Report - gamsde.com/shipu/80595.html

Report Overview

Submitted URL
gamsde.com/shipu/80595.html
IP
81.17.29.150
ASN
#51852 Private Layer INC
Submitted
2024-04-26 03:06:51
Access
public
Website Title
r.linksprf.com/v1/redirect?type=linkId&id=0f2fd8be614c490bb924b964e2e8deb2&api_key=914da37cb8caa41d0953d23cb753adb6&site_id=0683113805264794b47d923f693200ab&dch=feed&ad_t=advertiser&url=newt.no&country=NO&type=url&source=ew-verlag.de&yk_tag=zrf8d305c2037911ef93800affe396c329dc11d8b8632148bc8a82ac7434cbe93a081675187c2337c6ff
Final URL
r.linksprf.com/v1/redirect?type=linkId&id=0f2fd8be614c490bb924b964e2e8deb2&api_key=914da37cb8caa41d0953d23cb753adb6&site_id=0683113805264794b47d923f693200ab&dch=feed&ad_t=advertiser&url=newt.no&country=NO&type=url&source=ew-verlag.de&yk_tag=zrf8d305c2037911ef93800affe396c329dc11d8b8632148bc8a82ac7434cbe93a081675187c2337c6ff
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
6

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
gamsde.com	unknown	2024-03-05	2022-10-17	2024-04-18	1.9 kB	1.6 kB	81.17.29.150
hrode-cok.com	unknown	2024-04-17	2024-04-23	2024-04-24	1.8 kB	6.2 kB	35.172.149.84
2.ew-verlag-analytics.com	unknown	2023-02-08	2023-02-08	2024-01-11	595 B	400 B	85.13.154.109
r.linksprf.com	unknown	2023-09-05	2023-09-14	2024-04-21	824 B	444 B	63.33.119.172

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-26	medium	gamsde.com	Sinkholed
2024-04-26	medium	gamsde.com	Sinkholed
2024-04-26	medium	gamsde.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (8)

URL IP Response Size

gamsde.com/shipu/80595.html

81.17.29.150

488 B

URL
gamsde.com/shipu/80595.html
IP
81.17.29.150:0
ASN
#51852 Private Layer INC

File type
HTML document, ASCII text, with very long lines (488), with no line terminators
Size
488 B (488 bytes)
Hash
591f437fb72f501d15a8f61c4abe2953
316db15046b6b568a59d7e112008efcf3ac30e20
3445cc142a31dad3cf8b02a9760b3a68f59f54411e993898bf87a9a0f9e5e9ec

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /shipu/80595.html HTTP/1.1
Host: gamsde.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
cache-control: max-age=0, private, must-revalidate
content-length: 488
content-type: text/html; charset=utf-8
date: Fri, 26 Apr 2024 03:06:26 GMT
server: Cowboy
set-cookie: sid=f8962da1-0379-11ef-a627-5a5b04a25f62; path=/; domain=.gamsde.com; expires=Wed, 14 May 2092 06:20:33 GMT; max-age=2147483647; secure; HttpOnly
X-Firefox-Spdy: h2

gamsde.com/favicon.ico

81.17.29.150

9 B

URL
gamsde.com/favicon.ico
IP
81.17.29.150:0
ASN
#51852 Private Layer INC

File type
ASCII text, with no line terminators
Size
9 B (9 bytes)
Hash
d8f4a1993546cc4b850cde3599e27aec
094b763b4cfcc0b05e5d040581cd513c3ca08067
907ba78b4545338d3539683e63ecb51cf51c10adc9dabd86e92bd52339f298b9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: gamsde.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gamsde.com/shipu/80595.html
Cookie: sid=f8962da1-0379-11ef-a627-5a5b04a25f62
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
cache-control: max-age=0, private, must-revalidate
content-length: 9
date: Fri, 26 Apr 2024 03:06:27 GMT
server: Cowboy
X-Firefox-Spdy: h2

gamsde.com/shipu/80595.html?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTcxNDEwNzk4NiwiaWF0IjoxNzE0MTAwNzg2LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydjRyYjViczg0MGR2ZGlzbWswdHZuZTciLCJuYmYiOjE3MTQxMDA3ODYsInRzIjoxNzE0MTAwNzg2ODMwNTE4fQ.5oc59bQEYQX52vIDSmaU84s3XehFDHYFnsUkI3ao6kk&sid=f8962da1-0379-11ef-a627-5a5b04a25f62

81.17.29.150

11 B

URL
gamsde.com/shipu/80595.html?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTcxNDEwNzk4NiwiaWF0IjoxNzE0MTAwNzg2LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydjRyYjViczg0MGR2ZGlzbWswdHZuZTciLCJuYmYiOjE3MTQxMDA3ODYsInRzIjoxNzE0MTAwNzg2ODMwNTE4fQ.5oc59bQEYQX52vIDSmaU84s3XehFDHYFnsUkI3ao6kk&sid=f8962da1-0379-11ef-a627-5a5b04a25f62
IP
81.17.29.150:0
ASN
#51852 Private Layer INC

File type
ASCII text, with no line terminators
Size
11 B (11 bytes)
Hash
32682312d17c7cbf18e73594f5570319
60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /shipu/80595.html?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTcxNDEwNzk4NiwiaWF0IjoxNzE0MTAwNzg2LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydjRyYjViczg0MGR2ZGlzbWswdHZuZTciLCJuYmYiOjE3MTQxMDA3ODYsInRzIjoxNzE0MTAwNzg2ODMwNTE4fQ.5oc59bQEYQX52vIDSmaU84s3XehFDHYFnsUkI3ao6kk&sid=f8962da1-0379-11ef-a627-5a5b04a25f62 HTTP/1.1
Host: gamsde.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gamsde.com/shipu/80595.html
Cookie: sid=f8962da1-0379-11ef-a627-5a5b04a25f62
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
cache-control: max-age=0, private, must-revalidate
content-length: 11
date: Fri, 26 Apr 2024 03:06:27 GMT
location: http://hrode-cok.com/zclkvisitor/f8d305c2-0379-11ef-9380-0affe396c329/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=8312a410-9314-11ee-9f9e-123f4a2b6bb7
server: Cowboy
set-cookie: sid=f8962da1-0379-11ef-a627-5a5b04a25f62; path=/; domain=.gamsde.com; expires=Wed, 14 May 2092 06:20:34 GMT; max-age=2147483647; secure; HttpOnly
X-Firefox-Spdy: h2

hrode-cok.com/zclkvisitor/f8d305c2-0379-11ef-9380-0affe396c329/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=8312a410-9314-11ee-9f9e-123f4a2b6bb7

35.172.149.84

2.7 kB

URL
hrode-cok.com/zclkvisitor/f8d305c2-0379-11ef-9380-0affe396c329/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=8312a410-9314-11ee-9f9e-123f4a2b6bb7
IP
35.172.149.84:0
ASN
#14618 AMAZON-AES

File type
HTML document, ASCII text, with very long lines (400)
Size
2.7 kB (2730 bytes)
Hash
dc364e25ab9666c6bed5baf1f201e766
db7a1e4c48f8006ac9771d46bae43269c3f2abbf
923eb116270d01ae7f69e1411decb2fbbd455109f1edf89dd623a368814e67b8

HTTP Headers

GET /zclkvisitor/f8d305c2-0379-11ef-9380-0affe396c329/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=8312a410-9314-11ee-9f9e-123f4a2b6bb7 HTTP/1.1
Host: hrode-cok.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Date: Fri, 26 Apr 2024 03:06:28 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 2730
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'

hrode-cok.com/zclkredirect?visitid=f8d305c2-0379-11ef-9380-0affe396c329&type=js&browserWidth=1280&browserHeight=1024&iframeDetected=false&webdriverDetected=false&gpu=undefined&timezone=UTC%2B00%3A00&timezoneName=UTC

35.172.149.84

1.4 kB

URL
hrode-cok.com/zclkredirect?visitid=f8d305c2-0379-11ef-9380-0affe396c329&type=js&browserWidth=1280&browserHeight=1024&iframeDetected=false&webdriverDetected=false&gpu=undefined&timezone=UTC%2B00%3A00&timezoneName=UTC
IP
35.172.149.84:0
ASN
#14618 AMAZON-AES

File type
HTML document, ASCII text, with very long lines (642)
Size
1.4 kB (1370 bytes)
Hash
75e942b5f6907b7713763353b2fab24d
a234eaf7eae4f360af8653defd7bccef45a50ec5
9e4f3151e3c494cac7835f6ac3513f2a1959233419961e173e1205c1e089139c

HTTP Headers

GET /zclkredirect?visitid=f8d305c2-0379-11ef-9380-0affe396c329&type=js&browserWidth=1280&browserHeight=1024&iframeDetected=false&webdriverDetected=false&gpu=undefined&timezone=UTC%2B00%3A00&timezoneName=UTC HTTP/1.1
Host: hrode-cok.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://hrode-cok.com/zclkvisitor/f8d305c2-0379-11ef-9380-0affe396c329/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=8312a410-9314-11ee-9f9e-123f4a2b6bb7
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Date: Fri, 26 Apr 2024 03:06:29 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 1370
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
redirected: JS

hrode-cok.com/favicon.ico

35.172.149.84

653 B

URL
hrode-cok.com/favicon.ico
IP
35.172.149.84:0
ASN
#14618 AMAZON-AES

File type
HTML document, Unicode text, UTF-8 text, with very long lines (649), with no line terminators
Size
653 B (653 bytes)
Hash
ba2732b1b2fa2626ffaa15f62f9e7d66
203d4e7fbb1d80449d6e4e1f3ae7a9bf8625debe
879861cb72fe9fbb476dab246021c4c83b4066327de2529e05ec54d3afb0a1c8

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: hrode-cok.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hrode-cok.com/zclkredirect?visitid=f8d305c2-0379-11ef-9380-0affe396c329&type=js&browserWidth=1280&browserHeight=1024&iframeDetected=false&webdriverDetected=false&gpu=undefined&timezone=UTC%2B00%3A00&timezoneName=UTC
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 
Date: Fri, 26 Apr 2024 03:06:29 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 653
Connection: keep-alive
Content-Language: en

2.ew-verlag-analytics.com/favicon.ico

85.13.154.109

196 B

URL
2.ew-verlag-analytics.com/favicon.ico
IP
85.13.154.109:0
ASN
#34788 Neue Medien Muennich GmbH

File type
HTML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 2.ew-verlag-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2.ew-verlag-analytics.com/scripts/jump/go.php?domain=newt.no&country=NO&clickid=zrf8d305c2037911ef93800affe396c329dc11d8b8632148bc8a82ac7434cbe93a081675187c2337c6ff
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
strict-transport-security: max-age=600000
content-length: 196
content-type: text/html; charset=iso-8859-1
date: Fri, 26 Apr 2024 03:06:30 GMT
server: Apache
X-Firefox-Spdy: h2

r.linksprf.com/v1/redirect?type=linkId&id=0f2fd8be614c490bb924b964e2e8deb2&api_key=914da37cb8caa41d0953d23cb753adb6&site_id=0683113805264794b47d923f693200ab&dch=feed&ad_t=advertiser&url=newt.no&country=NO&type=url&source=ew-verlag.de&yk_tag=zrf8d305c2037911ef93800affe396c329dc11d8b8632148bc8a82ac7434cbe93a081675187c2337c6ff

63.33.119.172

403 Forbidden

64 B

URL User Request GET HTTP/2
r.linksprf.com/v1/redirect?type=linkId&id=0f2fd8be614c490bb924b964e2e8deb2&api_key=914da37cb8caa41d0953d23cb753adb6&site_id=0683113805264794b47d923f693200ab&dch=feed&ad_t=advertiser&url=newt.no&country=NO&type=url&source=ew-verlag.de&yk_tag=zrf8d305c2037911ef93800affe396c329dc11d8b8632148bc8a82ac7434cbe93a081675187c2337c6ff
IP
63.33.119.172:443
ASN
#16509 AMAZON-02

Certificate
IssuerLet's Encrypt
Subjectlinksprf.com
Fingerprint7E:D9:A0:4D:90:12:E1:21:0E:82:44:FD:FA:D4:CA:8A:3D:B8:9D:49
ValidityMon, 22 Apr 2024 10:08:23 GMT - Sun, 21 Jul 2024 10:08:22 GMT

File type
JSON text data
Size
64 B (64 bytes)
Hash
71c671f79ca7d50342b398436ee3b394
f098660be209d153657f4f511d58bc568a7f0e1d
a64dd065480b2f67528661f855832af6a50a4bbca8b7822ec7614abebed8eac2

HTTP Headers

GET /v1/redirect?type=linkId&id=0f2fd8be614c490bb924b964e2e8deb2&api_key=914da37cb8caa41d0953d23cb753adb6&site_id=0683113805264794b47d923f693200ab&dch=feed&ad_t=advertiser&url=newt.no&country=NO&type=url&source=ew-verlag.de&yk_tag=zrf8d305c2037911ef93800affe396c329dc11d8b8632148bc8a82ac7434cbe93a081675187c2337c6ff HTTP/1.1
Host: r.linksprf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2.ew-verlag-analytics.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
date: Fri, 26 Apr 2024 03:06:30 GMT
content-type: application/json
content-length: 64
set-cookie: ykuid=abafd0a1bb324515a19f521eaa92f9c3; Path=/; Secure; Domain=.linksprf.com; Max-Age=31536000; SameSite=None
JSESSIONID=A0F8C52EE9B8DD273C11CF54FE8307B2; Path=/; HttpOnly
strict-transport-security: max-age=15724800; includeSubDomains
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (8)

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2