Report - www.profitablecpmrate.com/api/users?in=false&pii=true&token=L2t5eTE5NjZ5P2tleT03MmY0Njc2ZGEzZTUxYjc0YjNjOGQ1OTRkOWNkNmIyMSZwc3Q9MTczMDExOTg5OSZyZWZlcj1odHRwcyUzQSUyRiUyRm5pY29tYW5nYS5jb20lMkYmcm10Yz10JnNodT03OTUwYzQ0MmRmMDhlMzFhNjA0MjYwMDg3MDIyNzNiNGNiZDQ1ZDk0OTA4ZDc5ZGU0MTk1ZmRiMzNkMzEwMGFiM2Q1MDM0NTA3YTFjMzFhMDE3NDVjNDQ5OTZlMzEzYWZhYmM1OWI4MDdlMjA2ODY1MTZhNDIwOWQ3MmM4ODQxZGFjZTExZTRhNTUwMTUyMzhiZTY1MWNmY2FjOWQxMDVkODQyMGQ2ZWQ0NzUxNzA2OGRl&uuid=

Report Overview

Visited public
2024-10-28 22:59:44
Tags
URL
www.profitablecpmrate.com/api/users?in=false&pii=true&token=L2t5eTE5NjZ5P2tleT03MmY0Njc2ZGEzZTUxYjc0YjNjOGQ1OTRkOWNkNmIyMSZwc3Q9MTczMDExOTg5OSZyZWZlcj1odHRwcyUzQSUyRiUyRm5pY29tYW5nYS5jb20lMkYmcm10Yz10JnNodT03OTUwYzQ0MmRmMDhlMzFhNjA0MjYwMDg3MDIyNzNiNGNiZDQ1ZDk0OTA4ZDc5ZGU0MTk1ZmRiMzNkMzEwMGFiM2Q1MDM0NTA3YTFjMzFhMDE3NDVjNDQ5OTZlMzEzYWZhYmM1OWI4MDdlMjA2ODY1MTZhNDIwOWQ3MmM4ODQxZGFjZTExZTRhNTUwMTUyMzhiZTY1MWNmY2FjOWQxMDVkODQyMGQ2ZWQ0NzUxNzA2OGRl&uuid=
Finishing URL
vaigreevouta.xyz/policy-sweep-check.htm?offer_id=99275599&geo=NO&oaid=008103c0562447a5fc573ed2b2cb9b9d&s=874901795359690812&z=8268572&b=21546778&var=96&campaignid=14083&utm_campaign=96&utm_medium=8268572&utm_source=zd_14083&utm_term=21546778&utm_content=zd_public_v2&country=NO
IP / ASN
172.240.108.76
#7979 SERVERS-COM
Title
404 Not Found

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.profitablecpmrate.com	unknown	2024-10-15	2024-10-23	2024-10-23	3.5 kB	5.5 kB	192.243.61.225
w0we.com	unknown	2022-04-18	2024-10-28	2024-10-28	866 B	556 B	172.64.151.218
ak.rousnoveron.com	unknown	2024-09-27	2024-10-22	2024-10-22	4.4 kB	22 kB	23.36.77.104
my.rtmark.net	9054	2014-10-29	2015-02-04	2024-10-23	529 B	678 B	139.45.195.8
vaigreevouta.xyz	unknown	2024-10-15	2024-10-20	2024-10-27	1.4 kB	9.1 kB	188.114.96.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Mnemonic Secure DNS

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-10-28	medium	rousnoveron.com	Sinkholed
2024-10-28	medium	rousnoveron.com	Sinkholed
2024-10-28	medium	rousnoveron.com	Sinkholed
2024-10-28	medium	rousnoveron.com	Sinkholed
2024-10-28	medium	rousnoveron.com	Sinkholed
2024-10-28	medium	rousnoveron.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (13)

URL IP Response Size

www.profitablecpmrate.com/api/users?in=false&pii=true&token=L2t5eTE5NjZ5P2tleT03MmY0Njc2ZGEzZTUxYjc0YjNjOGQ1OTRkOWNkNmIyMSZwc3Q9MTczMDExOTg5OSZyZWZlcj1odHRwcyUzQSUyRiUyRm5pY29tYW5nYS5jb20lMkYmcm10Yz10JnNodT03OTUwYzQ0MmRmMDhlMzFhNjA0MjYwMDg3MDIyNzNiNGNiZDQ1ZDk0OTA4ZDc5ZGU0MTk1ZmRiMzNkMzEwMGFiM2Q1MDM0NTA3YTFjMzFhMDE3NDVjNDQ5OTZlMzEzYWZhYmM1OWI4MDdlMjA2ODY1MTZhNDIwOWQ3MmM4ODQxZGFjZTExZTRhNTUwMTUyMzhiZTY1MWNmY2FjOWQxMDVkODQyMGQ2ZWQ0NzUxNzA2OGRl&uuid=

192.243.61.225

307 Temporary Redirect

0 B

URL
www.profitablecpmrate.com/api/users?in=false&pii=true&token=L2t5eTE5NjZ5P2tleT03MmY0Njc2ZGEzZTUxYjc0YjNjOGQ1OTRkOWNkNmIyMSZwc3Q9MTczMDExOTg5OSZyZWZlcj1odHRwcyUzQSUyRiUyRm5pY29tYW5nYS5jb20lMkYmcm10Yz10JnNodT03OTUwYzQ0MmRmMDhlMzFhNjA0MjYwMDg3MDIyNzNiNGNiZDQ1ZDk0OTA4ZDc5ZGU0MTk1ZmRiMzNkMzEwMGFiM2Q1MDM0NTA3YTFjMzFhMDE3NDVjNDQ5OTZlMzEzYWZhYmM1OWI4MDdlMjA2ODY1MTZhNDIwOWQ3MmM4ODQxZGFjZTExZTRhNTUwMTUyMzhiZTY1MWNmY2FjOWQxMDVkODQyMGQ2ZWQ0NzUxNzA2OGRl&uuid=
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /api/users?in=false&pii=true&token=L2t5eTE5NjZ5P2tleT03MmY0Njc2ZGEzZTUxYjc0YjNjOGQ1OTRkOWNkNmIyMSZwc3Q9MTczMDExOTg5OSZyZWZlcj1odHRwcyUzQSUyRiUyRm5pY29tYW5nYS5jb20lMkYmcm10Yz10JnNodT03OTUwYzQ0MmRmMDhlMzFhNjA0MjYwMDg3MDIyNzNiNGNiZDQ1ZDk0OTA4ZDc5ZGU0MTk1ZmRiMzNkMzEwMGFiM2Q1MDM0NTA3YTFjMzFhMDE3NDVjNDQ5OTZlMzEzYWZhYmM1OWI4MDdlMjA2ODY1MTZhNDIwOWQ3MmM4ODQxZGFjZTExZTRhNTUwMTUyMzhiZTY1MWNmY2FjOWQxMDVkODQyMGQ2ZWQ0NzUxNzA2OGRl&uuid= HTTP/1.1
Host: www.profitablecpmrate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Mon, 28 Oct 2024 22:59:20 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://www.profitablecpmrate.com/api/users?token=L2t5eTE5NjZ5P2tleT03MmY0Njc2ZGEzZTUxYjc0YjNjOGQ1OTRkOWNkNmIyMSZyZWZlcj1odHRwcyUzQSUyRiUyRm5pY29tYW5nYS5jb20lMkYmZGxydD10
Set-Cookie: u_pl24695921=1; expires=Tue, 29 Oct 2024 22:59:20 GMT; path=/
Host: www.profitablecpmrate.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 44ac122d5543a68387a650ebaf3f6f61
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

www.profitablecpmrate.com/api/users?token=L2t5eTE5NjZ5P2tleT03MmY0Njc2ZGEzZTUxYjc0YjNjOGQ1OTRkOWNkNmIyMSZyZWZlcj1odHRwcyUzQSUyRiUyRm5pY29tYW5nYS5jb20lMkYmZGxydD10

192.243.61.225

200 OK

1.3 kB

URL
www.profitablecpmrate.com/api/users?token=L2t5eTE5NjZ5P2tleT03MmY0Njc2ZGEzZTUxYjc0YjNjOGQ1OTRkOWNkNmIyMSZyZWZlcj1odHRwcyUzQSUyRiUyRm5pY29tYW5nYS5jb20lMkYmZGxydD10
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type
JavaScript source, ASCII text, with very long lines (445)
Size
1.3 kB (1345 bytes)
Hash
f28941c43770e1ed7517dc92902b6ac7
7d6e0a2d9a512ca2daec87badd55c98cc7366702
32bdbea27c76d392f119243bfd6237068d13c67b448a5b458c265b0aaa245cb7

HTTP Headers

GET /api/users?token=L2t5eTE5NjZ5P2tleT03MmY0Njc2ZGEzZTUxYjc0YjNjOGQ1OTRkOWNkNmIyMSZyZWZlcj1odHRwcyUzQSUyRiUyRm5pY29tYW5nYS5jb20lMkYmZGxydD10 HTTP/1.1
Host: www.profitablecpmrate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: u_pl24695921=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 28 Oct 2024 22:59:20 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyNDY5NTkyMSwiayI6IjcyZjQ2NzZkYTNlNTFiNzRiM2M4ZDU5NGQ5Y2Q2YjIxIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMDU2MjUwLCJwaWQiOjU4MTIwMiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozOCwiYWlkIjoyOCwicHQiOjQsInBrIjoia3l5MTk2NnkiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6ZmFsc2UsInIiOiJodHRwczovL25pY29tYW5nYS5jb20vIiwiYXIiOltdfX0.H3zFoiVsCXGQ2kTichJfSmmJ7SaUbD5iUv-u0bkQKAk; expires=Mon, 28 Oct 2024 23:00:20 GMT; path=/
Host: www.profitablecpmrate.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 9d238916eca33453d87ed731f9b42dcf
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

www.profitablecpmrate.com/api/users?token=L2t5eTE5NjZ5P2RscnQ9dCZrZXk9NzJmNDY3NmRhM2U1MWI3NGIzYzhkNTk0ZDljZDZiMjEmcHN0PTE3MzAxNTY0MjAmcmVmZXI9aHR0cHMlM0ElMkYlMkZuaWNvbWFuZ2EuY29tJTJGJnJtdGM9dCZzaHU9MjdmMjMyZDBlMzQ2YmNkZjcwZTA2YzE0NDNjNWJkODc5MjNjNjMyMjk3NDFhOGViYTdkZjNjOTVlZmVjNGMyMTJkZDdkYWEyYjA0MzEyNjgwNzJiMzY0MWVmYjc1NmM4ODE1YWJiMTVhNTNjN2JiY2UyNTNmNmYwNTRkMzkzZjY0OTQ3MzY3NGZhZmQwMmNhZmI0YzYzNWUxMmFiYjBjMTBmY2ViMWVhZGE0OWUyMTU4MWNj&in=false&uuid=&pii=

192.243.59.20

302 Found

0 B

URL
www.profitablecpmrate.com/api/users?token=L2t5eTE5NjZ5P2RscnQ9dCZrZXk9NzJmNDY3NmRhM2U1MWI3NGIzYzhkNTk0ZDljZDZiMjEmcHN0PTE3MzAxNTY0MjAmcmVmZXI9aHR0cHMlM0ElMkYlMkZuaWNvbWFuZ2EuY29tJTJGJnJtdGM9dCZzaHU9MjdmMjMyZDBlMzQ2YmNkZjcwZTA2YzE0NDNjNWJkODc5MjNjNjMyMjk3NDFhOGViYTdkZjNjOTVlZmVjNGMyMTJkZDdkYWEyYjA0MzEyNjgwNzJiMzY0MWVmYjc1NmM4ODE1YWJiMTVhNTNjN2JiY2UyNTNmNmYwNTRkMzkzZjY0OTQ3MzY3NGZhZmQwMmNhZmI0YzYzNWUxMmFiYjBjMTBmY2ViMWVhZGE0OWUyMTU4MWNj&in=false&uuid=&pii=
IP
192.243.59.20:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /api/users?token=L2t5eTE5NjZ5P2RscnQ9dCZrZXk9NzJmNDY3NmRhM2U1MWI3NGIzYzhkNTk0ZDljZDZiMjEmcHN0PTE3MzAxNTY0MjAmcmVmZXI9aHR0cHMlM0ElMkYlMkZuaWNvbWFuZ2EuY29tJTJGJnJtdGM9dCZzaHU9MjdmMjMyZDBlMzQ2YmNkZjcwZTA2YzE0NDNjNWJkODc5MjNjNjMyMjk3NDFhOGViYTdkZjNjOTVlZmVjNGMyMTJkZDdkYWEyYjA0MzEyNjgwNzJiMzY0MWVmYjc1NmM4ODE1YWJiMTVhNTNjN2JiY2UyNTNmNmYwNTRkMzkzZjY0OTQ3MzY3NGZhZmQwMmNhZmI0YzYzNWUxMmFiYjBjMTBmY2ViMWVhZGE0OWUyMTU4MWNj&in=false&uuid=&pii= HTTP/1.1
Host: www.profitablecpmrate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.profitablecpmrate.com/api/users?token=L2t5eTE5NjZ5P2tleT05Y2E2MDFhOWY0N2M3MzVkZjc2ZDVjYTQ2ZmEyNmE2NiZzdWJtZXRyaWM9MjQ2OTU5MjE
Cookie: u_pl24695921=1; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyNDY5NTkyMSwiayI6IjcyZjQ2NzZkYTNlNTFiNzRiM2M4ZDU5NGQ5Y2Q2YjIxIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMDU2MjUwLCJwaWQiOjU4MTIwMiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozOCwiYWlkIjoyOCwicHQiOjQsInBrIjoia3l5MTk2NnkiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6ZmFsc2UsInIiOiJodHRwczovL25pY29tYW5nYS5jb20vIiwiYXIiOltdfX0.H3zFoiVsCXGQ2kTichJfSmmJ7SaUbD5iUv-u0bkQKAk; cjs=t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.19.5
Date: Mon, 28 Oct 2024 22:59:21 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://w0we.com/click?key=4790b6ff84d959f38ee5&SUB_ID_SHORT=44aad0a7ade8bb778decfc5e9ee6f8d7&COST_CPC=&PLACEMENT_ID=24695921&CAMPAIGN_ID=1149499&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Linux&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&REMOTE_LANGUAGE=11&BANNER_ID=3176649
Set-Cookie: iprc75e2fe429d7dad827bf5b13045fee0bf=5647022; expires=Tue, 29 Oct 2024 22:59:21 GMT; path=/
pdhtkv=true; expires=Tue, 29 Oct 2024 22:59:21 GMT; path=/
uncs=1; expires=Tue, 29 Oct 2024 22:59:21 GMT; path=/
pdhtkv28=true; expires=Tue, 29 Oct 2024 22:59:21 GMT; path=/
uncs28=1; expires=Tue, 29 Oct 2024 22:59:21 GMT; path=/
Host: www.profitablecpmrate.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 1be312cd972c25a628b98f115e1cd0af
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

w0we.com/click?key=4790b6ff84d959f38ee5&SUB_ID_SHORT=44aad0a7ade8bb778decfc5e9ee6f8d7&COST_CPC=&PLACEMENT_ID=24695921&CAMPAIGN_ID=1149499&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Linux&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&REMOTE_LANGUAGE=11&BANNER_ID=3176649

172.64.151.218

307 Temporary Redirect

0 B

URL
w0we.com/click?key=4790b6ff84d959f38ee5&SUB_ID_SHORT=44aad0a7ade8bb778decfc5e9ee6f8d7&COST_CPC=&PLACEMENT_ID=24695921&CAMPAIGN_ID=1149499&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Linux&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&REMOTE_LANGUAGE=11&BANNER_ID=3176649
IP
172.64.151.218:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /click?key=4790b6ff84d959f38ee5&SUB_ID_SHORT=44aad0a7ade8bb778decfc5e9ee6f8d7&COST_CPC=&PLACEMENT_ID=24695921&CAMPAIGN_ID=1149499&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Linux&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&REMOTE_LANGUAGE=11&BANNER_ID=3176649 HTTP/1.1
Host: w0we.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.profitablecpmrate.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 307 Temporary Redirect
date: Mon, 28 Oct 2024 22:59:21 GMT
content-length: 0
location: https://ak.rousnoveron.com/4/8268572?ymid=csg1eif3dios738st3vg&var=96
set-cookie: uclick=zOyCklwPOd010eP1O2CYshcbSWVRwFLV3AL2RTR8YpnQBraxjppYHGSPkZhlohmCesQoQA==; Max-Age=31536000; SameSite=Lax
bcid=csg1eif3dios738st3vg; Max-Age=31536000; SameSite=Lax
cid=csg1eif3dios738st3vg; Max-Age=31536000; SameSite=Lax
x-request-id: 2fb91a75-f734-43f3-8d3a-adcac12d0ece
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 8d9e892a0afbb515-OSL
X-Firefox-Spdy: h2

ak.rousnoveron.com/4/8268572?ymid=csg1eif3dios738st3vg&var=96

23.36.77.104

200 OK

15 kB

URL
ak.rousnoveron.com/4/8268572?ymid=csg1eif3dios738st3vg&var=96
IP
23.36.77.104:0
ASN
#20940 Akamai International B.V.

File type
HTML document, ASCII text, with very long lines (17217)
Size
15 kB (14718 bytes)
Hash
10e1f43f4d3310cda1c94d8082e16a42
75e9e40f581692920ffacf827fa8a07baf69609f
af1b0e8665a5cefaef6320714737b0f3055063b976d353a14da49c012e3a95a8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /4/8268572?ymid=csg1eif3dios738st3vg&var=96 HTTP/1.1
Host: ak.rousnoveron.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.profitablecpmrate.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html; charset=utf8
x-trace-id: 6992a232187f0d3ff707109911bf10aa
link: <https://yonmewon.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
vary: Accept-Encoding
x-akamai-transformed: 9 13756 0 pmb=mRUM,1
content-encoding: gzip
expires: Mon, 28 Oct 2024 22:59:21 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Mon, 28 Oct 2024 22:59:21 GMT
alt-svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
content-length: 14718
set-cookie: OAID=008103c0562447a5fc573ed2b2cb9b9d; expires=Tue, 28 Oct 2025 22:59:21 GMT; path=/; secure; SameSite=None
oaidts=1730156361; expires=Tue, 28 Oct 2025 22:59:21 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
captcha=player; expires=Mon, 28 Oct 2024 23:59:21 GMT; path=/; secure; SameSite=None
server-timing: cdn-cache; desc=MISS, edge; dur=23, origin; dur=4, ak_p; desc="1730156361430_388255076_4541693_2728_795_2_22_41";dur=1
X-Firefox-Spdy: h2

ak.rousnoveron.com/sftouch?userId=008103c0562447a5fc573ed2b2cb9b9d&z=8268572&p_rid=be1d0b4a-8d13-447a-969c-15f564e46c58&p_src=sf&branchId=0&rb=-D31EbmgohF3OdN5PbwbDLGeQBkvB2GWeti2pPU7Hf6rlsPNyFD8keEYTRg6i9kYMgJlGuUuMbEqlqiGEpJxoLBl6wHcAYyTNA4h_Rbe99PbYfdc2PfMiccqPBPk5XvxjSm3awkveUOIsDDPIPIkg-i1AEkGfQb4urF442LSjp_FK4DPZgq3WCTwIZFZe6Rp8puMgnuV_S20GF3JgX3eDxlkMmPqOk_MA1xHaBbR8gAl_Wx-CFbEXqVgOwzW1CNYhghJ82Od-RNXaENRECMlAx8RoMutZKONhiMUs68_HMOgRgJ3jyAbiEdmQRzxT5PkShEijNjpEiTDki9A&w_img=1

23.36.77.104

200 OK

43 B

URL
ak.rousnoveron.com/sftouch?userId=008103c0562447a5fc573ed2b2cb9b9d&z=8268572&p_rid=be1d0b4a-8d13-447a-969c-15f564e46c58&p_src=sf&branchId=0&rb=-D31EbmgohF3OdN5PbwbDLGeQBkvB2GWeti2pPU7Hf6rlsPNyFD8keEYTRg6i9kYMgJlGuUuMbEqlqiGEpJxoLBl6wHcAYyTNA4h_Rbe99PbYfdc2PfMiccqPBPk5XvxjSm3awkveUOIsDDPIPIkg-i1AEkGfQb4urF442LSjp_FK4DPZgq3WCTwIZFZe6Rp8puMgnuV_S20GF3JgX3eDxlkMmPqOk_MA1xHaBbR8gAl_Wx-CFbEXqVgOwzW1CNYhghJ82Od-RNXaENRECMlAx8RoMutZKONhiMUs68_HMOgRgJ3jyAbiEdmQRzxT5PkShEijNjpEiTDki9A&w_img=1
IP
23.36.77.104:0
ASN
#20940 Akamai International B.V.

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sftouch?userId=008103c0562447a5fc573ed2b2cb9b9d&z=8268572&p_rid=be1d0b4a-8d13-447a-969c-15f564e46c58&p_src=sf&branchId=0&rb=-D31EbmgohF3OdN5PbwbDLGeQBkvB2GWeti2pPU7Hf6rlsPNyFD8keEYTRg6i9kYMgJlGuUuMbEqlqiGEpJxoLBl6wHcAYyTNA4h_Rbe99PbYfdc2PfMiccqPBPk5XvxjSm3awkveUOIsDDPIPIkg-i1AEkGfQb4urF442LSjp_FK4DPZgq3WCTwIZFZe6Rp8puMgnuV_S20GF3JgX3eDxlkMmPqOk_MA1xHaBbR8gAl_Wx-CFbEXqVgOwzW1CNYhghJ82Od-RNXaENRECMlAx8RoMutZKONhiMUs68_HMOgRgJ3jyAbiEdmQRzxT5PkShEijNjpEiTDki9A&w_img=1 HTTP/1.1
Host: ak.rousnoveron.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ak.rousnoveron.com/4/8268572?ymid=csg1eif3dios738st3vg&var=96
Cookie: OAID=008103c0562447a5fc573ed2b2cb9b9d; oaidts=1730156361; captcha=player
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: image/gif
content-length: 43
x-trace-id: 4c27ff3087b70c7398938e98f083950f
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
expires: Mon, 28 Oct 2024 22:59:21 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Mon, 28 Oct 2024 22:59:21 GMT
alt-svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
server-timing: cdn-cache; desc=MISS, edge; dur=19, origin; dur=2, ak_p; desc="1730156361510_388255076_4541891_2107_697_-_-_-";dur=1
quic-version: 0x00000001

my.rtmark.net/img.gif?f=merge&userId=008103c0562447a5fc573ed2b2cb9b9d&z=8268572&p_rid=be1d0b4a-8d13-447a-969c-15f564e46c58&p_src=sf

139.45.195.8

200 OK

43 B

URL
my.rtmark.net/img.gif?f=merge&userId=008103c0562447a5fc573ed2b2cb9b9d&z=8268572&p_rid=be1d0b4a-8d13-447a-969c-15f564e46c58&p_src=sf
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

HTTP Headers

GET /img.gif?f=merge&userId=008103c0562447a5fc573ed2b2cb9b9d&z=8268572&p_rid=be1d0b4a-8d13-447a-969c-15f564e46c58&p_src=sf HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ak.rousnoveron.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 28 Oct 2024 22:59:21 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=008103c0562447a5fc573ed2b2cb9b9d; expires=Tue, 28 Oct 2025 22:59:21 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

ak.rousnoveron.com/favicon.ico

23.36.77.104

204 No Content

0 B

URL
ak.rousnoveron.com/favicon.ico
IP
23.36.77.104:0
ASN
#20940 Akamai International B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: ak.rousnoveron.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ak.rousnoveron.com/4/8268572?ymid=csg1eif3dios738st3vg&var=96
Cookie: OAID=008103c0562447a5fc573ed2b2cb9b9d; oaidts=1730156361; captcha=player
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
pragma: public
cache-control: public, must-revalidate, proxy-revalidate, max-age=2592000
date: Mon, 28 Oct 2024 22:59:21 GMT
alt-svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
server-timing: cdn-cache; desc=MISS, edge; dur=12, origin; dur=21, ak_p; desc="1730156361855_388255076_4542024_3307_600_-_-_-";dur=1
quic-version: 0x00000001

ak.rousnoveron.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=be1d0b4a-8d13-447a-969c-15f564e46c58

23.36.77.104

200 OK

12 B

URL
ak.rousnoveron.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=be1d0b4a-8d13-447a-969c-15f564e46c58
IP
23.36.77.104:0
ASN
#20940 Akamai International B.V.

File type
JSON text data
Size
12 B (12 bytes)
Hash
adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=be1d0b4a-8d13-447a-969c-15f564e46c58 HTTP/1.1
Host: ak.rousnoveron.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1476
Origin: https://ak.rousnoveron.com
DNT: 1
Connection: keep-alive
Referer: https://ak.rousnoveron.com/4/8268572?ymid=csg1eif3dios738st3vg&var=96
Cookie: OAID=008103c0562447a5fc573ed2b2cb9b9d; oaidts=1730156361; captcha=player
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/json; charset=utf-8
content-length: 12
access-control-allow-origin: https://ak.rousnoveron.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
expires: Mon, 28 Oct 2024 22:59:21 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Mon, 28 Oct 2024 22:59:21 GMT
alt-svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
server-timing: cdn-cache; desc=MISS, edge; dur=21, origin; dur=2, ak_p; desc="1730156361908_388255076_4542070_2342_768_-_-_-";dur=1
quic-version: 0x00000001

ak.rousnoveron.com/async_log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=be1d0b4a-8d13-447a-969c-15f564e46c58

23.36.77.104

200 OK

0 B

URL
ak.rousnoveron.com/async_log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=be1d0b4a-8d13-447a-969c-15f564e46c58
IP
23.36.77.104:0
ASN
#20940 Akamai International B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /async_log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=be1d0b4a-8d13-447a-969c-15f564e46c58 HTTP/1.1
Host: ak.rousnoveron.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 458
Origin: https://ak.rousnoveron.com
DNT: 1
Connection: keep-alive
Referer: https://ak.rousnoveron.com/4/8268572?ymid=csg1eif3dios738st3vg&var=96
Cookie: OAID=008103c0562447a5fc573ed2b2cb9b9d; oaidts=1730156361; captcha=player
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-length: 0
access-control-allow-origin: https://ak.rousnoveron.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
expires: Mon, 28 Oct 2024 22:59:21 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Mon, 28 Oct 2024 22:59:21 GMT
alt-svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
server-timing: cdn-cache; desc=MISS, edge; dur=18, origin; dur=2, ak_p; desc="1730156361926_388255076_4542088_2021_751_-_-_-";dur=1
quic-version: 0x00000001

ak.rousnoveron.com/?z=8268572&syncedCookie=true&rhd=false

23.36.77.104

302 Found

0 B

URL User Request POST HTTP/3
ak.rousnoveron.com/?z=8268572&syncedCookie=true&rhd=false
IP
23.36.77.104:443
ASN
#20940 Akamai International B.V.

Certificate
IssuerLet's Encrypt
Subjectak.hetaruvg.com
Fingerprint95:8B:9B:BF:A5:62:65:E1:E2:F8:81:B2:44:6A:87:70:0E:BB:DD:3E
ValidityFri, 25 Oct 2024 23:17:34 GMT - Thu, 23 Jan 2025 23:17:33 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /?z=8268572&syncedCookie=true&rhd=false HTTP/1.1
Host: ak.rousnoveron.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 7162
Origin: https://ak.rousnoveron.com
DNT: 1
Connection: keep-alive
Referer: https://ak.rousnoveron.com/afu.php?zoneid=8268572&var=8268572&rid=BPTR34PbLD67mf1dYD5JaA%3D%3D&rhd=false&ab2r=0&sf=1
Cookie: OAID=008103c0562447a5fc573ed2b2cb9b9d; oaidts=1730156361; captcha=player
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
content-length: 0
x-trace-id: aa189622a3c48f35c2990f884cb37eaf
link: <https://vaigreevouta.xyz>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
referrer-policy: no-referrer
location: https://vaigreevouta.xyz/policy-sweep-check.htm?offer_id=99275599&geo=NO&oaid=008103c0562447a5fc573ed2b2cb9b9d&s=874901795359690812&z=8268572&b=21546778&var=96&campaignid=14083&utm_campaign=96&utm_medium=8268572&utm_source=zd_14083&utm_term=21546778&utm_content=zd_public_v2&country=NO
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://ak.rousnoveron.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
expires: Mon, 28 Oct 2024 22:59:21 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Mon, 28 Oct 2024 22:59:21 GMT
alt-svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
set-cookie: OAID=008103c0562447a5fc573ed2b2cb9b9d; expires=Tue, 28 Oct 2025 22:59:21 GMT; path=/; secure; SameSite=None
oaidts=1730156361; expires=Tue, 28 Oct 2025 22:59:21 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Mon, 04 Nov 2024 22:59:21 GMT; path=/; secure; SameSite=None
server-timing: cdn-cache; desc=MISS, edge; dur=19, origin; dur=6, ak_p; desc="1730156361971_388255076_4542118_2540_788_-_-_-";dur=1
quic-version: 0x00000001

vaigreevouta.xyz/policy-sweep-check.htm?offer_id=99275599&geo=NO&oaid=008103c0562447a5fc573ed2b2cb9b9d&s=874901795359690812&z=8268572&b=21546778&var=96&campaignid=14083&utm_campaign=96&utm_medium=8268572&utm_source=zd_14083&utm_term=21546778&utm_content=zd_public_v2&country=NO

188.114.96.1

404 Not Found

6.2 kB

URL User Request GET HTTP/2
vaigreevouta.xyz/policy-sweep-check.htm?offer_id=99275599&geo=NO&oaid=008103c0562447a5fc573ed2b2cb9b9d&s=874901795359690812&z=8268572&b=21546778&var=96&campaignid=14083&utm_campaign=96&utm_medium=8268572&utm_source=zd_14083&utm_term=21546778&utm_content=zd_public_v2&country=NO
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectvaigreevouta.xyz
FingerprintF4:70:E0:96:AE:37:17:B2:B8:3D:DF:EB:A0:59:3D:C1:13:7E:80:51
ValidityTue, 15 Oct 2024 11:21:47 GMT - Mon, 13 Jan 2025 11:21:46 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
6.2 kB (6221 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

HTTP Headers

GET /policy-sweep-check.htm?offer_id=99275599&geo=NO&oaid=008103c0562447a5fc573ed2b2cb9b9d&s=874901795359690812&z=8268572&b=21546778&var=96&campaignid=14083&utm_campaign=96&utm_medium=8268572&utm_source=zd_14083&utm_term=21546778&utm_content=zd_public_v2&country=NO HTTP/1.1
Host: vaigreevouta.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
date: Mon, 28 Oct 2024 22:59:22 GMT
content-type: text/html
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=db4xR2rRhuHhH0X7zMEhFhdAExC1rMy3k3g7NvRkxBxNHc5LRKxsHgoMNCFDPANGbdmc%2Bjov6Cf%2BeZog2RwhVbAjBK1UdTUA9gAnePWvc53sF7p%2FFzbfD9MSkbX7adjarx5u"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d9e892f6c5e496d-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=24734&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3215&recv_bytes=1309&delivery_rate=178018&cwnd=106&unsent_bytes=0&cid=8a341117b8043935&ts=99&x=0"
X-Firefox-Spdy: h2

vaigreevouta.xyz/favicon.ico

188.114.96.1

200 OK

1.2 kB

URL GET HTTP/3
vaigreevouta.xyz/favicon.ico
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://vaigreevouta.xyz/policy-sweep-check.htm?offer_id=99275599&geo=NO&oaid=008103c0562447a5fc573ed2b2cb9b9d&s=874901795359690812&z=8268572&b=21546778&var=96&campaignid=14083&utm_campaign=96&utm_medium=8268572&utm_source=zd_14083&utm_term=21546778&utm_content=zd_public_v2&country=NO
Certificate
IssuerGoogle Trust Services
Subjectvaigreevouta.xyz
FingerprintF4:70:E0:96:AE:37:17:B2:B8:3D:DF:EB:A0:59:3D:C1:13:7E:80:51
ValidityTue, 15 Oct 2024 11:21:47 GMT - Mon, 13 Jan 2025 11:21:46 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Size
1.2 kB (1150 bytes)
Hash
668ba1a9fa1890ba16cb8adc28d3dad8
5e35223b2541265114eaf61b9da2556c812fea17
7746cf1b553433822522f2dc432f55fe64eee1f1cf823ef6adfde02e58e1d7e2

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: vaigreevouta.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vaigreevouta.xyz/policy-sweep-check.htm?offer_id=99275599&geo=NO&oaid=008103c0562447a5fc573ed2b2cb9b9d&s=874901795359690812&z=8268572&b=21546778&var=96&campaignid=14083&utm_campaign=96&utm_medium=8268572&utm_source=zd_14083&utm_term=21546778&utm_content=zd_public_v2&country=NO
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 28 Oct 2024 22:59:22 GMT
content-type: image/x-icon
last-modified: Thu, 26 Sep 2024 13:43:49 GMT
vary: Accept-Encoding
etag: W/"66f56515-47e"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6981
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dwC5NF2urIgS5AxZDpjiXwTzMM7hyKMIsDxwvjFi3lRErkW275JMmgpwJeoVBXZiciMeJweG4uv%2BJWrBhtQkZk6Mxgvn4E8qDuQIYu4lH1GnMwdJdVuhA1V0HoVs8nBSGujY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d9e89311c17b500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=22986&sent=11&recv=6&lost=0&retrans=0&sent_bytes=4061&recv_bytes=1285&delivery_rate=32662&cwnd=12000&unsent_bytes=0&cid=6bd9ffba6c5f115f&ts=228&x=1", cfExtPri, cfHdrFlush;dur=0

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Mnemonic Secure DNS

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (13)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections