Report - summaryjustlybouquet.com/f06e1f9f?buy=98&dev=e&key=4d0afc2425eea6b0cd5a468c9f8a69ed&kw=[video,-,thefantazy,com]&psid=CF-3289_new_1&refer=https://thefantazy.com/search/video?page=22827&asgtbndr=1&res=14.1055&scrHeight=864&scrWidth=1536&ship=&sub3=invoke

Report Overview

Visitedpublic

2024-03-31 01:45:31

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
best-free-apps.com	172446	2021-08-27	2019-05-27 10:43:09	2024-03-28 11:39:27	3.1 kB	30 kB	172.64.104.14
locusflourishgarlic.com	unknown	2023-09-07	2023-09-14 04:01:17	2024-03-27 07:53:49	452 B	467 B	192.243.61.227
summaryjustlybouquet.com	unknown	2024-03-14	2024-03-14 13:00:36	2024-03-20 09:56:09	3.0 kB	4.6 kB	172.240.127.234

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-03-31	medium	summaryjustlybouquet.com	Sinkholed
2024-03-31	medium	summaryjustlybouquet.com	Sinkholed
2024-03-30	medium	locusflourishgarlic.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (4)

	URL	From	Size	First Seen	Last Seen
	unknown	EventHandler	29 B	2023-10-20	2025-06-20
URL IP / ASN 0.0.0.0 #0 Introduced by EventHandler Embedded false Resource Info First Seen 2023-10-20 Last Seen 2025-06-20 Times Seen 350 Size 29 B (29 bytes) MD5 f43bc2d45661d975eaeae1bf81070ed6 SHA1 2ce38cfcd1d6959d8ae1525cf1ed7351376e6fdb SHA256 65a181304273b279f1962ca78052297016d760707becfc66780d1c1dd85d7943 Format Code Loading...

	best-free-apps.com/preland/other/main/confirm/2/index.html?c=10378&u=28&p1=https%3A%2F%2Foohirdoadi.com%2Fdating-survey.html%3Fvar_3%3D37780448d4f891c56ed89bf154387a0a%26ymid%3D1009861%26var%3D15692641%26testinapp%3D4455851%26geo%3D%257Bgeo%257D%26offer_id%3D2061%26b%3D20601807%26z%3D7251003%26nwimpr%3D1	ScriptElement	2.9 kB	2024-03-30	2024-08-20
URL best-free-apps.com/preland/other/main/confirm/2/index.html?c=10378&u=28&p1=https%3A%2F%2Foohirdoadi.com%2Fdating-survey.html%3Fvar_3%3D37780448d4f891c56ed89bf154387a0a%26ymid%3D1009861%26var%3D15692641%26testinapp%3D4455851%26geo%3D%257Bgeo%257D%26offer_id%3D2061%26b%3D20601807%26z%3D7251003%26nwimpr%3D1 IP / ASN 172.64.104.14 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Info First Seen 2024-03-30 Last Seen 2024-08-20 Times Seen 91 Size 2.9 kB (2852 bytes) MD5 e8472f455c108b94587912042d7ec8e9 SHA1 7ac2dd8be2bd673b7204f0bed01985da2c9aa491 SHA256 864bef8162b843ac209e91946d87a550be52dd2460138e3f8c68cf117d075eff Format Code Loading...

	best-free-apps.com/preland/other/main/confirm/2/index.html?c=10378&u=28&p1=https%3A%2F%2Foohirdoadi.com%2Fdating-survey.html%3Fvar_3%3D37780448d4f891c56ed89bf154387a0a%26ymid%3D1009861%26var%3D15692641%26testinapp%3D4455851%26geo%3D%257Bgeo%257D%26offer_id%3D2061%26b%3D20601807%26z%3D7251003%26nwimpr%3D1	ScriptElement	1.1 kB	2024-03-30	2024-08-20
URL best-free-apps.com/preland/other/main/confirm/2/index.html?c=10378&u=28&p1=https%3A%2F%2Foohirdoadi.com%2Fdating-survey.html%3Fvar_3%3D37780448d4f891c56ed89bf154387a0a%26ymid%3D1009861%26var%3D15692641%26testinapp%3D4455851%26geo%3D%257Bgeo%257D%26offer_id%3D2061%26b%3D20601807%26z%3D7251003%26nwimpr%3D1 IP / ASN 172.64.104.14 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Info First Seen 2024-03-30 Last Seen 2024-08-20 Times Seen 95 Size 1.1 kB (1072 bytes) MD5 a1907185cc79e6d7c9a25f0b695c28a9 SHA1 80e7172f04792ec05a6be9273f6abff8d29b110b SHA256 f99bfad417e99a461f9f1472777f1d28cd545259e4e8737a822200c272818368 Format Code Loading...

	best-free-apps.com/preland/other/main/confirm/2/index.html?c=10378&u=28&p1=https%3A%2F%2Foohirdoadi.com%2Fdating-survey.html%3Fvar_3%3D37780448d4f891c56ed89bf154387a0a%26ymid%3D1009861%26var%3D15692641%26testinapp%3D4455851%26geo%3D%257Bgeo%257D%26offer_id%3D2061%26b%3D20601807%26z%3D7251003%26nwimpr%3D1	ScriptElement	7.7 kB	2024-03-30	2025-01-31
URL best-free-apps.com/preland/other/main/confirm/2/index.html?c=10378&u=28&p1=https%3A%2F%2Foohirdoadi.com%2Fdating-survey.html%3Fvar_3%3D37780448d4f891c56ed89bf154387a0a%26ymid%3D1009861%26var%3D15692641%26testinapp%3D4455851%26geo%3D%257Bgeo%257D%26offer_id%3D2061%26b%3D20601807%26z%3D7251003%26nwimpr%3D1 IP / ASN 172.64.104.14 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Info First Seen 2024-03-30 Last Seen 2025-01-31 Times Seen 106 Size 7.7 kB (7664 bytes) MD5 f854df9f5750491975d75422bf97dfe1 SHA1 dbc742b64dd490a83b01e101b864bcac6c8a4cf8 SHA256 37782bf62a05028ed07255f11e13bb45073e06dcda6401fc4193285ca30211fa Format Code Loading...

HTTP Transactions (7)

URL IP Response Size

172.240.127.234

1.6 kB

URL

IP / ASN

172.240.127.234

#7979 SERVERS-COM

Requested byN/A

Resource Info

File typeHTML document, ASCII text, with very long lines (712)

First Seen2024-08-20

Last Seen2024-08-20

Times Seen1

Size1.6 kB (1611 bytes)

MD5d9a5327ddd7644b47b76824586f51cef

SHA14e8d320442751fa82590b46908253016afa02daf

SHA256005605a62a82b1b2a3a38c8c4449f1d0840bf0e3a0e9b9a8b62211c8b6632fd0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /f06e1f9f?buy=98&dev=e&key=4d0afc2425eea6b0cd5a468c9f8a69ed&kw=[video,-,thefantazy,com]&psid=CF-3289_new_1&refer=https://thefantazy.com/search/video?page=22827&asgtbndr=1&res=14.1055&scrHeight=864&scrWidth=1536&ship=&sub3=invoke_layer&tz=1&v=24.3.6630 HTTP/1.1
Host: summaryjustlybouquet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 31 Mar 2024 01:45:06 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=15692641; expires=Mon, 01 Apr 2024 01:45:06 GMT
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNTY5MjY0MSwiayI6IjRkMGFmYzI0MjVlZWE2YjBjZDVhNDY4YzlmOGE2OWVkIiwic2lkIjoiQ0YtMzI4OV9uZXdfMSIsImlzaWQiOjIsImFzaWQiOjEsInppZCI6MTMxNzg1OCwicGlkIjo5Nzc5MSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjoyOCwicHQiOjQsInBrIjoiZjA2ZTFmOWYiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly90aGVmYW50YXp5LmNvbS9zZWFyY2gvdmlkZW8_cGFnZT0yMjgyNyIsImFyIjpbXX19.uEwPTrsSR-MyuzMRbKAh9N8AhKW_aBvKtslyvDW3t_g; expires=Sun, 31 Mar 2024 01:46:06 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ecc793fbd1cb8ebd05a06681a9cd02aa
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

GET summaryjustlybouquet.com/api/users?token=L2YwNmUxZjlmP2FzZ3RibmRyPTEmYnV5PTk4JmRldj1lJmtleT00ZDBhZmMyNDI1ZWVhNmIwY2Q1YTQ2OGM5ZjhhNjllZCZrdz0lNUJ2aWRlbyUyQy0lMkN0aGVmYW50YXp5JTJDY29tJTVEJnBzaWQ9Q0YtMzI4OV9uZXdfMSZwc3Q9MTcxMTg0OTU2NiZyZWZlcj1odHRwcyUzQSUyRiUyRnRoZWZhbnRhenkuY29tJTJGc2VhcmNoJTJGdmlkZW8lM0ZwYWdlJTNEMjI4MjcmcmVzPTE0LjEwNTUmcm10Yz10JnNjckhlaWdodD04NjQmc2NyV2lkdGg9MTUzNiZzaGlwPSZzaHU9ZGUwOTg3ZDQ5ZmJjY2IzMTFiMzkxYjMxZmIxYzVkNjNiN2YwNjNkYzAzNjg5NmJmN2EwNDZiNmMwNTQ0ZWRhOWU2ZTRkMzMyMGNjMGQ4ODhhMjNmYzNhOGZlNTBkMmEwNzE0ODM1MGRkMDc3OTdjZmFjMmZiNTE0YTViZmNmYTUyZGNhZTJiM2EzOTdkMjk5YWYwYTBhY2NiNjY2NTY2ZmM5ZjdmNDU1ZDFmMjZhYjcyM2E4MjFlNGU4ZjcyNSZzdWIzPWludm9rZV9sYXllciZ0ej0xJnY9MjQuMy42NjMw&uuid=&pii=&in=false

192.243.59.20

302 Found

0 B

URL

summaryjustlybouquet.com/api/users?token=L2YwNmUxZjlmP2FzZ3RibmRyPTEmYnV5PTk4JmRldj1lJmtleT00ZDBhZmMyNDI1ZWVhNmIwY2Q1YTQ2OGM5ZjhhNjllZCZrdz0lNUJ2aWRlbyUyQy0lMkN0aGVmYW50YXp5JTJDY29tJTVEJnBzaWQ9Q0YtMzI4OV9uZXdfMSZwc3Q9MTcxMTg0OTU2NiZyZWZlcj1odHRwcyUzQSUyRiUyRnRoZWZhbnRhenkuY29tJTJGc2VhcmNoJTJGdmlkZW8lM0ZwYWdlJTNEMjI4MjcmcmVzPTE0LjEwNTUmcm10Yz10JnNjckhlaWdodD04NjQmc2NyV2lkdGg9MTUzNiZzaGlwPSZzaHU9ZGUwOTg3ZDQ5ZmJjY2IzMTFiMzkxYjMxZmIxYzVkNjNiN2YwNjNkYzAzNjg5NmJmN2EwNDZiNmMwNTQ0ZWRhOWU2ZTRkMzMyMGNjMGQ4ODhhMjNmYzNhOGZlNTBkMmEwNzE0ODM1MGRkMDc3OTdjZmFjMmZiNTE0YTViZmNmYTUyZGNhZTJiM2EzOTdkMjk5YWYwYTBhY2NiNjY2NTY2ZmM5ZjdmNDU1ZDFmMjZhYjcyM2E4MjFlNGU4ZjcyNSZzdWIzPWludm9rZV9sYXllciZ0ej0xJnY9MjQuMy42NjMw&uuid=&pii=&in=false

IP / ASN

192.243.59.20

#39572 DataWeb Global Group B.V.

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5606145

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subjectsummaryjustlybouquet.com

Fingerprint23:B8:C2:E6:4E:67:0E:C6:CC:B0:B2:DB:57:FC:31:5B:74:23:40:10

ValidityThu, 14 Mar 2024 10:59:15 GMT - Wed, 12 Jun 2024 10:59:14 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /api/users?token=L2YwNmUxZjlmP2FzZ3RibmRyPTEmYnV5PTk4JmRldj1lJmtleT00ZDBhZmMyNDI1ZWVhNmIwY2Q1YTQ2OGM5ZjhhNjllZCZrdz0lNUJ2aWRlbyUyQy0lMkN0aGVmYW50YXp5JTJDY29tJTVEJnBzaWQ9Q0YtMzI4OV9uZXdfMSZwc3Q9MTcxMTg0OTU2NiZyZWZlcj1odHRwcyUzQSUyRiUyRnRoZWZhbnRhenkuY29tJTJGc2VhcmNoJTJGdmlkZW8lM0ZwYWdlJTNEMjI4MjcmcmVzPTE0LjEwNTUmcm10Yz10JnNjckhlaWdodD04NjQmc2NyV2lkdGg9MTUzNiZzaGlwPSZzaHU9ZGUwOTg3ZDQ5ZmJjY2IzMTFiMzkxYjMxZmIxYzVkNjNiN2YwNjNkYzAzNjg5NmJmN2EwNDZiNmMwNTQ0ZWRhOWU2ZTRkMzMyMGNjMGQ4ODhhMjNmYzNhOGZlNTBkMmEwNzE0ODM1MGRkMDc3OTdjZmFjMmZiNTE0YTViZmNmYTUyZGNhZTJiM2EzOTdkMjk5YWYwYTBhY2NiNjY2NTY2ZmM5ZjdmNDU1ZDFmMjZhYjcyM2E4MjFlNGU4ZjcyNSZzdWIzPWludm9rZV9sYXllciZ0ej0xJnY9MjQuMy42NjMw&uuid=&pii=&in=false HTTP/1.1
Host: summaryjustlybouquet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://summaryjustlybouquet.com/api/users?token=L2YwNmUxZjlmP2tleT05Y2E2MDFhOWY0N2M3MzVkZjc2ZDVjYTQ2ZmEyNmE2NiZzdWJtZXRyaWM9MTU2OTI2NDE
Cookie: u_pl=15692641; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNTY5MjY0MSwiayI6IjRkMGFmYzI0MjVlZWE2YjBjZDVhNDY4YzlmOGE2OWVkIiwic2lkIjoiQ0YtMzI4OV9uZXdfMSIsImlzaWQiOjIsImFzaWQiOjEsInppZCI6MTMxNzg1OCwicGlkIjo5Nzc5MSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjoyOCwicHQiOjQsInBrIjoiZjA2ZTFmOWYiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly90aGVmYW50YXp5LmNvbS9zZWFyY2gvdmlkZW8_cGFnZT0yMjgyNyIsImFyIjpbXX19.uEwPTrsSR-MyuzMRbKAh9N8AhKW_aBvKtslyvDW3t_g; cjs=t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.19.5
Date: Sun, 31 Mar 2024 01:45:07 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://best-free-apps.com/preland/other/main/confirm/2/index.html?c=10378&u=28&p1=https%3A%2F%2Foohirdoadi.com%2Fdating-survey.html%3Fvar_3%3D37780448d4f891c56ed89bf154387a0a%26ymid%3D1009861%26var%3D15692641%26testinapp%3D4455851%26geo%3D%257Bgeo%257D%26offer_id%3D2061%26b%3D20601807%26z%3D7251003%26nwimpr%3D1
Set-Cookie: iprc2597accfd5cab19408e880221f3a6553=5122371; expires=Mon, 01 Apr 2024 01:45:07 GMT
pdhtkv=true; expires=Mon, 01 Apr 2024 01:45:07 GMT
uncs=1; expires=Mon, 01 Apr 2024 01:45:07 GMT
pdhtkv28=true; expires=Mon, 01 Apr 2024 01:45:07 GMT
uncs28=1; expires=Mon, 01 Apr 2024 01:45:07 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b7721ffedccf5469aa2f094429ac90c8
Strict-Transport-Security: max-age=0; includeSubdomains

GET best-free-apps.com/preland/other/main/confirm/2/img/18.png

172.64.104.14

200 OK

4.7 kB

URL

best-free-apps.com/preland/other/main/confirm/2/img/18.png

IP / ASN

172.64.104.14

#13335 CLOUDFLARENET

Requested byhttps://best-free-apps.com/preland/other/main/confirm/2/index.html?c=10378&u=28&p1=https%3A%2F%2Foohirdoadi.com%2Fdating-survey.html%3Fvar_3%3D37780448d4f891c56ed89bf154387a0a%26ymid%3D1009861%26var%3D15692641%26testinapp%3D4455851%26geo%3D%257Bgeo%257D%26offer_id%3D2061%26b%3D20601807%26z%3D7251003%26nwimpr%3D1

Resource Info

File typePNG image data, 120 x 120, 8-bit/color RGBA, non-interlaced

First Seen2023-05-01

Last Seen2025-08-01

Times Seen323

Size4.7 kB (4652 bytes)

MD546cb3edc4a2ea526989b8c22ba6144bb

SHA1307edaf289185e85a5af9f777dade274c8e381b5

SHA256af583d4b34b8c7ea070531ba08a688388d35f9184891041edf6203a49d745bc3

Certificate Info

IssuerGoogle Trust Services LLC

Subjectbest-free-apps.com

FingerprintAB:BB:66:31:CE:4A:45:FE:5C:77:B5:5F:F4:2E:7F:01:24:74:BC:69

ValiditySun, 10 Mar 2024 00:23:48 GMT - Sat, 08 Jun 2024 00:23:47 GMT

HTTP Headers

GET /preland/other/main/confirm/2/img/18.png HTTP/1.1
Host: best-free-apps.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://best-free-apps.com/preland/other/main/confirm/2/index.html?c=10378&u=28&p1=https%3A%2F%2Foohirdoadi.com%2Fdating-survey.html%3Fvar_3%3D37780448d4f891c56ed89bf154387a0a%26ymid%3D1009861%26var%3D15692641%26testinapp%3D4455851%26geo%3D%257Bgeo%257D%26offer_id%3D2061%26b%3D20601807%26z%3D7251003%26nwimpr%3D1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 31 Mar 2024 01:45:07 GMT
content-type: image/png
content-length: 4652
last-modified: Tue, 19 Mar 2024 09:26:18 GMT
etag: "65f95a3a-122c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 128650
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=27%2F02s6f3eBnOxNZhbnHrVP4pCiideF%2BPK1TuTVkBUcaVSSA2j9aUtMGGSDmkiZJvX2fSAkXnX62C8qtluo1ieGMToe96ZqRzPefuee1iBFYpMATMmVjR%2BOPyFaVqx8KDUh03lE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 86cca87f1e5f940d-LHR
alt-svc: h3=":443"; ma=86400

GET best-free-apps.com/preland/other/main/confirm/2/img/favicon.png

172.64.104.14

200 OK

3.6 kB

URL

best-free-apps.com/preland/other/main/confirm/2/img/favicon.png

IP / ASN

172.64.104.14

#13335 CLOUDFLARENET

Resource Info

File typePNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced

First Seen2024-03-30

Last Seen2025-01-31

Times Seen107

Size3.6 kB (3614 bytes)

MD5ad372d754aa0e218c35dd3f5102548a7

SHA15052a4d70604bbca30fa304dbc57b69d76d3230b

SHA2566c4a5582e76995f98a4de46c032094342da36963a71aee006eb0926580e0c0e3

Certificate Info

IssuerGoogle Trust Services LLC

Subjectbest-free-apps.com

FingerprintAB:BB:66:31:CE:4A:45:FE:5C:77:B5:5F:F4:2E:7F:01:24:74:BC:69

ValiditySun, 10 Mar 2024 00:23:48 GMT - Sat, 08 Jun 2024 00:23:47 GMT

HTTP Headers

GET /preland/other/main/confirm/2/img/favicon.png HTTP/1.1
Host: best-free-apps.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://best-free-apps.com/preland/other/main/confirm/2/index.html?c=10378&u=28&p1=https%3A%2F%2Foohirdoadi.com%2Fdating-survey.html%3Fvar_3%3D37780448d4f891c56ed89bf154387a0a%26ymid%3D1009861%26var%3D15692641%26testinapp%3D4455851%26geo%3D%257Bgeo%257D%26offer_id%3D2061%26b%3D20601807%26z%3D7251003%26nwimpr%3D1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 31 Mar 2024 01:45:07 GMT
content-type: image/png
content-length: 3614
last-modified: Tue, 19 Mar 2024 09:26:18 GMT
etag: "65f95a3a-e1e"
cache-control: max-age=14400
cf-cache-status: HIT
age: 6199
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tUWhNIJX9B0w84xFOXf0D%2FS8s%2BTdergs9iG22ts%2Fxc5C5HA06jcUKp%2B3hH%2FbPfc7zIqeVqIuqhaSgXX8lbkUf9V%2B1S4XCN6U3jZJ0cURJc2vOpMRvC0%2BfVcNgDV6djdMskRZYGg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 86cca87f8e98940d-LHR
alt-svc: h3=":443"; ma=86400

GET locusflourishgarlic.com/pixel/preland?c=10378&e=1&u=28

192.243.61.227

200 OK

0 B

URL

locusflourishgarlic.com/pixel/preland?c=10378&e=1&u=28

IP / ASN

192.243.61.227

#39572 DataWeb Global Group B.V.

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5606145

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subjectlocusflourishgarlic.com

Fingerprint57:27:F8:05:C7:55:D6:CA:70:6A:14:49:EC:3E:21:ED:29:2B:66:F1

ValidityTue, 12 Mar 2024 06:53:50 GMT - Mon, 10 Jun 2024 06:53:49 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/preland?c=10378&e=1&u=28 HTTP/1.1
Host: locusflourishgarlic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://best-free-apps.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 31 Mar 2024 01:45:08 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

GET best-free-apps.com/preland/other/main/confirm/2/css/style.css

172.64.104.14

200 OK

6.0 kB

URL

best-free-apps.com/preland/other/main/confirm/2/css/style.css

IP / ASN

172.64.104.14

#13335 CLOUDFLARENET

Resource Info

File typeASCII text, with very long lines (6765), with no line terminators

First Seen2024-03-30

Last Seen2025-01-31

Times Seen63

Size6.0 kB (5997 bytes)

MD5a305e4971ad05d6f1b97e40e637b2512

SHA198eb0c4b63f73ab6fd1d5392f0637754989d1507

SHA25616a49396d1519bc928ee1e34184b4fe36579f22d482df33166cba94ecd897b89

Certificate Info

IssuerGoogle Trust Services LLC

Subjectbest-free-apps.com

FingerprintAB:BB:66:31:CE:4A:45:FE:5C:77:B5:5F:F4:2E:7F:01:24:74:BC:69

ValiditySun, 10 Mar 2024 00:23:48 GMT - Sat, 08 Jun 2024 00:23:47 GMT

HTTP Headers

GET /preland/other/main/confirm/2/css/style.css HTTP/1.1
Host: best-free-apps.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://best-free-apps.com/preland/other/main/confirm/2/index.html?c=10378&u=28&p1=https%3A%2F%2Foohirdoadi.com%2Fdating-survey.html%3Fvar_3%3D37780448d4f891c56ed89bf154387a0a%26ymid%3D1009861%26var%3D15692641%26testinapp%3D4455851%26geo%3D%257Bgeo%257D%26offer_id%3D2061%26b%3D20601807%26z%3D7251003%26nwimpr%3D1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 31 Mar 2024 01:45:07 GMT
content-type: text/css
last-modified: Tue, 19 Mar 2024 09:27:39 GMT
etag: W/"65f95a8b-176d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 128650
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FC6KV%2BaA9WpMkPP5HIC8ZKX568RJmKV%2BEI49DgLLA5ajO0JZWn1Uz924zdxNnmd8tusFqB04hkNlB8PRb1JP7WdYNB5gts8Lad2DDpPJNRdHCz7RVrJkcbF5050tovSkT1fRHwA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 86cca87f1e5e940d-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET best-free-apps.com/preland/other/main/confirm/2/index.html?c=10378&u=28&p1=https%3A%2F%2Foohirdoadi.com%2Fdating-survey.html%3Fvar_3%3D37780448d4f891c56ed89bf154387a0a%26ymid%3D1009861%26var%3D15692641%26testinapp%3D4455851%26geo%3D%257Bgeo%257D%26offer_id%3D2061%26b%3D20601807%26z%3D7251003%26nwimpr%3D1

172.64.104.14

200 OK

13 kB

URL

IP / ASN

172.64.104.14

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5606145

Size13 kB (13126 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerGoogle Trust Services LLC

Subjectbest-free-apps.com

FingerprintAB:BB:66:31:CE:4A:45:FE:5C:77:B5:5F:F4:2E:7F:01:24:74:BC:69

ValiditySun, 10 Mar 2024 00:23:48 GMT - Sat, 08 Jun 2024 00:23:47 GMT

HTTP Headers

GET /preland/other/main/confirm/2/index.html?c=10378&u=28&p1=https%3A%2F%2Foohirdoadi.com%2Fdating-survey.html%3Fvar_3%3D37780448d4f891c56ed89bf154387a0a%26ymid%3D1009861%26var%3D15692641%26testinapp%3D4455851%26geo%3D%257Bgeo%257D%26offer_id%3D2061%26b%3D20601807%26z%3D7251003%26nwimpr%3D1 HTTP/1.1
Host: best-free-apps.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://summaryjustlybouquet.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 31 Mar 2024 01:45:07 GMT
content-type: text/html
last-modified: Mon, 25 Mar 2024 14:26:00 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WK5fy0J1XUn5jYnBWENlcWz21RhFZ1WQRFI%2FwkcKxocSQwkRT4v2samB2ftgS4EE9EwvuUwMXYZ3M3x1r24YDKLjvcDQLO%2FZr1r2qed0TV4Pp8XkGKQH02G6%2BjIGSSNUc9IDj1Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 86cca87cde4a631d-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2