Report - immediate-dexair.com/

Report Overview

Visited public
2025-03-03 19:43:41
Tags
URL
immediate-dexair.com/
Finishing URL
immediate-dexair.com/
IP / ASN
185.107.58.211
#43350 NForce Entertainment B.V.
Title
Immediate +4 DexAir Official Website (40) - Powered by Immediate +400 DexAir

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

140

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
immediate-dexair.com	unknown	2024-04-10	2024-04-10	2024-09-22	35 kB	1.4 MB	185.107.58.211

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed
2025-03-03	medium	immediate-dexair.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (21)

	URL	From	Size	First Seen	Last Seen
	immediate-dexair.com/wp-content/plugins/gp-premium/menu-plus/functions/js/offside.min.js?ver=2.5.0	ScriptElement	6.8 kB	2023-03-29	2025-06-14
Pretty URL immediate-dexair.com/wp-content/plugins/gp-premium/menu-plus/functions/js/offside.min.js?ver=2.5.0 IP 185.107.58.211 ASN #43350 NForce Entertainment B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-29 23:12 Last Seen2025-06-14 14:25 Times Seen558 Hash 2c8d926d887909904dab4316508bacc6 455db3d80b61fefab3797bacd140f95229fa7518 50fe1014e82dd9acea2f5b26061c8f135cb11ea0aa5d5ad5985e6b265b7f50a8 Loading...

	immediate-dexair.com/	ScriptElement	177 B	2023-03-07	2025-06-14
Pretty URL immediate-dexair.com/ IP 185.107.58.211 ASN #43350 NForce Entertainment B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:02 Last Seen2025-06-14 14:25 Times Seen663 Hash 125da0749932d9ddfa3767638383abf9 69475f56fbfaf7859ebad33ac1be371b36b200cc e7f3fe59be4fbb3d95650bb24f407f1f792eba6eefec0d970d5d7b2bde669b64 Loading...

	immediate-dexair.com/wp-content/plugins/turn-rank-math-faq-block-to-accordion/assets/js/RMFA-JS.min.js?ver=1.1.0	ScriptElement	1.3 kB	2023-03-07	2025-06-14
Pretty URL immediate-dexair.com/wp-content/plugins/turn-rank-math-faq-block-to-accordion/assets/js/RMFA-JS.min.js?ver=1.1.0 IP 185.107.58.211 ASN #43350 NForce Entertainment B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:18 Last Seen2025-06-14 14:25 Times Seen159 Hash 443de93866d65f762354c9446ad8b366 19e310996d2549b6ad99f17dc800799571472aec 90a82d38c851758d27264c3808c81e7e52e4b04e03f5adb29e0e5df5021fa4b1 Loading...

	immediate-dexair.com/	ScriptElement	104 B	2023-10-22	2025-06-14
Pretty URL immediate-dexair.com/ IP 185.107.58.211 ASN #43350 NForce Entertainment B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-10-22 16:22 Last Seen2025-06-14 14:25 Times Seen85 Hash f25b4bd043a21d3c0b789db7c0dcb4ef 41689d5a09ef28debdf3b0dad39d8ae3601d014c 6ae447e40363a7e50cf54c15d7da56196dfe7b6d1c9f53d5498b2744410d6ab1 Loading...

	immediate-dexair.com/wp-content/plugins/fxbot-registration-form/assets/js/registration-form.js?ver=2.0.16	ScriptElement	54 kB	2025-01-08	2025-06-14
Pretty URL immediate-dexair.com/wp-content/plugins/fxbot-registration-form/assets/js/registration-form.js?ver=2.0.16 IP 185.107.58.211 ASN #43350 NForce Entertainment B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-08 10:56 Last Seen2025-06-14 10:11 Times Seen33 Hash 4d7fd4ec2c26288cf2ad585f0d4e24a0 efc14e1f1f8b40d6058770ebe879a1538acbd295 22a2e54ee3cc97ff26fa83366ed627ff8480ca19fa13145e0ab4180a17e9e794 Loading...

	immediate-dexair.com/wp-content/plugins/fxbot-registration-form/assets/js/optin-form.js?ver=2.0.16	ScriptElement	30 kB	2025-01-08	2025-06-14
Pretty URL immediate-dexair.com/wp-content/plugins/fxbot-registration-form/assets/js/optin-form.js?ver=2.0.16 IP 185.107.58.211 ASN #43350 NForce Entertainment B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-08 10:56 Last Seen2025-06-14 10:11 Times Seen33 Hash 696c51dcd9631f02d28d39fadefdd67d 11fc826e34f795901c8a7ec0f7ef4831ad2b6022 52937687c44d798fb8cd512609692b035f37fdbce19e7eddb747f0c0f48e32d2 Loading...

	immediate-dexair.com/	ScriptElement	658 B	2025-03-03	2025-03-03
Pretty URL immediate-dexair.com/ IP 185.107.58.211 ASN #43350 NForce Entertainment B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-03 19:43 Last Seen2025-03-03 19:43 Times Seen1 Hash f15a32fdf5a7f6845777e18e496dec54 74be8703a5982c6de3077fb892d44198c176a806 587b7038aaf63081eefba7b84d13056529d4648c098e5dc52d203e41a7948b4b Loading...

	immediate-dexair.com/wp-content/plugins/fxbot-registration-form/assets/js/intlTelInput.min.js?ver=2.0.16	ScriptElement	30 kB	2023-05-02	2025-06-14
Pretty URL immediate-dexair.com/wp-content/plugins/fxbot-registration-form/assets/js/intlTelInput.min.js?ver=2.0.16 IP 185.107.58.211 ASN #43350 NForce Entertainment B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-02 01:14 Last Seen2025-06-14 14:25 Times Seen87 Hash 0d7765bae213b8cf43ba5f06960055ec b97311bed465062adfe3b0f20f363441be2d4881 e889e4e37ac5bce51552e6432402bad41853158bd662f41bbc50acceaff5a1f6 Loading...

	immediate-dexair.com/	ScriptElement	260 B	2023-03-07	2025-06-14
Pretty URL immediate-dexair.com/ IP 185.107.58.211 ASN #43350 NForce Entertainment B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:03 Last Seen2025-06-14 14:25 Times Seen3359 Hash 9b78b28b396646badfc6017235ee4be9 18103240bf0cb760cdf7febc628b56b8fca44319 215f517010a20f2f4c55d34dd3c574568bd0fb83662f0b915ddb6561f97c3904 Loading...

	immediate-dexair.com/	ScriptElement	33 B	2023-03-07	2025-06-11
Pretty URL immediate-dexair.com/ IP 185.107.58.211 ASN #43350 NForce Entertainment B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:08 Last Seen2025-06-11 09:06 Times Seen191 Hash 5950de99fe01bdffab39022bc95332cb 76fa990bed1e89f8a9fb6502f3c7fbadc001e65d f076576cbe832eeb3786f580377fd79edca592f705cd2782e0080c477e927bbc Loading...

	immediate-dexair.com/wp-content/themes/generatepress/assets/js/back-to-top.min.js?ver=3.5.1	ScriptElement	757 B	2024-02-09	2025-06-08
Pretty URL immediate-dexair.com/wp-content/themes/generatepress/assets/js/back-to-top.min.js?ver=3.5.1 IP 185.107.58.211 ASN #43350 NForce Entertainment B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-09 15:13 Last Seen2025-06-08 04:55 Times Seen295 Hash 519f90c9b78414721d1005101528b47a 4f0f31e4723720a3b3fa5ee344f4c7150a2c2998 50c686094830433cbab4c26e1b004cb3891eebfdf022ef2d41106596a4d705e0 Loading...

	immediate-dexair.com/wp-content/plugins/fxbot-registration-form/assets/js/mailcheck.min.js?ver=2.0.16	ScriptElement	4.0 kB	2023-03-07	2025-06-14
Pretty URL immediate-dexair.com/wp-content/plugins/fxbot-registration-form/assets/js/mailcheck.min.js?ver=2.0.16 IP 185.107.58.211 ASN #43350 NForce Entertainment B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:02 Last Seen2025-06-14 14:25 Times Seen140 Hash 4950423c548a646372ae58f7bbe67d1f f54943150a9cc3db37bba49e9abb8f1206b8b12b ab69f8053e420d7f3c043b55a1bfebd9981ccf92c21b4fd823031ab51967323a Loading...

	immediate-dexair.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1	ScriptElement	88 kB	2023-11-03	2025-06-14
Pretty URL immediate-dexair.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1 IP 185.107.58.211 ASN #43350 NForce Entertainment B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-03 09:26 Last Seen2025-06-14 16:27 Times Seen100013 Hash 826eb77e86b02ab7724fe3d0141ff87c 79cd3587d565afe290076a8d36c31c305a573d18 cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf Loading...

	immediate-dexair.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1	ScriptElement	14 kB	2023-05-09	2025-06-14
Pretty URL immediate-dexair.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1 IP 185.107.58.211 ASN #43350 NForce Entertainment B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-09 19:21 Last Seen2025-06-14 16:27 Times Seen112663 Hash 9ffeb32e2d9efbf8f70caabded242267 3ad0c10e501ac2a9bfa18f9cd7e700219b378738 5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89 Loading...

	immediate-dexair.com/	ScriptElement	105 B	2023-12-29	2025-06-14
Pretty URL immediate-dexair.com/ IP 185.107.58.211 ASN #43350 NForce Entertainment B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-29 10:54 Last Seen2025-06-14 14:25 Times Seen231 Hash 26909cfee4ad69861654476cc84ae9a5 71f267bfb81a8ea66aa934dd29833965d7df1c88 84f28dd8d2ffccd5f1667989378ef32f97e118058f8306bf4cdff127698e7468 Loading...

	immediate-dexair.com/	ScriptElement	127 B	2023-03-07	2025-06-14
Pretty URL immediate-dexair.com/ IP 185.107.58.211 ASN #43350 NForce Entertainment B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:03 Last Seen2025-06-14 14:25 Times Seen2376 Hash e891393f0be3a6ffaa3923b307180e7e bc0a7332b9846a5762a71b9b9811c1a8b19df194 2d1778345d3607ceb641cc5f21b0a2c045fa70052361ac91a17c39b2c9d96f71 Loading...

	immediate-dexair.com/wp-content/themes/generatepress/assets/js/menu.min.js?ver=3.5.1	ScriptElement	7.3 kB	2024-08-31	2025-06-14
Pretty URL immediate-dexair.com/wp-content/themes/generatepress/assets/js/menu.min.js?ver=3.5.1 IP 185.107.58.211 ASN #43350 NForce Entertainment B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-31 11:00 Last Seen2025-06-14 14:25 Times Seen881 Hash 67148b2ff82038d0faf6385f182c5644 7452d643e468caf6db8ecf07618f1cb7ff3f7651 5af760e4297b064a2150dcd5f63d748a06dfa8b618c9e9d43a87c4ac74fa3974 Loading...

	immediate-dexair.com/wp-content/plugins/fxbot-registration-form/assets/js/utils.min.js?ver=2.0.16	ScriptElement	245 kB	2023-03-08	2025-06-14
Pretty URL immediate-dexair.com/wp-content/plugins/fxbot-registration-form/assets/js/utils.min.js?ver=2.0.16 IP 185.107.58.211 ASN #43350 NForce Entertainment B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 11:47 Last Seen2025-06-14 14:25 Times Seen113 Hash 12855fe710661551c42e95a9c9290600 72c56f9f3584405934289059ccd5ed678ddcb00c df0797876b146528f534dc356f34fd6408384ca47baae6ecdfcdf0463294f142 Loading...

	immediate-dexair.com/	ScriptElement	46 B	2023-03-07	2025-06-14
Pretty URL immediate-dexair.com/ IP 185.107.58.211 ASN #43350 NForce Entertainment B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:07 Last Seen2025-06-14 14:25 Times Seen959 Hash bec9c700df243a74235f459eeaa0d9cb 47c8b6aff8817c560284ab7f629d1fb9903a4391 b419ddf3962f2f32b55824f2bc29e97b342f8df820c6913c9f58e91cb1608df8 Loading...

	immediate-dexair.com/wp-content/plugins/sitepress-multilingual-cms/res/js/cookies/language-cookie.js?ver=4.6.13	ScriptElement	271 B	2023-08-11	2025-06-14
Pretty URL immediate-dexair.com/wp-content/plugins/sitepress-multilingual-cms/res/js/cookies/language-cookie.js?ver=4.6.13 IP 185.107.58.211 ASN #43350 NForce Entertainment B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-11 05:46 Last Seen2025-06-14 14:25 Times Seen1948 Hash c6a55456af4776c733018888483aba22 297b53f8538ba3b59d2028f16de4e14ec90337ce 20be9b3c63a01d921697a0ef1c1596f647678498eefe6dc508e2363be25277f8 Loading...

	immediate-dexair.com/wp-content/plugins/gp-premium/general/js/smooth-scroll.min.js?ver=2.5.0	ScriptElement	6.9 kB	2023-11-19	2025-06-14
Pretty URL immediate-dexair.com/wp-content/plugins/gp-premium/general/js/smooth-scroll.min.js?ver=2.5.0 IP 185.107.58.211 ASN #43350 NForce Entertainment B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-19 10:25 Last Seen2025-06-14 14:25 Times Seen245 Hash ca1e68e1ae2dbb2206d21481576bbb45 eecac929830764dba8b0734241090f2403671fa8 ce43697d26defc72fa5aa7e3d7f1296cd19ba9a67cad0e2557aacc7702454f4d Loading...

HTTP Transactions (70)

URL IP Response Size

immediate-dexair.com/wp-content/uploads/2024/01/004.png

185.107.58.211

200 OK

31 kB

URL GET
immediate-dexair.com/wp-content/uploads/2024/01/004.png
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type
PNG image data, 766 x 766, 8-bit/color RGBA, non-interlaced
Size
31 kB (31176 bytes)
Hash
2e972de5d6e3be2951014aa3155cf418
35d33d2b7d55c89fa578e25618ed504d65b5d9b4
78c18104263c647cc1b8ad6f18a7161feaaaa6ab151817509931abb4769bfb27

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2024/01/004.png HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:22 GMT
Content-Type: image/png
Content-Length: 31176
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
ETag: "671e376e-79c8"
Accept-Ranges: bytes

immediate-dexair.com/wp-content/plugins/fxbot-registration-form/assets/js/mailcheck.min.js?ver=2.0.16

185.107.58.211

200 OK

4.0 kB

URL GET
immediate-dexair.com/wp-content/plugins/fxbot-registration-form/assets/js/mailcheck.min.js?ver=2.0.16
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type
JavaScript source, ASCII text, with very long lines (4234), with no line terminators
Size
4.0 kB (4015 bytes)
Hash
8661566ac3ce685781c804d99fa4c88c
71bd7081fe1dd9108f0af826391e2a8eac29a6ae
cef656d52b1a9b45a9ec3b1ac41c4ea3e54e67c15019c5bd43b811f5d4b9fb5d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/fxbot-registration-form/assets/js/mailcheck.min.js?ver=2.0.16 HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:22 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
Vary: Accept-Encoding
ETag: W/"671e376e-faf"
Content-Encoding: gzip

immediate-dexair.com/wp-content/plugins/fxbot-registration-form/assets/js/utils.min.js?ver=2.0.16

185.107.58.211

200 OK

245 kB

URL GET
immediate-dexair.com/wp-content/plugins/fxbot-registration-form/assets/js/utils.min.js?ver=2.0.16
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type
JavaScript source, ASCII text, with very long lines (1654)
Size
245 kB (245226 bytes)
Hash
12855fe710661551c42e95a9c9290600
72c56f9f3584405934289059ccd5ed678ddcb00c
df0797876b146528f534dc356f34fd6408384ca47baae6ecdfcdf0463294f142

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/fxbot-registration-form/assets/js/utils.min.js?ver=2.0.16 HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:22 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
Vary: Accept-Encoding
ETag: W/"671e376e-3bdea"
Content-Encoding: gzip

immediate-dexair.com/wp-content/plugins/sitepress-multilingual-cms/res/flags/ro.svg

185.107.58.211

200 OK

352 B

URL GET
immediate-dexair.com/wp-content/plugins/sitepress-multilingual-cms/res/flags/ro.svg
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type
SVG Scalable Vector Graphics image
Size
352 B (352 bytes)
Hash
35843ae8a50f60845d8529aec3649541
92262ab0d2f2625a6b22a63508fb6ce05a72d167
f352bc66157f18a5c0ff8b8c73f70087136823c6e84fda0524ac59f9dfcbd486

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/sitepress-multilingual-cms/res/flags/ro.svg HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:22 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
Vary: Accept-Encoding
ETag: W/"671e376e-160"
Content-Encoding: gzip

immediate-dexair.com/wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/menu-item/style.min.css?ver=1

185.107.58.211

200 OK

258 B

URL GET
immediate-dexair.com/wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/menu-item/style.min.css?ver=1
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type
ASCII text, with no line terminators
Size
258 B (258 bytes)
Hash
886011711ae972cd8472eef5eba5c298
6e52e59dfcbe911b4ab1a69036e1e3b930030c7e
4b9257e3e9c959214ddfab833a69a021ae6557403efe76afcbee259621175274

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/menu-item/style.min.css?ver=1 HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:22 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
Vary: Accept-Encoding
ETag: W/"671e376e-102"
Content-Encoding: gzip

immediate-dexair.com/wp-content/plugins/wpml-cms-nav/res/css/cms-navigation.css?ver=1.5.5

185.107.58.211

200 OK

1.6 kB

URL GET
immediate-dexair.com/wp-content/plugins/wpml-cms-nav/res/css/cms-navigation.css?ver=1.5.5
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type
ASCII text, with very long lines (1573), with no line terminators
Size
1.6 kB (1573 bytes)
Hash
4780517929a305d994c345c693c7e008
f259047949bc4dfff967499e5a207d0ac43e16fd
aaef1023200ec674705f6efbf0d45a2f36ba49de83103623180b15dc1dd17694

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/wpml-cms-nav/res/css/cms-navigation.css?ver=1.5.5 HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:22 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
Vary: Accept-Encoding
ETag: W/"671e376e-625"
Content-Encoding: gzip

immediate-dexair.com/wp-content/plugins/gp-premium/menu-plus/functions/js/offside.min.js?ver=2.5.0

185.107.58.211

200 OK

6.8 kB

URL GET
immediate-dexair.com/wp-content/plugins/gp-premium/menu-plus/functions/js/offside.min.js?ver=2.5.0
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type
JavaScript source, ASCII text, with very long lines (6997), with no line terminators
Size
6.8 kB (6795 bytes)
Hash
c34f914cc485bbd3bd639ae628e21789
c925a25faa40d8e3da9b7ffa86dce3a47c10e0c9
b0fc0854a36dec59a82fb902dcc8ea17508cfe14b7bad46fc058b5036566cdc7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/gp-premium/menu-plus/functions/js/offside.min.js?ver=2.5.0 HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:22 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
Vary: Accept-Encoding
ETag: W/"671e376e-1a8b"
Content-Encoding: gzip

immediate-dexair.com/wp-content/plugins/sitepress-multilingual-cms/res/flags/th.svg

185.107.58.211

200 OK

367 B

URL GET
immediate-dexair.com/wp-content/plugins/sitepress-multilingual-cms/res/flags/th.svg
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type
SVG Scalable Vector Graphics image
Size
367 B (367 bytes)
Hash
03ac656c215f0c46fe5b629e2e69bdd2
5aae332dd28764acd79d8f4cd34273ced8182c41
59c8d3a85725c967e37aba7620c5ab10bf7dcf2d34b2d39c63a76b31b8214712

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/sitepress-multilingual-cms/res/flags/th.svg HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:22 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
Vary: Accept-Encoding
ETag: W/"671e376e-16f"
Content-Encoding: gzip

immediate-dexair.com/wp-content/plugins/seo-by-rank-math-pro/includes/modules/schema/assets/css/rank-math-snippet.css?ver=3.0.72

185.107.58.211

200 OK

389 B

URL GET
immediate-dexair.com/wp-content/plugins/seo-by-rank-math-pro/includes/modules/schema/assets/css/rank-math-snippet.css?ver=3.0.72
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type
ASCII text, with very long lines (389), with no line terminators
Size
389 B (389 bytes)
Hash
45977ac32578852ab779878e707c5cfc
db52f8d7fc8d76beb51d3091b94c511a0810c8cd
a39445bf758c3548d49b5da4a18bb3ecb3e263ed0aa97a29a83a9822cd222d30

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/seo-by-rank-math-pro/includes/modules/schema/assets/css/rank-math-snippet.css?ver=3.0.72 HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:22 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
Vary: Accept-Encoding
ETag: W/"671e376e-185"
Content-Encoding: gzip

immediate-dexair.com/wp-content/plugins/gp-premium/general/js/smooth-scroll.min.js?ver=2.5.0

185.107.58.211

200 OK

6.9 kB

URL GET
immediate-dexair.com/wp-content/plugins/gp-premium/general/js/smooth-scroll.min.js?ver=2.5.0
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type
JavaScript source, ASCII text, with very long lines (7033), with no line terminators
Size
6.9 kB (6883 bytes)
Hash
415c3875639a415663ab4ff9e9ffb25f
2548bc0fea643cb5aacc5e6e2ef5e9b94c8fd3c4
2251f23d7a389ff5317e7aaddbc0c9f491dc7afba13e8925e4e98f5438402b72

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/gp-premium/general/js/smooth-scroll.min.js?ver=2.5.0 HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:22 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
Vary: Accept-Encoding
ETag: W/"671e376e-1ae3"
Content-Encoding: gzip

immediate-dexair.com/wp-content/plugins/fxbot-registration-form/assets/images/flags.png

185.107.58.211

200 OK

71 kB

URL GET
immediate-dexair.com/wp-content/plugins/fxbot-registration-form/assets/images/flags.png
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type
PNG image data, 5652 x 15, 8-bit/color RGBA, non-interlaced
Size
71 kB (70857 bytes)
Hash
416250f60d785a2e02f17e054d2e4e44
21572c9751e5a3dc20395befa0fcb349c32c4811
0a012cf808a24573168308916092d2d4bd3f2b4af8e16b59167013cc77acee55

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/fxbot-registration-form/assets/images/flags.png HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/wp-content/plugins/fxbot-registration-form/assets/css/intlTelInput.min.css?ver=2.0.16
Cookie: wp-wpml_current_language=en; SERVERID=w02-8888
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:23 GMT
Content-Type: image/png
Content-Length: 70857
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
ETag: "671e376e-114c9"
Accept-Ranges: bytes

immediate-dexair.com/wp-content/uploads/2024/01/Logo.png

185.107.58.211

200 OK

2.8 kB

URL GET
immediate-dexair.com/wp-content/uploads/2024/01/Logo.png
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type
PNG image data, 167 x 168, 8-bit/color RGBA, non-interlaced
Size
2.8 kB (2758 bytes)
Hash
4be47e6e097186915a4ea61992d81675
56dc146e2aa065a8afd98e6c24252fa464cc7d84
47f9afd2c44b79ec3a165506b0f195634e08aae1ae38ebb9b731948e57a21498

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2024/01/Logo.png HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:22 GMT
Content-Type: image/png
Content-Length: 2758
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
ETag: "671e376e-ac6"
Accept-Ranges: bytes

immediate-dexair.com/wp-content/plugins/sitepress-multilingual-cms/res/flags/ja.svg

185.107.58.211

200 OK

357 B

URL GET
immediate-dexair.com/wp-content/plugins/sitepress-multilingual-cms/res/flags/ja.svg
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type
SVG Scalable Vector Graphics image
Size
357 B (357 bytes)
Hash
6b9c173b483a2291b664aba33a1a7999
15ff8c3d4b11c9b3e0f2483610d3f8395e59fc76
c1ec03a4d77d9137bdd29aca2380015d63f35554e874346e597fd255bee77045

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/sitepress-multilingual-cms/res/flags/ja.svg HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:22 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
Vary: Accept-Encoding
ETag: W/"671e376e-165"
Content-Encoding: gzip

immediate-dexair.com/wp-content/plugins/sitepress-multilingual-cms/res/flags/sk.svg

185.107.58.211

200 OK

1.6 kB

URL GET
immediate-dexair.com/wp-content/plugins/sitepress-multilingual-cms/res/flags/sk.svg
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type
SVG Scalable Vector Graphics image
Size
1.6 kB (1637 bytes)
Hash
2aac92f0b86cc09f72c38b36a51fb150
bcd5a108571c5ad38a6de068d87bb0e2ca96b170
de8eb625d37c83576dfef84fa329fbc4cfd1b952b530040dd517ea0626c8cbe3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/sitepress-multilingual-cms/res/flags/sk.svg HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:22 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
Vary: Accept-Encoding
ETag: W/"671e376e-665"
Content-Encoding: gzip

immediate-dexair.com/wp-content/plugins/fxbot-registration-form/assets/vocabulary/en.json

185.107.58.211

200 OK

2.2 kB

URL GET
immediate-dexair.com/wp-content/plugins/fxbot-registration-form/assets/vocabulary/en.json
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type
HTML document, ASCII text, with very long lines (2359), with no line terminators
Size
2.2 kB (2151 bytes)
Hash
7cded341b9b85490c186492688fcdf80
889ff0afeeaf7f1ea62130ae6c1320163cef938b
d854818dc3808a890ed5c9a368204c8267a2cd8a2e6ad1da15e5455d1b4375e1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/fxbot-registration-form/assets/vocabulary/en.json HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Cookie: wp-wpml_current_language=en
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:22 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
Vary: Accept-Encoding
ETag: W/"671e376e-867"
Content-Encoding: gzip

immediate-dexair.com/wp-content/plugins/sitepress-multilingual-cms/res/flags/bg.svg

185.107.58.211

200 OK

335 B

URL GET
immediate-dexair.com/wp-content/plugins/sitepress-multilingual-cms/res/flags/bg.svg
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type
SVG Scalable Vector Graphics image
Size
335 B (335 bytes)
Hash
2968c086e651a1ef74948fbd227b5639
1c193be82030e0bd96916cb120e366addac3dea9
f8c8d4a27c24084b05c5a640771e4bcfb2018d5b9be9f4d68a615313b4aa573c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/sitepress-multilingual-cms/res/flags/bg.svg HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:22 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
Vary: Accept-Encoding
ETag: W/"671e376e-14f"
Content-Encoding: gzip

immediate-dexair.com/wp-content/plugins/sitepress-multilingual-cms/res/flags/el.svg

185.107.58.211

200 OK

509 B

URL GET
immediate-dexair.com/wp-content/plugins/sitepress-multilingual-cms/res/flags/el.svg
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type
SVG Scalable Vector Graphics image
Size
509 B (509 bytes)
Hash
2dc806643785e5722cd67db1e7172118
17e255c74fbde53e52a4b958e231eb43d8a2382f
bf9688e83c538f18cb82337940002ce62c39582fd585987528e9f67384c755b0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/sitepress-multilingual-cms/res/flags/el.svg HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:22 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
Vary: Accept-Encoding
ETag: W/"671e376e-1fd"
Content-Encoding: gzip

immediate-dexair.com/wp-content/plugins/sitepress-multilingual-cms/res/flags/es.svg

185.107.58.211

200 OK

714 B

URL GET
immediate-dexair.com/wp-content/plugins/sitepress-multilingual-cms/res/flags/es.svg
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type
SVG Scalable Vector Graphics image
Size
714 B (714 bytes)
Hash
b689a67ab36582cc87e29d7949058cb4
7b8989540c921da2b4fd316991592f2e9dc44616
befe6153108ecbe3964ce5a35b21a0e86f3069dd88cc17cb7da705e8461ca9e9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/sitepress-multilingual-cms/res/flags/es.svg HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:22 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
Vary: Accept-Encoding
ETag: W/"671e376e-2ca"
Content-Encoding: gzip

immediate-dexair.com/wp-content/plugins/sitepress-multilingual-cms/res/flags/nl.svg

185.107.58.211

200 OK

355 B

URL GET
immediate-dexair.com/wp-content/plugins/sitepress-multilingual-cms/res/flags/nl.svg
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type
SVG Scalable Vector Graphics image
Size
355 B (355 bytes)
Hash
d1eb658dbce96b0a8a7d30ade1b1f402
31b60aa3f3addf3cebb4d31b401aec4f15641af5
db5d962c56a9f961ede553789ca5281f367c6cae061f510f206c1c1b2ad11797

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/sitepress-multilingual-cms/res/flags/nl.svg HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:22 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
Vary: Accept-Encoding
ETag: W/"671e376e-163"
Content-Encoding: gzip

immediate-dexair.com/wp-content/plugins/sitepress-multilingual-cms/res/flags/lv.svg

185.107.58.211

200 OK

299 B

URL GET
immediate-dexair.com/wp-content/plugins/sitepress-multilingual-cms/res/flags/lv.svg
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type
SVG Scalable Vector Graphics image
Size
299 B (299 bytes)
Hash
e64c33a89e406c23a95248cb17eb4b15
ec7b40df0bfe0271b226bde7df04332bce0c7e0d
ffd839c0093c2d9bc11e758f43fe8d19176c7e77d6bc86d23f9e6610a57c4283

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/sitepress-multilingual-cms/res/flags/lv.svg HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:22 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
Vary: Accept-Encoding
ETag: W/"671e376e-12b"
Content-Encoding: gzip

immediate-dexair.com/wp-content/themes/generatepress/assets/js/menu.min.js?ver=3.5.1

185.107.58.211

200 OK

7.3 kB

URL GET
immediate-dexair.com/wp-content/themes/generatepress/assets/js/menu.min.js?ver=3.5.1
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type
JavaScript source, ASCII text, with very long lines (7667), with no line terminators
Size
7.3 kB (7333 bytes)
Hash
398d14652ebba20af94acae336b4170a
d81e52b13d24770ddb9ef053b1db1796c38287d0
88fbbdbacc59ef32f2c9f876266652ee92b3a4995570f67a9d40197525c41de8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/generatepress/assets/js/menu.min.js?ver=3.5.1 HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:22 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
Vary: Accept-Encoding
ETag: W/"671e376e-1ca5"
Content-Encoding: gzip

immediate-dexair.com/wp-content/plugins/fxbot-registration-form/assets/vocabulary/en.json

185.107.58.211

200 OK

2.2 kB

URL GET
immediate-dexair.com/wp-content/plugins/fxbot-registration-form/assets/vocabulary/en.json
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type
HTML document, ASCII text, with very long lines (2359), with no line terminators
Size
2.2 kB (2151 bytes)
Hash
7cded341b9b85490c186492688fcdf80
889ff0afeeaf7f1ea62130ae6c1320163cef938b
d854818dc3808a890ed5c9a368204c8267a2cd8a2e6ad1da15e5455d1b4375e1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/fxbot-registration-form/assets/vocabulary/en.json HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Cookie: wp-wpml_current_language=en
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:22 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
Vary: Accept-Encoding
ETag: W/"671e376e-867"
Content-Encoding: gzip

immediate-dexair.com/wp-content/plugins/sitepress-multilingual-cms/dist/css/blocks/styles.css?ver=4.6.13

185.107.58.211

200 OK

59 kB

URL GET
immediate-dexair.com/wp-content/plugins/sitepress-multilingual-cms/dist/css/blocks/styles.css?ver=4.6.13
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type
ASCII text, with very long lines (58697), with no line terminators
Size
59 kB (58697 bytes)
Hash
82a65dc43ead999e4c89efe2c1bbeb40
075bfb9ec99cfce789e3f3ac0ef2ff104dc1d50b
af770f5afec3e9f10196ea60476a44dde4d80010e680500685b578fee468c8c7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/sitepress-multilingual-cms/dist/css/blocks/styles.css?ver=4.6.13 HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:22 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
Vary: Accept-Encoding
ETag: W/"671e376e-e549"
Content-Encoding: gzip

immediate-dexair.com/wp-content/plugins/sitepress-multilingual-cms/res/js/cookies/language-cookie.js?ver=4.6.13

185.107.58.211

200 OK

271 B

URL GET
immediate-dexair.com/wp-content/plugins/sitepress-multilingual-cms/res/js/cookies/language-cookie.js?ver=4.6.13
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type
ASCII text, with no line terminators
Size
271 B (271 bytes)
Hash
fa59067bdb89e04689c590a1a0dd9137
889de1104b2f5309342e5a601789fa85fdb069fe
38c43d75fb76b67d833284f2e7da39531f52c83ae8efd663e7b1f415c43abbe4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/sitepress-multilingual-cms/res/js/cookies/language-cookie.js?ver=4.6.13 HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:22 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
Vary: Accept-Encoding
ETag: W/"671e376e-10f"
Content-Encoding: gzip

immediate-dexair.com/wp-content/plugins/sitepress-multilingual-cms/res/flags/lt.svg

185.107.58.211

200 OK

355 B

URL GET
immediate-dexair.com/wp-content/plugins/sitepress-multilingual-cms/res/flags/lt.svg
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type
SVG Scalable Vector Graphics image
Size
355 B (355 bytes)
Hash
f2888f08ec9e4622b08287cdd1ad5e01
37d955b91486b44c18093260d4ee68301d2044fe
cc4ea5790487af6401690e540ccce331ff53e53d38f76b60777eb6b35a53c5ea

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/sitepress-multilingual-cms/res/flags/lt.svg HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:22 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
Vary: Accept-Encoding
ETag: W/"671e376e-163"
Content-Encoding: gzip

immediate-dexair.com/wp-content/plugins/fxbot-registration-form/assets/js/intlTelInput.min.js?ver=2.0.16

185.107.58.211

200 OK

30 kB

URL GET
immediate-dexair.com/wp-content/plugins/fxbot-registration-form/assets/js/intlTelInput.min.js?ver=2.0.16
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type

Size
30 kB (29538 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/fxbot-registration-form/assets/js/intlTelInput.min.js?ver=2.0.16 HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:22 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
Vary: Accept-Encoding
ETag: W/"671e376e-7362"
Content-Encoding: gzip

immediate-dexair.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1

185.107.58.211

200 OK

14 kB

URL GET
immediate-dexair.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type
JavaScript source, ASCII text, with very long lines (13479)
Size
14 kB (13577 bytes)
Hash
9ffeb32e2d9efbf8f70caabded242267
3ad0c10e501ac2a9bfa18f9cd7e700219b378738
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1 HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:22 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
Vary: Accept-Encoding
ETag: W/"671e376e-3509"
Content-Encoding: gzip

immediate-dexair.com/wp-content/plugins/sitepress-multilingual-cms/res/flags/zh-hant.svg

185.107.58.211

200 OK

609 B

URL GET
immediate-dexair.com/wp-content/plugins/sitepress-multilingual-cms/res/flags/zh-hant.svg
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type
SVG Scalable Vector Graphics image
Size
609 B (609 bytes)
Hash
9d971a8de2823335159c555f908e7362
4d230dd04a88a2ea9322f9132f4886b48eaf9ccc
9231ffe5e41aa30103c63269653e63c9d2e3122b98c7e3ef65bb433dd64cceea

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/sitepress-multilingual-cms/res/flags/zh-hant.svg HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:22 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
Vary: Accept-Encoding
ETag: W/"671e376e-261"
Content-Encoding: gzip

immediate-dexair.com/wp-content/plugins/sitepress-multilingual-cms/res/flags/tr.svg

185.107.58.211

200 OK

520 B

URL GET
immediate-dexair.com/wp-content/plugins/sitepress-multilingual-cms/res/flags/tr.svg
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type
SVG Scalable Vector Graphics image
Size
520 B (520 bytes)
Hash
635244891f4a81907f95f46626f785a5
2dcf0170f4e2be440964e0542093cf899bdd8448
fca7c2f04222cbfa21d1cbee6d8e88e0a3bdf059622521d974d8908946c8cf87

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/sitepress-multilingual-cms/res/flags/tr.svg HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:22 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
Vary: Accept-Encoding
ETag: W/"671e376e-208"
Content-Encoding: gzip

immediate-dexair.com/

185.107.58.211

200 OK

173 kB

URL User Request GET
immediate-dexair.com/
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type

Size
173 kB (172830 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:21 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 23 Feb 2025 08:52:36 GMT
Vary: Accept-Encoding
ETag: W/"67bae1d4-2a31e"
Content-Encoding: gzip

immediate-dexair.com/wp-includes/css/dist/block-library/style.min.css?ver=6.6.2

185.107.58.211

200 OK

112 kB

URL GET
immediate-dexair.com/wp-includes/css/dist/block-library/style.min.css?ver=6.6.2
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type

Size
112 kB (112437 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-includes/css/dist/block-library/style.min.css?ver=6.6.2 HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:22 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
Vary: Accept-Encoding
ETag: W/"671e376e-1b735"
Content-Encoding: gzip

immediate-dexair.com/wp-content/plugins/fxbot-registration-form/assets/js/registration-form.js?ver=2.0.16

185.107.58.211

200 OK

54 kB

URL GET
immediate-dexair.com/wp-content/plugins/fxbot-registration-form/assets/js/registration-form.js?ver=2.0.16
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type
JavaScript source, ASCII text, with CRLF line terminators
Size
54 kB (54132 bytes)
Hash
4d7fd4ec2c26288cf2ad585f0d4e24a0
efc14e1f1f8b40d6058770ebe879a1538acbd295
22a2e54ee3cc97ff26fa83366ed627ff8480ca19fa13145e0ab4180a17e9e794

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/fxbot-registration-form/assets/js/registration-form.js?ver=2.0.16 HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:22 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
Vary: Accept-Encoding
ETag: W/"671e376e-d374"
Content-Encoding: gzip

immediate-dexair.com/wp-content/plugins/sitepress-multilingual-cms/res/flags/fr.svg

185.107.58.211

200 OK

352 B

URL GET
immediate-dexair.com/wp-content/plugins/sitepress-multilingual-cms/res/flags/fr.svg
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type
SVG Scalable Vector Graphics image
Size
352 B (352 bytes)
Hash
33a7655403fdc21d220e3c2fe9f77c6b
06865aeed2a98e01642d204e9003d42b22074fcc
d55f30e610f64070920000955952f9b7bad9f1cfc6370a37f36a683eaff4f3bb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/sitepress-multilingual-cms/res/flags/fr.svg HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:22 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
Vary: Accept-Encoding
ETag: W/"671e376e-160"
Content-Encoding: gzip

immediate-dexair.com/wp-content/plugins/sitepress-multilingual-cms/res/flags/ko.svg

185.107.58.211

200 OK

1.7 kB

URL GET
immediate-dexair.com/wp-content/plugins/sitepress-multilingual-cms/res/flags/ko.svg
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type
SVG Scalable Vector Graphics image
Size
1.7 kB (1660 bytes)
Hash
f098722572b6ff2de356537c3183ec97
f0e04f7524eb9d488355745fbd9cce83738ea676
8cf3efcda7bd8f4a95e598147d3fdf004317febf1362e93888dac0fb80049dc4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/sitepress-multilingual-cms/res/flags/ko.svg HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:22 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
Vary: Accept-Encoding
ETag: W/"671e376e-67c"
Content-Encoding: gzip

immediate-dexair.com/wp-content/uploads/2024/01/003-e1706463396825.png

185.107.58.211

200 OK

119 kB

URL GET
immediate-dexair.com/wp-content/uploads/2024/01/003-e1706463396825.png
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type
PNG image data, 591 x 383, 8-bit/color RGBA, non-interlaced
Size
119 kB (118987 bytes)
Hash
1bc328deea072e39fa89a021ea059e2e
f71cd4c9028751d91dab1a8117e99d8f0440181d
744d76bfaa5bb79541f57ea8c2c1aad5a69f9a488556cb45b86fbeae4a3edb38

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2024/01/003-e1706463396825.png HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:22 GMT
Content-Type: image/png
Content-Length: 118987
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
ETag: "671e376e-1d0cb"
Accept-Ranges: bytes

immediate-dexair.com/wp-content/uploads/2024/01/007.jpeg

185.107.58.211

200 OK

50 kB

URL GET
immediate-dexair.com/wp-content/uploads/2024/01/007.jpeg
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1000x500, components 3
Size
50 kB (50417 bytes)
Hash
abcc4e1eb0e187313931b2866194a540
1120bc015435a837c4f6a4a42041c1b4fac5e1bf
595d7c3123fda0b00715dafaa782b306d4308dece51ad627f1df6ec14b621d1c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2024/01/007.jpeg HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:22 GMT
Content-Type: image/jpeg
Content-Length: 50417
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
ETag: "671e376e-c4f1"
Accept-Ranges: bytes

immediate-dexair.com/wp-content/plugins/fxbot-registration-form/assets/css/widget.css?ver=2.0.16

185.107.58.211

200 OK

7.9 kB

URL GET
immediate-dexair.com/wp-content/plugins/fxbot-registration-form/assets/css/widget.css?ver=2.0.16
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type
ASCII text, with very long lines (7914), with no line terminators
Size
7.9 kB (7914 bytes)
Hash
c0526b907bd105ac9d2606c1f6d5225c
38c1efab7570951029c569ea67875e1c0a52f5e2
995420b5354d83b5f15d0a86ff2ac19bc33516e5ec7d0465a9398011a512c336

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/fxbot-registration-form/assets/css/widget.css?ver=2.0.16 HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:22 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
Vary: Accept-Encoding
ETag: W/"671e376e-1eea"
Content-Encoding: gzip

immediate-dexair.com/wp-content/themes/generatepress/assets/css/main.min.css?ver=3.5.1

185.107.58.211

200 OK

20 kB

URL GET
immediate-dexair.com/wp-content/themes/generatepress/assets/css/main.min.css?ver=3.5.1
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type
ASCII text, with very long lines (19512), with no line terminators
Size
20 kB (19512 bytes)
Hash
b7e067012db6249774c29e4c56b4f2c0
7523574074e98d492a8da515f0daf7446cc504e0
c839222ec3a5037179749a843610820436bf575a591a3e0b45404f1970a2cc56

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/generatepress/assets/css/main.min.css?ver=3.5.1 HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:22 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
Vary: Accept-Encoding
ETag: W/"671e376e-4c38"
Content-Encoding: gzip

immediate-dexair.com/wp-content/plugins/sitepress-multilingual-cms/res/flags/fi.svg

185.107.58.211

200 OK

249 B

URL GET
immediate-dexair.com/wp-content/plugins/sitepress-multilingual-cms/res/flags/fi.svg
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type
SVG Scalable Vector Graphics image
Size
249 B (249 bytes)
Hash
91cbeb105b710c18235315192ca029a2
fe307c547fe7abf095ea0a7ca556791b9879a360
1b573336d23e41d9a2ce0480ad2cdf4ea3b9dac8efd1f41c1eac6e54f1063eed

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/sitepress-multilingual-cms/res/flags/fi.svg HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:22 GMT
Content-Type: image/svg+xml
Content-Length: 249
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
ETag: "671e376e-f9"
Accept-Ranges: bytes

immediate-dexair.com/wp-content/uploads/2024/01/006.jpeg

185.107.58.211

200 OK

60 kB

URL GET
immediate-dexair.com/wp-content/uploads/2024/01/006.jpeg
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], baseline, precision 8, 1000x625, components 3
Size
60 kB (60038 bytes)
Hash
c8de1807833023862aeb929c738feea3
c38903ea162ce761efe366ca7c22e719cc94ae01
8a7daa02ed32839c6a4acbc8d5a0ae193a775c77d28b9d9f76ec611842590fb0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2024/01/006.jpeg HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:22 GMT
Content-Type: image/jpeg
Content-Length: 60038
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
ETag: "671e376e-ea86"
Accept-Ranges: bytes

immediate-dexair.com/wp-content/plugins/turn-rank-math-faq-block-to-accordion/assets/js/RMFA-JS.min.js?ver=1.1.0

185.107.58.211

200 OK

1.3 kB

URL GET
immediate-dexair.com/wp-content/plugins/turn-rank-math-faq-block-to-accordion/assets/js/RMFA-JS.min.js?ver=1.1.0
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type
JavaScript source, ASCII text, with very long lines (1383), with no line terminators
Size
1.3 kB (1295 bytes)
Hash
02428559a83db40fed8ab225335900f1
9ee2f32f074c4bb510fd636944fa6907cd3c182f
a4a610adb37e8b4d42d614930594a39fbc409ca2db50651b3338a6ec4d26a0cb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/turn-rank-math-faq-block-to-accordion/assets/js/RMFA-JS.min.js?ver=1.1.0 HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:22 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
Vary: Accept-Encoding
ETag: W/"671e376e-50f"
Content-Encoding: gzip

immediate-dexair.com/wp-content/plugins/fxbot-registration-form/api.php/1/api/user/auth/geo-data

185.107.58.211

200 OK

142 B

URL GET
immediate-dexair.com/wp-content/plugins/fxbot-registration-form/api.php/1/api/user/auth/geo-data
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
142 B (142 bytes)
Hash
c2940915c3442bca335215a80fb93a43
7496e345bf2a9e19b168eccb998ef6f050c71f5a
c65c4b867d6830aceafc5755cfd27e47b2c42ee8e1db2f18e50c047c8680efc7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/fxbot-registration-form/api.php/1/api/user/auth/geo-data HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Cookie: wp-wpml_current_language=en
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:23 GMT
Content-Type: application/json; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
x-powered-by: PHP/7.4.33
Vary: Accept-Encoding, Accept
access-control-allow-origin: *
access-control-expose-headers: X-Set-Token, X-Pagination-Total-Count, Date, X-History-Filter-Hash, Fxbot-Referer
x-request-id: 99db5f0fc4b6d087702b4198d3cd5525f9fd666be79565d26f0c4d09f66fdf7f
set-cookie: SERVERID=w02-8888; path=/
cache-control: private
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EYkuAV9%2FSsr%2F4Fg%2BlAnqUOM2Jf2prjLwfyrakLbBzfCM1X1xtn4Yc%2FRxDz015CS2qIs9uABWeqZGncp6bcIPKSnSiv3mjqE4mbLmhzdwQ9SbUbbRRFP3qGaky3dZGbwD6A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 91ab9f591a0d3aba-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=3068&min_rtt=3051&rtt_var=669&sent=6&recv=10&lost=0&retrans=0&sent_bytes=3417&recv_bytes=954&delivery_rate=930292&cwnd=250&unsent_bytes=0&cid=29c62b2d6f4a2a1e&ts=188&x=0"
Content-Encoding: gzip

immediate-dexair.com/wp-content/plugins/fxbot-registration-form/assets/js/optin-form.js?ver=2.0.16

185.107.58.211

200 OK

30 kB

URL GET
immediate-dexair.com/wp-content/plugins/fxbot-registration-form/assets/js/optin-form.js?ver=2.0.16
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type
JavaScript source, ASCII text, with CRLF line terminators
Size
30 kB (30383 bytes)
Hash
696c51dcd9631f02d28d39fadefdd67d
11fc826e34f795901c8a7ec0f7ef4831ad2b6022
52937687c44d798fb8cd512609692b035f37fdbce19e7eddb747f0c0f48e32d2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/fxbot-registration-form/assets/js/optin-form.js?ver=2.0.16 HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:22 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
Vary: Accept-Encoding
ETag: W/"671e376e-76af"
Content-Encoding: gzip

immediate-dexair.com/wp-content/plugins/sitepress-multilingual-cms/res/flags/cs.svg

185.107.58.211

200 OK

374 B

URL GET
immediate-dexair.com/wp-content/plugins/sitepress-multilingual-cms/res/flags/cs.svg
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type
SVG Scalable Vector Graphics image
Size
374 B (374 bytes)
Hash
1270b5fdd272ff7089dd2e57db297782
22e7c0ce5cd756c66ca38056d5deb07ec46b6eb1
838eaeaadaf338299ef11938438a5b9a66058cba72b4a3ddc3cd94099eb26d11

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/sitepress-multilingual-cms/res/flags/cs.svg HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:22 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
Vary: Accept-Encoding
ETag: W/"671e376e-176"
Content-Encoding: gzip

immediate-dexair.com/wp-content/plugins/sitepress-multilingual-cms/res/flags/da.svg

185.107.58.211

200 OK

362 B

URL GET
immediate-dexair.com/wp-content/plugins/sitepress-multilingual-cms/res/flags/da.svg
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type
SVG Scalable Vector Graphics image
Size
362 B (362 bytes)
Hash
20fb9dc61d5663a9828438f5c1999e38
5edb57b974ed8fdeea6948cdeae277018298f9b4
170498951964c75e4e83955304d3ea6de672f8eb069e420d34d5bbdb3814e421

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/sitepress-multilingual-cms/res/flags/da.svg HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:22 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
Vary: Accept-Encoding
ETag: W/"671e376e-16a"
Content-Encoding: gzip

immediate-dexair.com/wp-content/plugins/sitepress-multilingual-cms/res/flags/sv.svg

185.107.58.211

200 OK

376 B

URL GET
immediate-dexair.com/wp-content/plugins/sitepress-multilingual-cms/res/flags/sv.svg
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type
SVG Scalable Vector Graphics image
Size
376 B (376 bytes)
Hash
a3a7d75cc28602a3cf62c6ec242a7e36
71ed6ad2039e2121e667c76cdfbf288aeb2020c5
331028667da8d5d8724b6c2686f37757d0b7b464cef00f18b3bdedd64ffaccbf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/sitepress-multilingual-cms/res/flags/sv.svg HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:22 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
Vary: Accept-Encoding
ETag: W/"671e376e-178"
Content-Encoding: gzip

immediate-dexair.com/wp-content/plugins/seo-by-rank-math/assets/front/css/rank-math-snippet.css?ver=1.0.229

185.107.58.211

200 OK

2.6 kB

URL GET
immediate-dexair.com/wp-content/plugins/seo-by-rank-math/assets/front/css/rank-math-snippet.css?ver=1.0.229
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type
ASCII text, with very long lines (2559), with no line terminators
Size
2.6 kB (2554 bytes)
Hash
ba694eb42991c5810d1cf8160fc06ae1
2dd2cfcc699b009f3b2f12d2db29202fc9539982
9a08a43c53dfe10307fc232ed50bf27caded4854990a1956c2e2a62ab836800e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/seo-by-rank-math/assets/front/css/rank-math-snippet.css?ver=1.0.229 HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:22 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
Vary: Accept-Encoding
ETag: W/"671e376e-9fa"
Content-Encoding: gzip

immediate-dexair.com/wp-content/plugins/sitepress-multilingual-cms/res/flags/en.svg

185.107.58.211

200 OK

1.3 kB

URL GET
immediate-dexair.com/wp-content/plugins/sitepress-multilingual-cms/res/flags/en.svg
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type
SVG Scalable Vector Graphics image
Size
1.3 kB (1290 bytes)
Hash
df98da1fa042c88b63e99d74f7878efb
a247257554f72bc66aece8dd68d66d1c0893cfe7
e2a75d4b7645c722e0e4a0a91156ccb6a23406f5d7e5f8a7b3266cc991655048

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/sitepress-multilingual-cms/res/flags/en.svg HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:22 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
Vary: Accept-Encoding
ETag: W/"671e376e-50a"
Content-Encoding: gzip

immediate-dexair.com/wp-content/plugins/sitepress-multilingual-cms/res/flags/et.svg

185.107.58.211

200 OK

335 B

URL GET
immediate-dexair.com/wp-content/plugins/sitepress-multilingual-cms/res/flags/et.svg
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type
SVG Scalable Vector Graphics image
Size
335 B (335 bytes)
Hash
33dd288bd41092f3ca5c79eaef8e6407
8e8512362ea125d33b17c597e54ffa06e075ad18
8f1e46f59699c2f9e764610f791729e4fc1f09207fce3840343827d52f4c5f5c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/sitepress-multilingual-cms/res/flags/et.svg HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:22 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
Vary: Accept-Encoding
ETag: W/"671e376e-14f"
Content-Encoding: gzip

immediate-dexair.com/wp-content/plugins/sitepress-multilingual-cms/res/flags/pt-br.svg

185.107.58.211

200 OK

3.1 kB

URL GET
immediate-dexair.com/wp-content/plugins/sitepress-multilingual-cms/res/flags/pt-br.svg
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type
SVG Scalable Vector Graphics image
Size
3.1 kB (3095 bytes)
Hash
9886759b7cf17d32aaac05f15dd91b2b
050146d6fcc4bcc784869e5f4e991bbf1f2b5aa3
6a0f9b2979209fdd7ba54c47667616e00a62af8f239b57df7be856c01ac202ac

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/sitepress-multilingual-cms/res/flags/pt-br.svg HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:22 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
Vary: Accept-Encoding
ETag: W/"671e376e-c17"
Content-Encoding: gzip

immediate-dexair.com/wp-content/plugins/fxbot-registration-form/assets/css/intlTelInput.min.css?ver=2.0.16

185.107.58.211

200 OK

24 kB

URL GET
immediate-dexair.com/wp-content/plugins/fxbot-registration-form/assets/css/intlTelInput.min.css?ver=2.0.16
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type
ASCII text
Size
24 kB (24229 bytes)
Hash
89ce447c1755a488d17bec881196adf3
1c0dd6b8549bf7023e9f302bc2490944aa5d998e
5ae1a7abb598b54b3dc3529b788bbee60faf9e68296b4d04154072cb8eec56f2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/fxbot-registration-form/assets/css/intlTelInput.min.css?ver=2.0.16 HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:22 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
Vary: Accept-Encoding
ETag: W/"671e376e-5ea5"
Content-Encoding: gzip

immediate-dexair.com/wp-content/plugins/sitepress-multilingual-cms/res/flags/it.svg

185.107.58.211

200 OK

352 B

URL GET
immediate-dexair.com/wp-content/plugins/sitepress-multilingual-cms/res/flags/it.svg
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type
SVG Scalable Vector Graphics image
Size
352 B (352 bytes)
Hash
7c5c484155adf0f87a5ea04d18d0986b
dbbc87fd7c3048378a00e07ab5bad30d2a420c08
c1f95296055550a22b5185e07e9da2466dca7a2951b0e1f8ed7133e1b504f24a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/sitepress-multilingual-cms/res/flags/it.svg HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:22 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
Vary: Accept-Encoding
ETag: W/"671e376e-160"
Content-Encoding: gzip

immediate-dexair.com/wp-content/uploads/2024/01/Favicon-150x150.png

185.107.58.211

200 OK

3.8 kB

URL GET
immediate-dexair.com/wp-content/uploads/2024/01/Favicon-150x150.png
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type
PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
Size
3.8 kB (3767 bytes)
Hash
95924984ee3155c3e20e13acc4437ca8
4802ff46db5fce9b4f63f55c76cf3e3a256f9423
bd06871394895760a054b3f2d249564e10c0b40cdca62965f363aaa0bfbbdac5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2024/01/Favicon-150x150.png HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Cookie: wp-wpml_current_language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:23 GMT
Content-Type: image/png
Content-Length: 3767
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
ETag: "671e376e-eb7"
Accept-Ranges: bytes

immediate-dexair.com/wp-content/plugins/sitepress-multilingual-cms/res/flags/hr.svg

185.107.58.211

200 OK

2.4 kB

URL GET
immediate-dexair.com/wp-content/plugins/sitepress-multilingual-cms/res/flags/hr.svg
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type
SVG Scalable Vector Graphics image
Size
2.4 kB (2428 bytes)
Hash
f3e3c701c103a67153718dfd019a720e
65dfb5280b90bbda2e7bc2e12f7ade832c7485f9
1e2dc0b1c754c998b19b1b2465c2773eda2b45647f98a9faccf71e660cb834f6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/sitepress-multilingual-cms/res/flags/hr.svg HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:22 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
Vary: Accept-Encoding
ETag: W/"671e376e-97c"
Content-Encoding: gzip

immediate-dexair.com/wp-content/plugins/sitepress-multilingual-cms/res/flags/pl.svg

185.107.58.211

200 OK

310 B

URL GET
immediate-dexair.com/wp-content/plugins/sitepress-multilingual-cms/res/flags/pl.svg
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type
SVG Scalable Vector Graphics image
Size
310 B (310 bytes)
Hash
467cd1587570a12fc310d0cbb3fec365
bf482c692d9840c463e9e9fb7bbff6787fa24af8
7d7ab4d1097d1523b48fee66786943a1d6cc83008f2b09642d2aa92444c97d73

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/sitepress-multilingual-cms/res/flags/pl.svg HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:22 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
Vary: Accept-Encoding
ETag: W/"671e376e-136"
Content-Encoding: gzip

immediate-dexair.com/wp-content/themes/generatepress/assets/js/back-to-top.min.js?ver=3.5.1

185.107.58.211

200 OK

757 B

URL GET
immediate-dexair.com/wp-content/themes/generatepress/assets/js/back-to-top.min.js?ver=3.5.1
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type
JavaScript source, ASCII text, with very long lines (777), with no line terminators
Size
757 B (757 bytes)
Hash
e23ae29208adeaa06e3863b902f230ad
820dce8fa852271621659269ec9f7a5dfb0d7278
f70c4c208bafd38d4864f46ecf1f4f9626409226b815b4364b1bdc5035ecfc0c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/generatepress/assets/js/back-to-top.min.js?ver=3.5.1 HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:22 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
Vary: Accept-Encoding
ETag: W/"671e376e-2f5"
Content-Encoding: gzip

immediate-dexair.com/wp-content/plugins/sitepress-multilingual-cms/res/flags/no.svg

185.107.58.211

200 OK

424 B

URL GET
immediate-dexair.com/wp-content/plugins/sitepress-multilingual-cms/res/flags/no.svg
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type
SVG Scalable Vector Graphics image
Size
424 B (424 bytes)
Hash
d99bb0da0b542cbf198526f994aa3a13
b1de847c5a8a2cf6db66c6e6d83ee2714c9df716
7d8f5765e444e7b622e93144bc38ab3cec8a00b8298853fea7347907ef4a7dd1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/sitepress-multilingual-cms/res/flags/no.svg HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:22 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
Vary: Accept-Encoding
ETag: W/"671e376e-1a8"
Content-Encoding: gzip

immediate-dexair.com/wp-content/uploads/2024/01/Rating-stars.png

185.107.58.211

200 OK

29 kB

URL GET
immediate-dexair.com/wp-content/uploads/2024/01/Rating-stars.png
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type
PNG image data, 426 x 228, 8-bit/color RGBA, non-interlaced
Size
29 kB (28622 bytes)
Hash
17cdff90fe80ca52b04a2a9f928fb075
3d765522e8aaa380c740df65283d12c156b940ce
9a68ee4b34bf5674048ab7444aab8d35e56fdfb58056e527915878da4d3cce7d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2024/01/Rating-stars.png HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:22 GMT
Content-Type: image/png
Content-Length: 28622
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
ETag: "671e376e-6fce"
Accept-Ranges: bytes

immediate-dexair.com/wp-content/uploads/2024/01/Favicon.png

185.107.58.211

200 OK

2.8 kB

URL GET
immediate-dexair.com/wp-content/uploads/2024/01/Favicon.png
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type
PNG image data, 167 x 168, 8-bit/color RGBA, non-interlaced
Size
2.8 kB (2818 bytes)
Hash
2749b852870eca46fea2a11377208bb5
c8f1f91fa034b8f5ee1df0a136f11919229fa1a5
1589de5f617c696f8da2088ccb56da1f7b6a5e1bfcfaca8a754401906d90c673

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2024/01/Favicon.png HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Cookie: wp-wpml_current_language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:23 GMT
Content-Type: image/png
Content-Length: 2818
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
ETag: "671e376e-b02"
Accept-Ranges: bytes

immediate-dexair.com/wp-content/plugins/turn-rank-math-faq-block-to-accordion/assets/css/style.min.css?ver=1.1.0

185.107.58.211

200 OK

1.1 kB

URL GET
immediate-dexair.com/wp-content/plugins/turn-rank-math-faq-block-to-accordion/assets/css/style.min.css?ver=1.1.0
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type
ASCII text, with very long lines (1065), with no line terminators
Size
1.1 kB (1061 bytes)
Hash
b6ed096137a563a864ff4c8aac74b97f
1c4304a2ea24e1db558a543924d768b19ae3b89a
77d4e6c3772a534bdf765ccb400144d02a460faf942eccc988f6871cae44daca

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/turn-rank-math-faq-block-to-accordion/assets/css/style.min.css?ver=1.1.0 HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:22 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
Vary: Accept-Encoding
ETag: W/"671e376e-425"
Content-Encoding: gzip

immediate-dexair.com/wp-content/plugins/wpml-cms-nav/res/css/cms-navigation-base.css?ver=1.5.5

185.107.58.211

200 OK

1.9 kB

URL GET
immediate-dexair.com/wp-content/plugins/wpml-cms-nav/res/css/cms-navigation-base.css?ver=1.5.5
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type
ASCII text, with very long lines (1912), with no line terminators
Size
1.9 kB (1908 bytes)
Hash
119d7a29c3d00522f7a29c87232ac649
b08fa5c8f4a9a3faacaf640a754989068c5eb78c
3732bd1d4228cf2930b7f9db65dd944bce37cdc547099a9deaf5de7f88f52669

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/wpml-cms-nav/res/css/cms-navigation-base.css?ver=1.5.5 HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:22 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
Vary: Accept-Encoding
ETag: W/"671e376e-774"
Content-Encoding: gzip

immediate-dexair.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1

185.107.58.211

200 OK

88 kB

URL GET
immediate-dexair.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
88 kB (87553 bytes)
Hash
826eb77e86b02ab7724fe3d0141ff87c
79cd3587d565afe290076a8d36c31c305a573d18
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-includes/js/jquery/jquery.min.js?ver=3.7.1 HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:22 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
Vary: Accept-Encoding
ETag: W/"671e376e-15601"
Content-Encoding: gzip

immediate-dexair.com/wp-content/plugins/sitepress-multilingual-cms/res/flags/is.svg

185.107.58.211

200 OK

449 B

URL GET
immediate-dexair.com/wp-content/plugins/sitepress-multilingual-cms/res/flags/is.svg
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type
SVG Scalable Vector Graphics image
Size
449 B (449 bytes)
Hash
98db9bcb093e8ef341752c773bf7523d
c337dce9ac1ef9077f8bc9ee06637e371a405e60
fd4a4fc689d4601ebc30faeb77ca2fec714c0669ce3e26ab80ae4f6eee6c339b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/sitepress-multilingual-cms/res/flags/is.svg HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:22 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
Vary: Accept-Encoding
ETag: W/"671e376e-1c1"
Content-Encoding: gzip

immediate-dexair.com/wp-content/uploads/2024/01/001.jpeg

185.107.58.211

200 OK

34 kB

URL GET
immediate-dexair.com/wp-content/uploads/2024/01/001.jpeg
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1000x571, components 3
Size
34 kB (33827 bytes)
Hash
ee48d6345a9616ca5159c4942afef6d8
a3f901a2c6d4c3074f939ba50d3e80851a2df850
173bbd7f441f504b4682972f071a03893a586ddf7246eaf3ca2341d8ed0cfc1e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2024/01/001.jpeg HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:22 GMT
Content-Type: image/jpeg
Content-Length: 33827
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
ETag: "671e376e-8423"
Accept-Ranges: bytes

immediate-dexair.com/wp-content/plugins/gp-premium/menu-plus/functions/css/offside.min.css?ver=2.5.0

185.107.58.211

200 OK

5.9 kB

URL GET
immediate-dexair.com/wp-content/plugins/gp-premium/menu-plus/functions/css/offside.min.css?ver=2.5.0
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type
ASCII text, with very long lines (5910), with no line terminators
Size
5.9 kB (5901 bytes)
Hash
5d446ddb13ac0e47869ad89622ecbc0c
0c9052af21788e7cd575ac793fa06567caaae69d
9d4efb74d5327a516de1656d47bda8ec1df1f20683acaff079968478d12d9528

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/gp-premium/menu-plus/functions/css/offside.min.css?ver=2.5.0 HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:22 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
Vary: Accept-Encoding
ETag: W/"671e376e-170d"
Content-Encoding: gzip

immediate-dexair.com/wp-content/plugins/sitepress-multilingual-cms/res/flags/hu.svg

185.107.58.211

200 OK

359 B

URL GET
immediate-dexair.com/wp-content/plugins/sitepress-multilingual-cms/res/flags/hu.svg
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type
SVG Scalable Vector Graphics image
Size
359 B (359 bytes)
Hash
550fd6461fa5488423a16a74f10e23e1
41e53881657f5cf771b77b03fd89ad553712d5a2
b3f585330c7f74b592e2ac3b3b14f9ca58489575f031195c5699a8e28dd796cf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/sitepress-multilingual-cms/res/flags/hu.svg HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:22 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
Vary: Accept-Encoding
ETag: W/"671e376e-167"
Content-Encoding: gzip

immediate-dexair.com/wp-content/plugins/sitepress-multilingual-cms/res/flags/ru.svg

185.107.58.211

200 OK

355 B

URL GET
immediate-dexair.com/wp-content/plugins/sitepress-multilingual-cms/res/flags/ru.svg
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type
SVG Scalable Vector Graphics image
Size
355 B (355 bytes)
Hash
c46d60d9f81ec6491a49e4615aeba16e
a772c241eaa757559d3f1856c45f0d559babcfdb
79994610a96a041cd0c3f09926e470535e5536f228edd13b824a82e05d126f84

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/sitepress-multilingual-cms/res/flags/ru.svg HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:22 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
Vary: Accept-Encoding
ETag: W/"671e376e-163"
Content-Encoding: gzip

immediate-dexair.com/wp-content/plugins/sitepress-multilingual-cms/res/flags/de.svg

185.107.58.211

200 OK

335 B

URL GET
immediate-dexair.com/wp-content/plugins/sitepress-multilingual-cms/res/flags/de.svg
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type
SVG Scalable Vector Graphics image
Size
335 B (335 bytes)
Hash
be3410e7442be97f8c40b4f5a92725c7
9db46c4db70b3c5f109cf532c11beaf0f77276f4
8c4f5828d6aa6fa919da690b180e7614bfeec02aea54cf8cdf495b34b735c773

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/sitepress-multilingual-cms/res/flags/de.svg HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:22 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
Vary: Accept-Encoding
ETag: W/"671e376e-14f"
Content-Encoding: gzip

immediate-dexair.com/wp-content/plugins/fxbot-registration-form/assets/images/regSuccess.png

185.107.58.211

200 OK

4.3 kB

URL GET
immediate-dexair.com/wp-content/plugins/fxbot-registration-form/assets/images/regSuccess.png
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type
PNG image data, 180 x 180, 8-bit colormap, non-interlaced
Size
4.3 kB (4251 bytes)
Hash
4cd1d4874ebef5120e63efa1c66278dc
3648f90f2ccc2e8ded42794dc0c0a363fc945527
caae22c3dadc5664eff10a1e3d0a5959bfea87d28f52f03ca4f3d7ebf560e5de

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/fxbot-registration-form/assets/images/regSuccess.png HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:22 GMT
Content-Type: image/png
Content-Length: 4251
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
ETag: "671e376e-109b"
Accept-Ranges: bytes

immediate-dexair.com/wp-content/uploads/2024/01/SSL-Secure-Connection-300x134.png

185.107.58.211

200 OK

41 kB

URL GET
immediate-dexair.com/wp-content/uploads/2024/01/SSL-Secure-Connection-300x134.png
IP
185.107.58.211:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://immediate-dexair.com/
Certificate
IssuerLet's Encrypt
Subjectimmediate-dexair.com
FingerprintDC:DA:90:A0:C6:C6:68:AE:F0:6F:88:C0:86:E2:32:A7:18:C0:53:C2
ValiditySat, 15 Feb 2025 15:38:47 GMT - Fri, 16 May 2025 15:38:46 GMT

File type
PNG image data, 300 x 134, 8-bit/color RGBA, non-interlaced
Size
41 kB (40886 bytes)
Hash
24600a758e1580637fb64ecdc9fbee61
12f8092ea3280f0020fa12c2af6334c6d79730e8
7f0774efaeb4ab17e27e65cf45db3a4aed7540d878ba0d7baa015c3370f33506

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2024/01/SSL-Secure-Connection-300x134.png HTTP/1.1
Host: immediate-dexair.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://immediate-dexair.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Mar 2025 19:43:22 GMT
Content-Type: image/png
Content-Length: 40886
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2024 12:51:58 GMT
ETag: "671e376e-9fb6"
Accept-Ranges: bytes

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (21)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML