Report - number.94trackdomain.com/5f52cc5b-283c-45d8-8655-917075f9aebb

Report Overview

Visited public
2025-05-12 04:19:50
Tags
URL
number.94trackdomain.com/5f52cc5b-283c-45d8-8655-917075f9aebb
Finishing URL
bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
IP / ASN
3.167.2.24
#0
Title
Online monitor

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
use.fontawesome.com	942	2012-10-18	2017-01-30	2025-05-07	1.9 kB	122 kB	104.21.27.152
translate.googleapis.com	1005	2005-01-25	2012-05-31	2025-05-07	1.7 kB	220 kB	216.58.207.234
translate.google.com	1156	1997-09-15	2012-05-30	2025-05-07	458 B	80 kB	142.250.74.174
ajax.googleapis.com	12905	2005-01-25	2012-05-22	2025-05-07	441 B	90 kB	142.250.178.106
fonts.gstatic.com	unknown	2008-02-11	2014-04-02	2025-05-07	463 B	7.1 kB	142.250.74.35
number.94trackdomain.com	unknown	2025-02-10	2025-05-09	2025-05-09	529 B	14 kB	3.167.2.107
www.gstatic.com	unknown	2008-02-11	2012-05-29	2025-05-07	1.1 kB	24 kB	142.250.178.67
cdnjs.cloudflare.com	235	2009-02-17	2012-05-23	2025-05-07	441 B	5.3 kB	104.17.25.14
bicarest.xyz	unknown	2025-04-03	2025-05-09	2025-05-09	31 kB	1.1 MB	45.141.156.109

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-05-12	medium	bicarest.xyz	Sinkholed
2025-05-12	medium	bicarest.xyz	Sinkholed
2025-05-12	medium	bicarest.xyz	Sinkholed
2025-05-12	medium	bicarest.xyz	Sinkholed
2025-05-12	medium	bicarest.xyz	Sinkholed
2025-05-12	medium	bicarest.xyz	Sinkholed
2025-05-12	medium	bicarest.xyz	Sinkholed
2025-05-12	medium	bicarest.xyz	Sinkholed
2025-05-12	medium	bicarest.xyz	Sinkholed
2025-05-12	medium	bicarest.xyz	Sinkholed
2025-05-12	medium	bicarest.xyz	Sinkholed
2025-05-12	medium	bicarest.xyz	Sinkholed
2025-05-12	medium	bicarest.xyz	Sinkholed
2025-05-12	medium	bicarest.xyz	Sinkholed
2025-05-12	medium	bicarest.xyz	Sinkholed
2025-05-12	medium	bicarest.xyz	Sinkholed
2025-05-12	medium	bicarest.xyz	Sinkholed
2025-05-12	medium	bicarest.xyz	Sinkholed
2025-05-12	medium	bicarest.xyz	Sinkholed
2025-05-12	medium	bicarest.xyz	Sinkholed
2025-05-12	medium	bicarest.xyz	Sinkholed
2025-05-12	medium	bicarest.xyz	Sinkholed
2025-05-12	medium	bicarest.xyz	Sinkholed
2025-05-12	medium	bicarest.xyz	Sinkholed
2025-05-12	medium	bicarest.xyz	Sinkholed
2025-05-12	medium	bicarest.xyz	Sinkholed
2025-05-12	medium	bicarest.xyz	Sinkholed
2025-05-12	medium	bicarest.xyz	Sinkholed
2025-05-12	medium	bicarest.xyz	Sinkholed
2025-05-12	medium	bicarest.xyz	Sinkholed
2025-05-12	medium	bicarest.xyz	Sinkholed
2025-05-12	medium	bicarest.xyz	Sinkholed
2025-05-12	medium	bicarest.xyz	Sinkholed
2025-05-12	medium	bicarest.xyz	Sinkholed
2025-05-12	medium	bicarest.xyz	Sinkholed
2025-05-12	medium	bicarest.xyz	Sinkholed
2025-05-12	medium	bicarest.xyz	Sinkholed

ThreatFox

No alerts detected

JavaScript (9)

	URL	From	Size	First Seen	Last Seen
	bicarest.xyz/_/translate_http/_/js/k=translate_http.tr.no.fJOnaP0jscc.O/am=AAY/d=1/rs=AN8SPfpiVKTPMgdH9z3-c7KIYYCX192JgQ/m=el_conf	ScriptElement	80 kB	2025-05-12	2025-05-12
Pretty URL bicarest.xyz/_/translate_http/_/js/k=translate_http.tr.no.fJOnaP0jscc.O/am=AAY/d=1/rs=AN8SPfpiVKTPMgdH9z3-c7KIYYCX192JgQ/m=el_conf IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-12 04:19 Last Seen2025-05-12 04:19 Times Seen1 Hash 9d4e59b3db86d66384a7adf074264332 a6e2883b5d30ead3ad37a6e28695bcafe21bac14 458b1dd949e35ab9ef563acca2b49a1437f2240ea94ac2caa875281432634cca Loading...

	about:srcdoc#206	ScriptElement	1.7 kB	2024-09-18	2025-05-16
Pretty URL about:srcdoc#206 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-09-18 13:29 Last Seen2025-05-16 03:39 Times Seen1116 Hash 6652f9414e99edb4f007b116dcb97690 03a1541842942c5832cf08c8f24c59eb9f913220 d77d07e390347beb504ef3bdd421ff18a21f985eecb6c60b1657fda05d0f84ba Loading...

	bicarest.xyz/dn_30/js/cookies.js	ScriptElement	2.2 kB	2023-03-07	2025-05-12
Pretty URL bicarest.xyz/dn_30/js/cookies.js IP 45.141.156.109 ASN #31469 Virtual Systems LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-05-12 04:19 Times Seen590 Hash c9e9a54501fc6f6e8918b2c0f2a53981 3d530e6c830ccba6284e79c7245bb45d6f4f2197 491fdee141835401d29318ca584ac3e91a38c92d8694f26d90883bfc324ca454 Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js	ScriptElement	90 kB	2023-03-07	2025-05-16
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js IP 142.250.178.106 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-16 03:39 Times Seen109607 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

	bicarest.xyz/dn_30/js/custom.js	ScriptElement	10 kB	2025-05-12	2025-05-12
Pretty URL bicarest.xyz/dn_30/js/custom.js IP 45.141.156.109 ASN #31469 Virtual Systems LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-12 04:19 Last Seen2025-05-12 04:19 Times Seen1 Hash 1fbc36247873b73d26684dfc7b46cf1e 43db1c575239572ccac2d6f48992e5c59de081b6 c8b189b682790c3dd91af0ed11a4267d25d32754e3cdeb83ab8e13d3166f0129 Loading...

	translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.no.fJOnaP0jscc.O/am=ACA/d=1/exm=el_conf/ed=1/rs=AN8SPfqv2zXhQAfrcC_9KQWUqEZ9Jks8Ag/m=el_main	ScriptElement	218 kB	2025-03-24	2025-05-16
Pretty URL translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.no.fJOnaP0jscc.O/am=ACA/d=1/exm=el_conf/ed=1/rs=AN8SPfqv2zXhQAfrcC_9KQWUqEZ9Jks8Ag/m=el_main IP 216.58.207.234 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-24 19:35 Last Seen2025-05-16 03:39 Times Seen1687 Hash 196563abd567557ce7900f356df9048c 7c140ff50c164d5901faa4c4e74fcb11482b9c32 eadb2140c433b64ca74a8e25665b4f80a54a4183c3cb01da578e7426fbae95c8 Loading...

	use.fontawesome.com/f182237388.js	ScriptElement	9.5 kB	2023-03-08	2025-05-12
Pretty URL use.fontawesome.com/f182237388.js IP 104.21.27.152 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 21:08 Last Seen2025-05-12 04:19 Times Seen282 Hash 642925e489914ab3dd425cb843636667 b1e9f31c4ef9543e82467d88db7b63933cd67556 5fc81f26f3ae5cce9fffb7bf98e91a71210defe0a685ba8eff16ce863524a131 Loading...

	cdnjs.cloudflare.com/ajax/libs/spin.js/2.3.2/spin.min.js	ScriptElement	4.3 kB	2023-03-07	2025-05-15
Pretty URL cdnjs.cloudflare.com/ajax/libs/spin.js/2.3.2/spin.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10 Last Seen2025-05-15 17:32 Times Seen911 Hash 545405225c13b2f42ab103fca31a49b1 f91e2b661f4feb976b5e260bdc2366763ad13562 3e27aa13441d103329a705eb4f349942bead5855f75b92a4c91572175ccddde8 Loading...

	bicarest.xyz/dn_30/js/translate.js	ScriptElement	1.2 kB	2023-03-07	2025-05-12
Pretty URL bicarest.xyz/dn_30/js/translate.js IP 45.141.156.109 ASN #31469 Virtual Systems LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-05-12 04:19 Times Seen625 Hash fcd546809170dd574eb37b989529f69a 2e227e144e3b4bd68064354d8a7fbc61125f624c 350baff99bbd3db6cdb8d741bc7f75fa333489ad5dcc641e2cfa0e11130e1920 Loading...

HTTP Transactions (51)

URL IP Response Size

bicarest.xyz/dn_30/fonts/font.css

45.141.156.109

200 OK

2.1 kB

URL GET
bicarest.xyz/dn_30/fonts/font.css
IP
45.141.156.109:443
ASN
#31469 Virtual Systems LLC

Requested by
https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Certificate
IssuerLet's Encrypt
Subjectbicarest.xyz
Fingerprint83:92:BF:FA:BC:17:CC:D2:27:15:DC:B4:27:96:8F:38:83:CA:CD:1D
ValidityThu, 03 Apr 2025 00:58:16 GMT - Wed, 02 Jul 2025 00:58:15 GMT

File type
ASCII text
Size
2.1 kB (2059 bytes)
Hash
5399c6077af3977272218b185d39803b
44d72c47ebab39132e9f5ff5dc626d2c009ab378
6d0152bf22bdb638234910a4fb51c4d296e32f560a0de9bed5f538a74f516789

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dn_30/fonts/font.css HTTP/1.1
Host: bicarest.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 12 May 2025 04:19:29 GMT
content-type: text/css
last-modified: Wed, 12 Feb 2025 08:42:40 GMT
vary: Accept-Encoding
etag: W/"67ac5f00-80b"
content-encoding: gzip
X-Firefox-Spdy: h2

bicarest.xyz/dn_30/js/custom.js

45.141.156.109

200 OK

10 kB

URL GET
bicarest.xyz/dn_30/js/custom.js
IP
45.141.156.109:443
ASN
#31469 Virtual Systems LLC

Requested by
https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Certificate
IssuerLet's Encrypt
Subjectbicarest.xyz
Fingerprint83:92:BF:FA:BC:17:CC:D2:27:15:DC:B4:27:96:8F:38:83:CA:CD:1D
ValidityThu, 03 Apr 2025 00:58:16 GMT - Wed, 02 Jul 2025 00:58:15 GMT

File type
JavaScript source, ASCII text, with CRLF line terminators
Size
10 kB (10078 bytes)
Hash
1fbc36247873b73d26684dfc7b46cf1e
43db1c575239572ccac2d6f48992e5c59de081b6
c8b189b682790c3dd91af0ed11a4267d25d32754e3cdeb83ab8e13d3166f0129

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dn_30/js/custom.js HTTP/1.1
Host: bicarest.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 12 May 2025 04:19:29 GMT
content-type: application/javascript
last-modified: Wed, 12 Feb 2025 08:42:42 GMT
vary: Accept-Encoding
etag: W/"67ac5f02-275e"
content-encoding: gzip
X-Firefox-Spdy: h2

number.94trackdomain.com/5f52cc5b-283c-45d8-8655-917075f9aebb

3.167.2.107

302 Found

13 kB

URL User Request GET
number.94trackdomain.com/5f52cc5b-283c-45d8-8655-917075f9aebb
IP
3.167.2.107:443
ASN
#0

Certificate
IssuerAmazon
Subjectnumber.94trackdomain.com
FingerprintB4:DD:1B:08:C3:C4:C2:E4:15:AC:0B:7B:F3:CE:7D:BA:4D:E9:85:F7
ValidityMon, 10 Feb 2025 00:00:00 GMT - Wed, 11 Mar 2026 23:59:59 GMT

File type

Size
13 kB (12843 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /5f52cc5b-283c-45d8-8655-917075f9aebb HTTP/1.1
Host: number.94trackdomain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-length: 0
location: https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
date: Mon, 12 May 2025 04:19:28 GMT
server: nginx
cache-control: no-store, no-cache, pre-check=0, post-check=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
set-cookie: 5f52cc5b-283c-45d8-8655-917075f9aebb-v4=1QTW0cHIH-tPDrsLazbmFeexvWtq0wRH-dl4bbq_H6s; Max-Age=86400; Expires=Tue, 13 May 2025 04:19:28 GMT; Domain=number.94trackdomain.com; Path=/; Secure; HttpOnly; SameSite=None
cep-v4=qVnIYBxBOK4wxBxSyE7AvygbmZjdzFE0bQhwiNGplYqd2c1UWrTEKMp8cpz8Gip5agGbURyeoQsIJFLNuYUGWCv7x6Kt_6-wviEj4jbdixMewroJu71EFLyaQqhzmaoIwRxacC-KYNXBzyw7ReqypqZsWcFhoB7YTc7i5JAzsusFl4mMOEg5nj_RNe_ijEbbwbdVEcTaSy_Xw-jHzKHILMm9LsVuY7MIZpMFxkBI1dPoZvKNweTa1zH_817G8taU8-GMchq9MjNvSfloL1xxY5S4GjVzUSWLhazfEN990GOsHiqtWyL2N4SvYX3OCmAaudvKM8Snz3NJp7Z4qWdTpDhypXfZxpEc-ADnSAAxiCDcSjV2QW4N31iu-zLPXiZQ; Max-Age=86400; Expires=Tue, 13 May 2025 04:19:28 GMT; Domain=number.94trackdomain.com; Path=/; Secure; HttpOnly; SameSite=None
x-cache: Miss from cloudfront
via: 1.1 edea1d4f37b8855878682c02540138fe.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P2
x-amz-cf-id: ZMx5JvyhK4mEB7_FhWzPO1QKPjxsmV4LxcGrB4pgDHwL_rpwf9YKbg==
X-Firefox-Spdy: h2

bicarest.xyz/dn_30/img/line_item_3.svg

45.141.156.109

200 OK

218 B

URL GET
bicarest.xyz/dn_30/img/line_item_3.svg
IP
45.141.156.109:443
ASN
#31469 Virtual Systems LLC

Requested by
https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Certificate
IssuerLet's Encrypt
Subjectbicarest.xyz
Fingerprint83:92:BF:FA:BC:17:CC:D2:27:15:DC:B4:27:96:8F:38:83:CA:CD:1D
ValidityThu, 03 Apr 2025 00:58:16 GMT - Wed, 02 Jul 2025 00:58:15 GMT

File type
SVG Scalable Vector Graphics image
Size
218 B (218 bytes)
Hash
67e3757169c57ca12ba9a49ee99d7aa2
c6ba9afe65d915a037ba4788d094a66fc49bb460
ff0bbeb4be96d344a39f914258592383d5ecb41d0daf66881f32a326c334b443

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dn_30/img/line_item_3.svg HTTP/1.1
Host: bicarest.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 12 May 2025 04:19:29 GMT
content-type: image/svg+xml
content-length: 218
last-modified: Wed, 12 Feb 2025 08:42:41 GMT
etag: "67ac5f01-da"
accept-ranges: bytes
X-Firefox-Spdy: h2

bicarest.xyz/dn_30/img/icons.png

45.141.156.109

200 OK

1.2 kB

URL GET
bicarest.xyz/dn_30/img/icons.png
IP
45.141.156.109:443
ASN
#31469 Virtual Systems LLC

Requested by
https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Certificate
IssuerLet's Encrypt
Subjectbicarest.xyz
Fingerprint83:92:BF:FA:BC:17:CC:D2:27:15:DC:B4:27:96:8F:38:83:CA:CD:1D
ValidityThu, 03 Apr 2025 00:58:16 GMT - Wed, 02 Jul 2025 00:58:15 GMT

File type
PNG image data, 107 x 17, 8-bit/color RGB, non-interlaced
Size
1.2 kB (1234 bytes)
Hash
075bde8eeca53c1348a576861bccddcc
97e1eed09ac7dcf5a5a45166388f120b41171e43
6cb79c0a8c687c0c1c85b6b92f194fd66d2551148bffaf147adac407d309fe02

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dn_30/img/icons.png HTTP/1.1
Host: bicarest.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 12 May 2025 04:19:29 GMT
content-type: image/png
content-length: 1234
last-modified: Wed, 12 Feb 2025 08:42:41 GMT
etag: "67ac5f01-4d2"
accept-ranges: bytes
X-Firefox-Spdy: h2

fonts.gstatic.com/s/i/productlogos/translate/v14/24px.svg

142.250.74.35

200 OK

6.2 kB

URL GET
fonts.gstatic.com/s/i/productlogos/translate/v14/24px.svg
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint15:8B:D4:EA:7E:CB:34:1B:6F:2E:20:9E:39:44:7A:D6:D7:30:26:AB
ValidityMon, 21 Apr 2025 08:41:49 GMT - Mon, 14 Jul 2025 08:41:48 GMT

File type
SVG Scalable Vector Graphics image
Size
6.2 kB (6225 bytes)
Hash
2bd5c073a88b83ed74db88282a56ddfb
d0ebfc376f8c6a44a8d4cd216817dcd7d0c33650
ab5c23a05e39deed14d9d8262b0dce9f024f86105a27196cad37d14a3f516e09

HTTP Headers

GET /s/i/productlogos/translate/v14/24px.svg HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bicarest.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-length: 3340
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 08 May 2025 10:42:41 GMT
expires: Fri, 08 May 2026 10:42:41 GMT
cache-control: public, max-age=31536000
age: 322610
last-modified: Wed, 20 Apr 2022 14:24:23 GMT
content-type: image/svg+xml
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

bicarest.xyz/dn_30/img/envelope.svg

45.141.156.109

200 OK

951 B

URL GET
bicarest.xyz/dn_30/img/envelope.svg
IP
45.141.156.109:443
ASN
#31469 Virtual Systems LLC

Requested by
https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Certificate
IssuerLet's Encrypt
Subjectbicarest.xyz
Fingerprint83:92:BF:FA:BC:17:CC:D2:27:15:DC:B4:27:96:8F:38:83:CA:CD:1D
ValidityThu, 03 Apr 2025 00:58:16 GMT - Wed, 02 Jul 2025 00:58:15 GMT

File type
SVG Scalable Vector Graphics image
Size
951 B (951 bytes)
Hash
04c3bd2e69b0c4ccf18c3fd5c1b1126d
e414886f4564091fbe91310ccf264f522c2b503a
a2bb037609af4ead824ac63236076c21cd3c6e3bda1ce9cba1cf414d268c2482

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dn_30/img/envelope.svg HTTP/1.1
Host: bicarest.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 12 May 2025 04:19:29 GMT
content-type: image/svg+xml
content-length: 951
last-modified: Wed, 12 Feb 2025 08:42:41 GMT
etag: "67ac5f01-3b7"
accept-ranges: bytes
X-Firefox-Spdy: h2

bicarest.xyz/dn_30/js/cookies.js

45.141.156.109

200 OK

2.2 kB

URL GET
bicarest.xyz/dn_30/js/cookies.js
IP
45.141.156.109:443
ASN
#31469 Virtual Systems LLC

Requested by
https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Certificate
IssuerLet's Encrypt
Subjectbicarest.xyz
Fingerprint83:92:BF:FA:BC:17:CC:D2:27:15:DC:B4:27:96:8F:38:83:CA:CD:1D
ValidityThu, 03 Apr 2025 00:58:16 GMT - Wed, 02 Jul 2025 00:58:15 GMT

File type
JavaScript source, ASCII text
Size
2.2 kB (2198 bytes)
Hash
c9e9a54501fc6f6e8918b2c0f2a53981
3d530e6c830ccba6284e79c7245bb45d6f4f2197
491fdee141835401d29318ca584ac3e91a38c92d8694f26d90883bfc324ca454

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dn_30/js/cookies.js HTTP/1.1
Host: bicarest.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 12 May 2025 04:19:29 GMT
content-type: application/javascript
last-modified: Wed, 12 Feb 2025 08:42:42 GMT
vary: Accept-Encoding
etag: W/"67ac5f02-896"
content-encoding: gzip
X-Firefox-Spdy: h2

bicarest.xyz/dn_30/img/x.png

45.141.156.109

200 OK

2.2 kB

URL GET
bicarest.xyz/dn_30/img/x.png
IP
45.141.156.109:443
ASN
#31469 Virtual Systems LLC

Requested by
https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Certificate
IssuerLet's Encrypt
Subjectbicarest.xyz
Fingerprint83:92:BF:FA:BC:17:CC:D2:27:15:DC:B4:27:96:8F:38:83:CA:CD:1D
ValidityThu, 03 Apr 2025 00:58:16 GMT - Wed, 02 Jul 2025 00:58:15 GMT

File type
PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
Size
2.2 kB (2169 bytes)
Hash
0d0367ac5c257d393347a434a2e3be68
a36d113b257dd09d46388cf5a54099c2847a297e
1f67998eff5cd87bb36ce0e444c7255ca0cfda0164960192b7e3180a003f4b62

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dn_30/img/x.png HTTP/1.1
Host: bicarest.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 12 May 2025 04:19:29 GMT
content-type: image/png
content-length: 2169
last-modified: Wed, 12 Feb 2025 08:42:42 GMT
etag: "67ac5f02-879"
accept-ranges: bytes
X-Firefox-Spdy: h2

use.fontawesome.com/f182237388.js

104.21.27.152

200 OK

9.5 kB

URL GET
use.fontawesome.com/f182237388.js
IP
104.21.27.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Certificate
IssuerGoogle Trust Services
Subjectuse.fontawesome.com
Fingerprint2F:A0:71:2B:C1:50:E8:B9:6E:F6:46:C3:85:EA:4E:30:ED:94:CB:C6
ValiditySun, 04 May 2025 00:52:35 GMT - Sat, 02 Aug 2025 01:52:29 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (9239)
Size
9.5 kB (9496 bytes)
Hash
642925e489914ab3dd425cb843636667
b1e9f31c4ef9543e82467d88db7b63933cd67556
5fc81f26f3ae5cce9fffb7bf98e91a71210defe0a685ba8eff16ce863524a131

HTTP Headers

GET /f182237388.js HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bicarest.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 12 May 2025 04:19:29 GMT
content-type: text/javascript
etag: W/"642925e489914ab3dd425cb843636667"
last-modified: Fri, 22 Sep 2023 01:40:28 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T4N62IXIaRipCQpFxw25O9Lu0gow42MsTeUlTR3vYhrnlepLnPr4L0aBc106vDEhOY5AiyqyKz%2B4hrLlHuLoYdiaVjIEmEUauKRMVAWS%2FnqJF06C2zjecUmIUmmasMxn2NN8iqkP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 93e71e3c49fbb503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=6558&min_rtt=443&rtt_var=12012&sent=8&recv=11&lost=0&retrans=0&sent_bytes=3274&recv_bytes=1201&delivery_rate=8119626&cwnd=254&unsent_bytes=0&cid=74861adc211801c7&ts=413&x=0"
X-Firefox-Spdy: h2

bicarest.xyz/dn_30/img/settings.svg

45.141.156.109

200 OK

5.5 kB

URL GET
bicarest.xyz/dn_30/img/settings.svg
IP
45.141.156.109:443
ASN
#31469 Virtual Systems LLC

Requested by
https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Certificate
IssuerLet's Encrypt
Subjectbicarest.xyz
Fingerprint83:92:BF:FA:BC:17:CC:D2:27:15:DC:B4:27:96:8F:38:83:CA:CD:1D
ValidityThu, 03 Apr 2025 00:58:16 GMT - Wed, 02 Jul 2025 00:58:15 GMT

File type
SVG Scalable Vector Graphics image
Size
5.5 kB (5450 bytes)
Hash
cd435db1522e65f5c816874674bdde1e
198f69edb44f00c47636324cc72e81b8a40248d2
3155fd9dfe4877128135b345d0cf753d486007d0d6e84d00870a1a11ffb86611

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dn_30/img/settings.svg HTTP/1.1
Host: bicarest.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 12 May 2025 04:19:29 GMT
content-type: image/svg+xml
last-modified: Wed, 12 Feb 2025 08:42:41 GMT
vary: Accept-Encoding
etag: W/"67ac5f01-154a"
content-encoding: gzip
X-Firefox-Spdy: h2

bicarest.xyz/dn_30/fonts/SegoeUI.woff

45.141.156.109

200 OK

246 kB

URL GET
bicarest.xyz/dn_30/fonts/SegoeUI.woff
IP
45.141.156.109:443
ASN
#31469 Virtual Systems LLC

Requested by
https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Certificate
IssuerLet's Encrypt
Subjectbicarest.xyz
Fingerprint83:92:BF:FA:BC:17:CC:D2:27:15:DC:B4:27:96:8F:38:83:CA:CD:1D
ValidityThu, 03 Apr 2025 00:58:16 GMT - Wed, 02 Jul 2025 00:58:15 GMT

File type
Web Open Font Format, TrueType, length 245844, version 5.5
Size
246 kB (245844 bytes)
Hash
ee10411f11ca61338f5bcaebefbdf700
4c720d1b7f057aa38a9ac184bc209990778dc651
88c5bf1d6f30b660f9764bd76aa70cdefcb11207fdc77d0d0285d95a0bc135ac

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dn_30/fonts/SegoeUI.woff HTTP/1.1
Host: bicarest.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://bicarest.xyz/dn_30/fonts/font.css
Cookie: GoogleAccountsLocale_session=en; googtrans=/en/en
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 12 May 2025 04:19:29 GMT
content-type: font/woff
content-length: 245844
last-modified: Wed, 12 Feb 2025 08:42:41 GMT
etag: "67ac5f01-3c054"
accept-ranges: bytes
X-Firefox-Spdy: h2

translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.no.fJOnaP0jscc.O/am=ACA/d=1/exm=el_conf/ed=1/rs=AN8SPfqv2zXhQAfrcC_9KQWUqEZ9Jks8Ag/m=el_main

216.58.207.234

200 OK

218 kB

URL GET
translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.no.fJOnaP0jscc.O/am=ACA/d=1/exm=el_conf/ed=1/rs=AN8SPfqv2zXhQAfrcC_9KQWUqEZ9Jks8Ag/m=el_main
IP
216.58.207.234:443
ASN
#15169 GOOGLE

Requested by
https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
Fingerprint7A:29:E6:A8:BE:59:2C:AE:82:2D:CA:8E:15:89:41:BE:EC:D2:0D:EA
ValidityMon, 21 Apr 2025 08:41:49 GMT - Mon, 14 Jul 2025 08:41:48 GMT

File type
JavaScript source, ASCII text, with very long lines (2403)
Size
218 kB (218335 bytes)
Hash
196563abd567557ce7900f356df9048c
7c140ff50c164d5901faa4c4e74fcb11482b9c32
eadb2140c433b64ca74a8e25665b4f80a54a4183c3cb01da578e7426fbae95c8

HTTP Headers

GET /_/translate_http/_/js/k=translate_http.tr.no.fJOnaP0jscc.O/am=ACA/d=1/exm=el_conf/ed=1/rs=AN8SPfqv2zXhQAfrcC_9KQWUqEZ9Jks8Ag/m=el_main HTTP/1.1
Host: translate.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bicarest.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="rosetta"
report-to: {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-length: 75224
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 08 May 2025 08:04:25 GMT
expires: Fri, 08 May 2026 08:04:25 GMT
cache-control: public, max-age=31536000
last-modified: Fri, 21 Mar 2025 23:10:30 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 332105
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

bicarest.xyz/dn_30/img/home.png

45.141.156.109

200 OK

2.3 kB

URL GET
bicarest.xyz/dn_30/img/home.png
IP
45.141.156.109:443
ASN
#31469 Virtual Systems LLC

Requested by
https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Certificate
IssuerLet's Encrypt
Subjectbicarest.xyz
Fingerprint83:92:BF:FA:BC:17:CC:D2:27:15:DC:B4:27:96:8F:38:83:CA:CD:1D
ValidityThu, 03 Apr 2025 00:58:16 GMT - Wed, 02 Jul 2025 00:58:15 GMT

File type
PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
Size
2.3 kB (2336 bytes)
Hash
b26bc5f869004de9e5a1062472ff794b
ffc5ec0c433925f2481bf7ec216e57fde2c96cbd
86688904429c86b1e8c3b0ada4023e39dfe6647bbb38987aef69d954f544eda0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dn_30/img/home.png HTTP/1.1
Host: bicarest.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 12 May 2025 04:19:29 GMT
content-type: image/png
content-length: 2336
last-modified: Wed, 12 Feb 2025 08:42:41 GMT
etag: "67ac5f01-920"
accept-ranges: bytes
X-Firefox-Spdy: h2

use.fontawesome.com/f182237388.css

104.21.27.152

200 OK

1.0 kB

URL GET
use.fontawesome.com/f182237388.css
IP
104.21.27.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Certificate
IssuerGoogle Trust Services
Subjectuse.fontawesome.com
Fingerprint2F:A0:71:2B:C1:50:E8:B9:6E:F6:46:C3:85:EA:4E:30:ED:94:CB:C6
ValiditySun, 04 May 2025 00:52:35 GMT - Sat, 02 Aug 2025 01:52:29 GMT

File type
ASCII text
Size
1.0 kB (1033 bytes)
Hash
c34c69a9993e345a33d3899b6f063f04
0edb00d54dd92d7e49c7f7f5f99c0df1a1466f4c
95881e5529a4da2df42f5440134b3aab3834b3e4090771980f59876a0af6c10f

HTTP Headers

GET /f182237388.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bicarest.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 12 May 2025 04:19:30 GMT
content-type: text/css
etag: W/"c34c69a9993e345a33d3899b6f063f04"
last-modified: Fri, 22 Sep 2023 01:40:27 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Chm8nW%2FmTGDlxPRpZmjbZKIlmt3nIANSNI6h6dSDgjm3YQ9tg8FMPEbVAM9ongRSaHOq6PcbSJrdltPGe3yDUWm1nWKcWfQsNi9m%2FWUoIaVEHtvL%2BnxSnSzaQuJBVaEyECTCouKQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 93e71e3efbd6b503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=3626&min_rtt=443&rtt_var=6159&sent=14&recv=17&lost=0&retrans=0&sent_bytes=7546&recv_bytes=1300&delivery_rate=11455696&cwnd=257&unsent_bytes=0&cid=74861adc211801c7&ts=849&x=0"
X-Firefox-Spdy: h2

www.gstatic.com/images/branding/product/2x/translate_24dp.png

142.250.178.67

200 OK

1.8 kB

URL GET
www.gstatic.com/images/branding/product/2x/translate_24dp.png
IP
142.250.178.67:443
ASN
#15169 GOOGLE

Requested by
https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint15:8B:D4:EA:7E:CB:34:1B:6F:2E:20:9E:39:44:7A:D6:D7:30:26:AB
ValidityMon, 21 Apr 2025 08:41:49 GMT - Mon, 14 Jul 2025 08:41:48 GMT

File type
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Size
1.8 kB (1842 bytes)
Hash
c69c796362406f9e11c7f4bf5bb628da
e489ce95ab56208090868882113d7416abf46775
4dac0026fbfa2615dce30c0af12830863fe885f84387a0147b9e338f548d5d82

HTTP Headers

GET /images/branding/product/2x/translate_24dp.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.420aGcKD8sw.L.F4.O/am=AAY/d=0/rs=AN8SPfpDPomKLlRjz0jYgLjosyLSbUir8w/m=el_main_css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 1842
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 May 2025 21:30:09 GMT
expires: Thu, 07 May 2026 21:30:09 GMT
cache-control: public, max-age=31536000
age: 370161
last-modified: Thu, 14 Oct 2021 09:08:00 GMT
content-type: image/png
vary: Origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

translate.googleapis.com/element/log?format=json&hasfast=true&authuser=0

216.58.207.234

200 OK

0 B

URL OPTIONS
translate.googleapis.com/element/log?format=json&hasfast=true&authuser=0
IP
216.58.207.234:443
ASN
#15169 GOOGLE

Requested by
https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
Fingerprint7A:29:E6:A8:BE:59:2C:AE:82:2D:CA:8E:15:89:41:BE:EC:D2:0D:EA
ValidityMon, 21 Apr 2025 08:41:49 GMT - Mon, 14 Jul 2025 08:41:48 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /element/log?format=json&hasfast=true&authuser=0 HTTP/1.1
Host: translate.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-goog-authuser
Referer: https://bicarest.xyz/
Origin: https://bicarest.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
access-control-allow-origin: https://bicarest.xyz
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
content-type: text/plain; charset=UTF-8
date: Mon, 12 May 2025 04:19:40 GMT
server: Playlog
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

bicarest.xyz/dn_30/img/logo.png

45.141.156.109

200 OK

29 kB

URL GET
bicarest.xyz/dn_30/img/logo.png
IP
45.141.156.109:443
ASN
#31469 Virtual Systems LLC

Requested by
https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Certificate
IssuerLet's Encrypt
Subjectbicarest.xyz
Fingerprint83:92:BF:FA:BC:17:CC:D2:27:15:DC:B4:27:96:8F:38:83:CA:CD:1D
ValidityThu, 03 Apr 2025 00:58:16 GMT - Wed, 02 Jul 2025 00:58:15 GMT

File type
PNG image data, 3613 x 837, 8-bit/color RGBA, non-interlaced
Size
29 kB (28698 bytes)
Hash
eeaa4f71b45f25c5a7689c43a7ddd938
784f51229c00be72c42713019d35aaa0c682d458
7aa88eb95746d019e90f67a69ede30555ca496c5498603a2b6745bbab5b54b30

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dn_30/img/logo.png HTTP/1.1
Host: bicarest.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 12 May 2025 04:19:29 GMT
content-type: image/png
content-length: 28698
last-modified: Wed, 12 Feb 2025 08:42:41 GMT
etag: "67ac5f01-701a"
accept-ranges: bytes
X-Firefox-Spdy: h2

bicarest.xyz/dn_30/img/user.svg

45.141.156.109

200 OK

2.9 kB

URL GET
bicarest.xyz/dn_30/img/user.svg
IP
45.141.156.109:443
ASN
#31469 Virtual Systems LLC

Requested by
https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Certificate
IssuerLet's Encrypt
Subjectbicarest.xyz
Fingerprint83:92:BF:FA:BC:17:CC:D2:27:15:DC:B4:27:96:8F:38:83:CA:CD:1D
ValidityThu, 03 Apr 2025 00:58:16 GMT - Wed, 02 Jul 2025 00:58:15 GMT

File type
SVG Scalable Vector Graphics image
Size
2.9 kB (2869 bytes)
Hash
ed0992accbff96760f95d45ea6128741
2a122b9da2fbc5739fd5f9fe710586ee5149d7e5
e2213d6dd21b62ee4e267dad0804e8f303e793720e0dc48f9ea49ea53dfcaf21

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dn_30/img/user.svg HTTP/1.1
Host: bicarest.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 12 May 2025 04:19:29 GMT
content-type: image/svg+xml
last-modified: Wed, 12 Feb 2025 08:42:41 GMT
vary: Accept-Encoding
etag: W/"67ac5f01-b35"
content-encoding: gzip
X-Firefox-Spdy: h2

bicarest.xyz/dn_30/img/alert.svg

45.141.156.109

200 OK

644 B

URL GET
bicarest.xyz/dn_30/img/alert.svg
IP
45.141.156.109:443
ASN
#31469 Virtual Systems LLC

Requested by
https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Certificate
IssuerLet's Encrypt
Subjectbicarest.xyz
Fingerprint83:92:BF:FA:BC:17:CC:D2:27:15:DC:B4:27:96:8F:38:83:CA:CD:1D
ValidityThu, 03 Apr 2025 00:58:16 GMT - Wed, 02 Jul 2025 00:58:15 GMT

File type
SVG Scalable Vector Graphics image
Size
644 B (644 bytes)
Hash
d8f7581ad85ffab23ac8e8f9837ee919
eb6f7c05ec65775e9d4f817d03fcd9f25eee0323
fd0d008bb1efe56c0f6943362e6c75e22bcb068c8efeec897bda4b425830e05c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dn_30/img/alert.svg HTTP/1.1
Host: bicarest.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 12 May 2025 04:19:29 GMT
content-type: image/svg+xml
content-length: 644
last-modified: Wed, 12 Feb 2025 08:42:41 GMT
etag: "67ac5f01-284"
accept-ranges: bytes
X-Firefox-Spdy: h2

bicarest.xyz/dn_30/img/favicon.png

45.141.156.109

404 Not Found

146 B

URL GET
bicarest.xyz/dn_30/img/favicon.png
IP
45.141.156.109:443
ASN
#31469 Virtual Systems LLC

Requested by
https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Certificate
IssuerLet's Encrypt
Subjectbicarest.xyz
Fingerprint83:92:BF:FA:BC:17:CC:D2:27:15:DC:B4:27:96:8F:38:83:CA:CD:1D
ValidityThu, 03 Apr 2025 00:58:16 GMT - Wed, 02 Jul 2025 00:58:15 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
146 B (146 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dn_30/img/favicon.png HTTP/1.1
Host: bicarest.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Cookie: GoogleAccountsLocale_session=en; googtrans=/en/en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
server: nginx
date: Mon, 12 May 2025 04:19:30 GMT
content-type: text/html
content-length: 146
X-Firefox-Spdy: h2

bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c

45.141.156.109

200 OK

13 kB

URL User Request GET
bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
IP
45.141.156.109:443
ASN
#31469 Virtual Systems LLC

Certificate
IssuerLet's Encrypt
Subjectbicarest.xyz
Fingerprint83:92:BF:FA:BC:17:CC:D2:27:15:DC:B4:27:96:8F:38:83:CA:CD:1D
ValidityThu, 03 Apr 2025 00:58:16 GMT - Wed, 02 Jul 2025 00:58:15 GMT

File type
HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
13 kB (12843 bytes)
Hash
c862979c110186671502c7d4e5dbfa05
c8ae16d603758804525072ce7286864142995c21
66ebf7ac54d78741affb31bb620cdee9b7d4c6b0df5f10e9388fb56d633970e0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c HTTP/1.1
Host: bicarest.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 12 May 2025 04:19:28 GMT
content-type: text/html
last-modified: Wed, 12 Feb 2025 08:42:40 GMT
vary: Accept-Encoding
etag: W/"67ac5f00-322b"
content-encoding: gzip
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/spin.js/2.3.2/spin.min.js

104.17.25.14

200 OK

4.3 kB

URL GET
cdnjs.cloudflare.com/ajax/libs/spin.js/2.3.2/spin.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint5D:9B:5B:BE:24:B7:4B:CA:F3:05:47:2F:AB:3F:3C:F7:4E:C3:4D:BC
ValidityMon, 24 Mar 2025 12:00:12 GMT - Sun, 22 Jun 2025 13:00:01 GMT

File type
JavaScript source, ASCII text, with very long lines (4247)
Size
4.3 kB (4277 bytes)
Hash
545405225c13b2f42ab103fca31a49b1
f91e2b661f4feb976b5e260bdc2366763ad13562
3e27aa13441d103329a705eb4f349942bead5855f75b92a4c91572175ccddde8

HTTP Headers

GET /ajax/libs/spin.js/2.3.2/spin.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bicarest.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 12 May 2025 04:19:29 GMT
content-type: application/javascript; charset=utf-8
content-length: 1827
server: cloudflare
strict-transport-security: max-age=15780000
cf-ray: 93e71e3c4cf45689-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03fd6-10b5"
last-modified: Mon, 04 May 2020 16:16:22 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 388275
expires: Sat, 02 May 2026 04:19:29 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cI87b%2BOemiJpcHZ0DRbrUE1PwWXN%2BqxPHa6LnBsM0gKqUtbjla0SZPf2U%2Buvs08u0gRZ0fLqA6NT8xNXcg8onc97czyuTa7nX0dJYoVsKTcZ2n8YeiD805aloQpLuk5z8gymW5Tl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

bicarest.xyz/dn_30/fonts/SegoeUI-Bold.woff

45.141.156.109

200 OK

237 kB

URL GET
bicarest.xyz/dn_30/fonts/SegoeUI-Bold.woff
IP
45.141.156.109:443
ASN
#31469 Virtual Systems LLC

Requested by
https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Certificate
IssuerLet's Encrypt
Subjectbicarest.xyz
Fingerprint83:92:BF:FA:BC:17:CC:D2:27:15:DC:B4:27:96:8F:38:83:CA:CD:1D
ValidityThu, 03 Apr 2025 00:58:16 GMT - Wed, 02 Jul 2025 00:58:15 GMT

File type
Web Open Font Format, TrueType, length 237388, version 5.5
Size
237 kB (237388 bytes)
Hash
71fc7af90fa9796fdfc18ce2b82be299
2ee7eac449cdd40dc8dd5acb83116196835095f9
edae852b2ee03cda568ce5bdfda276a431f614da9fd4b8778f17eeeb7db9794a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dn_30/fonts/SegoeUI-Bold.woff HTTP/1.1
Host: bicarest.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://bicarest.xyz/dn_30/fonts/font.css
Cookie: GoogleAccountsLocale_session=en; googtrans=/en/en
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 12 May 2025 04:19:29 GMT
content-type: font/woff
content-length: 237388
last-modified: Wed, 12 Feb 2025 08:42:41 GMT
etag: "67ac5f01-39f4c"
accept-ranges: bytes
X-Firefox-Spdy: h2

bicarest.xyz/dn_30/fonts/SegoeUI-SemiBold.woff

45.141.156.109

200 OK

193 kB

URL GET
bicarest.xyz/dn_30/fonts/SegoeUI-SemiBold.woff
IP
45.141.156.109:443
ASN
#31469 Virtual Systems LLC

Requested by
https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Certificate
IssuerLet's Encrypt
Subjectbicarest.xyz
Fingerprint83:92:BF:FA:BC:17:CC:D2:27:15:DC:B4:27:96:8F:38:83:CA:CD:1D
ValidityThu, 03 Apr 2025 00:58:16 GMT - Wed, 02 Jul 2025 00:58:15 GMT

File type
Web Open Font Format, TrueType, length 193196, version 5.0
Size
193 kB (193196 bytes)
Hash
1b14ce9a2a4021a0946936d2dc0344e9
c21ff58b1c841d301ff74e043c1c544161df5822
f22e117c99868f8f11d69f39768e5e7b83b262d6e7c8de85305bfdb3ca47b4c5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dn_30/fonts/SegoeUI-SemiBold.woff HTTP/1.1
Host: bicarest.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://bicarest.xyz/dn_30/fonts/font.css
Cookie: GoogleAccountsLocale_session=en; googtrans=/en/en
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 12 May 2025 04:19:29 GMT
content-type: font/woff
content-length: 193196
last-modified: Wed, 12 Feb 2025 08:42:41 GMT
etag: "67ac5f01-2f2ac"
accept-ranges: bytes
X-Firefox-Spdy: h2

bicarest.xyz/dn_30/img/line_item_4.svg

45.141.156.109

200 OK

223 B

URL GET
bicarest.xyz/dn_30/img/line_item_4.svg
IP
45.141.156.109:443
ASN
#31469 Virtual Systems LLC

Requested by
https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Certificate
IssuerLet's Encrypt
Subjectbicarest.xyz
Fingerprint83:92:BF:FA:BC:17:CC:D2:27:15:DC:B4:27:96:8F:38:83:CA:CD:1D
ValidityThu, 03 Apr 2025 00:58:16 GMT - Wed, 02 Jul 2025 00:58:15 GMT

File type
SVG Scalable Vector Graphics image
Size
223 B (223 bytes)
Hash
0bda2c7f780110582a4c5b8c7216c743
4be38a9a3e9af8df140e021ab60fd9aaf20327fe
29ac50eff62f331cd04f2db3d7e0fb4841f8bcd20c03a5dbee6e19f2bf6272d3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dn_30/img/line_item_4.svg HTTP/1.1
Host: bicarest.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 12 May 2025 04:19:29 GMT
content-type: image/svg+xml
content-length: 223
last-modified: Wed, 12 Feb 2025 08:42:41 GMT
etag: "67ac5f01-df"
accept-ranges: bytes
X-Firefox-Spdy: h2

bicarest.xyz/dn_30/img/threat.svg

45.141.156.109

200 OK

1.6 kB

URL GET
bicarest.xyz/dn_30/img/threat.svg
IP
45.141.156.109:443
ASN
#31469 Virtual Systems LLC

Requested by
https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Certificate
IssuerLet's Encrypt
Subjectbicarest.xyz
Fingerprint83:92:BF:FA:BC:17:CC:D2:27:15:DC:B4:27:96:8F:38:83:CA:CD:1D
ValidityThu, 03 Apr 2025 00:58:16 GMT - Wed, 02 Jul 2025 00:58:15 GMT

File type
SVG Scalable Vector Graphics image
Size
1.6 kB (1574 bytes)
Hash
021b510734cd2c43fe1174b6c0af9cde
c844b67f152baf6339f51e31c3b4e3e845feb277
a133e5b95508f1d24150e74ebf904bd4680f9fa473afe861b039ce22d9af92d8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dn_30/img/threat.svg HTTP/1.1
Host: bicarest.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 12 May 2025 04:19:29 GMT
content-type: image/svg+xml
last-modified: Wed, 12 Feb 2025 08:42:41 GMT
vary: Accept-Encoding
etag: W/"67ac5f01-626"
content-encoding: gzip
X-Firefox-Spdy: h2

bicarest.xyz/dn_30/img/nrt-icon.png

45.141.156.109

200 OK

2.0 kB

URL GET
bicarest.xyz/dn_30/img/nrt-icon.png
IP
45.141.156.109:443
ASN
#31469 Virtual Systems LLC

Requested by
https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Certificate
IssuerLet's Encrypt
Subjectbicarest.xyz
Fingerprint83:92:BF:FA:BC:17:CC:D2:27:15:DC:B4:27:96:8F:38:83:CA:CD:1D
ValidityThu, 03 Apr 2025 00:58:16 GMT - Wed, 02 Jul 2025 00:58:15 GMT

File type
PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
Size
2.0 kB (2027 bytes)
Hash
7d9e3d0202d163f06b42f13b332f8a96
98eeb49d42ed3ec72321797c4edd494aceecf654
55180d359a4fe70967fabc716bb54ec890f4f5926edf5bb410834a957da98a71

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dn_30/img/nrt-icon.png HTTP/1.1
Host: bicarest.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 12 May 2025 04:19:29 GMT
content-type: image/png
content-length: 2027
last-modified: Wed, 12 Feb 2025 08:42:41 GMT
etag: "67ac5f01-7eb"
accept-ranges: bytes
X-Firefox-Spdy: h2

translate.google.com/translate_a/element.js?cb=googleTranslateElementInit

142.250.74.174

200 OK

80 kB

URL GET
translate.google.com/translate_a/element.js?cb=googleTranslateElementInit
IP
142.250.74.174:443
ASN
#15169 GOOGLE

Requested by
https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Certificate
IssuerGoogle Trust Services
Subject*.google.com
Fingerprint2F:BC:E9:F2:13:41:F1:3E:34:53:D6:F4:E9:17:8E:40:10:82:D1:3E
ValidityMon, 21 Apr 2025 08:40:42 GMT - Mon, 14 Jul 2025 08:40:41 GMT

File type
JavaScript source, ASCII text, with very long lines (2148)
Size
80 kB (79679 bytes)
Hash
9d4e59b3db86d66384a7adf074264332
a6e2883b5d30ead3ad37a6e28695bcafe21bac14
458b1dd949e35ab9ef563acca2b49a1437f2240ea94ac2caa875281432634cca

HTTP Headers

GET /translate_a/element.js?cb=googleTranslateElementInit HTTP/1.1
Host: translate.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bicarest.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 12 May 2025 04:19:30 GMT
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

bicarest.xyz/dn_30/img/desk.svg

45.141.156.109

200 OK

848 B

URL GET
bicarest.xyz/dn_30/img/desk.svg
IP
45.141.156.109:443
ASN
#31469 Virtual Systems LLC

Requested by
https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Certificate
IssuerLet's Encrypt
Subjectbicarest.xyz
Fingerprint83:92:BF:FA:BC:17:CC:D2:27:15:DC:B4:27:96:8F:38:83:CA:CD:1D
ValidityThu, 03 Apr 2025 00:58:16 GMT - Wed, 02 Jul 2025 00:58:15 GMT

File type
SVG Scalable Vector Graphics image
Size
848 B (848 bytes)
Hash
c4d60848cec8f440c7be1d6fd2ea1bf6
9c2c8116be539278101eee54c8bb3965caec1044
8dd46b013ad43780fca20d4a73dcd22aa61c258f469b2c7416703ada2d145423

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dn_30/img/desk.svg HTTP/1.1
Host: bicarest.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 12 May 2025 04:19:29 GMT
content-type: image/svg+xml
content-length: 848
last-modified: Wed, 12 Feb 2025 08:42:41 GMT
etag: "67ac5f01-350"
accept-ranges: bytes
X-Firefox-Spdy: h2

bicarest.xyz/dn_30/img/yellow-alert.png

45.141.156.109

200 OK

4.1 kB

URL GET
bicarest.xyz/dn_30/img/yellow-alert.png
IP
45.141.156.109:443
ASN
#31469 Virtual Systems LLC

Requested by
https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Certificate
IssuerLet's Encrypt
Subjectbicarest.xyz
Fingerprint83:92:BF:FA:BC:17:CC:D2:27:15:DC:B4:27:96:8F:38:83:CA:CD:1D
ValidityThu, 03 Apr 2025 00:58:16 GMT - Wed, 02 Jul 2025 00:58:15 GMT

File type
PNG image data, 100 x 88, 8-bit/color RGBA, non-interlaced
Size
4.1 kB (4052 bytes)
Hash
3bf9bd327c0a34acdbf16f5817d83383
2c149b9efab79c573c567acaa2490d31b2ba7086
992a424babf0b4db42231f6896532fd69da23eb5250a4eebcdeca019eb56ca43

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dn_30/img/yellow-alert.png HTTP/1.1
Host: bicarest.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 12 May 2025 04:19:29 GMT
content-type: image/png
content-length: 4052
last-modified: Wed, 12 Feb 2025 08:42:42 GMT
etag: "67ac5f02-fd4"
accept-ranges: bytes
X-Firefox-Spdy: h2

translate.googleapis.com/element/log?format=json&hasfast=true&authuser=0

216.58.207.234

200 OK

131 B

URL POST
translate.googleapis.com/element/log?format=json&hasfast=true&authuser=0
IP
216.58.207.234:443
ASN
#15169 GOOGLE

Requested by
https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
Fingerprint7A:29:E6:A8:BE:59:2C:AE:82:2D:CA:8E:15:89:41:BE:EC:D2:0D:EA
ValidityMon, 21 Apr 2025 08:41:49 GMT - Mon, 14 Jul 2025 08:41:48 GMT

File type
JSON text data
Size
131 B (131 bytes)
Hash
ca0b7e866005f6774d284b9f438ebfd2
53644f5ee3640189bdb223473ba6a2d46606c556
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

HTTP Headers

POST /element/log?format=json&hasfast=true&authuser=0 HTTP/1.1
Host: translate.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bicarest.xyz/
X-Goog-AuthUser: 0
Content-Type: text/plain;charset=UTF-8
Content-Length: 1165
Origin: https://bicarest.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
access-control-allow-origin: https://bicarest.xyz
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web
content-type: text/plain; charset=UTF-8
content-encoding: gzip
date: Mon, 12 May 2025 04:19:41 GMT
server: Playlog
content-length: 131
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js

142.250.178.106

200 OK

90 kB

URL GET
ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
IP
142.250.178.106:443
ASN
#15169 GOOGLE

Requested by
https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
Fingerprint7A:29:E6:A8:BE:59:2C:AE:82:2D:CA:8E:15:89:41:BE:EC:D2:0D:EA
ValidityMon, 21 Apr 2025 08:41:49 GMT - Mon, 14 Jul 2025 08:41:48 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
90 kB (89476 bytes)
Hash
dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

HTTP Headers

GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bicarest.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 31021
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 May 2025 11:49:56 GMT
expires: Thu, 07 May 2026 11:49:56 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 404973
last-modified: Fri, 08 May 2020 07:05:03 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

bicarest.xyz/dn_30/img/line_item_1.svg

45.141.156.109

200 OK

220 B

URL GET
bicarest.xyz/dn_30/img/line_item_1.svg
IP
45.141.156.109:443
ASN
#31469 Virtual Systems LLC

Requested by
https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Certificate
IssuerLet's Encrypt
Subjectbicarest.xyz
Fingerprint83:92:BF:FA:BC:17:CC:D2:27:15:DC:B4:27:96:8F:38:83:CA:CD:1D
ValidityThu, 03 Apr 2025 00:58:16 GMT - Wed, 02 Jul 2025 00:58:15 GMT

File type
SVG Scalable Vector Graphics image
Size
220 B (220 bytes)
Hash
2910d7f2b18a0670c8d062470f76bdc2
b1bdbd26c5fd29c20953650bd9ee51c7ef62c750
4a6c02ae155709155db5b45988e0a27d231062280b1fd2041262f5fd6f4f14c1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dn_30/img/line_item_1.svg HTTP/1.1
Host: bicarest.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 12 May 2025 04:19:29 GMT
content-type: image/svg+xml
content-length: 220
last-modified: Wed, 12 Feb 2025 08:42:41 GMT
etag: "67ac5f01-dc"
accept-ranges: bytes
X-Firefox-Spdy: h2

bicarest.xyz/dn_30/img/adv_1.png

45.141.156.109

200 OK

1.8 kB

URL GET
bicarest.xyz/dn_30/img/adv_1.png
IP
45.141.156.109:443
ASN
#31469 Virtual Systems LLC

Requested by
https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Certificate
IssuerLet's Encrypt
Subjectbicarest.xyz
Fingerprint83:92:BF:FA:BC:17:CC:D2:27:15:DC:B4:27:96:8F:38:83:CA:CD:1D
ValidityThu, 03 Apr 2025 00:58:16 GMT - Wed, 02 Jul 2025 00:58:15 GMT

File type
PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced
Size
1.8 kB (1766 bytes)
Hash
459296706e7253eeec0efedce0198174
3dd95ac79194c515486cf776e083c75dd1951e17
6b619305f49fbbd5086fc70ea2b6879b9d22b0e460c6b934d67e124051afd23f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dn_30/img/adv_1.png HTTP/1.1
Host: bicarest.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 12 May 2025 04:19:29 GMT
content-type: image/png
content-length: 1766
last-modified: Wed, 12 Feb 2025 08:42:41 GMT
etag: "67ac5f01-6e6"
accept-ranges: bytes
X-Firefox-Spdy: h2

www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.420aGcKD8sw.L.F4.O/am=AAY/d=0/rs=AN8SPfpDPomKLlRjz0jYgLjosyLSbUir8w/m=el_main_css

142.250.178.67

200 OK

20 kB

URL GET
www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.420aGcKD8sw.L.F4.O/am=AAY/d=0/rs=AN8SPfpDPomKLlRjz0jYgLjosyLSbUir8w/m=el_main_css
IP
142.250.178.67:443
ASN
#15169 GOOGLE

Requested by
https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint15:8B:D4:EA:7E:CB:34:1B:6F:2E:20:9E:39:44:7A:D6:D7:30:26:AB
ValidityMon, 21 Apr 2025 08:41:49 GMT - Mon, 14 Jul 2025 08:41:48 GMT

File type
ASCII text, with very long lines (20367), with no line terminators
Size
20 kB (20367 bytes)
Hash
72d3a735ccca1027f6b3afba2c93e3a7
67f8eff8d17334c59c28fc1753bf451527c7490d
c8c845f55e2346b89894ce0df8185ee182359e096bf29987d5cf1f8a7391bef1

HTTP Headers

GET /_/translate_http/_/ss/k=translate_http.tr.420aGcKD8sw.L.F4.O/am=AAY/d=0/rs=AN8SPfpDPomKLlRjz0jYgLjosyLSbUir8w/m=el_main_css HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bicarest.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="rosetta"
report-to: {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-length: 3960
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 05 May 2025 20:55:27 GMT
expires: Tue, 05 May 2026 20:55:27 GMT
cache-control: public, max-age=31536000
age: 545043
last-modified: Tue, 25 Feb 2025 22:10:27 GMT
content-type: text/css; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

bicarest.xyz/dn_30/img/check.png

45.141.156.109

200 OK

1.7 kB

URL GET
bicarest.xyz/dn_30/img/check.png
IP
45.141.156.109:443
ASN
#31469 Virtual Systems LLC

Requested by
https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Certificate
IssuerLet's Encrypt
Subjectbicarest.xyz
Fingerprint83:92:BF:FA:BC:17:CC:D2:27:15:DC:B4:27:96:8F:38:83:CA:CD:1D
ValidityThu, 03 Apr 2025 00:58:16 GMT - Wed, 02 Jul 2025 00:58:15 GMT

File type
PNG image data, 50 x 29, 8-bit/color RGBA, non-interlaced
Size
1.7 kB (1692 bytes)
Hash
f63d3ea94728111f879e7697c8f639b0
13b204d0c133765415667184e911f5432a96e140
9b4dc31f96f3889f30c4cc0f1c40f7502608319442bdf667807ca92d750e40ae

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dn_30/img/check.png HTTP/1.1
Host: bicarest.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 12 May 2025 04:19:29 GMT
content-type: image/png
content-length: 1692
last-modified: Wed, 12 Feb 2025 08:42:41 GMT
etag: "67ac5f01-69c"
accept-ranges: bytes
X-Firefox-Spdy: h2

bicarest.xyz/dn_30/img/select.svg

45.141.156.109

200 OK

938 B

URL GET
bicarest.xyz/dn_30/img/select.svg
IP
45.141.156.109:443
ASN
#31469 Virtual Systems LLC

Requested by
https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Certificate
IssuerLet's Encrypt
Subjectbicarest.xyz
Fingerprint83:92:BF:FA:BC:17:CC:D2:27:15:DC:B4:27:96:8F:38:83:CA:CD:1D
ValidityThu, 03 Apr 2025 00:58:16 GMT - Wed, 02 Jul 2025 00:58:15 GMT

File type
SVG Scalable Vector Graphics image
Size
938 B (938 bytes)
Hash
d8a84fda077992f640bb79d5abaf1aa3
744c29ec2ea1e9b2dc18dfbd3683b7176f0cf386
86edb8a8e836d9ef4f66db296f11b82aab9ece3178b43f30a3b3112819f5eab1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dn_30/img/select.svg HTTP/1.1
Host: bicarest.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 12 May 2025 04:19:29 GMT
content-type: image/svg+xml
content-length: 938
last-modified: Wed, 12 Feb 2025 08:42:41 GMT
etag: "67ac5f01-3aa"
accept-ranges: bytes
X-Firefox-Spdy: h2

bicarest.xyz/dn_30/img/bg.jpg

45.141.156.109

200 OK

154 kB

URL GET
bicarest.xyz/dn_30/img/bg.jpg
IP
45.141.156.109:443
ASN
#31469 Virtual Systems LLC

Requested by
https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Certificate
IssuerLet's Encrypt
Subjectbicarest.xyz
Fingerprint83:92:BF:FA:BC:17:CC:D2:27:15:DC:B4:27:96:8F:38:83:CA:CD:1D
ValidityThu, 03 Apr 2025 00:58:16 GMT - Wed, 02 Jul 2025 00:58:15 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1500x2118, components 3
Size
154 kB (154541 bytes)
Hash
2a1d29527ce38d586f98e63768b7e3f3
6cbcf05f98981767808f77ae69537052475773e1
a69f61ef8deabbc6421a320e6635149e7c1504ec80787e893fac868a30b98402

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dn_30/img/bg.jpg HTTP/1.1
Host: bicarest.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bicarest.xyz/dn_30/css/default.css
Cookie: GoogleAccountsLocale_session=en; googtrans=/en/en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 12 May 2025 04:19:29 GMT
content-type: image/jpeg
content-length: 154541
last-modified: Wed, 12 Feb 2025 08:42:41 GMT
etag: "67ac5f01-25bad"
accept-ranges: bytes
X-Firefox-Spdy: h2

bicarest.xyz/dn_30/fonts/SegoeUI-BoldItalic.woff

45.141.156.109

200 OK

188 kB

URL GET
bicarest.xyz/dn_30/fonts/SegoeUI-BoldItalic.woff
IP
45.141.156.109:443
ASN
#31469 Virtual Systems LLC

Requested by
https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Certificate
IssuerLet's Encrypt
Subjectbicarest.xyz
Fingerprint83:92:BF:FA:BC:17:CC:D2:27:15:DC:B4:27:96:8F:38:83:CA:CD:1D
ValidityThu, 03 Apr 2025 00:58:16 GMT - Wed, 02 Jul 2025 00:58:15 GMT

File type
Web Open Font Format, TrueType, length 187540, version 5.5
Size
188 kB (187540 bytes)
Hash
7c08f51390e4717400ceb8a874bbc5a0
4e65195e8c0ff89af6b333b138a2341e8239b9f5
f82a0a3d6cd8e958a16b853a6f8e437411fdba95ab321461c9e784a2b518e9e4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dn_30/fonts/SegoeUI-BoldItalic.woff HTTP/1.1
Host: bicarest.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://bicarest.xyz/dn_30/fonts/font.css
Cookie: GoogleAccountsLocale_session=en; googtrans=/en/en
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 12 May 2025 04:19:29 GMT
content-type: font/woff
content-length: 187540
last-modified: Wed, 12 Feb 2025 08:42:41 GMT
etag: "67ac5f01-2dc94"
accept-ranges: bytes
X-Firefox-Spdy: h2

bicarest.xyz/dn_30/css/default.css

45.141.156.109

200 OK

14 kB

URL GET
bicarest.xyz/dn_30/css/default.css
IP
45.141.156.109:443
ASN
#31469 Virtual Systems LLC

Requested by
https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Certificate
IssuerLet's Encrypt
Subjectbicarest.xyz
Fingerprint83:92:BF:FA:BC:17:CC:D2:27:15:DC:B4:27:96:8F:38:83:CA:CD:1D
ValidityThu, 03 Apr 2025 00:58:16 GMT - Wed, 02 Jul 2025 00:58:15 GMT

File type
ASCII text, with CRLF line terminators
Size
14 kB (13883 bytes)
Hash
98b8c6aec237b9af723b9d6d16767bc0
895fefa99d353deddbce2271b49cb04ff8017211
f9c86eb83579ce6cf4450af85cdf4dae6b4b97735c31bd225ca091b88d55d91d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dn_30/css/default.css HTTP/1.1
Host: bicarest.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 12 May 2025 04:19:29 GMT
content-type: text/css
last-modified: Wed, 12 Feb 2025 08:42:40 GMT
vary: Accept-Encoding
etag: W/"67ac5f00-363b"
content-encoding: gzip
X-Firefox-Spdy: h2

bicarest.xyz/dn_30/img/search.svg

45.141.156.109

200 OK

1.1 kB

URL GET
bicarest.xyz/dn_30/img/search.svg
IP
45.141.156.109:443
ASN
#31469 Virtual Systems LLC

Requested by
https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Certificate
IssuerLet's Encrypt
Subjectbicarest.xyz
Fingerprint83:92:BF:FA:BC:17:CC:D2:27:15:DC:B4:27:96:8F:38:83:CA:CD:1D
ValidityThu, 03 Apr 2025 00:58:16 GMT - Wed, 02 Jul 2025 00:58:15 GMT

File type
SVG Scalable Vector Graphics image
Size
1.1 kB (1060 bytes)
Hash
bb6681663072ae5037e04596b981a388
a4b6aa22bb4e469bc37029c5e6c1f972bce526ce
ba720020954b65a1b866bb934766e130d5f2f4f88af474e518262e5a4b7640cd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dn_30/img/search.svg HTTP/1.1
Host: bicarest.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 12 May 2025 04:19:29 GMT
content-type: image/svg+xml
content-length: 1060
last-modified: Wed, 12 Feb 2025 08:42:41 GMT
etag: "67ac5f01-424"
accept-ranges: bytes
X-Firefox-Spdy: h2

use.fontawesome.com/releases/v4.7.0/fonts/fontawesome-webfont.woff2

104.21.27.152

200 OK

77 kB

URL GET
use.fontawesome.com/releases/v4.7.0/fonts/fontawesome-webfont.woff2
IP
104.21.27.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Certificate
IssuerGoogle Trust Services
Subjectuse.fontawesome.com
Fingerprint2F:A0:71:2B:C1:50:E8:B9:6E:F6:46:C3:85:EA:4E:30:ED:94:CB:C6
ValiditySun, 04 May 2025 00:52:35 GMT - Sat, 02 Aug 2025 01:52:29 GMT

File type
Web Open Font Format (Version 2), TrueType, length 77160, version 4.459
Size
77 kB (77160 bytes)
Hash
af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

HTTP Headers

GET /releases/v4.7.0/fonts/fontawesome-webfont.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://bicarest.xyz
DNT: 1
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 12 May 2025 04:19:30 GMT
content-type: application/font-woff2
content-length: 77160
accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=31556926
etag: "af7ae505a9eed503f8b8e6982036873e"
last-modified: Fri, 22 Sep 2023 01:44:05 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TePhOtqnmk1dl96geFeS70rkGveGbl%2F5Fhx2yu7MLk%2FwGNCciTuWVAl%2FasvkmN7eE1Rg1Bxcc94PnSIFj1fPWC2OdhumnxksRg%2BbUCcsdYTH2c%2FT1EawQSP1MycTmVCqR5TLSb65"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 93e71e42ee0ab503-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=2269&min_rtt=443&rtt_var=2918&sent=26&recv=24&lost=0&retrans=0&sent_bytes=15882&recv_bytes=1653&delivery_rate=11455696&cwnd=257&unsent_bytes=0&cid=74861adc211801c7&ts=1467&x=0"
X-Firefox-Spdy: h2

bicarest.xyz/dn_30/img/stat.svg

45.141.156.109

200 OK

942 B

URL GET
bicarest.xyz/dn_30/img/stat.svg
IP
45.141.156.109:443
ASN
#31469 Virtual Systems LLC

Requested by
https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Certificate
IssuerLet's Encrypt
Subjectbicarest.xyz
Fingerprint83:92:BF:FA:BC:17:CC:D2:27:15:DC:B4:27:96:8F:38:83:CA:CD:1D
ValidityThu, 03 Apr 2025 00:58:16 GMT - Wed, 02 Jul 2025 00:58:15 GMT

File type
SVG Scalable Vector Graphics image
Size
942 B (942 bytes)
Hash
56be8f949cbfae6fe10e83b7b692c69f
fc0f35aad024d13af7d8ec449ebf20c40a445aa8
4058b2b59adeea758d7acd7570f922868f1f68b4e766e91528dffc5eeda3c1fe

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dn_30/img/stat.svg HTTP/1.1
Host: bicarest.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 12 May 2025 04:19:29 GMT
content-type: image/svg+xml
content-length: 942
last-modified: Wed, 12 Feb 2025 08:42:41 GMT
etag: "67ac5f01-3ae"
accept-ranges: bytes
X-Firefox-Spdy: h2

use.fontawesome.com/releases/v4.7.0/css/font-awesome-css.min.css

104.21.27.152

200 OK

30 kB

URL GET
use.fontawesome.com/releases/v4.7.0/css/font-awesome-css.min.css
IP
104.21.27.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Certificate
IssuerGoogle Trust Services
Subjectuse.fontawesome.com
Fingerprint2F:A0:71:2B:C1:50:E8:B9:6E:F6:46:C3:85:EA:4E:30:ED:94:CB:C6
ValiditySun, 04 May 2025 00:52:35 GMT - Sat, 02 Aug 2025 01:52:29 GMT

File type
ASCII text, with very long lines (30343)
Size
30 kB (30344 bytes)
Hash
36082410df2ef7f83932219089dc1443
7961402d7d01e19387fe609a38454b0bc8c6cca4
5b9573e1023da775390e9284ec0eb1c606df9b468a28980055b4a6aa804f4350

HTTP Headers

GET /releases/v4.7.0/css/font-awesome-css.min.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://use.fontawesome.com/f182237388.css
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 12 May 2025 04:19:30 GMT
content-type: text/css
cache-control: max-age=31556926
etag: W/"36082410df2ef7f83932219089dc1443"
last-modified: Fri, 22 Sep 2023 01:44:05 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 2255203
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lIiBNnktWo9HPoY26B2SZz1qmdahjxOV37oZujIU%2BjAeAEBZ4qXVovOHl16sFmLefLJ2hTWNHvO0QFfGYHFFAd1TYCIjyw6vfyxOkZD8fg%2BpydYN%2BeYFCdpi3ayHkZb66OnR6gT7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 93e71e418d20b503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=2642&min_rtt=443&rtt_var=4077&sent=18&recv=21&lost=0&retrans=0&sent_bytes=8478&recv_bytes=1439&delivery_rate=11455696&cwnd=257&unsent_bytes=0&cid=74861adc211801c7&ts=891&x=0"
X-Firefox-Spdy: h2

bicarest.xyz/dn_30/img/shield.png

45.141.156.109

200 OK

6.7 kB

URL GET
bicarest.xyz/dn_30/img/shield.png
IP
45.141.156.109:443
ASN
#31469 Virtual Systems LLC

Requested by
https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Certificate
IssuerLet's Encrypt
Subjectbicarest.xyz
Fingerprint83:92:BF:FA:BC:17:CC:D2:27:15:DC:B4:27:96:8F:38:83:CA:CD:1D
ValidityThu, 03 Apr 2025 00:58:16 GMT - Wed, 02 Jul 2025 00:58:15 GMT

File type
PNG image data, 200 x 240, 8-bit/color RGBA, non-interlaced
Size
6.7 kB (6740 bytes)
Hash
e4667155e9ea369f113db729d83d2e67
eaa2a73cb8c82d90e9ca37d76ddf645b49e6629c
f59fbf81b215f710ba4d7697b5788c44e062e82f3653261a0e9bb1af3379a56c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dn_30/img/shield.png HTTP/1.1
Host: bicarest.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 12 May 2025 04:19:29 GMT
content-type: image/png
content-length: 6740
last-modified: Wed, 12 Feb 2025 08:42:41 GMT
etag: "67ac5f01-1a54"
accept-ranges: bytes
X-Firefox-Spdy: h2

bicarest.xyz/dn_30/img/adv_3.png

45.141.156.109

200 OK

1.4 kB

URL GET
bicarest.xyz/dn_30/img/adv_3.png
IP
45.141.156.109:443
ASN
#31469 Virtual Systems LLC

Requested by
https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Certificate
IssuerLet's Encrypt
Subjectbicarest.xyz
Fingerprint83:92:BF:FA:BC:17:CC:D2:27:15:DC:B4:27:96:8F:38:83:CA:CD:1D
ValidityThu, 03 Apr 2025 00:58:16 GMT - Wed, 02 Jul 2025 00:58:15 GMT

File type
PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced
Size
1.4 kB (1423 bytes)
Hash
1239fe9de5cf5f5e449a6f58dda45364
55d2148c80a74331fa8e960513cf7709ac165778
630ec52f7c5d5e490bec8e8d94cb8b32fa2756aa38046279d67748447c966ad5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dn_30/img/adv_3.png HTTP/1.1
Host: bicarest.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 12 May 2025 04:19:29 GMT
content-type: image/png
content-length: 1423
last-modified: Wed, 12 Feb 2025 08:42:41 GMT
etag: "67ac5f01-58f"
accept-ranges: bytes
X-Firefox-Spdy: h2

bicarest.xyz/dn_30/img/adv_2.png

45.141.156.109

200 OK

1.3 kB

URL GET
bicarest.xyz/dn_30/img/adv_2.png
IP
45.141.156.109:443
ASN
#31469 Virtual Systems LLC

Requested by
https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Certificate
IssuerLet's Encrypt
Subjectbicarest.xyz
Fingerprint83:92:BF:FA:BC:17:CC:D2:27:15:DC:B4:27:96:8F:38:83:CA:CD:1D
ValidityThu, 03 Apr 2025 00:58:16 GMT - Wed, 02 Jul 2025 00:58:15 GMT

File type
PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced
Size
1.3 kB (1343 bytes)
Hash
9418c86f5118c6ddd6c7a9314792f3e5
c671bfca9e1ae675ca36861a272fcb343b9b5ae2
883d78df822e56774509bcb4308a37b9f609cc7445459b74c2d49e22c2ea89ea

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dn_30/img/adv_2.png HTTP/1.1
Host: bicarest.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 12 May 2025 04:19:29 GMT
content-type: image/png
content-length: 1343
last-modified: Wed, 12 Feb 2025 08:42:41 GMT
etag: "67ac5f01-53f"
accept-ranges: bytes
X-Firefox-Spdy: h2

bicarest.xyz/dn_30/img/info.svg

45.141.156.109

200 OK

872 B

URL GET
bicarest.xyz/dn_30/img/info.svg
IP
45.141.156.109:443
ASN
#31469 Virtual Systems LLC

Requested by
https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Certificate
IssuerLet's Encrypt
Subjectbicarest.xyz
Fingerprint83:92:BF:FA:BC:17:CC:D2:27:15:DC:B4:27:96:8F:38:83:CA:CD:1D
ValidityThu, 03 Apr 2025 00:58:16 GMT - Wed, 02 Jul 2025 00:58:15 GMT

File type
SVG Scalable Vector Graphics image
Size
872 B (872 bytes)
Hash
7d1efb94d5afedac3a260884c568532d
a3acb6ffe2c825b320170cf0189de518d8595529
767be0f155366834946a5171828c978851aeb6bcb53125dad28dc2b5d992d5a3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dn_30/img/info.svg HTTP/1.1
Host: bicarest.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 12 May 2025 04:19:29 GMT
content-type: image/svg+xml
content-length: 872
last-modified: Wed, 12 Feb 2025 08:42:41 GMT
etag: "67ac5f01-368"
accept-ranges: bytes
X-Firefox-Spdy: h2

bicarest.xyz/dn_30/js/translate.js

45.141.156.109

200 OK

1.2 kB

URL GET
bicarest.xyz/dn_30/js/translate.js
IP
45.141.156.109:443
ASN
#31469 Virtual Systems LLC

Requested by
https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Certificate
IssuerLet's Encrypt
Subjectbicarest.xyz
Fingerprint83:92:BF:FA:BC:17:CC:D2:27:15:DC:B4:27:96:8F:38:83:CA:CD:1D
ValidityThu, 03 Apr 2025 00:58:16 GMT - Wed, 02 Jul 2025 00:58:15 GMT

File type
JavaScript source, ASCII text
Size
1.2 kB (1157 bytes)
Hash
fcd546809170dd574eb37b989529f69a
2e227e144e3b4bd68064354d8a7fbc61125f624c
350baff99bbd3db6cdb8d741bc7f75fa333489ad5dcc641e2cfa0e11130e1920

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dn_30/js/translate.js HTTP/1.1
Host: bicarest.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 12 May 2025 04:19:29 GMT
content-type: application/javascript
last-modified: Wed, 12 Feb 2025 08:42:42 GMT
vary: Accept-Encoding
etag: W/"67ac5f02-485"
content-encoding: gzip
X-Firefox-Spdy: h2

bicarest.xyz/dn_30/img/line_item_2.svg

45.141.156.109

200 OK

219 B

URL GET
bicarest.xyz/dn_30/img/line_item_2.svg
IP
45.141.156.109:443
ASN
#31469 Virtual Systems LLC

Requested by
https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Certificate
IssuerLet's Encrypt
Subjectbicarest.xyz
Fingerprint83:92:BF:FA:BC:17:CC:D2:27:15:DC:B4:27:96:8F:38:83:CA:CD:1D
ValidityThu, 03 Apr 2025 00:58:16 GMT - Wed, 02 Jul 2025 00:58:15 GMT

File type
SVG Scalable Vector Graphics image
Size
219 B (219 bytes)
Hash
097ae69f844eb539e9186359e96acdc2
deeb95990f2d2fc6a536142da8adf8ce7e5c19b2
58230ddc6367adae3c0d78bb382b10df68b2a130c6c7ab56809e0827d913481a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dn_30/img/line_item_2.svg HTTP/1.1
Host: bicarest.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bicarest.xyz/dn_30/7.html?cep=J9WYMw2ht-YZ5rH4kojnHDMHzuRoODCcEiUHZe3knWQbQT-UfkNDGMC3Ntnj5bMBvyZ04FOuwbhFhbGjDNtOAm82u_lFyHFYmcynHzzRAJCwm3gVfoqeY_31XeWqJsBbGuIzuIg1oBRiTjWuK5zzYmELruvckW_79y9ktG4fxntfgIPpyjgqgPzaouzMzEFfuP-kTHzWEhapslCff-vbitYkjg-0DAvoy3-xaZMCV9TgFvdQwCr-3GE94JbB-oAtZtMd4U3LDj3Z1NweALJmOU4cKjIPUX0SdaNYjusCZF1joAnMyrxpcbmiGIh1wF3UlQPDpBjPKb3LRz-wyQEW9DKGh0RlNzxprcVWWobmJp6fVssC4AkcM1rLZ3g-Bi-U&lptoken=174047b902e953af687c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 12 May 2025 04:19:29 GMT
content-type: image/svg+xml
content-length: 219
last-modified: Wed, 12 Feb 2025 08:42:41 GMT
etag: "67ac5f01-db"
accept-ranges: bytes
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (9)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (51)

URL GET

IP

ASN

Requested by