Report - l.courting.site/bd/Sweepstakes/money/500Dark/?uclick=171mfv&uclickhash=171mfv-171mfv-h9-0-us-sc-8w-4427f9

Report Overview

Visited public
2025-03-14 07:59:27
Tags
URL
l.courting.site/bd/Sweepstakes/money/500Dark/?uclick=171mfv&uclickhash=171mfv-171mfv-h9-0-us-sc-8w-4427f9
Finishing URL
l.courting.site/bd/Sweepstakes/money/500Dark/?uclick=171mfv&uclickhash=171mfv-171mfv-h9-0-us-sc-8w-4427f9#
IP / ASN
104.21.32.1
#13335 CLOUDFLARENET
Title
Congratilations!

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
l.courting.site	unknown	2024-10-14	2024-12-21	2024-12-21	12 kB	958 kB	104.21.80.1
coohauwhob.net	unknown	2024-07-02	2024-07-02	2025-03-11	6.5 kB	54 kB	139.45.197.122
cloudflareinsights.com	84344	2019-08-30	2020-10-23	2025-03-12	1.0 kB	828 B	104.16.79.73
static.cloudflareinsights.com	1294	2019-08-30	2019-09-24	2025-03-12	431 B	20 kB	104.16.79.73

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-03-14	medium	coohauwhob.net	Sinkholed
2025-03-14	medium	coohauwhob.net	Sinkholed
2025-03-14	medium	coohauwhob.net	Sinkholed
2025-03-14	medium	coohauwhob.net	Sinkholed
2025-03-14	medium	coohauwhob.net	Sinkholed
2025-03-14	medium	coohauwhob.net	Sinkholed
2025-03-14	medium	coohauwhob.net	Sinkholed
2025-03-14	medium	coohauwhob.net	Sinkholed
2025-03-14	medium	coohauwhob.net	Sinkholed
2025-03-14	medium	coohauwhob.net	Sinkholed
2025-03-14	medium	coohauwhob.net	Sinkholed
2025-03-14	medium	coohauwhob.net	Sinkholed
2025-03-14	medium	coohauwhob.net	Sinkholed

ThreatFox

No alerts detected

JavaScript (4)

	URL	From	Size	First Seen	Last Seen
	l.courting.site/call/clicks.js	ScriptElement	2.9 kB	2025-03-14	2025-03-14
Pretty URL l.courting.site/call/clicks.js IP 104.21.80.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-14 07:59 Last Seen2025-03-14 07:59 Times Seen1 Hash 8ed93e8a9825d08ae0918978e897e246 b0e5374ccffec8f814410807895e508c4a4582e7 79d4883ba07a13bb5eb45e7c495ad2cb3be086d06f4662f7013ff1af4b5e432b Loading...

	l.courting.site/bd/Sweepstakes/money/500Dark/js/main.js?v=3654	ScriptElement	5.9 kB	2025-03-14	2025-03-14
Pretty URL l.courting.site/bd/Sweepstakes/money/500Dark/js/main.js?v=3654 IP 104.21.80.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-14 07:59 Last Seen2025-03-14 07:59 Times Seen1 Hash 0c3f6f859c5758b71c5f9e83067a697b 2e2e6b1b295d6d71336338f707c7739df92ead63 9317872eb4f4fb48174d88e0cc0dd1bb4e7a6105c157c76f5f9613f6e7583b14 Loading...

	static.cloudflareinsights.com/beacon.min.js	ScriptElement	20 kB	2024-06-07	2025-03-15
Pretty URL static.cloudflareinsights.com/beacon.min.js IP 104.16.79.73 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-06-07 09:21 Last Seen2025-03-15 03:53 Times Seen39054 Hash ec18af6d41f6f278b6aed3bdabffa7bc 62c9e2cab76b888829f3c5335e91c320b22329ae 8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f Loading...

	coohauwhob.net/act/files/micro.tag.min.js?z=7612376&ymid=null&sw=/sw-check-permissions-e5ce4.js	ScriptElement	47 kB	2025-03-11	2025-03-14
Pretty URL coohauwhob.net/act/files/micro.tag.min.js?z=7612376&ymid=null&sw=/sw-check-permissions-e5ce4.js IP 139.45.197.122 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-11 21:03 Last Seen2025-03-14 08:29 Times Seen18 Hash 841b5eda7cbdd18f0e16a224161f2913 361c23caf85e12e52ca01134e6ecdc306cb13e54 520928ecd0a9e284610c6e932cb58b8f21c35f3bba467aba9f33c75010e7904e Loading...

HTTP Transactions (37)

URL IP Response Size

l.courting.site/bd/Sweepstakes/money/500Dark/img/frame.svg

104.21.80.1

200 OK

11 kB

URL GET
l.courting.site/bd/Sweepstakes/money/500Dark/img/frame.svg
IP
104.21.80.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l.courting.site/bd/Sweepstakes/money/500Dark/?uclick=171mfv&uclickhash=171mfv-171mfv-h9-0-us-sc-8w-4427f9
Certificate
IssuerGoogle Trust Services
Subjectl.courting.site
Fingerprint47:D6:AD:FA:12:A7:54:FC:C8:90:0D:BE:A8:20:ED:76:9A:2B:30:E2
ValiditySun, 09 Feb 2025 15:05:14 GMT - Sat, 10 May 2025 16:05:12 GMT

File type
SVG Scalable Vector Graphics image
Size
11 kB (10589 bytes)
Hash
fc95b5d46f28b4a13444db2cf39b1a81
cbfb0d39bddb8735567e485457a8848c63b15781
8428e5c1b460f9dd4f4e5a0656c92fce7823265c819823ed706af14e568235ed

HTTP Headers

GET /bd/Sweepstakes/money/500Dark/img/frame.svg HTTP/1.1
Host: l.courting.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://l.courting.site/bd/Sweepstakes/money/500Dark/css/main.css?v=6549876954
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 14 Mar 2025 07:59:06 GMT
content-type: image/svg+xml
cf-ray: 92023ad2ec0c56aa-OSL
server: cloudflare
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"c92eb79222d84f06407602e15dbb1b1e"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
content-encoding: br
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AU3uolX4inOmzPoabU%2FhLdueQzv7lhYtwvp1nqyjyBH%2FOJmCXRcgrvawWDtCt%2FXlKr0h1ojqtzoNhcr4X7FgXQZid9Z46%2BE0jJzFIQuJI9hBQpxUmQUKTIXMGHFMhBh%2FgOc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
alt-svc: h3=":443"; ma=86400

coohauwhob.net/event

139.45.197.122

200 OK

81 B

URL POST
coohauwhob.net/event
IP
139.45.197.122:443
ASN
#9002 RETN Limited

Requested by
https://l.courting.site/bd/Sweepstakes/money/500Dark/?uclick=171mfv&uclickhash=171mfv-171mfv-h9-0-us-sc-8w-4427f9
Certificate
IssuerLet's Encrypt
Subjectcoohauwhob.net
FingerprintC8:09:CE:9B:08:A6:F5:91:D7:18:3E:F4:A3:24:D0:9E:04:6F:28:4A
ValidityThu, 27 Feb 2025 05:19:08 GMT - Wed, 28 May 2025 05:19:07 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
81 B (81 bytes)
Hash
8e7111832d2a66d6c51dc30d95d2c096
7fb08d740c9b0f0e93c3093f48ded2ec27b6b40e
b6ba1bbfffd3709f5b13ef6e9d469a38914576f4c0d349189dd23d82aaf74113

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: coohauwhob.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://l.courting.site/
Content-Type: application/json
Content-Length: 994
Origin: https://l.courting.site
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 14 Mar 2025 07:59:07 GMT
content-type: application/json; charset=utf-8
content-length: 81
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://l.courting.site
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

l.courting.site/bd/Sweepstakes/money/500Dark/?uclick=171mfv&uclickhash=171mfv-171mfv-h9-0-us-sc-8w-4427f9

104.21.80.1

200 OK

7.9 kB

URL User Request GET
l.courting.site/bd/Sweepstakes/money/500Dark/?uclick=171mfv&uclickhash=171mfv-171mfv-h9-0-us-sc-8w-4427f9
IP
104.21.80.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectl.courting.site
Fingerprint47:D6:AD:FA:12:A7:54:FC:C8:90:0D:BE:A8:20:ED:76:9A:2B:30:E2
ValiditySun, 09 Feb 2025 15:05:14 GMT - Sat, 10 May 2025 16:05:12 GMT

File type
HTML document, ASCII text, with very long lines (9241), with no line terminators
Size
7.9 kB (7889 bytes)
Hash
96bb5d918f080f3d84a4708c23851ce1
b7f488373d425dd5a51b49f7d29be4874f88bd53
e4f52177f85ed3e94d119dcc4165a3002a9ecb6529338423f15e788bba58825f

HTTP Headers

GET /bd/Sweepstakes/money/500Dark/?uclick=171mfv&uclickhash=171mfv-171mfv-h9-0-us-sc-8w-4427f9 HTTP/1.1
Host: l.courting.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 14 Mar 2025 07:59:05 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yCr37gJOAmThCs11GmUNE2zHFk9ahMiTpkzVVMGbwSoakYKiFVSVXCRECyQHEfKwEu1hiVD5PQh6MVK15K%2BDRqtG1e05qM0Jq7619qfECVo0IXywQThDVTcb%2B6Q7CRgp2vg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 92023acc78995694-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=550&min_rtt=472&rtt_var=121&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3192&recv_bytes=1190&delivery_rate=6840944&cwnd=254&unsent_bytes=0&cid=be158a91dc7235b5&ts=235&x=0"
X-Firefox-Spdy: h2

l.courting.site/bd/Sweepstakes/money/500Dark/img/avatar1.png

104.21.80.1

200 OK

9.7 kB

URL GET
l.courting.site/bd/Sweepstakes/money/500Dark/img/avatar1.png
IP
104.21.80.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l.courting.site/bd/Sweepstakes/money/500Dark/?uclick=171mfv&uclickhash=171mfv-171mfv-h9-0-us-sc-8w-4427f9
Certificate
IssuerGoogle Trust Services
Subjectl.courting.site
Fingerprint47:D6:AD:FA:12:A7:54:FC:C8:90:0D:BE:A8:20:ED:76:9A:2B:30:E2
ValiditySun, 09 Feb 2025 15:05:14 GMT - Sat, 10 May 2025 16:05:12 GMT

File type
PNG image data, 68 x 68, 8-bit/color RGBA, non-interlaced
Size
9.7 kB (9661 bytes)
Hash
9ce47d8a9530edf0a1e8630a2b0366e7
64a026db799959924e53f7b1ae4ccf846cac3334
1d8008af4fc1f9164c5123316e584a24a08ebb80eda73042d03a46a2ba88ce66

HTTP Headers

GET /bd/Sweepstakes/money/500Dark/img/avatar1.png HTTP/1.1
Host: l.courting.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://l.courting.site/bd/Sweepstakes/money/500Dark/?uclick=171mfv&uclickhash=171mfv-171mfv-h9-0-us-sc-8w-4427f9
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 14 Mar 2025 07:59:06 GMT
content-type: image/png
content-length: 9661
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "0aa3d13097a96ffc4adb85b072953368"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NNSNEDVSglJTOG6MKRzICsBtEIfe%2BauBPRNyxJafj6pFKY7o3M92dU0A%2BhejM4V95ofBJkEx2fwC%2FUCuX6GVCyZz%2BHsBWrBFlhvP95toHcS5J4%2BKrekUuVji9pOkCJLp860%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
server: cloudflare
cf-ray: 92023ad0384e5694-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1405&min_rtt=472&rtt_var=1141&sent=38&recv=43&lost=0&retrans=0&sent_bytes=30363&recv_bytes=2722&delivery_rate=21372693&cwnd=257&unsent_bytes=0&cid=be158a91dc7235b5&ts=753&x=0"
X-Firefox-Spdy: h2

l.courting.site/bd/Sweepstakes/money/500Dark/img/avatar5.png

104.21.80.1

200 OK

6.1 kB

URL GET
l.courting.site/bd/Sweepstakes/money/500Dark/img/avatar5.png
IP
104.21.80.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l.courting.site/bd/Sweepstakes/money/500Dark/?uclick=171mfv&uclickhash=171mfv-171mfv-h9-0-us-sc-8w-4427f9
Certificate
IssuerGoogle Trust Services
Subjectl.courting.site
Fingerprint47:D6:AD:FA:12:A7:54:FC:C8:90:0D:BE:A8:20:ED:76:9A:2B:30:E2
ValiditySun, 09 Feb 2025 15:05:14 GMT - Sat, 10 May 2025 16:05:12 GMT

File type
PNG image data, 68 x 68, 8-bit/color RGBA, non-interlaced
Size
6.1 kB (6142 bytes)
Hash
548d7b9d6ac3f45f25b6a1975b975498
2bcbcf46cdcce175de1693689c116b0a5951b6d5
fb506e1fd5101eab54466aa58ebdecd506f1664788a3639bc62f343a3d026091

HTTP Headers

GET /bd/Sweepstakes/money/500Dark/img/avatar5.png HTTP/1.1
Host: l.courting.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://l.courting.site/bd/Sweepstakes/money/500Dark/?uclick=171mfv&uclickhash=171mfv-171mfv-h9-0-us-sc-8w-4427f9
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 14 Mar 2025 07:59:06 GMT
content-type: image/png
content-length: 6142
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "138b84b76ae8b9d50580c67de4a450ea"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PtWBbEmwnNvHvrSvJEalDtHOxHUP8p6GbNtnnd3xid3dFiDW0AqJxYTzfOhGBhygHdX2DO7qABsXT41RgRy0K2oKFqwg3lH77fwl7LLSk%2BTTTOlFpuZSIGVrOMaT0WRYyAs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 92023ad0485e5694-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=2297&min_rtt=472&rtt_var=72&sent=317&recv=263&lost=0&retrans=0&sent_bytes=404675&recv_bytes=2722&delivery_rate=60368268&cwnd=257&unsent_bytes=0&cid=be158a91dc7235b5&ts=879&x=0"
X-Firefox-Spdy: h2

l.courting.site/bd/Sweepstakes/money/500Dark/img/card.png

104.21.80.1

200 OK

181 kB

URL GET
l.courting.site/bd/Sweepstakes/money/500Dark/img/card.png
IP
104.21.80.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l.courting.site/bd/Sweepstakes/money/500Dark/?uclick=171mfv&uclickhash=171mfv-171mfv-h9-0-us-sc-8w-4427f9
Certificate
IssuerGoogle Trust Services
Subjectl.courting.site
Fingerprint47:D6:AD:FA:12:A7:54:FC:C8:90:0D:BE:A8:20:ED:76:9A:2B:30:E2
ValiditySun, 09 Feb 2025 15:05:14 GMT - Sat, 10 May 2025 16:05:12 GMT

File type
PNG image data, 473 x 331, 8-bit/color RGBA, non-interlaced
Size
181 kB (180992 bytes)
Hash
1a1514d2c853cd45e05163c61d8aa1e9
115994c3afe65de33a24fb6d3ec1a7706313958f
ac84c8c86d8f32b7267faaba5b1f40ac992a0bba1bbe7c586494c6f268d8e43b

HTTP Headers

GET /bd/Sweepstakes/money/500Dark/img/card.png HTTP/1.1
Host: l.courting.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://l.courting.site/bd/Sweepstakes/money/500Dark/?uclick=171mfv&uclickhash=171mfv-171mfv-h9-0-us-sc-8w-4427f9
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 14 Mar 2025 07:59:06 GMT
content-type: image/png
content-length: 180992
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "a7bb95a9bc4a1e4cbac2083ee5b5cb59"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4ieq31lt2Inz8735XI54FCxtQsgcz8z40aqnwFXRLW1VzJWBbgdxLyKnrgrVvTPu9sZUJRwCJZq430TgFAiF%2FmwwuI6koAqYPw8wgsJstVVXxD6A4hzz6cCxNVOUaDLzM5o%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
server: cloudflare
cf-ray: 92023ad0486b5694-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1301&min_rtt=472&rtt_var=805&sent=46&recv=45&lost=0&retrans=0&sent_bytes=40711&recv_bytes=2722&delivery_rate=21372693&cwnd=257&unsent_bytes=0&cid=be158a91dc7235b5&ts=761&x=0"
X-Firefox-Spdy: h2

l.courting.site/bd/Sweepstakes/money/500Dark/img/LOGO-bd.png

104.21.80.1

200 OK

20 kB

URL GET
l.courting.site/bd/Sweepstakes/money/500Dark/img/LOGO-bd.png
IP
104.21.80.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l.courting.site/bd/Sweepstakes/money/500Dark/?uclick=171mfv&uclickhash=171mfv-171mfv-h9-0-us-sc-8w-4427f9
Certificate
IssuerGoogle Trust Services
Subjectl.courting.site
Fingerprint47:D6:AD:FA:12:A7:54:FC:C8:90:0D:BE:A8:20:ED:76:9A:2B:30:E2
ValiditySun, 09 Feb 2025 15:05:14 GMT - Sat, 10 May 2025 16:05:12 GMT

File type
PNG image data, 356 x 342, 8-bit colormap, non-interlaced
Size
20 kB (19500 bytes)
Hash
d60977179dfd491d3c3062b5f3bfdc99
63ac8df8871df9c17a2ceb14950661696d12ae2e
36d0f2f5368a23276c833faf280596c662c27f4be887d47503dc24251fda8e72

HTTP Headers

GET /bd/Sweepstakes/money/500Dark/img/LOGO-bd.png HTTP/1.1
Host: l.courting.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://l.courting.site/bd/Sweepstakes/money/500Dark/?uclick=171mfv&uclickhash=171mfv-171mfv-h9-0-us-sc-8w-4427f9
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 14 Mar 2025 07:59:06 GMT
content-type: image/png
content-length: 19500
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "a1ac52336badcda4d834edbc5b75dadd"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NLANGIAFD8SnRymypXplX%2FiLWfDa672JYODLKd0UZBm8X8cdTKcq5hkvMl7zNLVjDq3vNl2Jq%2Bfa1wSrDzAzZskXkueSsjeijdwGSKFBfdVGB5RdO%2B8D8xf8zcjOlscGAFY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 92023ad038455694-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=3688&min_rtt=472&rtt_var=6032&sent=22&recv=31&lost=0&retrans=0&sent_bytes=10002&recv_bytes=2722&delivery_rate=7921225&cwnd=257&unsent_bytes=0&cid=be158a91dc7235b5&ts=734&x=0"
X-Firefox-Spdy: h2

coohauwhob.net/event

139.45.197.122

200 OK

0 B

URL OPTIONS
coohauwhob.net/event
IP
139.45.197.122:443
ASN
#9002 RETN Limited

Requested by
https://l.courting.site/bd/Sweepstakes/money/500Dark/?uclick=171mfv&uclickhash=171mfv-171mfv-h9-0-us-sc-8w-4427f9
Certificate
IssuerLet's Encrypt
Subjectcoohauwhob.net
FingerprintC8:09:CE:9B:08:A6:F5:91:D7:18:3E:F4:A3:24:D0:9E:04:6F:28:4A
ValidityThu, 27 Feb 2025 05:19:08 GMT - Wed, 28 May 2025 05:19:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /event HTTP/1.1
Host: coohauwhob.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://l.courting.site/
Origin: https://l.courting.site
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 14 Mar 2025 07:59:07 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://l.courting.site
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

l.courting.site/sw-check-permissions-e5ce4.js?ymid=null&zoneId=7612376&tg=1

104.21.80.1

200 OK

564 B

URL GET
l.courting.site/sw-check-permissions-e5ce4.js?ymid=null&zoneId=7612376&tg=1
IP
104.21.80.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l.courting.site/bd/Sweepstakes/money/500Dark/?uclick=171mfv&uclickhash=171mfv-171mfv-h9-0-us-sc-8w-4427f9
Certificate
IssuerGoogle Trust Services
Subjectl.courting.site
Fingerprint47:D6:AD:FA:12:A7:54:FC:C8:90:0D:BE:A8:20:ED:76:9A:2B:30:E2
ValiditySun, 09 Feb 2025 15:05:14 GMT - Sat, 10 May 2025 16:05:12 GMT

File type
ASCII text, with very long lines (603), with no line terminators
Size
564 B (564 bytes)
Hash
1d4de473118d531f13a7e74c2cb4cc18
ffb5c03e7e74aef076588a9aaab9bad59681406b
b4c2cd21d6c1e1ba11b1ac5b7c25103c18f2f848a258c9048f0b557943e3df7f

HTTP Headers

GET /sw-check-permissions-e5ce4.js?ymid=null&zoneId=7612376&tg=1 HTTP/1.1
Host: l.courting.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://l.courting.site/bd/Sweepstakes/money/500Dark/?uclick=171mfv&uclickhash=171mfv-171mfv-h9-0-us-sc-8w-4427f9
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 14 Mar 2025 07:59:07 GMT
content-type: application/javascript
cf-cache-status: MISS
server: cloudflare
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"25a1ffbe95309a2ccd4a1d19727b0c56"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
cf-ray: 92023ad58c3856aa-OSL
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=258kogVWZKhFaHTUN2quKDVf2KGAENgqZoJkLiWoDCVisN0BpJZmCSXDXhVo3Su2glO%2FwcCqnoPZJuP1LA2rreeOXI7HQV58s9g7tQWKbAW9EB6QzMkx21FYppDMHbEoSJI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
content-encoding: gzip
alt-svc: h3=":443"; ma=86400

l.courting.site/call/clicks.js

104.21.80.1

200 OK

2.9 kB

URL GET
l.courting.site/call/clicks.js
IP
104.21.80.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l.courting.site/bd/Sweepstakes/money/500Dark/?uclick=171mfv&uclickhash=171mfv-171mfv-h9-0-us-sc-8w-4427f9
Certificate
IssuerGoogle Trust Services
Subjectl.courting.site
Fingerprint47:D6:AD:FA:12:A7:54:FC:C8:90:0D:BE:A8:20:ED:76:9A:2B:30:E2
ValiditySun, 09 Feb 2025 15:05:14 GMT - Sat, 10 May 2025 16:05:12 GMT

File type
Unicode text, UTF-8 text, with very long lines (2919), with no line terminators
Size
2.9 kB (2935 bytes)
Hash
4c4cf9a3f71b28bb7bae203b9dfe6280
171ea23d336039dd24d37ee8a04ebf1e1ec6a3ab
fc1ef887734e364d59be2c09c370ee8f3233a2abde7ed01c284f98faf4d1607b

HTTP Headers

GET /call/clicks.js HTTP/1.1
Host: l.courting.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://l.courting.site/bd/Sweepstakes/money/500Dark/?uclick=171mfv&uclickhash=171mfv-171mfv-h9-0-us-sc-8w-4427f9
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 14 Mar 2025 07:59:06 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"0cedbee716150ed5e7593617b0a99a79"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IVjOsRJejlwJBdIPEnoDP5iLYTQSa5BNTjkbMOoRIpx4pY7wktOi5q42WGe%2Bw%2B%2FVAguConDQ9sMV58SlWCDADW8zrlxCLH99Wj%2BthoAr86d0vu2JBPmL1MutOmMDDeZaQHc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
server: cloudflare
cf-ray: 92023ad0383d5694-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1059&min_rtt=472&rtt_var=546&sent=342&recv=288&lost=0&retrans=0&sent_bytes=431201&recv_bytes=2722&delivery_rate=60368268&cwnd=257&unsent_bytes=0&cid=be158a91dc7235b5&ts=949&x=0"
X-Firefox-Spdy: h2

l.courting.site/bd/Sweepstakes/money/500Dark/img/popup-img.png

104.21.80.1

200 OK

152 kB

URL GET
l.courting.site/bd/Sweepstakes/money/500Dark/img/popup-img.png
IP
104.21.80.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l.courting.site/bd/Sweepstakes/money/500Dark/?uclick=171mfv&uclickhash=171mfv-171mfv-h9-0-us-sc-8w-4427f9
Certificate
IssuerGoogle Trust Services
Subjectl.courting.site
Fingerprint47:D6:AD:FA:12:A7:54:FC:C8:90:0D:BE:A8:20:ED:76:9A:2B:30:E2
ValiditySun, 09 Feb 2025 15:05:14 GMT - Sat, 10 May 2025 16:05:12 GMT

File type
PNG image data, 473 x 331, 8-bit/color RGBA, non-interlaced
Size
152 kB (152134 bytes)
Hash
222d9f6996eceb68c053047f8835e38d
fff9165f410bf7868ded78c390b473acefe610c4
42e9104f20644029e9e23550cdfabe1b9bf66a45ff9791c01d63a340fceb392c

HTTP Headers

GET /bd/Sweepstakes/money/500Dark/img/popup-img.png HTTP/1.1
Host: l.courting.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://l.courting.site/bd/Sweepstakes/money/500Dark/?uclick=171mfv&uclickhash=171mfv-171mfv-h9-0-us-sc-8w-4427f9
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 14 Mar 2025 07:59:06 GMT
content-type: image/png
content-length: 152134
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "2155ff13bf5dbe0aaff02e2fec82f09f"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h4VIPc%2BJmyRUSe%2BZr%2FEkb38j%2FcGBz09h%2BjHoTWo5ln%2F4m4ZjwOvsrmSmuCdMQncIz9JTk2AveLyIaJXQpTrLhAHFHXaixxD1VBr4d1JRiCVplrt5hF%2BlQPONQxi%2FDhb7b88%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 92023ad048725694-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=938&min_rtt=472&rtt_var=248&sent=206&recv=153&lost=0&retrans=0&sent_bytes=251585&recv_bytes=2722&delivery_rate=60368268&cwnd=257&unsent_bytes=0&cid=be158a91dc7235b5&ts=865&x=0"
X-Firefox-Spdy: h2

l.courting.site/bd/Sweepstakes/money/500Dark/img/soo.png

104.21.80.1

200 OK

128 kB

URL GET
l.courting.site/bd/Sweepstakes/money/500Dark/img/soo.png
IP
104.21.80.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l.courting.site/bd/Sweepstakes/money/500Dark/?uclick=171mfv&uclickhash=171mfv-171mfv-h9-0-us-sc-8w-4427f9
Certificate
IssuerGoogle Trust Services
Subjectl.courting.site
Fingerprint47:D6:AD:FA:12:A7:54:FC:C8:90:0D:BE:A8:20:ED:76:9A:2B:30:E2
ValiditySun, 09 Feb 2025 15:05:14 GMT - Sat, 10 May 2025 16:05:12 GMT

File type
PNG image data, 473 x 331, 8-bit/color RGBA, non-interlaced
Size
128 kB (127695 bytes)
Hash
e4d216b4bf99badea7c4e17ff7035a8c
8c42bf8ee75964b3341b38d1af8d38dc7dac48e7
f4b2b75e07f39061e49084eeccd84539c26167826c114f82a513c9f9847fce14

HTTP Headers

GET /bd/Sweepstakes/money/500Dark/img/soo.png HTTP/1.1
Host: l.courting.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://l.courting.site/bd/Sweepstakes/money/500Dark/?uclick=171mfv&uclickhash=171mfv-171mfv-h9-0-us-sc-8w-4427f9
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 14 Mar 2025 07:59:06 GMT
content-type: image/png
content-length: 127695
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "66ba27ad823b6afd471aa198f53f8f05"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=31TnmGvrK9n6vXOwqQilC4qH2MO9VNoE1IKkNhyIrsXH3sYgRv%2Ff1LybDu%2F%2FD1YpXBqYWtXO%2F6qRtZIVh8DMhLW3%2BKoehqKdzHKlkPpBdbtr4C%2Bkhb0pBWzoPVvpWrz5bPc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 92023ad058735694-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=955&min_rtt=472&rtt_var=460&sent=349&recv=295&lost=0&retrans=0&sent_bytes=435303&recv_bytes=2722&delivery_rate=60368268&cwnd=257&unsent_bytes=0&cid=be158a91dc7235b5&ts=1201&x=0"
X-Firefox-Spdy: h2

l.courting.site/call/bot.html

104.21.80.1

308 Permanent Redirect

553 B

URL GET
l.courting.site/call/bot.html
IP
104.21.80.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l.courting.site/bd/Sweepstakes/money/500Dark/?uclick=171mfv&uclickhash=171mfv-171mfv-h9-0-us-sc-8w-4427f9
Certificate
IssuerGoogle Trust Services
Subjectl.courting.site
Fingerprint47:D6:AD:FA:12:A7:54:FC:C8:90:0D:BE:A8:20:ED:76:9A:2B:30:E2
ValiditySun, 09 Feb 2025 15:05:14 GMT - Sat, 10 May 2025 16:05:12 GMT

File type
HTML document, ASCII text, with very long lines (574), with no line terminators
Size
553 B (553 bytes)
Hash
d0757204d455ee61af2019965d066b59
05de3d5f674cae557b82716bf31eb9a31784189d
ee524c2e00b4774680c23fba2dc3cbf23d1fb2b2e3ed012ba14032fa330520ab

HTTP Headers

GET /call/bot.html HTTP/1.1
Host: l.courting.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://l.courting.site/bd/Sweepstakes/money/500Dark/?uclick=171mfv&uclickhash=171mfv-171mfv-h9-0-us-sc-8w-4427f9
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 308 Permanent Redirect
date: Fri, 14 Mar 2025 07:59:06 GMT
content-length: 0
server: cloudflare
location: /call/bot
access-control-allow-origin: *
referrer-policy: strict-origin-when-cross-origin
cf-ray: 92023ad2dc0b56aa-OSL
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UU7P5SCJzsYxqHJaNOjdoukz3Fc61dWw2eI1l12DkGt%2BkoBIBtMhhXpA51JV8xlB8psQsy7ZUH3nfb%2FJh2Di%2FLzTkitabh1%2FFED4lWyIUu%2FCfRbV%2FXWY%2Bfn8%2FDcm8xpJriU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
alt-svc: h3=":443"; ma=86400

coohauwhob.net/event

139.45.197.122

200 OK

0 B

URL POST
coohauwhob.net/event
IP
139.45.197.122:443
ASN
#9002 RETN Limited

Requested by
https://l.courting.site/bd/Sweepstakes/money/500Dark/?uclick=171mfv&uclickhash=171mfv-171mfv-h9-0-us-sc-8w-4427f9
Certificate
IssuerLet's Encrypt
Subjectcoohauwhob.net
FingerprintC8:09:CE:9B:08:A6:F5:91:D7:18:3E:F4:A3:24:D0:9E:04:6F:28:4A
ValidityThu, 27 Feb 2025 05:19:08 GMT - Wed, 28 May 2025 05:19:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: coohauwhob.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://l.courting.site/
Content-Type: text/plain;charset=UTF-8
Content-Length: 340
Origin: https://l.courting.site
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 14 Mar 2025 07:59:07 GMT
content-type: application/json; charset=utf-8
content-length: 26
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://l.courting.site
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

coohauwhob.net/zone?pub=0&zone_id=7612376&is_mobile=false&domain=l.courting.site&var=&ymid=null&var_3=&var_4=&dsig=&tg=1&sw=3.1.600&trace_id=de807814-5404-403e-b827-1ed36d0651bc&action=prerequest&drf=

139.45.197.122

200 OK

0 B

URL POST
coohauwhob.net/zone?pub=0&zone_id=7612376&is_mobile=false&domain=l.courting.site&var=&ymid=null&var_3=&var_4=&dsig=&tg=1&sw=3.1.600&trace_id=de807814-5404-403e-b827-1ed36d0651bc&action=prerequest&drf=
IP
139.45.197.122:443
ASN
#9002 RETN Limited

Requested by
https://l.courting.site/bd/Sweepstakes/money/500Dark/?uclick=171mfv&uclickhash=171mfv-171mfv-h9-0-us-sc-8w-4427f9
Certificate
IssuerLet's Encrypt
Subjectcoohauwhob.net
FingerprintC8:09:CE:9B:08:A6:F5:91:D7:18:3E:F4:A3:24:D0:9E:04:6F:28:4A
ValidityThu, 27 Feb 2025 05:19:08 GMT - Wed, 28 May 2025 05:19:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /zone?pub=0&zone_id=7612376&is_mobile=false&domain=l.courting.site&var=&ymid=null&var_3=&var_4=&dsig=&tg=1&sw=3.1.600&trace_id=de807814-5404-403e-b827-1ed36d0651bc&action=prerequest&drf= HTTP/1.1
Host: coohauwhob.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://l.courting.site/
Origin: https://l.courting.site
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 200 OK
server: nginx
date: Fri, 14 Mar 2025 07:59:07 GMT
content-length: 0
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://l.courting.site
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

coohauwhob.net/event

139.45.197.122

200 OK

0 B

URL OPTIONS
coohauwhob.net/event
IP
139.45.197.122:443
ASN
#9002 RETN Limited

Requested by
https://l.courting.site/bd/Sweepstakes/money/500Dark/?uclick=171mfv&uclickhash=171mfv-171mfv-h9-0-us-sc-8w-4427f9
Certificate
IssuerLet's Encrypt
Subjectcoohauwhob.net
FingerprintC8:09:CE:9B:08:A6:F5:91:D7:18:3E:F4:A3:24:D0:9E:04:6F:28:4A
ValidityThu, 27 Feb 2025 05:19:08 GMT - Wed, 28 May 2025 05:19:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /event HTTP/1.1
Host: coohauwhob.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://l.courting.site/
Origin: https://l.courting.site
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 14 Mar 2025 07:59:07 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://l.courting.site
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

l.courting.site/bd/Sweepstakes/money/500Dark/img/avatar6.png

104.21.80.1

200 OK

8.8 kB

URL GET
l.courting.site/bd/Sweepstakes/money/500Dark/img/avatar6.png
IP
104.21.80.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l.courting.site/bd/Sweepstakes/money/500Dark/?uclick=171mfv&uclickhash=171mfv-171mfv-h9-0-us-sc-8w-4427f9
Certificate
IssuerGoogle Trust Services
Subjectl.courting.site
Fingerprint47:D6:AD:FA:12:A7:54:FC:C8:90:0D:BE:A8:20:ED:76:9A:2B:30:E2
ValiditySun, 09 Feb 2025 15:05:14 GMT - Sat, 10 May 2025 16:05:12 GMT

File type
PNG image data, 68 x 68, 8-bit/color RGBA, non-interlaced
Size
8.8 kB (8806 bytes)
Hash
cdd183f6a1cec969b3f80997ac4ecd9d
6f954aa4fd01701b981b50b618366e52c8964609
e9547eb6d7fb83629e514acb7717268ab22ec0ee5110594a031fdd51cff2d981

HTTP Headers

GET /bd/Sweepstakes/money/500Dark/img/avatar6.png HTTP/1.1
Host: l.courting.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://l.courting.site/bd/Sweepstakes/money/500Dark/?uclick=171mfv&uclickhash=171mfv-171mfv-h9-0-us-sc-8w-4427f9
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 14 Mar 2025 07:59:06 GMT
content-type: image/png
content-length: 8806
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "6e94d58f1751cc5c48e2b1df26389b64"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LMVkdJi29LeSM50ZOIkqvQA4nqMeOmr0yYIei9gt398y%2FF5DfD87320v8%2FLZJCA5SW6WZaRuUmR%2FVuQEMJpWPICZBCn47cJtuKrkXi%2FuW4yw7zdIvjKYL91XIBrgEEb%2FvwQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 92023ad048615694-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1393&min_rtt=472&rtt_var=79&sent=180&recv=129&lost=0&retrans=0&sent_bytes=223365&recv_bytes=2722&delivery_rate=60368268&cwnd=257&unsent_bytes=0&cid=be158a91dc7235b5&ts=857&x=0"
X-Firefox-Spdy: h2

l.courting.site/bd/Sweepstakes/money/500Dark/img/avatar7.png

104.21.80.1

200 OK

7.6 kB

URL GET
l.courting.site/bd/Sweepstakes/money/500Dark/img/avatar7.png
IP
104.21.80.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l.courting.site/bd/Sweepstakes/money/500Dark/?uclick=171mfv&uclickhash=171mfv-171mfv-h9-0-us-sc-8w-4427f9
Certificate
IssuerGoogle Trust Services
Subjectl.courting.site
Fingerprint47:D6:AD:FA:12:A7:54:FC:C8:90:0D:BE:A8:20:ED:76:9A:2B:30:E2
ValiditySun, 09 Feb 2025 15:05:14 GMT - Sat, 10 May 2025 16:05:12 GMT

File type
PNG image data, 68 x 68, 8-bit/color RGBA, non-interlaced
Size
7.6 kB (7593 bytes)
Hash
fb16ccf76d9fa64a505f326f47252e9e
0c944da9d26630ee5684d1f91cf266d2bb0e4fe9
14c8559e1d5651ae03c1af1923ee3d6a0e60c7bd033b1b79e5e33556f493ce19

HTTP Headers

GET /bd/Sweepstakes/money/500Dark/img/avatar7.png HTTP/1.1
Host: l.courting.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://l.courting.site/bd/Sweepstakes/money/500Dark/?uclick=171mfv&uclickhash=171mfv-171mfv-h9-0-us-sc-8w-4427f9
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 14 Mar 2025 07:59:06 GMT
content-type: image/png
content-length: 7593
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "994cf3f0cb27487d17a6c38fe13a7c45"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FRhP9GKoQYzqKUbR9GG1%2FXwoj5Jeo1OCaT8ejwyaKF78%2BPN%2BdAMCtr7GZaHSAd8laD6phtS7ymo33Z6I96TuKofcKBQ5p4PNQ16SXL6xZ7ZDm%2FwCsKvTz8W4Xy89fY7Dfrk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 92023ad0486a5694-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=886&min_rtt=472&rtt_var=98&sent=198&recv=146&lost=0&retrans=0&sent_bytes=243454&recv_bytes=2722&delivery_rate=60368268&cwnd=257&unsent_bytes=0&cid=be158a91dc7235b5&ts=862&x=0"
X-Firefox-Spdy: h2

l.courting.site/bd/Sweepstakes/money/500Dark/js/main.js?v=3654

104.21.80.1

200 OK

5.9 kB

URL GET
l.courting.site/bd/Sweepstakes/money/500Dark/js/main.js?v=3654
IP
104.21.80.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l.courting.site/bd/Sweepstakes/money/500Dark/?uclick=171mfv&uclickhash=171mfv-171mfv-h9-0-us-sc-8w-4427f9
Certificate
IssuerGoogle Trust Services
Subjectl.courting.site
Fingerprint47:D6:AD:FA:12:A7:54:FC:C8:90:0D:BE:A8:20:ED:76:9A:2B:30:E2
ValiditySun, 09 Feb 2025 15:05:14 GMT - Sat, 10 May 2025 16:05:12 GMT

File type
Unicode text, UTF-8 text, with very long lines (6036), with no line terminators
Size
5.9 kB (5875 bytes)
Hash
fe37962333bf532fc9e629034a5900b1
e07d6f9ecbe79fbd270e20f20439b9f3bc906105
f0005c92fe36c36a43efd21ca0e2d52b31e42f056ba74b089536b37f345d6cc5

HTTP Headers

GET /bd/Sweepstakes/money/500Dark/js/main.js?v=3654 HTTP/1.1
Host: l.courting.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://l.courting.site/bd/Sweepstakes/money/500Dark/?uclick=171mfv&uclickhash=171mfv-171mfv-h9-0-us-sc-8w-4427f9
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 14 Mar 2025 07:59:06 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"bb7a9fa93ebaec342e90c1de08b7003b"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Fhmiej0UYmxLjy9qkMUHj69IuviMY2nQKmjVoo2N4xC%2FzCMa8eg%2BqUmBgEtwNEZLC8bnseZjPaUCIppokzYYxuAUbnsR3a%2BLrjLrPhTtYt7lNO%2B0xzWVyxxeoHpaK1rGTw8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: MISS
server: cloudflare
cf-ray: 92023ad058815694-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=964&min_rtt=472&rtt_var=473&sent=345&recv=291&lost=0&retrans=0&sent_bytes=432990&recv_bytes=2722&delivery_rate=60368268&cwnd=257&unsent_bytes=0&cid=be158a91dc7235b5&ts=960&x=0"
X-Firefox-Spdy: h2

coohauwhob.net/act/files/micro.tag.min.js?z=7612376&ymid=null&sw=/sw-check-permissions-e5ce4.js

139.45.197.122

200 OK

47 kB

URL GET
coohauwhob.net/act/files/micro.tag.min.js?z=7612376&ymid=null&sw=/sw-check-permissions-e5ce4.js
IP
139.45.197.122:443
ASN
#9002 RETN Limited

Requested by
https://l.courting.site/bd/Sweepstakes/money/500Dark/?uclick=171mfv&uclickhash=171mfv-171mfv-h9-0-us-sc-8w-4427f9
Certificate
IssuerLet's Encrypt
Subjectcoohauwhob.net
FingerprintC8:09:CE:9B:08:A6:F5:91:D7:18:3E:F4:A3:24:D0:9E:04:6F:28:4A
ValidityThu, 27 Feb 2025 05:19:08 GMT - Wed, 28 May 2025 05:19:07 GMT

File type
JavaScript source, ASCII text, with very long lines (46706), with no line terminators
Size
47 kB (46706 bytes)
Hash
841b5eda7cbdd18f0e16a224161f2913
361c23caf85e12e52ca01134e6ecdc306cb13e54
520928ecd0a9e284610c6e932cb58b8f21c35f3bba467aba9f33c75010e7904e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /act/files/micro.tag.min.js?z=7612376&ymid=null&sw=/sw-check-permissions-e5ce4.js HTTP/1.1
Host: coohauwhob.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://l.courting.site/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 14 Mar 2025 07:59:06 GMT
content-type: application/javascript
last-modified: Tue, 11 Mar 2025 15:14:00 GMT
etag: W/"67d05338-b672"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

coohauwhob.net/event

139.45.197.122

200 OK

0 B

URL OPTIONS
coohauwhob.net/event
IP
139.45.197.122:443
ASN
#9002 RETN Limited

Requested by
https://l.courting.site/bd/Sweepstakes/money/500Dark/?uclick=171mfv&uclickhash=171mfv-171mfv-h9-0-us-sc-8w-4427f9
Certificate
IssuerLet's Encrypt
Subjectcoohauwhob.net
FingerprintC8:09:CE:9B:08:A6:F5:91:D7:18:3E:F4:A3:24:D0:9E:04:6F:28:4A
ValidityThu, 27 Feb 2025 05:19:08 GMT - Wed, 28 May 2025 05:19:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /event HTTP/1.1
Host: coohauwhob.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://l.courting.site/
Origin: https://l.courting.site
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 14 Mar 2025 07:59:07 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://l.courting.site
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

cloudflareinsights.com/cdn-cgi/rum

104.16.79.73

204 No Content

0 B

URL POST
cloudflareinsights.com/cdn-cgi/rum
IP
104.16.79.73:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l.courting.site/bd/Sweepstakes/money/500Dark/?uclick=171mfv&uclickhash=171mfv-171mfv-h9-0-us-sc-8w-4427f9
Certificate
IssuerGoogle Trust Services
Subjectcloudflareinsights.com
FingerprintAD:90:D1:30:C9:77:BF:DE:1F:AB:8C:0D:6E:67:CB:6A:E8:42:DB:18
ValidityThu, 27 Feb 2025 14:42:34 GMT - Wed, 28 May 2025 15:42:17 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /cdn-cgi/rum HTTP/1.1
Host: cloudflareinsights.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://l.courting.site/
content-type: application/json
Content-Length: 1119
Origin: https://l.courting.site
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
date: Fri, 14 Mar 2025 07:59:07 GMT
access-control-allow-origin: https://l.courting.site
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 92023ad61c645685-OSL
x-frame-options: DENY
x-content-type-options: nosniff
X-Firefox-Spdy: h2

l.courting.site/bd/Sweepstakes/money/500Dark/img/avatar3.png

104.21.80.1

200 OK

9.5 kB

URL GET
l.courting.site/bd/Sweepstakes/money/500Dark/img/avatar3.png
IP
104.21.80.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l.courting.site/bd/Sweepstakes/money/500Dark/?uclick=171mfv&uclickhash=171mfv-171mfv-h9-0-us-sc-8w-4427f9
Certificate
IssuerGoogle Trust Services
Subjectl.courting.site
Fingerprint47:D6:AD:FA:12:A7:54:FC:C8:90:0D:BE:A8:20:ED:76:9A:2B:30:E2
ValiditySun, 09 Feb 2025 15:05:14 GMT - Sat, 10 May 2025 16:05:12 GMT

File type
PNG image data, 68 x 68, 8-bit/color RGBA, non-interlaced
Size
9.5 kB (9473 bytes)
Hash
6e291a706b80aab71258544fc9042122
43d5a0bfbb8d2763448224b7f131480bb13dd4bf
d3ddfb81eedab2bc18ca626bd41c5e57695e7eaf65c2b5bddfbc3176bfe6ccde

HTTP Headers

GET /bd/Sweepstakes/money/500Dark/img/avatar3.png HTTP/1.1
Host: l.courting.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://l.courting.site/bd/Sweepstakes/money/500Dark/?uclick=171mfv&uclickhash=171mfv-171mfv-h9-0-us-sc-8w-4427f9
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 14 Mar 2025 07:59:06 GMT
content-type: image/png
content-length: 9473
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "6352bbb21af3569874cb80a66b27ebe1"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gVySYo0dJoKlXsSr8awt%2BMGJJb6kudlqa7UfDyawNEdW0%2BI97toV12ooS%2F4seo3k7406aymgbeUT7seh12VAaG9SKvOLrH8vI1Xm2wtSyvzDoPoBhJ1Vo5vG%2Fp7sh1ta6e4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 92023ad038565694-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=3304&min_rtt=472&rtt_var=3628&sent=324&recv=270&lost=0&retrans=0&sent_bytes=411337&recv_bytes=2722&delivery_rate=60368268&cwnd=257&unsent_bytes=0&cid=be158a91dc7235b5&ts=895&x=0"
X-Firefox-Spdy: h2

l.courting.site/bd/Sweepstakes/money/500Dark/img/avatar2.png

104.21.80.1

200 OK

10 kB

URL GET
l.courting.site/bd/Sweepstakes/money/500Dark/img/avatar2.png
IP
104.21.80.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l.courting.site/bd/Sweepstakes/money/500Dark/?uclick=171mfv&uclickhash=171mfv-171mfv-h9-0-us-sc-8w-4427f9
Certificate
IssuerGoogle Trust Services
Subjectl.courting.site
Fingerprint47:D6:AD:FA:12:A7:54:FC:C8:90:0D:BE:A8:20:ED:76:9A:2B:30:E2
ValiditySun, 09 Feb 2025 15:05:14 GMT - Sat, 10 May 2025 16:05:12 GMT

File type
PNG image data, 68 x 68, 8-bit/color RGBA, non-interlaced
Size
10 kB (9988 bytes)
Hash
41edae2b701c06759147022efb9b49dd
2e8bbbcc2742f40017233b23f31b19756830a309
fd5e214d7d44236f5830963e1618fbc301839b43cd72c54aed4371f14d3f72fe

HTTP Headers

GET /bd/Sweepstakes/money/500Dark/img/avatar2.png HTTP/1.1
Host: l.courting.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://l.courting.site/bd/Sweepstakes/money/500Dark/?uclick=171mfv&uclickhash=171mfv-171mfv-h9-0-us-sc-8w-4427f9
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 14 Mar 2025 07:59:06 GMT
content-type: image/png
content-length: 9988
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "08be3a389fb563dfbf3f5d3ea1d69da4"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SrUu0Ju6nHc5Q5q4hkiGf7bXWZeXz89qVI3%2F1oGDDP6S3Hzf7KNRTLGODBTFK%2BDsupe8guxHsSizpM0v%2BSi%2FBlDpoYS%2BCuOooCoBC3iJJ6yNPBvmnjZK6V1dd4tVhXrn8QI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 92023ad038515694-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1002&min_rtt=472&rtt_var=360&sent=189&recv=138&lost=0&retrans=0&sent_bytes=232863&recv_bytes=2722&delivery_rate=60368268&cwnd=257&unsent_bytes=0&cid=be158a91dc7235b5&ts=860&x=0"
X-Firefox-Spdy: h2

coohauwhob.net/event

139.45.197.122

200 OK

81 B

URL POST
coohauwhob.net/event
IP
139.45.197.122:443
ASN
#9002 RETN Limited

Requested by
https://l.courting.site/bd/Sweepstakes/money/500Dark/?uclick=171mfv&uclickhash=171mfv-171mfv-h9-0-us-sc-8w-4427f9
Certificate
IssuerLet's Encrypt
Subjectcoohauwhob.net
FingerprintC8:09:CE:9B:08:A6:F5:91:D7:18:3E:F4:A3:24:D0:9E:04:6F:28:4A
ValidityThu, 27 Feb 2025 05:19:08 GMT - Wed, 28 May 2025 05:19:07 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
81 B (81 bytes)
Hash
633c8f229d3f690896ed6b58457800d2
9d083d5baa0e0ca221ee3967874148fc532e3b33
53242059a4c67fdecb6bd8046e69d2e91bbb7c90e7b8bd8cfe458779438db252

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: coohauwhob.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://l.courting.site/
Content-Type: application/json
Content-Length: 449
Origin: https://l.courting.site
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 14 Mar 2025 07:59:07 GMT
content-type: application/json; charset=utf-8
content-length: 81
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://l.courting.site
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

cloudflareinsights.com/cdn-cgi/rum

104.16.79.73

200 OK

0 B

URL OPTIONS
cloudflareinsights.com/cdn-cgi/rum
IP
104.16.79.73:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l.courting.site/bd/Sweepstakes/money/500Dark/?uclick=171mfv&uclickhash=171mfv-171mfv-h9-0-us-sc-8w-4427f9
Certificate
IssuerGoogle Trust Services
Subjectcloudflareinsights.com
FingerprintAD:90:D1:30:C9:77:BF:DE:1F:AB:8C:0D:6E:67:CB:6A:E8:42:DB:18
ValidityThu, 27 Feb 2025 14:42:34 GMT - Wed, 28 May 2025 15:42:17 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /cdn-cgi/rum HTTP/1.1
Host: cloudflareinsights.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://l.courting.site/
Origin: https://l.courting.site
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 14 Mar 2025 07:59:07 GMT
content-type: text/plain
access-control-allow-origin: https://l.courting.site
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 92023ad60c4e5685-OSL
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

coohauwhob.net/event

139.45.197.122

200 OK

81 B

URL POST
coohauwhob.net/event
IP
139.45.197.122:443
ASN
#9002 RETN Limited

Requested by
https://l.courting.site/bd/Sweepstakes/money/500Dark/?uclick=171mfv&uclickhash=171mfv-171mfv-h9-0-us-sc-8w-4427f9
Certificate
IssuerLet's Encrypt
Subjectcoohauwhob.net
FingerprintC8:09:CE:9B:08:A6:F5:91:D7:18:3E:F4:A3:24:D0:9E:04:6F:28:4A
ValidityThu, 27 Feb 2025 05:19:08 GMT - Wed, 28 May 2025 05:19:07 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
81 B (81 bytes)
Hash
cd79455e4c6bb8a1e24dc9f403a2218b
4579db87c7957039d9b683b212de7b1533125bd0
f00c1ceebbf1e753bfce2be9b928c5f800ffd26947320afe8f6de728aebdb484

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: coohauwhob.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://l.courting.site/
Content-Type: application/json
Content-Length: 445
Origin: https://l.courting.site
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 14 Mar 2025 07:59:07 GMT
content-type: application/json; charset=utf-8
content-length: 81
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://l.courting.site
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

l.courting.site/favicon.ico

104.21.80.1

200 OK

15 kB

URL GET
l.courting.site/favicon.ico
IP
104.21.80.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l.courting.site/bd/Sweepstakes/money/500Dark/?uclick=171mfv&uclickhash=171mfv-171mfv-h9-0-us-sc-8w-4427f9
Certificate
IssuerGoogle Trust Services
Subjectl.courting.site
Fingerprint47:D6:AD:FA:12:A7:54:FC:C8:90:0D:BE:A8:20:ED:76:9A:2B:30:E2
ValiditySun, 09 Feb 2025 15:05:14 GMT - Sat, 10 May 2025 16:05:12 GMT

File type
MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Size
15 kB (15406 bytes)
Hash
088e0b8b800cd2287a8a7d48c049c7e8
c4b4b679948cdc4eecbd938adcc9a3ef31c0d555
2e66b7182d93532713b9c8c4d19f31f39dc410e4e6e8a550692153cbb7a37579

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: l.courting.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://l.courting.site/bd/Sweepstakes/money/500Dark/?uclick=171mfv&uclickhash=171mfv-171mfv-h9-0-us-sc-8w-4427f9
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 14 Mar 2025 07:59:07 GMT
content-type: image/vnd.microsoft.icon
cf-cache-status: MISS
server: cloudflare
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"72f7696c6917a86d0a32e5456fdf4d0b"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
cf-ray: 92023ad6dc4656aa-OSL
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YnRk%2FvZKuc97dCTzP8RUC1EViqLZRr51vroKaUYsrdecVnVU7taON7bEO6Y%2FLEuL96%2FnUfjTnWhpHLyA0F0hcWhGsBG6MHNwo%2BEj%2FFEVYb3v9jLKHlccuRTEilqmDLyhANw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
content-encoding: gzip
alt-svc: h3=":443"; ma=86400

l.courting.site/bd/Sweepstakes/money/500Dark/img/avatar4.png

104.21.80.1

200 OK

9.1 kB

URL GET
l.courting.site/bd/Sweepstakes/money/500Dark/img/avatar4.png
IP
104.21.80.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l.courting.site/bd/Sweepstakes/money/500Dark/?uclick=171mfv&uclickhash=171mfv-171mfv-h9-0-us-sc-8w-4427f9
Certificate
IssuerGoogle Trust Services
Subjectl.courting.site
Fingerprint47:D6:AD:FA:12:A7:54:FC:C8:90:0D:BE:A8:20:ED:76:9A:2B:30:E2
ValiditySun, 09 Feb 2025 15:05:14 GMT - Sat, 10 May 2025 16:05:12 GMT

File type
PNG image data, 68 x 68, 8-bit/color RGBA, non-interlaced
Size
9.1 kB (9107 bytes)
Hash
f32b4d4e76a5a489bc415614b24013bb
43a33983bb6f0a2f203f62335f331f65e44a942b
0303104b885a558ccdd179019e6c96a49263c3b0f383a9557808f613d6352879

HTTP Headers

GET /bd/Sweepstakes/money/500Dark/img/avatar4.png HTTP/1.1
Host: l.courting.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://l.courting.site/bd/Sweepstakes/money/500Dark/?uclick=171mfv&uclickhash=171mfv-171mfv-h9-0-us-sc-8w-4427f9
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 14 Mar 2025 07:59:06 GMT
content-type: image/png
content-length: 9107
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "6917e698b3e54bbe8f6957dd7336d11a"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0glMIqXK8v6fYYjUhU1DzeIjFTBa4jbhihoUyDVs76iJ5btKHwr7C60y1cODklIZltwcXP85ltHs3yZVu%2B3AdrV23q7k3XP5dCbtbchfqqXF6ZmOJpol7P%2BGIzZg7vY7dao%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
server: cloudflare
cf-ray: 92023ad0485c5694-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1680&min_rtt=472&rtt_var=1322&sent=333&recv=279&lost=0&retrans=0&sent_bytes=421497&recv_bytes=2722&delivery_rate=60368268&cwnd=257&unsent_bytes=0&cid=be158a91dc7235b5&ts=933&x=0"
X-Firefox-Spdy: h2

static.cloudflareinsights.com/beacon.min.js

104.16.79.73

200 OK

20 kB

URL GET
static.cloudflareinsights.com/beacon.min.js
IP
104.16.79.73:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l.courting.site/bd/Sweepstakes/money/500Dark/?uclick=171mfv&uclickhash=171mfv-171mfv-h9-0-us-sc-8w-4427f9
Certificate
IssuerGoogle Trust Services
Subjectcloudflareinsights.com
FingerprintAD:90:D1:30:C9:77:BF:DE:1F:AB:8C:0D:6E:67:CB:6A:E8:42:DB:18
ValidityThu, 27 Feb 2025 14:42:34 GMT - Wed, 28 May 2025 15:42:17 GMT

File type
JavaScript source, ASCII text, with very long lines (19948), with no line terminators
Size
20 kB (19948 bytes)
Hash
ec18af6d41f6f278b6aed3bdabffa7bc
62c9e2cab76b888829f3c5335e91c320b22329ae
8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f

HTTP Headers

GET /beacon.min.js HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://l.courting.site/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 14 Mar 2025 07:59:06 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/"2024.6.1"
last-modified: Thu, 06 Jun 2024 15:52:56 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 92023ad089ce56c1-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

l.courting.site/bd/Sweepstakes/money/500Dark/img/wheel.png

104.21.80.1

200 OK

340 kB

URL GET
l.courting.site/bd/Sweepstakes/money/500Dark/img/wheel.png
IP
104.21.80.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l.courting.site/bd/Sweepstakes/money/500Dark/?uclick=171mfv&uclickhash=171mfv-171mfv-h9-0-us-sc-8w-4427f9
Certificate
IssuerGoogle Trust Services
Subjectl.courting.site
Fingerprint47:D6:AD:FA:12:A7:54:FC:C8:90:0D:BE:A8:20:ED:76:9A:2B:30:E2
ValiditySun, 09 Feb 2025 15:05:14 GMT - Sat, 10 May 2025 16:05:12 GMT

File type
PNG image data, 1003 x 1002, 8-bit/color RGBA, non-interlaced
Size
340 kB (339682 bytes)
Hash
48e245185b8d6b500203940232a3c61e
5e16fc5fc4eb91f095d62c95498aedef17d79cd3
1f271e69853a9674405e30a24cc025585636c99815e6003feb4561d7a12e43da

HTTP Headers

GET /bd/Sweepstakes/money/500Dark/img/wheel.png HTTP/1.1
Host: l.courting.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://l.courting.site/bd/Sweepstakes/money/500Dark/css/main.css?v=6549876954
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 14 Mar 2025 07:59:06 GMT
content-type: image/png
content-length: 339682
server: cloudflare
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "b8b396aaadb5204b504d74580ce97818"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
cf-ray: 92023ad2ec0d56aa-OSL
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2d6IUV9i2RUEk80MPCf%2FKPNTPCa%2BbDy9vLXvlpYXFgH%2FKKeU6n6Qp6WtM7heTsTYEnxoWX%2F0PbEX6r9nasedvIVBhKjQOLYbWDnRSQcX5aJiPdAYvzcd5cclrySu43MCJHg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400

coohauwhob.net/event

139.45.197.122

200 OK

0 B

URL POST
coohauwhob.net/event
IP
139.45.197.122:443
ASN
#9002 RETN Limited

Requested by
https://l.courting.site/bd/Sweepstakes/money/500Dark/?uclick=171mfv&uclickhash=171mfv-171mfv-h9-0-us-sc-8w-4427f9
Certificate
IssuerLet's Encrypt
Subjectcoohauwhob.net
FingerprintC8:09:CE:9B:08:A6:F5:91:D7:18:3E:F4:A3:24:D0:9E:04:6F:28:4A
ValidityThu, 27 Feb 2025 05:19:08 GMT - Wed, 28 May 2025 05:19:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: coohauwhob.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://l.courting.site/
Content-Type: text/plain;charset=UTF-8
Content-Length: 456
Origin: https://l.courting.site
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 14 Mar 2025 07:59:07 GMT
content-type: application/json; charset=utf-8
content-length: 26
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://l.courting.site
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

coohauwhob.net/event

139.45.197.122

200 OK

81 B

URL POST
coohauwhob.net/event
IP
139.45.197.122:443
ASN
#9002 RETN Limited

Requested by
https://l.courting.site/bd/Sweepstakes/money/500Dark/?uclick=171mfv&uclickhash=171mfv-171mfv-h9-0-us-sc-8w-4427f9
Certificate
IssuerLet's Encrypt
Subjectcoohauwhob.net
FingerprintC8:09:CE:9B:08:A6:F5:91:D7:18:3E:F4:A3:24:D0:9E:04:6F:28:4A
ValidityThu, 27 Feb 2025 05:19:08 GMT - Wed, 28 May 2025 05:19:07 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
81 B (81 bytes)
Hash
5574e277fd5c97061cee7977a9fdedee
98472e9468b58af86e71e9608009143a1a19cf62
46f5a007c193861af9d732c1acaa1c771b39ed1fa7f4d01e17226e275c91a2f7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: coohauwhob.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://l.courting.site/
Content-Type: application/json
Content-Length: 442
Origin: https://l.courting.site
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 14 Mar 2025 07:59:07 GMT
content-type: application/json; charset=utf-8
content-length: 81
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://l.courting.site
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

coohauwhob.net/event

139.45.197.122

200 OK

0 B

URL OPTIONS
coohauwhob.net/event
IP
139.45.197.122:443
ASN
#9002 RETN Limited

Requested by
https://l.courting.site/bd/Sweepstakes/money/500Dark/?uclick=171mfv&uclickhash=171mfv-171mfv-h9-0-us-sc-8w-4427f9
Certificate
IssuerLet's Encrypt
Subjectcoohauwhob.net
FingerprintC8:09:CE:9B:08:A6:F5:91:D7:18:3E:F4:A3:24:D0:9E:04:6F:28:4A
ValidityThu, 27 Feb 2025 05:19:08 GMT - Wed, 28 May 2025 05:19:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /event HTTP/1.1
Host: coohauwhob.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://l.courting.site/
Origin: https://l.courting.site
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 14 Mar 2025 07:59:07 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://l.courting.site
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

l.courting.site/bd/Sweepstakes/money/500Dark/css/main.css?v=6549876954

104.21.80.1

200 OK

13 kB

URL GET
l.courting.site/bd/Sweepstakes/money/500Dark/css/main.css?v=6549876954
IP
104.21.80.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l.courting.site/bd/Sweepstakes/money/500Dark/?uclick=171mfv&uclickhash=171mfv-171mfv-h9-0-us-sc-8w-4427f9
Certificate
IssuerGoogle Trust Services
Subjectl.courting.site
Fingerprint47:D6:AD:FA:12:A7:54:FC:C8:90:0D:BE:A8:20:ED:76:9A:2B:30:E2
ValiditySun, 09 Feb 2025 15:05:14 GMT - Sat, 10 May 2025 16:05:12 GMT

File type
assembler source, ASCII text, with very long lines (309)
Size
13 kB (13177 bytes)
Hash
1cb1828f8643dbd2780f683880077a36
d7f26146053ddb382f0b113a287f854428e89d4e
04b9bd31ccdb3eb8ec3aed1e20778d94a3defe28b536ea69e0e38afba89bbe9d

HTTP Headers

GET /bd/Sweepstakes/money/500Dark/css/main.css?v=6549876954 HTTP/1.1
Host: l.courting.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://l.courting.site/bd/Sweepstakes/money/500Dark/?uclick=171mfv&uclickhash=171mfv-171mfv-h9-0-us-sc-8w-4427f9
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 14 Mar 2025 07:59:06 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"4108c7fdd6f29af357a86099cbc96f85"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S4O5iB8urixBKYJe1%2B2mzcMrM7zqDfx5xLk8zAcAdoVgA6psFoQsPQB%2BwU6qufyUWk%2Fw5PSr%2Bw3%2BV%2B7soOKO6PeCF%2BHcDRFT3MWPEMeQHKCNKR7XG18%2Fmp%2Ftn1bMZ7Gud3Q%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
server: cloudflare
cf-ray: 92023ad038345694-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=6533&min_rtt=472&rtt_var=11913&sent=17&recv=26&lost=0&retrans=0&sent_bytes=6212&recv_bytes=2722&delivery_rate=6840944&cwnd=257&unsent_bytes=0&cid=be158a91dc7235b5&ts=730&x=0"
X-Firefox-Spdy: h2

l.courting.site/call/bot

104.21.80.1

200 OK

553 B

URL GET
l.courting.site/call/bot
IP
104.21.80.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l.courting.site/bd/Sweepstakes/money/500Dark/?uclick=171mfv&uclickhash=171mfv-171mfv-h9-0-us-sc-8w-4427f9
Certificate
IssuerGoogle Trust Services
Subjectl.courting.site
Fingerprint47:D6:AD:FA:12:A7:54:FC:C8:90:0D:BE:A8:20:ED:76:9A:2B:30:E2
ValiditySun, 09 Feb 2025 15:05:14 GMT - Sat, 10 May 2025 16:05:12 GMT

File type
HTML document, ASCII text, with very long lines (574), with no line terminators
Size
553 B (553 bytes)
Hash
d0757204d455ee61af2019965d066b59
05de3d5f674cae557b82716bf31eb9a31784189d
ee524c2e00b4774680c23fba2dc3cbf23d1fb2b2e3ed012ba14032fa330520ab

HTTP Headers

GET /call/bot HTTP/1.1
Host: l.courting.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://l.courting.site/bd/Sweepstakes/money/500Dark/?uclick=171mfv&uclickhash=171mfv-171mfv-h9-0-us-sc-8w-4427f9
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 14 Mar 2025 07:59:06 GMT
content-type: text/html; charset=utf-8
cf-ray: 92023ad37c1256aa-OSL
server: cloudflare
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
content-encoding: br
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5uyae4NDNnaOSIG5yjwCGQn%2FSKmQC2%2BNCQSRUb%2FMVd2BgemGC05ciGj7Vzt4ZEDSk7GifjkkzAaqUQHr2206wfBhhVc0gYOHxsKSNMNZeeYmp3x6N%2FA4F5Da%2BesB2dgpnMg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
alt-svc: h3=":443"; ma=86400

coohauwhob.net/event

139.45.197.122

200 OK

0 B

URL POST
coohauwhob.net/event
IP
139.45.197.122:443
ASN
#9002 RETN Limited

Requested by
https://l.courting.site/bd/Sweepstakes/money/500Dark/?uclick=171mfv&uclickhash=171mfv-171mfv-h9-0-us-sc-8w-4427f9
Certificate
IssuerLet's Encrypt
Subjectcoohauwhob.net
FingerprintC8:09:CE:9B:08:A6:F5:91:D7:18:3E:F4:A3:24:D0:9E:04:6F:28:4A
ValidityThu, 27 Feb 2025 05:19:08 GMT - Wed, 28 May 2025 05:19:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: coohauwhob.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://l.courting.site/
Content-Type: text/plain;charset=UTF-8
Content-Length: 408
Origin: https://l.courting.site
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 14 Mar 2025 07:59:07 GMT
content-type: application/json; charset=utf-8
content-length: 26
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://l.courting.site
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (37)

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL POST

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN