN
#9002 RETN Limited

Requested by
https://naoficouatm.com/lpz/cb/CD/669e6e62f2eb3/?linkref=https://jump.zmobistein.com/?jp=624d45e2d6912&id=76_CD_1_xxxx_83_5_1t&nxl=6634f2427de6d_967051_17493&mjump=27x83x99ec9a4ad90&subzone=81H7OwA80U&visitorid=896804213416271872&zoneid=6915976
Certificate
IssuerLet's Encrypt
Subjectwoudaufe.net
Fingerprint2A:FD:DB:B9:60:41:B1:77:03:2C:7D:D7:2F:58:61:53:E1:AC:68:18
ValidityWed, 11 Dec 2024 05:12:06 GMT - Tue, 11 Mar 2025 05:12:05 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /event HTTP/1.1
Host: woudaufe.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://naoficouatm.com/
Origin: https://naoficouatm.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 28 Dec 2024 09:34:26 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://naoficouatm.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

woudaufe.net/zone?pub=0&zone_id=8605974&is_mobile=false&domain=naoficouatm.com&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.577&trace_id=0a822c0c-15e5-43fa-a01d-e82d52481135&action=prerequest&drf=

139.45.197.122

200 OK

0 B

URL POST HTTP/2
woudaufe.net/zone?pub=0&zone_id=8605974&is_mobile=false&domain=naoficouatm.com&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.577&trace_id=0a822c0c-15e5-43fa-a01d-e82d52481135&action=prerequest&drf=
IP
139.45.197.122:443
ASN
#9002 RETN Limited

Requested by
https://naoficouatm.com/lpz/cb/CD/669e6e62f2eb3/?linkref=https://jump.zmobistein.com/?jp=624d45e2d6912&id=76_CD_1_xxxx_83_5_1t&nxl=6634f2427de6d_967051_17493&mjump=27x83x99ec9a4ad90&subzone=81H7OwA80U&visitorid=896804213416271872&zoneid=6915976
Certificate
IssuerLet's Encrypt
Subjectwoudaufe.net
Fingerprint2A:FD:DB:B9:60:41:B1:77:03:2C:7D:D7:2F:58:61:53:E1:AC:68:18
ValidityWed, 11 Dec 2024 05:12:06 GMT - Tue, 11 Mar 2025 05:12:05 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /zone?pub=0&zone_id=8605974&is_mobile=false&domain=naoficouatm.com&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.577&trace_id=0a822c0c-15e5-43fa-a01d-e82d52481135&action=prerequest&drf= HTTP/1.1
Host: woudaufe.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://naoficouatm.com
DNT: 1
Connection: keep-alive
Referer: https://naoficouatm.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 28 Dec 2024 09:34:26 GMT
content-length: 0
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://naoficouatm.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

woudaufe.net/5d2/59323/micro.tag.min.js?zoneId=8605974&sw=%2Fsw-check-permissions.js

139.45.197.122

200 OK

19 kB

URL GET HTTP/2
woudaufe.net/5d2/59323/micro.tag.min.js?zoneId=8605974&sw=%2Fsw-check-permissions.js
IP
139.45.197.122:443
ASN
#9002 RETN Limited

Requested by
https://naoficouatm.com/lpz/cb/CD/669e6e62f2eb3/?linkref=https://jump.zmobistein.com/?jp=624d45e2d6912&id=76_CD_1_xxxx_83_5_1t&nxl=6634f2427de6d_967051_17493&mjump=27x83x99ec9a4ad90&subzone=81H7OwA80U&visitorid=896804213416271872&zoneid=6915976
Certificate
IssuerLet's Encrypt
Subjectwoudaufe.net
Fingerprint2A:FD:DB:B9:60:41:B1:77:03:2C:7D:D7:2F:58:61:53:E1:AC:68:18
ValidityWed, 11 Dec 2024 05:12:06 GMT - Tue, 11 Mar 2025 05:12:05 GMT

File type
gzip compressed data, max speed, from Unix
Size
19 kB (18582 bytes)
Hash
839128f79f4ce24d9ca733a450697525
6e08acc275b5107b7d04274c6712397d5c3e0d6d
215eed54b07cf39d9235663ae97301afc6d146f56b4430fe902f9f1fedb47577

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5d2/59323/micro.tag.min.js?zoneId=8605974&sw=%2Fsw-check-permissions.js HTTP/1.1
Host: woudaufe.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://naoficouatm.com/
Origin: https://naoficouatm.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 28 Dec 2024 09:34:26 GMT
content-type: application/javascript
last-modified: Fri, 13 Dec 2024 11:27:15 GMT
etag: W/"675c1a13-b170"
access-control-allow-origin: https://naoficouatm.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

woudaufe.net/event

139.45.197.122

200 OK

26 B

URL OPTIONS HTTP/2
woudaufe.net/event
IP
139.45.197.122:443
ASN
#9002 RETN Limited

Requested by
https://naoficouatm.com/lpz/cb/CD/669e6e62f2eb3/?linkref=https://jump.zmobistein.com/?jp=624d45e2d6912&id=76_CD_1_xxxx_83_5_1t&nxl=6634f2427de6d_967051_17493&mjump=27x83x99ec9a4ad90&subzone=81H7OwA80U&visitorid=896804213416271872&zoneid=6915976
Certificate
IssuerLet's Encrypt
Subjectwoudaufe.net
Fingerprint2A:FD:DB:B9:60:41:B1:77:03:2C:7D:D7:2F:58:61:53:E1:AC:68:18
ValidityWed, 11 Dec 2024 05:12:06 GMT - Tue, 11 Mar 2025 05:12:05 GMT

File type
JSON text data
Size
26 B (26 bytes)
Hash
de2c78e0c56306634970985c622f636b
568abada083d032cdc5de0f306e98837d241fbc4
235b928085dcdeafdaa0dbaae6ce1ef5329805c32938e258e8287df0fae2e3f9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: woudaufe.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 262
Origin: https://naoficouatm.com
DNT: 1
Connection: keep-alive
Referer: https://naoficouatm.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 28 Dec 2024 09:34:26 GMT
content-type: application/json; charset=utf-8
content-length: 26
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://naoficouatm.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

woudaufe.net/event

139.45.197.122

200 OK

26 B

URL OPTIONS HTTP/2
woudaufe.net/event
IP
139.45.197.122:443
ASN
#9002 RETN Limited

Requested by
https://naoficouatm.com/lpz/cb/CD/669e6e62f2eb3/?linkref=https://jump.zmobistein.com/?jp=624d45e2d6912&id=76_CD_1_xxxx_83_5_1t&nxl=6634f2427de6d_967051_17493&mjump=27x83x99ec9a4ad90&subzone=81H7OwA80U&visitorid=896804213416271872&zoneid=6915976
Certificate
IssuerLet's Encrypt
Subjectwoudaufe.net
Fingerprint2A:FD:DB:B9:60:41:B1:77:03:2C:7D:D7:2F:58:61:53:E1:AC:68:18
ValidityWed, 11 Dec 2024 05:12:06 GMT - Tue, 11 Mar 2025 05:12:05 GMT

File type
JSON text data
Size
26 B (26 bytes)
Hash
de2c78e0c56306634970985c622f636b
568abada083d032cdc5de0f306e98837d241fbc4
235b928085dcdeafdaa0dbaae6ce1ef5329805c32938e258e8287df0fae2e3f9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: woudaufe.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 261
Origin: https://naoficouatm.com
DNT: 1
Connection: keep-alive
Referer: https://naoficouatm.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 28 Dec 2024 09:34:26 GMT
content-type: application/json; charset=utf-8
content-length: 26
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://naoficouatm.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

woudaufe.net/event

139.45.197.122

200 OK

81 B

URL OPTIONS HTTP/2
woudaufe.net/event
IP
139.45.197.122:443
ASN
#9002 RETN Limited

Requested by
https://naoficouatm.com/lpz/cb/CD/669e6e62f2eb3/?linkref=https://jump.zmobistein.com/?jp=624d45e2d6912&id=76_CD_1_xxxx_83_5_1t&nxl=6634f2427de6d_967051_17493&mjump=27x83x99ec9a4ad90&subzone=81H7OwA80U&visitorid=896804213416271872&zoneid=6915976
Certificate
IssuerLet's Encrypt
Subjectwoudaufe.net
Fingerprint2A:FD:DB:B9:60:41:B1:77:03:2C:7D:D7:2F:58:61:53:E1:AC:68:18
ValidityWed, 11 Dec 2024 05:12:06 GMT - Tue, 11 Mar 2025 05:12:05 GMT

File type
JSON text data
Size
81 B (81 bytes)
Hash
6e54a49d54318f9441533cfd6db87dcd
d987b0626b8f0a3103c459aef9ac8eb74ba96556
73256f6132ad0836c2279a4e6f3d26e41f855c9e161a9a49ca5f7d9dfbbb551a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: woudaufe.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://naoficouatm.com/
Content-Type: application/json
Content-Length: 378
Origin: https://naoficouatm.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 28 Dec 2024 09:34:26 GMT
content-type: application/json; charset=utf-8
content-length: 81
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://naoficouatm.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

woudaufe.net/5d2/59323/mw.min.js?z=8605974&sw=/sw-check-permissions.js

139.45.197.122

200 OK

2.8 kB

URL GET HTTP/2
woudaufe.net/5d2/59323/mw.min.js?z=8605974&sw=/sw-check-permissions.js
IP
139.45.197.122:443
ASN
#9002 RETN Limited

Requested by
https://naoficouatm.com/lpz/cb/CD/669e6e62f2eb3/?linkref=https://jump.zmobistein.com/?jp=624d45e2d6912&id=76_CD_1_xxxx_83_5_1t&nxl=6634f2427de6d_967051_17493&mjump=27x83x99ec9a4ad90&subzone=81H7OwA80U&visitorid=896804213416271872&zoneid=6915976
Certificate
IssuerLet's Encrypt
Subjectwoudaufe.net
Fingerprint2A:FD:DB:B9:60:41:B1:77:03:2C:7D:D7:2F:58:61:53:E1:AC:68:18
ValidityWed, 11 Dec 2024 05:12:06 GMT - Tue, 11 Mar 2025 05:12:05 GMT

File type
JavaScript source, ASCII text, with very long lines (5510), with no line terminators
Size
2.8 kB (2807 bytes)
Hash
7421654261bc2c235052dd9acec96c39
3982b80f6e43dce58fe2b70a6d150e58131e5ca9
1ab740d610dcf399fa679f3b4d0abf8697b2cd31906c26d079b7c0889d439542

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5d2/59323/mw.min.js?z=8605974&sw=/sw-check-permissions.js HTTP/1.1
Host: woudaufe.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://naoficouatm.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 28 Dec 2024 09:34:26 GMT
content-type: application/javascript
last-modified: Fri, 13 Dec 2024 11:27:15 GMT
etag: W/"675c1a13-1586"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

woudaufe.net/event

139.45.197.122

200 OK

81 B

URL OPTIONS HTTP/2
woudaufe.net/event
IP
139.45.197.122:443
ASN
#9002 RETN Limited

Requested by
https://naoficouatm.com/lpz/cb/CD/669e6e62f2eb3/?linkref=https://jump.zmobistein.com/?jp=624d45e2d6912&id=76_CD_1_xxxx_83_5_1t&nxl=6634f2427de6d_967051_17493&mjump=27x83x99ec9a4ad90&subzone=81H7OwA80U&visitorid=896804213416271872&zoneid=6915976
Certificate
IssuerLet's Encrypt
Subjectwoudaufe.net
Fingerprint2A:FD:DB:B9:60:41:B1:77:03:2C:7D:D7:2F:58:61:53:E1:AC:68:18
ValidityWed, 11 Dec 2024 05:12:06 GMT - Tue, 11 Mar 2025 05:12:05 GMT

File type
JSON text data
Size
81 B (81 bytes)
Hash
f2e6a8d2fd2ae2652c5e80cce694f099
6a66cd5f26b84cbd11b858f474b2ba0bb252e1db
74849dca8f6e41b3fa7969e678d9e35c1c191258e67454d61a57db7f8e701f88

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: woudaufe.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://naoficouatm.com/
Content-Type: application/json
Content-Length: 378
Origin: https://naoficouatm.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 28 Dec 2024 09:34:26 GMT
content-type: application/json; charset=utf-8
content-length: 81
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://naoficouatm.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

woudaufe.net/event

139.45.197.122

200 OK

81 B

URL OPTIONS HTTP/2
woudaufe.net/event
IP
139.45.197.122:443
ASN
#9002 RETN Limited

Requested by
https://naoficouatm.com/lpz/cb/CD/669e6e62f2eb3/?linkref=https://jump.zmobistein.com/?jp=624d45e2d6912&id=76_CD_1_xxxx_83_5_1t&nxl=6634f2427de6d_967051_17493&mjump=27x83x99ec9a4ad90&subzone=81H7OwA80U&visitorid=896804213416271872&zoneid=6915976
Certificate
IssuerLet's Encrypt
Subjectwoudaufe.net
Fingerprint2A:FD:DB:B9:60:41:B1:77:03:2C:7D:D7:2F:58:61:53:E1:AC:68:18
ValidityWed, 11 Dec 2024 05:12:06 GMT - Tue, 11 Mar 2025 05:12:05 GMT

File type
JSON text data
Size
81 B (81 bytes)
Hash
6bd604d17a0284ecb7e19be0d54b646d
b26e93320a5bdb9b3b2085c1c3068e2ae2686b3b
ed58c11c5bb355762e2c2a2df858a874adbe54a3253a15bb71de1e3275194b63

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: woudaufe.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://naoficouatm.com/
Content-Type: application/json
Content-Length: 1288
Origin: https://naoficouatm.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 28 Dec 2024 09:34:26 GMT
content-type: application/json; charset=utf-8
content-length: 81
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://naoficouatm.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (10)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (20)