Report - en5779698.gvscuzfx.cv/

Report Overview

Visitedpublic

2025-07-04 09:09:58

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
professionaltrafficmonitor.com	unknown	2025-01-23	2025-01-25	2025-07-04	473 B	0 B	0.0.0.0
syncclickflow.com	unknown	2025-05-22	2025-07-04	2025-07-04	741 B	3.0 kB	168.119.149.123
en5779698.gvscuzfx.cv	unknown	unknown	2025-07-04	2025-07-04	490 B	63 kB	188.114.97.1
fonts.gstatic.com	unknown	2008-02-11	2014-04-02	2025-07-02	1.1 kB	98 kB	142.250.74.35
amuanews.com	unknown	2024-11-25	2025-03-08	2025-03-08	965 B	4.6 kB	104.21.52.86
www.profitableratecpm.com	unknown	2025-04-07	2025-04-11	2025-07-02	4.0 kB	10 kB	172.240.108.76
fonts.googleapis.com	8877	2005-01-25	2012-05-23	2025-07-02	456 B	24 kB	142.250.74.10

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-07-03	medium	profitableratecpm.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (2)

	URL	From	Size	First Seen	Last Seen
	0715c69091.e5f1418a7a.com/dcdaa8623709d10428aaf35435818a98.js	ScriptElement	126 kB	2025-07-03	2025-07-16
URL 0715c69091.e5f1418a7a.com/dcdaa8623709d10428aaf35435818a98.js IP / ASN 0.0.0.0 #0 Introduced by ScriptElement Embedded false Resource Info First Seen 2025-07-03 Last Seen 2025-07-16 Times Seen 265 Size 126 kB (126171 bytes) MD5 5a878cfc1738fb1eccb1d10ea3901136 SHA1 42b36546504cf90ccdfcca6fd73d933413f1406a SHA256 9baab788ccf3b52cd600d20635636575a174df5c40939b73949709b47b74447e Format Code Loading...

	www.profitableratecpm.com/p4b9e2ske6?key=5abf2bab8794045492e182b66c413bc5	ScriptElement	4.4 kB	2025-07-04	2025-07-04
URL www.profitableratecpm.com/p4b9e2ske6?key=5abf2bab8794045492e182b66c413bc5 IP / ASN 192.243.61.227 #39572 DataWeb Global Group B.V. Introduced by ScriptElement Embedded true Resource Info First Seen 2025-07-04 Last Seen 2025-07-04 Times Seen 1 Size 4.4 kB (4421 bytes) MD5 f9dd51eff14743198fcb51552be5cd2a SHA1 5b64089049de7c89657c3aad3a6ab9f13c0a2d8e SHA256 296e0e13352d1ff05e89b65ba992ed94f8852417bc086270bc66255a482b6a6f Format Code Loading...

HTTP Transactions (11)

URL IP Response Size

GET fonts.gstatic.com/s/opensans/v43/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

142.250.74.35

200 OK

48 kB

URL

fonts.gstatic.com/s/opensans/v43/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

IP / ASN

142.250.74.35

#15169 GOOGLE

Requested byhttps://amuanews.com/b-1/

Resource Info

File typeWeb Open Font Format (Version 2), TrueType, length 48332, version 1.0

First Seen2025-05-29

Last Seen2025-08-02

Times Seen31361

Size48 kB (48332 bytes)

MD55734e133a619a6ae6ee21a6c00a95eba

SHA157c0ac17302d07bd4f968240098afe5ed53d4ad2

SHA256d7a547581722aa055a7fb5b9912aebf3f3e928e1db3e5af9e54cf158cb4c4c4a

Certificate Info

IssuerGoogle Trust Services

Subject*.gstatic.com

Fingerprint6C:DD:E7:B7:B0:02:A6:B7:4F:2D:EB:A1:11:A3:4B:1C:31:F9:07:F7

ValidityMon, 02 Jun 2025 08:36:37 GMT - Mon, 25 Aug 2025 08:36:36 GMT

HTTP Headers

GET /s/opensans/v43/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://amuanews.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48332
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 03 Jul 2025 10:06:40 GMT
expires: Fri, 03 Jul 2026 10:06:40 GMT
cache-control: public, max-age=31536000
age: 82978
last-modified: Wed, 28 May 2025 18:06:59 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET amuanews.com/b-1/

104.21.52.86

200 OK

2.6 kB

URL

amuanews.com/b-1/

IP / ASN

104.21.52.86

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeHTML document, ASCII text

First Seen2025-07-04

Last Seen2025-07-04

Times Seen1

Size2.6 kB (2612 bytes)

MD5de554ff3c1aebd21d6cbddc8d83f8f43

SHA19debc101b202e7aef04ddc4724e934169e96a977

SHA25665e034ec86c68ef34202dd593d1bd76ca081fc006b66de336934af3e365caf4c

Certificate Info

IssuerGoogle Trust Services

Subjectamuanews.com

FingerprintDD:3E:55:2C:CC:5C:5C:59:A8:56:3B:40:89:62:5E:0F:A0:75:7C:8A

ValidityWed, 21 May 2025 16:18:13 GMT - Tue, 19 Aug 2025 17:14:38 GMT

HTTP Headers

GET /b-1/ HTTP/1.1
Host: amuanews.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.profitableratecpm.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 04 Jul 2025 09:09:38 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
vary: Accept-Encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=588a6XGmwY%2F90HxLrRNf4i%2B3gGGXdOGxnQmiH%2F43VBZ6FR0tE3%2Bk1kCYxmaOQjcTCTgymZbj%2F0ZCqdoOSHgF742yHS1QoURTjVg%3D"}]}
cf-cache-status: DYNAMIC
content-encoding: br
cf-ray: 959d7c21fbb95689-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET www.profitableratecpm.com/api/users?token=L3A0YjllMnNrZTY_a2V5PTVhYmYyYmFiODc5NDA0NTQ5MmUxODJiNjZjNDEzYmM1JnBzdD0xNzUxNjIwMjM3JnJlZmVyPWh0dHBzJTNBJTJGJTJGZW41Nzc5Njk4Lmd2c2N1emZ4LmN2JTJGJnJtdGM9dCZzaHU9ZDIyMDRjMmZiNGM5ZjY0YTYyMTA4ZDk3YTRiMGE0NjI5MzQ0ZDcyOWQzNDRiMDc1ZDU1OWUwN2M1YzI0MDY4MjEwZDdiZDA4MjBlMDg2ZThkM2EzODZhNmQxZmEyNTJiNjM5MDQ0M2EyZGY4MGJkNjM0ZTc1ODZiNDkxNGQ3M2EzMTc5YjJiNzkzZjQ4ZDQ3NjJjODI0ZTcyY2FkY2M5MTA3MDEzYTFhZmRmMWYzYjdiNmZlMDEmcGlpPSZpbj0mdXVpZD0

172.240.108.76

302 Found

2.6 kB

URL

www.profitableratecpm.com/api/users?token=L3A0YjllMnNrZTY_a2V5PTVhYmYyYmFiODc5NDA0NTQ5MmUxODJiNjZjNDEzYmM1JnBzdD0xNzUxNjIwMjM3JnJlZmVyPWh0dHBzJTNBJTJGJTJGZW41Nzc5Njk4Lmd2c2N1emZ4LmN2JTJGJnJtdGM9dCZzaHU9ZDIyMDRjMmZiNGM5ZjY0YTYyMTA4ZDk3YTRiMGE0NjI5MzQ0ZDcyOWQzNDRiMDc1ZDU1OWUwN2M1YzI0MDY4MjEwZDdiZDA4MjBlMDg2ZThkM2EzODZhNmQxZmEyNTJiNjM5MDQ0M2EyZGY4MGJkNjM0ZTc1ODZiNDkxNGQ3M2EzMTc5YjJiNzkzZjQ4ZDQ3NjJjODI0ZTcyY2FkY2M5MTA3MDEzYTFhZmRmMWYzYjdiNmZlMDEmcGlpPSZpbj0mdXVpZD0

IP / ASN

172.240.108.76

#7979 SERVERS-COM

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5606263

Size2.6 kB (2612 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subjectprofitableratecpm.com

FingerprintF0:1C:19:8E:0A:66:67:96:FE:65:D1:76:02:CD:A0:DD:D4:3B:88:9E

ValidityFri, 06 Jun 2025 21:52:23 GMT - Thu, 04 Sep 2025 21:52:22 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /api/users?token=L3A0YjllMnNrZTY_a2V5PTVhYmYyYmFiODc5NDA0NTQ5MmUxODJiNjZjNDEzYmM1JnBzdD0xNzUxNjIwMjM3JnJlZmVyPWh0dHBzJTNBJTJGJTJGZW41Nzc5Njk4Lmd2c2N1emZ4LmN2JTJGJnJtdGM9dCZzaHU9ZDIyMDRjMmZiNGM5ZjY0YTYyMTA4ZDk3YTRiMGE0NjI5MzQ0ZDcyOWQzNDRiMDc1ZDU1OWUwN2M1YzI0MDY4MjEwZDdiZDA4MjBlMDg2ZThkM2EzODZhNmQxZmEyNTJiNjM5MDQ0M2EyZGY4MGJkNjM0ZTc1ODZiNDkxNGQ3M2EzMTc5YjJiNzkzZjQ4ZDQ3NjJjODI0ZTcyY2FkY2M5MTA3MDEzYTFhZmRmMWYzYjdiNmZlMDEmcGlpPSZpbj0mdXVpZD0 HTTP/1.1
Host: www.profitableratecpm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.profitableratecpm.com/api/users?token=L3A0YjllMnNrZTY_a2V5PTIwMWZjMjNjN2VjYTA5ZDVjYWQ5Y2JiNDY3YTZhOTQyJnN1Ym1ldHJpYz0yNjM3NDk1Mg
Cookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNjM3NDk1MiwiayI6IjVhYmYyYmFiODc5NDA0NTQ5MmUxODJiNjZjNDEzYmM1Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo0NDUwNTM5LCJwaWQiOjIzNTE0NzEsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MzEsImFpZCI6MjgsInB0Ijo0LCJwayI6InA0YjllMnNrZTYiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6MjY2NTYxMTE1LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTM2OTI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEzNC4wIiwid3YiOmZhbHNlLCJlIjpmYWxzZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2VuNTc3OTY5OC5ndnNjdXpmeC5jdi8iLCJhciI6W119fQ.BFOh3bv5ZR7K-gqyNlpARqCJ6O7q7InJUmm96P8mJzw; cjs=t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.21.6
Date: Fri, 04 Jul 2025 09:09:38 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
accept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
location: https://syncclickflow.com/index?cid=a1250103b40826e309cd&extclickid=5439546b2bc9dc4cfd78c41ab9783a20&t1=26374952&t2=3420170&type=default&publisher=2351471&advertiser=57051&campaign_id=1264287&zoneid=4450539&category=Social&cost=0.200000
set-cookie: iprc465a4834a7734667fdd1edc0e906c8f1=6045130; expires=Sat, 05 Jul 2025 09:09:37 GMT; path=/
pdhtkv=true; expires=Sat, 05 Jul 2025 09:09:37 GMT; path=/
uncs=1; expires=Sat, 05 Jul 2025 09:09:37 GMT; path=/
pdhtkv28=true; expires=Sat, 05 Jul 2025 09:09:37 GMT; path=/
uncs28=1; expires=Sat, 05 Jul 2025 09:09:37 GMT; path=/
u_pl26374952=1; expires=Sat, 05 Jul 2025 09:09:37 GMT; path=/
x-envoy-upstream-service-time: 133
Host: www.profitableratecpm.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 493cc654fa9ffb11a3fb22feb19b54d7
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

GET fonts.googleapis.com/css?family=Open+Sans:400,600,700,800

142.250.74.10

200 OK

23 kB

URL

fonts.googleapis.com/css?family=Open+Sans:400,600,700,800

IP / ASN

142.250.74.10

#15169 GOOGLE

Requested byhttps://amuanews.com/b-1/

Resource Info

File typeASCII text, with very long lines (1572)

First Seen2025-06-01

Last Seen2025-07-30

Times Seen93

Size23 kB (23176 bytes)

MD5ec9babfd5faf14dfb2110ed0124d4098

SHA1c5e5f2de755e424c58cc42eafb912327f1958f86

SHA25662c9db2c07d5784e59cc389238ab0b7cc3311ee14d36c4e9c6b77fb233662836

Certificate Info

IssuerGoogle Trust Services

Subjectupload.video.google.com

Fingerprint58:09:05:96:27:31:E2:3D:AB:89:AD:1C:2E:C3:03:82:B0:27:3D:86

ValidityMon, 02 Jun 2025 08:36:37 GMT - Mon, 25 Aug 2025 08:36:36 GMT

HTTP Headers

GET /css?family=Open+Sans:400,600,700,800 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://amuanews.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 04 Jul 2025 09:09:38 GMT
date: Fri, 04 Jul 2025 09:09:38 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET amuanews.com/favicon.ico

104.21.52.86

404 Not Found

564 B

URL

amuanews.com/favicon.ico

IP / ASN

104.21.52.86

#13335 CLOUDFLARENET

Requested byhttps://amuanews.com/b-1/

Resource Info

File typeHTML document, ASCII text, with CRLF line terminators

First Seen2023-05-01

Last Seen2025-07-28

Times Seen169

Size564 B (564 bytes)

MD55da4c1420f84ec727d1b6bdd0d46e62e

SHA1280d08d142f7386283f420444ec48e1cdbfd61bb

SHA2563c8cc37a98346bd0123b35e5ccd87bd07d69914dae04f8b49f61c150d96e9d1f

Certificate Info

IssuerGoogle Trust Services

Subjectamuanews.com

FingerprintDD:3E:55:2C:CC:5C:5C:59:A8:56:3B:40:89:62:5E:0F:A0:75:7C:8A

ValidityWed, 21 May 2025 16:18:13 GMT - Tue, 19 Aug 2025 17:14:38 GMT

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: amuanews.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://amuanews.com/b-1/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Fri, 04 Jul 2025 09:09:38 GMT
content-type: text/html; charset=utf-8
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JvmfqHTcbQn5MiglG%2BVgqNfXMwryPjIFswbFuLOYQww4x%2BrHxEAZDO7bMrqKNqKSLR3IpN2G%2BUqDljjNPszK2TMDi7%2BTI3qZI1kacel7o6VIATklbqJiBDkRrKb7UIs%3D"}],"group":"cf-nel","max_age":604800}
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
content-encoding: br
cf-ray: 959d7c242f7b712d-OSL
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=13022&min_rtt=1807&rtt_var=7991&sent=18&recv=21&lost=0&retrans=0&sent_bytes=5420&recv_bytes=1851&delivery_rate=239615&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=18062&unsent_bytes=0&cid=ade027f46565b2bc&ts=344&inflight_dur=56&x=40"

GET professionaltrafficmonitor.com/stats

0.0.0.0

0 B

URL

professionaltrafficmonitor.com/stats

IP / ASN

0.0.0.0

Requested byhttps://www.profitableratecpm.com/p4b9e2ske6?key=5abf2bab8794045492e182b66c413bc5

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5606263

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /stats HTTP/1.1
Host: professionaltrafficmonitor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.profitableratecpm.com
DNT: 1
Connection: keep-alive
Referer: https://www.profitableratecpm.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET www.profitableratecpm.com/favicon.ico

0.0.0.0

0 B

URL

www.profitableratecpm.com/favicon.ico

IP / ASN

0.0.0.0

Requested byhttps://www.profitableratecpm.com/p4b9e2ske6?key=5abf2bab8794045492e182b66c413bc5

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5606263

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subjectprofitableratecpm.com

FingerprintF0:1C:19:8E:0A:66:67:96:FE:65:D1:76:02:CD:A0:DD:D4:3B:88:9E

ValidityFri, 06 Jun 2025 21:52:23 GMT - Thu, 04 Sep 2025 21:52:22 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.profitableratecpm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.profitableratecpm.com/api/users?token=L3A0YjllMnNrZTY_a2V5PTIwMWZjMjNjN2VjYTA5ZDVjYWQ5Y2JiNDY3YTZhOTQyJnN1Ym1ldHJpYz0yNjM3NDk1Mg
Cookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNjM3NDk1MiwiayI6IjVhYmYyYmFiODc5NDA0NTQ5MmUxODJiNjZjNDEzYmM1Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo0NDUwNTM5LCJwaWQiOjIzNTE0NzEsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MzEsImFpZCI6MjgsInB0Ijo0LCJwayI6InA0YjllMnNrZTYiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6MjY2NTYxMTE1LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTM2OTI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEzNC4wIiwid3YiOmZhbHNlLCJlIjpmYWxzZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2VuNTc3OTY5OC5ndnNjdXpmeC5jdi8iLCJhciI6W119fQ.BFOh3bv5ZR7K-gqyNlpARqCJ6O7q7InJUmm96P8mJzw; cjs=t
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

GET syncclickflow.com/index?cid=a1250103b40826e309cd&extclickid=5439546b2bc9dc4cfd78c41ab9783a20&t1=26374952&t2=3420170&type=default&publisher=2351471&advertiser=57051&campaign_id=1264287&zoneid=4450539&category=Social&cost=0.200000

168.119.149.123

307 Temporary Redirect

2.6 kB

URL

syncclickflow.com/index?cid=a1250103b40826e309cd&extclickid=5439546b2bc9dc4cfd78c41ab9783a20&t1=26374952&t2=3420170&type=default&publisher=2351471&advertiser=57051&campaign_id=1264287&zoneid=4450539&category=Social&cost=0.200000

IP / ASN

168.119.149.123

#24940 Hetzner Online GmbH

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5606263

Size2.6 kB (2612 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subjectsyncclickflow.com

Fingerprint30:07:3D:E5:D3:4E:2E:40:76:1D:C0:EF:B6:BC:39:B5:6D:19:B3:EE

ValidityThu, 22 May 2025 10:27:54 GMT - Wed, 20 Aug 2025 10:27:53 GMT

HTTP Headers

GET /index?cid=a1250103b40826e309cd&extclickid=5439546b2bc9dc4cfd78c41ab9783a20&t1=26374952&t2=3420170&type=default&publisher=2351471&advertiser=57051&campaign_id=1264287&zoneid=4450539&category=Social&cost=0.200000 HTTP/1.1
Host: syncclickflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.profitableratecpm.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 307 Temporary Redirect
date: Fri, 04 Jul 2025 09:09:38 GMT
location: https://amuanews.com/b-1/
server: Caddy
set-cookie: uclick=nL+LxwxZaN411eOiOmCY5GYjHXn+sud6qHg43Nzrx9WVCDLVXBXyt2cYepcj6L6DCbLDJQDQbw==; Max-Age=31536000; SameSite=Lax
bcid=d1jpkkm071bc73ebp7jg; Max-Age=31536000; SameSite=Lax
x-request-id: 3911383c-872a-41e0-ae98-3da2468a8cf7
content-length: 0
X-Firefox-Spdy: h2

GET fonts.gstatic.com/s/opensans/v43/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

142.250.74.35

200 OK

48 kB

URL

fonts.gstatic.com/s/opensans/v43/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

IP / ASN

142.250.74.35

#15169 GOOGLE

Requested byhttps://amuanews.com/b-1/

Resource Info

File typeWeb Open Font Format (Version 2), TrueType, length 48332, version 1.0

First Seen2025-05-29

Last Seen2025-08-02

Times Seen31361

Size48 kB (48332 bytes)

MD55734e133a619a6ae6ee21a6c00a95eba

SHA157c0ac17302d07bd4f968240098afe5ed53d4ad2

SHA256d7a547581722aa055a7fb5b9912aebf3f3e928e1db3e5af9e54cf158cb4c4c4a

Certificate Info

IssuerGoogle Trust Services

Subject*.gstatic.com

Fingerprint6C:DD:E7:B7:B0:02:A6:B7:4F:2D:EB:A1:11:A3:4B:1C:31:F9:07:F7

ValidityMon, 02 Jun 2025 08:36:37 GMT - Mon, 25 Aug 2025 08:36:36 GMT

HTTP Headers

GET /s/opensans/v43/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://amuanews.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48332
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 03 Jul 2025 10:06:40 GMT
expires: Fri, 03 Jul 2026 10:06:40 GMT
cache-control: public, max-age=31536000
age: 82978
last-modified: Wed, 28 May 2025 18:06:59 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET en5779698.gvscuzfx.cv/

188.114.97.1

200 OK

62 kB

URL

en5779698.gvscuzfx.cv/

IP / ASN

188.114.97.1

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeApple HFS Plus version 19523 data (mounted) (spared blocks) last mounted by: 'A7Bo', created: Sat Feb 18 13:08:55 2079, last modified: Sat Dec 4 13:08:55 2083, block size: 1851872815, number of blocks: 1316432712, free blocks: 876105797

First Seen2025-07-04

Last Seen2025-07-04

Times Seen1

Size62 kB (62231 bytes)

MD54fa4e50432e04eeb9b8b8d7242e7fc44

SHA19eb423e0b1ddb29435d373bf8dbad0b5d2346ca4

SHA256fa1da0c73f993db0b6ab35f7b2846b4c448f80e32aff7945c7eec29d73871fed

Certificate Info

IssuerGoogle Trust Services

Subjectgvscuzfx.cv

Fingerprint2F:E6:E8:B1:4C:F1:FE:33:14:8F:8C:77:90:1C:E2:DC:92:65:D2:C5

ValidityWed, 02 Jul 2025 14:34:45 GMT - Tue, 30 Sep 2025 15:31:34 GMT

HTTP Headers

GET / HTTP/1.1
Host: en5779698.gvscuzfx.cv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 04 Jul 2025 09:09:36 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
x-powered-by: PHP/8.0.30
referrer-policy: unsafe-url
vary: accept-encoding
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
expires: Mon, 26 Jul 1997 05:00:00 GMT
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=BzwLygyhbmlzz9wJktF8PTgHjwuuiPy8W0PEkGfbPj%2BosYAjoSCc6tlt6TDpCMQIDOKYgAaHaNIddl37kcM%2Bnp%2BQYtD3HzmZeZK39SD69UY7yzw%3D"}]}
cf-cache-status: DYNAMIC
content-encoding: br
set-cookie: ab_referer=deleted; Path=/; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:01 GMT
cf-ray: 959d7c162a2bb518-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET www.profitableratecpm.com/p4b9e2ske6?key=5abf2bab8794045492e182b66c413bc5

192.243.61.227

200 OK

4.6 kB

URL

www.profitableratecpm.com/p4b9e2ske6?key=5abf2bab8794045492e182b66c413bc5

IP / ASN

192.243.61.227

#39572 DataWeb Global Group B.V.

Requested byN/A

Resource Info

File typeHTML document, ASCII text, with very long lines (4566)

First Seen2025-07-04

Last Seen2025-07-04

Times Seen1

Size4.6 kB (4567 bytes)

MD5eb35ab860c0dbe4f09e7c1ef838c79ea

SHA1dcb773800986f2878b578bc6b371b879689e3e3a

SHA2564739c7006e3b52cb08d66694788ff73da5608e89e251027044b4c11766f62160

Certificate Info

IssuerLet's Encrypt

Subjectprofitableratecpm.com

FingerprintF0:1C:19:8E:0A:66:67:96:FE:65:D1:76:02:CD:A0:DD:D4:3B:88:9E

ValidityFri, 06 Jun 2025 21:52:23 GMT - Thu, 04 Sep 2025 21:52:22 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /p4b9e2ske6?key=5abf2bab8794045492e182b66c413bc5 HTTP/1.1
Host: www.profitableratecpm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://en5779698.gvscuzfx.cv/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 04 Jul 2025 09:09:37 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNjM3NDk1MiwiayI6IjVhYmYyYmFiODc5NDA0NTQ5MmUxODJiNjZjNDEzYmM1Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo0NDUwNTM5LCJwaWQiOjIzNTE0NzEsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MzEsImFpZCI6MjgsInB0Ijo0LCJwayI6InA0YjllMnNrZTYiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6MjY2NTYxMTE1LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTM2OTI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEzNC4wIiwid3YiOmZhbHNlLCJlIjpmYWxzZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2VuNTc3OTY5OC5ndnNjdXpmeC5jdi8iLCJhciI6W119fQ.BFOh3bv5ZR7K-gqyNlpARqCJ6O7q7InJUmm96P8mJzw; expires=Fri, 04 Jul 2025 09:10:37 GMT; path=/
Host: www.profitableratecpm.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: d64f0beb1a9db20094c6fdf0bc8ecc43
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip