Report - 28e95q5ibuo52bgf8a.youltube.biz/error_909.php?cnv_id=28e95q5ibuo52bgf8a&sourceid=2099&gg=2099

Report Overview

Visited public
2023-11-29 07:44:02
Tags
URL
28e95q5ibuo52bgf8a.youltube.biz/error_909.php?cnv_id=28e95q5ibuo52bgf8a&sourceid=2099&gg=2099
Finishing URL
qixvsiqw34.youltube.biz/error_909.php?cnv_id=28e95q5ibuo52bgf8a&sourceid=2099#
IP / ASN
104.21.68.109
#13335 CLOUDFLARENET
Title
Play

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
youltube.biz	unknown	2022-07-13	2022-07-14 02:25:25	2023-11-28 06:42:19	3.8 kB	98 kB	104.21.68.109
51g7juuek0.youltube.biz	unknown	unknown	No data	No data	599 B	5.7 kB	104.21.68.109
bxw6nfi3c0.youltube.biz	unknown	unknown	No data	No data	599 B	16 kB	104.21.68.109
y110prfatc.youltube.biz	unknown	unknown	No data	No data	599 B	5.7 kB	104.21.68.109
qixvsiqw34.youltube.biz	unknown	unknown	No data	No data	1.7 kB	20 kB	104.21.68.109
ahaurgoo.net	unknown	2022-10-03	2022-10-03 18:42:49	2023-11-28 22:01:55	4.1 kB	2.9 kB	139.45.197.251
28e95q5ibuo52bgf8a.youltube.biz	unknown	unknown	No data	No data	559 B	16 kB	104.21.68.109

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-11-29 07:43:48	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-11-29 07:43:48	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-11-29 07:43:49	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-11-29 07:43:49	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-11-29 07:43:49	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-11-29 07:43:49	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-11-29 07:43:50	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-11-29 07:43:50	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-11-29 07:43:50	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-11-29 07:43:50	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-11-29 07:43:51	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-11-29 07:43:51	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-11-29 07:43:51	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-11-29 07:43:51	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-11-29 07:43:52	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-11-29 07:43:52	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-11-29 07:43:52	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-11-29 07:43:52	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-11-29 07:43:53	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-11-29 07:43:53	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-11-29 07:43:53	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-11-29 07:43:53	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-11-29 07:43:54	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-11-29 07:43:54	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-11-29 07:43:55	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-11-29 07:43:55	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-11-29 07:43:55	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-11-29 07:43:55	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-11-29 07:43:56	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-11-29 07:43:56	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-11-29 07:43:56	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-11-29 07:43:56	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-11-29 07:43:56	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-11-29 07:43:56	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-11-29 07:43:57	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-11-29 07:43:57	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-11-29	medium	youltube.biz	Sinkholed
2023-11-29	medium	youltube.biz	Sinkholed
2023-11-29	medium	youltube.biz	Sinkholed
2023-11-29	medium	youltube.biz	Sinkholed
2023-11-29	medium	youltube.biz	Sinkholed
2023-11-29	medium	youltube.biz	Sinkholed
2023-11-29	medium	youltube.biz	Sinkholed
2023-11-29	medium	youltube.biz	Sinkholed
2023-11-29	medium	youltube.biz	Sinkholed
2023-11-29	medium	youltube.biz	Sinkholed
2023-11-29	medium	youltube.biz	Sinkholed
2023-11-29	medium	youltube.biz	Sinkholed
2023-11-29	medium	youltube.biz	Sinkholed
2023-11-29	medium	youltube.biz	Sinkholed

ThreatFox

No alerts detected

JavaScript (4)

	URL	From	Size	First Seen	Last Seen
	qixvsiqw34.youltube.biz/error_909.php?cnv_id=28e95q5ibuo52bgf8a&sourceid=2099	ScriptElement	210 B	2024-08-20	2024-08-20
Pretty URL qixvsiqw34.youltube.biz/error_909.php?cnv_id=28e95q5ibuo52bgf8a&sourceid=2099 IP 104.21.68.109 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 17:29 Last Seen2024-08-20 17:29 Times Seen1 Hash 3cc1ad47e3a91bf7031d8ae435ebe880 ee18f82995473fb6c86732cbfe427a608718b6f5 5221061597a02dd6ce4278639849c634ded6908e1d7f92ab4475c9dcebcc88fb Loading...

	qixvsiqw34.youltube.biz/error_909.php?cnv_id=28e95q5ibuo52bgf8a&sourceid=2099#	ScriptElement	355 B	2024-08-20	2024-08-20
Pretty URL qixvsiqw34.youltube.biz/error_909.php?cnv_id=28e95q5ibuo52bgf8a&sourceid=2099# IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 17:29 Last Seen2024-08-20 17:29 Times Seen1 Hash ad622e66d462c8c51f09c21f357785f7 fda1d6d946fa9e5de5b31894d8cfe79259dd53a2 f4cb084522be7099502292131e6c2684bfc5c6a8f65df60335af1758063bc128 Loading...

	youltube.biz/micro.tag.min.js?z=5137789&domain=ahaurgoo.net&cdn=1&ymid=28e95q5ibuo52bgf8a&var=2099&sw=/sw-check-permissions-local-5137789.js	ScriptElement	27 kB	2023-07-31	2024-10-25
Pretty URL youltube.biz/micro.tag.min.js?z=5137789&domain=ahaurgoo.net&cdn=1&ymid=28e95q5ibuo52bgf8a&var=2099&sw=/sw-check-permissions-local-5137789.js IP 104.21.68.109 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-31 22:15 Last Seen2024-10-25 14:44 Times Seen387 Hash f0a5429c5a76186434f263b62b3d2ef0 704d593487b8e6e35ff26d7b61e215eb52eb3593 243c48bee24c3cf6d83aa582a417b6d2012310147215146b4427d5c8a617ec6e Loading...

	qixvsiqw34.youltube.biz/error_909.php?cnv_id=28e95q5ibuo52bgf8a&sourceid=2099#	ScriptElement	444 B	2023-03-07	2024-10-04
Pretty URL qixvsiqw34.youltube.biz/error_909.php?cnv_id=28e95q5ibuo52bgf8a&sourceid=2099# IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:28 Last Seen2024-10-04 11:07 Times Seen326 Hash a5964115c589e6ac706966bdd17b4318 574e85a6842075c22750856eb7c06da299389ceb 8f979b26375828fea21e1a76ea1b844f171a0da1348ad25631a92dd98bfb3945 Loading...

HTTP Transactions (21)

URL IP Response Size

ahaurgoo.net/zone?&pub=0&zone_id=5137789&is_mobile=false&domain=28e95q5ibuo52bgf8a.youltube.biz&var=2099&ymid=28e95q5ibuo52bgf8a&var_3=&var_4=&dsig=&action=prerequest

139.45.197.251

0 B

URL
ahaurgoo.net/zone?&pub=0&zone_id=5137789&is_mobile=false&domain=28e95q5ibuo52bgf8a.youltube.biz&var=2099&ymid=28e95q5ibuo52bgf8a&var_3=&var_4=&dsig=&action=prerequest
IP
139.45.197.251:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /zone?&pub=0&zone_id=5137789&is_mobile=false&domain=28e95q5ibuo52bgf8a.youltube.biz&var=2099&ymid=28e95q5ibuo52bgf8a&var_3=&var_4=&dsig=&action=prerequest HTTP/1.1
Host: ahaurgoo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://28e95q5ibuo52bgf8a.youltube.biz
DNT: 1
Connection: keep-alive
Referer: https://28e95q5ibuo52bgf8a.youltube.biz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 200 OK
server: nginx
date: Wed, 29 Nov 2023 07:43:45 GMT
content-length: 0
x-trace-id: 7ab4e1f8e05d88ea7fdd8d87531f0d98
access-control-allow-origin: https://28e95q5ibuo52bgf8a.youltube.biz
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

28e95q5ibuo52bgf8a.youltube.biz/error_909.php?cnv_id=28e95q5ibuo52bgf8a&sourceid=2099&gg=2099

104.21.68.109

16 kB

URL
28e95q5ibuo52bgf8a.youltube.biz/error_909.php?cnv_id=28e95q5ibuo52bgf8a&sourceid=2099&gg=2099
IP
104.21.68.109:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (5373)
Size
16 kB (15472 bytes)
Hash
1b92633ae72772b73dd8ef6faf43929a
70e48f1df8f8887de07995d801a9938153f46edc
9151d39bf78333ede5adc7ce23686ff62d314d72079f240f580fa78076bcb048

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /error_909.php?cnv_id=28e95q5ibuo52bgf8a&sourceid=2099&gg=2099 HTTP/1.1
Host: 28e95q5ibuo52bgf8a.youltube.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 29 Nov 2023 07:43:44 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G5AMhAAIN8WIrWGh2q%2Foh7xGu0Bba%2FdfvO%2BmIxV%2F7EnXJJUKXyPioERlWPLblwDcp3V%2FwOGJKzfJ%2FGnNMzUHHV4Ic45bXRjSARpaHbr99u2RQDqendr8%2FueRGH0KQ%2Bq6SCWiqM158ICu7YXpqUOXS2X2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82d938ad8e5956ae-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

youltube.biz/micro.tag.min.js?z=5137789&domain=ahaurgoo.net&cdn=1&ymid=28e95q5ibuo52bgf8a&var=2099&sw=/sw-check-permissions-local-5137789.js

104.21.68.109

200 OK

10 kB

URL GET HTTP/3
youltube.biz/micro.tag.min.js?z=5137789&domain=ahaurgoo.net&cdn=1&ymid=28e95q5ibuo52bgf8a&var=2099&sw=/sw-check-permissions-local-5137789.js
IP
104.21.68.109:443
ASN
#13335 CLOUDFLARENET

Requested by
https://qixvsiqw34.youltube.biz/error_909.php?cnv_id=28e95q5ibuo52bgf8a&sourceid=2099
Certificate
IssuerGoogle Trust Services LLC
Subjectyoultube.biz
FingerprintD7:82:77:F4:69:89:65:08:E0:C3:05:18:75:95:E8:68:2F:97:A1:20
ValiditySun, 29 Oct 2023 11:05:46 GMT - Sat, 27 Jan 2024 11:05:45 GMT

File type
ASCII text, with very long lines (26779), with no line terminators
Size
10 kB (10310 bytes)
Hash
f0a5429c5a76186434f263b62b3d2ef0
704d593487b8e6e35ff26d7b61e215eb52eb3593
243c48bee24c3cf6d83aa582a417b6d2012310147215146b4427d5c8a617ec6e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /micro.tag.min.js?z=5137789&domain=ahaurgoo.net&cdn=1&ymid=28e95q5ibuo52bgf8a&var=2099&sw=/sw-check-permissions-local-5137789.js HTTP/1.1
Host: youltube.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sobt4d1wv4.youltube.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 29 Nov 2023 07:43:46 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 31 Jul 2023 21:58:24 GMT
vary: Accept-Encoding
etag: W/"64c82e80-689b"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 1
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SIEt3qCGjGrD%2BA%2FHqcgSVEFS%2FP%2FL%2BHZhtYs%2B32ADzdQgE0pds%2BIjfOmya2wLHVgMcXb0dAo48bXuRUybyDxLtnAwioCkgj4mtGljS3jmIJGCfTSf19oPYS0XDnTwG30%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82d938bb3d8156af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

youltube.biz/micro.tag.min.js?z=5137789&domain=ahaurgoo.net&cdn=1&ymid=28e95q5ibuo52bgf8a&var=2099&sw=/sw-check-permissions-local-5137789.js

104.21.68.109

200 OK

10 kB

URL GET HTTP/3
youltube.biz/micro.tag.min.js?z=5137789&domain=ahaurgoo.net&cdn=1&ymid=28e95q5ibuo52bgf8a&var=2099&sw=/sw-check-permissions-local-5137789.js
IP
104.21.68.109:443
ASN
#13335 CLOUDFLARENET

Requested by
https://qixvsiqw34.youltube.biz/error_909.php?cnv_id=28e95q5ibuo52bgf8a&sourceid=2099
Certificate
IssuerGoogle Trust Services LLC
Subjectyoultube.biz
FingerprintD7:82:77:F4:69:89:65:08:E0:C3:05:18:75:95:E8:68:2F:97:A1:20
ValiditySun, 29 Oct 2023 11:05:46 GMT - Sat, 27 Jan 2024 11:05:45 GMT

File type
ASCII text, with very long lines (26779), with no line terminators
Size
10 kB (10310 bytes)
Hash
f0a5429c5a76186434f263b62b3d2ef0
704d593487b8e6e35ff26d7b61e215eb52eb3593
243c48bee24c3cf6d83aa582a417b6d2012310147215146b4427d5c8a617ec6e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /micro.tag.min.js?z=5137789&domain=ahaurgoo.net&cdn=1&ymid=28e95q5ibuo52bgf8a&var=2099&sw=/sw-check-permissions-local-5137789.js HTTP/1.1
Host: youltube.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ryl4rsuq5c.youltube.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 29 Nov 2023 07:43:46 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 31 Jul 2023 21:58:24 GMT
vary: Accept-Encoding
etag: W/"64c82e80-689b"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 1
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fWQ0xt%2BnReA9V7%2BfMAYujeDARpBGyXENh%2FbPOnil7%2FR8MzDAXjiA8JZ9NVvvRxum0wibS%2F%2F6JTQby2SOo%2F%2FrbWHmuZn2jeAu%2B0zejdjpeOgVuiBqw5%2FpJNiCgghvvpA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82d938be985f56af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

51g7juuek0.youltube.biz/error_909.php?cnv_id=28e95q5ibuo52bgf8a&sourceid=2099

104.21.68.109

5.2 kB

URL
51g7juuek0.youltube.biz/error_909.php?cnv_id=28e95q5ibuo52bgf8a&sourceid=2099
IP
104.21.68.109:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (5373)
Size
5.2 kB (5152 bytes)
Hash
ba7eb57e06c1aac6cfa60b239dd525e1
4b020cbc602bf9b18989f8160de0b362af355957
295f7d07b4d6a4534e914034474b410542ac18365d3d6f59b9b4bd6e15dffcc0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /error_909.php?cnv_id=28e95q5ibuo52bgf8a&sourceid=2099 HTTP/1.1
Host: 51g7juuek0.youltube.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ryl4rsuq5c.youltube.biz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 29 Nov 2023 07:43:47 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZyxGWa%2F%2B25LC8hx3CwkqD6t4aW%2FCIpIuVJkJA0wfAm42Tx2A8Ot04g6OjU2AG%2FK%2BvHd8FcCh6YNu5ul6UOISYoUC5E5EaXSKOzdira%2FcnM7iFYdAdZacgymjSuqrQqBYdCw%2BtvRj5jGfhw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82d938bf28bb56af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ahaurgoo.net/zone?&pub=0&zone_id=5137789&is_mobile=false&domain=2cq4uzrw6o.youltube.biz&var=2099&ymid=28e95q5ibuo52bgf8a&var_3=&var_4=&dsig=&action=prerequest

139.45.197.251

0 B

URL
ahaurgoo.net/zone?&pub=0&zone_id=5137789&is_mobile=false&domain=2cq4uzrw6o.youltube.biz&var=2099&ymid=28e95q5ibuo52bgf8a&var_3=&var_4=&dsig=&action=prerequest
IP
139.45.197.251:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /zone?&pub=0&zone_id=5137789&is_mobile=false&domain=2cq4uzrw6o.youltube.biz&var=2099&ymid=28e95q5ibuo52bgf8a&var_3=&var_4=&dsig=&action=prerequest HTTP/1.1
Host: ahaurgoo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://2cq4uzrw6o.youltube.biz
DNT: 1
Connection: keep-alive
Referer: https://2cq4uzrw6o.youltube.biz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 29 Nov 2023 07:43:48 GMT
content-length: 0
x-trace-id: 296cb710197a287ff5799da947d3efda
access-control-allow-origin: https://2cq4uzrw6o.youltube.biz
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

youltube.biz/micro.tag.min.js?z=5137789&domain=ahaurgoo.net&cdn=1&ymid=28e95q5ibuo52bgf8a&var=2099&sw=/sw-check-permissions-local-5137789.js

104.21.68.109

200 OK

10 kB

URL GET HTTP/3
youltube.biz/micro.tag.min.js?z=5137789&domain=ahaurgoo.net&cdn=1&ymid=28e95q5ibuo52bgf8a&var=2099&sw=/sw-check-permissions-local-5137789.js
IP
104.21.68.109:443
ASN
#13335 CLOUDFLARENET

Requested by
https://qixvsiqw34.youltube.biz/error_909.php?cnv_id=28e95q5ibuo52bgf8a&sourceid=2099
Certificate
IssuerGoogle Trust Services LLC
Subjectyoultube.biz
FingerprintD7:82:77:F4:69:89:65:08:E0:C3:05:18:75:95:E8:68:2F:97:A1:20
ValiditySun, 29 Oct 2023 11:05:46 GMT - Sat, 27 Jan 2024 11:05:45 GMT

File type
ASCII text, with very long lines (26779), with no line terminators
Size
10 kB (10310 bytes)
Hash
f0a5429c5a76186434f263b62b3d2ef0
704d593487b8e6e35ff26d7b61e215eb52eb3593
243c48bee24c3cf6d83aa582a417b6d2012310147215146b4427d5c8a617ec6e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /micro.tag.min.js?z=5137789&domain=ahaurgoo.net&cdn=1&ymid=28e95q5ibuo52bgf8a&var=2099&sw=/sw-check-permissions-local-5137789.js HTTP/1.1
Host: youltube.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8d96tvh1g0.youltube.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 29 Nov 2023 07:43:48 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 31 Jul 2023 21:58:24 GMT
vary: Accept-Encoding
etag: W/"64c82e80-689b"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 3
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MYp1aaWAGkBXrSZB6LOjEjnzGRxlaty5%2FgHAoESNZ1WBGpzE%2F4WPyOZYV2vH91ftii0sO89HQJlwB4pAYlHTLX%2Bz8Py7wJ8TZGgURWPslL2ZjPR6gbE%2F3UgAh0zri1E%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82d938c9397156af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ahaurgoo.net/zone?&pub=0&zone_id=5137789&is_mobile=false&domain=bxw6nfi3c0.youltube.biz&var=2099&ymid=28e95q5ibuo52bgf8a&var_3=&var_4=&dsig=&action=prerequest

139.45.197.251

0 B

URL
ahaurgoo.net/zone?&pub=0&zone_id=5137789&is_mobile=false&domain=bxw6nfi3c0.youltube.biz&var=2099&ymid=28e95q5ibuo52bgf8a&var_3=&var_4=&dsig=&action=prerequest
IP
139.45.197.251:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /zone?&pub=0&zone_id=5137789&is_mobile=false&domain=bxw6nfi3c0.youltube.biz&var=2099&ymid=28e95q5ibuo52bgf8a&var_3=&var_4=&dsig=&action=prerequest HTTP/1.1
Host: ahaurgoo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bxw6nfi3c0.youltube.biz
DNT: 1
Connection: keep-alive
Referer: https://bxw6nfi3c0.youltube.biz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 29 Nov 2023 07:43:49 GMT
content-length: 0
x-trace-id: bb6aadf8b9331230ee5fcf119313815f
access-control-allow-origin: https://bxw6nfi3c0.youltube.biz
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

youltube.biz/micro.tag.min.js?z=5137789&domain=ahaurgoo.net&cdn=1&ymid=28e95q5ibuo52bgf8a&var=2099&sw=/sw-check-permissions-local-5137789.js

104.21.68.109

200 OK

10 kB

URL GET HTTP/3
youltube.biz/micro.tag.min.js?z=5137789&domain=ahaurgoo.net&cdn=1&ymid=28e95q5ibuo52bgf8a&var=2099&sw=/sw-check-permissions-local-5137789.js
IP
104.21.68.109:443
ASN
#13335 CLOUDFLARENET

Requested by
https://qixvsiqw34.youltube.biz/error_909.php?cnv_id=28e95q5ibuo52bgf8a&sourceid=2099
Certificate
IssuerGoogle Trust Services LLC
Subjectyoultube.biz
FingerprintD7:82:77:F4:69:89:65:08:E0:C3:05:18:75:95:E8:68:2F:97:A1:20
ValiditySun, 29 Oct 2023 11:05:46 GMT - Sat, 27 Jan 2024 11:05:45 GMT

File type
ASCII text, with very long lines (26779), with no line terminators
Size
10 kB (10310 bytes)
Hash
f0a5429c5a76186434f263b62b3d2ef0
704d593487b8e6e35ff26d7b61e215eb52eb3593
243c48bee24c3cf6d83aa582a417b6d2012310147215146b4427d5c8a617ec6e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /micro.tag.min.js?z=5137789&domain=ahaurgoo.net&cdn=1&ymid=28e95q5ibuo52bgf8a&var=2099&sw=/sw-check-permissions-local-5137789.js HTTP/1.1
Host: youltube.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mnds494gow.youltube.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 29 Nov 2023 07:43:49 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 31 Jul 2023 21:58:24 GMT
vary: Accept-Encoding
etag: W/"64c82e80-689b"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 4
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n88kbPSk225dMewD3ioY8lITNFI4JiZRjXC0Xfb8GehXEE01LlyAhxB%2Byeick6uVyQbivtuZn2vfM4beHReRSR%2FdSg%2F7wSn3V4a6kF6NUWPiFlMVN2y0%2FZtZJp273YU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82d938d03f3256af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

bxw6nfi3c0.youltube.biz/error_909.php?cnv_id=28e95q5ibuo52bgf8a&sourceid=2099

104.21.68.109

16 kB

URL
bxw6nfi3c0.youltube.biz/error_909.php?cnv_id=28e95q5ibuo52bgf8a&sourceid=2099
IP
104.21.68.109:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (5373)
Size
16 kB (15462 bytes)
Hash
ba7eb57e06c1aac6cfa60b239dd525e1
4b020cbc602bf9b18989f8160de0b362af355957
295f7d07b4d6a4534e914034474b410542ac18365d3d6f59b9b4bd6e15dffcc0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /error_909.php?cnv_id=28e95q5ibuo52bgf8a&sourceid=2099 HTTP/1.1
Host: bxw6nfi3c0.youltube.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8d96tvh1g0.youltube.biz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 29 Nov 2023 07:43:49 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pNbe5P0AN1GuqO%2BvdIbdkfMXne3%2BOi1nw6w9hWSiZRUH1Pw3GPMyxFDdHb7TUYgOdhLY7gnsyQ%2F%2BlNiujaQmygBC83Uw%2F0VDhL5OA36%2BksXDMedlW7gbCYXInZJh7nESU4cIYk6UmUdT2g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82d938c9f9fe56af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ahaurgoo.net/zone?&pub=0&zone_id=5137789&is_mobile=false&domain=zd51w8hy1s.youltube.biz&var=2099&ymid=28e95q5ibuo52bgf8a&var_3=&var_4=&dsig=&action=prerequest

139.45.197.251

0 B

URL
ahaurgoo.net/zone?&pub=0&zone_id=5137789&is_mobile=false&domain=zd51w8hy1s.youltube.biz&var=2099&ymid=28e95q5ibuo52bgf8a&var_3=&var_4=&dsig=&action=prerequest
IP
139.45.197.251:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /zone?&pub=0&zone_id=5137789&is_mobile=false&domain=zd51w8hy1s.youltube.biz&var=2099&ymid=28e95q5ibuo52bgf8a&var_3=&var_4=&dsig=&action=prerequest HTTP/1.1
Host: ahaurgoo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://zd51w8hy1s.youltube.biz
DNT: 1
Connection: keep-alive
Referer: https://zd51w8hy1s.youltube.biz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 29 Nov 2023 07:43:50 GMT
content-length: 0
x-trace-id: 484eb4fc5fe6944e89f1e3c1643c3b4c
access-control-allow-origin: https://zd51w8hy1s.youltube.biz
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

ahaurgoo.net/zone?&pub=0&zone_id=5137789&is_mobile=false&domain=cpqzbq9874.youltube.biz&var=2099&ymid=28e95q5ibuo52bgf8a&var_3=&var_4=&dsig=&action=prerequest

139.45.197.251

0 B

URL
ahaurgoo.net/zone?&pub=0&zone_id=5137789&is_mobile=false&domain=cpqzbq9874.youltube.biz&var=2099&ymid=28e95q5ibuo52bgf8a&var_3=&var_4=&dsig=&action=prerequest
IP
139.45.197.251:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /zone?&pub=0&zone_id=5137789&is_mobile=false&domain=cpqzbq9874.youltube.biz&var=2099&ymid=28e95q5ibuo52bgf8a&var_3=&var_4=&dsig=&action=prerequest HTTP/1.1
Host: ahaurgoo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cpqzbq9874.youltube.biz
DNT: 1
Connection: keep-alive
Referer: https://cpqzbq9874.youltube.biz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 29 Nov 2023 07:43:51 GMT
content-length: 0
x-trace-id: 3e19e3b97694a9310b62cd6b4b3f7748
access-control-allow-origin: https://cpqzbq9874.youltube.biz
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

youltube.biz/micro.tag.min.js?z=5137789&domain=ahaurgoo.net&cdn=1&ymid=28e95q5ibuo52bgf8a&var=2099&sw=/sw-check-permissions-local-5137789.js

104.21.68.109

200 OK

31 kB

URL GET HTTP/3
youltube.biz/micro.tag.min.js?z=5137789&domain=ahaurgoo.net&cdn=1&ymid=28e95q5ibuo52bgf8a&var=2099&sw=/sw-check-permissions-local-5137789.js
IP
104.21.68.109:443
ASN
#13335 CLOUDFLARENET

Requested by
https://qixvsiqw34.youltube.biz/error_909.php?cnv_id=28e95q5ibuo52bgf8a&sourceid=2099
Certificate
IssuerGoogle Trust Services LLC
Subjectyoultube.biz
FingerprintD7:82:77:F4:69:89:65:08:E0:C3:05:18:75:95:E8:68:2F:97:A1:20
ValiditySun, 29 Oct 2023 11:05:46 GMT - Sat, 27 Jan 2024 11:05:45 GMT

File type
ASCII text, with very long lines (26779), with no line terminators
Size
31 kB (30924 bytes)
Hash
f0a5429c5a76186434f263b62b3d2ef0
704d593487b8e6e35ff26d7b61e215eb52eb3593
243c48bee24c3cf6d83aa582a417b6d2012310147215146b4427d5c8a617ec6e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /micro.tag.min.js?z=5137789&domain=ahaurgoo.net&cdn=1&ymid=28e95q5ibuo52bgf8a&var=2099&sw=/sw-check-permissions-local-5137789.js HTTP/1.1
Host: youltube.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bxw6nfi3c0.youltube.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 29 Nov 2023 07:43:49 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 31 Jul 2023 21:58:24 GMT
vary: Accept-Encoding
etag: W/"64c82e80-689b"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 4
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LPHjEnyEDiPcBJzgDOZm6oYXIjE41DAL7MeYTbhgPad63vqsMziG2ca5eEaB1jUlvBxInX7rpeIbI7gvCPT7Gjy2a%2F4o6vP5zXbzpmsSVq8%2B%2FXrKrmYrT%2FfY26JkGOE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82d938ccac7056af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

youltube.biz/micro.tag.min.js?z=5137789&domain=ahaurgoo.net&cdn=1&ymid=28e95q5ibuo52bgf8a&var=2099&sw=/sw-check-permissions-local-5137789.js

104.21.68.109

200 OK

10 kB

URL GET HTTP/3
youltube.biz/micro.tag.min.js?z=5137789&domain=ahaurgoo.net&cdn=1&ymid=28e95q5ibuo52bgf8a&var=2099&sw=/sw-check-permissions-local-5137789.js
IP
104.21.68.109:443
ASN
#13335 CLOUDFLARENET

Requested by
https://qixvsiqw34.youltube.biz/error_909.php?cnv_id=28e95q5ibuo52bgf8a&sourceid=2099
Certificate
IssuerGoogle Trust Services LLC
Subjectyoultube.biz
FingerprintD7:82:77:F4:69:89:65:08:E0:C3:05:18:75:95:E8:68:2F:97:A1:20
ValiditySun, 29 Oct 2023 11:05:46 GMT - Sat, 27 Jan 2024 11:05:45 GMT

File type
ASCII text, with very long lines (26779), with no line terminators
Size
10 kB (10310 bytes)
Hash
f0a5429c5a76186434f263b62b3d2ef0
704d593487b8e6e35ff26d7b61e215eb52eb3593
243c48bee24c3cf6d83aa582a417b6d2012310147215146b4427d5c8a617ec6e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /micro.tag.min.js?z=5137789&domain=ahaurgoo.net&cdn=1&ymid=28e95q5ibuo52bgf8a&var=2099&sw=/sw-check-permissions-local-5137789.js HTTP/1.1
Host: youltube.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3rzwigdu0g.youltube.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 29 Nov 2023 07:43:52 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 31 Jul 2023 21:58:24 GMT
vary: Accept-Encoding
etag: W/"64c82e80-689b"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 7
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MxqvkLSkk4pSxZdFdQx9evSN0jxuCbL2%2BL7XNeuFddJzaD%2FBRj7mU%2F%2BqwdF79mWi%2Bx1N2M2jPVwBNshz9l%2FXyz2TEh%2F4STvOovwnFlhPtM6%2BkwvMvmyWiTxW%2FPmwC8s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82d938dfbafc56af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

y110prfatc.youltube.biz/error_909.php?cnv_id=28e95q5ibuo52bgf8a&sourceid=2099

104.21.68.109

5.2 kB

URL
y110prfatc.youltube.biz/error_909.php?cnv_id=28e95q5ibuo52bgf8a&sourceid=2099
IP
104.21.68.109:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (5373)
Size
5.2 kB (5152 bytes)
Hash
ba7eb57e06c1aac6cfa60b239dd525e1
4b020cbc602bf9b18989f8160de0b362af355957
295f7d07b4d6a4534e914034474b410542ac18365d3d6f59b9b4bd6e15dffcc0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /error_909.php?cnv_id=28e95q5ibuo52bgf8a&sourceid=2099 HTTP/1.1
Host: y110prfatc.youltube.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3rzwigdu0g.youltube.biz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 29 Nov 2023 07:43:52 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QSnHwmtQfZoljUXjzwZ79QdodRsLxEQfF1mo3skTPdkVMu2eE5ar6sBW02Myqdk1JywpJGXxQiwn63BtPXDB1L4gK0rUiqua6vD%2BPvh48UPMkXT3uruMC9G86Bk3uEO2OAWka6TeqRgBjA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82d938e04b6756af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ahaurgoo.net/zone?&pub=0&zone_id=5137789&is_mobile=false&domain=ksfv0ilicg.youltube.biz&var=2099&ymid=28e95q5ibuo52bgf8a&var_3=&var_4=&dsig=&action=prerequest

139.45.197.251

0 B

URL
ahaurgoo.net/zone?&pub=0&zone_id=5137789&is_mobile=false&domain=ksfv0ilicg.youltube.biz&var=2099&ymid=28e95q5ibuo52bgf8a&var_3=&var_4=&dsig=&action=prerequest
IP
139.45.197.251:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /zone?&pub=0&zone_id=5137789&is_mobile=false&domain=ksfv0ilicg.youltube.biz&var=2099&ymid=28e95q5ibuo52bgf8a&var_3=&var_4=&dsig=&action=prerequest HTTP/1.1
Host: ahaurgoo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ksfv0ilicg.youltube.biz
DNT: 1
Connection: keep-alive
Referer: https://ksfv0ilicg.youltube.biz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 29 Nov 2023 07:43:53 GMT
content-length: 0
x-trace-id: 5edd5b56f4365f6b43b4e1dd9dad700e
access-control-allow-origin: https://ksfv0ilicg.youltube.biz
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

youltube.biz/micro.tag.min.js?z=5137789&domain=ahaurgoo.net&cdn=1&ymid=28e95q5ibuo52bgf8a&var=2099&sw=/sw-check-permissions-local-5137789.js

104.21.68.109

200 OK

10 kB

URL GET HTTP/3
youltube.biz/micro.tag.min.js?z=5137789&domain=ahaurgoo.net&cdn=1&ymid=28e95q5ibuo52bgf8a&var=2099&sw=/sw-check-permissions-local-5137789.js
IP
104.21.68.109:443
ASN
#13335 CLOUDFLARENET

Requested by
https://qixvsiqw34.youltube.biz/error_909.php?cnv_id=28e95q5ibuo52bgf8a&sourceid=2099
Certificate
IssuerGoogle Trust Services LLC
Subjectyoultube.biz
FingerprintD7:82:77:F4:69:89:65:08:E0:C3:05:18:75:95:E8:68:2F:97:A1:20
ValiditySun, 29 Oct 2023 11:05:46 GMT - Sat, 27 Jan 2024 11:05:45 GMT

File type
ASCII text, with very long lines (26779), with no line terminators
Size
10 kB (10310 bytes)
Hash
f0a5429c5a76186434f263b62b3d2ef0
704d593487b8e6e35ff26d7b61e215eb52eb3593
243c48bee24c3cf6d83aa582a417b6d2012310147215146b4427d5c8a617ec6e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /micro.tag.min.js?z=5137789&domain=ahaurgoo.net&cdn=1&ymid=28e95q5ibuo52bgf8a&var=2099&sw=/sw-check-permissions-local-5137789.js HTTP/1.1
Host: youltube.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qixvsiqw34.youltube.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 29 Nov 2023 07:43:53 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 31 Jul 2023 21:58:24 GMT
vary: Accept-Encoding
etag: W/"64c82e80-689b"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QREZiuRjl3aXkZ%2BpRPcU8YVnjUjg5scdy9kZW6XFMhvYK%2FwDVHRnWrOTReBmQnoVw4GRKCUPjJ1dI%2BjXQ423ijOTL5GcVmVXUGxwtKMDw3fp3R9OYjSo3BTO%2BErQtWk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82d938e788e056af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ahaurgoo.net/zone?&pub=0&zone_id=5137789&is_mobile=false&domain=qixvsiqw34.youltube.biz&var=2099&ymid=28e95q5ibuo52bgf8a&var_3=&var_4=&dsig=&action=prerequest

139.45.197.251

200 OK

0 B

URL POST HTTP/2
ahaurgoo.net/zone?&pub=0&zone_id=5137789&is_mobile=false&domain=qixvsiqw34.youltube.biz&var=2099&ymid=28e95q5ibuo52bgf8a&var_3=&var_4=&dsig=&action=prerequest
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://qixvsiqw34.youltube.biz/error_909.php?cnv_id=28e95q5ibuo52bgf8a&sourceid=2099
Certificate
IssuerLet's Encrypt
Subjectahaurgoo.net
Fingerprint68:19:FD:CE:71:C7:11:37:22:DD:68:C0:AB:33:37:2D:F8:35:9D:EC
ValidityTue, 07 Nov 2023 05:17:52 GMT - Mon, 05 Feb 2024 05:17:51 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /zone?&pub=0&zone_id=5137789&is_mobile=false&domain=qixvsiqw34.youltube.biz&var=2099&ymid=28e95q5ibuo52bgf8a&var_3=&var_4=&dsig=&action=prerequest HTTP/1.1
Host: ahaurgoo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://qixvsiqw34.youltube.biz
DNT: 1
Connection: keep-alive
Referer: https://qixvsiqw34.youltube.biz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 200 OK
server: nginx
date: Wed, 29 Nov 2023 07:43:53 GMT
content-length: 0
x-trace-id: 6de9788579cc01bef88570a945c1e59f
access-control-allow-origin: https://qixvsiqw34.youltube.biz
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

qixvsiqw34.youltube.biz/sw-check-permissions-local-5137789.js?var=2099&ymid=28e95q5ibuo52bgf8a

104.21.68.109

200 OK

543 B

URL GET HTTP/3
qixvsiqw34.youltube.biz/sw-check-permissions-local-5137789.js?var=2099&ymid=28e95q5ibuo52bgf8a
IP
104.21.68.109:443
ASN
#13335 CLOUDFLARENET

Requested by
https://qixvsiqw34.youltube.biz/error_909.php?cnv_id=28e95q5ibuo52bgf8a&sourceid=2099
Certificate
IssuerGoogle Trust Services LLC
Subjectyoultube.biz
FingerprintD7:82:77:F4:69:89:65:08:E0:C3:05:18:75:95:E8:68:2F:97:A1:20
ValiditySun, 29 Oct 2023 11:05:46 GMT - Sat, 27 Jan 2024 11:05:45 GMT

File type
ASCII text, with very long lines (607), with no line terminators
Size
543 B (543 bytes)
Hash
d71660548537fcfb3b4500533f39cc61
e30e9600147755e98b36fa5f15f11161e69c2451
1be091c5a86f4c3954bb738afc437ea3a76e236e0311c2a0bc9a1a9287d47579

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sw-check-permissions-local-5137789.js?var=2099&ymid=28e95q5ibuo52bgf8a HTTP/1.1
Host: qixvsiqw34.youltube.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Referer: https://qixvsiqw34.youltube.biz/error_909.php?cnv_id=28e95q5ibuo52bgf8a&sourceid=2099
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 29 Nov 2023 07:43:53 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 14 Jul 2022 00:36:03 GMT
etag: W/"62cf64f3-21f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zUe7WYJc95gyhECYzYUuecPdx9yeSXGorwUxrfQLrFz0q9DRV8Tjw%2FVUB6igKcJgTqGSd5TMSLQaOfOFarYcAawLwtqsG0yoqDMFd413zDgE%2FJycVuvrbuE0N6%2FAUIVbdxhi%2FIMjtAUJfA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82d938e7d92656af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

qixvsiqw34.youltube.biz/favicon.ico

104.21.68.109

404 Not Found

3.3 kB

URL GET HTTP/3
qixvsiqw34.youltube.biz/favicon.ico
IP
104.21.68.109:443
ASN
#13335 CLOUDFLARENET

Requested by
https://qixvsiqw34.youltube.biz/error_909.php?cnv_id=28e95q5ibuo52bgf8a&sourceid=2099
Certificate
IssuerGoogle Trust Services LLC
Subjectyoultube.biz
FingerprintD7:82:77:F4:69:89:65:08:E0:C3:05:18:75:95:E8:68:2F:97:A1:20
ValiditySun, 29 Oct 2023 11:05:46 GMT - Sat, 27 Jan 2024 11:05:45 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3465), with no line terminators
Size
3.3 kB (3302 bytes)
Hash
5395462e947f274c69a7cdcaf8697616
da89972545b2901cb0b315c90b5f3eda0d831f9c
81bbd567d78d7bc2f8877f93c2198dd80ebe69c7f191fc89a14b1ed73497c248

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: qixvsiqw34.youltube.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qixvsiqw34.youltube.biz/error_909.php?cnv_id=28e95q5ibuo52bgf8a&sourceid=2099
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Wed, 29 Nov 2023 07:43:53 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
last-modified: Thu, 14 Jul 2022 00:17:54 GMT
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mGefOU70DVezUh2NaT2An2QE8xjmrQnzJmJfWKzUc00cBWHuZAXmpncwewBRncbPCJ57nT4fQFYE1BpbenSlrz7fPjpgEcJgt6vSsBz2qChO7x4B%2FEpXZ3Sa3%2B041ZBOdFLrSFgIL4mGrQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82d938e798fc56af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

qixvsiqw34.youltube.biz/error_909.php?cnv_id=28e95q5ibuo52bgf8a&sourceid=2099

104.21.68.109

200 OK

14 kB

URL User Request GET HTTP/3
qixvsiqw34.youltube.biz/error_909.php?cnv_id=28e95q5ibuo52bgf8a&sourceid=2099
IP
104.21.68.109:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectyoultube.biz
FingerprintD7:82:77:F4:69:89:65:08:E0:C3:05:18:75:95:E8:68:2F:97:A1:20
ValiditySun, 29 Oct 2023 11:05:46 GMT - Sat, 27 Jan 2024 11:05:45 GMT

File type

Size
14 kB (13797 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /error_909.php?cnv_id=28e95q5ibuo52bgf8a&sourceid=2099 HTTP/1.1
Host: qixvsiqw34.youltube.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ksfv0ilicg.youltube.biz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 29 Nov 2023 07:43:53 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5qf69IiF9bKA%2BPSD5IWXm%2Fx%2FLpeMUu0DWo2VC3Qwb%2BZU3BJcTRTVxnBsV5LeWIEWXlLVmYfpFmQHA7phykErNQJAYrRaGAyJLGxjp9Jj7vJBx0Ux7pJPQ0LtQ26gQOaEx8nuXSzR%2BkncQg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82d938e5efa856af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (21)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN