Report - r.bestadperf.com/v2/go?t=at4pc:4/2pe.1a6o3eecamcv7/a?d=2H4X1015004R3Ev5dWt6ezewa0pFY0l4RH_1xlyzHEZu=0&V=mP5c2NCd2UYVUcxIjSihUStZERYZ0LzplbYB3KUlHQQRzNJwHNBp3UyZWYjZFO3lmZP5Wb6VzM6Z0SzIlS0lTL1lDSYNDRlolMLZVe3xmO65kawhGTSlEVwpWVCZFTaFnM3o3aNx2WBZkV2F1RFZjRGlGN2x3M3BmaUBDT0lHVhAVbysVbVFGMrVWbsQ3YBBWcyYCazdmV5dWbv9UTjh0Yzh2eGEXYUpDK4FTbNtHbPFmQEQzcYo2QxBkZa8TMq8EeTNFOUN0ZnlEV2BWNvpTOk8EWEpjNTZDSThGSydmYxpDQuV0dzlET1plZFBWNThmYZI1cKZmOzpEYGpjNIVidYdUM6cGSv8ETzFFRMNWZ4RVTrQVMNJSR1YDQ2dkRYlneNZnQsgGQusUNXRVRqFGQSUVMPdmSMR2SyZmNCF0R2dEbSwTVY93StgmQvtGMRZjMOVEWrVTVQRDUOMzRFpGd0pnaZhFQS5GN49HbjcWR1tWW0MWaFRkb0VGLkZlW4N1KjNnZiszL3lzdkJHQLVzYx0mMvRHSqRGZ9MQW=hiYDpIblRfYMpYUnojS&xlYcgmVnRIT=c0Z0x0V0J2U2J9bce3r82a/co4.9r8d7ydi9a2/es4t3h&s=https://clcktrck.com/&e=1&ai=cf6894bc504346a794f062e6736b2b2f&sct=0&ct=1741209374011&cu=92cd3a87acca4e938671de9224ec443a&cs=d66f370b5a28c0134f8d820cbf3c2352

Report Overview

Visited public
2025-03-05 21:17:22
Tags
URL
r.bestadperf.com/v2/go?t=at4pc:4/2pe.1a6o3eecamcv7/a?d=2H4X1015004R3Ev5dWt6ezewa0pFY0l4RH_1xlyzHEZu=0&V=mP5c2NCd2UYVUcxIjSihUStZERYZ0LzplbYB3KUlHQQRzNJwHNBp3UyZWYjZFO3lmZP5Wb6VzM6Z0SzIlS0lTL1lDSYNDRlolMLZVe3xmO65kawhGTSlEVwpWVCZFTaFnM3o3aNx2WBZkV2F1RFZjRGlGN2x3M3BmaUBDT0lHVhAVbysVbVFGMrVWbsQ3YBBWcyYCazdmV5dWbv9UTjh0Yzh2eGEXYUpDK4FTbNtHbPFmQEQzcYo2QxBkZa8TMq8EeTNFOUN0ZnlEV2BWNvpTOk8EWEpjNTZDSThGSydmYxpDQuV0dzlET1plZFBWNThmYZI1cKZmOzpEYGpjNIVidYdUM6cGSv8ETzFFRMNWZ4RVTrQVMNJSR1YDQ2dkRYlneNZnQsgGQusUNXRVRqFGQSUVMPdmSMR2SyZmNCF0R2dEbSwTVY93StgmQvtGMRZjMOVEWrVTVQRDUOMzRFpGd0pnaZhFQS5GN49HbjcWR1tWW0MWaFRkb0VGLkZlW4N1KjNnZiszL3lzdkJHQLVzYx0mMvRHSqRGZ9MQW=hiYDpIblRfYMpYUnojS&xlYcgmVnRIT=c0Z0x0V0J2U2J9bce3r82a/co4.9r8d7ydi9a2/es4t3h&s=https://clcktrck.com/&e=1&ai=cf6894bc504346a794f062e6736b2b2f&sct=0&ct=1741209374011&cu=92cd3a87acca4e938671de9224ec443a&cs=d66f370b5a28c0134f8d820cbf3c2352
Finishing URL
r.bestadperf.com/v2/0tupE:z/lp1.Ha4o0eFc0mwvz/6?W=5HEXR005014134v2ddtae7ecaapeY3l6R1_ex2y4HcZ4=a
IP / ASN
18.202.86.139
#16509 AMAZON-02
Title
HTTP Status 404 – Not Found

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r.bestadperf.com	unknown	2023-11-24	2024-01-31	2025-02-27	3.4 kB	3.5 kB	63.33.119.172

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

Scan Date	Severity	Indicator	Alert
2025-02-06	medium	r.bestadperf.com	Lumma Stealer
2025-02-06	medium	r.bestadperf.com	Lumma Stealer

JavaScript (0)

HTTP Transactions (3)

URL IP Response Size

GET r.bestadperf.com/v2/go?t=at4pc:4/2pe.1a6o3eecamcv7/a?d=2H4X1015004R3Ev5dWt6ezewa0pFY0l4RH_1xlyzHEZu=0&V=mP5c2NCd2UYVUcxIjSihUStZERYZ0LzplbYB3KUlHQQRzNJwHNBp3UyZWYjZFO3lmZP5Wb6VzM6Z0SzIlS0lTL1lDSYNDRlolMLZVe3xmO65kawhGTSlEVwpWVCZFTaFnM3o3aNx2WBZkV2F1RFZjRGlGN2x3M3BmaUBDT0lHVhAVbysVbVFGMrVWbsQ3YBBWcyYCazdmV5dWbv9UTjh0Yzh2eGEXYUpDK4FTbNtHbPFmQEQzcYo2QxBkZa8TMq8EeTNFOUN0ZnlEV2BWNvpTOk8EWEpjNTZDSThGSydmYxpDQuV0dzlET1plZFBWNThmYZI1cKZmOzpEYGpjNIVidYdUM6cGSv8ETzFFRMNWZ4RVTrQVMNJSR1YDQ2dkRYlneNZnQsgGQusUNXRVRqFGQSUVMPdmSMR2SyZmNCF0R2dEbSwTVY93StgmQvtGMRZjMOVEWrVTVQRDUOMzRFpGd0pnaZhFQS5GN49HbjcWR1tWW0MWaFRkb0VGLkZlW4N1KjNnZiszL3lzdkJHQLVzYx0mMvRHSqRGZ9MQW=hiYDpIblRfYMpYUnojS&xlYcgmVnRIT=c0Z0x0V0J2U2J9bce3r82a/co4.9r8d7ydi9a2/es4t3h&s=https://clcktrck.com/&e=1&ai=cf6894bc504346a794f062e6736b2b2f&sct=0&ct=1741209374011&cu=92cd3a87acca4e938671de9224ec443a&cs=d66f370b5a28c0134f8d820cbf3c2352

63.33.119.172

200 OK

1.3 kB

URL User Request GET
r.bestadperf.com/v2/go?t=at4pc:4/2pe.1a6o3eecamcv7/a?d=2H4X1015004R3Ev5dWt6ezewa0pFY0l4RH_1xlyzHEZu=0&V=mP5c2NCd2UYVUcxIjSihUStZERYZ0LzplbYB3KUlHQQRzNJwHNBp3UyZWYjZFO3lmZP5Wb6VzM6Z0SzIlS0lTL1lDSYNDRlolMLZVe3xmO65kawhGTSlEVwpWVCZFTaFnM3o3aNx2WBZkV2F1RFZjRGlGN2x3M3BmaUBDT0lHVhAVbysVbVFGMrVWbsQ3YBBWcyYCazdmV5dWbv9UTjh0Yzh2eGEXYUpDK4FTbNtHbPFmQEQzcYo2QxBkZa8TMq8EeTNFOUN0ZnlEV2BWNvpTOk8EWEpjNTZDSThGSydmYxpDQuV0dzlET1plZFBWNThmYZI1cKZmOzpEYGpjNIVidYdUM6cGSv8ETzFFRMNWZ4RVTrQVMNJSR1YDQ2dkRYlneNZnQsgGQusUNXRVRqFGQSUVMPdmSMR2SyZmNCF0R2dEbSwTVY93StgmQvtGMRZjMOVEWrVTVQRDUOMzRFpGd0pnaZhFQS5GN49HbjcWR1tWW0MWaFRkb0VGLkZlW4N1KjNnZiszL3lzdkJHQLVzYx0mMvRHSqRGZ9MQW=hiYDpIblRfYMpYUnojS&xlYcgmVnRIT=c0Z0x0V0J2U2J9bce3r82a/co4.9r8d7ydi9a2/es4t3h&s=https://clcktrck.com/&e=1&ai=cf6894bc504346a794f062e6736b2b2f&sct=0&ct=1741209374011&cu=92cd3a87acca4e938671de9224ec443a&cs=d66f370b5a28c0134f8d820cbf3c2352
IP
63.33.119.172:443
ASN
#16509 AMAZON-02

Certificate
IssuerLet's Encrypt
Subjectlinksprf.com
Fingerprint71:03:11:6C:93:38:12:48:58:1C:32:ED:44:18:F4:88:C2:15:85:B1
ValidityFri, 17 Jan 2025 06:14:21 GMT - Thu, 17 Apr 2025 06:14:20 GMT

File type
HTML document, ASCII text, with very long lines (1346), with no line terminators
Size
1.3 kB (1301 bytes)
Hash
a66d89456a7813a5cae09ed5d42e7a17
355edf85985405020d860f4ce913890e145b4b71
086c3a01929e0e48c0133ea883d0ba5de3906ff27abeffe28edf2165a27bdba2

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Lumma Stealer

HTTP Headers

GET /v2/go?t=at4pc:4/2pe.1a6o3eecamcv7/a?d=2H4X1015004R3Ev5dWt6ezewa0pFY0l4RH_1xlyzHEZu=0&V=mP5c2NCd2UYVUcxIjSihUStZERYZ0LzplbYB3KUlHQQRzNJwHNBp3UyZWYjZFO3lmZP5Wb6VzM6Z0SzIlS0lTL1lDSYNDRlolMLZVe3xmO65kawhGTSlEVwpWVCZFTaFnM3o3aNx2WBZkV2F1RFZjRGlGN2x3M3BmaUBDT0lHVhAVbysVbVFGMrVWbsQ3YBBWcyYCazdmV5dWbv9UTjh0Yzh2eGEXYUpDK4FTbNtHbPFmQEQzcYo2QxBkZa8TMq8EeTNFOUN0ZnlEV2BWNvpTOk8EWEpjNTZDSThGSydmYxpDQuV0dzlET1plZFBWNThmYZI1cKZmOzpEYGpjNIVidYdUM6cGSv8ETzFFRMNWZ4RVTrQVMNJSR1YDQ2dkRYlneNZnQsgGQusUNXRVRqFGQSUVMPdmSMR2SyZmNCF0R2dEbSwTVY93StgmQvtGMRZjMOVEWrVTVQRDUOMzRFpGd0pnaZhFQS5GN49HbjcWR1tWW0MWaFRkb0VGLkZlW4N1KjNnZiszL3lzdkJHQLVzYx0mMvRHSqRGZ9MQW=hiYDpIblRfYMpYUnojS&xlYcgmVnRIT=c0Z0x0V0J2U2J9bce3r82a/co4.9r8d7ydi9a2/es4t3h&s=https://clcktrck.com/&e=1&ai=cf6894bc504346a794f062e6736b2b2f&sct=0&ct=1741209374011&cu=92cd3a87acca4e938671de9224ec443a&cs=d66f370b5a28c0134f8d820cbf3c2352 HTTP/1.1
Host: r.bestadperf.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 05 Mar 2025 21:17:02 GMT
content-type: text/html;charset=UTF-8
content-length: 1301
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

GET r.bestadperf.com/v2/0tupE:z/lp1.Ha4o0eFc0mwvz/6?W=5HEXR005014134v2ddtae7ecaapeY3l6R1_ex2y4HcZ4=a

63.33.119.172

404 Not Found

794 B

URL User Request GET
r.bestadperf.com/v2/0tupE:z/lp1.Ha4o0eFc0mwvz/6?W=5HEXR005014134v2ddtae7ecaapeY3l6R1_ex2y4HcZ4=a
IP
63.33.119.172:443
ASN
#16509 AMAZON-02

Certificate
IssuerLet's Encrypt
Subjectlinksprf.com
Fingerprint71:03:11:6C:93:38:12:48:58:1C:32:ED:44:18:F4:88:C2:15:85:B1
ValidityFri, 17 Jan 2025 06:14:21 GMT - Thu, 17 Apr 2025 06:14:20 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (798), with no line terminators
Size
794 B (794 bytes)
Hash
796ef4242eca1c1d3dbd42ec93c31fdd
e191b5f949f53a3356e9b783548abe9738a293ca
0f22a5dfeef6919d0829a40aabb13e69704ac704977e0b61e0186ae5911ea49d

HTTP Headers

GET /v2/0tupE:z/lp1.Ha4o0eFc0mwvz/6?W=5HEXR005014134v2ddtae7ecaapeY3l6R1_ex2y4HcZ4=a HTTP/1.1
Host: r.bestadperf.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://r.bestadperf.com/v2/go?t=at4pc:4/2pe.1a6o3eecamcv7/a?d=2H4X1015004R3Ev5dWt6ezewa0pFY0l4RH_1xlyzHEZu=0&V=mP5c2NCd2UYVUcxIjSihUStZERYZ0LzplbYB3KUlHQQRzNJwHNBp3UyZWYjZFO3lmZP5Wb6VzM6Z0SzIlS0lTL1lDSYNDRlolMLZVe3xmO65kawhGTSlEVwpWVCZFTaFnM3o3aNx2WBZkV2F1RFZjRGlGN2x3M3BmaUBDT0lHVhAVbysVbVFGMrVWbsQ3YBBWcyYCazdmV5dWbv9UTjh0Yzh2eGEXYUpDK4FTbNtHbPFmQEQzcYo2QxBkZa8TMq8EeTNFOUN0ZnlEV2BWNvpTOk8EWEpjNTZDSThGSydmYxpDQuV0dzlET1plZFBWNThmYZI1cKZmOzpEYGpjNIVidYdUM6cGSv8ETzFFRMNWZ4RVTrQVMNJSR1YDQ2dkRYlneNZnQsgGQusUNXRVRqFGQSUVMPdmSMR2SyZmNCF0R2dEbSwTVY93StgmQvtGMRZjMOVEWrVTVQRDUOMzRFpGd0pnaZhFQS5GN49HbjcWR1tWW0MWaFRkb0VGLkZlW4N1KjNnZiszL3lzdkJHQLVzYx0mMvRHSqRGZ9MQW=hiYDpIblRfYMpYUnojS&xlYcgmVnRIT=c0Z0x0V0J2U2J9bce3r82a/co4.9r8d7ydi9a2/es4t3h&s=https://clcktrck.com/&e=1&ai=cf6894bc504346a794f062e6736b2b2f&sct=0&ct=1741209374011&cu=92cd3a87acca4e938671de9224ec443a&cs=d66f370b5a28c0134f8d820cbf3c2352
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
date: Wed, 05 Mar 2025 21:17:02 GMT
content-type: text/html;charset=utf-8
content-length: 794
content-language: en
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

GET r.bestadperf.com/favicon.ico

63.33.119.172

404 Not Found

763 B

URL GET
r.bestadperf.com/favicon.ico
IP
63.33.119.172:443
ASN
#16509 AMAZON-02

Requested by
https://r.bestadperf.com/v2/0tupE:z/lp1.Ha4o0eFc0mwvz/6?W=5HEXR005014134v2ddtae7ecaapeY3l6R1_ex2y4HcZ4=a
Certificate
IssuerLet's Encrypt
Subjectlinksprf.com
Fingerprint71:03:11:6C:93:38:12:48:58:1C:32:ED:44:18:F4:88:C2:15:85:B1
ValidityFri, 17 Jan 2025 06:14:21 GMT - Thu, 17 Apr 2025 06:14:20 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (767), with no line terminators
Size
763 B (763 bytes)
Hash
c6410a17bd19d90bb4c7e5372eaa754d
fca18a1cca06ca19db39d1398ce8ead0774cb61b
5160ced3fc2f46a0163a1999129b174f3dd6970df68712f26a9521d659f2b4a7

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Lumma Stealer

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: r.bestadperf.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://r.bestadperf.com/v2/0tupE:z/lp1.Ha4o0eFc0mwvz/6?W=5HEXR005014134v2ddtae7ecaapeY3l6R1_ex2y4HcZ4=a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
date: Wed, 05 Mar 2025 21:17:02 GMT
content-type: text/html;charset=utf-8
content-length: 763
content-language: en
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (3)

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers