| clampalarmlightning.com/mg6855bnjx?adb=n&adb=n&codt=97&dev=r&key=be884821a741b4942bc256f713f4f8f6&kw=[%22sportea%22]&psid=https://hd-nfl.online,s1.sportea.link&refer=https://s1.sportea.link/live/channel.php?ch=es7&res=14.31&scrHeight=720&scrWidth=1280&ship=&sub3=invoke_layer&tz=3&uuid=298b2ae5-ca37-4af0-ba40-27dd0c63a8c8:2:1&v=24.4.2204 | 172.240.108.84 | | 1.7 kB |
URL clampalarmlightning.com/mg6855bnjx?adb=n&adb=n&codt=97&dev=r&key=be884821a741b4942bc256f713f4f8f6&kw=[%22sportea%22]&psid=https://hd-nfl.online,s1.sportea.link&refer=https://s1.sportea.link/live/channel.php?ch=es7&res=14.31&scrHeight=720&scrWidth=1280&ship=&sub3=invoke_layer&tz=3&uuid=298b2ae5-ca37-4af0-ba40-27dd0c63a8c8:2:1&v=24.4.2204 IP172.240.108.84:0
File typeHTML document, ASCII text, with very long lines (795) Hashe027b348ea7d9099867f4f755d62446b c9a1215dd0504e9f31b25473bf863dbdaac998a5 590cca3cb27cc8d1356e3d017046fe711d51e88848480682180cbc0b464968bb
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /mg6855bnjx?adb=n&adb=n&codt=97&dev=r&key=be884821a741b4942bc256f713f4f8f6&kw=[%22sportea%22]&psid=https://hd-nfl.online,s1.sportea.link&refer=https://s1.sportea.link/live/channel.php?ch=es7&res=14.31&scrHeight=720&scrWidth=1280&ship=&sub3=invoke_layer&tz=3&uuid=298b2ae5-ca37-4af0-ba40-27dd0c63a8c8:2:1&v=24.4.2204 HTTP/1.1
Host: clampalarmlightning.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 18 Apr 2024 20:35:13 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=22987436; expires=Fri, 19 Apr 2024 20:35:13 GMT
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjk4NzQzNiwiayI6ImJlODg0ODIxYTc0MWI0OTQyYmMyNTZmNzEzZjRmOGY2Iiwic2lkIjoiaHR0cHM6Ly9oZC1uZmwub25saW5lLHMxLnNwb3J0ZWEubGluayIsImlzaWQiOjIsImFzaWQiOjEsInppZCI6Mzc2NzgxMCwicGlkIjoxODAzNTU3LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjE5LCJhaWQiOjI4LCJwdCI6NCwicGsiOiJtZzY4NTVibmp4IiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjpmYWxzZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL3MxLnNwb3J0ZWEubGluay9saXZlL2NoYW5uZWwucGhwP2NoPWVzNyIsImFyIjpbXX19.I7jXQc_0PJjXAM3HrZhvfpYgjbJIwdLy2VTNS13hpRk; expires=Thu, 18 Apr 2024 20:36:13 GMT
uid_id2=298b2ae5-ca37-4af0-ba40-27dd0c63a8c8:2:1; expires=Thu, 25 Apr 2024 20:35:13 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ecf81d3a55790af3955fdc504c2f0faa
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
| clampalarmlightning.com/api/users?token=L21nNjg1NWJuang_YWRiPW4mY29kdD05NyZkZXY9ciZrZXk9YmU4ODQ4MjFhNzQxYjQ5NDJiYzI1NmY3MTNmNGY4ZjYma3c9JTVCJTIyc3BvcnRlYSUyMiU1RCZwc2lkPWh0dHBzJTNBJTJGJTJGaGQtbmZsLm9ubGluZSUyQ3MxLnNwb3J0ZWEubGluayZwc3Q9MTcxMzQ3MjU3MyZyZWZlcj1odHRwcyUzQSUyRiUyRnMxLnNwb3J0ZWEubGluayUyRmxpdmUlMkZjaGFubmVsLnBocCUzRmNoJTNEZXM3JnJlcz0xNC4zMSZybXRjPXQmc2NySGVpZ2h0PTcyMCZzY3JXaWR0aD0xMjgwJnNoaXA9JnNodT0xZThmMzFmNTIzZDVhMGVmZDFhNTQ2MjdmMzM4MTI2ZTBhZTQ0NzE2ZWY3ZDE4MjEzYzBkNWJkOWZlNjZkMmY3NTk1N2Q1ZmE3NTUzNjU1MTM2ZTY3MTgzNzI1YTdhMWYyYzc5Mzg4OTM1NjVmNDk2OGJlNzQ1NjFkMDczYjZjYWM1Y2NmOTI0YzAwNTliOGUzNzRmZjdjMTMzZTM0ZjNjNzdhZGUyYmZlNWE4ZGYyZjU3MzQ4Njk1M2MyNCZzdWIzPWludm9rZV9sYXllciZ0ej0zJnV1aWQ9Mjk4YjJhZTUtY2EzNy00YWYwLWJhNDAtMjdkZDBjNjNhOGM4JTNBMiUzQTEmdj0yNC40LjIyMDQ&uuid=298b2ae5-ca37-4af0-ba40-27dd0c63a8c8%3A2%3A1&pii=&in=false | 172.240.108.84 | | 0 B |
URL clampalarmlightning.com/api/users?token=L21nNjg1NWJuang_YWRiPW4mY29kdD05NyZkZXY9ciZrZXk9YmU4ODQ4MjFhNzQxYjQ5NDJiYzI1NmY3MTNmNGY4ZjYma3c9JTVCJTIyc3BvcnRlYSUyMiU1RCZwc2lkPWh0dHBzJTNBJTJGJTJGaGQtbmZsLm9ubGluZSUyQ3MxLnNwb3J0ZWEubGluayZwc3Q9MTcxMzQ3MjU3MyZyZWZlcj1odHRwcyUzQSUyRiUyRnMxLnNwb3J0ZWEubGluayUyRmxpdmUlMkZjaGFubmVsLnBocCUzRmNoJTNEZXM3JnJlcz0xNC4zMSZybXRjPXQmc2NySGVpZ2h0PTcyMCZzY3JXaWR0aD0xMjgwJnNoaXA9JnNodT0xZThmMzFmNTIzZDVhMGVmZDFhNTQ2MjdmMzM4MTI2ZTBhZTQ0NzE2ZWY3ZDE4MjEzYzBkNWJkOWZlNjZkMmY3NTk1N2Q1ZmE3NTUzNjU1MTM2ZTY3MTgzNzI1YTdhMWYyYzc5Mzg4OTM1NjVmNDk2OGJlNzQ1NjFkMDczYjZjYWM1Y2NmOTI0YzAwNTliOGUzNzRmZjdjMTMzZTM0ZjNjNzdhZGUyYmZlNWE4ZGYyZjU3MzQ4Njk1M2MyNCZzdWIzPWludm9rZV9sYXllciZ0ej0zJnV1aWQ9Mjk4YjJhZTUtY2EzNy00YWYwLWJhNDAtMjdkZDBjNjNhOGM4JTNBMiUzQTEmdj0yNC40LjIyMDQ&uuid=298b2ae5-ca37-4af0-ba40-27dd0c63a8c8%3A2%3A1&pii=&in=false IP172.240.108.84:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /api/users?token=L21nNjg1NWJuang_YWRiPW4mY29kdD05NyZkZXY9ciZrZXk9YmU4ODQ4MjFhNzQxYjQ5NDJiYzI1NmY3MTNmNGY4ZjYma3c9JTVCJTIyc3BvcnRlYSUyMiU1RCZwc2lkPWh0dHBzJTNBJTJGJTJGaGQtbmZsLm9ubGluZSUyQ3MxLnNwb3J0ZWEubGluayZwc3Q9MTcxMzQ3MjU3MyZyZWZlcj1odHRwcyUzQSUyRiUyRnMxLnNwb3J0ZWEubGluayUyRmxpdmUlMkZjaGFubmVsLnBocCUzRmNoJTNEZXM3JnJlcz0xNC4zMSZybXRjPXQmc2NySGVpZ2h0PTcyMCZzY3JXaWR0aD0xMjgwJnNoaXA9JnNodT0xZThmMzFmNTIzZDVhMGVmZDFhNTQ2MjdmMzM4MTI2ZTBhZTQ0NzE2ZWY3ZDE4MjEzYzBkNWJkOWZlNjZkMmY3NTk1N2Q1ZmE3NTUzNjU1MTM2ZTY3MTgzNzI1YTdhMWYyYzc5Mzg4OTM1NjVmNDk2OGJlNzQ1NjFkMDczYjZjYWM1Y2NmOTI0YzAwNTliOGUzNzRmZjdjMTMzZTM0ZjNjNzdhZGUyYmZlNWE4ZGYyZjU3MzQ4Njk1M2MyNCZzdWIzPWludm9rZV9sYXllciZ0ej0zJnV1aWQ9Mjk4YjJhZTUtY2EzNy00YWYwLWJhNDAtMjdkZDBjNjNhOGM4JTNBMiUzQTEmdj0yNC40LjIyMDQ&uuid=298b2ae5-ca37-4af0-ba40-27dd0c63a8c8%3A2%3A1&pii=&in=false HTTP/1.1
Host: clampalarmlightning.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clampalarmlightning.com/api/users?token=L21nNjg1NWJuang_a2V5PTBmMjJjMWZkNjA5ZjEzY2I3OTQ3YzhjYWJmZTFhOTBkJnN1Ym1ldHJpYz0yMjk4NzQzNg
Cookie: u_pl=22987436; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjk4NzQzNiwiayI6ImJlODg0ODIxYTc0MWI0OTQyYmMyNTZmNzEzZjRmOGY2Iiwic2lkIjoiaHR0cHM6Ly9oZC1uZmwub25saW5lLHMxLnNwb3J0ZWEubGluayIsImlzaWQiOjIsImFzaWQiOjEsInppZCI6Mzc2NzgxMCwicGlkIjoxODAzNTU3LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjE5LCJhaWQiOjI4LCJwdCI6NCwicGsiOiJtZzY4NTVibmp4IiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjpmYWxzZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL3MxLnNwb3J0ZWEubGluay9saXZlL2NoYW5uZWwucGhwP2NoPWVzNyIsImFyIjpbXX19.I7jXQc_0PJjXAM3HrZhvfpYgjbJIwdLy2VTNS13hpRk; uid_id2=298b2ae5-ca37-4af0-ba40-27dd0c63a8c8:2:1; cjs=t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx/1.21.6
Date: Thu, 18 Apr 2024 20:35:14 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://adserving.unibet.com/redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=22987436
Set-Cookie: uid_id2=298b2ae5-ca37-4af0-ba40-27dd0c63a8c8:2:1; expires=Thu, 25 Apr 2024 20:35:14 GMT
pdhtkv=true; expires=Fri, 19 Apr 2024 20:35:14 GMT
uncs=1; expires=Fri, 19 Apr 2024 20:35:14 GMT
pdhtkv28=true; expires=Fri, 19 Apr 2024 20:35:14 GMT
uncs28=1; expires=Fri, 19 Apr 2024 20:35:14 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 090f2ad6628dd928033c0817f60cf2a8
Strict-Transport-Security: max-age=0; includeSubdomains
|
| adserving.unibet.com/redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=22987436 | 13.107.246.53 | | 409 B |
URL adserving.unibet.com/redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=22987436 IP13.107.246.53:0 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
File typeASCII text, with CRLF line terminators Hash494d52b5e618ac8c0fc46b06bcabe879 be6869b065cf50e78ac0fcbb0ff6c14af6b28937 a797830accebd16e2f96248c2bc770c4c45ef90a00522214b784028a8a509f65
GET /redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=22987436 HTTP/1.1
Host: adserving.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://clampalarmlightning.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 403 Forbidden
date: Thu, 18 Apr 2024 20:35:14 GMT
content-type: text/html
content-length: 409
x-azure-ref: 20240418T203514Z-17f9dd4c48b2smg4vb48rxw4zn00000002600000000076d2
x-cache: CONFIG_NOCACHE
X-Firefox-Spdy: h2
|