IP 185.129.138.202:443
ASN#24806 INTERNET CZ, a.s.
CertificateIssuerActalis S.p.A. Subject*.gutebau.cz Fingerprint38:9D:B1:F1:B2:A9:52:A3:71:0A:9F:81:E1:F8:58:9C:9C:C8:3E:EE ValidityWed, 26 Jun 2024 13:01:36 GMT - Thu, 17 Jul 2025 14:00:36 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /images/ HTTP/1.1
Host: gutebau.cz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d26wr6ltu815mg.cloudfront.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: aruba-proxy
date: Wed, 04 Jun 2025 10:49:42 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: https://misclaoam.com/offers/?id=22320sx091
x-ua-compatible: IE=edge
x-content-type-options: nosniff
x-servername: ipvsproxy002
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
| GET misclaoam.com/offers/?id=22320sx091 |  0.0.0.0 | | 0 B |
URL User Request GET misclaoam.com/offers/?id=22320sx091 IP0.0.0.0:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /offers/?id=22320sx091 HTTP/1.1
Host: misclaoam.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://d26wr6ltu815mg.cloudfront.net/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
| GET d26wr6ltu815mg.cloudfront.net/ |  54.230.245.210 | 200 OK | 245 B |
URL User Request GET d26wr6ltu815mg.cloudfront.net/ IP54.230.245.210:443
CertificateIssuerAmazon Subject*.cloudfront.net Fingerprint8F:00:F1:34:A7:1E:27:1C:CF:CD:A6:53:8B:C4:82:B0:68:BC:C8:72 ValidityMon, 05 May 2025 00:00:00 GMT - Thu, 23 Apr 2026 23:59:59 GMT
File typeHTML document, ASCII text, with CRLF line terminators Hasha14a74b727f27d0361cfc22d4fdce421 9d47fa54e0b0f5c0f251501d2e4da3dac1183ec3 1a11308c327753799cfc60137cf333b6dd62ff8bc2c8f2b266bc70bc139fb81e
GET / HTTP/1.1
Host: d26wr6ltu815mg.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html
content-length: 245
date: Wed, 04 Jun 2025 09:46:49 GMT
last-modified: Wed, 04 Jun 2025 08:46:49 GMT
etag: "a14a74b727f27d0361cfc22d4fdce421"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: NtQRA8w8O2K2mXcmCUOhq2BhA3aF4Eu_wAVf1pK-zbRHSh8qfAW1Zg==
age: 3773
X-Firefox-Spdy: h2
|
| GET d26wr6ltu815mg.cloudfront.net/script24.js | 54.230.245.210 | 200 OK | 85 B |
URL GET d26wr6ltu815mg.cloudfront.net/script24.js IP54.230.245.210:443
Requested byhttps://d26wr6ltu815mg.cloudfront.net/ CertificateIssuerAmazon Subject*.cloudfront.net Fingerprint8F:00:F1:34:A7:1E:27:1C:CF:CD:A6:53:8B:C4:82:B0:68:BC:C8:72 ValidityMon, 05 May 2025 00:00:00 GMT - Thu, 23 Apr 2026 23:59:59 GMT
File typeASCII text, with CRLF line terminators Hasha5d0c8c21757b1d86ed959eb87f444d3 f662ce6b6d89a48bd828d7f9b3ada95b1d0636ac d41eabb0119984384716297fb1aa319c1d8470430f5818e7b78a591a79fc3778
GET /script24.js HTTP/1.1
Host: d26wr6ltu815mg.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d26wr6ltu815mg.cloudfront.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: application/javascript
content-length: 85
age: 3764
date: Wed, 04 Jun 2025 09:46:58 GMT
last-modified: Wed, 04 Jun 2025 08:46:49 GMT
etag: "a5d0c8c21757b1d86ed959eb87f444d3"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: ZgaDIG4JHTYq69W7lSxfv5kjIJ2fdkokgW9az7shsV-0exLi9nSGBQ==
|
0.0.0.0