Report - cimsuhaud.com/casual-sl/69/14620?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482

Report Overview

Submitted URL
cimsuhaud.com/casual-sl/69/14620?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
IP
104.21.41.182
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-25 21:22:22
Access
public
Website Title
Participate in Our Exclusive Online Survey: Share Your Insight
Final URL
cimsuhaud.com/casual-sl/69/14620?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
80

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
my.rtmark.net	9054	2014-10-29	2015-02-04	2024-04-25	459 B	742 B	139.45.195.8
arleavannya.com	unknown	2024-01-22	2024-01-22	2024-04-22	2.0 kB	2.9 kB	139.45.197.248
datatechonert.com	46154	2021-12-24	2021-12-24	2024-04-23	570 B	481 B	37.48.68.71
amunfezanttor.com	unknown	2023-03-31	2023-03-31	2024-04-24	1.0 kB	1.1 kB	139.45.197.250
cdntechone.com	64371	2021-12-24	2021-12-24	2024-04-22	399 B	20 kB	188.114.96.1
cimsuhaud.com	unknown	unknown	No data	No data	23 kB	1.5 MB	172.67.149.90

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-25	medium	cimsuhaud.com	Sinkholed
2024-04-25	medium	cimsuhaud.com	Sinkholed
2024-04-25	medium	cimsuhaud.com	Sinkholed
2024-04-25	medium	cimsuhaud.com	Sinkholed
2024-04-25	medium	cimsuhaud.com	Sinkholed
2024-04-25	medium	amunfezanttor.com	Sinkholed
2024-04-25	medium	amunfezanttor.com	Sinkholed
2024-04-25	medium	cimsuhaud.com	Sinkholed
2024-04-25	medium	cimsuhaud.com	Sinkholed
2024-04-25	medium	cimsuhaud.com	Sinkholed
2024-04-25	medium	cimsuhaud.com	Sinkholed
2024-04-25	medium	cimsuhaud.com	Sinkholed
2024-04-25	medium	cimsuhaud.com	Sinkholed
2024-04-25	medium	cimsuhaud.com	Sinkholed
2024-04-25	medium	cimsuhaud.com	Sinkholed
2024-04-25	medium	cimsuhaud.com	Sinkholed
2024-04-25	medium	cimsuhaud.com	Sinkholed
2024-04-25	medium	cimsuhaud.com	Sinkholed
2024-04-25	medium	cimsuhaud.com	Sinkholed
2024-04-25	medium	cimsuhaud.com	Sinkholed
2024-04-25	medium	cimsuhaud.com	Sinkholed
2024-04-25	medium	cimsuhaud.com	Sinkholed
2024-04-25	medium	cimsuhaud.com	Sinkholed
2024-04-25	medium	cimsuhaud.com	Sinkholed
2024-04-25	medium	cimsuhaud.com	Sinkholed
2024-04-25	medium	cimsuhaud.com	Sinkholed
2024-04-25	medium	cimsuhaud.com	Sinkholed
2024-04-25	medium	cimsuhaud.com	Sinkholed
2024-04-25	medium	cimsuhaud.com	Sinkholed
2024-04-25	medium	cimsuhaud.com	Sinkholed
2024-04-25	medium	cimsuhaud.com	Sinkholed
2024-04-25	medium	cimsuhaud.com	Sinkholed
2024-04-25	medium	cimsuhaud.com	Sinkholed
2024-04-25	medium	cimsuhaud.com	Sinkholed
2024-04-25	medium	cimsuhaud.com	Sinkholed
2024-04-25	medium	cimsuhaud.com	Sinkholed
2024-04-25	medium	cimsuhaud.com	Sinkholed
2024-04-25	medium	cimsuhaud.com	Sinkholed
2024-04-25	medium	cimsuhaud.com	Sinkholed
2024-04-25	medium	cimsuhaud.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (19)

	URL	Size	First Seen	Last Seen
	cimsuhaud.com/_next/static/prhu88fhWjcFxMpI6LI5_/_buildManifest.js	1.6 kB	2024-04-25	2024-04-26
Pretty URL cimsuhaud.com/_next/static/prhu88fhWjcFxMpI6LI5_/_buildManifest.js IP 172.67.149.90 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 23:22:29 Last Seen2024-04-26 09:26:44 Times Seen18 Hash 4a0ba7194e87f13cd94bbde8d8afb837 8ebdf287b41148fadcddc878a2d3c75255c5d55d 240c3751c47d15cd5f908114ce203156059b9f3e27f489b1ebcd9fab0d1936ca Loading...

	cimsuhaud.com/_next/static/chunks/2734.6269ca0cf725ea17.js	4.1 kB	2024-04-24	2024-05-05
Pretty URL cimsuhaud.com/_next/static/chunks/2734.6269ca0cf725ea17.js IP 172.67.149.90 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 10:54:43 Last Seen2024-05-05 15:43:34 Times Seen224 Hash 48072be51722d2894982d56f13a52372 c1fbbdcb8b12079d61205284dec041f93390f47b b0ab49765bb74cdb8c46c171f3adad413e1934203046a3ca23d4872c892894d5 Loading...

	cimsuhaud.com/_next/static/chunks/1754.983ed55293c299ce.js	13 kB	2024-04-25	2024-05-05
Pretty URL cimsuhaud.com/_next/static/chunks/1754.983ed55293c299ce.js IP 172.67.149.90 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 15:50:08 Last Seen2024-05-05 15:43:34 Times Seen278 Hash aaadd1fe7166e1641b80d4a871e91a77 44dd71230caa2b99dbe1a804fb3e444fa2dd8255 918408a27b1ee2472daf8940c82be10db3c347bf9111c15eb4b23bd34600153a Loading...

	cdntechone.com/stattag.js	19 kB	2024-02-07	2024-05-05
Pretty URL cdntechone.com/stattag.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-07 19:13:47 Last Seen2024-05-05 15:43:34 Times Seen781 Hash bec2755dff94190fec0365b0db53807b f98c36e7e9e06325d03fe39c3b98879062fc2704 ccb15ff22ece6946136f1501ab3ae74155399187c8e85beb10399d56bb8e149a Loading...

	cimsuhaud.com/_next/static/chunks/main-beb6af9e60a8e042.js	109 kB	2024-03-02	2024-05-05
Pretty URL cimsuhaud.com/_next/static/chunks/main-beb6af9e60a8e042.js IP 172.67.149.90 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-02 21:14:49 Last Seen2024-05-05 15:43:34 Times Seen367 Hash 49c6f57370e917bd37dc7d4d4d0bdb56 f5b56f5b9498f3500055c5614808903d85303991 0409ec519061477c75738733ce598796a11cd445e95df1cd3e72d0ef58136fd4 Loading...

	cimsuhaud.com/_next/static/chunks/framework-8940d626f3bfb7e9.js	26 kB	2024-04-25	2024-05-05
Pretty URL cimsuhaud.com/_next/static/chunks/framework-8940d626f3bfb7e9.js IP 172.67.149.90 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 15:50:08 Last Seen2024-05-05 15:43:34 Times Seen366 Hash 33a34c525e2bee14a166fe1289835308 4afb650772181930d19dca9a41490beea5087932 bebac61ce044debeb2025b1fbf1c95f1b9a4bc97d0702676dea22b0bb689b555 Loading...

	cimsuhaud.com/_next/static/chunks/1155-d7686500f009e1a8.js	66 kB	2024-04-25	2024-04-26
Pretty URL cimsuhaud.com/_next/static/chunks/1155-d7686500f009e1a8.js IP 172.67.149.90 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 23:22:29 Last Seen2024-04-26 09:26:44 Times Seen21 Hash 613f5d49f7d43d94b46505b05e0590c3 e4d44234534d7a70e04140fa59940b23c99d9a86 07f78aaa713b41b3253165b89b449dfe3ad0485e2423b64b5a5d35b2b8b02078 Loading...

	cimsuhaud.com/_next/static/chunks/3091.8141ef861c4fae96.js	2.4 kB	2024-04-24	2024-05-05
Pretty URL cimsuhaud.com/_next/static/chunks/3091.8141ef861c4fae96.js IP 172.67.149.90 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 20:44:14 Last Seen2024-05-05 15:43:34 Times Seen211 Hash 8de4ecfc18371e9af83a020ad48a4839 f4cfd9509facd189f8e3487426a36cecfc77c090 954601b08c55f3c2e1c2a0a766e31a55e18b3ee0f6213cd1761decd4e4715f64 Loading...

	cimsuhaud.com/_next/static/chunks/2375.8acee6c083146147.js	5.4 kB	2024-04-25	2024-05-05
Pretty URL cimsuhaud.com/_next/static/chunks/2375.8acee6c083146147.js IP 172.67.149.90 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 23:22:29 Last Seen2024-05-05 15:43:34 Times Seen25 Hash b7eed164f7ab90f807ca06a204f33810 a58a92f443967e0f552d88f5f2a4853dcb584a66 8ec83dcbb23a710a8df315e73059d065c1db40547f8c28d551b66c6b1d62f607 Loading...

	cimsuhaud.com/_next/static/chunks/webpack-a2bc5b9348705b8c.js	6.3 kB	2024-04-25	2024-04-26
Pretty URL cimsuhaud.com/_next/static/chunks/webpack-a2bc5b9348705b8c.js IP 172.67.149.90 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 23:22:29 Last Seen2024-04-26 09:26:44 Times Seen14 Hash 250c5b6f6b8df02c52abfb59ed331b0d b68a191dc0c14dfe17dab4c9c3bbae733afab10a 59daf8963364a4a634d62311ab810482d679b5c3866067be3eff5ee3ce4b0457 Loading...

	cimsuhaud.com/_next/static/chunks/7903-dd238946c7924507.js	32 kB	2024-03-21	2024-05-05
Pretty URL cimsuhaud.com/_next/static/chunks/7903-dd238946c7924507.js IP 172.67.149.90 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-21 14:18:29 Last Seen2024-05-05 15:43:34 Times Seen483 Hash b5dd343db67bd22544d11da18268f5c3 069b5b221dd75af58d93192460778b3d07835e74 6347f1d4083f7a0a2ac3d8b12aae8832d9ea6914aa6e137d16a4d41869d14ea5 Loading...

	cimsuhaud.com/_next/static/chunks/2090-519478c186a3d867.js	11 kB	2024-04-25	2024-05-05
Pretty URL cimsuhaud.com/_next/static/chunks/2090-519478c186a3d867.js IP 172.67.149.90 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 23:22:30 Last Seen2024-05-05 15:43:34 Times Seen362 Hash 37545926cc9a6e537b9f3e95d7a16c1e c3cbfe1f9737817eda25770274e97feaf6b8cc68 d3ccc772608b2a03a543da22715903e2b6e2c14c42c2f475a0f483ac3cd64b37 Loading...

	cimsuhaud.com/_next/static/chunks/pages/%5BlandingName%5D/%5BconfigId%5D/%5B%5B...slug%5D%5D-eaddf0428a16426c.js	662 B	2024-04-18	2024-04-30
Pretty URL cimsuhaud.com/_next/static/chunks/pages/%5BlandingName%5D/%5BconfigId%5D/%5B%5B...slug%5D%5D-eaddf0428a16426c.js IP 172.67.149.90 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 08:03:12 Last Seen2024-04-30 14:45:16 Times Seen112 Hash 06062156d99da1c306ff5966000be2c4 3c128ded6b30d8bcfb9a85b8f1d7551400c4eb60 9e0349f7ac8b75e95aff12e66f57065f040d20165ea783fe17366bea6a56751d Loading...

	cimsuhaud.com/_next/static/chunks/9787.32846937d0160cf7.js	1.8 kB	2024-03-22	2024-04-26
Pretty URL cimsuhaud.com/_next/static/chunks/9787.32846937d0160cf7.js IP 172.67.149.90 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-22 08:23:18 Last Seen2024-04-26 09:26:44 Times Seen79 Hash 0b47bad6a8778bdc8cd3dec268938624 246ca006b4bdb919f3f1e8fd567a8631f5a136d9 1bb773520bd8d662232b89b67a6ae04556b715b90239d9c443502219b71a2471 Loading...

	cimsuhaud.com/pfe/current/micro.tag.min.js?sw=/sw/universal.js&var=7394482&ymid=6579498&b=20865996&campaignid=8136509&click_id=807453335105057276&ab2r=&rhd=1&var_3=807453335105057276&oaid=hpgbbu54ssabi4pvs2yxqu3yydz807zv&os_version=&btz=UTC&bto=0&z=6520092&cdn=1&domain=cimsuhaud.com&ab2=&ab2_ttl=5184000	37 kB	2024-04-25	2024-05-05
Pretty URL cimsuhaud.com/pfe/current/micro.tag.min.js?sw=/sw/universal.js&var=7394482&ymid=6579498&b=20865996&campaignid=8136509&click_id=807453335105057276&ab2r=&rhd=1&var_3=807453335105057276&oaid=hpgbbu54ssabi4pvs2yxqu3yydz807zv&os_version=&btz=UTC&bto=0&z=6520092&cdn=1&domain=cimsuhaud.com&ab2=&ab2_ttl=5184000 IP 172.67.149.90 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 13:01:48 Last Seen2024-05-05 15:43:34 Times Seen1447 Hash 32d6dbd00a639e2cd10d1704b9159bd5 0dab4c95675393f1d0e13d20f13d80ee12e41d95 9f339e5efd7c959419a4e86bb4c5e9f07eae2ed839484846157be981917743de Loading...

	cimsuhaud.com/_next/static/chunks/7469.f9ee7b1f85de9892.js	25 kB	2024-04-25	2024-04-25
Pretty URL cimsuhaud.com/_next/static/chunks/7469.f9ee7b1f85de9892.js IP 172.67.149.90 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 23:22:30 Last Seen2024-04-25 23:22:30 Times Seen2 Hash 25c2f3016477583667d34c10ea54b4f6 da460379d7096e9bb7e26be51f6c6f1ab7ad9a54 2cb350e4525d24ff0f93edc8f1b19543d46d312bdb9fa806fdd31cc1e9512a7b Loading...

	cimsuhaud.com/_next/static/chunks/pages/_app-779a416495e5a308.js	41 kB	2024-04-25	2024-04-26
Pretty URL cimsuhaud.com/_next/static/chunks/pages/_app-779a416495e5a308.js IP 172.67.149.90 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 15:50:07 Last Seen2024-04-26 09:26:44 Times Seen28 Hash 43842afba6d436c94e0e48cab1f7c06f 4436202943a1c082b6486040f6434340e75a893e c57c27310d20bfb3452953a5dce4c3ec6e3e280990389badfc58cf3a87598c33 Loading...

	cimsuhaud.com/_next/static/prhu88fhWjcFxMpI6LI5_/_ssgManifest.js	182 B	2024-04-18	2024-05-05
Pretty URL cimsuhaud.com/_next/static/prhu88fhWjcFxMpI6LI5_/_ssgManifest.js IP 172.67.149.90 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 11:58:16 Last Seen2024-05-05 15:43:34 Times Seen283 Hash d78f02cd11637a888af548f5e270c3af 9c90b573305ec9d6d2e7e74837c641a863d991b4 2357fd3fc3972384c0c7a714da244191da43a7bf5d91fd865a30d2deb0b6b517 Loading...

	cimsuhaud.com/_next/static/chunks/5927.37a5338b8ac59a08.js	19 kB	2024-04-25	2024-05-05
Pretty URL cimsuhaud.com/_next/static/chunks/5927.37a5338b8ac59a08.js IP 172.67.149.90 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 15:50:08 Last Seen2024-05-05 15:43:34 Times Seen280 Hash a385421104bc74c949dc4c6191ef7df9 30827209462e4ce7b901e71b238109574cc117ba 441f4699276f051e940137c231a4d48a7d4a0958ceeae78958482cd8a89663be Loading...

HTTP Transactions (47)

URL IP Response Size

cimsuhaud.com/img/insta-date/girl_insta-1.webp

172.67.149.90

200 OK

9.4 kB

URL GET HTTP/3
cimsuhaud.com/img/insta-date/girl_insta-1.webp
IP
172.67.149.90:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Certificate
IssuerLet's Encrypt
Subjectcimsuhaud.com
Fingerprint83:01:8E:7D:9B:13:9E:65:B8:34:FA:A4:FC:EF:69:6A:E0:1C:DB:46
ValidityFri, 12 Apr 2024 09:44:18 GMT - Thu, 11 Jul 2024 09:44:17 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 464x848, Scaling: [none]x[none], YUV color, decoders should clamp
Size
9.4 kB (9364 bytes)
Hash
afb99cbf084837a88fb2303ba719ac44
c66007ede51ac0f6b68ab8313c49e71bd9be609f
df961c18503fa59ee51e97c4e66166a526b5a9a0cfc68fc6a73da9c1a72befbe

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/insta-date/girl_insta-1.webp HTTP/1.1
Host: cimsuhaud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 21:21:56 GMT
content-type: image/webp
content-length: 9364
last-modified: Thu, 25 Apr 2024 15:12:16 GMT
vary: Accept-Encoding
etag: "662a72d0-2494"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a4%2BHk10PmGou7Z2zGiJpYzZmrcCYA1xPHPqlZ%2F8jE61I2tg2kdcGAI5koUg%2BJZ7CeGASgal9xm%2BbM6RRsabG5vdX46vsfsIPjftwLRy1WH8X5Pbto5hR8%2FJLyuqehWQm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a162ba586d56b7-OSL
alt-svc: h3=":443"; ma=86400

cimsuhaud.com/video/insta-date/girl_insta-1.mp4

172.67.149.90

206 Partial Content

473 kB

URL GET HTTP/3
cimsuhaud.com/video/insta-date/girl_insta-1.mp4
IP
172.67.149.90:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Certificate
IssuerLet's Encrypt
Subjectcimsuhaud.com
Fingerprint83:01:8E:7D:9B:13:9E:65:B8:34:FA:A4:FC:EF:69:6A:E0:1C:DB:46
ValidityFri, 12 Apr 2024 09:44:18 GMT - Thu, 11 Jul 2024 09:44:17 GMT

File type
ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
Size
473 kB (473207 bytes)
Hash
c316e8442a7d5a8bdb0273f2953b348f
1cac0daf35c674122160d9d883706fbee399f006
1c957296b5cfe9aca2807272ef989a1a976412df6da51ae653d717c618541888

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /video/insta-date/girl_insta-1.mp4 HTTP/1.1
Host: cimsuhaud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 206 Partial Content
date: Thu, 25 Apr 2024 21:21:56 GMT
content-type: video/mp4
content-length: 473207
last-modified: Thu, 25 Apr 2024 15:12:16 GMT
vary: Accept-Encoding
etag: "662a72d0-73877"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
content-range: bytes 0-473206/473207
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AK%2Fs5NG4r%2BCrvKZUUT7cgjOLAk8dMcrrGZr%2BmBoWwCUA6kd40yX7sD3cwcAG%2FdjFCV2lr4m59wpdwe%2F3jzC%2BSwdmKjccHK258JDDWQgpgJni%2FsLjRd8m7ZjEj2qBhjwh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a162ba989e56b7-OSL
alt-svc: h3=":443"; ma=86400

cimsuhaud.com/img/insta-date/girl_insta-2.webp

172.67.149.90

200 OK

5.3 kB

URL GET HTTP/3
cimsuhaud.com/img/insta-date/girl_insta-2.webp
IP
172.67.149.90:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Certificate
IssuerLet's Encrypt
Subjectcimsuhaud.com
Fingerprint83:01:8E:7D:9B:13:9E:65:B8:34:FA:A4:FC:EF:69:6A:E0:1C:DB:46
ValidityFri, 12 Apr 2024 09:44:18 GMT - Thu, 11 Jul 2024 09:44:17 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 464x261, Scaling: [none]x[none], YUV color, decoders should clamp
Size
5.3 kB (5284 bytes)
Hash
e83a02ab35150a1b8d06768b4e9c670c
8a5be5ad94c387d00d7109a7c49a344517d61151
60a94ece68b63d08373a71ee1cb807f26bf7db6337629f1fdc2513ae4b67d174

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/insta-date/girl_insta-2.webp HTTP/1.1
Host: cimsuhaud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cimsuhaud.com/casual-sl/69/14620?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 21:21:57 GMT
content-type: image/webp
content-length: 5284
last-modified: Thu, 25 Apr 2024 15:12:16 GMT
vary: Accept-Encoding
etag: "662a72d0-14a4"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3dJ2%2BZ0AjzVLGqsuYkUQ8f0u4jja9ztF6nx8cco%2FwNkA2%2F0pqHG5tdsQ0sOSULwq9B%2FJRXHdyS4ZhIMOsciNg%2BKJvNo%2BXv2OUGrqf3UUhrP6BE6gK%2FstRVNJbv4i5TfH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a162bc0a0e56b7-OSL
alt-svc: h3=":443"; ma=86400

cimsuhaud.com/_next/static/chunks/2375.8acee6c083146147.js

172.67.149.90

200 OK

289 kB

URL GET HTTP/3
cimsuhaud.com/_next/static/chunks/2375.8acee6c083146147.js
IP
172.67.149.90:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Certificate
IssuerLet's Encrypt
Subjectcimsuhaud.com
Fingerprint83:01:8E:7D:9B:13:9E:65:B8:34:FA:A4:FC:EF:69:6A:E0:1C:DB:46
ValidityFri, 12 Apr 2024 09:44:18 GMT - Thu, 11 Jul 2024 09:44:17 GMT

File type
JavaScript source, ASCII text, with very long lines (5363), with no line terminators
Size
289 kB (288616 bytes)
Hash
b7eed164f7ab90f807ca06a204f33810
a58a92f443967e0f552d88f5f2a4853dcb584a66
8ec83dcbb23a710a8df315e73059d065c1db40547f8c28d551b66c6b1d62f607

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/2375.8acee6c083146147.js HTTP/1.1
Host: cimsuhaud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 21:21:57 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"662a72d0-14f3"
last-modified: Thu, 25 Apr 2024 15:12:16 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FTXcPQsqrXozyTXojSBTP4IkXcbJ%2B1Ib%2BKK9b093LvFoDdU8lfuaNJzybf20EpE58QdCDEXzdfQVs%2Ba9KkN%2BdC6vjeVkNWyZID5tRdVBoSnZ1q1%2BmqBv0CcuNck7YzxK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a162bb99a056b7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

my.rtmark.net/gid.js?userId=hpgbbu54ssabi4pvs2yxqu3yydz807zv

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?userId=hpgbbu54ssabi4pvs2yxqu3yydz807zv
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC
ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT

File type
JSON text data
Size
65 B (65 bytes)
Hash
d9269681f8882178113d364c90f00331
8c2a223996bc74c6f00c6226969e629a001af6aa
590167ee889f0f769bb7d24b41e30abfeac652a3b68ae2d46595b442ac32353e

HTTP Headers

GET /gid.js?userId=hpgbbu54ssabi4pvs2yxqu3yydz807zv HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cimsuhaud.com/
Origin: https://cimsuhaud.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 21:21:57 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://cimsuhaud.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=hpgbbu54ssabi4pvs2yxqu3yydz807zv; expires=Fri, 25 Apr 2025 21:21:57 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

arleavannya.com/sync-metrics

139.45.197.248

200 OK

0 B

URL POST HTTP/2
arleavannya.com/sync-metrics
IP
139.45.197.248:443
ASN
#9002 RETN Limited

Requested by
https://cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Certificate
IssuerLet's Encrypt
Subjectarleavannya.com
Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47
ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://cimsuhaud.com/
Origin: https://cimsuhaud.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 21:21:57 GMT
content-length: 0
access-control-allow-origin: https://cimsuhaud.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

arleavannya.com/sync-metrics

139.45.197.248

200 OK

0 B

URL POST HTTP/2
arleavannya.com/sync-metrics
IP
139.45.197.248:443
ASN
#9002 RETN Limited

Requested by
https://cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Certificate
IssuerLet's Encrypt
Subjectarleavannya.com
Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47
ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://cimsuhaud.com/
Origin: https://cimsuhaud.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 21:21:57 GMT
content-length: 0
access-control-allow-origin: https://cimsuhaud.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

arleavannya.com/sync-metrics

139.45.197.248

200 OK

17 B

URL POST HTTP/2
arleavannya.com/sync-metrics
IP
139.45.197.248:443
ASN
#9002 RETN Limited

Requested by
https://cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Certificate
IssuerLet's Encrypt
Subjectarleavannya.com
Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47
ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT

File type
JSON text data
Size
17 B (17 bytes)
Hash
5b64e8b89092b2e3dfd448b10700627f
484b3032619fa1acd135d114565b0a5166281c22
f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4

HTTP Headers

POST /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cimsuhaud.com/
Content-Type: application/json
Content-Length: 392
Origin: https://cimsuhaud.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 21:21:57 GMT
content-type: application/json; charset=utf-8
content-length: 17
x-trace-id: 4109c7dfe6c63ad8073819b36b268227
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://cimsuhaud.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

arleavannya.com/sync-metrics

139.45.197.248

200 OK

17 B

URL POST HTTP/2
arleavannya.com/sync-metrics
IP
139.45.197.248:443
ASN
#9002 RETN Limited

Requested by
https://cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Certificate
IssuerLet's Encrypt
Subjectarleavannya.com
Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47
ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT

File type
JSON text data
Size
17 B (17 bytes)
Hash
5b64e8b89092b2e3dfd448b10700627f
484b3032619fa1acd135d114565b0a5166281c22
f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4

HTTP Headers

POST /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cimsuhaud.com/
Content-Type: application/json
Content-Length: 393
Origin: https://cimsuhaud.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 21:21:57 GMT
content-type: application/json; charset=utf-8
content-length: 17
x-trace-id: db9071614160769514cf0201a2d3e099
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://cimsuhaud.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

datatechonert.com/log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a&ruid=154fa86c-e13c-4b7a-8baf-5239562fe2e2

37.48.68.71

200 OK

12 B

URL POST HTTP/1.1
datatechonert.com/log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a&ruid=154fa86c-e13c-4b7a-8baf-5239562fe2e2
IP
37.48.68.71:443
ASN
#60781 LeaseWeb Netherlands B.V.

Requested by
https://cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Certificate
IssuerSectigo Limited
Subjectdatatechonert.com
Fingerprint3F:E1:50:2C:9F:FC:F9:37:03:E3:B6:34:00:06:89:69:01:E7:C3:27
ValiditySun, 10 Dec 2023 00:00:00 GMT - Mon, 23 Dec 2024 23:59:59 GMT

File type
JSON text data
Size
12 B (12 bytes)
Hash
adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

HTTP Headers

POST /log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a&ruid=154fa86c-e13c-4b7a-8baf-5239562fe2e2 HTTP/1.1
Host: datatechonert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1467
Origin: https://cimsuhaud.com
DNT: 1
Connection: keep-alive
Referer: https://cimsuhaud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Thu, 25 Apr 2024 21:21:57 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://cimsuhaud.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

cimsuhaud.com/zone?&pub=0&zone_id=6520092&is_mobile=false&domain=cimsuhaud.com&var=7394482&ymid=6579498&var_3=807453335105057276&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=cd65fcf8-636d-491a-ad3d-20f397da6770&action=prerequest

172.67.149.90

200 OK

0 B

URL POST HTTP/3
cimsuhaud.com/zone?&pub=0&zone_id=6520092&is_mobile=false&domain=cimsuhaud.com&var=7394482&ymid=6579498&var_3=807453335105057276&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=cd65fcf8-636d-491a-ad3d-20f397da6770&action=prerequest
IP
172.67.149.90:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Certificate
IssuerLet's Encrypt
Subjectcimsuhaud.com
Fingerprint83:01:8E:7D:9B:13:9E:65:B8:34:FA:A4:FC:EF:69:6A:E0:1C:DB:46
ValidityFri, 12 Apr 2024 09:44:18 GMT - Thu, 11 Jul 2024 09:44:17 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /zone?&pub=0&zone_id=6520092&is_mobile=false&domain=cimsuhaud.com&var=7394482&ymid=6579498&var_3=807453335105057276&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=cd65fcf8-636d-491a-ad3d-20f397da6770&action=prerequest HTTP/1.1
Host: cimsuhaud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cimsuhaud.com
DNT: 1
Connection: keep-alive
Referer: https://cimsuhaud.com/casual-sl/69/14620?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Cookie: OAID=hpgbbu54ssabi4pvs2yxqu3yydz807zv; syncedCookie=true; oaidts=1714080117
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 21:21:57 GMT
content-length: 0
x-trace-id: 507ec27283c7250fdfd66eb2228fc331
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://cimsuhaud.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5iAfIVWcilrleAd3%2FTjgZqJHaI43mdiYrNB9FMleQHoBxUFIfrVAzHA8beWHuzHFXrwcJbVTTy7hYG1RounOpZdMY3BVDGjtZyiLGYzps1aBcEPH4ZZ4WL2yQLHEaHnP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a162be6c2156b7-OSL
alt-svc: h3=":443"; ma=86400

amunfezanttor.com/event

139.45.197.250

200 OK

0 B

URL POST HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA
ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://cimsuhaud.com/
Origin: https://cimsuhaud.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 21:21:57 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://cimsuhaud.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

94 B

URL POST HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA
ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT

File type
JSON text data
Size
94 B (94 bytes)
Hash
7c6109bf5fcd222767c9301aa5a38ca6
773a24ec01772efbabb428548ed84fdb108af0c6
72ae2ec6ac769e53ca3eb9e3d49c13dd786c1910cd29499a8b7cece9800a8f09

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cimsuhaud.com/
Content-Type: application/json
Content-Length: 2076
Origin: https://cimsuhaud.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 21:21:57 GMT
content-type: application/json; charset=utf-8
content-length: 94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://cimsuhaud.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

cimsuhaud.com/favicon.ico

172.67.149.90

204 No Content

0 B

URL GET HTTP/3
cimsuhaud.com/favicon.ico
IP
172.67.149.90:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Certificate
IssuerLet's Encrypt
Subjectcimsuhaud.com
Fingerprint83:01:8E:7D:9B:13:9E:65:B8:34:FA:A4:FC:EF:69:6A:E0:1C:DB:46
ValidityFri, 12 Apr 2024 09:44:18 GMT - Thu, 11 Jul 2024 09:44:17 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: cimsuhaud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Cookie: OAID=hpgbbu54ssabi4pvs2yxqu3yydz807zv; syncedCookie=true; oaidts=1714080117
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Thu, 25 Apr 2024 21:21:57 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DSNsMzy7i4t415H9ilma3jCtVcq4w0IKYMAPUzp5GQOJxRqaMHmsTMGVLn4PtxG%2F4hCUU3JHZNVbhS3WMXFQnfvJPpmYVum47maTptWa%2FsR3pUFleiBoq5uNzBrvcZJE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a162bf8d1056b7-OSL
alt-svc: h3=":443"; ma=86400

cimsuhaud.com/_next/static/prhu88fhWjcFxMpI6LI5_/_buildManifest.js

172.67.149.90

200 OK

1.1 kB

URL GET HTTP/3
cimsuhaud.com/_next/static/prhu88fhWjcFxMpI6LI5_/_buildManifest.js
IP
172.67.149.90:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Certificate
IssuerLet's Encrypt
Subjectcimsuhaud.com
Fingerprint83:01:8E:7D:9B:13:9E:65:B8:34:FA:A4:FC:EF:69:6A:E0:1C:DB:46
ValidityFri, 12 Apr 2024 09:44:18 GMT - Thu, 11 Jul 2024 09:44:17 GMT

File type
ASCII text, with very long lines (1605), with no line terminators
Size
1.1 kB (1126 bytes)
Hash
4a0ba7194e87f13cd94bbde8d8afb837
8ebdf287b41148fadcddc878a2d3c75255c5d55d
240c3751c47d15cd5f908114ce203156059b9f3e27f489b1ebcd9fab0d1936ca

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/prhu88fhWjcFxMpI6LI5_/_buildManifest.js HTTP/1.1
Host: cimsuhaud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 21:21:56 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"662a72d0-645"
last-modified: Thu, 25 Apr 2024 15:12:16 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Fk%2BXw0eyJdoL3JchhFNa7KlNXKBjM5Tgk1GXr9NaH4H%2Fj0YkO5QmH9BmJfOgFObIFtr%2F8zHFi4HxJsA3eiUTZdmyiKztDC9sWbvfF3tvF%2B7ygvJWrewrfYHu25tWtD6Q"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a162ba586b56b7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cimsuhaud.com/_next/static/chunks/pages/_app-779a416495e5a308.js

172.67.149.90

200 OK

25 kB

URL GET HTTP/3
cimsuhaud.com/_next/static/chunks/pages/_app-779a416495e5a308.js
IP
172.67.149.90:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Certificate
IssuerLet's Encrypt
Subjectcimsuhaud.com
Fingerprint83:01:8E:7D:9B:13:9E:65:B8:34:FA:A4:FC:EF:69:6A:E0:1C:DB:46
ValidityFri, 12 Apr 2024 09:44:18 GMT - Thu, 11 Jul 2024 09:44:17 GMT

File type
JavaScript source, ASCII text, with very long lines (40829), with no line terminators
Size
25 kB (24985 bytes)
Hash
43842afba6d436c94e0e48cab1f7c06f
4436202943a1c082b6486040f6434340e75a893e
c57c27310d20bfb3452953a5dce4c3ec6e3e280990389badfc58cf3a87598c33

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/pages/_app-779a416495e5a308.js HTTP/1.1
Host: cimsuhaud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 21:21:56 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"662a72d0-9f7d"
last-modified: Thu, 25 Apr 2024 15:12:16 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1PonvtIHZg74%2BbAGlxPf3OyGgNwAE3j3UlThnOXZLyfi0uGHAR3G2MQxfGPPwhHND9Z47EDrS%2FbYICA82uc8hVK7nFHeOBOnkKV4nbiF9PlpZ8DfegWfkmbRsunZVE4Y"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a162ba585a56b7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cimsuhaud.com/sw/universal.js?var=7394482&var_3=807453335105057276&ymid=6579498&ab2_ttl=5184000&zoneId=6520092

172.67.149.90

200 OK

6.9 kB

URL GET HTTP/3
cimsuhaud.com/sw/universal.js?var=7394482&var_3=807453335105057276&ymid=6579498&ab2_ttl=5184000&zoneId=6520092
IP
172.67.149.90:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Certificate
IssuerLet's Encrypt
Subjectcimsuhaud.com
Fingerprint83:01:8E:7D:9B:13:9E:65:B8:34:FA:A4:FC:EF:69:6A:E0:1C:DB:46
ValidityFri, 12 Apr 2024 09:44:18 GMT - Thu, 11 Jul 2024 09:44:17 GMT

File type
ASCII text
Size
6.9 kB (6862 bytes)
Hash
3720f9cee1df8fca36fe99491eab215b
1705d72778aac160278f15d86a8d1aa2bac785bf
08c09c04a09d4a2fe27fc50189a08f18cfe108a3b966d4a36c77819275c0d81d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sw/universal.js?var=7394482&var_3=807453335105057276&ymid=6579498&ab2_ttl=5184000&zoneId=6520092 HTTP/1.1
Host: cimsuhaud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Referer: https://cimsuhaud.com/casual-sl/69/14620?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Cookie: OAID=hpgbbu54ssabi4pvs2yxqu3yydz807zv; syncedCookie=true; oaidts=1714080117
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 21:21:57 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 15:12:16 GMT
vary: Accept-Encoding
etag: W/"662a72d0-5b2"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S1WMvcxhLNatgBXMay7Mm%2B2ZZ7RSb5ZVLIv8eTSSPb1vcUGHXuU2vmg8ZPtaBphXYm7FTvi%2FAzkOwDfxzrUPfOkQqPPv8%2FUNFynmHYLfFRlBMBkBMLKTnea%2BK3LaonEV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a162be5c1056b7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cimsuhaud.com/_next/static/chunks/5927.37a5338b8ac59a08.js

172.67.149.90

200 OK

19 kB

URL GET HTTP/3
cimsuhaud.com/_next/static/chunks/5927.37a5338b8ac59a08.js
IP
172.67.149.90:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Certificate
IssuerLet's Encrypt
Subjectcimsuhaud.com
Fingerprint83:01:8E:7D:9B:13:9E:65:B8:34:FA:A4:FC:EF:69:6A:E0:1C:DB:46
ValidityFri, 12 Apr 2024 09:44:18 GMT - Thu, 11 Jul 2024 09:44:17 GMT

File type
JavaScript source, ASCII text, with very long lines (18708), with no line terminators
Size
19 kB (18708 bytes)
Hash
a385421104bc74c949dc4c6191ef7df9
30827209462e4ce7b901e71b238109574cc117ba
441f4699276f051e940137c231a4d48a7d4a0958ceeae78958482cd8a89663be

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/5927.37a5338b8ac59a08.js HTTP/1.1
Host: cimsuhaud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 21:21:56 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"662a72d0-4914"
last-modified: Thu, 25 Apr 2024 15:12:16 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hciSTGJCTxPNifKpEX6z%2BJFrF2pnEShH67fWjzq5TO00Y5s6LCVT9DQS53O8UgAwy99GZY2LpRteaY%2BnsMl4XHbGKuwbycrdvnSVYwP18fQcq3IhVyl3rSY%2Begy6XF0w"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a162ba484d56b7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cimsuhaud.com/_next/static/chunks/framework-8940d626f3bfb7e9.js

172.67.149.90

200 OK

26 kB

URL GET HTTP/3
cimsuhaud.com/_next/static/chunks/framework-8940d626f3bfb7e9.js
IP
172.67.149.90:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Certificate
IssuerLet's Encrypt
Subjectcimsuhaud.com
Fingerprint83:01:8E:7D:9B:13:9E:65:B8:34:FA:A4:FC:EF:69:6A:E0:1C:DB:46
ValidityFri, 12 Apr 2024 09:44:18 GMT - Thu, 11 Jul 2024 09:44:17 GMT

File type
JavaScript source, ASCII text, with very long lines (25995), with no line terminators
Size
26 kB (25995 bytes)
Hash
33a34c525e2bee14a166fe1289835308
4afb650772181930d19dca9a41490beea5087932
bebac61ce044debeb2025b1fbf1c95f1b9a4bc97d0702676dea22b0bb689b555

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/framework-8940d626f3bfb7e9.js HTTP/1.1
Host: cimsuhaud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 21:21:56 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"662a72d0-658b"
last-modified: Thu, 25 Apr 2024 15:12:16 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mBXYpXP%2BZIKLtuURBRH7ufc9sCR1h6C0D2UtztNNasDhAJIu1kC%2FdAkRD%2F%2B6y8UUjRMI9FJXhAJAvYFQg%2BHc9ywon6Qeo%2FSf8kPcZg67gqFUmoc39uNyJqABsBVo1Jzy"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a162ba485256b7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cimsuhaud.com/_next/static/chunks/2734.6269ca0cf725ea17.js

172.67.149.90

200 OK

4.1 kB

URL GET HTTP/3
cimsuhaud.com/_next/static/chunks/2734.6269ca0cf725ea17.js
IP
172.67.149.90:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Certificate
IssuerLet's Encrypt
Subjectcimsuhaud.com
Fingerprint83:01:8E:7D:9B:13:9E:65:B8:34:FA:A4:FC:EF:69:6A:E0:1C:DB:46
ValidityFri, 12 Apr 2024 09:44:18 GMT - Thu, 11 Jul 2024 09:44:17 GMT

File type
JavaScript source, ASCII text, with very long lines (4219), with no line terminators
Size
4.1 kB (4147 bytes)
Hash
98132c6c771aec065d3ab61e5c8c0f53
56484dafed6218ea17ef047fc8cd4c5a342c1890
ae09486720d6d4764b5126f0e26414962ee83eeebdc05db588bb7d86855e8b23

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/2734.6269ca0cf725ea17.js HTTP/1.1
Host: cimsuhaud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 21:21:57 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"662a72d0-1033"
last-modified: Thu, 25 Apr 2024 15:12:16 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7TChPTYmZEdxCMSETmeiLIQqADt9jgqVTajP6MjRV6hTvfKP5lWz%2FIArZzVlfLZdOCUEKFp8iunuXrCnDKtxZ36Oi8eCpVcDFFWeg5gause%2F6AkybIQrWmTRUFPCuCyS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a162bb898656b7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cimsuhaud.com/track?dry=true&request_var=6579498&oaid=hpgbbu54ssabi4pvs2yxqu3yydz807zv&os_version=&var=7394482&var_3=&var_4=&variable2=807453335105057276&ymid=6579498&z=7394482&offer_id=14620

172.67.149.90

200 OK

182 B

URL GET HTTP/3
cimsuhaud.com/track?dry=true&request_var=6579498&oaid=hpgbbu54ssabi4pvs2yxqu3yydz807zv&os_version=&var=7394482&var_3=&var_4=&variable2=807453335105057276&ymid=6579498&z=7394482&offer_id=14620
IP
172.67.149.90:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Certificate
IssuerLet's Encrypt
Subjectcimsuhaud.com
Fingerprint83:01:8E:7D:9B:13:9E:65:B8:34:FA:A4:FC:EF:69:6A:E0:1C:DB:46
ValidityFri, 12 Apr 2024 09:44:18 GMT - Thu, 11 Jul 2024 09:44:17 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
182 B (182 bytes)
Hash
e6246b04b7d99b675f7086e756e1f242
9f3b5f5cb9b34830dc20448a0acc83bcce5d2727
5ecadcf1c19edd16643f48e47f530b024c97a5653f98a47e14c61d5270dd7881

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /track?dry=true&request_var=6579498&oaid=hpgbbu54ssabi4pvs2yxqu3yydz807zv&os_version=&var=7394482&var_3=&var_4=&variable2=807453335105057276&ymid=6579498&z=7394482&offer_id=14620 HTTP/1.1
Host: cimsuhaud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cimsuhaud.com/casual-sl/69/14620?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
DNT: 1
Connection: keep-alive
Cookie: OAID=hpgbbu54ssabi4pvs2yxqu3yydz807zv; syncedCookie=true; oaidts=1714080117
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 21:21:57 GMT
content-type: application/json
vary: Accept-Encoding
x-trace-id: b9404edef2419eefb44858910b768a7f
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://cimsuhaud.com/
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: *
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u8ju%2Bp3etlYqXO5eYq0pvo6K77KsgmXH84uJyfuDcJGmEH0LnHAvlzAvmDwJQz7KW0D%2FqSBP%2Fml8w6XELO2Dk0pXXtWvN0AfVAmhT3rvDQ0JJ66q%2FE1EmhBdEFo3t3I%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a162bd8b6156b7-OSL
alt-svc: h3=":443"; ma=86400

cimsuhaud.com/_next/static/chunks/7469.f9ee7b1f85de9892.js

172.67.149.90

200 OK

25 kB

URL GET HTTP/3
cimsuhaud.com/_next/static/chunks/7469.f9ee7b1f85de9892.js
IP
172.67.149.90:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Certificate
IssuerLet's Encrypt
Subjectcimsuhaud.com
Fingerprint83:01:8E:7D:9B:13:9E:65:B8:34:FA:A4:FC:EF:69:6A:E0:1C:DB:46
ValidityFri, 12 Apr 2024 09:44:18 GMT - Thu, 11 Jul 2024 09:44:17 GMT

File type
JavaScript source, ASCII text, with very long lines (25358), with no line terminators
Size
25 kB (25358 bytes)
Hash
25c2f3016477583667d34c10ea54b4f6
da460379d7096e9bb7e26be51f6c6f1ab7ad9a54
2cb350e4525d24ff0f93edc8f1b19543d46d312bdb9fa806fdd31cc1e9512a7b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/7469.f9ee7b1f85de9892.js HTTP/1.1
Host: cimsuhaud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 21:21:56 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"662a72d0-630e"
last-modified: Thu, 25 Apr 2024 15:12:16 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YbBOg7VeRH2ltSFEbfBNLUiX5Ofw9%2FTxEXglGUNAoWOcW2C0T3sCb0PtWYossiMbThLkyFlLOpJmbgN5oCsWkx1YcoBZdQ4OqSq8F9w0NtS8zIKacn67jG49%2BMcthXW9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a162ba484e56b7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cimsuhaud.com/img/insta-date/icon-search.svg

172.67.149.90

200 OK

1.2 kB

URL GET HTTP/3
cimsuhaud.com/img/insta-date/icon-search.svg
IP
172.67.149.90:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Certificate
IssuerLet's Encrypt
Subjectcimsuhaud.com
Fingerprint83:01:8E:7D:9B:13:9E:65:B8:34:FA:A4:FC:EF:69:6A:E0:1C:DB:46
ValidityFri, 12 Apr 2024 09:44:18 GMT - Thu, 11 Jul 2024 09:44:17 GMT

File type
SVG Scalable Vector Graphics image
Size
1.2 kB (1189 bytes)
Hash
488072055d67d669e1763669d22cdcaf
339ea574c429559e3c76241aef1996e1ed903068
017183b32c8aede349ce11fdb7696209377f1a5ac62d48fcb3c33b91159eb738

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/insta-date/icon-search.svg HTTP/1.1
Host: cimsuhaud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cimsuhaud.com/casual-sl/69/14620?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 21:21:57 GMT
content-type: image/svg+xml
last-modified: Thu, 25 Apr 2024 15:12:16 GMT
vary: Accept-Encoding
etag: W/"662a72d0-4a5"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DOgTQHdS7WPFvRQzkenO%2FtrurGBlgjpj%2BJ0%2FB4YKH1GlO1K%2FVXI%2F%2FCos4%2BeuyZUOpAXlmXymBA1L1Z7DSLlml2Bo0Uwr9kSf5lQyR%2F2L8jeU6tZ4tO8bnu25SUaRwLgO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a162bc5a5c56b7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cimsuhaud.com/img/insta-date/icon-like.svg

172.67.149.90

200 OK

914 B

URL GET HTTP/3
cimsuhaud.com/img/insta-date/icon-like.svg
IP
172.67.149.90:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Certificate
IssuerLet's Encrypt
Subjectcimsuhaud.com
Fingerprint83:01:8E:7D:9B:13:9E:65:B8:34:FA:A4:FC:EF:69:6A:E0:1C:DB:46
ValidityFri, 12 Apr 2024 09:44:18 GMT - Thu, 11 Jul 2024 09:44:17 GMT

File type
SVG Scalable Vector Graphics image
Size
914 B (914 bytes)
Hash
475e5aef386d9139cb23b938611cf6e7
fe94d22b81ace37a3da83b49e7b9a7823976d81b
c5dccdfad1de53f78f91c5c8993ee70bfd4698a27b61f034b9448a7d6821c76a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/insta-date/icon-like.svg HTTP/1.1
Host: cimsuhaud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cimsuhaud.com/casual-sl/69/14620?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 21:21:57 GMT
content-type: image/svg+xml
last-modified: Thu, 25 Apr 2024 15:12:16 GMT
vary: Accept-Encoding
etag: W/"662a72d0-392"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9Yg4%2F7P2Mkkvs%2FjLYJENrAGR6QDAkAm5OEsyVdH9kNpJeEgstXab0A7HZlR7P0ehqpbsn6igfVa%2FsW3vTl%2FU71ruFxSx4c%2F8dDV4EIjafG%2B%2F2m9Vsa7iRl4k%2BIBk7lNj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a162bc6a6a56b7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cimsuhaud.com/custom

172.67.149.90

200 OK

39 B

URL POST HTTP/3
cimsuhaud.com/custom
IP
172.67.149.90:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Certificate
IssuerLet's Encrypt
Subjectcimsuhaud.com
Fingerprint83:01:8E:7D:9B:13:9E:65:B8:34:FA:A4:FC:EF:69:6A:E0:1C:DB:46
ValidityFri, 12 Apr 2024 09:44:18 GMT - Thu, 11 Jul 2024 09:44:17 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
39 B (39 bytes)
Hash
c16023891530fbce40f0a1244c3af01c
e15d9dff768d82673e5e797a8395d1fa7d9049b7
c7d0061f2d2b9eb7b65b547c4bdf03f5f332cf34021bc972f64b6ad58d3a121a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /custom HTTP/1.1
Host: cimsuhaud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 429
Origin: https://cimsuhaud.com
DNT: 1
Connection: keep-alive
Referer: https://cimsuhaud.com/casual-sl/69/14620?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Cookie: OAID=hpgbbu54ssabi4pvs2yxqu3yydz807zv; syncedCookie=true; oaidts=1714080117
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/3 200 OK
date: Thu, 25 Apr 2024 21:21:57 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
x-trace-id: 8db65379d57736fd1077ebf8c9844c3d
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://cimsuhaud.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hxEqOJEjiG1bl8tYUqhPn88P6AO9lRZJkSGDCZ%2Fo8u3UDTKkfuiHcXmIY7S3G04%2BCD2wO586Wq0CCWbq6CkpayntPYn98ylEXInpFqEetz6uAD9Pk6eZs%2Bji%2BDr9Vcpr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a162be6c1756b7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cimsuhaud.com/_next/static/chunks/7903-dd238946c7924507.js

172.67.149.90

200 OK

32 kB

URL GET HTTP/3
cimsuhaud.com/_next/static/chunks/7903-dd238946c7924507.js
IP
172.67.149.90:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Certificate
IssuerLet's Encrypt
Subjectcimsuhaud.com
Fingerprint83:01:8E:7D:9B:13:9E:65:B8:34:FA:A4:FC:EF:69:6A:E0:1C:DB:46
ValidityFri, 12 Apr 2024 09:44:18 GMT - Thu, 11 Jul 2024 09:44:17 GMT

File type
JavaScript source, ASCII text, with very long lines (31896), with no line terminators
Size
32 kB (31896 bytes)
Hash
b5dd343db67bd22544d11da18268f5c3
069b5b221dd75af58d93192460778b3d07835e74
6347f1d4083f7a0a2ac3d8b12aae8832d9ea6914aa6e137d16a4d41869d14ea5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/7903-dd238946c7924507.js HTTP/1.1
Host: cimsuhaud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 21:21:56 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"662a72d0-7c98"
last-modified: Thu, 25 Apr 2024 15:12:16 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=et4C%2BeV25WJ1Sq2tfdheGdMNzbEJyXTnWOWQuSLo0YzQ%2BRhyOWxDO0hW3ob54o70Xy%2B7eC95JjvpEE9r9j3vzecHpJW%2BBUVvqzlrID0ff9AwnfscRnPPjrxIycQ3Jhro"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a162ba586156b7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cimsuhaud.com/_next/static/chunks/3091.8141ef861c4fae96.js

172.67.149.90

200 OK

2.4 kB

URL GET HTTP/3
cimsuhaud.com/_next/static/chunks/3091.8141ef861c4fae96.js
IP
172.67.149.90:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Certificate
IssuerLet's Encrypt
Subjectcimsuhaud.com
Fingerprint83:01:8E:7D:9B:13:9E:65:B8:34:FA:A4:FC:EF:69:6A:E0:1C:DB:46
ValidityFri, 12 Apr 2024 09:44:18 GMT - Thu, 11 Jul 2024 09:44:17 GMT

File type
JavaScript source, ASCII text, with very long lines (2431), with no line terminators
Size
2.4 kB (2385 bytes)
Hash
aff0a51ad60c666bf1f7f27ddff14217
9677799390dc5667eeda431957d59b25d6a40946
f495db20d41fe12519423d9776481cd5c3f1dabc346ea304b8a7201b032d4e87

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/3091.8141ef861c4fae96.js HTTP/1.1
Host: cimsuhaud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 21:21:57 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"662a72d0-951"
last-modified: Thu, 25 Apr 2024 15:12:16 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XdqKU%2B7wligSopGVhtUowu5EBkN5gibw1V8%2Fabzc9T1UGjfGpolN0bAvJ2LtWxHUVBh%2FCbnDX0nfTVRLvU6S8L1E8fnZhRBJE%2BdBYVRXN5x6nKRVWRQb3%2FFh%2FKz8NMMy"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a162bb898c56b7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cimsuhaud.com/_next/static/chunks/9787.32846937d0160cf7.js

172.67.149.90

200 OK

1.8 kB

URL GET HTTP/3
cimsuhaud.com/_next/static/chunks/9787.32846937d0160cf7.js
IP
172.67.149.90:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Certificate
IssuerLet's Encrypt
Subjectcimsuhaud.com
Fingerprint83:01:8E:7D:9B:13:9E:65:B8:34:FA:A4:FC:EF:69:6A:E0:1C:DB:46
ValidityFri, 12 Apr 2024 09:44:18 GMT - Thu, 11 Jul 2024 09:44:17 GMT

File type
JavaScript source, ASCII text, with very long lines (1771), with no line terminators
Size
1.8 kB (1761 bytes)
Hash
d269bc24ab428864c8a5d9fd90d791ae
ff1943ecbdb21dd40483e22778b0826bce974cde
086e81568c991bb4f9d7f9bcb854f1f2bf66b7397b1eef5b0753889ccb86cb30

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/9787.32846937d0160cf7.js HTTP/1.1
Host: cimsuhaud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 21:21:57 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"662a72d0-6e1"
last-modified: Thu, 25 Apr 2024 15:12:16 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YcuazA5AkqbvPGaxJBoFQrIqucAk22JWU8cepIBhrfR6rc6xQrik097UpVYf0Y2QVD4l8fzPnu41E5Rzzr%2Fq0%2BeD6thAAHdNeoWaOvmPcXCWu5CIrX7MlfL8MqgL2xyD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a162bba9af56b7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cimsuhaud.com/_next/static/chunks/main-beb6af9e60a8e042.js

172.67.149.90

200 OK

109 kB

URL GET HTTP/3
cimsuhaud.com/_next/static/chunks/main-beb6af9e60a8e042.js
IP
172.67.149.90:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Certificate
IssuerLet's Encrypt
Subjectcimsuhaud.com
Fingerprint83:01:8E:7D:9B:13:9E:65:B8:34:FA:A4:FC:EF:69:6A:E0:1C:DB:46
ValidityFri, 12 Apr 2024 09:44:18 GMT - Thu, 11 Jul 2024 09:44:17 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
109 kB (108886 bytes)
Hash
49c6f57370e917bd37dc7d4d4d0bdb56
f5b56f5b9498f3500055c5614808903d85303991
0409ec519061477c75738733ce598796a11cd445e95df1cd3e72d0ef58136fd4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/main-beb6af9e60a8e042.js HTTP/1.1
Host: cimsuhaud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 21:21:56 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=108887
etag: W/"662a72d0-1a957"
last-modified: Thu, 25 Apr 2024 15:12:16 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X5M%2Fn8zfjaNwMA9QhDTqwGmS8YEaXcv8yeEHVgjXQ4nkTFweFZc9%2F9ZWXa93hzdgkHwWDlZBA%2BN8ys8p%2BpX2lM5o2DE5rstpplWLaBWZ2L6n1yWNgoVg4GUtNgcCcKSQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a162ba485656b7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cimsuhaud.com/_next/static/chunks/2090-519478c186a3d867.js

172.67.149.90

200 OK

11 kB

URL GET HTTP/3
cimsuhaud.com/_next/static/chunks/2090-519478c186a3d867.js
IP
172.67.149.90:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Certificate
IssuerLet's Encrypt
Subjectcimsuhaud.com
Fingerprint83:01:8E:7D:9B:13:9E:65:B8:34:FA:A4:FC:EF:69:6A:E0:1C:DB:46
ValidityFri, 12 Apr 2024 09:44:18 GMT - Thu, 11 Jul 2024 09:44:17 GMT

File type
JavaScript source, ASCII text, with very long lines (10752), with no line terminators
Size
11 kB (10752 bytes)
Hash
37545926cc9a6e537b9f3e95d7a16c1e
c3cbfe1f9737817eda25770274e97feaf6b8cc68
d3ccc772608b2a03a543da22715903e2b6e2c14c42c2f475a0f483ac3cd64b37

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/2090-519478c186a3d867.js HTTP/1.1
Host: cimsuhaud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 21:21:56 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"662a72d0-2a00"
last-modified: Thu, 25 Apr 2024 15:12:16 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y0i%2Bybolzg2wG407ydSUY6qwglmB2lihRjnIkRHoiAtig%2FTIRQOiATSyS%2FZJJ7LtlzjtEJ325ZTDOWeX2m%2BqRcg0CyhCEX%2BRa0O7LtOFh9N4t2nYbL0zGWatDvyGUqFS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a162ba586556b7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cimsuhaud.com/img/insta-date/icon-user.svg

172.67.149.90

200 OK

844 B

URL GET HTTP/3
cimsuhaud.com/img/insta-date/icon-user.svg
IP
172.67.149.90:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Certificate
IssuerLet's Encrypt
Subjectcimsuhaud.com
Fingerprint83:01:8E:7D:9B:13:9E:65:B8:34:FA:A4:FC:EF:69:6A:E0:1C:DB:46
ValidityFri, 12 Apr 2024 09:44:18 GMT - Thu, 11 Jul 2024 09:44:17 GMT

File type
SVG Scalable Vector Graphics image
Size
844 B (844 bytes)
Hash
f288602cae59d26fbcb055f3399fa0d8
d103820b9352f39bca132adfec1c881836a3b1bb
7cf808b8fe1165a3811d60fc7184715af373401def8242a7cc40ecb5b5c293d6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/insta-date/icon-user.svg HTTP/1.1
Host: cimsuhaud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cimsuhaud.com/casual-sl/69/14620?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 21:21:57 GMT
content-type: image/svg+xml
last-modified: Thu, 25 Apr 2024 15:12:16 GMT
vary: Accept-Encoding
etag: W/"662a72d0-34c"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VCVNIT0U5xADL4Qfcep3R%2FgAMSWZzC7qOZpm2VgTamSTsvQqZFvg71g04QfqwWnNa5LeXM80MUI%2BmSxTTz5N0t2CIGTnCz4R1vbYiE30A2H4OQE3a0wYuH6pfTRbzjy7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a162bc9a8d56b7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cimsuhaud.com/_next/static/chunks/1155-d7686500f009e1a8.js

172.67.149.90

200 OK

66 kB

URL GET HTTP/3
cimsuhaud.com/_next/static/chunks/1155-d7686500f009e1a8.js
IP
172.67.149.90:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Certificate
IssuerLet's Encrypt
Subjectcimsuhaud.com
Fingerprint83:01:8E:7D:9B:13:9E:65:B8:34:FA:A4:FC:EF:69:6A:E0:1C:DB:46
ValidityFri, 12 Apr 2024 09:44:18 GMT - Thu, 11 Jul 2024 09:44:17 GMT

File type
JavaScript source, ASCII text, with very long lines (65462), with no line terminators
Size
66 kB (65462 bytes)
Hash
613f5d49f7d43d94b46505b05e0590c3
e4d44234534d7a70e04140fa59940b23c99d9a86
07f78aaa713b41b3253165b89b449dfe3ad0485e2423b64b5a5d35b2b8b02078

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/1155-d7686500f009e1a8.js HTTP/1.1
Host: cimsuhaud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 21:21:56 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"662a72d0-ffb6"
last-modified: Thu, 25 Apr 2024 15:12:16 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B4NHBjSJ8zCZWtCVrPf%2FXio%2FcYuRFXdN%2FTgG8Ijl0DHsd7%2Bt8vX6AbMj7pKrwXDxh0LGaNY5VSvVmI%2FAvo3QQnTaNoXSsccpIwZXIYXisR6KUwToS3cPzWm14O32ESRz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a162ba586856b7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cimsuhaud.com/_next/static/chunks/1754.983ed55293c299ce.js

172.67.149.90

200 OK

13 kB

URL GET HTTP/3
cimsuhaud.com/_next/static/chunks/1754.983ed55293c299ce.js
IP
172.67.149.90:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Certificate
IssuerLet's Encrypt
Subjectcimsuhaud.com
Fingerprint83:01:8E:7D:9B:13:9E:65:B8:34:FA:A4:FC:EF:69:6A:E0:1C:DB:46
ValidityFri, 12 Apr 2024 09:44:18 GMT - Thu, 11 Jul 2024 09:44:17 GMT

File type
JavaScript source, ASCII text, with very long lines (12711), with no line terminators
Size
13 kB (12711 bytes)
Hash
aaadd1fe7166e1641b80d4a871e91a77
44dd71230caa2b99dbe1a804fb3e444fa2dd8255
918408a27b1ee2472daf8940c82be10db3c347bf9111c15eb4b23bd34600153a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/1754.983ed55293c299ce.js HTTP/1.1
Host: cimsuhaud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 21:21:57 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"662a72d0-31a7"
last-modified: Thu, 25 Apr 2024 15:12:16 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c3%2Fl4iEtYGsLwh0ehtkdAz5SKSbPYfXO2SJHX6ebfWSK85TxZHgDrm8BAcCkAUhAdBSU%2Fjgu6Wkf2IpP0ePgkewBfgcRzg0068DM95eKqI8z%2BcdMOkrI8ju51Js8BFJD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a162bba9a856b7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cimsuhaud.com/img/insta-date/flirt-logo.svg

172.67.149.90

200 OK

12 kB

URL GET HTTP/3
cimsuhaud.com/img/insta-date/flirt-logo.svg
IP
172.67.149.90:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Certificate
IssuerLet's Encrypt
Subjectcimsuhaud.com
Fingerprint83:01:8E:7D:9B:13:9E:65:B8:34:FA:A4:FC:EF:69:6A:E0:1C:DB:46
ValidityFri, 12 Apr 2024 09:44:18 GMT - Thu, 11 Jul 2024 09:44:17 GMT

File type
SVG Scalable Vector Graphics image
Size
12 kB (12496 bytes)
Hash
331429835316d613e7e628d1cfb64191
e2d1e1775e946fb94235d21d3e3f9c750993b3ca
607ebb2b7a98fea62d02b4f209cecb19a7ca3134a27bf1d4eafde6e7ab5da6cc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/insta-date/flirt-logo.svg HTTP/1.1
Host: cimsuhaud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cimsuhaud.com/casual-sl/69/14620?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 21:21:57 GMT
content-type: image/svg+xml
last-modified: Thu, 25 Apr 2024 15:12:16 GMT
vary: Accept-Encoding
etag: W/"662a72d0-30d0"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HMIrIuhFCasyS4Rz25QkLI30NBHLs%2F%2FiSJYbNAMb2IP4jL7j6yT5e2qKhzDIPOejajc%2F4G13JTZ63FqDrOUxwBhb5xxXN6fgmALpCraTQdhAFFfUfGvKwOMuvKyayiEY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a162bc9a8b56b7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482

172.67.149.90

200 OK

18 kB

URL User Request GET HTTP/2
cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
IP
172.67.149.90:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectcimsuhaud.com
Fingerprint83:01:8E:7D:9B:13:9E:65:B8:34:FA:A4:FC:EF:69:6A:E0:1C:DB:46
ValidityFri, 12 Apr 2024 09:44:18 GMT - Thu, 11 Jul 2024 09:44:17 GMT

File type
HTML document, ASCII text, with very long lines (6975)
Size
18 kB (18203 bytes)
Hash
58a742fbfbdbfdca1cdd8aeb1e6bfa1c
ff1cb97bdf115549c0c489aaf049852d06e159db
cd1090f46dae5a8a425b8b7f2a2c9778a4edef2d360576bda7c6bea0f56594dc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482 HTTP/1.1
Host: cimsuhaud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 25 Apr 2024 21:21:56 GMT
content-type: text/html
last-modified: Thu, 25 Apr 2024 15:12:17 GMT
vary: Accept-Encoding
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=F9WGqTAis13rfQ41p9JOaHfotiVRnxebxuS%2FNVRTb%2BdwVbwDy13Kw%2F57w9O1rLD7xUv%2BOwltMipjqW4L6fDoqthVAqK81NutoPtA9t4lVNpmg6GNhcgucOM88x6S3AXR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a162b88dff56c1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cimsuhaud.com/_next/static/chunks/pages/%5BlandingName%5D/%5BconfigId%5D/%5B%5B...slug%5D%5D-eaddf0428a16426c.js

172.67.149.90

200 OK

662 B

URL GET HTTP/3
cimsuhaud.com/_next/static/chunks/pages/%5BlandingName%5D/%5BconfigId%5D/%5B%5B...slug%5D%5D-eaddf0428a16426c.js
IP
172.67.149.90:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Certificate
IssuerLet's Encrypt
Subjectcimsuhaud.com
Fingerprint83:01:8E:7D:9B:13:9E:65:B8:34:FA:A4:FC:EF:69:6A:E0:1C:DB:46
ValidityFri, 12 Apr 2024 09:44:18 GMT - Thu, 11 Jul 2024 09:44:17 GMT

File type
JavaScript source, ASCII text, with very long lines (666), with no line terminators
Size
662 B (662 bytes)
Hash
49f9c13e383477050c867416e60b3222
eeb57b5af30601d21511ff1eb94001b86d0c6465
1430b1cd7eaade1b7ba5b3a245f9221c0f6067efd03fc812821d0762b5d10ad4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/pages/%5BlandingName%5D/%5BconfigId%5D/%5B%5B...slug%5D%5D-eaddf0428a16426c.js HTTP/1.1
Host: cimsuhaud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 21:21:56 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"662a72d0-296"
last-modified: Thu, 25 Apr 2024 15:12:16 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F1CP2yXweb2vea2WtkSEPtEzYucOn6Ynf41zWwT8Ax%2BI%2B20XpGfBtR3ViXp45U9eQivlGJuuky1ndbuZ8DB0k4iPOMPqXAsLgjueFcuMFrpZb%2BK1MYDDeaVjZx%2FUIKCd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a162ba586956b7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cimsuhaud.com/_next/static/prhu88fhWjcFxMpI6LI5_/_ssgManifest.js

172.67.149.90

200 OK

182 B

URL GET HTTP/3
cimsuhaud.com/_next/static/prhu88fhWjcFxMpI6LI5_/_ssgManifest.js
IP
172.67.149.90:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Certificate
IssuerLet's Encrypt
Subjectcimsuhaud.com
Fingerprint83:01:8E:7D:9B:13:9E:65:B8:34:FA:A4:FC:EF:69:6A:E0:1C:DB:46
ValidityFri, 12 Apr 2024 09:44:18 GMT - Thu, 11 Jul 2024 09:44:17 GMT

File type
ASCII text, with no line terminators
Size
182 B (182 bytes)
Hash
ca6aa05f78eb6859347a61db067f16dc
444e70f53eb809f0920de921925d854baccdd251
11ca6f5cc9bc3b5e4021fe0fdad57091b6e8b54a5018672cf9d8b6a7e4f0e229

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/prhu88fhWjcFxMpI6LI5_/_ssgManifest.js HTTP/1.1
Host: cimsuhaud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 21:21:56 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"662a72d0-b6"
last-modified: Thu, 25 Apr 2024 15:12:16 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Nts1lxIs%2BkcLJaYbhkOOTi5cTK8V9CZPToj2p01w621rPCFoRLRpSsEggfYom736lUdAOI3Wy5k8yA6v1hed3TFVl1S17JVsmbHB5MxvF1K%2B%2FqBJP562KDyj%2Bi09obIc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a162ba586c56b7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cimsuhaud.com/img/insta-date/icon-home.svg

172.67.149.90

200 OK

889 B

URL GET HTTP/3
cimsuhaud.com/img/insta-date/icon-home.svg
IP
172.67.149.90:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Certificate
IssuerLet's Encrypt
Subjectcimsuhaud.com
Fingerprint83:01:8E:7D:9B:13:9E:65:B8:34:FA:A4:FC:EF:69:6A:E0:1C:DB:46
ValidityFri, 12 Apr 2024 09:44:18 GMT - Thu, 11 Jul 2024 09:44:17 GMT

File type
SVG Scalable Vector Graphics image
Size
889 B (889 bytes)
Hash
66aefa898691b14140301718a57591a3
f57cefb12540435ababdd9ea638d2f003a1b1508
b3a4353893077af30e9b6ea332a997ecfb28592a9546a64c726916c5c7418e8a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/insta-date/icon-home.svg HTTP/1.1
Host: cimsuhaud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cimsuhaud.com/casual-sl/69/14620?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 21:21:57 GMT
content-type: image/svg+xml
last-modified: Thu, 25 Apr 2024 15:12:16 GMT
vary: Accept-Encoding
etag: W/"662a72d0-379"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=krX06zIeG4rupxuEa5NKlMsL%2FsTsXq%2BOwNXleM4EW1%2FTg9spBULRQhD3NILNyE88noxj5JyV7%2BTFN8JTUZ2B8ozwkHogEH12kdhiYt83b5UOGsyuIHcRdNR%2FIRDpXVuq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a162bc5a5b56b7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cimsuhaud.com/_next/static/css/0bc0cde260d08b97.css

172.67.149.90

200 OK

1.8 kB

URL GET HTTP/3
cimsuhaud.com/_next/static/css/0bc0cde260d08b97.css
IP
172.67.149.90:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Certificate
IssuerLet's Encrypt
Subjectcimsuhaud.com
Fingerprint83:01:8E:7D:9B:13:9E:65:B8:34:FA:A4:FC:EF:69:6A:E0:1C:DB:46
ValidityFri, 12 Apr 2024 09:44:18 GMT - Thu, 11 Jul 2024 09:44:17 GMT

File type
ASCII text, with very long lines (1841), with no line terminators
Size
1.8 kB (1841 bytes)
Hash
ff1d3d5d24ca0172d59b02e7505ddaa1
41e83ee08e21f369886b0fdad0ba01d8b20897b6
939b17f98d9d3585510edafa70c73c6619ea20d9b401b4396041272bed67ecf6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/css/0bc0cde260d08b97.css HTTP/1.1
Host: cimsuhaud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 21:21:56 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=1843
etag: W/"662a72d0-733"
last-modified: Thu, 25 Apr 2024 15:12:16 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bz8KfFDjNU1LRGRdRb5UFb4%2BIOBBubzcWGGx4zb6LSEKN5QqXp1El4vjHbGHaCZ7jUbhrl5ptN4JCuLdaSCD9RGltMk7FujYIR73janvIOQQtWqX095Ar6MMTsUd8Pjz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a162ba484b56b7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cimsuhaud.com/custom

172.67.149.90

200 OK

39 B

URL POST HTTP/3
cimsuhaud.com/custom
IP
172.67.149.90:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Certificate
IssuerLet's Encrypt
Subjectcimsuhaud.com
Fingerprint83:01:8E:7D:9B:13:9E:65:B8:34:FA:A4:FC:EF:69:6A:E0:1C:DB:46
ValidityFri, 12 Apr 2024 09:44:18 GMT - Thu, 11 Jul 2024 09:44:17 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
39 B (39 bytes)
Hash
c16023891530fbce40f0a1244c3af01c
e15d9dff768d82673e5e797a8395d1fa7d9049b7
c7d0061f2d2b9eb7b65b547c4bdf03f5f332cf34021bc972f64b6ad58d3a121a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /custom HTTP/1.1
Host: cimsuhaud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 426
Origin: https://cimsuhaud.com
DNT: 1
Connection: keep-alive
Referer: https://cimsuhaud.com/casual-sl/69/14620?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Cookie: OAID=hpgbbu54ssabi4pvs2yxqu3yydz807zv; syncedCookie=true; oaidts=1714080117
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/3 200 OK
date: Thu, 25 Apr 2024 21:21:57 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
x-trace-id: d0f26bd208d80b2449c30cb056457844
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://cimsuhaud.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O%2B37dmjSUJq6qohTki4tcnAZsG86zhI6%2F%2BK1FJtIG2F9bGXezg7ZyfmY2cmJnM2bLqJtXXsbt%2BF9h1IUhokce1wnazNjdkinEuVASWUr4sFyOuk9EfOWIgA4X128QV%2FS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a162be5c0b56b7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cimsuhaud.com/custom

172.67.149.90

200 OK

39 B

URL POST HTTP/3
cimsuhaud.com/custom
IP
172.67.149.90:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Certificate
IssuerLet's Encrypt
Subjectcimsuhaud.com
Fingerprint83:01:8E:7D:9B:13:9E:65:B8:34:FA:A4:FC:EF:69:6A:E0:1C:DB:46
ValidityFri, 12 Apr 2024 09:44:18 GMT - Thu, 11 Jul 2024 09:44:17 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
39 B (39 bytes)
Hash
c16023891530fbce40f0a1244c3af01c
e15d9dff768d82673e5e797a8395d1fa7d9049b7
c7d0061f2d2b9eb7b65b547c4bdf03f5f332cf34021bc972f64b6ad58d3a121a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /custom HTTP/1.1
Host: cimsuhaud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 428
Origin: https://cimsuhaud.com
DNT: 1
Connection: keep-alive
Referer: https://cimsuhaud.com/casual-sl/69/14620?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Cookie: OAID=hpgbbu54ssabi4pvs2yxqu3yydz807zv; syncedCookie=true; oaidts=1714080117
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/3 200 OK
date: Thu, 25 Apr 2024 21:21:57 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
x-trace-id: fa965ece4824677c83f758516b31d5a2
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://cimsuhaud.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GYvCSEBgFJVftYnvrxvc7xel9ZnfbdRLiYR4VTIXUgbPq%2BxR%2BkqA7AdhN7Ps5g%2FFfV0g2t0o6FO1m0wWbP27QhC4OZ%2BQmkcHrxVp7bv7CFtGqF0A4vdmhX%2FNICUc5G1N"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a162be6c2256b7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cimsuhaud.com/casual-sl/69/14620?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482

172.67.149.90

301 Moved Permanently

18 kB

URL User Request GET HTTP/2
cimsuhaud.com/casual-sl/69/14620?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
IP
172.67.149.90:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectcimsuhaud.com
Fingerprint83:01:8E:7D:9B:13:9E:65:B8:34:FA:A4:FC:EF:69:6A:E0:1C:DB:46
ValidityFri, 12 Apr 2024 09:44:18 GMT - Thu, 11 Jul 2024 09:44:17 GMT

File type

Size
18 kB (18203 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /casual-sl/69/14620?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482 HTTP/1.1
Host: cimsuhaud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Thu, 25 Apr 2024 21:21:56 GMT
content-type: text/html
location: http://cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
vary: Accept-Encoding
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ItewqdvomXRn3YYRZMSfcwDzKgn7Rnnpb1oxbptJiPIx6g23kA6AUzvTQLSTESfYGhWfbC7iwTeTBy4QazEkyCTUgAWN8fjDtMkNG%2B0O0FXxuT8v5fcMfWwKaaLQHamH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a162b77d1156c1-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cimsuhaud.com/_next/static/chunks/webpack-a2bc5b9348705b8c.js

172.67.149.90

200 OK

6.3 kB

URL GET HTTP/3
cimsuhaud.com/_next/static/chunks/webpack-a2bc5b9348705b8c.js
IP
172.67.149.90:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Certificate
IssuerLet's Encrypt
Subjectcimsuhaud.com
Fingerprint83:01:8E:7D:9B:13:9E:65:B8:34:FA:A4:FC:EF:69:6A:E0:1C:DB:46
ValidityFri, 12 Apr 2024 09:44:18 GMT - Thu, 11 Jul 2024 09:44:17 GMT

File type
JavaScript source, ASCII text, with very long lines (6537), with no line terminators
Size
6.3 kB (6289 bytes)
Hash
126b569c97e24d6a866b73bd4675e9de
2c33320f6b6ef0c0f650e22fd8dd6ba4a9198056
83a46cf91aa584396d54046d4badb5360b558ea49b4ea5858aae2aef15492375

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/webpack-a2bc5b9348705b8c.js HTTP/1.1
Host: cimsuhaud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 21:21:56 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"662a72d0-1891"
last-modified: Thu, 25 Apr 2024 15:12:16 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4o%2Fy00B5xxDfKf6eTJJGNEeOaLMJEuuwxw9mDkOVxXpLYHWCSdFwdjFHkEh6iuecv6bFukq3hm9CkRIPw5LhyfilMVqKyHMJYPAc6U8M78bFLCFpRp4MSbeqLr7J%2F7BN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a162ba484f56b7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cimsuhaud.com/video/insta-date/girl_insta-2.mp4

172.67.149.90

206 Partial Content

262 kB

URL GET HTTP/3
cimsuhaud.com/video/insta-date/girl_insta-2.mp4
IP
172.67.149.90:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Certificate
IssuerLet's Encrypt
Subjectcimsuhaud.com
Fingerprint83:01:8E:7D:9B:13:9E:65:B8:34:FA:A4:FC:EF:69:6A:E0:1C:DB:46
ValidityFri, 12 Apr 2024 09:44:18 GMT - Thu, 11 Jul 2024 09:44:17 GMT

File type
ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
Size
262 kB (262144 bytes)
Hash
1d27ce52439807c9dbbed6386fe52d75
fd60659f11f080eefe5bbe2f2c8f2472cd724fa9
6e145b010b9fe3088db79aa7ed6008f7c80bf65639ddbecbb084af4f97a173b6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /video/insta-date/girl_insta-2.mp4 HTTP/1.1
Host: cimsuhaud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://cimsuhaud.com/casual-sl/69/14620?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 206 Partial Content
date: Thu, 25 Apr 2024 21:21:57 GMT
content-type: video/mp4
content-length: 287636
last-modified: Thu, 25 Apr 2024 15:12:16 GMT
vary: Accept-Encoding
etag: "662a72d0-46394"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
content-range: bytes 0-287635/287636
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nqr7NKvCundr%2B792A%2BK7IASAoAXrGgIKEJhaUU8YonzcWEu%2BipwWP%2B5XjYBVFjra93%2BRmmOUH2H1XdwuVWrQ8Yith4khfQEDxQNHqsdq304uCVUfF2TtXrMqpOLTCn3%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a162bc5a5a56b7-OSL
alt-svc: h3=":443"; ma=86400

cimsuhaud.com/img/insta-date/icon-plus.svg

172.67.149.90

200 OK

1.1 kB

URL GET HTTP/3
cimsuhaud.com/img/insta-date/icon-plus.svg
IP
172.67.149.90:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Certificate
IssuerLet's Encrypt
Subjectcimsuhaud.com
Fingerprint83:01:8E:7D:9B:13:9E:65:B8:34:FA:A4:FC:EF:69:6A:E0:1C:DB:46
ValidityFri, 12 Apr 2024 09:44:18 GMT - Thu, 11 Jul 2024 09:44:17 GMT

File type
SVG Scalable Vector Graphics image
Size
1.1 kB (1117 bytes)
Hash
e34ed088b1578c210cfb90721b0fbd57
0ccb74de9b576f9c06821613e06fbb6ea5fc57a6
7cfec0a7e0f363d5942e142f1355a63ee705417db7328b9a0e142fcd026d48d7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/insta-date/icon-plus.svg HTTP/1.1
Host: cimsuhaud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cimsuhaud.com/casual-sl/69/14620?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 21:21:57 GMT
content-type: image/svg+xml
last-modified: Thu, 25 Apr 2024 15:12:16 GMT
vary: Accept-Encoding
etag: W/"662a72d0-45d"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UIQEzOGHih9Av2Suj%2B4bZv00%2Bn6FWEFVU6YEeNfyU9CpqV8y0j%2FM7ry2qXoNPxFIIsU8qWP2FdXsvcrB5dJXMaEg2hWfAEJY7z8uIkD3cFJhJ%2BIBFRK5pfi1vRovPANN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a162bc6a6956b7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cdntechone.com/stattag.js

188.114.96.1

200 OK

19 kB

URL GET HTTP/2
cdntechone.com/stattag.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Certificate
IssuerGoogle Trust Services LLC
Subjectcdntechone.com
Fingerprint3D:20:D4:11:5D:06:B3:63:9C:08:BF:D9:D9:16:22:D5:DC:3B:9A:CB
ValidityMon, 22 Apr 2024 03:33:58 GMT - Sun, 21 Jul 2024 03:33:57 GMT

File type
JavaScript source, ASCII text, with very long lines (18452)
Size
19 kB (19102 bytes)
Hash
bec2755dff94190fec0365b0db53807b
f98c36e7e9e06325d03fe39c3b98879062fc2704
ccb15ff22ece6946136f1501ab3ae74155399187c8e85beb10399d56bb8e149a

HTTP Headers

GET /stattag.js HTTP/1.1
Host: cdntechone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cimsuhaud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 25 Apr 2024 21:21:57 GMT
content-type: application/javascript
last-modified: Wed, 07 Feb 2024 12:51:04 GMT
etag: W/"65c37cb8-4a9e"
link: <https://datatechone.com/>; rel=preconnect; crossorigin, <https://datatechonert.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 3902
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z0eA1ynpQiCAVl72uj7rLE5XFm6mwYBR14fxG0fY%2BNLV53Om6MQoB86LcooO9EH%2FV%2FeCU2pCWdMQpsaNdRaAa5ews0K%2Ftge7uwg%2FORdc50a2Gu0ritJsAOz2Y39j1mPjiw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a162bcd9c95699-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cimsuhaud.com/pfe/current/micro.tag.min.js?sw=/sw/universal.js&var=7394482&ymid=6579498&b=20865996&campaignid=8136509&click_id=807453335105057276&ab2r=&rhd=1&var_3=807453335105057276&oaid=hpgbbu54ssabi4pvs2yxqu3yydz807zv&os_version=&btz=UTC&bto=0&z=6520092&cdn=1&domain=cimsuhaud.com&ab2=&ab2_ttl=5184000

172.67.149.90

200 OK

37 kB

URL GET HTTP/3
cimsuhaud.com/pfe/current/micro.tag.min.js?sw=/sw/universal.js&var=7394482&ymid=6579498&b=20865996&campaignid=8136509&click_id=807453335105057276&ab2r=&rhd=1&var_3=807453335105057276&oaid=hpgbbu54ssabi4pvs2yxqu3yydz807zv&os_version=&btz=UTC&bto=0&z=6520092&cdn=1&domain=cimsuhaud.com&ab2=&ab2_ttl=5184000
IP
172.67.149.90:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cimsuhaud.com/casual-sl/69/14620/?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Certificate
IssuerLet's Encrypt
Subjectcimsuhaud.com
Fingerprint83:01:8E:7D:9B:13:9E:65:B8:34:FA:A4:FC:EF:69:6A:E0:1C:DB:46
ValidityFri, 12 Apr 2024 09:44:18 GMT - Thu, 11 Jul 2024 09:44:17 GMT

File type
JavaScript source, ASCII text, with very long lines (37142), with no line terminators
Size
37 kB (37142 bytes)
Hash
32d6dbd00a639e2cd10d1704b9159bd5
0dab4c95675393f1d0e13d20f13d80ee12e41d95
9f339e5efd7c959419a4e86bb4c5e9f07eae2ed839484846157be981917743de

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pfe/current/micro.tag.min.js?sw=/sw/universal.js&var=7394482&ymid=6579498&b=20865996&campaignid=8136509&click_id=807453335105057276&ab2r=&rhd=1&var_3=807453335105057276&oaid=hpgbbu54ssabi4pvs2yxqu3yydz807zv&os_version=&btz=UTC&bto=0&z=6520092&cdn=1&domain=cimsuhaud.com&ab2=&ab2_ttl=5184000 HTTP/1.1
Host: cimsuhaud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cimsuhaud.com/casual-sl/69/14620?b=20865996&campaignid=8136509&s=807453335105057276&var=6579498&ymid=807453335105057276&z=7394482
Cookie: OAID=hpgbbu54ssabi4pvs2yxqu3yydz807zv; syncedCookie=true; oaidts=1714080117
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 21:21:57 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 10:49:22 GMT
vary: Accept-Encoding
etag: W/"662a3532-9116"
access-control-allow-credentials: true
cache-control: max-age=1800
pragma: no-cache
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JfrAA6fO9YxYlT2OOgH9hBDxi0Eb4E1OJ7%2BDwn8klnKUhLnTDVMns%2FAUX8kanVy%2BG1tqm6EoOBA95qh2KNiflpUeg%2FVRUGjVm1VL%2BfA7Q3kne5IRj9UgOZpzoPz8PMU3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a162bdab7b56b7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (19)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML