Report - www.warez-bb.org/login.php?redirect=viewforum.php&f=15&start=0

Report Overview

Visited public
2025-02-25 20:13:07
Tags
URL
www.warez-bb.org/login.php?redirect=viewforum.php&f=15&start=0
Finishing URL
nextpointkaynersave.com/index51.php?flow_id=103&conversion=Xih4RNblVOQ&bid=0.005&campaign=1477682&pubfeed=698566&subid=lateritious-falcon&country=no&city=Oslo&os=Windows+10&browser=FIREFOX_134.0&carrier=Blix+Solutions
IP / ASN
103.224.182.238
#133618 Trellian Pty. Limited
Title
Cloudflare | Web Performance & Security

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
xml.ezmob.com	44484	2004-03-16	2014-12-16	2025-02-19	570 B	377 B	198.134.116.18
nextpointkaynersave.com	unknown	2025-02-05	2025-02-05	2025-02-23	6.0 kB	73 kB	104.21.64.1
dash.cloudflare.com	194042	2009-02-17	2018-05-11	2025-02-18	908 B	15 kB	104.17.110.184
www.warez-bb.org	505404	2022-06-11	2012-06-02	2025-02-05	528 B	331 B	103.224.182.238
ww38.warez-bb.org	unknown	2022-06-11	2022-07-15	2025-02-25	2.8 kB	3.9 kB	76.223.26.96
d38psrni17bvxu.cloudfront.net	unknown	2008-04-25	2022-09-22	2025-02-19	350 B	943 B	54.230.241.226
lycur-trd.com	unknown	2024-12-23	2025-01-27	2025-02-19	1.5 kB	4.0 kB	35.153.58.125

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-02-25	medium	nextpointkaynersave.com	Sinkholed
2025-02-25	medium	nextpointkaynersave.com	Sinkholed
2025-02-25	medium	nextpointkaynersave.com	Sinkholed
2025-02-25	medium	nextpointkaynersave.com	Sinkholed
2025-02-25	medium	nextpointkaynersave.com	Sinkholed
2025-02-25	medium	nextpointkaynersave.com	Sinkholed
2025-02-25	medium	nextpointkaynersave.com	Sinkholed
2025-02-25	medium	nextpointkaynersave.com	Sinkholed
2025-02-25	medium	nextpointkaynersave.com	Sinkholed
2025-02-25	medium	nextpointkaynersave.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (11)

	URL	From	Size	First Seen	Last Seen
	nextpointkaynersave.com/index51.php?flow_id=103&conversion=Xih4RNblVOQ&bid=0.005&campaign=1477682&pubfeed=698566&subid=lateritious-falcon&country=no&city=Oslo&os=Windows+10&browser=FIREFOX_134.0&carrier=Blix+Solutions	ScriptElement	349 B	2023-06-29	2025-04-24
Pretty URL nextpointkaynersave.com/index51.php?flow_id=103&conversion=Xih4RNblVOQ&bid=0.005&campaign=1477682&pubfeed=698566&subid=lateritious-falcon&country=no&city=Oslo&os=Windows+10&browser=FIREFOX_134.0&carrier=Blix+Solutions IP 104.21.64.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-29 03:08 Last Seen2025-04-24 06:21 Times Seen24 Hash fc3bf4ccb65b532799b12396dbbd6e4e c1726ff18f1797ec20f8d22494cb3e3e44eeca47 2a5ab22b3e368ae6ad99904865f55f4dbd4a0c2af2eb5815e0867bb972eb1f5f Loading...

	nextpointkaynersave.com/index51.php?flow_id=103&conversion=Xih4RNblVOQ&bid=0.005&campaign=1477682&pubfeed=698566&subid=lateritious-falcon&country=no&city=Oslo&os=Windows+10&browser=FIREFOX_134.0&carrier=Blix+Solutions	ScriptElement	2.2 kB	2025-01-27	2025-03-14
Pretty URL nextpointkaynersave.com/index51.php?flow_id=103&conversion=Xih4RNblVOQ&bid=0.005&campaign=1477682&pubfeed=698566&subid=lateritious-falcon&country=no&city=Oslo&os=Windows+10&browser=FIREFOX_134.0&carrier=Blix+Solutions IP 104.21.64.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-01-27 19:27 Last Seen2025-03-14 03:49 Times Seen21 Hash 650271701aac4b99437df01af67e8402 288dab84825266e3bf5f74ea887f5220956cd399 93e079b8273246aee256e5ef579c73c6348666fa5bc702221ba2ee076f80751f Loading...

	unknown	ScriptElement	264 B	2025-01-27	2025-03-14
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-27 19:27 Last Seen2025-03-14 03:49 Times Seen21 Hash 2d7277450d65e1acffc12273b5a76eab 2803f14bbc2fc86bb52bbc9a97b89485a35ca422 d2dabc8652fd169ad1af9378b660221daed109ba518b8d5d0e730f3ec17c516c Loading...

	nextpointkaynersave.com/index51.php?flow_id=103&conversion=Xih4RNblVOQ&bid=0.005&campaign=1477682&pubfeed=698566&subid=lateritious-falcon&country=no&city=Oslo&os=Windows+10&browser=FIREFOX_134.0&carrier=Blix+Solutions	ScriptElement	34 B	2024-07-11	2025-05-06
Pretty URL nextpointkaynersave.com/index51.php?flow_id=103&conversion=Xih4RNblVOQ&bid=0.005&campaign=1477682&pubfeed=698566&subid=lateritious-falcon&country=no&city=Oslo&os=Windows+10&browser=FIREFOX_134.0&carrier=Blix+Solutions IP 104.21.64.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-07-11 09:37 Last Seen2025-05-06 13:46 Times Seen1241 Hash 7a3157df84574c7db4e6452e8d99d3f6 4cc8720cfd1f4cab01724b5c0002060659d50f72 7ced21ea74954a0e9018eb4492acf135ca5ef6224b817c5f0812532786eeb565 Loading...

	nextpointkaynersave.com/index51.php?flow_id=103&conversion=Xih4RNblVOQ&bid=0.005&campaign=1477682&pubfeed=698566&subid=lateritious-falcon&country=no&city=Oslo&os=Windows+10&browser=FIREFOX_134.0&carrier=Blix+Solutions	ScriptElement	174 B	2024-10-03	2025-03-14
Pretty URL nextpointkaynersave.com/index51.php?flow_id=103&conversion=Xih4RNblVOQ&bid=0.005&campaign=1477682&pubfeed=698566&subid=lateritious-falcon&country=no&city=Oslo&os=Windows+10&browser=FIREFOX_134.0&carrier=Blix+Solutions IP 104.21.64.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-10-03 02:29 Last Seen2025-03-14 03:49 Times Seen24 Hash 71748571baf4ad9e6004de735d819dd8 a8957bb520d7c6a449860943802d7d41c111202d fac4a4431ad806c05bc1808d9167f5c167c9ea2fd0f00007a151f8e4cc185f41 Loading...

	nextpointkaynersave.com/cdn-cgi/challenge-platform/scripts/jsd/main.js	ScriptElement	8.5 kB	2025-02-25	2025-02-25
Pretty URL nextpointkaynersave.com/cdn-cgi/challenge-platform/scripts/jsd/main.js IP 104.21.64.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-02-25 20:13 Last Seen2025-02-25 20:13 Times Seen1 Hash 7c18432c4f2ad065b4f66d2689c5ad12 6024674defab21643a102a22662f45e4e998946b d95c46bade1dd520248ae7240c55ca68461904141b058b36a3c90cb2175c6b2f Loading...

	nextpointkaynersave.com/Cloudflare%20_%20Web%20Performance%20&%20Security_files/saved_resource.html	ScriptElement	393 B	2023-04-05	2025-03-02
Pretty URL nextpointkaynersave.com/Cloudflare%20_%20Web%20Performance%20&%20Security_files/saved_resource.html IP 104.21.64.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-05 04:39 Last Seen2025-03-02 06:13 Times Seen143291 Hash 34ad0a116707d3b794129a6720af92d7 424de9dbb8bc774e2a2d4ade100d90f5ac0ecbf4 d011a9449a990f2086894be870adc6fbb53595dc593b410a83e45e40bfbc7262 Loading...

	nextpointkaynersave.com/index51.php?flow_id=103&conversion=Xih4RNblVOQ&bid=0.005&campaign=1477682&pubfeed=698566&subid=lateritious-falcon&country=no&city=Oslo&os=Windows+10&browser=FIREFOX_134.0&carrier=Blix+Solutions	ScriptElement	120 B	2024-10-03	2025-03-14
Pretty URL nextpointkaynersave.com/index51.php?flow_id=103&conversion=Xih4RNblVOQ&bid=0.005&campaign=1477682&pubfeed=698566&subid=lateritious-falcon&country=no&city=Oslo&os=Windows+10&browser=FIREFOX_134.0&carrier=Blix+Solutions IP 104.21.64.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-10-03 02:29 Last Seen2025-03-14 03:49 Times Seen24 Hash f658ddd9442aae43644636b2b025089c ae07c3a6e9cd5a85e3438c42e107b3128c03d5cb 485cdd259996ef1e6dc23fe8d65e32588b91e1513874ca1c242f44734eb23448 Loading...

	nextpointkaynersave.com/index51.php?flow_id=103&conversion=Xih4RNblVOQ&bid=0.005&campaign=1477682&pubfeed=698566&subid=lateritious-falcon&country=no&city=Oslo&os=Windows+10&browser=FIREFOX_134.0&carrier=Blix+Solutions	ScriptElement	1.9 kB	2024-10-03	2025-03-14
Pretty URL nextpointkaynersave.com/index51.php?flow_id=103&conversion=Xih4RNblVOQ&bid=0.005&campaign=1477682&pubfeed=698566&subid=lateritious-falcon&country=no&city=Oslo&os=Windows+10&browser=FIREFOX_134.0&carrier=Blix+Solutions IP 104.21.64.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-10-03 02:29 Last Seen2025-03-14 03:49 Times Seen24 Hash 96775fec8c1b4d07c6def9fddc11b5dd fbce9748d47aa1b2543a9bce98bb3314cd3730c5 62a9793de19de480214f96af6189c2851c9731e58ec77d0e681c33c851a4eafa Loading...

	unknown	ScriptElement	34 B	2024-07-11	2025-05-06
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-07-11 09:37 Last Seen2025-05-06 13:46 Times Seen1241 Hash 7a3157df84574c7db4e6452e8d99d3f6 4cc8720cfd1f4cab01724b5c0002060659d50f72 7ced21ea74954a0e9018eb4492acf135ca5ef6224b817c5f0812532786eeb565 Loading...

	nextpointkaynersave.com/index51.php?flow_id=103&conversion=Xih4RNblVOQ&bid=0.005&campaign=1477682&pubfeed=698566&subid=lateritious-falcon&country=no&city=Oslo&os=Windows+10&browser=FIREFOX_134.0&carrier=Blix+Solutions	ScriptElement	988 B	2025-01-27	2025-03-14
Pretty URL nextpointkaynersave.com/index51.php?flow_id=103&conversion=Xih4RNblVOQ&bid=0.005&campaign=1477682&pubfeed=698566&subid=lateritious-falcon&country=no&city=Oslo&os=Windows+10&browser=FIREFOX_134.0&carrier=Blix+Solutions IP 104.21.64.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-01-27 19:27 Last Seen2025-03-14 03:49 Times Seen21 Hash 4835df1f202ed8ddcef91aa6b2645d92 4226a879634f8e99d50ce19548f7a082c0efbb06 c42ca7da40e1e470dc6fd66e64a32b23ad6900aad22617646d37fc91128819cf Loading...

HTTP Transactions (22)

URL IP Response Size

www.warez-bb.org/login.php?redirect=viewforum.php&f=15&start=0

103.224.182.238

302 Found

2 B

URL
www.warez-bb.org/login.php?redirect=viewforum.php&f=15&start=0
IP
103.224.182.238:0
ASN
#133618 Trellian Pty. Limited

File type
ASCII text
Size
2 B (2 bytes)
Hash
e1c06d85ae7b8b032bef47e42e4c08f9
71853c6197a6a7f222db0f1978c7cb232b87c5ee
75a11da44c802486bc6f65640aa48a730f0f684c5c07a42ba3cd1735eb3fb070

HTTP Headers

GET /login.php?redirect=viewforum.php&f=15&start=0 HTTP/1.1
Host: www.warez-bb.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
date: Tue, 25 Feb 2025 20:12:37 GMT
server: Apache
set-cookie: __tad=1740514357.8704813; expires=Fri, 23-Feb-2035 20:12:37 GMT; Max-Age=315360000
location: http://ww38.warez-bb.org/login.php?redirect=viewforum.php&f=15&start=0
content-length: 2
content-type: text/html; charset=UTF-8
connection: close

ww38.warez-bb.org/login.php?redirect=viewforum.php&f=15&start=0

76.223.26.96

200 OK

1.3 kB

URL
ww38.warez-bb.org/login.php?redirect=viewforum.php&f=15&start=0
IP
76.223.26.96:0
ASN
#16509 AMAZON-02

File type
HTML document, ASCII text, with very long lines (377)
Size
1.3 kB (1339 bytes)
Hash
1a01f80214c239eb735a34381330144c
daa658bfe2caf6e7f2eeb3a1c479797a2cf91016
31c7931457d830fe879e42489f59b17058743f70e2fe6753befa28460905718f

HTTP Headers

GET /login.php?redirect=viewforum.php&f=15&start=0 HTTP/1.1
Host: ww38.warez-bb.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ch: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-Ch-Lifetime: 30
Content-Encoding: gzip
Content-Length: 1339
Content-Type: text/html; charset=UTF-8
Date: Tue, 25 Feb 2025 20:12:38 GMT
Server: Caddy, nginx
Vary: Accept-Encoding
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_aYwv0Xitdpht2pIzrjIW1nlTWiw0Wro8z/rabt9h98pWgteC2hFzHg+BHsrZkOP3ZuL6Mrdt2F00Oq+mHQiLqw==
X-Buckets: bucket011,bucket088
X-Domain: warez-bb.org
X-Language: norwegian
X-Pcrew-Blocked-Reason: hosting network
X-Pcrew-Ip-Organization: Blix Solutions
X-Redirect: zeropark_zeroclick
X-Subdomain: ww38
X-Template: tpl_CleanPeppermintBlack_twoclick

d38psrni17bvxu.cloudfront.net/scripts/js3.js

54.230.241.226

200 OK

453 B

URL
d38psrni17bvxu.cloudfront.net/scripts/js3.js
IP
54.230.241.226:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (475)
Size
453 B (453 bytes)
Hash
f0efa0cdd18cbb4afaf3ba408af8d9c9
7bd63f94c5356df9b7c49344459a6e527490c458
1ea543e1c0e8e7656a0846a397055ed10469c05c5ab555076f850df0b557d3f9

HTTP Headers

GET /scripts/js3.js HTTP/1.1
Host: d38psrni17bvxu.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww38.warez-bb.org/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
Content-Length: 453
Connection: keep-alive
Server: nginx
Date: Tue, 25 Feb 2025 00:34:14 GMT
Content-Encoding: gzip
Last-Modified: Wed, 29 Jan 2025 07:52:18 GMT
ETag: "d7ee6y3j8oz5uy-gzip"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: ye1Tcf-oJ35wmo4C_P8yDaSpbZ9dXAG5WOjuQi7RvXSxyUrH4G3XNA==
Age: 70704

ww38.warez-bb.org/munin/a/tr/browserjs?domain=warez-bb.org&toggle=browserjs&uid=MTc0MDUxNDM1Ny44NDI2OmYzYjQ5M2YyNzc1ZTJmYzI1Y2ZhOWIwYmNlNDBiZDJlNWI3ZDhhNDMxMzI2MGVjNzg2ZGE4MmIwYThiYTA1ZDk6NjdiZTI0MzVjZGI5Ng%3D%3D

76.223.26.96

200 OK

0 B

URL
ww38.warez-bb.org/munin/a/tr/browserjs?domain=warez-bb.org&toggle=browserjs&uid=MTc0MDUxNDM1Ny44NDI2OmYzYjQ5M2YyNzc1ZTJmYzI1Y2ZhOWIwYmNlNDBiZDJlNWI3ZDhhNDMxMzI2MGVjNzg2ZGE4MmIwYThiYTA1ZDk6NjdiZTI0MzVjZGI5Ng%3D%3D
IP
76.223.26.96:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /munin/a/tr/browserjs?domain=warez-bb.org&toggle=browserjs&uid=MTc0MDUxNDM1Ny44NDI2OmYzYjQ5M2YyNzc1ZTJmYzI1Y2ZhOWIwYmNlNDBiZDJlNWI3ZDhhNDMxMzI2MGVjNzg2ZGE4MmIwYThiYTA1ZDk6NjdiZTI0MzVjZGI5Ng%3D%3D HTTP/1.1
Host: ww38.warez-bb.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww38.warez-bb.org/login.php?redirect=viewforum.php&f=15&start=0
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ch: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-Ch-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Tue, 25 Feb 2025 20:12:39 GMT
Server: Caddy, nginx
X-Custom-Track: browserjs

ww38.warez-bb.org/munin/a/ls?t=67be2436&token=30bc12a71046d6474e99a8efecee09bc174fae30

76.223.26.96

201 Created

0 B

URL
ww38.warez-bb.org/munin/a/ls?t=67be2436&token=30bc12a71046d6474e99a8efecee09bc174fae30
IP
76.223.26.96:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /munin/a/ls?t=67be2436&token=30bc12a71046d6474e99a8efecee09bc174fae30 HTTP/1.1
Host: ww38.warez-bb.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww38.warez-bb.org/login.php?redirect=viewforum.php&f=15&start=0
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 201 Created
Accept-Ch: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-Ch-Lifetime: 30
Access-Control-Allow-Methods: POST, OPTIONS
Access-Control-Allow-Origin: 
Access-Control-Max-Age: 86400
Charset: utf-8
Content-Length: 0
Content-Type: text/javascript;charset=UTF-8
Date: Tue, 25 Feb 2025 20:12:39 GMT
Server: Caddy, nginx
Status: 201 Created
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_GooAw39nFhigUuvdNE8rWI0v1IrcIHbRHQnp2yt3IT5uI+9MQC/hh/Gjq8e/G46/6yx+SuPhQWc3wFTNrkusrA==
X-Log-Success: 67be2437bcfaaac38606b804

ww38.warez-bb.org/favicon.ico

76.223.26.96

200 OK

0 B

URL
ww38.warez-bb.org/favicon.ico
IP
76.223.26.96:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: ww38.warez-bb.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww38.warez-bb.org/login.php?redirect=viewforum.php&f=15&start=0
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Length: 0
Content-Type: image/x-icon
Date: Tue, 25 Feb 2025 20:12:39 GMT
Etag: "670f7248-0"
Last-Modified: Wed, 16 Oct 2024 07:59:04 GMT
Server: Caddy, nginx

ww38.warez-bb.org/munin/a/tr/click?click=fe03a6efc0b1f8c98a7ed594f747b7faf4b75755&domain=warez-bb.org&uid=MTc0MDUxNDM1Ny44NDI2OmYzYjQ5M2YyNzc1ZTJmYzI1Y2ZhOWIwYmNlNDBiZDJlNWI3ZDhhNDMxMzI2MGVjNzg2ZGE4MmIwYThiYTA1ZDk6NjdiZTI0MzVjZGI5Ng%3D%3D&ts=fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTEsYnVja2V0MDg4fHx8fHx8NjdiZTI0MzVjZGI3OXx8fDE3NDA1MTQzNTguMTI0N3w2NTY0NjBmNGZhYWFhY2EwNmZmOGM4NmM5M2E1YTliY2NlNzQ3NDM3fHx8fHwxfHwwfDB8fHx8MXx8fHx8MHwwfHx8fHx8fHx8fDB8MHx8MHx8fDB8MHxXMTA9fHwxfFcxMD18MzBiYzEyYTcxMDQ2ZDY0NzRlOTlhOGVmZWNlZTA5YmMxNzRmYWUzMHwwfHwwfDB8fHx8fA%3D%3D&kw=&search=&pcat=&bucket=&clientID=&adtest=off

13.248.148.254

200 OK

0 B

URL
ww38.warez-bb.org/munin/a/tr/click?click=fe03a6efc0b1f8c98a7ed594f747b7faf4b75755&domain=warez-bb.org&uid=MTc0MDUxNDM1Ny44NDI2OmYzYjQ5M2YyNzc1ZTJmYzI1Y2ZhOWIwYmNlNDBiZDJlNWI3ZDhhNDMxMzI2MGVjNzg2ZGE4MmIwYThiYTA1ZDk6NjdiZTI0MzVjZGI5Ng%3D%3D&ts=fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTEsYnVja2V0MDg4fHx8fHx8NjdiZTI0MzVjZGI3OXx8fDE3NDA1MTQzNTguMTI0N3w2NTY0NjBmNGZhYWFhY2EwNmZmOGM4NmM5M2E1YTliY2NlNzQ3NDM3fHx8fHwxfHwwfDB8fHx8MXx8fHx8MHwwfHx8fHx8fHx8fDB8MHx8MHx8fDB8MHxXMTA9fHwxfFcxMD18MzBiYzEyYTcxMDQ2ZDY0NzRlOTlhOGVmZWNlZTA5YmMxNzRmYWUzMHwwfHwwfDB8fHx8fA%3D%3D&kw=&search=&pcat=&bucket=&clientID=&adtest=off
IP
13.248.148.254:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /munin/a/tr/click?click=fe03a6efc0b1f8c98a7ed594f747b7faf4b75755&domain=warez-bb.org&uid=MTc0MDUxNDM1Ny44NDI2OmYzYjQ5M2YyNzc1ZTJmYzI1Y2ZhOWIwYmNlNDBiZDJlNWI3ZDhhNDMxMzI2MGVjNzg2ZGE4MmIwYThiYTA1ZDk6NjdiZTI0MzVjZGI5Ng%3D%3D&ts=fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTEsYnVja2V0MDg4fHx8fHx8NjdiZTI0MzVjZGI3OXx8fDE3NDA1MTQzNTguMTI0N3w2NTY0NjBmNGZhYWFhY2EwNmZmOGM4NmM5M2E1YTliY2NlNzQ3NDM3fHx8fHwxfHwwfDB8fHx8MXx8fHx8MHwwfHx8fHx8fHx8fDB8MHx8MHx8fDB8MHxXMTA9fHwxfFcxMD18MzBiYzEyYTcxMDQ2ZDY0NzRlOTlhOGVmZWNlZTA5YmMxNzRmYWUzMHwwfHwwfDB8fHx8fA%3D%3D&kw=&search=&pcat=&bucket=&clientID=&adtest=off HTTP/1.1
Host: ww38.warez-bb.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww38.warez-bb.org/login.php?redirect=viewforum.php&f=15&start=0
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ch: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-Ch-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Tue, 25 Feb 2025 20:12:39 GMT
Server: Caddy, nginx
X-Custom-Track: none
X-View-Match: true

lycur-trd.com/zclkvisitor/dbda89d3-f3b4-11ef-9d9a-0afff0b5d1db/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=6008dcc0-5fa9-11ef-9cc7-12832fc4c381

35.153.58.125

200 OK

3.1 kB

URL
lycur-trd.com/zclkvisitor/dbda89d3-f3b4-11ef-9d9a-0afff0b5d1db/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=6008dcc0-5fa9-11ef-9cc7-12832fc4c381
IP
35.153.58.125:0
ASN
#14618 AMAZON-AES

File type
HTML document, ASCII text, with very long lines (409)
Size
3.1 kB (3088 bytes)
Hash
e4c03eb5a2e997f3f1b902c38f1df13c
818e3909061479b63a7bf2014315411bcddf41d3
0daee95f38ff03c323395ffe8d15e0b6c1aa8867d87fec4425a58870372f7225

HTTP Headers

GET /zclkvisitor/dbda89d3-f3b4-11ef-9d9a-0afff0b5d1db/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=6008dcc0-5fa9-11ef-9cc7-12832fc4c381 HTTP/1.1
Host: lycur-trd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ww38.warez-bb.org/
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 25 Feb 2025 20:12:39 GMT
content-type: text/html;charset=UTF-8
content-length: 3088
cache-control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
access-control-allow-origin: *
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-headers: X-Requested-With,Content-Type
X-Firefox-Spdy: h2

lycur-trd.com/zclkredirect?visitid=dbda89d3-f3b4-11ef-9d9a-0afff0b5d1db&type=js&browserWidth=1280&browserHeight=1024&iframeDetected=false&webdriverDetected=false&gpu=undefined&timezone=UTC%2B00%3A00&timezoneName=UTC

35.153.58.125

302 Found

0 B

URL User Request GET HTTP/2
lycur-trd.com/zclkredirect?visitid=dbda89d3-f3b4-11ef-9d9a-0afff0b5d1db&type=js&browserWidth=1280&browserHeight=1024&iframeDetected=false&webdriverDetected=false&gpu=undefined&timezone=UTC%2B00%3A00&timezoneName=UTC
IP
35.153.58.125:443
ASN
#14618 AMAZON-AES

Certificate
IssuerAmazon
Subjectlycur-trd.com
Fingerprint84:A3:09:30:78:CA:23:5F:5A:7F:72:5A:68:8A:03:C2:5A:19:59:2B
ValidityThu, 23 Jan 2025 00:00:00 GMT - Sat, 21 Feb 2026 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /zclkredirect?visitid=dbda89d3-f3b4-11ef-9d9a-0afff0b5d1db&type=js&browserWidth=1280&browserHeight=1024&iframeDetected=false&webdriverDetected=false&gpu=undefined&timezone=UTC%2B00%3A00&timezoneName=UTC HTTP/1.1
Host: lycur-trd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lycur-trd.com/zclkvisitor/dbda89d3-f3b4-11ef-9d9a-0afff0b5d1db/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=6008dcc0-5fa9-11ef-9cc7-12832fc4c381
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
date: Tue, 25 Feb 2025 20:12:39 GMT
content-length: 0
location: https://xml.ezmob.com/redirect?feed=698566&auth=VnrBuF&subid=lateritious-falcon
cache-control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
access-control-allow-origin: *
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-headers: X-Requested-With,Content-Type
X-Firefox-Spdy: h2

xml.ezmob.com/redirect?feed=698566&auth=VnrBuF&subid=lateritious-falcon

198.134.116.18

302 Found

0 B

URL User Request GET HTTP/1.1
xml.ezmob.com/redirect?feed=698566&auth=VnrBuF&subid=lateritious-falcon
IP
198.134.116.18:443
ASN
#27257 WEBAIR-INTERNET

Certificate
IssuerLet's Encrypt
Subjectezmob.com
Fingerprint55:3A:2D:E3:86:FB:B8:E7:A5:DB:18:6D:B4:5C:07:2E:12:0F:A5:A0
ValidityMon, 27 Jan 2025 07:41:25 GMT - Sun, 27 Apr 2025 07:41:24 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=698566&auth=VnrBuF&subid=lateritious-falcon HTTP/1.1
Host: xml.ezmob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lycur-trd.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Tue, 25 Feb 2025 20:12:40 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Location: https://nextpointkaynersave.com/index51.php?flow_id=103&conversion=Xih4RNblVOQ&bid=0.005&campaign=1477682&pubfeed=698566&subid=lateritious-falcon&country=no&city=Oslo&os=Windows+10&browser=FIREFOX_134.0&carrier=Blix+Solutions

nextpointkaynersave.com/cdn-cgi/challenge-platform/scripts/jsd/main.js

104.21.64.1

302 Found

0 B

URL GET HTTP/3
nextpointkaynersave.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
IP
104.21.64.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nextpointkaynersave.com/index51.php?flow_id=103&conversion=Xih4RNblVOQ&bid=0.005&campaign=1477682&pubfeed=698566&subid=lateritious-falcon&country=no&city=Oslo&os=Windows+10&browser=FIREFOX_134.0&carrier=Blix+Solutions
Certificate
IssuerGoogle Trust Services
Subjectnextpointkaynersave.com
Fingerprint00:91:A1:24:2B:14:DC:C4:B7:B4:4B:E6:06:FE:AB:7C:6F:88:D5:98
ValidityWed, 05 Feb 2025 11:21:34 GMT - Tue, 06 May 2025 12:19:40 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: nextpointkaynersave.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
date: Tue, 25 Feb 2025 20:12:41 GMT
content-length: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q8nsnX%2FrUPMNcKgWPYrwlFWkOUw%2BSqOgDsMKsMbBcSzk2Jz%2B74vQKZuEwsOcB%2F74N1Sa9ZZcJZQ5qbBkR7iwzYQox5C0WC2uzz%2BvXYTdsh2AvE9zSlvK9%2B5VnjvjIlUorG0j%2BVDWIXNAaA%3D%3D"}],"group":"cf-nel","max_age":604800}
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/b0e4a89976ce/main.js?
cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public
access-control-allow-origin: *
cf-ray: 917a5a04d9e91bfa-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400

nextpointkaynersave.com/Cloudflare%20_%20Web%20Performance%20&%20Security_files/saved_resource.html

104.21.64.1

520 No Reason Phrase

7.2 kB

URL GET HTTP/3
nextpointkaynersave.com/Cloudflare%20_%20Web%20Performance%20&%20Security_files/saved_resource.html
IP
104.21.64.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nextpointkaynersave.com/index51.php?flow_id=103&conversion=Xih4RNblVOQ&bid=0.005&campaign=1477682&pubfeed=698566&subid=lateritious-falcon&country=no&city=Oslo&os=Windows+10&browser=FIREFOX_134.0&carrier=Blix+Solutions
Certificate
IssuerGoogle Trust Services
Subjectnextpointkaynersave.com
Fingerprint00:91:A1:24:2B:14:DC:C4:B7:B4:4B:E6:06:FE:AB:7C:6F:88:D5:98
ValidityWed, 05 Feb 2025 11:21:34 GMT - Tue, 06 May 2025 12:19:40 GMT

File type
HTML document, ASCII text, with very long lines (525)
Size
7.2 kB (7227 bytes)
Hash
23b1732e2460d13eff2a9781aa514e96
e8e762d5c535387cf6630aeb2085738c00cab61c
6c78c0e5abfb8e82358ed6eb1ed1829c9747ca0bfebb1b0232a6133cff5ced74

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Cloudflare%20_%20Web%20Performance%20&%20Security_files/saved_resource.html HTTP/1.1
Host: nextpointkaynersave.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nextpointkaynersave.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 520 No Reason Phrase
date: Tue, 25 Feb 2025 20:12:41 GMT
content-type: text/html; charset=UTF-8
referrer-policy: same-origin
cf-ray: 917a5a0499e61bfa-OSL
server: cloudflare
content-length: 7227
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PWQ0V7sp0iBCB5nNbFX9c4u%2Bezvm8dQHW%2BOZoutWWnRhQvRh1Ft1f77dMn%2FNJJL%2Bmg%2BhzIEb5U6w6WdbvOgyrnAm1GGbdQFRqKGgsA%2Bix34MUdJ7PEcZ3je8Wm51pLh%2BvqKvgL9JDEKTKw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=86400

nextpointkaynersave.com/cdn-cgi/styles/main.css

104.21.64.1

200 OK

3.1 kB

URL GET HTTP/3
nextpointkaynersave.com/cdn-cgi/styles/main.css
IP
104.21.64.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nextpointkaynersave.com/Cloudflare%20_%20Web%20Performance%20&%20Security_files/saved_resource.html
Certificate
IssuerGoogle Trust Services
Subjectnextpointkaynersave.com
Fingerprint00:91:A1:24:2B:14:DC:C4:B7:B4:4B:E6:06:FE:AB:7C:6F:88:D5:98
ValidityWed, 05 Feb 2025 11:21:34 GMT - Tue, 06 May 2025 12:19:40 GMT

File type
gzip compressed data, from Unix
Size
3.1 kB (3122 bytes)
Hash
aab0c5da39e59bde7895a582bba5ff89
5d1c97cbfc8e24d33ef3f02c6ea02888b3755f1a
8b811fe6a9b5fae3fb915359f8a945cfd5596a0d07be6294c5fa8b95f8f82ae7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/styles/main.css HTTP/1.1
Host: nextpointkaynersave.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nextpointkaynersave.com/Cloudflare%20_%20Web%20Performance%20&%20Security_files/saved_resource.html
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 25 Feb 2025 20:12:41 GMT
content-type: text/css
last-modified: Fri, 21 Feb 2025 16:51:28 GMT
cache-control: max-age=7200, public
content-encoding: gzip
etag: W/"67b8af10-1f4d"
server: cloudflare
cf-ray: 917a5a0599ed1bfa-OSL
x-frame-options: DENY
x-content-type-options: nosniff
vary: Accept-Encoding
expires: Tue, 25 Feb 2025 22:12:41 GMT

nextpointkaynersave.com/cdn-cgi/images/cf-icon-error.png

104.21.64.1

200 OK

854 B

URL GET HTTP/3
nextpointkaynersave.com/cdn-cgi/images/cf-icon-error.png
IP
104.21.64.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nextpointkaynersave.com/Cloudflare%20_%20Web%20Performance%20&%20Security_files/saved_resource.html
Certificate
IssuerGoogle Trust Services
Subjectnextpointkaynersave.com
Fingerprint00:91:A1:24:2B:14:DC:C4:B7:B4:4B:E6:06:FE:AB:7C:6F:88:D5:98
ValidityWed, 05 Feb 2025 11:21:34 GMT - Tue, 06 May 2025 12:19:40 GMT

File type
PNG image data, 48 x 48, 8-bit colormap, non-interlaced
Size
854 B (854 bytes)
Hash
e5577f04b6d92590410e26bd2292933b
16946b2c99d98a57f83eac170ce94b012b7d1a7b
67f70597a183fbca7fac55d609fbaac5c34bb4d4d32a0530bbbbb42591f2de2f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/images/cf-icon-error.png HTTP/1.1
Host: nextpointkaynersave.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nextpointkaynersave.com/cdn-cgi/styles/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 25 Feb 2025 20:12:41 GMT
content-type: image/png
content-length: 854
last-modified: Fri, 21 Feb 2025 16:51:28 GMT
accept-ranges: bytes
etag: "67b8af10-356"
server: cloudflare
cf-ray: 917a5a05b9ef1bfa-OSL
x-frame-options: DENY
x-content-type-options: nosniff
vary: Accept-Encoding
expires: Tue, 25 Feb 2025 22:12:41 GMT
cache-control: max-age=7200, public

nextpointkaynersave.com/favicon.ico

104.21.64.1

404 Not Found

18 kB

URL GET HTTP/3
nextpointkaynersave.com/favicon.ico
IP
104.21.64.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nextpointkaynersave.com/index51.php?flow_id=103&conversion=Xih4RNblVOQ&bid=0.005&campaign=1477682&pubfeed=698566&subid=lateritious-falcon&country=no&city=Oslo&os=Windows+10&browser=FIREFOX_134.0&carrier=Blix+Solutions
Certificate
IssuerGoogle Trust Services
Subjectnextpointkaynersave.com
Fingerprint00:91:A1:24:2B:14:DC:C4:B7:B4:4B:E6:06:FE:AB:7C:6F:88:D5:98
ValidityWed, 05 Feb 2025 11:21:34 GMT - Tue, 06 May 2025 12:19:40 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (2534)
Size
18 kB (18160 bytes)
Hash
9b32b888eba2dbaeae99d83819d0583a
3a456837d1f41fd163cd3973c27e71be42d43e8c
9f9ca8c04fc57e67278b1b914b719d4e8138a94d2ce2895addeddeb925e6115d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: nextpointkaynersave.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nextpointkaynersave.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 404 Not Found
date: Tue, 25 Feb 2025 20:12:41 GMT
content-type: text/html
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AWwe%2FEcTc6P%2BKBMiljJEjlmVRhVM8f2fGNN%2B%2B6P%2FcQAUCa4rwnEZ0oiIDT5KBwWC39cjeJuiNJgRXqeiJnFMpq%2FRCmCrCa5ewNjaKcXt76DeQvNMKHy0YIS%2BHcJ%2B6tbzjMJSIRhXNFaHuw%3D%3D"}],"group":"cf-nel","max_age":604800}
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
content-encoding: br
cf-ray: 917a5a04c9e81bfa-OSL
server: cloudflare
alt-svc: h3=":443"; ma=86400

dash.cloudflare.com/favicon-16x16.png

104.17.110.184

200 OK

370 B

URL GET HTTP/2
dash.cloudflare.com/favicon-16x16.png
IP
104.17.110.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nextpointkaynersave.com/index51.php?flow_id=103&conversion=Xih4RNblVOQ&bid=0.005&campaign=1477682&pubfeed=698566&subid=lateritious-falcon&country=no&city=Oslo&os=Windows+10&browser=FIREFOX_134.0&carrier=Blix+Solutions
Certificate
IssuerGoogle Trust Services
Subjectdash.cloudflare.com
Fingerprint3B:B6:8A:0B:1D:8F:75:4B:AD:56:F9:EF:8C:AE:BD:41:D6:4F:0F:9C
ValidityThu, 02 Jan 2025 07:38:02 GMT - Wed, 02 Apr 2025 08:38:01 GMT

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Size
370 B (370 bytes)
Hash
5f5a8ef2cfde7c8e551238163bf35c29
9f201d8b5c220f9c16b921eefd245ef403d7d8e0
01aa824c92ae6da0157214fe455877058e8240c76d5bb8b9d8b85e04c47b19e1

HTTP Headers

GET /favicon-16x16.png HTTP/1.1
Host: dash.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nextpointkaynersave.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 25 Feb 2025 20:12:41 GMT
content-type: image/png
content-length: 370
access-control-allow-origin: dash.cloudflare.com
cache-control: public, max-age=14400
etag: "97695ee1d0e4c5c95223a67bb6f7933f"
access-control-allow-credentials: true
access-control-allowed-methods: GET, POST, DELETE, PUT
referrer-policy: strict-origin-when-cross-origin
x-asset-source: 0a7a0537
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H3RX57RTr3SmhMpu9Shvvoz6RcMqG9egYOSpa5sfTY4bG1Jn%2Bjsr5155uZhcB7QeePt9oetpxd%2BQmyBifldFTUzNdDBABVaJQ%2BnGnWxbzrsyc5VkeeezDXvvVeuFuNAn8MRTiTeV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
expires: Wed, 26 Feb 2025 00:12:41 GMT
accept-ranges: bytes
strict-transport-security: max-age=86400; includeSubDomains
set-cookie: __cf_bm=lzwWT62f45Y4Cn7x2fVWAu__IMpanwBec6vBREFKPwA-1740514361-1.0.1.1-0_I27oxwmFBCw2wTiuBpi_pSyMdl.GkZ3MvGfTD1XKQ4cvBAYu3Y00HrvtsrstX8669_3a.V_wWHdjpRkIgRzg; path=/; expires=Tue, 25-Feb-25 20:42:41 GMT; domain=.dash.cloudflare.com; HttpOnly; Secure; SameSite=None
__cfruid=f74a334a09f3cea02a4b00dbdd1f5b3ace59a4bd-1740514361; path=/; domain=.dash.cloudflare.com; HttpOnly; Secure; SameSite=None
_cfuvid=9wz918yQDPc32Hs284eiCTdqXH6j83ZBXUMOFHJ5ahE-1740514361307-0.0.1.1-604800000; path=/; domain=.dash.cloudflare.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 917a5a05cfe5b4ee-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

nextpointkaynersave.com/Cloudflare%20_%20Web%20Performance%20&%20Security_files/saved_resource.html

104.21.80.1

520 No Reason Phrase

7.2 kB

URL GET HTTP/3
nextpointkaynersave.com/Cloudflare%20_%20Web%20Performance%20&%20Security_files/saved_resource.html
IP
104.21.80.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nextpointkaynersave.com/index51.php?flow_id=103&conversion=Xih4RNblVOQ&bid=0.005&campaign=1477682&pubfeed=698566&subid=lateritious-falcon&country=no&city=Oslo&os=Windows+10&browser=FIREFOX_134.0&carrier=Blix+Solutions
Certificate
IssuerGoogle Trust Services
Subjectnextpointkaynersave.com
Fingerprint00:91:A1:24:2B:14:DC:C4:B7:B4:4B:E6:06:FE:AB:7C:6F:88:D5:98
ValidityWed, 05 Feb 2025 11:21:34 GMT - Tue, 06 May 2025 12:19:40 GMT

File type
HTML document, ASCII text, with very long lines (525)
Size
7.2 kB (7227 bytes)
Hash
93fd81a29401e460b16826b922ecb063
9d46eb7480ec9ec4f5f6e9ca9e35197e0bdc215a
d808941e32f42456ce9dabdc1616e75260734df98d2db26eaa76d4ed3e464837

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Cloudflare%20_%20Web%20Performance%20&%20Security_files/saved_resource.html HTTP/1.1
Host: nextpointkaynersave.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 520 No Reason Phrase
date: Tue, 25 Feb 2025 20:13:04 GMT
content-type: text/html; charset=UTF-8
content-length: 7227
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dSOo9tkYzi3OoUbUyjMT58aqsEA9ebluo%2BkXU1Y91vL5jOtDYrxXCehQFsRQ0YslTlCFYFuVfmHswc0v5H5JtNBNks7CJdKbVtXINKVwr51%2FQTys4fFUsxbd5EF%2BJZMUN4sHmcKx1owx7A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
server: cloudflare
cf-ray: 917a5a99a86e56cb-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=531&min_rtt=443&rtt_var=148&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3235&recv_bytes=1092&delivery_rate=5656250&cwnd=254&unsent_bytes=0&cid=ce6b6f6f72666854&ts=104&x=0"
X-Firefox-Spdy: h2

nextpointkaynersave.com/cdn-cgi/zaraz/s.js?z=JTdCJTIyZXhlY3V0ZWQlMjIlM0ElNUIlMjJQYWdldmlldyUyMiUyQyUyMmdhanMlMjIlMkMlMjJpU1d6JTIyJTJDJTIydGh3YiUyMiU1RCUyQyUyMnQlMjIlM0ElMjJDbG91ZGZsYXJlJTIwJTdDJTIwV2ViJTIwUGVyZm9ybWFuY2UlMjAlMjYlMjBTZWN1cml0eSUyMiUyQyUyMnglMjIlM0EwLjA3MTU0ODcxNjg0MTgzMTI4JTJDJTIydyUyMiUzQTEyODAlMkMlMjJoJTIyJTNBMTAyNCUyQyUyMmolMjIlM0ExMDI0JTJDJTIyZSUyMiUzQTEyODAlMkMlMjJsJTIyJTNBJTIyaHR0cHMlM0ElMkYlMkZuZXh0cG9pbnRrYXluZXJzYXZlLmNvbSUyRmluZGV4NTEucGhwJTNGZmxvd19pZCUzRDEwMyUyNmNvbnZlcnNpb24lM0RYaWg0Uk5ibFZPUSUyNmJpZCUzRDAuMDA1JTI2Y2FtcGFpZ24lM0QxNDc3NjgyJTI2cHViZmVlZCUzRDY5ODU2NiUyNnN1YmlkJTNEbGF0ZXJpdGlvdXMtZmFsY29uJTI2Y291bnRyeSUzRG5vJTI2Y2l0eSUzRE9zbG8lMjZvcyUzRFdpbmRvd3MlMkIxMCUyNmJyb3dzZXIlM0RGSVJFRk9YXzEzNC4wJTI2Y2FycmllciUzREJsaXglMkJTb2x1dGlvbnMlMjIlMkMlMjJyJTIyJTNBJTIyaHR0cHMlM0ElMkYlMkZseWN1ci10cmQuY29tJTJGJTIyJTJDJTIyayUyMiUzQTI0JTJDJTIybiUyMiUzQSUyMlVURi04JTIyJTJDJTIybyUyMiUzQTAlMkMlMjJxJTIyJTNBJTVCJTVEJTdE

104.21.64.1

404 Not Found

0 B

URL GET HTTP/3
nextpointkaynersave.com/cdn-cgi/zaraz/s.js?z=JTdCJTIyZXhlY3V0ZWQlMjIlM0ElNUIlMjJQYWdldmlldyUyMiUyQyUyMmdhanMlMjIlMkMlMjJpU1d6JTIyJTJDJTIydGh3YiUyMiU1RCUyQyUyMnQlMjIlM0ElMjJDbG91ZGZsYXJlJTIwJTdDJTIwV2ViJTIwUGVyZm9ybWFuY2UlMjAlMjYlMjBTZWN1cml0eSUyMiUyQyUyMnglMjIlM0EwLjA3MTU0ODcxNjg0MTgzMTI4JTJDJTIydyUyMiUzQTEyODAlMkMlMjJoJTIyJTNBMTAyNCUyQyUyMmolMjIlM0ExMDI0JTJDJTIyZSUyMiUzQTEyODAlMkMlMjJsJTIyJTNBJTIyaHR0cHMlM0ElMkYlMkZuZXh0cG9pbnRrYXluZXJzYXZlLmNvbSUyRmluZGV4NTEucGhwJTNGZmxvd19pZCUzRDEwMyUyNmNvbnZlcnNpb24lM0RYaWg0Uk5ibFZPUSUyNmJpZCUzRDAuMDA1JTI2Y2FtcGFpZ24lM0QxNDc3NjgyJTI2cHViZmVlZCUzRDY5ODU2NiUyNnN1YmlkJTNEbGF0ZXJpdGlvdXMtZmFsY29uJTI2Y291bnRyeSUzRG5vJTI2Y2l0eSUzRE9zbG8lMjZvcyUzRFdpbmRvd3MlMkIxMCUyNmJyb3dzZXIlM0RGSVJFRk9YXzEzNC4wJTI2Y2FycmllciUzREJsaXglMkJTb2x1dGlvbnMlMjIlMkMlMjJyJTIyJTNBJTIyaHR0cHMlM0ElMkYlMkZseWN1ci10cmQuY29tJTJGJTIyJTJDJTIyayUyMiUzQTI0JTJDJTIybiUyMiUzQSUyMlVURi04JTIyJTJDJTIybyUyMiUzQTAlMkMlMjJxJTIyJTNBJTVCJTVEJTdE
IP
104.21.64.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nextpointkaynersave.com/index51.php?flow_id=103&conversion=Xih4RNblVOQ&bid=0.005&campaign=1477682&pubfeed=698566&subid=lateritious-falcon&country=no&city=Oslo&os=Windows+10&browser=FIREFOX_134.0&carrier=Blix+Solutions
Certificate
IssuerGoogle Trust Services
Subjectnextpointkaynersave.com
Fingerprint00:91:A1:24:2B:14:DC:C4:B7:B4:4B:E6:06:FE:AB:7C:6F:88:D5:98
ValidityWed, 05 Feb 2025 11:21:34 GMT - Tue, 06 May 2025 12:19:40 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/zaraz/s.js?z=JTdCJTIyZXhlY3V0ZWQlMjIlM0ElNUIlMjJQYWdldmlldyUyMiUyQyUyMmdhanMlMjIlMkMlMjJpU1d6JTIyJTJDJTIydGh3YiUyMiU1RCUyQyUyMnQlMjIlM0ElMjJDbG91ZGZsYXJlJTIwJTdDJTIwV2ViJTIwUGVyZm9ybWFuY2UlMjAlMjYlMjBTZWN1cml0eSUyMiUyQyUyMnglMjIlM0EwLjA3MTU0ODcxNjg0MTgzMTI4JTJDJTIydyUyMiUzQTEyODAlMkMlMjJoJTIyJTNBMTAyNCUyQyUyMmolMjIlM0ExMDI0JTJDJTIyZSUyMiUzQTEyODAlMkMlMjJsJTIyJTNBJTIyaHR0cHMlM0ElMkYlMkZuZXh0cG9pbnRrYXluZXJzYXZlLmNvbSUyRmluZGV4NTEucGhwJTNGZmxvd19pZCUzRDEwMyUyNmNvbnZlcnNpb24lM0RYaWg0Uk5ibFZPUSUyNmJpZCUzRDAuMDA1JTI2Y2FtcGFpZ24lM0QxNDc3NjgyJTI2cHViZmVlZCUzRDY5ODU2NiUyNnN1YmlkJTNEbGF0ZXJpdGlvdXMtZmFsY29uJTI2Y291bnRyeSUzRG5vJTI2Y2l0eSUzRE9zbG8lMjZvcyUzRFdpbmRvd3MlMkIxMCUyNmJyb3dzZXIlM0RGSVJFRk9YXzEzNC4wJTI2Y2FycmllciUzREJsaXglMkJTb2x1dGlvbnMlMjIlMkMlMjJyJTIyJTNBJTIyaHR0cHMlM0ElMkYlMkZseWN1ci10cmQuY29tJTJGJTIyJTJDJTIyayUyMiUzQTI0JTJDJTIybiUyMiUzQSUyMlVURi04JTIyJTJDJTIybyUyMiUzQTAlMkMlMjJxJTIyJTNBJTVCJTVEJTdE HTTP/1.1
Host: nextpointkaynersave.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nextpointkaynersave.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Tue, 25 Feb 2025 20:12:41 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1Tii9zbuL8nvOSEbowndiXrSImCarZZOYOY4yjptIdi4YwK0F2L9g12AbtLxxK6gpvwCRloS9sSGedFaAFyA7VxhDQExKON6IuJSd7k%2FGpNgSDLZZH3zu%2F4E3Zu1Y%2B4%2BafwyehDaKXo9Yg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400
cf-cache-status: MISS
cf-ray: 917a5a04d9ea1bfa-OSL
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400

dash.cloudflare.com/favicon-196x196.png

104.17.110.184

200 OK

11 kB

URL GET HTTP/2
dash.cloudflare.com/favicon-196x196.png
IP
104.17.110.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nextpointkaynersave.com/index51.php?flow_id=103&conversion=Xih4RNblVOQ&bid=0.005&campaign=1477682&pubfeed=698566&subid=lateritious-falcon&country=no&city=Oslo&os=Windows+10&browser=FIREFOX_134.0&carrier=Blix+Solutions
Certificate
IssuerGoogle Trust Services
Subjectdash.cloudflare.com
Fingerprint3B:B6:8A:0B:1D:8F:75:4B:AD:56:F9:EF:8C:AE:BD:41:D6:4F:0F:9C
ValidityThu, 02 Jan 2025 07:38:02 GMT - Wed, 02 Apr 2025 08:38:01 GMT

File type
PNG image data, 196 x 196, 8-bit/color RGBA, non-interlaced
Size
11 kB (10972 bytes)
Hash
bc6ae14562259f8d44557a73f932b9e1
97849369c0a7b688cab059c1fddf605bbd384e28
e95fec516055a0c2822ae17a5fa07fd9578b2f2e155ff639e0f583a79c9e38e1

HTTP Headers

GET /favicon-196x196.png HTTP/1.1
Host: dash.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nextpointkaynersave.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 25 Feb 2025 20:12:41 GMT
content-type: image/png
content-length: 10972
access-control-allow-credentials: true
access-control-allow-origin: dash.cloudflare.com
access-control-allowed-methods: GET, POST, DELETE, PUT
cf-bgj: imgq:100,h2pri
cf-polished: origSize=16683
etag: "6c8c97eaf940230ee5b3b91cc144e848"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aK4MhIXDvGyzuMVWyqxkkB0S106r45Wh42iGSsL14oXDXA4WX%2BGMA5qLxcfeqStzkUVRuijkN5hPg1WgB0mupBn6TZboR2CpumJQptP42z%2By24gAFLuf01hJYSkv3sY6ditdS1SNWDD4WO7CyIWGxERb"}],"group":"cf-nel","max_age":604800}
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
x-asset-source: cf-pages
x-content-type-options: nosniff
cf-cache-status: HIT
age: 4502
expires: Wed, 26 Feb 2025 00:12:41 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
strict-transport-security: max-age=86400; includeSubDomains
set-cookie: __cf_bm=QB0NAmMlvEf01HqgyFJCkK4kkd9ihBz7F1L2GnNDmU4-1740514361-1.0.1.1-ZQg6i2OhAe3KV2FnLrAtVtG21OTZUz1zjBM5tNmKKRHH5PIdVIdQhpy12gO1aXX7jpwpNWMqeB8i_Lp9YZdICw; path=/; expires=Tue, 25-Feb-25 20:42:41 GMT; domain=.dash.cloudflare.com; HttpOnly; Secure; SameSite=None
__cfruid=f74a334a09f3cea02a4b00dbdd1f5b3ace59a4bd-1740514361; path=/; domain=.dash.cloudflare.com; HttpOnly; Secure; SameSite=None
_cfuvid=sg5gXHOeAsK0Nu6addGOv6ct2xAGGrzCqhByKKPXpm8-1740514361281-0.0.1.1-604800000; path=/; domain=.dash.cloudflare.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 917a5a05cfe0b4ee-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

nextpointkaynersave.com/index51.php?flow_id=103&conversion=Xih4RNblVOQ&bid=0.005&campaign=1477682&pubfeed=698566&subid=lateritious-falcon&country=no&city=Oslo&os=Windows+10&browser=FIREFOX_134.0&carrier=Blix+Solutions

104.21.64.1

200 OK

21 kB

URL User Request GET HTTP/2
nextpointkaynersave.com/index51.php?flow_id=103&conversion=Xih4RNblVOQ&bid=0.005&campaign=1477682&pubfeed=698566&subid=lateritious-falcon&country=no&city=Oslo&os=Windows+10&browser=FIREFOX_134.0&carrier=Blix+Solutions
IP
104.21.64.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectnextpointkaynersave.com
Fingerprint00:91:A1:24:2B:14:DC:C4:B7:B4:4B:E6:06:FE:AB:7C:6F:88:D5:98
ValidityWed, 05 Feb 2025 11:21:34 GMT - Tue, 06 May 2025 12:19:40 GMT

File type

Size
21 kB (20924 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index51.php?flow_id=103&conversion=Xih4RNblVOQ&bid=0.005&campaign=1477682&pubfeed=698566&subid=lateritious-falcon&country=no&city=Oslo&os=Windows+10&browser=FIREFOX_134.0&carrier=Blix+Solutions HTTP/1.1
Host: nextpointkaynersave.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lycur-trd.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 25 Feb 2025 20:12:40 GMT
content-type: text/html;charset=UTF-8
vary: Accept-Encoding
cache-control: no-store
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OtOyKndRGbvfRTWXjz%2BS3QKIsfvATOnP4M6ejegfjGJhF5uNN%2BG2I3A7w%2FskO6pNszp2p5Fyx3Dhei4lzRartUVnYh0xBPAgGynatGQvQfMZ2PVs3%2BHMfhPBfEoybDCS%2B742AbSpE8eMVw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 917a5a021ac40b3d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=736&min_rtt=553&rtt_var=210&sent=8&recv=10&lost=0&retrans=0&sent_bytes=3311&recv_bytes=1430&delivery_rate=6895238&cwnd=254&unsent_bytes=0&cid=0a0006becb17613d&ts=214&x=0"
X-Firefox-Spdy: h2

nextpointkaynersave.com/cdn-cgi/images/cf-icon-ok.png

104.21.64.1

200 OK

946 B

URL GET HTTP/3
nextpointkaynersave.com/cdn-cgi/images/cf-icon-ok.png
IP
104.21.64.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nextpointkaynersave.com/Cloudflare%20_%20Web%20Performance%20&%20Security_files/saved_resource.html
Certificate
IssuerGoogle Trust Services
Subjectnextpointkaynersave.com
Fingerprint00:91:A1:24:2B:14:DC:C4:B7:B4:4B:E6:06:FE:AB:7C:6F:88:D5:98
ValidityWed, 05 Feb 2025 11:21:34 GMT - Tue, 06 May 2025 12:19:40 GMT

File type
PNG image data, 48 x 48, 8-bit colormap, non-interlaced
Size
946 B (946 bytes)
Hash
dfaf0fbb758c874be231335db178381d
8f2597eb7ba4c89892aac0559816db3f5280b23e
ed732380ee3ff0f2d841784da213c8c05d2b5ae187a5217b419d21cae5cedb1b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/images/cf-icon-ok.png HTTP/1.1
Host: nextpointkaynersave.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nextpointkaynersave.com/cdn-cgi/styles/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 25 Feb 2025 20:12:41 GMT
content-type: image/png
content-length: 946
last-modified: Fri, 21 Feb 2025 16:51:28 GMT
accept-ranges: bytes
etag: "67b8af10-3b2"
server: cloudflare
cf-ray: 917a5a05b9ee1bfa-OSL
x-frame-options: DENY
x-content-type-options: nosniff
vary: Accept-Encoding
expires: Tue, 25 Feb 2025 22:12:41 GMT
cache-control: max-age=7200, public

nextpointkaynersave.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/b0e4a89976ce/main.js?

104.21.64.1

200 OK

8.5 kB

URL GET HTTP/3
nextpointkaynersave.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/b0e4a89976ce/main.js?
IP
104.21.64.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nextpointkaynersave.com/index51.php?flow_id=103&conversion=Xih4RNblVOQ&bid=0.005&campaign=1477682&pubfeed=698566&subid=lateritious-falcon&country=no&city=Oslo&os=Windows+10&browser=FIREFOX_134.0&carrier=Blix+Solutions
Certificate
IssuerGoogle Trust Services
Subjectnextpointkaynersave.com
Fingerprint00:91:A1:24:2B:14:DC:C4:B7:B4:4B:E6:06:FE:AB:7C:6F:88:D5:98
ValidityWed, 05 Feb 2025 11:21:34 GMT - Tue, 06 May 2025 12:19:40 GMT

File type
JavaScript source, ASCII text, with very long lines (8451), with no line terminators
Size
8.5 kB (8451 bytes)
Hash
7c18432c4f2ad065b4f66d2689c5ad12
6024674defab21643a102a22662f45e4e998946b
d95c46bade1dd520248ae7240c55ca68461904141b058b36a3c90cb2175c6b2f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/b0e4a89976ce/main.js? HTTP/1.1
Host: nextpointkaynersave.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 25 Feb 2025 20:12:41 GMT
content-type: application/javascript; charset=UTF-8
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RKXhs%2BabPPRe%2FSDNj%2F7zL9y58GCeLgqV8f2vylA72A9syo79f5ZgFg52LkwxwGFqi0Qz6TChKirRp3tSB9xyT7vZJECzEojVBJ3Kav%2FJaOp2kRPz9rhj7IPswmNM8HamlAVI%2BS6b5dR7Dg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public
x-content-type-options: nosniff
content-encoding: br
cf-ray: 917a5a04f9eb1bfa-OSL
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (11)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by