Report - swiifx.com/porno-land?h=waWQiOjEwMDk5OTIsInNpZCI6MTMzMjYzMCwid2lkIjo1NDc3MzksInNyYyI6Mn0=eyJ&clickid=27clgl21acr9a&si1=intent://swiifx.com/porno-land?h=waWQiOjEwMDk5OTIsInNpZCI6MTMzMjYzMCwid2lkIjo1NDc3MzksInNyYyI6Mn0=eyJ&clickid=27clgl21acr9a&si1=intent://swiifx.com/porno-land?h=waWQiOjEwMDk5OTIsInNpZCI6MTMzMjYzMCwid2lkIjo1NDc3MzksInNyYyI6Mn0=eyJ&clickid=27clgl21acr9a&si1=intent://swiifx.com/porno-land?h=waWQiOjEwMDk5OTIsInNpZCI6MTMzMjYzMCwid2lkIjo1NDc3MzksInNyYyI6Mn0=eyJ&clickid=27clgl21acr9a&si1=intent://swiifx.com/porno-land?h=waWQiOjEwMDk5OTIsInNpZCI6MTMzMjYzMCwid2lkIjo1NDc3MzksInNyYyI6Mn0=eyJ&clickid=27clgl21acr9a&si1=intent://swiifx.com/porno-land?h=waWQiOjEwMDk5OTIsInNpZCI6MTMzMjYzMCwid2lkIjo1NDc3MzksInNyYyI6Mn0=eyJ&clickid=27clgl21acr9a&si1=intent://swiifx.com/porno-land?h=waWQiOjEwMDk5OTIsInNpZCI6MTMzMjYzMCwid2lkIjo1NDc3MzksInNyYyI6Mn0=eyJ&clickid=27clgl21acr9a&si1=intent://swiifx.com/porno-land?h=waWQiOjEwMDk5OTIsInNpZCI6MTMzMjYzMCwid2lkIjo1NDc3MzksInNyYyI6Mn0=eyJ&clickid=27clgl21acr9a&si1=intent://swiifx.com/porno-land?h=waWQiOjEwMDk5OTIsInNpZCI6MTMzMjYzMCwid2lkIjo1NDc3MzksInNyYyI6Mn0=eyJ&clickid=27clgl21acr9a&si1=intent://swiifx.com/porno-land?h=waWQiOjEwMDk5OTIsInNpZCI6MTMzMjYzMCwid2lkIjo1NDc3MzksInNyYyI6Mn0=eyJ&clickid=27clgl21acr9a&si1=intent://swiifx.com/porno-land?h=waWQiOjEwMDk5OTIsInNpZCI6MTMzMjYzMCwid2lkIjo1NDc3MzksInNyYyI6Mn0=eyJ&clickid=27clgl21acr9a&si1=intent://swiifx.com/porno-land?h=waWQiOjEwMDk5OTIsInNpZCI6MTMzMjYzMCwid2lkIjo1NDc3MzksInNyYyI6Mn0=eyJ&clickid=27clgl21acr9a&si1=intent://swiifx.com/porno-land?h=waWQiOjEwMDk5OTIsInNpZCI6MTMzMjYzMCwid2lkIjo1NDc3MzksInNyYyI6Mn0=eyJ&clickid=27clgl21acr9a&si1=intent://swiifx.com/porno-land?h=waWQiOjEwMDk5OTIsInNpZCI6MTMzMjYzMCwid2lkIjo1NDc3MzksInNyYyI6Mn0=eyJ&clickid=27clgl21acr9a&si1=intent://swiifx.com/porno-land?h=waWQiOjEwMDk5OTIsInNpZCI6MTMzMjYzMCwid2lkIjo1NDc3MzksInNyYyI6Mn0=eyJ&clickid=27clgl21acr9a&si1=intent://swiifx.com/porno-land?h=waWQiOjEwMDk5OTIsInNpZCI6MTMzMjYzMCwid2lkIjo1NDc3MzksInNyYyI6Mn0=eyJ&clickid=27clgl21acr9a&si1=

Report Overview

Visited public
2024-03-08 07:37:30
Tags
URL
swiifx.com/porno-land?h=waWQiOjEwMDk5OTIsInNpZCI6MTMzMjYzMCwid2lkIjo1NDc3MzksInNyYyI6Mn0=eyJ&clickid=27clgl21acr9a&si1=intent://swiifx.com/porno-land?h=waWQiOjEwMDk5OTIsInNpZCI6MTMzMjYzMCwid2lkIjo1NDc3MzksInNyYyI6Mn0=eyJ&clickid=27clgl21acr9a&si1=intent://swiifx.com/porno-land?h=waWQiOjEwMDk5OTIsInNpZCI6MTMzMjYzMCwid2lkIjo1NDc3MzksInNyYyI6Mn0=eyJ&clickid=27clgl21acr9a&si1=intent://swiifx.com/porno-land?h=waWQiOjEwMDk5OTIsInNpZCI6MTMzMjYzMCwid2lkIjo1NDc3MzksInNyYyI6Mn0=eyJ&clickid=27clgl21acr9a&si1=intent://swiifx.com/porno-land?h=waWQiOjEwMDk5OTIsInNpZCI6MTMzMjYzMCwid2lkIjo1NDc3MzksInNyYyI6Mn0=eyJ&clickid=27clgl21acr9a&si1=intent://swiifx.com/porno-land?h=waWQiOjEwMDk5OTIsInNpZCI6MTMzMjYzMCwid2lkIjo1NDc3MzksInNyYyI6Mn0=eyJ&clickid=27clgl21acr9a&si1=intent://swiifx.com/porno-land?h=waWQiOjEwMDk5OTIsInNpZCI6MTMzMjYzMCwid2lkIjo1NDc3MzksInNyYyI6Mn0=eyJ&clickid=27clgl21acr9a&si1=intent://swiifx.com/porno-land?h=waWQiOjEwMDk5OTIsInNpZCI6MTMzMjYzMCwid2lkIjo1NDc3MzksInNyYyI6Mn0=eyJ&clickid=27clgl21acr9a&si1=intent://swiifx.com/porno-land?h=waWQiOjEwMDk5OTIsInNpZCI6MTMzMjYzMCwid2lkIjo1NDc3MzksInNyYyI6Mn0=eyJ&clickid=27clgl21acr9a&si1=intent://swiifx.com/porno-land?h=waWQiOjEwMDk5OTIsInNpZCI6MTMzMjYzMCwid2lkIjo1NDc3MzksInNyYyI6Mn0=eyJ&clickid=27clgl21acr9a&si1=intent://swiifx.com/porno-land?h=waWQiOjEwMDk5OTIsInNpZCI6MTMzMjYzMCwid2lkIjo1NDc3MzksInNyYyI6Mn0=eyJ&clickid=27clgl21acr9a&si1=intent://swiifx.com/porno-land?h=waWQiOjEwMDk5OTIsInNpZCI6MTMzMjYzMCwid2lkIjo1NDc3MzksInNyYyI6Mn0=eyJ&clickid=27clgl21acr9a&si1=intent://swiifx.com/porno-land?h=waWQiOjEwMDk5OTIsInNpZCI6MTMzMjYzMCwid2lkIjo1NDc3MzksInNyYyI6Mn0=eyJ&clickid=27clgl21acr9a&si1=intent://swiifx.com/porno-land?h=waWQiOjEwMDk5OTIsInNpZCI6MTMzMjYzMCwid2lkIjo1NDc3MzksInNyYyI6Mn0=eyJ&clickid=27clgl21acr9a&si1=intent://swiifx.com/porno-land?h=waWQiOjEwMDk5OTIsInNpZCI6MTMzMjYzMCwid2lkIjo1NDc3MzksInNyYyI6Mn0=eyJ&clickid=27clgl21acr9a&si1=intent://swiifx.com/porno-land?h=waWQiOjEwMDk5OTIsInNpZCI6MTMzMjYzMCwid2lkIjo1NDc3MzksInNyYyI6Mn0=eyJ&clickid=27clgl21acr9a&si1=
Finishing URL
intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
IP / ASN
185.162.87.220
#39572 DataWeb Global Group B.V.
Title
The CRYPTO Soft

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
mataoransolda.com	unknown	2024-03-01	2024-03-01 11:32:12	2024-03-07 18:27:32	1.3 kB	1.5 kB	139.45.196.64
my.rtmark.net	9054	2014-10-29	2015-02-04 10:54:57	2024-03-07 12:32:40	398 B	681 B	139.45.195.8
secureltrk.com	unknown	2023-10-10	2024-01-09 22:07:38	2024-03-07 13:31:55	647 B	533 B	5.61.54.143
ifdtrcking.com	unknown	2023-01-08	2023-01-08 15:21:58	2024-03-07 13:36:10	553 B	811 B	185.142.239.85
intelligent-money-offers.com	unknown	2023-11-10	2024-01-23 08:10:41	2024-03-07 13:35:21	28 kB	1.1 MB	185.142.239.82
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2024-03-07 13:36:11	494 B	2.0 kB	142.250.74.106
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17 22:46:33	2024-03-07 05:14:07	475 B	1.2 kB	104.17.25.14
mdakky.com	unknown	2023-10-12	2023-10-13 10:25:55	2024-03-07 16:08:37	553 B	184 B	185.162.85.2
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2024-03-07 13:40:29	2.2 kB	104 kB	216.58.207.227
cdntechone.com	64371	2021-12-24	2021-12-24 18:09:58	2024-03-07 17:01:20	780 B	15 kB	188.114.97.1
code.jquery.com	634	2005-12-10	2012-05-21 19:28:02	2024-03-07 13:12:21	422 B	32 kB	151.101.66.137
wokoez.com	unknown	2024-02-05	2024-02-06 14:55:06	2024-03-07 14:27:54	1.0 kB	887 B	185.162.85.20

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-03-08	medium	wokoez.com	Sinkholed
2024-03-07	medium	mataoransolda.com	Sinkholed
2024-03-08	medium	wokoez.com	Sinkholed
2024-03-07	medium	mataoransolda.com	Sinkholed
2024-03-08	medium	intelligent-money-offers.com	Sinkholed
2024-03-08	medium	intelligent-money-offers.com	Sinkholed
2024-03-08	medium	intelligent-money-offers.com	Sinkholed
2024-03-08	medium	intelligent-money-offers.com	Sinkholed
2024-03-08	medium	intelligent-money-offers.com	Sinkholed
2024-03-08	medium	intelligent-money-offers.com	Sinkholed
2024-03-08	medium	intelligent-money-offers.com	Sinkholed
2024-03-08	medium	intelligent-money-offers.com	Sinkholed
2024-03-08	medium	intelligent-money-offers.com	Sinkholed
2024-03-08	medium	intelligent-money-offers.com	Sinkholed
2024-03-08	medium	intelligent-money-offers.com	Sinkholed
2024-03-08	medium	intelligent-money-offers.com	Sinkholed
2024-03-08	medium	intelligent-money-offers.com	Sinkholed
2024-03-08	medium	intelligent-money-offers.com	Sinkholed
2024-03-08	medium	intelligent-money-offers.com	Sinkholed
2024-03-08	medium	intelligent-money-offers.com	Sinkholed
2024-03-08	medium	intelligent-money-offers.com	Sinkholed
2024-03-08	medium	intelligent-money-offers.com	Sinkholed
2024-03-08	medium	intelligent-money-offers.com	Sinkholed
2024-03-08	medium	intelligent-money-offers.com	Sinkholed
2024-03-08	medium	intelligent-money-offers.com	Sinkholed
2024-03-08	medium	intelligent-money-offers.com	Sinkholed
2024-03-08	medium	intelligent-money-offers.com	Sinkholed
2024-03-08	medium	intelligent-money-offers.com	Sinkholed
2024-03-08	medium	intelligent-money-offers.com	Sinkholed
2024-03-08	medium	intelligent-money-offers.com	Sinkholed
2024-03-08	medium	intelligent-money-offers.com	Sinkholed
2024-03-08	medium	intelligent-money-offers.com	Sinkholed
2024-03-08	medium	intelligent-money-offers.com	Sinkholed
2024-03-08	medium	intelligent-money-offers.com	Sinkholed
2024-03-08	medium	intelligent-money-offers.com	Sinkholed
2024-03-08	medium	intelligent-money-offers.com	Sinkholed
2024-03-08	medium	intelligent-money-offers.com	Sinkholed
2024-03-07	medium	mataoransolda.com	Sinkholed
2024-03-08	medium	intelligent-money-offers.com	Sinkholed
2024-03-08	medium	intelligent-money-offers.com	Sinkholed
2024-03-08	medium	intelligent-money-offers.com	Sinkholed
2024-03-08	medium	intelligent-money-offers.com	Sinkholed
2024-03-08	medium	intelligent-money-offers.com	Sinkholed
2024-03-08	medium	intelligent-money-offers.com	Sinkholed
2024-03-08	medium	intelligent-money-offers.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (8)

	URL	From	Size	First Seen	Last Seen
	intelligent-money-offers.com/cryptosoft/js/video.js	ScriptElement	1.5 MB	2023-03-07	2025-04-09
Pretty URL intelligent-money-offers.com/cryptosoft/js/video.js IP 185.142.239.82 ASN #174 COGENT-174 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:45 Last Seen2025-04-09 20:02 Times Seen157 Hash 9045e3df1785b61657789608f6afa807 0a7ea1b2e2bfc262fcd4acd1023973b78082f5ee 96d3349232417f89dec7f5c26a3872bb542fceaba22361b580b78f6e8d92ef2c Loading...

	intelligent-money-offers.com/cryptosoft/js/languageSwitcher.js	ScriptElement	1.0 kB	2024-02-07	2024-08-20
Pretty URL intelligent-money-offers.com/cryptosoft/js/languageSwitcher.js IP 185.142.239.82 ASN #174 COGENT-174 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-07 08:15 Last Seen2024-08-20 10:05 Times Seen124 Hash c6441d2b5114993bfa787c4d738de05c f0396f76fae808d34cf597b5455e548bb3dda4db 079480fd9e1991f10a369440c788b45f3a79769a64e40546b5336a8caffb144e Loading...

	intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto	ScriptElement	1.8 kB	2024-02-07	2024-08-20
Pretty URL intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto IP 185.142.239.82 ASN #174 COGENT-174 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-02-07 08:15 Last Seen2024-08-20 10:05 Times Seen122 Hash aacfdbd610dae04f437da13926f2eab5 8d144b21464387a819865b2e2f8f618649e7a783 b95e2f07a313b63ce625a368b85f028c3378ae8793cec207fa53ab386ef501bc Loading...

	code.jquery.com/jquery-3.5.1.min.js	ScriptElement	90 kB	2023-03-07	2025-05-14
Pretty URL code.jquery.com/jquery-3.5.1.min.js IP 151.101.66.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-14 03:50 Times Seen109283 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

	intelligent-money-offers.com/cryptosoft/js/jquery.min.js	ScriptElement	148 kB	2023-03-09	2024-08-20
Pretty URL intelligent-money-offers.com/cryptosoft/js/jquery.min.js IP 185.142.239.82 ASN #174 COGENT-174 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 06:14 Last Seen2024-08-20 10:05 Times Seen124 Hash e4ffda65e630968c72c3c2c84a3edd0f 6b5665cc000270f99193c0c95d082229d0133a38 f5443a76ec0301734875e2e007d025b0b64dc8c3bbe34233d6f2fe5d3c983030 Loading...

	intelligent-money-offers.com/cryptosoft/js/bodymovin_light.min.js	ScriptElement	200 kB	2024-02-07	2024-08-20
Pretty URL intelligent-money-offers.com/cryptosoft/js/bodymovin_light.min.js IP 185.142.239.82 ASN #174 COGENT-174 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-07 08:15 Last Seen2024-08-20 10:05 Times Seen124 Hash 5ac6c26b5a3d4e87b6c08efb26977f4f 3d815a65ef6fbcd9e84df5f393f9ab24b58d9393 4e7bf71bcc83214888e177d7c80b42d30d27b2069ae07db1e75913ba2f80d064 Loading...

	intelligent-money-offers.com/cryptosoft/js/main.js	ScriptElement	9.6 kB	2023-03-10	2024-08-20
Pretty URL intelligent-money-offers.com/cryptosoft/js/main.js IP 185.142.239.82 ASN #174 COGENT-174 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 11:22 Last Seen2024-08-20 10:05 Times Seen124 Hash 41ddc03e25896775817e7a426688d4ac c17d018a0077772c725fd7169c918b9fc354a644 03bcc8aa53336b3a1cb2171972666e7754fc149e911ab68a8b34af0370f0846d Loading...

	intelligent-money-offers.com/intgrtn/api/v1/integration/sdk.js?v=20242874	ScriptElement	500 kB	2023-06-28	2024-08-21
Pretty URL intelligent-money-offers.com/intgrtn/api/v1/integration/sdk.js?v=20242874 IP 185.142.239.82 ASN #174 COGENT-174 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-28 18:02 Last Seen2024-08-21 09:00 Times Seen970 Hash b74a78a8e492a9b171dab179eeab69fb 6e7fe630cf763a0a45fd77c922d728ad2b386cae 6298f0a9a101a54afa0ed7e7ccd9bb8f6583638f84082c69f5e0e5a2c9961f2e Loading...

HTTP Transactions (57)

URL IP Response Size

mdakky.com/rpe?a=1&s=1&act=18&src=2&p=1009992&st=1332630&wd=547739&d=swiifx.com&tpl=80&rnd=0.8275048549737528&sbid=intent%3A%2F%2Fswiifx.com%2Fporno-land&sbid2=

185.162.85.2

0 B

URL
mdakky.com/rpe?a=1&s=1&act=18&src=2&p=1009992&st=1332630&wd=547739&d=swiifx.com&tpl=80&rnd=0.8275048549737528&sbid=intent%3A%2F%2Fswiifx.com%2Fporno-land&sbid2=
IP
185.162.85.2:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /rpe?a=1&s=1&act=18&src=2&p=1009992&st=1332630&wd=547739&d=swiifx.com&tpl=80&rnd=0.8275048549737528&sbid=intent%3A%2F%2Fswiifx.com%2Fporno-land&sbid2= HTTP/1.1
Host: mdakky.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://swiifx.com
DNT: 1
Connection: keep-alive
Referer: https://swiifx.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
date: Fri, 08 Mar 2024 07:37:03 GMT
content-length: 0
accept-ch: Sec-CH-UA-Platform-Version
access-control-allow-origin: *
X-Firefox-Spdy: h2

wokoez.com/cuclc?aid=17394084415115970708&t=1709883423&s=1169027

185.162.85.20

214 B

URL
wokoez.com/cuclc?aid=17394084415115970708&t=1709883423&s=1169027
IP
185.162.85.20:0
ASN
#39572 DataWeb Global Group B.V.

File type
HTML document, ASCII text, with no line terminators
Size
214 B (214 bytes)
Hash
eab7fdc66e4464aea4c1da3d7aba46f4
7d24bfeb705d0d5eb1c06a1722fa10193951bcd6
351f4a1cd8886f7484f1cf99eeb8225cba83fd721cab18bac0a93bd1f32ec2b4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cuclc?aid=17394084415115970708&t=1709883423&s=1169027 HTTP/1.1
Host: wokoez.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://swiifx.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx/1.18.0
date: Fri, 08 Mar 2024 07:37:03 GMT
content-type: text/html; charset=utf-8
content-length: 214
location: https://mataoransolda.com/link?z=6849336&var=a547739&ymid=a2_17394084415115970708_547739_2_0
X-Firefox-Spdy: h2

mataoransolda.com/link?z=6849336&var=a547739&ymid=a2_17394084415115970708_547739_2_0

139.45.196.64

0 B

URL
mataoransolda.com/link?z=6849336&var=a547739&ymid=a2_17394084415115970708_547739_2_0
IP
139.45.196.64:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /link?z=6849336&var=a547739&ymid=a2_17394084415115970708_547739_2_0 HTTP/1.1
Host: mataoransolda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://swiifx.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx
date: Fri, 08 Mar 2024 07:37:03 GMT
content-length: 0
location: https://cdntechone.com/r.html?axcid=e7ddf874-40d2-43d7-b8fd-56541bff0853&axtsid=6849336&axcusid1=a547739&clid={ymid}&r=http%3A%2F%2Fmataoransolda.com%2Flink%3Fz%3D6849336%26var%3Da547739%26ymid%3Da2_17394084415115970708_547739_2_0%26acb%3Dproxy-smart-link&axcusid2=Smartlink&axadvid=1053995&axcamid=10505
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
link: <https://cdntechone.com>; rel="dns-prefetch preconnect"
set-cookie: OAID=04801908663441b1e1985dc70ad45e2e; expires=Sat, 08 Mar 2025 07:37:03 GMT
oaidts=1709883423; expires=Sat, 08 Mar 2025 07:37:03 GMT
phpckd6849336=true; expires=Sat, 09 Mar 2024 07:37:03 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

wokoez.com/phtbload?a=1&e=aeyJwaWQiOjEwMDk5OTIsInNpZCI6MTMzMjYzMCwid2lkIjo1NDc3Mzl9

185.162.85.2

146 B

URL
wokoez.com/phtbload?a=1&e=aeyJwaWQiOjEwMDk5OTIsInNpZCI6MTMzMjYzMCwid2lkIjo1NDc3Mzl9
IP
185.162.85.2:0
ASN
#39572 DataWeb Global Group B.V.

File type
gzip compressed data, from Unix
Size
146 B (146 bytes)
Hash
38fa9c0752953927da08dbb234e14f6d
97140cdfab066068320496c3598ed9dee4601424
ff737ebdeacba20f31427cc3534c6d120d1f67186ce2c75b2b6d9cc7562e14d3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /phtbload?a=1&e=aeyJwaWQiOjEwMDk5OTIsInNpZCI6MTMzMjYzMCwid2lkIjo1NDc3Mzl9 HTTP/1.1
Host: wokoez.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://swiifx.com/
Origin: https://swiifx.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
date: Fri, 08 Mar 2024 07:37:03 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Platform-Version
content-encoding: gzip
X-Firefox-Spdy: h2

cdntechone.com/r.html?axcid=e7ddf874-40d2-43d7-b8fd-56541bff0853&axtsid=6849336&axcusid1=a547739&clid={ymid}&r=http%3A%2F%2Fmataoransolda.com%2Flink%3Fz%3D6849336%26var%3Da547739%26ymid%3Da2_17394084415115970708_547739_2_0%26acb%3Dproxy-smart-link&axcusid2=Smartlink&axadvid=1053995&axcamid=10505

188.114.97.1

14 kB

URL
cdntechone.com/r.html?axcid=e7ddf874-40d2-43d7-b8fd-56541bff0853&axtsid=6849336&axcusid1=a547739&clid={ymid}&r=http%3A%2F%2Fmataoransolda.com%2Flink%3Fz%3D6849336%26var%3Da547739%26ymid%3Da2_17394084415115970708_547739_2_0%26acb%3Dproxy-smart-link&axcusid2=Smartlink&axadvid=1053995&axcamid=10505
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with very long lines (18452)
Size
14 kB (14493 bytes)
Hash
bb831dd6d50f6c8b53353103ec9a3703
9d78eba98e3da16601fb5492a7d66030865293e0
785c9ae55eb9710019f4b32060731514e6bf11d2fb96e0c5bc5dec7d2bfc9319

HTTP Headers

GET /r.html?axcid=e7ddf874-40d2-43d7-b8fd-56541bff0853&axtsid=6849336&axcusid1=a547739&clid={ymid}&r=http%3A%2F%2Fmataoransolda.com%2Flink%3Fz%3D6849336%26var%3Da547739%26ymid%3Da2_17394084415115970708_547739_2_0%26acb%3Dproxy-smart-link&axcusid2=Smartlink&axadvid=1053995&axcamid=10505 HTTP/1.1
Host: cdntechone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://swiifx.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 08 Mar 2024 07:37:03 GMT
content-type: text/html
last-modified: Wed, 07 Feb 2024 12:51:04 GMT
link: <https://datatechone.com/>; rel=preconnect; crossorigin, <https://datatechonert.com/>; rel=preconnect; crossorigin
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kx%2FydjWnRxc487o%2FZmTkR6xjAoxiM%2Bq9ft8rvkAoa8pe%2BFIiyO0RrCe53DeuPHy8cPh2WnVJY1N9P9Kg7%2BxuES0zuj0A0bgI3m2NxxHlKctxmP5OOHraw%2FmMxnSQmx1K6g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 861128660a50b509-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

mataoransolda.com/favicon.ico

139.45.196.64

0 B

URL
mataoransolda.com/favicon.ico
IP
139.45.196.64:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: mataoransolda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=04801908663441b1e1985dc70ad45e2e; oaidts=1709883423; phpckd6849336=true; allcnt=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Fri, 08 Mar 2024 07:37:04 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
pragma: public
cache-control: max-age=315360000, public, must-revalidate, proxy-revalidate
X-Firefox-Spdy: h2

my.rtmark.net/img.gif?f=merge&userId=04801908663441b1e1985dc70ad45e2e

139.45.195.8

43 B

URL
my.rtmark.net/img.gif?f=merge&userId=04801908663441b1e1985dc70ad45e2e
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

HTTP Headers

POST /img.gif?f=merge&userId=04801908663441b1e1985dc70ad45e2e HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 200 OK
server: nginx
date: Fri, 08 Mar 2024 07:37:04 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: null
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=04801908663441b1e1985dc70ad45e2e; expires=Sat, 08 Mar 2025 07:37:04 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

secureltrk.com/click?key=964a6cb724a8ed441ad5&visitor_id=789870931899331019&cost=0.000840&zoneid=6849338&campaignid=7910866&banner=20283117&zone_type={zone_type}&user_activity=high&subzone_id=0

5.61.54.143

307 Temporary Redirect

0 B

URL User Request GET HTTP/2
secureltrk.com/click?key=964a6cb724a8ed441ad5&visitor_id=789870931899331019&cost=0.000840&zoneid=6849338&campaignid=7910866&banner=20283117&zone_type={zone_type}&user_activity=high&subzone_id=0
IP
5.61.54.143:443
ASN
#58061 Scalaxy B.V.

Certificate
IssuerLet's Encrypt
Subjectsecureltrk.com
Fingerprint86:11:1D:08:4A:80:6E:6D:7B:95:14:63:E2:F3:28:09:1B:C4:78:FE
ValidityMon, 22 Jan 2024 13:23:20 GMT - Sun, 21 Apr 2024 13:23:19 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /click?key=964a6cb724a8ed441ad5&visitor_id=789870931899331019&cost=0.000840&zoneid=6849338&campaignid=7910866&banner=20283117&zone_type={zone_type}&user_activity=high&subzone_id=0 HTTP/1.1
Host: secureltrk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 307 Temporary Redirect
date: Fri, 08 Mar 2024 07:37:04 GMT
location: https://ifdtrcking.com/click.php?project_id=06d3dcc4a6&affiliate_id=79b2b9ace4&custom2=cnlc081idncc73b2lvv0
server: Caddy
set-cookie: uclick=m7uDkV1UPYo1h+r2OGCY5YdlZmpycj9le98k82loJs6GTxd9gnT2n/akZh+QGQMwd9rE4A==; Max-Age=31536000; SameSite=Lax
bcid=cnlc081idncc73b2lvv0; Max-Age=31536000; SameSite=Lax
cid=cnlc081idncc73b2lvv0; Max-Age=31536000; SameSite=Lax
x-request-id: ee04e805-dca3-4ae7-927d-082c28e5b303
content-length: 0
X-Firefox-Spdy: h2

ifdtrcking.com/click.php?project_id=06d3dcc4a6&affiliate_id=79b2b9ace4&custom2=cnlc081idncc73b2lvv0

185.142.239.85

302 Found

20 B

URL User Request GET HTTP/1.1
ifdtrcking.com/click.php?project_id=06d3dcc4a6&affiliate_id=79b2b9ace4&custom2=cnlc081idncc73b2lvv0
IP
185.142.239.85:443
ASN
#174 COGENT-174

Certificate
IssuerLet's Encrypt
Subjectifdtrcking.com
Fingerprint78:E6:1D:72:73:71:26:50:EF:D2:22:7F:42:8D:E8:84:EE:9E:0D:76
ValiditySun, 03 Mar 2024 02:03:36 GMT - Sat, 01 Jun 2024 02:03:35 GMT

File type
gzip compressed data, from Unix
Size
20 B (20 bytes)
Hash
7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2

HTTP Headers

GET /click.php?project_id=06d3dcc4a6&affiliate_id=79b2b9ace4&custom2=cnlc081idncc73b2lvv0 HTTP/1.1
Host: ifdtrcking.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Fri, 08 Mar 2024 07:37:05 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv; expires=Fri, 15-Mar-2024 07:37:05 GMT; Max-Age=604800; path=/; samesite=None; secure
leadID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv; expires=Fri, 15-Mar-2024 07:37:05 GMT; Max-Age=604800; path=/; samesite=None; secure
Location: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Content-Encoding: gzip
Vary: Accept-Encoding
X-Server: faucibus
PX-X-Request-Id: db07cea9176215e6c1141d5b2ffbde27

intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto

185.142.239.82

200 OK

5.3 kB

URL User Request GET HTTP/1.1
intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
IP
185.142.239.82:443
ASN
#174 COGENT-174

Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (444)
Size
5.3 kB (5263 bytes)
Hash
51f455ed807e18ae06e6c24e9e881811
f623b4501df3a9410625cdb98fbdb5c109f64c1e
fab94e741bdaa5f39cc44a44c8f816954e57dfe1fda81becab66884f12893515

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 08 Mar 2024 07:37:05 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: intgrtn_language=no; expires=Sun, 07-Apr-2024 07:37:05 GMT; Max-Age=2592000; path=/cryptosoft/
X-Upstream: evlampi-***ko
Content-Encoding: gzip
X-Server: tincidunt
PX-X-Request-Id: f5a0772a05a2cc9a4e0774685fa9ca63
PX-IPCountryISO: NO
PX-IPTimestamp: 1709649960 1709883221 1709868729

intelligent-money-offers.com/cryptosoft/css/bootstrap.css

185.142.239.82

200 OK

20 kB

URL GET HTTP/1.1
intelligent-money-offers.com/cryptosoft/css/bootstrap.css
IP
185.142.239.82:443
ASN
#174 COGENT-174

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
ASCII text, with very long lines (65452)
Size
20 kB (19841 bytes)
Hash
bcedbc182918a36f909c2735f5bbc2ee
4352dbcfc5e6fdd1b60f8a4951501ae232795c01
9fca27e31fbf05b4e94c25ea238fdfa4f0fea42571b12705e9fb5b2a212cb934

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptosoft/css/bootstrap.css HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_language=no
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 08 Mar 2024 07:37:05 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 15 Mar 2023 08:00:18 GMT
ETag: W/"64117b12-1db6f"
X-Upstream: evlampi-***ko
PX-Cache-Status: STALE
X-Server: tincidunt
PX-X-Request-Id: 0db64b70fcc641a9f1d6cbe4f6e7d2c2
PX-IPCountryISO: NO
PX-IPTimestamp: 1709649960 1709883221 1709868729
Content-Encoding: gzip

code.jquery.com/jquery-3.5.1.min.js

151.101.66.137

200 OK

31 kB

URL GET HTTP/2
code.jquery.com/jquery-3.5.1.min.js
IP
151.101.66.137:443
ASN
#54113 FASTLY

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
31 kB (30879 bytes)
Hash
dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

HTTP Headers

GET /jquery-3.5.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d84"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Fri, 08 Mar 2024 07:37:05 GMT
age: 11428737
x-served-by: cache-lga13628-LGA, cache-hel1410022-HEL
x-cache: HIT, HIT
x-cache-hits: 32, 413922
x-timer: S1709883426.786107,VS0,VE0
vary: Accept-Encoding
content-length: 30879
X-Firefox-Spdy: h2

intelligent-money-offers.com/cryptosoft/css/cryptosoftwarenow.css

185.142.239.82

200 OK

6.5 kB

URL GET HTTP/1.1
intelligent-money-offers.com/cryptosoft/css/cryptosoftwarenow.css
IP
185.142.239.82:443
ASN
#174 COGENT-174

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
troff or preprocessor input, ASCII text
Size
6.5 kB (6543 bytes)
Hash
f9cc837efa33fbe3ca7314e2798bf393
a08f703c3ca3a065cfe02a66d52679e1973a193b
dc1e5559a9f8c4f1275b6c3bcb6d02762e992c5c33a916766429363812857c78

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptosoft/css/cryptosoftwarenow.css HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_language=no
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 08 Mar 2024 07:37:05 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 15 Mar 2023 08:00:18 GMT
ETag: W/"64117b12-be7b"
X-Upstream: stavri-***ko
PX-Cache-Status: STALE
X-Server: tincidunt
PX-X-Request-Id: 2d0c65b5263897af4cd10e4315203f75
PX-IPCountryISO: NO
PX-IPTimestamp: 1709649960 1709883221 1709868729
Content-Encoding: gzip

intelligent-money-offers.com/cryptosoft/css/main.css

185.142.239.82

200 OK

6.6 kB

URL GET HTTP/1.1
intelligent-money-offers.com/cryptosoft/css/main.css
IP
185.142.239.82:443
ASN
#174 COGENT-174

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
ASCII text, with very long lines (4274)
Size
6.6 kB (6628 bytes)
Hash
ae53e8e3bd0409ec5a30a967da71626b
11830708573682f274e971cde921a171d06fcb32
2a8a99c74b0606dfe41fa441243f0e20bf7be1cd4c74c1d32bad764b9245f0f3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptosoft/css/main.css HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_language=no
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 08 Mar 2024 07:37:05 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 15 Mar 2023 08:00:18 GMT
ETag: W/"64117b12-6bd9"
X-Upstream: evlampi-***ko
PX-Cache-Status: STALE
X-Server: tincidunt
PX-X-Request-Id: d971093dd9e2e04558e64ead3c3c0407
PX-IPCountryISO: NO
PX-IPTimestamp: 1709649960 1709883221 1709868729
Content-Encoding: gzip

intelligent-money-offers.com/cryptosoft/css/1ststep.css

185.142.239.82

200 OK

699 B

URL GET HTTP/1.1
intelligent-money-offers.com/cryptosoft/css/1ststep.css
IP
185.142.239.82:443
ASN
#174 COGENT-174

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
ASCII text
Size
699 B (699 bytes)
Hash
db2fb4e58b4fac5a6044270d9e6b5eb7
8031246b12af6421e60ab1604bc1a0aa38992078
a22aa11f308ef08f20cceaf2c63ff1265cfd5413e81b54902909927bd57c517f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptosoft/css/1ststep.css HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_language=no
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 08 Mar 2024 07:37:05 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 15 Mar 2023 08:00:18 GMT
ETag: W/"64117b12-8f0"
X-Upstream: evlampi-***ko
PX-Cache-Status: STALE
X-Server: tincidunt
PX-X-Request-Id: 8068a18b84ef27bbbfe78842a72d8614
PX-IPCountryISO: NO
PX-IPTimestamp: 1709649960 1709883409 1709868729
Content-Encoding: gzip

intelligent-money-offers.com/cryptosoft/css/video-js.css

185.142.239.82

200 OK

10 kB

URL GET HTTP/1.1
intelligent-money-offers.com/cryptosoft/css/video-js.css
IP
185.142.239.82:443
ASN
#174 COGENT-174

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
ASCII text, with very long lines (5636)
Size
10 kB (10001 bytes)
Hash
20e19d889dd8fa46e8035262bf8fb3ab
850966876046e39a0fb2a20cde449e2b027bfbc6
4e76177722cff7661c6bf7cc77b62223a75a62b8238d029001b6a5c25e78a417

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptosoft/css/video-js.css HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_language=no
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 08 Mar 2024 07:37:05 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 15 Mar 2023 08:00:18 GMT
ETag: W/"64117b12-9ed4"
X-Upstream: evlampi-***ko
PX-Cache-Status: STALE
X-Server: tincidunt
PX-X-Request-Id: e481c0c09ec3b3b8e6927f46286de8d9
PX-IPCountryISO: NO
PX-IPTimestamp: 1709649960 1709883221 1709868729
Content-Encoding: gzip

intelligent-money-offers.com/cryptosoft/css/intgrtn.css

185.142.239.82

200 OK

797 B

URL GET HTTP/1.1
intelligent-money-offers.com/cryptosoft/css/intgrtn.css
IP
185.142.239.82:443
ASN
#174 COGENT-174

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
ASCII text
Size
797 B (797 bytes)
Hash
b10ae1939162249658df712469e9efe0
d458e405d0534d1d3f231102ac658c56cb7ea98e
d8b8dceb0aa4b0196542a7f9377c2b9e41f465d366f61bfffcfa2ca3b5938c50

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptosoft/css/intgrtn.css HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_language=no
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 08 Mar 2024 07:37:05 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 15 Mar 2023 08:00:18 GMT
ETag: W/"64117b12-a43"
X-Upstream: evlampi-***ko
PX-Cache-Status: STALE
X-Server: tincidunt
PX-X-Request-Id: 35728156668d45e6502899ddff40de32
PX-IPCountryISO: NO
PX-IPTimestamp: 1709649960 1709883221 1709868729
Content-Encoding: gzip

intelligent-money-offers.com/cryptosoft/css/components.css

185.142.239.82

200 OK

7.9 kB

URL GET HTTP/1.1
intelligent-money-offers.com/cryptosoft/css/components.css
IP
185.142.239.82:443
ASN
#174 COGENT-174

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
ASCII text, with very long lines (2586)
Size
7.9 kB (7932 bytes)
Hash
ee8d810926f71f28273101dd78c932ca
9d0c022c3ef0705320a012b8085a24b776e3c4aa
969afdfd47795526460b62c26daed3d8390392229526d66cf0ea58c905f8f74f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptosoft/css/components.css HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_language=no
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 08 Mar 2024 07:37:05 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 15 Mar 2023 08:00:18 GMT
ETag: W/"64117b12-94f8"
X-Upstream: stavri-***ko
PX-Cache-Status: STALE
X-Server: tincidunt
PX-X-Request-Id: 8340bc7aedbff2c2af47837d41c8434b
PX-IPCountryISO: NO
PX-IPTimestamp: 1709649960 1709883221 1709868729
Content-Encoding: gzip

intelligent-money-offers.com/cryptosoft/css/normalize.css

185.142.239.82

200 OK

949 B

URL GET HTTP/1.1
intelligent-money-offers.com/cryptosoft/css/normalize.css
IP
185.142.239.82:443
ASN
#174 COGENT-174

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
ASCII text
Size
949 B (949 bytes)
Hash
8f996b212a7a6c10aabac8224e473064
eff200de9c8ba4938457e77082ff8c21c6c82b03
05f12cf34a7189b7e5712de4faa6c68761cca50106276f24cd21cea365ca5f81

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptosoft/css/normalize.css HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_language=no
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 08 Mar 2024 07:37:05 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 15 Mar 2023 08:00:18 GMT
ETag: W/"64117b12-94d"
X-Upstream: stavri-***ko
PX-Cache-Status: STALE
X-Server: tincidunt
PX-X-Request-Id: 756f748eb05e75207fa57be99d19535a
PX-IPCountryISO: NO
PX-IPTimestamp: 1709649960 1709883221 1709868729
Content-Encoding: gzip

intelligent-money-offers.com/cryptosoft/css/languageSwitcher.css

185.142.239.82

200 OK

1.3 kB

URL GET HTTP/1.1
intelligent-money-offers.com/cryptosoft/css/languageSwitcher.css
IP
185.142.239.82:443
ASN
#174 COGENT-174

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
ASCII text
Size
1.3 kB (1268 bytes)
Hash
e929a697439b28542d2cbea7c814031b
e94ddb9493a1cb2faff7f85419f867367f4eed0f
ac9a880373ca9cea5af85c91b7d9cd9b8e46ab4d1d714b4abed72c03f7091226

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptosoft/css/languageSwitcher.css HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_language=no
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 08 Mar 2024 07:37:05 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 15 Mar 2023 08:00:18 GMT
ETag: W/"64117b12-142a"
X-Upstream: evlampi-***ko
PX-Cache-Status: STALE
X-Server: tincidunt
PX-X-Request-Id: e1f426017f4674c6dd3f14d19d143269
PX-IPCountryISO: NO
PX-IPTimestamp: 1709649960 1709883221 1709868729
Content-Encoding: gzip

intelligent-money-offers.com/cryptosoft/css/integration.css

185.142.239.82

200 OK

9.1 kB

URL GET HTTP/1.1
intelligent-money-offers.com/cryptosoft/css/integration.css
IP
185.142.239.82:443
ASN
#174 COGENT-174

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
ASCII text, with very long lines (881)
Size
9.1 kB (9149 bytes)
Hash
161f09fe993a6785d5816b258dc8a4e4
d182de3008ab0e313eb7180559d208b4546fa64e
00d373314c8cfa72afc276cfb004492f298dd77dbe48a7a640711b51aecfd9e6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptosoft/css/integration.css HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_language=no
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 08 Mar 2024 07:37:05 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 15 Mar 2023 08:00:18 GMT
ETag: W/"64117b12-f6c4"
X-Upstream: evlampi-***ko
PX-Cache-Status: STALE
X-Server: tincidunt
PX-X-Request-Id: 75afe7ad8bb38e22436df29ff6f1d799
PX-IPCountryISO: NO
PX-IPTimestamp: 1709649960 1709883221 1709868729
Content-Encoding: gzip

intelligent-money-offers.com/cryptosoft/js/jquery.min.js

185.142.239.82

200 OK

39 kB

URL GET HTTP/1.1
intelligent-money-offers.com/cryptosoft/js/jquery.min.js
IP
185.142.239.82:443
ASN
#174 COGENT-174

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
JavaScript source, ASCII text, with very long lines (849)
Size
39 kB (38563 bytes)
Hash
e4ffda65e630968c72c3c2c84a3edd0f
6b5665cc000270f99193c0c95d082229d0133a38
f5443a76ec0301734875e2e007d025b0b64dc8c3bbe34233d6f2fe5d3c983030

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptosoft/js/jquery.min.js HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_language=no
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 08 Mar 2024 07:37:05 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 15 Mar 2023 08:00:18 GMT
ETag: W/"64117b12-243d4"
X-Upstream: evlampi-***ko
PX-Cache-Status: STALE
X-Server: tincidunt
PX-X-Request-Id: 0ac37dc887730c60caa40f53cb09eb89
PX-IPCountryISO: NO
PX-IPTimestamp: 1709649960 1709883221 1709868729
Content-Encoding: gzip

fonts.googleapis.com/css?family=Roboto+Condensed:400,700|Roboto:400,400i,700&subset=latin-ext

142.250.74.106

200 OK

1.4 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Roboto+Condensed:400,700|Roboto:400,400i,700&subset=latin-ext
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint48:72:AA:F2:E2:69:76:76:93:18:78:2B:17:6E:20:5F:DF:87:66:5C
ValidityMon, 05 Feb 2024 08:19:19 GMT - Mon, 29 Apr 2024 08:19:18 GMT

File type
gzip compressed data, max compression
Size
1.4 kB (1352 bytes)
Hash
8890394633d3f6e78665fca6d286d16e
971c759718a3ec9777f5ec92a25852d66b8ef7f0
333da8572fd822da05864efe15fdcb571171e2bf49d47c6ab8e5eace13b59643

HTTP Headers

GET /css?family=Roboto+Condensed:400,700|Roboto:400,400i,700&subset=latin-ext HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 08 Mar 2024 07:37:05 GMT
date: Fri, 08 Mar 2024 07:37:05 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

intelligent-money-offers.com/cryptosoft/css/flag-icon.min.css

185.142.239.82

200 OK

2.7 kB

URL GET HTTP/1.1
intelligent-money-offers.com/cryptosoft/css/flag-icon.min.css
IP
185.142.239.82:443
ASN
#174 COGENT-174

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
ASCII text, with very long lines (62602), with no line terminators
Size
2.7 kB (2664 bytes)
Hash
61483228b4930f192e0758cfd8f5a8a1
1b7cc9afca988f1b0f6cf917527abcc4d7dea8b8
03ee803eb3f0b701467df2dcb7d4923316a55facd77ab8198db43aad5424840e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptosoft/css/flag-icon.min.css HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_language=no
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 08 Mar 2024 07:37:06 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 15 Mar 2023 08:00:18 GMT
ETag: W/"64117b12-f48a"
X-Upstream: evlampi-***ko
PX-Cache-Status: STALE
X-Server: tincidunt
PX-X-Request-Id: 0963058bee693291ea458e4ae00373c8
PX-IPCountryISO: NO
PX-IPTimestamp: 1709649960 1709883409 1709868729
Content-Encoding: gzip

cdnjs.cloudflare.com/ajax/libs/flag-icon-css/3.4.6/flags/4x3/no.svg

104.17.25.14

200 OK

179 B

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/flag-icon-css/3.4.6/flags/4x3/no.svg
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
179 B (179 bytes)
Hash
0b41df77e951a30bbfccfd0a3714a1a3
8c71f507dc4e81a37418fa4c5173181ffcace814
c59f156ddd70507f05267dc35e2e4f3e44467b9ef414995abb91589dc486dd6a

HTTP Headers

GET /ajax/libs/flag-icon-css/3.4.6/flags/4x3/no.svg HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 08 Mar 2024 07:37:06 GMT
content-type: image/svg+xml; charset=utf-8
content-length: 179
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e5d-141"
last-modified: Mon, 04 May 2020 16:10:05 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 59828
expires: Wed, 26 Feb 2025 07:37:06 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OOoun7jkFBoccqqgVSSv9uz2oEnXzEixsIrxXXtYDi17y8OXSDyPRw7O2DmZgDmpLB%2FDHMwF5wJhU%2BEoDAD7ZdHAXfYQ8KnZ6dGeFhSrC%2BRgJ7hk73mgM2fYR1BXnp3iHmD2P5Kh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 8611287568e656a5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

intelligent-money-offers.com/cryptosoft/js/video.js

185.142.239.82

200 OK

335 kB

URL GET HTTP/1.1
intelligent-money-offers.com/cryptosoft/js/video.js
IP
185.142.239.82:443
ASN
#174 COGENT-174

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
JavaScript source, ASCII text, with very long lines (491)
Size
335 kB (335015 bytes)
Hash
9045e3df1785b61657789608f6afa807
0a7ea1b2e2bfc262fcd4acd1023973b78082f5ee
96d3349232417f89dec7f5c26a3872bb542fceaba22361b580b78f6e8d92ef2c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptosoft/js/video.js HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_language=no
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 08 Mar 2024 07:37:05 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 15 Mar 2023 08:00:18 GMT
ETag: W/"64117b12-173a79"
X-Upstream: evlampi-***ko
PX-Cache-Status: STALE
X-Server: tincidunt
PX-X-Request-Id: bb49fbf725965b4483ebafa6373ccee3
PX-IPCountryISO: NO
PX-IPTimestamp: 1709649960 1709883221 1709868729
Content-Encoding: gzip

intelligent-money-offers.com/cryptosoft/images/bgpattern.png

185.142.239.82

200 OK

47 kB

URL GET HTTP/1.1
intelligent-money-offers.com/cryptosoft/images/bgpattern.png
IP
185.142.239.82:443
ASN
#174 COGENT-174

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
PNG image data, 594 x 594, 8-bit grayscale, non-interlaced
Size
47 kB (47224 bytes)
Hash
c1f1b46e1e077e82da94f0d5a2b2d4d9
129c3a2c0417ae0ac69e4f536f4e50418c2191da
2bf9ed9ba13bb6261155bb9243b13e0ae7af6dab2af6e9681fd4338380938eab

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptosoft/images/bgpattern.png HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/css/main.css
Cookie: intgrtn_language=no
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 08 Mar 2024 07:37:06 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 15 Mar 2023 08:00:18 GMT
ETag: W/"64117b12-b9e8"
X-Upstream: evlampi-***ko
PX-Cache-Status: STALE
X-Server: tincidunt
PX-X-Request-Id: 333f548d5f17b7a5d76e81369e63b777
PX-IPCountryISO: NO
PX-IPTimestamp: 1709649960 1709883221 1709868729
Content-Encoding: gzip

intelligent-money-offers.com/cryptosoft/js/languageSwitcher.js

185.142.239.82

200 OK

296 B

URL GET HTTP/1.1
intelligent-money-offers.com/cryptosoft/js/languageSwitcher.js
IP
185.142.239.82:443
ASN
#174 COGENT-174

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
JavaScript source, ASCII text
Size
296 B (296 bytes)
Hash
c6441d2b5114993bfa787c4d738de05c
f0396f76fae808d34cf597b5455e548bb3dda4db
079480fd9e1991f10a369440c788b45f3a79769a64e40546b5336a8caffb144e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptosoft/js/languageSwitcher.js HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_language=no
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 08 Mar 2024 07:37:06 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 15 Mar 2023 08:00:18 GMT
ETag: W/"64117b12-40a"
X-Upstream: evlampi-***ko
PX-Cache-Status: STALE
X-Server: tincidunt
PX-X-Request-Id: 4bf91e0edf73ecf5c967de4c19a00cb2
PX-IPCountryISO: NO
PX-IPTimestamp: 1709649960 1709883221 1709868729
Content-Encoding: gzip

intelligent-money-offers.com/cryptosoft/js/bodymovin_light.min.js

185.142.239.82

200 OK

41 kB

URL GET HTTP/1.1
intelligent-money-offers.com/cryptosoft/js/bodymovin_light.min.js
IP
185.142.239.82:443
ASN
#174 COGENT-174

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
JavaScript source, ASCII text, with very long lines (1445)
Size
41 kB (41225 bytes)
Hash
5ac6c26b5a3d4e87b6c08efb26977f4f
3d815a65ef6fbcd9e84df5f393f9ab24b58d9393
4e7bf71bcc83214888e177d7c80b42d30d27b2069ae07db1e75913ba2f80d064

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptosoft/js/bodymovin_light.min.js HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_language=no
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 08 Mar 2024 07:37:06 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 15 Mar 2023 08:00:18 GMT
ETag: W/"64117b12-30be4"
X-Upstream: evlampi-***ko
PX-Cache-Status: STALE
X-Server: tincidunt
PX-X-Request-Id: 6a9872abf0da44829851c958e71fa946
PX-IPCountryISO: NO
PX-IPTimestamp: 1709649960 1709883221 1709868729
Content-Encoding: gzip

intelligent-money-offers.com/cryptosoft/js/main.js

185.142.239.82

200 OK

2.7 kB

URL GET HTTP/1.1
intelligent-money-offers.com/cryptosoft/js/main.js
IP
185.142.239.82:443
ASN
#174 COGENT-174

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
JavaScript source, ASCII text, with very long lines (550)
Size
2.7 kB (2723 bytes)
Hash
41ddc03e25896775817e7a426688d4ac
c17d018a0077772c725fd7169c918b9fc354a644
03bcc8aa53336b3a1cb2171972666e7754fc149e911ab68a8b34af0370f0846d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptosoft/js/main.js HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_language=no
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 08 Mar 2024 07:37:06 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 15 Mar 2023 08:00:18 GMT
ETag: W/"64117b12-2589"
X-Upstream: evlampi-***ko
PX-Cache-Status: STALE
X-Server: tincidunt
PX-X-Request-Id: 7f49a417fd4054d21b23b2852e19b3fc
PX-IPCountryISO: NO
PX-IPTimestamp: 1709649960 1709883221 1709868729
Content-Encoding: gzip

intelligent-money-offers.com/cryptosoft/images/icon_immediateresults_white.svg

185.142.239.82

200 OK

707 B

URL GET HTTP/1.1
intelligent-money-offers.com/cryptosoft/images/icon_immediateresults_white.svg
IP
185.142.239.82:443
ASN
#174 COGENT-174

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
SVG Scalable Vector Graphics image
Size
707 B (707 bytes)
Hash
d0aeb5ba411b7dfdc5ec8105fecf4846
8adf5b0252b9dacb552f535f8f962cd99f04f02b
b26aeae0358626b11f7315dd8bf3b6ffa1c5513e6e0bdf88087908edf1a601c4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptosoft/images/icon_immediateresults_white.svg HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_language=no
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 08 Mar 2024 07:37:06 GMT
Content-Type: image/svg+xml
Content-Length: 707
Connection: keep-alive
Last-Modified: Wed, 15 Mar 2023 08:00:18 GMT
ETag: "64117b12-2c3"
X-Upstream: stavri-***ko
PX-Cache-Status: STALE
X-Server: tincidunt
PX-X-Request-Id: 61a10c8ba5da933665ca8ec63fa0c60d
PX-IPCountryISO: NO
PX-IPTimestamp: 1709649960 1709883221 1709868729
Accept-Ranges: bytes

intelligent-money-offers.com/cryptosoft/images/usr_4fsd2gf.jpg

185.142.239.82

200 OK

3.4 kB

URL GET HTTP/1.1
intelligent-money-offers.com/cryptosoft/images/usr_4fsd2gf.jpg
IP
185.142.239.82:443
ASN
#174 COGENT-174

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 128x128, components 3
Size
3.4 kB (3376 bytes)
Hash
fb890d033d714911141f83a49afac85e
3cd5a5b27d8e089123166902c64303233645235e
006252ba27677f8cb620524557048dd0595df8554a8bf1ea19826c62b97117cb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptosoft/images/usr_4fsd2gf.jpg HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_language=no
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 08 Mar 2024 07:37:06 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 15 Mar 2023 08:00:18 GMT
ETag: W/"64117b12-d31"
X-Upstream: stavri-***ko
PX-Cache-Status: STALE
X-Server: tincidunt
PX-X-Request-Id: fb51e12da2be56d8805e9c99a8ca0900
PX-IPCountryISO: NO
PX-IPTimestamp: 1709649960 1709883409 1709868729
Content-Encoding: gzip

intelligent-money-offers.com/cryptosoft/images/icon_moneymachine_white.svg

185.142.239.82

200 OK

959 B

URL GET HTTP/1.1
intelligent-money-offers.com/cryptosoft/images/icon_moneymachine_white.svg
IP
185.142.239.82:443
ASN
#174 COGENT-174

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
SVG Scalable Vector Graphics image
Size
959 B (959 bytes)
Hash
f266ea13f337a62805291e29e9208f08
8e5c600eb9279d9d52f9627094997bd3f1f2882d
360ebe904d3d78de5737af2d81cdda55b91495a105f78e4099338cecea2d3737

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptosoft/images/icon_moneymachine_white.svg HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_language=no
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 08 Mar 2024 07:37:06 GMT
Content-Type: image/svg+xml
Content-Length: 959
Connection: keep-alive
Last-Modified: Wed, 15 Mar 2023 08:00:18 GMT
ETag: "64117b12-3bf"
X-Upstream: stavri-***ko
PX-Cache-Status: STALE
X-Server: tincidunt
PX-X-Request-Id: f0cd5615d629a26b28b1bed0e2b5989a
PX-IPCountryISO: NO
PX-IPTimestamp: 1709649960 1709883221 1709868729
Accept-Ranges: bytes

intelligent-money-offers.com/cryptosoft/images/icon_exceptionalsoftware_white.svg

185.142.239.82

200 OK

832 B

URL GET HTTP/1.1
intelligent-money-offers.com/cryptosoft/images/icon_exceptionalsoftware_white.svg
IP
185.142.239.82:443
ASN
#174 COGENT-174

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
SVG Scalable Vector Graphics image
Size
832 B (832 bytes)
Hash
0e106634e2cc460e44f5b0279b9e27b0
b60c3bac94eb78c12482082979a91fa69ddf26f8
c1c1494e06df0b23bf7153f95b127046661d3abe014af2f9013c256470c19013

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptosoft/images/icon_exceptionalsoftware_white.svg HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_language=no
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 08 Mar 2024 07:37:06 GMT
Content-Type: image/svg+xml
Content-Length: 832
Connection: keep-alive
Last-Modified: Wed, 15 Mar 2023 08:00:18 GMT
ETag: "64117b12-340"
X-Upstream: stavri-***ko
PX-Cache-Status: STALE
X-Server: tincidunt
PX-X-Request-Id: 2fc48b2f82c89aeccc6283446333c72c
PX-IPCountryISO: NO
PX-IPTimestamp: 1709649960 1709883221 1709868729
Accept-Ranges: bytes

intelligent-money-offers.com/cryptosoft/images/usr_dfs44fds.jpg

185.142.239.82

200 OK

4.4 kB

URL GET HTTP/1.1
intelligent-money-offers.com/cryptosoft/images/usr_dfs44fds.jpg
IP
185.142.239.82:443
ASN
#174 COGENT-174

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 128x128, components 3
Size
4.4 kB (4433 bytes)
Hash
761d259471111e75526a5ca4d1dd9ff9
dad8075b9fed58ffb2f36eb0ded42c8e5dbd985d
20294458f113878646564894023ee91975a021f9e79273f611e009f285aee031

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptosoft/images/usr_dfs44fds.jpg HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_language=no
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 08 Mar 2024 07:37:06 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 15 Mar 2023 08:00:18 GMT
ETag: W/"64117b12-1156"
X-Upstream: evlampi-***ko
PX-Cache-Status: STALE
X-Server: tincidunt
PX-X-Request-Id: be9438561247d584fc0e77abd521eab5
PX-IPCountryISO: NO
PX-IPTimestamp: 1709649960 1709883409 1709868729
Content-Encoding: gzip

intelligent-money-offers.com/cryptosoft/images/usr_bmjidry4561s.jpg

185.142.239.82

200 OK

6.1 kB

URL GET HTTP/1.1
intelligent-money-offers.com/cryptosoft/images/usr_bmjidry4561s.jpg
IP
185.142.239.82:443
ASN
#174 COGENT-174

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 128x128, components 3
Size
6.1 kB (6091 bytes)
Hash
5b4cf6f722d859ac293ee0eae7401010
43b5149cf2280ba24f6cfd60ef40ac82602e1497
cfee582443d62cea8d7ae9a86a6d16d8b7a27ed17098944f0d37720f42b8d67c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptosoft/images/usr_bmjidry4561s.jpg HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_language=no
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 08 Mar 2024 07:37:06 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 15 Mar 2023 08:00:18 GMT
ETag: W/"64117b12-17f7"
X-Upstream: evlampi-***ko
PX-Cache-Status: STALE
X-Server: tincidunt
PX-X-Request-Id: aacbd0ab1926b2914eb7f1e6da0ad965
PX-IPCountryISO: NO
PX-IPTimestamp: 1709649960 1709883221 1709868729
Content-Encoding: gzip

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint7E:D8:A3:26:76:2A:70:11:A5:C6:42:20:61:35:14:1C:03:F2:35:55
ValidityMon, 05 Feb 2024 08:19:14 GMT - Mon, 29 Apr 2024 08:19:13 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://intelligent-money-offers.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 07 Mar 2024 03:21:25 GMT
expires: Fri, 07 Mar 2025 03:21:25 GMT
cache-control: public, max-age=31536000
age: 101741
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint7E:D8:A3:26:76:2A:70:11:A5:C6:42:20:61:35:14:1C:03:F2:35:55
ValidityMon, 05 Feb 2024 08:19:14 GMT - Mon, 29 Apr 2024 08:19:13 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://intelligent-money-offers.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 07 Mar 2024 03:28:11 GMT
expires: Fri, 07 Mar 2025 03:28:11 GMT
cache-control: public, max-age=31536000
age: 101335
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

intelligent-money-offers.com/cryptosoft/images/logo-p-500.webp

185.142.239.82

200 OK

8.1 kB

URL GET HTTP/1.1
intelligent-money-offers.com/cryptosoft/images/logo-p-500.webp
IP
185.142.239.82:443
ASN
#174 COGENT-174

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
RIFF (little-endian) data, Web/P image
Size
8.1 kB (8050 bytes)
Hash
5b4485f6681d997dd349531cf71d2dfc
278263cdbd2464565df4b818fca3f6ec9e7e7b97
2b4c3b1882626c009c32305ef9e0c4690dab66c0fcf56a176f22c93a4ecf304e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptosoft/images/logo-p-500.webp HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_language=no
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 08 Mar 2024 07:37:06 GMT
Content-Type: image/webp
Content-Length: 8050
Connection: keep-alive
Last-Modified: Wed, 15 Mar 2023 08:00:18 GMT
ETag: "64117b12-1f72"
X-Upstream: evlampi-***ko
Accept-Ranges: bytes
X-Server: tincidunt
PX-X-Request-Id: 55ba0fed89894151a635495bef53a041
PX-IPCountryISO: NO
PX-IPTimestamp: 1709649960 1709883221 1709868729

intelligent-money-offers.com/cryptosoft/images/usr_xcbn8uo0.jpg

185.142.239.82

200 OK

4.6 kB

URL GET HTTP/1.1
intelligent-money-offers.com/cryptosoft/images/usr_xcbn8uo0.jpg
IP
185.142.239.82:443
ASN
#174 COGENT-174

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 128x128, components 3
Size
4.6 kB (4553 bytes)
Hash
fb4896e64e4b7e474bed3a6e798e3b9f
5b778cc162fa8f7ac9874b609f454db0ecbda1d4
cd461b8779e9275109e3d2af7979e45d4d6b86b2525d78e7d696501378ff6674

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptosoft/images/usr_xcbn8uo0.jpg HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_language=no
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 08 Mar 2024 07:37:06 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 15 Mar 2023 08:00:18 GMT
ETag: W/"64117b12-11d7"
X-Upstream: evlampi-***ko
PX-Cache-Status: STALE
X-Server: tincidunt
PX-X-Request-Id: 78c8b05a0bbb7cdf255a04d7c686f7ed
PX-IPCountryISO: NO
PX-IPTimestamp: 1709649960 1709883221 1709868729
Content-Encoding: gzip

intelligent-money-offers.com/cryptosoft/images/usr_t14csd.jpg

185.142.239.82

200 OK

3.4 kB

URL GET HTTP/1.1
intelligent-money-offers.com/cryptosoft/images/usr_t14csd.jpg
IP
185.142.239.82:443
ASN
#174 COGENT-174

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 128x128, components 3
Size
3.4 kB (3410 bytes)
Hash
d12d86174be9cb39cb72da25bc8acbce
e9e8e9d87fcfa971c121897d5ef89b5bad5d71c8
86e1bd591516b78418106aedf9b3eb43d87f23a28490ecb3fda8b54176b4a095

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptosoft/images/usr_t14csd.jpg HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_language=no
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 08 Mar 2024 07:37:06 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 15 Mar 2023 08:00:18 GMT
ETag: W/"64117b12-d57"
X-Upstream: stavri-***ko
PX-Cache-Status: STALE
X-Server: tincidunt
PX-X-Request-Id: 937c9b15f8f359adefef42932f533561
PX-IPCountryISO: NO
PX-IPTimestamp: 1709649960 1709883221 1709868729
Content-Encoding: gzip

intelligent-money-offers.com/cryptosoft/images/usr_onjghj403.jpg

185.142.239.82

200 OK

6.9 kB

URL GET HTTP/1.1
intelligent-money-offers.com/cryptosoft/images/usr_onjghj403.jpg
IP
185.142.239.82:443
ASN
#174 COGENT-174

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 128x128, components 3
Size
6.9 kB (6875 bytes)
Hash
e43140a0279d3c52802ec351188c5998
cf9c4c69764afe134a2e588b28c530b2da4052f7
ad6c7d48950922bb63f22161c4a4cef3924c2fe2e2bc4851c3e24bdd9c69c283

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptosoft/images/usr_onjghj403.jpg HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_language=no
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 08 Mar 2024 07:37:06 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 15 Mar 2023 08:00:18 GMT
ETag: W/"64117b12-1b0d"
X-Upstream: evlampi-***ko
PX-Cache-Status: STALE
X-Server: tincidunt
PX-X-Request-Id: 401bd0e488de7cb0e4588df213d4e728
PX-IPCountryISO: NO
PX-IPTimestamp: 1709649960 1709883221 1709868729
Content-Encoding: gzip

fonts.gstatic.com/s/roboto/v30/KFOkCnqEu92Fr1Mu51xIIzI.woff2

216.58.207.227

200 OK

17 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOkCnqEu92Fr1Mu51xIIzI.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint7E:D8:A3:26:76:2A:70:11:A5:C6:42:20:61:35:14:1C:03:F2:35:55
ValidityMon, 05 Feb 2024 08:19:14 GMT - Mon, 29 Apr 2024 08:19:13 GMT

File type
Web Open Font Format (Version 2), TrueType, length 17368, version 1.0
Size
17 kB (17368 bytes)
Hash
abe083d96b58eb02ada8b7c30d7b09f2
61447d66d13a8c8f4335696777a85c438c46f749
db0424fb67fb52e7e538490240cc7fb9c05aa076333a4968f3dee30b825dabf9

HTTP Headers

GET /s/roboto/v30/KFOkCnqEu92Fr1Mu51xIIzI.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://intelligent-money-offers.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17368
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 02 Mar 2024 20:26:50 GMT
expires: Sun, 02 Mar 2025 20:26:50 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
age: 472216
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/robotocondensed/v27/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2

216.58.207.227

200 OK

51 kB

URL GET HTTP/2
fonts.gstatic.com/s/robotocondensed/v27/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint7E:D8:A3:26:76:2A:70:11:A5:C6:42:20:61:35:14:1C:03:F2:35:55
ValidityMon, 05 Feb 2024 08:19:14 GMT - Mon, 29 Apr 2024 08:19:13 GMT

File type
Web Open Font Format (Version 2), TrueType, length 51404, version 1.0
Size
51 kB (51404 bytes)
Hash
b904fcdf1c4c6059fadd6893a7bc7619
f41d1674f02616f03ef77d4e84b3ad8ba28a36fc
517edd119c5b2719e6ac4b30bf1fd864a6395179a41d273c0afc0696e7495d8e

HTTP Headers

GET /s/robotocondensed/v27/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://intelligent-money-offers.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 51404
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 06 Mar 2024 02:08:07 GMT
expires: Thu, 06 Mar 2025 02:08:07 GMT
cache-control: public, max-age=31536000
age: 192539
last-modified: Wed, 18 Oct 2023 17:52:59 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

intelligent-money-offers.com/cryptosoft/js/chart.json

185.142.239.82

200 OK

178 kB

URL GET HTTP/1.1
intelligent-money-offers.com/cryptosoft/js/chart.json
IP
185.142.239.82:443
ASN
#174 COGENT-174

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
JSON text data
Size
178 kB (177754 bytes)
Hash
f94030411655e673ff8e479649e5cc9f
bdf29d8134181b5526bea71ac9fb9fb832290079
3475c36818192aa6077b2c7dd69dfb12c22df9b6d7e7fe13941f1b5973a565fc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptosoft/js/chart.json HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_language=no
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 08 Mar 2024 07:37:06 GMT
Content-Type: application/json
Content-Length: 177754
Connection: keep-alive
Last-Modified: Wed, 15 Mar 2023 08:00:18 GMT
ETag: "64117b12-2b65a"
X-Upstream: evlampi-***ko
Accept-Ranges: bytes
X-Server: tincidunt
PX-X-Request-Id: d5b4ae01332994fe7df137c5d2f1b717
PX-IPCountryISO: NO
PX-IPTimestamp: 1709649960 1709883409 1709868729

intelligent-money-offers.com/cryptosoft/images/favicon-16x16.png

185.142.239.82

200 OK

607 B

URL GET HTTP/1.1
intelligent-money-offers.com/cryptosoft/images/favicon-16x16.png
IP
185.142.239.82:443
ASN
#174 COGENT-174

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
PNG image data, 16 x 16, 8-bit colormap, non-interlaced
Size
607 B (607 bytes)
Hash
dad80aad35c82d4488c3cd65e0d29bfa
2f5a657d0f2b1e280d7a8248e941007cc9424b47
a610c845fe7c236f0b446b30e9c4872734b9b2c802b4b782c25168373443afb6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptosoft/images/favicon-16x16.png HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_language=no
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 08 Mar 2024 07:37:07 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 15 Mar 2023 08:00:18 GMT
ETag: W/"64117b12-32c"
X-Upstream: evlampi-***ko
PX-Cache-Status: STALE
X-Server: tincidunt
PX-X-Request-Id: 7f40753b40deeb8a0621ad82f7579202
PX-IPCountryISO: NO
PX-IPTimestamp: 1709649960 1709883221 1709868729
Content-Encoding: gzip

intelligent-money-offers.com/cryptosoft/images/apple-touch-icon.png

185.142.239.82

200 OK

2.6 kB

URL GET HTTP/1.1
intelligent-money-offers.com/cryptosoft/images/apple-touch-icon.png
IP
185.142.239.82:443
ASN
#174 COGENT-174

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
PNG image data, 180 x 180, 8-bit colormap, non-interlaced
Size
2.6 kB (2558 bytes)
Hash
5f15b648649d9aa0f2d75d147670ef3f
a09e5f6a59d3886961a9e90e52587fdbae2580c7
e9d5dcf4f42428155f7ed4832d62db9afbe277eb9f63ff70f78d7614f83252f2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptosoft/images/apple-touch-icon.png HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_language=no
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 08 Mar 2024 07:37:07 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 15 Mar 2023 08:00:18 GMT
ETag: W/"64117b12-a08"
X-Upstream: stavri-***ko
PX-Cache-Status: STALE
X-Server: tincidunt
PX-X-Request-Id: 1ba152f9c02e7f99b4d6ec1cea62ec34
PX-IPCountryISO: NO
PX-IPTimestamp: 1709649960 1709883409 1709868729
Content-Encoding: gzip

intelligent-money-offers.com/intgrtn/api/v1/integration/sdk.js?v=20242874

185.142.239.82

200 OK

50 kB

URL GET HTTP/1.1
intelligent-money-offers.com/intgrtn/api/v1/integration/sdk.js?v=20242874
IP
185.142.239.82:443
ASN
#174 COGENT-174

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
JavaScript source, ASCII text
Size
50 kB (50381 bytes)
Hash
b74a78a8e492a9b171dab179eeab69fb
6e7fe630cf763a0a45fd77c922d728ad2b386cae
6298f0a9a101a54afa0ed7e7ccd9bb8f6583638f84082c69f5e0e5a2c9961f2e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /intgrtn/api/v1/integration/sdk.js?v=20242874 HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 08 Mar 2024 07:37:06 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 07 Mar 2024 16:39:14 GMT
Vary: Accept-Encoding
ETag: W/"65e9edb2-7a2f9"
Expires: Sat, 08 Mar 2025 07:37:06 GMT
Cache-Control: max-age=31536000
Content-Encoding: gzip
X-Server: tincidunt
PX-X-Request-Id: a040456e49e74afacd25ec9a6ed5689d
PX-IPCountryISO: NO
PX-IPTimestamp: 1709649960 1709883221 1709868729
PX-Cache-Status: MISS

intelligent-money-offers.com/intgrtn/api/v1/integration/sdk.css?v=2.66.5

185.142.239.82

200 OK

8.6 kB

URL GET HTTP/1.1
intelligent-money-offers.com/intgrtn/api/v1/integration/sdk.css?v=2.66.5
IP
185.142.239.82:443
ASN
#174 COGENT-174

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
Unicode text, UTF-8 text
Size
8.6 kB (8555 bytes)
Hash
11551ef44c6dccf85a6287f4bfe11182
d9b25491d60633670c86cf7cd76e0abf858bc360
617a4b507a3a45bc358f56b14d884283ab84e61e8ed5956d4d1684d5130e6b47

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /intgrtn/api/v1/integration/sdk.css?v=2.66.5 HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv; intgrtn_custom2=cnlc081idncc73b2lvv0; intgrtn_redirectReturningLead=auto; intgrtn_locale=en-US
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 08 Mar 2024 07:37:07 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 30 Jan 2024 09:31:06 GMT
Vary: Accept-Encoding
ETag: W/"65b8c1da-14923"
Expires: Wed, 29 Jan 2025 12:49:10 GMT
Cache-Control: max-age=31536000
Content-Encoding: gzip
X-Server: tincidunt
PX-X-Request-Id: 6e5bcd20215b65242a6f202354b1efe9
PX-IPCountryISO: NO
PX-IPTimestamp: 1709649960 1709883221 1709868729
PX-Cache-Status: HIT

mataoransolda.com/

139.45.196.64

16 B

URL
mataoransolda.com/
IP
139.45.196.64:0
ASN
#9002 RETN Limited

File type
ASCII text, with no line terminators
Size
16 B (16 bytes)
Hash
7feadfe891c04432562e6d2b4d35f38a
fc25b473cdcdf8551d51bed416dd604f3e1d158f
e836cf151c055c64b3b2991de7067f3d9e925b51d1050e57ff93a7b88667031f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: mataoransolda.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx
Date: Fri, 08 Mar 2024 07:37:07 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 16
Connection: keep-alive

intelligent-money-offers.com/intgrtn/api/v1/projects/agreements.php?type=4&clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv

185.142.239.82

200 OK

1.8 kB

URL GET HTTP/1.1
intelligent-money-offers.com/intgrtn/api/v1/projects/agreements.php?type=4&clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv
IP
185.142.239.82:443
ASN
#174 COGENT-174

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
JSON text data
Size
1.8 kB (1831 bytes)
Hash
5c802ad5466015909c97eba285d249d1
03b1e06c3393be53ca9c3610c9ea1979b87e36cf
0da5f11afd9db63827dcaa9262878824968b1333528d9d960690d6de80dca4ca

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /intgrtn/api/v1/projects/agreements.php?type=4&clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Intgrtn-Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv; intgrtn_custom2=cnlc081idncc73b2lvv0; intgrtn_redirectReturningLead=auto
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 08 Mar 2024 07:37:07 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: accept, origin, content-type, authorization, Cache-Control, X-Requested-With, Intgrtn-Referer
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Encoding: gzip
Vary: Accept-Encoding
X-Server: tincidunt
PX-X-Request-Id: 5b874b3daf971393b9909de34d144297
PX-IPCountryISO: NO
PX-IPTimestamp: 1709649960 1709883221 1709868729

intelligent-money-offers.com/intgrtn/api/v1/projects/details.php?&clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&custom2=cnlc081idncc73b2lvv0&language=no

185.142.239.82

200 OK

11 kB

URL GET HTTP/1.1
intelligent-money-offers.com/intgrtn/api/v1/projects/details.php?&clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&custom2=cnlc081idncc73b2lvv0&language=no
IP
185.142.239.82:443
ASN
#174 COGENT-174

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
JSON text data
Size
11 kB (10857 bytes)
Hash
8ea88e4cfcd2aec94011d251c57a4828
dd9087b22bd02882ff9294951d3820d62301e979
b7fe4d683ffd8033d9593265a89b658706d46889347d2e0dcf8c5942e6aaa1e2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /intgrtn/api/v1/projects/details.php?&clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&custom2=cnlc081idncc73b2lvv0&language=no HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Intgrtn-Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv; intgrtn_custom2=cnlc081idncc73b2lvv0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 08 Mar 2024 07:37:07 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: accept, origin, content-type, authorization, Cache-Control, X-Requested-With, Intgrtn-Referer
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Encoding: gzip
Vary: Accept-Encoding
X-Server: tincidunt
PX-X-Request-Id: 4f772cc6c79abbaf827db40efc925115
PX-IPCountryISO: NO
PX-IPTimestamp: 1709649960 1709883409 1709868729

intelligent-money-offers.com/intgrtn/api/v1/projects/agreements.php?type=4&clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&locale=en-US

185.142.239.82

200 OK

1.8 kB

URL GET HTTP/1.1
intelligent-money-offers.com/intgrtn/api/v1/projects/agreements.php?type=4&clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&locale=en-US
IP
185.142.239.82:443
ASN
#174 COGENT-174

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
JSON text data
Size
1.8 kB (1833 bytes)
Hash
be952df4781fd19d4ab688cf614b7416
28381dad619b1deca3b3cfd5cbf0dd67b4bfc4a6
4d23b8a215b50f8eb05beb59808c521c04c80cff052f174541ad0a9bdb21f2c2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /intgrtn/api/v1/projects/agreements.php?type=4&clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&locale=en-US HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Intgrtn-Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv; intgrtn_custom2=cnlc081idncc73b2lvv0; intgrtn_redirectReturningLead=auto; intgrtn_locale=en-US
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 08 Mar 2024 07:37:07 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: accept, origin, content-type, authorization, Cache-Control, X-Requested-With, Intgrtn-Referer
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Encoding: gzip
Vary: Accept-Encoding
X-Server: tincidunt
PX-X-Request-Id: 07de44a0b52f4ed9e6d9ce021cc85122
PX-IPCountryISO: NO
PX-IPTimestamp: 1709649960 1709883409 1709868729

intelligent-money-offers.com/intgrtn/api/v1/projects/agreements.php?type=4&clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&locale=en-US

185.142.239.82

200 OK

1.8 kB

URL GET HTTP/1.1
intelligent-money-offers.com/intgrtn/api/v1/projects/agreements.php?type=4&clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&locale=en-US
IP
185.142.239.82:443
ASN
#174 COGENT-174

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
JSON text data
Size
1.8 kB (1833 bytes)
Hash
bf276e04a325496341f4e9a0c79d15df
59705cf3923c16d8eb56c2c24cc444000c4601e3
ed7d143a76512d6a216770e70367c282d00c9d31d0e6f5cebc4bfd33b506be65

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /intgrtn/api/v1/projects/agreements.php?type=4&clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&locale=en-US HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Intgrtn-Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv; intgrtn_custom2=cnlc081idncc73b2lvv0; intgrtn_redirectReturningLead=auto; intgrtn_locale=en-US
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 08 Mar 2024 07:37:07 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: accept, origin, content-type, authorization, Cache-Control, X-Requested-With, Intgrtn-Referer
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Encoding: gzip
Vary: Accept-Encoding
X-Server: tincidunt
PX-X-Request-Id: 441831a3a2bc75ffa77acbba0203b0b0
PX-IPCountryISO: NO
PX-IPTimestamp: 1709649960 1709883221 1709868729

intelligent-money-offers.com/intgrtn/api/v1/events/add.php

185.142.239.82

200 OK

161 B

URL POST HTTP/1.1
intelligent-money-offers.com/intgrtn/api/v1/events/add.php
IP
185.142.239.82:443
ASN
#174 COGENT-174

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
JSON text data
Size
161 B (161 bytes)
Hash
a5c65509c7b37f54b52282612b8dd9b4
a7b421be23b0b5cfa57dbc756e254a261fbdaf90
90221302d4fd1e397087181429f707571e005102646dbe5083513d0ec93c45fa

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /intgrtn/api/v1/events/add.php HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Intgrtn-Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Content-Length: 92
Origin: https://intelligent-money-offers.com
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv; intgrtn_custom2=cnlc081idncc73b2lvv0; intgrtn_redirectReturningLead=auto; intgrtn_locale=en-US
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 08 Mar 2024 07:37:07 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://intelligent-money-offers.com
Access-Control-Allow-Headers: accept, origin, content-type, authorization, Cache-Control, X-Requested-With, Intgrtn-Referer
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Encoding: gzip
Vary: Accept-Encoding
X-Server: tincidunt
PX-X-Request-Id: 9c6a6a9aded023b9a68195cae30b397a
PX-IPCountryISO: NO
PX-IPTimestamp: 1709649960 1709883221 1709868729

intelligent-money-offers.com/cryptosoft/media/the-cryptosoftware_EN_members.mp4

185.142.239.82

206 Partial Content

294 kB

URL GET HTTP/1.1
intelligent-money-offers.com/cryptosoft/media/the-cryptosoftware_EN_members.mp4
IP
185.142.239.82:443
ASN
#174 COGENT-174

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
ISO Media, MP4 v2 [ISO 14496-14]
Size
294 kB (294446 bytes)
Hash
d1ee725fb2701df39ec09cc717906e44
87a3c1d9f446cc3e6ab50184b2eef45a61c15d26
ce158e4775374751f92d82c600e115cf90039c35c77ab1a8e08707ccfec50fff

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptosoft/media/the-cryptosoftware_EN_members.mp4 HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_language=no
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 08 Mar 2024 07:37:06 GMT
Content-Type: video/mp4
Content-Length: 56564056
Connection: keep-alive
Last-Modified: Tue, 14 Mar 2023 09:20:42 GMT
ETag: "64103c6a-35f1958"
X-Upstream: stavri-***ko
PX-Cache-Status: STALE
X-Server: tincidunt
PX-X-Request-Id: db15b0aa42bd18d8692a0d94cd425727
PX-IPCountryISO: NO
PX-IPTimestamp: 1709649960 1709883221 1709868729
Content-Range: bytes 0-56564055/56564056

intelligent-money-offers.com/cryptosoft/media/the-cryptosoftware_EN_members.mp4

0.0.0.0

0 B

URL GET
intelligent-money-offers.com/cryptosoft/media/the-cryptosoftware_EN_members.mp4
IP
0.0.0.0:0
ASN
#0

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptosoft/media/the-cryptosoftware_EN_members.mp4 HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=RYbBK9kgx7AWnOm0QVedX7Mx7R1kNEGp3Ja5lqPy2z4Loj6Dv&intgrtn_custom2=cnlc081idncc73b2lvv0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_language=no
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 08 Mar 2024 07:37:06 GMT
Content-Type: video/mp4
Content-Length: 56564056
Connection: keep-alive
Last-Modified: Tue, 14 Mar 2023 09:20:42 GMT
ETag: "64103c6a-35f1958"
X-Upstream: stavri-***ko
PX-Cache-Status: HIT
X-Server: tincidunt
PX-X-Request-Id: 9a79c5acd80865da54221e85fa1071f5
PX-IPCountryISO: NO
PX-IPTimestamp: 1709649960 1709883221 1709868729
Content-Range: bytes 0-56564055/56564056

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (8)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (57)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN