| link.disneymovieinsiders.com/f/a/RFs7mVVnYS3rvEDUm3sBGg~~/AAQRxQA~/RgRnTglkP0RDaHR0cDovL254cWV0LmQ5YmV0bGluay5jby9yZC80Q1dDeVkxODUyYU5Cb08yMDF2bUx3MFdtQTBRbnNKMHJyVUIxNFcDc3BjQgplaGSEa2WXiCMzUhlkbXJodWx1QGlubm92b2x1dGlvbnMuY29tWAQAAABN |  143.204.55.40 | | 0 B |
URL link.disneymovieinsiders.com/f/a/RFs7mVVnYS3rvEDUm3sBGg~~/AAQRxQA~/RgRnTglkP0RDaHR0cDovL254cWV0LmQ5YmV0bGluay5jby9yZC80Q1dDeVkxODUyYU5Cb08yMDF2bUx3MFdtQTBRbnNKMHJyVUIxNFcDc3BjQgplaGSEa2WXiCMzUhlkbXJodWx1QGlubm92b2x1dGlvbnMuY29tWAQAAABN IP143.204.55.40:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /f/a/RFs7mVVnYS3rvEDUm3sBGg~~/AAQRxQA~/RgRnTglkP0RDaHR0cDovL254cWV0LmQ5YmV0bGluay5jby9yZC80Q1dDeVkxODUyYU5Cb08yMDF2bUx3MFdtQTBRbnNKMHJyVUIxNFcDc3BjQgplaGSEa2WXiCMzUhlkbXJodWx1QGlubm92b2x1dGlvbnMuY29tWAQAAABN HTTP/1.1
Host: link.disneymovieinsiders.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-type: text/plain
content-length: 0
location: http://nxqet.d9betlink.co/rd/4CWCyY1852aNBoO201vmLw0WmA0QnsJ0rrUB14
date: Sat, 02 Dec 2023 23:32:27 GMT
server: msys-http
x-robots-tag: noindex
x-cache: Miss from cloudfront
via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: AASu5DRcBokpUF4PDg_gvenQ_V5pblbyXhkHfpAo1t6x0u3F_g4uTQ==
X-Firefox-Spdy: h2
|
|
| link.disneymovieinsiders.com/ | 143.204.55.37 | | 167 B |
URL link.disneymovieinsiders.com/ IP143.204.55.37:0
File typeHTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators Hashf5d40b7259645010f9a248858ad14178 b3051d17a6ec8c9e166bf09a62b48261ab86957b 7f5007068d2b56ea9735e2490d60cff2e72cae312024ac1f6c91158eba47d05d
GET / HTTP/1.1
Host: link.disneymovieinsiders.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Sat, 02 Dec 2023 23:32:29 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Location: https://link.disneymovieinsiders.com/
X-Cache: Redirect from cloudfront
Via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Obj1_VrX0Q5EyRUNDU-VC2ojS71NoCzsWreXp7zKImiO7YNPyHI4Lg==
|
|
| link.disneymovieinsiders.com/ | 143.204.55.37 | | 150 B |
URL link.disneymovieinsiders.com/ IP143.204.55.37:0
File typeHTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators Hash597ba0d4396e9c906225140ce907092c 28ae2ba65ccdb583d79f85b8cc9509fae697493b ee1a27178227546d3dcc49e611a6d72e4f1c30080ee4493ae4085b58a49e28e6
GET / HTTP/1.1
Host: link.disneymovieinsiders.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 404 Not Found
content-type: text/plain
content-length: 150
date: Sat, 02 Dec 2023 23:32:30 GMT
server: msys-http
x-cache: Error from cloudfront
via: 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: -yzLqD4vv_6-t5Ycz9gkKp4Qc5MAFg3OVcR_iAnsm3MdcDA7ty8bcQ==
X-Firefox-Spdy: h2
|
|
| nxqet.d9betlink.co/rd/4CWCyY1852aNBoO201vmLw0WmA0QnsJ0rrUB14 |  185.246.86.158 | | 235 B |
URL nxqet.d9betlink.co/rd/4CWCyY1852aNBoO201vmLw0WmA0QnsJ0rrUB14 IP185.246.86.158:0
File typeHTML document, ASCII text Hash41735c0e24be1e5bd89c1f6531207494 9eae1bfa3b43e52c21e87fabcd63a4c2a3e55554 a594b117bc9c64745935f48b866c3caa70cded9c35ee02841a28277f3e75ffe3
GET /rd/4CWCyY1852aNBoO201vmLw0WmA0QnsJ0rrUB14 HTTP/1.1
Host: nxqet.d9betlink.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-Address: gin_throttle_mw_360000000000_91.90.42.154
X-Ratelimit-Limit: 10
X-Ratelimit-Remaining: 9
X-Ratelimit-Reset: 1701563556
Date: Sat, 02 Dec 2023 23:32:36 GMT
Content-Length: 235
|
|
| nxqet.d9betlink.co/t/4CWCyY1852aNBoO201vmLw0WmA0QnsJ0rrUB14 | 185.246.86.158 | 200 OK | 284 B |
URL User Request GET HTTP/1.1nxqet.d9betlink.co/t/4CWCyY1852aNBoO201vmLw0WmA0QnsJ0rrUB14 IP185.246.86.158:80
File typeHTML document, ASCII text Hashf1967d8cf545d1a39c4bd6ff4704ef3e ef52b64442eeb5cc86500630f19d5b164f410a03 c8f8d90702119e6e1695f9a961ed5170e455c07e2ea1c29f37265b3298304089
GET /t/4CWCyY1852aNBoO201vmLw0WmA0QnsJ0rrUB14 HTTP/1.1
Host: nxqet.d9betlink.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nxqet.d9betlink.co/rd/4CWCyY1852aNBoO201vmLw0WmA0QnsJ0rrUB14
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-Address: gin_throttle_mw_360000000000_91.90.42.154
X-Ratelimit-Limit: 10
X-Ratelimit-Remaining: 8
X-Ratelimit-Reset: 1701563556
Date: Sat, 02 Dec 2023 23:32:36 GMT
Content-Length: 284
|
|
| nxqet.d9betlink.co/favicon.ico | 185.246.86.158 | 404 Not Found | 0 B |
URL GET HTTP/1.1nxqet.d9betlink.co/favicon.ico IP185.246.86.158:80
Requested byhttp://nxqet.d9betlink.co/t/4CWCyY1852aNBoO201vmLw0WmA0QnsJ0rrUB14
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: nxqet.d9betlink.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://nxqet.d9betlink.co/t/4CWCyY1852aNBoO201vmLw0WmA0QnsJ0rrUB14
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Content-Type: text/plain; charset=utf-8
X-Address: gin_throttle_mw_360000000000_91.90.42.154
X-Ratelimit-Limit: 10
X-Ratelimit-Remaining: 7
X-Ratelimit-Reset: 1701563556
Date: Sat, 02 Dec 2023 23:32:36 GMT
Content-Length: 0
|
|
| heloimsand.com/0/0/0/724c3d4e707932cdc070639abffbc000/14/201-1852/0-0-0 |  0.0.0.0 | | 0 B |
URL User Request GET heloimsand.com/0/0/0/724c3d4e707932cdc070639abffbc000/14/201-1852/0-0-0 IP0.0.0.0:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /0/0/0/724c3d4e707932cdc070639abffbc000/14/201-1852/0-0-0 HTTP/1.1
Host: heloimsand.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://nxqet.d9betlink.co/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|