Report - rb.gy/dp0ibu

Report Overview

Visited public
2023-12-05 22:46:54
Tags
URL
rb.gy/dp0ibu
Finishing URL
user.traffics.online/disabled.html
IP / ASN
44.207.55.129
#14618 AMAZON-AES
Title
Disabled

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
user.traffics.online	unknown	unknown	No data	No data	1.3 kB	758 B	35.204.193.90
rb.gy	103780	2019-09-17	2019-10-11 21:55:07	2023-12-05 05:35:00	478 B	274 B	44.207.55.129
freehotgirl.us	unknown	unknown	No data	No data	397 B	377 B	162.255.119.159
pb.pub-lic-o.com	unknown	2023-03-27	2023-03-29 11:36:00	2023-10-15 23:31:58	445 B	2.1 kB	172.67.190.63

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-12-05 22:46:43	low	44.207.55.129	Client IP	ET INFO Observed URL Shortening Service SSL/TLS Cert (rb.gy)
2023-12-05 22:46:53	low	162.255.119.159	Client IP	ET INFO Namecheap URL Forward

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (6)

URL IP Response Size

rb.gy/dp0ibu

44.207.55.129

301 Moved Permanently

0 B

URL User Request GET HTTP/2
rb.gy/dp0ibu
IP
44.207.55.129:443
ASN
#14618 AMAZON-AES

Certificate
IssuerAmazon
Subjectrb.gy
FingerprintDB:A6:0C:96:5D:05:26:D6:95:BF:CD:A8:79:39:3C:DA:CC:7E:93:A5
ValiditySat, 19 Aug 2023 00:00:00 GMT - Mon, 16 Sep 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /dp0ibu HTTP/1.1
Host: rb.gy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Tue, 05 Dec 2023 22:46:37 GMT
content-length: 0
location: http://freehotgirl.us/
cache-control: no-cache, no-store
expires: -1
engine: Rebrandly.redirect, version 2.1
strict-transport-security: max-age=15552000
X-Firefox-Spdy: h2

freehotgirl.us/

162.255.119.159

302 Found

93 B

URL User Request GET HTTP/1.1
freehotgirl.us/
IP
162.255.119.159:80
ASN
#22612 NAMECHEAP-NET

File type
HTML document, ASCII text
Size
93 B (93 bytes)
Hash
813a39d4909bc21c33917b63ef9144c3
c7d061f8b38b4a5f96b6d91e52c1648de6bc42fb
4cbafc2318cce70ff081175b135c7a4c4e2bc449c4789a4757df8f05425fced2

Detections

NIDS	Severity	Alert
suricata	low	ET INFO Namecheap URL Forward

HTTP Headers

GET / HTTP/1.1
Host: freehotgirl.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Date: Tue, 05 Dec 2023 22:46:37 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 93
Connection: keep-alive
Location: http://pb.pub-lic-o.com/track/masum50.457873.1168.1188.0.0.0.0.0.0.0.0
X-Served-By: Namecheap URL Forward
Server: namecheap-nginx

pb.pub-lic-o.com/track/masum50.457873.1168.1188.0.0.0.0.0.0.0.0

172.67.190.63

302 Found

0 B

URL User Request GET HTTP/1.1
pb.pub-lic-o.com/track/masum50.457873.1168.1188.0.0.0.0.0.0.0.0
IP
172.67.190.63:80
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /track/masum50.457873.1168.1188.0.0.0.0.0.0.0.0 HTTP/1.1
Host: pb.pub-lic-o.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Date: Tue, 05 Dec 2023 22:46:38 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: AWSALB=7tDbdYK1YZS0pJdpe6/jgDfJUKyUb+55kGvRBpl9if9wH279T6FpZDOavPHrOnzaSXkL4JmeaX1nEA8GjVhmeVbqpGiBTpbRyDxiyYkFMWpJFp5bnTuIG0KN1jaf; Expires=Tue, 12 Dec 2023 22:46:37 GMT; Path=/
AWSALBCORS=7tDbdYK1YZS0pJdpe6/jgDfJUKyUb+55kGvRBpl9if9wH279T6FpZDOavPHrOnzaSXkL4JmeaX1nEA8GjVhmeVbqpGiBTpbRyDxiyYkFMWpJFp5bnTuIG0KN1jaf; Expires=Tue, 12 Dec 2023 22:46:37 GMT; Path=/; SameSite=None
PHPSESSID=n4usaji9pjm3ligsbeg9nr1hc6; path=/
offerit_unique_761_1168_1188=masum50.457873.1168.1188.0.0.0.0.0.0.0.0; Max-Age=86400; Expires=Wednesday, 06 Dec 2023 23:46:37 CET; path=/; domain=pub-lic-o.com
ocode_761_1188=masum50.457873.1168.1188.0.0.0.0.0.0.0.0; Max-Age=2592000; Expires=Thursday, 04 Jan 2024 23:46:37 CET; path=/; domain=pub-lic-o.com
ocode_761=masum50.457873.1168.1188.0.0.0.0.0.0.0.0; Max-Age=2592000; Expires=Thursday, 04 Jan 2024 23:46:37 CET; path=/; domain=pub-lic-o.com
offerit_761_1188_cookie=No+Referring+URL; Max-Age=2592000; Expires=Thursday, 04 Jan 2024 23:46:37 CET; path=/; domain=pub-lic-o.com
offerit_761_1188=masum50.457873.1168.1188.0.0.0.0.0.0.0.0|||1656fa84df20f22.32670323; Max-Age=2592000; Expires=Thursday, 04 Jan 2024 23:46:37 CET; path=/; domain=pub-lic-o.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Access-Control-Allow-Origin: *
Location: http://user.traffics.online/click?pid=98&offer_id=1280&l=1675011577&sub1=1656fa84df20f22.32670323&sub2=2780-aff_sub&ocode=masum50.457873.1168.1188.0.0.0.0.0.0.0.0
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XYjENOqqPPkPumyhgqeYSsjl8NRmx70NXCbcLdM46tFwfjXFzSucjtd54kC3GTxP2OtX7kdvyTtfR34GM%2FTsDNx8%2BNJWY52umadzh7vwjCqGdB%2FQmU%2BfIR4Xtjt6Vce58jYD"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 830fd3858a3f0b59-OSL
alt-svc: h2=":443"; ma=60

user.traffics.online/click?pid=98&offer_id=1280&l=1675011577&sub1=1656fa84df20f22.32670323&sub2=2780-aff_sub&ocode=masum50.457873.1168.1188.0.0.0.0.0.0.0.0

35.204.193.90

302 Found

0 B

URL User Request GET HTTP/1.1
user.traffics.online/click?pid=98&offer_id=1280&l=1675011577&sub1=1656fa84df20f22.32670323&sub2=2780-aff_sub&ocode=masum50.457873.1168.1188.0.0.0.0.0.0.0.0
IP
35.204.193.90:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /click?pid=98&offer_id=1280&l=1675011577&sub1=1656fa84df20f22.32670323&sub2=2780-aff_sub&ocode=masum50.457873.1168.1188.0.0.0.0.0.0.0.0 HTTP/1.1
Host: user.traffics.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Tue, 05 Dec 2023 22:46:38 GMT
Content-Length: 0
Connection: keep-alive
Location: http://user.traffics.online/disabled.html
Access-Control-Allow-Origin: *

user.traffics.online/disabled.html

35.204.193.90

200 OK

91 B

URL User Request GET HTTP/1.1
user.traffics.online/disabled.html
IP
35.204.193.90:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
91 B (91 bytes)
Hash
ad39f5822eab86877c00487b7c5ae280
a9aa06e62b21565387dbf87fef61d8dfd9734e4a
b7413baf6c8d815f06ac626010aa7c4eff83b4f3ab3fa3cfd4c50cb533b5cf08

HTTP Headers

GET /disabled.html HTTP/1.1
Host: user.traffics.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 05 Dec 2023 22:46:38 GMT
Content-Type: text/html
Last-Modified: Thu, 26 May 2022 14:56:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"628f9513-6f"
Content-Encoding: gzip

user.traffics.online/favicon.ico

35.204.193.90

200 OK

0 B

URL GET HTTP/1.1
user.traffics.online/favicon.ico
IP
35.204.193.90:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://user.traffics.online/disabled.html

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: user.traffics.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://user.traffics.online/disabled.html
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 05 Dec 2023 22:46:38 GMT
Content-Type: image/x-icon
Content-Length: 0
Last-Modified: Thu, 26 May 2022 14:56:25 GMT
Connection: keep-alive
ETag: "628f9519-0"
Accept-Ranges: bytes

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (6)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

HTTP Headers