Report - restedfeatures.com/cavtpcge95?adb=n&adb=n&adb=n&adb=n&dev=r&gies=34&key=8eed0af3ba88434b397fe82f5912d434&kw=["livecamrips","com","bridget","spring6871","live","show","recorded","on","2024-05-07","20","36","14"]&psid=livecamrips.com,livecamrips.com&refer=https://livecamrips.com/video/3463669&res=14.31&scrHeight=1080&scrWidth=1920&ship=&sub3=invoke_layer&tz=2&uuid=5b3329a6-838f-47bb-8130-393e8c40ff5a:2:1&v=24.5.8230

Report Overview

Visited public
2024-05-22 23:03:49
Tags
Submit Tags
URL
restedfeatures.com/cavtpcge95?adb=n&adb=n&adb=n&adb=n&dev=r&gies=34&key=8eed0af3ba88434b397fe82f5912d434&kw=["livecamrips","com","bridget","spring6871","live","show","recorded","on","2024-05-07","20","36","14"]&psid=livecamrips.com,livecamrips.com&refer=https://livecamrips.com/video/3463669&res=14.31&scrHeight=1080&scrWidth=1920&ship=&sub3=invoke_layer&tz=2&uuid=5b3329a6-838f-47bb-8130-393e8c40ff5a:2:1&v=24.5.8230
Finishing URL
ww12.vaultvault.xyz/?usid=16&utid=32886964201
IP / ASN
192.243.59.13
#39572 DataWeb Global Group B.V.
Title
vaultvault.xyz

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ifdnzact.com	unknown	2022-10-18	2022-10-27 15:15:07	2024-05-02 12:18:24	453 B	494 B	208.91.196.46
restedfeatures.com	unknown	2024-05-06	2024-05-07 10:44:02	2024-05-22 13:03:10	5.2 kB	5.0 kB	172.240.108.68
trafficscore.xyz	unknown	2023-09-20	2023-09-29 21:08:54	2024-03-08 21:59:12	1.1 kB	1.3 kB	188.114.97.1
vaultvault.xyz	unknown	unknown	No data	No data	385 B	352 B	72.52.179.174
ww12.vaultvault.xyz	unknown	unknown	No data	No data	789 B	2.1 kB	13.248.148.254
parking.parklogic.com	121827	2007-02-28	2015-10-23 03:38:08	2024-04-30 18:11:25	856 B	1.7 kB	67.225.218.50

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-22	medium	restedfeatures.com	Sinkholed
2024-05-22	medium	restedfeatures.com	Sinkholed
2024-05-22	medium	restedfeatures.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (2)

	URL	From	Size	First Seen	Last Seen
	parking.parklogic.com/page/enhance.js?pcId=12&domain=vaultvault.xyz	ScriptElement	1.1 kB	2024-08-19	2024-08-19
Pretty URL parking.parklogic.com/page/enhance.js?pcId=12&domain=vaultvault.xyz IP 67.225.218.50 ASN #32244 LIQUIDWEB Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-19 22:10 Last Seen2024-08-19 22:10 Times Seen1 Hash 504b08889d93b3ca1b203209da7e099c 00e7ede9f2216e2736b3898f2a1238bfc70c2a26 b7d89265a595f05a492afd2d96f7c7ae1b88d9bfdf9c6a9058759cd1e865f39a Loading...

	ww12.vaultvault.xyz/?usid=16&utid=32886964201	ScriptElement	0 B	0001-01-01	2025-07-16
Pretty URL ww12.vaultvault.xyz/?usid=16&utid=32886964201 IP 13.248.148.254 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-07-16 07:27 Times Seen5433857 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

HTTP Transactions (11)

URL IP Response Size

restedfeatures.com/cavtpcge95?adb=n&adb=n&adb=n&adb=n&dev=r&gies=34&key=8eed0af3ba88434b397fe82f5912d434&kw=[%22livecamrips%22,%22com%22,%22bridget%22,%22spring6871%22,%22live%22,%22show%22,%22recorded%22,%22on%22,%222024-05-07%22,%2220%22,%2236%22,%2214%22]&psid=livecamrips.com,livecamrips.com&refer=https://livecamrips.com/video/3463669&res=14.31&scrHeight=1080&scrWidth=1920&ship=&sub3=invoke_layer&tz=2&uuid=5b3329a6-838f-47bb-8130-393e8c40ff5a:2:1&v=24.5.8230

172.240.108.68

1.7 kB

URL
restedfeatures.com/cavtpcge95?adb=n&adb=n&adb=n&adb=n&dev=r&gies=34&key=8eed0af3ba88434b397fe82f5912d434&kw=[%22livecamrips%22,%22com%22,%22bridget%22,%22spring6871%22,%22live%22,%22show%22,%22recorded%22,%22on%22,%222024-05-07%22,%2220%22,%2236%22,%2214%22]&psid=livecamrips.com,livecamrips.com&refer=https://livecamrips.com/video/3463669&res=14.31&scrHeight=1080&scrWidth=1920&ship=&sub3=invoke_layer&tz=2&uuid=5b3329a6-838f-47bb-8130-393e8c40ff5a:2:1&v=24.5.8230
IP
172.240.108.68:0
ASN
#7979 SERVERS-COM

File type
HTML document, ASCII text, with very long lines (1148)
Size
1.7 kB (1710 bytes)
Hash
6ce774e991f5443b6155b123a28fcf86
fba8b3f3c87d252bd0d73ee5256f6f1900622231
78e9f209c718960dad114600f7dc9038027a5c241117c38197ed9f15a7275fb9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cavtpcge95?adb=n&adb=n&adb=n&adb=n&dev=r&gies=34&key=8eed0af3ba88434b397fe82f5912d434&kw=[%22livecamrips%22,%22com%22,%22bridget%22,%22spring6871%22,%22live%22,%22show%22,%22recorded%22,%22on%22,%222024-05-07%22,%2220%22,%2236%22,%2214%22]&psid=livecamrips.com,livecamrips.com&refer=https://livecamrips.com/video/3463669&res=14.31&scrHeight=1080&scrWidth=1920&ship=&sub3=invoke_layer&tz=2&uuid=5b3329a6-838f-47bb-8130-393e8c40ff5a:2:1&v=24.5.8230 HTTP/1.1
Host: restedfeatures.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 22 May 2024 23:03:25 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=22400125; expires=Thu, 23 May 2024 23:03:25 GMT
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjQwMDEyNSwiayI6IjhlZWQwYWYzYmE4ODQzNGIzOTdmZTgyZjU5MTJkNDM0Iiwic2lkIjoibGl2ZWNhbXJpcHMuY29tLGxpdmVjYW1yaXBzLmNvbSIsImlzaWQiOjIsImFzaWQiOjEsInppZCI6MjQxODc0OSwicGlkIjo4MTQ2NDAsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MjgsInB0Ijo0LCJwayI6ImNhdnRwY2dlOTUiLCJjcGtzIjp7IjI5IjoiNWM0MTA2NzBlNjkwY2U5ZGYwZDlkYzk3NDM1MDM1ODgifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjpmYWxzZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2xpdmVjYW1yaXBzLmNvbS92aWRlby8zNDYzNjY5IiwiYXIiOltdfX0.X-6zAe0ib4d29DO7wHAKIH6hpYoFWCUmYzqnyV0D_Wo; expires=Wed, 22 May 2024 23:04:25 GMT
uid_id2=5b3329a6-838f-47bb-8130-393e8c40ff5a:2:1; expires=Wed, 29 May 2024 23:03:25 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1579669f905f51a5572522235a1c798b
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

GET restedfeatures.com/api/users?token=L2NhdnRwY2dlOTU_YWRiPW4mZGV2PXImZ2llcz0zNCZrZXk9OGVlZDBhZjNiYTg4NDM0YjM5N2ZlODJmNTkxMmQ0MzQma3c9JTVCJTIybGl2ZWNhbXJpcHMlMjIlMkMlMjJjb20lMjIlMkMlMjJicmlkZ2V0JTIyJTJDJTIyc3ByaW5nNjg3MSUyMiUyQyUyMmxpdmUlMjIlMkMlMjJzaG93JTIyJTJDJTIycmVjb3JkZWQlMjIlMkMlMjJvbiUyMiUyQyUyMjIwMjQtMDUtMDclMjIlMkMlMjIyMCUyMiUyQyUyMjM2JTIyJTJDJTIyMTQlMjIlNUQmcHNpZD1saXZlY2Ftcmlwcy5jb20lMkNsaXZlY2Ftcmlwcy5jb20mcHN0PTE3MTY0MTkwNjUmcmVmZXI9aHR0cHMlM0ElMkYlMkZsaXZlY2Ftcmlwcy5jb20lMkZ2aWRlbyUyRjM0NjM2NjkmcmVzPTE0LjMxJnJtdGM9dCZzY3JIZWlnaHQ9MTA4MCZzY3JXaWR0aD0xOTIwJnNoaXA9JnNodT0yMTk2ZjVlODk1M2U4ZDVmMzJiNGIzYTM1NzhhYTVjZTRmNzYyMDE1ZGNhNzY2MzA1YjRiZDE5ZTk1NTMxNzBmOWRkMjBiYzczZDQ4ZTNjMmZmMjQ4ZTc5YWEwODI5YTRmMmYzY2E2YmMwYjRhMjllNDdlZWRhZDI4NzZkZWRkYTA4OWZhODlhNGVhMzEwMGExYTI5OTAyZjEwNDZhZDlmMGJjYWFkZjAyODMxNjAwM2EwZTBhYWY4YmQzYiZzdWIzPWludm9rZV9sYXllciZ0ej0yJnV1aWQ9NWIzMzI5YTYtODM4Zi00N2JiLTgxMzAtMzkzZThjNDBmZjVhJTNBMiUzQTEmdj0yNC41LjgyMzA&uuid=5b3329a6-838f-47bb-8130-393e8c40ff5a%3A2%3A1&pii=&in=false

172.240.108.68

302 Found

0 B

URL User Request GET HTTP/1.1
restedfeatures.com/api/users?token=L2NhdnRwY2dlOTU_YWRiPW4mZGV2PXImZ2llcz0zNCZrZXk9OGVlZDBhZjNiYTg4NDM0YjM5N2ZlODJmNTkxMmQ0MzQma3c9JTVCJTIybGl2ZWNhbXJpcHMlMjIlMkMlMjJjb20lMjIlMkMlMjJicmlkZ2V0JTIyJTJDJTIyc3ByaW5nNjg3MSUyMiUyQyUyMmxpdmUlMjIlMkMlMjJzaG93JTIyJTJDJTIycmVjb3JkZWQlMjIlMkMlMjJvbiUyMiUyQyUyMjIwMjQtMDUtMDclMjIlMkMlMjIyMCUyMiUyQyUyMjM2JTIyJTJDJTIyMTQlMjIlNUQmcHNpZD1saXZlY2Ftcmlwcy5jb20lMkNsaXZlY2Ftcmlwcy5jb20mcHN0PTE3MTY0MTkwNjUmcmVmZXI9aHR0cHMlM0ElMkYlMkZsaXZlY2Ftcmlwcy5jb20lMkZ2aWRlbyUyRjM0NjM2NjkmcmVzPTE0LjMxJnJtdGM9dCZzY3JIZWlnaHQ9MTA4MCZzY3JXaWR0aD0xOTIwJnNoaXA9JnNodT0yMTk2ZjVlODk1M2U4ZDVmMzJiNGIzYTM1NzhhYTVjZTRmNzYyMDE1ZGNhNzY2MzA1YjRiZDE5ZTk1NTMxNzBmOWRkMjBiYzczZDQ4ZTNjMmZmMjQ4ZTc5YWEwODI5YTRmMmYzY2E2YmMwYjRhMjllNDdlZWRhZDI4NzZkZWRkYTA4OWZhODlhNGVhMzEwMGExYTI5OTAyZjEwNDZhZDlmMGJjYWFkZjAyODMxNjAwM2EwZTBhYWY4YmQzYiZzdWIzPWludm9rZV9sYXllciZ0ej0yJnV1aWQ9NWIzMzI5YTYtODM4Zi00N2JiLTgxMzAtMzkzZThjNDBmZjVhJTNBMiUzQTEmdj0yNC41LjgyMzA&uuid=5b3329a6-838f-47bb-8130-393e8c40ff5a%3A2%3A1&pii=&in=false
IP
172.240.108.68:443
ASN
#7979 SERVERS-COM

Certificate
IssuerLet's Encrypt
Subjectrestedfeatures.com
Fingerprint99:6A:08:24:87:8D:99:4B:3C:DF:AF:B1:28:8C:E3:55:1C:28:74:EA
ValidityMon, 06 May 2024 12:47:15 GMT - Sun, 04 Aug 2024 12:47:14 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /api/users?token=L2NhdnRwY2dlOTU_YWRiPW4mZGV2PXImZ2llcz0zNCZrZXk9OGVlZDBhZjNiYTg4NDM0YjM5N2ZlODJmNTkxMmQ0MzQma3c9JTVCJTIybGl2ZWNhbXJpcHMlMjIlMkMlMjJjb20lMjIlMkMlMjJicmlkZ2V0JTIyJTJDJTIyc3ByaW5nNjg3MSUyMiUyQyUyMmxpdmUlMjIlMkMlMjJzaG93JTIyJTJDJTIycmVjb3JkZWQlMjIlMkMlMjJvbiUyMiUyQyUyMjIwMjQtMDUtMDclMjIlMkMlMjIyMCUyMiUyQyUyMjM2JTIyJTJDJTIyMTQlMjIlNUQmcHNpZD1saXZlY2Ftcmlwcy5jb20lMkNsaXZlY2Ftcmlwcy5jb20mcHN0PTE3MTY0MTkwNjUmcmVmZXI9aHR0cHMlM0ElMkYlMkZsaXZlY2Ftcmlwcy5jb20lMkZ2aWRlbyUyRjM0NjM2NjkmcmVzPTE0LjMxJnJtdGM9dCZzY3JIZWlnaHQ9MTA4MCZzY3JXaWR0aD0xOTIwJnNoaXA9JnNodT0yMTk2ZjVlODk1M2U4ZDVmMzJiNGIzYTM1NzhhYTVjZTRmNzYyMDE1ZGNhNzY2MzA1YjRiZDE5ZTk1NTMxNzBmOWRkMjBiYzczZDQ4ZTNjMmZmMjQ4ZTc5YWEwODI5YTRmMmYzY2E2YmMwYjRhMjllNDdlZWRhZDI4NzZkZWRkYTA4OWZhODlhNGVhMzEwMGExYTI5OTAyZjEwNDZhZDlmMGJjYWFkZjAyODMxNjAwM2EwZTBhYWY4YmQzYiZzdWIzPWludm9rZV9sYXllciZ0ej0yJnV1aWQ9NWIzMzI5YTYtODM4Zi00N2JiLTgxMzAtMzkzZThjNDBmZjVhJTNBMiUzQTEmdj0yNC41LjgyMzA&uuid=5b3329a6-838f-47bb-8130-393e8c40ff5a%3A2%3A1&pii=&in=false HTTP/1.1
Host: restedfeatures.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://restedfeatures.com/api/users?token=L2NhdnRwY2dlOTU_a2V5PTljYTYwMWE5ZjQ3YzczNWRmNzZkNWNhNDZmYTI2YTY2JnN1Ym1ldHJpYz0yMjQwMDEyNQ
Cookie: u_pl=22400125; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjQwMDEyNSwiayI6IjhlZWQwYWYzYmE4ODQzNGIzOTdmZTgyZjU5MTJkNDM0Iiwic2lkIjoibGl2ZWNhbXJpcHMuY29tLGxpdmVjYW1yaXBzLmNvbSIsImlzaWQiOjIsImFzaWQiOjEsInppZCI6MjQxODc0OSwicGlkIjo4MTQ2NDAsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MjgsInB0Ijo0LCJwayI6ImNhdnRwY2dlOTUiLCJjcGtzIjp7IjI5IjoiNWM0MTA2NzBlNjkwY2U5ZGYwZDlkYzk3NDM1MDM1ODgifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjpmYWxzZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2xpdmVjYW1yaXBzLmNvbS92aWRlby8zNDYzNjY5IiwiYXIiOltdfX0.X-6zAe0ib4d29DO7wHAKIH6hpYoFWCUmYzqnyV0D_Wo; uid_id2=5b3329a6-838f-47bb-8130-393e8c40ff5a:2:1; cjs=t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.21.6
Date: Wed, 22 May 2024 23:03:25 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://trafficscore.xyz/in/adst-world-desktop/
Set-Cookie: uid_id2=5b3329a6-838f-47bb-8130-393e8c40ff5a:2:1; expires=Wed, 29 May 2024 23:03:25 GMT
iprc65b12c779d2a2f2df3e7c3034211805a=5215567; expires=Thu, 23 May 2024 23:03:25 GMT
pdhtkv=true; expires=Thu, 23 May 2024 23:03:25 GMT
uncs=1; expires=Thu, 23 May 2024 23:03:25 GMT
pdhtkv28=true; expires=Thu, 23 May 2024 23:03:25 GMT
uncs28=1; expires=Thu, 23 May 2024 23:03:25 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ad6bd1bb1bf1dcd11353ff0855f2b8c3
Strict-Transport-Security: max-age=0; includeSubdomains

GET trafficscore.xyz/in/adst-world-desktop/

188.114.97.1

302 Found

0 B

URL User Request GET HTTP/2
trafficscore.xyz/in/adst-world-desktop/
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjecttrafficscore.xyz
FingerprintF6:65:32:03:91:1E:21:3C:6B:08:07:FF:8E:10:97:8C:5E:59:06:07
ValiditySun, 07 Apr 2024 18:46:47 GMT - Sat, 06 Jul 2024 18:46:46 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/adst-world-desktop/ HTTP/1.1
Host: trafficscore.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://restedfeatures.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Wed, 22 May 2024 23:03:26 GMT
content-length: 0
location: https://trafficscore.xyz/in/all-domain/
vary: *
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NqSpLJo4JLP1vhRajl6pqoKd4%2FOnl630iYJ7fuP2Ac7mXC9wpP2QYFNGROBb272ZdPRlj80w%2FSVnalIx8%2BUM1F8gzan0wmI9t47Gwr7N9Q8Y4Cl9JGpHz%2FJD6WWnRr8%2F%2Fgjo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88807083dde1b524-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET trafficscore.xyz/in/all-domain/

188.114.97.1

302 Found

0 B

URL User Request GET HTTP/2
trafficscore.xyz/in/all-domain/
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjecttrafficscore.xyz
FingerprintF6:65:32:03:91:1E:21:3C:6B:08:07:FF:8E:10:97:8C:5E:59:06:07
ValiditySun, 07 Apr 2024 18:46:47 GMT - Sat, 06 Jul 2024 18:46:46 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/all-domain/ HTTP/1.1
Host: trafficscore.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://restedfeatures.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
date: Wed, 22 May 2024 23:03:26 GMT
content-length: 0
location: http://vaultvault.xyz
vary: *
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jdh9IETF7Ty%2Br6R%2Fu1wrC1Cp1inLM4GqoGmMjp%2B0xF9h7g0YVgPY4UDeJIoecxuAS1hkqt3urjzPt3ruo%2B0WB6Y3zidQCFUQxT6iEb4Q0ddhghzOei60rywV5rHXkgNi9XpA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 888070841e0fb524-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

restedfeatures.com/favicon.ico

172.240.108.84

0 B

URL
restedfeatures.com/favicon.ico
IP
172.240.108.84:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: restedfeatures.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://restedfeatures.com/api/users?token=L2NhdnRwY2dlOTU_a2V5PTljYTYwMWE5ZjQ3YzczNWRmNzZkNWNhNDZmYTI2YTY2JnN1Ym1ldHJpYz0yMjQwMDEyNQ
Cookie: u_pl=22400125; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjQwMDEyNSwiayI6IjhlZWQwYWYzYmE4ODQzNGIzOTdmZTgyZjU5MTJkNDM0Iiwic2lkIjoibGl2ZWNhbXJpcHMuY29tLGxpdmVjYW1yaXBzLmNvbSIsImlzaWQiOjIsImFzaWQiOjEsInppZCI6MjQxODc0OSwicGlkIjo4MTQ2NDAsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MjgsInB0Ijo0LCJwayI6ImNhdnRwY2dlOTUiLCJjcGtzIjp7IjI5IjoiNWM0MTA2NzBlNjkwY2U5ZGYwZDlkYzk3NDM1MDM1ODgifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjpmYWxzZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2xpdmVjYW1yaXBzLmNvbS92aWRlby8zNDYzNjY5IiwiYXIiOltdfX0.X-6zAe0ib4d29DO7wHAKIH6hpYoFWCUmYzqnyV0D_Wo; uid_id2=5b3329a6-838f-47bb-8130-393e8c40ff5a:2:1; cjs=t
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 22 May 2024 23:03:26 GMT
Content-Type: image/x-icon
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a16c6a320e5e4ad5962773a8bc0a3b78
Strict-Transport-Security: max-age=0; includeSubdomains

GET vaultvault.xyz/

72.52.179.174

302 Moved Temporarily

0 B

URL User Request GET HTTP/1.1
vaultvault.xyz/
IP
72.52.179.174:80
ASN
#32244 LIQUIDWEB

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: vaultvault.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9
Cache-Control: no-cache
Content-Type: text/html; charset=UTF-8
Date: Wed, 22 May 2024 23:03:26 GMT
Location: http://ww12.vaultvault.xyz/?usid=16&utid=32886964201
Pragma: no-cache
Connection: Keep-Alive
X-Powered-By: PHP/5.4.16
Content-Length: 0

GET ww12.vaultvault.xyz/?usid=16&utid=32886964201

13.248.148.254

200 OK

1.1 kB

URL User Request GET HTTP/1.1
ww12.vaultvault.xyz/?usid=16&utid=32886964201
IP
13.248.148.254:80
ASN
#16509 AMAZON-02

File type
HTML document, ASCII text
Size
1.1 kB (1065 bytes)
Hash
dbaccb83c6e00839f1aba8fa44bdcc2e
ae8e554971589b4aea5cbc45beba3d84e1572105
b04893920b9c7e202f9bcc883f1e3c7cd8703e535087500f5a5ab597cb3b3582

HTTP Headers

GET /?usid=16&utid=32886964201 HTTP/1.1
Host: ww12.vaultvault.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 22 May 2024 23:03:27 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Redirect: skenzo
X-Buckets: bucket102
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_thlT76zeJhsEI8YfTsRhMdLLF4lT0Hna+DfSRcHWXEQtC0Q8ivoeVW2OBYhtYDUU10Wk9gEfKYNjnHK3aoKYOA==
X-Template: tpl_CleanPeppermintBlack_twoclick
X-Language: norwegian
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
X-Domain: vaultvault.xyz
X-Subdomain: ww12
Content-Encoding: gzip

GET parking.parklogic.com/page/enhance.js?pcId=12&domain=vaultvault.xyz

67.225.218.50

200 OK

1.1 kB

URL GET HTTP/1.1
parking.parklogic.com/page/enhance.js?pcId=12&domain=vaultvault.xyz
IP
67.225.218.50:80
ASN
#32244 LIQUIDWEB

Requested by
http://ww12.vaultvault.xyz/?usid=16&utid=32886964201

File type
JavaScript source, ASCII text
Size
1.1 kB (1063 bytes)
Hash
504b08889d93b3ca1b203209da7e099c
00e7ede9f2216e2736b3898f2a1238bfc70c2a26
b7d89265a595f05a492afd2d96f7c7ae1b88d9bfdf9c6a9058759cd1e865f39a

HTTP Headers

GET /page/enhance.js?pcId=12&domain=vaultvault.xyz HTTP/1.1
Host: parking.parklogic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww12.vaultvault.xyz/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 22 May 2024 23:03:27 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9
X-Powered-By: PHP/5.4.16
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/javascript

GET ww12.vaultvault.xyz/favicon.ico

13.248.148.254

200 OK

0 B

URL GET HTTP/1.1
ww12.vaultvault.xyz/favicon.ico
IP
13.248.148.254:80
ASN
#16509 AMAZON-02

Requested by
http://ww12.vaultvault.xyz/?usid=16&utid=32886964201

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: ww12.vaultvault.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww12.vaultvault.xyz/?usid=16&utid=32886964201
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 22 May 2024 23:03:28 GMT
Content-Type: image/x-icon
Content-Length: 0
Connection: keep-alive
Server: nginx
Last-Modified: Tue, 21 May 2024 08:59:26 GMT
ETag: "664c626e-0"
Accept-Ranges: bytes

GET parking.parklogic.com/page/scribe.php?pcId=12&domain=vaultvault.xyz&pId=2718&usid=16&utid=32886964201&query=null&domainJs=ww12.vaultvault.xyz&path=/&ss=true&lp=1

67.225.218.50

200 OK

48 B

URL GET HTTP/1.1
parking.parklogic.com/page/scribe.php?pcId=12&domain=vaultvault.xyz&pId=2718&usid=16&utid=32886964201&query=null&domainJs=ww12.vaultvault.xyz&path=/&ss=true&lp=1
IP
67.225.218.50:80
ASN
#32244 LIQUIDWEB

Requested by
http://ww12.vaultvault.xyz/?usid=16&utid=32886964201

File type
ASCII text
Size
48 B (48 bytes)
Hash
a95d1923fc0a0e8678d79eb1a5080eee
46aea61bb3ba5e64f540e390db943039c146130b
cbd890c78a8c432aaac5352bfd807f9dc1f76f08e6e5644fe27630578f5b97c0

HTTP Headers

GET /page/scribe.php?pcId=12&domain=vaultvault.xyz&pId=2718&usid=16&utid=32886964201&query=null&domainJs=ww12.vaultvault.xyz&path=/&ss=true&lp=1 HTTP/1.1
Host: parking.parklogic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww12.vaultvault.xyz/
Origin: http://ww12.vaultvault.xyz
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 22 May 2024 23:03:28 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9
X-Powered-By: PHP/5.4.16
Access-Control-Allow-Origin: *
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET ifdnzact.com/?dn=vaultvault.xyz&pid=9PO755G95

208.91.196.46

403 Forbidden

300 B

URL GET HTTP/1.1
ifdnzact.com/?dn=vaultvault.xyz&pid=9PO755G95
IP
208.91.196.46:80
ASN
#40034 CONFLUENCE-NETWORK-INC

Requested by
http://ww12.vaultvault.xyz/?usid=16&utid=32886964201

File type
HTML document, ASCII text, with CRLF line terminators
Size
300 B (300 bytes)
Hash
93d155147052de5a178a4dde736b6ea9
8e8f34f7de09e27e6551563af6a5c0a31ba12c67
32d270e7c536df89b7b593c16cbe2f161dad13262d4c4b2b95e8f0012d292169

HTTP Headers

GET /?dn=vaultvault.xyz&pid=9PO755G95 HTTP/1.1
Host: ifdnzact.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww12.vaultvault.xyz/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Date: Wed, 22 May 2024 23:03:25 GMT
Server: Apache
Content-Length: 300
Keep-Alive: timeout=5, max=126
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (11)

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type