Report - xdate1.com/continue_pp/?bemobdata=c=b80bd1a3-fd66-4fab-a08d-736cc3305844..l=2cd29229-dea3-4c8e-a6cc-77c0bc7f29bc..a=0..b=0..z=0.000136..e=741873776022795238..c1=6118780..c2=7503916..c3=US..c4=broadband..c5=?..c6=other..c7=other..c8=ca..c9=google%20cloud..c10=android13..r=date.xdate1.com..ts=1698440024635

Report Overview

Visited public
2023-10-27 20:54:18
Tags
URL
xdate1.com/continue_pp/?bemobdata=c=b80bd1a3-fd66-4fab-a08d-736cc3305844..l=2cd29229-dea3-4c8e-a6cc-77c0bc7f29bc..a=0..b=0..z=0.000136..e=741873776022795238..c1=6118780..c2=7503916..c3=US..c4=broadband..c5=?..c6=other..c7=other..c8=ca..c9=google%20cloud..c10=android13..r=date.xdate1.com..ts=1698440024635
Finishing URL
xdate1.com/continue_pp/?bemobdata=c=b80bd1a3-fd66-4fab-a08d-736cc3305844..l=2cd29229-dea3-4c8e-a6cc-77c0bc7f29bc..a=0..b=0..z=0.000136..e=741873776022795238..c1=6118780..c2=7503916..c3=US..c4=broadband..c5=?..c6=other..c7=other..c8=ca..c9=google%20cloud..c10=android13..r=date.xdate1.com..ts=1698440024635#
IP / ASN
75.2.60.5
#16509 AMAZON-02
Title
Age Verification

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
desekansr.com	unknown	2022-05-12	2022-05-12 10:00:20	2023-10-27 06:12:04	985 B	28 kB	139.45.197.250
backunder.com	unknown	2022-12-13	2022-12-14 01:20:46	2023-10-27 17:21:44	394 B	2.7 kB	188.114.96.1
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-10-27 19:02:29	495 B	22 kB	142.250.74.10
xdate1.com	unknown	2023-10-25	2018-06-15 23:43:36	2023-10-27 05:34:14	4.3 kB	36 kB	75.2.60.5
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-10-27 18:55:07	1.0 kB	33 kB	216.58.207.227

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-10-27	medium	desekansr.com	Sinkholed
2023-10-27	medium	desekansr.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (3)

	URL	From	Size	First Seen	Last Seen
	xdate1.com/continue_pp/?bemobdata=c=b80bd1a3-fd66-4fab-a08d-736cc3305844..l=2cd29229-dea3-4c8e-a6cc-77c0bc7f29bc..a=0..b=0..z=0.000136..e=741873776022795238..c1=6118780..c2=7503916..c3=US..c4=broadband..c5=?..c6=other..c7=other..c8=ca..c9=google%20cloud..c10=android13..r=date.xdate1.com..ts=1698440024635	ScriptElement	0 B	0001-01-01	2025-06-21
Pretty URL xdate1.com/continue_pp/?bemobdata=c=b80bd1a3-fd66-4fab-a08d-736cc3305844..l=2cd29229-dea3-4c8e-a6cc-77c0bc7f29bc..a=0..b=0..z=0.000136..e=741873776022795238..c1=6118780..c2=7503916..c3=US..c4=broadband..c5=?..c6=other..c7=other..c8=ca..c9=google%20cloud..c10=android13..r=date.xdate1.com..ts=1698440024635 IP 75.2.60.5 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-06-21 04:13 Times Seen5048690 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	backunder.com/script.js	ScriptElement	911 B	2023-03-13	2025-04-07
Pretty URL backunder.com/script.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 07:39 Last Seen2025-04-07 11:00 Times Seen1633 Hash 87431f5c53069a8fd36f6efee29a514f 08296a974e36b3c9c9eb2a853658fbb8659c8836 e05b5f6d873b1857e696af8883191ef454f3919e62df36805ad502ba6a0dbfb7 Loading...

	desekansr.com/pfe/current/micro.tag.min.js?z=6511950&sw=/sw-check-permissions-e4ed0.js&nouns=1	ScriptElement	27 kB	2023-10-24	2023-10-30
Pretty URL desekansr.com/pfe/current/micro.tag.min.js?z=6511950&sw=/sw-check-permissions-e4ed0.js&nouns=1 IP 139.45.197.250 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-24 17:22 Last Seen2023-10-30 09:07 Times Seen809 Hash 85866d16f31a54a59a179c0d8788df10 66b1a47a34dd43b867a925554f992335fb0cdd86 c813b41b59bc4a7ec2231d7dff7639d3c83c1aed67a4f2b043de91c5dd21bbe6 Loading...

HTTP Transactions (12)

URL IP Response Size

GET xdate1.com/continue_pp/?bemobdata=c=b80bd1a3-fd66-4fab-a08d-736cc3305844..l=2cd29229-dea3-4c8e-a6cc-77c0bc7f29bc..a=0..b=0..z=0.000136..e=741873776022795238..c1=6118780..c2=7503916..c3=US..c4=broadband..c5=?..c6=other..c7=other..c8=ca..c9=google%20cloud..c10=android13..r=date.xdate1.com..ts=1698440024635

75.2.60.5

200 OK

737 B

URL User Request GET HTTP/2
xdate1.com/continue_pp/?bemobdata=c=b80bd1a3-fd66-4fab-a08d-736cc3305844..l=2cd29229-dea3-4c8e-a6cc-77c0bc7f29bc..a=0..b=0..z=0.000136..e=741873776022795238..c1=6118780..c2=7503916..c3=US..c4=broadband..c5=?..c6=other..c7=other..c8=ca..c9=google%20cloud..c10=android13..r=date.xdate1.com..ts=1698440024635
IP
75.2.60.5:443
ASN
#16509 AMAZON-02

Certificate
IssuerLet's Encrypt
Subjectwww.xdate1.com
Fingerprint6F:FA:30:15:C7:71:42:90:94:14:D0:03:1F:23:E5:B4:E0:21:2D:B5
ValidityWed, 25 Oct 2023 10:43:11 GMT - Tue, 23 Jan 2024 10:43:10 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
737 B (737 bytes)
Hash
da25126e620fb5de910b2a88f2f95498
2b8d59373b4886c1ae42e2fb7ccb89690e68e822
f6a2a0dcc6fb952c27774e749657be53ba882bb3043f5ddeb7793a5df813cb5f

HTTP Headers

GET /continue_pp/?bemobdata=c=b80bd1a3-fd66-4fab-a08d-736cc3305844..l=2cd29229-dea3-4c8e-a6cc-77c0bc7f29bc..a=0..b=0..z=0.000136..e=741873776022795238..c1=6118780..c2=7503916..c3=US..c4=broadband..c5=?..c6=other..c7=other..c8=ca..c9=google%20cloud..c10=android13..r=date.xdate1.com..ts=1698440024635 HTTP/1.1
Host: xdate1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
age: 103914
cache-control: public,max-age=0,must-revalidate
content-encoding: br
content-type: text/html; charset=UTF-8
date: Fri, 27 Oct 2023 20:54:01 GMT
etag: "db149c2822881cd92a79518b5a7cc070-ssl-df"
server: Netlify
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-nf-request-id: 01HDSEMNF792Z2KTGX5387ZRDW
content-length: 737
X-Firefox-Spdy: h2

GET xdate1.com/continue_pp/css/badoinkvr9.min.css

75.2.60.5

200 OK

26 kB

URL GET HTTP/2
xdate1.com/continue_pp/css/badoinkvr9.min.css
IP
75.2.60.5:443
ASN
#16509 AMAZON-02

Requested by
https://xdate1.com/continue_pp/?bemobdata=c=b80bd1a3-fd66-4fab-a08d-736cc3305844..l=2cd29229-dea3-4c8e-a6cc-77c0bc7f29bc..a=0..b=0..z=0.000136..e=741873776022795238..c1=6118780..c2=7503916..c3=US..c4=broadband..c5=?..c6=other..c7=other..c8=ca..c9=google%20cloud..c10=android13..r=date.xdate1.com..ts=1698440024635
Certificate
IssuerLet's Encrypt
Subjectwww.xdate1.com
Fingerprint6F:FA:30:15:C7:71:42:90:94:14:D0:03:1F:23:E5:B4:E0:21:2D:B5
ValidityWed, 25 Oct 2023 10:43:11 GMT - Tue, 23 Jan 2024 10:43:10 GMT

File type
Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
Size
26 kB (25737 bytes)
Hash
56f0a90e9ddd25c4ae9bd3501deb2af2
b2266c8f998c35dd1c90c8fa6395170b196b3fca
ee5192f606e881f5dff6f130494895dc197de141255582a3999e06158ed21daf

HTTP Headers

GET /continue_pp/css/badoinkvr9.min.css HTTP/1.1
Host: xdate1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xdate1.com/continue_pp/?bemobdata=c=b80bd1a3-fd66-4fab-a08d-736cc3305844..l=2cd29229-dea3-4c8e-a6cc-77c0bc7f29bc..a=0..b=0..z=0.000136..e=741873776022795238..c1=6118780..c2=7503916..c3=US..c4=broadband..c5=?..c6=other..c7=other..c8=ca..c9=google%20cloud..c10=android13..r=date.xdate1.com..ts=1698440024635
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
age: 17741
cache-control: public,max-age=0,must-revalidate
content-encoding: br
content-type: text/css; charset=UTF-8
date: Fri, 27 Oct 2023 20:54:02 GMT
etag: "e2e3bbc225a0908375d4b0416b3d4e8b-ssl-df"
server: Netlify
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-nf-request-id: 01HDSEMNSXV0NTGG9CFKZGANHK
content-length: 25737
X-Firefox-Spdy: h2

GET xdate1.com/continue_pp/img/18.png

75.2.60.5

200 OK

4.5 kB

URL GET HTTP/2
xdate1.com/continue_pp/img/18.png
IP
75.2.60.5:443
ASN
#16509 AMAZON-02

Requested by
https://xdate1.com/continue_pp/?bemobdata=c=b80bd1a3-fd66-4fab-a08d-736cc3305844..l=2cd29229-dea3-4c8e-a6cc-77c0bc7f29bc..a=0..b=0..z=0.000136..e=741873776022795238..c1=6118780..c2=7503916..c3=US..c4=broadband..c5=?..c6=other..c7=other..c8=ca..c9=google%20cloud..c10=android13..r=date.xdate1.com..ts=1698440024635
Certificate
IssuerLet's Encrypt
Subjectwww.xdate1.com
Fingerprint6F:FA:30:15:C7:71:42:90:94:14:D0:03:1F:23:E5:B4:E0:21:2D:B5
ValidityWed, 25 Oct 2023 10:43:11 GMT - Tue, 23 Jan 2024 10:43:10 GMT

File type
PNG image data, 214 x 214, 8-bit/color RGBA, non-interlaced\012- data
Size
4.5 kB (4505 bytes)
Hash
0cd2d16e38d0996d7c58513cc1b289bc
1ffa26c4fae781512663f0fa882afac03642109b
e8cf3747473436d6d1b29d5e1c517e6a05ae7ed90f4e348f720cbc450aa88310

HTTP Headers

GET /continue_pp/img/18.png HTTP/1.1
Host: xdate1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xdate1.com/continue_pp/?bemobdata=c=b80bd1a3-fd66-4fab-a08d-736cc3305844..l=2cd29229-dea3-4c8e-a6cc-77c0bc7f29bc..a=0..b=0..z=0.000136..e=741873776022795238..c1=6118780..c2=7503916..c3=US..c4=broadband..c5=?..c6=other..c7=other..c8=ca..c9=google%20cloud..c10=android13..r=date.xdate1.com..ts=1698440024635
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
age: 17741
cache-control: public,max-age=0,must-revalidate
content-type: image/png
date: Fri, 27 Oct 2023 20:54:02 GMT
etag: "c6a13616a4e0d81e3896cb8609e1c568-ssl"
server: Netlify
strict-transport-security: max-age=31536000
x-nf-request-id: 01HDSEMNSYQGPFPA0H9FVGBYE1
content-length: 4505
X-Firefox-Spdy: h2

GET fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://xdate1.com/continue_pp/?bemobdata=c=b80bd1a3-fd66-4fab-a08d-736cc3305844..l=2cd29229-dea3-4c8e-a6cc-77c0bc7f29bc..a=0..b=0..z=0.000136..e=741873776022795238..c1=6118780..c2=7503916..c3=US..c4=broadband..c5=?..c6=other..c7=other..c8=ca..c9=google%20cloud..c10=android13..r=date.xdate1.com..ts=1698440024635
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintBE:D3:D2:0A:C4:57:FB:0B:D7:17:48:C8:AB:52:49:39:3E:E9:3C:60
ValidityMon, 09 Oct 2023 08:10:32 GMT - Mon, 01 Jan 2024 08:10:31 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xdate1.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 27 Oct 2023 02:00:44 GMT
expires: Sat, 26 Oct 2024 02:00:44 GMT
cache-control: public, max-age=31536000
age: 67998
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://xdate1.com/continue_pp/?bemobdata=c=b80bd1a3-fd66-4fab-a08d-736cc3305844..l=2cd29229-dea3-4c8e-a6cc-77c0bc7f29bc..a=0..b=0..z=0.000136..e=741873776022795238..c1=6118780..c2=7503916..c3=US..c4=broadband..c5=?..c6=other..c7=other..c8=ca..c9=google%20cloud..c10=android13..r=date.xdate1.com..ts=1698440024635
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintBE:D3:D2:0A:C4:57:FB:0B:D7:17:48:C8:AB:52:49:39:3E:E9:3C:60
ValidityMon, 09 Oct 2023 08:10:32 GMT - Mon, 01 Jan 2024 08:10:31 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xdate1.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 27 Oct 2023 10:05:24 GMT
expires: Sat, 26 Oct 2024 10:05:24 GMT
cache-control: public, max-age=31536000
age: 38918
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET xdate1.com/favicon.ico

75.2.60.5

404 Not Found

1.2 kB

URL GET HTTP/2
xdate1.com/favicon.ico
IP
75.2.60.5:443
ASN
#16509 AMAZON-02

Requested by
https://xdate1.com/continue_pp/?bemobdata=c=b80bd1a3-fd66-4fab-a08d-736cc3305844..l=2cd29229-dea3-4c8e-a6cc-77c0bc7f29bc..a=0..b=0..z=0.000136..e=741873776022795238..c1=6118780..c2=7503916..c3=US..c4=broadband..c5=?..c6=other..c7=other..c8=ca..c9=google%20cloud..c10=android13..r=date.xdate1.com..ts=1698440024635
Certificate
IssuerLet's Encrypt
Subjectwww.xdate1.com
Fingerprint6F:FA:30:15:C7:71:42:90:94:14:D0:03:1F:23:E5:B4:E0:21:2D:B5
ValidityWed, 25 Oct 2023 10:43:11 GMT - Tue, 23 Jan 2024 10:43:10 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (331)
Size
1.2 kB (1247 bytes)
Hash
4c1920da7e5d9180796a7cbd50c058fc
ebc6858e8987cdb52fd011a29a6914f65e753a3e
69e48d9db7c27991e0dce1a56f246fec93363cc286c71e6160282a31bf05e867

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: xdate1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xdate1.com/continue_pp/?bemobdata=c=b80bd1a3-fd66-4fab-a08d-736cc3305844..l=2cd29229-dea3-4c8e-a6cc-77c0bc7f29bc..a=0..b=0..z=0.000136..e=741873776022795238..c1=6118780..c2=7503916..c3=US..c4=broadband..c5=?..c6=other..c7=other..c8=ca..c9=google%20cloud..c10=android13..r=date.xdate1.com..ts=1698440024635
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
age: 31442
cache-control: public,max-age=0,must-revalidate
content-encoding: br
content-type: text/html; charset=utf-8
date: Fri, 27 Oct 2023 20:54:02 GMT
etag: 1698233956-ssl-df
server: Netlify
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-nf-request-id: 01HDSEMPDAMY9HW3PPVKD87FBY
content-length: 1247
X-Firefox-Spdy: h2

POST desekansr.com/zone?&pub=0&zone_id=6511950&is_mobile=false&domain=xdate1.com&var=&ymid=&var_3=&var_4=&dsig=&tg=1&action=prerequest

139.45.197.250

200 OK

0 B

URL POST HTTP/2
desekansr.com/zone?&pub=0&zone_id=6511950&is_mobile=false&domain=xdate1.com&var=&ymid=&var_3=&var_4=&dsig=&tg=1&action=prerequest
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://xdate1.com/continue_pp/?bemobdata=c=b80bd1a3-fd66-4fab-a08d-736cc3305844..l=2cd29229-dea3-4c8e-a6cc-77c0bc7f29bc..a=0..b=0..z=0.000136..e=741873776022795238..c1=6118780..c2=7503916..c3=US..c4=broadband..c5=?..c6=other..c7=other..c8=ca..c9=google%20cloud..c10=android13..r=date.xdate1.com..ts=1698440024635
Certificate
IssuerLet's Encrypt
Subjectdesekansr.com
Fingerprint51:38:4C:AC:7B:F7:D1:CC:9F:B2:9C:56:0A:BE:B4:7C:57:48:3D:2E
ValiditySat, 23 Sep 2023 06:15:33 GMT - Fri, 22 Dec 2023 06:15:32 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /zone?&pub=0&zone_id=6511950&is_mobile=false&domain=xdate1.com&var=&ymid=&var_3=&var_4=&dsig=&tg=1&action=prerequest HTTP/1.1
Host: desekansr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xdate1.com
DNT: 1
Connection: keep-alive
Referer: https://xdate1.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 27 Oct 2023 20:54:02 GMT
content-length: 0
x-trace-id: 36960956ea56dacb167cb65054b905a9
access-control-allow-origin: https://xdate1.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

GET xdate1.com/sw-check-permissions-e4ed0.js

75.2.60.5

200 OK

568 B

URL GET HTTP/2
xdate1.com/sw-check-permissions-e4ed0.js
IP
75.2.60.5:443
ASN
#16509 AMAZON-02

Requested by
https://xdate1.com/continue_pp/?bemobdata=c=b80bd1a3-fd66-4fab-a08d-736cc3305844..l=2cd29229-dea3-4c8e-a6cc-77c0bc7f29bc..a=0..b=0..z=0.000136..e=741873776022795238..c1=6118780..c2=7503916..c3=US..c4=broadband..c5=?..c6=other..c7=other..c8=ca..c9=google%20cloud..c10=android13..r=date.xdate1.com..ts=1698440024635
Certificate
IssuerLet's Encrypt
Subjectwww.xdate1.com
Fingerprint6F:FA:30:15:C7:71:42:90:94:14:D0:03:1F:23:E5:B4:E0:21:2D:B5
ValidityWed, 25 Oct 2023 10:43:11 GMT - Tue, 23 Jan 2024 10:43:10 GMT

File type
Java source, ASCII text
Size
568 B (568 bytes)
Hash
a1aa049a1f84165466f123368486a521
6f37f182343ecdc5bc2fe61596408234b5afa41a
f833175e731cf7481e4f37d65538b23db6d08bd0bff7db1071f52d094b56e74c

HTTP Headers

GET /sw-check-permissions-e4ed0.js HTTP/1.1
Host: xdate1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Referer: https://xdate1.com/continue_pp/?bemobdata=c=b80bd1a3-fd66-4fab-a08d-736cc3305844..l=2cd29229-dea3-4c8e-a6cc-77c0bc7f29bc..a=0..b=0..z=0.000136..e=741873776022795238..c1=6118780..c2=7503916..c3=US..c4=broadband..c5=?..c6=other..c7=other..c8=ca..c9=google%20cloud..c10=android13..r=date.xdate1.com..ts=1698440024635
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
age: 31442
cache-control: public,max-age=0,must-revalidate
content-type: application/javascript; charset=UTF-8
date: Fri, 27 Oct 2023 20:54:02 GMT
etag: "b7e86bb3787afba1c14bde8171b8c5f9-ssl"
server: Netlify
strict-transport-security: max-age=31536000
x-nf-request-id: 01HDSEMPEP5EW7VWPT948SDQWC
content-length: 568
X-Firefox-Spdy: h2

GET backunder.com/script.js

188.114.96.1

200 OK

2.0 kB

URL GET HTTP/2
backunder.com/script.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://xdate1.com/continue_pp/?bemobdata=c=b80bd1a3-fd66-4fab-a08d-736cc3305844..l=2cd29229-dea3-4c8e-a6cc-77c0bc7f29bc..a=0..b=0..z=0.000136..e=741873776022795238..c1=6118780..c2=7503916..c3=US..c4=broadband..c5=?..c6=other..c7=other..c8=ca..c9=google%20cloud..c10=android13..r=date.xdate1.com..ts=1698440024635
Certificate
IssuerGoogle Trust Services LLC
Subjectbackunder.com
Fingerprint81:0F:1F:DD:7B:EF:3D:F1:3B:A1:CA:19:25:A6:D2:97:41:97:B0:80
ValidityThu, 05 Oct 2023 14:52:54 GMT - Wed, 03 Jan 2024 14:52:53 GMT

File type
ASCII text, with very long lines (350)
Size
2.0 kB (1966 bytes)
Hash
87431f5c53069a8fd36f6efee29a514f
08296a974e36b3c9c9eb2a853658fbb8659c8836
e05b5f6d873b1857e696af8883191ef454f3919e62df36805ad502ba6a0dbfb7

HTTP Headers

GET /script.js HTTP/1.1
Host: backunder.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xdate1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 27 Oct 2023 20:54:02 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=1228
etag: W/"4cc-5f2f3364b2fe4-gzip"
last-modified: Mon, 23 Jan 2023 19:14:45 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 1187
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RKY7JaZIwOeu64mU5sGFJaftufWD1zy4eZyF6NzP093O32jcTZF3TXIBjPNv6dPCV5zl63u9EzLLZgucAjI7J9tO86DsoAKAvHlHkfYgBD1lXH0hjqOC9IWaAS7IXFlU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81cdd4f8ae3a5693-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

75.2.60.5

200 OK

737 B

URL User Request GET HTTP/2
xdate1.com/continue_pp/?bemobdata=c=b80bd1a3-fd66-4fab-a08d-736cc3305844..l=2cd29229-dea3-4c8e-a6cc-77c0bc7f29bc..a=0..b=0..z=0.000136..e=741873776022795238..c1=6118780..c2=7503916..c3=US..c4=broadband..c5=?..c6=other..c7=other..c8=ca..c9=google%20cloud..c10=android13..r=date.xdate1.com..ts=1698440024635
IP
75.2.60.5:443
ASN
#16509 AMAZON-02

Certificate
IssuerLet's Encrypt
Subjectwww.xdate1.com
Fingerprint6F:FA:30:15:C7:71:42:90:94:14:D0:03:1F:23:E5:B4:E0:21:2D:B5
ValidityWed, 25 Oct 2023 10:43:11 GMT - Tue, 23 Jan 2024 10:43:10 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
737 B (737 bytes)
Hash
da25126e620fb5de910b2a88f2f95498
2b8d59373b4886c1ae42e2fb7ccb89690e68e822
f6a2a0dcc6fb952c27774e749657be53ba882bb3043f5ddeb7793a5df813cb5f

HTTP Headers

GET /continue_pp/?bemobdata=c=b80bd1a3-fd66-4fab-a08d-736cc3305844..l=2cd29229-dea3-4c8e-a6cc-77c0bc7f29bc..a=0..b=0..z=0.000136..e=741873776022795238..c1=6118780..c2=7503916..c3=US..c4=broadband..c5=?..c6=other..c7=other..c8=ca..c9=google%20cloud..c10=android13..r=date.xdate1.com..ts=1698440024635 HTTP/1.1
Host: xdate1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
age: 103929
cache-control: public,max-age=0,must-revalidate
content-encoding: br
content-type: text/html; charset=UTF-8
date: Fri, 27 Oct 2023 20:54:16 GMT
etag: "db149c2822881cd92a79518b5a7cc070-ssl-df"
server: Netlify
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-nf-request-id: 01HDSEN3AA1KM089MKMS4NQCYD
content-length: 737
X-Firefox-Spdy: h2

GET fonts.googleapis.com/css?family=Roboto:100,100italic,300,400,400italic,300italic,500,500italic,700,700italic

142.250.74.10

200 OK

21 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Roboto:100,100italic,300,400,400italic,300italic,500,500italic,700,700italic
IP
142.250.74.10:443
ASN
#15169 GOOGLE

Requested by
https://xdate1.com/continue_pp/?bemobdata=c=b80bd1a3-fd66-4fab-a08d-736cc3305844..l=2cd29229-dea3-4c8e-a6cc-77c0bc7f29bc..a=0..b=0..z=0.000136..e=741873776022795238..c1=6118780..c2=7503916..c3=US..c4=broadband..c5=?..c6=other..c7=other..c8=ca..c9=google%20cloud..c10=android13..r=date.xdate1.com..ts=1698440024635
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint87:BD:C2:71:54:40:3F:F2:18:79:1A:89:F5:E9:BC:63:E5:EC:57:64
ValidityMon, 09 Oct 2023 08:10:33 GMT - Mon, 01 Jan 2024 08:10:32 GMT

File type
ASCII text
Size
21 kB (21329 bytes)
Hash
0b02fafdf9b523576d24073ba06a67bc
726d886dd454423774804f237b9d31d30d956f04
b28937f589309a907b871a63671e827fb30c10cc18b08dff218ef9ebe9ff3fe0

HTTP Headers

GET /css?family=Roboto:100,100italic,300,400,400italic,300italic,500,500italic,700,700italic HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xdate1.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 27 Oct 2023 20:54:02 GMT
date: Fri, 27 Oct 2023 20:54:02 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET desekansr.com/pfe/current/micro.tag.min.js?z=6511950&sw=/sw-check-permissions-e4ed0.js&nouns=1

139.45.197.250

200 OK

27 kB

URL GET HTTP/2
desekansr.com/pfe/current/micro.tag.min.js?z=6511950&sw=/sw-check-permissions-e4ed0.js&nouns=1
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://xdate1.com/continue_pp/?bemobdata=c=b80bd1a3-fd66-4fab-a08d-736cc3305844..l=2cd29229-dea3-4c8e-a6cc-77c0bc7f29bc..a=0..b=0..z=0.000136..e=741873776022795238..c1=6118780..c2=7503916..c3=US..c4=broadband..c5=?..c6=other..c7=other..c8=ca..c9=google%20cloud..c10=android13..r=date.xdate1.com..ts=1698440024635
Certificate
IssuerLet's Encrypt
Subjectdesekansr.com
Fingerprint51:38:4C:AC:7B:F7:D1:CC:9F:B2:9C:56:0A:BE:B4:7C:57:48:3D:2E
ValiditySat, 23 Sep 2023 06:15:33 GMT - Fri, 22 Dec 2023 06:15:32 GMT

File type
ASCII text, with very long lines (26862), with no line terminators
Size
27 kB (26862 bytes)
Hash
85866d16f31a54a59a179c0d8788df10
66b1a47a34dd43b867a925554f992335fb0cdd86
c813b41b59bc4a7ec2231d7dff7639d3c83c1aed67a4f2b043de91c5dd21bbe6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pfe/current/micro.tag.min.js?z=6511950&sw=/sw-check-permissions-e4ed0.js&nouns=1 HTTP/1.1
Host: desekansr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xdate1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 27 Oct 2023 20:54:02 GMT
content-type: application/javascript
last-modified: Tue, 24 Oct 2023 15:19:50 GMT
etag: W/"6537e096-68ee"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (12)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2