Report - m.binjdonefiy.com/c.php?action_id=SEdesktop&affpid=77553&clickid=6828892bd300a9000125028a&k=63r1l5p2seqav3mqsdvc&referrer=https://linkvertise.com/&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=

Report Overview

Visitedpublic

2025-05-17 18:15:00

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
m.binjdonefiy.com	unknown	2024-12-27	2025-02-11	2025-02-11	6.6 kB	1.5 MB	104.21.80.1
omcrobata.com	unknown	2023-05-23	2023-05-23	2025-05-16	6.5 kB	57 kB	139.45.197.121

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-05-17	medium	omcrobata.com	Sinkholed
2025-05-17	medium	omcrobata.com	Sinkholed
2025-05-17	medium	omcrobata.com	Sinkholed
2025-05-17	medium	omcrobata.com	Sinkholed
2025-05-17	medium	omcrobata.com	Sinkholed
2025-05-17	medium	omcrobata.com	Sinkholed
2025-05-17	medium	omcrobata.com	Sinkholed
2025-05-17	medium	omcrobata.com	Sinkholed
2025-05-17	medium	omcrobata.com	Sinkholed
2025-05-17	medium	omcrobata.com	Sinkholed
2025-05-17	medium	omcrobata.com	Sinkholed
2025-05-17	medium	omcrobata.com	Sinkholed
2025-05-17	medium	omcrobata.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (2)

	URL	From	Size	First Seen	Last Seen
	m.binjdonefiy.com/c.php?action_id=SEdesktop&affpid=77553&clickid=6828892bd300a9000125028a&k=63r1l5p2seqav3mqsdvc&referrer=https://linkvertise.com/&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=	ScriptElement	834 B	2025-03-29	2025-07-26
URL m.binjdonefiy.com/c.php?action_id=SEdesktop&affpid=77553&clickid=6828892bd300a9000125028a&k=63r1l5p2seqav3mqsdvc&referrer=https://linkvertise.com/&sub1=&sub2=&sub3=&sub4=&sub5=&sub6= IP / ASN 104.21.80.1 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Info First Seen 2025-03-29 Last Seen 2025-07-26 Times Seen 114 Size 834 B (834 bytes) MD5 8b30ceb8a50d101587c657eddbcf71d2 SHA1 6d82c5655cf5825772ceac3c67b6a46ac57b393c SHA256 97be1e1bc0aad56c1354b8537c23a6c0941a74d95c44574e2f5b42df35c43738 Format Code Loading...

	omcrobata.com/pfe/current/micro.tag.min.js?z=6199255&sw=/sw-check-permissions-b9b9f.js	ScriptElement	50 kB	2025-05-13	2025-05-20
URL omcrobata.com/pfe/current/micro.tag.min.js?z=6199255&sw=/sw-check-permissions-b9b9f.js IP / ASN 139.45.197.121 #9002 RETN Limited Introduced by ScriptElement Embedded false Resource Info First Seen 2025-05-13 Last Seen 2025-05-20 Times Seen 53 Size 50 kB (49951 bytes) MD5 d1f105898739dbce8d97e974c5a06d2c SHA1 fcac5e29294450be5bed47910fbbf1a8314329bb SHA256 1a521aba1d1bebcc63a124f7360c0989e362fe4fdb6b1077bcc647c7a82752ef Format Code Loading...

HTTP Transactions (22)

URL IP Response Size

GET m.binjdonefiy.com/landers/602664a33bf74/fonts/Montserrat-Bold.woff

104.21.80.1

200 OK

178 kB

URL

m.binjdonefiy.com/landers/602664a33bf74/fonts/Montserrat-Bold.woff

IP / ASN

104.21.80.1

#13335 CLOUDFLARENET

Requested byhttps://m.binjdonefiy.com/c.php?action_id=SEdesktop&affpid=77553&clickid=6828892bd300a9000125028a&k=63r1l5p2seqav3mqsdvc&referrer=https://linkvertise.com/&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=

Resource Info

File typeWeb Open Font Format, CFF, length 177924, version 0.0

First Seen2023-04-15

Last Seen2025-07-26

Times Seen190

Size178 kB (177924 bytes)

MD5f0bf0a78ff46986f9cd5c2dea4a11b99

SHA1676f120225fcc7c25296e1d1f4db6bef6b4b0281

SHA256fbab597ae18ef8748b75b1f705bef3df84fa7d8520fc51a92f4843b0a28fab25

Certificate Info

IssuerGoogle Trust Services

Subjectbinjdonefiy.com

Fingerprint52:75:3E:39:80:A6:9D:2C:9B:A5:01:B3:3C:F2:B0:35:9F:80:79:F7

ValidityWed, 07 May 2025 21:53:30 GMT - Tue, 05 Aug 2025 22:52:13 GMT

HTTP Headers

GET /landers/602664a33bf74/fonts/Montserrat-Bold.woff HTTP/1.1
Host: m.binjdonefiy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://m.binjdonefiy.com/c.php?action_id=SEdesktop&affpid=77553&clickid=6828892bd300a9000125028a&k=63r1l5p2seqav3mqsdvc&referrer=https://linkvertise.com/&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=
Cookie: uclick=hqci4pftdz; uclickhash=hqci4pftdz-hqci4pft6o-q59r-1zzw-bg2t-1z52dz-1zcivr-0eb664
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 17 May 2025 18:14:27 GMT
content-type: font/woff
content-length: 177924
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Og6O8j7F5EI%2F%2BNLpjwi8K%2B6WaAPUQ9X3M9mgxcBaW97r2QG8bDRk6w%2F9RAcqu3kuqMDmSfctxA4G3ZZmZYbyN7PysoNFbZ3vKT95B6sDrM2pQOgSuQGwmsi1pN%2BrzvGeb%2FWVfw%3D%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 20 Jul 2021 10:52:14 GMT
etag: "60f6aade-2b704"
strict-transport-security: max-age=31536000
accept-ranges: bytes
cache-control: max-age=14400
cf-cache-status: MISS
cf-ray: 941518377fd6b4eb-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=6774&min_rtt=1930&rtt_var=6766&sent=740&recv=71&lost=0&retrans=0&sent_bytes=840952&recv_bytes=6985&delivery_rate=7231885&cwnd=412800&unsent_bytes=0&cid=dced7531c350476d&ts=461&x=16"

GET m.binjdonefiy.com/landers/602664a33bf74/fonts/Montserrat-ExtraLight.woff

104.21.80.1

200 OK

179 kB

URL

m.binjdonefiy.com/landers/602664a33bf74/fonts/Montserrat-ExtraLight.woff

IP / ASN

104.21.80.1

#13335 CLOUDFLARENET

Resource Info

File typeWeb Open Font Format, CFF, length 178944, version 0.0

First Seen2023-04-15

Last Seen2025-07-26

Times Seen190

Size179 kB (178944 bytes)

MD5979856bb871269a5434bf8c784417d2a

SHA17f3aa7ce9642e2998b3e576de4a10ebccabf28e0

SHA256b53100f5197f2df519b4dea2b69928887f319a598404d15cf078ff6e1dc47009

Certificate Info

IssuerGoogle Trust Services

Subjectbinjdonefiy.com

Fingerprint52:75:3E:39:80:A6:9D:2C:9B:A5:01:B3:3C:F2:B0:35:9F:80:79:F7

ValidityWed, 07 May 2025 21:53:30 GMT - Tue, 05 Aug 2025 22:52:13 GMT

HTTP Headers

GET /landers/602664a33bf74/fonts/Montserrat-ExtraLight.woff HTTP/1.1
Host: m.binjdonefiy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://m.binjdonefiy.com/c.php?action_id=SEdesktop&affpid=77553&clickid=6828892bd300a9000125028a&k=63r1l5p2seqav3mqsdvc&referrer=https://linkvertise.com/&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=
Cookie: uclick=hqci4pftdz; uclickhash=hqci4pftdz-hqci4pft6o-q59r-1zzw-bg2t-1z52dz-1zcivr-0eb664
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 17 May 2025 18:14:27 GMT
content-type: font/woff
content-length: 178944
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lVN%2BcjPXOfoFxAXpl5%2BPR6EOU6ZXH42gOEUnOzec4vEmJCNHlt1RNtx3dXC8VYlRtU7x6Hq5GzKU%2F9va1NArfst6TBE0I23iT1reI1V1kX7T1VQlz5%2BYlUExeHuBfucQIxOAHw%3D%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 20 Jul 2021 10:52:15 GMT
etag: "60f6aadf-2bb00"
strict-transport-security: max-age=31536000
accept-ranges: bytes
cache-control: max-age=14400
cf-cache-status: MISS
cf-ray: 941518377fd5b4eb-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=6774&min_rtt=1930&rtt_var=6766&sent=740&recv=71&lost=0&retrans=0&sent_bytes=840952&recv_bytes=6985&delivery_rate=7231885&cwnd=412800&unsent_bytes=0&cid=dced7531c350476d&ts=461&x=16"

GET m.binjdonefiy.com/landers/602664a33bf74/girls.mp4

104.21.80.1

206 Partial Content

784 kB

URL

m.binjdonefiy.com/landers/602664a33bf74/girls.mp4

IP / ASN

104.21.80.1

#13335 CLOUDFLARENET

Resource Info

File typeISO Media, MP4 v2 [ISO 14496-14]

First Seen2025-05-17

Last Seen2025-05-17

Times Seen1

Size784 kB (783793 bytes)

MD5195bbdc12d74f7323d59f426e8adb276

SHA1028bf822fefc65b3e09f84bf57959fcf36044823

SHA2564a7e341db572b8fbc7ae7b9dfeb4c8fca16168388c0057128bfca9af00ca06fa

Certificate Info

IssuerGoogle Trust Services

Subjectbinjdonefiy.com

Fingerprint52:75:3E:39:80:A6:9D:2C:9B:A5:01:B3:3C:F2:B0:35:9F:80:79:F7

ValidityWed, 07 May 2025 21:53:30 GMT - Tue, 05 Aug 2025 22:52:13 GMT

HTTP Headers

GET /landers/602664a33bf74/girls.mp4 HTTP/1.1
Host: m.binjdonefiy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://m.binjdonefiy.com/c.php?action_id=SEdesktop&affpid=77553&clickid=6828892bd300a9000125028a&k=63r1l5p2seqav3mqsdvc&referrer=https://linkvertise.com/&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=
Cookie: uclick=hqci4pftdz; uclickhash=hqci4pftdz-hqci4pft6o-q59r-1zzw-bg2t-1z52dz-1zcivr-0eb664
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 206 Partial Content
date: Sat, 17 May 2025 18:14:27 GMT
content-type: video/mp4
content-length: 7013327
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R9bmXdiwvfK44%2BCI7bIAmkZqrxPdxu5pSv8tnqV%2FW2wuNXIzyiH4NNQuNNyKDtKuLNtVINjeSTmWyxdlg60jsgSalQd37tXG6bv89ntJZfF53qZg4O9PeKty6rabeCIPpmr6Ng%3D%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 20 Jul 2021 10:52:14 GMT
etag: "60f6aade-6b03cf"
strict-transport-security: max-age=31536000
accept-ranges: bytes
age: 691
content-range: bytes 0-7013326/7013327
cache-control: max-age=14400
cf-cache-status: HIT
cf-ray: 941518379fdcb4eb-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=6773&min_rtt=4272&rtt_var=5987&sent=41&recv=61&lost=0&retrans=0&sent_bytes=5149&recv_bytes=6506&delivery_rate=2447&cwnd=12000&unsent_bytes=0&cid=dced7531c350476d&ts=396&x=16"

OPTIONS omcrobata.com/event

139.45.197.121

200 OK

0 B

URL

omcrobata.com/event

IP / ASN

139.45.197.121

#9002 RETN Limited

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5608718

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subjectomcrobata.com

Fingerprint32:84:C1:8F:1A:F9:41:3D:56:0D:A0:89:54:A6:75:66:52:36:49:41

ValidityMon, 12 May 2025 05:13:40 GMT - Sun, 10 Aug 2025 05:13:39 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /event HTTP/1.1
Host: omcrobata.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://m.binjdonefiy.com/
Origin: https://m.binjdonefiy.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 17 May 2025 18:14:31 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://m.binjdonefiy.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

POST omcrobata.com/event

139.45.197.121

200 OK

81 B

URL

omcrobata.com/event

IP / ASN

139.45.197.121

#9002 RETN Limited

Resource Info

File typeJSON text data

First Seen2025-05-17

Last Seen2025-05-17

Times Seen1

Size81 B (81 bytes)

MD5446d46256f64a041c59947de18ef5b6f

SHA1e0829b5b1f182bb70afd77dacbd2b5400af5e17b

SHA256fe2bbc7bde3a98447f9e9cce0931ff3988851c70cdaa65790b58d1aa76253aea

Certificate Info

IssuerLet's Encrypt

Subjectomcrobata.com

Fingerprint32:84:C1:8F:1A:F9:41:3D:56:0D:A0:89:54:A6:75:66:52:36:49:41

ValidityMon, 12 May 2025 05:13:40 GMT - Sun, 10 Aug 2025 05:13:39 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: omcrobata.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://m.binjdonefiy.com/
Content-Type: application/json
Content-Length: 929
Origin: https://m.binjdonefiy.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 17 May 2025 18:14:31 GMT
content-type: application/json; charset=utf-8
content-length: 81
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://m.binjdonefiy.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

GET omcrobata.com/pfe/current/micro.tag.min.js?z=6199255&sw=/sw-check-permissions-b9b9f.js

139.45.197.121

200 OK

50 kB

URL

omcrobata.com/pfe/current/micro.tag.min.js?z=6199255&sw=/sw-check-permissions-b9b9f.js

IP / ASN

139.45.197.121

#9002 RETN Limited

Resource Info

File typeJavaScript source, ASCII text, with very long lines (49951), with no line terminators

First Seen2025-05-13

Last Seen2025-05-20

Times Seen53

Size50 kB (49951 bytes)

MD5d1f105898739dbce8d97e974c5a06d2c

SHA1fcac5e29294450be5bed47910fbbf1a8314329bb

SHA2561a521aba1d1bebcc63a124f7360c0989e362fe4fdb6b1077bcc647c7a82752ef

Certificate Info

IssuerLet's Encrypt

Subjectomcrobata.com

Fingerprint32:84:C1:8F:1A:F9:41:3D:56:0D:A0:89:54:A6:75:66:52:36:49:41

ValidityMon, 12 May 2025 05:13:40 GMT - Sun, 10 Aug 2025 05:13:39 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pfe/current/micro.tag.min.js?z=6199255&sw=/sw-check-permissions-b9b9f.js HTTP/1.1
Host: omcrobata.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://m.binjdonefiy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 17 May 2025 18:14:30 GMT
content-type: application/javascript
last-modified: Tue, 13 May 2025 08:20:29 GMT
etag: W/"682300cd-c31f"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

OPTIONS omcrobata.com/event

139.45.197.121

200 OK

0 B

URL

omcrobata.com/event

IP / ASN

139.45.197.121

#9002 RETN Limited

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5608718

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subjectomcrobata.com

Fingerprint32:84:C1:8F:1A:F9:41:3D:56:0D:A0:89:54:A6:75:66:52:36:49:41

ValidityMon, 12 May 2025 05:13:40 GMT - Sun, 10 Aug 2025 05:13:39 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /event HTTP/1.1
Host: omcrobata.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://m.binjdonefiy.com/
Origin: https://m.binjdonefiy.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 17 May 2025 18:14:31 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://m.binjdonefiy.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

POST omcrobata.com/event

139.45.197.121

200 OK

0 B

URL

omcrobata.com/event

IP / ASN

139.45.197.121

#9002 RETN Limited

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5608718

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subjectomcrobata.com

Fingerprint32:84:C1:8F:1A:F9:41:3D:56:0D:A0:89:54:A6:75:66:52:36:49:41

ValidityMon, 12 May 2025 05:13:40 GMT - Sun, 10 Aug 2025 05:13:39 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: omcrobata.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 422
Origin: https://m.binjdonefiy.com
DNT: 1
Connection: keep-alive
Referer: https://m.binjdonefiy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 17 May 2025 18:14:31 GMT
content-type: application/json; charset=utf-8
content-length: 81
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://m.binjdonefiy.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

POST omcrobata.com/event

139.45.197.121

200 OK

81 B

URL

omcrobata.com/event

IP / ASN

139.45.197.121

#9002 RETN Limited

Resource Info

File typeJSON text data

First Seen2025-05-17

Last Seen2025-05-17

Times Seen1

Size81 B (81 bytes)

MD5a799432f3176642261da7bb50e78f457

SHA1d6377b0327633c2572687b899e225a8bc98a0d97

SHA256e3d4d4a19181d1e95bbc4e20af9e3da249e04f4b44c3005dc865da494d37e458

Certificate Info

IssuerLet's Encrypt

Subjectomcrobata.com

Fingerprint32:84:C1:8F:1A:F9:41:3D:56:0D:A0:89:54:A6:75:66:52:36:49:41

ValidityMon, 12 May 2025 05:13:40 GMT - Sun, 10 Aug 2025 05:13:39 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: omcrobata.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://m.binjdonefiy.com/
Content-Type: application/json
Content-Length: 521
Origin: https://m.binjdonefiy.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 17 May 2025 18:14:31 GMT
content-type: application/json; charset=utf-8
content-length: 81
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://m.binjdonefiy.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

GET m.binjdonefiy.com/c.php?action_id=SEdesktop&affpid=77553&clickid=6828892bd300a9000125028a&k=63r1l5p2seqav3mqsdvc&referrer=https://linkvertise.com/&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=

104.21.80.1

200 OK

4.5 kB

URL

m.binjdonefiy.com/c.php?action_id=SEdesktop&affpid=77553&clickid=6828892bd300a9000125028a&k=63r1l5p2seqav3mqsdvc&referrer=https://linkvertise.com/&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=

IP / ASN

104.21.80.1

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeHTML document, Unicode text, UTF-8 text, with very long lines (2782)

First Seen2025-05-17

Last Seen2025-05-17

Times Seen1

Size4.5 kB (4477 bytes)

MD5e8d71cf7e1747b4744a3542922b3e9cd

SHA141ac73d2eb0e0b511525cfe256a7169aba59af7e

SHA256dbdf3b58b6a96169d85b50f5749c49f6455898f6f0c08d6e1bf7f3cb3afcd8cb

Certificate Info

IssuerGoogle Trust Services

Subjectbinjdonefiy.com

Fingerprint52:75:3E:39:80:A6:9D:2C:9B:A5:01:B3:3C:F2:B0:35:9F:80:79:F7

ValidityWed, 07 May 2025 21:53:30 GMT - Tue, 05 Aug 2025 22:52:13 GMT

HTTP Headers

GET /c.php?action_id=SEdesktop&affpid=77553&clickid=6828892bd300a9000125028a&k=63r1l5p2seqav3mqsdvc&referrer=https://linkvertise.com/&sub1=&sub2=&sub3=&sub4=&sub5=&sub6= HTTP/1.1
Host: m.binjdonefiy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 17 May 2025 18:14:27 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
vary: accept-encoding
strict-transport-security: max-age=31536000
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=7o2vSjcbxPY8pOR9bEf3u%2BI%2F0DZZ18WGwASPVxHxgq0FIeXTMW9uYnfwa2T%2F6s3fu47xbUs8L5oQ9OOPu6O8nw%2BLz%2FjpJ%2BqpkHafLTgiQw%3D%3D"}]}
cf-cache-status: DYNAMIC
content-encoding: br
set-cookie: uclick=hqci4pftdz; SameSite=None; Secure; Path=/; Max-Age=86400; Expires=Sun, 18 May 2025 18:14:27 GMT
uclickhash=hqci4pftdz-hqci4pftdz-1z-1z37-bgd5-1zocbl-1zoc8n-c78636; SameSite=None; Secure; Path=/; Max-Age=86400; Expires=Sun, 18 May 2025 18:14:27 GMT
uclick=hqci4pftdz; SameSite=None; Secure; Path=/; Max-Age=86400; Expires=Sun, 18 May 2025 18:14:27 GMT
uclickhash=hqci4pftdz-hqci4pft6o-q59r-1zzw-bg2t-1z52dz-1zcivr-0eb664; SameSite=None; Secure; Path=/; Max-Age=86400; Expires=Sun, 18 May 2025 18:14:27 GMT
cf-ray: 941518343fab1c16-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET m.binjdonefiy.com/landers/602664a33bf74/fonts/Montserrat-Regular.woff

104.21.80.1

200 OK

181 kB

URL

m.binjdonefiy.com/landers/602664a33bf74/fonts/Montserrat-Regular.woff

IP / ASN

104.21.80.1

#13335 CLOUDFLARENET

Resource Info

File typeWeb Open Font Format, CFF, length 181108, version 0.0

First Seen2023-04-15

Last Seen2025-07-26

Times Seen190

Size181 kB (181108 bytes)

MD5ba85f93f0fc15422585052b59ba9e88e

SHA1d6c2f22589efa70f1f92a2ccb53f61af4ec9bbb3

SHA256581f4e23900b88c2bfe488fa5bf091832fe21c62ef1fcabda19d8a9e6bfa61ae

Certificate Info

IssuerGoogle Trust Services

Subjectbinjdonefiy.com

Fingerprint52:75:3E:39:80:A6:9D:2C:9B:A5:01:B3:3C:F2:B0:35:9F:80:79:F7

ValidityWed, 07 May 2025 21:53:30 GMT - Tue, 05 Aug 2025 22:52:13 GMT

HTTP Headers

GET /landers/602664a33bf74/fonts/Montserrat-Regular.woff HTTP/1.1
Host: m.binjdonefiy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://m.binjdonefiy.com/c.php?action_id=SEdesktop&affpid=77553&clickid=6828892bd300a9000125028a&k=63r1l5p2seqav3mqsdvc&referrer=https://linkvertise.com/&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=
Cookie: uclick=hqci4pftdz; uclickhash=hqci4pftdz-hqci4pft6o-q59r-1zzw-bg2t-1z52dz-1zcivr-0eb664
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 17 May 2025 18:14:27 GMT
content-type: font/woff
content-length: 181108
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6LQ3jpD8GKM%2FjDOob8jm%2FjX8dwK4tULPK4bpqSKNvuvz7yVblWzksmYg3Z5GW1F78skINpg%2BdQGejfBWgo6QowCFNGfxE7Fe59yxyK3IjPiLLh%2BpIOx9Amp%2FvBd3%2BzdsLJD%2B5A%3D%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 20 Jul 2021 10:52:14 GMT
etag: "60f6aade-2c374"
strict-transport-security: max-age=31536000
accept-ranges: bytes
cache-control: max-age=14400
cf-cache-status: MISS
cf-ray: 941518377fd1b4eb-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4493&min_rtt=1930&rtt_var=2937&sent=395&recv=70&lost=0&retrans=0&sent_bytes=428152&recv_bytes=6931&delivery_rate=9633662&cwnd=206400&unsent_bytes=0&cid=dced7531c350476d&ts=456&x=16"

GET m.binjdonefiy.com/favicon.ico

104.21.80.1

200 OK

0 B

URL

m.binjdonefiy.com/favicon.ico

IP / ASN

104.21.80.1

#13335 CLOUDFLARENET

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5608718

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerGoogle Trust Services

Subjectbinjdonefiy.com

Fingerprint52:75:3E:39:80:A6:9D:2C:9B:A5:01:B3:3C:F2:B0:35:9F:80:79:F7

ValidityWed, 07 May 2025 21:53:30 GMT - Tue, 05 Aug 2025 22:52:13 GMT

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: m.binjdonefiy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://m.binjdonefiy.com/c.php?action_id=SEdesktop&affpid=77553&clickid=6828892bd300a9000125028a&k=63r1l5p2seqav3mqsdvc&referrer=https://linkvertise.com/&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=
Cookie: uclick=hqci4pftdz; uclickhash=hqci4pftdz-hqci4pft6o-q59r-1zzw-bg2t-1z52dz-1zcivr-0eb664
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 17 May 2025 18:14:28 GMT
content-type: text/html; charset=UTF-8
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PR95vs2r89kJAZPe2DrYcT64iWL1JwPh4eC2gHaFtxuE26TvPE2mGDVSKK2mk%2FJGerey51h1mZTo6X1tOICVDpNEi6Tde1jpAnZ%2FOcW%2F42jY40n4gNhXqN%2FHe5rvkahyAWBdEg%3D%3D"}],"group":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: HIT
age: 6937
last-modified: Sat, 17 May 2025 16:18:51 GMT
content-encoding: br
cf-ray: 9415183a4877b4eb-OSL
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1296&min_rtt=859&rtt_var=523&sent=1504&recv=101&lost=0&retrans=0&sent_bytes=1736311&recv_bytes=8804&delivery_rate=232616&cwnd=751500&unsent_bytes=0&cid=dced7531c350476d&ts=804&x=16"

OPTIONS omcrobata.com/event

139.45.197.121

200 OK

0 B

URL

omcrobata.com/event

IP / ASN

139.45.197.121

#9002 RETN Limited

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5608718

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subjectomcrobata.com

Fingerprint32:84:C1:8F:1A:F9:41:3D:56:0D:A0:89:54:A6:75:66:52:36:49:41

ValidityMon, 12 May 2025 05:13:40 GMT - Sun, 10 Aug 2025 05:13:39 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /event HTTP/1.1
Host: omcrobata.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://m.binjdonefiy.com/
Origin: https://m.binjdonefiy.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 17 May 2025 18:14:31 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://m.binjdonefiy.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

POST omcrobata.com/event

139.45.197.121

200 OK

81 B

URL

omcrobata.com/event

IP / ASN

139.45.197.121

#9002 RETN Limited

Resource Info

File typeJSON text data

First Seen2025-05-17

Last Seen2025-05-17

Times Seen1

Size81 B (81 bytes)

MD541722eda329115181b68d69ab045067a

SHA1dc10662427dc0f3c8292a719101d4aa2f546339f

SHA25655a5641127ccaa9a5001e872d5245d1ec102ae8803fb13d0c2f12a01e8448b22

Certificate Info

IssuerLet's Encrypt

Subjectomcrobata.com

Fingerprint32:84:C1:8F:1A:F9:41:3D:56:0D:A0:89:54:A6:75:66:52:36:49:41

ValidityMon, 12 May 2025 05:13:40 GMT - Sun, 10 Aug 2025 05:13:39 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: omcrobata.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://m.binjdonefiy.com/
Content-Type: application/json
Content-Length: 518
Origin: https://m.binjdonefiy.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 17 May 2025 18:14:31 GMT
content-type: application/json; charset=utf-8
content-length: 81
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://m.binjdonefiy.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

POST omcrobata.com/event

139.45.197.121

200 OK

81 B

URL

omcrobata.com/event

IP / ASN

139.45.197.121

#9002 RETN Limited

Resource Info

File typeJSON text data

First Seen2025-05-17

Last Seen2025-05-17

Times Seen1

Size81 B (81 bytes)

MD53ecc548c3c0984038447bc1123a29bfa

SHA11826e5fb40c447670c9a179c72f2783ab5dcaf6c

SHA256aa3e949561b23314c66dc2595f1e3ac70a07ceab9da865d01efd47c16db9ced0

Certificate Info

IssuerLet's Encrypt

Subjectomcrobata.com

Fingerprint32:84:C1:8F:1A:F9:41:3D:56:0D:A0:89:54:A6:75:66:52:36:49:41

ValidityMon, 12 May 2025 05:13:40 GMT - Sun, 10 Aug 2025 05:13:39 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: omcrobata.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://m.binjdonefiy.com/
Content-Type: application/json
Content-Length: 525
Origin: https://m.binjdonefiy.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 17 May 2025 18:14:31 GMT
content-type: application/json; charset=utf-8
content-length: 81
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://m.binjdonefiy.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

GET m.binjdonefiy.com/landers/602664a33bf74/preview.jpg?1

104.21.80.1

200 OK

114 kB

URL

m.binjdonefiy.com/landers/602664a33bf74/preview.jpg?1

IP / ASN

104.21.80.1

#13335 CLOUDFLARENET

Resource Info

File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1280x720, components 3

First Seen2023-05-22

Last Seen2025-07-19

Times Seen49

Size114 kB (113867 bytes)

MD54970c6423d2698415466ae709eb496b5

SHA19a88d739929a0943159d4cf7ef2026d72290f38c

SHA2566bc732ae97f0d60fb50316e60c29a3cf22dc09d3fda343b3b8ac06e180969ce0

Certificate Info

IssuerGoogle Trust Services

Subjectbinjdonefiy.com

Fingerprint52:75:3E:39:80:A6:9D:2C:9B:A5:01:B3:3C:F2:B0:35:9F:80:79:F7

ValidityWed, 07 May 2025 21:53:30 GMT - Tue, 05 Aug 2025 22:52:13 GMT

HTTP Headers

GET /landers/602664a33bf74/preview.jpg?1 HTTP/1.1
Host: m.binjdonefiy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://m.binjdonefiy.com/c.php?action_id=SEdesktop&affpid=77553&clickid=6828892bd300a9000125028a&k=63r1l5p2seqav3mqsdvc&referrer=https://linkvertise.com/&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=
Cookie: uclick=hqci4pftdz; uclickhash=hqci4pftdz-hqci4pft6o-q59r-1zzw-bg2t-1z52dz-1zcivr-0eb664
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 17 May 2025 18:14:27 GMT
content-type: image/jpeg
content-length: 113867
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=alV8mH920Nf3Hsgj%2BJfOGHLIQcxQY1E1HOmfqPvmgZUR3W3p15%2FZZLDIFclto5IN9STfpTmJc30ez3t5THtvOCZeFVsoFRsO65%2BvOHc1o%2FBRtxZNnTsS09LmbdkhKlNTNj%2BvLQ%3D%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 20 Jul 2021 10:52:15 GMT
etag: "60f6aadf-1bccb"
strict-transport-security: max-age=31536000
accept-ranges: bytes
age: 691
cache-control: max-age=14400
cf-cache-status: HIT
cf-ray: 941518370fb5b4eb-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=6552&min_rtt=4272&rtt_var=4933&sent=45&recv=62&lost=0&retrans=0&sent_bytes=9368&recv_bytes=6550&delivery_rate=32127&cwnd=12000&unsent_bytes=0&cid=dced7531c350476d&ts=404&x=16"

GET m.binjdonefiy.com/landers/602664a33bf74/pattern.png

104.21.80.1

200 OK

2.8 kB

URL

m.binjdonefiy.com/landers/602664a33bf74/pattern.png

IP / ASN

104.21.80.1

#13335 CLOUDFLARENET

Resource Info

File typePNG image data, 2 x 2, 8-bit/color RGBA, non-interlaced

First Seen2023-05-11

Last Seen2025-08-02

Times Seen254

Size2.8 kB (2804 bytes)

MD5072d522f73c9597e94e90301ad70e96f

SHA1fd0d2c1f2fd12d508a69d7e299a9b45de884ef32

SHA256367dacef3f3650058439ad17f01b2b82c9de869cd470ccc068c380d71cae7a06

Certificate Info

IssuerGoogle Trust Services

Subjectbinjdonefiy.com

Fingerprint52:75:3E:39:80:A6:9D:2C:9B:A5:01:B3:3C:F2:B0:35:9F:80:79:F7

ValidityWed, 07 May 2025 21:53:30 GMT - Tue, 05 Aug 2025 22:52:13 GMT

HTTP Headers

GET /landers/602664a33bf74/pattern.png HTTP/1.1
Host: m.binjdonefiy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://m.binjdonefiy.com/c.php?action_id=SEdesktop&affpid=77553&clickid=6828892bd300a9000125028a&k=63r1l5p2seqav3mqsdvc&referrer=https://linkvertise.com/&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=
Cookie: uclick=hqci4pftdz; uclickhash=hqci4pftdz-hqci4pft6o-q59r-1zzw-bg2t-1z52dz-1zcivr-0eb664
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 17 May 2025 18:14:27 GMT
content-type: image/png
content-length: 2804
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eHjkWwg6W29U3paSxoGS69yxUAayhqI4FGuIRNqTG8WcxRJRyn0uthiDgH3wF8R1EZparj6OfhtqNepx4QsHX3%2FZr0PdVK1c3tBmrDd8BuRGjyMUvGQ6pQyHiIfqPH8T6ObN2A%3D%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 20 Jul 2021 10:52:15 GMT
etag: "60f6aadf-af4"
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: HIT
age: 691
accept-ranges: bytes
cf-ray: 941518376fcfb4eb-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=6773&min_rtt=4272&rtt_var=5987&sent=42&recv=61&lost=0&retrans=0&sent_bytes=5867&recv_bytes=6506&delivery_rate=2447&cwnd=12000&unsent_bytes=0&cid=dced7531c350476d&ts=398&x=16"

GET m.binjdonefiy.com/sw-check-permissions-b9b9f.js?zoneId=6199255&tg=1

104.21.80.1

200 OK

566 B

URL

m.binjdonefiy.com/sw-check-permissions-b9b9f.js?zoneId=6199255&tg=1

IP / ASN

104.21.80.1

#13335 CLOUDFLARENET

Resource Info

File typeJava source, ASCII text

First Seen2024-01-27

Last Seen2025-07-26

Times Seen140

Size566 B (566 bytes)

MD51ade7255e242c6cec4c00bcc54729c05

SHA11eb122f3603d6eb859b0a20dd1b973d60a6d88cd

SHA256b7fa7e2933c2ff8d339c52fa118907b9a9dc48103b13d3cb009cec987943ba61

Certificate Info

IssuerGoogle Trust Services

Subjectbinjdonefiy.com

Fingerprint52:75:3E:39:80:A6:9D:2C:9B:A5:01:B3:3C:F2:B0:35:9F:80:79:F7

ValidityWed, 07 May 2025 21:53:30 GMT - Tue, 05 Aug 2025 22:52:13 GMT

HTTP Headers

GET /sw-check-permissions-b9b9f.js?zoneId=6199255&tg=1 HTTP/1.1
Host: m.binjdonefiy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Referer: https://m.binjdonefiy.com/c.php?action_id=SEdesktop&affpid=77553&clickid=6828892bd300a9000125028a&k=63r1l5p2seqav3mqsdvc&referrer=https://linkvertise.com/&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=
Cookie: uclick=hqci4pftdz; uclickhash=hqci4pftdz-hqci4pft6o-q59r-1zzw-bg2t-1z52dz-1zcivr-0eb664
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 17 May 2025 18:14:31 GMT
content-type: application/javascript
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sJG%2BW8GJrkHCOqtH%2BQSdoDj40HmW6vefz%2B9nf442v2TG5mzMwm9k1uM0nkboI9dVcFf4K4HnNNMVQUCQ50fuKTuVEXUdjstpmQoJXiBSZcX5GYT%2Flsq9vSIj9EzPzz%2BizpH4xw%3D%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Mon, 07 Aug 2023 13:14:21 GMT
etag: W/"64d0ee2d-236"
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: HIT
age: 4690
content-encoding: br
cf-ray: 9415184c5c41b4eb-OSL
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2347&min_rtt=772&rtt_var=2216&sent=1854&recv=190&lost=0&retrans=0&sent_bytes=2087822&recv_bytes=13272&delivery_rate=358336&cwnd=751500&unsent_bytes=0&cid=dced7531c350476d&ts=3705&x=16"

POST omcrobata.com/zone?pub=0&zone_id=6199255&is_mobile=false&domain=m.binjdonefiy.com&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.613&trace_id=fd439f35-d2e1-4392-adc9-bb63de0add2f&action=prerequest&drf=

139.45.197.121

200 OK

0 B

URL

omcrobata.com/zone?pub=0&zone_id=6199255&is_mobile=false&domain=m.binjdonefiy.com&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.613&trace_id=fd439f35-d2e1-4392-adc9-bb63de0add2f&action=prerequest&drf=

IP / ASN

139.45.197.121

#9002 RETN Limited

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5608718

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subjectomcrobata.com

Fingerprint32:84:C1:8F:1A:F9:41:3D:56:0D:A0:89:54:A6:75:66:52:36:49:41

ValidityMon, 12 May 2025 05:13:40 GMT - Sun, 10 Aug 2025 05:13:39 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /zone?pub=0&zone_id=6199255&is_mobile=false&domain=m.binjdonefiy.com&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.613&trace_id=fd439f35-d2e1-4392-adc9-bb63de0add2f&action=prerequest&drf= HTTP/1.1
Host: omcrobata.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://m.binjdonefiy.com
DNT: 1
Connection: keep-alive
Referer: https://m.binjdonefiy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 200 OK
server: nginx
date: Sat, 17 May 2025 18:14:31 GMT
content-length: 0
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://m.binjdonefiy.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

OPTIONS omcrobata.com/event

139.45.197.121

200 OK

0 B

URL

omcrobata.com/event

IP / ASN

139.45.197.121

#9002 RETN Limited

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5608718

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subjectomcrobata.com

Fingerprint32:84:C1:8F:1A:F9:41:3D:56:0D:A0:89:54:A6:75:66:52:36:49:41

ValidityMon, 12 May 2025 05:13:40 GMT - Sun, 10 Aug 2025 05:13:39 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /event HTTP/1.1
Host: omcrobata.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://m.binjdonefiy.com/
Origin: https://m.binjdonefiy.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 17 May 2025 18:14:31 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://m.binjdonefiy.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

POST omcrobata.com/event

139.45.197.121

200 OK

0 B

URL

omcrobata.com/event

IP / ASN

139.45.197.121

#9002 RETN Limited

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5608718

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subjectomcrobata.com

Fingerprint32:84:C1:8F:1A:F9:41:3D:56:0D:A0:89:54:A6:75:66:52:36:49:41

ValidityMon, 12 May 2025 05:13:40 GMT - Sun, 10 Aug 2025 05:13:39 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: omcrobata.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 523
Origin: https://m.binjdonefiy.com
DNT: 1
Connection: keep-alive
Referer: https://m.binjdonefiy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 17 May 2025 18:14:31 GMT
content-type: application/json; charset=utf-8
content-length: 81
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://m.binjdonefiy.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

POST omcrobata.com/event

139.45.197.121

200 OK

0 B

URL

omcrobata.com/event

IP / ASN

139.45.197.121

#9002 RETN Limited

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5608718

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subjectomcrobata.com

Fingerprint32:84:C1:8F:1A:F9:41:3D:56:0D:A0:89:54:A6:75:66:52:36:49:41

ValidityMon, 12 May 2025 05:13:40 GMT - Sun, 10 Aug 2025 05:13:39 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: omcrobata.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 604
Origin: https://m.binjdonefiy.com
DNT: 1
Connection: keep-alive
Referer: https://m.binjdonefiy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 17 May 2025 18:14:31 GMT
content-type: application/json; charset=utf-8
content-length: 81
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://m.binjdonefiy.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2