Report - 3uo.kunsoors.top/finance-survey.html

Report Overview

Visited public
2023-10-02 04:54:35
Tags
URL
3uo.kunsoors.top/finance-survey.html
Finishing URL
www.google.com/url?q=https://sikrebettingsider.com/casino/krypto/&;source=gmail&;ust=1696270920912000&;usg=AOvVaw0pmSKVgpMdE27h4iUwFWSo
IP / ASN
104.21.72.192
#13335 CLOUDFLARENET
Title
Viderekoblingsmerknad

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
3uo.kunsoors.top	unknown	2023-09-27	2023-10-02 06:54:00	2023-10-02 06:54:00	2.2 kB	76 kB	172.67.154.138
ocsp.pki.goog	175	2016-06-13	2018-07-01 08:43:07	2023-10-01 18:12:08	333 B	700 B	142.250.74.131
www.google.com	7	1997-09-15	2015-05-10 13:11:19	2023-09-20 20:05:47	1.5 kB	4.8 kB	216.58.207.228

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-10-02 04:54:16	medium	Client IP	Internal IP	ET DNS Query to a *.top domain - Likely Hostile
2023-10-02 04:54:18	low	Client IP	Internal IP	ETPRO INFO Referer Obfuscation/Hiding Service in DNS Lookup (href .li)
2023-10-02 04:54:18	low	Client IP	Internal IP	ETPRO INFO Referer Obfuscation/Hiding Service in DNS Lookup (href .li)
2023-10-02 04:54:18	low	Client IP	192.0.78.27	ETPRO INFO Referer Obfuscation/Hiding Service Domain (href .li in TLS SNI)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (8)

	URL	IP	Response	Size
	3uo.kunsoors.top/js/_core-survey.c50428f8.js	172.67.154.138		58 kB
URL 3uo.kunsoors.top/js/_core-survey.c50428f8.js IP 172.67.154.138:0 ASN #13335 CLOUDFLARENET File type ASCII text, with very long lines (65457) Size 58 kB (57538 bytes) Hash e06f11c2f1c40f146e254a36042cb7bc 8150f6ac28946a13943ab5dcedf71b7e9a5b6258 11aafc29b4d5bd161796ae037efece7149718207183896ff53030fe1443af8d9 HTTP Headers `GET /js/_core-survey.c50428f8.js HTTP/1.1 Host: 3uo.kunsoors.top User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers` HTTP/3 200 OK date: Mon, 02 Oct 2023 04:54:17 GMT content-type: application/javascript last-modified: Fri, 29 Sep 2023 09:37:28 GMT vary: Accept-Encoding etag: W/"65169ad8-370db" strict-transport-security: max-age=1 x-content-type-options: nosniff cache-control: max-age=1800 cf-cache-status: MISS report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6F0kAntzBfAPDuQtZQ%2BioQdIsPl8rS8LKnT524NXuGJP3hFQB6McoaRKJfB%2FE0%2BIJAVR%2BKs6DiV7%2FYanVTFNjTAMlXRch%2FtMeW0oaBGuRpAvElfiYKV7ekPnjthG8ZunXVk2"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server: cloudflare cf-ray: 80fa58b41a33b511-OSL content-encoding: br alt-svc: h3=":443"; ma=86400

	3uo.kunsoors.top/js/survey.69df9022.js	172.67.154.138		2.5 kB
URL 3uo.kunsoors.top/js/survey.69df9022.js IP 172.67.154.138:0 ASN #13335 CLOUDFLARENET File type ASCII text, with very long lines (6531), with no line terminators Size 2.5 kB (2547 bytes) Hash f6b64684d9d727827e031794cc32d302 278ceb9763e3248fb56acf27e14c82d08e4a1f19 5469e0f3e7fb295107b1b4adfce93e1b38c12e39d7b69a689a68e4bc92a7fd31 HTTP Headers `GET /js/survey.69df9022.js HTTP/1.1 Host: 3uo.kunsoors.top User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers` HTTP/3 200 OK date: Mon, 02 Oct 2023 04:54:17 GMT content-type: application/javascript last-modified: Fri, 29 Sep 2023 09:37:28 GMT vary: Accept-Encoding etag: W/"65169ad8-1983" strict-transport-security: max-age=1 x-content-type-options: nosniff cache-control: max-age=1800 cf-cache-status: MISS report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rlNKFaDA%2BdIbzXVFeXqL5vBS2QuqoT3xjXEP0%2Bdq5tSG99U2bbwpNKC6rusWETvhn5jzaudHZZ8HTO92Z7XEalihfZsL79bn9oAH1l3%2FO0wbsDohX39q3qJRwqt02L7tI9RE"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server: cloudflare cf-ray: 80fa58b41a34b511-OSL content-encoding: br alt-svc: h3=":443"; ma=86400

	3uo.kunsoors.top/js/v-index.mjs.1b22d2bd.js	172.67.154.138		8.5 kB
URL 3uo.kunsoors.top/js/v-index.mjs.1b22d2bd.js IP 172.67.154.138:0 ASN #13335 CLOUDFLARENET File type ASCII text, with very long lines (35191), with no line terminators Size 8.5 kB (8469 bytes) Hash 593ac892770585e2d4df5df5dc292f82 27bfc32c50ade996e3a85864b2b44d74dd0b5447 1c55363c34406fae9ffa181b56f08b209e37c97c64ed09e160857d8c3dba92f6 HTTP Headers `GET /js/v-index.mjs.1b22d2bd.js HTTP/1.1 Host: 3uo.kunsoors.top User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers` HTTP/3 200 OK date: Mon, 02 Oct 2023 04:54:17 GMT content-type: application/javascript last-modified: Fri, 29 Sep 2023 09:37:28 GMT vary: Accept-Encoding etag: W/"65169ad8-8977" strict-transport-security: max-age=1 x-content-type-options: nosniff cache-control: max-age=1800 cf-cache-status: MISS report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9uQWAnBo1TN%2Fm8AiPkAB0mbyO7CTwcnwDziIgQFBmXZd1bD8rC1kZkhNzXxQ1X8qAapA4JRLSCwqmvxlHMOtZsi8HVcHv0d%2FURnaQyV2pDHWpnG5CVdy7B00IIj9Tj%2F66S7V"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server: cloudflare cf-ray: 80fa58b41a31b511-OSL content-encoding: br alt-svc: h3=":443"; ma=86400

	3uo.kunsoors.top/finance-survey.html	172.67.154.138		2.7 kB
URL 3uo.kunsoors.top/finance-survey.html IP 172.67.154.138:0 ASN #13335 CLOUDFLARENET File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5616), with no line terminators Size 2.7 kB (2734 bytes) Hash 6297c0b73e3cc6079615cf2cb79ff35e e31d172f3167a8d5e3a28d12dd85954960a80756 6160d29197761b1b4dab7dca3ee8b62cad9a8a6660e43c82d45d241f9dfcc0c1 HTTP Headers `GET /finance-survey.html HTTP/1.1 Host: 3uo.kunsoors.top User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Mon, 02 Oct 2023 04:54:16 GMT content-type: text/html last-modified: Fri, 29 Sep 2023 09:37:28 GMT vary: Accept-Encoding strict-transport-security: max-age=1 x-content-type-options: nosniff cache-control: max-age=1800 cf-cache-status: MISS report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e6Kbaz54OUr6BhUS9XEx1YnTUbpJs1l%2FOhcJmQgZFxPbTb%2FM02drBEaZL2dW%2BxMlwMtSgavqbv3HYTEObnUZ2gQFT%2FYE8ZsuuCAZ%2BfF8YdNVP2HlgF9j45DRnslMbd2XQ6t0"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server: cloudflare cf-ray: 80fa58af88abb524-OSL content-encoding: br alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

	3uo.kunsoors.top/favicon.ico	172.67.154.138		1.4 kB
URL 3uo.kunsoors.top/favicon.ico IP 172.67.154.138:0 ASN #13335 CLOUDFLARENET File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data Size 1.4 kB (1354 bytes) Hash 668ba1a9fa1890ba16cb8adc28d3dad8 5e35223b2541265114eaf61b9da2556c812fea17 7746cf1b553433822522f2dc432f55fe64eee1f1cf823ef6adfde02e58e1d7e2 HTTP Headers `GET /favicon.ico HTTP/1.1 Host: 3uo.kunsoors.top User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Cookie: OAID=bd3f8fdf8ae744cc95e54a833a171550; oaidts=1696222457 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers` HTTP/3 200 OK date: Mon, 02 Oct 2023 04:54:17 GMT content-type: image/x-icon last-modified: Fri, 29 Sep 2023 09:37:28 GMT vary: Accept-Encoding etag: W/"65169ad8-47e" strict-transport-security: max-age=1 x-content-type-options: nosniff cache-control: max-age=1800 cf-cache-status: MISS report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2czhn%2BMdCbPDmzqx1kRHkDWCRTUQd14CDNocfUqOKdSAphXNHaTzYasPfwxG%2BAi1kghuN2OtkvJ5gkFio5QwKOWlU7%2F1OsPff4ICc9RJEq7Kb8aN3gOYdFN6ocIbxaEs2PVh"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server: cloudflare cf-ray: 80fa58b8bcd8b511-OSL content-encoding: br alt-svc: h3=":443"; ma=86400

	ocsp.pki.goog/gts1c3	142.250.74.131		472 B
URL ocsp.pki.goog/gts1c3 IP 142.250.74.131:0 ASN #15169 GOOGLE File type data Size 472 B (472 bytes) Hash f50819995d37b11240c3112af093a622 9efe6e66ebb2648137de977fe968ee03e5391cde 436263022f64f9d7c3dc95ee6c84485a947ea2eda6befb7ce96e5d9f890329b9 HTTP Headers `POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Mon, 02 Oct 2023 04:54:18 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN`

	www.google.com/favicon.ico	216.58.207.228	200 OK	1.5 kB
URL GET HTTP/3 www.google.com/favicon.ico IP 216.58.207.228:443 ASN #15169 GOOGLE Requested by https://www.google.com/url?q=https://sikrebettingsider.com/casino/krypto/&;source=gmail&;ust=1696270920912000&;usg=AOvVaw0pmSKVgpMdE27h4iUwFWSo Certificate IssuerGoogle Trust Services LLC Subject.google.com FingerprintBB:B9:27:FB:7D:F3:A7:1A:57:CC:23:F8:42:E9:10:BE:59:7E:1F:D4 ValidityMon, 04 Sep 2023 08:17:06 GMT - Mon, 27 Nov 2023 08:17:05 GMT File type MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data Size 1.5 kB (1494 bytes) Hash f3418a443e7d841097c714d69ec4bcb8 49263695f6b0cdd72f45cf1b775e660fdc36c606 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770 HTTP Headers GET /favicon.ico HTTP/1.1 Host: www.google.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://www.google.com/url?q=https://sikrebettingsider.com/casino/krypto/&;source=gmail&;ust=1696270920912000&;usg=AOvVaw0pmSKVgpMdE27h4iUwFWSo Cookie: SOCS=CAESHAgBEhJnd3NfMjAyMjA5MjktMF9SQzEaAnJvIAEaBgiAkvOZBg; __Secure-ENID=15.SE=HiTlWiwvoBKrm8aSJtZw-n6c-1i8k7gvrdkJ4wFFKXMnwMY7g7bbxqVAzWh5WvWk37yn9Ep-ZBxtSDsyjJHxntDRgpifdKwVXYp7khi3CnA9ibJNiTr51-7W5nK9FAptSwhLyt2rj42k3DD60OvpeK6fE14xohvKQP1t3oZnyzk; CONSENT=PENDING+423 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/3 200 OK accept-ranges: bytes content-encoding: gzip cross-origin-resource-policy: cross-origin cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable" report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} content-length: 1494 x-content-type-options: nosniff server: sffe x-xss-protection: 0 date: Mon, 02 Oct 2023 01:31:56 GMT expires: Tue, 10 Oct 2023 01:31:56 GMT cache-control: public, max-age=691200 last-modified: Tue, 22 Oct 2019 18:30:00 GMT content-type: image/x-icon vary: Accept-Encoding age: 12142 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

	www.google.com/url?q=https://sikrebettingsider.com/casino/krypto/&;source=gmail&;ust=1696270920912000&;usg=AOvVaw0pmSKVgpMdE27h4iUwFWSo	216.58.207.228	200 OK	1.5 kB
URL User Request GET HTTP/2 www.google.com/url?q=https://sikrebettingsider.com/casino/krypto/&;source=gmail&;ust=1696270920912000&;usg=AOvVaw0pmSKVgpMdE27h4iUwFWSo IP 216.58.207.228:443 ASN #15169 GOOGLE Certificate IssuerGoogle Trust Services LLC Subjectwww.google.com FingerprintD2:77:FE:08:C6:61:6A:42:5C:1F:85:13:DA:23:B2:B8:46:20:45:88 ValidityMon, 04 Sep 2023 08:23:29 GMT - Mon, 27 Nov 2023 08:23:28 GMT File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (1519), with no line terminators Size 1.5 kB (1494 bytes) Hash b52e9254256f7f97c4e765a40baff671 8610531aa3b600066cc7ccf3717c4010ee0aed77 be5fed5f6522343b2eff742c14546074237bebae933bf0f1089df840ee24e2d7 HTTP Headers GET /url?q=https://sikrebettingsider.com/casino/krypto/&;source=gmail&;ust=1696270920912000&;usg=AOvVaw0pmSKVgpMdE27h4iUwFWSo HTTP/1.1 Host: www.google.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Cookie: SOCS=CAESHAgBEhJnd3NfMjAyMjA5MjktMF9SQzEaAnJvIAEaBgiAkvOZBg Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK date: Mon, 02 Oct 2023 04:54:18 GMT pragma: no-cache expires: Fri, 01 Jan 1990 00:00:00 GMT cache-control: no-cache, must-revalidate content-type: text/html; charset=UTF-8 strict-transport-security: max-age=31536000 content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-TA3oUdb8qEHANPQrLK7QNg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info." content-encoding: br server: gws content-length: 664 x-xss-protection: 0 set-cookie: __Secure-ENID=15.SE=HiTlWiwvoBKrm8aSJtZw-n6c-1i8k7gvrdkJ4wFFKXMnwMY7g7bbxqVAzWh5WvWk37yn9Ep-ZBxtSDsyjJHxntDRgpifdKwVXYp7khi3CnA9ibJNiTr51-7W5nK9FAptSwhLyt2rj42k3DD60OvpeK6fE14xohvKQP1t3oZnyzk; expires=Thu, 31-Oct-2024 21:12:36 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax CONSENT=PENDING+423; expires=Wed, 01-Oct-2025 04:54:18 GMT; path=/; domain=.google.com; Secure alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (8)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers