Report - globalvisitclub.com/cf/r/64706eeb11973600128b359e

Report Overview

Submitted URL
globalvisitclub.com/cf/r/64706eeb11973600128b359e
IP
104.18.16.6
ASN
#13335 CLOUDFLARENET
Submitted
2023-05-27 17:58:57
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
8

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
harrenmedia.g2afse.com	334770	2019-02-26	2019-11-13	2023-05-27	701 B	487 B	34.91.234.242
103.4.144.218:9803	unknown	unknown	No data	No data	1.6 kB	5.7 MB	103.4.144.218
lessgo.saegumous.xyz	unknown	2022-10-30	2022-10-31	2023-05-26	1.0 kB	4.0 kB	108.178.23.117
www.googletagmanager.com	75	2011-11-11	2013-05-22	2023-05-27	428 B	48 kB	142.250.74.168
ocsp.pki.goog	175	2016-06-13	2018-07-01	2023-05-27	333 B	700 B	142.250.74.131
armorads.aftrad-visit.com	unknown	2023-02-15	2023-03-22	2023-05-27	595 B	1.8 kB	188.114.97.1
globalvisitclub.com	unknown	2021-02-03	2021-09-03	2023-05-25	505 B	1.3 kB	104.18.16.6
www.turbotrck.art	unknown	2022-10-30	2022-10-30	2023-05-27	3.2 kB	6.5 kB	51.68.82.147

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-05-27	medium	globalvisitclub.com/cf/r/64706eeb11973600128b359e

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator
2023-05-27	medium	103.4.144.218
2023-05-27	medium	103.4.144.218
2023-05-27	medium	103.4.144.218

ThreatFox

No alerts detected

JavaScript (4)

	URL	Size	First Seen	Last Seen
	103.4.144.218:9803/1552416562021332/sandbox%20eval%20code	147 B	2023-04-11	2024-04-24
Pretty URL 103.4.144.218:9803/1552416562021332/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-04-24 07:41:50 Times Seen341675 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	www.googletagmanager.com/gtag/js?id=UA-127081483-1	120 kB	2023-05-27	2023-05-27
Pretty URL www.googletagmanager.com/gtag/js?id=UA-127081483-1 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-27 19:59:04 Last Seen2023-05-27 19:59:04 Times Seen2 Hash 9dc17780667987e44bc961759ae2b03d cb3628e25f6f320676e74ad8190f137343adbb5d 3d7b2a26266597cdb1b52675ad734865ff06bd3ee81618ee92709a9b854ec346 Loading...

	103.4.144.218:9803/1552416562021332/02002?click_id=200PNKPucrKGY3XvmW8gGsk5e2Z6WYr2sR48T7rr59wa9ztaKLKc8HY2qqVbDzHyJ4MF7Q&publisher_id=1B6DbNJeZ&partner_name=Armorads	0 B	2023-03-07	2024-04-24
Pretty URL 103.4.144.218:9803/1552416562021332/02002?click_id=200PNKPucrKGY3XvmW8gGsk5e2Z6WYr2sR48T7rr59wa9ztaKLKc8HY2qqVbDzHyJ4MF7Q&publisher_id=1B6DbNJeZ&partner_name=Armorads IP 103.4.144.218 ASN #9441 Next Online Limited. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-24 07:45:12 Times Seen37034313 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.google-analytics.com/analytics.js	4.7 kB	2023-04-11	2024-04-24
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-04-24 07:41:50 Times Seen341180 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

HTTP Transactions (13)

URL IP Response Size

globalvisitclub.com/cf/r/64706eeb11973600128b359e

104.18.16.6

0 B

URL
globalvisitclub.com/cf/r/64706eeb11973600128b359e
IP
104.18.16.6:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /cf/r/64706eeb11973600128b359e HTTP/1.1
Host: globalvisitclub.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Sat, 27 May 2023 17:58:39 GMT
content-length: 0
location: https://lessgo.saegumous.xyz/?utm_medium=b77cfaff5cdfb941f46e2fe91368a45387cfcb05&utm_campaign=target_NG_fbd095_Clickflare&cid=ee0e1c3f-f60a-4598-a137-b3da6594da53
cache-control: no-cache
set-cookie: worker_cookie=N4Igdgpg7g+gFgSwC4wQExALhBCAGCARgGMBmAMwFpyA2PAQ0oBYBWATgA5L7DSB2SgCNSaejXZNRLUiAA0IAG4IAzslQZsxAoT4RShShHIQazDoJaUObYl0FMane6Rpo8HOYpVqkCALYQykj0fgAOWCAATHiRpJR4lpF8ACo6mCwcmKQcAHRs+gBankqqSAD2AE7qESYZHDqClFrkVExshGxWYmiULGhsfMT0HGJ4goSeQ2H0CADmYNXYNEx8eDS44x18Lnh4hJHmpOwQnmBlaBCLIHgwkafnl0gAnqEn2ADyLRAV9xcwxHAZmAsABta63EAAXXkoQqgQgABsIMQkBA0DAzhcsKBnq8Ip9jD95MEKrMICh0BEaPxCIRBHhWGMOHgtHs2JF6KQeCd5JjLpTsDc7ryIAAPJBYMAAVwRCIAvvIAUCYKEyqUEGVgZhQMQpRU4WAkAA5B4ASTAF1FWDw8kEFXoYAB5rQCGIgVBkIVIBUMDhLrhKKwSAqUog8gAjspwtqvT7IFAsOR6AjlBA5UA==; Expires=Sun, 28 May 2023 17:58:39 GMT; Domain=globalvisitclub.com; Path=/; SameSite=None; Secure
__cf_bm=k9D14uyl5EkuM6BL8ibEFG7xDa7cnRhW3Uv4MxrOvP0-1685210319-0-ASfihaHZKXnh+FE9wVQllh81GhlIC6/MgB5yGuafjIHz+I2HRAbTVuPgJLPIchz5CspPBwlgoz5y5z+RA87O678=; path=/; expires=Sat, 27-May-23 18:28:39 GMT; domain=.globalvisitclub.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ce025ad4bef1c02-OSL
X-Firefox-Spdy: h2

www.turbotrck.art/?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7237923207003504692&website=14988-5d08108z&placement=14988&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8d88bd87b3c5b1c3b7b484b8b3b889bfbfbeb982b380b086b5b4b4a2aaa8a9afafacada2a3a091a7979495868a868d9d8c8d9d87ce90938f8a859783fbc9f9fecdc8fdc0c7f0f1f6919599b9aec8c9ffcffdfffaf3c0f0f6f5f0c5dadbd8d9e9e9e8e9e5e6e3e5efefe0ed1e12101c70

51.68.82.147

5.2 kB

URL
www.turbotrck.art/?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7237923207003504692&website=14988-5d08108z&placement=14988&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8d88bd87b3c5b1c3b7b484b8b3b889bfbfbeb982b380b086b5b4b4a2aaa8a9afafacada2a3a091a7979495868a868d9d8c8d9d87ce90938f8a859783fbc9f9fecdc8fdc0c7f0f1f6919599b9aec8c9ffcffdfffaf3c0f0f6f5f0c5dadbd8d9e9e9e8e9e5e6e3e5efefe0ed1e12101c70
IP
51.68.82.147:0
ASN
#16276 OVH SAS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3763)
Size
5.2 kB (5182 bytes)
Hash
07c9a2af7bcc52f6f3def47e3f996aca
932e80ff1d87b490141a4780091d0af34fbaecf6
6182f40c0f44e76eb198023c2b3b30040f27e52010d17254cb9356919923e702

HTTP Headers

GET /?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7237923207003504692&website=14988-5d08108z&placement=14988&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8d88bd87b3c5b1c3b7b484b8b3b889bfbfbeb982b380b086b5b4b4a2aaa8a9afafacada2a3a091a7979495868a868d9d8c8d9d87ce90938f8a859783fbc9f9fecdc8fdc0c7f0f1f6919599b9aec8c9ffcffdfffaf3c0f0f6f5f0c5dadbd8d9e9e9e8e9e5e6e3e5efefe0ed1e12101c70 HTTP/1.1
Host: www.turbotrck.art
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lessgo.saegumous.xyz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 27 May 2023 17:58:40 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-transform
Accept-CH: Sec-CH-UA-Platform-Version

51.68.82.147

302 Found

0 B

URL User Request GET HTTP/1.1
www.turbotrck.art/?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7237923207003504692&website=14988-5d08108z&placement=14988&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8d88bd87b3c5b1c3b7b484b8b3b889bfbfbeb982b380b086b5b4b4a2aaa8a9afafacada2a3a091a7979495868a868d9d8c8d9d87ce90938f8a859783fbc9f9fecdc8fdc0c7f0f1f6919599b9aec8c9ffcffdfffaf3c0f0f6f5f0c5dadbd8d9e9e9e8e9e5e6e3e5efefe0ed1e12101c70&eyeg=1b0ba295e79e42a985c716417a6aec46&eyer=0.5600917392215945&eyei=0&eyew=1280&eyeh=1024&eyetd=220&eyef=lessgo.saegumous.xyz
IP
51.68.82.147:443
ASN
#16276 OVH SAS

Certificate
IssuerLet's Encrypt
Subjectwww.turbotrck.art
FingerprintB8:B3:F5:BB:F2:79:20:03:44:44:EB:78:0E:2B:D2:FB:D3:A0:C1:F2
ValiditySat, 29 Apr 2023 22:11:09 GMT - Fri, 28 Jul 2023 22:11:08 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7237923207003504692&website=14988-5d08108z&placement=14988&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8d88bd87b3c5b1c3b7b484b8b3b889bfbfbeb982b380b086b5b4b4a2aaa8a9afafacada2a3a091a7979495868a868d9d8c8d9d87ce90938f8a859783fbc9f9fecdc8fdc0c7f0f1f6919599b9aec8c9ffcffdfffaf3c0f0f6f5f0c5dadbd8d9e9e9e8e9e5e6e3e5efefe0ed1e12101c70&eyeg=1b0ba295e79e42a985c716417a6aec46&eyer=0.5600917392215945&eyei=0&eyew=1280&eyeh=1024&eyetd=220&eyef=lessgo.saegumous.xyz HTTP/1.1
Host: www.turbotrck.art
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Date: Sat, 27 May 2023 17:58:40 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-transform
Location: https://www.turbotrck.art/?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7237923207003504692&website=14988-5d08108z&placement=14988&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8d88bd87b3c5b1c3b7b484b8b3b889bfbfbeb982b380b086b5b4b4a2aaa8a9afafacada2a3a091a7979495868a868d9d8c8d9d87ce90938f8a859783fbc9f9fecdc8fdc0c7f0f1f6919599b9aec8c9ffcffdfffaf3c0f0f6f5f0c5dadbd8d9e9e9e8e9e5e6e3e5efefe0ed1e12101c70&eyeg=3&eyer=0.5600917392215945&eyei=0&eyew=1280&eyeh=1024&eyetd=220&eyef=lessgo.saegumous.xyz

51.68.82.147

302 Found

0 B

URL User Request GET HTTP/1.1
www.turbotrck.art/?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7237923207003504692&website=14988-5d08108z&placement=14988&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8d88bd87b3c5b1c3b7b484b8b3b889bfbfbeb982b380b086b5b4b4a2aaa8a9afafacada2a3a091a7979495868a868d9d8c8d9d87ce90938f8a859783fbc9f9fecdc8fdc0c7f0f1f6919599b9aec8c9ffcffdfffaf3c0f0f6f5f0c5dadbd8d9e9e9e8e9e5e6e3e5efefe0ed1e12101c70&eyeg=3&eyer=0.5600917392215945&eyei=0&eyew=1280&eyeh=1024&eyetd=220&eyef=lessgo.saegumous.xyz
IP
51.68.82.147:443
ASN
#16276 OVH SAS

Certificate
IssuerLet's Encrypt
Subjectwww.turbotrck.art
FingerprintB8:B3:F5:BB:F2:79:20:03:44:44:EB:78:0E:2B:D2:FB:D3:A0:C1:F2
ValiditySat, 29 Apr 2023 22:11:09 GMT - Fri, 28 Jul 2023 22:11:08 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7237923207003504692&website=14988-5d08108z&placement=14988&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8d88bd87b3c5b1c3b7b484b8b3b889bfbfbeb982b380b086b5b4b4a2aaa8a9afafacada2a3a091a7979495868a868d9d8c8d9d87ce90938f8a859783fbc9f9fecdc8fdc0c7f0f1f6919599b9aec8c9ffcffdfffaf3c0f0f6f5f0c5dadbd8d9e9e9e8e9e5e6e3e5efefe0ed1e12101c70&eyeg=3&eyer=0.5600917392215945&eyei=0&eyew=1280&eyeh=1024&eyetd=220&eyef=lessgo.saegumous.xyz HTTP/1.1
Host: www.turbotrck.art
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Date: Sat, 27 May 2023 17:58:40 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-transform
Location: https://harrenmedia.g2afse.com/sl?id=5db1a4743bf47917e8f252cf&pid=228&sub2=132435&sub1=230001b7a5b525beea73027bd72bd9221e0820527-202305-flb*5564921-b2be6*M7237923207003504692*sl_5564921-b2be6*2dd2cdddfe255e4d0b224e976337cb0a4366ad5f*14988-5d08108z*14988

www.turbotrck.art/favicon.ico

51.68.82.147

0 B

URL
www.turbotrck.art/favicon.ico
IP
51.68.82.147:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.turbotrck.art
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 204 No Content
Date: Sat, 27 May 2023 17:58:40 GMT
Connection: keep-alive

harrenmedia.g2afse.com/sl?id=5db1a4743bf47917e8f252cf&pid=228&sub2=132435&sub1=230001b7a5b525beea73027bd72bd9221e0820527-202305-flb*5564921-b2be6*M7237923207003504692*sl_5564921-b2be6*2dd2cdddfe255e4d0b224e976337cb0a4366ad5f*14988-5d08108z*14988

34.91.234.242

302 Found

0 B

URL User Request GET HTTP/2
harrenmedia.g2afse.com/sl?id=5db1a4743bf47917e8f252cf&pid=228&sub2=132435&sub1=230001b7a5b525beea73027bd72bd9221e0820527-202305-flb*5564921-b2be6*M7237923207003504692*sl_5564921-b2be6*2dd2cdddfe255e4d0b224e976337cb0a4366ad5f*14988-5d08108z*14988
IP
34.91.234.242:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Certificate
IssuerDigiCert Inc
Subject*.g2afse.com
Fingerprint05:E8:53:3D:EC:5A:B4:A2:96:51:8B:FA:36:78:78:2D:91:35:41:C3
ValidityThu, 04 Aug 2022 00:00:00 GMT - Mon, 04 Sep 2023 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sl?id=5db1a4743bf47917e8f252cf&pid=228&sub2=132435&sub1=230001b7a5b525beea73027bd72bd9221e0820527-202305-flb*5564921-b2be6*M7237923207003504692*sl_5564921-b2be6*2dd2cdddfe255e4d0b224e976337cb0a4366ad5f*14988-5d08108z*14988 HTTP/1.1
Host: harrenmedia.g2afse.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx
date: Sat, 27 May 2023 17:58:40 GMT
content-length: 0
location: https://armorads.aftrad-visit.com/track/click?offer_id=5943&publisher_id=106&network_id=1&click_id=647244d0e79eb000011be005&source=228&subsource=
x-adjust-use-original-forwarded-for: 1
referer: 
referrer-policy: no-referrer
set-cookie: afclick=647244d0e79eb000011be005; expires=Sun, 26 May 2024 17:58:40 GMT; secure; SameSite=None
access-control-allow-origin: *
X-Firefox-Spdy: h2

103.4.144.218:9803/1552416562021332/02002?click_id=200PNKPucrKGY3XvmW8gGsk5e2Z6WYr2sR48T7rr59wa9ztaKLKc8HY2qqVbDzHyJ4MF7Q&publisher_id=1B6DbNJeZ&partner_name=Armorads

103.4.144.218

200 OK

599 B

URL User Request GET HTTP/1.1
103.4.144.218:9803/1552416562021332/02002?click_id=200PNKPucrKGY3XvmW8gGsk5e2Z6WYr2sR48T7rr59wa9ztaKLKc8HY2qqVbDzHyJ4MF7Q&publisher_id=1B6DbNJeZ&partner_name=Armorads
IP
103.4.144.218:9803
ASN
#9441 Next Online Limited.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Size
599 B (599 bytes)
Hash
20edccd3d6fc7562efe0d9ccf496d9c1
5b48be14391692456c05dda0391a53d8a678c889
d52ea6a4110622b740b6f1a39bc80adba3f032423b46dcbc151ceced09f9bbd6

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /1552416562021332/02002?click_id=200PNKPucrKGY3XvmW8gGsk5e2Z6WYr2sR48T7rr59wa9ztaKLKc8HY2qqVbDzHyJ4MF7Q&publisher_id=1B6DbNJeZ&partner_name=Armorads HTTP/1.1
Host: 103.4.144.218:9803
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 27 May 2023 17:58:41 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: *
ETag: W/"406-W0i+FDkWkkVsBd2gORpT2KZ4yIk"
Content-Encoding: gzip

lessgo.saegumous.xyz/?utm_term=7237923207003504692&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8d88bd87b3c5b1c3b7b484b8b3b889bfbfbeb982b380b086b5b4b4a2aaa8a9afafacada2a3a091a7979495868a868d9d8c8d9d87ce90938f8a859783fbc9f9fecdc8fdc0c7f0f1f6919599b9aec8c9ffcffdfffaf3c0f0f6f5f0c5dadbd8d9e9e9e8e9e5e6e3e5efefe0ed1e12101c70

108.178.23.117

3.6 kB

URL
lessgo.saegumous.xyz/?utm_term=7237923207003504692&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8d88bd87b3c5b1c3b7b484b8b3b889bfbfbeb982b380b086b5b4b4a2aaa8a9afafacada2a3a091a7979495868a868d9d8c8d9d87ce90938f8a859783fbc9f9fecdc8fdc0c7f0f1f6919599b9aec8c9ffcffdfffaf3c0f0f6f5f0c5dadbd8d9e9e9e8e9e5e6e3e5efefe0ed1e12101c70
IP
108.178.23.117:0
ASN
#32475 SINGLEHOP-LLC

File type
gzip compressed data, from Unix\012- data
Size
3.6 kB (3642 bytes)
Hash
d1d684802e60c9172af5610236b0fb8a
3725f58f21e894094d052f2af87a477e3d797e8d
2292ebafaac6bb01e43fc04b4ad259716d66ccb3d9ca817dd167d79a21ffe336

HTTP Headers

GET /?utm_term=7237923207003504692&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8d88bd87b3c5b1c3b7b484b8b3b889bfbfbeb982b380b086b5b4b4a2aaa8a9afafacada2a3a091a7979495868a868d9d8c8d9d87ce90938f8a859783fbc9f9fecdc8fdc0c7f0f1f6919599b9aec8c9ffcffdfffaf3c0f0f6f5f0c5dadbd8d9e9e9e8e9e5e6e3e5efefe0ed1e12101c70 HTTP/1.1
Host: lessgo.saegumous.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lessgo.saegumous.xyz/?utm_medium=b77cfaff5cdfb941f46e2fe91368a45387cfcb05&utm_campaign=target_NG_fbd095_Clickflare&cid=ee0e1c3f-f60a-4598-a137-b3da6594da53
Cookie: u=5b6bf9c91a567d768227ca3158714e23; split=b
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 27 May 2023 17:58:39 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
x-powered-by: PHP/8.2.0
cache-control: no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
accept-ch: Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version
content-encoding: gzip
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=UA-127081483-1

142.250.74.168

200 OK

47 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=UA-127081483-1
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
http://103.4.144.218:9803/1552416562021332/02002?click_id=200PNKPucrKGY3XvmW8gGsk5e2Z6WYr2sR48T7rr59wa9ztaKLKc8HY2qqVbDzHyJ4MF7Q&publisher_id=1B6DbNJeZ&partner_name=Armorads
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintEB:A2:AF:B3:20:F1:B1:77:23:0B:85:D2:B1:16:33:A7:97:49:EE:51
ValidityMon, 08 May 2023 08:20:09 GMT - Mon, 31 Jul 2023 08:20:08 GMT

File type
ASCII text, with very long lines (2271)
Size
47 kB (46897 bytes)
Hash
9dc17780667987e44bc961759ae2b03d
cb3628e25f6f320676e74ad8190f137343adbb5d
3d7b2a26266597cdb1b52675ad734865ff06bd3ee81618ee92709a9b854ec346

HTTP Headers

GET /gtag/js?id=UA-127081483-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://103.4.144.218:9803/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 27 May 2023 17:58:41 GMT
expires: Sat, 27 May 2023 17:58:41 GMT
cache-control: private, max-age=900
last-modified: Sat, 27 May 2023 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 46897
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
b9a762a1e577f4b078f4ad3de865303f
87d0f23fd6fc8378d53f72301c4444b362e4f3c9
44773657e91b7a1facdbc5538fea70b8dea0e1cdc850f4ee3eaee0d84bb02088

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 27 May 2023 17:58:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

103.4.144.218:9803/favicon.ico

103.4.144.218

404 Not Found

44 B

URL GET HTTP/1.1
103.4.144.218:9803/favicon.ico
IP
103.4.144.218:9803
ASN
#9441 Next Online Limited.

Requested by
http://103.4.144.218:9803/1552416562021332/02002?click_id=200PNKPucrKGY3XvmW8gGsk5e2Z6WYr2sR48T7rr59wa9ztaKLKc8HY2qqVbDzHyJ4MF7Q&publisher_id=1B6DbNJeZ&partner_name=Armorads

File type
JSON data\012- , ASCII text, with no line terminators
Size
44 B (44 bytes)
Hash
80440c4b0220413b9de21aa83e8064f0
1296d18cc16a9039920d592769f6188d1a73a440
61b6f2399d5cd9251af376fddf2243e9ea802fbcda179698437c344ef6db8b32

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 103.4.144.218:9803
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://103.4.144.218:9803/1552416562021332/02002?click_id=200PNKPucrKGY3XvmW8gGsk5e2Z6WYr2sR48T7rr59wa9ztaKLKc8HY2qqVbDzHyJ4MF7Q&publisher_id=1B6DbNJeZ&partner_name=Armorads
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 27 May 2023 17:58:42 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 44
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: X-Requested-With
ETag: W/"2c-EpbRjMFqkDmSDVknafYYjRpzpEA"

103.4.144.218:9803/1552416562021332/thematic-banner-with-play.png

103.4.144.218

200 OK

5.7 MB

URL GET HTTP/1.1
103.4.144.218:9803/1552416562021332/thematic-banner-with-play.png
IP
103.4.144.218:9803
ASN
#9441 Next Online Limited.

Requested by
http://103.4.144.218:9803/1552416562021332/02002?click_id=200PNKPucrKGY3XvmW8gGsk5e2Z6WYr2sR48T7rr59wa9ztaKLKc8HY2qqVbDzHyJ4MF7Q&publisher_id=1B6DbNJeZ&partner_name=Armorads

File type
PNG image data, 2368 x 4228, 8-bit/color RGBA, non-interlaced\012- data
Size
5.7 MB (5720133 bytes)
Hash
23fa2de0288caad0ac0c2dc1cd6fee15
10360ae237b9a1943eb6b38149aadde3219f44b9
92309a1cf00885c6b663a57dfb04fa130c90a512343b0762613d4c2d10a3462e

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /1552416562021332/thematic-banner-with-play.png HTTP/1.1
Host: 103.4.144.218:9803
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://103.4.144.218:9803/1552416562021332/02002?click_id=200PNKPucrKGY3XvmW8gGsk5e2Z6WYr2sR48T7rr59wa9ztaKLKc8HY2qqVbDzHyJ4MF7Q&publisher_id=1B6DbNJeZ&partner_name=Armorads
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 27 May 2023 17:58:41 GMT
Content-Type: image/png
Content-Length: 5720133
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Tue, 18 Apr 2023 10:54:21 GMT
ETag: W/"574845-18794004f5b"

armorads.aftrad-visit.com/track/click?offer_id=5943&publisher_id=106&network_id=1&click_id=647244d0e79eb000011be005&source=228&subsource=

188.114.97.1

302 Found

1.0 kB

URL User Request GET HTTP/2
armorads.aftrad-visit.com/track/click?offer_id=5943&publisher_id=106&network_id=1&click_id=647244d0e79eb000011be005&source=228&subsource=
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectaftrad-visit.com
Fingerprint5A:99:10:33:2F:52:2C:29:72:6C:8E:B4:09:77:04:16:88:8E:E1:A0
ValiditySun, 16 Apr 2023 11:30:50 GMT - Sat, 15 Jul 2023 11:30:49 GMT

File type

Size
1.0 kB (1030 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /track/click?offer_id=5943&publisher_id=106&network_id=1&click_id=647244d0e79eb000011be005&source=228&subsource= HTTP/1.1
Host: armorads.aftrad-visit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Sat, 27 May 2023 17:58:40 GMT
content-type: text/html; charset=utf-8
location: http://103.4.144.218:9803/1552416562021332/02002?click_id=200PNKPucrKGY3XvmW8gGsk5e2Z6WYr2sR48T7rr59wa9ztaKLKc8HY2qqVbDzHyJ4MF7Q&publisher_id=1B6DbNJeZ&partner_name=Armorads
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=74AGWoOTFy6rhw2aTHhICNAhG6jKyeGozAAJLCCVR4wl4ObvUvf%2FspBNj1m1byK4xT6GkkVtJrK67iNKURJH6XiYD4gkVaS1vhUNlMwJe7UKuIZgZ%2FyPb7LpDrTKl%2BUqseaDN59VAkAIhvEK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ce025b88d4ab505-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (13)

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP