Report - fmtwtrk.live/click?key=4f6fbce929b1722932b8&visitor_id=785847200914612224&cost=0.000614&zoneid=5615727&campaignid=7695349&banner=19709825&zone_type={zone_type}&user_activity=low&subzone

Report Overview

Visited public
2024-02-26 05:11:05
Tags
URL
fmtwtrk.live/click?key=4f6fbce929b1722932b8&visitor_id=785847200914612224&cost=0.000614&zoneid=5615727&campaignid=7695349&banner=19709825&zone_type={zone_type}&user_activity=low&subzone_id=2488228
Finishing URL
intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
IP / ASN
111.90.140.153
#45839 Shinjiru Technology Sdn Bhd
Title
The CRYPTO Soft

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ifdtrcking.com	unknown	2023-01-08	2023-01-08 15:21:58	2024-02-22 20:00:10	553 B	810 B	193.34.166.106
intelligent-money-offers.com	unknown	2023-11-10	2024-01-23 08:10:41	2024-02-24 19:55:50	28 kB	1.9 MB	193.34.166.179
code.jquery.com	634	2005-12-10	2012-05-21 19:28:02	2024-02-25 18:44:18	422 B	32 kB	151.101.194.137
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2024-02-25 18:18:05	494 B	2.0 kB	216.58.207.234
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17 22:46:33	2024-02-25 18:12:58	475 B	1.2 kB	104.17.25.14
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2024-02-25 20:13:08	2.2 kB	104 kB	216.58.207.227
fmtwtrk.live	unknown	2024-01-04	2024-01-08 16:27:15	2024-02-13 12:30:03	650 B	533 B	111.90.140.153

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-02-26	medium	intelligent-money-offers.com	Sinkholed
2024-02-26	medium	intelligent-money-offers.com	Sinkholed
2024-02-26	medium	intelligent-money-offers.com	Sinkholed
2024-02-26	medium	intelligent-money-offers.com	Sinkholed
2024-02-26	medium	intelligent-money-offers.com	Sinkholed
2024-02-26	medium	intelligent-money-offers.com	Sinkholed
2024-02-26	medium	intelligent-money-offers.com	Sinkholed
2024-02-26	medium	intelligent-money-offers.com	Sinkholed
2024-02-26	medium	intelligent-money-offers.com	Sinkholed
2024-02-26	medium	intelligent-money-offers.com	Sinkholed
2024-02-26	medium	intelligent-money-offers.com	Sinkholed
2024-02-26	medium	intelligent-money-offers.com	Sinkholed
2024-02-26	medium	intelligent-money-offers.com	Sinkholed
2024-02-26	medium	intelligent-money-offers.com	Sinkholed
2024-02-26	medium	intelligent-money-offers.com	Sinkholed
2024-02-26	medium	intelligent-money-offers.com	Sinkholed
2024-02-26	medium	intelligent-money-offers.com	Sinkholed
2024-02-26	medium	intelligent-money-offers.com	Sinkholed
2024-02-26	medium	intelligent-money-offers.com	Sinkholed
2024-02-26	medium	intelligent-money-offers.com	Sinkholed
2024-02-26	medium	intelligent-money-offers.com	Sinkholed
2024-02-26	medium	intelligent-money-offers.com	Sinkholed
2024-02-26	medium	intelligent-money-offers.com	Sinkholed
2024-02-26	medium	intelligent-money-offers.com	Sinkholed
2024-02-26	medium	intelligent-money-offers.com	Sinkholed
2024-02-26	medium	intelligent-money-offers.com	Sinkholed
2024-02-26	medium	intelligent-money-offers.com	Sinkholed
2024-02-26	medium	intelligent-money-offers.com	Sinkholed
2024-02-26	medium	intelligent-money-offers.com	Sinkholed
2024-02-26	medium	intelligent-money-offers.com	Sinkholed
2024-02-26	medium	intelligent-money-offers.com	Sinkholed
2024-02-26	medium	intelligent-money-offers.com	Sinkholed
2024-02-26	medium	intelligent-money-offers.com	Sinkholed
2024-02-26	medium	intelligent-money-offers.com	Sinkholed
2024-02-26	medium	intelligent-money-offers.com	Sinkholed
2024-02-26	medium	intelligent-money-offers.com	Sinkholed
2024-02-26	medium	intelligent-money-offers.com	Sinkholed
2024-02-26	medium	intelligent-money-offers.com	Sinkholed
2024-02-26	medium	intelligent-money-offers.com	Sinkholed
2024-02-26	medium	intelligent-money-offers.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (8)

	URL	From	Size	First Seen	Last Seen
	intelligent-money-offers.com/cryptosoft/js/jquery.min.js	ScriptElement	148 kB	2023-03-09	2024-08-20
Pretty URL intelligent-money-offers.com/cryptosoft/js/jquery.min.js IP 193.34.166.179 ASN #62370 Snel.com B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 06:14 Last Seen2024-08-20 10:05 Times Seen124 Hash e4ffda65e630968c72c3c2c84a3edd0f 6b5665cc000270f99193c0c95d082229d0133a38 f5443a76ec0301734875e2e007d025b0b64dc8c3bbe34233d6f2fe5d3c983030 Loading...

	intelligent-money-offers.com/cryptosoft/js/video.js	ScriptElement	1.5 MB	2023-03-07	2025-04-09
Pretty URL intelligent-money-offers.com/cryptosoft/js/video.js IP 193.34.166.179 ASN #62370 Snel.com B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:45 Last Seen2025-04-09 20:02 Times Seen157 Hash 9045e3df1785b61657789608f6afa807 0a7ea1b2e2bfc262fcd4acd1023973b78082f5ee 96d3349232417f89dec7f5c26a3872bb542fceaba22361b580b78f6e8d92ef2c Loading...

	intelligent-money-offers.com/cryptosoft/js/languageSwitcher.js	ScriptElement	1.0 kB	2024-02-07	2024-08-20
Pretty URL intelligent-money-offers.com/cryptosoft/js/languageSwitcher.js IP 193.34.166.179 ASN #62370 Snel.com B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-07 08:15 Last Seen2024-08-20 10:05 Times Seen124 Hash c6441d2b5114993bfa787c4d738de05c f0396f76fae808d34cf597b5455e548bb3dda4db 079480fd9e1991f10a369440c788b45f3a79769a64e40546b5336a8caffb144e Loading...

	intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto	ScriptElement	1.8 kB	2024-02-07	2024-08-20
Pretty URL intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto IP 193.34.166.179 ASN #62370 Snel.com B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2024-02-07 08:15 Last Seen2024-08-20 10:05 Times Seen122 Hash aacfdbd610dae04f437da13926f2eab5 8d144b21464387a819865b2e2f8f618649e7a783 b95e2f07a313b63ce625a368b85f028c3378ae8793cec207fa53ab386ef501bc Loading...

	intelligent-money-offers.com/intgrtn/api/v1/integration/sdk.js?v=202412651	ScriptElement	500 kB	2023-06-28	2024-08-21
Pretty URL intelligent-money-offers.com/intgrtn/api/v1/integration/sdk.js?v=202412651 IP 193.34.166.179 ASN #62370 Snel.com B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-28 18:02 Last Seen2024-08-21 09:00 Times Seen970 Hash b74a78a8e492a9b171dab179eeab69fb 6e7fe630cf763a0a45fd77c922d728ad2b386cae 6298f0a9a101a54afa0ed7e7ccd9bb8f6583638f84082c69f5e0e5a2c9961f2e Loading...

	code.jquery.com/jquery-3.5.1.min.js	ScriptElement	90 kB	2023-03-07	2025-05-14
Pretty URL code.jquery.com/jquery-3.5.1.min.js IP 151.101.194.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-14 03:50 Times Seen109283 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

	intelligent-money-offers.com/cryptosoft/js/bodymovin_light.min.js	ScriptElement	200 kB	2024-02-07	2024-08-20
Pretty URL intelligent-money-offers.com/cryptosoft/js/bodymovin_light.min.js IP 193.34.166.179 ASN #62370 Snel.com B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-07 08:15 Last Seen2024-08-20 10:05 Times Seen124 Hash 5ac6c26b5a3d4e87b6c08efb26977f4f 3d815a65ef6fbcd9e84df5f393f9ab24b58d9393 4e7bf71bcc83214888e177d7c80b42d30d27b2069ae07db1e75913ba2f80d064 Loading...

	intelligent-money-offers.com/cryptosoft/js/main.js	ScriptElement	9.6 kB	2023-03-10	2024-08-20
Pretty URL intelligent-money-offers.com/cryptosoft/js/main.js IP 193.34.166.179 ASN #62370 Snel.com B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 11:22 Last Seen2024-08-20 10:05 Times Seen124 Hash 41ddc03e25896775817e7a426688d4ac c17d018a0077772c725fd7169c918b9fc354a644 03bcc8aa53336b3a1cb2171972666e7754fc149e911ab68a8b34af0370f0846d Loading...

HTTP Transactions (49)

URL IP Response Size

fmtwtrk.live/click?key=4f6fbce929b1722932b8&visitor_id=785847200914612224&cost=0.000614&zoneid=5615727&campaignid=7695349&banner=19709825&zone_type={zone_type}&user_activity=low&subzone_id=2488228

111.90.140.153

307 Temporary Redirect

0 B

URL User Request GET HTTP/2
fmtwtrk.live/click?key=4f6fbce929b1722932b8&visitor_id=785847200914612224&cost=0.000614&zoneid=5615727&campaignid=7695349&banner=19709825&zone_type={zone_type}&user_activity=low&subzone_id=2488228
IP
111.90.140.153:443
ASN
#45839 Shinjiru Technology Sdn Bhd

Certificate
IssuerLet's Encrypt
Subjectfmtwtrk.live
Fingerprint17:C5:8F:6C:64:34:38:28:76:36:9E:56:00:08:38:A7:4C:A6:98:9D
ValidityMon, 08 Jan 2024 14:26:46 GMT - Sun, 07 Apr 2024 14:26:45 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /click?key=4f6fbce929b1722932b8&visitor_id=785847200914612224&cost=0.000614&zoneid=5615727&campaignid=7695349&banner=19709825&zone_type={zone_type}&user_activity=low&subzone_id=2488228 HTTP/1.1
Host: fmtwtrk.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 307 Temporary Redirect
date: Mon, 26 Feb 2024 05:15:59 GMT
location: https://ifdtrcking.com/click.php?project_id=06d3dcc4a6&affiliate_id=79b2b9ace4&custom2=cne1t3s6n9fs73aolfb0
server: Caddy
set-cookie: uclick=mL7ZlgoJbNM1hLf2OmCYtfNmNADi3ArJKM3tkE+0sVkR0lOZP/lhA2+lKeWB2buGHDEGUQ==; Max-Age=31536000; SameSite=Lax
bcid=cne1t3s6n9fs73aolfb0; Max-Age=31536000; SameSite=Lax
cid=cne1t3s6n9fs73aolfb0; Max-Age=31536000; SameSite=Lax
x-request-id: b560cb70-e6b3-4a02-ab1f-15839aa7350f
content-length: 0
X-Firefox-Spdy: h2

ifdtrcking.com/click.php?project_id=06d3dcc4a6&affiliate_id=79b2b9ace4&custom2=cne1t3s6n9fs73aolfb0

193.34.166.106

302 Found

20 B

URL User Request GET HTTP/1.1
ifdtrcking.com/click.php?project_id=06d3dcc4a6&affiliate_id=79b2b9ace4&custom2=cne1t3s6n9fs73aolfb0
IP
193.34.166.106:443
ASN
#62370 Snel.com B.V.

Certificate
IssuerLet's Encrypt
Subjectifdtrcking.com
Fingerprint2F:B2:5E:7C:33:D4:05:5C:77:60:7A:06:02:F0:53:2C:DF:36:D6:35
ValidityWed, 03 Jan 2024 02:04:01 GMT - Tue, 02 Apr 2024 02:04:00 GMT

File type
gzip compressed data, from Unix
Size
20 B (20 bytes)
Hash
7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2

HTTP Headers

GET /click.php?project_id=06d3dcc4a6&affiliate_id=79b2b9ace4&custom2=cne1t3s6n9fs73aolfb0 HTTP/1.1
Host: ifdtrcking.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Mon, 26 Feb 2024 05:10:37 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy; expires=Mon, 04-Mar-2024 05:10:37 GMT; Max-Age=604800; path=/; samesite=None; secure
leadID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy; expires=Mon, 04-Mar-2024 05:10:37 GMT; Max-Age=604800; path=/; samesite=None; secure
Location: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Content-Encoding: gzip
Vary: Accept-Encoding
X-Server: arganto
PX-X-Request-Id: 9d345c2805b464be1e350a483cb16389

intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto

193.34.166.179

200 OK

5.3 kB

URL User Request GET HTTP/1.1
intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
IP
193.34.166.179:443
ASN
#62370 Snel.com B.V.

Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (444)
Size
5.3 kB (5263 bytes)
Hash
51f455ed807e18ae06e6c24e9e881811
f623b4501df3a9410625cdb98fbdb5c109f64c1e
fab94e741bdaa5f39cc44a44c8f816954e57dfe1fda81becab66884f12893515

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 26 Feb 2024 05:10:37 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: intgrtn_language=no; expires=Wed, 27-Mar-2024 05:10:37 GMT; Max-Age=2592000; path=/cryptosoft/
X-Upstream: evlampi-***ko
Content-Encoding: gzip
X-Server: karen
PX-X-Request-Id: a455cac8b3a89332405c02609f22a0de
PX-IPCountryISO: NO
PX-IPTimestamp: 1708717643 1708924025 1708847211

intelligent-money-offers.com/cryptosoft/css/bootstrap.css

193.34.166.179

200 OK

20 kB

URL GET HTTP/1.1
intelligent-money-offers.com/cryptosoft/css/bootstrap.css
IP
193.34.166.179:443
ASN
#62370 Snel.com B.V.

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
ASCII text, with very long lines (65452)
Size
20 kB (19841 bytes)
Hash
bcedbc182918a36f909c2735f5bbc2ee
4352dbcfc5e6fdd1b60f8a4951501ae232795c01
9fca27e31fbf05b4e94c25ea238fdfa4f0fea42571b12705e9fb5b2a212cb934

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptosoft/css/bootstrap.css HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_language=no
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 26 Feb 2024 05:10:37 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 15 Mar 2023 08:00:18 GMT
ETag: W/"64117b12-1db6f"
X-Upstream: stavri-***ko
PX-Cache-Status: STALE
X-Server: karen
PX-X-Request-Id: 3687529cfedb3212f50b7968e6953e83
PX-IPCountryISO: NO
PX-IPTimestamp: 1708717643 1708924025 1708847211
Content-Encoding: gzip

intelligent-money-offers.com/cryptosoft/css/cryptosoftwarenow.css

193.34.166.179

200 OK

6.5 kB

URL GET HTTP/1.1
intelligent-money-offers.com/cryptosoft/css/cryptosoftwarenow.css
IP
193.34.166.179:443
ASN
#62370 Snel.com B.V.

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
troff or preprocessor input, ASCII text
Size
6.5 kB (6543 bytes)
Hash
f9cc837efa33fbe3ca7314e2798bf393
a08f703c3ca3a065cfe02a66d52679e1973a193b
dc1e5559a9f8c4f1275b6c3bcb6d02762e992c5c33a916766429363812857c78

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptosoft/css/cryptosoftwarenow.css HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_language=no
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 26 Feb 2024 05:10:38 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 15 Mar 2023 08:00:18 GMT
ETag: W/"64117b12-be7b"
X-Upstream: stavri-***ko
PX-Cache-Status: STALE
X-Server: karen
PX-X-Request-Id: 886a698e0c89216b1d3fefc88be2acad
PX-IPCountryISO: NO
PX-IPTimestamp: 1708717643 1708924025 1708847211
Content-Encoding: gzip

intelligent-money-offers.com/cryptosoft/css/main.css

193.34.166.179

200 OK

6.6 kB

URL GET HTTP/1.1
intelligent-money-offers.com/cryptosoft/css/main.css
IP
193.34.166.179:443
ASN
#62370 Snel.com B.V.

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
ASCII text, with very long lines (4274)
Size
6.6 kB (6628 bytes)
Hash
ae53e8e3bd0409ec5a30a967da71626b
11830708573682f274e971cde921a171d06fcb32
2a8a99c74b0606dfe41fa441243f0e20bf7be1cd4c74c1d32bad764b9245f0f3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptosoft/css/main.css HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_language=no
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 26 Feb 2024 05:10:38 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 15 Mar 2023 08:00:18 GMT
ETag: W/"64117b12-6bd9"
X-Upstream: stavri-***ko
PX-Cache-Status: STALE
X-Server: karen
PX-X-Request-Id: e179094040a3eba66e179b4386c30cf0
PX-IPCountryISO: NO
PX-IPTimestamp: 1708717643 1708924025 1708847211
Content-Encoding: gzip

intelligent-money-offers.com/cryptosoft/css/video-js.css

193.34.166.179

200 OK

10 kB

URL GET HTTP/1.1
intelligent-money-offers.com/cryptosoft/css/video-js.css
IP
193.34.166.179:443
ASN
#62370 Snel.com B.V.

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
ASCII text, with very long lines (5636)
Size
10 kB (10001 bytes)
Hash
20e19d889dd8fa46e8035262bf8fb3ab
850966876046e39a0fb2a20cde449e2b027bfbc6
4e76177722cff7661c6bf7cc77b62223a75a62b8238d029001b6a5c25e78a417

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptosoft/css/video-js.css HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_language=no
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 26 Feb 2024 05:10:38 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 15 Mar 2023 08:00:18 GMT
ETag: W/"64117b12-9ed4"
X-Upstream: stavri-***ko
PX-Cache-Status: STALE
X-Server: karen
PX-X-Request-Id: 3a3172bcfc68c632f55934daa3a79ead
PX-IPCountryISO: NO
PX-IPTimestamp: 1708717643 1708924049 1708847211
Content-Encoding: gzip

code.jquery.com/jquery-3.5.1.min.js

151.101.194.137

200 OK

31 kB

URL GET HTTP/2
code.jquery.com/jquery-3.5.1.min.js
IP
151.101.194.137:443
ASN
#54113 FASTLY

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
31 kB (30879 bytes)
Hash
dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

HTTP Headers

GET /jquery-3.5.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d84"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 26 Feb 2024 05:10:38 GMT
age: 10469550
x-served-by: cache-lga13628-LGA, cache-hel1410033-HEL
x-cache: HIT, HIT
x-cache-hits: 32, 1522011
x-timer: S1708924238.076247,VS0,VE0
vary: Accept-Encoding
content-length: 30879
X-Firefox-Spdy: h2

intelligent-money-offers.com/cryptosoft/css/intgrtn.css

193.34.166.179

200 OK

797 B

URL GET HTTP/1.1
intelligent-money-offers.com/cryptosoft/css/intgrtn.css
IP
193.34.166.179:443
ASN
#62370 Snel.com B.V.

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
ASCII text
Size
797 B (797 bytes)
Hash
b10ae1939162249658df712469e9efe0
d458e405d0534d1d3f231102ac658c56cb7ea98e
d8b8dceb0aa4b0196542a7f9377c2b9e41f465d366f61bfffcfa2ca3b5938c50

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptosoft/css/intgrtn.css HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_language=no
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 26 Feb 2024 05:10:38 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 15 Mar 2023 08:00:18 GMT
ETag: W/"64117b12-a43"
X-Upstream: stavri-***ko
PX-Cache-Status: STALE
X-Server: karen
PX-X-Request-Id: 994fd152ec2f2d789b79e5bfde5df95a
PX-IPCountryISO: NO
PX-IPTimestamp: 1708717643 1708924025 1708847211
Content-Encoding: gzip

intelligent-money-offers.com/cryptosoft/css/normalize.css

193.34.166.179

200 OK

949 B

URL GET HTTP/1.1
intelligent-money-offers.com/cryptosoft/css/normalize.css
IP
193.34.166.179:443
ASN
#62370 Snel.com B.V.

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
ASCII text
Size
949 B (949 bytes)
Hash
8f996b212a7a6c10aabac8224e473064
eff200de9c8ba4938457e77082ff8c21c6c82b03
05f12cf34a7189b7e5712de4faa6c68761cca50106276f24cd21cea365ca5f81

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptosoft/css/normalize.css HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_language=no
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 26 Feb 2024 05:10:38 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 15 Mar 2023 08:00:18 GMT
ETag: W/"64117b12-94d"
X-Upstream: stavri-***ko
PX-Cache-Status: STALE
X-Server: karen
PX-X-Request-Id: 28829d43242944ba8634b813aee6a9fc
PX-IPCountryISO: NO
PX-IPTimestamp: 1708717643 1708924025 1708847211
Content-Encoding: gzip

intelligent-money-offers.com/cryptosoft/css/1ststep.css

193.34.166.179

200 OK

699 B

URL GET HTTP/1.1
intelligent-money-offers.com/cryptosoft/css/1ststep.css
IP
193.34.166.179:443
ASN
#62370 Snel.com B.V.

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
ASCII text
Size
699 B (699 bytes)
Hash
db2fb4e58b4fac5a6044270d9e6b5eb7
8031246b12af6421e60ab1604bc1a0aa38992078
a22aa11f308ef08f20cceaf2c63ff1265cfd5413e81b54902909927bd57c517f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptosoft/css/1ststep.css HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_language=no
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 26 Feb 2024 05:10:38 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 15 Mar 2023 08:00:18 GMT
ETag: W/"64117b12-8f0"
X-Upstream: stavri-***ko
PX-Cache-Status: STALE
X-Server: karen
PX-X-Request-Id: ca8cff2f7f9bfbbcd8b58940278bb298
PX-IPCountryISO: NO
PX-IPTimestamp: 1708717643 1708924025 1708847211
Content-Encoding: gzip

intelligent-money-offers.com/cryptosoft/css/components.css

193.34.166.179

200 OK

7.9 kB

URL GET HTTP/1.1
intelligent-money-offers.com/cryptosoft/css/components.css
IP
193.34.166.179:443
ASN
#62370 Snel.com B.V.

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
ASCII text, with very long lines (2586)
Size
7.9 kB (7932 bytes)
Hash
ee8d810926f71f28273101dd78c932ca
9d0c022c3ef0705320a012b8085a24b776e3c4aa
969afdfd47795526460b62c26daed3d8390392229526d66cf0ea58c905f8f74f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptosoft/css/components.css HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_language=no
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 26 Feb 2024 05:10:38 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 15 Mar 2023 08:00:18 GMT
ETag: W/"64117b12-94f8"
X-Upstream: stavri-***ko
PX-Cache-Status: STALE
X-Server: karen
PX-X-Request-Id: 81e149b11912c83480a2ac7a8b520ff5
PX-IPCountryISO: NO
PX-IPTimestamp: 1708717643 1708924025 1708847211
Content-Encoding: gzip

intelligent-money-offers.com/cryptosoft/css/languageSwitcher.css

193.34.166.179

200 OK

1.3 kB

URL GET HTTP/1.1
intelligent-money-offers.com/cryptosoft/css/languageSwitcher.css
IP
193.34.166.179:443
ASN
#62370 Snel.com B.V.

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
ASCII text
Size
1.3 kB (1268 bytes)
Hash
e929a697439b28542d2cbea7c814031b
e94ddb9493a1cb2faff7f85419f867367f4eed0f
ac9a880373ca9cea5af85c91b7d9cd9b8e46ab4d1d714b4abed72c03f7091226

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptosoft/css/languageSwitcher.css HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_language=no
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 26 Feb 2024 05:10:38 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 15 Mar 2023 08:00:18 GMT
ETag: W/"64117b12-142a"
X-Upstream: stavri-***ko
PX-Cache-Status: STALE
X-Server: karen
PX-X-Request-Id: 24fc1d3fa5f7c9aa6b654933679fed02
PX-IPCountryISO: NO
PX-IPTimestamp: 1708717643 1708924025 1708847211
Content-Encoding: gzip

intelligent-money-offers.com/cryptosoft/css/flag-icon.min.css

193.34.166.179

200 OK

2.7 kB

URL GET HTTP/1.1
intelligent-money-offers.com/cryptosoft/css/flag-icon.min.css
IP
193.34.166.179:443
ASN
#62370 Snel.com B.V.

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
ASCII text, with very long lines (62602), with no line terminators
Size
2.7 kB (2664 bytes)
Hash
61483228b4930f192e0758cfd8f5a8a1
1b7cc9afca988f1b0f6cf917527abcc4d7dea8b8
03ee803eb3f0b701467df2dcb7d4923316a55facd77ab8198db43aad5424840e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptosoft/css/flag-icon.min.css HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_language=no
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 26 Feb 2024 05:10:38 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 15 Mar 2023 08:00:18 GMT
ETag: W/"64117b12-f48a"
X-Upstream: stavri-***ko
PX-Cache-Status: STALE
X-Server: karen
PX-X-Request-Id: 49860b3def7cde12d04fb42d22765b02
PX-IPCountryISO: NO
PX-IPTimestamp: 1708717643 1708924049 1708847211
Content-Encoding: gzip

intelligent-money-offers.com/cryptosoft/js/languageSwitcher.js

193.34.166.179

200 OK

296 B

URL GET HTTP/1.1
intelligent-money-offers.com/cryptosoft/js/languageSwitcher.js
IP
193.34.166.179:443
ASN
#62370 Snel.com B.V.

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
JavaScript source, ASCII text
Size
296 B (296 bytes)
Hash
c6441d2b5114993bfa787c4d738de05c
f0396f76fae808d34cf597b5455e548bb3dda4db
079480fd9e1991f10a369440c788b45f3a79769a64e40546b5336a8caffb144e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptosoft/js/languageSwitcher.js HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_language=no
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 26 Feb 2024 05:10:38 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 15 Mar 2023 08:00:18 GMT
ETag: W/"64117b12-40a"
X-Upstream: stavri-***ko
PX-Cache-Status: STALE
X-Server: karen
PX-X-Request-Id: 905da35331bff472bbd925b6f65cf4ea
PX-IPCountryISO: NO
PX-IPTimestamp: 1708717643 1708924049 1708847211
Content-Encoding: gzip

intelligent-money-offers.com/cryptosoft/js/bodymovin_light.min.js

193.34.166.179

200 OK

41 kB

URL GET HTTP/1.1
intelligent-money-offers.com/cryptosoft/js/bodymovin_light.min.js
IP
193.34.166.179:443
ASN
#62370 Snel.com B.V.

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
JavaScript source, ASCII text, with very long lines (1445)
Size
41 kB (41225 bytes)
Hash
5ac6c26b5a3d4e87b6c08efb26977f4f
3d815a65ef6fbcd9e84df5f393f9ab24b58d9393
4e7bf71bcc83214888e177d7c80b42d30d27b2069ae07db1e75913ba2f80d064

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptosoft/js/bodymovin_light.min.js HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_language=no
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 26 Feb 2024 05:10:38 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 15 Mar 2023 08:00:18 GMT
ETag: W/"64117b12-30be4"
X-Upstream: stavri-***ko
PX-Cache-Status: STALE
X-Server: karen
PX-X-Request-Id: ee2e7fc095190d7263f98d9eb37e0bb4
PX-IPCountryISO: NO
PX-IPTimestamp: 1708717643 1708924025 1708847211
Content-Encoding: gzip

fonts.googleapis.com/css?family=Roboto+Condensed:400,700|Roboto:400,400i,700&subset=latin-ext

216.58.207.234

200 OK

1.4 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Roboto+Condensed:400,700|Roboto:400,400i,700&subset=latin-ext
IP
216.58.207.234:443
ASN
#15169 GOOGLE

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint48:72:AA:F2:E2:69:76:76:93:18:78:2B:17:6E:20:5F:DF:87:66:5C
ValidityMon, 05 Feb 2024 08:19:19 GMT - Mon, 29 Apr 2024 08:19:18 GMT

File type
gzip compressed data, max compression
Size
1.4 kB (1352 bytes)
Hash
1d233677e7d2374f7cec13b6cfeb6b3a
76a6c06f1431bd577c7096249e901687e5031a53
af2c1f8b63a32bd23c2b48a77168f22c63b1e40c6e64777d961ed4fdb87426bd

HTTP Headers

GET /css?family=Roboto+Condensed:400,700|Roboto:400,400i,700&subset=latin-ext HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 26 Feb 2024 05:10:38 GMT
date: Mon, 26 Feb 2024 05:10:38 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

intelligent-money-offers.com/cryptosoft/js/video.js

193.34.166.179

200 OK

335 kB

URL GET HTTP/1.1
intelligent-money-offers.com/cryptosoft/js/video.js
IP
193.34.166.179:443
ASN
#62370 Snel.com B.V.

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
JavaScript source, ASCII text, with very long lines (491)
Size
335 kB (335015 bytes)
Hash
9045e3df1785b61657789608f6afa807
0a7ea1b2e2bfc262fcd4acd1023973b78082f5ee
96d3349232417f89dec7f5c26a3872bb542fceaba22361b580b78f6e8d92ef2c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptosoft/js/video.js HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_language=no
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 26 Feb 2024 05:10:38 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 15 Mar 2023 08:00:18 GMT
ETag: W/"64117b12-173a79"
X-Upstream: evlampi-***ko
PX-Cache-Status: STALE
X-Server: karen
PX-X-Request-Id: 417c57b4ad2c3a715b0fde28c70407fa
PX-IPCountryISO: NO
PX-IPTimestamp: 1708717643 1708924025 1708847211
Content-Encoding: gzip

intelligent-money-offers.com/cryptosoft/css/integration.css

193.34.166.179

200 OK

9.1 kB

URL GET HTTP/1.1
intelligent-money-offers.com/cryptosoft/css/integration.css
IP
193.34.166.179:443
ASN
#62370 Snel.com B.V.

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
ASCII text, with very long lines (881)
Size
9.1 kB (9149 bytes)
Hash
161f09fe993a6785d5816b258dc8a4e4
d182de3008ab0e313eb7180559d208b4546fa64e
00d373314c8cfa72afc276cfb004492f298dd77dbe48a7a640711b51aecfd9e6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptosoft/css/integration.css HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_language=no
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 26 Feb 2024 05:10:38 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 15 Mar 2023 08:00:18 GMT
ETag: W/"64117b12-f6c4"
X-Upstream: stavri-***ko
PX-Cache-Status: STALE
X-Server: karen
PX-X-Request-Id: d62b8ca1cbe6df535fa6bd63e0786c95
PX-IPCountryISO: NO
PX-IPTimestamp: 1708717643 1708924025 1708847211
Content-Encoding: gzip

intelligent-money-offers.com/cryptosoft/js/main.js

193.34.166.179

200 OK

2.7 kB

URL GET HTTP/1.1
intelligent-money-offers.com/cryptosoft/js/main.js
IP
193.34.166.179:443
ASN
#62370 Snel.com B.V.

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
JavaScript source, ASCII text, with very long lines (550)
Size
2.7 kB (2723 bytes)
Hash
41ddc03e25896775817e7a426688d4ac
c17d018a0077772c725fd7169c918b9fc354a644
03bcc8aa53336b3a1cb2171972666e7754fc149e911ab68a8b34af0370f0846d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptosoft/js/main.js HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_language=no
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 26 Feb 2024 05:10:38 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 15 Mar 2023 08:00:18 GMT
ETag: W/"64117b12-2589"
X-Upstream: evlampi-***ko
PX-Cache-Status: STALE
X-Server: karen
PX-X-Request-Id: 70ba0eba465e111ae2ad6af0434947e7
PX-IPCountryISO: NO
PX-IPTimestamp: 1708717643 1708924025 1708847211
Content-Encoding: gzip

intelligent-money-offers.com/cryptosoft/js/jquery.min.js

193.34.166.179

200 OK

39 kB

URL GET HTTP/1.1
intelligent-money-offers.com/cryptosoft/js/jquery.min.js
IP
193.34.166.179:443
ASN
#62370 Snel.com B.V.

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
JavaScript source, ASCII text, with very long lines (849)
Size
39 kB (38563 bytes)
Hash
e4ffda65e630968c72c3c2c84a3edd0f
6b5665cc000270f99193c0c95d082229d0133a38
f5443a76ec0301734875e2e007d025b0b64dc8c3bbe34233d6f2fe5d3c983030

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptosoft/js/jquery.min.js HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_language=no
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 26 Feb 2024 05:10:38 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 15 Mar 2023 08:00:18 GMT
ETag: W/"64117b12-243d4"
X-Upstream: evlampi-***ko
PX-Cache-Status: STALE
X-Server: karen
PX-X-Request-Id: 88fa19722648613b8c1628904cd068a5
PX-IPCountryISO: NO
PX-IPTimestamp: 1708717643 1708924025 1708847211
Content-Encoding: gzip

intelligent-money-offers.com/cryptosoft/images/bgpattern.png

193.34.166.179

200 OK

47 kB

URL GET HTTP/1.1
intelligent-money-offers.com/cryptosoft/images/bgpattern.png
IP
193.34.166.179:443
ASN
#62370 Snel.com B.V.

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
PNG image data, 594 x 594, 8-bit grayscale, non-interlaced
Size
47 kB (47224 bytes)
Hash
c1f1b46e1e077e82da94f0d5a2b2d4d9
129c3a2c0417ae0ac69e4f536f4e50418c2191da
2bf9ed9ba13bb6261155bb9243b13e0ae7af6dab2af6e9681fd4338380938eab

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptosoft/images/bgpattern.png HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/css/main.css
Cookie: intgrtn_language=no
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 26 Feb 2024 05:10:38 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 15 Mar 2023 08:00:18 GMT
ETag: W/"64117b12-b9e8"
X-Upstream: evlampi-***ko
PX-Cache-Status: STALE
X-Server: karen
PX-X-Request-Id: d9c95c8140a4c64742aa53cbc3b4bfbe
PX-IPCountryISO: NO
PX-IPTimestamp: 1708717643 1708924025 1708847211
Content-Encoding: gzip

intelligent-money-offers.com/cryptosoft/images/icon_exceptionalsoftware_white.svg

193.34.166.179

200 OK

832 B

URL GET HTTP/1.1
intelligent-money-offers.com/cryptosoft/images/icon_exceptionalsoftware_white.svg
IP
193.34.166.179:443
ASN
#62370 Snel.com B.V.

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
SVG Scalable Vector Graphics image
Size
832 B (832 bytes)
Hash
0e106634e2cc460e44f5b0279b9e27b0
b60c3bac94eb78c12482082979a91fa69ddf26f8
c1c1494e06df0b23bf7153f95b127046661d3abe014af2f9013c256470c19013

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptosoft/images/icon_exceptionalsoftware_white.svg HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_language=no
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 26 Feb 2024 05:10:38 GMT
Content-Type: image/svg+xml
Content-Length: 832
Connection: keep-alive
Last-Modified: Wed, 15 Mar 2023 08:00:18 GMT
ETag: "64117b12-340"
X-Upstream: stavri-***ko
PX-Cache-Status: STALE
X-Server: karen
PX-X-Request-Id: abda2fd56b2ff4493caf5c47ff3cf94c
PX-IPCountryISO: NO
PX-IPTimestamp: 1708717643 1708924049 1708847211
Accept-Ranges: bytes

intelligent-money-offers.com/cryptosoft/images/icon_moneymachine_white.svg

193.34.166.179

200 OK

959 B

URL GET HTTP/1.1
intelligent-money-offers.com/cryptosoft/images/icon_moneymachine_white.svg
IP
193.34.166.179:443
ASN
#62370 Snel.com B.V.

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
SVG Scalable Vector Graphics image
Size
959 B (959 bytes)
Hash
f266ea13f337a62805291e29e9208f08
8e5c600eb9279d9d52f9627094997bd3f1f2882d
360ebe904d3d78de5737af2d81cdda55b91495a105f78e4099338cecea2d3737

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptosoft/images/icon_moneymachine_white.svg HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_language=no
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 26 Feb 2024 05:10:38 GMT
Content-Type: image/svg+xml
Content-Length: 959
Connection: keep-alive
Last-Modified: Wed, 15 Mar 2023 08:00:18 GMT
ETag: "64117b12-3bf"
X-Upstream: stavri-***ko
PX-Cache-Status: STALE
X-Server: karen
PX-X-Request-Id: 5a92cade913fb0cb369c954f9b9f7d20
PX-IPCountryISO: NO
PX-IPTimestamp: 1708717643 1708924025 1708847211
Accept-Ranges: bytes

intelligent-money-offers.com/cryptosoft/images/icon_immediateresults_white.svg

193.34.166.179

200 OK

707 B

URL GET HTTP/1.1
intelligent-money-offers.com/cryptosoft/images/icon_immediateresults_white.svg
IP
193.34.166.179:443
ASN
#62370 Snel.com B.V.

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
SVG Scalable Vector Graphics image
Size
707 B (707 bytes)
Hash
d0aeb5ba411b7dfdc5ec8105fecf4846
8adf5b0252b9dacb552f535f8f962cd99f04f02b
b26aeae0358626b11f7315dd8bf3b6ffa1c5513e6e0bdf88087908edf1a601c4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptosoft/images/icon_immediateresults_white.svg HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_language=no
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 26 Feb 2024 05:10:38 GMT
Content-Type: image/svg+xml
Content-Length: 707
Connection: keep-alive
Last-Modified: Wed, 15 Mar 2023 08:00:18 GMT
ETag: "64117b12-2c3"
X-Upstream: evlampi-***ko
PX-Cache-Status: STALE
X-Server: karen
PX-X-Request-Id: bb42778556af35aad8f53d2d7aa6d84f
PX-IPCountryISO: NO
PX-IPTimestamp: 1708717643 1708924025 1708847211
Accept-Ranges: bytes

cdnjs.cloudflare.com/ajax/libs/flag-icon-css/3.4.6/flags/4x3/no.svg

104.17.25.14

200 OK

179 B

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/flag-icon-css/3.4.6/flags/4x3/no.svg
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
179 B (179 bytes)
Hash
0b41df77e951a30bbfccfd0a3714a1a3
8c71f507dc4e81a37418fa4c5173181ffcace814
c59f156ddd70507f05267dc35e2e4f3e44467b9ef414995abb91589dc486dd6a

HTTP Headers

GET /ajax/libs/flag-icon-css/3.4.6/flags/4x3/no.svg HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 26 Feb 2024 05:10:38 GMT
content-type: image/svg+xml; charset=utf-8
content-length: 179
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e5d-141"
last-modified: Mon, 04 May 2020 16:10:05 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 7773157
expires: Sat, 15 Feb 2025 05:10:38 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u%2FKanGHmqAuO9iPHFDyDBoAZ2ZEce36os5ZFayXPBLAfJzOAMOf7PRhDFww2qNpclA%2BSRney4VC6NIi%2FlV9msg7ZMZyTf5SpmdYh%2FysBLJEYn5lR%2BPF%2B8w52BSnhbF4VhWvtjZuk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 85b5aecc8ff35688-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

intelligent-money-offers.com/cryptosoft/images/usr_dfs44fds.jpg

193.34.166.179

200 OK

4.4 kB

URL GET HTTP/1.1
intelligent-money-offers.com/cryptosoft/images/usr_dfs44fds.jpg
IP
193.34.166.179:443
ASN
#62370 Snel.com B.V.

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 128x128, components 3
Size
4.4 kB (4433 bytes)
Hash
761d259471111e75526a5ca4d1dd9ff9
dad8075b9fed58ffb2f36eb0ded42c8e5dbd985d
20294458f113878646564894023ee91975a021f9e79273f611e009f285aee031

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptosoft/images/usr_dfs44fds.jpg HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_language=no
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 26 Feb 2024 05:10:38 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 15 Mar 2023 08:00:18 GMT
ETag: W/"64117b12-1156"
X-Upstream: evlampi-***ko
PX-Cache-Status: STALE
X-Server: karen
PX-X-Request-Id: fbcca30687035b4684ed41f1175d4c5f
PX-IPCountryISO: NO
PX-IPTimestamp: 1708717643 1708924025 1708847211
Content-Encoding: gzip

intelligent-money-offers.com/cryptosoft/images/logo-p-500.webp

193.34.166.179

200 OK

8.1 kB

URL GET HTTP/1.1
intelligent-money-offers.com/cryptosoft/images/logo-p-500.webp
IP
193.34.166.179:443
ASN
#62370 Snel.com B.V.

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
RIFF (little-endian) data, Web/P image
Size
8.1 kB (8050 bytes)
Hash
5b4485f6681d997dd349531cf71d2dfc
278263cdbd2464565df4b818fca3f6ec9e7e7b97
2b4c3b1882626c009c32305ef9e0c4690dab66c0fcf56a176f22c93a4ecf304e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptosoft/images/logo-p-500.webp HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_language=no
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 26 Feb 2024 05:10:38 GMT
Content-Type: image/webp
Content-Length: 8050
Connection: keep-alive
Last-Modified: Wed, 15 Mar 2023 08:00:18 GMT
ETag: "64117b12-1f72"
X-Upstream: evlampi-***ko
Accept-Ranges: bytes
X-Server: karen
PX-X-Request-Id: 8c6e107ac71778257a09a00d9da7cccc
PX-IPCountryISO: NO
PX-IPTimestamp: 1708717643 1708924025 1708847211

intelligent-money-offers.com/cryptosoft/images/usr_4fsd2gf.jpg

193.34.166.179

200 OK

3.4 kB

URL GET HTTP/1.1
intelligent-money-offers.com/cryptosoft/images/usr_4fsd2gf.jpg
IP
193.34.166.179:443
ASN
#62370 Snel.com B.V.

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 128x128, components 3
Size
3.4 kB (3376 bytes)
Hash
fb890d033d714911141f83a49afac85e
3cd5a5b27d8e089123166902c64303233645235e
006252ba27677f8cb620524557048dd0595df8554a8bf1ea19826c62b97117cb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptosoft/images/usr_4fsd2gf.jpg HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_language=no
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 26 Feb 2024 05:10:38 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 15 Mar 2023 08:00:18 GMT
ETag: W/"64117b12-d31"
X-Upstream: stavri-***ko
PX-Cache-Status: STALE
X-Server: karen
PX-X-Request-Id: 76d2a80e6cea8432454ccf58b9165f6d
PX-IPCountryISO: NO
PX-IPTimestamp: 1708717643 1708924049 1708847211
Content-Encoding: gzip

intelligent-money-offers.com/cryptosoft/images/usr_onjghj403.jpg

193.34.166.179

200 OK

6.9 kB

URL GET HTTP/1.1
intelligent-money-offers.com/cryptosoft/images/usr_onjghj403.jpg
IP
193.34.166.179:443
ASN
#62370 Snel.com B.V.

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 128x128, components 3
Size
6.9 kB (6875 bytes)
Hash
e43140a0279d3c52802ec351188c5998
cf9c4c69764afe134a2e588b28c530b2da4052f7
ad6c7d48950922bb63f22161c4a4cef3924c2fe2e2bc4851c3e24bdd9c69c283

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptosoft/images/usr_onjghj403.jpg HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_language=no
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 26 Feb 2024 05:10:38 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 15 Mar 2023 08:00:18 GMT
ETag: W/"64117b12-1b0d"
X-Upstream: evlampi-***ko
PX-Cache-Status: STALE
X-Server: karen
PX-X-Request-Id: 068e2974981d55242e5c5655529620ce
PX-IPCountryISO: NO
PX-IPTimestamp: 1708717643 1708924025 1708847211
Content-Encoding: gzip

intelligent-money-offers.com/cryptosoft/images/usr_t14csd.jpg

193.34.166.179

200 OK

3.4 kB

URL GET HTTP/1.1
intelligent-money-offers.com/cryptosoft/images/usr_t14csd.jpg
IP
193.34.166.179:443
ASN
#62370 Snel.com B.V.

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 128x128, components 3
Size
3.4 kB (3410 bytes)
Hash
d12d86174be9cb39cb72da25bc8acbce
e9e8e9d87fcfa971c121897d5ef89b5bad5d71c8
86e1bd591516b78418106aedf9b3eb43d87f23a28490ecb3fda8b54176b4a095

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptosoft/images/usr_t14csd.jpg HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_language=no
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 26 Feb 2024 05:10:38 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 15 Mar 2023 08:00:18 GMT
ETag: W/"64117b12-d57"
X-Upstream: stavri-***ko
PX-Cache-Status: STALE
X-Server: karen
PX-X-Request-Id: 4c4c94052d6dbb5c054c7a36fb1eca9b
PX-IPCountryISO: NO
PX-IPTimestamp: 1708717643 1708924025 1708847211
Content-Encoding: gzip

intelligent-money-offers.com/cryptosoft/images/usr_bmjidry4561s.jpg

193.34.166.179

200 OK

6.1 kB

URL GET HTTP/1.1
intelligent-money-offers.com/cryptosoft/images/usr_bmjidry4561s.jpg
IP
193.34.166.179:443
ASN
#62370 Snel.com B.V.

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 128x128, components 3
Size
6.1 kB (6091 bytes)
Hash
5b4cf6f722d859ac293ee0eae7401010
43b5149cf2280ba24f6cfd60ef40ac82602e1497
cfee582443d62cea8d7ae9a86a6d16d8b7a27ed17098944f0d37720f42b8d67c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptosoft/images/usr_bmjidry4561s.jpg HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_language=no
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 26 Feb 2024 05:10:38 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 15 Mar 2023 08:00:18 GMT
ETag: W/"64117b12-17f7"
X-Upstream: evlampi-***ko
PX-Cache-Status: STALE
X-Server: karen
PX-X-Request-Id: 4e8e3e39f0bf4f44cd9bf59d092e3969
PX-IPCountryISO: NO
PX-IPTimestamp: 1708717643 1708924025 1708847211
Content-Encoding: gzip

intelligent-money-offers.com/cryptosoft/images/usr_xcbn8uo0.jpg

193.34.166.179

200 OK

4.6 kB

URL GET HTTP/1.1
intelligent-money-offers.com/cryptosoft/images/usr_xcbn8uo0.jpg
IP
193.34.166.179:443
ASN
#62370 Snel.com B.V.

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 128x128, components 3
Size
4.6 kB (4553 bytes)
Hash
fb4896e64e4b7e474bed3a6e798e3b9f
5b778cc162fa8f7ac9874b609f454db0ecbda1d4
cd461b8779e9275109e3d2af7979e45d4d6b86b2525d78e7d696501378ff6674

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptosoft/images/usr_xcbn8uo0.jpg HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_language=no
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 26 Feb 2024 05:10:38 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 15 Mar 2023 08:00:18 GMT
ETag: W/"64117b12-11d7"
X-Upstream: evlampi-***ko
PX-Cache-Status: STALE
X-Server: karen
PX-X-Request-Id: 122001e06f1912bfe34a5636f9914a4a
PX-IPCountryISO: NO
PX-IPTimestamp: 1708717643 1708924049 1708847211
Content-Encoding: gzip

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint7E:D8:A3:26:76:2A:70:11:A5:C6:42:20:61:35:14:1C:03:F2:35:55
ValidityMon, 05 Feb 2024 08:19:14 GMT - Mon, 29 Apr 2024 08:19:13 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://intelligent-money-offers.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 23 Feb 2024 01:10:21 GMT
expires: Sat, 22 Feb 2025 01:10:21 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
age: 273617
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOkCnqEu92Fr1Mu51xIIzI.woff2

216.58.207.227

200 OK

17 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOkCnqEu92Fr1Mu51xIIzI.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint7E:D8:A3:26:76:2A:70:11:A5:C6:42:20:61:35:14:1C:03:F2:35:55
ValidityMon, 05 Feb 2024 08:19:14 GMT - Mon, 29 Apr 2024 08:19:13 GMT

File type
Web Open Font Format (Version 2), TrueType, length 17368, version 1.0
Size
17 kB (17368 bytes)
Hash
abe083d96b58eb02ada8b7c30d7b09f2
61447d66d13a8c8f4335696777a85c438c46f749
db0424fb67fb52e7e538490240cc7fb9c05aa076333a4968f3dee30b825dabf9

HTTP Headers

GET /s/roboto/v30/KFOkCnqEu92Fr1Mu51xIIzI.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://intelligent-money-offers.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17368
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 23 Feb 2024 01:08:17 GMT
expires: Sat, 22 Feb 2025 01:08:17 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
age: 273741
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint7E:D8:A3:26:76:2A:70:11:A5:C6:42:20:61:35:14:1C:03:F2:35:55
ValidityMon, 05 Feb 2024 08:19:14 GMT - Mon, 29 Apr 2024 08:19:13 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://intelligent-money-offers.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 23 Feb 2024 01:16:35 GMT
expires: Sat, 22 Feb 2025 01:16:35 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
age: 273243
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/robotocondensed/v27/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2

216.58.207.227

200 OK

51 kB

URL GET HTTP/2
fonts.gstatic.com/s/robotocondensed/v27/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint7E:D8:A3:26:76:2A:70:11:A5:C6:42:20:61:35:14:1C:03:F2:35:55
ValidityMon, 05 Feb 2024 08:19:14 GMT - Mon, 29 Apr 2024 08:19:13 GMT

File type
Web Open Font Format (Version 2), TrueType, length 51404, version 1.0
Size
51 kB (51404 bytes)
Hash
b904fcdf1c4c6059fadd6893a7bc7619
f41d1674f02616f03ef77d4e84b3ad8ba28a36fc
517edd119c5b2719e6ac4b30bf1fd864a6395179a41d273c0afc0696e7495d8e

HTTP Headers

GET /s/robotocondensed/v27/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://intelligent-money-offers.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 51404
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 23 Feb 2024 01:32:29 GMT
expires: Sat, 22 Feb 2025 01:32:29 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 18 Oct 2023 17:52:59 GMT
content-type: font/woff2
age: 272289
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

intelligent-money-offers.com/cryptosoft/js/chart.json

193.34.166.179

200 OK

178 kB

URL GET HTTP/1.1
intelligent-money-offers.com/cryptosoft/js/chart.json
IP
193.34.166.179:443
ASN
#62370 Snel.com B.V.

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
JSON text data
Size
178 kB (177754 bytes)
Hash
f94030411655e673ff8e479649e5cc9f
bdf29d8134181b5526bea71ac9fb9fb832290079
3475c36818192aa6077b2c7dd69dfb12c22df9b6d7e7fe13941f1b5973a565fc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptosoft/js/chart.json HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_language=no
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 26 Feb 2024 05:10:38 GMT
Content-Type: application/json
Content-Length: 177754
Connection: keep-alive
Last-Modified: Wed, 15 Mar 2023 08:00:18 GMT
ETag: "64117b12-2b65a"
X-Upstream: evlampi-***ko
Accept-Ranges: bytes
X-Server: karen
PX-X-Request-Id: 621923615de1e58cc459e139abc05e2c
PX-IPCountryISO: NO
PX-IPTimestamp: 1708717643 1708924025 1708847211

intelligent-money-offers.com/intgrtn/api/v1/integration/sdk.js?v=202412651

193.34.166.179

200 OK

50 kB

URL GET HTTP/1.1
intelligent-money-offers.com/intgrtn/api/v1/integration/sdk.js?v=202412651
IP
193.34.166.179:443
ASN
#62370 Snel.com B.V.

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
JavaScript source, ASCII text
Size
50 kB (50381 bytes)
Hash
b74a78a8e492a9b171dab179eeab69fb
6e7fe630cf763a0a45fd77c922d728ad2b386cae
6298f0a9a101a54afa0ed7e7ccd9bb8f6583638f84082c69f5e0e5a2c9961f2e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /intgrtn/api/v1/integration/sdk.js?v=202412651 HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 26 Feb 2024 05:10:38 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 23 Feb 2024 15:25:53 GMT
Vary: Accept-Encoding
ETag: W/"65d8b901-7a2f9"
Expires: Tue, 25 Feb 2025 05:10:38 GMT
Cache-Control: max-age=31536000
Content-Encoding: gzip
X-Server: karen
PX-X-Request-Id: dd9ea4973ebba025864fcabea52d04ef
PX-IPCountryISO: NO
PX-IPTimestamp: 1708717643 1708924025 1708847211
PX-Cache-Status: MISS

intelligent-money-offers.com/intgrtn/api/v1/integration/sdk.css?v=2.66.5

193.34.166.179

200 OK

8.6 kB

URL GET HTTP/1.1
intelligent-money-offers.com/intgrtn/api/v1/integration/sdk.css?v=2.66.5
IP
193.34.166.179:443
ASN
#62370 Snel.com B.V.

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
Unicode text, UTF-8 text
Size
8.6 kB (8555 bytes)
Hash
11551ef44c6dccf85a6287f4bfe11182
d9b25491d60633670c86cf7cd76e0abf858bc360
617a4b507a3a45bc358f56b14d884283ab84e61e8ed5956d4d1684d5130e6b47

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /intgrtn/api/v1/integration/sdk.css?v=2.66.5 HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy; intgrtn_custom2=cne1t3s6n9fs73aolfb0; intgrtn_redirectReturningLead=auto; intgrtn_locale=en-US
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 26 Feb 2024 05:10:39 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 02 Feb 2024 09:51:23 GMT
Vary: Accept-Encoding
ETag: W/"65bcbb1b-14923"
Expires: Sat, 01 Feb 2025 13:28:26 GMT
Cache-Control: max-age=31536000
Content-Encoding: gzip
X-Server: karen
PX-X-Request-Id: c1b1e0d4d582f3c0d519b7ea543a6ff4
PX-IPCountryISO: NO
PX-IPTimestamp: 1708717643 1708924025 1708847211
PX-Cache-Status: HIT

intelligent-money-offers.com/intgrtn/api/v1/projects/agreements.php?type=4&clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy

193.34.166.179

200 OK

1.8 kB

URL GET HTTP/1.1
intelligent-money-offers.com/intgrtn/api/v1/projects/agreements.php?type=4&clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy
IP
193.34.166.179:443
ASN
#62370 Snel.com B.V.

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
JSON text data
Size
1.8 kB (1829 bytes)
Hash
c967a227a8541ea9274d7422c94a8e4b
1aec9c0020aff1e686ab5e6e72d543f21f180bb3
252868edac38d5dcd733085c0c99f2303c3e2ada1c340b1d97ba74650ce64712

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /intgrtn/api/v1/projects/agreements.php?type=4&clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Intgrtn-Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy; intgrtn_custom2=cne1t3s6n9fs73aolfb0; intgrtn_redirectReturningLead=auto; intgrtn_locale=en-US
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 26 Feb 2024 05:10:39 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: accept, origin, content-type, authorization, Cache-Control, X-Requested-With, Intgrtn-Referer
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Encoding: gzip
Vary: Accept-Encoding
X-Server: karen
PX-X-Request-Id: c8b7d0a87a72406c927c6d4dce6a3a55
PX-IPCountryISO: NO
PX-IPTimestamp: 1708717643 1708924049 1708847211

intelligent-money-offers.com/intgrtn/api/v1/projects/details.php?&clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&custom2=cne1t3s6n9fs73aolfb0&language=no

193.34.166.179

200 OK

11 kB

URL GET HTTP/1.1
intelligent-money-offers.com/intgrtn/api/v1/projects/details.php?&clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&custom2=cne1t3s6n9fs73aolfb0&language=no
IP
193.34.166.179:443
ASN
#62370 Snel.com B.V.

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
JSON text data
Size
11 kB (10856 bytes)
Hash
f3f02f30fb6c68326d18460a1139494d
f3f3618f274d7e804f855c1c7dec8b0c2e19a18f
d963f3275d9efdf9d04d6d1abb3a9a366469617742c485de050141bcdbf53b3c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /intgrtn/api/v1/projects/details.php?&clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&custom2=cne1t3s6n9fs73aolfb0&language=no HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Intgrtn-Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy; intgrtn_custom2=cne1t3s6n9fs73aolfb0; intgrtn_redirectReturningLead=auto; intgrtn_locale=en-US
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 26 Feb 2024 05:10:39 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: accept, origin, content-type, authorization, Cache-Control, X-Requested-With, Intgrtn-Referer
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Encoding: gzip
Vary: Accept-Encoding
X-Server: karen
PX-X-Request-Id: 3748fb6a671b5881f31085fef4312ef8
PX-IPCountryISO: NO
PX-IPTimestamp: 1708717643 1708924025 1708847211

intelligent-money-offers.com/cryptosoft/images/favicon-16x16.png

193.34.166.179

200 OK

607 B

URL GET HTTP/1.1
intelligent-money-offers.com/cryptosoft/images/favicon-16x16.png
IP
193.34.166.179:443
ASN
#62370 Snel.com B.V.

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
PNG image data, 16 x 16, 8-bit colormap, non-interlaced
Size
607 B (607 bytes)
Hash
dad80aad35c82d4488c3cd65e0d29bfa
2f5a657d0f2b1e280d7a8248e941007cc9424b47
a610c845fe7c236f0b446b30e9c4872734b9b2c802b4b782c25168373443afb6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptosoft/images/favicon-16x16.png HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_language=no
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 26 Feb 2024 05:10:39 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 15 Mar 2023 08:00:18 GMT
ETag: W/"64117b12-32c"
X-Upstream: stavri-***ko
PX-Cache-Status: STALE
X-Server: karen
PX-X-Request-Id: 952306d1008a3a9d183bf0623e2c9451
PX-IPCountryISO: NO
PX-IPTimestamp: 1708717643 1708924049 1708847211
Content-Encoding: gzip

intelligent-money-offers.com/cryptosoft/images/apple-touch-icon.png

193.34.166.179

200 OK

2.6 kB

URL GET HTTP/1.1
intelligent-money-offers.com/cryptosoft/images/apple-touch-icon.png
IP
193.34.166.179:443
ASN
#62370 Snel.com B.V.

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
PNG image data, 180 x 180, 8-bit colormap, non-interlaced
Size
2.6 kB (2558 bytes)
Hash
5f15b648649d9aa0f2d75d147670ef3f
a09e5f6a59d3886961a9e90e52587fdbae2580c7
e9d5dcf4f42428155f7ed4832d62db9afbe277eb9f63ff70f78d7614f83252f2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptosoft/images/apple-touch-icon.png HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_language=no
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 26 Feb 2024 05:10:39 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 15 Mar 2023 08:00:18 GMT
ETag: W/"64117b12-a08"
X-Upstream: evlampi-***ko
PX-Cache-Status: STALE
X-Server: karen
PX-X-Request-Id: 3305de0e59a5b6cead8440c836df937b
PX-IPCountryISO: NO
PX-IPTimestamp: 1708717643 1708924025 1708847211
Content-Encoding: gzip

intelligent-money-offers.com/intgrtn/api/v1/projects/agreements.php?type=4&clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&locale=en-US

193.34.166.179

200 OK

1.8 kB

URL GET HTTP/1.1
intelligent-money-offers.com/intgrtn/api/v1/projects/agreements.php?type=4&clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&locale=en-US
IP
193.34.166.179:443
ASN
#62370 Snel.com B.V.

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
JSON text data
Size
1.8 kB (1831 bytes)
Hash
acbfb2b0bc440fc03dd992de52c94aa1
6b587d1ee14c6535e12f2088784028b33663ae15
8067d911f2edfc449e191a047d1b9d2e3d862199386ea033b3721c2106d184a7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /intgrtn/api/v1/projects/agreements.php?type=4&clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&locale=en-US HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Intgrtn-Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy; intgrtn_custom2=cne1t3s6n9fs73aolfb0; intgrtn_redirectReturningLead=auto; intgrtn_locale=en-US
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 26 Feb 2024 05:10:39 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: accept, origin, content-type, authorization, Cache-Control, X-Requested-With, Intgrtn-Referer
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Encoding: gzip
Vary: Accept-Encoding
X-Server: karen
PX-X-Request-Id: 2c6cb32a8e0e35e8b7d3c9141b5d0329
PX-IPCountryISO: NO
PX-IPTimestamp: 1708717643 1708924025 1708847211

intelligent-money-offers.com/intgrtn/api/v1/projects/agreements.php?type=4&clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&locale=en-US

193.34.166.179

200 OK

1.8 kB

URL GET HTTP/1.1
intelligent-money-offers.com/intgrtn/api/v1/projects/agreements.php?type=4&clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&locale=en-US
IP
193.34.166.179:443
ASN
#62370 Snel.com B.V.

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
JSON text data
Size
1.8 kB (1834 bytes)
Hash
ec288fc46d763952caacc0da6415d368
9aa4fbb21afe974c71c8f5efc98a42b9466de9f0
b7cd86d46c4e59a8cb5e2ab5f42a4e4a8b69f423bb71bb6a6d9e07312a74afed

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /intgrtn/api/v1/projects/agreements.php?type=4&clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&locale=en-US HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Intgrtn-Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy; intgrtn_custom2=cne1t3s6n9fs73aolfb0; intgrtn_redirectReturningLead=auto; intgrtn_locale=en-US
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 26 Feb 2024 05:10:39 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: accept, origin, content-type, authorization, Cache-Control, X-Requested-With, Intgrtn-Referer
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Encoding: gzip
Vary: Accept-Encoding
X-Server: karen
PX-X-Request-Id: b23e308401e59c2da40869bd2b4017dc
PX-IPCountryISO: NO
PX-IPTimestamp: 1708717643 1708924049 1708847211

intelligent-money-offers.com/intgrtn/api/v1/events/add.php

193.34.166.179

200 OK

162 B

URL POST HTTP/1.1
intelligent-money-offers.com/intgrtn/api/v1/events/add.php
IP
193.34.166.179:443
ASN
#62370 Snel.com B.V.

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
JSON text data
Size
162 B (162 bytes)
Hash
ef095a467f2e21b2bf1f3a8c6b33c947
b7d68f39233a2efb02c4598d06e4ca1851a3b70c
a14a1d3f82ccdd4ac533e5fb3f615963a4c6497b35bb2689175d046dff031bf7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /intgrtn/api/v1/events/add.php HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Intgrtn-Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Content-Length: 92
Origin: https://intelligent-money-offers.com
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy; intgrtn_custom2=cne1t3s6n9fs73aolfb0; intgrtn_redirectReturningLead=auto; intgrtn_locale=en-US
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 26 Feb 2024 05:10:39 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://intelligent-money-offers.com
Access-Control-Allow-Headers: accept, origin, content-type, authorization, Cache-Control, X-Requested-With, Intgrtn-Referer
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Encoding: gzip
Vary: Accept-Encoding
X-Server: karen
PX-X-Request-Id: 60f0f28df30e6a8ead1570a485397297
PX-IPCountryISO: NO
PX-IPTimestamp: 1708717643 1708924025 1708847211

intelligent-money-offers.com/cryptosoft/media/the-cryptosoftware_EN_members.mp4

193.34.166.179

206 Partial Content

1.0 MB

URL GET HTTP/1.1
intelligent-money-offers.com/cryptosoft/media/the-cryptosoftware_EN_members.mp4
IP
193.34.166.179:443
ASN
#62370 Snel.com B.V.

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type
ISO Media, MP4 v2 [ISO 14496-14]
Size
1.0 MB (1048114 bytes)
Hash
682a6fb2b0b0ca8f3b60df5bfe7414e8
f027daf59703762eaf8782025ef0917d11b0aeb5
cc62b9509663dfc458d4754dbf8f720f81f59e6f4ea22cbdafb155ebed84e7b3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptosoft/media/the-cryptosoftware_EN_members.mp4 HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_language=no
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 206 Partial Content
Server: nginx
Date: Mon, 26 Feb 2024 05:10:38 GMT
Content-Type: video/mp4
Content-Length: 56564056
Connection: keep-alive
Last-Modified: Tue, 14 Mar 2023 09:20:42 GMT
ETag: "64103c6a-35f1958"
X-Upstream: stavri-***ko
PX-Cache-Status: STALE
X-Server: karen
PX-X-Request-Id: 31ffb96a994ed519d0b46fab5f3ec7cb
PX-IPCountryISO: NO
PX-IPTimestamp: 1708717643 1708924025 1708847211
Content-Range: bytes 0-56564055/56564056

intelligent-money-offers.com/cryptosoft/media/the-cryptosoftware_EN_members.mp4

0.0.0.0

0 B

URL GET
intelligent-money-offers.com/cryptosoft/media/the-cryptosoftware_EN_members.mp4
IP
0.0.0.0:0
ASN
#0

Requested by
https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Certificate
IssuerLet's Encrypt
Subjectintelligent-money-offers.com
FingerprintA5:C2:25:6B:89:F3:95:58:33:5D:6A:5F:6A:D9:09:F1:81:0B:AB:CD
ValidityTue, 23 Jan 2024 04:52:26 GMT - Mon, 22 Apr 2024 04:52:25 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cryptosoft/media/the-cryptosoftware_EN_members.mp4 HTTP/1.1
Host: intelligent-money-offers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://intelligent-money-offers.com/cryptosoft/?intgrtn_clickID=P4MdpBEGY5Azq6gn0Ok1w5nKEqxvXD3QZob29VaJ7mlKvRjxy&intgrtn_custom2=cne1t3s6n9fs73aolfb0&country=NO&intgrtn_redirectReturningLead=auto
Cookie: intgrtn_language=no
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 206 Partial Content
Server: nginx
Date: Mon, 26 Feb 2024 05:10:39 GMT
Content-Type: video/mp4
Content-Length: 56564056
Connection: keep-alive
Last-Modified: Tue, 14 Mar 2023 09:20:42 GMT
ETag: "64103c6a-35f1958"
X-Upstream: stavri-***ko
PX-Cache-Status: HIT
X-Server: karen
PX-X-Request-Id: d8f12ad1b96c003ca208419ffaa9426e
PX-IPCountryISO: NO
PX-IPTimestamp: 1708717643 1708924025 1708847211
Content-Range: bytes 0-56564055/56564056

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (8)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (49)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP