Report - partner-id891489.com

Report Overview

Visited public
2025-03-20 09:45:55
Tags
URL
partner-id891489.com
Finishing URL
partner-id891489.com/
IP / ASN
104.21.90.197
#13335 CLOUDFLARENET
Title
Verify Your Request

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
partner-id891489.com	unknown	2025-02-13	2025-03-20	2025-03-20	2.4 kB	608 kB	104.21.90.197

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-03-20	medium	partner-id891489.com	Sinkholed
2025-03-20	medium	partner-id891489.com	Sinkholed
2025-03-20	medium	partner-id891489.com	Sinkholed
2025-03-20	medium	partner-id891489.com	Sinkholed
2025-03-20	medium	partner-id891489.com	Sinkholed

ThreatFox

Scan Date	Severity	Indicator	Alert
2025-03-18	medium	partner-id891489.com	Unknown malware
2025-03-18	medium	partner-id891489.com	Unknown malware
2025-03-18	medium	partner-id891489.com	Unknown malware
2025-03-18	medium	partner-id891489.com	Unknown malware
2025-03-18	medium	partner-id891489.com	Unknown malware

JavaScript (4)

	URL	From	Size	First Seen	Last Seen
	partner-id891489.com/	ScriptElement	921 B	2025-03-20	2025-03-20
Pretty URL partner-id891489.com/ IP 104.21.90.197 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-20 09:45 Last Seen2025-03-20 09:45 Times Seen1 Hash b5388439b0c2808617e6968901056f9b 9f57d9dab40579667d0bae29fd11b21c7aa09f57 427953ff5a513bf1b23a1449d97657c55305b6779ece4330e64de618ce4a5090 Loading...

	partner-id891489.com/	ScriptElement	4.3 kB	2025-03-20	2025-05-04
Pretty URL partner-id891489.com/ IP 104.21.90.197 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-20 09:45 Last Seen2025-05-04 09:53 Times Seen18 Hash e22515219f141d206a499b9fdd5185df 8837b5eca7929e58ad5cf85e8926c3d810edcc59 5a5b050a44994151e02bd16cf74a46e88b94008dea00de13792539f0338aaf72 Loading...

	about:blank	ScriptElement	236 B	2025-03-20	2025-03-20
Pretty URL about:blank IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-20 09:45 Last Seen2025-03-20 09:45 Times Seen1 Hash bf83b413397f4f48b41aab089a1c4ac6 8806acea4337aa0299e04f7134dde1ad8e9c03b3 0c1f6bda7bda12e77b816cf8b34971901619621a2f9b781dd9e6be169bcfcc60 Loading...

	partner-id891489.com/cdn-cgi/challenge-platform/scripts/jsd/main.js	ScriptElement	8.4 kB	2025-03-20	2025-03-20
Pretty URL partner-id891489.com/cdn-cgi/challenge-platform/scripts/jsd/main.js IP 104.21.90.197 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-20 09:25 Last Seen2025-03-20 09:50 Times Seen3 Hash 3007635a008202f014467936be6be922 112665bff073ce6121963fc9f2e4f385838208c1 f69abd58bd00719bbbe3d79dba4826c7943c8ab6daef494de0871fe638a3c485 Loading...

HTTP Transactions (5)

URL IP Response Size

partner-id891489.com/cdn-cgi/challenge-platform/scripts/jsd/main.js

104.21.90.197

302 Found

8.4 kB

URL GET
partner-id891489.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
IP
104.21.90.197:443
ASN
#13335 CLOUDFLARENET

Requested by
https://partner-id891489.com/
Certificate
IssuerGoogle Trust Services
Subjectpartner-id891489.com
FingerprintD1:CC:33:77:68:40:74:5D:E8:27:02:5E:75:CD:27:CA:34:7C:1C:09
ValidityThu, 13 Feb 2025 13:15:27 GMT - Wed, 14 May 2025 14:13:37 GMT

File type

Size
8.4 kB (8373 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Unknown malware
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: partner-id891489.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 302 Found
date: Thu, 20 Mar 2025 09:45:33 GMT
content-length: 0
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/708f7a809116/main.js?
cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public
access-control-allow-origin: *
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zwJQRGmtshzzM%2BY2PmHeHggS48077WY%2F4l%2B%2BJ%2ByMYg2d1CZ8fE2W4IlegmrF5GDnLo5rR%2Bnus%2FHWohUw3ti%2BIeCPknX6ntJ%2BJfNsQnGgcFwJgSJ4ZC54FpWk0GTddBW42Xg33xYIXw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 923446fe19eaf5c9-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=22370&min_rtt=20821&rtt_var=8914&sent=12&recv=7&lost=0&retrans=0&sent_bytes=4091&recv_bytes=1365&delivery_rate=28528&cwnd=12000&unsent_bytes=0&cid=3d7d12211da93edb&ts=301&x=1", cfExtPri, cfHdrFlush;dur=0

partner-id891489.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/708f7a809116/main.js?

104.21.90.197

200 OK

8.4 kB

URL GET
partner-id891489.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/708f7a809116/main.js?
IP
104.21.90.197:443
ASN
#13335 CLOUDFLARENET

Requested by
https://partner-id891489.com/
Certificate
IssuerGoogle Trust Services
Subjectpartner-id891489.com
FingerprintD1:CC:33:77:68:40:74:5D:E8:27:02:5E:75:CD:27:CA:34:7C:1C:09
ValidityThu, 13 Feb 2025 13:15:27 GMT - Wed, 14 May 2025 14:13:37 GMT

File type
JavaScript source, ASCII text, with very long lines (8373), with no line terminators
Size
8.4 kB (8373 bytes)
Hash
3007635a008202f014467936be6be922
112665bff073ce6121963fc9f2e4f385838208c1
f69abd58bd00719bbbe3d79dba4826c7943c8ab6daef494de0871fe638a3c485

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Unknown malware
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/708f7a809116/main.js? HTTP/1.1
Host: partner-id891489.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 20 Mar 2025 09:45:33 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public
x-content-type-options: nosniff
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KdbBku0ApCjhVz%2BlUbDAln7jJseV5AIBSWOb9b36juK%2F6jl08qKM9SZChWSJxjtO81n3woKeEPn3nYx%2FhWJNLnmFreM3wCOerheWqoScOw5A7I0WZQH%2F8TP7qZvAtZWdtEcV97PWDQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 923446fe5a35f5c9-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=23301&min_rtt=20821&rtt_var=8547&sent=15&recv=9&lost=0&retrans=0&sent_bytes=5098&recv_bytes=1679&delivery_rate=2697&cwnd=12000&unsent_bytes=0&cid=3d7d12211da93edb&ts=343&x=1", cfExtPri, cfHdrFlush;dur=0

partner-id891489.com/cdn-cgi/challenge-platform/h/b/jsd/r/0.1303874291069989:1742461986:rvQBhySccTI1vTYbXNmDOdduN-T2V2H7bL7mjI4idn4/923446fbbfaafba8

104.21.90.197

200 OK

0 B

URL POST
partner-id891489.com/cdn-cgi/challenge-platform/h/b/jsd/r/0.1303874291069989:1742461986:rvQBhySccTI1vTYbXNmDOdduN-T2V2H7bL7mjI4idn4/923446fbbfaafba8
IP
104.21.90.197:443
ASN
#13335 CLOUDFLARENET

Requested by
https://partner-id891489.com/
Certificate
IssuerGoogle Trust Services
Subjectpartner-id891489.com
FingerprintD1:CC:33:77:68:40:74:5D:E8:27:02:5E:75:CD:27:CA:34:7C:1C:09
ValidityThu, 13 Feb 2025 13:15:27 GMT - Wed, 14 May 2025 14:13:37 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Unknown malware
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/jsd/r/0.1303874291069989:1742461986:rvQBhySccTI1vTYbXNmDOdduN-T2V2H7bL7mjI4idn4/923446fbbfaafba8 HTTP/1.1
Host: partner-id891489.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 12094
Origin: https://partner-id891489.com
DNT: 1
Connection: keep-alive
Referer: https://partner-id891489.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 20 Mar 2025 09:45:33 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
set-cookie: cf_clearance=qRB236ntnW3xlzNBJer0PECc5L1GvGwAsWHBypS6X.4-1742463933-1.2.1.1-2SRg.Aam.q1tFj4pGnVcM7F2y83MNAI7sOp6V_4isFziLLqscMDznnQiEPFCSyO5nrQdtDT73yPrt9_d11zIvr4hSnZYtNm6T6MvHGC4Ug0xHY8wOJ.GQ3KF7a2P8OEhEX4UEcQh.pbUccqrHX1Y_BOTOXmpe7cQtQob12Wh.AYgbD3AtF16Sc6.RU4Ascx2cyW8o_tjfOOkRoJVg9jAh1Z4_5jgPipSoMFhdGRbYK6ECcQ_NcEL25DJK9ZpgzmQUms0d6fCGInsOr_oqmtzShZ5ljiBqbVce5nzQkNCeRD937ZcQXdBxtLgJSU.iHNV4GdwTla3uLvHe0y5SBP_CmX1dc5kbecONBUFzBGasas; HttpOnly; SameSite=None; Partitioned; Secure; Path=/; Domain=partner-id891489.com; Expires=Fri, 20 Mar 2026 09:45:33 GMT
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m5yDRmNF7YWEJvn27Oga3PYmqpdmp6pAwTpXPOHlI2AfGGOjZXTa%2FrmX%2FOEJba%2FMdfmnw%2BHU8sI6s2b7G9IY1wKWXLWYSlNwaR6IjczwmlHqHNQ6oHpQYNnbG9wxDdkajLtVaEvtwA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 923446ff8b58f5c9-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=23671&min_rtt=20821&rtt_var=7151&sent=27&recv=20&lost=0&retrans=0&sent_bytes=10078&recv_bytes=14587&delivery_rate=17655&cwnd=12000&unsent_bytes=0&cid=3d7d12211da93edb&ts=544&x=1", cfExtPri, cfHdrFlush;dur=0

partner-id891489.com/

104.21.90.197

200 OK

586 kB

URL User Request GET
partner-id891489.com/
IP
104.21.90.197:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectpartner-id891489.com
FingerprintD1:CC:33:77:68:40:74:5D:E8:27:02:5E:75:CD:27:CA:34:7C:1C:09
ValidityThu, 13 Feb 2025 13:15:27 GMT - Wed, 14 May 2025 14:13:37 GMT

File type
HTML document, ASCII text, with very long lines (65061)
Size
586 kB (586261 bytes)
Hash
5f40fc1059603448f19d93f113e1cd38
aeb0804b52b161e14d4963dcfd7a6100ac2c009c
16da483ff57a91bdd9a951c64e0123e035cf17954f40c5de74c1233394ff4ef2

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Unknown malware
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: partner-id891489.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 20 Mar 2025 09:45:32 GMT
content-type: text/html; charset=utf-8
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8MvZ1sIkk5zOTTvW%2F%2FUU%2F9wQT9TC81aePNAgEGo7ohYUApDUEYdgy0l%2FYgho2iiR9vXBkaeSDc6vfkrM61%2B409C2hhcY4j%2Fy8RPQExzeslr0Uqyo5g6BPpBXqPEStbvhfT3d69OdmQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 923446fbbfaafba8-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=23297&min_rtt=23250&rtt_var=3760&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3298&recv_bytes=1262&delivery_rate=186237&cwnd=171&unsent_bytes=0&cid=518743cbbcc8d595&ts=96&x=0"
X-Firefox-Spdy: h2

partner-id891489.com/favicon.ico

104.21.90.197

404 Not Found

22 B

URL GET
partner-id891489.com/favicon.ico
IP
104.21.90.197:443
ASN
#13335 CLOUDFLARENET

Requested by
https://partner-id891489.com/
Certificate
IssuerGoogle Trust Services
Subjectpartner-id891489.com
FingerprintD1:CC:33:77:68:40:74:5D:E8:27:02:5E:75:CD:27:CA:34:7C:1C:09
ValidityThu, 13 Feb 2025 13:15:27 GMT - Wed, 14 May 2025 14:13:37 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
22 B (22 bytes)
Hash
fe13f571bd90fac256696b8b7f0a4ca2
e7746a22a94050235b3ebf0a4e708dd206cd7f30
bca52259bed519131221a4f7ac6c92ce464774cbd6fb8ab7e38bf4ea422a9a31

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Unknown malware
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: partner-id891489.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://partner-id891489.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Thu, 20 Mar 2025 09:45:33 GMT
content-type: application/json
server: cloudflare
cache-control: max-age=14400
cf-cache-status: EXPIRED
priority: u=6,i=?0
content-encoding: br
cf-ray: 923446fe09ddf5c9-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (5)

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL POST

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers