fake offer pages

markusg

New Member
hello, i come across a domain redirecting to fake offer page
countryproducebetweens.best
adguard filter log is attached.
also now 3 ips checked full of fake offer domains in zip file as csv
/* SUMMARY REQUEST INFO */

Request URL: https://countryproducebetweens.best/KDpAlSrjtd6b-FQLtfdvkCcGk1JyPvNtUI1qa29CdEY6N6h24DtnhM3K6dj9EiF22wGr93GM5pEhwAs9kH0oGIcRY60XchL_8Kk_8-7p6N9ntP4_404PEK59LQDqERru_7vzFRbj0dmas9fYYG_q-FI0zMQRmVeu3Z0cvfZg0CiZOzU8_y-KyNg6Kpbg-6_XNj_QfmWwM0qhdImX_z3drefPO3fUPegB4hbbalo6B2pLkporgP_Ac2mo
Remote Address: 104.28.27.120:443
Host: countryproducebetweens.best
Redirect URL: http://adservern2.host/?sdomain=countryproducebetweens.best&srootdomain=countryproducebetweens.best&stld=best&keyword=&snurl=DE_vergesslichkeit2&project=sx_1_23
Process name: chrome.exe
Process ID: 4116
Connection ID: 1021717
Status: Bypassed
Content type: HTML
Protocol type: Tcp
Start time: 03:56:22.6840
Time: 247 ms
Size: ↑808 B ↓599 B
Request Method: GET
Status code: 302

/* SUMMARY REQUEST INFO */

Request URL: http://adservern2.host/?sdomain=countryproducebetweens.best&srootdomain=countryproducebetweens.best&stld=best&keyword=&snurl=DE_vergesslichkeit2&project=sx_1_23
Remote Address: 104.28.5.23:80
Host: adservern2.host
Process name: chrome.exe
Process ID: 4116
Connection ID: 1021718
Status: Processed
Content type: HTML
Protocol type: Tcp
Start time: 03:56:23.0210
Time: 601 ms
Size: ↑637 B ↓2,0 KB
Request Method: GET
Status code: 200 OK
Kosmetische Regel(n)


/* SUMMARY REQUEST INFO */

Request URL: http://adsrvr4u.host/c/5ab6ac20e169b18a?keyword=&type=&domain=countryproducebetweens.best&rootdomain=countryproducebetweens.best&tld=best&project=sx_1_23&nurl=DE_vergesslichkeit2
Remote Address: 52.50.129.46:80
Source URL: http://adservern2.host/?sdomain=countryproducebetweens.best&srootdomain=countryproducebetweens.best&stld=best&keyword=&snurl=DE_vergesslichkeit2&project=sx_1_23
Host: adsrvr4u.host
Redirect URL: http://your-only-prizes-here.info/?u=g8xp605&o=59fkmgr&cid=gtwjp5dbe41d808130439360543
Process name: chrome.exe
Process ID: 4116
Connection ID: 1021721
Status: Processed
Content type: HTML
Protocol type: Tcp
Start time: 03:56:25.5300
Time: 163 ms
Size: ↑826 B ↓1,0 KB
Request Method: GET
Status code: 302 Found


/* SUMMARY REQUEST INFO */

Request URL: http://your-only-prizes-here.info/?u=g8xp605&o=59fkmgr&cid=gtwjp5dbe41d808130439360543
Remote Address: 78.141.220.45:80
Source URL: http://adservern2.host/?sdomain=countryproducebetweens.best&srootdomain=countryproducebetweens.best&stld=best&keyword=&snurl=DE_vergesslichkeit2&project=sx_1_23
Host: your-only-prizes-here.info
Redirect URL: https://your-only-prizes-here.info/?u=g8xp605&o=59fkmgr&cid=gtwjp5dbe41d808130439360543
Process name: chrome.exe
Process ID: 4116
Connection ID: 1021722
Status: Bypassed
Content type: HTML
Protocol type: Tcp
Start time: 03:56:25.8540
Time: 166 ms
Size: ↑734 B ↓433 B
Request Method: GET
Status code: 301 Moved Permanently
/* SUMMARY REQUEST INFO */

Request URL: https://your-only-prizes-here.info/?u=g8xp605&o=59fkmgr&cid=gtwjp5dbe41d808130439360543
Remote Address: 78.141.220.45:443
Source URL: http://adservern2.host/?sdomain=countryproducebetweens.best&srootdomain=countryproducebetweens.best&stld=best&keyword=&snurl=DE_vergesslichkeit2&project=sx_1_23
Host: your-only-prizes-here.info
Process name: chrome.exe
Process ID: 4116
Connection ID: 1021723
Status: Processed
Content type: HTML
Protocol type: Tcp
Start time: 03:56:28.4050
Time: 100 ms
Size: ↑792 B ↓14,0 KB
Request Method: GET
Status code: 200 OK
Kosmetische Regel(n)

/* SUMMARY REQUEST INFO */

Request URL: http://competition5706.hj8gjh16.live/?u=g8xp605&o=59fkmgr&cid=gtwjp5dbe41d808130439360543&f=1
Remote Address: 185.89.102.131:80
Host: competition5706.hj8gjh16.live
Process name: chrome.exe
Process ID: 4116
Connection ID: 1021725
Status: Processed
Content type: HTML
Protocol type: Tcp
Start time: 03:56:29.6370
Time: 213 ms
Size: ↑570 B ↓15,0 KB
Request Method: GET
Status code: 200 OK
Kosmetische Regel(n)


/* SUMMARY REQUEST INFO */

Request URL: http://competition5706.hj8gjh16.live/media/mainstream/icon.js
Remote Address: 185.89.102.131:80
Source URL: http://competition5706.hj8gjh16.live/?u=g8xp605&o=59fkmgr&cid=gtwjp5dbe41d808130439360543&f=1
Host: competition5706.hj8gjh16.live
Process name: chrome.exe
Process ID: 4116
Connection ID: 1021726
Status: Bypassed
Content type: Javascript
Protocol type: Tcp
Start time: 03:56:29.9070
Time: 82 ms
Size: ↑549 B ↓1,0 KB
Request Method: GET
Status code: 200 OK
/* SUMMARY REQUEST INFO */

Request URL: http://competition5706.hj8gjh16.live/media/mainstream/u.js
Remote Address: 185.89.102.131:80
Source URL: http://competition5706.hj8gjh16.live/?u=g8xp605&o=59fkmgr&cid=gtwjp5dbe41d808130439360543&f=1
Host: competition5706.hj8gjh16.live
Process name: chrome.exe
Process ID: 4116
Connection ID: 1021729
Status: Bypassed
Content type: Javascript
Protocol type: Tcp
Start time: 03:56:29.9700
Time: 75 ms
Size: ↑546 B ↓4,0 KB
Request Method: GET
Status code: 200 OK
/* SUMMARY REQUEST INFO */

Request URL: https://tdsjsext1.com/ExtService.svc/getextparams
Remote Address: 185.50.248.72:443
Source URL: http://competition5706.hj8gjh16.live/?u=g8xp605&o=59fkmgr&cid=gtwjp5dbe41d808130439360543&f=1
Host: tdsjsext1.com
Process name: chrome.exe
Process ID: 4116
Connection ID: 1021732
Status: Bypassed
Content type: Ajax
Protocol type: Tcp
Start time: 03:56:32.6150
Time: 140 ms
Size: ↑584 B ↓748 B
Request Method: GET
Status code: 200 OK
next tested

/* SUMMARY REQUEST INFO */

Request URL: https://countryproducebetweens.best/XlZGDkVLcq2EEfbRpf9v13rX7W4a_aRd1ZkynOIyhdVjZ_w3tuuFab9giDJSY3esIzMwpI5OL2wXAY6mARfx5UhtFSPi2QyVGNq7TdmcwkY177VrWFotljR4aPc5W4gdLC6XUViKzbiQlXsgk8oCX8qxwssVz2oF_CMq8XE0NE944_EmyIY38_05QJKhYphsxkXmJpD4P_ym2Ffy4xSMltEBrG0DMs9d8SXwzi3fKfs0029dhAs
Remote Address: 104.28.26.120:443
Host: countryproducebetweens.best
Redirect URL: http://adservern2.host/?sdomain=countryproducebetweens.best&srootdomain=countryproducebetweens.best&stld=best&keyword=&snurl=DE_basketball1&project=sx_1_23
Process name: chrome.exe
Process ID: 4116
Connection ID: 1021772
Status: Bypassed
Content type: HTML
Protocol type: Tcp
Start time: 04:15:39.5790
Time: 245 ms
Size: ↑782 B ↓436 B
Request Method: GET
Status code: 302
/* SUMMARY REQUEST INFO */

Request URL: http://adservern2.host/?sdomain=countryproducebetweens.best&srootdomain=countryproducebetweens.best&stld=best&keyword=&snurl=DE_basketball1&project=sx_1_23
Remote Address: 104.28.4.23:80
Host: adservern2.host
Process name: chrome.exe
Process ID: 4116
Connection ID: 1021773
Status: Processed
Content type: HTML
Protocol type: Tcp
Start time: 04:15:39.8820
Time: 499 ms
Size: ↑631 B ↓2,0 KB
Request Method: GET
Status code: 200 OK
Kosmetische Regel(n)
/* SUMMARY REQUEST INFO */

Request URL: http://adsrvr4u.host/c/5ab6ac20e169b18a?keyword=&type=&domain=countryproducebetweens.best&rootdomain=countryproducebetweens.best&tld=best&project=sx_1_23&nurl=DE_basketball1
Remote Address: 52.50.129.46:80
Source URL: http://adservern2.host/?sdomain=countryproducebetweens.best&srootdomain=countryproducebetweens.best&stld=best&keyword=&snurl=DE_basketball1&project=sx_1_23
Host: adsrvr4u.host
Redirect URL: http://your-only-prizes-here.info/?u=g8xp605&o=59fkmgr&cid=arwbe5dbe465b5eaa3802904358
Process name: chrome.exe
Process ID: 4116
Connection ID: 1021774
Status: Processed
Content type: HTML
Protocol type: Tcp
Start time: 04:15:40.9290
Time: 70 ms
Size: ↑878 B ↓573 B
Request Method: GET
Status code: 302 Found
/* SUMMARY REQUEST INFO */

Request URL: https://your-only-prizes-here.info/?u=g8xp605&o=59fkmgr&cid=arwbe5dbe465b5eaa3802904358
Remote Address: 78.141.220.45:443
Source URL: http://adservern2.host/?sdomain=countryproducebetweens.best&srootdomain=countryproducebetweens.best&stld=best&keyword=&snurl=DE_basketball1&project=sx_1_23
Host: your-only-prizes-here.info
Process name: chrome.exe
Process ID: 4116
Connection ID: 1021776
Status: Processed
Content type: HTML
Protocol type: Tcp
Start time: 04:15:41.3640
Time: 54 ms
Size: ↑817 B ↓13,0 KB
Request Method: GET
Status code: 200 OK
Kosmetische Regel(n)
/* SUMMARY REQUEST INFO */

Request URL: http://best1047.nothsws98.live/?u=g8xp605&o=59fkmgr&cid=arwbe5dbe465b5eaa3802904358&f=1
Remote Address: 185.89.102.135:80
Host: best1047.nothsws98.live
Process name: chrome.exe
Process ID: 4116
Connection ID: 1021777
Status: Processed
Content type: HTML
Protocol type: Tcp
Start time: 04:15:41.8530
Time: 262 ms
Size: ↑501 B ↓17,0 KB
Request Method: GET
Status code: 200 OK
Kosmetische Regel(n)
 

Attachments

Top