Report - bleleadersto.com/s?f3fd244e

Report Overview

Visited public
2024-10-08 15:49:38
Tags
URL
bleleadersto.com/s?f3fd244e
Finishing URL
bleleadersto.com/s?f3fd244e
IP / ASN
172.67.165.252
#13335 CLOUDFLARENET
Title
Shifty

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
undefined	142677	unknown	2020-01-28 20:52:40	2023-07-23 07:59:56	960 B	0 B	0.0.0.0
bleleadersto.com	unknown	2024-01-01	2024-09-23 13:37:43	2024-10-07 14:01:15	920 B	97 kB	104.21.16.26
ukankingwithea.com	unknown	2024-01-01	2024-09-07 02:18:13	2024-10-07 20:01:20	862 B	104 kB	188.114.97.1
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2024-10-08 08:32:59	938 B	95 kB	142.250.74.106
dfdgfruitie.xyz	unknown	2022-08-22	2022-12-12 12:59:22	2024-09-26 20:05:27	411 B	674 B	104.21.13.114
skillsombineukdw.com	unknown	2024-07-08	2024-10-01 19:41:10	2024-10-07 19:44:29	1.0 kB	1.4 kB	104.21.25.36
yfueuktureu.com	unknown	2024-01-01	2024-08-21 21:42:32	2024-09-26 20:00:04	510 B	916 B	172.67.132.181
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2024-10-08 01:14:07	522 B	8.7 kB	142.250.74.163
d1wzdj81h1hubn.cloudfront.net	unknown	2008-04-25	2023-01-18 21:11:48	2024-09-26 01:36:13	458 B	93 kB	54.230.241.96
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-10-07 19:37:44	327 B	887 B	23.36.76.243
d2w9cdu84xc4eq.cloudfront.net	unknown	2008-04-25	2024-09-19 18:34:26	2024-10-07 09:54:20	417 B	68 kB	108.157.217.75

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-10-08	medium	undefined	Sinkholed

ThreatFox

No alerts detected

JavaScript (3)

	URL	From	Size	First Seen	Last Seen
	dfdgfruitie.xyz/adserver/yzfdmoan.js	ScriptElement	0 B	0001-01-01	2025-04-30
Pretty URL dfdgfruitie.xyz/adserver/yzfdmoan.js IP 104.21.13.114 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen0001-01-01 00:00 Last Seen2025-04-30 05:05 Times Seen4579505 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	d2w9cdu84xc4eq.cloudfront.net/?tid=1029748	ScriptElement	220 kB	2024-10-11	2024-10-11
Pretty URL d2w9cdu84xc4eq.cloudfront.net/?tid=1029748 IP 108.157.217.75 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-10-11 08:48 Last Seen2024-10-11 08:48 Times Seen1 Hash 34e19c225113657f421d0778e9e73c7d 86bd36f846d13110dee283c0db7c93b78e8ad11d f87f7af419708f8aaec063b2ee4c7d4add4d0845fedb4542ccc7558109a4fd3e Loading...

	bleleadersto.com/s?f3fd244e	ScriptElement	92 kB	2024-10-11	2024-10-11
Pretty URL bleleadersto.com/s?f3fd244e IP 104.21.16.26 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-10-11 08:48 Last Seen2024-10-11 08:48 Times Seen1 Hash 3e2ec585db92322a0cce3bc2f810804c 7af3bdf45a859ab01c051e022b96fd600f05455b 149934212d96188be5af2af8b950f3b9c7702fd4528a0fd201fe327a510c0aa8 Loading...

HTTP Transactions (15)

URL IP Response Size

r10.o.lencr.org/

23.36.76.243

504 B

URL
r10.o.lencr.org/
IP
23.36.76.243:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
33985775df7b619cb33f4050d88c5fb9
cf0b2ff92cd2f7e12ce788a164a73d75dea5da83
b6db380f5eeb73aa56abf90afa43b52cc9f51b01f33ad1eefeccc473a41ffb86

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "B6DB380F5EEB73AA56ABF90AFA43B52CC9F51B01F33AD1EEFECCC473A41FFB86"
Last-Modified: Tue, 08 Oct 2024 11:18:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5584
Expires: Tue, 08 Oct 2024 17:22:15 GMT
Date: Tue, 08 Oct 2024 15:49:11 GMT
Connection: keep-alive

fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700;900&display=swap

142.250.74.106

200 OK

93 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700;900&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://bleleadersto.com/s?f3fd244e
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
Fingerprint58:48:CD:9D:CD:36:2C:BF:35:F8:E0:82:73:2B:F8:79:64:BB:AE:F7
ValidityMon, 16 Sep 2024 09:34:31 GMT - Mon, 09 Dec 2024 09:34:30 GMT

File type
gzip compressed data, max compression
Size
93 kB (93046 bytes)
Hash
1d2d8eb4469e0643b067173c4f7c45c3
a45f9cc58e5e03e79d3fc3d284dc0d9f23beaa22
f1c7d9cc2211b51cc5ba5210d0a67ca96307cf83aeb7527c1e7cf9e35cdf301c

HTTP Headers

GET /css2?family=Roboto:wght@100;300;400;500;700;900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bleleadersto.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 08 Oct 2024 15:49:12 GMT
date: Tue, 08 Oct 2024 15:49:12 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

dfdgfruitie.xyz/adserver/yzfdmoan.js

104.21.13.114

200 OK

0 B

URL GET HTTP/2
dfdgfruitie.xyz/adserver/yzfdmoan.js
IP
104.21.13.114:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bleleadersto.com/s?f3fd244e
Certificate
IssuerGoogle Trust Services
Subjectdfdgfruitie.xyz
Fingerprint98:1D:5E:36:30:97:98:91:A0:7C:89:A5:C7:05:70:1B:28:90:ED:16
ValiditySun, 22 Sep 2024 19:20:22 GMT - Sat, 21 Dec 2024 19:20:21 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /adserver/yzfdmoan.js HTTP/1.1
Host: dfdgfruitie.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bleleadersto.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 08 Oct 2024 15:49:12 GMT
content-type: application/x-javascript
content-length: 0
last-modified: Fri, 03 Feb 2023 19:26:28 GMT
etag: "63dd5fe4-0"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1337
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e5zvsKIDzU2YvmACqatLAZvankkm4BEEHM9YaMjuxqq1bKhuVeWKT2tkjBWe1JWYRYWwdWyjSV9Py5TnSkCAqzRglnNiMuv5YDynkz30kQ18LEIx2fyXQqG48TaJo4Qa4FY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8cf747940eb2d370-FRA
X-Firefox-Spdy: h2

d2w9cdu84xc4eq.cloudfront.net/?tid=1029748

108.157.217.75

200 OK

67 kB

URL GET HTTP/2
d2w9cdu84xc4eq.cloudfront.net/?tid=1029748
IP
108.157.217.75:443
ASN
#16509 AMAZON-02

Requested by
https://bleleadersto.com/s?f3fd244e
Certificate
IssuerAmazon
Subject*.cloudfront.net
Fingerprint28:D3:87:79:3C:E8:8B:3C:D9:10:45:E5:F7:64:7A:6D:44:4E:5A:62
ValidityTue, 30 Jul 2024 00:00:00 GMT - Thu, 03 Jul 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (1743)
Size
67 kB (67333 bytes)
Hash
34e19c225113657f421d0778e9e73c7d
86bd36f846d13110dee283c0db7c93b78e8ad11d
f87f7af419708f8aaec063b2ee4c7d4add4d0845fedb4542ccc7558109a4fd3e

HTTP Headers

GET /?tid=1029748 HTTP/1.1
Host: d2w9cdu84xc4eq.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bleleadersto.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-length: 67333
date: Tue, 08 Oct 2024 15:49:13 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 bfeae0ecbffe44ad98e5cd0ae83bdb4a.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: 0P-badKFAozQAUGeb5jw09skG34PdSMRtFObnYFfOmaoKpwHHY2MgA==
X-Firefox-Spdy: h2

skillsombineukdw.com/dkRGektZeyUJdiQcLiofRQp0LhNDcRcyLzwiHhIAEBF/TC0jHWAOIhJ5d0p5T3NyQm0GLSJHeENiNQ4qAjE1R3pQLSgcJEtiMEd7WHJoSGVGYjNHelAwNhssS3VgCj8CKHtLfER8ckp5Q3F1SXpF

104.21.25.36

204 No Content

0 B

URL GET HTTP/2
skillsombineukdw.com/dkRGektZeyUJdiQcLiofRQp0LhNDcRcyLzwiHhIAEBF/TC0jHWAOIhJ5d0p5T3NyQm0GLSJHeENiNQ4qAjE1R3pQLSgcJEtiMEd7WHJoSGVGYjNHelAwNhssS3VgCj8CKHtLfER8ckp5Q3F1SXpF
IP
104.21.25.36:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bleleadersto.com/s?f3fd244e
Certificate
IssuerGoogle Trust Services
Subjectskillsombineukdw.com
Fingerprint4A:5B:83:E7:5E:43:C0:DE:B8:4B:BC:EC:BA:30:36:E2:20:9D:85:9B
ValidityFri, 06 Sep 2024 07:58:25 GMT - Thu, 05 Dec 2024 07:58:24 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /dkRGektZeyUJdiQcLiofRQp0LhNDcRcyLzwiHhIAEBF/TC0jHWAOIhJ5d0p5T3NyQm0GLSJHeENiNQ4qAjE1R3pQLSgcJEtiMEd7WHJoSGVGYjNHelAwNhssS3VgCj8CKHtLfER8ckp5Q3F1SXpF HTTP/1.1
Host: skillsombineukdw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bleleadersto.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
date: Tue, 08 Oct 2024 15:49:13 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OZ6OkFJVTsvmskxZmDmboinBaYsuzzOpSdY6pUOOUiu52KpiNnFZXapzLfHJSjLMzyfuxd%2BAcu9%2FQ6OtJ4L%2BqYJuv5qY7fK5Y4%2Fr2mHoRl%2FD1CpdzEXpbZOMHCh5r1UNtwopwn5R9Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8cf74796c92e5697-OSL
X-Firefox-Spdy: h2

skillsombineukdw.com/popunder.gif

104.21.25.36

58 B

URL GET
skillsombineukdw.com/popunder.gif
IP
104.21.25.36:0
ASN
#13335 CLOUDFLARENET

Requested by
https://bleleadersto.com/s?f3fd244e
Certificate
IssuerGoogle Trust Services
Subjectskillsombineukdw.com
Fingerprint4A:5B:83:E7:5E:43:C0:DE:B8:4B:BC:EC:BA:30:36:E2:20:9D:85:9B
ValidityFri, 06 Sep 2024 07:58:25 GMT - Thu, 05 Dec 2024 07:58:24 GMT

File type
GIF image data, version 89a, 1 x 1
Size
58 B (58 bytes)
Hash
28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

HTTP Headers

GET /popunder.gif HTTP/1.1
Host: skillsombineukdw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bleleadersto.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 08 Oct 2024 15:49:13 GMT
content-type: image/gif
content-length: 58
access-control-allow-origin: *
pragma: public
cache-control: public, max-age=604800, immutable
content-encoding: gzip
cf-cache-status: HIT
age: 7413
last-modified: Tue, 08 Oct 2024 13:45:40 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gRcHD1twprhoAgyOoetI5VZgbq9jeIXqg%2BSf7mLiG2wcQHwuEeMcUFyfIGiZJNQIxcKrB1jRkWJHV7kWL5Mq5eiG7RlyeqmVqryf5Kt27h%2Fqn9392tUJ3gGzWhh%2Bja9sEcVVvy%2BTgQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8cf74798cc685697-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

yfueuktureu.com/tc

172.67.132.181

200 OK

0 B

URL OPTIONS HTTP/2
yfueuktureu.com/tc
IP
172.67.132.181:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bleleadersto.com/s?f3fd244e
Certificate
IssuerGoogle Trust Services
Subjectyfueuktureu.com
Fingerprint25:7B:29:76:3C:CF:5F:B2:D0:90:15:56:F6:1F:2C:0A:C0:06:66:42
ValiditySun, 29 Sep 2024 10:51:26 GMT - Sat, 28 Dec 2024 10:51:25 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /tc HTTP/1.1
Host: yfueuktureu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://bleleadersto.com/
Origin: https://bleleadersto.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 08 Oct 2024 15:49:14 GMT
content-type: application/json
content-length: 0
set-cookie: ci=2063055901898983; Max-Age=86400; Secure; SameSite=None
access-control-allow-origin: https://bleleadersto.com
access-control-allow-headers: Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST, GET, OPTIONS, HEAD
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6VgC97SANyLaL%2FHpprEnCA%2FCtKd67pwKA52cKAFoMyMFcYE9ikISRQFLSNaTCTmDbLqyTsVb0L%2FYANv0dJJvuOrDqZbY0PwRIB4XtfMZJesNOJ8FlAHfjnHo3erBFFnIl3Q%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8cf7479999aab517-OSL
X-Firefox-Spdy: h2

fonts.gstatic.com/s/poppins/v21/pxiEyp8kv8JHgFVrJJfecg.woff2

142.250.74.163

200 OK

7.9 kB

URL GET HTTP/2
fonts.gstatic.com/s/poppins/v21/pxiEyp8kv8JHgFVrJJfecg.woff2
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://bleleadersto.com/s?f3fd244e
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint0B:BA:7B:D2:D9:02:2E:7F:5C:C7:1F:18:F2:A7:76:44:D1:22:07:2B
ValidityMon, 16 Sep 2024 09:34:31 GMT - Mon, 09 Dec 2024 09:34:30 GMT

File type
Web Open Font Format (Version 2), TrueType, length 7884, version 1.0
Size
7.9 kB (7884 bytes)
Hash
9212f6f9860f9fc6c69b02fedf6db8c3
ac6d71b4d5fdd2b3dabc9a06ff6c001e4251da0b
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

HTTP Headers

GET /s/poppins/v21/pxiEyp8kv8JHgFVrJJfecg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://bleleadersto.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7884
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 05 Oct 2024 17:45:16 GMT
expires: Sun, 05 Oct 2025 17:45:16 GMT
cache-control: public, max-age=31536000
last-modified: Fri, 22 Mar 2024 00:00:38 GMT
content-type: font/woff2
age: 252239
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

undefined/eVEyeUsYM1EUdBhsUF8+Cz0PXHk/dAA/L0smCxovDGkGAShNNENXKBU+Rx0tCz5cDWUXNEZceT88ZSERLxwCKH0+BUYvLgBhVDQaTGBTLBkKE3o7IywSZDsCLWh+N3pBOXwrBkkHSzw5OwJ0GioTPmg2CSwkeREgTgABEiozY0oLLy1ldzN6PCR0PwoRAmE7ICs/fB8BLTJgGAksOXwBHRYQXzB/PDtRNigxaXEzHQ4naDgGTgdLPG5LF3oDPy4YekEPNxAGCQUeJgohMh5lZ0svSDJqHQwaEHRJKChkWTgmPyB8MQo7NXYsLTZha0EtPANeKngBJ3kuZjQZay4kSTJzP3syJnAOCjgHVSgDChVQITM8C2QoIzY5Ak8NFwhUKwwsElY+JzELYzMjGGFrAxwTCAo8Dwkday44DjNzLzoYB3MeDxcEFBM4Fj9CRAgoaGpILAsjUBMG

0.0.0.0

0 B

URL GET
undefined/eVEyeUsYM1EUdBhsUF8+Cz0PXHk/dAA/L0smCxovDGkGAShNNENXKBU+Rx0tCz5cDWUXNEZceT88ZSERLxwCKH0+BUYvLgBhVDQaTGBTLBkKE3o7IywSZDsCLWh+N3pBOXwrBkkHSzw5OwJ0GioTPmg2CSwkeREgTgABEiozY0oLLy1ldzN6PCR0PwoRAmE7ICs/fB8BLTJgGAksOXwBHRYQXzB/PDtRNigxaXEzHQ4naDgGTgdLPG5LF3oDPy4YekEPNxAGCQUeJgohMh5lZ0svSDJqHQwaEHRJKChkWTgmPyB8MQo7NXYsLTZha0EtPANeKngBJ3kuZjQZay4kSTJzP3syJnAOCjgHVSgDChVQITM8C2QoIzY5Ak8NFwhUKwwsElY+JzELYzMjGGFrAxwTCAo8Dwkday44DjNzLzoYB3MeDxcEFBM4Fj9CRAgoaGpILAsjUBMG
IP
0.0.0.0:0
ASN
#0

Requested by
https://bleleadersto.com/s?f3fd244e

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /eVEyeUsYM1EUdBhsUF8+Cz0PXHk/dAA/L0smCxovDGkGAShNNENXKBU+Rx0tCz5cDWUXNEZceT88ZSERLxwCKH0+BUYvLgBhVDQaTGBTLBkKE3o7IywSZDsCLWh+N3pBOXwrBkkHSzw5OwJ0GioTPmg2CSwkeREgTgABEiozY0oLLy1ldzN6PCR0PwoRAmE7ICs/fB8BLTJgGAksOXwBHRYQXzB/PDtRNigxaXEzHQ4naDgGTgdLPG5LF3oDPy4YekEPNxAGCQUeJgohMh5lZ0svSDJqHQwaEHRJKChkWTgmPyB8MQo7NXYsLTZha0EtPANeKngBJ3kuZjQZay4kSTJzP3syJnAOCjgHVSgDChVQITM8C2QoIzY5Ak8NFwhUKwwsElY+JzELYzMjGGFrAxwTCAo8Dwkday44DjNzLzoYB3MeDxcEFBM4Fj9CRAgoaGpILAsjUBMG HTTP/1.1
Host: undefined
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bleleadersto.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

bleleadersto.com/s?f3fd244e

104.21.16.26

200 OK

96 kB

URL User Request GET HTTP/2
bleleadersto.com/s?f3fd244e
IP
104.21.16.26:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectbleleadersto.com
Fingerprint1E:1F:75:26:56:BE:7A:5B:15:78:54:21:01:6F:10:F0:4C:86:CF:65
ValidityMon, 23 Sep 2024 10:36:06 GMT - Sun, 22 Dec 2024 10:36:05 GMT

File type
HTML document, ASCII text, with very long lines (61205)
Size
96 kB (95469 bytes)
Hash
c48a1dd64b43cd64aca43b09efac48ab
62b588174ffe26ab7621075dc48b9d0e36e8dce2
a029a2df47f505a0ca998ea0f94d13c2f3a2f829066f1e4c77a989c03f933e45

HTTP Headers

GET /s?f3fd244e HTTP/1.1
Host: bleleadersto.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 08 Oct 2024 15:49:12 GMT
content-type: text/html
access-control-allow-headers: Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST, GET, OPTIONS, HEAD
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jWGPC9Hq1QxKx3A1aI9ebz6Xn8uvWSse%2BIBYDJPAs2nzCzm2mSXBzlmGmeA%2BHKakOJ34dyUg%2Fndz5VNVw58Pu6BqBe0BjTDtFpMc2scvz3NISLsGmRweGHBpg7ffiyCF648L"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 8cf7478ec834b51b-OSL
content-encoding: br
X-Firefox-Spdy: h2

ukankingwithea.com/

188.114.97.1

200 OK

27 B

URL GET HTTP/2
ukankingwithea.com/
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bleleadersto.com/s?f3fd244e
Certificate
IssuerGoogle Trust Services
Subjectukankingwithea.com
Fingerprint1E:50:56:01:B8:4D:0D:64:A3:5D:F9:E4:4A:5D:AE:8D:5E:FC:FB:FC
ValidityThu, 05 Sep 2024 11:45:15 GMT - Wed, 04 Dec 2024 11:45:14 GMT

File type
ASCII text, with no line terminators
Size
27 B (27 bytes)
Hash
246415ad71e56b579d2c5201949732b1
cf02b61f34fa4e8fe5b39077d0bb7d56e936e9d1
0cfdad7780db6abd30a15c3f7fdbdff76fe98f1e125592dc44d20eb459d869fc

HTTP Headers

GET / HTTP/1.1
Host: ukankingwithea.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bleleadersto.com/
Origin: https://bleleadersto.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 08 Oct 2024 15:49:13 GMT
content-type: text/plain
set-cookie: csu=1885587757896949@1@1728402553; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://bleleadersto.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NY9tGTr%2F5IUmuThn4pNsNllHFWqOvyudgrxTehOXmX8kbaP9vBCVAzNtucqf3oHQxwsXzTxXuwzF%2BtL%2FcvS0oh5amszzfiDvGpKu0FW3hiIw7wlcWK87r7Eams5FxxvuRmk0zK0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8cf74796ad3756b1-OSL
content-encoding: br
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Poppins:wght@300;400;500;600;700&display=swap

142.250.74.106

200 OK

781 B

URL GET HTTP/3
fonts.googleapis.com/css?family=Poppins:wght@300;400;500;600;700&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://bleleadersto.com/s?f3fd244e
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
Fingerprint58:48:CD:9D:CD:36:2C:BF:35:F8:E0:82:73:2B:F8:79:64:BB:AE:F7
ValidityMon, 16 Sep 2024 09:34:31 GMT - Mon, 09 Dec 2024 09:34:30 GMT

File type
ASCII text, with very long lines (799), with no line terminators
Size
781 B (781 bytes)
Hash
f2734c367eb54d2729867445e0ea79a8
18f8b32901dae48bedc55cc12baca116e56e6bb7
d5f6fe55368116052648d76167ba4c103db2e0e52680340cd0cb014d3f6cf1d4

HTTP Headers

GET /css?family=Poppins:wght@300;400;500;600;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bleleadersto.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 08 Oct 2024 15:49:13 GMT
date: Tue, 08 Oct 2024 15:49:13 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

d1wzdj81h1hubn.cloudfront.net/resources/802cbc3abf14334d.png

54.230.241.96

200 OK

92 kB

URL GET HTTP/2
d1wzdj81h1hubn.cloudfront.net/resources/802cbc3abf14334d.png
IP
54.230.241.96:443
ASN
#16509 AMAZON-02

Requested by
https://bleleadersto.com/s?f3fd244e
Certificate
IssuerAmazon
Subject*.cloudfront.net
Fingerprint28:D3:87:79:3C:E8:8B:3C:D9:10:45:E5:F7:64:7A:6D:44:4E:5A:62
ValidityTue, 30 Jul 2024 00:00:00 GMT - Thu, 03 Jul 2025 23:59:59 GMT

File type
PNG image data, 1080 x 1080, 8-bit/color RGBA, non-interlaced
Size
92 kB (92166 bytes)
Hash
ed71035b78e4f20fe84958596a6d4cff
b91033511dea4b58539640e88c7681919be2382c
0e90ca20cf823d0a13e6d187f53cfcb2b7bae9dab4862233d02611a693360231

HTTP Headers

GET /resources/802cbc3abf14334d.png HTTP/1.1
Host: d1wzdj81h1hubn.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bleleadersto.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/png
content-length: 92166
date: Tue, 08 Oct 2024 11:31:33 GMT
last-modified: Sat, 10 Aug 2024 03:50:46 GMT
etag: "ed71035b78e4f20fe84958596a6d4cff"
x-amz-server-side-encryption: AES256
x-amz-meta-publisher_id: 344322
x-amz-meta-timestamp: 2024-08-09T14:12:39.643794
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: JWqCm7fW9LKlV-4nR-3UZCPtlTLmazhZGH411Ud2PxSndYNXI8CfsQ==
age: 15459
X-Firefox-Spdy: h2

bleleadersto.com/favicon.ico

104.21.16.26

404 Not Found

159 B

URL GET HTTP/2
bleleadersto.com/favicon.ico
IP
104.21.16.26:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bleleadersto.com/s?f3fd244e
Certificate
IssuerGoogle Trust Services
Subjectbleleadersto.com
Fingerprint1E:1F:75:26:56:BE:7A:5B:15:78:54:21:01:6F:10:F0:4C:86:CF:65
ValidityMon, 23 Sep 2024 10:36:06 GMT - Sun, 22 Dec 2024 10:36:05 GMT

File type
HTML document, ASCII text, with no line terminators
Size
159 B (159 bytes)
Hash
047df4239d5e57f4c78db606a5859d7b
6f2a5da57c2a02837e19f8ac1158db728f3ad62c
45eda3cf633f023269cef5c11cf1c1d5dde3345afdc28610589ef3682ae5130a

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: bleleadersto.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bleleadersto.com/s?f3fd244e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
date: Tue, 08 Oct 2024 15:49:12 GMT
content-type: text/html
cache-control: max-age=14400
cf-cache-status: HIT
age: 81
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a0LUAWjY6zhN3kHF8FSN59ZhQtVYXso8WQ1Wb1MUwYOpmPsOJs7i6wIUSoG7cUJiAgGw1R4D3iM0GmOgRqSuidplkyNipwqVMWSg5Nd2AW9LCyzsnu7ApKXmxdJ1%2F9leT%2BUa"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 8cf747927e70b51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ukankingwithea.com/asd100.bin

188.114.97.1

200 OK

102 kB

URL GET HTTP/2
ukankingwithea.com/asd100.bin
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bleleadersto.com/s?f3fd244e
Certificate
IssuerGoogle Trust Services
Subjectukankingwithea.com
Fingerprint1E:50:56:01:B8:4D:0D:64:A3:5D:F9:E4:4A:5D:AE:8D:5E:FC:FB:FC
ValidityThu, 05 Sep 2024 11:45:15 GMT - Wed, 04 Dec 2024 11:45:14 GMT

File type
data
Size
102 kB (102400 bytes)
Hash
4c6426ac7ef186464ecbb0d81cbfcb1e
5a6918eebd9d635e8f632e3ef34e3792b1b5ec13
f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16

HTTP Headers

GET /asd100.bin HTTP/1.1
Host: ukankingwithea.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bleleadersto.com/
Origin: https://bleleadersto.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 08 Oct 2024 15:49:13 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://bleleadersto.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 5905
last-modified: Tue, 08 Oct 2024 14:10:48 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lAlax%2By6Gr%2BzOBJ7DQGhrh%2BoMacmQ9o2aXB5NAJVLaxEIJ2rwuWj9558fiEDfCmWUG7yoa8BgezfI6PwWu2oUPcmovqloiObf2yOMeJqTmxIaUs6VzEg7Vv4efh%2Bfx%2F8NveabyE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8cf747969d2f56b1-OSL
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (15)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP