Report - clinicclear.site/c4z2l9k.php?key=p5g8f0esonwhm0oyl72d&visitor_id=763967833150332928&cost=0.001000&zoneid=5190599&campaignid=7377775&zonetype=push&browser=chrome&osversion=unspecified_android&language={language}&country=EG&os=android&banner=18878197&activity=low

Report Overview

Visited public
2023-12-27 20:08:43
Tags
Submit Tags
URL
clinicclear.site/c4z2l9k.php?key=p5g8f0esonwhm0oyl72d&visitor_id=763967833150332928&cost=0.001000&zoneid=5190599&campaignid=7377775&zonetype=push&browser=chrome&osversion=unspecified_android&language={language}&country=EG&os=android&banner=18878197&activity=low
Finishing URL
lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f
IP / ASN
188.114.97.1
#13335 CLOUDFLARENET
Title
THANK YOU!

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
my.rtmark.net	9054	2014-10-29	2015-02-04 10:54:57	2023-12-27 05:38:22	971 B	1.5 kB	139.45.195.8
applabztrack.com	unknown	2023-08-16	2023-08-21 17:47:29	2023-12-27 05:54:47	1.4 kB	1.6 kB	139.45.197.208
lootavip.com	unknown	2023-12-08	2023-12-09 11:47:22	2023-12-23 17:08:11	7.9 kB	131 kB	139.45.197.161
inlugiar.com	unknown	2022-11-16	2022-11-17 09:42:29	2023-12-27 13:44:08	498 B	1.2 kB	139.45.197.248
cdntechone.com	64371	2021-12-24	2021-12-24 18:09:58	2023-12-26 14:54:39	410 B	20 kB	188.114.96.1
datatechone.com	unknown	2021-12-24	2015-06-17 15:52:19	2023-12-27 06:44:54	580 B	465 B	37.48.68.71
littlecdn.com	11785	2019-06-04	2019-06-04 12:44:02	2023-12-27 06:41:55	938 B	7.8 kB	104.22.24.116
clinicclear.site	unknown	2022-10-09	2022-10-10 00:01:18	2023-12-25 19:07:10	729 B	81 kB	188.114.97.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-12-27	medium	applabztrack.com	Sinkholed
2023-12-27	medium	lootavip.com	Sinkholed
2023-12-27	medium	applabztrack.com	Sinkholed
2023-12-27	medium	lootavip.com	Sinkholed
2023-12-27	medium	applabztrack.com	Sinkholed
2023-12-27	medium	lootavip.com	Sinkholed
2023-12-27	medium	lootavip.com	Sinkholed
2023-12-27	medium	lootavip.com	Sinkholed
2023-12-27	medium	lootavip.com	Sinkholed
2023-12-27	medium	lootavip.com	Sinkholed
2023-12-27	medium	datatechone.com	Sinkholed
2023-12-27	medium	lootavip.com	Sinkholed
2023-12-27	medium	lootavip.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (26)

	URL	From	Size	First Seen	Last Seen
	lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f	ScriptElement	70 B	2024-08-20	2024-08-20
Pretty URL lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f IP 139.45.197.161 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 14:48 Last Seen2024-08-20 14:48 Times Seen1 Hash 093e401c391e7f4e27ee9c65d8960fcc 37cd8ab078697e3ce60bc9a973fe5fb4f4cd45e3 5e870669f6969d8ab34dc8daabb129d5db78ce4aa7f1e7d261f3d5160cd13f9d Loading...

	lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f	ScriptElement	679 B	2023-09-30	2024-08-21
Pretty URL lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f IP 139.45.197.161 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-30 06:56 Last Seen2024-08-21 05:28 Times Seen5057 Hash 81f2b3d0597f5fb3e59f0de7c72e56b0 f7fe43ee0344359c42a4501460b2d06dfcbeb46a 5fe54923fddbb41708ee1edb5375baafddf99ddca22cbb74e0350e498cbf4b3e Loading...

	cdntechone.com/stattag.js	ScriptElement	19 kB	2023-12-19	2024-08-20
Pretty URL cdntechone.com/stattag.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-19 17:45 Last Seen2024-08-20 15:31 Times Seen711 Hash 809ea10a042bb2de8bf47f4111f36986 667690a0ba220ea2b5bab1c3668a7e8ab4d339f3 c66cd32513242fb84a36896f1ea39df51e3e59174fb3d66e1cdd7bd13a38acbb Loading...

	lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f	ScriptElement	1.0 kB	2023-09-15	2025-01-21
Pretty URL lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f IP 139.45.197.161 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-15 06:48 Last Seen2025-01-21 11:42 Times Seen6367 Hash 1e000d88343060c761e3d7ae644a8732 98f67005a3b038378596137e93681310c394d980 cea17ebf90b967d519365b4f2c3a89f73e6b70003e81841d6b8696df4304210e Loading...

	lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f	ScriptElement	2.9 kB	2023-12-24	2024-10-04
Pretty URL lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f IP 139.45.197.161 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-24 14:09 Last Seen2024-10-04 11:05 Times Seen23 Hash 23c286f629d47169dc437df2d53e3768 240da901690cd285ee556da0060f415def06fc64 d3ade8bbe231fa51d9ffde0bcf23c400b8aae8c5e0ff7424a65e1ea06bd38651 Loading...

	lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f	ScriptElement	881 B	2023-12-01	2024-08-20
Pretty URL lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f IP 139.45.197.161 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-01 00:08 Last Seen2024-08-20 17:15 Times Seen3814 Hash a43543cf779641e507e71bf9ee6a1fca 9e54055789ebc34371c5c96b7cbf1495b3d467ca b2dc2f0279dd823b6745fc06a561108194e165ad77adcc8a8bc819ef5754c3a5 Loading...

	lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f	ScriptElement	210 B	2023-12-01	2024-08-20
Pretty URL lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f IP 139.45.197.161 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-01 00:08 Last Seen2024-08-20 17:15 Times Seen2212 Hash d95ed10160acba3158f0797e1ea410e9 181b1bbad8386130ed4a68e5b1db90b2b30ed590 6e5648b599e0728ae01abacc792f61212cc334a0d9cb1fbbd21d71b7f35d717e Loading...

	lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f	ScriptElement	3.3 kB	2023-12-23	2024-08-20
Pretty URL lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f IP 139.45.197.161 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-23 23:10 Last Seen2024-08-20 15:10 Times Seen31 Hash 32ef0170a298387ea37f12da364dfc5c 503c38867521644aaaeeb78eed9f9550b1956c1d c3029aa3955ee94b0d7fe5bc019ad19851272a6fdc1590f96dec590507dd9f1a Loading...

	lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f	ScriptElement	741 B	2023-12-13	2024-08-20
Pretty URL lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f IP 139.45.197.161 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-13 22:56 Last Seen2024-08-20 15:55 Times Seen3798 Hash dbcd157072b7ad38f40c3dadeb8264b5 9cc699c485f90db8d6f960e7cf50c4e305710ac6 48aae18018ece75b1ee29c7061c0734f85385d01d69ef996b7d2f73068bfb4cb Loading...

	lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f	ScriptElement	2.4 kB	2024-08-20	2024-08-20
Pretty URL lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f IP 139.45.197.161 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 14:48 Last Seen2024-08-20 14:48 Times Seen1 Hash b9c53e6dccfef712f8d36dd2d9149af5 8f7f0b4da442edec29bf461a540d91003ea3ef33 8cd9e1490c6b76a10d430c11628affd51d04b00937d2d34dd0ccdde08b5c7679 Loading...

	lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f	ScriptElement	2.0 kB	2024-08-20	2024-08-20
Pretty URL lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f IP 139.45.197.161 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 14:48 Last Seen2024-08-20 14:48 Times Seen1 Hash b3ead2f15c81378692415e04c842d3ee 15727a499fe0409a5461897e4f22e47c00b4502f 2b6045ecfe0cbf10973e9fef77ea88386465a3f8b4508cccf5f7a9eec444d08e Loading...

	lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f	ScriptElement	38 B	2023-03-13	2025-01-21
Pretty URL lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f IP 139.45.197.161 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-13 22:51 Last Seen2025-01-21 11:42 Times Seen5557 Hash 3ea1379d18e4ec6bccefeba76a1b33b4 90afb068cee6917494ddd820bcb2fe44de7e5e43 15c832dee58f1c08fb6bf51935a10f95cb0482d19441cefbb469a82278e54bae Loading...

	lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f	ScriptElement	11 kB	2024-08-20	2024-08-20
Pretty URL lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f IP 139.45.197.161 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 14:48 Last Seen2024-08-20 14:48 Times Seen1 Hash 957b2c927ac3829372188d4c12f4714e 64d4b02a3f64aeedda2b83e15eacbb68a359742a b1252f047d6e2f8c18db9212431c6e902a4a42283936d70e4be4561be7806dfe Loading...

	lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f	ScriptElement	432 B	2023-08-15	2025-01-21
Pretty URL lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f IP 139.45.197.161 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-08-15 17:07 Last Seen2025-01-21 11:42 Times Seen6382 Hash a68df917a9d58006028bbbc7b6f30aa0 8412b7650e9351c4826eee83dc944ab8e7a5a660 003c5bfe078f1901b11f14e32f824a1696e54b3a72cd7462395986063f0cd571 Loading...

	lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f	ScriptElement	4.1 kB	2024-08-20	2024-08-20
Pretty URL lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f IP 139.45.197.161 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 14:48 Last Seen2024-08-20 14:48 Times Seen1 Hash b8dad94b8c076e7e5d1104ef66b2488c e56decc43d31e46df671530ec239d2d3ebcc24ee 2253b1cbc8f71fed9a4cbe1ea6d016c5daf9789f3214ba7e53919245bae8e399 Loading...

	lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f	ScriptElement	489 B	2023-03-07	2024-08-21
Pretty URL lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f IP 139.45.197.161 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:03 Last Seen2024-08-21 09:42 Times Seen4398 Hash b59d52e5c8c1c905dd20084f27bc5261 492b79822be8f2f1d46714e43274e2500de5c0c5 4795baeddefb045a60541029990e6da282eb7d0cb2f9d20da866382567029649 Loading...

	lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f	ScriptElement	27 B	2023-03-07	2025-01-21
Pretty URL lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f IP 139.45.197.161 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:27 Last Seen2025-01-21 11:42 Times Seen2810 Hash dcdca1271ff14fa2a37aac2fdd562ad7 6f8d97801b33f24f2a736c00e1bc5805d9fd5eb7 66d82b0643143d1e9fa6ec2c7e07af701b2b274bc4db74b60ee4dcf5862d229c Loading...

	lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f	ScriptElement	7.2 kB	2024-08-20	2024-08-20
Pretty URL lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f IP 139.45.197.161 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 14:48 Last Seen2024-08-20 14:48 Times Seen1 Hash cf3320af54713507957465686eda0b08 2ffa2de23b1482b6a1a766c89428062a3db3958d d96df5bd8cd2273f216b7ca0fab78a39bd22f3354e6c50cfd4759a5c89efcfcc Loading...

	lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f	ScriptElement	2.8 kB	2023-03-26	2024-10-17
Pretty URL lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f IP 139.45.197.161 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-26 05:18 Last Seen2024-10-17 19:22 Times Seen737 Hash fb795700058b50216760c6c0106b5986 61fb020ce71c0f2e0279fbf4181f53193b91e6e8 bc7a22aa06586c1dcd0ac89f0329e96dd2936308987969b449395a2e3d0eda78 Loading...

	lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f	ScriptElement	243 B	2023-03-07	2024-10-17
Pretty URL lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f IP 139.45.197.161 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 13:21 Last Seen2024-10-17 19:22 Times Seen830 Hash 9c8b4c2757a2ba84e7374a4a2fb73e6d 824c4afa2e871938c12f7c5698fe98f3f19a95c5 415d44cc3ea93f4be94854a2677c8fef5a136343c45546c218d0fb25d5092bc1 Loading...

	lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f	ScriptElement	4.5 kB	2024-08-20	2024-08-20
Pretty URL lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f IP 139.45.197.161 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 14:48 Last Seen2024-08-20 14:48 Times Seen1 Hash 34c12ad14dc47960aaf595a5ee1be26d 2efedda9159f4dae28353dbf9a5b1bcef93f7e3c c8ba9183b888b13cdae162395b27287ce70fc031b924bc6cb4d4878373f47e28 Loading...

	lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f	ScriptElement	4.0 kB	2024-08-20	2024-08-20
Pretty URL lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f IP 139.45.197.161 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 14:48 Last Seen2024-08-20 14:48 Times Seen1 Hash f0f64ecbd139491b988591bb5877f146 c128b16081c2b5f9ffb8122c5dbda195917003b5 338cb55d3837355e48b2a0a90e0db25952eb6de02705dc7fa1c0691edddbb55f Loading...

	lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f	ScriptElement	4.9 kB	2024-08-20	2024-08-20
Pretty URL lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f IP 139.45.197.161 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 14:48 Last Seen2024-08-20 14:48 Times Seen1 Hash 368898dfd5d18bcdc122311b8292583b 37daf70103bba63a670d0cd076fb937c2abca56e 38735e5e8ab5464a7669488d277554177de0b3f8431a90566f322496161c79e2 Loading...

	lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f	ScriptElement	2.8 kB	2024-08-20	2024-08-20
Pretty URL lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f IP 139.45.197.161 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 14:48 Last Seen2024-08-20 14:48 Times Seen1 Hash 5177fa081b5475e483779f0b576f4e3f 37e102870259e16e61f5b25b77e3b72183db61d7 5a6321658d07e5f9ac18c9af5cf23153cc4b6834f64b9c7c30ec9ea0f55afaf0 Loading...

	lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f	ScriptElement	2.1 kB	2024-08-20	2024-08-20
Pretty URL lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f IP 139.45.197.161 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 14:48 Last Seen2024-08-20 14:48 Times Seen1 Hash 5240c734e5beb3060b93858721029432 99309fe7e45c5cd56e0e9d537c4397fc8ab7addb 0eb7be63d1226a14814fdc76516371a49aaf2f97d76082aab45a4bba1051400c Loading...

	lootavip.com/pfe/current/micro.tag.min.js?uhd=1&z=6243280&ymid=5190599&var=6254047&sw=/sw-check-permissions/6243280&var_3=18754413_662&os_version=10.0	ScriptElement	27 kB	2023-11-02	2024-08-20
Pretty URL lootavip.com/pfe/current/micro.tag.min.js?uhd=1&z=6243280&ymid=5190599&var=6254047&sw=/sw-check-permissions/6243280&var_3=18754413_662&os_version=10.0 IP 139.45.197.161 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-02 09:44 Last Seen2024-08-20 21:23 Times Seen8998 Hash 5ccd2d5882a06f293d07510ac91c92e6 b44dc0eaa03981adb70d3313e728f9359c1d21c1 9fc2aa21f3a7bfe66783d35fdbb48147f73e72a41f87aea848f64a8cb4518eba Loading...

HTTP Transactions (20)

URL IP Response Size

GET my.rtmark.net/gid.js?userId=0c372d9719d418e76b5843efee223691

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?userId=0c372d9719d418e76b5843efee223691
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintE8:81:4E:79:89:89:BE:CE:75:1F:E0:2A:60:54:8A:A4:11:2E:F7:42
ValiditySat, 07 Oct 2023 15:22:00 GMT - Fri, 05 Jan 2024 15:21:59 GMT

File type
JSON data
Size
65 B (65 bytes)
Hash
0236af958f6e75c2e414aef2ed5e20b5
5ca911e5c119440bf8356629a92c6f96592e8230
d4e10e0b9b2b9209b8ce395a6ca74787ec13143689198bbe0200016dd628b8e7

HTTP Headers

GET /gid.js?userId=0c372d9719d418e76b5843efee223691 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lootavip.com/
Origin: https://lootavip.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 27 Dec 2023 20:08:17 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://lootavip.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=0c372d9719d418e76b5843efee223691; expires=Thu, 26 Dec 2024 20:08:17 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

POST applabztrack.com/api/v1/event

139.45.197.208

200 OK

0 B

URL POST HTTP/1.1
applabztrack.com/api/v1/event
IP
139.45.197.208:443
ASN
#9002 RETN Limited

Requested by
https://lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f
Certificate
IssuerLet's Encrypt
Subjectapplabztrack.com
FingerprintF8:29:98:C8:95:0D:1E:EB:D4:63:7B:5B:05:E8:A9:82:F9:7B:8E:96
ValidityThu, 02 Nov 2023 01:53:38 GMT - Wed, 31 Jan 2024 01:53:37 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /api/v1/event HTTP/1.1
Host: applabztrack.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://lootavip.com/
Origin: https://lootavip.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 27 Dec 2023 20:08:17 GMT
Content-Length: 0
Connection: keep-alive
Allow: OPTIONS, POST
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Origin: https://lootavip.com
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 600
Timing-Allow-Origin: *

GET lootavip.com/contents/s/1c/2c/1e/0d5c59daf90ddc532c788e8a1a/0495677411714.jpeg

139.45.197.161

200 OK

16 kB

URL GET HTTP/2
lootavip.com/contents/s/1c/2c/1e/0d5c59daf90ddc532c788e8a1a/0495677411714.jpeg
IP
139.45.197.161:443
ASN
#9002 RETN Limited

Requested by
https://lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f
Certificate
IssuerLet's Encrypt
Subjectlootavip.com
FingerprintE3:50:D9:21:14:B4:B1:F9:BB:FA:AB:92:01:B0:0B:18:2A:95:9E:B8
ValidityFri, 08 Dec 2023 09:37:06 GMT - Thu, 07 Mar 2024 09:37:05 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 640x480, components 3
Size
16 kB (16097 bytes)
Hash
1c2c1e0d5c59daf90ddc532c788e8a1a
6956916cdd7a357b4215d99d79abb0a54bc26ca8
4ecc07cc1d7ab222e7245c6734734ac72b77ceafff00c4c2326e845d536fa3fb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /contents/s/1c/2c/1e/0d5c59daf90ddc532c788e8a1a/0495677411714.jpeg HTTP/1.1
Host: lootavip.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f
Cookie: reverse=kj7hW_b5KH_JJJWdxo6--g4BoD4vSqCxvg7moDEa40c; OAID=0c372d9719d418e76b5843efee223691; oaidts=1703707696; counter_o_6_uvc=0; counter_t_420846_uvc=0; counter_o_6_ucc=0; counter_t_420846_ucc=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 27 Dec 2023 20:08:17 GMT
content-type: image/jpeg
content-length: 16097
last-modified: Mon, 27 Feb 2023 09:26:05 GMT
vary: Accept-Encoding
etag: "63fc772d-3ee1"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2

POST applabztrack.com/api/v1/event

139.45.197.208

200 OK

28 B

URL POST HTTP/1.1
applabztrack.com/api/v1/event
IP
139.45.197.208:443
ASN
#9002 RETN Limited

Requested by
https://lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f
Certificate
IssuerLet's Encrypt
Subjectapplabztrack.com
FingerprintF8:29:98:C8:95:0D:1E:EB:D4:63:7B:5B:05:E8:A9:82:F9:7B:8E:96
ValidityThu, 02 Nov 2023 01:53:38 GMT - Wed, 31 Jan 2024 01:53:37 GMT

File type
JSON data
Size
28 B (28 bytes)
Hash
1bf7c0b881463991600d7a589cc6f874
086339ac26a7a491649d6b45e661841bc15e9369
88d9384ead12db46f488d0c8308f875bb9c8d5a5ffc0b838ab29aa8d3a5c8711

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /api/v1/event HTTP/1.1
Host: applabztrack.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 457
Origin: https://lootavip.com
DNT: 1
Connection: keep-alive
Referer: https://lootavip.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 27 Dec 2023 20:08:17 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 28
Connection: keep-alive
X-Trace-Id: 419f42eb6485f2701d85b1c2c2fb89c1
Vary: Origin
Access-Control-Allow-Origin: https://lootavip.com
Access-Control-Expose-Headers: Link
Access-Control-Allow-Credentials: true
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Cache-Control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
Pragma: no-cache
Timing-Allow-Origin: *, *

GET my.rtmark.net/gid.js

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintE8:81:4E:79:89:89:BE:CE:75:1F:E0:2A:60:54:8A:A4:11:2E:F7:42
ValiditySat, 07 Oct 2023 15:22:00 GMT - Fri, 05 Jan 2024 15:21:59 GMT

File type
JSON data
Size
65 B (65 bytes)
Hash
0236af958f6e75c2e414aef2ed5e20b5
5ca911e5c119440bf8356629a92c6f96592e8230
d4e10e0b9b2b9209b8ce395a6ca74787ec13143689198bbe0200016dd628b8e7

HTTP Headers

GET /gid.js HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lootavip.com/
Origin: https://lootavip.com
DNT: 1
Connection: keep-alive
Cookie: ID=0c372d9719d418e76b5843efee223691
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 27 Dec 2023 20:08:17 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://lootavip.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=0c372d9719d418e76b5843efee223691; expires=Thu, 26 Dec 2024 20:08:17 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

POST lootavip.com/zone?&pub=0&zone_id=6243280&is_mobile=false&domain=lootavip.com&var=6254047&ymid=5190599&var_3=18754413_662&var_4=&dsig=&tg=1&sw=3.1.471&action=prerequest

139.45.197.161

200 OK

0 B

URL POST HTTP/2
lootavip.com/zone?&pub=0&zone_id=6243280&is_mobile=false&domain=lootavip.com&var=6254047&ymid=5190599&var_3=18754413_662&var_4=&dsig=&tg=1&sw=3.1.471&action=prerequest
IP
139.45.197.161:443
ASN
#9002 RETN Limited

Requested by
https://lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f
Certificate
IssuerLet's Encrypt
Subjectlootavip.com
FingerprintE3:50:D9:21:14:B4:B1:F9:BB:FA:AB:92:01:B0:0B:18:2A:95:9E:B8
ValidityFri, 08 Dec 2023 09:37:06 GMT - Thu, 07 Mar 2024 09:37:05 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /zone?&pub=0&zone_id=6243280&is_mobile=false&domain=lootavip.com&var=6254047&ymid=5190599&var_3=18754413_662&var_4=&dsig=&tg=1&sw=3.1.471&action=prerequest HTTP/1.1
Host: lootavip.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lootavip.com
DNT: 1
Connection: keep-alive
Referer: https://lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f
Cookie: reverse=kj7hW_b5KH_JJJWdxo6--g4BoD4vSqCxvg7moDEa40c; OAID=0c372d9719d418e76b5843efee223691; oaidts=1703707696; counter_o_6_uvc=1; counter_t_420846_uvc=1; counter_o_6_ucc=0; counter_t_420846_ucc=0; syncedCookie=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 27 Dec 2023 20:08:17 GMT
content-length: 0
x-trace-id: 48f3685676236060b9e76c554be0560f
access-control-allow-origin: https://lootavip.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

POST inlugiar.com/sync-do-applab

139.45.197.248

200 OK

303 B

URL POST HTTP/2
inlugiar.com/sync-do-applab
IP
139.45.197.248:443
ASN
#9002 RETN Limited

Requested by
https://lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f
Certificate
IssuerLet's Encrypt
Subjectinlugiar.com
Fingerprint78:BE:2C:64:2B:8D:8C:5A:75:FB:31:96:C0:D3:06:9C:67:72:61:44
ValidityWed, 20 Dec 2023 22:25:25 GMT - Tue, 19 Mar 2024 22:25:24 GMT

File type
JSON data
Size
303 B (303 bytes)
Hash
37a2f8f963cda6b5ace307ef2dfe0fa2
184e81382978b1d57fcd5cedacd5878427817cc7
533103f554c60ff07e12c1786529f34560b61a1048553a7762893a6244e91445

HTTP Headers

POST /sync-do-applab HTTP/1.1
Host: inlugiar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lootavip.com/
Content-Type: text/plain;charset=UTF-8
Content-Length: 268
Origin: https://lootavip.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 27 Dec 2023 20:08:17 GMT
content-type: application/json; charset=utf-8
content-length: 303
x-trace-id: c0294882685784427ea63e5ee1e59b11
access-control-allow-origin: https://lootavip.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: ft_uvc=1703707697; max-age=86400; secure; SameSite=None
lt_uvc=1703707697; max-age=86400; secure; SameSite=None
ofr_uvc=6:1; max-age=86400; secure; SameSite=None
tmpl_uvc=420846:1; max-age=86400; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

POST applabztrack.com/api/v1/event

139.45.197.208

200 OK

28 B

URL POST HTTP/1.1
applabztrack.com/api/v1/event
IP
139.45.197.208:443
ASN
#9002 RETN Limited

Requested by
https://lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f
Certificate
IssuerLet's Encrypt
Subjectapplabztrack.com
FingerprintF8:29:98:C8:95:0D:1E:EB:D4:63:7B:5B:05:E8:A9:82:F9:7B:8E:96
ValidityThu, 02 Nov 2023 01:53:38 GMT - Wed, 31 Jan 2024 01:53:37 GMT

File type
JSON data
Size
28 B (28 bytes)
Hash
1bf7c0b881463991600d7a589cc6f874
086339ac26a7a491649d6b45e661841bc15e9369
88d9384ead12db46f488d0c8308f875bb9c8d5a5ffc0b838ab29aa8d3a5c8711

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /api/v1/event HTTP/1.1
Host: applabztrack.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 1257
Origin: https://lootavip.com
DNT: 1
Connection: keep-alive
Referer: https://lootavip.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 27 Dec 2023 20:08:17 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 28
Connection: keep-alive
X-Trace-Id: 0b340d2248dc8c10cee7ee89a66447cb
Vary: Origin
Access-Control-Allow-Origin: https://lootavip.com
Access-Control-Expose-Headers: Link
Access-Control-Allow-Credentials: true
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Cache-Control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
Pragma: no-cache
Timing-Allow-Origin: *, *

GET lootavip.com/sw-check-permissions/6243280?var=6254047&var_3=18754413_662&ymid=5190599&uhd=1

139.45.197.161

200 OK

283 B

URL GET HTTP/2
lootavip.com/sw-check-permissions/6243280?var=6254047&var_3=18754413_662&ymid=5190599&uhd=1
IP
139.45.197.161:443
ASN
#9002 RETN Limited

Requested by
https://lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f
Certificate
IssuerLet's Encrypt
Subjectlootavip.com
FingerprintE3:50:D9:21:14:B4:B1:F9:BB:FA:AB:92:01:B0:0B:18:2A:95:9E:B8
ValidityFri, 08 Dec 2023 09:37:06 GMT - Thu, 07 Mar 2024 09:37:05 GMT

File type
Java source, ASCII text
Size
283 B (283 bytes)
Hash
769cd2b35b9900eabc13c855da0a1ca4
b1b04f1207bd0343a3e7d4a97b2f4e7650286b2e
78b949ba6e92bc0a28f7f292c4fd0eaf4033b8a839c7f8a5a80ae71e1aa1c426

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sw-check-permissions/6243280?var=6254047&var_3=18754413_662&ymid=5190599&uhd=1 HTTP/1.1
Host: lootavip.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Referer: https://lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f
Cookie: reverse=kj7hW_b5KH_JJJWdxo6--g4BoD4vSqCxvg7moDEa40c; OAID=0c372d9719d418e76b5843efee223691; oaidts=1703707696; counter_o_6_uvc=1; counter_t_420846_uvc=1; counter_o_6_ucc=0; counter_t_420846_ucc=0; syncedCookie=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 27 Dec 2023 20:08:17 GMT
content-type: application/javascript
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-encoding: br
X-Firefox-Spdy: h2

GET lootavip.com/favicon.ico

139.45.197.161

204 No Content

0 B

URL GET HTTP/2
lootavip.com/favicon.ico
IP
139.45.197.161:443
ASN
#9002 RETN Limited

Requested by
https://lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f
Certificate
IssuerLet's Encrypt
Subjectlootavip.com
FingerprintE3:50:D9:21:14:B4:B1:F9:BB:FA:AB:92:01:B0:0B:18:2A:95:9E:B8
ValidityFri, 08 Dec 2023 09:37:06 GMT - Thu, 07 Mar 2024 09:37:05 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: lootavip.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f
Cookie: reverse=kj7hW_b5KH_JJJWdxo6--g4BoD4vSqCxvg7moDEa40c; OAID=0c372d9719d418e76b5843efee223691; oaidts=1703707696; counter_o_6_uvc=1; counter_t_420846_uvc=1; counter_o_6_ucc=0; counter_t_420846_ucc=0; syncedCookie=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Wed, 27 Dec 2023 20:08:17 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

GET lootavip.com/pfe/current/micro.tag.min.js?uhd=1&z=6243280&ymid=5190599&var=6254047&sw=/sw-check-permissions/6243280&var_3=18754413_662&os_version=10.0

139.45.197.161

200 OK

27 kB

URL GET HTTP/2
lootavip.com/pfe/current/micro.tag.min.js?uhd=1&z=6243280&ymid=5190599&var=6254047&sw=/sw-check-permissions/6243280&var_3=18754413_662&os_version=10.0
IP
139.45.197.161:443
ASN
#9002 RETN Limited

Requested by
https://lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f
Certificate
IssuerLet's Encrypt
Subjectlootavip.com
FingerprintE3:50:D9:21:14:B4:B1:F9:BB:FA:AB:92:01:B0:0B:18:2A:95:9E:B8
ValidityFri, 08 Dec 2023 09:37:06 GMT - Thu, 07 Mar 2024 09:37:05 GMT

File type
ASCII text, with very long lines (27007), with no line terminators
Size
27 kB (27007 bytes)
Hash
5ccd2d5882a06f293d07510ac91c92e6
b44dc0eaa03981adb70d3313e728f9359c1d21c1
9fc2aa21f3a7bfe66783d35fdbb48147f73e72a41f87aea848f64a8cb4518eba

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pfe/current/micro.tag.min.js?uhd=1&z=6243280&ymid=5190599&var=6254047&sw=/sw-check-permissions/6243280&var_3=18754413_662&os_version=10.0 HTTP/1.1
Host: lootavip.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f
Cookie: reverse=kj7hW_b5KH_JJJWdxo6--g4BoD4vSqCxvg7moDEa40c; OAID=0c372d9719d418e76b5843efee223691; oaidts=1703707696; counter_o_6_uvc=0; counter_t_420846_uvc=0; counter_o_6_ucc=0; counter_t_420846_ucc=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 27 Dec 2023 20:08:17 GMT
content-type: application/javascript
last-modified: Thu, 23 Nov 2023 20:42:33 GMT
vary: Accept-Encoding
etag: W/"655fb939-697f"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: br
X-Firefox-Spdy: h2

GET cdntechone.com/stattag.js

188.114.96.1

200 OK

19 kB

URL GET HTTP/2
cdntechone.com/stattag.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f
Certificate
IssuerGoogle Trust Services LLC
Subjectcdntechone.com
Fingerprint8A:AC:59:35:A5:10:20:05:21:0E:28:C5:7F:F4:BA:50:7E:89:48:46
ValidityTue, 26 Dec 2023 02:46:59 GMT - Mon, 25 Mar 2024 02:46:58 GMT

File type
ASCII text, with very long lines (18364)
Size
19 kB (19014 bytes)
Hash
809ea10a042bb2de8bf47f4111f36986
667690a0ba220ea2b5bab1c3668a7e8ab4d339f3
c66cd32513242fb84a36896f1ea39df51e3e59174fb3d66e1cdd7bd13a38acbb

HTTP Headers

GET /stattag.js HTTP/1.1
Host: cdntechone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lootavip.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 27 Dec 2023 20:08:17 GMT
content-type: application/javascript
last-modified: Tue, 19 Dec 2023 15:30:37 GMT
etag: W/"6581b71d-4a46"
link: <https://datatechone.com/>; rel=preconnect; crossorigin, <https://datatechonert.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 1555
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sTmNrdzoAr9otRiI6NeoWS6KUvlntJ4xlbqJ6Z%2Fv4ll1WTtaZT6ZHIo8vESEbhMURTsR%2B7LCveHG1a5Q%2BP%2BmIJgz0%2BXYCP8hfNr2OElAI4UP5dkvIJSdAarHSWhvJzi7LQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 83c431d68ff456c6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

POST lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f&mprtr=1&os_version=10.0

139.45.197.161

200 OK

2 B

URL POST HTTP/2
lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f&mprtr=1&os_version=10.0
IP
139.45.197.161:443
ASN
#9002 RETN Limited

Requested by
https://lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f
Certificate
IssuerLet's Encrypt
Subjectlootavip.com
FingerprintE3:50:D9:21:14:B4:B1:F9:BB:FA:AB:92:01:B0:0B:18:2A:95:9E:B8
ValidityFri, 08 Dec 2023 09:37:06 GMT - Thu, 07 Mar 2024 09:37:05 GMT

File type
JSON data
Size
2 B (2 bytes)
Hash
99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f&mprtr=1&os_version=10.0 HTTP/1.1
Host: lootavip.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lootavip.com
DNT: 1
Connection: keep-alive
Referer: https://lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f
Cookie: reverse=kj7hW_b5KH_JJJWdxo6--g4BoD4vSqCxvg7moDEa40c; OAID=0c372d9719d418e76b5843efee223691; oaidts=1703707696; counter_o_6_uvc=1; counter_t_420846_uvc=1; counter_o_6_ucc=0; counter_t_420846_ucc=0; syncedCookie=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/2 200 OK
server: nginx
date: Wed, 27 Dec 2023 20:08:17 GMT
content-type: application/json
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-encoding: br
X-Firefox-Spdy: h2

GET lootavip.com/rotate?zz=6243414&var=6254047&ymid=5190599&uid=0c372d9719d418e76b5843efee223691&var_4=70e4awfqqxoojb3f&os_version=10.0

139.45.197.161

200 OK

872 B

URL GET HTTP/2
lootavip.com/rotate?zz=6243414&var=6254047&ymid=5190599&uid=0c372d9719d418e76b5843efee223691&var_4=70e4awfqqxoojb3f&os_version=10.0
IP
139.45.197.161:443
ASN
#9002 RETN Limited

Requested by
https://lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f
Certificate
IssuerLet's Encrypt
Subjectlootavip.com
FingerprintE3:50:D9:21:14:B4:B1:F9:BB:FA:AB:92:01:B0:0B:18:2A:95:9E:B8
ValidityFri, 08 Dec 2023 09:37:06 GMT - Thu, 07 Mar 2024 09:37:05 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (882), with no line terminators
Size
872 B (872 bytes)
Hash
4826f99aab1e0deafc2a897f182410d6
df115945f453408381fc71293ce2879ef227ea6d
a1173c5ae30222e150ac03d4c3b4e1a8741c43a565f79e0b2357c8a7101b09a9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /rotate?zz=6243414&var=6254047&ymid=5190599&uid=0c372d9719d418e76b5843efee223691&var_4=70e4awfqqxoojb3f&os_version=10.0 HTTP/1.1
Host: lootavip.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f
DNT: 1
Connection: keep-alive
Cookie: reverse=kj7hW_b5KH_JJJWdxo6--g4BoD4vSqCxvg7moDEa40c; OAID=0c372d9719d418e76b5843efee223691; oaidts=1703707696; counter_o_6_uvc=1; counter_t_420846_uvc=1; counter_o_6_ucc=0; counter_t_420846_ucc=0; syncedCookie=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 27 Dec 2023 20:08:17 GMT
content-type: application/javascript
x-trace-id: f8c1c487cb67be93e7370b321a7cf413
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
timing-allow-origin: *
vary: Accept-Encoding, Origin
access-control-allow-origin: https://lootavip.com/
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
set-cookie: OAID=0c372d9719d418e76b5843efee223691; expires=Thu, 26 Dec 2024 20:08:17 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2

POST datatechone.com/log/add?cid=79b8b31a-f5b5-449e-9c97-e907dd6cec81&ruid=86c0d507-56d9-4ce4-b802-42fedd853fb3

37.48.68.71

200 OK

2 B

URL POST HTTP/1.1
datatechone.com/log/add?cid=79b8b31a-f5b5-449e-9c97-e907dd6cec81&ruid=86c0d507-56d9-4ce4-b802-42fedd853fb3
IP
37.48.68.71:443
ASN
#60781 LeaseWeb Netherlands B.V.

Requested by
https://lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f
Certificate
IssuerSectigo Limited
Subjectdatatechone.com
FingerprintFD:AA:8A:21:49:9F:48:59:78:C7:B2:00:75:4F:CD:2C:AF:49:2C:37
ValiditySun, 10 Dec 2023 00:00:00 GMT - Mon, 23 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /log/add?cid=79b8b31a-f5b5-449e-9c97-e907dd6cec81&ruid=86c0d507-56d9-4ce4-b802-42fedd853fb3 HTTP/1.1
Host: datatechone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1453
Origin: https://lootavip.com
DNT: 1
Connection: keep-alive
Referer: https://lootavip.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Wed, 27 Dec 2023 20:08:17 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
Access-Control-Allow-Origin: https://lootavip.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

GET lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f

139.45.197.161

200 OK

80 kB

URL User Request GET HTTP/2
lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f
IP
139.45.197.161:443
ASN
#9002 RETN Limited

Certificate
IssuerLet's Encrypt
Subjectlootavip.com
FingerprintE3:50:D9:21:14:B4:B1:F9:BB:FA:AB:92:01:B0:0B:18:2A:95:9E:B8
ValidityFri, 08 Dec 2023 09:37:06 GMT - Thu, 07 Mar 2024 09:37:05 GMT

File type
HTML document, ASCII text, with very long lines (3342), with CRLF, LF line terminators
Size
80 kB (80306 bytes)
Hash
3fb9e41d4f4f8feee39edeaaf6b6bd5e
18277cc4f6c7b632117c76feb2305ecda10d5440
71c57e9fdd9f7abe3f3c40702841ba7d7a6132490fd02ad42a3209238556e860

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f HTTP/1.1
Host: lootavip.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 27 Dec 2023 20:08:16 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
set-cookie: reverse=kj7hW_b5KH_JJJWdxo6--g4BoD4vSqCxvg7moDEa40c; expires=Wed, 27-Dec-2023 21:08:16 GMT; Max-Age=3600; path=/
OAID=0c372d9719d418e76b5843efee223691; expires=Fri, 23-Dec-2078 16:16:32 GMT; Max-Age=1735330096; path=/
oaidts=1703707696; expires=Fri, 23-Dec-2078 16:16:32 GMT; Max-Age=1735330096; path=/
syncedCookie=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-encoding: br
X-Firefox-Spdy: h2

GET littlecdn.com/apps/templates/questions/video-bg/css/style.css?v=123

104.22.24.116

200 OK

5.9 kB

URL GET HTTP/2
littlecdn.com/apps/templates/questions/video-bg/css/style.css?v=123
IP
104.22.24.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintF9:14:9E:F3:4F:17:83:0E:22:54:EF:3E:FD:37:20:6C:1D:08:CE:1F
ValidityTue, 11 Apr 2023 00:00:00 GMT - Wed, 10 Apr 2024 23:59:59 GMT

File type
ASCII text, with very long lines (6320), with no line terminators
Size
5.9 kB (5912 bytes)
Hash
622865f220163c8b2ea966baffa65bf3
040d2eb2993687b73c4453d4ba741f97324a894a
c2c328afb4987cc13feebceb0bff783c50559472e007e9a70baf6e0959fc3588

HTTP Headers

GET /apps/templates/questions/video-bg/css/style.css?v=123 HTTP/1.1
Host: littlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lootavip.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 27 Dec 2023 20:08:17 GMT
content-type: text/css
last-modified: Mon, 25 Dec 2023 10:29:08 GMT
vary: Accept-Encoding
etag: W/"65895974-1718"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=3600
cf-cache-status: HIT
age: 650
server: cloudflare
cf-ray: 83c431d45d4256bf-OSL
content-encoding: br
X-Firefox-Spdy: h2

GET lootavip.com/track-impression-applab?z=6254047&b=18754413&ymid=70e4awfqqxoojb3f&var=5190599&var_3=18754413_662&redirect=false&redirectUrl=https%3A%2F%2Fattr.itpub.cc%2Fiha%2Fxfle98%2Fmt%2Fc%3Fmt_gaid%3D%7Bmt_gaid%7D%26did%3D%24%7BSUBID%7D%26mt_sub1%3D324728%253A6254047%253A5190599%253A1%253A%7Bbrowser%7D%26mt_sub2%3D6254047%26mt_creative%3D18754413%26land_state%3Dbefore_render%26land_id%3DQZMsMkz8VL07Y6L%26land_generation_time%3D2023-12-27_15%3A08%3A16%26land_error_code%3D%26ruid%3D%7Bruid%7D%26mgeo%3D%7Bmgeo%7D%26oaid%3D0c372d9719d418e76b5843efee223691%26land_type%3Drtr%26isPushSubscribed%3Dfalse%26isPushAlreadySubscribed%3Dfalse%26land_tracker%3Dmarker%26land_purchase_method%3Dapk&os_version=10.0

139.45.197.161

200 OK

837 B

URL GET HTTP/2
lootavip.com/track-impression-applab?z=6254047&b=18754413&ymid=70e4awfqqxoojb3f&var=5190599&var_3=18754413_662&redirect=false&redirectUrl=https%3A%2F%2Fattr.itpub.cc%2Fiha%2Fxfle98%2Fmt%2Fc%3Fmt_gaid%3D%7Bmt_gaid%7D%26did%3D%24%7BSUBID%7D%26mt_sub1%3D324728%253A6254047%253A5190599%253A1%253A%7Bbrowser%7D%26mt_sub2%3D6254047%26mt_creative%3D18754413%26land_state%3Dbefore_render%26land_id%3DQZMsMkz8VL07Y6L%26land_generation_time%3D2023-12-27_15%3A08%3A16%26land_error_code%3D%26ruid%3D%7Bruid%7D%26mgeo%3D%7Bmgeo%7D%26oaid%3D0c372d9719d418e76b5843efee223691%26land_type%3Drtr%26isPushSubscribed%3Dfalse%26isPushAlreadySubscribed%3Dfalse%26land_tracker%3Dmarker%26land_purchase_method%3Dapk&os_version=10.0
IP
139.45.197.161:443
ASN
#9002 RETN Limited

Requested by
https://lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f
Certificate
IssuerLet's Encrypt
Subjectlootavip.com
FingerprintE3:50:D9:21:14:B4:B1:F9:BB:FA:AB:92:01:B0:0B:18:2A:95:9E:B8
ValidityFri, 08 Dec 2023 09:37:06 GMT - Thu, 07 Mar 2024 09:37:05 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (897), with no line terminators
Size
837 B (837 bytes)
Hash
d90d683c66ae4d339f31e1cf2b30ab5c
65f28152e830026d943bd8f150933081df6ae0ca
30ab48e62bfef1735d76e00d7799f662eb280baef53fadfaf0b716eeb665a31b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /track-impression-applab?z=6254047&b=18754413&ymid=70e4awfqqxoojb3f&var=5190599&var_3=18754413_662&redirect=false&redirectUrl=https%3A%2F%2Fattr.itpub.cc%2Fiha%2Fxfle98%2Fmt%2Fc%3Fmt_gaid%3D%7Bmt_gaid%7D%26did%3D%24%7BSUBID%7D%26mt_sub1%3D324728%253A6254047%253A5190599%253A1%253A%7Bbrowser%7D%26mt_sub2%3D6254047%26mt_creative%3D18754413%26land_state%3Dbefore_render%26land_id%3DQZMsMkz8VL07Y6L%26land_generation_time%3D2023-12-27_15%3A08%3A16%26land_error_code%3D%26ruid%3D%7Bruid%7D%26mgeo%3D%7Bmgeo%7D%26oaid%3D0c372d9719d418e76b5843efee223691%26land_type%3Drtr%26isPushSubscribed%3Dfalse%26isPushAlreadySubscribed%3Dfalse%26land_tracker%3Dmarker%26land_purchase_method%3Dapk&os_version=10.0 HTTP/1.1
Host: lootavip.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f
DNT: 1
Connection: keep-alive
Cookie: reverse=kj7hW_b5KH_JJJWdxo6--g4BoD4vSqCxvg7moDEa40c; OAID=0c372d9719d418e76b5843efee223691; oaidts=1703707696; counter_o_6_uvc=1; counter_t_420846_uvc=1; counter_o_6_ucc=0; counter_t_420846_ucc=0; syncedCookie=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 27 Dec 2023 20:08:17 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
x-trace-id: 7def8f582cbad37910ab22c73cbbc0fa
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: *
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2

GET clinicclear.site/c4z2l9k.php?key=p5g8f0esonwhm0oyl72d&visitor_id=763967833150332928&cost=0.001000&zoneid=5190599&campaignid=7377775&zonetype=push&browser=chrome&osversion=unspecified_android&language={language}&country=EG&os=android&banner=18878197&activity=low

188.114.97.1

302 Found

80 kB

URL User Request GET HTTP/2
clinicclear.site/c4z2l9k.php?key=p5g8f0esonwhm0oyl72d&visitor_id=763967833150332928&cost=0.001000&zoneid=5190599&campaignid=7377775&zonetype=push&browser=chrome&osversion=unspecified_android&language={language}&country=EG&os=android&banner=18878197&activity=low
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectclinicclear.site
FingerprintDD:9D:BC:DF:EE:14:35:96:F5:8F:F9:AC:20:69:AD:EA:A4:E8:9A:02
ValidityMon, 27 Nov 2023 16:49:11 GMT - Sun, 25 Feb 2024 16:49:10 GMT

File type

Size
80 kB (80306 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /c4z2l9k.php?key=p5g8f0esonwhm0oyl72d&visitor_id=763967833150332928&cost=0.001000&zoneid=5190599&campaignid=7377775&zonetype=push&browser=chrome&osversion=unspecified_android&language={language}&country=EG&os=android&banner=18878197&activity=low HTTP/1.1
Host: clinicclear.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Wed, 27 Dec 2023 20:08:16 GMT
content-type: text/html; charset=UTF-8
location: https://lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f
set-cookie: uclick=wfqqxooj; expires=Thu, 28-Dec-2023 20:08:16 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclickhash=wfqqxooj-wfqqxooj-hqi4-0-pmoj-ftk2-ftxo-77524a; expires=Thu, 28-Dec-2023 20:08:16 GMT; Max-Age=86400; path=/; secure; SameSite=none
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IadWw88A%2B2KtTIDSzTysUTkbNDEQeGR63EMe5SSr7ly9Lb33zDBskFNUeXxQMdFg9gFIYUzpAIVkv9UUXmnGQGr6M7EoV%2F8VTcJPZVOUN37PCkU8ghO3tdFZ2UbSyDq5O90Z"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 83c431cf0ced0b02-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET littlecdn.com/apps/templates/questions/video-bg/css/theme/green.css?v=123

104.22.24.116

200 OK

432 B

URL GET HTTP/2
littlecdn.com/apps/templates/questions/video-bg/css/theme/green.css?v=123
IP
104.22.24.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lootavip.com/?l=QZMsMkz8VL07Y6L&b=18754413&z=6254047&s=70e4awfqqxoojb3f&campid=662&var=5190599&ymid=70e4awfqqxoojb3f
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintF9:14:9E:F3:4F:17:83:0E:22:54:EF:3E:FD:37:20:6C:1D:08:CE:1F
ValidityTue, 11 Apr 2023 00:00:00 GMT - Wed, 10 Apr 2024 23:59:59 GMT

File type
ASCII text, with very long lines (445), with no line terminators
Size
432 B (432 bytes)
Hash
d72725a1b3fca0012fb1c489698e851b
235b773f0779434ad997fb4b072a315dd84ec445
958ad2f46e1d5f81e1f8226fa392cafe2a363381bb18e28ae06e4cf7cda579d3

HTTP Headers

GET /apps/templates/questions/video-bg/css/theme/green.css?v=123 HTTP/1.1
Host: littlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lootavip.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 27 Dec 2023 20:08:17 GMT
content-type: text/css
last-modified: Mon, 25 Dec 2023 10:29:08 GMT
vary: Accept-Encoding
etag: W/"65895974-1b0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=3600
cf-cache-status: HIT
age: 650
server: cloudflare
cf-ray: 83c431d45d4656bf-OSL
content-encoding: br
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (26)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by