Report - trk.theonesstoodtheirground.com/15Gxg8

Report Overview

Visited public
2023-11-11 19:30:18
Tags
URL
trk.theonesstoodtheirground.com/15Gxg8
Finishing URL
int.special-trending-news.com/common/content/contentforyou6.php?cc=NO&FTO=true&tn=20&tx=30&affid=250
IP / ASN
206.189.58.138
#14061 DIGITALOCEAN-ASN
Title
RECOMMENDED FOR YOU:

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
trk.theonesstoodtheirground.com	unknown	2023-07-06	2023-07-07 10:58:54	2023-11-11 08:25:41	494 B	790 B	206.189.58.138
int.special-trending-news.com	288919	2022-02-07	2022-02-08 11:50:11	2023-11-11 08:25:41	2.7 kB	48 kB	37.48.80.112
wbidder311072023.com	unknown	2023-07-11	2023-07-12 15:29:52	2023-11-11 08:25:42	1.5 kB	7.0 kB	5.79.69.65
crtv.wboptim.online	11334	2021-07-14	2021-07-15 14:25:21	2023-11-11 08:25:42	3.2 kB	1.1 kB	83.149.73.233

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-11-11	medium	theonesstoodtheirground.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (5)

	URL	From	Size	First Seen	Last Seen
	int.special-trending-news.com/plugin/js/bidder-interval.js	ScriptElement	13 kB	2023-08-17	2023-12-13
Pretty URL int.special-trending-news.com/plugin/js/bidder-interval.js IP 37.48.80.112 ASN #60781 LeaseWeb Netherlands B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-17 19:45 Last Seen2023-12-13 22:47 Times Seen289 Hash 9583a9b64a0a5a4f9d1c24c1c197eda2 bd988c245db64d6f9005217e16caaa31c530a4af 712e09a1a3d15224f15e2e980a60483661ee00f9e8e80535ba79346844fed721 Loading...

	int.special-trending-news.com/common/content/contentforyou6.php?cc=NO&FTO=true&tn=20&tx=30&affid=250	ScriptElement	0 B	0001-01-01	2025-05-02
Pretty URL int.special-trending-news.com/common/content/contentforyou6.php?cc=NO&FTO=true&tn=20&tx=30&affid=250 IP 37.48.80.112 ASN #60781 LeaseWeb Netherlands B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-02 03:32 Times Seen4593601 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	int.special-trending-news.com/common/content/contentforyou6.php?cc=NO&FTO=true&tn=20&tx=30&affid=250	ScriptElement	12 B	2023-03-07	2025-03-23
Pretty URL int.special-trending-news.com/common/content/contentforyou6.php?cc=NO&FTO=true&tn=20&tx=30&affid=250 IP 37.48.80.112 ASN #60781 LeaseWeb Netherlands B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:24 Last Seen2025-03-23 10:22 Times Seen277 Hash 4056f8f22b17deec4ecb8f50922d045f 2cfdb07c3ecc3f9598b991e11e02a6d747f0adba 378dfe650d57555eb571911fc1b746a58216ffa6fa01469b131f08ca28d21d6d Loading...

	int.special-trending-news.com/common/content/contentforyou6.php?cc=NO&FTO=true&tn=20&tx=30&affid=250	ScriptElement	0 B	0001-01-01	2025-05-02
Pretty URL int.special-trending-news.com/common/content/contentforyou6.php?cc=NO&FTO=true&tn=20&tx=30&affid=250 IP 37.48.80.112 ASN #60781 LeaseWeb Netherlands B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-02 03:32 Times Seen4593601 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	int.special-trending-news.com/plugin/js/bidder.js	ScriptElement	18 kB	2023-09-15	2024-08-21
Pretty URL int.special-trending-news.com/plugin/js/bidder.js IP 37.48.80.112 ASN #60781 LeaseWeb Netherlands B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-15 15:02 Last Seen2024-08-21 06:49 Times Seen466 Hash a253e796bf514864ace2bd124873ec4e 3078459738f1e6f3da0882b27d944c7f831269ab b7cf11dee40c04fc7b925441afbf0f43f133e9da2315122b7e47412f7744a103 Loading...

HTTP Transactions (16)

URL IP Response Size

trk.theonesstoodtheirground.com/15Gxg8

206.189.58.138

302 Found

144 B

URL User Request GET HTTP/1.1
trk.theonesstoodtheirground.com/15Gxg8
IP
206.189.58.138:443
ASN
#14061 DIGITALOCEAN-ASN

Certificate
IssuerLet's Encrypt
Subjecttrk.theonesstoodtheirground.com
Fingerprint24:D7:04:75:53:C6:7E:42:B2:8C:4E:E5:C2:C0:71:7C:23:E3:C9:80
ValidityMon, 18 Sep 2023 07:58:39 GMT - Sun, 17 Dec 2023 07:58:38 GMT

File type
HTML document, ASCII text
Size
144 B (144 bytes)
Hash
03bf55808f07d0a00f82bf2fc0d88cb2
9649b590007cb8ea54963c65154dd3630f825cec
1b15bc6cbb691f26f6fdba218ab62044039f2972bf6d4164c7653873599e9425

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /15Gxg8 HTTP/1.1
Host: trk.theonesstoodtheirground.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.25.2
Date: Sat, 11 Nov 2023 19:30:01 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 144
Connection: keep-alive
Location: https://int.special-trending-news.com/common/content/contentforyou6.php?cc=NO&FTO=true&tn=20&tx=30&affid=
Set-Cookie: 15Gxg8o=1; Path=/; Domain=trk.theonesstoodtheirground.com; Max-Age=1699817401; Secure; SameSite=None
pc-cid=ac5fde4cf2790735cfbf7a3e7d64e7f5-4888-1111; Path=/; Domain=trk.theonesstoodtheirground.com; Max-Age=1699817401; Secure; SameSite=None
pc-campaign=15Gxg8; Path=/; Domain=trk.theonesstoodtheirground.com; Max-Age=1699817401; Secure; SameSite=None

int.special-trending-news.com/favicon.ico

37.48.80.112

200 OK

5.4 kB

URL GET HTTP/2
int.special-trending-news.com/favicon.ico
IP
37.48.80.112:443
ASN
#60781 LeaseWeb Netherlands B.V.

Requested by
https://int.special-trending-news.com/common/content/contentforyou6.php?cc=NO&FTO=true&tn=20&tx=30&affid=250
Certificate
IssuerGlobalSign nv-sa
Subject*.special-trending-news.com
FingerprintFE:59:77:20:02:D1:F9:9F:BC:ED:CF:A9:3B:BA:0D:56:BD:AE:A7:18
ValidityMon, 13 Mar 2023 22:28:40 GMT - Sat, 13 Apr 2024 22:28:39 GMT

File type
MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Size
5.4 kB (5430 bytes)
Hash
88edc459abdc8dc4706d0a7c8409b070
9c243408bab07516f123a55909c36fb1a4d2fe86
98e645b894353850a9cac9f488cbda0c867a51f7d3cb1f9b8261bc2c9a888d49

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: int.special-trending-news.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://int.special-trending-news.com/common/content/contentforyou6.php?cc=NO&FTO=true&tn=20&tx=30&affid=250
Cookie: pc=data_1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 11 Nov 2023 19:30:01 GMT
content-type: image/x-icon
content-length: 5430
last-modified: Wed, 17 Oct 2018 08:05:59 GMT
etag: "5bc6ed67-1536"
expires: Mon, 11 Dec 2023 19:30:01 GMT
cache-control: max-age=2592000
x-frame-options: SAMEORIGIN
accept-ranges: bytes
X-Firefox-Spdy: h2

wbidder311072023.com/offer/client?affid=onw_250&subid=undefined&days=8&count=3&adult=undefined&cbjs=1

5.79.69.65

200 OK

1.7 kB

URL GET HTTP/2
wbidder311072023.com/offer/client?affid=onw_250&subid=undefined&days=8&count=3&adult=undefined&cbjs=1
IP
5.79.69.65:443
ASN
#60781 LeaseWeb Netherlands B.V.

Requested by
https://int.special-trending-news.com/common/content/contentforyou6.php?cc=NO&FTO=true&tn=20&tx=30&affid=250
Certificate
IssuerGlobalSign nv-sa
Subject*.wbidder311072023.com
Fingerprint4B:61:9A:96:69:75:A6:F2:7C:E0:DD:B5:24:CE:F9:1E:08:13:B5:6B
ValidityTue, 11 Jul 2023 13:34:13 GMT - Sun, 11 Aug 2024 13:34:12 GMT

File type
gzip compressed data, max speed, from Unix\012- data
Size
1.7 kB (1749 bytes)
Hash
3599453ea6632f916f7f0adfa769a481
8fbc3817ca232035198d6c09deb0fd906ff3d774
e26fac1bf965f9131e0720b94318d65f9dd51664d1944567bee09656abc74a9a

HTTP Headers

GET /offer/client?affid=onw_250&subid=undefined&days=8&count=3&adult=undefined&cbjs=1 HTTP/1.1
Host: wbidder311072023.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://int.special-trending-news.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
vary: Origin,Accept-Encoding
access-control-allow-origin: *
content-type: application/json; charset=utf-8
date: Sat, 11 Nov 2023 19:30:05 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

wbidder311072023.com/offer/client?affid=onw_250&subid=undefined&days=8&cbjs=1

5.79.69.65

200 OK

2.9 kB

URL GET HTTP/2
wbidder311072023.com/offer/client?affid=onw_250&subid=undefined&days=8&cbjs=1
IP
5.79.69.65:443
ASN
#60781 LeaseWeb Netherlands B.V.

Requested by
https://int.special-trending-news.com/common/content/contentforyou6.php?cc=NO&FTO=true&tn=20&tx=30&affid=250
Certificate
IssuerGlobalSign nv-sa
Subject*.wbidder311072023.com
Fingerprint4B:61:9A:96:69:75:A6:F2:7C:E0:DD:B5:24:CE:F9:1E:08:13:B5:6B
ValidityTue, 11 Jul 2023 13:34:13 GMT - Sun, 11 Aug 2024 13:34:12 GMT

File type
gzip compressed data, max speed, from Unix\012- data
Size
2.9 kB (2912 bytes)
Hash
c3b7f37bcdead6f7265d4c18d20fdf90
4415c32f2a2877b426c4ce42c4c8a09781215930
591766a5012d562f62a9324d7e8d7d29b5ad9eda90f0229797ac48f5613ad6f6

HTTP Headers

GET /offer/client?affid=onw_250&subid=undefined&days=8&cbjs=1 HTTP/1.1
Host: wbidder311072023.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://int.special-trending-news.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
vary: Origin,Accept-Encoding
access-control-allow-origin: *
content-type: application/json; charset=utf-8
date: Sat, 11 Nov 2023 19:30:02 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

crtv.wboptim.online/icon?url=&s=2283&a=bid_onw_250&uA=bid_501322&sub=undefined&d=18&ic=1

83.149.73.233

404 Not Found

9 B

URL GET HTTP/2
crtv.wboptim.online/icon?url=&s=2283&a=bid_onw_250&uA=bid_501322&sub=undefined&d=18&ic=1
IP
83.149.73.233:443
ASN
#60781 LeaseWeb Netherlands B.V.

Requested by
https://int.special-trending-news.com/common/content/contentforyou6.php?cc=NO&FTO=true&tn=20&tx=30&affid=250
Certificate
IssuerGlobalSign nv-sa
Subject*.wboptim.online
Fingerprint5B:95:6C:AF:9D:51:BE:8C:EC:9E:36:C8:2D:B9:0E:1C:E8:DE:3F:12
ValidityThu, 10 Aug 2023 08:23:19 GMT - Tue, 10 Sep 2024 08:23:18 GMT

File type
ASCII text, with no line terminators
Size
9 B (9 bytes)
Hash
9e076f5885f5cc16a4b5aeb8de4adff5
475c848673a3f79fa778f01c2bd5a721d4c41707
e3ebaa16dd9d9b9fc107c42183fb6cf9d22927e1af03dbbdfa0ccc38e4e4ac31

HTTP Headers

GET /icon?url=&s=2283&a=bid_onw_250&uA=bid_501322&sub=undefined&d=18&ic=1 HTTP/1.1
Host: crtv.wboptim.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
server: fasthttp
date: Sat, 11 Nov 2023 19:30:07 GMT
content-type: text/plain; charset=utf-8
content-length: 9
X-Firefox-Spdy: h2

crtv.wboptim.online/icon?url=&s=2284&a=bid_onw_250&uA=bid_500313&sub=undefined&d=18&ic=1

83.149.73.233

404 Not Found

9 B

URL GET HTTP/2
crtv.wboptim.online/icon?url=&s=2284&a=bid_onw_250&uA=bid_500313&sub=undefined&d=18&ic=1
IP
83.149.73.233:443
ASN
#60781 LeaseWeb Netherlands B.V.

Requested by
https://int.special-trending-news.com/common/content/contentforyou6.php?cc=NO&FTO=true&tn=20&tx=30&affid=250
Certificate
IssuerGlobalSign nv-sa
Subject*.wboptim.online
Fingerprint5B:95:6C:AF:9D:51:BE:8C:EC:9E:36:C8:2D:B9:0E:1C:E8:DE:3F:12
ValidityThu, 10 Aug 2023 08:23:19 GMT - Tue, 10 Sep 2024 08:23:18 GMT

File type
ASCII text, with no line terminators
Size
9 B (9 bytes)
Hash
9e076f5885f5cc16a4b5aeb8de4adff5
475c848673a3f79fa778f01c2bd5a721d4c41707
e3ebaa16dd9d9b9fc107c42183fb6cf9d22927e1af03dbbdfa0ccc38e4e4ac31

HTTP Headers

GET /icon?url=&s=2284&a=bid_onw_250&uA=bid_500313&sub=undefined&d=18&ic=1 HTTP/1.1
Host: crtv.wboptim.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
server: fasthttp
date: Sat, 11 Nov 2023 19:30:06 GMT
content-type: text/plain; charset=utf-8
content-length: 9
X-Firefox-Spdy: h2

wbidder311072023.com/offer/client?affid=onw_250&subid=undefined&days=8&count=3&adult=undefined&cbjs=1

5.79.69.65

200 OK

1.7 kB

URL GET HTTP/2
wbidder311072023.com/offer/client?affid=onw_250&subid=undefined&days=8&count=3&adult=undefined&cbjs=1
IP
5.79.69.65:443
ASN
#60781 LeaseWeb Netherlands B.V.

Requested by
https://int.special-trending-news.com/common/content/contentforyou6.php?cc=NO&FTO=true&tn=20&tx=30&affid=250
Certificate
IssuerGlobalSign nv-sa
Subject*.wbidder311072023.com
Fingerprint4B:61:9A:96:69:75:A6:F2:7C:E0:DD:B5:24:CE:F9:1E:08:13:B5:6B
ValidityTue, 11 Jul 2023 13:34:13 GMT - Sun, 11 Aug 2024 13:34:12 GMT

File type
gzip compressed data, max speed, from Unix\012- data
Size
1.7 kB (1682 bytes)
Hash
59bf8b450e37e6fa91f6231ded3af916
bc9d65c4f0c47e62175dbcb6be0dfb2942a0326e
db1f33c86072873bc6fc0b6b05c822bf4cdbd8d25b388384ca211349f2f5edd9

HTTP Headers

GET /offer/client?affid=onw_250&subid=undefined&days=8&count=3&adult=undefined&cbjs=1 HTTP/1.1
Host: wbidder311072023.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://int.special-trending-news.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
vary: Origin,Accept-Encoding
access-control-allow-origin: *
content-type: application/json; charset=utf-8
date: Sat, 11 Nov 2023 19:30:08 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

crtv.wboptim.online/icon?url=&s=2284&a=bid_onw_250&uA=bid_500125&sub=undefined&d=18&ic=1

83.149.73.233

404 Not Found

9 B

URL GET HTTP/2
crtv.wboptim.online/icon?url=&s=2284&a=bid_onw_250&uA=bid_500125&sub=undefined&d=18&ic=1
IP
83.149.73.233:443
ASN
#60781 LeaseWeb Netherlands B.V.

Requested by
https://int.special-trending-news.com/common/content/contentforyou6.php?cc=NO&FTO=true&tn=20&tx=30&affid=250
Certificate
IssuerGlobalSign nv-sa
Subject*.wboptim.online
Fingerprint5B:95:6C:AF:9D:51:BE:8C:EC:9E:36:C8:2D:B9:0E:1C:E8:DE:3F:12
ValidityThu, 10 Aug 2023 08:23:19 GMT - Tue, 10 Sep 2024 08:23:18 GMT

File type
ASCII text, with no line terminators
Size
9 B (9 bytes)
Hash
9e076f5885f5cc16a4b5aeb8de4adff5
475c848673a3f79fa778f01c2bd5a721d4c41707
e3ebaa16dd9d9b9fc107c42183fb6cf9d22927e1af03dbbdfa0ccc38e4e4ac31

HTTP Headers

GET /icon?url=&s=2284&a=bid_onw_250&uA=bid_500125&sub=undefined&d=18&ic=1 HTTP/1.1
Host: crtv.wboptim.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
server: fasthttp
date: Sat, 11 Nov 2023 19:30:07 GMT
content-type: text/plain; charset=utf-8
content-length: 9
X-Firefox-Spdy: h2

crtv.wboptim.online/icon?url=&s=2294&a=bid_onw_250&uA=bid_500768&sub=undefined&d=18&ic=1

83.149.73.233

404 Not Found

9 B

URL GET HTTP/2
crtv.wboptim.online/icon?url=&s=2294&a=bid_onw_250&uA=bid_500768&sub=undefined&d=18&ic=1
IP
83.149.73.233:443
ASN
#60781 LeaseWeb Netherlands B.V.

Requested by
https://int.special-trending-news.com/common/content/contentforyou6.php?cc=NO&FTO=true&tn=20&tx=30&affid=250
Certificate
IssuerGlobalSign nv-sa
Subject*.wboptim.online
Fingerprint5B:95:6C:AF:9D:51:BE:8C:EC:9E:36:C8:2D:B9:0E:1C:E8:DE:3F:12
ValidityThu, 10 Aug 2023 08:23:19 GMT - Tue, 10 Sep 2024 08:23:18 GMT

File type
ASCII text, with no line terminators
Size
9 B (9 bytes)
Hash
9e076f5885f5cc16a4b5aeb8de4adff5
475c848673a3f79fa778f01c2bd5a721d4c41707
e3ebaa16dd9d9b9fc107c42183fb6cf9d22927e1af03dbbdfa0ccc38e4e4ac31

HTTP Headers

GET /icon?url=&s=2294&a=bid_onw_250&uA=bid_500768&sub=undefined&d=18&ic=1 HTTP/1.1
Host: crtv.wboptim.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
server: fasthttp
date: Sat, 11 Nov 2023 19:30:11 GMT
content-type: text/plain; charset=utf-8
content-length: 9
X-Firefox-Spdy: h2

crtv.wboptim.online/icon?url=&s=2283&a=bid_onw_250&uA=bid_500141&sub=undefined&d=18&ic=1

83.149.73.233

404 Not Found

0 B

URL GET HTTP/2
crtv.wboptim.online/icon?url=&s=2283&a=bid_onw_250&uA=bid_500141&sub=undefined&d=18&ic=1
IP
83.149.73.233:443
ASN
#60781 LeaseWeb Netherlands B.V.

Requested by
https://int.special-trending-news.com/common/content/contentforyou6.php?cc=NO&FTO=true&tn=20&tx=30&affid=250
Certificate
IssuerGlobalSign nv-sa
Subject*.wboptim.online
Fingerprint5B:95:6C:AF:9D:51:BE:8C:EC:9E:36:C8:2D:B9:0E:1C:E8:DE:3F:12
ValidityThu, 10 Aug 2023 08:23:19 GMT - Tue, 10 Sep 2024 08:23:18 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /icon?url=&s=2283&a=bid_onw_250&uA=bid_500141&sub=undefined&d=18&ic=1 HTTP/1.1
Host: crtv.wboptim.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
server: fasthttp
date: Sat, 11 Nov 2023 19:30:08 GMT
content-type: text/plain; charset=utf-8
content-length: 9
X-Firefox-Spdy: h2

int.special-trending-news.com/plugin/js/bidder-interval.js

37.48.80.112

200 OK

13 kB

URL GET HTTP/2
int.special-trending-news.com/plugin/js/bidder-interval.js
IP
37.48.80.112:443
ASN
#60781 LeaseWeb Netherlands B.V.

Requested by
https://int.special-trending-news.com/common/content/contentforyou6.php?cc=NO&FTO=true&tn=20&tx=30&affid=250
Certificate
IssuerGlobalSign nv-sa
Subject*.special-trending-news.com
FingerprintFE:59:77:20:02:D1:F9:9F:BC:ED:CF:A9:3B:BA:0D:56:BD:AE:A7:18
ValidityMon, 13 Mar 2023 22:28:40 GMT - Sat, 13 Apr 2024 22:28:39 GMT

File type
ASCII text, with very long lines (12996)
Size
13 kB (13045 bytes)
Hash
9583a9b64a0a5a4f9d1c24c1c197eda2
bd988c245db64d6f9005217e16caaa31c530a4af
712e09a1a3d15224f15e2e980a60483661ee00f9e8e80535ba79346844fed721

HTTP Headers

GET /plugin/js/bidder-interval.js HTTP/1.1
Host: int.special-trending-news.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://int.special-trending-news.com/common/content/contentforyou6.php?cc=NO&FTO=true&tn=20&tx=30&affid=250
Cookie: pc=data_1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 11 Nov 2023 19:30:01 GMT
content-type: application/javascript
last-modified: Tue, 15 Aug 2023 13:15:24 GMT
vary: Accept-Encoding
etag: W/"64db7a6c-32f5"
expires: Mon, 11 Dec 2023 19:30:01 GMT
cache-control: max-age=2592000
x-frame-options: SAMEORIGIN
content-encoding: gzip
X-Firefox-Spdy: h2

crtv.wboptim.online/icon?url=&s=2294&a=bid_onw_250&uA=bid_500549&sub=undefined&d=18&ic=1

83.149.73.233

404 Not Found

0 B

URL GET HTTP/2
crtv.wboptim.online/icon?url=&s=2294&a=bid_onw_250&uA=bid_500549&sub=undefined&d=18&ic=1
IP
83.149.73.233:443
ASN
#60781 LeaseWeb Netherlands B.V.

Requested by
https://int.special-trending-news.com/common/content/contentforyou6.php?cc=NO&FTO=true&tn=20&tx=30&affid=250
Certificate
IssuerGlobalSign nv-sa
Subject*.wboptim.online
Fingerprint5B:95:6C:AF:9D:51:BE:8C:EC:9E:36:C8:2D:B9:0E:1C:E8:DE:3F:12
ValidityThu, 10 Aug 2023 08:23:19 GMT - Tue, 10 Sep 2024 08:23:18 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /icon?url=&s=2294&a=bid_onw_250&uA=bid_500549&sub=undefined&d=18&ic=1 HTTP/1.1
Host: crtv.wboptim.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
server: fasthttp
date: Sat, 11 Nov 2023 19:30:07 GMT
content-type: text/plain; charset=utf-8
content-length: 9
X-Firefox-Spdy: h2

int.special-trending-news.com/common/content/contentforyou6.php?cc=NO&FTO=true&tn=20&tx=30&affid=

37.48.80.112

302 Found

5.1 kB

URL User Request GET HTTP/2
int.special-trending-news.com/common/content/contentforyou6.php?cc=NO&FTO=true&tn=20&tx=30&affid=
IP
37.48.80.112:443
ASN
#60781 LeaseWeb Netherlands B.V.

Certificate
IssuerGlobalSign nv-sa
Subject*.special-trending-news.com
FingerprintFE:59:77:20:02:D1:F9:9F:BC:ED:CF:A9:3B:BA:0D:56:BD:AE:A7:18
ValidityMon, 13 Mar 2023 22:28:40 GMT - Sat, 13 Apr 2024 22:28:39 GMT

File type

Size
5.1 kB (5067 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /common/content/contentforyou6.php?cc=NO&FTO=true&tn=20&tx=30&affid= HTTP/1.1
Host: int.special-trending-news.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx
date: Sat, 11 Nov 2023 19:30:01 GMT
content-type: text/html; charset=UTF-8
location: /common/content/contentforyou6.php?cc=NO&FTO=true&tn=20&tx=30&affid=250
x-frame-options: SAMEORIGIN
X-Firefox-Spdy: h2

int.special-trending-news.com/common/content/contentforyou6.php?cc=NO&FTO=true&tn=20&tx=30&affid=250

37.48.80.112

200 OK

5.1 kB

URL User Request GET HTTP/2
int.special-trending-news.com/common/content/contentforyou6.php?cc=NO&FTO=true&tn=20&tx=30&affid=250
IP
37.48.80.112:443
ASN
#60781 LeaseWeb Netherlands B.V.

Certificate
IssuerGlobalSign nv-sa
Subject*.special-trending-news.com
FingerprintFE:59:77:20:02:D1:F9:9F:BC:ED:CF:A9:3B:BA:0D:56:BD:AE:A7:18
ValidityMon, 13 Mar 2023 22:28:40 GMT - Sat, 13 Apr 2024 22:28:39 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (5339), with no line terminators
Size
5.1 kB (5067 bytes)
Hash
ca5763f5bc1e8574d07d001487c1f2ef
a8a5136461b2db1156eed9a841f6355f1932fc73
86eebab641be6eae157dca8c6f7bb7b5025ba6267269e68c7e45b4d6a009e049

HTTP Headers

GET /common/content/contentforyou6.php?cc=NO&FTO=true&tn=20&tx=30&affid=250 HTTP/1.1
Host: int.special-trending-news.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 11 Nov 2023 19:30:01 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: pc=data_1; expires=Mon, 19-Sep-2033 19:30:01 GMT; Max-Age=311040000; path=/
x-frame-options: SAMEORIGIN
content-encoding: gzip
X-Firefox-Spdy: h2

int.special-trending-news.com/plugin/js/bidder.js

37.48.80.112

200 OK

18 kB

URL GET HTTP/2
int.special-trending-news.com/plugin/js/bidder.js
IP
37.48.80.112:443
ASN
#60781 LeaseWeb Netherlands B.V.

Requested by
https://int.special-trending-news.com/common/content/contentforyou6.php?cc=NO&FTO=true&tn=20&tx=30&affid=250
Certificate
IssuerGlobalSign nv-sa
Subject*.special-trending-news.com
FingerprintFE:59:77:20:02:D1:F9:9F:BC:ED:CF:A9:3B:BA:0D:56:BD:AE:A7:18
ValidityMon, 13 Mar 2023 22:28:40 GMT - Sat, 13 Apr 2024 22:28:39 GMT

File type
ASCII text, with very long lines (17775)
Size
18 kB (17827 bytes)
Hash
a253e796bf514864ace2bd124873ec4e
3078459738f1e6f3da0882b27d944c7f831269ab
b7cf11dee40c04fc7b925441afbf0f43f133e9da2315122b7e47412f7744a103

HTTP Headers

GET /plugin/js/bidder.js HTTP/1.1
Host: int.special-trending-news.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://int.special-trending-news.com/common/content/contentforyou6.php?cc=NO&FTO=true&tn=20&tx=30&affid=250
Cookie: pc=data_1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 11 Nov 2023 19:30:01 GMT
content-type: application/javascript
last-modified: Tue, 12 Sep 2023 11:33:53 GMT
vary: Accept-Encoding
etag: W/"65004ca1-45a3"
expires: Mon, 11 Dec 2023 19:30:01 GMT
cache-control: max-age=2592000
x-frame-options: SAMEORIGIN
content-encoding: gzip
X-Firefox-Spdy: h2

crtv.wboptim.online/icon?url=&s=2294&a=bid_onw_250&uA=bid_500066&sub=undefined&d=24&ic=1

83.149.73.233

404 Not Found

0 B

URL GET HTTP/2
crtv.wboptim.online/icon?url=&s=2294&a=bid_onw_250&uA=bid_500066&sub=undefined&d=24&ic=1
IP
83.149.73.233:443
ASN
#60781 LeaseWeb Netherlands B.V.

Requested by
https://int.special-trending-news.com/common/content/contentforyou6.php?cc=NO&FTO=true&tn=20&tx=30&affid=250
Certificate
IssuerGlobalSign nv-sa
Subject*.wboptim.online
Fingerprint5B:95:6C:AF:9D:51:BE:8C:EC:9E:36:C8:2D:B9:0E:1C:E8:DE:3F:12
ValidityThu, 10 Aug 2023 08:23:19 GMT - Tue, 10 Sep 2024 08:23:18 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /icon?url=&s=2294&a=bid_onw_250&uA=bid_500066&sub=undefined&d=24&ic=1 HTTP/1.1
Host: crtv.wboptim.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
server: fasthttp
date: Sat, 11 Nov 2023 19:30:05 GMT
content-type: text/plain; charset=utf-8
content-length: 9
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (16)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by