Report - confusingepisodevest.com/afu.php?id=462966&var=6534656&prpsrc={prpsrc}&rsz=6534656

Report Overview

Visited public
2024-08-16 08:10:46
Tags
URL
confusingepisodevest.com/afu.php?id=462966&var=6534656&prpsrc={prpsrc}&rsz=6534656
Finishing URL
about:neterror?e=nssFailure2&u=https%3A//neurotrade.io/%3Futm_source%3Dprop_1%26utm_medium%3Dmb%26utm_campaign%3D%7Bsource%7D%26country%3DNO&c=UTF-8&d=%20
IP / ASN
94.242.247.28
#0
Title
Problem loading page

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Sent	Received	IP
r11.o.lencr.org	unknown	1.3 kB	3.6 kB	23.36.76.226
r10.o.lencr.org	unknown	981 B	2.7 kB	23.36.77.32
confusingepisodevest.com	unknown	4.0 kB	58 kB	94.242.247.28
ak.shaugacakro.net	unknown	3.6 kB	4.2 kB	23.36.76.201
my.rtmark.net	9054	529 B	678 B	139.45.195.8
neurotrade.io	unknown	535 B	0 B	0.0.0.0

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-08-16	medium	shaugacakro.net	Sinkholed
2024-08-16	medium	shaugacakro.net	Sinkholed
2024-08-16	medium	shaugacakro.net	Sinkholed
2024-08-16	medium	shaugacakro.net	Sinkholed
2024-08-16	medium	shaugacakro.net	Sinkholed

ThreatFox

No alerts detected

JavaScript (1)

	URL	From	Size	First Seen	Last Seen
	about:neterror?e=nssFailure2&u=https%3A//neurotrade.io/%3Futm_source%3Dprop_1%26utm_medium%3Dmb%26utm_campaign%3D%7Bsource%7D%26country%3DNO&c=UTF-8&d=%20	ScriptElement	0 B	0001-01-01	2025-05-15
Pretty URL about:neterror?e=nssFailure2&u=https%3A//neurotrade.io/%3Futm_source%3Dprop_1%26utm_medium%3Dmb%26utm_campaign%3D%7Bsource%7D%26country%3DNO&c=UTF-8&d=%20 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-15 04:13 Times Seen4685204 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

HTTP Transactions (17)

URL IP Response Size

r11.o.lencr.org/

23.36.76.226

504 B

URL
r11.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
686480d25645ac2aca7a99974693a82f
55ca9d53bd758d2afc75e8a9b59c656ff26a3f70
8902058e383c2f43751417e1af1d582f7a16ce0b6fc180ab20cbc76c4b00f914

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "8902058E383C2F43751417E1AF1D582F7A16CE0B6FC180AB20CBC76C4B00F914"
Last-Modified: Wed, 14 Aug 2024 12:55:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12212
Expires: Fri, 16 Aug 2024 11:33:52 GMT
Date: Fri, 16 Aug 2024 08:10:20 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
90149b127cd563315012f026a9e0544f
1e148905fa524fb8fec15249f30f33085978dc2e
7098a3b23aece2b00e86fd3a23c5e532001a5002b061170d3ed53ddd36bf8f5b

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "7098A3B23AECE2B00E86FD3A23C5E532001A5002B061170D3ED53DDD36BF8F5B"
Last-Modified: Tue, 13 Aug 2024 18:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7594
Expires: Fri, 16 Aug 2024 10:16:54 GMT
Date: Fri, 16 Aug 2024 08:10:20 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
4d209e16679910b467c26590a0073236
ddd59fa6902b498e9c0cfb22e342757f954789d0
9ef3dab56215a67804db0e12d33772a1902f5914b788530717712902a294bcb5

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "9EF3DAB56215A67804DB0E12D33772A1902F5914B788530717712902A294BCB5"
Last-Modified: Wed, 14 Aug 2024 21:59:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15116
Expires: Fri, 16 Aug 2024 12:22:16 GMT
Date: Fri, 16 Aug 2024 08:10:20 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
1401eaecc1dc9b318d389cf687018dd9
49eef7150c440fee15deabf064e11a9fefad1845
5b79b468e1cac072d2582b2937241a1f1bee8fdbbc4741818061b6763652523e

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "5B79B468E1CAC072D2582B2937241A1F1BEE8FDBBC4741818061B6763652523E"
Last-Modified: Tue, 13 Aug 2024 18:57:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12067
Expires: Fri, 16 Aug 2024 11:31:28 GMT
Date: Fri, 16 Aug 2024 08:10:21 GMT
Connection: keep-alive

confusingepisodevest.com/dupa.gif?z=462966&ls=1&ix=0&eclog=0&abvar=0&wcks=1&pt=OGA5EJqTG9hZGluZy4uLg&pload=690&os=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&bb=0&cti=0&pf=Linux%20x86_64&md=0&pb=dc48bbc80e65a1ae8e54ecb1b94fab831723803020&febuild=1.0.314&fn=2&rlp=[0,0,88,67,6,223,46,110]&fdl=1&nojs=0&cnvs=1&x=1280&prpsrc={prpsrc}&wgl=0&tz=UTC&ss=1&lang=en-US&zoneid=462966&var=6534656&cd=24&y=1024&psu=cWfbvQZaHR0cHM6Ly9jb25mdXNpbmdlcGlzb2RldmVzdC5jb20vYWZ1LnBocD9pZD00NjI5NjYmdmFyPTY1MzQ2NTYmcHJwc3JjPSU3QnBycHNyYyU3RCZyc3o9NjUzNDY1Ng&afid=1520345566492672&im=1&t=0&psp=IkGTSINlhUne6jcbV0I64NsxaqKMHi2O_70LYZmx2VhfY41how2X-HqNv0PwDpbhvqP-sUu9ypvU1fGgp6jZsHXv_SoYA7rHJ2FohGvL2j4qHOCVDz3F1uz9SzBrFDSko5hSPa9-ndiD2E9qK_kLNBpBzv7QssrfMWS_YGEkLTdAKq4e__rPQLN238O9s2yMpaOUDJoQuX0nRLa3ia6ZT3nRnEt_1T1hAvtvZM-0XNjGdc4NWKrsX1AHxFb7JABSN6xcuo0VOFLvhuP-GVyGZyNJvBXYd-0FtB8o6y6XFcgXayMrRUXlhfrPIwvLRA4FaK00oOOHUHydqHLQk61-lKJQkk3BLr2A2cyGRSw1EZYIAz3rTCawkus8_ffHnh7x0vsq_T2eHigiaQllYHBmxSgNskyYcri3Pl8kQrsfL__soMjxxpH55xAnPPdpZxNgF3zreUxkfHyZFnI9jRdFWcHpSkOk8va9R8vxOsfz_5vSUms0GjJRk40AC2TkMzNIB_1mXQpKPazVz3TF3Asx3SarV5dwahC_H27KfHFVtS1_tDUOxvcoAGZjzXWCfbo_9QzuPfTUwR93fUCdbJ6MdkPtSsp8D8CGpS6c3QnPqiCAMt42f6mhIAoiFMR4lLm7H8hab0WfDk2wYlhfXknHoZts_4dSTZJWfIsMUUWb73SKXnlkXbRizDVzGx3iDJf4KqpKy9-w1rxI7ITvJz6fXNDm-umbdRjqgzIouUPxczbWYV4TKzd-3DHAmLkaBLFoaMUEqBH7eztVv0mbDSvyje0nkjINzLuzwKw=&pload=123&rlp=%5B0%2C0%2C0%2C0%2C1%2C0%2C27%2C0%5D&bb=0

94.242.247.28

43 B

URL
confusingepisodevest.com/dupa.gif?z=462966&ls=1&ix=0&eclog=0&abvar=0&wcks=1&pt=OGA5EJqTG9hZGluZy4uLg&pload=690&os=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&bb=0&cti=0&pf=Linux%20x86_64&md=0&pb=dc48bbc80e65a1ae8e54ecb1b94fab831723803020&febuild=1.0.314&fn=2&rlp=[0,0,88,67,6,223,46,110]&fdl=1&nojs=0&cnvs=1&x=1280&prpsrc={prpsrc}&wgl=0&tz=UTC&ss=1&lang=en-US&zoneid=462966&var=6534656&cd=24&y=1024&psu=cWfbvQZaHR0cHM6Ly9jb25mdXNpbmdlcGlzb2RldmVzdC5jb20vYWZ1LnBocD9pZD00NjI5NjYmdmFyPTY1MzQ2NTYmcHJwc3JjPSU3QnBycHNyYyU3RCZyc3o9NjUzNDY1Ng&afid=1520345566492672&im=1&t=0&psp=IkGTSINlhUne6jcbV0I64NsxaqKMHi2O_70LYZmx2VhfY41how2X-HqNv0PwDpbhvqP-sUu9ypvU1fGgp6jZsHXv_SoYA7rHJ2FohGvL2j4qHOCVDz3F1uz9SzBrFDSko5hSPa9-ndiD2E9qK_kLNBpBzv7QssrfMWS_YGEkLTdAKq4e__rPQLN238O9s2yMpaOUDJoQuX0nRLa3ia6ZT3nRnEt_1T1hAvtvZM-0XNjGdc4NWKrsX1AHxFb7JABSN6xcuo0VOFLvhuP-GVyGZyNJvBXYd-0FtB8o6y6XFcgXayMrRUXlhfrPIwvLRA4FaK00oOOHUHydqHLQk61-lKJQkk3BLr2A2cyGRSw1EZYIAz3rTCawkus8_ffHnh7x0vsq_T2eHigiaQllYHBmxSgNskyYcri3Pl8kQrsfL__soMjxxpH55xAnPPdpZxNgF3zreUxkfHyZFnI9jRdFWcHpSkOk8va9R8vxOsfz_5vSUms0GjJRk40AC2TkMzNIB_1mXQpKPazVz3TF3Asx3SarV5dwahC_H27KfHFVtS1_tDUOxvcoAGZjzXWCfbo_9QzuPfTUwR93fUCdbJ6MdkPtSsp8D8CGpS6c3QnPqiCAMt42f6mhIAoiFMR4lLm7H8hab0WfDk2wYlhfXknHoZts_4dSTZJWfIsMUUWb73SKXnlkXbRizDVzGx3iDJf4KqpKy9-w1rxI7ITvJz6fXNDm-umbdRjqgzIouUPxczbWYV4TKzd-3DHAmLkaBLFoaMUEqBH7eztVv0mbDSvyje0nkjINzLuzwKw=&pload=123&rlp=%5B0%2C0%2C0%2C0%2C1%2C0%2C27%2C0%5D&bb=0
IP
94.242.247.28:0
ASN
#0

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84

HTTP Headers

POST /dupa.gif?z=462966&ls=1&ix=0&eclog=0&abvar=0&wcks=1&pt=OGA5EJqTG9hZGluZy4uLg&pload=690&os=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&bb=0&cti=0&pf=Linux%20x86_64&md=0&pb=dc48bbc80e65a1ae8e54ecb1b94fab831723803020&febuild=1.0.314&fn=2&rlp=[0,0,88,67,6,223,46,110]&fdl=1&nojs=0&cnvs=1&x=1280&prpsrc={prpsrc}&wgl=0&tz=UTC&ss=1&lang=en-US&zoneid=462966&var=6534656&cd=24&y=1024&psu=cWfbvQZaHR0cHM6Ly9jb25mdXNpbmdlcGlzb2RldmVzdC5jb20vYWZ1LnBocD9pZD00NjI5NjYmdmFyPTY1MzQ2NTYmcHJwc3JjPSU3QnBycHNyYyU3RCZyc3o9NjUzNDY1Ng&afid=1520345566492672&im=1&t=0&psp=IkGTSINlhUne6jcbV0I64NsxaqKMHi2O_70LYZmx2VhfY41how2X-HqNv0PwDpbhvqP-sUu9ypvU1fGgp6jZsHXv_SoYA7rHJ2FohGvL2j4qHOCVDz3F1uz9SzBrFDSko5hSPa9-ndiD2E9qK_kLNBpBzv7QssrfMWS_YGEkLTdAKq4e__rPQLN238O9s2yMpaOUDJoQuX0nRLa3ia6ZT3nRnEt_1T1hAvtvZM-0XNjGdc4NWKrsX1AHxFb7JABSN6xcuo0VOFLvhuP-GVyGZyNJvBXYd-0FtB8o6y6XFcgXayMrRUXlhfrPIwvLRA4FaK00oOOHUHydqHLQk61-lKJQkk3BLr2A2cyGRSw1EZYIAz3rTCawkus8_ffHnh7x0vsq_T2eHigiaQllYHBmxSgNskyYcri3Pl8kQrsfL__soMjxxpH55xAnPPdpZxNgF3zreUxkfHyZFnI9jRdFWcHpSkOk8va9R8vxOsfz_5vSUms0GjJRk40AC2TkMzNIB_1mXQpKPazVz3TF3Asx3SarV5dwahC_H27KfHFVtS1_tDUOxvcoAGZjzXWCfbo_9QzuPfTUwR93fUCdbJ6MdkPtSsp8D8CGpS6c3QnPqiCAMt42f6mhIAoiFMR4lLm7H8hab0WfDk2wYlhfXknHoZts_4dSTZJWfIsMUUWb73SKXnlkXbRizDVzGx3iDJf4KqpKy9-w1rxI7ITvJz6fXNDm-umbdRjqgzIouUPxczbWYV4TKzd-3DHAmLkaBLFoaMUEqBH7eztVv0mbDSvyje0nkjINzLuzwKw=&pload=123&rlp=%5B0%2C0%2C0%2C0%2C1%2C0%2C27%2C0%5D&bb=0 HTTP/1.1
Host: confusingepisodevest.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
DNT: 1
Connection: keep-alive
Cookie: CHCK=1; UID=2408160310ab10a4f2ea7c4e5dafb20d8230; UGVyc2lzdFN0b3JhZ2U=%7B%7D; OACCAP=AC0qaQAAAAAAAAAB; OACBLOCK=AC0qaQAAAABmvtzQ; TUCAP=57ioQQAAAAAAAAAB; TUBLOCK=57ioQQAAAABmvwcA; OXCCLK=AC0qaQAAAAAAAAAB; OXPCLK=AAJvsAAAAAAAAAAB; ppucnt=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 16 Aug 2024 08:10:21 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.redirect-pixel
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

confusingepisodevest.com/r/dir?zoneid=462966&var=6534656&pb=dc48bbc80e65a1ae8e54ecb1b94fab831723803020&psp=5HOC-xolYEVMZdyfWL_mxbGMMDS7Ro4qB1p5KnCzM7J3aKE-3Hj_AApF9OTBQpx9oCJKqahAQAsPaVxjL4I9h2NlWIuK0UkzLDU7XEkq-n5EOIAXw6bJrRZocEyGgVP7Zifi054cXFFXVm7-qsiyrToM61FDRaDc95AOjCGQQ_3N42qXYaXKrHK8CDJLHFZBmlX4Bl-nlunpmZwdC2tbp-wUwTmX9oZ2A7CINN2qkbhG28AtsFHexs8z&prpsrc={prpsrc}&fdl=1&nojs=0&abvar=0&febuild=1.0.314&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&fn=2&pt=OGA5EJqTG9hZGluZy4uLg&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&psu=cWfbvQZaHR0cHM6Ly9jb25mdXNpbmdlcGlzb2RldmVzdC5jb20vYWZ1LnBocD9pZD00NjI5NjYmdmFyPTY1MzQ2NTYmcHJwc3JjPSU3QnBycHNyYyU3RCZyc3o9NjUzNDY1Ng&afid=1520345566492672&eclog=0&im=1&pload=690&rlp=%5B0%2C0%2C88%2C67%2C6%2C223%2C46%2C110%5D

94.242.247.28

16 kB

URL
confusingepisodevest.com/r/dir?zoneid=462966&var=6534656&pb=dc48bbc80e65a1ae8e54ecb1b94fab831723803020&psp=5HOC-xolYEVMZdyfWL_mxbGMMDS7Ro4qB1p5KnCzM7J3aKE-3Hj_AApF9OTBQpx9oCJKqahAQAsPaVxjL4I9h2NlWIuK0UkzLDU7XEkq-n5EOIAXw6bJrRZocEyGgVP7Zifi054cXFFXVm7-qsiyrToM61FDRaDc95AOjCGQQ_3N42qXYaXKrHK8CDJLHFZBmlX4Bl-nlunpmZwdC2tbp-wUwTmX9oZ2A7CINN2qkbhG28AtsFHexs8z&prpsrc={prpsrc}&fdl=1&nojs=0&abvar=0&febuild=1.0.314&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&fn=2&pt=OGA5EJqTG9hZGluZy4uLg&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&psu=cWfbvQZaHR0cHM6Ly9jb25mdXNpbmdlcGlzb2RldmVzdC5jb20vYWZ1LnBocD9pZD00NjI5NjYmdmFyPTY1MzQ2NTYmcHJwc3JjPSU3QnBycHNyYyU3RCZyc3o9NjUzNDY1Ng&afid=1520345566492672&eclog=0&im=1&pload=690&rlp=%5B0%2C0%2C88%2C67%2C6%2C223%2C46%2C110%5D
IP
94.242.247.28:0
ASN
#0

File type
HTML document, ASCII text, with very long lines (17217)
Size
16 kB (16515 bytes)
Hash
202c4a70c3d8c284439a27f1b61bfa15
6908dabd45b8c50c6eddb6704bce7961eb87ea77
794cafba220626fc15b69f519a9d2752ed5e88d1e97f3e8c07bac77c9adbe580

HTTP Headers

GET /r/dir?zoneid=462966&var=6534656&pb=dc48bbc80e65a1ae8e54ecb1b94fab831723803020&psp=5HOC-xolYEVMZdyfWL_mxbGMMDS7Ro4qB1p5KnCzM7J3aKE-3Hj_AApF9OTBQpx9oCJKqahAQAsPaVxjL4I9h2NlWIuK0UkzLDU7XEkq-n5EOIAXw6bJrRZocEyGgVP7Zifi054cXFFXVm7-qsiyrToM61FDRaDc95AOjCGQQ_3N42qXYaXKrHK8CDJLHFZBmlX4Bl-nlunpmZwdC2tbp-wUwTmX9oZ2A7CINN2qkbhG28AtsFHexs8z&prpsrc={prpsrc}&fdl=1&nojs=0&abvar=0&febuild=1.0.314&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&fn=2&pt=OGA5EJqTG9hZGluZy4uLg&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&psu=cWfbvQZaHR0cHM6Ly9jb25mdXNpbmdlcGlzb2RldmVzdC5jb20vYWZ1LnBocD9pZD00NjI5NjYmdmFyPTY1MzQ2NTYmcHJwc3JjPSU3QnBycHNyYyU3RCZyc3o9NjUzNDY1Ng&afid=1520345566492672&eclog=0&im=1&pload=690&rlp=%5B0%2C0%2C88%2C67%2C6%2C223%2C46%2C110%5D HTTP/1.1
Host: confusingepisodevest.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: CHCK=1; UID=2408160310ab10a4f2ea7c4e5dafb20d8230; UGVyc2lzdFN0b3JhZ2U=%7B%7D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 16 Aug 2024 08:10:21 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
x-route-id: redirect.dl
referrer-policy: no-referrer
x-trace: gfTfJb5XhEfhxGEu_zDqM-_5W0MjM11kkdNTSSKD_1CcuVWZUqRjcCqbyM6M4wbBoFavHPDz
set-cookie: CHCK=1; Path=/; Expires=Fri, 19 Sep 2025 08:10:21 GMT; Secure; SameSite=None
OACCAP=AC0qaQAAAAAAAAAB; Path=/; Expires=Sun, 15 Sep 2024 08:10:21 GMT; Secure; SameSite=None
OACBLOCK=AC0qaQAAAABmvtzQ; Path=/; Expires=Sun, 15 Sep 2024 08:10:21 GMT; Secure; SameSite=None
TUCAP=57ioQQAAAAAAAAAB; Path=/; Expires=Sun, 15 Sep 2024 08:10:21 GMT; Secure; SameSite=None
TUBLOCK=57ioQQAAAABmvwcA; Path=/; Expires=Sun, 15 Sep 2024 08:10:21 GMT; Secure; SameSite=None
OXCCLK=AC0qaQAAAAAAAAAB; Path=/; Expires=Sat, 17 Aug 2024 08:10:21 GMT; Secure; SameSite=None
OXPCLK=AAJvsAAAAAAAAAAB; Path=/; Expires=Sat, 17 Aug 2024 08:10:21 GMT; Secure; SameSite=None
ppucnt=1; Path=/; Expires=Sat, 17 Aug 2024 08:10:21 GMT; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

ak.shaugacakro.net/sftouch?userId=0080ba0a81684db4ee3626ea8ed4f5c4&z=7681296&p_rid=36128d83-ad3c-42fa-883e-4349f02bbd70&p_src=sf&branchId=0&rb=9zPj2HB17fZaeQ5yo_DSBdswF7CFqIAASKhPuzxP8-vAlhcGOPg0qhB_Sj_0R_ln-ge7Z3lHHP3w9laX0paVSTZsfYKKilQSYmt8vqOeR4tcrkLyMPOnrZfa40wqbo_iddmDmpTRILF-f2ZDqhIIqZ8enscrEKlDywmXxcjrIAhq_n3rQIeYcsYGXqFFQmAGo52bsZRFTre10uTD-xiSaHa4o--obuvXdTCvp0TTNpnpBsjMFzsfJg==

23.36.76.201

2 B

URL
ak.shaugacakro.net/sftouch?userId=0080ba0a81684db4ee3626ea8ed4f5c4&z=7681296&p_rid=36128d83-ad3c-42fa-883e-4349f02bbd70&p_src=sf&branchId=0&rb=9zPj2HB17fZaeQ5yo_DSBdswF7CFqIAASKhPuzxP8-vAlhcGOPg0qhB_Sj_0R_ln-ge7Z3lHHP3w9laX0paVSTZsfYKKilQSYmt8vqOeR4tcrkLyMPOnrZfa40wqbo_iddmDmpTRILF-f2ZDqhIIqZ8enscrEKlDywmXxcjrIAhq_n3rQIeYcsYGXqFFQmAGo52bsZRFTre10uTD-xiSaHa4o--obuvXdTCvp0TTNpnpBsjMFzsfJg==
IP
23.36.76.201:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /sftouch?userId=0080ba0a81684db4ee3626ea8ed4f5c4&z=7681296&p_rid=36128d83-ad3c-42fa-883e-4349f02bbd70&p_src=sf&branchId=0&rb=9zPj2HB17fZaeQ5yo_DSBdswF7CFqIAASKhPuzxP8-vAlhcGOPg0qhB_Sj_0R_ln-ge7Z3lHHP3w9laX0paVSTZsfYKKilQSYmt8vqOeR4tcrkLyMPOnrZfa40wqbo_iddmDmpTRILF-f2ZDqhIIqZ8enscrEKlDywmXxcjrIAhq_n3rQIeYcsYGXqFFQmAGo52bsZRFTre10uTD-xiSaHa4o--obuvXdTCvp0TTNpnpBsjMFzsfJg== HTTP/1.1
Host: ak.shaugacakro.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ak.shaugacakro.net
DNT: 1
Connection: keep-alive
Referer: https://ak.shaugacakro.net/4/7681296
Cookie: OAID=0080ba0a81684db4ee3626ea8ed4f5c4; oaidts=1723795821
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers

HTTP/3 200 OK
content-type: text/plain
content-length: 2
x-trace-id: 1a9edbc3dad9babfc96ec8157f884914
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ak.shaugacakro.net
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
expires: Fri, 16 Aug 2024 08:10:21 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Fri, 16 Aug 2024 08:10:21 GMT
alt-svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
quic-version: 0x00000001

r11.o.lencr.org/

23.36.77.32

504 B

URL
r11.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
984067c8478324ccbf66a26b1f1e989f
7b6eae6a88161e6fb8ab48ddf94c3efcb8e2719b
48bc7fbc035bca93ac232c0421dd232108f2195766603cba64b9d4faa3db9663

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "48BC7FBC035BCA93AC232C0421DD232108F2195766603CBA64B9D4FAA3DB9663"
Last-Modified: Tue, 13 Aug 2024 18:31:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13565
Expires: Fri, 16 Aug 2024 11:56:26 GMT
Date: Fri, 16 Aug 2024 08:10:21 GMT
Connection: keep-alive

my.rtmark.net/img.gif?f=merge&userId=0080ba0a81684db4ee3626ea8ed4f5c4&z=7681296&p_rid=36128d83-ad3c-42fa-883e-4349f02bbd70&p_src=sf

139.45.195.8

43 B

URL
my.rtmark.net/img.gif?f=merge&userId=0080ba0a81684db4ee3626ea8ed4f5c4&z=7681296&p_rid=36128d83-ad3c-42fa-883e-4349f02bbd70&p_src=sf
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

HTTP Headers

GET /img.gif?f=merge&userId=0080ba0a81684db4ee3626ea8ed4f5c4&z=7681296&p_rid=36128d83-ad3c-42fa-883e-4349f02bbd70&p_src=sf HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ak.shaugacakro.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 16 Aug 2024 08:10:21 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=0080ba0a81684db4ee3626ea8ed4f5c4; expires=Sat, 16 Aug 2025 08:10:21 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

ak.shaugacakro.net/favicon.ico

23.36.76.201

0 B

URL
ak.shaugacakro.net/favicon.ico
IP
23.36.76.201:0
ASN
#20940 Akamai International B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: ak.shaugacakro.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ak.shaugacakro.net/4/7681296
Cookie: OAID=0080ba0a81684db4ee3626ea8ed4f5c4; oaidts=1723795821
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
expires: Fri, 16 Aug 2024 08:10:21 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Fri, 16 Aug 2024 08:10:21 GMT
alt-svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
quic-version: 0x00000001

ak.shaugacakro.net/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=36128d83-ad3c-42fa-883e-4349f02bbd70

23.36.76.201

12 B

URL
ak.shaugacakro.net/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=36128d83-ad3c-42fa-883e-4349f02bbd70
IP
23.36.76.201:0
ASN
#20940 Akamai International B.V.

File type
JSON text data
Size
12 B (12 bytes)
Hash
adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=36128d83-ad3c-42fa-883e-4349f02bbd70 HTTP/1.1
Host: ak.shaugacakro.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1389
Origin: https://ak.shaugacakro.net
DNT: 1
Connection: keep-alive
Referer: https://ak.shaugacakro.net/4/7681296
Cookie: OAID=0080ba0a81684db4ee3626ea8ed4f5c4; oaidts=1723795821
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/json; charset=utf-8
content-length: 12
access-control-allow-origin: https://ak.shaugacakro.net
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
expires: Fri, 16 Aug 2024 08:10:21 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Fri, 16 Aug 2024 08:10:21 GMT
alt-svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
quic-version: 0x00000001

ak.shaugacakro.net/async_log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=36128d83-ad3c-42fa-883e-4349f02bbd70

23.36.76.201

0 B

URL
ak.shaugacakro.net/async_log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=36128d83-ad3c-42fa-883e-4349f02bbd70
IP
23.36.76.201:0
ASN
#20940 Akamai International B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /async_log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=36128d83-ad3c-42fa-883e-4349f02bbd70 HTTP/1.1
Host: ak.shaugacakro.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 438
Origin: https://ak.shaugacakro.net
DNT: 1
Connection: keep-alive
Referer: https://ak.shaugacakro.net/4/7681296
Cookie: OAID=0080ba0a81684db4ee3626ea8ed4f5c4; oaidts=1723795821
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-length: 0
access-control-allow-origin: https://ak.shaugacakro.net
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
expires: Fri, 16 Aug 2024 08:10:22 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Fri, 16 Aug 2024 08:10:22 GMT
alt-svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
quic-version: 0x00000001

ak.shaugacakro.net/?z=7681296&syncedCookie=true&rhd=false

23.36.76.201

302 Found

0 B

URL User Request POST HTTP/3
ak.shaugacakro.net/?z=7681296&syncedCookie=true&rhd=false
IP
23.36.76.201:443
ASN
#20940 Akamai International B.V.

Certificate
IssuerLet's Encrypt
Subjectak.lowmiloticer.com
Fingerprint04:99:71:C8:E9:90:AF:09:97:0F:E5:71:2A:7F:CA:F7:F8:5A:65:8B
ValidityTue, 13 Aug 2024 14:01:34 GMT - Mon, 11 Nov 2024 14:01:33 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /?z=7681296&syncedCookie=true&rhd=false HTTP/1.1
Host: ak.shaugacakro.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 540
Origin: https://ak.shaugacakro.net
DNT: 1
Connection: keep-alive
Referer: https://ak.shaugacakro.net/afu.php?zoneid=7681296&var=7681296&rid=IUzYL-eT4VvoQwPRHmPGTA%3D%3D&rhd=false&ab2r=0&sf=1
Cookie: OAID=0080ba0a81684db4ee3626ea8ed4f5c4; oaidts=1723795821
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
content-length: 0
x-trace-id: 825681b12ca7e0a12a85c0674fea48d6
link: <https://neurotrade.io>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
referrer-policy: no-referrer
location: https://neurotrade.io/?utm_source=prop_1&utm_medium=mb&utm_campaign={source}&country=NO
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ak.shaugacakro.net
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
expires: Fri, 16 Aug 2024 08:10:22 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Fri, 16 Aug 2024 08:10:22 GMT
alt-svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
set-cookie: OAID=0080ba0a81684db4ee3626ea8ed4f5c4; expires=Sat, 16 Aug 2025 08:10:22 GMT; path=/; secure; SameSite=None
oaidts=1723795821; expires=Sat, 16 Aug 2025 08:10:22 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Fri, 23 Aug 2024 08:10:22 GMT; path=/; secure; SameSite=None
quic-version: 0x00000001

r11.o.lencr.org/

23.36.77.32

504 B

URL
r11.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
3c14cfb85dc9ceb923d7d3c3648719d2
10ea83f83398870f50ca771216ad77bd95aa66cc
bc868b2a34fe0c66d7a2dc1754676cc4031891c797fdd23e82d135559bd82c1b

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "BC868B2A34FE0C66D7A2DC1754676CC4031891C797FDD23E82D135559BD82C1B"
Last-Modified: Thu, 15 Aug 2024 09:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12298
Expires: Fri, 16 Aug 2024 11:35:20 GMT
Date: Fri, 16 Aug 2024 08:10:22 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.77.32

504 B

URL
r11.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
3c14cfb85dc9ceb923d7d3c3648719d2
10ea83f83398870f50ca771216ad77bd95aa66cc
bc868b2a34fe0c66d7a2dc1754676cc4031891c797fdd23e82d135559bd82c1b

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "BC868B2A34FE0C66D7A2DC1754676CC4031891C797FDD23E82D135559BD82C1B"
Last-Modified: Thu, 15 Aug 2024 09:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12298
Expires: Fri, 16 Aug 2024 11:35:20 GMT
Date: Fri, 16 Aug 2024 08:10:22 GMT
Connection: keep-alive

confusingepisodevest.com/submit.min.js?abvar=

94.242.247.28

38 kB

URL
confusingepisodevest.com/submit.min.js?abvar=
IP
94.242.247.28:0
ASN
#0

File type
gzip compressed data, max speed, from Unix
Size
38 kB (38474 bytes)
Hash
59a8de2c0e968920ae6c3c4e098f8bda
a7ebc42c46c229f1c9b6cf6095f2e60fcd750da5
fcbcf5dbd9d18fb16de4637a00d485ad02f98e3b3176e9ea7577c8d951356593

HTTP Headers

GET /submit.min.js?abvar= HTTP/1.1
Host: confusingepisodevest.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: CHCK=1; UID=2408160310ab10a4f2ea7c4e5dafb20d8230
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 16 Aug 2024 08:10:21 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 14 Aug 2024 09:18:17 GMT
vary: Accept-Encoding
etag: W/"66bc7659-1197e"
x-js-ab: current
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2

neurotrade.io/?utm_source=prop_1&utm_medium=mb&utm_campaign={source}&country=NO

0.0.0.0

0 B

URL User Request GET
neurotrade.io/?utm_source=prop_1&utm_medium=mb&utm_campaign={source}&country=NO
IP
0.0.0.0:0
ASN
#0

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?utm_source=prop_1&utm_medium=mb&utm_campaign={source}&country=NO HTTP/1.1
Host: neurotrade.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (1)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (17)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP