Report - secure.rdir-shield.com/91f058c8-e1bd-403d-9d30-21accce15920/2?ZoneID=6136994&subzone_id=3189326&bannerid=20853573&user_activity=medium&zone_type={zone_type}&cost=0.000000&visitor

Report Overview

Submitted URL
secure.rdir-shield.com/91f058c8-e1bd-403d-9d30-21accce15920/2?ZoneID=6136994&subzone_id=3189326&bannerid=20853573&user_activity=medium&zone_type={zone_type}&cost=0.000000&visitor_id=806949653445619712
IP
3.69.182.131
ASN
#16509 AMAZON-02
Submitted
2024-04-24 10:42:57
Access
public
Website Title
(1) Are you Nigerian?
Final URL
great-mob.net/2sp/mob/ng/gg8553sweep/ctr-btn-p-ng-mc-2sp/?campaign_name=NG%20PPR%20R%20BL-m%20AIRTEL%20dm%20a1&lander_name=Gg%20ng%2Fgg8553sweep%2Fctr-btn-p-ng-mc-2sp%2F&domain=secure.rdir-shield.com&clickid=wbljup5tfubaqiq03qfg0sbl&source=91f058c8-e1bd-403d-9d30-21accce15920&cep=W3z9WYSXRoGlVbCi1dqBlBGQDbRlWd8ZEYu1yvog3s9JvOHzhe6k_-H8Nzwycy4UHDUWgmEHUnmu9GvRzKJHWjs5D6i1kOD8_zfcBSme4sR9FfRc5st-j5mOiGVasB3iPKiQ5Cncw8zTUDFujfN8x4DIturDs6lF2RnmXo6CRHmws1lVteqJNTo-xGAHSGPbMJnrVbue7luIJ5RLsBFXRMVv495Umdg8wvQiGDpu98Jdj6qrwa7J_vk4hayYQse1SPBHo0qyDX_pIlv69I4WQJ_4CjB5R8ceente24VhPqggkSpMeomUIkSIs1maW3j67A8blFk3hzWLv0ep3IycpDxlRlgmulx3I1B9gmMCSU0i9EafDcWkSE0Od-4J0ajQuiyGJGdGtAOhOiFaZ7plMiiM0hZLjtBciOamK28dJoU9TZyZ0bbX9NWacIA3m19YXDyAyM2TnzDnYjovYZzgmflpnmwnGNyapb-Lvzy_xz7Dd2d6z_oa066weACcDHcrvVC2Ctw5RjOkPxYHLCyuRaUu56NeiK24Ldjy4tYrn9o&lptoken=17c5130295f071be5245&ZoneID=6136994&subzone_id=3189326&bannerid=20853573&user_activity=medium&zone_type=%7Bzone_type%7D&cost=0.000000&visitor_id=806949653445619712
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
secure.rdir-shield.com	unknown	2022-06-06	2022-06-29	2024-04-18	654 B	2.2 kB	3.69.182.131
great-mob.net	unknown	2024-03-20	2024-03-20	2024-04-18	10 kB	147 kB	54.230.111.67
deefauph.com	135892	2021-03-12	2021-03-12	2024-04-18	1.2 kB	37 kB	139.45.197.251
jouteetu.net	260109	2021-07-08	2021-07-15	2024-04-23	1.3 kB	1.9 kB	139.45.197.251
amunfezanttor.com	unknown	2023-03-31	2023-03-31	2024-04-23	1.0 kB	1.1 kB	139.45.197.250

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-24	medium	amunfezanttor.com	Sinkholed
2024-04-24	medium	amunfezanttor.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (6)

	URL	Size	First Seen	Last Seen
	great-mob.net/2sp/mob/ng/gg8553sweep/ctr-btn-p-ng-mc-2sp/detect_device.js	780 B	2023-03-26	2024-05-05
Pretty URL great-mob.net/2sp/mob/ng/gg8553sweep/ctr-btn-p-ng-mc-2sp/detect_device.js IP 54.230.111.67 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 05:02:30 Last Seen2024-05-05 20:00:44 Times Seen151 Hash 53b7e9032a1668119ddf88bdd3821b2d a46fb1425bcfc023d8c3d19a64c1a4dcdba3066d ba9438b69a8a2a5438013555c4ff6ec05bea26cbc90eaab5f75c3b22d01ef035 Loading...

	great-mob.net/2sp/mob/ng/gg8553sweep/ctr-btn-p-ng-mc-2sp/?campaign_name=NG%20PPR%20R%20BL-m%20AIRTEL%20dm%20a1&lander_name=Gg%20ng%2Fgg8553sweep%2Fctr-btn-p-ng-mc-2sp%2F&domain=secure.rdir-shield.com&clickid=wbljup5tfubaqiq03qfg0sbl&source=91f058c8-e1bd-403d-9d30-21accce15920&cep=W3z9WYSXRoGlVbCi1dqBlBGQDbRlWd8ZEYu1yvog3s9JvOHzhe6k_-H8Nzwycy4UHDUWgmEHUnmu9GvRzKJHWjs5D6i1kOD8_zfcBSme4sR9FfRc5st-j5mOiGVasB3iPKiQ5Cncw8zTUDFujfN8x4DIturDs6lF2RnmXo6CRHmws1lVteqJNTo-xGAHSGPbMJnrVbue7luIJ5RLsBFXRMVv495Umdg8wvQiGDpu98Jdj6qrwa7J_vk4hayYQse1SPBHo0qyDX_pIlv69I4WQJ_4CjB5R8ceente24VhPqggkSpMeomUIkSIs1maW3j67A8blFk3hzWLv0ep3IycpDxlRlgmulx3I1B9gmMCSU0i9EafDcWkSE0Od-4J0ajQuiyGJGdGtAOhOiFaZ7plMiiM0hZLjtBciOamK28dJoU9TZyZ0bbX9NWacIA3m19YXDyAyM2TnzDnYjovYZzgmflpnmwnGNyapb-Lvzy_xz7Dd2d6z_oa066weACcDHcrvVC2Ctw5RjOkPxYHLCyuRaUu56NeiK24Ldjy4tYrn9o&lptoken=17c5130295f071be5245&ZoneID=6136994&subzone_id=3189326&bannerid=20853573&user_activity=medium&zone_type=%7Bzone_type%7D&cost=0.000000&visitor_id=806949653445619712	367 B	2023-03-07	2024-05-05
Pretty URL great-mob.net/2sp/mob/ng/gg8553sweep/ctr-btn-p-ng-mc-2sp/?campaign_name=NG%20PPR%20R%20BL-m%20AIRTEL%20dm%20a1&lander_name=Gg%20ng%2Fgg8553sweep%2Fctr-btn-p-ng-mc-2sp%2F&domain=secure.rdir-shield.com&clickid=wbljup5tfubaqiq03qfg0sbl&source=91f058c8-e1bd-403d-9d30-21accce15920&cep=W3z9WYSXRoGlVbCi1dqBlBGQDbRlWd8ZEYu1yvog3s9JvOHzhe6k_-H8Nzwycy4UHDUWgmEHUnmu9GvRzKJHWjs5D6i1kOD8_zfcBSme4sR9FfRc5st-j5mOiGVasB3iPKiQ5Cncw8zTUDFujfN8x4DIturDs6lF2RnmXo6CRHmws1lVteqJNTo-xGAHSGPbMJnrVbue7luIJ5RLsBFXRMVv495Umdg8wvQiGDpu98Jdj6qrwa7J_vk4hayYQse1SPBHo0qyDX_pIlv69I4WQJ_4CjB5R8ceente24VhPqggkSpMeomUIkSIs1maW3j67A8blFk3hzWLv0ep3IycpDxlRlgmulx3I1B9gmMCSU0i9EafDcWkSE0Od-4J0ajQuiyGJGdGtAOhOiFaZ7plMiiM0hZLjtBciOamK28dJoU9TZyZ0bbX9NWacIA3m19YXDyAyM2TnzDnYjovYZzgmflpnmwnGNyapb-Lvzy_xz7Dd2d6z_oa066weACcDHcrvVC2Ctw5RjOkPxYHLCyuRaUu56NeiK24Ldjy4tYrn9o&lptoken=17c5130295f071be5245&ZoneID=6136994&subzone_id=3189326&bannerid=20853573&user_activity=medium&zone_type=%7Bzone_type%7D&cost=0.000000&visitor_id=806949653445619712 IP 54.230.111.67 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:06:19 Last Seen2024-05-05 20:00:44 Times Seen325 Hash 1a11f00984211806488f45f155534e73 96f58e5ecada44b76a537896e9a6ce659d62c5c3 4cd449ee2dc814d1f7005a377397f02ebbfc8d48ad659f1b2badfd421d83282e Loading...

	great-mob.net/2sp/mob/ng/gg8553sweep/ctr-btn-p-ng-mc-2sp/js-2rs.js	2.4 kB	2023-05-18	2024-04-30
Pretty URL great-mob.net/2sp/mob/ng/gg8553sweep/ctr-btn-p-ng-mc-2sp/js-2rs.js IP 54.230.111.67 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-18 19:36:08 Last Seen2024-04-30 15:53:26 Times Seen11 Hash a7f3272b893ce800c15a5b5f6e3d3f29 0b4ea12cbaaac783400c3331c910e2b4d12a20b7 b9d7ef97530b99694ac3cb24f465f816a790d8836e0de1ec632ddc9b915d6853 Loading...

	deefauph.com/pfe/current/micro.tag.min.js?z=5101589&ymid=wbljup5tfubaqiq03qfg0sbl&var=91f058c8-e1bd-403d-9d30-21accce15920&sw=/sw-check-permissions-4e1e4.js	37 kB	2024-04-24	2024-04-24
Pretty URL deefauph.com/pfe/current/micro.tag.min.js?z=5101589&ymid=wbljup5tfubaqiq03qfg0sbl&var=91f058c8-e1bd-403d-9d30-21accce15920&sw=/sw-check-permissions-4e1e4.js IP 139.45.197.251 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 10:33:08 Last Seen2024-04-24 16:09:36 Times Seen15 Hash 9c707551764e528035154fcfc935d4da 8687a3418b6f0ded1dd3559be0c7ff8f6ed11e58 41f14ec09c4d467a2ff3351d0a9ff57dbbe0011995fd37afa97b3cbb5e40b0c2 Loading...

	great-mob.net/2sp/mob/ng/gg8553sweep/ctr-btn-p-ng-mc-2sp/jquery-3.6.0.min.js	90 kB	2023-03-07	2024-05-05
Pretty URL great-mob.net/2sp/mob/ng/gg8553sweep/ctr-btn-p-ng-mc-2sp/jquery-3.6.0.min.js IP 54.230.111.67 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:13 Last Seen2024-05-05 22:58:35 Times Seen266125 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	great-mob.net/2sp/mob/ng/gg8553sweep/ctr-btn-p-ng-mc-2sp/mobile-detect.min.js	37 kB	2023-03-26	2024-05-05
Pretty URL great-mob.net/2sp/mob/ng/gg8553sweep/ctr-btn-p-ng-mc-2sp/mobile-detect.min.js IP 54.230.111.67 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 05:02:30 Last Seen2024-05-05 20:00:44 Times Seen160 Hash 13d67ff5bf1413a7085e9673c1bb3f6f e9cb51ce68eb23e5c198e0d5c019df53b6f09283 773e5bbc4fb9297bc224eb406ea65168fe8d36586ff15b997e373943bbf0e643 Loading...

HTTP Transactions (15)

URL IP Response Size

secure.rdir-shield.com/91f058c8-e1bd-403d-9d30-21accce15920/2?ZoneID=6136994&subzone_id=3189326&bannerid=20853573&user_activity=medium&zone_type={zone_type}&cost=0.000000&visitor_id=806949653445619712

3.69.182.131

302 Found

0 B

URL User Request GET HTTP/2
secure.rdir-shield.com/91f058c8-e1bd-403d-9d30-21accce15920/2?ZoneID=6136994&subzone_id=3189326&bannerid=20853573&user_activity=medium&zone_type={zone_type}&cost=0.000000&visitor_id=806949653445619712
IP
3.69.182.131:443
ASN
#16509 AMAZON-02

Certificate
IssuerLet's Encrypt
Subjectsecure.rdir-shield.com
FingerprintCB:D9:B4:62:95:03:84:F5:DD:42:39:77:97:AF:A0:14:84:7C:8C:CF
ValidityTue, 16 Apr 2024 05:50:52 GMT - Mon, 15 Jul 2024 05:50:51 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /91f058c8-e1bd-403d-9d30-21accce15920/2?ZoneID=6136994&subzone_id=3189326&bannerid=20853573&user_activity=medium&zone_type={zone_type}&cost=0.000000&visitor_id=806949653445619712 HTTP/1.1
Host: secure.rdir-shield.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx
date: Wed, 24 Apr 2024 10:42:32 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://great-mob.net/2sp/mob/ng/gg8553sweep/ctr-btn-p-ng-mc-2sp/?campaign_name=NG%20PPR%20R%20BL-m%20AIRTEL%20dm%20a1&lander_name=Gg%20ng%2Fgg8553sweep%2Fctr-btn-p-ng-mc-2sp%2F&domain=secure.rdir-shield.com&clickid=wbljup5tfubaqiq03qfg0sbl&source=91f058c8-e1bd-403d-9d30-21accce15920&cep=W3z9WYSXRoGlVbCi1dqBlBGQDbRlWd8ZEYu1yvog3s9JvOHzhe6k_-H8Nzwycy4UHDUWgmEHUnmu9GvRzKJHWjs5D6i1kOD8_zfcBSme4sR9FfRc5st-j5mOiGVasB3iPKiQ5Cncw8zTUDFujfN8x4DIturDs6lF2RnmXo6CRHmws1lVteqJNTo-xGAHSGPbMJnrVbue7luIJ5RLsBFXRMVv495Umdg8wvQiGDpu98Jdj6qrwa7J_vk4hayYQse1SPBHo0qyDX_pIlv69I4WQJ_4CjB5R8ceente24VhPqggkSpMeomUIkSIs1maW3j67A8blFk3hzWLv0ep3IycpDxlRlgmulx3I1B9gmMCSU0i9EafDcWkSE0Od-4J0ajQuiyGJGdGtAOhOiFaZ7plMiiM0hZLjtBciOamK28dJoU9TZyZ0bbX9NWacIA3m19YXDyAyM2TnzDnYjovYZzgmflpnmwnGNyapb-Lvzy_xz7Dd2d6z_oa066weACcDHcrvVC2Ctw5RjOkPxYHLCyuRaUu56NeiK24Ldjy4tYrn9o&lptoken=17c5130295f071be5245&ZoneID=6136994&subzone_id=3189326&bannerid=20853573&user_activity=medium&zone_type=%7Bzone_type%7D&cost=0.000000&visitor_id=806949653445619712
pragma: no-cache
set-cookie: 91f058c8-e1bd-403d-9d30-21accce15920-v4=5H88nVtLEZlSY1sG6OC1e_n-d4alfLB_P4qLmkLGC88; Max-Age=86400; Expires=Thu, 25-Apr-2024 10:42:32 GMT; Domain=secure.rdir-shield.com; Path=/; Secure; HttpOnly;SameSite=None
cep-v4=ut6BZICT55waFpgAHockeQki2H57A2KnFVnfu_WUGjEuJrhRbZNCavo3gs_UtaoCYWYCxHrxRW5v7vGQClTMos2AlYhXHQi_zD1oFfPjfOdfQhBNbgRjjtS0azf_2jjc0lxym42yJrFDGQ-JM4WtsECtRqZ03qDaeSZE0liiceIbYy5xSxy_oX8QnaGeB4ei7eGWujQTLHQomcW9X6_vdRVlBf9sPvzg6qVitKC8lmifnehZVX0PN7dMyxfatpbFGHlpP7ioSChb7NswALiu61htOTUt9eDg8-UqsQijDEQlSiHX66osM_7NSCEc1M2C1PfoWcgUZvKr8r8htrUdFeuRAZoRdhlx73Cm7F6hemDF8OfnhziOx2cHJel85zY2T4_96aN2A_CEHPonEUbqwZhsISDNpRbEbxSfQ_MCd4q2rj4BBdRazJg9FA0WYaYUHnNCB025j97PktG7lTR2pU1EFGUdWRYYQZEWiYfzWQdRcOOao08axuOj2WXnLiFo-Cj2WSFYOvZvheDgDdUq9bHxSiWE27-Pd1d3MGeVlVo; Max-Age=86400; Expires=Thu, 25-Apr-2024 10:42:32 GMT; Domain=secure.rdir-shield.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2

great-mob.net/2sp/mob/ng/gg8553sweep/ctr-btn-p-ng-mc-2sp/loading2.gif

54.230.111.67

200 OK

37 kB

URL GET HTTP/2
great-mob.net/2sp/mob/ng/gg8553sweep/ctr-btn-p-ng-mc-2sp/loading2.gif
IP
54.230.111.67:443
ASN
#16509 AMAZON-02

Requested by
https://great-mob.net/2sp/mob/ng/gg8553sweep/ctr-btn-p-ng-mc-2sp/?campaign_name=NG%20PPR%20R%20BL-m%20AIRTEL%20dm%20a1&lander_name=Gg%20ng%2Fgg8553sweep%2Fctr-btn-p-ng-mc-2sp%2F&domain=secure.rdir-shield.com&clickid=wbljup5tfubaqiq03qfg0sbl&source=91f058c8-e1bd-403d-9d30-21accce15920&cep=W3z9WYSXRoGlVbCi1dqBlBGQDbRlWd8ZEYu1yvog3s9JvOHzhe6k_-H8Nzwycy4UHDUWgmEHUnmu9GvRzKJHWjs5D6i1kOD8_zfcBSme4sR9FfRc5st-j5mOiGVasB3iPKiQ5Cncw8zTUDFujfN8x4DIturDs6lF2RnmXo6CRHmws1lVteqJNTo-xGAHSGPbMJnrVbue7luIJ5RLsBFXRMVv495Umdg8wvQiGDpu98Jdj6qrwa7J_vk4hayYQse1SPBHo0qyDX_pIlv69I4WQJ_4CjB5R8ceente24VhPqggkSpMeomUIkSIs1maW3j67A8blFk3hzWLv0ep3IycpDxlRlgmulx3I1B9gmMCSU0i9EafDcWkSE0Od-4J0ajQuiyGJGdGtAOhOiFaZ7plMiiM0hZLjtBciOamK28dJoU9TZyZ0bbX9NWacIA3m19YXDyAyM2TnzDnYjovYZzgmflpnmwnGNyapb-Lvzy_xz7Dd2d6z_oa066weACcDHcrvVC2Ctw5RjOkPxYHLCyuRaUu56NeiK24Ldjy4tYrn9o&lptoken=17c5130295f071be5245&ZoneID=6136994&subzone_id=3189326&bannerid=20853573&user_activity=medium&zone_type=%7Bzone_type%7D&cost=0.000000&visitor_id=806949653445619712
Certificate
IssuerAmazon
Subjectmobicube.net
Fingerprint8D:42:49:AB:16:94:C2:7B:7C:83:6D:64:3D:61:16:19:1F:0D:9D:25
ValidityWed, 20 Mar 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT

File type
GIF image data, version 89a, 70 x 70
Size
37 kB (37009 bytes)
Hash
c26c3f849a5b578ed5494ade3dfb6837
add1f2224f425c034f040973e83edd798f0727a9
3dfebea695e74f95113339686c6167ecd8e05afb20d69e3fd74d2acc8689e39b

HTTP Headers

GET /2sp/mob/ng/gg8553sweep/ctr-btn-p-ng-mc-2sp/loading2.gif HTTP/1.1
Host: great-mob.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://great-mob.net/2sp/mob/ng/gg8553sweep/ctr-btn-p-ng-mc-2sp/?campaign_name=NG%20PPR%20R%20BL-m%20AIRTEL%20dm%20a1&lander_name=Gg%20ng%2Fgg8553sweep%2Fctr-btn-p-ng-mc-2sp%2F&domain=secure.rdir-shield.com&clickid=wbljup5tfubaqiq03qfg0sbl&source=91f058c8-e1bd-403d-9d30-21accce15920&cep=W3z9WYSXRoGlVbCi1dqBlBGQDbRlWd8ZEYu1yvog3s9JvOHzhe6k_-H8Nzwycy4UHDUWgmEHUnmu9GvRzKJHWjs5D6i1kOD8_zfcBSme4sR9FfRc5st-j5mOiGVasB3iPKiQ5Cncw8zTUDFujfN8x4DIturDs6lF2RnmXo6CRHmws1lVteqJNTo-xGAHSGPbMJnrVbue7luIJ5RLsBFXRMVv495Umdg8wvQiGDpu98Jdj6qrwa7J_vk4hayYQse1SPBHo0qyDX_pIlv69I4WQJ_4CjB5R8ceente24VhPqggkSpMeomUIkSIs1maW3j67A8blFk3hzWLv0ep3IycpDxlRlgmulx3I1B9gmMCSU0i9EafDcWkSE0Od-4J0ajQuiyGJGdGtAOhOiFaZ7plMiiM0hZLjtBciOamK28dJoU9TZyZ0bbX9NWacIA3m19YXDyAyM2TnzDnYjovYZzgmflpnmwnGNyapb-Lvzy_xz7Dd2d6z_oa066weACcDHcrvVC2Ctw5RjOkPxYHLCyuRaUu56NeiK24Ldjy4tYrn9o&lptoken=17c5130295f071be5245&ZoneID=6136994&subzone_id=3189326&bannerid=20853573&user_activity=medium&zone_type=%7Bzone_type%7D&cost=0.000000&visitor_id=806949653445619712
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/gif
content-length: 37009
server: nginx
last-modified: Sat, 12 Mar 2016 19:28:38 GMT
accept-ranges: bytes
date: Wed, 24 Apr 2024 10:42:33 GMT
etag: "56e46de6-9091"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: _lvNW8jCAhp02_1MFPDH2vaTMQkRohXGO6XEgkKAsiNpXdEWsykx7g==
age: 14635
X-Firefox-Spdy: h2

great-mob.net/2sp/mob/ng/gg8553sweep/ctr-btn-p-ng-mc-2sp/detect_device.js

54.230.111.67

200 OK

780 B

URL GET HTTP/2
great-mob.net/2sp/mob/ng/gg8553sweep/ctr-btn-p-ng-mc-2sp/detect_device.js
IP
54.230.111.67:443
ASN
#16509 AMAZON-02

Requested by
https://great-mob.net/2sp/mob/ng/gg8553sweep/ctr-btn-p-ng-mc-2sp/?campaign_name=NG%20PPR%20R%20BL-m%20AIRTEL%20dm%20a1&lander_name=Gg%20ng%2Fgg8553sweep%2Fctr-btn-p-ng-mc-2sp%2F&domain=secure.rdir-shield.com&clickid=wbljup5tfubaqiq03qfg0sbl&source=91f058c8-e1bd-403d-9d30-21accce15920&cep=W3z9WYSXRoGlVbCi1dqBlBGQDbRlWd8ZEYu1yvog3s9JvOHzhe6k_-H8Nzwycy4UHDUWgmEHUnmu9GvRzKJHWjs5D6i1kOD8_zfcBSme4sR9FfRc5st-j5mOiGVasB3iPKiQ5Cncw8zTUDFujfN8x4DIturDs6lF2RnmXo6CRHmws1lVteqJNTo-xGAHSGPbMJnrVbue7luIJ5RLsBFXRMVv495Umdg8wvQiGDpu98Jdj6qrwa7J_vk4hayYQse1SPBHo0qyDX_pIlv69I4WQJ_4CjB5R8ceente24VhPqggkSpMeomUIkSIs1maW3j67A8blFk3hzWLv0ep3IycpDxlRlgmulx3I1B9gmMCSU0i9EafDcWkSE0Od-4J0ajQuiyGJGdGtAOhOiFaZ7plMiiM0hZLjtBciOamK28dJoU9TZyZ0bbX9NWacIA3m19YXDyAyM2TnzDnYjovYZzgmflpnmwnGNyapb-Lvzy_xz7Dd2d6z_oa066weACcDHcrvVC2Ctw5RjOkPxYHLCyuRaUu56NeiK24Ldjy4tYrn9o&lptoken=17c5130295f071be5245&ZoneID=6136994&subzone_id=3189326&bannerid=20853573&user_activity=medium&zone_type=%7Bzone_type%7D&cost=0.000000&visitor_id=806949653445619712
Certificate
IssuerAmazon
Subjectmobicube.net
Fingerprint8D:42:49:AB:16:94:C2:7B:7C:83:6D:64:3D:61:16:19:1F:0D:9D:25
ValidityWed, 20 Mar 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT

File type
ASCII text, with CRLF line terminators
Size
780 B (780 bytes)
Hash
53b7e9032a1668119ddf88bdd3821b2d
a46fb1425bcfc023d8c3d19a64c1a4dcdba3066d
ba9438b69a8a2a5438013555c4ff6ec05bea26cbc90eaab5f75c3b22d01ef035

HTTP Headers

GET /2sp/mob/ng/gg8553sweep/ctr-btn-p-ng-mc-2sp/detect_device.js HTTP/1.1
Host: great-mob.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://great-mob.net/2sp/mob/ng/gg8553sweep/ctr-btn-p-ng-mc-2sp/?campaign_name=NG%20PPR%20R%20BL-m%20AIRTEL%20dm%20a1&lander_name=Gg%20ng%2Fgg8553sweep%2Fctr-btn-p-ng-mc-2sp%2F&domain=secure.rdir-shield.com&clickid=wbljup5tfubaqiq03qfg0sbl&source=91f058c8-e1bd-403d-9d30-21accce15920&cep=W3z9WYSXRoGlVbCi1dqBlBGQDbRlWd8ZEYu1yvog3s9JvOHzhe6k_-H8Nzwycy4UHDUWgmEHUnmu9GvRzKJHWjs5D6i1kOD8_zfcBSme4sR9FfRc5st-j5mOiGVasB3iPKiQ5Cncw8zTUDFujfN8x4DIturDs6lF2RnmXo6CRHmws1lVteqJNTo-xGAHSGPbMJnrVbue7luIJ5RLsBFXRMVv495Umdg8wvQiGDpu98Jdj6qrwa7J_vk4hayYQse1SPBHo0qyDX_pIlv69I4WQJ_4CjB5R8ceente24VhPqggkSpMeomUIkSIs1maW3j67A8blFk3hzWLv0ep3IycpDxlRlgmulx3I1B9gmMCSU0i9EafDcWkSE0Od-4J0ajQuiyGJGdGtAOhOiFaZ7plMiiM0hZLjtBciOamK28dJoU9TZyZ0bbX9NWacIA3m19YXDyAyM2TnzDnYjovYZzgmflpnmwnGNyapb-Lvzy_xz7Dd2d6z_oa066weACcDHcrvVC2Ctw5RjOkPxYHLCyuRaUu56NeiK24Ldjy4tYrn9o&lptoken=17c5130295f071be5245&ZoneID=6136994&subzone_id=3189326&bannerid=20853573&user_activity=medium&zone_type=%7Bzone_type%7D&cost=0.000000&visitor_id=806949653445619712
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
content-length: 780
server: nginx
last-modified: Mon, 16 May 2022 19:48:24 GMT
accept-ranges: bytes
date: Wed, 24 Apr 2024 10:42:33 GMT
etag: "6282aa88-30c"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: -6eve4oOLUkgz2ObN2F8ZD3fZzihYQT369ZtcMzEfqdJRIYvQVo0cA==
age: 16915
X-Firefox-Spdy: h2

great-mob.net/sw-check-permissions-4e1e4.js?var=91f058c8-e1bd-403d-9d30-21accce15920&ymid=wbljup5tfubaqiq03qfg0sbl&zoneId=5101589

54.230.111.67

200 OK

566 B

URL GET HTTP/2
great-mob.net/sw-check-permissions-4e1e4.js?var=91f058c8-e1bd-403d-9d30-21accce15920&ymid=wbljup5tfubaqiq03qfg0sbl&zoneId=5101589
IP
54.230.111.67:443
ASN
#16509 AMAZON-02

Requested by
https://great-mob.net/2sp/mob/ng/gg8553sweep/ctr-btn-p-ng-mc-2sp/?campaign_name=NG%20PPR%20R%20BL-m%20AIRTEL%20dm%20a1&lander_name=Gg%20ng%2Fgg8553sweep%2Fctr-btn-p-ng-mc-2sp%2F&domain=secure.rdir-shield.com&clickid=wbljup5tfubaqiq03qfg0sbl&source=91f058c8-e1bd-403d-9d30-21accce15920&cep=W3z9WYSXRoGlVbCi1dqBlBGQDbRlWd8ZEYu1yvog3s9JvOHzhe6k_-H8Nzwycy4UHDUWgmEHUnmu9GvRzKJHWjs5D6i1kOD8_zfcBSme4sR9FfRc5st-j5mOiGVasB3iPKiQ5Cncw8zTUDFujfN8x4DIturDs6lF2RnmXo6CRHmws1lVteqJNTo-xGAHSGPbMJnrVbue7luIJ5RLsBFXRMVv495Umdg8wvQiGDpu98Jdj6qrwa7J_vk4hayYQse1SPBHo0qyDX_pIlv69I4WQJ_4CjB5R8ceente24VhPqggkSpMeomUIkSIs1maW3j67A8blFk3hzWLv0ep3IycpDxlRlgmulx3I1B9gmMCSU0i9EafDcWkSE0Od-4J0ajQuiyGJGdGtAOhOiFaZ7plMiiM0hZLjtBciOamK28dJoU9TZyZ0bbX9NWacIA3m19YXDyAyM2TnzDnYjovYZzgmflpnmwnGNyapb-Lvzy_xz7Dd2d6z_oa066weACcDHcrvVC2Ctw5RjOkPxYHLCyuRaUu56NeiK24Ldjy4tYrn9o&lptoken=17c5130295f071be5245&ZoneID=6136994&subzone_id=3189326&bannerid=20853573&user_activity=medium&zone_type=%7Bzone_type%7D&cost=0.000000&visitor_id=806949653445619712
Certificate
IssuerAmazon
Subjectmobicube.net
Fingerprint8D:42:49:AB:16:94:C2:7B:7C:83:6D:64:3D:61:16:19:1F:0D:9D:25
ValidityWed, 20 Mar 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT

File type
Java source, ASCII text
Size
566 B (566 bytes)
Hash
4926ad62fc01ecfbe8225653b1202737
bf4b858281bc7a6d5c73a37b1b27434e94b4c1b4
cdaee50cc9d7ae2fad4d3b4fce6e3e2590ace2be29110373f550ce11f8ab98bd

HTTP Headers

GET /sw-check-permissions-4e1e4.js?var=91f058c8-e1bd-403d-9d30-21accce15920&ymid=wbljup5tfubaqiq03qfg0sbl&zoneId=5101589 HTTP/1.1
Host: great-mob.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Referer: https://great-mob.net/2sp/mob/ng/gg8553sweep/ctr-btn-p-ng-mc-2sp/?campaign_name=NG%20PPR%20R%20BL-m%20AIRTEL%20dm%20a1&lander_name=Gg%20ng%2Fgg8553sweep%2Fctr-btn-p-ng-mc-2sp%2F&domain=secure.rdir-shield.com&clickid=wbljup5tfubaqiq03qfg0sbl&source=91f058c8-e1bd-403d-9d30-21accce15920&cep=W3z9WYSXRoGlVbCi1dqBlBGQDbRlWd8ZEYu1yvog3s9JvOHzhe6k_-H8Nzwycy4UHDUWgmEHUnmu9GvRzKJHWjs5D6i1kOD8_zfcBSme4sR9FfRc5st-j5mOiGVasB3iPKiQ5Cncw8zTUDFujfN8x4DIturDs6lF2RnmXo6CRHmws1lVteqJNTo-xGAHSGPbMJnrVbue7luIJ5RLsBFXRMVv495Umdg8wvQiGDpu98Jdj6qrwa7J_vk4hayYQse1SPBHo0qyDX_pIlv69I4WQJ_4CjB5R8ceente24VhPqggkSpMeomUIkSIs1maW3j67A8blFk3hzWLv0ep3IycpDxlRlgmulx3I1B9gmMCSU0i9EafDcWkSE0Od-4J0ajQuiyGJGdGtAOhOiFaZ7plMiiM0hZLjtBciOamK28dJoU9TZyZ0bbX9NWacIA3m19YXDyAyM2TnzDnYjovYZzgmflpnmwnGNyapb-Lvzy_xz7Dd2d6z_oa066weACcDHcrvVC2Ctw5RjOkPxYHLCyuRaUu56NeiK24Ldjy4tYrn9o&lptoken=17c5130295f071be5245&ZoneID=6136994&subzone_id=3189326&bannerid=20853573&user_activity=medium&zone_type=%7Bzone_type%7D&cost=0.000000&visitor_id=806949653445619712
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
content-length: 566
server: nginx
last-modified: Sat, 04 Mar 2023 03:34:54 GMT
accept-ranges: bytes
date: Tue, 23 Apr 2024 12:19:34 GMT
etag: "6402bc5e-236"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ym4kUKRTJHMM_QEVtAEjVaI7Q6pywEDzV1qDalmhxfEtwwA9SVUroQ==
age: 80579
X-Firefox-Spdy: h2

deefauph.com/zone?&pub=0&zone_id=5101589&is_mobile=false&domain=great-mob.net&var=91f058c8-e1bd-403d-9d30-21accce15920&ymid=wbljup5tfubaqiq03qfg0sbl&var_3=&var_4=&dsig=&tg=1&sw=3.1.502&trace_id=8c71a73f-f5a3-429d-9b5d-865131d2d4a7&action=prerequest

139.45.197.251

200 OK

0 B

URL POST HTTP/2
deefauph.com/zone?&pub=0&zone_id=5101589&is_mobile=false&domain=great-mob.net&var=91f058c8-e1bd-403d-9d30-21accce15920&ymid=wbljup5tfubaqiq03qfg0sbl&var_3=&var_4=&dsig=&tg=1&sw=3.1.502&trace_id=8c71a73f-f5a3-429d-9b5d-865131d2d4a7&action=prerequest
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://great-mob.net/2sp/mob/ng/gg8553sweep/ctr-btn-p-ng-mc-2sp/?campaign_name=NG%20PPR%20R%20BL-m%20AIRTEL%20dm%20a1&lander_name=Gg%20ng%2Fgg8553sweep%2Fctr-btn-p-ng-mc-2sp%2F&domain=secure.rdir-shield.com&clickid=wbljup5tfubaqiq03qfg0sbl&source=91f058c8-e1bd-403d-9d30-21accce15920&cep=W3z9WYSXRoGlVbCi1dqBlBGQDbRlWd8ZEYu1yvog3s9JvOHzhe6k_-H8Nzwycy4UHDUWgmEHUnmu9GvRzKJHWjs5D6i1kOD8_zfcBSme4sR9FfRc5st-j5mOiGVasB3iPKiQ5Cncw8zTUDFujfN8x4DIturDs6lF2RnmXo6CRHmws1lVteqJNTo-xGAHSGPbMJnrVbue7luIJ5RLsBFXRMVv495Umdg8wvQiGDpu98Jdj6qrwa7J_vk4hayYQse1SPBHo0qyDX_pIlv69I4WQJ_4CjB5R8ceente24VhPqggkSpMeomUIkSIs1maW3j67A8blFk3hzWLv0ep3IycpDxlRlgmulx3I1B9gmMCSU0i9EafDcWkSE0Od-4J0ajQuiyGJGdGtAOhOiFaZ7plMiiM0hZLjtBciOamK28dJoU9TZyZ0bbX9NWacIA3m19YXDyAyM2TnzDnYjovYZzgmflpnmwnGNyapb-Lvzy_xz7Dd2d6z_oa066weACcDHcrvVC2Ctw5RjOkPxYHLCyuRaUu56NeiK24Ldjy4tYrn9o&lptoken=17c5130295f071be5245&ZoneID=6136994&subzone_id=3189326&bannerid=20853573&user_activity=medium&zone_type=%7Bzone_type%7D&cost=0.000000&visitor_id=806949653445619712
Certificate
IssuerLet's Encrypt
Subjectdeefauph.com
Fingerprint6A:7A:28:B7:1F:2B:41:6A:FA:59:AF:E0:EA:F6:7A:20:E7:9B:71:62
ValidityFri, 05 Apr 2024 05:12:44 GMT - Thu, 04 Jul 2024 05:12:43 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /zone?&pub=0&zone_id=5101589&is_mobile=false&domain=great-mob.net&var=91f058c8-e1bd-403d-9d30-21accce15920&ymid=wbljup5tfubaqiq03qfg0sbl&var_3=&var_4=&dsig=&tg=1&sw=3.1.502&trace_id=8c71a73f-f5a3-429d-9b5d-865131d2d4a7&action=prerequest HTTP/1.1
Host: deefauph.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://great-mob.net
DNT: 1
Connection: keep-alive
Referer: https://great-mob.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 10:42:33 GMT
content-length: 0
x-trace-id: eb1802373743eb01c1705ac4dd9f2469
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://great-mob.net
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

jouteetu.net/custom

139.45.197.251

200 OK

39 B

URL POST HTTP/2
jouteetu.net/custom
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://great-mob.net/2sp/mob/ng/gg8553sweep/ctr-btn-p-ng-mc-2sp/?campaign_name=NG%20PPR%20R%20BL-m%20AIRTEL%20dm%20a1&lander_name=Gg%20ng%2Fgg8553sweep%2Fctr-btn-p-ng-mc-2sp%2F&domain=secure.rdir-shield.com&clickid=wbljup5tfubaqiq03qfg0sbl&source=91f058c8-e1bd-403d-9d30-21accce15920&cep=W3z9WYSXRoGlVbCi1dqBlBGQDbRlWd8ZEYu1yvog3s9JvOHzhe6k_-H8Nzwycy4UHDUWgmEHUnmu9GvRzKJHWjs5D6i1kOD8_zfcBSme4sR9FfRc5st-j5mOiGVasB3iPKiQ5Cncw8zTUDFujfN8x4DIturDs6lF2RnmXo6CRHmws1lVteqJNTo-xGAHSGPbMJnrVbue7luIJ5RLsBFXRMVv495Umdg8wvQiGDpu98Jdj6qrwa7J_vk4hayYQse1SPBHo0qyDX_pIlv69I4WQJ_4CjB5R8ceente24VhPqggkSpMeomUIkSIs1maW3j67A8blFk3hzWLv0ep3IycpDxlRlgmulx3I1B9gmMCSU0i9EafDcWkSE0Od-4J0ajQuiyGJGdGtAOhOiFaZ7plMiiM0hZLjtBciOamK28dJoU9TZyZ0bbX9NWacIA3m19YXDyAyM2TnzDnYjovYZzgmflpnmwnGNyapb-Lvzy_xz7Dd2d6z_oa066weACcDHcrvVC2Ctw5RjOkPxYHLCyuRaUu56NeiK24Ldjy4tYrn9o&lptoken=17c5130295f071be5245&ZoneID=6136994&subzone_id=3189326&bannerid=20853573&user_activity=medium&zone_type=%7Bzone_type%7D&cost=0.000000&visitor_id=806949653445619712
Certificate
IssuerLet's Encrypt
Subjectjouteetu.net
FingerprintF5:94:3C:5E:6B:54:1A:97:82:F8:7E:1F:C2:51:04:8C:FB:F5:CF:65
ValidityWed, 13 Mar 2024 19:38:02 GMT - Tue, 11 Jun 2024 19:38:01 GMT

File type
JSON text data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1322
Origin: https://great-mob.net
DNT: 1
Connection: keep-alive
Referer: https://great-mob.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 10:42:33 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 96c3be7e0acc313ac3378c81d85ee31d
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://great-mob.net
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

jouteetu.net/custom

139.45.197.251

200 OK

39 B

URL POST HTTP/2
jouteetu.net/custom
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://great-mob.net/2sp/mob/ng/gg8553sweep/ctr-btn-p-ng-mc-2sp/?campaign_name=NG%20PPR%20R%20BL-m%20AIRTEL%20dm%20a1&lander_name=Gg%20ng%2Fgg8553sweep%2Fctr-btn-p-ng-mc-2sp%2F&domain=secure.rdir-shield.com&clickid=wbljup5tfubaqiq03qfg0sbl&source=91f058c8-e1bd-403d-9d30-21accce15920&cep=W3z9WYSXRoGlVbCi1dqBlBGQDbRlWd8ZEYu1yvog3s9JvOHzhe6k_-H8Nzwycy4UHDUWgmEHUnmu9GvRzKJHWjs5D6i1kOD8_zfcBSme4sR9FfRc5st-j5mOiGVasB3iPKiQ5Cncw8zTUDFujfN8x4DIturDs6lF2RnmXo6CRHmws1lVteqJNTo-xGAHSGPbMJnrVbue7luIJ5RLsBFXRMVv495Umdg8wvQiGDpu98Jdj6qrwa7J_vk4hayYQse1SPBHo0qyDX_pIlv69I4WQJ_4CjB5R8ceente24VhPqggkSpMeomUIkSIs1maW3j67A8blFk3hzWLv0ep3IycpDxlRlgmulx3I1B9gmMCSU0i9EafDcWkSE0Od-4J0ajQuiyGJGdGtAOhOiFaZ7plMiiM0hZLjtBciOamK28dJoU9TZyZ0bbX9NWacIA3m19YXDyAyM2TnzDnYjovYZzgmflpnmwnGNyapb-Lvzy_xz7Dd2d6z_oa066weACcDHcrvVC2Ctw5RjOkPxYHLCyuRaUu56NeiK24Ldjy4tYrn9o&lptoken=17c5130295f071be5245&ZoneID=6136994&subzone_id=3189326&bannerid=20853573&user_activity=medium&zone_type=%7Bzone_type%7D&cost=0.000000&visitor_id=806949653445619712
Certificate
IssuerLet's Encrypt
Subjectjouteetu.net
FingerprintF5:94:3C:5E:6B:54:1A:97:82:F8:7E:1F:C2:51:04:8C:FB:F5:CF:65
ValidityWed, 13 Mar 2024 19:38:02 GMT - Tue, 11 Jun 2024 19:38:01 GMT

File type
JSON text data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1324
Origin: https://great-mob.net
DNT: 1
Connection: keep-alive
Referer: https://great-mob.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 10:42:33 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: a4a44d23ed9e6e8e32ac7badbc6ed40d
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://great-mob.net
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

jouteetu.net/custom

139.45.197.251

200 OK

39 B

URL POST HTTP/2
jouteetu.net/custom
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://great-mob.net/2sp/mob/ng/gg8553sweep/ctr-btn-p-ng-mc-2sp/?campaign_name=NG%20PPR%20R%20BL-m%20AIRTEL%20dm%20a1&lander_name=Gg%20ng%2Fgg8553sweep%2Fctr-btn-p-ng-mc-2sp%2F&domain=secure.rdir-shield.com&clickid=wbljup5tfubaqiq03qfg0sbl&source=91f058c8-e1bd-403d-9d30-21accce15920&cep=W3z9WYSXRoGlVbCi1dqBlBGQDbRlWd8ZEYu1yvog3s9JvOHzhe6k_-H8Nzwycy4UHDUWgmEHUnmu9GvRzKJHWjs5D6i1kOD8_zfcBSme4sR9FfRc5st-j5mOiGVasB3iPKiQ5Cncw8zTUDFujfN8x4DIturDs6lF2RnmXo6CRHmws1lVteqJNTo-xGAHSGPbMJnrVbue7luIJ5RLsBFXRMVv495Umdg8wvQiGDpu98Jdj6qrwa7J_vk4hayYQse1SPBHo0qyDX_pIlv69I4WQJ_4CjB5R8ceente24VhPqggkSpMeomUIkSIs1maW3j67A8blFk3hzWLv0ep3IycpDxlRlgmulx3I1B9gmMCSU0i9EafDcWkSE0Od-4J0ajQuiyGJGdGtAOhOiFaZ7plMiiM0hZLjtBciOamK28dJoU9TZyZ0bbX9NWacIA3m19YXDyAyM2TnzDnYjovYZzgmflpnmwnGNyapb-Lvzy_xz7Dd2d6z_oa066weACcDHcrvVC2Ctw5RjOkPxYHLCyuRaUu56NeiK24Ldjy4tYrn9o&lptoken=17c5130295f071be5245&ZoneID=6136994&subzone_id=3189326&bannerid=20853573&user_activity=medium&zone_type=%7Bzone_type%7D&cost=0.000000&visitor_id=806949653445619712
Certificate
IssuerLet's Encrypt
Subjectjouteetu.net
FingerprintF5:94:3C:5E:6B:54:1A:97:82:F8:7E:1F:C2:51:04:8C:FB:F5:CF:65
ValidityWed, 13 Mar 2024 19:38:02 GMT - Tue, 11 Jun 2024 19:38:01 GMT

File type
JSON text data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1325
Origin: https://great-mob.net
DNT: 1
Connection: keep-alive
Referer: https://great-mob.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 10:42:33 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: fefaa6e2a25ab2faa9cad61aee72c7ba
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://great-mob.net
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

0 B

URL OPTIONS HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://great-mob.net/2sp/mob/ng/gg8553sweep/ctr-btn-p-ng-mc-2sp/?campaign_name=NG%20PPR%20R%20BL-m%20AIRTEL%20dm%20a1&lander_name=Gg%20ng%2Fgg8553sweep%2Fctr-btn-p-ng-mc-2sp%2F&domain=secure.rdir-shield.com&clickid=wbljup5tfubaqiq03qfg0sbl&source=91f058c8-e1bd-403d-9d30-21accce15920&cep=W3z9WYSXRoGlVbCi1dqBlBGQDbRlWd8ZEYu1yvog3s9JvOHzhe6k_-H8Nzwycy4UHDUWgmEHUnmu9GvRzKJHWjs5D6i1kOD8_zfcBSme4sR9FfRc5st-j5mOiGVasB3iPKiQ5Cncw8zTUDFujfN8x4DIturDs6lF2RnmXo6CRHmws1lVteqJNTo-xGAHSGPbMJnrVbue7luIJ5RLsBFXRMVv495Umdg8wvQiGDpu98Jdj6qrwa7J_vk4hayYQse1SPBHo0qyDX_pIlv69I4WQJ_4CjB5R8ceente24VhPqggkSpMeomUIkSIs1maW3j67A8blFk3hzWLv0ep3IycpDxlRlgmulx3I1B9gmMCSU0i9EafDcWkSE0Od-4J0ajQuiyGJGdGtAOhOiFaZ7plMiiM0hZLjtBciOamK28dJoU9TZyZ0bbX9NWacIA3m19YXDyAyM2TnzDnYjovYZzgmflpnmwnGNyapb-Lvzy_xz7Dd2d6z_oa066weACcDHcrvVC2Ctw5RjOkPxYHLCyuRaUu56NeiK24Ldjy4tYrn9o&lptoken=17c5130295f071be5245&ZoneID=6136994&subzone_id=3189326&bannerid=20853573&user_activity=medium&zone_type=%7Bzone_type%7D&cost=0.000000&visitor_id=806949653445619712
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA
ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://great-mob.net/
Origin: https://great-mob.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 10:42:33 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://great-mob.net
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

94 B

URL OPTIONS HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://great-mob.net/2sp/mob/ng/gg8553sweep/ctr-btn-p-ng-mc-2sp/?campaign_name=NG%20PPR%20R%20BL-m%20AIRTEL%20dm%20a1&lander_name=Gg%20ng%2Fgg8553sweep%2Fctr-btn-p-ng-mc-2sp%2F&domain=secure.rdir-shield.com&clickid=wbljup5tfubaqiq03qfg0sbl&source=91f058c8-e1bd-403d-9d30-21accce15920&cep=W3z9WYSXRoGlVbCi1dqBlBGQDbRlWd8ZEYu1yvog3s9JvOHzhe6k_-H8Nzwycy4UHDUWgmEHUnmu9GvRzKJHWjs5D6i1kOD8_zfcBSme4sR9FfRc5st-j5mOiGVasB3iPKiQ5Cncw8zTUDFujfN8x4DIturDs6lF2RnmXo6CRHmws1lVteqJNTo-xGAHSGPbMJnrVbue7luIJ5RLsBFXRMVv495Umdg8wvQiGDpu98Jdj6qrwa7J_vk4hayYQse1SPBHo0qyDX_pIlv69I4WQJ_4CjB5R8ceente24VhPqggkSpMeomUIkSIs1maW3j67A8blFk3hzWLv0ep3IycpDxlRlgmulx3I1B9gmMCSU0i9EafDcWkSE0Od-4J0ajQuiyGJGdGtAOhOiFaZ7plMiiM0hZLjtBciOamK28dJoU9TZyZ0bbX9NWacIA3m19YXDyAyM2TnzDnYjovYZzgmflpnmwnGNyapb-Lvzy_xz7Dd2d6z_oa066weACcDHcrvVC2Ctw5RjOkPxYHLCyuRaUu56NeiK24Ldjy4tYrn9o&lptoken=17c5130295f071be5245&ZoneID=6136994&subzone_id=3189326&bannerid=20853573&user_activity=medium&zone_type=%7Bzone_type%7D&cost=0.000000&visitor_id=806949653445619712
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA
ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT

File type
JSON text data
Size
94 B (94 bytes)
Hash
19b5fe1182f73ace49486c1c7b1b426e
7371f60d085fab3b9dac6987438f9550bf114e6e
369df3d4549c14cad8a6b7f4f95d37dc41ecc1ab9a197adec89d9356c2e10981

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://great-mob.net/
Content-Type: application/json
Content-Length: 2214
Origin: https://great-mob.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 10:42:33 GMT
content-type: application/json; charset=utf-8
content-length: 94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://great-mob.net
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

great-mob.net/2sp/mob/ng/gg8553sweep/ctr-btn-p-ng-mc-2sp/jquery-3.6.0.min.js

54.230.111.67

200 OK

40 kB

URL GET HTTP/2
great-mob.net/2sp/mob/ng/gg8553sweep/ctr-btn-p-ng-mc-2sp/jquery-3.6.0.min.js
IP
54.230.111.67:443
ASN
#16509 AMAZON-02

Requested by
https://great-mob.net/2sp/mob/ng/gg8553sweep/ctr-btn-p-ng-mc-2sp/?campaign_name=NG%20PPR%20R%20BL-m%20AIRTEL%20dm%20a1&lander_name=Gg%20ng%2Fgg8553sweep%2Fctr-btn-p-ng-mc-2sp%2F&domain=secure.rdir-shield.com&clickid=wbljup5tfubaqiq03qfg0sbl&source=91f058c8-e1bd-403d-9d30-21accce15920&cep=W3z9WYSXRoGlVbCi1dqBlBGQDbRlWd8ZEYu1yvog3s9JvOHzhe6k_-H8Nzwycy4UHDUWgmEHUnmu9GvRzKJHWjs5D6i1kOD8_zfcBSme4sR9FfRc5st-j5mOiGVasB3iPKiQ5Cncw8zTUDFujfN8x4DIturDs6lF2RnmXo6CRHmws1lVteqJNTo-xGAHSGPbMJnrVbue7luIJ5RLsBFXRMVv495Umdg8wvQiGDpu98Jdj6qrwa7J_vk4hayYQse1SPBHo0qyDX_pIlv69I4WQJ_4CjB5R8ceente24VhPqggkSpMeomUIkSIs1maW3j67A8blFk3hzWLv0ep3IycpDxlRlgmulx3I1B9gmMCSU0i9EafDcWkSE0Od-4J0ajQuiyGJGdGtAOhOiFaZ7plMiiM0hZLjtBciOamK28dJoU9TZyZ0bbX9NWacIA3m19YXDyAyM2TnzDnYjovYZzgmflpnmwnGNyapb-Lvzy_xz7Dd2d6z_oa066weACcDHcrvVC2Ctw5RjOkPxYHLCyuRaUu56NeiK24Ldjy4tYrn9o&lptoken=17c5130295f071be5245&ZoneID=6136994&subzone_id=3189326&bannerid=20853573&user_activity=medium&zone_type=%7Bzone_type%7D&cost=0.000000&visitor_id=806949653445619712
Certificate
IssuerAmazon
Subjectmobicube.net
Fingerprint8D:42:49:AB:16:94:C2:7B:7C:83:6D:64:3D:61:16:19:1F:0D:9D:25
ValidityWed, 20 Mar 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT

File type
gzip compressed data, from Unix
Size
40 kB (39991 bytes)
Hash
6a23fde32351756d70144eec2ec27a4c
51ef9dc5018b270922a166069cb7bdeee350cf84
a2288f38d0e668ccc43f3dd67168b0830aac9ee3232510009eb65d01f1001578

HTTP Headers

GET /2sp/mob/ng/gg8553sweep/ctr-btn-p-ng-mc-2sp/jquery-3.6.0.min.js HTTP/1.1
Host: great-mob.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://great-mob.net/2sp/mob/ng/gg8553sweep/ctr-btn-p-ng-mc-2sp/?campaign_name=NG%20PPR%20R%20BL-m%20AIRTEL%20dm%20a1&lander_name=Gg%20ng%2Fgg8553sweep%2Fctr-btn-p-ng-mc-2sp%2F&domain=secure.rdir-shield.com&clickid=wbljup5tfubaqiq03qfg0sbl&source=91f058c8-e1bd-403d-9d30-21accce15920&cep=W3z9WYSXRoGlVbCi1dqBlBGQDbRlWd8ZEYu1yvog3s9JvOHzhe6k_-H8Nzwycy4UHDUWgmEHUnmu9GvRzKJHWjs5D6i1kOD8_zfcBSme4sR9FfRc5st-j5mOiGVasB3iPKiQ5Cncw8zTUDFujfN8x4DIturDs6lF2RnmXo6CRHmws1lVteqJNTo-xGAHSGPbMJnrVbue7luIJ5RLsBFXRMVv495Umdg8wvQiGDpu98Jdj6qrwa7J_vk4hayYQse1SPBHo0qyDX_pIlv69I4WQJ_4CjB5R8ceente24VhPqggkSpMeomUIkSIs1maW3j67A8blFk3hzWLv0ep3IycpDxlRlgmulx3I1B9gmMCSU0i9EafDcWkSE0Od-4J0ajQuiyGJGdGtAOhOiFaZ7plMiiM0hZLjtBciOamK28dJoU9TZyZ0bbX9NWacIA3m19YXDyAyM2TnzDnYjovYZzgmflpnmwnGNyapb-Lvzy_xz7Dd2d6z_oa066weACcDHcrvVC2Ctw5RjOkPxYHLCyuRaUu56NeiK24Ldjy4tYrn9o&lptoken=17c5130295f071be5245&ZoneID=6136994&subzone_id=3189326&bannerid=20853573&user_activity=medium&zone_type=%7Bzone_type%7D&cost=0.000000&visitor_id=806949653445619712
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
server: nginx
last-modified: Thu, 06 Jan 2022 15:49:08 GMT
content-encoding: gzip
date: Wed, 24 Apr 2024 10:42:33 GMT
etag: W/"61d70f74-15d9d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: mrW29_Mt31zcUU0oagPeVjEAfz31iQEpywZCTfWtqHqw4TXK8FFSqQ==
age: 19414
X-Firefox-Spdy: h2

great-mob.net/2sp/mob/ng/gg8553sweep/ctr-btn-p-ng-mc-2sp/js-2rs.js

54.230.111.67

200 OK

2.4 kB

URL GET HTTP/2
great-mob.net/2sp/mob/ng/gg8553sweep/ctr-btn-p-ng-mc-2sp/js-2rs.js
IP
54.230.111.67:443
ASN
#16509 AMAZON-02

Requested by
https://great-mob.net/2sp/mob/ng/gg8553sweep/ctr-btn-p-ng-mc-2sp/?campaign_name=NG%20PPR%20R%20BL-m%20AIRTEL%20dm%20a1&lander_name=Gg%20ng%2Fgg8553sweep%2Fctr-btn-p-ng-mc-2sp%2F&domain=secure.rdir-shield.com&clickid=wbljup5tfubaqiq03qfg0sbl&source=91f058c8-e1bd-403d-9d30-21accce15920&cep=W3z9WYSXRoGlVbCi1dqBlBGQDbRlWd8ZEYu1yvog3s9JvOHzhe6k_-H8Nzwycy4UHDUWgmEHUnmu9GvRzKJHWjs5D6i1kOD8_zfcBSme4sR9FfRc5st-j5mOiGVasB3iPKiQ5Cncw8zTUDFujfN8x4DIturDs6lF2RnmXo6CRHmws1lVteqJNTo-xGAHSGPbMJnrVbue7luIJ5RLsBFXRMVv495Umdg8wvQiGDpu98Jdj6qrwa7J_vk4hayYQse1SPBHo0qyDX_pIlv69I4WQJ_4CjB5R8ceente24VhPqggkSpMeomUIkSIs1maW3j67A8blFk3hzWLv0ep3IycpDxlRlgmulx3I1B9gmMCSU0i9EafDcWkSE0Od-4J0ajQuiyGJGdGtAOhOiFaZ7plMiiM0hZLjtBciOamK28dJoU9TZyZ0bbX9NWacIA3m19YXDyAyM2TnzDnYjovYZzgmflpnmwnGNyapb-Lvzy_xz7Dd2d6z_oa066weACcDHcrvVC2Ctw5RjOkPxYHLCyuRaUu56NeiK24Ldjy4tYrn9o&lptoken=17c5130295f071be5245&ZoneID=6136994&subzone_id=3189326&bannerid=20853573&user_activity=medium&zone_type=%7Bzone_type%7D&cost=0.000000&visitor_id=806949653445619712
Certificate
IssuerAmazon
Subjectmobicube.net
Fingerprint8D:42:49:AB:16:94:C2:7B:7C:83:6D:64:3D:61:16:19:1F:0D:9D:25
ValidityWed, 20 Mar 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (2579), with no line terminators
Size
2.4 kB (2381 bytes)
Hash
50c42ef3e94a44a96543db88754297bf
146fd22acf660efe4356d4770af50727439848f4
2935b8d34721e641852afcc8355e0b13c0ce69452814e654e1f472d4020ad3bc

HTTP Headers

GET /2sp/mob/ng/gg8553sweep/ctr-btn-p-ng-mc-2sp/js-2rs.js HTTP/1.1
Host: great-mob.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://great-mob.net/2sp/mob/ng/gg8553sweep/ctr-btn-p-ng-mc-2sp/?campaign_name=NG%20PPR%20R%20BL-m%20AIRTEL%20dm%20a1&lander_name=Gg%20ng%2Fgg8553sweep%2Fctr-btn-p-ng-mc-2sp%2F&domain=secure.rdir-shield.com&clickid=wbljup5tfubaqiq03qfg0sbl&source=91f058c8-e1bd-403d-9d30-21accce15920&cep=W3z9WYSXRoGlVbCi1dqBlBGQDbRlWd8ZEYu1yvog3s9JvOHzhe6k_-H8Nzwycy4UHDUWgmEHUnmu9GvRzKJHWjs5D6i1kOD8_zfcBSme4sR9FfRc5st-j5mOiGVasB3iPKiQ5Cncw8zTUDFujfN8x4DIturDs6lF2RnmXo6CRHmws1lVteqJNTo-xGAHSGPbMJnrVbue7luIJ5RLsBFXRMVv495Umdg8wvQiGDpu98Jdj6qrwa7J_vk4hayYQse1SPBHo0qyDX_pIlv69I4WQJ_4CjB5R8ceente24VhPqggkSpMeomUIkSIs1maW3j67A8blFk3hzWLv0ep3IycpDxlRlgmulx3I1B9gmMCSU0i9EafDcWkSE0Od-4J0ajQuiyGJGdGtAOhOiFaZ7plMiiM0hZLjtBciOamK28dJoU9TZyZ0bbX9NWacIA3m19YXDyAyM2TnzDnYjovYZzgmflpnmwnGNyapb-Lvzy_xz7Dd2d6z_oa066weACcDHcrvVC2Ctw5RjOkPxYHLCyuRaUu56NeiK24Ldjy4tYrn9o&lptoken=17c5130295f071be5245&ZoneID=6136994&subzone_id=3189326&bannerid=20853573&user_activity=medium&zone_type=%7Bzone_type%7D&cost=0.000000&visitor_id=806949653445619712
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript
server: nginx
last-modified: Fri, 19 May 2023 02:04:54 GMT
content-encoding: gzip
date: Wed, 24 Apr 2024 10:42:33 GMT
etag: W/"6466d946-94d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: zdlXV-E80VL_GqPbM35Sg8lShe7weNV_fK44tKLsImHAgSNf94l3_w==
age: 33575
X-Firefox-Spdy: h2

great-mob.net/2sp/mob/ng/gg8553sweep/ctr-btn-p-ng-mc-2sp/?campaign_name=NG%20PPR%20R%20BL-m%20AIRTEL%20dm%20a1&lander_name=Gg%20ng%2Fgg8553sweep%2Fctr-btn-p-ng-mc-2sp%2F&domain=secure.rdir-shield.com&clickid=wbljup5tfubaqiq03qfg0sbl&source=91f058c8-e1bd-403d-9d30-21accce15920&cep=W3z9WYSXRoGlVbCi1dqBlBGQDbRlWd8ZEYu1yvog3s9JvOHzhe6k_-H8Nzwycy4UHDUWgmEHUnmu9GvRzKJHWjs5D6i1kOD8_zfcBSme4sR9FfRc5st-j5mOiGVasB3iPKiQ5Cncw8zTUDFujfN8x4DIturDs6lF2RnmXo6CRHmws1lVteqJNTo-xGAHSGPbMJnrVbue7luIJ5RLsBFXRMVv495Umdg8wvQiGDpu98Jdj6qrwa7J_vk4hayYQse1SPBHo0qyDX_pIlv69I4WQJ_4CjB5R8ceente24VhPqggkSpMeomUIkSIs1maW3j67A8blFk3hzWLv0ep3IycpDxlRlgmulx3I1B9gmMCSU0i9EafDcWkSE0Od-4J0ajQuiyGJGdGtAOhOiFaZ7plMiiM0hZLjtBciOamK28dJoU9TZyZ0bbX9NWacIA3m19YXDyAyM2TnzDnYjovYZzgmflpnmwnGNyapb-Lvzy_xz7Dd2d6z_oa066weACcDHcrvVC2Ctw5RjOkPxYHLCyuRaUu56NeiK24Ldjy4tYrn9o&lptoken=17c5130295f071be5245&ZoneID=6136994&subzone_id=3189326&bannerid=20853573&user_activity=medium&zone_type=%7Bzone_type%7D&cost=0.000000&visitor_id=806949653445619712

54.230.111.67

200 OK

26 kB

URL User Request GET HTTP/2
great-mob.net/2sp/mob/ng/gg8553sweep/ctr-btn-p-ng-mc-2sp/?campaign_name=NG%20PPR%20R%20BL-m%20AIRTEL%20dm%20a1&lander_name=Gg%20ng%2Fgg8553sweep%2Fctr-btn-p-ng-mc-2sp%2F&domain=secure.rdir-shield.com&clickid=wbljup5tfubaqiq03qfg0sbl&source=91f058c8-e1bd-403d-9d30-21accce15920&cep=W3z9WYSXRoGlVbCi1dqBlBGQDbRlWd8ZEYu1yvog3s9JvOHzhe6k_-H8Nzwycy4UHDUWgmEHUnmu9GvRzKJHWjs5D6i1kOD8_zfcBSme4sR9FfRc5st-j5mOiGVasB3iPKiQ5Cncw8zTUDFujfN8x4DIturDs6lF2RnmXo6CRHmws1lVteqJNTo-xGAHSGPbMJnrVbue7luIJ5RLsBFXRMVv495Umdg8wvQiGDpu98Jdj6qrwa7J_vk4hayYQse1SPBHo0qyDX_pIlv69I4WQJ_4CjB5R8ceente24VhPqggkSpMeomUIkSIs1maW3j67A8blFk3hzWLv0ep3IycpDxlRlgmulx3I1B9gmMCSU0i9EafDcWkSE0Od-4J0ajQuiyGJGdGtAOhOiFaZ7plMiiM0hZLjtBciOamK28dJoU9TZyZ0bbX9NWacIA3m19YXDyAyM2TnzDnYjovYZzgmflpnmwnGNyapb-Lvzy_xz7Dd2d6z_oa066weACcDHcrvVC2Ctw5RjOkPxYHLCyuRaUu56NeiK24Ldjy4tYrn9o&lptoken=17c5130295f071be5245&ZoneID=6136994&subzone_id=3189326&bannerid=20853573&user_activity=medium&zone_type=%7Bzone_type%7D&cost=0.000000&visitor_id=806949653445619712
IP
54.230.111.67:443
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subjectmobicube.net
Fingerprint8D:42:49:AB:16:94:C2:7B:7C:83:6D:64:3D:61:16:19:1F:0D:9D:25
ValidityWed, 20 Mar 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (13224)
Size
26 kB (26343 bytes)
Hash
17317e7c750997a3b8a131e74930ce38
7b31537bf495acf99bb4067a90139e5e9674b6a7
592f593ab70b252ffffbb6ebe9411a888cb398966317bc3fbf368e7285207ac0

HTTP Headers

GET /2sp/mob/ng/gg8553sweep/ctr-btn-p-ng-mc-2sp/?campaign_name=NG%20PPR%20R%20BL-m%20AIRTEL%20dm%20a1&lander_name=Gg%20ng%2Fgg8553sweep%2Fctr-btn-p-ng-mc-2sp%2F&domain=secure.rdir-shield.com&clickid=wbljup5tfubaqiq03qfg0sbl&source=91f058c8-e1bd-403d-9d30-21accce15920&cep=W3z9WYSXRoGlVbCi1dqBlBGQDbRlWd8ZEYu1yvog3s9JvOHzhe6k_-H8Nzwycy4UHDUWgmEHUnmu9GvRzKJHWjs5D6i1kOD8_zfcBSme4sR9FfRc5st-j5mOiGVasB3iPKiQ5Cncw8zTUDFujfN8x4DIturDs6lF2RnmXo6CRHmws1lVteqJNTo-xGAHSGPbMJnrVbue7luIJ5RLsBFXRMVv495Umdg8wvQiGDpu98Jdj6qrwa7J_vk4hayYQse1SPBHo0qyDX_pIlv69I4WQJ_4CjB5R8ceente24VhPqggkSpMeomUIkSIs1maW3j67A8blFk3hzWLv0ep3IycpDxlRlgmulx3I1B9gmMCSU0i9EafDcWkSE0Od-4J0ajQuiyGJGdGtAOhOiFaZ7plMiiM0hZLjtBciOamK28dJoU9TZyZ0bbX9NWacIA3m19YXDyAyM2TnzDnYjovYZzgmflpnmwnGNyapb-Lvzy_xz7Dd2d6z_oa066weACcDHcrvVC2Ctw5RjOkPxYHLCyuRaUu56NeiK24Ldjy4tYrn9o&lptoken=17c5130295f071be5245&ZoneID=6136994&subzone_id=3189326&bannerid=20853573&user_activity=medium&zone_type=%7Bzone_type%7D&cost=0.000000&visitor_id=806949653445619712 HTTP/1.1
Host: great-mob.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html
server: nginx
last-modified: Sat, 11 Mar 2023 19:16:10 GMT
content-encoding: gzip
date: Wed, 24 Apr 2024 10:42:32 GMT
etag: W/"640cd37a-66e7"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: -krg9Tp_GOnBlrLaI5mz9bME4_DCvcsBesc-hU2rDf93_xZaLa8uUA==
age: 31654
X-Firefox-Spdy: h2

deefauph.com/pfe/current/micro.tag.min.js?z=5101589&ymid=wbljup5tfubaqiq03qfg0sbl&var=91f058c8-e1bd-403d-9d30-21accce15920&sw=/sw-check-permissions-4e1e4.js

139.45.197.251

200 OK

37 kB

URL GET HTTP/2
deefauph.com/pfe/current/micro.tag.min.js?z=5101589&ymid=wbljup5tfubaqiq03qfg0sbl&var=91f058c8-e1bd-403d-9d30-21accce15920&sw=/sw-check-permissions-4e1e4.js
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://great-mob.net/2sp/mob/ng/gg8553sweep/ctr-btn-p-ng-mc-2sp/?campaign_name=NG%20PPR%20R%20BL-m%20AIRTEL%20dm%20a1&lander_name=Gg%20ng%2Fgg8553sweep%2Fctr-btn-p-ng-mc-2sp%2F&domain=secure.rdir-shield.com&clickid=wbljup5tfubaqiq03qfg0sbl&source=91f058c8-e1bd-403d-9d30-21accce15920&cep=W3z9WYSXRoGlVbCi1dqBlBGQDbRlWd8ZEYu1yvog3s9JvOHzhe6k_-H8Nzwycy4UHDUWgmEHUnmu9GvRzKJHWjs5D6i1kOD8_zfcBSme4sR9FfRc5st-j5mOiGVasB3iPKiQ5Cncw8zTUDFujfN8x4DIturDs6lF2RnmXo6CRHmws1lVteqJNTo-xGAHSGPbMJnrVbue7luIJ5RLsBFXRMVv495Umdg8wvQiGDpu98Jdj6qrwa7J_vk4hayYQse1SPBHo0qyDX_pIlv69I4WQJ_4CjB5R8ceente24VhPqggkSpMeomUIkSIs1maW3j67A8blFk3hzWLv0ep3IycpDxlRlgmulx3I1B9gmMCSU0i9EafDcWkSE0Od-4J0ajQuiyGJGdGtAOhOiFaZ7plMiiM0hZLjtBciOamK28dJoU9TZyZ0bbX9NWacIA3m19YXDyAyM2TnzDnYjovYZzgmflpnmwnGNyapb-Lvzy_xz7Dd2d6z_oa066weACcDHcrvVC2Ctw5RjOkPxYHLCyuRaUu56NeiK24Ldjy4tYrn9o&lptoken=17c5130295f071be5245&ZoneID=6136994&subzone_id=3189326&bannerid=20853573&user_activity=medium&zone_type=%7Bzone_type%7D&cost=0.000000&visitor_id=806949653445619712
Certificate
IssuerLet's Encrypt
Subjectdeefauph.com
Fingerprint6A:7A:28:B7:1F:2B:41:6A:FA:59:AF:E0:EA:F6:7A:20:E7:9B:71:62
ValidityFri, 05 Apr 2024 05:12:44 GMT - Thu, 04 Jul 2024 05:12:43 GMT

File type
JavaScript source, ASCII text, with very long lines (36570), with no line terminators
Size
37 kB (36570 bytes)
Hash
9c707551764e528035154fcfc935d4da
8687a3418b6f0ded1dd3559be0c7ff8f6ed11e58
41f14ec09c4d467a2ff3351d0a9ff57dbbe0011995fd37afa97b3cbb5e40b0c2

HTTP Headers

GET /pfe/current/micro.tag.min.js?z=5101589&ymid=wbljup5tfubaqiq03qfg0sbl&var=91f058c8-e1bd-403d-9d30-21accce15920&sw=/sw-check-permissions-4e1e4.js HTTP/1.1
Host: deefauph.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://great-mob.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 10:42:33 GMT
content-type: application/javascript
last-modified: Wed, 24 Apr 2024 08:28:56 GMT
etag: W/"6628c2c8-8eda"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

great-mob.net/2sp/mob/ng/gg8553sweep/ctr-btn-p-ng-mc-2sp/mobile-detect.min.js

54.230.111.67

200 OK

37 kB

URL GET HTTP/2
great-mob.net/2sp/mob/ng/gg8553sweep/ctr-btn-p-ng-mc-2sp/mobile-detect.min.js
IP
54.230.111.67:443
ASN
#16509 AMAZON-02

Requested by
https://great-mob.net/2sp/mob/ng/gg8553sweep/ctr-btn-p-ng-mc-2sp/?campaign_name=NG%20PPR%20R%20BL-m%20AIRTEL%20dm%20a1&lander_name=Gg%20ng%2Fgg8553sweep%2Fctr-btn-p-ng-mc-2sp%2F&domain=secure.rdir-shield.com&clickid=wbljup5tfubaqiq03qfg0sbl&source=91f058c8-e1bd-403d-9d30-21accce15920&cep=W3z9WYSXRoGlVbCi1dqBlBGQDbRlWd8ZEYu1yvog3s9JvOHzhe6k_-H8Nzwycy4UHDUWgmEHUnmu9GvRzKJHWjs5D6i1kOD8_zfcBSme4sR9FfRc5st-j5mOiGVasB3iPKiQ5Cncw8zTUDFujfN8x4DIturDs6lF2RnmXo6CRHmws1lVteqJNTo-xGAHSGPbMJnrVbue7luIJ5RLsBFXRMVv495Umdg8wvQiGDpu98Jdj6qrwa7J_vk4hayYQse1SPBHo0qyDX_pIlv69I4WQJ_4CjB5R8ceente24VhPqggkSpMeomUIkSIs1maW3j67A8blFk3hzWLv0ep3IycpDxlRlgmulx3I1B9gmMCSU0i9EafDcWkSE0Od-4J0ajQuiyGJGdGtAOhOiFaZ7plMiiM0hZLjtBciOamK28dJoU9TZyZ0bbX9NWacIA3m19YXDyAyM2TnzDnYjovYZzgmflpnmwnGNyapb-Lvzy_xz7Dd2d6z_oa066weACcDHcrvVC2Ctw5RjOkPxYHLCyuRaUu56NeiK24Ldjy4tYrn9o&lptoken=17c5130295f071be5245&ZoneID=6136994&subzone_id=3189326&bannerid=20853573&user_activity=medium&zone_type=%7Bzone_type%7D&cost=0.000000&visitor_id=806949653445619712
Certificate
IssuerAmazon
Subjectmobicube.net
Fingerprint8D:42:49:AB:16:94:C2:7B:7C:83:6D:64:3D:61:16:19:1F:0D:9D:25
ValidityWed, 20 Mar 2024 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (32053)
Size
37 kB (36569 bytes)
Hash
13d67ff5bf1413a7085e9673c1bb3f6f
e9cb51ce68eb23e5c198e0d5c019df53b6f09283
773e5bbc4fb9297bc224eb406ea65168fe8d36586ff15b997e373943bbf0e643

HTTP Headers

GET /2sp/mob/ng/gg8553sweep/ctr-btn-p-ng-mc-2sp/mobile-detect.min.js HTTP/1.1
Host: great-mob.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://great-mob.net/2sp/mob/ng/gg8553sweep/ctr-btn-p-ng-mc-2sp/?campaign_name=NG%20PPR%20R%20BL-m%20AIRTEL%20dm%20a1&lander_name=Gg%20ng%2Fgg8553sweep%2Fctr-btn-p-ng-mc-2sp%2F&domain=secure.rdir-shield.com&clickid=wbljup5tfubaqiq03qfg0sbl&source=91f058c8-e1bd-403d-9d30-21accce15920&cep=W3z9WYSXRoGlVbCi1dqBlBGQDbRlWd8ZEYu1yvog3s9JvOHzhe6k_-H8Nzwycy4UHDUWgmEHUnmu9GvRzKJHWjs5D6i1kOD8_zfcBSme4sR9FfRc5st-j5mOiGVasB3iPKiQ5Cncw8zTUDFujfN8x4DIturDs6lF2RnmXo6CRHmws1lVteqJNTo-xGAHSGPbMJnrVbue7luIJ5RLsBFXRMVv495Umdg8wvQiGDpu98Jdj6qrwa7J_vk4hayYQse1SPBHo0qyDX_pIlv69I4WQJ_4CjB5R8ceente24VhPqggkSpMeomUIkSIs1maW3j67A8blFk3hzWLv0ep3IycpDxlRlgmulx3I1B9gmMCSU0i9EafDcWkSE0Od-4J0ajQuiyGJGdGtAOhOiFaZ7plMiiM0hZLjtBciOamK28dJoU9TZyZ0bbX9NWacIA3m19YXDyAyM2TnzDnYjovYZzgmflpnmwnGNyapb-Lvzy_xz7Dd2d6z_oa066weACcDHcrvVC2Ctw5RjOkPxYHLCyuRaUu56NeiK24Ldjy4tYrn9o&lptoken=17c5130295f071be5245&ZoneID=6136994&subzone_id=3189326&bannerid=20853573&user_activity=medium&zone_type=%7Bzone_type%7D&cost=0.000000&visitor_id=806949653445619712
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript
server: nginx
last-modified: Thu, 03 Mar 2016 18:48:54 GMT
content-encoding: br
date: Wed, 24 Apr 2024 10:42:33 GMT
etag: W/"56d88716-8ed9"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: -U2aPbs2_Kui0EV3-BQYBpOPLGKsVfuFDO_FNYOCmqINo5JLjNOToQ==
age: 33575
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (15)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN