Report - grartoamp.com/?l=jB33Wx3582pkTZu&b=19644114&z=6635775&s=6576fcf078bf7b0001de97ed&campid=431657&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93__

Report Overview

Visited public
2023-12-11 12:14:18
Tags
URL
grartoamp.com/?l=jB33Wx3582pkTZu&b=19644114&z=6635775&s=6576fcf078bf7b0001de97ed&campid=431657&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=6576fcf078bf7b0001de97ed
Finishing URL
grartoamp.com/?l=jB33Wx3582pkTZu&b=19644114&z=6635775&s=6576fcf078bf7b0001de97ed&campid=431657&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=6576fcf078bf7b0001de97ed
IP / ASN
139.45.197.162
#9002 RETN Limited
Title
Click to continue watching

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
littlecdn.com	11785	2019-06-04	2019-06-04 12:44:02	2023-12-09 18:44:17	486 B	7.3 kB	104.22.24.116
static.grartoamp.com	unknown	2023-11-30	2023-12-08 16:20:12	2023-12-08 16:20:12	554 B	7.4 kB	139.45.197.162
grartoamp.com	unknown	2023-11-30	2023-11-30 16:42:39	2023-12-10 05:23:39	7.1 kB	82 kB	139.45.197.162
my.rtmark.net	9054	2014-10-29	2015-02-04 10:54:57	2023-12-10 17:58:57	916 B	1.5 kB	139.45.195.8

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-12-11	medium	grartoamp.com	Sinkholed
2023-12-11	medium	grartoamp.com	Sinkholed
2023-12-11	medium	grartoamp.com	Sinkholed
2023-12-11	medium	grartoamp.com	Sinkholed
2023-12-11	medium	grartoamp.com	Sinkholed
2023-12-11	medium	grartoamp.com	Sinkholed
2023-12-11	medium	grartoamp.com	Sinkholed
2023-12-11	medium	grartoamp.com	Sinkholed
2023-12-11	medium	grartoamp.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (17)

	URL	From	Size	First Seen	Last Seen
	grartoamp.com/?l=jB33Wx3582pkTZu&b=19644114&z=6635775&s=6576fcf078bf7b0001de97ed&campid=431657&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=6576fcf078bf7b0001de97ed	ScriptElement	32 B	2023-03-13	2024-12-01
Pretty URL grartoamp.com/?l=jB33Wx3582pkTZu&b=19644114&z=6635775&s=6576fcf078bf7b0001de97ed&campid=431657&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=6576fcf078bf7b0001de97ed IP 139.45.197.162 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-13 19:53 Last Seen2024-12-01 14:47 Times Seen738 Hash 4e5e8fb36d83dde24fb98e62a9779375 da75c65907e31036bfef95ac91601b3d748c1344 5c68e3331e69338f026762bb1b00dc710d7fe9c4eb0ae299d534010aa9ab33ab Loading...

	grartoamp.com/?l=jB33Wx3582pkTZu&b=19644114&z=6635775&s=6576fcf078bf7b0001de97ed&campid=431657&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=6576fcf078bf7b0001de97ed	ScriptElement	679 B	2023-09-30	2024-08-21
Pretty URL grartoamp.com/?l=jB33Wx3582pkTZu&b=19644114&z=6635775&s=6576fcf078bf7b0001de97ed&campid=431657&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=6576fcf078bf7b0001de97ed IP 139.45.197.162 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-30 06:56 Last Seen2024-08-21 05:28 Times Seen5057 Hash 81f2b3d0597f5fb3e59f0de7c72e56b0 f7fe43ee0344359c42a4501460b2d06dfcbeb46a 5fe54923fddbb41708ee1edb5375baafddf99ddca22cbb74e0350e498cbf4b3e Loading...

	grartoamp.com/?l=jB33Wx3582pkTZu&b=19644114&z=6635775&s=6576fcf078bf7b0001de97ed&campid=431657&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=6576fcf078bf7b0001de97ed	ScriptElement	1.0 kB	2023-09-15	2025-01-21
Pretty URL grartoamp.com/?l=jB33Wx3582pkTZu&b=19644114&z=6635775&s=6576fcf078bf7b0001de97ed&campid=431657&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=6576fcf078bf7b0001de97ed IP 139.45.197.162 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-15 06:48 Last Seen2025-01-21 11:42 Times Seen6367 Hash 1e000d88343060c761e3d7ae644a8732 98f67005a3b038378596137e93681310c394d980 cea17ebf90b967d519365b4f2c3a89f73e6b70003e81841d6b8696df4304210e Loading...

	grartoamp.com/?l=jB33Wx3582pkTZu&b=19644114&z=6635775&s=6576fcf078bf7b0001de97ed&campid=431657&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=6576fcf078bf7b0001de97ed	ScriptElement	2.4 kB	2023-12-08	2024-08-20
Pretty URL grartoamp.com/?l=jB33Wx3582pkTZu&b=19644114&z=6635775&s=6576fcf078bf7b0001de97ed&campid=431657&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=6576fcf078bf7b0001de97ed IP 139.45.197.162 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-08 16:20 Last Seen2024-08-20 16:21 Times Seen5 Hash 2e5dfb8febfa4c360d713b014176b27b 4a4f37cc5ee9c50c80a999f4417b968328c4097a b00786cb51c8d4ab3cbd5a1f8eea4570a2f28c15bcc5d621eae6832aec76b507 Loading...

	grartoamp.com/?l=jB33Wx3582pkTZu&b=19644114&z=6635775&s=6576fcf078bf7b0001de97ed&campid=431657&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=6576fcf078bf7b0001de97ed	ScriptElement	2.1 kB	2024-08-20	2024-08-20
Pretty URL grartoamp.com/?l=jB33Wx3582pkTZu&b=19644114&z=6635775&s=6576fcf078bf7b0001de97ed&campid=431657&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=6576fcf078bf7b0001de97ed IP 139.45.197.162 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 16:07 Last Seen2024-08-20 16:07 Times Seen1 Hash bc21120bebb8ebefaf7850fee1cf6931 c94670657c0d922b5d7ed9652e880370b4d8fb3d 9fe1eb04f68bb2623d149cfdc9c37a6bfa269bb472d323607bab34da45eedeec Loading...

	grartoamp.com/?l=jB33Wx3582pkTZu&b=19644114&z=6635775&s=6576fcf078bf7b0001de97ed&campid=431657&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=6576fcf078bf7b0001de97ed	ScriptElement	38 B	2023-03-13	2025-01-21
Pretty URL grartoamp.com/?l=jB33Wx3582pkTZu&b=19644114&z=6635775&s=6576fcf078bf7b0001de97ed&campid=431657&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=6576fcf078bf7b0001de97ed IP 139.45.197.162 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-13 22:51 Last Seen2025-01-21 11:42 Times Seen5557 Hash 3ea1379d18e4ec6bccefeba76a1b33b4 90afb068cee6917494ddd820bcb2fe44de7e5e43 15c832dee58f1c08fb6bf51935a10f95cb0482d19441cefbb469a82278e54bae Loading...

	grartoamp.com/?l=jB33Wx3582pkTZu&b=19644114&z=6635775&s=6576fcf078bf7b0001de97ed&campid=431657&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=6576fcf078bf7b0001de97ed	ScriptElement	11 kB	2024-08-20	2024-08-20
Pretty URL grartoamp.com/?l=jB33Wx3582pkTZu&b=19644114&z=6635775&s=6576fcf078bf7b0001de97ed&campid=431657&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=6576fcf078bf7b0001de97ed IP 139.45.197.162 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 16:07 Last Seen2024-08-20 16:07 Times Seen1 Hash 50d1128802d011a99a34a8a052e29f0c 221eaee3c0b36a3bdb5e1ec87a067bb6210b0303 8407f047d7e761395b201023706476d98339d8a7af461a2e8ea9da2867a01dca Loading...

	grartoamp.com/?l=jB33Wx3582pkTZu&b=19644114&z=6635775&s=6576fcf078bf7b0001de97ed&campid=431657&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=6576fcf078bf7b0001de97ed	ScriptElement	432 B	2023-08-15	2025-01-21
Pretty URL grartoamp.com/?l=jB33Wx3582pkTZu&b=19644114&z=6635775&s=6576fcf078bf7b0001de97ed&campid=431657&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=6576fcf078bf7b0001de97ed IP 139.45.197.162 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-08-15 17:07 Last Seen2025-01-21 11:42 Times Seen6382 Hash a68df917a9d58006028bbbc7b6f30aa0 8412b7650e9351c4826eee83dc944ab8e7a5a660 003c5bfe078f1901b11f14e32f824a1696e54b3a72cd7462395986063f0cd571 Loading...

	grartoamp.com/?l=jB33Wx3582pkTZu&b=19644114&z=6635775&s=6576fcf078bf7b0001de97ed&campid=431657&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=6576fcf078bf7b0001de97ed	ScriptElement	4.1 kB	2024-08-20	2024-08-20
Pretty URL grartoamp.com/?l=jB33Wx3582pkTZu&b=19644114&z=6635775&s=6576fcf078bf7b0001de97ed&campid=431657&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=6576fcf078bf7b0001de97ed IP 139.45.197.162 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 16:07 Last Seen2024-08-20 16:07 Times Seen1 Hash 4f9cb356ad9c281085182ac0eae00e0d 05d5b5f653c59f6b03c605a3bffd783566d7850e 901c2d79bdb633d5c0df5f12357ba50e5a93d2bca8a17b0d415de45c40a55447 Loading...

	grartoamp.com/?l=jB33Wx3582pkTZu&b=19644114&z=6635775&s=6576fcf078bf7b0001de97ed&campid=431657&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=6576fcf078bf7b0001de97ed	ScriptElement	489 B	2023-03-07	2024-08-21
Pretty URL grartoamp.com/?l=jB33Wx3582pkTZu&b=19644114&z=6635775&s=6576fcf078bf7b0001de97ed&campid=431657&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=6576fcf078bf7b0001de97ed IP 139.45.197.162 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:03 Last Seen2024-08-21 09:42 Times Seen4398 Hash b59d52e5c8c1c905dd20084f27bc5261 492b79822be8f2f1d46714e43274e2500de5c0c5 4795baeddefb045a60541029990e6da282eb7d0cb2f9d20da866382567029649 Loading...

	grartoamp.com/pfe/current/micro.tag.min.js?uhd=1&z=6304462&ymid=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&var=6635775&sw=/sw-check-permissions/6304462&var_3=19644114_431657&os_version=10.0	ScriptElement	27 kB	2023-11-02	2024-08-20
Pretty URL grartoamp.com/pfe/current/micro.tag.min.js?uhd=1&z=6304462&ymid=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&var=6635775&sw=/sw-check-permissions/6304462&var_3=19644114_431657&os_version=10.0 IP 139.45.197.162 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-02 09:44 Last Seen2024-08-20 21:23 Times Seen8998 Hash 5ccd2d5882a06f293d07510ac91c92e6 b44dc0eaa03981adb70d3313e728f9359c1d21c1 9fc2aa21f3a7bfe66783d35fdbb48147f73e72a41f87aea848f64a8cb4518eba Loading...

	grartoamp.com/?l=jB33Wx3582pkTZu&b=19644114&z=6635775&s=6576fcf078bf7b0001de97ed&campid=431657&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=6576fcf078bf7b0001de97ed	ScriptElement	27 B	2023-03-07	2025-01-21
Pretty URL grartoamp.com/?l=jB33Wx3582pkTZu&b=19644114&z=6635775&s=6576fcf078bf7b0001de97ed&campid=431657&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=6576fcf078bf7b0001de97ed IP 139.45.197.162 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:27 Last Seen2025-01-21 11:42 Times Seen2810 Hash dcdca1271ff14fa2a37aac2fdd562ad7 6f8d97801b33f24f2a736c00e1bc5805d9fd5eb7 66d82b0643143d1e9fa6ec2c7e07af701b2b274bc4db74b60ee4dcf5862d229c Loading...

	grartoamp.com/?l=jB33Wx3582pkTZu&b=19644114&z=6635775&s=6576fcf078bf7b0001de97ed&campid=431657&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=6576fcf078bf7b0001de97ed	ScriptElement	6.7 kB	2024-08-20	2024-08-20
Pretty URL grartoamp.com/?l=jB33Wx3582pkTZu&b=19644114&z=6635775&s=6576fcf078bf7b0001de97ed&campid=431657&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=6576fcf078bf7b0001de97ed IP 139.45.197.162 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 16:07 Last Seen2024-08-20 16:07 Times Seen1 Hash 5a26143cb2fbd97bbaabd3f6e5e214b4 316b02d7ecc793c78da655be0110ba4fad8b90b7 77a162bce003bd206d460c3ba7ab784c73f64653b56c65c8fd53708cdbc9954e Loading...

	grartoamp.com/?l=jB33Wx3582pkTZu&b=19644114&z=6635775&s=6576fcf078bf7b0001de97ed&campid=431657&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=6576fcf078bf7b0001de97ed	ScriptElement	4.0 kB	2024-08-20	2024-08-20
Pretty URL grartoamp.com/?l=jB33Wx3582pkTZu&b=19644114&z=6635775&s=6576fcf078bf7b0001de97ed&campid=431657&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=6576fcf078bf7b0001de97ed IP 139.45.197.162 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 16:07 Last Seen2024-08-20 16:07 Times Seen1 Hash 8bcb495bf45ea49fa7ddae78effcbb48 6f16cd0b15ae15412eb3df8ac5b41df387bb4e1c 3a9af361c886c7a6ded5ee8ef76a0256a5a368ea49151809106ed8f2a984e2c1 Loading...

	grartoamp.com/?l=jB33Wx3582pkTZu&b=19644114&z=6635775&s=6576fcf078bf7b0001de97ed&campid=431657&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=6576fcf078bf7b0001de97ed	ScriptElement	2.9 kB	2024-08-20	2024-08-20
Pretty URL grartoamp.com/?l=jB33Wx3582pkTZu&b=19644114&z=6635775&s=6576fcf078bf7b0001de97ed&campid=431657&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=6576fcf078bf7b0001de97ed IP 139.45.197.162 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 16:07 Last Seen2024-08-20 16:07 Times Seen1 Hash c89623beb753220201b79c7837770097 37f9b2b50f4dfaba6b8e12834f6fb3084cd6b06e c2b5de30c0f05b20ef4e8a6fba444bfaaaeb901a1be64e4d0a46d6ff98cf066e Loading...

	grartoamp.com/?l=jB33Wx3582pkTZu&b=19644114&z=6635775&s=6576fcf078bf7b0001de97ed&campid=431657&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=6576fcf078bf7b0001de97ed	ScriptElement	2.8 kB	2024-08-20	2024-08-20
Pretty URL grartoamp.com/?l=jB33Wx3582pkTZu&b=19644114&z=6635775&s=6576fcf078bf7b0001de97ed&campid=431657&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=6576fcf078bf7b0001de97ed IP 139.45.197.162 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 16:07 Last Seen2024-08-20 16:07 Times Seen1 Hash a8ab844393479b0bb3793a26d74a39eb 5d68053d3e4d8f1563553386a12a2af458385572 a8d935a9f6af88a9360135e3324805edc79e5d56e43aa705e5057c2ba0b3f36d Loading...

	grartoamp.com/?l=jB33Wx3582pkTZu&b=19644114&z=6635775&s=6576fcf078bf7b0001de97ed&campid=431657&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=6576fcf078bf7b0001de97ed	ScriptElement	2.1 kB	2024-08-20	2024-08-20
Pretty URL grartoamp.com/?l=jB33Wx3582pkTZu&b=19644114&z=6635775&s=6576fcf078bf7b0001de97ed&campid=431657&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=6576fcf078bf7b0001de97ed IP 139.45.197.162 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 16:07 Last Seen2024-08-20 16:07 Times Seen1 Hash 99412c245794101571779afec7ebb7b0 cbec31a8c69a12d798b6f368a2e552aa2bfe5a9f 55f31c4f9a01d9efd17c77c4bfcfd8fa7c4f079da61c00a357ce08f3a0537b94 Loading...

HTTP Transactions (12)

URL IP Response Size

static.grartoamp.com/templates/_assets/sounds/blip1/default.mp3

139.45.197.162

206 Partial Content

6.7 kB

URL GET HTTP/2
static.grartoamp.com/templates/_assets/sounds/blip1/default.mp3
IP
139.45.197.162:443
ASN
#9002 RETN Limited

Requested by
https://grartoamp.com/?l=jB33Wx3582pkTZu&b=19644114&z=6635775&s=6576fcf078bf7b0001de97ed&campid=431657&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=6576fcf078bf7b0001de97ed
Certificate
IssuerLet's Encrypt
Subjectgrartoamp.com
FingerprintE8:E9:8F:45:34:5D:AE:24:42:A9:EE:61:55:E9:B2:3C:63:69:C6:61
ValidityThu, 30 Nov 2023 14:21:24 GMT - Wed, 28 Feb 2024 14:21:23 GMT

File type
Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Monaural - data
Size
6.7 kB (6712 bytes)
Hash
6422f23e1751d74410347e02c0210a60
0e3e65be6b5fbb76f6a52191e973bd37368be204
4fdb5a03ae3f26e801517144609db3589bd0835a686fe11dfe7afddcdb750ef8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /templates/_assets/sounds/blip1/default.mp3 HTTP/1.1
Host: static.grartoamp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://grartoamp.com/
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 206 Partial Content
server: nginx
date: Mon, 11 Dec 2023 12:13:53 GMT
content-type: audio/mpeg
content-length: 6712
last-modified: Mon, 11 Dec 2023 10:55:22 GMT
vary: Accept-Encoding
etag: "6576ea9a-1a38"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-range: bytes 0-6711/6712
X-Firefox-Spdy: h2

grartoamp.com/zone?&pub=0&zone_id=6304462&is_mobile=false&domain=grartoamp.com&var=6635775&ymid=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&var_3=19644114_431657&var_4=&dsig=&tg=1&sw=3.1.471&action=prerequest

139.45.197.162

200 OK

0 B

URL POST HTTP/2
grartoamp.com/zone?&pub=0&zone_id=6304462&is_mobile=false&domain=grartoamp.com&var=6635775&ymid=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&var_3=19644114_431657&var_4=&dsig=&tg=1&sw=3.1.471&action=prerequest
IP
139.45.197.162:443
ASN
#9002 RETN Limited

Requested by
https://grartoamp.com/?l=jB33Wx3582pkTZu&b=19644114&z=6635775&s=6576fcf078bf7b0001de97ed&campid=431657&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=6576fcf078bf7b0001de97ed
Certificate
IssuerLet's Encrypt
Subjectgrartoamp.com
FingerprintE8:E9:8F:45:34:5D:AE:24:42:A9:EE:61:55:E9:B2:3C:63:69:C6:61
ValidityThu, 30 Nov 2023 14:21:24 GMT - Wed, 28 Feb 2024 14:21:23 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /zone?&pub=0&zone_id=6304462&is_mobile=false&domain=grartoamp.com&var=6635775&ymid=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&var_3=19644114_431657&var_4=&dsig=&tg=1&sw=3.1.471&action=prerequest HTTP/1.1
Host: grartoamp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://grartoamp.com
DNT: 1
Connection: keep-alive
Referer: https://grartoamp.com/?l=jB33Wx3582pkTZu&b=19644114&z=6635775&s=6576fcf078bf7b0001de97ed&campid=431657&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=6576fcf078bf7b0001de97ed
Cookie: reverse=GHnPi_rHeSmZW_peEe0kwtRvdd82N7-IV0GYCSr-slE; OAID=8695bf9282544c6c21cd8659d1e091a0; oaidts=1702296833
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 11 Dec 2023 12:13:53 GMT
content-length: 0
x-trace-id: 932d59ef1fc16859b33eba086230c881
access-control-allow-origin: https://grartoamp.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

my.rtmark.net/gid.js?userId=8695bf9282544c6c21cd8659d1e091a0

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?userId=8695bf9282544c6c21cd8659d1e091a0
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://grartoamp.com/?l=jB33Wx3582pkTZu&b=19644114&z=6635775&s=6576fcf078bf7b0001de97ed&campid=431657&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=6576fcf078bf7b0001de97ed
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintE8:81:4E:79:89:89:BE:CE:75:1F:E0:2A:60:54:8A:A4:11:2E:F7:42
ValiditySat, 07 Oct 2023 15:22:00 GMT - Fri, 05 Jan 2024 15:21:59 GMT

File type
JSON data - , ASCII text
Size
65 B (65 bytes)
Hash
5be2cd43f2834c624b4b78e3b76bd7f8
1d4f0fa8c4c0750e1e8cb8ad6dabdcf6747798d0
988a29fbfe579f899dc90242839e5449b1fb8d93ebec4383e4e069af33347eb2

HTTP Headers

GET /gid.js?userId=8695bf9282544c6c21cd8659d1e091a0 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://grartoamp.com/
Origin: https://grartoamp.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 11 Dec 2023 12:13:53 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://grartoamp.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=8695bf9282544c6c21cd8659d1e091a0; expires=Tue, 10 Dec 2024 12:13:53 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

my.rtmark.net/gid.js

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://grartoamp.com/?l=jB33Wx3582pkTZu&b=19644114&z=6635775&s=6576fcf078bf7b0001de97ed&campid=431657&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=6576fcf078bf7b0001de97ed
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintE8:81:4E:79:89:89:BE:CE:75:1F:E0:2A:60:54:8A:A4:11:2E:F7:42
ValiditySat, 07 Oct 2023 15:22:00 GMT - Fri, 05 Jan 2024 15:21:59 GMT

File type
JSON data - , ASCII text
Size
65 B (65 bytes)
Hash
40275b95b2eb93167446a3df2845ebf5
83eb51acdd51e55d508038539e71cb9d0372e590
e3a1508a743f1e7fdd004b8406b4484cbb4fa9b138d43743913cdfa64e0ea6c9

HTTP Headers

GET /gid.js HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://grartoamp.com/
Origin: https://grartoamp.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 11 Dec 2023 12:13:53 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://grartoamp.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=eb6bc12d6e19456590a2a649e8f419e1; expires=Tue, 10 Dec 2024 12:13:53 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

grartoamp.com/rotate?zz=6355835&var=6635775&ymid=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&uid=eb6bc12d6e19456590a2a649e8f419e1&var_4=6576fcf078bf7b0001de97ed&os_version=10.0

139.45.197.162

200 OK

774 B

URL GET HTTP/2
grartoamp.com/rotate?zz=6355835&var=6635775&ymid=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&uid=eb6bc12d6e19456590a2a649e8f419e1&var_4=6576fcf078bf7b0001de97ed&os_version=10.0
IP
139.45.197.162:443
ASN
#9002 RETN Limited

Requested by
https://grartoamp.com/?l=jB33Wx3582pkTZu&b=19644114&z=6635775&s=6576fcf078bf7b0001de97ed&campid=431657&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=6576fcf078bf7b0001de97ed
Certificate
IssuerLet's Encrypt
Subjectgrartoamp.com
FingerprintE8:E9:8F:45:34:5D:AE:24:42:A9:EE:61:55:E9:B2:3C:63:69:C6:61
ValidityThu, 30 Nov 2023 14:21:24 GMT - Wed, 28 Feb 2024 14:21:23 GMT

File type
JSON data - , ASCII text, with very long lines (977), with no line terminators
Size
774 B (774 bytes)
Hash
f5111cc90f04e584fce568ff5f9aca73
c04c790265040bab7b7563721ce902a8be0af2a6
1a2b8fa10b0fdd37b16ec8e1228b532a27f3729e1b42c52726cf54d1fbad717f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /rotate?zz=6355835&var=6635775&ymid=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&uid=eb6bc12d6e19456590a2a649e8f419e1&var_4=6576fcf078bf7b0001de97ed&os_version=10.0 HTTP/1.1
Host: grartoamp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://grartoamp.com/?l=jB33Wx3582pkTZu&b=19644114&z=6635775&s=6576fcf078bf7b0001de97ed&campid=431657&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=6576fcf078bf7b0001de97ed
DNT: 1
Connection: keep-alive
Cookie: reverse=GHnPi_rHeSmZW_peEe0kwtRvdd82N7-IV0GYCSr-slE; OAID=8695bf9282544c6c21cd8659d1e091a0; oaidts=1702296833; syncedCookie=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 11 Dec 2023 12:13:53 GMT
content-type: application/javascript
x-trace-id: 89885c2d50c940fe1b53c24722b541c0
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
timing-allow-origin: *
vary: Accept-Encoding, Origin
access-control-allow-origin: https://grartoamp.com/
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
set-cookie: OAID=eb6bc12d6e19456590a2a649e8f419e1; expires=Tue, 10 Dec 2024 12:13:53 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2

grartoamp.com/?l=jB33Wx3582pkTZu&b=19644114&z=6635775&s=6576fcf078bf7b0001de97ed&campid=431657&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=6576fcf078bf7b0001de97ed&mprtr=1&os_version=10.0

139.45.197.162

200 OK

2 B

URL POST HTTP/2
grartoamp.com/?l=jB33Wx3582pkTZu&b=19644114&z=6635775&s=6576fcf078bf7b0001de97ed&campid=431657&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=6576fcf078bf7b0001de97ed&mprtr=1&os_version=10.0
IP
139.45.197.162:443
ASN
#9002 RETN Limited

Requested by
https://grartoamp.com/?l=jB33Wx3582pkTZu&b=19644114&z=6635775&s=6576fcf078bf7b0001de97ed&campid=431657&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=6576fcf078bf7b0001de97ed
Certificate
IssuerLet's Encrypt
Subjectgrartoamp.com
FingerprintE8:E9:8F:45:34:5D:AE:24:42:A9:EE:61:55:E9:B2:3C:63:69:C6:61
ValidityThu, 30 Nov 2023 14:21:24 GMT - Wed, 28 Feb 2024 14:21:23 GMT

File type
JSON data - , ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /?l=jB33Wx3582pkTZu&b=19644114&z=6635775&s=6576fcf078bf7b0001de97ed&campid=431657&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=6576fcf078bf7b0001de97ed&mprtr=1&os_version=10.0 HTTP/1.1
Host: grartoamp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://grartoamp.com
DNT: 1
Connection: keep-alive
Referer: https://grartoamp.com/?l=jB33Wx3582pkTZu&b=19644114&z=6635775&s=6576fcf078bf7b0001de97ed&campid=431657&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=6576fcf078bf7b0001de97ed
Cookie: reverse=GHnPi_rHeSmZW_peEe0kwtRvdd82N7-IV0GYCSr-slE; OAID=8695bf9282544c6c21cd8659d1e091a0; oaidts=1702296833
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/2 200 OK
server: nginx
date: Mon, 11 Dec 2023 12:13:53 GMT
content-type: application/json
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-encoding: br
X-Firefox-Spdy: h2

grartoamp.com/track-impression-applab?z=6635775&b=19644114&ymid=6576fcf078bf7b0001de97ed&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&var_3=19644114_431657&redirect=false&redirectUrl=https%3A%2F%2Feasybonus.xyz%2FCb7whYb8%3Fexternal_id%3D%24%7BSUBID%7D%26source%3D6635775_474_89a3984a-749c-48ba-be56-29d12d6d1b93___%26ad_campaign_id%3Dzeydoocrypto%26land_state%3Dbefore_render%26land_id%3DjB33Wx3582pkTZu%26land_generation_time%3D2023-12-11_07%3A13%3A53%26land_error_code%3D%26ruid%3D%7Bruid%7D%26mgeo%3D%7Bmgeo%7D%26oaid%3D8695bf9282544c6c21cd8659d1e091a0%26land_type%3Drtr%26isPushSubscribed%3Dfalse%26isPushAlreadySubscribed%3Dfalse%26land_tracker%3Dmarker%26land_purchase_method%3Dapk&os_version=10.0

139.45.197.162

200 OK

855 B

URL GET HTTP/2
grartoamp.com/track-impression-applab?z=6635775&b=19644114&ymid=6576fcf078bf7b0001de97ed&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&var_3=19644114_431657&redirect=false&redirectUrl=https%3A%2F%2Feasybonus.xyz%2FCb7whYb8%3Fexternal_id%3D%24%7BSUBID%7D%26source%3D6635775_474_89a3984a-749c-48ba-be56-29d12d6d1b93___%26ad_campaign_id%3Dzeydoocrypto%26land_state%3Dbefore_render%26land_id%3DjB33Wx3582pkTZu%26land_generation_time%3D2023-12-11_07%3A13%3A53%26land_error_code%3D%26ruid%3D%7Bruid%7D%26mgeo%3D%7Bmgeo%7D%26oaid%3D8695bf9282544c6c21cd8659d1e091a0%26land_type%3Drtr%26isPushSubscribed%3Dfalse%26isPushAlreadySubscribed%3Dfalse%26land_tracker%3Dmarker%26land_purchase_method%3Dapk&os_version=10.0
IP
139.45.197.162:443
ASN
#9002 RETN Limited

Requested by
https://grartoamp.com/?l=jB33Wx3582pkTZu&b=19644114&z=6635775&s=6576fcf078bf7b0001de97ed&campid=431657&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=6576fcf078bf7b0001de97ed
Certificate
IssuerLet's Encrypt
Subjectgrartoamp.com
FingerprintE8:E9:8F:45:34:5D:AE:24:42:A9:EE:61:55:E9:B2:3C:63:69:C6:61
ValidityThu, 30 Nov 2023 14:21:24 GMT - Wed, 28 Feb 2024 14:21:23 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (913), with no line terminators
Size
855 B (855 bytes)
Hash
6dcf52241326c7e65fd536c94b02a2a0
5431292f28efd005c43f8ed7ab12cb0681253219
f0de39418acd3e74160ad5829867131f29bf45b0c28592f37a4eac0de799e2b3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /track-impression-applab?z=6635775&b=19644114&ymid=6576fcf078bf7b0001de97ed&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&var_3=19644114_431657&redirect=false&redirectUrl=https%3A%2F%2Feasybonus.xyz%2FCb7whYb8%3Fexternal_id%3D%24%7BSUBID%7D%26source%3D6635775_474_89a3984a-749c-48ba-be56-29d12d6d1b93___%26ad_campaign_id%3Dzeydoocrypto%26land_state%3Dbefore_render%26land_id%3DjB33Wx3582pkTZu%26land_generation_time%3D2023-12-11_07%3A13%3A53%26land_error_code%3D%26ruid%3D%7Bruid%7D%26mgeo%3D%7Bmgeo%7D%26oaid%3D8695bf9282544c6c21cd8659d1e091a0%26land_type%3Drtr%26isPushSubscribed%3Dfalse%26isPushAlreadySubscribed%3Dfalse%26land_tracker%3Dmarker%26land_purchase_method%3Dapk&os_version=10.0 HTTP/1.1
Host: grartoamp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://grartoamp.com/?l=jB33Wx3582pkTZu&b=19644114&z=6635775&s=6576fcf078bf7b0001de97ed&campid=431657&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=6576fcf078bf7b0001de97ed
DNT: 1
Connection: keep-alive
Cookie: reverse=GHnPi_rHeSmZW_peEe0kwtRvdd82N7-IV0GYCSr-slE; OAID=8695bf9282544c6c21cd8659d1e091a0; oaidts=1702296833; syncedCookie=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 11 Dec 2023 12:13:53 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
x-trace-id: 9fec3991f127e08974b7cc1f09f7e4bf
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: *
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2

grartoamp.com/?l=jB33Wx3582pkTZu&b=19644114&z=6635775&s=6576fcf078bf7b0001de97ed&campid=431657&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=6576fcf078bf7b0001de97ed

139.45.197.162

200 OK

48 kB

URL User Request GET HTTP/2
grartoamp.com/?l=jB33Wx3582pkTZu&b=19644114&z=6635775&s=6576fcf078bf7b0001de97ed&campid=431657&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=6576fcf078bf7b0001de97ed
IP
139.45.197.162:443
ASN
#9002 RETN Limited

Certificate
IssuerLet's Encrypt
Subjectgrartoamp.com
FingerprintE8:E9:8F:45:34:5D:AE:24:42:A9:EE:61:55:E9:B2:3C:63:69:C6:61
ValidityThu, 30 Nov 2023 14:21:24 GMT - Wed, 28 Feb 2024 14:21:23 GMT

File type
HTML document text - HTML document text - HTML document text - HTML document text - HTML document text - exported SGML document, ASCII text, with very long lines (1956), with CRLF, LF line terminators
Size
48 kB (48101 bytes)
Hash
5b80c26789f66e9646469a86a3227dd0
14598c6935aa414582ad4b047c064b675e301548
0f4107e9031b90b6fb5e4a547dc4e3f4ed96a7b0a55e7e8a5086f4f6b29cd17a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?l=jB33Wx3582pkTZu&b=19644114&z=6635775&s=6576fcf078bf7b0001de97ed&campid=431657&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=6576fcf078bf7b0001de97ed HTTP/1.1
Host: grartoamp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 11 Dec 2023 12:13:53 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.27
set-cookie: reverse=GHnPi_rHeSmZW_peEe0kwtRvdd82N7-IV0GYCSr-slE; expires=Mon, 11-Dec-2023 13:13:53 GMT; Max-Age=3600; path=/
OAID=8695bf9282544c6c21cd8659d1e091a0; expires=Mon, 21-Nov-2078 00:27:46 GMT; Max-Age=1733919233; path=/
oaidts=1702296833; expires=Mon, 21-Nov-2078 00:27:46 GMT; Max-Age=1733919233; path=/
syncedCookie=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-encoding: br
X-Firefox-Spdy: h2

grartoamp.com/sw-check-permissions/6304462?var=6635775&var_3=19644114_431657&ymid=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&uhd=1

139.45.197.162

200 OK

932 B

URL GET HTTP/2
grartoamp.com/sw-check-permissions/6304462?var=6635775&var_3=19644114_431657&ymid=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&uhd=1
IP
139.45.197.162:443
ASN
#9002 RETN Limited

Requested by
https://grartoamp.com/?l=jB33Wx3582pkTZu&b=19644114&z=6635775&s=6576fcf078bf7b0001de97ed&campid=431657&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=6576fcf078bf7b0001de97ed
Certificate
IssuerLet's Encrypt
Subjectgrartoamp.com
FingerprintE8:E9:8F:45:34:5D:AE:24:42:A9:EE:61:55:E9:B2:3C:63:69:C6:61
ValidityThu, 30 Nov 2023 14:21:24 GMT - Wed, 28 Feb 2024 14:21:23 GMT

File type
ASCII text, with very long lines (993), with no line terminators
Size
932 B (932 bytes)
Hash
ebec37aea28827d7c136733135929fca
dc8db72bdd6c671379c542874bc38f661fbcbd0b
39141ba2c5041a2d5056aebb31ff8b1838e6674ec6f300f3be37cdeea0604f3b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sw-check-permissions/6304462?var=6635775&var_3=19644114_431657&ymid=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&uhd=1 HTTP/1.1
Host: grartoamp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Referer: https://grartoamp.com/?l=jB33Wx3582pkTZu&b=19644114&z=6635775&s=6576fcf078bf7b0001de97ed&campid=431657&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=6576fcf078bf7b0001de97ed
Cookie: reverse=GHnPi_rHeSmZW_peEe0kwtRvdd82N7-IV0GYCSr-slE; OAID=8695bf9282544c6c21cd8659d1e091a0; oaidts=1702296833
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 11 Dec 2023 12:13:53 GMT
content-type: application/javascript
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-encoding: br
X-Firefox-Spdy: h2

grartoamp.com/favicon.ico

139.45.197.162

204 No Content

0 B

URL GET HTTP/2
grartoamp.com/favicon.ico
IP
139.45.197.162:443
ASN
#9002 RETN Limited

Requested by
https://grartoamp.com/?l=jB33Wx3582pkTZu&b=19644114&z=6635775&s=6576fcf078bf7b0001de97ed&campid=431657&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=6576fcf078bf7b0001de97ed
Certificate
IssuerLet's Encrypt
Subjectgrartoamp.com
FingerprintE8:E9:8F:45:34:5D:AE:24:42:A9:EE:61:55:E9:B2:3C:63:69:C6:61
ValidityThu, 30 Nov 2023 14:21:24 GMT - Wed, 28 Feb 2024 14:21:23 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: grartoamp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://grartoamp.com/?l=jB33Wx3582pkTZu&b=19644114&z=6635775&s=6576fcf078bf7b0001de97ed&campid=431657&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=6576fcf078bf7b0001de97ed
Cookie: reverse=GHnPi_rHeSmZW_peEe0kwtRvdd82N7-IV0GYCSr-slE; OAID=eb6bc12d6e19456590a2a649e8f419e1; oaidts=1702296833; syncedCookie=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx
date: Mon, 11 Dec 2023 12:13:53 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

littlecdn.com/apps/templates/android-instructions/ios-sys-msg-icon/css/style.css?v=1.6

104.22.24.116

200 OK

6.5 kB

URL GET HTTP/2
littlecdn.com/apps/templates/android-instructions/ios-sys-msg-icon/css/style.css?v=1.6
IP
104.22.24.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://grartoamp.com/?l=jB33Wx3582pkTZu&b=19644114&z=6635775&s=6576fcf078bf7b0001de97ed&campid=431657&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=6576fcf078bf7b0001de97ed
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintF9:14:9E:F3:4F:17:83:0E:22:54:EF:3E:FD:37:20:6C:1D:08:CE:1F
ValidityTue, 11 Apr 2023 00:00:00 GMT - Wed, 10 Apr 2024 23:59:59 GMT

File type
ASCII text, with very long lines (6948), with no line terminators
Size
6.5 kB (6532 bytes)
Hash
060e75741c398c0e408164c4100d2b19
72149010215abe827ad74a0f3b41452ea3a068f7
936975f8be0f8e4692e0cee1be6e9c5ef99af904b853e385dba09f8b3a277780

HTTP Headers

GET /apps/templates/android-instructions/ios-sys-msg-icon/css/style.css?v=1.6 HTTP/1.1
Host: littlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://grartoamp.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 11 Dec 2023 12:13:53 GMT
content-type: text/css
last-modified: Fri, 08 Dec 2023 13:11:08 GMT
vary: Accept-Encoding
etag: W/"657315ec-1984"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=3600
cf-cache-status: HIT
age: 7033
server: cloudflare
cf-ray: 833da4e97cf7568d-OSL
content-encoding: br
X-Firefox-Spdy: h2

grartoamp.com/pfe/current/micro.tag.min.js?uhd=1&z=6304462&ymid=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&var=6635775&sw=/sw-check-permissions/6304462&var_3=19644114_431657&os_version=10.0

139.45.197.162

200 OK

27 kB

URL GET HTTP/2
grartoamp.com/pfe/current/micro.tag.min.js?uhd=1&z=6304462&ymid=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&var=6635775&sw=/sw-check-permissions/6304462&var_3=19644114_431657&os_version=10.0
IP
139.45.197.162:443
ASN
#9002 RETN Limited

Requested by
https://grartoamp.com/?l=jB33Wx3582pkTZu&b=19644114&z=6635775&s=6576fcf078bf7b0001de97ed&campid=431657&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=6576fcf078bf7b0001de97ed
Certificate
IssuerLet's Encrypt
Subjectgrartoamp.com
FingerprintE8:E9:8F:45:34:5D:AE:24:42:A9:EE:61:55:E9:B2:3C:63:69:C6:61
ValidityThu, 30 Nov 2023 14:21:24 GMT - Wed, 28 Feb 2024 14:21:23 GMT

File type
ASCII text, with very long lines (27007), with no line terminators
Size
27 kB (27007 bytes)
Hash
5ccd2d5882a06f293d07510ac91c92e6
b44dc0eaa03981adb70d3313e728f9359c1d21c1
9fc2aa21f3a7bfe66783d35fdbb48147f73e72a41f87aea848f64a8cb4518eba

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pfe/current/micro.tag.min.js?uhd=1&z=6304462&ymid=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&var=6635775&sw=/sw-check-permissions/6304462&var_3=19644114_431657&os_version=10.0 HTTP/1.1
Host: grartoamp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://grartoamp.com/?l=jB33Wx3582pkTZu&b=19644114&z=6635775&s=6576fcf078bf7b0001de97ed&campid=431657&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=6576fcf078bf7b0001de97ed
Cookie: reverse=GHnPi_rHeSmZW_peEe0kwtRvdd82N7-IV0GYCSr-slE; OAID=8695bf9282544c6c21cd8659d1e091a0; oaidts=1702296833
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 11 Dec 2023 12:13:53 GMT
content-type: application/javascript
last-modified: Thu, 23 Nov 2023 20:42:33 GMT
vary: Accept-Encoding
etag: W/"655fb939-697f"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: br
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (17)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by