Report - icumx.com/

Report Overview

Visited public
2025-04-19 11:37:44
Tags
URL
icumx.com/
Finishing URL
bawdygaljqiw.com/?a=2063076&cr=70800&lid=17993&mh=UlhVUHNOS1BJcFpRdnRHRWRVbWRrZU12ZUJvbEd5VWx5V0lqQi0zNTk4NA%3D%3D&mmid=2364&p=0&rf=&rn=zc4ZnJeUys4WmdiVEhG&s1=6013&s2=d01olt086g1c73cuk11g&t=6013
IP / ASN
104.21.96.1
#13335 CLOUDFLARENET
Title
The most popular dating site of this month

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
sunfeb.top	unknown	2025-02-11	2025-04-09	2025-04-09	520 B	15 kB	172.67.128.57
fonts.googleapis.com	8877	2005-01-25	2012-05-23	2025-04-16	462 B	2.6 kB	142.250.74.10
fonts.gstatic.com	unknown	2008-02-11	2014-04-02	2025-04-16	560 B	20 kB	142.250.74.35
desirexo.com	unknown	unknown	No data	No data	487 B	15 kB	104.21.25.86
bawdygaljqiw.com	unknown	2024-08-06	2025-04-19	2025-04-19	2.4 kB	86 kB	104.21.80.1
adultgirll.com	unknown	2024-09-16	2024-10-25	2025-04-16	2.9 kB	471 kB	45.76.38.70
code.jquery.com	634	2005-12-10	2012-05-21	2025-04-16	455 B	88 kB	151.101.2.137
icumx.com	unknown	2024-11-13	2025-04-19	2025-04-19	478 B	15 kB	104.21.16.1
mb2j264.b2base252.top	unknown	2025-03-26	2025-03-28	2025-04-07	598 B	15 kB	172.67.196.106

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-04-19	medium	bawdygaljqiw.com	Sinkholed
2025-04-19	medium	bawdygaljqiw.com	Sinkholed
2025-04-19	medium	sunfeb.top	Sinkholed
2025-04-19	medium	bawdygaljqiw.com	Sinkholed
2025-04-19	medium	b2base252.top	Sinkholed

ThreatFox

No alerts detected

JavaScript (5)

	URL	From	Size	First Seen	Last Seen
	bawdygaljqiw.com/?utm_source=2qEh6yosYLyfN&s2=d01olt086g1c73cuk11g&utm_term=6013&utm_campaign=6013	Function	38 B	2023-04-11	2025-05-06
Pretty URL bawdygaljqiw.com/?utm_source=2qEh6yosYLyfN&s2=d01olt086g1c73cuk11g&utm_term=6013&utm_campaign=6013 IP 104.21.80.1 ASN #13335 CLOUDFLARENET Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:09 Last Seen2025-05-06 17:04 Times Seen4979 Hash a55bc61bb8cabacdc353356d20217fb1 ecf7f3fc124c625be7890bb4536b6f89d4d76786 a4a9b568a83a7f91eeed94a7c6587bb5d3bdf73d515d40c4402460dc046ab7a6 Loading...

	bawdygaljqiw.com/p.js?a=2063076&cr=70800&lid=17993&mh=UlhVUHNOS1BJcFpRdnRHRWRVbWRrZU12ZUJvbEd5VWx5V0lqQi0zNTk4NA%3D%3D&mmid=2364&p=0&rf=&rn=zc4ZnJeUys4WmdiVEhG&s1=6013&s2=d01olt086g1c73cuk11g&t=6013	ScriptElement	436 B	2025-04-19	2025-04-19
Pretty URL bawdygaljqiw.com/p.js?a=2063076&cr=70800&lid=17993&mh=UlhVUHNOS1BJcFpRdnRHRWRVbWRrZU12ZUJvbEd5VWx5V0lqQi0zNTk4NA%3D%3D&mmid=2364&p=0&rf=&rn=zc4ZnJeUys4WmdiVEhG&s1=6013&s2=d01olt086g1c73cuk11g&t=6013 IP 104.21.80.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-19 11:37 Last Seen2025-04-19 11:37 Times Seen1 Hash 2676a9ad376085c40574013ef6c64cc8 3e87a429a2aafeeb4cf9ed0ee1b36a5755feba06 7f49b23ca1bbc561affb685290d89b0a8d12059b0bfc7f29207be3605e848b0b Loading...

	bawdygaljqiw.com/?utm_source=2qEh6yosYLyfN&s2=d01olt086g1c73cuk11g&utm_term=6013&utm_campaign=6013	ScriptElement	2.6 kB	2023-03-07	2025-04-19
Pretty URL bawdygaljqiw.com/?utm_source=2qEh6yosYLyfN&s2=d01olt086g1c73cuk11g&utm_term=6013&utm_campaign=6013 IP 104.21.80.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 13:22 Last Seen2025-04-19 11:37 Times Seen22 Hash 64dea6e5fdf1b1f7715ee5928ba6ec0f 0064ea1ac0bfd7c8089112193fad422e8c8895ae 12e117de120a4d9336d506c5a1aebc1c20dbcde1f21fef18799e5c93e545fa5d Loading...

	code.jquery.com/jquery-3.3.1.min.js	ScriptElement	87 kB	2023-03-07	2025-05-07
Pretty URL code.jquery.com/jquery-3.3.1.min.js IP 151.101.2.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-07 01:46 Times Seen57287 Hash a09e13ee94d51c524b7e2a728c7d4039 0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef Loading...

	bawdygaljqiw.com/?utm_source=2qEh6yosYLyfN&s2=d01olt086g1c73cuk11g&utm_term=6013&utm_campaign=6013	ScriptElement	275 B	2025-04-19	2025-04-19
Pretty URL bawdygaljqiw.com/?utm_source=2qEh6yosYLyfN&s2=d01olt086g1c73cuk11g&utm_term=6013&utm_campaign=6013 IP 104.21.80.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-04-19 11:37 Last Seen2025-04-19 11:37 Times Seen1 Hash cae586d9a0f649c9a9c2725ebd3081ef 395dfdaf8dec18ff960714046c4e88f7301fdb16 1aa1a1781641a8e1b0bbe8c9db439ac9cc94c17e9613b4f7596f702d4acfa799 Loading...

HTTP Transactions (16)

URL IP Response Size

bawdygaljqiw.com/?utm_source=2qEh6yosYLyfN&s2=d01olt086g1c73cuk11g&utm_term=6013&utm_campaign=6013

104.21.80.1

200 OK

15 kB

URL User Request GET
bawdygaljqiw.com/?utm_source=2qEh6yosYLyfN&s2=d01olt086g1c73cuk11g&utm_term=6013&utm_campaign=6013
IP
104.21.80.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectbawdygaljqiw.com
Fingerprint26:C4:4C:81:83:2E:E7:1A:9E:7B:02:AD:54:6B:5D:62:5C:8A:5A:F7
ValidityTue, 18 Mar 2025 22:15:14 GMT - Mon, 16 Jun 2025 23:13:01 GMT

File type
JavaScript source, ASCII text, with very long lines (11692)
Size
15 kB (14559 bytes)
Hash
7d113eb6e10890c57bc38645d9b5a72d
6d52aa2e457aadecf40e008b4874dc7ef14a399e
4df00fa66f449e577e59411a73987bbd5d843e1f9de89dc7ff0e54abe4734157

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?utm_source=2qEh6yosYLyfN&s2=d01olt086g1c73cuk11g&utm_term=6013&utm_campaign=6013 HTTP/1.1
Host: bawdygaljqiw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 19 Apr 2025 11:37:24 GMT
content-type: text/html; charset=utf-8
server: cloudflare
vary: Accept-Encoding
cache-control: max-age=0, private, must-revalidate
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
cf-cache-status: DYNAMIC
content-encoding: br
set-cookie: k=SFMyNTY.g3QAAAAHbQAAAARhdW5xdAAAAAFtAAAABTEzMDUxbQAAAAp3QkFydll6WG5SbQAAAANoaWRtAAAAJVJYVVBzTktQSXBaUXZ0R0VkVW1ka2VNdmVCb2xHeVVseVdJakJtAAAAAmhsZAADbmlsbQAAAAVzdWJfMW0AAAAENjAxM20AAAAFc3ViXzJtAAAAFGQwMW9sdDA4NmcxYzczY3VrMTFnbQAAAAd0cmFja2VybQAAAAQ2MDEzbQAAAAN1bnFtAAAADG1FaERrT3p2SlpTQQ.ltVmJ27nTLUGhWbtc6EjSdeqEXAesxr7pHXePyFfIHA; Path=/; Max-Age=31536000; Expires=Sun, 19 Apr 2026 11:37:24 GMT
cf-ray: 932c1c16cc46b4fd-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

adultgirll.com/assets/1efd77fb8d838b0cd41aabb142748154/images/m1.jpg

45.76.38.70

200 OK

46 kB

URL GET
adultgirll.com/assets/1efd77fb8d838b0cd41aabb142748154/images/m1.jpg
IP
45.76.38.70:443
ASN
#20473 AS-VULTR

Requested by
https://bawdygaljqiw.com/?utm_source=2qEh6yosYLyfN&s2=d01olt086g1c73cuk11g&utm_term=6013&utm_campaign=6013
Certificate
IssuerLet's Encrypt
Subjectadultgirll.com
Fingerprint3D:FD:97:D6:1D:D6:73:8E:C4:3B:2C:40:CF:C1:A5:45:5B:A4:75:DC
ValiditySat, 22 Feb 2025 19:33:55 GMT - Fri, 23 May 2025 19:33:54 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 800x1130, components 3
Size
46 kB (45931 bytes)
Hash
810fce92becd5039b39fd482cf0c68e3
6d95515ef8231bfff77118ab6ef75f27899fa1b4
941ffee47bead0a7dee4358c6019f9e57857f19c376ccd0e45598916e1117cfd

HTTP Headers

GET /assets/1efd77fb8d838b0cd41aabb142748154/images/m1.jpg HTTP/1.1
Host: adultgirll.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bawdygaljqiw.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 19 Apr 2025 11:37:26 GMT
content-type: image/jpeg
content-length: 45931
last-modified: Tue, 20 Feb 2024 13:29:02 GMT
etag: "65d4a91e-b36b"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
accept-ranges: bytes
X-Firefox-Spdy: h2

bawdygaljqiw.com/p.js?a=2063076&cr=70800&lid=17993&mh=UlhVUHNOS1BJcFpRdnRHRWRVbWRrZU12ZUJvbEd5VWx5V0lqQi0zNTk4NA%3D%3D&mmid=2364&p=0&rf=&rn=zc4ZnJeUys4WmdiVEhG&s1=6013&s2=d01olt086g1c73cuk11g&t=6013

104.21.80.1

200 OK

436 B

URL GET
bawdygaljqiw.com/p.js?a=2063076&cr=70800&lid=17993&mh=UlhVUHNOS1BJcFpRdnRHRWRVbWRrZU12ZUJvbEd5VWx5V0lqQi0zNTk4NA%3D%3D&mmid=2364&p=0&rf=&rn=zc4ZnJeUys4WmdiVEhG&s1=6013&s2=d01olt086g1c73cuk11g&t=6013
IP
104.21.80.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bawdygaljqiw.com/?utm_source=2qEh6yosYLyfN&s2=d01olt086g1c73cuk11g&utm_term=6013&utm_campaign=6013
Certificate
IssuerGoogle Trust Services
Subjectbawdygaljqiw.com
Fingerprint26:C4:4C:81:83:2E:E7:1A:9E:7B:02:AD:54:6B:5D:62:5C:8A:5A:F7
ValidityTue, 18 Mar 2025 22:15:14 GMT - Mon, 16 Jun 2025 23:13:01 GMT

File type
JavaScript source, ASCII text
Size
436 B (436 bytes)
Hash
2676a9ad376085c40574013ef6c64cc8
3e87a429a2aafeeb4cf9ed0ee1b36a5755feba06
7f49b23ca1bbc561affb685290d89b0a8d12059b0bfc7f29207be3605e848b0b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /p.js?a=2063076&cr=70800&lid=17993&mh=UlhVUHNOS1BJcFpRdnRHRWRVbWRrZU12ZUJvbEd5VWx5V0lqQi0zNTk4NA%3D%3D&mmid=2364&p=0&rf=&rn=zc4ZnJeUys4WmdiVEhG&s1=6013&s2=d01olt086g1c73cuk11g&t=6013 HTTP/1.1
Host: bawdygaljqiw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bawdygaljqiw.com/?utm_source=2qEh6yosYLyfN&s2=d01olt086g1c73cuk11g&utm_term=6013&utm_campaign=6013
DNT: 1
Connection: keep-alive
Cookie: k=SFMyNTY.g3QAAAAHbQAAAARhdW5xdAAAAAFtAAAABTEzMDUxbQAAAAp3QkFydll6WG5SbQAAAANoaWRtAAAAJVJYVVBzTktQSXBaUXZ0R0VkVW1ka2VNdmVCb2xHeVVseVdJakJtAAAAAmhsZAADbmlsbQAAAAVzdWJfMW0AAAAENjAxM20AAAAFc3ViXzJtAAAAFGQwMW9sdDA4NmcxYzczY3VrMTFnbQAAAAd0cmFja2VybQAAAAQ2MDEzbQAAAAN1bnFtAAAADG1FaERrT3p2SlpTQQ.ltVmJ27nTLUGhWbtc6EjSdeqEXAesxr7pHXePyFfIHA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 19 Apr 2025 11:37:26 GMT
content-type: application/javascript; charset=utf-8
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hEOMYdv9nvtkoBxQg7JXmMpW0ThRQhUbqPcXXIl%2B7vpSMO%2BnwU%2B4ajZMBw0EZlNSAlROH7p3aKbPqlf9JuisbGATWjLz2nVBdgEModbbdyaAzCL7z7l8lqhI8hK7QU1SXEsv"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=0, private, must-revalidate
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
cf-cache-status: BYPASS
set-cookie: k=SFMyNTY.g3QAAAAHbQAAAARhdW5xdAAAAAFtAAAABTEzMDUxbQAAAAp3QkFydll6WG5SbQAAAANoaWRtAAAAJVJYVVBzTktQSXBaUXZ0R0VkVW1ka2VNdmVCb2xHeVVseVdJakJtAAAAAmhsYQFtAAAABXN1Yl8xbQAAAAQ2MDEzbQAAAAVzdWJfMm0AAAAUZDAxb2x0MDg2ZzFjNzNjdWsxMWdtAAAAB3RyYWNrZXJtAAAABDYwMTNtAAAAA3VucW0AAAAMbUVoRGtPenZKWlNB.SOtkPwk6jJIcMYpq9D9QUNkNcIwMPo5HYltaIZVL3po; path=/; expires=Sun, 19 Apr 2026 11:37:26 GMT; max-age=31536000
content-encoding: br
cf-ray: 932c1c20a8ba7127-OSL
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=7015&min_rtt=2030&rtt_var=6122&sent=126&recv=208&lost=0&retrans=0&sent_bytes=9966&recv_bytes=12031&delivery_rate=1968&cwnd=12000&unsent_bytes=0&cid=08574fd91d341d2a&ts=1442&x=16"

adultgirll.com/assets/1efd77fb8d838b0cd41aabb142748154/images/m5.jpg

45.76.38.70

200 OK

116 kB

URL GET
adultgirll.com/assets/1efd77fb8d838b0cd41aabb142748154/images/m5.jpg
IP
45.76.38.70:443
ASN
#20473 AS-VULTR

Requested by
https://bawdygaljqiw.com/?utm_source=2qEh6yosYLyfN&s2=d01olt086g1c73cuk11g&utm_term=6013&utm_campaign=6013
Certificate
IssuerLet's Encrypt
Subjectadultgirll.com
Fingerprint3D:FD:97:D6:1D:D6:73:8E:C4:3B:2C:40:CF:C1:A5:45:5B:A4:75:DC
ValiditySat, 22 Feb 2025 19:33:55 GMT - Fri, 23 May 2025 19:33:54 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 851x1250, components 3
Size
116 kB (115909 bytes)
Hash
f5c5999db74fe6166ee945e07506ba8c
a4904543059b2addd5ed84eb54995c02f02a3225
428cbaa0c4660ae38bb16218d742b2280bbb43a171f55a57b7c7f31b25015644

HTTP Headers

GET /assets/1efd77fb8d838b0cd41aabb142748154/images/m5.jpg HTTP/1.1
Host: adultgirll.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bawdygaljqiw.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 19 Apr 2025 11:37:26 GMT
content-type: image/jpeg
content-length: 115909
last-modified: Tue, 20 Feb 2024 13:29:02 GMT
etag: "65d4a91e-1c4c5"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
accept-ranges: bytes
X-Firefox-Spdy: h2

code.jquery.com/jquery-3.3.1.min.js

151.101.2.137

200 OK

87 kB

URL GET
code.jquery.com/jquery-3.3.1.min.js
IP
151.101.2.137:443
ASN
#54113 FASTLY

Requested by
https://bawdygaljqiw.com/?utm_source=2qEh6yosYLyfN&s2=d01olt086g1c73cuk11g&utm_term=6013&utm_campaign=6013
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5
ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
87 kB (86927 bytes)
Hash
a09e13ee94d51c524b7e2a728c7d4039
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

HTTP Headers

GET /jquery-3.3.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bawdygaljqiw.com/
Origin: https://bawdygaljqiw.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-1538f"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Sat, 19 Apr 2025 11:37:26 GMT
age: 3959129
x-served-by: cache-lga13622-LGA, cache-hel1410031-HEL
x-cache: HIT, HIT
x-cache-hits: 65, 375142
x-timer: S1745062647.625449,VS0,VE0
vary: Accept-Encoding
content-length: 30288
X-Firefox-Spdy: h2

icumx.com/

104.21.16.1

301 Moved Permanently

15 kB

URL User Request GET
icumx.com/
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjecticumx.com
Fingerprint34:D8:95:ED:B3:59:7F:EF:4B:4F:2F:98:B1:E3:97:7C:0A:B1:8B:45
ValiditySun, 16 Mar 2025 12:11:46 GMT - Sat, 14 Jun 2025 13:09:17 GMT

File type

Size
15 kB (14559 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: icumx.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Sat, 19 Apr 2025 11:37:22 GMT
location: https://desirexo.com/nFSs8P
server: cloudflare
cf-ray: 932c1c08ca44569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

adultgirll.com/assets/1efd77fb8d838b0cd41aabb142748154/images/m3.jpg

45.76.38.70

200 OK

61 kB

URL GET
adultgirll.com/assets/1efd77fb8d838b0cd41aabb142748154/images/m3.jpg
IP
45.76.38.70:443
ASN
#20473 AS-VULTR

Requested by
https://bawdygaljqiw.com/?utm_source=2qEh6yosYLyfN&s2=d01olt086g1c73cuk11g&utm_term=6013&utm_campaign=6013
Certificate
IssuerLet's Encrypt
Subjectadultgirll.com
Fingerprint3D:FD:97:D6:1D:D6:73:8E:C4:3B:2C:40:CF:C1:A5:45:5B:A4:75:DC
ValiditySat, 22 Feb 2025 19:33:55 GMT - Fri, 23 May 2025 19:33:54 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 790x1100, components 3
Size
61 kB (60666 bytes)
Hash
f461c44c2cf817e8d3ee610abf569156
07891fbf699a6890b4256c9c63094b722dd0346a
79d7694297da1656b0d25497e36d401ebad128cdf96dc3b0283df8f46277a7f1

HTTP Headers

GET /assets/1efd77fb8d838b0cd41aabb142748154/images/m3.jpg HTTP/1.1
Host: adultgirll.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bawdygaljqiw.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 19 Apr 2025 11:37:26 GMT
content-type: image/jpeg
content-length: 60666
last-modified: Tue, 20 Feb 2024 13:29:02 GMT
etag: "65d4a91e-ecfa"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
accept-ranges: bytes
X-Firefox-Spdy: h2

sunfeb.top/click?o=2&a=6013&aff_click_id=1sjos4f491q

172.67.128.57

302 Found

15 kB

URL User Request GET
sunfeb.top/click?o=2&a=6013&aff_click_id=1sjos4f491q
IP
172.67.128.57:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectsunfeb.top
FingerprintBF:83:D8:5D:1E:60:AF:F8:6B:36:D6:84:C7:63:15:C8:F9:F6:11:D8
ValidityMon, 07 Apr 2025 11:59:55 GMT - Sun, 06 Jul 2025 12:58:32 GMT

File type

Size
15 kB (14559 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /click?o=2&a=6013&aff_click_id=1sjos4f491q HTTP/1.1
Host: sunfeb.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Sat, 19 Apr 2025 11:37:23 GMT
content-type: text/html; charset=UTF-8
location: https://mb2j264.b2base252.top/click?key=23815cdd29d290f7b533&externalid=002b9ebb0756da81acc2466b1adef231&a=6013&landing=&sub_id1=&scGeo=NO
server: cloudflare
x-debug-tag: 68038af39c978
x-debug-duration: 175
x-debug-link: /v-debugger/default/view?tag=68038af39c978
cf-cache-status: DYNAMIC
set-cookie: U-c81e728d9d4c2f636f067f89cc14862c=unique; SameSite=None; Secure; Path=/; Max-Age=2592000; Expires=Mon, 19 May 2025 11:37:23 GMT
o_c81e728d9d4c2f636f067f89cc14862c=c59ae2cb-66f0-4948-8622-1b2fb4944071; SameSite=None; Secure; Path=/; Max-Age=604800; Expires=Sat, 26 Apr 2025 11:37:23 GMT
cf-ray: 932c1c10ed00b509-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

adultgirll.com/assets/1efd77fb8d838b0cd41aabb142748154/images/d1.jpg

45.76.38.70

200 OK

70 kB

URL GET
adultgirll.com/assets/1efd77fb8d838b0cd41aabb142748154/images/d1.jpg
IP
45.76.38.70:443
ASN
#20473 AS-VULTR

Requested by
https://bawdygaljqiw.com/?utm_source=2qEh6yosYLyfN&s2=d01olt086g1c73cuk11g&utm_term=6013&utm_campaign=6013
Certificate
IssuerLet's Encrypt
Subjectadultgirll.com
Fingerprint3D:FD:97:D6:1D:D6:73:8E:C4:3B:2C:40:CF:C1:A5:45:5B:A4:75:DC
ValiditySat, 22 Feb 2025 19:33:55 GMT - Fri, 23 May 2025 19:33:54 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 804x1080, components 3
Size
70 kB (70008 bytes)
Hash
2e638708dc918990a035b9e010134391
7ad6e4f43f9e9b1eb95912d77c130a19ab9772ab
9274099e55794de4ca54d0bd15bc11bcd6a62fde2ac2a8d41f8b3de0cf7fee4b

HTTP Headers

GET /assets/1efd77fb8d838b0cd41aabb142748154/images/d1.jpg HTTP/1.1
Host: adultgirll.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bawdygaljqiw.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 19 Apr 2025 11:37:27 GMT
content-type: image/jpeg
content-length: 70008
last-modified: Tue, 20 Feb 2024 13:29:02 GMT
etag: "65d4a91e-11178"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
accept-ranges: bytes
X-Firefox-Spdy: h2

bawdygaljqiw.com/favicon.ico

104.21.80.1

200 OK

68 kB

URL GET
bawdygaljqiw.com/favicon.ico
IP
104.21.80.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bawdygaljqiw.com/?utm_source=2qEh6yosYLyfN&s2=d01olt086g1c73cuk11g&utm_term=6013&utm_campaign=6013
Certificate
IssuerGoogle Trust Services
Subjectbawdygaljqiw.com
Fingerprint26:C4:4C:81:83:2E:E7:1A:9E:7B:02:AD:54:6B:5D:62:5C:8A:5A:F7
ValidityTue, 18 Mar 2025 22:15:14 GMT - Mon, 16 Jun 2025 23:13:01 GMT

File type
MS Windows icon resource - 1 icon, -128x-128, 32 bits/pixel
Size
68 kB (67646 bytes)
Hash
b256e87a54233c95bc5231125d20f56b
4644cf3e2e75a1515e18288ea72863d13f16a04a
d76d38c54b952839386bb788ffb5861e3cbd3a1cc4f183a554ecf331b722f9c9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: bawdygaljqiw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bawdygaljqiw.com/?utm_source=2qEh6yosYLyfN&s2=d01olt086g1c73cuk11g&utm_term=6013&utm_campaign=6013
DNT: 1
Connection: keep-alive
Cookie: k=SFMyNTY.g3QAAAAHbQAAAARhdW5xdAAAAAFtAAAABTEzMDUxbQAAAAp3QkFydll6WG5SbQAAAANoaWRtAAAAJVJYVVBzTktQSXBaUXZ0R0VkVW1ka2VNdmVCb2xHeVVseVdJakJtAAAAAmhsYQFtAAAABXN1Yl8xbQAAAAQ2MDEzbQAAAAVzdWJfMm0AAAAUZDAxb2x0MDg2ZzFjNzNjdWsxMWdtAAAAB3RyYWNrZXJtAAAABDYwMTNtAAAAA3VucW0AAAAMbUVoRGtPenZKWlNB.SOtkPwk6jJIcMYpq9D9QUNkNcIwMPo5HYltaIZVL3po
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 19 Apr 2025 11:37:27 GMT
content-type: image/x-icon
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A91TU090jRfd0YQqC8vrSDVDp2SAZBuwEfmtHpfMc8LXU5hp8vZmIZBQtHxenTc3Xu964XBGnHgd53m%2FVWHoZqQC70ACMDQ0QTNYuKccNj10wClMZZ8PF0lJRg8295lr36R8"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=1800
cf-cache-status: HIT
age: 2085
last-modified: Sat, 19 Apr 2025 11:02:42 GMT
content-encoding: br
cf-ray: 932c1c29d9137127-OSL
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=7397&min_rtt=2030&rtt_var=5354&sent=129&recv=210&lost=0&retrans=0&sent_bytes=11313&recv_bytes=12683&delivery_rate=4597&cwnd=12000&unsent_bytes=0&cid=08574fd91d341d2a&ts=2657&x=16"

fonts.googleapis.com/css?family=Montserrat&subset=latin-ext

142.250.74.10

200 OK

1.9 kB

URL GET
fonts.googleapis.com/css?family=Montserrat&subset=latin-ext
IP
142.250.74.10:443
ASN
#15169 GOOGLE

Requested by
https://bawdygaljqiw.com/?utm_source=2qEh6yosYLyfN&s2=d01olt086g1c73cuk11g&utm_term=6013&utm_campaign=6013
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
Fingerprint06:13:4C:49:F4:23:BB:58:C3:31:41:0E:F9:E0:C5:EF:74:A9:0C:67
ValidityMon, 31 Mar 2025 08:55:35 GMT - Mon, 23 Jun 2025 08:55:34 GMT

File type
ASCII text
Size
1.9 kB (1866 bytes)
Hash
14747b7ccb4842d4e00fc83ac1d84c36
a6b508cbe4e15066de1f6608dcd2640d9d90d377
d2985f60e922d8796396c202ffcb9f6f6c2a57f510cb49f9babf16d025c6b058

HTTP Headers

GET /css?family=Montserrat&subset=latin-ext HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bawdygaljqiw.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 19 Apr 2025 11:37:26 GMT
date: Sat, 19 Apr 2025 11:37:26 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

mb2j264.b2base252.top/click?key=23815cdd29d290f7b533&externalid=002b9ebb0756da81acc2466b1adef231&a=6013&landing=&sub_id1=&scGeo=NO

172.67.196.106

307 Temporary Redirect

15 kB

URL User Request GET
mb2j264.b2base252.top/click?key=23815cdd29d290f7b533&externalid=002b9ebb0756da81acc2466b1adef231&a=6013&landing=&sub_id1=&scGeo=NO
IP
172.67.196.106:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectb2base252.top
Fingerprint7E:7C:79:C6:96:42:0B:F6:75:40:B2:0C:DD:81:8A:27:50:FA:C4:95
ValidityWed, 26 Mar 2025 11:15:51 GMT - Tue, 24 Jun 2025 12:14:30 GMT

File type

Size
15 kB (14559 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /click?key=23815cdd29d290f7b533&externalid=002b9ebb0756da81acc2466b1adef231&a=6013&landing=&sub_id1=&scGeo=NO HTTP/1.1
Host: mb2j264.b2base252.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 307 Temporary Redirect
date: Sat, 19 Apr 2025 11:37:24 GMT
content-length: 0
location: https://bawdygaljqiw.com/?utm_source=2qEh6yosYLyfN&s2=d01olt086g1c73cuk11g&utm_term=6013&utm_campaign=6013
server: cloudflare
x-request-id: 62a0866c-60d8-46ee-90ba-a76482d21fd4
cf-cache-status: DYNAMIC
set-cookie: uclick=meyJnVZcPdk13rCgOmCYtcTNLA4xBtuHZhOins0+u6JYR6gNZnfz9dMcFVqv0RH9x4K+; SameSite=Lax; Max-Age=31536000
uclick=meyJnVZcPdk13rCgOmCYtcTNLA4xBtuHZhOins0+u6JYR6gNZnfy9dMcFVqv0RH9PJgyY3Qfb1K9nQEd; SameSite=Lax; Max-Age=31536000
uclick=meyJnVZcPdk13rCgOmCYtcTNLA4xBtuHZhOins0+u6JYR6gNZnfy9dMcFVqv0RH9PJgyY3Qfb1K9nQFMa0pRZPFCAsnj; SameSite=Lax; Max-Age=31536000
bcid=d01olt086g1c73cuk11g; SameSite=Lax; Max-Age=31536000
cf-ray: 932c1c15ee1f5693-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

adultgirll.com/assets/1efd77fb8d838b0cd41aabb142748154/images/m2.jpg

45.76.38.70

200 OK

84 kB

URL GET
adultgirll.com/assets/1efd77fb8d838b0cd41aabb142748154/images/m2.jpg
IP
45.76.38.70:443
ASN
#20473 AS-VULTR

Requested by
https://bawdygaljqiw.com/?utm_source=2qEh6yosYLyfN&s2=d01olt086g1c73cuk11g&utm_term=6013&utm_campaign=6013
Certificate
IssuerLet's Encrypt
Subjectadultgirll.com
Fingerprint3D:FD:97:D6:1D:D6:73:8E:C4:3B:2C:40:CF:C1:A5:45:5B:A4:75:DC
ValiditySat, 22 Feb 2025 19:33:55 GMT - Fri, 23 May 2025 19:33:54 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 854x1180, components 3
Size
84 kB (84480 bytes)
Hash
34c972cf162da15ed4421b98cf4d41e3
42fa24f00f8bf1089789c9544e7f569db10a9093
d3c65263690bb9d0b8536aace6287badfc3f7a426aaf157bb1b8de7a5d3bc664

HTTP Headers

GET /assets/1efd77fb8d838b0cd41aabb142748154/images/m2.jpg HTTP/1.1
Host: adultgirll.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bawdygaljqiw.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 19 Apr 2025 11:37:26 GMT
content-type: image/jpeg
content-length: 84480
last-modified: Tue, 20 Feb 2024 13:29:02 GMT
etag: "65d4a91e-14a00"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
accept-ranges: bytes
X-Firefox-Spdy: h2

adultgirll.com/assets/1efd77fb8d838b0cd41aabb142748154/images/m4.jpg

45.76.38.70

200 OK

91 kB

URL GET
adultgirll.com/assets/1efd77fb8d838b0cd41aabb142748154/images/m4.jpg
IP
45.76.38.70:443
ASN
#20473 AS-VULTR

Requested by
https://bawdygaljqiw.com/?utm_source=2qEh6yosYLyfN&s2=d01olt086g1c73cuk11g&utm_term=6013&utm_campaign=6013
Certificate
IssuerLet's Encrypt
Subjectadultgirll.com
Fingerprint3D:FD:97:D6:1D:D6:73:8E:C4:3B:2C:40:CF:C1:A5:45:5B:A4:75:DC
ValiditySat, 22 Feb 2025 19:33:55 GMT - Fri, 23 May 2025 19:33:54 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 850x1240, components 3
Size
91 kB (90956 bytes)
Hash
23115317e6653841144ffeb588d6e6a8
273272efa739b4ac5483a325814368c62e38c12f
97cb9082cd000f1c2b7f21aad8c61f604661a63fac636784bd70b2d4fef19b18

HTTP Headers

GET /assets/1efd77fb8d838b0cd41aabb142748154/images/m4.jpg HTTP/1.1
Host: adultgirll.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bawdygaljqiw.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 19 Apr 2025 11:37:26 GMT
content-type: image/jpeg
content-length: 90956
last-modified: Tue, 20 Feb 2024 13:29:02 GMT
etag: "65d4a91e-1634c"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
accept-ranges: bytes
X-Firefox-Spdy: h2

fonts.gstatic.com/s/montserrat/v29/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2

142.250.74.35

200 OK

19 kB

URL GET
fonts.gstatic.com/s/montserrat/v29/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://bawdygaljqiw.com/?utm_source=2qEh6yosYLyfN&s2=d01olt086g1c73cuk11g&utm_term=6013&utm_campaign=6013
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint62:05:36:C2:8E:4C:CD:95:1E:1C:75:06:44:A3:57:E5:C0:17:02:80
ValidityMon, 31 Mar 2025 08:55:35 GMT - Mon, 23 Jun 2025 08:55:34 GMT

File type
Web Open Font Format (Version 2), TrueType, length 18792, version 1.0
Size
19 kB (18792 bytes)
Hash
74795056a2358804684c7e9d0479f484
7030f4f33183b8de843e82eedb9cb6a6cdd107c3
1c9c85d0b73b7321eb8ed22e0b6bcd577478dd5f99d1379a5d4cea10884033ac

HTTP Headers

GET /s/montserrat/v29/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://bawdygaljqiw.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 18792
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 17 Apr 2025 09:23:29 GMT
expires: Fri, 17 Apr 2026 09:23:29 GMT
cache-control: public, max-age=31536000
age: 180838
last-modified: Wed, 06 Nov 2024 17:30:39 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

desirexo.com/nFSs8P

104.21.25.86

302 Found

15 kB

URL User Request GET
desirexo.com/nFSs8P
IP
104.21.25.86:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectdesirexo.com
FingerprintF7:F7:F2:A5:A0:6D:43:35:72:D0:9E:4A:93:4E:C2:92:7E:15:1E:37
ValiditySun, 16 Mar 2025 08:46:13 GMT - Sat, 14 Jun 2025 09:40:53 GMT

File type

Size
15 kB (14559 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /nFSs8P HTTP/1.1
Host: desirexo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Sat, 19 Apr 2025 11:37:23 GMT
content-type: text/html; charset=utf-8
location: https://sunfeb.top/click?o=2&a=6013&aff_click_id=1sjos4f491q
server: cloudflare
cache-control: no-cache, no-store, must-revalidate
expires: Sat, 19 Apr 2025 11:37:23 GMT
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: DYNAMIC
set-cookie: _subid=1sjos4f491q; Path=/; Expires=Tue, 20 May 2025 11:37:23 GMT
4ba01=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjFcIjoxNzQ1MDYyNjQzfSxcImNhbXBhaWduc1wiOntcIjFcIjoxNzQ1MDYyNjQzfSxcInRpbWVcIjoxNzQ1MDYyNjQzfSJ9.73tWjdwukQANC2AAVCMtgvZqFx2obf2xyq-m-zbVvYQ; Path=/; Expires=Sun, 20 Apr 2025 11:37:23 GMT
_token=uuid_1sjos4f491q_1sjos4f491q68038af322ee15.88952803; Path=/; Expires=Tue, 20 May 2025 11:37:23 GMT
cf-ray: 932c1c0ec8575699-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (16)

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by