Report - go.savethereef.xyz/redirect?feed=488122&url=https://www.gamblingnews.xyz/&subid=1106_488122.22.930_7816d5b7.jp..us.mobile.firefox&query=&pub_clickid=6658daf3cc22420a9d11aa8e&default_url=https://t1.hightid.com/r.php?p=c:s_8942pgf_9qrwlx0&d=653c9411464a4419c012ddb2&s={pubfeed}&d2={referrer

Report Overview

Visited public
2024-05-30 20:01:32
Tags
URL
go.savethereef.xyz/redirect?feed=488122&url=https://www.gamblingnews.xyz/&subid=1106_488122.22.930_7816d5b7.jp..us.mobile.firefox&query=&pub_clickid=6658daf3cc22420a9d11aa8e&default_url=https://t1.hightid.com/r.php?p=c:s_8942pgf_9qrwlx0&d=653c9411464a4419c012ddb2&s={pubfeed}&d2={referrer_domain}
Finishing URL
s.pemsrv.com/splash.php?idzone=5040978&type=8
IP / ASN
198.134.116.30
#27257 WEBAIR-INTERNET
Title
s.pemsrv.com/splash.php?idzone=5040978&type=8

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
s.pemsrv.com	unknown	2023-08-01	2023-08-04 15:10:46	2024-05-29 21:00:19	948 B	437 B	95.211.229.245
go.savethereef.xyz	unknown	2023-04-02	2023-04-11 16:41:45	2024-05-29 06:40:46	750 B	222 B	198.134.116.30
tfosrv.com	65142	2020-11-17	2020-11-18 18:01:44	2024-05-26 18:24:41	1.2 kB	1.0 kB	216.18.168.29
trafforsrv.com	101761	2017-12-28	2018-01-12 13:29:50	2024-05-26 18:24:42	557 B	415 B	216.18.168.28

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-05-30 20:01:08	medium	198.134.116.30	Client IP	ET HUNTING Observed Let's Encrypt Certificate for Suspicious TLD (.xyz)
2024-05-30 20:01:08	medium	198.134.116.30	Client IP	ET HUNTING Observed Let's Encrypt Certificate for Suspicious TLD (.xyz)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (6)

	URL	IP	Response	Size
	go.savethereef.xyz/redirect?feed=488122&url=https://www.gamblingnews.xyz/&subid=1106_488122.22.930_7816d5b7.jp..us.mobile.firefox&query=&pub_clickid=6658daf3cc22420a9d11aa8e&default_url=https://t1.hightid.com/r.php?p=c:s_8942pgf_9qrwlx0&d=653c9411464a4419c012ddb2&s={pubfeed}&d2={referrer_domain}	198.134.116.30	302 Found	0 B
URL User Request GET HTTP/1.1 go.savethereef.xyz/redirect?feed=488122&url=https://www.gamblingnews.xyz/&subid=1106_488122.22.930_7816d5b7.jp..us.mobile.firefox&query=&pub_clickid=6658daf3cc22420a9d11aa8e&default_url=https://t1.hightid.com/r.php?p=c:s_8942pgf_9qrwlx0&d=653c9411464a4419c012ddb2&s={pubfeed}&d2={referrer_domain} IP 198.134.116.30:443 ASN #27257 WEBAIR-INTERNET Certificate IssuerLet's Encrypt Subjectsavethereef.xyz Fingerprint7B:93:80:B3:90:61:8D:05:AF:D6:6D:B9:B0:56:E2:6C:A6:E1:DD:0C ValiditySun, 26 May 2024 06:41:10 GMT - Sat, 24 Aug 2024 06:41:09 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /redirect?feed=488122&url=https://www.gamblingnews.xyz/&subid=1106_488122.22.930_7816d5b7.jp..us.mobile.firefox&query=&pub_clickid=6658daf3cc22420a9d11aa8e&default_url=https://t1.hightid.com/r.php?p=c:s_8942pgf_9qrwlx0&d=653c9411464a4419c012ddb2&s={pubfeed}&d2={referrer_domain} HTTP/1.1 Host: go.savethereef.xyz User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/1.1 302 Found Server: nginx Date: Thu, 30 May 2024 20:01:08 GMT Content-Length: 0 Connection: keep-alive Cache-Control: no-store Location: https://tfosrv.com/show_std.php?id_site=13101&id_channel=60771&uf=true`

	tfosrv.com/show_std.php?id_site=13101&id_channel=60771&uf=true	216.18.168.29	302 Found	0 B
URL User Request GET HTTP/1.1 tfosrv.com/show_std.php?id_site=13101&id_channel=60771&uf=true IP 216.18.168.29:443 ASN #29789 REFLECTED Certificate IssuerSectigo Limited Subject.tfosrv.com Fingerprint17:0E:13:E0:E3:EE:17:88:09:10:8F:63:F4:7E:31:5A:D9:33:7D:80 ValidityTue, 31 Oct 2023 00:00:00 GMT - Mon, 18 Nov 2024 23:59:59 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /show_std.php?id_site=13101&id_channel=60771&uf=true HTTP/1.1 Host: tfosrv.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/1.1 302 Found server: nginx date: Thu, 30 May 2024 20:01:08 GMT content-length: 0 location: https://tfosrv.com/impression.php?channel_id=60771&id=509991cc-dc2d-4853-8913-7d2c2c17ed61%3Af4eed2c8-61db-454f-8f66-ef23616b4079&site_id=13101&uuid=6cf2d6cd-2346-4b8b-93d9-bc6e117c8c62 set-cookie: sppc_uuid=c98def7b-e7c3-4cc3-91e4-bdee79eb8e34; max-age=31536000; path=/; secure; SameSite=None accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version

	tfosrv.com/impression.php?channel_id=60771&id=509991cc-dc2d-4853-8913-7d2c2c17ed61%3Af4eed2c8-61db-454f-8f66-ef23616b4079&site_id=13101&uuid=6cf2d6cd-2346-4b8b-93d9-bc6e117c8c62	216.18.168.29	302 Found	0 B
URL User Request GET HTTP/1.1 tfosrv.com/impression.php?channel_id=60771&id=509991cc-dc2d-4853-8913-7d2c2c17ed61%3Af4eed2c8-61db-454f-8f66-ef23616b4079&site_id=13101&uuid=6cf2d6cd-2346-4b8b-93d9-bc6e117c8c62 IP 216.18.168.29:443 ASN #29789 REFLECTED Certificate IssuerSectigo Limited Subject.tfosrv.com Fingerprint17:0E:13:E0:E3:EE:17:88:09:10:8F:63:F4:7E:31:5A:D9:33:7D:80 ValidityTue, 31 Oct 2023 00:00:00 GMT - Mon, 18 Nov 2024 23:59:59 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /impression.php?channel_id=60771&id=509991cc-dc2d-4853-8913-7d2c2c17ed61%3Af4eed2c8-61db-454f-8f66-ef23616b4079&site_id=13101&uuid=6cf2d6cd-2346-4b8b-93d9-bc6e117c8c62 HTTP/1.1 Host: tfosrv.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Cookie: sppc_uuid=c98def7b-e7c3-4cc3-91e4-bdee79eb8e34 Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/1.1 302 Found server: nginx date: Thu, 30 May 2024 20:01:08 GMT content-length: 0 location: https://trafforsrv.com/click.php?id=509991cc-dc2d-4853-8913-7d2c2c17ed61%3Af4eed2c8-61db-454f-8f66-ef23616b4079 set-cookie: sppc_uuid=6cf2d6cd-2346-4b8b-93d9-bc6e117c8c62; max-age=31536000; path=/; secure; SameSite=None accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version`

	trafforsrv.com/click.php?id=509991cc-dc2d-4853-8913-7d2c2c17ed61%3Af4eed2c8-61db-454f-8f66-ef23616b4079	216.18.168.28	302 Found	0 B
URL User Request GET HTTP/1.1 trafforsrv.com/click.php?id=509991cc-dc2d-4853-8913-7d2c2c17ed61%3Af4eed2c8-61db-454f-8f66-ef23616b4079 IP 216.18.168.28:443 ASN #29789 REFLECTED Certificate IssuerSectigo Limited Subject.trafforsrv.com FingerprintC4:DD:C6:65:15:A0:54:82:7D:C9:E3:43:74:BA:ED:16:CC:DD:F5:00 ValidityTue, 31 Oct 2023 00:00:00 GMT - Sat, 16 Nov 2024 23:59:59 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /click.php?id=509991cc-dc2d-4853-8913-7d2c2c17ed61%3Af4eed2c8-61db-454f-8f66-ef23616b4079 HTTP/1.1 Host: trafforsrv.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/1.1 302 Found server: nginx date: Thu, 30 May 2024 20:01:09 GMT content-length: 0 location: https://s.pemsrv.com/splash.php?idzone=5040978&type=8 set-cookie: sppc_uuid=b1debb3c-3309-45bf-9052-e0f93eb47052; max-age=31536000; path=/; secure; SameSite=None accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version`

	s.pemsrv.com/splash.php?idzone=5040978&type=8	95.211.229.245	200 OK	20 B
URL User Request GET HTTP/1.1 s.pemsrv.com/splash.php?idzone=5040978&type=8 IP 95.211.229.245:443 ASN #60781 LeaseWeb Netherlands B.V. Certificate IssuerLet's Encrypt Subjectpemsrv.com FingerprintBA:AA:AB:1F:22:EF:D5:0A:2D:0C:D0:E8:1C:F5:D4:F5:29:2A:0D:5D ValidityTue, 30 Apr 2024 07:53:35 GMT - Mon, 29 Jul 2024 07:53:34 GMT File type gzip compressed data, max speed, from Unix Size 20 B (20 bytes) Hash a4745abc5e7fdb89cc6df3069f3c6e69 74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf HTTP Headers `GET /splash.php?idzone=5040978&type=8 HTTP/1.1 Host: s.pemsrv.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Date: Thu, 30 May 2024 20:01:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Access-Control-Allow-Headers: X-CH-VALUES Accept-CH: X-Robots-Tag: noindex, follow Content-Encoding: gzip`

	s.pemsrv.com/favicon.ico	95.211.229.245	204 No Content	0 B
URL GET HTTP/1.1 s.pemsrv.com/favicon.ico IP 95.211.229.245:443 ASN #60781 LeaseWeb Netherlands B.V. Requested by https://s.pemsrv.com/splash.php?idzone=5040978&type=8 Certificate IssuerLet's Encrypt Subjectpemsrv.com FingerprintBA:AA:AB:1F:22:EF:D5:0A:2D:0C:D0:E8:1C:F5:D4:F5:29:2A:0D:5D ValidityTue, 30 Apr 2024 07:53:35 GMT - Mon, 29 Jul 2024 07:53:34 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers `GET /favicon.ico HTTP/1.1 Host: s.pemsrv.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://s.pemsrv.com/splash.php?idzone=5040978&type=8 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 204 No Content Server: nginx Date: Thu, 30 May 2024 20:01:09 GMT Connection: keep-alive Accept-CH: X-Robots-Tag: noindex, follow`

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (6)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers