new-benefit.com/urogun/it1n/css/font-awesome.min.css
136.243.110.236200 OK 31 kB URL GET HTTP/2 new-benefit.com/urogun/it1n/css/font-awesome.min.css
IP 136.243.110.236:443
ASN #24940 Hetzner Online GmbH
Requested by https://new-benefit.com/urogun/it1n/
Certificate IssuerLet's Encrypt
Subjectnew-benefit.com
Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5
ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT
File type ASCII text, with very long lines (30837), with CRLF line terminators
Hash a0e784c4ca94c271b0338dfb02055be6
88af80502c44cd52ca81ffe7dc7276b7eccb06cf
820e169ce24824066d9973fd4b6561aae9dcd6dbef6435da905d5a1d6482997c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /urogun/it1n/css/font-awesome.min.css HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://new-benefit.com/urogun/it1n/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:08:24 GMT
content-type: text/css
content-length: 31004
last-modified: Wed, 10 Apr 2024 10:57:26 GMT
etag: "66167096-791c"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
new-benefit.com/scripts/propush_script_tovarka.js
136.243.110.236200 OK 3.3 kB URL GET HTTP/2 new-benefit.com/scripts/propush_script_tovarka.js
IP 136.243.110.236:443
ASN #24940 Hetzner Online GmbH
Requested by https://new-benefit.com/urogun/it1n/
Certificate IssuerLet's Encrypt
Subjectnew-benefit.com
Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5
ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash d5c7a6740ea454b07007fe4a74d17b49
0cedd3a54e2736ec6b1c0799fc714544a0da08b1
09f8260459424d7d65476858422595babbeb36a0c9a8753cb1a7b4a4e264f3f8
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /scripts/propush_script_tovarka.js HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:08:24 GMT
content-type: application/javascript
content-length: 3318
last-modified: Wed, 08 May 2024 12:25:29 GMT
etag: "663b6f39-cf6"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
new-benefit.com/urogun/it1n/img/logo.png
136.243.110.236200 OK 1.7 kB URL GET HTTP/2 new-benefit.com/urogun/it1n/img/logo.png
IP 136.243.110.236:443
ASN #24940 Hetzner Online GmbH
Requested by https://new-benefit.com/urogun/it1n/
Certificate IssuerLet's Encrypt
Subjectnew-benefit.com
Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5
ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT
File type PNG image data, 251 x 38, 8-bit colormap, non-interlaced
Hash 82e3fd22b852e5882ee016a0ac81900a
1646cd2abddee601ec42cf2b629bfcdb9020fbf7
e02e1f2394421e3cdd6f5629a1fa9d7832db0b6e7c86eadf015d7b07dab50aa2
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /urogun/it1n/img/logo.png HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:08:24 GMT
content-type: image/png
content-length: 1722
last-modified: Wed, 10 Apr 2024 10:57:34 GMT
etag: "6616709e-6ba"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
new-benefit.com/urogun/it1n/img/img02.jpg
136.243.110.236200 OK 128 kB URL GET HTTP/2 new-benefit.com/urogun/it1n/img/img02.jpg
IP 136.243.110.236:443
ASN #24940 Hetzner Online GmbH
Requested by https://new-benefit.com/urogun/it1n/
Certificate IssuerLet's Encrypt
Subjectnew-benefit.com
Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5
ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 538x287, components 3
Size 128 kB (128516 bytes)
Hash 6cce758dbc0dbf96276473824497abbd
fa121a06db6c3ef8f657309ff8f14a236028a7e9
dbbeaf2e8d8756372e8c4fa25e138749a9d4f95cfbf2e384f690a048d9e4e04e
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /urogun/it1n/img/img02.jpg HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:08:24 GMT
content-type: image/jpeg
content-length: 128516
last-modified: Wed, 10 Apr 2024 10:57:33 GMT
etag: "6616709d-1f604"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
new-benefit.com/scripts/redirect_click.js
136.243.110.236200 OK 3.3 kB URL GET HTTP/2 new-benefit.com/scripts/redirect_click.js
IP 136.243.110.236:443
ASN #24940 Hetzner Online GmbH
Requested by https://new-benefit.com/urogun/it1n/
Certificate IssuerLet's Encrypt
Subjectnew-benefit.com
Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5
ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT
File type JavaScript source, Unicode text, UTF-8 text
Hash 6e49a78c811c765ab7d5914c557c9c09
e7ae71098de6ff5645b4c131bd81ecb0b06e8cfd
749ac207d8d715ecdbcb0baaff1d386e19852bfcf131a2d187fa7c0a284a4a44
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /scripts/redirect_click.js HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:08:24 GMT
content-type: application/javascript
content-length: 3318
last-modified: Fri, 03 May 2024 15:17:44 GMT
etag: "66350018-cf6"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
new-benefit.com/urogun/it1n/img/av-01.jpg
136.243.110.236200 OK 1.1 kB URL GET HTTP/2 new-benefit.com/urogun/it1n/img/av-01.jpg
IP 136.243.110.236:443
ASN #24940 Hetzner Online GmbH
Requested by https://new-benefit.com/urogun/it1n/
Certificate IssuerLet's Encrypt
Subjectnew-benefit.com
Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5
ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 38x38, components 3
Hash e88354ce55bd3744945cb5be93c4aa14
b050a4c67da760ad70b7d7b17c323446ef6f05db
d0a8e149e860c8ee11b4bc486ce9f9d85f748348beae1c70eeffb7e7a6ed613c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /urogun/it1n/img/av-01.jpg HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:08:24 GMT
content-type: image/jpeg
content-length: 1108
last-modified: Wed, 10 Apr 2024 10:57:29 GMT
etag: "66167099-454"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
new-benefit.com/urogun/it1n/img/av-02.jpg
136.243.110.236200 OK 1.0 kB URL GET HTTP/2 new-benefit.com/urogun/it1n/img/av-02.jpg
IP 136.243.110.236:443
ASN #24940 Hetzner Online GmbH
Requested by https://new-benefit.com/urogun/it1n/
Certificate IssuerLet's Encrypt
Subjectnew-benefit.com
Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5
ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 38x38, components 3
Hash dfb8fae25203df84946b0de1ac76b8ae
5a25af942b81e7c6730c144f31ac15845afb91ce
b23db8cf32bcdb2109f22dce5ca1fd9e08cc5acd5a716f54c4c1a50ac9ea6606
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /urogun/it1n/img/av-02.jpg HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:08:24 GMT
content-type: image/jpeg
content-length: 1019
last-modified: Wed, 10 Apr 2024 10:57:29 GMT
etag: "66167099-3fb"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
new-benefit.com/urogun/it1n/img/av-03.jpg
136.243.110.236200 OK 1.0 kB URL GET HTTP/2 new-benefit.com/urogun/it1n/img/av-03.jpg
IP 136.243.110.236:443
ASN #24940 Hetzner Online GmbH
Requested by https://new-benefit.com/urogun/it1n/
Certificate IssuerLet's Encrypt
Subjectnew-benefit.com
Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5
ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 38x38, components 3
Hash 6c3af4fb2833002863dd7c9573128d24
18cefe5ee6b9f30f7b2989586d2d69c7f77b04a9
4193f7aa368f8daef741aec2fa5bd64b5a5bd4dfe592743748ab611f735395c8
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /urogun/it1n/img/av-03.jpg HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:08:24 GMT
content-type: image/jpeg
content-length: 1049
last-modified: Wed, 10 Apr 2024 10:57:29 GMT
etag: "66167099-419"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
new-benefit.com/urogun/it1n/img/av-06.jpg
136.243.110.236200 OK 1.1 kB URL GET HTTP/2 new-benefit.com/urogun/it1n/img/av-06.jpg
IP 136.243.110.236:443
ASN #24940 Hetzner Online GmbH
Requested by https://new-benefit.com/urogun/it1n/
Certificate IssuerLet's Encrypt
Subjectnew-benefit.com
Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5
ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 38x38, components 3
Hash 3af8fcbbcc64f8f94d7465481ff75b67
e5299dbfc35945be37eaeef8bad3fec1d0571150
8ce8260e4a2b44055e1fda472a85b0c646b0814fdc2956f6854503e3f0b7db07
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /urogun/it1n/img/av-06.jpg HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:08:24 GMT
content-type: image/jpeg
content-length: 1065
last-modified: Wed, 10 Apr 2024 10:57:29 GMT
etag: "66167099-429"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
new-benefit.com/urogun/it1n/img/av-08.jpg
136.243.110.236200 OK 1.0 kB URL GET HTTP/2 new-benefit.com/urogun/it1n/img/av-08.jpg
IP 136.243.110.236:443
ASN #24940 Hetzner Online GmbH
Requested by https://new-benefit.com/urogun/it1n/
Certificate IssuerLet's Encrypt
Subjectnew-benefit.com
Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5
ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 38x38, components 3
Hash ca6ffb56ba2294a1f2481f261ae1fa88
ce383ee3c6dfe9171c146768bd5a600d00124974
949f0f4d1b5dcf9eacc9bff5fa864b5ec40243d467176fb6abf79280a629b2ab
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /urogun/it1n/img/av-08.jpg HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:08:24 GMT
content-type: image/jpeg
content-length: 1041
last-modified: Wed, 10 Apr 2024 10:57:29 GMT
etag: "66167099-411"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
new-benefit.com/urogun/it1n/img/av-07.jpg
136.243.110.236200 OK 998 B URL GET HTTP/2 new-benefit.com/urogun/it1n/img/av-07.jpg
IP 136.243.110.236:443
ASN #24940 Hetzner Online GmbH
Requested by https://new-benefit.com/urogun/it1n/
Certificate IssuerLet's Encrypt
Subjectnew-benefit.com
Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5
ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 38x38, components 3
Hash 0c6ecad78c72d17c3df22667ee9e55af
0ab6426795de5fd45d4808a1d9159f658efd2800
d819e46aa2099f64cd8ad39ddc706aa3277f227d41d9446181eba97cecfa3ea3
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /urogun/it1n/img/av-07.jpg HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:08:24 GMT
content-type: image/jpeg
content-length: 998
last-modified: Wed, 10 Apr 2024 10:57:29 GMT
etag: "66167099-3e6"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
new-benefit.com/urogun/it1n/img/av-09.jpg
136.243.110.236200 OK 907 B URL GET HTTP/2 new-benefit.com/urogun/it1n/img/av-09.jpg
IP 136.243.110.236:443
ASN #24940 Hetzner Online GmbH
Requested by https://new-benefit.com/urogun/it1n/
Certificate IssuerLet's Encrypt
Subjectnew-benefit.com
Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5
ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 38x38, components 3
Hash 7fea199f5ce4a3297eb08d769cfafbeb
086bfdd9ad69ef867db82bcc46da60cd60935ffa
66741c3d3cea2ad1f400b8c45731ff77882987358c832fa6a8b785a8d13c5580
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /urogun/it1n/img/av-09.jpg HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:08:24 GMT
content-type: image/jpeg
content-length: 907
last-modified: Wed, 10 Apr 2024 10:57:30 GMT
etag: "6616709a-38b"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
new-benefit.com/urogun/it1n/img/av-13.jpg
136.243.110.236200 OK 1.1 kB URL GET HTTP/2 new-benefit.com/urogun/it1n/img/av-13.jpg
IP 136.243.110.236:443
ASN #24940 Hetzner Online GmbH
Requested by https://new-benefit.com/urogun/it1n/
Certificate IssuerLet's Encrypt
Subjectnew-benefit.com
Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5
ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 38x38, components 3
Hash 2bdbaff3bcd8def17cbd206da9e69be5
59b46ca4af8e08432345eb7a91c636c4c722e15a
b7e0c7384255ba4c179e4d57786a8657207ee4f6b90924fb9e0c425516876f79
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /urogun/it1n/img/av-13.jpg HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:08:24 GMT
content-type: image/jpeg
content-length: 1072
last-modified: Wed, 10 Apr 2024 10:57:30 GMT
etag: "6616709a-430"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
new-benefit.com/urogun/it1n/img/av-11.jpg
136.243.110.236200 OK 1.0 kB URL GET HTTP/2 new-benefit.com/urogun/it1n/img/av-11.jpg
IP 136.243.110.236:443
ASN #24940 Hetzner Online GmbH
Requested by https://new-benefit.com/urogun/it1n/
Certificate IssuerLet's Encrypt
Subjectnew-benefit.com
Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5
ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 38x38, components 3
Hash c335839e5d5ea10063beeb7b7c143664
23cd6fd9b78b523ce458db0cbfdd208f4394614a
df5b2b54467fc6bd83c998936d71ea8896a00ca40155ded4b70cfc7dd2b2d8ee
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /urogun/it1n/img/av-11.jpg HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:08:24 GMT
content-type: image/jpeg
content-length: 1045
last-modified: Wed, 10 Apr 2024 10:57:30 GMT
etag: "6616709a-415"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
new-benefit.com/urogun/it1n/img/av-12.jpg
136.243.110.236200 OK 868 B URL GET HTTP/2 new-benefit.com/urogun/it1n/img/av-12.jpg
IP 136.243.110.236:443
ASN #24940 Hetzner Online GmbH
Requested by https://new-benefit.com/urogun/it1n/
Certificate IssuerLet's Encrypt
Subjectnew-benefit.com
Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5
ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 38x38, components 3
Hash 956c685c472feff50dba4faf67ad6342
0efa1f48bb17c1d94218210028a56db9caa11915
4dee0919b4bb9c47698b4ad2be82334a4d95bb926f6ba67d11e08d303e46639b
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /urogun/it1n/img/av-12.jpg HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:08:24 GMT
content-type: image/jpeg
content-length: 868
last-modified: Wed, 10 Apr 2024 10:57:30 GMT
etag: "6616709a-364"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
new-benefit.com/urogun/it1n/img/av-14.jpg
136.243.110.236200 OK 952 B URL GET HTTP/2 new-benefit.com/urogun/it1n/img/av-14.jpg
IP 136.243.110.236:443
ASN #24940 Hetzner Online GmbH
Requested by https://new-benefit.com/urogun/it1n/
Certificate IssuerLet's Encrypt
Subjectnew-benefit.com
Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5
ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 38x38, components 3
Hash e841b95fd803d46b070cb354c678d1ed
19f320f1a14ca491d244bb146cac4ff7dded2d7e
4e93daa4434376829a7423fa02d06f863909b4372b425b650ef2f6dc688e8cf5
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /urogun/it1n/img/av-14.jpg HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:08:24 GMT
content-type: image/jpeg
content-length: 952
last-modified: Wed, 10 Apr 2024 10:57:30 GMT
etag: "6616709a-3b8"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
new-benefit.com/urogun/it1n/img/av-15.jpg
136.243.110.236200 OK 1.1 kB URL GET HTTP/2 new-benefit.com/urogun/it1n/img/av-15.jpg
IP 136.243.110.236:443
ASN #24940 Hetzner Online GmbH
Requested by https://new-benefit.com/urogun/it1n/
Certificate IssuerLet's Encrypt
Subjectnew-benefit.com
Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5
ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 38x38, components 3
Hash e2388b4bf4babcc13967189c6ca09b7e
e9330dd232dd56d06296f2d7de39bef587e813bf
350289962375afada5bc305a1bfefda202ae2c07e182bd2bd5136fc18f9a104b
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /urogun/it1n/img/av-15.jpg HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:08:24 GMT
content-type: image/jpeg
content-length: 1052
last-modified: Wed, 10 Apr 2024 10:57:30 GMT
etag: "6616709a-41c"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
new-benefit.com/urogun/it1n/img/av-16.jpg
136.243.110.236200 OK 994 B URL GET HTTP/2 new-benefit.com/urogun/it1n/img/av-16.jpg
IP 136.243.110.236:443
ASN #24940 Hetzner Online GmbH
Requested by https://new-benefit.com/urogun/it1n/
Certificate IssuerLet's Encrypt
Subjectnew-benefit.com
Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5
ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 38x38, components 3
Hash c99d5a469916dc0268e2d09e18336148
219f3910e8fffc1ae9f21ca88cea69940cbbc607
1b9dae724b4b54b982b39e92f74a0e8c6ba9961ff9e88e373ec7bf883d330214
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /urogun/it1n/img/av-16.jpg HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:08:24 GMT
content-type: image/jpeg
content-length: 994
last-modified: Wed, 10 Apr 2024 10:57:30 GMT
etag: "6616709a-3e2"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
new-benefit.com/urogun/it1n/img/av-17.jpg
136.243.110.236200 OK 1.2 kB URL GET HTTP/2 new-benefit.com/urogun/it1n/img/av-17.jpg
IP 136.243.110.236:443
ASN #24940 Hetzner Online GmbH
Requested by https://new-benefit.com/urogun/it1n/
Certificate IssuerLet's Encrypt
Subjectnew-benefit.com
Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5
ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 38x38, components 3
Hash 183c97e5362f507128cb4e9eb391a157
901f3be173d1537b8d18bfa56a803a6b346d0bff
ade83f185a833d908d89e43a97aa7c03954ef4a9b67adefe3be5638ded8db350
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /urogun/it1n/img/av-17.jpg HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:08:24 GMT
content-type: image/jpeg
content-length: 1166
last-modified: Wed, 10 Apr 2024 10:57:30 GMT
etag: "6616709a-48e"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
new-benefit.com/urogun/it1n/img/av-20.jpg
136.243.110.236200 OK 897 B URL GET HTTP/2 new-benefit.com/urogun/it1n/img/av-20.jpg
IP 136.243.110.236:443
ASN #24940 Hetzner Online GmbH
Requested by https://new-benefit.com/urogun/it1n/
Certificate IssuerLet's Encrypt
Subjectnew-benefit.com
Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5
ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 38x38, components 3
Hash f87ab38568abf4e8f7bfdcbf14f23654
a4d11bffc89b9bf50eb6b9ee38cd6a660a54ff7d
5f1eb0b65ea357e1f182f8c656795b8583ab876b1d131b5b21b92650c2913065
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /urogun/it1n/img/av-20.jpg HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:08:24 GMT
content-type: image/jpeg
content-length: 897
last-modified: Wed, 10 Apr 2024 10:57:30 GMT
etag: "6616709a-381"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
new-benefit.com/urogun/it1n/img/av-21.jpg
136.243.110.236200 OK 832 B URL GET HTTP/2 new-benefit.com/urogun/it1n/img/av-21.jpg
IP 136.243.110.236:443
ASN #24940 Hetzner Online GmbH
Requested by https://new-benefit.com/urogun/it1n/
Certificate IssuerLet's Encrypt
Subjectnew-benefit.com
Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5
ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 38x38, components 3
Hash d8b5f89b6c74243d87ae1aebfa02088b
040ece648c74c0220d58f534a680d4dbb6d17550
b613610f2b3e7e6473258e150b24b8a0d1060bdc46aad9d12ece846cdc4ada37
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /urogun/it1n/img/av-21.jpg HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:08:24 GMT
content-type: image/jpeg
content-length: 832
last-modified: Wed, 10 Apr 2024 10:57:30 GMT
etag: "6616709a-340"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
new-benefit.com/urogun/it1n/img/av-19.jpg
136.243.110.236200 OK 881 B URL GET HTTP/2 new-benefit.com/urogun/it1n/img/av-19.jpg
IP 136.243.110.236:443
ASN #24940 Hetzner Online GmbH
Requested by https://new-benefit.com/urogun/it1n/
Certificate IssuerLet's Encrypt
Subjectnew-benefit.com
Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5
ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 38x38, components 3
Hash ee654719dc54ccaa0e7d97324934ed9f
763c52f97130937109e2863d00f0dd1cbcdcef03
596402d1ddd798170a7982cd1c084cb158e55c04efe1f5e33a4cd12a7cd265ca
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /urogun/it1n/img/av-19.jpg HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:08:24 GMT
content-type: image/jpeg
content-length: 881
last-modified: Wed, 10 Apr 2024 10:57:30 GMT
etag: "6616709a-371"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
new-benefit.com/urogun/it1n/img/av-22.jpg
136.243.110.236200 OK 1.0 kB URL GET HTTP/2 new-benefit.com/urogun/it1n/img/av-22.jpg
IP 136.243.110.236:443
ASN #24940 Hetzner Online GmbH
Requested by https://new-benefit.com/urogun/it1n/
Certificate IssuerLet's Encrypt
Subjectnew-benefit.com
Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5
ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 38x38, components 3
Hash 82d1e6a0400cf11116d347a3d912765a
a5abdccccb8cf7dbfccb85c205a7644723f49eca
da55f561dcc3101c65bc5e47b1e75f1db776440f222da82211123a59ce9e1e6e
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /urogun/it1n/img/av-22.jpg HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:08:24 GMT
content-type: image/jpeg
content-length: 1046
last-modified: Wed, 10 Apr 2024 10:57:30 GMT
etag: "6616709a-416"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
new-benefit.com/urogun/it1n/img/av-23.jpg
136.243.110.236200 OK 1.1 kB URL GET HTTP/2 new-benefit.com/urogun/it1n/img/av-23.jpg
IP 136.243.110.236:443
ASN #24940 Hetzner Online GmbH
Requested by https://new-benefit.com/urogun/it1n/
Certificate IssuerLet's Encrypt
Subjectnew-benefit.com
Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5
ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 38x38, components 3
Hash 31bf9c48a925f2d69392f66c299bfd85
bb2e0dc681151508fec1ba4341111875bc50db19
4043f831a82957c7494c1500895f8651642c98109d6e0bc40d89af20247b674b
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /urogun/it1n/img/av-23.jpg HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:08:24 GMT
content-type: image/jpeg
content-length: 1070
last-modified: Wed, 10 Apr 2024 10:57:31 GMT
etag: "6616709b-42e"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
new-benefit.com/urogun/it1n/img/av-24.jpg
136.243.110.236200 OK 872 B URL GET HTTP/2 new-benefit.com/urogun/it1n/img/av-24.jpg
IP 136.243.110.236:443
ASN #24940 Hetzner Online GmbH
Requested by https://new-benefit.com/urogun/it1n/
Certificate IssuerLet's Encrypt
Subjectnew-benefit.com
Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5
ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 38x38, components 3
Hash a2366b321d87d231493d54e2a3487ce6
6c639787c0554855d14dc4e4436cf00ea450ba75
99120c77a6f9150c0b9406a41d2df8910e7a57071ad0ba48b648d8d768a1707d
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /urogun/it1n/img/av-24.jpg HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:08:24 GMT
content-type: image/jpeg
content-length: 872
last-modified: Wed, 10 Apr 2024 10:57:31 GMT
etag: "6616709b-368"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
new-benefit.com/urogun/it1n/img/av-25.jpg
136.243.110.236200 OK 1.0 kB URL GET HTTP/2 new-benefit.com/urogun/it1n/img/av-25.jpg
IP 136.243.110.236:443
ASN #24940 Hetzner Online GmbH
Requested by https://new-benefit.com/urogun/it1n/
Certificate IssuerLet's Encrypt
Subjectnew-benefit.com
Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5
ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 38x38, components 3
Hash e34692dd0216e731808935d6952ab178
0ecbaa271b154e4d1dfa23a21be932a644dfc0a1
7e442e904c0c2d46bd3f36160fd05c7b0ed6ee4506e34f6bdf78bb571707982a
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /urogun/it1n/img/av-25.jpg HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:08:24 GMT
content-type: image/jpeg
content-length: 1003
last-modified: Wed, 10 Apr 2024 10:57:31 GMT
etag: "6616709b-3eb"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
new-benefit.com/urogun/it1n/img/av-26.jpg
136.243.110.236200 OK 1.1 kB URL GET HTTP/2 new-benefit.com/urogun/it1n/img/av-26.jpg
IP 136.243.110.236:443
ASN #24940 Hetzner Online GmbH
Requested by https://new-benefit.com/urogun/it1n/
Certificate IssuerLet's Encrypt
Subjectnew-benefit.com
Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5
ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 38x38, components 3
Hash 1b69b8199fafcd297d53664aefdf5efb
bf34f92cce67ad7b044dff1aee61d56dd00a269d
47416848cb1794b393122078b3929b2006c413def4f398145f4e3e8b18453189
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /urogun/it1n/img/av-26.jpg HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:08:24 GMT
content-type: image/jpeg
content-length: 1107
last-modified: Wed, 10 Apr 2024 10:57:31 GMT
etag: "6616709b-453"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
new-benefit.com/urogun/it1n/img/sidebar01.jpg
136.243.110.236200 OK 2.9 kB URL GET HTTP/2 new-benefit.com/urogun/it1n/img/sidebar01.jpg
IP 136.243.110.236:443
ASN #24940 Hetzner Online GmbH
Requested by https://new-benefit.com/urogun/it1n/
Certificate IssuerLet's Encrypt
Subjectnew-benefit.com
Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5
ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 105x81, components 3
Hash 5760775f85ea9bfee3c0e5881687260e
5a37a2c00d5780d3a7ed4364596bfa0e057d4f65
edf4cd205ace9742c3ce456b10964b2f02b9c3b95b67c4abaed97e1e69c97b04
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /urogun/it1n/img/sidebar01.jpg HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:08:24 GMT
content-type: image/jpeg
content-length: 2861
last-modified: Wed, 10 Apr 2024 10:57:34 GMT
etag: "6616709e-b2d"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
new-benefit.com/urogun/it1n/img/sidebar02.jpg
136.243.110.236200 OK 3.0 kB URL GET HTTP/2 new-benefit.com/urogun/it1n/img/sidebar02.jpg
IP 136.243.110.236:443
ASN #24940 Hetzner Online GmbH
Requested by https://new-benefit.com/urogun/it1n/
Certificate IssuerLet's Encrypt
Subjectnew-benefit.com
Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5
ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 105x81, components 3
Hash d0eb449cac68ec1c52d934d1b399810e
f7aa42b28810076d53ee9d34e9a1cbb520d529a9
e78a32fb76601a23f84027a00016850f72e1df02f40ed439fc9aadfa1a3eb712
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /urogun/it1n/img/sidebar02.jpg HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:08:24 GMT
content-type: image/jpeg
content-length: 2972
last-modified: Wed, 10 Apr 2024 10:57:34 GMT
etag: "6616709e-b9c"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
new-benefit.com/urogun/it1n/img/sidebar03.jpg
136.243.110.236200 OK 1.7 kB URL GET HTTP/2 new-benefit.com/urogun/it1n/img/sidebar03.jpg
IP 136.243.110.236:443
ASN #24940 Hetzner Online GmbH
Requested by https://new-benefit.com/urogun/it1n/
Certificate IssuerLet's Encrypt
Subjectnew-benefit.com
Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5
ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 105x81, components 3
Hash de7040dfc391fed7f2046a32a454c3da
58d28a724475debe3eb81b23c149dc5b9ce030b1
4ac6995d7cb9cbcac2faa94ca76ae0111a47eaba5fee3c6bc13844a5f12a9243
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /urogun/it1n/img/sidebar03.jpg HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:08:24 GMT
content-type: image/jpeg
content-length: 1659
last-modified: Wed, 10 Apr 2024 10:57:34 GMT
etag: "6616709e-67b"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
new-benefit.com/urogun/it1n/img/sidebar04.jpg
136.243.110.236200 OK 2.0 kB URL GET HTTP/2 new-benefit.com/urogun/it1n/img/sidebar04.jpg
IP 136.243.110.236:443
ASN #24940 Hetzner Online GmbH
Requested by https://new-benefit.com/urogun/it1n/
Certificate IssuerLet's Encrypt
Subjectnew-benefit.com
Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5
ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 105x81, components 3
Hash b55a732bc572ae6e10bb5a2019d7a95c
25ab2b0f48ef4fcbc126cea0bad8a3a60322f113
ea91fc4cc1d391538a5f7592c8582d1a270648398895e3fa1be40d495b22ca26
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /urogun/it1n/img/sidebar04.jpg HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:08:24 GMT
content-type: image/jpeg
content-length: 2008
last-modified: Wed, 10 Apr 2024 10:57:34 GMT
etag: "6616709e-7d8"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
new-benefit.com/urogun/it1n/img/sidebar05.jpg
136.243.110.236200 OK 2.2 kB URL GET HTTP/2 new-benefit.com/urogun/it1n/img/sidebar05.jpg
IP 136.243.110.236:443
ASN #24940 Hetzner Online GmbH
Requested by https://new-benefit.com/urogun/it1n/
Certificate IssuerLet's Encrypt
Subjectnew-benefit.com
Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5
ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 105x81, components 3
Hash 4df2f3a743a47b5b92fe998b4f1bb9ce
cc28fb36e0b96bf93b2d906e47a47d48cc3ab00c
13a0a44347077dab20f796d8da486238b4eb4d749179bbbfc42936427d25c038
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /urogun/it1n/img/sidebar05.jpg HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:08:24 GMT
content-type: image/jpeg
content-length: 2218
last-modified: Wed, 10 Apr 2024 10:57:34 GMT
etag: "6616709e-8aa"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
new-benefit.com/urogun/it1n/img/sidebar06.jpg
136.243.110.236200 OK 2.6 kB URL GET HTTP/2 new-benefit.com/urogun/it1n/img/sidebar06.jpg
IP 136.243.110.236:443
ASN #24940 Hetzner Online GmbH
Requested by https://new-benefit.com/urogun/it1n/
Certificate IssuerLet's Encrypt
Subjectnew-benefit.com
Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5
ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 105x81, components 3
Hash c8800ad73781da7b1384036c04d87fc8
07c7f043cf0ae6e55f6e640294efc3ad84a8e50c
6b1ad16eb1557a54baf919642637a938aae088bde63a18808505c4fce98e6bcb
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /urogun/it1n/img/sidebar06.jpg HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:08:24 GMT
content-type: image/jpeg
content-length: 2586
last-modified: Wed, 10 Apr 2024 10:57:34 GMT
etag: "6616709e-a1a"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
new-benefit.com/urogun/it1n/img/sidebar07.jpg
136.243.110.236200 OK 2.9 kB URL GET HTTP/2 new-benefit.com/urogun/it1n/img/sidebar07.jpg
IP 136.243.110.236:443
ASN #24940 Hetzner Online GmbH
Requested by https://new-benefit.com/urogun/it1n/
Certificate IssuerLet's Encrypt
Subjectnew-benefit.com
Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5
ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 105x81, components 3
Hash 1ed6026639fc90bc8108ec1ced51094c
8c5b4cac237e777ee2b6bbc4f7670308c0e512f6
9ffbb104bcf56ca4122ca67cf5bbb1ef6feae6b0e5be4513d7a70ff1c59e7a59
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /urogun/it1n/img/sidebar07.jpg HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:08:24 GMT
content-type: image/jpeg
content-length: 2867
last-modified: Wed, 10 Apr 2024 10:57:35 GMT
etag: "6616709f-b33"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
new-benefit.com/urogun/it1n/img/sidebar08.jpg
136.243.110.236200 OK 3.6 kB URL GET HTTP/2 new-benefit.com/urogun/it1n/img/sidebar08.jpg
IP 136.243.110.236:443
ASN #24940 Hetzner Online GmbH
Requested by https://new-benefit.com/urogun/it1n/
Certificate IssuerLet's Encrypt
Subjectnew-benefit.com
Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5
ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 105x81, components 3
Hash dd772918243274b8027aa9a4a4645832
cdf5164a56ae34bff47dd973b8ece22b2c95ccc9
a3679bcac18bc240334a6a148ad2a3e4916ca4380589c4b64b180f346a8c7cef
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /urogun/it1n/img/sidebar08.jpg HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:08:24 GMT
content-type: image/jpeg
content-length: 3555
last-modified: Wed, 10 Apr 2024 10:57:35 GMT
etag: "6616709f-de3"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
new-benefit.com/urogun/it1n/img/sidebar09.jpg
136.243.110.236200 OK 2.7 kB URL GET HTTP/2 new-benefit.com/urogun/it1n/img/sidebar09.jpg
IP 136.243.110.236:443
ASN #24940 Hetzner Online GmbH
Requested by https://new-benefit.com/urogun/it1n/
Certificate IssuerLet's Encrypt
Subjectnew-benefit.com
Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5
ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 105x81, components 3
Hash b068f212026ded54befbabcffa608b17
40653ef129ae1de3f93a772a2ef366b8b50f6771
51495f000933917d017845fb0b3d74c97d3da78a7cf13ab2712e074951bcdb81
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /urogun/it1n/img/sidebar09.jpg HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:08:24 GMT
content-type: image/jpeg
content-length: 2693
last-modified: Wed, 10 Apr 2024 10:57:35 GMT
etag: "6616709f-a85"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
new-benefit.com/urogun/it1n/img/logo2.png
136.243.110.236200 OK 1.8 kB URL GET HTTP/2 new-benefit.com/urogun/it1n/img/logo2.png
IP 136.243.110.236:443
ASN #24940 Hetzner Online GmbH
Requested by https://new-benefit.com/urogun/it1n/
Certificate IssuerLet's Encrypt
Subjectnew-benefit.com
Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5
ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT
File type PNG image data, 165 x 26, 8-bit colormap, non-interlaced
Hash 21bab63d6d72c0c6b324ec295e9e00b4
a4463e830d752d005fc83b6066d70c969635e8e2
b490cbff9d328b5f27998bbe155fcc9fc756739b14f5df7027c0de9a3e55caaf
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /urogun/it1n/img/logo2.png HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:08:24 GMT
content-type: image/png
content-length: 1750
last-modified: Wed, 10 Apr 2024 10:57:34 GMT
etag: "6616709e-6d6"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
new-benefit.com/urogun/it1n/img/img04.jpg
136.243.110.236200 OK 131 kB URL GET HTTP/2 new-benefit.com/urogun/it1n/img/img04.jpg
IP 136.243.110.236:443
ASN #24940 Hetzner Online GmbH
Requested by https://new-benefit.com/urogun/it1n/
Certificate IssuerLet's Encrypt
Subjectnew-benefit.com
Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5
ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 576x508, components 3
Size 131 kB (130684 bytes)
Hash 8eedc9b7b6d79f9e71a576cbbd9b2107
67c4d24867e8354bd6d70b8dfe604cb221e830f8
a71b2bc6792a285b051c5a23f08ce10f38dca0f261e81804ff45f0b4462c3f0c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /urogun/it1n/img/img04.jpg HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:08:24 GMT
content-type: image/jpeg
content-length: 130684
last-modified: Wed, 10 Apr 2024 10:57:33 GMT
etag: "6616709d-1fe7c"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
new-benefit.com/urogun/it1n/img/img07.jpg
136.243.110.236200 OK 99 kB URL GET HTTP/2 new-benefit.com/urogun/it1n/img/img07.jpg
IP 136.243.110.236:443
ASN #24940 Hetzner Online GmbH
Requested by https://new-benefit.com/urogun/it1n/
Certificate IssuerLet's Encrypt
Subjectnew-benefit.com
Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5
ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 472x331, components 3
Hash cbaf63e6c06551aa8df125088cf158a8
79c0c0e7105a2ec2f889e7ab312ae7b9d956083e
79185c113c168106609922ce9415dd401504a0fb7ad62b42ba29b986f331fea6
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /urogun/it1n/img/img07.jpg HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:08:24 GMT
content-type: image/jpeg
content-length: 98958
last-modified: Wed, 10 Apr 2024 10:57:34 GMT
etag: "6616709e-1828e"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
new-benefit.com/urogun/it1n/img/product.png
136.243.110.236200 OK 86 kB URL GET HTTP/2 new-benefit.com/urogun/it1n/img/product.png
IP 136.243.110.236:443
ASN #24940 Hetzner Online GmbH
Requested by https://new-benefit.com/urogun/it1n/
Certificate IssuerLet's Encrypt
Subjectnew-benefit.com
Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5
ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT
File type PNG image data, 460 x 612, 8-bit/color RGBA, non-interlaced
Hash 63d15831ac9290833081004c7d408217
01ce63fd0a878f7aad46952f3884bc3edd9ecd2d
f7e0a0dbdccbcb07b58d2346243a21a5770929fce633b464ab0d19f0c22b29b1
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /urogun/it1n/img/product.png HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:08:24 GMT
content-type: image/png
content-length: 85502
last-modified: Wed, 10 Apr 2024 10:57:34 GMT
etag: "6616709e-14dfe"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
new-benefit.com/urogun/it1n/img/img03.jpg
136.243.110.236200 OK 145 kB URL GET HTTP/2 new-benefit.com/urogun/it1n/img/img03.jpg
IP 136.243.110.236:443
ASN #24940 Hetzner Online GmbH
Requested by https://new-benefit.com/urogun/it1n/
Certificate IssuerLet's Encrypt
Subjectnew-benefit.com
Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5
ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 615x386, components 3
Size 145 kB (145361 bytes)
Hash ce0daab9f0f9ddc4ab51326c9ccea803
04e1add08ca0ac8bbc689f4a2fc210dc4da5c81f
e213de73d2330ca5e207c1ae3361c10bf96f8c3d3266a2f19166ebec80873a0c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /urogun/it1n/img/img03.jpg HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:08:24 GMT
content-type: image/jpeg
content-length: 145361
last-modified: Wed, 10 Apr 2024 10:57:33 GMT
etag: "6616709d-237d1"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js
216.58.207.234200 OK 31 kB URL GET HTTP/2 ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js
IP 216.58.207.234:443
Requested by https://new-benefit.com/urogun/it1n/
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT
File type JavaScript source, ASCII text, with very long lines (65451)
Hash 220afd743d9e9643852e31a135a9f3ae
88523924351bac0b5d560fe0c5781e2556e7693d
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
GET /ajax/libs/jquery/3.4.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30774
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 May 2024 07:43:44 GMT
expires: Sat, 03 May 2025 07:43:44 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Mon, 13 May 2019 14:37:17 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 462280
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
new-benefit.com/urogun/it1n/img/img05.jpg
136.243.110.236200 OK 163 kB URL GET HTTP/2 new-benefit.com/urogun/it1n/img/img05.jpg
IP 136.243.110.236:443
ASN #24940 Hetzner Online GmbH
Requested by https://new-benefit.com/urogun/it1n/
Certificate IssuerLet's Encrypt
Subjectnew-benefit.com
Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5
ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 616x479, components 3
Size 163 kB (163067 bytes)
Hash 5e5dc98376af28e0e5f3982fe63aca7a
8619fc43ffff0e78c902c87059632070b86d395a
12c199f7304a38cff60b9bd1eb0619852d1aa6aa297ae3c6b134b1853f116d30
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /urogun/it1n/img/img05.jpg HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:08:24 GMT
content-type: image/jpeg
content-length: 163067
last-modified: Wed, 10 Apr 2024 10:57:33 GMT
etag: "6616709d-27cfb"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
new-benefit.com/urogun/it1n/img/img06.jpg
136.243.110.236200 OK 131 kB URL GET HTTP/2 new-benefit.com/urogun/it1n/img/img06.jpg
IP 136.243.110.236:443
ASN #24940 Hetzner Online GmbH
Requested by https://new-benefit.com/urogun/it1n/
Certificate IssuerLet's Encrypt
Subjectnew-benefit.com
Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5
ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 527x379, components 3
Size 131 kB (131364 bytes)
Hash 4e3111e898aa4381f090381d115ca3ea
d725bd01a2a8a0c25dc8b6e274c7c7e86a8328c5
b0ef3989168120850e686aa67763f16e2a08cf5fd87a1c393df4949da4991195
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /urogun/it1n/img/img06.jpg HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:08:24 GMT
content-type: image/jpeg
content-length: 131364
last-modified: Wed, 10 Apr 2024 10:57:33 GMT
etag: "6616709d-20124"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
new-benefit.com/urogun/it1n/fonts/RobotoBold.woff
136.243.110.236200 OK 25 kB URL GET HTTP/2 new-benefit.com/urogun/it1n/fonts/RobotoBold.woff
IP 136.243.110.236:443
ASN #24940 Hetzner Online GmbH
Requested by https://new-benefit.com/urogun/it1n/
Certificate IssuerLet's Encrypt
Subjectnew-benefit.com
Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5
ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT
File type Web Open Font Format, TrueType, length 24724, version 1.1
Hash af01b5037ff63cf05210745f4c248269
6d467daba17bc30c6ff3331e9ac91edb47995c06
ebf244a66931bb750c0eed9f5d90f7708abdadc364bbef7df8a4049c0a26c2b4
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /urogun/it1n/fonts/RobotoBold.woff HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://new-benefit.com/urogun/it1n/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:08:24 GMT
content-type: font/woff
content-length: 24724
last-modified: Wed, 10 Apr 2024 10:57:27 GMT
etag: "66167097-6094"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
new-benefit.com/urogun/it1n/fonts/RobotoRegular.woff
136.243.110.236200 OK 26 kB URL GET HTTP/2 new-benefit.com/urogun/it1n/fonts/RobotoRegular.woff
IP 136.243.110.236:443
ASN #24940 Hetzner Online GmbH
Requested by https://new-benefit.com/urogun/it1n/
Certificate IssuerLet's Encrypt
Subjectnew-benefit.com
Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5
ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT
File type Web Open Font Format, TrueType, length 26104, version 1.1
Hash 18b2429ba6e7179daeec5438639ab65f
c729757be40622e32a3cdee9e9ad4eabf80d38bc
230226211b6fa75f73a7257ef16ffa5904523b30e32e7aae949790ae288a4dc0
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /urogun/it1n/fonts/RobotoRegular.woff HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://new-benefit.com/urogun/it1n/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:08:24 GMT
content-type: font/woff
content-length: 26104
last-modified: Wed, 10 Apr 2024 10:57:28 GMT
etag: "66167098-65f8"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
new-benefit.com/urogun/it1n/fonts/fontawesome-webfont.woff2?v=4.7.0
136.243.110.236200 OK 77 kB URL GET HTTP/2 new-benefit.com/urogun/it1n/fonts/fontawesome-webfont.woff2?v=4.7.0
IP 136.243.110.236:443
ASN #24940 Hetzner Online GmbH
Requested by https://new-benefit.com/urogun/it1n/
Certificate IssuerLet's Encrypt
Subjectnew-benefit.com
Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5
ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT
File type Web Open Font Format (Version 2), TrueType, length 77160, version 4.459
Hash af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /urogun/it1n/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://new-benefit.com/urogun/it1n/css/font-awesome.min.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:08:24 GMT
content-type: font/woff2
content-length: 77160
last-modified: Wed, 10 Apr 2024 10:57:27 GMT
etag: "66167097-12d68"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
new-benefit.com/urogun/it1n/fonts/RobotoItalic.woff
136.243.110.236200 OK 46 kB URL GET HTTP/2 new-benefit.com/urogun/it1n/fonts/RobotoItalic.woff
IP 136.243.110.236:443
ASN #24940 Hetzner Online GmbH
Requested by https://new-benefit.com/urogun/it1n/
Certificate IssuerLet's Encrypt
Subjectnew-benefit.com
Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5
ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT
File type HTML document, Unicode text, UTF-8 text, with very long lines (738), with CRLF line terminators
Hash d5965bc27af28d168ae836cae995d2e9
a21b22df8a6ed96b8472ceb67b0de22bcc7ab234
886729a19dcf75cc4630ccd1b2f469bc5ab2226eef18b026b121f8e16f14d476
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /urogun/it1n/fonts/RobotoItalic.woff HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://new-benefit.com/urogun/it1n/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:08:24 GMT
content-type: font/woff
content-length: 46292
last-modified: Wed, 10 Apr 2024 10:57:28 GMT
etag: "66167098-b4d4"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
zerossl.ocsp.sectigo.com/
172.64.149.23 315 B URL zerossl.ocsp.sectigo.com/
IP 172.64.149.23:0
Hash d0c1fc10fcefddf559fc6efd164e42ad
f2d87d89bc32d4a6f5150825ec19b3ed52d970e8
14b8d0cff859554ec57bcc125535a2b872721062537c4584dd90a07fdcbe05c2
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 May 2024 16:08:24 GMT
Content-Type: application/ocsp-response
Content-Length: 315
Connection: keep-alive
Last-Modified: Tue, 07 May 2024 00:24:18 GMT
Expires: Tue, 14 May 2024 00:24:17 GMT
Etag: "f2d87d89bc32d4a6f5150825ec19b3ed52d970e8"
Cache-Control: max-age=462166,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 880ab551afbd0afe-OSL
new-benefit.com/urogun/it1n/fonts/RobotoItalic.ttf
136.243.110.236200 OK 174 kB URL GET HTTP/2 new-benefit.com/urogun/it1n/fonts/RobotoItalic.ttf
IP 136.243.110.236:443
ASN #24940 Hetzner Online GmbH
Requested by https://new-benefit.com/urogun/it1n/
Certificate IssuerLet's Encrypt
Subjectnew-benefit.com
Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5
ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT
File type TrueType Font data, 18 tables, 1st "GDEF", 26 names, Macintosh, Copyright 2011 Google Inc. All Rights Reserved.RobotoItalicRoboto ItalicVersion 2.137; 2017Robot
Size 174 kB (173932 bytes)
Hash 42bbe4eefcde1297b11dc4b6491e9746
0213e38dffde2a0a5672d84fb62c6aa994e38c3b
5fce8b6f8ba9f4d19f0d535e241d56a2b8e72bb07e7df711d968d092ef7f9fca
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /urogun/it1n/fonts/RobotoItalic.ttf HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://new-benefit.com/urogun/it1n/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:08:24 GMT
content-type: application/octet-stream
content-length: 173932
last-modified: Wed, 10 Apr 2024 10:57:28 GMT
etag: "66167098-2a76c"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
news-zacine.com/code/https-v2.js?uid=138148&site=1222735510&banadu=0&sub1=Tovarka&sub2=null&sub3=sub3&sub4=sub4
149.7.16.236200 OK 8.9 kB URL GET HTTP/2 news-zacine.com/code/https-v2.js?uid=138148&site=1222735510&banadu=0&sub1=Tovarka&sub2=null&sub3=sub3&sub4=sub4
IP 149.7.16.236:443
ASN #63023 AS-GLOBALTELEHOST
Requested by https://new-benefit.com/urogun/it1n/
Certificate IssuerZeroSSL
Subjectnews-zacine.com
Fingerprint8E:B8:5C:19:B8:B7:C9:AE:88:87:23:0F:3B:F7:95:B5:93:55:46:EE
ValidityMon, 01 Apr 2024 00:00:00 GMT - Sun, 30 Jun 2024 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (8924), with no line terminators
Hash f8a0f8d2c059e0f46e013480622e933d
523be7b151e654e4c27cf21e718cfe735a0bd8e9
1ab04ee1405c66352efc05723e33652f00dfbc8f2ebc4de021da9670caae2c35
GET /code/https-v2.js?uid=138148&site=1222735510&banadu=0&sub1=Tovarka&sub2=null&sub3=sub3&sub4=sub4 HTTP/1.1
Host: news-zacine.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 16:08:24 GMT
content-type: application/javascript
content-length: 8924
last-modified: Tue, 30 Apr 2024 11:03:41 GMT
etag: "6630d00d-22dc"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
xxx-benefit.com/click.php?event10=0
136.243.110.236200 OK 1.2 kB URL GET HTTP/2 xxx-benefit.com/click.php?event10=0
IP 136.243.110.236:443
ASN #24940 Hetzner Online GmbH
Requested by https://new-benefit.com/urogun/it1n/
Certificate IssuerLet's Encrypt
Subjectxxx-benefit.com
Fingerprint32:9E:E1:C6:4D:C9:66:99:08:C9:AA:6D:7B:16:92:D2:A2:04:4B:6F
ValidityMon, 29 Apr 2024 10:58:54 GMT - Sun, 28 Jul 2024 10:58:53 GMT
File type gzip compressed data, from Unix
Hash 15570774bde25c4e7ff4c9ec055f2ad4
193c26d6e7cc7d669c6cb2b622aed3760d124389
b49d64e7b02baee5527fa560a76532285e9c5b28a0ee296849e6ad319dd9502e
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /click.php?event10=0 HTTP/1.1
Host: xxx-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:08:24 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
new-benefit.com/urogun/it1n/
136.243.110.236200 OK 77 kB URL User Request GET HTTP/2 new-benefit.com/urogun/it1n/
IP 136.243.110.236:443
ASN #24940 Hetzner Online GmbH
Certificate IssuerLet's Encrypt
Subjectnew-benefit.com
Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5
ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /urogun/it1n/ HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:08:23 GMT
content-type: text/html
last-modified: Wed, 08 May 2024 15:37:23 GMT
etag: W/"663b9c33-12e86"
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
xxx-benefit.com/click.php?event7=1
136.243.110.236200 OK 0 B URL GET HTTP/2 xxx-benefit.com/click.php?event7=1
IP 136.243.110.236:443
ASN #24940 Hetzner Online GmbH
Requested by https://new-benefit.com/urogun/it1n/
Certificate IssuerLet's Encrypt
Subjectxxx-benefit.com
Fingerprint32:9E:E1:C6:4D:C9:66:99:08:C9:AA:6D:7B:16:92:D2:A2:04:4B:6F
ValidityMon, 29 Apr 2024 10:58:54 GMT - Sun, 28 Jul 2024 10:58:53 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /click.php?event7=1 HTTP/1.1
Host: xxx-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:08:34 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
news-coreca.com/process.js?id=1222735510&p1=Tovarka&p2=null&p3=sub3&p4=sub4
65.109.24.247200 OK 17 kB URL GET HTTP/2 news-coreca.com/process.js?id=1222735510&p1=Tovarka&p2=null&p3=sub3&p4=sub4
IP 65.109.24.247:443
ASN #24940 Hetzner Online GmbH
Requested by https://new-benefit.com/urogun/it1n/
Certificate IssuerLet's Encrypt
Subject*.news-coreca.com
FingerprintAC:F0:20:73:34:E8:56:38:FA:69:24:D5:C4:9C:DB:F0:59:9B:F9:2A
ValidityWed, 01 May 2024 10:41:45 GMT - Tue, 30 Jul 2024 10:41:44 GMT
File type JavaScript source, ASCII text, with very long lines (16808)
Hash 3fac9ffaf8817b58078394752a8ac9ea
25be9c4323b54c024fca2df623b1f846f8e45c0e
f2b74c359e45840bbdbb0c657bbbd8bc7e586fc0255b1f66b39332b3d423fbc5
GET /process.js?id=1222735510&p1=Tovarka&p2=null&p3=sub3&p4=sub4 HTTP/1.1
Host: news-coreca.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 16:08:24 GMT
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
vary: Origin
X-Firefox-Spdy: h2
new-benefit.com/urogun/it1n/img/favicon.ico
136.243.110.236200 OK 1.2 kB URL GET HTTP/2 new-benefit.com/urogun/it1n/img/favicon.ico
IP 136.243.110.236:443
ASN #24940 Hetzner Online GmbH
Requested by https://new-benefit.com/urogun/it1n/
Certificate IssuerLet's Encrypt
Subjectnew-benefit.com
Fingerprint9F:2E:57:12:16:18:49:6B:AE:75:48:E6:2D:99:A0:57:15:67:B8:F5
ValidityWed, 10 Apr 2024 08:51:40 GMT - Tue, 09 Jul 2024 08:51:39 GMT
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Hash 8207cb737079a3d8ddf0bc1388f6b3a4
e0acc54974eefa9583944b4de11f4f7bb1d750c7
b24d4534514128ed9ecb3239b1a30bade4da52e75b49da65045d2634b3d29bcf
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /urogun/it1n/img/favicon.ico HTTP/1.1
Host: new-benefit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 08 May 2024 16:08:24 GMT
content-type: image/x-icon
content-length: 1150
last-modified: Wed, 10 Apr 2024 10:57:31 GMT
etag: "6616709b-47e"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2