Report - www.secure-online-browsing.com/movies?file_name=VLC%20Player&redirect=https://safe-surfers.com/click&trvid=10006&extid=170084365410000TFRTV418443131544V3c&cost=&campid=372273420&zoneid=3744083-2437268221-0&lang=fr&banid=23738228&form=1000/movies//movies//movies//movies//movies//movies//movies//movies//movies//movies//movies//movies//movies//movies//movies//movies//movies//movies//movies//movies//movies/

Report Overview

Visited public
2023-11-24 20:26:39
Tags
URL
www.secure-online-browsing.com/movies?file_name=VLC%20Player&redirect=https://safe-surfers.com/click&trvid=10006&extid=170084365410000TFRTV418443131544V3c&cost=&campid=372273420&zoneid=3744083-2437268221-0&lang=fr&banid=23738228&form=1000/movies//movies//movies//movies//movies//movies//movies//movies//movies//movies//movies//movies//movies//movies//movies//movies//movies//movies//movies//movies//movies/
Finishing URL
www.secure-online-browsing.com/movies/
IP / ASN
104.21.91.238
#13335 CLOUDFLARENET
Title
Movies

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
e1.o.lencr.org	6159	2020-06-29	2021-08-20 09:36:30	2023-11-24 07:38:54	656 B	1.5 kB	23.33.119.27
www.secure-online-browsing.com	unknown	2023-09-12	2023-09-14 15:07:22	2023-11-22 05:33:32	5.6 kB	629 kB	172.67.181.236

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-11-24	medium	secure-online-browsing.com	Sinkholed
2023-11-24	medium	secure-online-browsing.com	Sinkholed
2023-11-24	medium	secure-online-browsing.com	Sinkholed
2023-11-24	medium	secure-online-browsing.com	Sinkholed
2023-11-24	medium	secure-online-browsing.com	Sinkholed
2023-11-24	medium	secure-online-browsing.com	Sinkholed
2023-11-24	medium	secure-online-browsing.com	Sinkholed
2023-11-24	medium	secure-online-browsing.com	Sinkholed
2023-11-24	medium	secure-online-browsing.com	Sinkholed
2023-11-24	medium	secure-online-browsing.com	Sinkholed
2023-11-24	medium	secure-online-browsing.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (5)

	URL	From	Size	First Seen	Last Seen
	www.secure-online-browsing.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js	ScriptElement	12 kB	2023-03-07	2025-05-11
Pretty URL www.secure-online-browsing.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js IP 172.67.181.236 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-11 12:56 Times Seen31313 Hash 88a769d2fe35899fd45a332a0a032cc0 514c6c1d8475d17e412849a4c90159517d0fa10a ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142 Loading...

	www.secure-online-browsing.com/common/jquery.min.js	ScriptElement	84 kB	2023-03-07	2025-05-11
Pretty URL www.secure-online-browsing.com/common/jquery.min.js IP 172.67.181.236 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-11 12:56 Times Seen7495 Hash 4a356126b9573eb7bd1e9a7494737410 8258d046f17dd3c15a5d3984e1868b7b5d1db329 22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5 Loading...

	www.secure-online-browsing.com/common/common_src.js	ScriptElement	1.5 kB	2023-11-22	2024-08-20
Pretty URL www.secure-online-browsing.com/common/common_src.js IP 172.67.181.236 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-22 07:52 Last Seen2024-08-20 18:21 Times Seen1719 Hash d63dd79a43beddcdb9936d49a51b4284 7f805973a34274bed308796732d2f948cd902267 2f96c11eb8a2d9c20215bf2c12602194f6fc799d75a320ffcd1d90825c5a9f9e Loading...

	www.secure-online-browsing.com/common/common_placeholder.js	ScriptElement	3.1 kB	2023-11-22	2024-08-29
Pretty URL www.secure-online-browsing.com/common/common_placeholder.js IP 172.67.181.236 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-22 07:52 Last Seen2024-08-29 17:29 Times Seen749 Hash d584367f931948d6bf74c6c2abc8c6e4 8714883930eb238fa71572892756cbafc53a3f54 45203a13df3c8cc346ccfa59bdb3bd6c1db636dddb163e8f184ab88e7a24961b Loading...

	unknown	ScriptElement	495 B	2023-11-24	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-24 20:11 Last Seen2024-08-20 18:02 Times Seen9 Hash 5b3ca2478924fa4cc1fd48afb0c769f0 3d734fb34c58a35486f691f943320a8b1fd538c1 53424f037c96b712432cc0458a179f87c44e42f473999453a41b2bc00ec24893 Loading...

HTTP Transactions (13)

URL IP Response Size

e1.o.lencr.org/

23.33.119.27

345 B

URL
e1.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
fbec2001c3c20009ad9db0d059a1f815
d3f3efc99e1a2837c5e6623f4235db55d084a483
2f301b8a2b6c51906a5aaf274bd870268cbbaa88053fb7b9ff6dc0ba4dc5fc36

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "2F301B8A2B6C51906A5AAF274BD870268CBBAA88053FB7B9FF6DC0BA4DC5FC36"
Last-Modified: Thu, 23 Nov 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13706
Expires: Sat, 25 Nov 2023 00:14:51 GMT
Date: Fri, 24 Nov 2023 20:26:25 GMT
Connection: keep-alive

e1.o.lencr.org/

23.33.119.57

345 B

URL
e1.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
2d90f81a9679c4e077b91b59d042caa7
5ddc47147be68e80cc3564ce599bc5bacd4b2655
a201bb2ab9da1e148c3c0290d1fc27028f7253dfcb076ca071ad584c7a377584

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "A201BB2AB9DA1E148C3C0290D1FC27028F7253DFCB076CA071AD584C7A377584"
Last-Modified: Thu, 23 Nov 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17064
Expires: Sat, 25 Nov 2023 01:10:49 GMT
Date: Fri, 24 Nov 2023 20:26:25 GMT
Connection: keep-alive

www.secure-online-browsing.com/movies/

172.67.181.236

200 OK

18 kB

URL User Request GET HTTP/2
www.secure-online-browsing.com/movies/
IP
172.67.181.236:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectsecure-online-browsing.com
FingerprintBA:BB:0B:03:33:F4:5B:12:3C:2B:09:72:67:E2:A3:F1:25:C2:38:20
ValidityFri, 10 Nov 2023 08:20:35 GMT - Thu, 08 Feb 2024 08:20:34 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2140)
Size
18 kB (18495 bytes)
Hash
9aeadec97f3212e4cc15eb00c8117a19
7e3df7aaf053fcab8caff842986bca8bb67faa0c
69e64ff981a8972c1ec008c88aad9c75b942a6736c404fb9b327453a45617edf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /movies/ HTTP/1.1
Host: www.secure-online-browsing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 24 Nov 2023 20:26:25 GMT
content-type: text/html
x-amz-id-2: 768a13PhGvmYXfW0nIbIyElNUqYosHPjT6a9Y0yYZ63fmDsKeGW7yAWTgsodJPNCqEC3SHu+vH0=
x-amz-request-id: C1F05H6YRP0AGRJ0
last-modified: Tue, 07 Nov 2023 11:58:30 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R0sFcKiyx6N%2FPWw5dvdHRQdQdHNSOW6UFtee%2B4g%2BP7T8QwcXKGEEL5LbyEWRc4v3xuRypKkhXKfT%2B6oAsHHhOrutFz69XsEetLgFdSdtoEMfxBlEJEThJUFAcjiU5Y3eSg%2BPx7SumPCFxUqJLKGcCuo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82b46307e84256af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.secure-online-browsing.com/movies/bg.jpg

172.67.181.236

200 OK

244 kB

URL GET HTTP/3
www.secure-online-browsing.com/movies/bg.jpg
IP
172.67.181.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.secure-online-browsing.com/movies/
Certificate
IssuerLet's Encrypt
Subjectsecure-online-browsing.com
FingerprintBA:BB:0B:03:33:F4:5B:12:3C:2B:09:72:67:E2:A3:F1:25:C2:38:20
ValidityFri, 10 Nov 2023 08:20:35 GMT - Thu, 08 Feb 2024 08:20:34 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1920x1250, components 3\012- data
Size
244 kB (243575 bytes)
Hash
8046b2faddd1fdab4a5eb28d888ee639
ff9365cb058c7aedd7be5c1a26a60098ce78fcbd
08f59a5bbcd6d6e7e4f8e9f1c337a8192cba50128f875043ae2ed5464ec58951

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /movies/bg.jpg HTTP/1.1
Host: www.secure-online-browsing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.secure-online-browsing.com/movies/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 24 Nov 2023 20:26:26 GMT
content-type: image/jpeg
content-length: 243575
x-amz-id-2: ePgoAJ6pjAT/K21++OXuudIEZy312cj/nwUkuVR8rVBwPBthGlny4qR3jSaLcRXnXuOKvq0r8N4=
x-amz-request-id: 8XXC6W251EKNY9TD
last-modified: Tue, 07 Nov 2023 11:58:30 GMT
etag: "8046b2faddd1fdab4a5eb28d888ee639"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6iyr2eExB1i4EVK1NRbXwjSmYrWXiZkHxFmZrRtdcruG4BHdf3EqNo2IWqx%2BtiBcH0T%2BiRvp3etMpI1otTR6bp%2Bxg0toZs0a8oea63JUQvISdZyRNPDPqxeuwW0a%2BgTut1Whehe3d8a0VIQK0aUsBC0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82b4630afac456a9-OSL
alt-svc: h3=":443"; ma=86400

www.secure-online-browsing.com/movies/Mask_Group_1.png

172.67.181.236

200 OK

220 kB

URL GET HTTP/3
www.secure-online-browsing.com/movies/Mask_Group_1.png
IP
172.67.181.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.secure-online-browsing.com/movies/
Certificate
IssuerLet's Encrypt
Subjectsecure-online-browsing.com
FingerprintBA:BB:0B:03:33:F4:5B:12:3C:2B:09:72:67:E2:A3:F1:25:C2:38:20
ValidityFri, 10 Nov 2023 08:20:35 GMT - Thu, 08 Feb 2024 08:20:34 GMT

File type
PNG image data, 1699 x 900, 8-bit/color RGBA, non-interlaced\012- data
Size
220 kB (219580 bytes)
Hash
5293d2e71016a94967e1b055269b311c
0d0cbda7b5c78115dd991ab03f90207dc9656dbf
ad8e6f509aac361d6df52554ded6f43bf1fca9943291bffeb7f0aeed2a77eddb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /movies/Mask_Group_1.png HTTP/1.1
Host: www.secure-online-browsing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.secure-online-browsing.com/movies/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 24 Nov 2023 20:26:26 GMT
content-type: image/png
content-length: 219580
x-amz-id-2: ks4t2d/FjHBePBgTtpwVWj1MU+Shjo3bi6UaxVTDeQG/sYMiN9X9TzVbjnbnhZP95oacjaapEtE=
x-amz-request-id: FK4MA5VMWR5GNXKF
last-modified: Tue, 07 Nov 2023 11:58:31 GMT
etag: "5293d2e71016a94967e1b055269b311c"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O%2B0RPdykD76jdfWLMncP40YJF%2BbDhMxfzbpo%2FTR83OCiKUArWPnrrLGI3ULuZUdOZxmzYjqBIcc4qFqNOLxDwkDDOorMug7oCKtBtGONs6h6e0TdiTSMSd7kkhnDcJ5aZrUVdatBg8YpL3n6yYwS8qk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82b4630afacf56a9-OSL
alt-svc: h3=":443"; ma=86400

www.secure-online-browsing.com/movies/Mask_Group_2.png

172.67.181.236

200 OK

14 kB

URL GET HTTP/3
www.secure-online-browsing.com/movies/Mask_Group_2.png
IP
172.67.181.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.secure-online-browsing.com/movies/
Certificate
IssuerLet's Encrypt
Subjectsecure-online-browsing.com
FingerprintBA:BB:0B:03:33:F4:5B:12:3C:2B:09:72:67:E2:A3:F1:25:C2:38:20
ValidityFri, 10 Nov 2023 08:20:35 GMT - Thu, 08 Feb 2024 08:20:34 GMT

File type
PNG image data, 133 x 158, 8-bit/color RGBA, non-interlaced\012- data
Size
14 kB (13493 bytes)
Hash
556a3142073ad8c0ce47fa5606c59a9f
cc7baca8d48e217bdf6a2760a00972e1336fd0d3
881790b346ba5d249686efaeb1909b09e4725830837da3fc1a159c2e9f6bc4f8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /movies/Mask_Group_2.png HTTP/1.1
Host: www.secure-online-browsing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.secure-online-browsing.com/movies/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 24 Nov 2023 20:26:26 GMT
content-type: image/png
content-length: 13493
x-amz-id-2: XD7L7BctmhfPo0Lbf3Kjn9iFN1WxGDZ+9INh8H/bXvPAm3auMwriAN252QwohOKCRg3DjA/idjA=
x-amz-request-id: 1TJMKZ5D4Z7G0M7S
last-modified: Tue, 07 Nov 2023 11:58:31 GMT
etag: "556a3142073ad8c0ce47fa5606c59a9f"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4867
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eVOFMW8RsdApL%2FBlHpyeJmbVbnzq8iU4jCNMEcmlu1Ixxa5rweQrR2JTLLdi6XcU2qmQST9UQjDbn64U959A58Skvc5Q6AH%2FwCwqlexplDCTm5C0jPDP6NBWhfyp3W4v5y%2FmY0%2B47d3RsGecLtcn3tY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82b4630afad956a9-OSL
alt-svc: h3=":443"; ma=86400

www.secure-online-browsing.com/favicon.ico

172.67.181.236

404 Not Found

202 B

URL GET HTTP/3
www.secure-online-browsing.com/favicon.ico
IP
172.67.181.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.secure-online-browsing.com/movies/
Certificate
IssuerLet's Encrypt
Subjectsecure-online-browsing.com
FingerprintBA:BB:0B:03:33:F4:5B:12:3C:2B:09:72:67:E2:A3:F1:25:C2:38:20
ValidityFri, 10 Nov 2023 08:20:35 GMT - Thu, 08 Feb 2024 08:20:34 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Size
202 B (202 bytes)
Hash
be3cd9da9d906b9308fd4b830c66fc02
8b548d509078fecedc00a851c0129e2a4f67c301
247fcedb67bb559aca60c5739237479e32967ddb0efef93f2cf4243737b551b6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.secure-online-browsing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.secure-online-browsing.com/movies/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Fri, 24 Nov 2023 20:26:26 GMT
content-type: text/html
last-modified: Wed, 13 Sep 2023 06:15:07 GMT
x-amz-error-code: NoSuchKey
x-amz-error-message: The specified key does not exist.
x-amz-error-detail-key: favicon.ico
x-amz-request-id: 8Z0PMJA4RQZD4QF1
x-amz-id-2: +Wt6o9DMx6bW1utTT6700mrCSb5jmppRzQ/5E1KRhT8jlRqt871cyuobTkwRNStA/nQTazs+eXM=
cache-control: max-age=14400
cf-cache-status: HIT
age: 155
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zkk5AkZAKCg9YTxLRaYl7l0ZeqnTanDJvRLNHdR3u2VOO37X5TPN9eHRg1NFv1pu37VkSA07DGg0Ogao3CDch0RxfVZVHhqNkJBTQMyLEl260vo7XdoOr4p4qNl6W2wO8ZnsnfQWya6F7mj5HawQWuc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82b4630ceee956a9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.secure-online-browsing.com/movies/movies.css

172.67.181.236

200 OK

7.0 kB

URL GET HTTP/3
www.secure-online-browsing.com/movies/movies.css
IP
172.67.181.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.secure-online-browsing.com/movies/
Certificate
IssuerLet's Encrypt
Subjectsecure-online-browsing.com
FingerprintBA:BB:0B:03:33:F4:5B:12:3C:2B:09:72:67:E2:A3:F1:25:C2:38:20
ValidityFri, 10 Nov 2023 08:20:35 GMT - Thu, 08 Feb 2024 08:20:34 GMT

File type
ASCII text, with very long lines (6998), with no line terminators
Size
7.0 kB (6996 bytes)
Hash
1dab04b6449531c9fdd5d5b3bb197ea9
1a67ee667c892b80ff1048f5f4eb7c263eced1ad
b720df93e7722c3d54cd7a773b5473345d97e14aa8af8fc39edd8343be98510d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /movies/movies.css HTTP/1.1
Host: www.secure-online-browsing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.secure-online-browsing.com/movies/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 24 Nov 2023 20:26:26 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=8878
etag: W/"e317efff0df67ccb785805f05aa48c4b"
last-modified: Tue, 07 Nov 2023 11:58:31 GMT
x-amz-id-2: 2Ya3w8w3/1Eo+5kOXt4IrP7BWUqid8WewuRAbwvSVVFfYBPLMAAuXNOGxs9o7WIGkGj7Xi5xVQo=
x-amz-request-id: 15TJ75B77X1N5HKS
cache-control: max-age=14400
cf-cache-status: HIT
age: 3496
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cMPMxSeSh%2F5rqIS%2FWkR73ay4SlWLe3ImW982eELoIkeJE5sWh2T6RAzJkh6H1w2vyk0IWilotdhF4YApeMwc2%2B7sXVtBkmAAOMDfmPP9d0rARWEC8Go15McAPB8WXgt7kpCwJTskJQqClsA9iP3cNvQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82b4630afab456a9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.secure-online-browsing.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

172.67.181.236

200 OK

12 kB

URL GET HTTP/3
www.secure-online-browsing.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
IP
172.67.181.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.secure-online-browsing.com/movies/
Certificate
IssuerLet's Encrypt
Subjectsecure-online-browsing.com
FingerprintBA:BB:0B:03:33:F4:5B:12:3C:2B:09:72:67:E2:A3:F1:25:C2:38:20
ValidityFri, 10 Nov 2023 08:20:35 GMT - Thu, 08 Feb 2024 08:20:34 GMT

File type
ASCII text, with very long lines (12331)
Size
12 kB (12332 bytes)
Hash
88a769d2fe35899fd45a332a0a032cc0
514c6c1d8475d17e412849a4c90159517d0fa10a
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js HTTP/1.1
Host: www.secure-online-browsing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.secure-online-browsing.com/movies/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 24 Nov 2023 20:26:26 GMT
content-type: application/javascript
last-modified: Thu, 16 Nov 2023 21:55:48 GMT
etag: W/"65568fe4-302c"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VR9MyFEiyYnXWz%2BF6azTixY1RmxjJkW2XRgUmTIZBfdh6E1Cqie9m1diKzQyHoAUcU4GPTbbDV%2F%2BzZBRFPcetE1peGkbT0%2BvzqcJJKWcMvQpst%2FjcUecoGZoDnharwA57VicscPmvvems1pSnQGtxHQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82b4630afadc56a9-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Sun, 26 Nov 2023 20:26:26 GMT
cache-control: max-age=172800, public
content-encoding: gzip

www.secure-online-browsing.com/common/common_placeholder.js

172.67.181.236

200 OK

3.1 kB

URL GET HTTP/3
www.secure-online-browsing.com/common/common_placeholder.js
IP
172.67.181.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.secure-online-browsing.com/movies/
Certificate
IssuerLet's Encrypt
Subjectsecure-online-browsing.com
FingerprintBA:BB:0B:03:33:F4:5B:12:3C:2B:09:72:67:E2:A3:F1:25:C2:38:20
ValidityFri, 10 Nov 2023 08:20:35 GMT - Thu, 08 Feb 2024 08:20:34 GMT

File type
ASCII text, with very long lines (3234), with no line terminators
Size
3.1 kB (3104 bytes)
Hash
845bc1c91e2f9f8783aaefa64fb19edc
d1fa1aaa641eb1c31f1c20d8cb6b67329603257d
c881a2e7b42451615cfaaeb2b034bc9edc0c5d781dfab225a8e129722992df70

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common/common_placeholder.js HTTP/1.1
Host: www.secure-online-browsing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.secure-online-browsing.com/movies/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 24 Nov 2023 20:26:26 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=3612
etag: W/"5b7e0999e5b3e6c0d62534bbcb48563c"
last-modified: Tue, 21 Nov 2023 15:43:58 GMT
x-amz-id-2: M0n8dHoJQq1hnsaMfsim8K2MNv+W5eKJOIfWAWmKxUQjlDx5XfFCsfQ76mbO4o2UbedkUOybgQc=
x-amz-request-id: 7N5J0CD6ZZZS707W
cache-control: max-age=14400
cf-cache-status: HIT
age: 6814
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8agTOwfk8%2BE3rMcQ%2FyojCWE41HQlUXWWeM7HtmHHLctBWl1dJZHvtA9%2B861gkAw5z%2BmwGoy1H7BZhidRRNZhuYNWQ8dvsWhr3QDLF8a5AwvUqtPOxd9yMK4Jn6vUZVEDdJ7P0C8AAdo2hcFPd2jwPnE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82b4630c5da156a9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.secure-online-browsing.com/common/common_src.js

172.67.181.236

200 OK

1.5 kB

URL GET HTTP/3
www.secure-online-browsing.com/common/common_src.js
IP
172.67.181.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.secure-online-browsing.com/movies/
Certificate
IssuerLet's Encrypt
Subjectsecure-online-browsing.com
FingerprintBA:BB:0B:03:33:F4:5B:12:3C:2B:09:72:67:E2:A3:F1:25:C2:38:20
ValidityFri, 10 Nov 2023 08:20:35 GMT - Thu, 08 Feb 2024 08:20:34 GMT

File type
ASCII text, with very long lines (1556), with no line terminators
Size
1.5 kB (1504 bytes)
Hash
ea2e6510e22710c49ee4a202d74140ec
619bfea1d8190ade5820e88981a35329c24bd589
fac63b86fb1b173f75bc73ab73a5a06bc5f129413fc29a8fa75c0c79f26d6160

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common/common_src.js HTTP/1.1
Host: www.secure-online-browsing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.secure-online-browsing.com/movies/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 24 Nov 2023 20:26:26 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=1910
etag: W/"1343aaca3eda994e870b324054c74fe1"
last-modified: Tue, 21 Nov 2023 15:43:59 GMT
x-amz-id-2: f3QMLDsWqgLrEZhZVItDGmFlkFtDL6IoLdNYVOtz7AnabYAz2pHlJwm7hTEZpvZxI4o6jVnkMnU=
x-amz-request-id: ZA94WPVH4SKQDT9G
cache-control: max-age=14400
cf-cache-status: HIT
age: 614
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1a5PssiaK7vPIulvflS6UOm5CjpeI8MIpVessSKcMLEKqA0btVBNhlSCaFos2h1P954dani4LHA3JU13aVvDx%2BRWd3X89AfkB5%2BQf9tQE6fGRC0td%2FZueV6GDyc7OtL0pEFbTgHm04iaUQG3aG1k2g8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82b4630c5dac56a9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.secure-online-browsing.com/movies?file_name=VLC%20Player&redirect=https://safe-surfers.com/click&trvid=10006&extid=170084365410000TFRTV418443131544V3c&cost=&campid=372273420&zoneid=3744083-2437268221-0&lang=fr&banid=23738228&form=1000/movies//movies//movies//movies//movies//movies//movies//movies//movies//movies//movies//movies//movies//movies//movies//movies//movies//movies//movies//movies//movies/

172.67.181.236

302 Found

16 kB

URL User Request GET HTTP/2
www.secure-online-browsing.com/movies?file_name=VLC%20Player&redirect=https://safe-surfers.com/click&trvid=10006&extid=170084365410000TFRTV418443131544V3c&cost=&campid=372273420&zoneid=3744083-2437268221-0&lang=fr&banid=23738228&form=1000/movies//movies//movies//movies//movies//movies//movies//movies//movies//movies//movies//movies//movies//movies//movies//movies//movies//movies//movies//movies//movies/
IP
172.67.181.236:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectsecure-online-browsing.com
FingerprintBA:BB:0B:03:33:F4:5B:12:3C:2B:09:72:67:E2:A3:F1:25:C2:38:20
ValidityFri, 10 Nov 2023 08:20:35 GMT - Thu, 08 Feb 2024 08:20:34 GMT

File type

Size
16 kB (15760 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /movies?file_name=VLC%20Player&redirect=https://safe-surfers.com/click&trvid=10006&extid=170084365410000TFRTV418443131544V3c&cost=&campid=372273420&zoneid=3744083-2437268221-0&lang=fr&banid=23738228&form=1000/movies//movies//movies//movies//movies//movies//movies//movies//movies//movies//movies//movies//movies//movies//movies//movies//movies//movies//movies//movies//movies/ HTTP/1.1
Host: www.secure-online-browsing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Fri, 24 Nov 2023 20:26:25 GMT
content-type: text/html; charset=utf-8
x-amz-error-code: Found
x-amz-error-message: Resource Found
x-amz-request-id: C1FDQ8F0WCZ0B867
x-amz-id-2: gfr4PWdtWhHyJmqExAMz5NOigewK74/yhNJqnOD5BJU73D8bOMKBwxdod1d/mWRuKLQNybTPOvw=
location: /movies/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FrX5Zw2mwrX4onUcuokRAIEOYbhdJlPUiGmHRXsJvUI114lxsXsx%2BlS5YSeGGmtfT7AePcaMenJwRalobgatqW61UPcwwKuejDutmaWIN%2BLcvMsMHaPRIMVD5PDM%2F%2F48FhZRIinC2dWcjluZocf3mQM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82b463070ef456af-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.secure-online-browsing.com/common/jquery.min.js

172.67.181.236

200 OK

84 kB

URL GET HTTP/3
www.secure-online-browsing.com/common/jquery.min.js
IP
172.67.181.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.secure-online-browsing.com/movies/
Certificate
IssuerLet's Encrypt
Subjectsecure-online-browsing.com
FingerprintBA:BB:0B:03:33:F4:5B:12:3C:2B:09:72:67:E2:A3:F1:25:C2:38:20
ValidityFri, 10 Nov 2023 08:20:35 GMT - Thu, 08 Feb 2024 08:20:34 GMT

File type
ASCII text, with very long lines (32025)
Size
84 kB (84380 bytes)
Hash
4a356126b9573eb7bd1e9a7494737410
8258d046f17dd3c15a5d3984e1868b7b5d1db329
22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common/jquery.min.js HTTP/1.1
Host: www.secure-online-browsing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.secure-online-browsing.com/movies/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 24 Nov 2023 20:26:26 GMT
content-type: application/javascript
x-amz-id-2: izj+Svn8aOdCNEm3nnCBzJzleAIIekZmXrza8+K2Sl+kvD9DQNSFb6ee8NB46Tm0NRyCIlKa7Ng=
x-amz-request-id: ZA914Y0B0WG77R9M
last-modified: Tue, 21 Nov 2023 15:44:00 GMT
etag: W/"4a356126b9573eb7bd1e9a7494737410"
cache-control: max-age=14400
cf-cache-status: HIT
age: 614
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hveYmSfrUGGi3DmfJmu3VrwYlTAzj70gkPHSPAnSv2DUaclIIoV7o9A9%2BAGj1SQbO8tny7Bq121tM1VVY5xcyYoi%2B6cXFVHIWHASQhNQNBfdEmNjKBnztoLyYj5Uem3KEezO%2FL4BIRPcnNkrNp%2BBNIs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82b4630c5db956a9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (13)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3