| cdn.jsdelivr.net/npm/lazyload@2.0.0-rc.2/lazyload.js |  151.101.1.229 | 200 OK | 1.7 kB |
URL GET HTTP/2cdn.jsdelivr.net/npm/lazyload@2.0.0-rc.2/lazyload.js IP151.101.1.229:443
Requested byhttps://invitingchicksy2.com/?utm_source=xbLFYxVGI3yBud&utm_campaign=K5 CertificateIssuerGlobalSign nv-sa Subjectjsdelivr.net Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09 ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT
File typeJavaScript source, ASCII text Hash60669862b7c39ecb3283b1faa9563a07 f9b1d545cf4c85ddda753ff9609ede569d92b31f 874cad10027313f3620a770d4a338369833ed5b3913f0793cb8500361b19e6ea
GET /npm/lazyload@2.0.0-rc.2/lazyload.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://invitingchicksy2.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 2.0.0-rc.2
x-jsd-version-type: version
etag: W/"162a-+bHVRc9Mhd3adT/5YJ7eVp2Ssx8"
content-encoding: br
accept-ranges: bytes
date: Thu, 18 Apr 2024 09:55:07 GMT
age: 20150784
x-served-by: cache-fra-etou8220104-FRA, cache-hel1410028-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 1734
X-Firefox-Spdy: h2
|
|
| code.jquery.com/jquery-3.3.1.min.js | 151.101.194.137 | 200 OK | 30 kB |
URL GET HTTP/2code.jquery.com/jquery-3.3.1.min.js IP151.101.194.137:443
Requested byhttps://invitingchicksy2.com/?utm_source=xbLFYxVGI3yBud&utm_campaign=K5 CertificateIssuerSectigo Limited Subject*.jquery.com FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65451) Hasha09e13ee94d51c524b7e2a728c7d4039 0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
GET /jquery-3.3.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://invitingchicksy2.com/
Origin: https://invitingchicksy2.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-1538f"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Thu, 18 Apr 2024 09:55:07 GMT
age: 18633503
x-served-by: cache-lga13622-LGA, cache-hel1410028-HEL
x-cache: HIT, HIT
x-cache-hits: 36, 665828
x-timer: S1713434107.272151,VS0,VE0
vary: Accept-Encoding
content-length: 30288
X-Firefox-Spdy: h2
|
|
| invitingchicksy2.com/lstatic/info.min.js |  104.21.91.175 | 200 OK | 53 kB |
URL GET HTTP/3invitingchicksy2.com/lstatic/info.min.js IP104.21.91.175:443
Requested byhttps://invitingchicksy2.com/?utm_source=xbLFYxVGI3yBud&utm_campaign=K5 CertificateIssuerGoogle Trust Services LLC Subjectinvitingchicksy2.com Fingerprint55:EA:27:AB:A7:DF:1D:4B:20:85:85:7E:8D:D6:AC:B6:2E:BD:03:B7 ValidityWed, 17 Apr 2024 14:56:35 GMT - Tue, 16 Jul 2024 14:56:34 GMT
File typeJavaScript source, ASCII text, with very long lines (37352) Hash38ea2c394a4abb159172f8d7b77f495e 8efd580a25c3d1be8533ed74de7bc5607cbc278d a6510d097802bc66cc5aae4485af48dd9d77053766be8dd671d974d21d363031
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /lstatic/info.min.js HTTP/1.1
Host: invitingchicksy2.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://invitingchicksy2.com/?utm_source=xbLFYxVGI3yBud&utm_campaign=K5
DNT: 1
Connection: keep-alive
Cookie: k=SFMyNTY.g3QAAAAHbQAAAARhdW5xdAAAAAFtAAAABTk2MDE5bQAAAApwdkRxdmx6TWp3bQAAAANoaWRtAAAAJWtiVVhza0xreFVRUUd0bHJLRkVMZWVSQnJsYXJvQUNncHZUT05tAAAAAmhsZAADbmlsbQAAAAVzdWJfMWQAA25pbG0AAAAFc3ViXzJkAANuaWxtAAAAB3RyYWNrZXJtAAAAAks1bQAAAAN1bnFtAAAADHpQaFF2RE5vQllzQQ.1TRJg_hetn3DpiJHX7HrwJtySbmERPJ_o8LnKyvLcVw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 09:55:07 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding, Accept-Encoding
last-modified: Tue, 20 Feb 2024 13:29:01 GMT
etag: W/"65d4a91d-280e9"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5sK1apT2sfqAG9GeiCAoZ4zxqLu9gAwes5cb4GBW62m3lmxuWKLJKBoC6Ts0Qr9bw%2BmTkQaD5CwNZkzMbJ4BdjN3gS%2FD%2FryDDpDU97mtuP358v6p%2FuU%2FliwNECa1bb2MO0yLT4uIpQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8763c701eb690b59-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| fonts.gstatic.com/s/montserrat/v26/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2 | 216.58.207.227 | 200 OK | 15 kB |
URL GET HTTP/2fonts.gstatic.com/s/montserrat/v26/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2 IP216.58.207.227:443
Requested byhttps://invitingchicksy2.com/?utm_source=xbLFYxVGI3yBud&utm_campaign=K5 CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9 ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 14940, version 1.0 Hasha46fb7aae99225fdfd9d64b2b8b1063f 1ee50bf5985c1956dde1c06d9b1cec4645ddb92b 4b5816bbfc52587979139951355fe4048da02ce60e40cef8e4a1efb6cd396281
GET /s/montserrat/v26/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://invitingchicksy2.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 14940
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 15 Apr 2024 21:46:04 GMT
expires: Tue, 15 Apr 2025 21:46:04 GMT
cache-control: public, max-age=31536000
age: 216543
last-modified: Wed, 13 Sep 2023 22:46:07 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.googleapis.com/css?family=Montserrat&subset=latin-ext | 142.250.74.106 | 200 OK | 29 kB |
URL GET HTTP/2fonts.googleapis.com/css?family=Montserrat&subset=latin-ext IP142.250.74.106:443
Requested byhttps://invitingchicksy2.com/?utm_source=xbLFYxVGI3yBud&utm_campaign=K5 CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT
File typegzip compressed data, max compression Hashc944f22f15b926ce8437c7821c3a008f dce68124f3ec81ec704550b4dd998d25c1318a94 067e6fdc0118b3e63b76d5aa424c8b766391c87d44781ba1c17bcd4b7592ea82
GET /css?family=Montserrat&subset=latin-ext HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://invitingchicksy2.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 18 Apr 2024 09:55:07 GMT
date: Thu, 18 Apr 2024 09:55:07 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| invitingchicksy2.com/info-ws/ | 104.21.91.175 | | 0 B |
URL invitingchicksy2.com/info-ws/ IP104.21.91.175:0
CertificateIssuerGoogle Trust Services LLC Subjectinvitingchicksy2.com Fingerprint55:EA:27:AB:A7:DF:1D:4B:20:85:85:7E:8D:D6:AC:B6:2E:BD:03:B7 ValidityWed, 17 Apr 2024 14:56:35 GMT - Tue, 16 Jul 2024 14:56:34 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /info-ws/ HTTP/1.1
Host: invitingchicksy2.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://invitingchicksy2.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: W/9xs3nHR4D3/6PnGCZG+w==
DNT: 1
Connection: keep-alive, Upgrade
Cookie: k=SFMyNTY.g3QAAAAHbQAAAARhdW5xdAAAAAFtAAAABTk2MDE5bQAAAApwdkRxdmx6TWp3bQAAAANoaWRtAAAAJWtiVVhza0xreFVRUUd0bHJLRkVMZWVSQnJsYXJvQUNncHZUT05tAAAAAmhsYQFtAAAABXN1Yl8xZAADbmlsbQAAAAVzdWJfMmQAA25pbG0AAAAHdHJhY2tlcm0AAAACSzVtAAAAA3VucW0AAAAMelBoUXZETm9CWXNB.rW2sLt40a2ZoJZWG_F7D1bd0_IZlg3iV3SdJda74HyY
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Date: Thu, 18 Apr 2024 09:55:07 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: KHVw0SWJ7o0MIhtXhdS1oLOIfTM=
Sec-WebSocket-Extensions: permessage-deflate
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U5KC7F7tNtuL0AXZGBBnXs3Enw5dIMTnT7KkKX%2Fl4%2BD%2FzKKezrZQ0Pwd4Xec%2FbL6G3AnyOrLasIkQi9DsT3Sq5s5R%2FAy4c6HBQV2p0eN428dL%2FLEoi3rZGGueaexs%2Bbc%2FBhqVvwcjw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8763c70478ee56c4-OSL
alt-svc: h3=":443"; ma=86400
|
|
| invitingchicksy2.com/p.js?a=1871809&cr=28191&lid=20003&mh=a2JVWHNrTGt4VVFRR3RscktGRUxlZVJCcmxhcm9BQ2dwdlRPTi0zNjQ4MA%3D%3D&mmid=2654&p=0&rf=uua&rn=zc4YnJiUys4WmdeVBM8&t=K5 | 104.21.91.175 | 200 OK | 370 B |
URL GET HTTP/3invitingchicksy2.com/p.js?a=1871809&cr=28191&lid=20003&mh=a2JVWHNrTGt4VVFRR3RscktGRUxlZVJCcmxhcm9BQ2dwdlRPTi0zNjQ4MA%3D%3D&mmid=2654&p=0&rf=uua&rn=zc4YnJiUys4WmdeVBM8&t=K5 IP104.21.91.175:443
Requested byhttps://invitingchicksy2.com/?utm_source=xbLFYxVGI3yBud&utm_campaign=K5 CertificateIssuerGoogle Trust Services LLC Subjectinvitingchicksy2.com Fingerprint55:EA:27:AB:A7:DF:1D:4B:20:85:85:7E:8D:D6:AC:B6:2E:BD:03:B7 ValidityWed, 17 Apr 2024 14:56:35 GMT - Tue, 16 Jul 2024 14:56:34 GMT
File typeJavaScript source, ASCII text, with very long lines (385), with no line terminators Hashc140d0bd9ba1c35656419b7568f24bb7 bfc77ac5f319527333545e7dff0a931086db3f34 1b2a96f3478947c046686e8e1c63705cafe7e1bbd6fa861612c13ee27dacb039
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /p.js?a=1871809&cr=28191&lid=20003&mh=a2JVWHNrTGt4VVFRR3RscktGRUxlZVJCcmxhcm9BQ2dwdlRPTi0zNjQ4MA%3D%3D&mmid=2654&p=0&rf=uua&rn=zc4YnJiUys4WmdeVBM8&t=K5 HTTP/1.1
Host: invitingchicksy2.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://invitingchicksy2.com/?utm_source=xbLFYxVGI3yBud&utm_campaign=K5
DNT: 1
Connection: keep-alive
Cookie: k=SFMyNTY.g3QAAAAHbQAAAARhdW5xdAAAAAFtAAAABTk2MDE5bQAAAApwdkRxdmx6TWp3bQAAAANoaWRtAAAAJWtiVVhza0xreFVRUUd0bHJLRkVMZWVSQnJsYXJvQUNncHZUT05tAAAAAmhsZAADbmlsbQAAAAVzdWJfMWQAA25pbG0AAAAFc3ViXzJkAANuaWxtAAAAB3RyYWNrZXJtAAAAAks1bQAAAAN1bnFtAAAADHpQaFF2RE5vQllzQQ.1TRJg_hetn3DpiJHX7HrwJtySbmERPJ_o8LnKyvLcVw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 09:55:07 GMT
content-type: application/javascript; charset=utf-8
cache-control: max-age=0, private, must-revalidate
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
cf-cache-status: BYPASS
set-cookie: k=SFMyNTY.g3QAAAAHbQAAAARhdW5xdAAAAAFtAAAABTk2MDE5bQAAAApwdkRxdmx6TWp3bQAAAANoaWRtAAAAJWtiVVhza0xreFVRUUd0bHJLRkVMZWVSQnJsYXJvQUNncHZUT05tAAAAAmhsYQFtAAAABXN1Yl8xZAADbmlsbQAAAAVzdWJfMmQAA25pbG0AAAAHdHJhY2tlcm0AAAACSzVtAAAAA3VucW0AAAAMelBoUXZETm9CWXNB.rW2sLt40a2ZoJZWG_F7D1bd0_IZlg3iV3SdJda74HyY; path=/; expires=Fri, 18 Apr 2025 09:55:07 GMT; max-age=31536000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x1yxF5Gf3Qpr9wP6EjC5KeMp6L6q%2Fm7kYKsy9n%2FSP7e6kzr9ZN7XHyTLI8TyfXr7n9IW8LeK90vtsraSKBWMs7eSyu%2BwxGzbbXb3fQEt6CZBOyLg41iyajoegL557Uk6YTTxnZvzWw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763c701eb6e0b59-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| invitingchicksy2.com/info-ws/ | 104.21.91.175 | 101 Switching Protocols | 0 B |
URL GET HTTP/1.1invitingchicksy2.com/info-ws/ IP104.21.91.175:443
Requested byhttps://invitingchicksy2.com/?utm_source=xbLFYxVGI3yBud&utm_campaign=K5 CertificateIssuerGoogle Trust Services LLC Subjectinvitingchicksy2.com Fingerprint55:EA:27:AB:A7:DF:1D:4B:20:85:85:7E:8D:D6:AC:B6:2E:BD:03:B7 ValidityWed, 17 Apr 2024 14:56:35 GMT - Tue, 16 Jul 2024 14:56:34 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /info-ws/ HTTP/1.1
Host: invitingchicksy2.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://invitingchicksy2.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: W/9xs3nHR4D3/6PnGCZG+w==
DNT: 1
Connection: keep-alive, Upgrade
Cookie: k=SFMyNTY.g3QAAAAHbQAAAARhdW5xdAAAAAFtAAAABTk2MDE5bQAAAApwdkRxdmx6TWp3bQAAAANoaWRtAAAAJWtiVVhza0xreFVRUUd0bHJLRkVMZWVSQnJsYXJvQUNncHZUT05tAAAAAmhsYQFtAAAABXN1Yl8xZAADbmlsbQAAAAVzdWJfMmQAA25pbG0AAAAHdHJhY2tlcm0AAAACSzVtAAAAA3VucW0AAAAMelBoUXZETm9CWXNB.rW2sLt40a2ZoJZWG_F7D1bd0_IZlg3iV3SdJda74HyY
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Date: Thu, 18 Apr 2024 09:55:07 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: KHVw0SWJ7o0MIhtXhdS1oLOIfTM=
Sec-WebSocket-Extensions: permessage-deflate
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U5KC7F7tNtuL0AXZGBBnXs3Enw5dIMTnT7KkKX%2Fl4%2BD%2FzKKezrZQ0Pwd4Xec%2FbL6G3AnyOrLasIkQi9DsT3Sq5s5R%2FAy4c6HBQV2p0eN428dL%2FLEoi3rZGGueaexs%2Bbc%2FBhqVvwcjw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8763c70478ee56c4-OSL
alt-svc: h3=":443"; ma=86400
|
|
| invitingchicksy2.com/?utm_source=xbLFYxVGI3yBud&utm_campaign=K5 | 104.21.91.175 | 200 OK | 16 kB |
URL User Request GET HTTP/2invitingchicksy2.com/?utm_source=xbLFYxVGI3yBud&utm_campaign=K5 IP104.21.91.175:443
CertificateIssuerGoogle Trust Services LLC Subjectinvitingchicksy2.com Fingerprint55:EA:27:AB:A7:DF:1D:4B:20:85:85:7E:8D:D6:AC:B6:2E:BD:03:B7 ValidityWed, 17 Apr 2024 14:56:35 GMT - Tue, 16 Jul 2024 14:56:34 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /?utm_source=xbLFYxVGI3yBud&utm_campaign=K5 HTTP/1.1
Host: invitingchicksy2.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 09:55:07 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
cache-control: max-age=0, private, must-revalidate
referrer-policy: strict-origin-when-cross-origin
set-cookie: k=SFMyNTY.g3QAAAAHbQAAAARhdW5xdAAAAAFtAAAABTk2MDE5bQAAAApwdkRxdmx6TWp3bQAAAANoaWRtAAAAJWtiVVhza0xreFVRUUd0bHJLRkVMZWVSQnJsYXJvQUNncHZUT05tAAAAAmhsZAADbmlsbQAAAAVzdWJfMWQAA25pbG0AAAAFc3ViXzJkAANuaWxtAAAAB3RyYWNrZXJtAAAAAks1bQAAAAN1bnFtAAAADHpQaFF2RE5vQllzQQ.1TRJg_hetn3DpiJHX7HrwJtySbmERPJ_o8LnKyvLcVw; path=/; expires=Fri, 18 Apr 2025 09:55:06 GMT; max-age=31536000
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bbcuQ6z%2B0TeLHDI1wQ%2FUamilgaNW2XXjovq2BfQPnSAkgfl5XR4EAgYo7XNGhIFxOzVSi2rRSRr%2FSSF5gLyvqKt1x3Zl7LTG5CD%2FLwt9Z4w5UfUyLnVqyZvMIXviI3y2dKzKPaG7CA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8763c6feecf70b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| invitingchicksy2.com/lstatic/uuidv4.min.js | 104.21.91.175 | 200 OK | 1.1 kB |
URL GET HTTP/3invitingchicksy2.com/lstatic/uuidv4.min.js IP104.21.91.175:443
Requested byhttps://invitingchicksy2.com/?utm_source=xbLFYxVGI3yBud&utm_campaign=K5 CertificateIssuerGoogle Trust Services LLC Subjectinvitingchicksy2.com Fingerprint55:EA:27:AB:A7:DF:1D:4B:20:85:85:7E:8D:D6:AC:B6:2E:BD:03:B7 ValidityWed, 17 Apr 2024 14:56:35 GMT - Tue, 16 Jul 2024 14:56:34 GMT
File typeJavaScript source, ASCII text, with very long lines (1133), with no line terminators Hash9aa0ee0bba1540816efbcce21a79615f 11abf554322b4fac2583118f891a9439780d00fc d4824b1fa9ffb4a32dc5f470b26995866e0964bdafd67799b44b35734f5e729d
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /lstatic/uuidv4.min.js HTTP/1.1
Host: invitingchicksy2.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://invitingchicksy2.com/?utm_source=xbLFYxVGI3yBud&utm_campaign=K5
DNT: 1
Connection: keep-alive
Cookie: k=SFMyNTY.g3QAAAAHbQAAAARhdW5xdAAAAAFtAAAABTk2MDE5bQAAAApwdkRxdmx6TWp3bQAAAANoaWRtAAAAJWtiVVhza0xreFVRUUd0bHJLRkVMZWVSQnJsYXJvQUNncHZUT05tAAAAAmhsZAADbmlsbQAAAAVzdWJfMWQAA25pbG0AAAAFc3ViXzJkAANuaWxtAAAAB3RyYWNrZXJtAAAAAks1bQAAAAN1bnFtAAAADHpQaFF2RE5vQllzQQ.1TRJg_hetn3DpiJHX7HrwJtySbmERPJ_o8LnKyvLcVw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 09:55:07 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding, Accept-Encoding
last-modified: Tue, 20 Feb 2024 13:29:04 GMT
etag: W/"65d4a920-451"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
cache-control: max-age=1800
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g4M81FLnXa6ZegIxnwROfUNx%2B0ZuN9azrerOnJ0urgV1tEAMWBpVKyHvGuyTHgYWU6Vg9UcpiC11c1RCaLhy4iX%2Filo4cRN4CY8%2BJOYvfcxLLQ3KDdtwcpji6MS8PIkiovTNVnlVUg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8763c701eb6b0b59-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| invitingchicksy2.com/lstatic/63fc5f3a111ed2a2b2e6efc066153792/images/d1.jpg | 104.21.91.175 | 200 OK | 29 kB |
URL GET HTTP/3invitingchicksy2.com/lstatic/63fc5f3a111ed2a2b2e6efc066153792/images/d1.jpg IP104.21.91.175:443
Requested byhttps://invitingchicksy2.com/?utm_source=xbLFYxVGI3yBud&utm_campaign=K5 CertificateIssuerGoogle Trust Services LLC Subjectinvitingchicksy2.com Fingerprint55:EA:27:AB:A7:DF:1D:4B:20:85:85:7E:8D:D6:AC:B6:2E:BD:03:B7 ValidityWed, 17 Apr 2024 14:56:35 GMT - Tue, 16 Jul 2024 14:56:34 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=12, height=404, bps=0, PhotometricInterpretation=RGB, orientation=upper-left, width=620], progressive, precision 8, 620x378, components 3 Hash9b124e4f909b2e1f68ab98754027694b 042d5584651e092226a40c3d61cd74a57fb578da 41dd3e7d4d36de20e0ba45917caa4c8816b9d11d74275b7c282bd34ab23b7ab7
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /lstatic/63fc5f3a111ed2a2b2e6efc066153792/images/d1.jpg HTTP/1.1
Host: invitingchicksy2.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://invitingchicksy2.com/?utm_source=xbLFYxVGI3yBud&utm_campaign=K5
DNT: 1
Connection: keep-alive
Cookie: k=SFMyNTY.g3QAAAAHbQAAAARhdW5xdAAAAAFtAAAABTk2MDE5bQAAAApwdkRxdmx6TWp3bQAAAANoaWRtAAAAJWtiVVhza0xreFVRUUd0bHJLRkVMZWVSQnJsYXJvQUNncHZUT05tAAAAAmhsZAADbmlsbQAAAAVzdWJfMWQAA25pbG0AAAAFc3ViXzJkAANuaWxtAAAAB3RyYWNrZXJtAAAAAks1bQAAAAN1bnFtAAAADHpQaFF2RE5vQllzQQ.1TRJg_hetn3DpiJHX7HrwJtySbmERPJ_o8LnKyvLcVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 09:55:07 GMT
content-type: image/jpeg
content-length: 28583
last-modified: Tue, 20 Feb 2024 13:29:12 GMT
etag: "65d4a928-6fa7"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
cache-control: max-age=1800
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0FPbHqcmock7PfdPExSwWT5PLn0JFM5ACuv07r3RW8dqJlksM69rfD8YKYohK62QO4zb%2BeHj4S07HULkWW28nV%2BUoas8uvgbZni418PAeIYH%2FwAfIFaxcbnVwqp%2B3u0IOk2mbe0KPw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763c7032d0f0b59-OSL
alt-svc: h3=":443"; ma=86400
|
|
| invitingchicksy2.com/favicon.ico | 104.21.91.175 | 200 OK | 1.2 kB |
URL GET HTTP/3invitingchicksy2.com/favicon.ico IP104.21.91.175:443
Requested byhttps://invitingchicksy2.com/?utm_source=xbLFYxVGI3yBud&utm_campaign=K5 CertificateIssuerGoogle Trust Services LLC Subjectinvitingchicksy2.com Fingerprint55:EA:27:AB:A7:DF:1D:4B:20:85:85:7E:8D:D6:AC:B6:2E:BD:03:B7 ValidityWed, 17 Apr 2024 14:56:35 GMT - Tue, 16 Jul 2024 14:56:34 GMT
File typeMS Windows icon resource - 1 icon, 16x16, 32 bits/pixel Hash8bf9ca3becd31b421f534d1470a60fd7 3a6fba7a70c6c635c943af9d69127e6dc004ee60 fdd500b9bc2c0cf719b9ab60c4ae3396dd29e543e81a44fe80d5b6606d50e72f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: invitingchicksy2.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://invitingchicksy2.com/?utm_source=xbLFYxVGI3yBud&utm_campaign=K5
DNT: 1
Connection: keep-alive
Cookie: k=SFMyNTY.g3QAAAAHbQAAAARhdW5xdAAAAAFtAAAABTk2MDE5bQAAAApwdkRxdmx6TWp3bQAAAANoaWRtAAAAJWtiVVhza0xreFVRUUd0bHJLRkVMZWVSQnJsYXJvQUNncHZUT05tAAAAAmhsYQFtAAAABXN1Yl8xZAADbmlsbQAAAAVzdWJfMmQAA25pbG0AAAAHdHJhY2tlcm0AAAACSzVtAAAAA3VucW0AAAAMelBoUXZETm9CWXNB.rW2sLt40a2ZoJZWG_F7D1bd0_IZlg3iV3SdJda74HyY
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 09:55:07 GMT
content-type: image/x-icon
cache-control: max-age=1800
cf-cache-status: EXPIRED
last-modified: Thu, 18 Apr 2024 06:48:31 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kHkavKiRQmAOTQjBQ9tbhApct5z6oYmQxMT%2BnQ9%2Fzc4ebp2aaRC1ZeavhIDS%2FiVrMsd5x%2Fvk5J58eOh4eYBJv1V6ZYozkyf%2FVoggCrcWWIMPiFsyKI2vaH5lo5yoU80DKfTSTVSMYA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763c7047ef50b59-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|