Report - ads-kingled.com/gjlskols.php

Report Overview

Visited public
2023-11-01 01:31:54
Tags
Submit Tags
URL
ads-kingled.com/gjlskols.php
Finishing URL
ads-kingled.com/gjlskols.php
IP / ASN
50.87.172.132
#46606 UNIFIEDLAYER-AS-1
Title
Masuk untuk melanjutkan

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
blobjournalistunwind.com	unknown	2023-10-10	2023-10-10 11:42:00	2023-10-31 13:38:32	2.9 kB	30 kB	192.243.59.12
cdn.cloudimagesb.com	23099	2020-10-06	2021-02-12 17:15:41	2023-10-31 05:29:48	443 B	26 kB	45.133.44.9
qukld.com	unknown	unknown	No data	No data	383 B	0 B	0.0.0.0
ads-kingled.com	unknown	2022-03-28	2022-03-28 17:22:46	2023-10-31 22:58:11	930 B	3.9 kB	50.87.172.132
preparemethod.com	unknown	2022-10-06	2022-10-06 03:56:05	2023-10-30 01:47:54	436 B	12 kB	192.243.61.227
professionalswebcheck.com	unknown	2022-04-01	2022-04-02 00:47:29	2023-10-31 13:12:00	436 B	422 B	18.159.217.114
friendshipmale.com	unknown	2022-10-21	2022-10-21 14:15:25	2023-10-31 05:14:50	401 B	28 kB	172.64.172.31
unseenreport.com	unknown	2022-03-30	2022-03-30 16:33:17	2023-10-31 05:29:13	738 B	423 B	192.243.61.225
stackpath.bootstrapcdn.com	2467	2012-05-25	2018-06-15 22:36:43	2023-10-31 06:53:08	896 B	216 kB	104.18.11.207
code.jquery.com	634	2005-12-10	2012-05-21 19:28:02	2023-10-31 08:16:05	411 B	31 kB	151.101.194.137
ocsp.r2m03.amazontrust.com	unknown	2007-05-11	2023-02-21 01:06:24	2023-10-31 12:34:45	340 B	941 B	143.204.53.97
overcrummythrift.com	unknown	2023-10-10	2023-10-10 11:22:44	2023-10-30 16:47:45	490 B	467 B	192.243.61.225

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-10-31	medium	ads-kingled.com/gjlskols.php	Facebook, Inc.

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-10-31	medium	preparemethod.com	Sinkholed
2023-10-31	medium	blobjournalistunwind.com	Sinkholed
2023-10-31	medium	blobjournalistunwind.com	Sinkholed
2023-10-31	medium	blobjournalistunwind.com	Sinkholed
2023-11-01	medium	overcrummythrift.com	Sinkholed
2023-10-31	medium	unseenreport.com	Sinkholed
2023-10-31	medium	qukld.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (10)

	URL	From	Size	First Seen	Last Seen
	stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js	ScriptElement	58 kB	2023-03-07	2025-07-13
Pretty URL stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js IP 104.18.11.207 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-07-13 06:43 Times Seen13447 Hash e1d98d47689e00f8ecbc5d9f61bdb42e 6778fed3cf095a318141a31f455c8f4663885bde 0a34a87842c539c1f4feec56bba982fd596b73500046a6e6fe38a22260c6577b Loading...

	friendshipmale.com/sfp.js	ScriptElement	86 kB	2023-08-25	2023-11-23
Pretty URL friendshipmale.com/sfp.js IP 172.64.172.31 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-25 12:30 Last Seen2023-11-23 01:47 Times Seen6642 Hash 2d0450888479d4ddda305bd96206b240 5b4595aab1cd3f854718e05db9be0c65a12ab2f6 44de073e74ff24c6b1c0fe1f3ac5b33d793560e85ef24fb6ce89e76c2cf90af6 Loading...

	blobjournalistunwind.com/54/f3/e6/54f3e6d00809fba821a4395bb12ecbb1.js	ScriptElement	60 kB	2023-11-01	2023-11-01
Pretty URL blobjournalistunwind.com/54/f3/e6/54f3e6d00809fba821a4395bb12ecbb1.js IP 192.243.59.12 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-01 02:32 Last Seen2023-11-01 02:32 Times Seen1 Hash 30a798af91ab262ca78792acb6475720 a3d821ff1d93a47af9b6f96f8d9ff636f10b1bbf aa200103a6fbcbd2375143ce42ffd600557ce3130d71af30f1f7276f71aea658 Loading...

	unknown	ScriptElement	145 B	2023-09-26	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-26 13:53 Last Seen2024-08-21 05:43 Times Seen60 Hash 9c4da47c1494d841b57ae906ab12ef10 5fc2c773b5e79d4a28f3167d43a319bda3648c1d 402149fa5a8e0d43365eb33b364a0ad924869dc51b57720cb9d50a55de53c821 Loading...

	unknown	ScriptElement	3.3 kB	2024-08-20	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 21:34 Last Seen2024-08-20 21:34 Times Seen1 Hash f7dd390916edf18b88fb35009fab89f6 6fae5137318e1879d450144bc4960bc2fe152eaa dca98a5b8904b0f5b1eec66b2ef7b133d10e8bb19f22abd5d916959852844743 Loading...

	ads-kingled.com/gjlskols.php	ScriptElement	0 B	0001-01-01	2025-07-13
Pretty URL ads-kingled.com/gjlskols.php IP 50.87.172.132 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-07-13 06:43 Times Seen5412502 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	preparemethod.com/9b6be1e2be208f5b942848c4abd7de9f/invoke.js	ScriptElement	30 kB	2023-10-30	2023-11-01
Pretty URL preparemethod.com/9b6be1e2be208f5b942848c4abd7de9f/invoke.js IP 192.243.61.227 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-30 01:45 Last Seen2023-11-01 02:32 Times Seen2 Hash 21619c2fe5ca1c4098e9a146a17d3ee6 230fd3d084fde3521644ad22b05d3c8951224f6c d48985342cc8ac5fea3c1fd1236330b3f45f5820230cd9ee7b8fa81fc6ff81d5 Loading...

	code.jquery.com/jquery-3.4.1.min.js	ScriptElement	88 kB	2023-03-07	2025-07-13
Pretty URL code.jquery.com/jquery-3.4.1.min.js IP 151.101.194.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-07-13 06:17 Times Seen74245 Hash 220afd743d9e9643852e31a135a9f3ae 88523924351bac0b5d560fe0c5781e2556e7693d 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a Loading...

		Size	First Seen	Last Seen
	#1 Eval - c567ca0a197c67d8f391f04a3986a8aa	2.1 kB	2024-08-20 21:34	2024-08-20 21:34
Pretty Observations First Seen2024-08-20 21:34 Last Seen2024-08-20 21:34 Times Seen1 Hash c567ca0a197c67d8f391f04a3986a8aa ab05178178301d10b0ed8229fbe362de3f1d7686 750e378c6349a69d765259d635dbfba188d302e4c1f30cb1805a93b45928cf8c Loading...

		Size	First Seen	Last Seen
	#1 Write - 3838cd4b35155243e91d0fa272d01c01	115 B	2023-06-20 13:02	2024-08-21 05:43
Pretty Observations First Seen2023-06-20 13:02 Last Seen2024-08-21 05:43 Times Seen60 Hash 3838cd4b35155243e91d0fa272d01c01 12949fc23e7d581123e56e245722b9bbf283bd40 15ad2fdedba5ae5c4467d562e843ce2038d07bca5dc03813103090c776399839 Loading...

HTTP Transactions (16)

URL IP Response Size

GET ads-kingled.com/gjlskols.php

50.87.172.132

200 OK

2.1 kB

URL User Request GET HTTP/2
ads-kingled.com/gjlskols.php
IP
50.87.172.132:443
ASN
#46606 UNIFIEDLAYER-AS-1

Certificate
IssuerLet's Encrypt
Subjectcpcontacts.ads-kingled.com
Fingerprint34:0D:5A:44:21:BB:DA:F4:81:F2:39:64:FC:E7:46:30:B3:D1:F7:4A
ValidityFri, 29 Sep 2023 07:52:31 GMT - Thu, 28 Dec 2023 07:52:30 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- assembler source text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
2.1 kB (2067 bytes)
Hash
5030a30739a90252aa7dc6057cb519ce
4c32801fd576571bb12992620e67e3214cf3cec7
5b0529f5fb59c47c39433d1efa838a1b0cf03129f8d2386c64e7cc97bce96cad

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Facebook, Inc.

HTTP Headers

GET /gjlskols.php HTTP/1.1
Host: ads-kingled.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 2067
content-type: text/html; charset=UTF-8
date: Wed, 01 Nov 2023 01:31:36 GMT
server: Apache
X-Firefox-Spdy: h2

GET code.jquery.com/jquery-3.4.1.min.js

151.101.194.137

200 OK

31 kB

URL GET HTTP/2
code.jquery.com/jquery-3.4.1.min.js
IP
151.101.194.137:443
ASN
#54113 FASTLY

Requested by
https://ads-kingled.com/gjlskols.php
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65451)
Size
31 kB (30638 bytes)
Hash
220afd743d9e9643852e31a135a9f3ae
88523924351bac0b5d560fe0c5781e2556e7693d
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

HTTP Headers

GET /jquery-3.4.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ads-kingled.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15851"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 01 Nov 2023 01:31:37 GMT
age: 4000096
x-served-by: cache-lga21965-LGA, cache-bma1628-BMA
x-cache: HIT, HIT
x-cache-hits: 9, 125686
x-timer: S1698802297.076676,VS0,VE0
vary: Accept-Encoding
content-length: 30638
X-Firefox-Spdy: h2

GET ads-kingled.com/fr.png

50.87.172.132

200 OK

1.3 kB

URL GET HTTP/2
ads-kingled.com/fr.png
IP
50.87.172.132:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://ads-kingled.com/gjlskols.php
Certificate
IssuerLet's Encrypt
Subjectcpcontacts.ads-kingled.com
Fingerprint34:0D:5A:44:21:BB:DA:F4:81:F2:39:64:FC:E7:46:30:B3:D1:F7:4A
ValidityFri, 29 Sep 2023 07:52:31 GMT - Thu, 28 Dec 2023 07:52:30 GMT

File type
PNG image data, 146 x 42, 8-bit/color RGBA, non-interlaced\012- data
Size
1.3 kB (1341 bytes)
Hash
e4a8d1d8ead22d5b0e4a96c7a16371f7
4f853f6377b4207088b9f7f0bb8a383e3174f4bb
5e6183ddfb843b39e89a735fa4c18185e61425d3b1ac53bb78a8adb9130b4a1a

HTTP Headers

GET /fr.png HTTP/1.1
Host: ads-kingled.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ads-kingled.com/gjlskols.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 29 Jan 2023 01:00:42 GMT
accept-ranges: bytes
content-length: 1341
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: image/png
date: Wed, 01 Nov 2023 01:31:37 GMT
server: Apache
X-Firefox-Spdy: h2

GET preparemethod.com/9b6be1e2be208f5b942848c4abd7de9f/invoke.js

192.243.61.227

200 OK

11 kB

URL GET HTTP/1.1
preparemethod.com/9b6be1e2be208f5b942848c4abd7de9f/invoke.js
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://ads-kingled.com/gjlskols.php
Certificate
IssuerLet's Encrypt
Subject*.preparemethod.com
Fingerprint6E:A1:B0:37:27:DC:6C:3E:6B:67:C2:E4:CF:21:89:68:E7:D1:7F:C0
ValiditySun, 01 Oct 2023 06:51:30 GMT - Sat, 30 Dec 2023 06:51:29 GMT

File type
exported SGML document, ASCII text, with very long lines (29653), with no line terminators
Size
11 kB (10949 bytes)
Hash
21619c2fe5ca1c4098e9a146a17d3ee6
230fd3d084fde3521644ad22b05d3c8951224f6c
d48985342cc8ac5fea3c1fd1236330b3f45f5820230cd9ee7b8fa81fc6ff81d5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /9b6be1e2be208f5b942848c4abd7de9f/invoke.js HTTP/1.1
Host: preparemethod.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ads-kingled.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 01 Nov 2023 01:31:37 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a529529e7d4a46f98ab21ffc1ee91fcd
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

ocsp.r2m03.amazontrust.com/

143.204.53.97

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
143.204.53.97:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
c53ad15b5df7748ae8a60933e2c3c272
754050c4f3bd65e9cebf4c2736ae93cc647c033e
57b8cfb81cf96a31b6b48775397f5d04600ae827b9134735c0c6923b88c9789f

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Wed, 01 Nov 2023 01:31:37 GMT
Last-Modified: Wed, 01 Nov 2023 01:25:39 GMT
Server: ECAcc (ska/F776)
X-Cache: Miss from cloudfront
Via: 1.1 6cb1d4b545e7beb4ead790454f4807c6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: ERQEyf2o4WvyotV2Uqan6EESRIZGUzMiydhG9DUQecJHphAZg6VmQg==
Age: 358

GET professionalswebcheck.com/stats

18.159.217.114

200 OK

40 B

URL GET HTTP/2
professionalswebcheck.com/stats
IP
18.159.217.114:443
ASN
#16509 AMAZON-02

Requested by
https://ads-kingled.com/gjlskols.php
Certificate
IssuerAmazon
Subjectprofessionalswebcheck.com
Fingerprint75:E9:08:FD:96:58:C7:98:43:E8:21:27:A8:E9:B9:A4:55:28:F2:0C
ValidityWed, 30 Aug 2023 00:00:00 GMT - Fri, 27 Sep 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
d709b5ec4597f0d55de25c71de740fc9
039a86e18e499c4daf01dcb0bb607b402ad5f4ec
509f0d51281cd82850848378f819f0f2458f2d89ba953a43850da9914ed07031

HTTP Headers

GET /stats HTTP/1.1
Host: professionalswebcheck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ads-kingled.com
DNT: 1
Connection: keep-alive
Referer: https://ads-kingled.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 01 Nov 2023 01:31:37 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://ads-kingled.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=905ddb7d-1afa-43d7-a838-685796a94bab:2:1; expires=Sat, 29 Oct 2033 01:31:37 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

192.243.59.12

307 Temporary Redirect

0 B

URL GET HTTP/1.1
blobjournalistunwind.com/watch.795613320368.js?key=9b6be1e2be208f5b942848c4abd7de9f&kw=%5B%5D&refer=https%3A%2F%2Fads-kingled.com%2Fgjlskols.php&tz=0&dev=e&res=14.2079&uuid=905ddb7d-1afa-43d7-a838-685796a94bab%3A2%3A1
IP
192.243.59.12:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://ads-kingled.com/gjlskols.php
Certificate
IssuerLet's Encrypt
Subjectblobjournalistunwind.com
Fingerprint66:BC:3D:D3:8C:D1:55:84:EE:FB:93:1C:D7:7D:56:98:76:4D:9C:F7
ValidityTue, 10 Oct 2023 08:41:06 GMT - Mon, 08 Jan 2024 08:41:05 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.795613320368.js?key=9b6be1e2be208f5b942848c4abd7de9f&kw=%5B%5D&refer=https%3A%2F%2Fads-kingled.com%2Fgjlskols.php&tz=0&dev=e&res=14.2079&uuid=905ddb7d-1afa-43d7-a838-685796a94bab%3A2%3A1 HTTP/1.1
Host: blobjournalistunwind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ads-kingled.com
DNT: 1
Connection: keep-alive
Referer: https://ads-kingled.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Wed, 01 Nov 2023 01:31:38 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://ads-kingled.com
Access-Control-Allow-Origin: https://ads-kingled.com
Access-Control-Allow-Credentials: true
Location: https://blobjournalistunwind.com/watch.795613320368.js?key=9b6be1e2be208f5b942848c4abd7de9f&kw=%5B%5D&refer=https%3A%2F%2Fads-kingled.com%2Fgjlskols.php&tz=0&dev=e&res=14.2079&uuid=905ddb7d-1afa-43d7-a838-685796a94bab%3A2%3A1&shu=2756a060bbd2d8d4204676887ac9ab842fb206e373c8ad79f6465fa78486f045dc311982fe7842833b28fef5c90c735e1c1a95a212b5f04c2cc4579a2ce0ea492fd4db3487cbb9d17ec7a7dae406a7910630097dbc60e3a724d54e8680c114&pst=1698802358&rmtc=t
Set-Cookie: u_pl=17048272; expires=Thu, 02 Nov 2023 01:31:38 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzA0ODI3MiwiayI6IjliNmJlMWUyYmUyMDhmNWI5NDI4NDhjNGFiZDdkZTlmIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODAxNzEyLCJwaWQiOjM4NTUyNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozMSwiYWlkIjozMiwicHQiOjQsInBrIjoidnFtMnhyM3V4IiwiY3BrcyI6eyAiMjgiOiI1NGYzZTZkMDA4MDlmYmE4MjFhNDM5NWJiMTJlY2JiMSJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6MTc5MDg4OTQ4LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjEyNDM4NiwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMTEuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2Fkcy1raW5nbGVkLmNvbS9namxza29scy5waHAifX0.nK42NOSYIBcYE7aLBxH0Z_Si6PqDqYG10HIXoKfOnDc; expires=Wed, 01 Nov 2023 01:32:38 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0a260c257c05984e9d48eb7a58ccc654
Strict-Transport-Security: max-age=0; includeSubdomains

GET blobjournalistunwind.com/54/f3/e6/54f3e6d00809fba821a4395bb12ecbb1.js

192.243.59.12

200 OK

24 kB

URL GET HTTP/1.1
blobjournalistunwind.com/54/f3/e6/54f3e6d00809fba821a4395bb12ecbb1.js
IP
192.243.59.12:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://ads-kingled.com/gjlskols.php
Certificate
IssuerLet's Encrypt
Subjectblobjournalistunwind.com
Fingerprint66:BC:3D:D3:8C:D1:55:84:EE:FB:93:1C:D7:7D:56:98:76:4D:9C:F7
ValidityTue, 10 Oct 2023 08:41:06 GMT - Mon, 08 Jan 2024 08:41:05 GMT

File type
ASCII text, with very long lines (59694)
Size
24 kB (23489 bytes)
Hash
30a798af91ab262ca78792acb6475720
a3d821ff1d93a47af9b6f96f8d9ff636f10b1bbf
aa200103a6fbcbd2375143ce42ffd600557ce3130d71af30f1f7276f71aea658

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /54/f3/e6/54f3e6d00809fba821a4395bb12ecbb1.js HTTP/1.1
Host: blobjournalistunwind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ads-kingled.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 01 Nov 2023 01:31:38 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: 4b4e7ab587d59b22ad7bcd2439afc363_CF-2660-new=1; expires=Fri, 03 Nov 2023 01:31:38 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: caf18275e6558d2601dff4ab75e5be66
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

GET blobjournalistunwind.com/watch.795613320368.js?key=9b6be1e2be208f5b942848c4abd7de9f&kw=%5B%5D&refer=https%3A%2F%2Fads-kingled.com%2Fgjlskols.php&tz=0&dev=e&res=14.2079&uuid=905ddb7d-1afa-43d7-a838-685796a94bab%3A2%3A1&shu=2756a060bbd2d8d4204676887ac9ab842fb206e373c8ad79f6465fa78486f045dc311982fe7842833b28fef5c90c735e1c1a95a212b5f04c2cc4579a2ce0ea492fd4db3487cbb9d17ec7a7dae406a7910630097dbc60e3a724d54e8680c114&pst=1698802358&rmtc=t

192.243.59.12

200 OK

2.0 kB

URL GET HTTP/1.1
blobjournalistunwind.com/watch.795613320368.js?key=9b6be1e2be208f5b942848c4abd7de9f&kw=%5B%5D&refer=https%3A%2F%2Fads-kingled.com%2Fgjlskols.php&tz=0&dev=e&res=14.2079&uuid=905ddb7d-1afa-43d7-a838-685796a94bab%3A2%3A1&shu=2756a060bbd2d8d4204676887ac9ab842fb206e373c8ad79f6465fa78486f045dc311982fe7842833b28fef5c90c735e1c1a95a212b5f04c2cc4579a2ce0ea492fd4db3487cbb9d17ec7a7dae406a7910630097dbc60e3a724d54e8680c114&pst=1698802358&rmtc=t
IP
192.243.59.12:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://ads-kingled.com/gjlskols.php
Certificate
IssuerLet's Encrypt
Subjectblobjournalistunwind.com
Fingerprint66:BC:3D:D3:8C:D1:55:84:EE:FB:93:1C:D7:7D:56:98:76:4D:9C:F7
ValidityTue, 10 Oct 2023 08:41:06 GMT - Mon, 08 Jan 2024 08:41:05 GMT

File type
HTML document, ASCII text, with very long lines (2493)
Size
2.0 kB (2020 bytes)
Hash
758d67abc09c9f80322fc93c4089e3e8
1c72e2f93cecc944cf2c2f39b962b660c49eb49a
cbbee05c096ecc1a153e326f3e289104cdabaea2f8445f00c2c304206638ee23

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.795613320368.js?key=9b6be1e2be208f5b942848c4abd7de9f&kw=%5B%5D&refer=https%3A%2F%2Fads-kingled.com%2Fgjlskols.php&tz=0&dev=e&res=14.2079&uuid=905ddb7d-1afa-43d7-a838-685796a94bab%3A2%3A1&shu=2756a060bbd2d8d4204676887ac9ab842fb206e373c8ad79f6465fa78486f045dc311982fe7842833b28fef5c90c735e1c1a95a212b5f04c2cc4579a2ce0ea492fd4db3487cbb9d17ec7a7dae406a7910630097dbc60e3a724d54e8680c114&pst=1698802358&rmtc=t HTTP/1.1
Host: blobjournalistunwind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ads-kingled.com
Referer: https://ads-kingled.com/
DNT: 1
Connection: keep-alive
Cookie: u_pl=17048272; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzA0ODI3MiwiayI6IjliNmJlMWUyYmUyMDhmNWI5NDI4NDhjNGFiZDdkZTlmIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODAxNzEyLCJwaWQiOjM4NTUyNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozMSwiYWlkIjozMiwicHQiOjQsInBrIjoidnFtMnhyM3V4IiwiY3BrcyI6eyAiMjgiOiI1NGYzZTZkMDA4MDlmYmE4MjFhNDM5NWJiMTJlY2JiMSJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6MTc5MDg4OTQ4LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjEyNDM4NiwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMTEuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2Fkcy1raW5nbGVkLmNvbS9namxza29scy5waHAifX0.nK42NOSYIBcYE7aLBxH0Z_Si6PqDqYG10HIXoKfOnDc
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 01 Nov 2023 01:31:38 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://ads-kingled.com
Access-Control-Allow-Origin: https://ads-kingled.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=905ddb7d-1afa-43d7-a838-685796a94bab:2:1; expires=Wed, 08 Nov 2023 01:31:38 GMT; secure; SameSite=None
pdhtkv=true; expires=Thu, 02 Nov 2023 01:31:38 GMT; secure; SameSite=None
uncs=1; expires=Thu, 02 Nov 2023 01:31:38 GMT; secure; SameSite=None
pdhtkv32=true; expires=Thu, 02 Nov 2023 01:31:38 GMT; secure; SameSite=None
uncs32=1; expires=Thu, 02 Nov 2023 01:31:38 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 776c7d7fc8a0a244dd032647a02f164e
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

GET cdn.cloudimagesb.com/cti/2b/01/7a/2b017a9d88eb8d322026381fed5dcab7/1663334838.png

45.133.44.9

200 OK

26 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/2b/01/7a/2b017a9d88eb8d322026381fed5dcab7/1663334838.png
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://ads-kingled.com/gjlskols.php
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
Fingerprint62:DE:BA:BA:30:E9:EE:15:E9:24:B9:C5:BF:E1:7E:39:8B:20:E5:42
ValiditySun, 24 Sep 2023 23:04:02 GMT - Sat, 23 Dec 2023 23:04:01 GMT

File type
PNG image data, 320 x 50, 8-bit/color RGB, non-interlaced\012- data
Size
26 kB (26172 bytes)
Hash
391366bcddc18750b0ec5d69aa98a04a
65fd4b76a4e48e9252fc48b7835c4028b16ac2f6
7c033631e5c2b57de9c62be11f285180988b72730d50d43ffd951eb009bf0dad

HTTP Headers

GET /cti/2b/01/7a/2b017a9d88eb8d322026381fed5dcab7/1663334838.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 01 Nov 2023 01:31:38 GMT
content-type: image/png
content-length: 26172
server: nginx/1.21.6
last-modified: Fri, 16 Sep 2022 13:27:26 GMT
etag: "632479be-663c"
expires: Fri, 03 Nov 2023 01:31:38 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

GET overcrummythrift.com/pixel/purst?dl=0&th=0&sc=0&rs=2206&rd=2206&fd=874&bv=23.10.v.32&tmpl=136

192.243.61.225

200 OK

0 B

URL GET HTTP/1.1
overcrummythrift.com/pixel/purst?dl=0&th=0&sc=0&rs=2206&rd=2206&fd=874&bv=23.10.v.32&tmpl=136
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://ads-kingled.com/gjlskols.php
Certificate
IssuerLet's Encrypt
Subjectovercrummythrift.com
FingerprintC5:DE:2C:A4:57:98:D8:44:14:FB:0C:82:17:99:DA:E5:AB:8C:7D:C8
ValidityTue, 10 Oct 2023 08:21:33 GMT - Mon, 08 Jan 2024 08:21:32 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/purst?dl=0&th=0&sc=0&rs=2206&rd=2206&fd=874&bv=23.10.v.32&tmpl=136 HTTP/1.1
Host: overcrummythrift.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ads-kingled.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 01 Nov 2023 01:31:39 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

GET friendshipmale.com/sfp.js

172.64.172.31

200 OK

28 kB

URL GET HTTP/2
friendshipmale.com/sfp.js
IP
172.64.172.31:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ads-kingled.com/gjlskols.php
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint08:6F:D8:CB:9E:0C:0A:98:2E:C5:CD:21:8E:0B:76:2B:50:6F:B6:37
ValiditySat, 18 Feb 2023 00:00:00 GMT - Sat, 17 Feb 2024 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
28 kB (27589 bytes)
Hash
2d0450888479d4ddda305bd96206b240
5b4595aab1cd3f854718e05db9be0c65a12ab2f6
44de073e74ff24c6b1c0fe1f3ac5b33d793560e85ef24fb6ce89e76c2cf90af6

HTTP Headers

GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ads-kingled.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 01 Nov 2023 01:31:38 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: f1f9aac7a8ba731b2b942a1e9d51ab7d
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Wed, 01 Nov 2023 01:31:38 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YZFJGbxRXsYlY6I8cbNx25AyB7J5m9QcCIGWLrA%2F36t6J3NzceDg3VPl3RqVspP5pGY2LYUXLUGxKxGEj%2B1kyL1tRrDsFGFyMHMWdEvwImq1RyDY3KSsuN%2BeX0cnQYZk6redSiE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81f0611df8a560fe-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET unseenreport.com/pxf.gif?uuid=905ddb7d-1afa-43d7-a838-685796a94bab&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=54f3e6d00809fba821a4395bb12ecbb1&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=1

192.243.61.225

200 OK

1 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=905ddb7d-1afa-43d7-a838-685796a94bab&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=54f3e6d00809fba821a4395bb12ecbb1&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=1
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://ads-kingled.com/gjlskols.php
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
FingerprintBE:8C:78:D1:BA:58:B8:88:10:09:32:1D:31:7A:D9:4A:09:BF:6C:7A
ValiditySat, 23 Sep 2023 07:33:12 GMT - Fri, 22 Dec 2023 07:33:11 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=905ddb7d-1afa-43d7-a838-685796a94bab&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=54f3e6d00809fba821a4395bb12ecbb1&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=1 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ads-kingled.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 01 Nov 2023 01:31:39 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 11773f9d9c83fd29720095e51f207f1e
Strict-Transport-Security: max-age=0; includeSubdomains

GET stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js

104.18.11.207

200 OK

58 kB

URL GET HTTP/2
stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js
IP
104.18.11.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ads-kingled.com/gjlskols.php
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint5B:F7:8F:50:AD:E5:5B:5E:8C:4A:39:3D:0C:98:E8:8C:18:4B:3D:8A
ValidityFri, 30 Dec 2022 00:00:00 GMT - Sat, 30 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (57791)
Size
58 kB (58072 bytes)
Hash
e1d98d47689e00f8ecbc5d9f61bdb42e
6778fed3cf095a318141a31f455c8f4663885bde
0a34a87842c539c1f4feec56bba982fd596b73500046a6e6fe38a22260c6577b

HTTP Headers

GET /bootstrap/4.3.1/js/bootstrap.min.js HTTP/1.1
Host: stackpath.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ads-kingled.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 01 Nov 2023 01:31:37 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
cdn-edgestorageid: 601, 617, 617
last-modified: Mon, 25 Jan 2021 22:04:08 GMT
cdn-cachedat: 2021-08-02 21:50:12
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
cdn-requestid: bbe3a2e8e512132776c50d0371c362eb
cdn-status: 200
cdn-cache: HIT
cf-cache-status: HIT
age: 602263
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 81f06114aba10b55-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css

104.18.11.207

200 OK

156 kB

URL GET HTTP/2
stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css
IP
104.18.11.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ads-kingled.com/gjlskols.php
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint5B:F7:8F:50:AD:E5:5B:5E:8C:4A:39:3D:0C:98:E8:8C:18:4B:3D:8A
ValidityFri, 30 Dec 2022 00:00:00 GMT - Sat, 30 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (65324)
Size
156 kB (155758 bytes)
Hash
a15c2ac3234aa8f6064ef9c1f7383c37
6e10354828454898fda80f55f3decb347fd9ed21
60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36

HTTP Headers

GET /bootstrap/4.3.1/css/bootstrap.min.css HTTP/1.1
Host: stackpath.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ads-kingled.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 01 Nov 2023 01:31:37 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"a15c2ac3234aa8f6064ef9c1f7383c37"
last-modified: Mon, 25 Jan 2021 22:04:08 GMT
cdn-cachedat: 01/04/2023 11:35:40
cdn-proxyver: 1.03
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 1078
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: c6eaf77136ac05b2e12d5eac40573c47
cdn-cache: HIT
cf-cache-status: HIT
age: 427405
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 81f06114ab9f0b55-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET qukld.com/lonti.png

0.0.0.0

0 B

URL GET
qukld.com/lonti.png
IP
0.0.0.0:0
ASN
#0

Requested by
https://ads-kingled.com/gjlskols.php

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lonti.png HTTP/1.1
Host: qukld.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (10)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

HTTP Transactions (16)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN