Report - track.writive-resica.com/2d49f31d-562b-474a-820d-9039fd9ca4a3

Report Overview

Visited public
2023-11-26 03:14:29
Tags
URL
track.writive-resica.com/2d49f31d-562b-474a-820d-9039fd9ca4a3
Finishing URL
bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=&utm_medium=4271345&utm_term=8588505&utm_content=zd_public_v2
IP / ASN
18.195.195.71
#16509 AMAZON-02
Title
Would You Make A Great Career Online And Become A Millionaire By 2023?

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
my.rtmark.net	9054	2014-10-29	2015-02-04 10:54:57	2023-11-25 16:22:47	437 B	741 B	139.45.195.8
dortmark.net	unknown	2023-04-06	2023-04-11 18:40:39	2023-11-25 05:09:15	3.3 kB	4.8 kB	139.45.197.248
datatechonert.com	46154	2021-12-24	2021-12-24 17:44:17	2023-11-25 18:35:09	508 B	482 B	139.45.195.253
offpichuan.com	unknown	2023-03-30	2023-03-31 02:39:15	2023-11-25 13:04:59	1.0 kB	7.7 kB	139.45.197.237
track.writive-resica.com	unknown	2020-11-20	2020-11-21 14:39:32	2023-11-22 23:54:56	527 B	934 B	18.195.195.71
bicmifeg.top	unknown	2023-10-02	2023-10-02 12:31:55	2023-11-24 17:58:06	25 kB	734 kB	104.21.92.135
www.google.com	7	1997-09-15	2015-05-10 13:11:19	2023-11-19 18:48:38	404 B	2.2 kB	142.250.74.164
laugoust.com	unknown	2022-07-22	2022-07-22 13:11:39	2023-11-25 13:54:45	486 B	384 B	139.45.197.250
www.gstatic.com	unknown	2008-02-11	2016-07-26 11:37:06	2023-11-25 05:57:18	454 B	192 kB	142.250.74.99

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-11-26 03:14:12	medium	Client IP	Internal IP	ET INFO DNS Query for Suspicious .icu Domain
2023-11-26 03:14:13	medium	Client IP	Internal IP	ET DNS Query to a *.top domain - Likely Hostile

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-11-25	medium	dortmark.net	Sinkholed
2023-11-25	medium	dortmark.net	Sinkholed
2023-11-25	medium	dortmark.net	Sinkholed
2023-11-25	medium	laugoust.com	Sinkholed
2023-11-25	medium	dortmark.net	Sinkholed
2023-11-25	medium	dortmark.net	Sinkholed
2023-11-25	medium	dortmark.net	Sinkholed
2023-11-25	medium	dortmark.net	Sinkholed
2023-11-25	medium	datatechonert.com	Sinkholed
2023-11-25	medium	offpichuan.com	Sinkholed
2023-11-25	medium	offpichuan.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (33)

	URL	From	Size	First Seen	Last Seen
	bicmifeg.top/js/s-checkSessionStorageAvailable.ts.64e0808f.js	ScriptElement	330 B	2023-11-23	2023-11-30
Pretty URL bicmifeg.top/js/s-checkSessionStorageAvailable.ts.64e0808f.js IP 104.21.92.135 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-23 13:28 Last Seen2023-11-30 07:59 Times Seen608 Hash ffe9b46b170aa540581b4cee3f21b8b8 dbc89f98cc51efe4b0de218cf31e31f11d238048 b6ba397eb29c44ddcff65ece3a011f5b3d04e5011d5efaad1c288f99b7a4356b Loading...

	bicmifeg.top/js/v-index.mjs.8bd6052e.js	ScriptElement	35 kB	2023-11-23	2023-11-28
Pretty URL bicmifeg.top/js/v-index.mjs.8bd6052e.js IP 104.21.92.135 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-23 13:28 Last Seen2023-11-28 14:27 Times Seen512 Hash 84d738b248d732b399ed451202265248 2fa2f190bf01e100ed6c06364c20893d2810bf2d da476aa9d4d60bc2632a234d2106dc28b73ba659c7e63effd444182090b9b0bd Loading...

	bicmifeg.top/pfe/current/stattag.js	ScriptElement	19 kB	2023-10-13	2024-08-22
Pretty URL bicmifeg.top/pfe/current/stattag.js IP 104.21.92.135 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-13 13:29 Last Seen2024-08-22 11:17 Times Seen7166 Hash eee0fa1cefab154ab482da73fe023bee 1d3c88baee1b8527a30190d694cc8c6378b7f3bc 333132f2f62e5bcef5ab8a1950e7a8342023c0cea68b563b1130bea16dd0bc6a Loading...

	www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/recaptcha__en.js	ScriptElement	476 kB	2023-11-14	2024-08-20
Pretty URL www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/recaptcha__en.js IP 142.250.74.99 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-14 09:02 Last Seen2024-08-20 19:39 Times Seen12206 Hash 23b9dd721490a4062ba8d01454ef6ba9 efdbb7331585411f7d397dacbf51fd3e95f3031d 4970c7161d03503a3eb5ec49e4190a03445c50cd5a9081714bd13183d2d948a7 Loading...

	bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=	ScriptElement	135 B	2023-11-23	2024-10-28
Pretty URL bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4= IP 104.21.92.135 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-23 13:28 Last Seen2024-10-28 13:21 Times Seen22536 Hash 2a09c62ade9bdbd73d5b821d7eb7224a c6a062a7229c27cc653a472936a4233f53378601 7b6f6684bffd8b9b04937cd8fa05b0e46e6b92f65b8695df8dd4265e52b8cd55 Loading...

	bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=	ScriptElement	1.5 kB	2023-11-14	2024-08-20
Pretty URL bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4= IP 104.21.92.135 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-14 18:41 Last Seen2024-08-20 19:37 Times Seen1233 Hash 311996eb680a0a00d81cf27ea9ee4bc7 090584732fdd50a2777e36283a5a977b369e7e0d 8337d86e62de5e2b9e55cc0026bc4e44985222f5a5283b85626a2ad1a38fb5eb Loading...

	bicmifeg.top/js/v-utilities.js.19b3f04f.js	ScriptElement	2.6 kB	2023-11-23	2024-08-20
Pretty URL bicmifeg.top/js/v-utilities.js.19b3f04f.js IP 104.21.92.135 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-23 13:28 Last Seen2024-08-20 18:10 Times Seen513 Hash 756304dde705b4ad58293344905d60ee 5114ddcf906a1e429e3676ef5a73cdc5a2e4ad2a 78be28c829726f0f03876d65245a6bdde7d9a6bdb2431edb42e97724ee339188 Loading...

	bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=	ScriptElement	807 B	2023-11-23	2024-08-20
Pretty URL bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4= IP 104.21.92.135 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-23 13:28 Last Seen2024-08-20 18:10 Times Seen463 Hash 3e83bd1c1cc73bef223d71936b7b0292 f21b3c2417309b78e9d24ab0fafcf83195077024 5ca44294d5dfff2bf9def63c1323523c555d5108b88e921beee260122d28d147 Loading...

	bicmifeg.top/js/v-html-to-dom.js.35904a79.js	ScriptElement	364 B	2023-11-23	2024-08-20
Pretty URL bicmifeg.top/js/v-html-to-dom.js.35904a79.js IP 104.21.92.135 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-23 13:28 Last Seen2024-08-20 18:10 Times Seen512 Hash 8c0c3d4d9f159faebfdd61ae633f1433 058f2955586bda2ff160d041aa173c8a6c1d1ee6 9f3e7929faad3b47dc8d19461a085e528c034fae01cc9a3ae755be7dccc8f8e4 Loading...

	bicmifeg.top/pfe/current/micro.tag.min.js?z=6163203&sw=/sw/sw6163203.js&var=4271345&var_3=null&var_4=null&ymid=&cdn=1&domain=laugoust.com&ab2_ttl=5184000000	ScriptElement	27 kB	2023-10-13	2024-08-22
Pretty URL bicmifeg.top/pfe/current/micro.tag.min.js?z=6163203&sw=/sw/sw6163203.js&var=4271345&var_3=null&var_4=null&ymid=&cdn=1&domain=laugoust.com&ab2_ttl=5184000000 IP 104.21.92.135 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-13 00:27 Last Seen2024-08-22 11:17 Times Seen5439 Hash 7cfed967ba7094f80855e9c7850f359e f0acba47cbaae0bf415996d43fdde90f109f1cff 8f13eabfe1290926119e6421d35719e33ef68384b295eaee367923d75de2dc17 Loading...

	bicmifeg.top/js/config/sd/sd-2025-en.js?v=10	ScriptElement	12 kB	2023-11-15	2023-11-28
Pretty URL bicmifeg.top/js/config/sd/sd-2025-en.js?v=10 IP 104.21.92.135 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-15 15:20 Last Seen2023-11-28 09:59 Times Seen456 Hash 75241d4ada4db3c2b9fbb40d40e3b9da 996bf2455d982e5073faa89365ddc4e9cedd692a b87aad84fe0176e7f8402d37d67039ee594100c35c43451e05129ef415e069d5 Loading...

	bicmifeg.top/js/v-attributes-to-props.js.6755ce80.js	ScriptElement	702 B	2023-11-23	2024-08-20
Pretty URL bicmifeg.top/js/v-attributes-to-props.js.6755ce80.js IP 104.21.92.135 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-23 13:28 Last Seen2024-08-20 18:10 Times Seen512 Hash 59a8eecb9bea0c976412ab9a9781e0cd c479843a9215af412817793af2c8890ccf417a95 e774ba116a2db2171b5ff10e46e4edab0326c020d07d96bad8f980714689b765 Loading...

	bicmifeg.top/js/_rtc.9caec59f.js	ScriptElement	12 kB	2023-11-23	2023-11-30
Pretty URL bicmifeg.top/js/_rtc.9caec59f.js IP 104.21.92.135 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-23 13:28 Last Seen2023-11-30 07:59 Times Seen607 Hash d56f1e908ff52945462002157fcc0c42 9176c5bc564a6c6b8ab0f6ee956a4dde5411b4cb 9d2c7e356141f30e9a4c41aed693434151170ea35b016e825ceda4cf292a6a6b Loading...

	bicmifeg.top/js/_each-land-config.1a4315df.js	ScriptElement	72 kB	2023-11-23	2023-11-28
Pretty URL bicmifeg.top/js/_each-land-config.1a4315df.js IP 104.21.92.135 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-23 13:28 Last Seen2023-11-28 14:27 Times Seen188 Hash 165ecae79dda20172f31abc1863d4799 d97a1a4c0709d0fc532dd2d38c3b0bb7fa123759 b754b6de2e771270552f49418741da3efdbcf136a778ea53498b068a1f27c610 Loading...

	bicmifeg.top/js/_core-survey.5b374ff7.js	ScriptElement	171 kB	2023-11-23	2024-08-20
Pretty URL bicmifeg.top/js/_core-survey.5b374ff7.js IP 104.21.92.135 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-23 13:28 Last Seen2024-08-20 18:10 Times Seen219 Hash 2200455da185401518ff4e8350dbf60a d5e4be913d2d92077bd3c480af0a4b3f1fabdd95 66b915b4594cf5f13362c2a657ded086522f46f953b6aa7c730fab584cf401ed Loading...

	bicmifeg.top/js/v-constants.js.c1971864.js	ScriptElement	600 B	2023-11-23	2024-08-20
Pretty URL bicmifeg.top/js/v-constants.js.c1971864.js IP 104.21.92.135 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-23 13:28 Last Seen2024-08-20 18:10 Times Seen512 Hash 1aa33977b17847bfdd081cdde518f820 4ec4381b2e5091708baaba7fc6dc98b28077ad45 7b9e8a855feafe42b8eaa7d27e7b5de2104cbb261bdc8a99b4c1c8cd13ad46bd Loading...

	bicmifeg.top/js/v-dom-to-react.js.791d093f.js	ScriptElement	1.1 kB	2023-11-23	2023-11-28
Pretty URL bicmifeg.top/js/v-dom-to-react.js.791d093f.js IP 104.21.92.135 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-23 13:28 Last Seen2023-11-28 14:27 Times Seen513 Hash ca8cbc649ceccea3ce3422964e57eba0 fe8368a10ac29270edccf60d6ab0071173e5f108 489674ee09f758167b604c194ac9c2854d40705c7db5b85c57a7179c0bb9a485 Loading...

	bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=	ScriptElement	1.9 kB	2023-11-23	2024-08-20
Pretty URL bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4= IP 104.21.92.135 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-23 13:28 Last Seen2024-08-20 18:10 Times Seen543 Hash a55e6983fcccfb291fcab0dcf7b0ee37 665233101d6067fb0c716c2d19c7e58775565ac7 628ee0da700d5ce0553dd0fd5a419a40a03e2ce856085a680a6a187bc8201dbc Loading...

	bicmifeg.top/js/v-react-dom.production.min.js.3953e665.js	ScriptElement	129 kB	2023-11-23	2023-11-30
Pretty URL bicmifeg.top/js/v-react-dom.production.min.js.3953e665.js IP 104.21.92.135 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-23 13:28 Last Seen2023-11-30 07:42 Times Seen219 Hash 7d48d1609cd0ce12a2989e21ee5d872d 5ecae1623de7fd308b1cb9fe1a23757de6ec87ae 846ad8cf3ac730e51fc4044c2f0bf4b3b7214777317c3fbfcbaf1fa17e7ee1d2 Loading...

	bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=	ScriptElement	96 B	2023-10-08	2024-10-28
Pretty URL bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4= IP 104.21.92.135 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-10-08 13:44 Last Seen2024-10-28 13:21 Times Seen27089 Hash 1c21f8c6a7c78b7e67c5272c65c97f91 1a2eb15ee36a8f8b7160358a304ccf575b571074 0af800d9d96b01d9183737d36c4e01792913fdcd393bc56727f1e9be39730fc2 Loading...

	bicmifeg.top/js/_prefetcher.cc27e33f.js	ScriptElement	2.3 kB	2023-11-09	2024-08-20
Pretty URL bicmifeg.top/js/_prefetcher.cc27e33f.js IP 104.21.92.135 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-09 12:50 Last Seen2024-08-20 20:17 Times Seen1753 Hash 6d02970060606c56488345be283e84cc acfb536c38f12dc2f594654dfdf768a5d7ba2706 24c57ff2f648a81a80e796d56c446e90fcd201eec5fa9805433f5d5a99f72eb2 Loading...

	bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=	ScriptElement	250 B	2023-04-11	2024-10-28
Pretty URL bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4= IP 104.21.92.135 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-11 14:49 Last Seen2024-10-28 13:21 Times Seen26231 Hash 9d9b48d49f88bc3e71b52a408295effa ca122790003cf5d50f71165ed81d120d8a91199e e7427cfeefd59822deeb50274e744da9ce4173ab34ba825aff2d79f1dbc7be76 Loading...

	bicmifeg.top/js/survey.b70851a7.js	ScriptElement	6.6 kB	2023-11-23	2024-08-20
Pretty URL bicmifeg.top/js/survey.b70851a7.js IP 104.21.92.135 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-23 13:28 Last Seen2024-08-20 18:10 Times Seen470 Hash 5b44bae03b112bdab04e749ec12048df b3954ebb2198b920311c60bf6fd9c86833f38e21 d0da28efcd8ba013eb7d5eb87200866fd674df265627babfd2762469dc0f72a5 Loading...

	www.google.com/recaptcha/api.js?render=explicit&hl=en	ScriptElement	852 B	2023-11-14	2024-08-20
Pretty URL www.google.com/recaptcha/api.js?render=explicit&hl=en IP 142.250.74.164 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-14 09:04 Last Seen2024-08-20 19:39 Times Seen2436 Hash 045e7f9c6c8e847b367568c957bc95d5 402aeda930f2952fa7618f9980444b844493250b 3aee9726f94b463ddb032522c13856b54261dda89b35907b3f88505b8b83ada9 Loading...

	bicmifeg.top/js/s-storageService.js.dcc3c1e0.js	ScriptElement	2.2 kB	2023-11-23	2023-11-30
Pretty URL bicmifeg.top/js/s-storageService.js.dcc3c1e0.js IP 104.21.92.135 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-23 13:28 Last Seen2023-11-30 07:59 Times Seen608 Hash 3b38620444d2dd4c156ca8b65b23ff9d 6c78ea3c5eec0605607505c45ba1a7b0dea63cf3 ee9304176590110ee1d1bd36c1a043de47002af16fc5e8d1cdf10f6f1f974649 Loading...

	bicmifeg.top/js/s-checkLocalStorageAvailable.ts.408307af.js	ScriptElement	330 B	2023-11-23	2024-08-20
Pretty URL bicmifeg.top/js/s-checkLocalStorageAvailable.ts.408307af.js IP 104.21.92.135 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-23 13:28 Last Seen2024-08-20 18:10 Times Seen607 Hash f5e0a0aa7e46320962e5690712d40e17 659e3fd49c5f893a545c481776d94682caf5ef43 68d078d818ff86f19d3911c22b07058043e1cc0e4fa307b128f6d4fabb5b3fae Loading...

	bicmifeg.top/scripts/prefetcher.js	ScriptElement	11 kB	2023-09-09	2024-08-22
Pretty URL bicmifeg.top/scripts/prefetcher.js IP 104.21.92.135 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-09 22:53 Last Seen2024-08-22 11:17 Times Seen7151 Hash b1515a41bd47d83919c0f9d453006b65 10ce4d4cb080725e5cee62304ef07fef85971ef7 a444e5e431c2189cbf352c01d0b08dd505fe7fffa99dc0b12b4dbd0791fe564f Loading...

	bicmifeg.top/js/v-domparser.js.cdcf98c4.js	ScriptElement	1.7 kB	2023-11-23	2024-08-20
Pretty URL bicmifeg.top/js/v-domparser.js.cdcf98c4.js IP 104.21.92.135 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-23 13:28 Last Seen2024-08-20 18:10 Times Seen513 Hash d48720a375a796994f7905f8cdb81fa7 3c657bc2b3621172461b41ba35ceea0fd5c44d48 2c3baaadc80abea96b4660917a3e34c697a56fb746ebc8f948b80a670eba6727 Loading...

	bicmifeg.top/js/v-possibleStandardNamesOptimized.js.8c2143d2.js	ScriptElement	7.6 kB	2023-11-23	2023-11-28
Pretty URL bicmifeg.top/js/v-possibleStandardNamesOptimized.js.8c2143d2.js IP 104.21.92.135 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-23 13:28 Last Seen2023-11-28 14:27 Times Seen514 Hash 3d3035bbde80f9e88d411f8653b3ee82 cb4df08316d294505d919c8f818064c91d953b40 0e2bc7569198063b1a14f898e162d34e9bb6b673f50f42220564eb5b943e297d Loading...

	bicmifeg.top/js/v-node.js.c33802d9.js	ScriptElement	6.3 kB	2023-11-23	2023-11-28
Pretty URL bicmifeg.top/js/v-node.js.c33802d9.js IP 104.21.92.135 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-23 13:28 Last Seen2023-11-28 14:27 Times Seen512 Hash ca0b25a27b656077413f58537d4ffbff c0d211652b18b93d21572c37baa80d204d2be843 da4fb5f031e5b9447f72af1abb9fdeaccbc72268b42884d7dd86e7a8ee1d7aed Loading...

	bicmifeg.top/js/SurveyContainer.cc370497.js	ScriptElement	55 kB	2023-11-23	2023-11-28
Pretty URL bicmifeg.top/js/SurveyContainer.cc370497.js IP 104.21.92.135 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-23 13:28 Last Seen2023-11-28 14:27 Times Seen185 Hash 79e21d21eee81f51daf1e5042776101e 791c6d6a842e127315103fbcd77cc47bd5e0e30f 5eb5e75c45d376b1abdebb9e9b81f5641ef5309d4da18cbefdb9182340ed13e6 Loading...

	bicmifeg.top/js/v-index.js.6fb19376.js	ScriptElement	41 kB	2023-11-23	2023-11-28
Pretty URL bicmifeg.top/js/v-index.js.6fb19376.js IP 104.21.92.135 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-23 13:28 Last Seen2023-11-28 14:27 Times Seen229 Hash 3a5adbbe9b92a6cc98700c87d7c519f7 b5805a547df6cb1d908d3f9e2657ee343f1f2b52 1d2e931b0560744a9ca8db6c68516aeb271f6d38e3eaa37a50790643bf5a4251 Loading...

	bicmifeg.top/js/v-redux-toolkit.esm.js.7e700275.js	ScriptElement	11 kB	2023-11-23	2023-11-30
Pretty URL bicmifeg.top/js/v-redux-toolkit.esm.js.7e700275.js IP 104.21.92.135 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-23 13:28 Last Seen2023-11-30 07:59 Times Seen607 Hash 5c4a90eeda1e56b88bc80e817c0a4112 d72a555b18a0be611de4957f893e94ab9b4894ce 2483003d35f9dc1fdd630695570618f0ad6265c82193f374bef706a90324f142 Loading...

HTTP Transactions (66)

URL IP Response Size

track.writive-resica.com/2d49f31d-562b-474a-820d-9039fd9ca4a3

18.195.195.71

302 Found

0 B

URL User Request GET HTTP/2
track.writive-resica.com/2d49f31d-562b-474a-820d-9039fd9ca4a3
IP
18.195.195.71:443
ASN
#16509 AMAZON-02

Certificate
IssuerLet's Encrypt
Subjecttrack.writive-resica.com
FingerprintD5:79:0F:C8:08:BC:50:E9:3E:AE:8C:A3:70:55:20:80:DF:D3:F3:97
ValidityTue, 07 Nov 2023 07:01:34 GMT - Mon, 05 Feb 2024 07:01:33 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /2d49f31d-562b-474a-820d-9039fd9ca4a3 HTTP/1.1
Host: track.writive-resica.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx
date: Sun, 26 Nov 2023 03:14:09 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=
pragma: no-cache
set-cookie: 2d49f31d-562b-474a-820d-9039fd9ca4a3-v4=2mXi-wv9D0J3zgucIIUeDBcaPjWnkC9Fh3G0_S662pA; Max-Age=86400; Expires=Mon, 27-Nov-2023 03:14:09 GMT; Domain=track.writive-resica.com; Path=/; Secure; HttpOnly;SameSite=None
cc-v4=6xibg%2FZ57gBgshQv6f%2BKoPxWmId43%2BanXWSZ67%2But0AXa2SNIwIVnEXNS2Eu1eluQVln7d3Jc%2FHaf1Lm%2BLBBNCqSnXYV5FNcfYzaTILh1giE%2FHRFZyCGDU6mlANRoriuHBci9wiRlqTrGt9kA6eyBw%3D%3D; Max-Age=31536000; Expires=Mon, 25-Nov-2024 03:14:09 GMT; Domain=track.writive-resica.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2

my.rtmark.net/gid.js?userId=8kmmvuymcwgw36gssi53nnh855jrwxfs

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?userId=8kmmvuymcwgw36gssi53nnh855jrwxfs
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintE8:81:4E:79:89:89:BE:CE:75:1F:E0:2A:60:54:8A:A4:11:2E:F7:42
ValiditySat, 07 Oct 2023 15:22:00 GMT - Fri, 05 Jan 2024 15:21:59 GMT

File type
JSON data\012- , ASCII text
Size
65 B (65 bytes)
Hash
97ff56adac436e6700a783164fd60bb8
43969d745b46dcb8e7593599a62b0d5b09f275df
43f60028e8a130b5a9ae1abda1d5f9c72ee4a1cf8bf7d8d3a35a3ab5e2f688e3

HTTP Headers

GET /gid.js?userId=8kmmvuymcwgw36gssi53nnh855jrwxfs HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bicmifeg.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 26 Nov 2023 03:14:10 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://bicmifeg.top
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=8kmmvuymcwgw36gssi53nnh855jrwxfs; expires=Mon, 25 Nov 2024 03:14:10 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

bicmifeg.top/img/comments/person-10.webp

104.21.92.135

200 OK

2.2 kB

URL GET HTTP/3
bicmifeg.top/img/comments/person-10.webp
IP
104.21.92.135:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=
Certificate
IssuerGoogle Trust Services LLC
Subjectbicmifeg.top
Fingerprint4A:CE:EE:B9:D0:1E:7C:34:E9:18:E4:44:33:A9:5B:A6:78:BF:DC:CB
ValidityMon, 02 Oct 2023 09:29:41 GMT - Sun, 31 Dec 2023 09:29:40 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
2.2 kB (2222 bytes)
Hash
9dd9074774147c349c8a5bd4760c3cfb
99675a91391516dee57d557728a8cc96257429a3
318ecbca5e7cedf56bad3a556b5c8a8fd14b22a3d536c85f0e4a646e40d8d332

HTTP Headers

GET /img/comments/person-10.webp HTTP/1.1
Host: bicmifeg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: ID=8kmmvuymcwgw36gssi53nnh855jrwxfs; OAID=3b8c81cffb924ea48e9ffdb22be47f51; oaidts=1700968451
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 26 Nov 2023 03:14:11 GMT
content-type: image/webp
content-length: 2222
last-modified: Thu, 23 Nov 2023 12:24:13 GMT
vary: Accept-Encoding
etag: "655f446d-8ae"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mRdSs%2FntQV5i9SrmlkVabaxdQCy%2Fro0D26XBejbetXw5mfdnmnSPBIuUt0O8wOvEEFvjTevbr%2Fup4T2sQ9oHQzn5271ZnaK5QW%2F7S8KszHsmlvK5e5Dwqa2DRfP2RcA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82bef5b3ccc656a4-OSL
alt-svc: h3=":443"; ma=86400

bicmifeg.top/img/comments/unnamed.webp

104.21.92.135

200 OK

264 B

URL GET HTTP/3
bicmifeg.top/img/comments/unnamed.webp
IP
104.21.92.135:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=
Certificate
IssuerGoogle Trust Services LLC
Subjectbicmifeg.top
Fingerprint4A:CE:EE:B9:D0:1E:7C:34:E9:18:E4:44:33:A9:5B:A6:78:BF:DC:CB
ValidityMon, 02 Oct 2023 09:29:41 GMT - Sun, 31 Dec 2023 09:29:40 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
264 B (264 bytes)
Hash
606085e7a74fd169da34f9fcb43ad12d
77226a50488fb48256d36f1810a136b69d635f74
df20f4c1d87cb10514a6d526dde70759334705d90a909df0e6cb130061ce1ea5

HTTP Headers

GET /img/comments/unnamed.webp HTTP/1.1
Host: bicmifeg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: ID=8kmmvuymcwgw36gssi53nnh855jrwxfs; OAID=3b8c81cffb924ea48e9ffdb22be47f51; oaidts=1700968451
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 26 Nov 2023 03:14:11 GMT
content-type: image/webp
content-length: 264
last-modified: Thu, 23 Nov 2023 12:24:13 GMT
vary: Accept-Encoding
etag: "655f446d-108"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TuH7XwMOu5T7Be%2FIgfdS4naivjGwooiBJ1LCu7t%2B0zLjIL3%2BL%2FkPQYCwpow64b276Z0PNkAtpkiDmOiGqIo%2BtpYP1Eiun5m%2FK4JQ19V3QoMOOttSZnFLE2pLevF06C0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82bef5b3ccb056a4-OSL
alt-svc: h3=":443"; ma=86400

bicmifeg.top/img/comments/person-13.webp

104.21.92.135

200 OK

1.9 kB

URL GET HTTP/3
bicmifeg.top/img/comments/person-13.webp
IP
104.21.92.135:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=
Certificate
IssuerGoogle Trust Services LLC
Subjectbicmifeg.top
Fingerprint4A:CE:EE:B9:D0:1E:7C:34:E9:18:E4:44:33:A9:5B:A6:78:BF:DC:CB
ValidityMon, 02 Oct 2023 09:29:41 GMT - Sun, 31 Dec 2023 09:29:40 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
1.9 kB (1888 bytes)
Hash
ad1e0d431ec5fcb9a1e7ba8680d14a21
0f30fc9c7a5460458fb1e01acff03df4d5809950
45f8553b96fbe562a88e1366e8986d14b4d51f7d069604f8d29675844a19b204

HTTP Headers

GET /img/comments/person-13.webp HTTP/1.1
Host: bicmifeg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: ID=8kmmvuymcwgw36gssi53nnh855jrwxfs; OAID=3b8c81cffb924ea48e9ffdb22be47f51; oaidts=1700968451
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 26 Nov 2023 03:14:11 GMT
content-type: image/webp
content-length: 1888
last-modified: Thu, 23 Nov 2023 12:24:13 GMT
vary: Accept-Encoding
etag: "655f446d-760"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s4hhLIGgTyQOlyuLomggIw%2BkYjAiseqOP03PxJ%2BEZymP2kf3XNuSuPnERX5i7NL%2FmjGGkaPklAce2i9a0v4EKeEAFT0MxzZ6PA%2FymkAIaTr4slWDj1oQx6yCnWjWnFM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82bef5b3dccb56a4-OSL
alt-svc: h3=":443"; ma=86400

bicmifeg.top/img/comments/person-14.webp

104.21.92.135

200 OK

1.7 kB

URL GET HTTP/3
bicmifeg.top/img/comments/person-14.webp
IP
104.21.92.135:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=
Certificate
IssuerGoogle Trust Services LLC
Subjectbicmifeg.top
Fingerprint4A:CE:EE:B9:D0:1E:7C:34:E9:18:E4:44:33:A9:5B:A6:78:BF:DC:CB
ValidityMon, 02 Oct 2023 09:29:41 GMT - Sun, 31 Dec 2023 09:29:40 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
1.7 kB (1672 bytes)
Hash
7dc8c2c56e77f2a329230f677b6e5bf8
23b56b25ef6370e93d6c070c212684ba99612fcc
49ce3d1aa6533e2c9715cdc971939ba08f7072b87d7f60dd1dc3f0ef892e44fc

HTTP Headers

GET /img/comments/person-14.webp HTTP/1.1
Host: bicmifeg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: ID=8kmmvuymcwgw36gssi53nnh855jrwxfs; OAID=3b8c81cffb924ea48e9ffdb22be47f51; oaidts=1700968451
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 26 Nov 2023 03:14:11 GMT
content-type: image/webp
content-length: 1672
last-modified: Thu, 23 Nov 2023 12:24:12 GMT
vary: Accept-Encoding
etag: "655f446c-688"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=04wKFr58xVT57kyKGLBsOpBTPCi2l8Khxw5mlf6PzVDc5Xqrr5DT%2FxjzLzRoAAud50ahS3N8s0Snag2bu9ppo7ufD6T%2BsNp%2BAHG07K0hwOoVkIDlLB%2BNPRN8PsTFwLI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82bef5b3ccb456a4-OSL
alt-svc: h3=":443"; ma=86400

www.google.com/recaptcha/api.js?render=explicit&hl=en

142.250.74.164

200 OK

1.7 kB

URL GET HTTP/2
www.google.com/recaptcha/api.js?render=explicit&hl=en
IP
142.250.74.164:443
ASN
#15169 GOOGLE

Requested by
https://bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=
Certificate
IssuerGoogle Trust Services LLC
Subjectwww.google.com
FingerprintB0:8E:97:10:7E:30:90:F6:42:A1:32:63:5C:78:27:D3:A8:F1:05:D1
ValidityMon, 23 Oct 2023 11:24:57 GMT - Mon, 15 Jan 2024 11:24:56 GMT

File type
gzip compressed data\012- data
Size
1.7 kB (1678 bytes)
Hash
85b09e20abe34fa0ae8365129c9e9451
b2009eb779b76d4f3b53e9c11401203277ab5387
b0fe1ce5be6ae2f8b906196820949d9204758d175ef3b084d606801404389229

HTTP Headers

GET /recaptcha/api.js?render=explicit&hl=en HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
expires: Sun, 26 Nov 2023 03:14:11 GMT
date: Sun, 26 Nov 2023 03:14:11 GMT
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

bicmifeg.top/css/_core-survey.626be79c.css

104.21.92.135

200 OK

258 B

URL GET HTTP/3
bicmifeg.top/css/_core-survey.626be79c.css
IP
104.21.92.135:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=
Certificate
IssuerGoogle Trust Services LLC
Subjectbicmifeg.top
Fingerprint4A:CE:EE:B9:D0:1E:7C:34:E9:18:E4:44:33:A9:5B:A6:78:BF:DC:CB
ValidityMon, 02 Oct 2023 09:29:41 GMT - Sun, 31 Dec 2023 09:29:40 GMT

File type
ASCII text
Size
258 B (258 bytes)
Hash
dabb66586122f92cb3eca926ba379978
4196f1cd0b5ebabcb120e5641f5fe09643a8ea0e
549205baeb101a8976a0980ceeba414637824b0f7ee5506f36be5a92c4a6789f

HTTP Headers

GET /css/_core-survey.626be79c.css HTTP/1.1
Host: bicmifeg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 26 Nov 2023 03:14:10 GMT
content-type: text/css
last-modified: Thu, 23 Nov 2023 12:24:12 GMT
vary: Accept-Encoding
etag: W/"655f446c-82"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E%2BrTSEcyvtE%2Fs9vy%2FhoZztA7GR9ZcBZhgnYhV6wl66N%2FgrDKqYxp2MHLg80nIiZUnkD11E%2BpbIsSmK61MJm6IkWETJ3WrNEoZILAwX9R8Dstaav1FqiCJz8KNavK%2BSM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82bef5b04af056a4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

bicmifeg.top/img/comments/person-5.webp

104.21.92.135

200 OK

1.8 kB

URL GET HTTP/3
bicmifeg.top/img/comments/person-5.webp
IP
104.21.92.135:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=
Certificate
IssuerGoogle Trust Services LLC
Subjectbicmifeg.top
Fingerprint4A:CE:EE:B9:D0:1E:7C:34:E9:18:E4:44:33:A9:5B:A6:78:BF:DC:CB
ValidityMon, 02 Oct 2023 09:29:41 GMT - Sun, 31 Dec 2023 09:29:40 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
1.8 kB (1846 bytes)
Hash
10f4b15b0a471e17ef598de73ffb319b
e3fd3478fa27f2cce0a9b945c50d640832594594
21411e70dfd7d12a4180188a1ccf3797df346cf6cb6f477f5ecbfb505d6fa378

HTTP Headers

GET /img/comments/person-5.webp HTTP/1.1
Host: bicmifeg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: ID=8kmmvuymcwgw36gssi53nnh855jrwxfs; OAID=3b8c81cffb924ea48e9ffdb22be47f51; oaidts=1700968451
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 26 Nov 2023 03:14:11 GMT
content-type: image/webp
content-length: 1846
last-modified: Thu, 23 Nov 2023 12:24:12 GMT
vary: Accept-Encoding
etag: "655f446c-736"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UWTjCHhTTLGTDUIzIYeJ18TaY6PjjU12ZTNSig9tsbAWngHKDyZa6Ij9QqLruMjdC0ocyc07f11V2kqutrO%2Bn%2BVC5wnGWk7cA%2FZBN6AeyjJPjRiMugvT0he4BQK0pmY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82bef5b3ccbe56a4-OSL
alt-svc: h3=":443"; ma=86400

bicmifeg.top/img/comments/person-9.webp

104.21.92.135

200 OK

1.7 kB

URL GET HTTP/3
bicmifeg.top/img/comments/person-9.webp
IP
104.21.92.135:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=
Certificate
IssuerGoogle Trust Services LLC
Subjectbicmifeg.top
Fingerprint4A:CE:EE:B9:D0:1E:7C:34:E9:18:E4:44:33:A9:5B:A6:78:BF:DC:CB
ValidityMon, 02 Oct 2023 09:29:41 GMT - Sun, 31 Dec 2023 09:29:40 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
1.7 kB (1654 bytes)
Hash
12f578cbef79e63d347e2c8384c03ce6
496afa2132dc6a09052596587de749aefa634975
be233e744893994063c5cc341d9f60ff9ccdaa582da7b05bcfc01a7415b7cffa

HTTP Headers

GET /img/comments/person-9.webp HTTP/1.1
Host: bicmifeg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: ID=8kmmvuymcwgw36gssi53nnh855jrwxfs; OAID=3b8c81cffb924ea48e9ffdb22be47f51; oaidts=1700968451
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 26 Nov 2023 03:14:11 GMT
content-type: image/webp
content-length: 1654
last-modified: Thu, 23 Nov 2023 12:24:13 GMT
vary: Accept-Encoding
etag: "655f446d-676"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uGj8nYE3Ar0RyR6QEzxBaiItcaPLKpUx3N%2FNclGY2DbRGboTGccZuMyXI1KVl4COrjwzsPrqDGftqa7QcbjGX5r0oWRabYP7mEpQsuH8WhhTMvpScKlHRMVoUcVR0ZA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82bef5b3ccc556a4-OSL
alt-svc: h3=":443"; ma=86400

bicmifeg.top/img/comments/person-12.webp

104.21.92.135

200 OK

1.4 kB

URL GET HTTP/3
bicmifeg.top/img/comments/person-12.webp
IP
104.21.92.135:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=
Certificate
IssuerGoogle Trust Services LLC
Subjectbicmifeg.top
Fingerprint4A:CE:EE:B9:D0:1E:7C:34:E9:18:E4:44:33:A9:5B:A6:78:BF:DC:CB
ValidityMon, 02 Oct 2023 09:29:41 GMT - Sun, 31 Dec 2023 09:29:40 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
1.4 kB (1390 bytes)
Hash
a2a75db01afaab639bcc0c6c76a14c09
2c773be63192164745f2a42c2fde74812c6e905d
f22ac207c07f65a697682c466b4e87364c43a720b4e240df2d418ffbd8070e5e

HTTP Headers

GET /img/comments/person-12.webp HTTP/1.1
Host: bicmifeg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: ID=8kmmvuymcwgw36gssi53nnh855jrwxfs; OAID=3b8c81cffb924ea48e9ffdb22be47f51; oaidts=1700968451
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 26 Nov 2023 03:14:11 GMT
content-type: image/webp
content-length: 1390
last-modified: Thu, 23 Nov 2023 12:24:12 GMT
vary: Accept-Encoding
etag: "655f446c-56e"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BptTxpyu%2FvR8odYyeom8exwstFvWaIGGWxwHIcK9SOzKn4A9YkqHT9bW2San3%2FwehM9qXz54N3ERCSJv%2BBkaoTwLQiCbNIDj%2BvebhGv4I12pTdkUkK2rPWZgrbQ1TJM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82bef5b3dcc956a4-OSL
alt-svc: h3=":443"; ma=86400

bicmifeg.top/img/comments/person-11.webp

104.21.92.135

200 OK

1.5 kB

URL GET HTTP/3
bicmifeg.top/img/comments/person-11.webp
IP
104.21.92.135:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=
Certificate
IssuerGoogle Trust Services LLC
Subjectbicmifeg.top
Fingerprint4A:CE:EE:B9:D0:1E:7C:34:E9:18:E4:44:33:A9:5B:A6:78:BF:DC:CB
ValidityMon, 02 Oct 2023 09:29:41 GMT - Sun, 31 Dec 2023 09:29:40 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
1.5 kB (1526 bytes)
Hash
0100f949c3302195d906e13bc199399d
2b39580485f3e9ca81a8a2ead4747f89731800f4
10df37a82d90b2225e19460cbe7403726591fbd02caabfdf6a2884db631d8511

HTTP Headers

GET /img/comments/person-11.webp HTTP/1.1
Host: bicmifeg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: ID=8kmmvuymcwgw36gssi53nnh855jrwxfs; OAID=3b8c81cffb924ea48e9ffdb22be47f51; oaidts=1700968451
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 26 Nov 2023 03:14:11 GMT
content-type: image/webp
content-length: 1526
last-modified: Thu, 23 Nov 2023 12:24:12 GMT
vary: Accept-Encoding
etag: "655f446c-5f6"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F2oelMj5kdwmNJgeyhO%2FrYwC6oMt%2BWK61FMqExUgYcZFDC4Ylyq9vB8Esr1fuSZA882k8WsauFLBjyc1xUXzsQxIt1JTphqVWFHKnX44vKm1yDa3MIvuBTwMif3C4UY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82bef5b3dcc756a4-OSL
alt-svc: h3=":443"; ma=86400

bicmifeg.top/js/_each-land-config.1a4315df.js

104.21.92.135

200 OK

22 kB

URL GET HTTP/3
bicmifeg.top/js/_each-land-config.1a4315df.js
IP
104.21.92.135:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=
Certificate
IssuerGoogle Trust Services LLC
Subjectbicmifeg.top
Fingerprint4A:CE:EE:B9:D0:1E:7C:34:E9:18:E4:44:33:A9:5B:A6:78:BF:DC:CB
ValidityMon, 02 Oct 2023 09:29:41 GMT - Sun, 31 Dec 2023 09:29:40 GMT

File type
ASCII text, with very long lines (65452)
Size
22 kB (22543 bytes)
Hash
165ecae79dda20172f31abc1863d4799
d97a1a4c0709d0fc532dd2d38c3b0bb7fa123759
b754b6de2e771270552f49418741da3efdbcf136a778ea53498b068a1f27c610

HTTP Headers

GET /js/_each-land-config.1a4315df.js HTTP/1.1
Host: bicmifeg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 26 Nov 2023 03:14:10 GMT
content-type: application/javascript
last-modified: Thu, 23 Nov 2023 12:24:11 GMT
vary: Accept-Encoding
etag: W/"655f446b-119a4"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DkjbRsGCblbcSMoGr5VU20g6bnPPaQgz6tAeAVsuAmYRNYt%2BL7dW8lTYD17kdAvXBOGaWFnNYN3LK1DRGIReyJgyfVfdqpwmsDyltiW6bfsRvpL%2Bv%2FlmznzqpJGnjck%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82bef5b04aec56a4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

bicmifeg.top/js/survey.b70851a7.js

104.21.92.135

200 OK

3.9 kB

URL GET HTTP/3
bicmifeg.top/js/survey.b70851a7.js
IP
104.21.92.135:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=
Certificate
IssuerGoogle Trust Services LLC
Subjectbicmifeg.top
Fingerprint4A:CE:EE:B9:D0:1E:7C:34:E9:18:E4:44:33:A9:5B:A6:78:BF:DC:CB
ValidityMon, 02 Oct 2023 09:29:41 GMT - Sun, 31 Dec 2023 09:29:40 GMT

File type
ASCII text, with very long lines (6645), with no line terminators
Size
3.9 kB (3912 bytes)
Hash
5b44bae03b112bdab04e749ec12048df
b3954ebb2198b920311c60bf6fd9c86833f38e21
d0da28efcd8ba013eb7d5eb87200866fd674df265627babfd2762469dc0f72a5

HTTP Headers

GET /js/survey.b70851a7.js HTTP/1.1
Host: bicmifeg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 26 Nov 2023 03:14:10 GMT
content-type: application/javascript
last-modified: Thu, 23 Nov 2023 12:24:11 GMT
vary: Accept-Encoding
etag: W/"655f446b-19f5"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NqYJnSDdTnN%2FuP9n801pp%2F8GgGvT4N%2BejaxGFcOKnE2I76rgOVptlTKw3GLO%2BrxEwhmY0329vIvgF%2B68Y8QjlSVKiCkYLgfdF0I0%2FWv%2BBYH9QyBryehDq08uaBvhHtA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82bef5b04aef56a4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

bicmifeg.top/scripts/prefetcher.js

104.21.92.135

200 OK

6.2 kB

URL GET HTTP/3
bicmifeg.top/scripts/prefetcher.js
IP
104.21.92.135:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=
Certificate
IssuerGoogle Trust Services LLC
Subjectbicmifeg.top
Fingerprint4A:CE:EE:B9:D0:1E:7C:34:E9:18:E4:44:33:A9:5B:A6:78:BF:DC:CB
ValidityMon, 02 Oct 2023 09:29:41 GMT - Sun, 31 Dec 2023 09:29:40 GMT

File type
ASCII text, with very long lines (10761), with no line terminators
Size
6.2 kB (6249 bytes)
Hash
b1515a41bd47d83919c0f9d453006b65
10ce4d4cb080725e5cee62304ef07fef85971ef7
a444e5e431c2189cbf352c01d0b08dd505fe7fffa99dc0b12b4dbd0791fe564f

HTTP Headers

GET /scripts/prefetcher.js HTTP/1.1
Host: bicmifeg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 26 Nov 2023 03:14:10 GMT
content-type: application/javascript
last-modified: Thu, 23 Nov 2023 12:24:12 GMT
vary: Accept-Encoding
etag: W/"655f446c-2a09"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WYjLZ4rJPFfqLZp4cLjhZ9Kgrhr5PzlICYXDWVNiOpofDStfbqlw%2BNTJxA%2Bmfa%2BRaJOMH1GKm9z46apE2SKt%2BPSRbRRViVhk6ABU5EZwL%2BPcaLPWRikn9fWDKs7Cc2Q%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82bef5b16b7f56a4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

bicmifeg.top/img/comments/person-8.webp

104.21.92.135

200 OK

1.8 kB

URL GET HTTP/3
bicmifeg.top/img/comments/person-8.webp
IP
104.21.92.135:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=
Certificate
IssuerGoogle Trust Services LLC
Subjectbicmifeg.top
Fingerprint4A:CE:EE:B9:D0:1E:7C:34:E9:18:E4:44:33:A9:5B:A6:78:BF:DC:CB
ValidityMon, 02 Oct 2023 09:29:41 GMT - Sun, 31 Dec 2023 09:29:40 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
1.8 kB (1802 bytes)
Hash
2ad9296fef7cd1f60823b80098d31c1f
145b3a66be3deb658a453963cef39a018b6f0928
82bcaa459e3d55b1f99c7154b506f5f5f464f04c5873a3e66ebaf5d064c4de6d

HTTP Headers

GET /img/comments/person-8.webp HTTP/1.1
Host: bicmifeg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: ID=8kmmvuymcwgw36gssi53nnh855jrwxfs; OAID=3b8c81cffb924ea48e9ffdb22be47f51; oaidts=1700968451
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 26 Nov 2023 03:14:11 GMT
content-type: image/webp
content-length: 1802
last-modified: Thu, 23 Nov 2023 12:24:13 GMT
vary: Accept-Encoding
etag: "655f446d-70a"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B9bY3wNViVslh1NA24Mz3FDIsEkmVS8dTQDbFX8OdrNHLQiNhOeuwBFwOqdGUt6XUvlQ2fX90A%2BweaYTXsHJUc1TsGheG%2B4G8mWonhPiwU%2BdLoF%2FMI7Orv0KmDzsITI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82bef5b3ccc256a4-OSL
alt-svc: h3=":443"; ma=86400

bicmifeg.top/img/comments/person-3.webp

104.21.92.135

200 OK

982 B

URL GET HTTP/3
bicmifeg.top/img/comments/person-3.webp
IP
104.21.92.135:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=
Certificate
IssuerGoogle Trust Services LLC
Subjectbicmifeg.top
Fingerprint4A:CE:EE:B9:D0:1E:7C:34:E9:18:E4:44:33:A9:5B:A6:78:BF:DC:CB
ValidityMon, 02 Oct 2023 09:29:41 GMT - Sun, 31 Dec 2023 09:29:40 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
982 B (982 bytes)
Hash
489a7f64f96c92f3325af92fa2af78b5
098cbcbd7ee329321d2fb7bac74535ab258a1f97
fd84809b70e4186fc2529a7ce54316e51ddf51ff8b2f099dcdb88ea91840be4f

HTTP Headers

GET /img/comments/person-3.webp HTTP/1.1
Host: bicmifeg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: ID=8kmmvuymcwgw36gssi53nnh855jrwxfs; OAID=3b8c81cffb924ea48e9ffdb22be47f51; oaidts=1700968451
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 26 Nov 2023 03:14:11 GMT
content-type: image/webp
content-length: 982
last-modified: Thu, 23 Nov 2023 12:24:12 GMT
vary: Accept-Encoding
etag: "655f446c-3d6"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IZJqE993WnQAbtkj2%2FJzyoB5lPg2%2Bm7PxjAy7JZVg1c%2F4oqsvf0fl0ZldLK2Hi%2FUML1A65VXQ9EJ%2BNjcqRM9j9aSsYArVkemJ26SQAGiOkq71ioYTLaHOwP8XsIe%2FKE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82bef5b3ccc356a4-OSL
alt-svc: h3=":443"; ma=86400

bicmifeg.top/img/icon-survey.svg

104.21.92.135

200 OK

736 B

URL GET HTTP/3
bicmifeg.top/img/icon-survey.svg
IP
104.21.92.135:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=
Certificate
IssuerGoogle Trust Services LLC
Subjectbicmifeg.top
Fingerprint4A:CE:EE:B9:D0:1E:7C:34:E9:18:E4:44:33:A9:5B:A6:78:BF:DC:CB
ValidityMon, 02 Oct 2023 09:29:41 GMT - Sun, 31 Dec 2023 09:29:40 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2674), with no line terminators
Size
736 B (736 bytes)
Hash
9a8ba19b913810bd358e5caf3a7c2a75
6eff5e84f2b82772bb6029088ed852a8161b3252
58b0a3aa24ef605d4b812bcf92cbaa2e7f78bd43f929ca6362bc259da610399a

HTTP Headers

GET /img/icon-survey.svg HTTP/1.1
Host: bicmifeg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 26 Nov 2023 03:14:10 GMT
content-type: image/svg+xml
last-modified: Thu, 23 Nov 2023 12:24:12 GMT
vary: Accept-Encoding
etag: W/"655f446c-a72"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iR0yEJ4zvi%2Ft432D%2BV1PXBzdyBw1rEN8EgSoF5TG4NQgwd1QuyOZNgbfNVc8eKdmoM9XJ2nFIjCnkBBVIQ7k95GeqYcVjVBJh6lWFSFQrS%2Flkj5NoBJOp5bRjlfXEn4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82bef5b04af256a4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

dortmark.net/sync-metrics

139.45.197.248

200 OK

0 B

URL OPTIONS HTTP/2
dortmark.net/sync-metrics
IP
139.45.197.248:443
ASN
#9002 RETN Limited

Requested by
https://bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=
Certificate
IssuerLet's Encrypt
Subjectdortmark.net
FingerprintFB:73:EE:33:AC:A4:2C:AF:0B:D4:2D:B0:E2:CA:21:16:50:E4:1C:C4
ValidityWed, 27 Sep 2023 17:36:39 GMT - Tue, 26 Dec 2023 17:36:38 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /sync-metrics HTTP/1.1
Host: dortmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://bicmifeg.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 26 Nov 2023 03:14:11 GMT
content-length: 0
access-control-allow-origin: https://bicmifeg.top
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

dortmark.net/sync-metrics

139.45.197.248

200 OK

17 B

URL OPTIONS HTTP/2
dortmark.net/sync-metrics
IP
139.45.197.248:443
ASN
#9002 RETN Limited

Requested by
https://bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=
Certificate
IssuerLet's Encrypt
Subjectdortmark.net
FingerprintFB:73:EE:33:AC:A4:2C:AF:0B:D4:2D:B0:E2:CA:21:16:50:E4:1C:C4
ValidityWed, 27 Sep 2023 17:36:39 GMT - Tue, 26 Dec 2023 17:36:38 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
17 B (17 bytes)
Hash
5b64e8b89092b2e3dfd448b10700627f
484b3032619fa1acd135d114565b0a5166281c22
f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /sync-metrics HTTP/1.1
Host: dortmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 700
Origin: https://bicmifeg.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 26 Nov 2023 03:14:11 GMT
content-type: application/json; charset=utf-8
content-length: 17
x-trace-id: 1a1a71e1f96285a7c230bc55f3ae8463
access-control-allow-origin: https://bicmifeg.top
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

dortmark.net/sync-metrics

139.45.197.248

200 OK

17 B

URL OPTIONS HTTP/2
dortmark.net/sync-metrics
IP
139.45.197.248:443
ASN
#9002 RETN Limited

Requested by
https://bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=
Certificate
IssuerLet's Encrypt
Subjectdortmark.net
FingerprintFB:73:EE:33:AC:A4:2C:AF:0B:D4:2D:B0:E2:CA:21:16:50:E4:1C:C4
ValidityWed, 27 Sep 2023 17:36:39 GMT - Tue, 26 Dec 2023 17:36:38 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
17 B (17 bytes)
Hash
5b64e8b89092b2e3dfd448b10700627f
484b3032619fa1acd135d114565b0a5166281c22
f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /sync-metrics HTTP/1.1
Host: dortmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 1698
Origin: https://bicmifeg.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 26 Nov 2023 03:14:11 GMT
content-type: application/json; charset=utf-8
content-length: 17
x-trace-id: 40a96125929efa6616b6ef7363709db3
access-control-allow-origin: https://bicmifeg.top
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

laugoust.com/zone?&pub=0&zone_id=6163203&is_mobile=false&domain=bicmifeg.top&var=4271345&ymid=&var_3=null&var_4=null&dsig=&tg=1&action=prerequest

139.45.197.250

200 OK

0 B

URL POST HTTP/2
laugoust.com/zone?&pub=0&zone_id=6163203&is_mobile=false&domain=bicmifeg.top&var=4271345&ymid=&var_3=null&var_4=null&dsig=&tg=1&action=prerequest
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=
Certificate
IssuerLet's Encrypt
Subjectlaugoust.com
FingerprintA9:BC:65:A8:77:D8:43:88:8C:04:8F:7D:6A:BB:A4:AE:22:E9:11:52
ValidityTue, 14 Nov 2023 05:09:00 GMT - Mon, 12 Feb 2024 05:08:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /zone?&pub=0&zone_id=6163203&is_mobile=false&domain=bicmifeg.top&var=4271345&ymid=&var_3=null&var_4=null&dsig=&tg=1&action=prerequest HTTP/1.1
Host: laugoust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 200 OK
server: nginx
date: Sun, 26 Nov 2023 03:14:11 GMT
content-length: 0
x-trace-id: e7722cd3b58db8ba76e09bfd229380f5
access-control-allow-origin: null
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

dortmark.net/sync-do

139.45.197.248

200 OK

0 B

URL POST HTTP/2
dortmark.net/sync-do
IP
139.45.197.248:443
ASN
#9002 RETN Limited

Requested by
https://bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=
Certificate
IssuerLet's Encrypt
Subjectdortmark.net
FingerprintFB:73:EE:33:AC:A4:2C:AF:0B:D4:2D:B0:E2:CA:21:16:50:E4:1C:C4
ValidityWed, 27 Sep 2023 17:36:39 GMT - Tue, 26 Dec 2023 17:36:38 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /sync-do HTTP/1.1
Host: dortmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://bicmifeg.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 26 Nov 2023 03:14:11 GMT
content-length: 0
access-control-allow-origin: https://bicmifeg.top
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

dortmark.net/sync-metrics

139.45.197.248

200 OK

17 B

URL OPTIONS HTTP/2
dortmark.net/sync-metrics
IP
139.45.197.248:443
ASN
#9002 RETN Limited

Requested by
https://bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=
Certificate
IssuerLet's Encrypt
Subjectdortmark.net
FingerprintFB:73:EE:33:AC:A4:2C:AF:0B:D4:2D:B0:E2:CA:21:16:50:E4:1C:C4
ValidityWed, 27 Sep 2023 17:36:39 GMT - Tue, 26 Dec 2023 17:36:38 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
17 B (17 bytes)
Hash
5b64e8b89092b2e3dfd448b10700627f
484b3032619fa1acd135d114565b0a5166281c22
f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /sync-metrics HTTP/1.1
Host: dortmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 781
Origin: https://bicmifeg.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 26 Nov 2023 03:14:11 GMT
content-type: application/json; charset=utf-8
content-length: 17
x-trace-id: fe5d4c644600a18020dd7911c8953c85
access-control-allow-origin: https://bicmifeg.top
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

dortmark.net/sync-do

139.45.197.248

200 OK

179 B

URL POST HTTP/2
dortmark.net/sync-do
IP
139.45.197.248:443
ASN
#9002 RETN Limited

Requested by
https://bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=
Certificate
IssuerLet's Encrypt
Subjectdortmark.net
FingerprintFB:73:EE:33:AC:A4:2C:AF:0B:D4:2D:B0:E2:CA:21:16:50:E4:1C:C4
ValidityWed, 27 Sep 2023 17:36:39 GMT - Tue, 26 Dec 2023 17:36:38 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
179 B (179 bytes)
Hash
081142aa1c9267422ee7fd25ac457579
cf8a223610da412aab4cc9aec68f6f304258b3ce
58084d495376ed2e41f026c352cabb187129c58109f2b15caeb1a539deb2cd19

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /sync-do HTTP/1.1
Host: dortmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 163
Origin: https://bicmifeg.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 26 Nov 2023 03:14:11 GMT
content-type: application/json; charset=utf-8
content-length: 179
x-trace-id: d349b2f0959a8458621a209c8e88a412
access-control-allow-origin: https://bicmifeg.top
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

bicmifeg.top/rhd?rb=W4bnUIjLtNJo4pJ62yFGnEdtfkMqdeigV_Z36OYubGOxVv0eGUKXSmHuChgn2zMe9jhB963b6ELXnfG9L-TzT5Q7gsei9BvnyjcK3-fHboCEhpIAIBgQBbfmvhxQqwLJ87XOtzf6I0W3q6H-YEkZvRA77y_bS_Rd0dSa8tU7uIgQ8PoU4fXtZ9Ie3V4iCWjjK20eaz3vEk_PUSN0hPcRSA%3D%3D&request_ab2=0&var_3=&var_4=&zoneid=6606128&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=0&pl=https%3A%2F%2Fbicmifeg.top%2Fsurvey.html%3Foffer_id%3D2025%26geo%3DNO%26z%3D4271345%26b%3D8588505%26var%3D%26var2%3Df759995c-f2c7-4306-928c-967472e8fafc%26ymid%3Dwmga5rtcf9fftr9tifqi214o%26var3%3D%26var4%3D%26utm_medium%3D4271345%26utm_term%3D8588505%26utm_content%3Dzd_public_v2&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-unknown&rhd=1&var=4271345&var_3=&var_4=&ymid=&s=&ab2r=&os_version=&oaid=&domain_onclick=https%3A%2F%2Fbicmifeg.top&m=link

104.21.92.135

200 OK

2.0 kB

URL GET HTTP/3
bicmifeg.top/rhd?rb=W4bnUIjLtNJo4pJ62yFGnEdtfkMqdeigV_Z36OYubGOxVv0eGUKXSmHuChgn2zMe9jhB963b6ELXnfG9L-TzT5Q7gsei9BvnyjcK3-fHboCEhpIAIBgQBbfmvhxQqwLJ87XOtzf6I0W3q6H-YEkZvRA77y_bS_Rd0dSa8tU7uIgQ8PoU4fXtZ9Ie3V4iCWjjK20eaz3vEk_PUSN0hPcRSA%3D%3D&request_ab2=0&var_3=&var_4=&zoneid=6606128&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=0&pl=https%3A%2F%2Fbicmifeg.top%2Fsurvey.html%3Foffer_id%3D2025%26geo%3DNO%26z%3D4271345%26b%3D8588505%26var%3D%26var2%3Df759995c-f2c7-4306-928c-967472e8fafc%26ymid%3Dwmga5rtcf9fftr9tifqi214o%26var3%3D%26var4%3D%26utm_medium%3D4271345%26utm_term%3D8588505%26utm_content%3Dzd_public_v2&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-unknown&rhd=1&var=4271345&var_3=&var_4=&ymid=&s=&ab2r=&os_version=&oaid=&domain_onclick=https%3A%2F%2Fbicmifeg.top&m=link
IP
104.21.92.135:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=
Certificate
IssuerGoogle Trust Services LLC
Subjectbicmifeg.top
Fingerprint4A:CE:EE:B9:D0:1E:7C:34:E9:18:E4:44:33:A9:5B:A6:78:BF:DC:CB
ValidityMon, 02 Oct 2023 09:29:41 GMT - Sun, 31 Dec 2023 09:29:40 GMT

File type
gzip compressed data, from Unix\012- data
Size
2.0 kB (2008 bytes)
Hash
c0034d6beace963a41100a5246dca584
e39b060cd1c3a36493ffe333451e0a18524b3675
9acedc1de4aaffb98bfd334aa385e58fe2dc10e33195b84a2c3582a74258a74f

HTTP Headers

GET /rhd?rb=W4bnUIjLtNJo4pJ62yFGnEdtfkMqdeigV_Z36OYubGOxVv0eGUKXSmHuChgn2zMe9jhB963b6ELXnfG9L-TzT5Q7gsei9BvnyjcK3-fHboCEhpIAIBgQBbfmvhxQqwLJ87XOtzf6I0W3q6H-YEkZvRA77y_bS_Rd0dSa8tU7uIgQ8PoU4fXtZ9Ie3V4iCWjjK20eaz3vEk_PUSN0hPcRSA%3D%3D&request_ab2=0&var_3=&var_4=&zoneid=6606128&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=0&pl=https%3A%2F%2Fbicmifeg.top%2Fsurvey.html%3Foffer_id%3D2025%26geo%3DNO%26z%3D4271345%26b%3D8588505%26var%3D%26var2%3Df759995c-f2c7-4306-928c-967472e8fafc%26ymid%3Dwmga5rtcf9fftr9tifqi214o%26var3%3D%26var4%3D%26utm_medium%3D4271345%26utm_term%3D8588505%26utm_content%3Dzd_public_v2&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-unknown&rhd=1&var=4271345&var_3=&var_4=&ymid=&s=&ab2r=&os_version=&oaid=&domain_onclick=https%3A%2F%2Fbicmifeg.top&m=link HTTP/1.1
Host: bicmifeg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: ID=8kmmvuymcwgw36gssi53nnh855jrwxfs; OAID=3b8c81cffb924ea48e9ffdb22be47f51; oaidts=1700968451; prefetchAd_6606128=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 26 Nov 2023 03:14:11 GMT
content-type: application/json
vary: Accept-Encoding
x-trace-id: ac65d5c11780d6b001dfde24430b7a27
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: *
set-cookie: OAID=3b8c81cffb924ea48e9ffdb22be47f51; expires=Mon, 25 Nov 2024 03:14:11 GMT; path=/; secure; SameSite=None
oaidts=1700968451; expires=Mon, 25 Nov 2024 03:14:11 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: gzip
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=76Q2jzRHZ6O5peMdoBwjmzAoYN8AI%2B7qheoeBE0540GFZ4WZ2VhbaOx3xEUrYQPuBsNcL%2FEe3bDGGYgYRGhoFLD%2B0dInpOItcgJYxipindTpvcVQJo32cN2omtTCyCE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82bef5b4bd9d56a4-OSL
alt-svc: h3=":443"; ma=86400

www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/recaptcha__en.js

142.250.74.99

200 OK

191 kB

URL GET HTTP/2
www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/recaptcha__en.js
IP
142.250.74.99:443
ASN
#15169 GOOGLE

Requested by
https://bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (563)
Size
191 kB (190682 bytes)
Hash
23b9dd721490a4062ba8d01454ef6ba9
efdbb7331585411f7d397dacbf51fd3e95f3031d
4970c7161d03503a3eb5ec49e4190a03445c50cd5a9081714bd13183d2d948a7

HTTP Headers

GET /recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bicmifeg.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 190682
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 24 Nov 2023 18:28:21 GMT
expires: Sat, 23 Nov 2024 18:28:21 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 14 Nov 2023 05:42:11 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 117950
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

dortmark.net/sync-metrics

139.45.197.248

200 OK

17 B

URL OPTIONS HTTP/2
dortmark.net/sync-metrics
IP
139.45.197.248:443
ASN
#9002 RETN Limited

Requested by
https://bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=
Certificate
IssuerLet's Encrypt
Subjectdortmark.net
FingerprintFB:73:EE:33:AC:A4:2C:AF:0B:D4:2D:B0:E2:CA:21:16:50:E4:1C:C4
ValidityWed, 27 Sep 2023 17:36:39 GMT - Tue, 26 Dec 2023 17:36:38 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
17 B (17 bytes)
Hash
5b64e8b89092b2e3dfd448b10700627f
484b3032619fa1acd135d114565b0a5166281c22
f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /sync-metrics HTTP/1.1
Host: dortmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 793
Origin: https://bicmifeg.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 26 Nov 2023 03:14:12 GMT
content-type: application/json; charset=utf-8
content-length: 17
x-trace-id: 0bddc0be3a4ee4b25ce965ff529471b9
access-control-allow-origin: https://bicmifeg.top
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

bicmifeg.top/5/6606128/?abt_opts=1&rhd=1&var=4271345&var_3=&var_4=&ymid=&s=&ab2r=&os_version=&oaid=&domain_onclick=https%3A%2F%2Fbicmifeg.top

104.21.92.135

200 OK

2.8 kB

URL GET HTTP/3
bicmifeg.top/5/6606128/?abt_opts=1&rhd=1&var=4271345&var_3=&var_4=&ymid=&s=&ab2r=&os_version=&oaid=&domain_onclick=https%3A%2F%2Fbicmifeg.top
IP
104.21.92.135:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=
Certificate
IssuerGoogle Trust Services LLC
Subjectbicmifeg.top
Fingerprint4A:CE:EE:B9:D0:1E:7C:34:E9:18:E4:44:33:A9:5B:A6:78:BF:DC:CB
ValidityMon, 02 Oct 2023 09:29:41 GMT - Sun, 31 Dec 2023 09:29:40 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (3014), with no line terminators
Size
2.8 kB (2772 bytes)
Hash
9acc02b0c5d9bc6d0f1ec50afc821b5b
a4e6439d477cefad8ae6e7f478f31061cb63c6c2
d868816af2c2c9f8da71a2acf047dbfea2ac09fce2573c91c33450649b5ba911

HTTP Headers

GET /5/6606128/?abt_opts=1&rhd=1&var=4271345&var_3=&var_4=&ymid=&s=&ab2r=&os_version=&oaid=&domain_onclick=https%3A%2F%2Fbicmifeg.top HTTP/1.1
Host: bicmifeg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: ID=8kmmvuymcwgw36gssi53nnh855jrwxfs
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 26 Nov 2023 03:14:11 GMT
content-type: application/json
vary: Accept-Encoding
x-trace-id: becfe1d6bf37d485dfff189c93bbc57a
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: *
set-cookie: OAID=3b8c81cffb924ea48e9ffdb22be47f51; expires=Mon, 25 Nov 2024 03:14:11 GMT; path=/; secure; SameSite=None
oaidts=1700968451; expires=Mon, 25 Nov 2024 03:14:11 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: gzip
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g5HERSGRmk7Jr55G7%2BuXbmqytjq7GA9UFzp%2BatcFXJrFSzK6AR0vr6VtbNYDBCKAMKsi1NRwoprqRJjx7igxYNpGZlinxvzuuEHX608x8CP6mr%2FcwIxF%2BbDSq%2F4WpFU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82bef5b30c5756a4-OSL
alt-svc: h3=":443"; ma=86400

datatechonert.com/log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a

139.45.195.253

200 OK

12 B

URL POST HTTP/1.1
datatechonert.com/log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a
IP
139.45.195.253:443
ASN
#9002 RETN Limited

Requested by
https://bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=
Certificate
IssuerSectigo Limited
Subjectdatatechonert.com
Fingerprint6F:17:15:C2:7F:CC:16:6C:9D:C0:AD:C3:EE:DA:69:61:8C:77:0B:5B
ValiditySun, 18 Dec 2022 00:00:00 GMT - Sun, 24 Dec 2023 23:59:59 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
6949f52318584a4b51c719a9b84a7287
9fbd870c6afd4bdd6fbbd87f52df2c81dd23e905
72603096ec3515dbc615ab8837fd1b15e91ee827bc7af41d71c9882b08699375

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a HTTP/1.1
Host: datatechonert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1546
Origin: https://bicmifeg.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Sun, 26 Nov 2023 03:14:11 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://bicmifeg.top
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

bicmifeg.top/js/v-index.mjs.8bd6052e.js

104.21.92.135

200 OK

35 kB

URL GET HTTP/3
bicmifeg.top/js/v-index.mjs.8bd6052e.js
IP
104.21.92.135:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=
Certificate
IssuerGoogle Trust Services LLC
Subjectbicmifeg.top
Fingerprint4A:CE:EE:B9:D0:1E:7C:34:E9:18:E4:44:33:A9:5B:A6:78:BF:DC:CB
ValidityMon, 02 Oct 2023 09:29:41 GMT - Sun, 31 Dec 2023 09:29:40 GMT

File type
ASCII text, with very long lines (35287), with no line terminators
Size
35 kB (35287 bytes)
Hash
84d738b248d732b399ed451202265248
2fa2f190bf01e100ed6c06364c20893d2810bf2d
da476aa9d4d60bc2632a234d2106dc28b73ba659c7e63effd444182090b9b0bd

HTTP Headers

GET /js/v-index.mjs.8bd6052e.js HTTP/1.1
Host: bicmifeg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 26 Nov 2023 03:14:11 GMT
content-type: application/javascript
last-modified: Thu, 23 Nov 2023 12:24:11 GMT
vary: Accept-Encoding
etag: W/"655f446b-89d7"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BUIU5r7WHiZRnqetFUd2vaelB1TVrySSau9W0S291oLMWMmj0%2B9eoliik7rzo4tkIfU7OD6OiWn7aC4kxX8Mip22hHtAuZxYBz%2Bbgs7W08%2FD7l%2BtbnW8nCCabsczAIY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82bef5b29c1756a4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

bicmifeg.top/css/survey.9397cb8c.css

104.21.92.135

200 OK

68 kB

URL GET HTTP/3
bicmifeg.top/css/survey.9397cb8c.css
IP
104.21.92.135:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=
Certificate
IssuerGoogle Trust Services LLC
Subjectbicmifeg.top
Fingerprint4A:CE:EE:B9:D0:1E:7C:34:E9:18:E4:44:33:A9:5B:A6:78:BF:DC:CB
ValidityMon, 02 Oct 2023 09:29:41 GMT - Sun, 31 Dec 2023 09:29:40 GMT

File type
ASCII text, with very long lines (36535)
Size
68 kB (68546 bytes)
Hash
51b2ff103cec27fc5f1a9cab99aa404d
2686f9f4f8dd9957ed5e17214b7788a115b0f413
c5a511e52a65367f697661546a2c80989df9fe48e835da85b1919680f0f61971

HTTP Headers

GET /css/survey.9397cb8c.css HTTP/1.1
Host: bicmifeg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 26 Nov 2023 03:14:10 GMT
content-type: text/css
last-modified: Thu, 23 Nov 2023 12:24:13 GMT
vary: Accept-Encoding
etag: W/"655f446d-10bc2"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BWJzfE0GuL%2FSHJ6gtkzcDOnYpsc9k112RA3eOuugxzSkbvUbXGl9VMqR5ITUr4oo0WH2Z976RH2An%2BNDDPu3FXuDZKg9XQaUIDYZLquuCG4OCIPOfFh9xjkjM4oNNaE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82bef5b04af156a4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

bicmifeg.top/js/v-constants.js.c1971864.js

104.21.92.135

200 OK

600 B

URL GET HTTP/3
bicmifeg.top/js/v-constants.js.c1971864.js
IP
104.21.92.135:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=
Certificate
IssuerGoogle Trust Services LLC
Subjectbicmifeg.top
Fingerprint4A:CE:EE:B9:D0:1E:7C:34:E9:18:E4:44:33:A9:5B:A6:78:BF:DC:CB
ValidityMon, 02 Oct 2023 09:29:41 GMT - Sun, 31 Dec 2023 09:29:40 GMT

File type
ASCII text, with very long lines (664), with no line terminators
Size
600 B (600 bytes)
Hash
26b0e992180c48f7b3364cfc0144bf43
857bbcd82127f270a6db0423fcede837bd11b4c2
4b4244c6d1cae9bea4dfe1b087bf58d0fb2570d451149a92aabe096046d43e3b

HTTP Headers

GET /js/v-constants.js.c1971864.js HTTP/1.1
Host: bicmifeg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 26 Nov 2023 03:14:11 GMT
content-type: application/javascript
last-modified: Thu, 23 Nov 2023 12:24:11 GMT
vary: Accept-Encoding
etag: W/"655f446b-258"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ygdKI94%2B%2BjEH9Nn%2FiSXxJR0Ci%2BPdp5ot9DitcEG5MzdQue9DCt32n4FVKs5t%2F6ji%2BUtNMwUwn6DkQdHdi2xTmTLk%2BQQuzFQAOVjLRfnwmogvKq8dpQisgcmzkm2qW28%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82bef5b29c2056a4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

bicmifeg.top/js/v-domparser.js.cdcf98c4.js

104.21.92.135

200 OK

1.7 kB

URL GET HTTP/3
bicmifeg.top/js/v-domparser.js.cdcf98c4.js
IP
104.21.92.135:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=
Certificate
IssuerGoogle Trust Services LLC
Subjectbicmifeg.top
Fingerprint4A:CE:EE:B9:D0:1E:7C:34:E9:18:E4:44:33:A9:5B:A6:78:BF:DC:CB
ValidityMon, 02 Oct 2023 09:29:41 GMT - Sun, 31 Dec 2023 09:29:40 GMT

File type
ASCII text, with very long lines (1772), with no line terminators
Size
1.7 kB (1720 bytes)
Hash
6697b40c63dcbd5ecb5a26129bf0517f
576b12c7a96b93bf864b509b9b52520410cbd677
c7b42c139fb900c9581f4031feaf4ad1c58a0ba289f1515d96d0c410cf5ac3f4

HTTP Headers

GET /js/v-domparser.js.cdcf98c4.js HTTP/1.1
Host: bicmifeg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 26 Nov 2023 03:14:11 GMT
content-type: application/javascript
last-modified: Thu, 23 Nov 2023 12:24:13 GMT
vary: Accept-Encoding
etag: W/"655f446d-6b8"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uCT5n31RWbDZCt5%2B0GYkAiSQdr62BSMWnBQpg5wCkyrFHvfr6TWbrxHcA9Fu4nyfun7kUxDUim0fJy1fOrFiWqPQ2xpJHENQwezlRFQvXeFij57ssgR81rJ86iqig1Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82bef5b29c1c56a4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=

104.21.92.135

200 OK

7.5 kB

URL User Request GET HTTP/2
bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=
IP
104.21.92.135:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectbicmifeg.top
Fingerprint4A:CE:EE:B9:D0:1E:7C:34:E9:18:E4:44:33:A9:5B:A6:78:BF:DC:CB
ValidityMon, 02 Oct 2023 09:29:41 GMT - Sun, 31 Dec 2023 09:29:40 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (7825), with no line terminators
Size
7.5 kB (7541 bytes)
Hash
7f720dc92bc88519841edd0876e617c7
e5b9d4bd00e3f7474e8fdb9aa337156b84fb9c66
58e6cb390b1408eea2352d607f2cd1d4c41d350b862aa2d16f5705a68ac9fbd9

HTTP Headers

GET /survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4= HTTP/1.1
Host: bicmifeg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 26 Nov 2023 03:14:10 GMT
content-type: text/html
last-modified: Thu, 23 Nov 2023 12:24:11 GMT
vary: Accept-Encoding
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oqdUkjLgOZZUC%2FlVIdwxJvAqGbcZJPbCBCY74AzgenSafycoqza9JTbDSChxHmM47w7U62nZQLGXKd417Nq8ds7uiN40SON%2BRrQ7J5UjOTy00f5tbHRL8wQjSv6kakw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82bef5ad5c270b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

bicmifeg.top/js/s-checkSessionStorageAvailable.ts.64e0808f.js

104.21.92.135

200 OK

330 B

URL GET HTTP/3
bicmifeg.top/js/s-checkSessionStorageAvailable.ts.64e0808f.js
IP
104.21.92.135:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=
Certificate
IssuerGoogle Trust Services LLC
Subjectbicmifeg.top
Fingerprint4A:CE:EE:B9:D0:1E:7C:34:E9:18:E4:44:33:A9:5B:A6:78:BF:DC:CB
ValidityMon, 02 Oct 2023 09:29:41 GMT - Sun, 31 Dec 2023 09:29:40 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (338), with no line terminators
Size
330 B (330 bytes)
Hash
ccd43691e643ab6c85d8bb3c6b90b763
6da6e319d41211641ee53c4f512366c04b40aea2
b863796007e1021325c0c95db5d05bd3ab0a15feedf1ecf7b814b127d072ca28

HTTP Headers

GET /js/s-checkSessionStorageAvailable.ts.64e0808f.js HTTP/1.1
Host: bicmifeg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 26 Nov 2023 03:14:10 GMT
content-type: application/javascript
last-modified: Thu, 23 Nov 2023 12:24:11 GMT
vary: Accept-Encoding
etag: W/"655f446b-14a"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YYRivg7514N8tLozH%2F5%2FRYWVLRJuseLiQZpExQnLWtE%2BWmy%2BruQClr9RWo3Hezz3rLXjYYQhMVw3Vw260M0UYsCt7deUPTuIn16TTMQc94CBXCCo50TsjIAFTAtFsgw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82bef5b04ae556a4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

bicmifeg.top/js/v-html-to-dom.js.35904a79.js

104.21.92.135

200 OK

364 B

URL GET HTTP/3
bicmifeg.top/js/v-html-to-dom.js.35904a79.js
IP
104.21.92.135:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=
Certificate
IssuerGoogle Trust Services LLC
Subjectbicmifeg.top
Fingerprint4A:CE:EE:B9:D0:1E:7C:34:E9:18:E4:44:33:A9:5B:A6:78:BF:DC:CB
ValidityMon, 02 Oct 2023 09:29:41 GMT - Sun, 31 Dec 2023 09:29:40 GMT

File type
ASCII text, with very long lines (373), with no line terminators
Size
364 B (364 bytes)
Hash
4b4acf5103c4f879c1889c51719c6438
433b69867bca3a96bee541601d86e4bf2bb518e7
8b86db7eaa1b2c0dc6a5af4c3c872af8631ef5ce706db396a0eba9d2529bd2d8

HTTP Headers

GET /js/v-html-to-dom.js.35904a79.js HTTP/1.1
Host: bicmifeg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 26 Nov 2023 03:14:11 GMT
content-type: application/javascript
last-modified: Thu, 23 Nov 2023 12:24:11 GMT
vary: Accept-Encoding
etag: W/"655f446b-16c"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VbMHmwRCwKQ4nXS%2F6d%2FgRexjpWoEMWB26tGwi8zzl%2FDTZpsDAnEWaJVLhU2OXXhO%2F9bz7bx%2BGTfeOmeMWHM99W%2FR6C0%2B7fGG2%2BkEikaiCiMV3NRfZNtjWIjPPGBhi1Q%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82bef5b29c1f56a4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

bicmifeg.top/sw/sw6163203.js?var=4271345&var_3=null&var_4=null&ab2_ttl=5184000000

104.21.92.135

200 OK

1.3 kB

URL GET HTTP/3
bicmifeg.top/sw/sw6163203.js?var=4271345&var_3=null&var_4=null&ab2_ttl=5184000000
IP
104.21.92.135:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=
Certificate
IssuerGoogle Trust Services LLC
Subjectbicmifeg.top
Fingerprint4A:CE:EE:B9:D0:1E:7C:34:E9:18:E4:44:33:A9:5B:A6:78:BF:DC:CB
ValidityMon, 02 Oct 2023 09:29:41 GMT - Sun, 31 Dec 2023 09:29:40 GMT

File type
ASCII text, with very long lines (1381), with no line terminators
Size
1.3 kB (1321 bytes)
Hash
849a6c66f58cb89bf2ff6062f565e221
bf062cc02843667564e3b1ac1d13deb9c5206311
5779075245c78b9848a240be3ee8d4ea5aaca38e1642cd6a6af896e58663ba47

HTTP Headers

GET /sw/sw6163203.js?var=4271345&var_3=null&var_4=null&ab2_ttl=5184000000 HTTP/1.1
Host: bicmifeg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: ID=8kmmvuymcwgw36gssi53nnh855jrwxfs; OAID=8kmmvuymcwgw36gssi53nnh855jrwxfs; oaidts=1700968451; prefetchAd_6606128=true; syncedCookie=true; prefetchAd_4292579=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 26 Nov 2023 03:14:12 GMT
content-type: application/javascript
last-modified: Thu, 23 Nov 2023 12:24:11 GMT
vary: Accept-Encoding
etag: W/"655f446b-529"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UN%2FePXu9jQ6v7w%2Fdvm%2B6fvWgvhcp2jvzLShIn5HJRQyi62%2BCaAcbz8L0XI%2Bk0oIapGbYIfhrbIZF6V5x2JbQ2xzuioW0aFvF5tHYf6sg5QtErHo4XYZzJxTZ7%2BVinho%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82bef5b938a256a4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

bicmifeg.top/js/s-storageService.js.dcc3c1e0.js

104.21.92.135

200 OK

2.2 kB

URL GET HTTP/3
bicmifeg.top/js/s-storageService.js.dcc3c1e0.js
IP
104.21.92.135:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=
Certificate
IssuerGoogle Trust Services LLC
Subjectbicmifeg.top
Fingerprint4A:CE:EE:B9:D0:1E:7C:34:E9:18:E4:44:33:A9:5B:A6:78:BF:DC:CB
ValidityMon, 02 Oct 2023 09:29:41 GMT - Sun, 31 Dec 2023 09:29:40 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (2216), with no line terminators
Size
2.2 kB (2170 bytes)
Hash
ea8cf0f771c5396bbefe25cef9b89f7e
e920a2c67938a33764003827cd5b7f974fdfe35f
d56819f605f9c568c4f94b102a73fded511269361779a59064f331de95740e35

HTTP Headers

GET /js/s-storageService.js.dcc3c1e0.js HTTP/1.1
Host: bicmifeg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 26 Nov 2023 03:14:10 GMT
content-type: application/javascript
last-modified: Thu, 23 Nov 2023 12:24:11 GMT
vary: Accept-Encoding
etag: W/"655f446b-87a"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jWluVBCiie5rdT4Amtr%2FYc4%2BuJVwpqCwa3Ul6E8uEcl7GyUHalliVpV3EkMhV3DgO5ZkmDA5JUv9ZDFN41l9wo8i6oXRFj3IChMsk9%2FD4YAUjqIdzz08mb3zanlRQlY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82bef5b04ae456a4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

bicmifeg.top/js/s-checkLocalStorageAvailable.ts.408307af.js

104.21.92.135

200 OK

330 B

URL GET HTTP/3
bicmifeg.top/js/s-checkLocalStorageAvailable.ts.408307af.js
IP
104.21.92.135:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=
Certificate
IssuerGoogle Trust Services LLC
Subjectbicmifeg.top
Fingerprint4A:CE:EE:B9:D0:1E:7C:34:E9:18:E4:44:33:A9:5B:A6:78:BF:DC:CB
ValidityMon, 02 Oct 2023 09:29:41 GMT - Sun, 31 Dec 2023 09:29:40 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (338), with no line terminators
Size
330 B (330 bytes)
Hash
6ecd36e2854fd2ecdba5c9c2c6465aa4
2322b35026d897bb5adaf0fdc850ecfc867b6114
cda5dddff6f923b4aeaf1846911888ddf6f1c22da6ca51bd04dd2c075362c6d7

HTTP Headers

GET /js/s-checkLocalStorageAvailable.ts.408307af.js HTTP/1.1
Host: bicmifeg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 26 Nov 2023 03:14:10 GMT
content-type: application/javascript
last-modified: Thu, 23 Nov 2023 12:24:12 GMT
vary: Accept-Encoding
etag: W/"655f446c-14a"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n51ue1aOWqt3Irr%2BQEQTLVGxS1HsaaCJ%2F8mqR2l3o8Ippru5UhoWfjdOIjxGa694s6rYbWz0rnsiOehQS9EAzALK%2FhhxZRb2YZe78i2IvRVvIGsf%2Fp5%2FQLjrTKlK0%2BY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82bef5b04ae956a4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

bicmifeg.top/pfe/current/micro.tag.min.js?z=6163203&sw=/sw/sw6163203.js&var=4271345&var_3=null&var_4=null&ymid=&cdn=1&domain=laugoust.com&ab2_ttl=5184000000

104.21.92.135

200 OK

27 kB

URL GET HTTP/3
bicmifeg.top/pfe/current/micro.tag.min.js?z=6163203&sw=/sw/sw6163203.js&var=4271345&var_3=null&var_4=null&ymid=&cdn=1&domain=laugoust.com&ab2_ttl=5184000000
IP
104.21.92.135:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=
Certificate
IssuerGoogle Trust Services LLC
Subjectbicmifeg.top
Fingerprint4A:CE:EE:B9:D0:1E:7C:34:E9:18:E4:44:33:A9:5B:A6:78:BF:DC:CB
ValidityMon, 02 Oct 2023 09:29:41 GMT - Sun, 31 Dec 2023 09:29:40 GMT

File type
ASCII text, with very long lines (26953), with no line terminators
Size
27 kB (26953 bytes)
Hash
7cfed967ba7094f80855e9c7850f359e
f0acba47cbaae0bf415996d43fdde90f109f1cff
8f13eabfe1290926119e6421d35719e33ef68384b295eaee367923d75de2dc17

HTTP Headers

GET /pfe/current/micro.tag.min.js?z=6163203&sw=/sw/sw6163203.js&var=4271345&var_3=null&var_4=null&ymid=&cdn=1&domain=laugoust.com&ab2_ttl=5184000000 HTTP/1.1
Host: bicmifeg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 26 Nov 2023 03:14:11 GMT
content-type: application/javascript
last-modified: Thu, 23 Nov 2023 12:24:11 GMT
vary: Accept-Encoding
etag: W/"655f446b-6949"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o8hHsqtZRoIhWm%2BCDEkKa6NWBW0XM1f3ay7M0q3bSElibJ3Uio7I5j%2BA9hAlqEMtjPC%2Bl8UZ%2Bx3TR8fHzWS0eLEhI6qvqDBOvVEPx6nPgr8n8MvKRHgeScApjRbfUzs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82bef5b27c0a56a4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

bicmifeg.top/img/comments/person-2.webp

104.21.92.135

200 OK

1.1 kB

URL GET HTTP/3
bicmifeg.top/img/comments/person-2.webp
IP
104.21.92.135:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=
Certificate
IssuerGoogle Trust Services LLC
Subjectbicmifeg.top
Fingerprint4A:CE:EE:B9:D0:1E:7C:34:E9:18:E4:44:33:A9:5B:A6:78:BF:DC:CB
ValidityMon, 02 Oct 2023 09:29:41 GMT - Sun, 31 Dec 2023 09:29:40 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
1.1 kB (1104 bytes)
Hash
cd20c1e86fd66d301b6e35a97af461fd
3f92712ef775681d59dfd96bb9b6429227a944e9
0d5556f5acd9a72ca66c6bfab3d813e35f504dcf73e6e6baca816da78a8fbad0

HTTP Headers

GET /img/comments/person-2.webp HTTP/1.1
Host: bicmifeg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: ID=8kmmvuymcwgw36gssi53nnh855jrwxfs; OAID=3b8c81cffb924ea48e9ffdb22be47f51; oaidts=1700968451
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 26 Nov 2023 03:14:11 GMT
content-type: image/webp
content-length: 1104
last-modified: Thu, 23 Nov 2023 12:24:12 GMT
vary: Accept-Encoding
etag: "655f446c-450"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5%2B7I3p18obm%2Fea%2BHo8U6r4Fivrtn805hejZIEINi7UKTOLaVrooZY217bgXFz6aHCb2IxYj%2FycYxB0FKlUj%2FWKxgP32L19MC44%2Bd%2Br%2F%2BwlIcZHE1gnCr9StxtMnR2pQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82bef5b3ccb856a4-OSL
alt-svc: h3=":443"; ma=86400

bicmifeg.top/5/4292579/?abt_opts=1&rhd=1&var=4271345&var_3=&var_4=&ymid=&s=&ab2r=&os_version=&oaid=8kmmvuymcwgw36gssi53nnh855jrwxfs&domain_onclick=https%3A%2F%2Fbicmifeg.top

104.21.92.135

200 OK

2.8 kB

URL GET HTTP/3
bicmifeg.top/5/4292579/?abt_opts=1&rhd=1&var=4271345&var_3=&var_4=&ymid=&s=&ab2r=&os_version=&oaid=8kmmvuymcwgw36gssi53nnh855jrwxfs&domain_onclick=https%3A%2F%2Fbicmifeg.top
IP
104.21.92.135:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=
Certificate
IssuerGoogle Trust Services LLC
Subjectbicmifeg.top
Fingerprint4A:CE:EE:B9:D0:1E:7C:34:E9:18:E4:44:33:A9:5B:A6:78:BF:DC:CB
ValidityMon, 02 Oct 2023 09:29:41 GMT - Sun, 31 Dec 2023 09:29:40 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (3002), with no line terminators
Size
2.8 kB (2760 bytes)
Hash
1424649042c74d13ca5b6d435fa7dd3f
862f258d6ab521513ddcee5807ae43956acd38af
4b83e7bebe6142ec35be8b15955f61950f0c84b82dba18c9c8cf464507f6f6dd

HTTP Headers

GET /5/4292579/?abt_opts=1&rhd=1&var=4271345&var_3=&var_4=&ymid=&s=&ab2r=&os_version=&oaid=8kmmvuymcwgw36gssi53nnh855jrwxfs&domain_onclick=https%3A%2F%2Fbicmifeg.top HTTP/1.1
Host: bicmifeg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: ID=8kmmvuymcwgw36gssi53nnh855jrwxfs; OAID=3b8c81cffb924ea48e9ffdb22be47f51; oaidts=1700968451; prefetchAd_6606128=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 26 Nov 2023 03:14:11 GMT
content-type: application/json
vary: Accept-Encoding
x-trace-id: 7815295d84d3a3337713d7e86aa0e792
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: *
set-cookie: OAID=8kmmvuymcwgw36gssi53nnh855jrwxfs; expires=Mon, 25 Nov 2024 03:14:11 GMT; path=/; secure; SameSite=None
oaidts=1700968451; expires=Mon, 25 Nov 2024 03:14:11 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sun, 03 Dec 2023 03:14:11 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: gzip
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jg0ZQ3ENgPdBxVXsyVOhCnsu7DMMSTR2jsiS9PmmNSEpz2fwkmJHV5t7vJsLXkogNlXIhVV0L6NodrmY2bHuwBVep58EbIQCPFRqc8RSBisU%2Fz70rrH01N%2F72NFvxhY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82bef5b64ec856a4-OSL
alt-svc: h3=":443"; ma=86400

bicmifeg.top/js/v-redux-toolkit.esm.js.7e700275.js

104.21.92.135

200 OK

11 kB

URL GET HTTP/3
bicmifeg.top/js/v-redux-toolkit.esm.js.7e700275.js
IP
104.21.92.135:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=
Certificate
IssuerGoogle Trust Services LLC
Subjectbicmifeg.top
Fingerprint4A:CE:EE:B9:D0:1E:7C:34:E9:18:E4:44:33:A9:5B:A6:78:BF:DC:CB
ValidityMon, 02 Oct 2023 09:29:41 GMT - Sun, 31 Dec 2023 09:29:40 GMT

File type
ASCII text, with very long lines (11319), with no line terminators
Size
11 kB (11319 bytes)
Hash
5c4a90eeda1e56b88bc80e817c0a4112
d72a555b18a0be611de4957f893e94ab9b4894ce
2483003d35f9dc1fdd630695570618f0ad6265c82193f374bef706a90324f142

HTTP Headers

GET /js/v-redux-toolkit.esm.js.7e700275.js HTTP/1.1
Host: bicmifeg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 26 Nov 2023 03:14:10 GMT
content-type: application/javascript
last-modified: Thu, 23 Nov 2023 12:24:11 GMT
vary: Accept-Encoding
etag: W/"655f446b-2c37"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tC9%2BIqVi0YTKticL%2FaUF5WZ5UXi8OlaP2rmL3rjkHMjAmT1XlE4TWbjI9UlC9cIAfFarSBEZSVg0r9JJdxMQ%2Fn8Z%2BClvlD37aUhEaEyID7QV8uU6%2BGBtBnQkR52VGSg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82bef5b04aeb56a4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

bicmifeg.top/js/config/sd/sd-2025-en.js?v=10

104.21.92.135

200 OK

12 kB

URL GET HTTP/3
bicmifeg.top/js/config/sd/sd-2025-en.js?v=10
IP
104.21.92.135:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=
Certificate
IssuerGoogle Trust Services LLC
Subjectbicmifeg.top
Fingerprint4A:CE:EE:B9:D0:1E:7C:34:E9:18:E4:44:33:A9:5B:A6:78:BF:DC:CB
ValidityMon, 02 Oct 2023 09:29:41 GMT - Sun, 31 Dec 2023 09:29:40 GMT

File type
ASCII text, with very long lines (12322), with no line terminators
Size
12 kB (12322 bytes)
Hash
75241d4ada4db3c2b9fbb40d40e3b9da
996bf2455d982e5073faa89365ddc4e9cedd692a
b87aad84fe0176e7f8402d37d67039ee594100c35c43451e05129ef415e069d5

HTTP Headers

GET /js/config/sd/sd-2025-en.js?v=10 HTTP/1.1
Host: bicmifeg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 26 Nov 2023 03:14:10 GMT
content-type: application/javascript
last-modified: Thu, 23 Nov 2023 12:24:11 GMT
vary: Accept-Encoding
etag: W/"655f446b-3022"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qumms9iJLcVxYL1Eukk1Sc27ulR9y%2Fqz6pGd6EsTaSwy4lyx4ZqxPrjMxdQJWJ8%2F6S6YjbvPwcecX7KaQxkCRgwKcP2K5O2ZMz3db9HQs%2F5aC1koq1ktp0VwtWuSK8s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82bef5b1aba056a4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

bicmifeg.top/js/v-possibleStandardNamesOptimized.js.8c2143d2.js

104.21.92.135

200 OK

7.6 kB

URL GET HTTP/3
bicmifeg.top/js/v-possibleStandardNamesOptimized.js.8c2143d2.js
IP
104.21.92.135:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=
Certificate
IssuerGoogle Trust Services LLC
Subjectbicmifeg.top
Fingerprint4A:CE:EE:B9:D0:1E:7C:34:E9:18:E4:44:33:A9:5B:A6:78:BF:DC:CB
ValidityMon, 02 Oct 2023 09:29:41 GMT - Sun, 31 Dec 2023 09:29:40 GMT

File type
ASCII text, with very long lines (7923), with no line terminators
Size
7.6 kB (7577 bytes)
Hash
71366117f7f04ce48f22cc399a818fff
2b0db9e931f84ff91afaaacc9895030161e2c00e
5e189e73eb05da864d14ee3ca4847cc4276857d06b6833e05232a8740c95b745

HTTP Headers

GET /js/v-possibleStandardNamesOptimized.js.8c2143d2.js HTTP/1.1
Host: bicmifeg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 26 Nov 2023 03:14:11 GMT
content-type: application/javascript
last-modified: Thu, 23 Nov 2023 12:24:13 GMT
vary: Accept-Encoding
etag: W/"655f446d-1d99"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YPH4o4t66Z7%2B2U278B9Ho1PZDzZ%2BsrJvyYuaghEfLx4JVcOk4Xnlm458iFga%2F2k7v7ZD7CCdmGWy64LxiAOBDK25QOJGiJ9ZfqGtK9NLYnKClQVTllScS%2FXaPHwAdUY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82bef5b29c1a56a4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

bicmifeg.top/favicon.ico

104.21.92.135

200 OK

1.2 kB

URL GET HTTP/3
bicmifeg.top/favicon.ico
IP
104.21.92.135:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=
Certificate
IssuerGoogle Trust Services LLC
Subjectbicmifeg.top
Fingerprint4A:CE:EE:B9:D0:1E:7C:34:E9:18:E4:44:33:A9:5B:A6:78:BF:DC:CB
ValidityMon, 02 Oct 2023 09:29:41 GMT - Sun, 31 Dec 2023 09:29:40 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Size
1.2 kB (1150 bytes)
Hash
668ba1a9fa1890ba16cb8adc28d3dad8
5e35223b2541265114eaf61b9da2556c812fea17
7746cf1b553433822522f2dc432f55fe64eee1f1cf823ef6adfde02e58e1d7e2

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: bicmifeg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: ID=8kmmvuymcwgw36gssi53nnh855jrwxfs; OAID=8kmmvuymcwgw36gssi53nnh855jrwxfs; oaidts=1700968451; prefetchAd_6606128=true; syncedCookie=true; prefetchAd_4292579=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 26 Nov 2023 03:14:11 GMT
content-type: image/x-icon
last-modified: Thu, 23 Nov 2023 12:24:12 GMT
vary: Accept-Encoding
etag: W/"655f446c-47e"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ik21VnACAwdRWWkrr9mgBYeEjDzBUzpBuzxJfy%2FkA74c1ra9rR7QtGi7i6s%2Fx%2B40%2FNE8WKDYgC5JKNG1zrTNjOHKG5Kxql1GjaaROi7dWgRjF9H0rK11yahB%2BT%2Fq1LM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82bef5b7efdc56a4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

bicmifeg.top/js/_prefetcher.cc27e33f.js

104.21.92.135

200 OK

2.3 kB

URL GET HTTP/3
bicmifeg.top/js/_prefetcher.cc27e33f.js
IP
104.21.92.135:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=
Certificate
IssuerGoogle Trust Services LLC
Subjectbicmifeg.top
Fingerprint4A:CE:EE:B9:D0:1E:7C:34:E9:18:E4:44:33:A9:5B:A6:78:BF:DC:CB
ValidityMon, 02 Oct 2023 09:29:41 GMT - Sun, 31 Dec 2023 09:29:40 GMT

File type
ASCII text, with very long lines (2382), with no line terminators
Size
2.3 kB (2320 bytes)
Hash
d7116ca885b246c251f70cc81c166d9e
5af0f9a674afe13d5a4652bbb54a652c6db72f7c
de79c3d9c549de82962da6994e38cfde6756cfdf9ad317e3444c79ff80494422

HTTP Headers

GET /js/_prefetcher.cc27e33f.js HTTP/1.1
Host: bicmifeg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 26 Nov 2023 03:14:10 GMT
content-type: application/javascript
last-modified: Thu, 23 Nov 2023 12:24:11 GMT
vary: Accept-Encoding
etag: W/"655f446b-910"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9U%2F9rZ2FbAJ%2BvNUxdii4BF7v2KdU9FwHtmBTBh82LmGIY2or57lBk2mWjJ%2Bqy0R6qpUoDkBUBmFBS4f9BTNoleNYVcPBVDzSmOfYIeWV07VrJxqlePECV5Q86WqXg%2Bo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82bef5b03ade56a4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

bicmifeg.top/js/_rtc.9caec59f.js

104.21.92.135

200 OK

12 kB

URL GET HTTP/3
bicmifeg.top/js/_rtc.9caec59f.js
IP
104.21.92.135:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=
Certificate
IssuerGoogle Trust Services LLC
Subjectbicmifeg.top
Fingerprint4A:CE:EE:B9:D0:1E:7C:34:E9:18:E4:44:33:A9:5B:A6:78:BF:DC:CB
ValidityMon, 02 Oct 2023 09:29:41 GMT - Sun, 31 Dec 2023 09:29:40 GMT

File type
ASCII text, with very long lines (12222), with no line terminators
Size
12 kB (12222 bytes)
Hash
d56f1e908ff52945462002157fcc0c42
9176c5bc564a6c6b8ab0f6ee956a4dde5411b4cb
9d2c7e356141f30e9a4c41aed693434151170ea35b016e825ceda4cf292a6a6b

HTTP Headers

GET /js/_rtc.9caec59f.js HTTP/1.1
Host: bicmifeg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 26 Nov 2023 03:14:10 GMT
content-type: application/javascript
last-modified: Thu, 23 Nov 2023 12:24:11 GMT
vary: Accept-Encoding
etag: W/"655f446b-2fbe"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YkvN%2FgA3DziXBKXL1FGLXBACSgdEMCm1O88y%2FOd43KNofrk4%2BwI%2BSOeME%2B0%2FHJkWs8aRyUng4fHhAL1GVIAaA9O%2FKJT7zC3%2BF%2FYyU2xf6sQFbuF7w9ZoXu3q1%2F2HOJI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82bef5b04ae056a4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

bicmifeg.top/js/v-react-dom.production.min.js.3953e665.js

104.21.92.135

200 OK

129 kB

URL GET HTTP/3
bicmifeg.top/js/v-react-dom.production.min.js.3953e665.js
IP
104.21.92.135:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=
Certificate
IssuerGoogle Trust Services LLC
Subjectbicmifeg.top
Fingerprint4A:CE:EE:B9:D0:1E:7C:34:E9:18:E4:44:33:A9:5B:A6:78:BF:DC:CB
ValidityMon, 02 Oct 2023 09:29:41 GMT - Sun, 31 Dec 2023 09:29:40 GMT

File type
ASCII text, with very long lines (65440)
Size
129 kB (129359 bytes)
Hash
7d48d1609cd0ce12a2989e21ee5d872d
5ecae1623de7fd308b1cb9fe1a23757de6ec87ae
846ad8cf3ac730e51fc4044c2f0bf4b3b7214777317c3fbfcbaf1fa17e7ee1d2

HTTP Headers

GET /js/v-react-dom.production.min.js.3953e665.js HTTP/1.1
Host: bicmifeg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 26 Nov 2023 03:14:10 GMT
content-type: application/javascript
last-modified: Thu, 23 Nov 2023 12:24:11 GMT
vary: Accept-Encoding
etag: W/"655f446b-1f94f"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SuLlzPi4Tvd55cAJaIWOTJ7QqllvAy0hDy565fRjm5K%2BJBpmRLb%2BnYy2%2FrKCOeqDJpTbevy6OtF4XIJXvQEJReIp3X3DTab5ACpRwHk6LouVbMDFR%2BgEPzHUYrNvz7A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82bef5b04aed56a4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

offpichuan.com/track?offer_id=2025&z=4271345&variable2=wmga5rtcf9fftr9tifqi214o&uid=8kmmvuymcwgw36gssi53nnh855jrwxfsundefinedundefined

139.45.197.237

200 OK

170 B

URL GET HTTP/2
offpichuan.com/track?offer_id=2025&z=4271345&variable2=wmga5rtcf9fftr9tifqi214o&uid=8kmmvuymcwgw36gssi53nnh855jrwxfsundefinedundefined
IP
139.45.197.237:443
ASN
#9002 RETN Limited

Requested by
https://bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=
Certificate
IssuerLet's Encrypt
Subjectoffpichuan.com
Fingerprint23:6C:06:58:D1:E8:4C:43:C9:36:79:DD:E0:BD:B8:81:CE:A1:8E:10
ValidityTue, 12 Sep 2023 00:50:47 GMT - Mon, 11 Dec 2023 00:50:46 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
170 B (170 bytes)
Hash
ee07bd055845ad1defd3705bdde6e141
29e6e919fffe83fb25a61a0f4f8dcb0749c82003
c6193ae7d1cfe9dbc7d2ac41ecfdb11b2f1218091abc337e7d221e9a7f73f97b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /track?offer_id=2025&z=4271345&variable2=wmga5rtcf9fftr9tifqi214o&uid=8kmmvuymcwgw36gssi53nnh855jrwxfsundefinedundefined HTTP/1.1
Host: offpichuan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bicmifeg.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 26 Nov 2023 03:14:11 GMT
content-type: application/json
content-length: 170
x-trace-id: 557b93c4500f17b87f0347f20c555061
access-control-allow-origin: https://bicmifeg.top
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

bicmifeg.top/rhd?rb=Vyx2bBVfB-67XfJB2cnSQLedYPXl5UXjadnra5T74ci9I_eYGzWc9rNQ258SnCtyGh7Olvgkxonz34l8wIVWM2LtdzVZeGg33YGR5_NAK4FTSWztScgouIoXAXTxp2QHpr2fBje-2u1RRUv38iqpcPY-TUoFnyKdwXh4LznqoOt6UEO2neFHjHt6tSbwtU98NHUNMSeEeWw5dwbN&request_ab2=0&var_3=&var_4=&zoneid=4292579&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=0&pl=https%3A%2F%2Fbicmifeg.top%2Fsurvey.html%3Foffer_id%3D2025%26geo%3DNO%26z%3D4271345%26b%3D8588505%26var%3D%26var2%3Df759995c-f2c7-4306-928c-967472e8fafc%26ymid%3Dwmga5rtcf9fftr9tifqi214o%26var3%3D%26var4%3D%26utm_medium%3D4271345%26utm_term%3D8588505%26utm_content%3Dzd_public_v2&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-unknown&rhd=1&var=4271345&var_3=&var_4=&ymid=&s=&ab2r=&os_version=&oaid=8kmmvuymcwgw36gssi53nnh855jrwxfs&domain_onclick=https%3A%2F%2Fbicmifeg.top&m=link

104.21.92.135

200 OK

2.4 kB

URL GET HTTP/3
bicmifeg.top/rhd?rb=Vyx2bBVfB-67XfJB2cnSQLedYPXl5UXjadnra5T74ci9I_eYGzWc9rNQ258SnCtyGh7Olvgkxonz34l8wIVWM2LtdzVZeGg33YGR5_NAK4FTSWztScgouIoXAXTxp2QHpr2fBje-2u1RRUv38iqpcPY-TUoFnyKdwXh4LznqoOt6UEO2neFHjHt6tSbwtU98NHUNMSeEeWw5dwbN&request_ab2=0&var_3=&var_4=&zoneid=4292579&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=0&pl=https%3A%2F%2Fbicmifeg.top%2Fsurvey.html%3Foffer_id%3D2025%26geo%3DNO%26z%3D4271345%26b%3D8588505%26var%3D%26var2%3Df759995c-f2c7-4306-928c-967472e8fafc%26ymid%3Dwmga5rtcf9fftr9tifqi214o%26var3%3D%26var4%3D%26utm_medium%3D4271345%26utm_term%3D8588505%26utm_content%3Dzd_public_v2&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-unknown&rhd=1&var=4271345&var_3=&var_4=&ymid=&s=&ab2r=&os_version=&oaid=8kmmvuymcwgw36gssi53nnh855jrwxfs&domain_onclick=https%3A%2F%2Fbicmifeg.top&m=link
IP
104.21.92.135:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=
Certificate
IssuerGoogle Trust Services LLC
Subjectbicmifeg.top
Fingerprint4A:CE:EE:B9:D0:1E:7C:34:E9:18:E4:44:33:A9:5B:A6:78:BF:DC:CB
ValidityMon, 02 Oct 2023 09:29:41 GMT - Sun, 31 Dec 2023 09:29:40 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (2424), with no line terminators
Size
2.4 kB (2391 bytes)
Hash
593d86e87acec868886a57584fe92492
93fc21e76243547bac9ce90e321d0a4262487055
65ce20c21524ea07cffbf414e3c9b640feb6355642a8932dbf7d7472c1598668

HTTP Headers

GET /rhd?rb=Vyx2bBVfB-67XfJB2cnSQLedYPXl5UXjadnra5T74ci9I_eYGzWc9rNQ258SnCtyGh7Olvgkxonz34l8wIVWM2LtdzVZeGg33YGR5_NAK4FTSWztScgouIoXAXTxp2QHpr2fBje-2u1RRUv38iqpcPY-TUoFnyKdwXh4LznqoOt6UEO2neFHjHt6tSbwtU98NHUNMSeEeWw5dwbN&request_ab2=0&var_3=&var_4=&zoneid=4292579&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=0&pl=https%3A%2F%2Fbicmifeg.top%2Fsurvey.html%3Foffer_id%3D2025%26geo%3DNO%26z%3D4271345%26b%3D8588505%26var%3D%26var2%3Df759995c-f2c7-4306-928c-967472e8fafc%26ymid%3Dwmga5rtcf9fftr9tifqi214o%26var3%3D%26var4%3D%26utm_medium%3D4271345%26utm_term%3D8588505%26utm_content%3Dzd_public_v2&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-unknown&rhd=1&var=4271345&var_3=&var_4=&ymid=&s=&ab2r=&os_version=&oaid=8kmmvuymcwgw36gssi53nnh855jrwxfs&domain_onclick=https%3A%2F%2Fbicmifeg.top&m=link HTTP/1.1
Host: bicmifeg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: ID=8kmmvuymcwgw36gssi53nnh855jrwxfs; OAID=8kmmvuymcwgw36gssi53nnh855jrwxfs; oaidts=1700968451; prefetchAd_6606128=true; syncedCookie=true; prefetchAd_4292579=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 26 Nov 2023 03:14:11 GMT
content-type: application/json
vary: Accept-Encoding
x-trace-id: 4665d6de71b1cd28aafdc41f7cd4a7d8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: *
set-cookie: OAID=8kmmvuymcwgw36gssi53nnh855jrwxfs; expires=Mon, 25 Nov 2024 03:14:11 GMT; path=/; secure; SameSite=None
oaidts=1700968451; expires=Mon, 25 Nov 2024 03:14:11 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sun, 03 Dec 2023 03:14:11 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: gzip
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Bpr1Rln7I2ieQPgB5QWIx3Z1ibceXjM3d%2FwqCpl%2FiCPdfaFQkp4%2BLp1Pa0cGghJ3emCOSf5eQ5QFPEzFep8HPJrv9Cus0MWPQxJUL38umZfTMxHyfbUoEsrbeeLGSNM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82bef5b6bf4b56a4-OSL
alt-svc: h3=":443"; ma=86400

offpichuan.com/rotate?zz=6543018;4326652;5128285;4949467;5381239;5381316;5381339;5381332;5381307;5381330&var=4271345&uid=8kmmvuymcwgw36gssi53nnh855jrwxfs

139.45.197.237

200 OK

5.8 kB

URL GET HTTP/2
offpichuan.com/rotate?zz=6543018;4326652;5128285;4949467;5381239;5381316;5381339;5381332;5381307;5381330&var=4271345&uid=8kmmvuymcwgw36gssi53nnh855jrwxfs
IP
139.45.197.237:443
ASN
#9002 RETN Limited

Requested by
https://bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=
Certificate
IssuerLet's Encrypt
Subjectoffpichuan.com
Fingerprint23:6C:06:58:D1:E8:4C:43:C9:36:79:DD:E0:BD:B8:81:CE:A1:8E:10
ValidityTue, 12 Sep 2023 00:50:47 GMT - Mon, 11 Dec 2023 00:50:46 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (5856), with no line terminators
Size
5.8 kB (5802 bytes)
Hash
2b156ba27256d4f0fcce8edb23c6d40d
27b760b3d4f61cea59932c78ed50306d235312a8
0ce9e9e32575266d68f3bfe1537ba9e2940f500997611829333585590cd3770e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /rotate?zz=6543018;4326652;5128285;4949467;5381239;5381316;5381339;5381332;5381307;5381330&var=4271345&uid=8kmmvuymcwgw36gssi53nnh855jrwxfs HTTP/1.1
Host: offpichuan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bicmifeg.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 26 Nov 2023 03:14:11 GMT
content-type: application/javascript
x-trace-id: 499ecb31857c03bb984b50016eb6008d
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://bicmifeg.top
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
set-cookie: OAID=8kmmvuymcwgw36gssi53nnh855jrwxfs; expires=Mon, 25 Nov 2024 03:14:11 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

bicmifeg.top/img/comments/person-6.webp

104.21.92.135

200 OK

1.9 kB

URL GET HTTP/3
bicmifeg.top/img/comments/person-6.webp
IP
104.21.92.135:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=
Certificate
IssuerGoogle Trust Services LLC
Subjectbicmifeg.top
Fingerprint4A:CE:EE:B9:D0:1E:7C:34:E9:18:E4:44:33:A9:5B:A6:78:BF:DC:CB
ValidityMon, 02 Oct 2023 09:29:41 GMT - Sun, 31 Dec 2023 09:29:40 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
1.9 kB (1854 bytes)
Hash
0f174a9245ed9f2a0660204a8320880f
fd36dc7b39c675bff5d4dff0b331d70b57f0ec7d
1cfb6cdf94c080825e93d4bff72079fdca2d8f3d9f7d2e75badf48c29d4e31c4

HTTP Headers

GET /img/comments/person-6.webp HTTP/1.1
Host: bicmifeg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: ID=8kmmvuymcwgw36gssi53nnh855jrwxfs; OAID=3b8c81cffb924ea48e9ffdb22be47f51; oaidts=1700968451
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 26 Nov 2023 03:14:11 GMT
content-type: image/webp
content-length: 1854
last-modified: Thu, 23 Nov 2023 12:24:13 GMT
vary: Accept-Encoding
etag: "655f446d-73e"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CBXL2AzI0ZeZtzVA37I3W%2FPOd7OKkiQuXpMAN1e0ziCxxg5qRUKNq7IJv2h%2FM1tV7EyW0eRg5Ms6wAZeq8JaIkzchXTRFevlR97yLmEieYDNzn3%2BmIkmFBJb6NTbgwE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82bef5b3ccc156a4-OSL
alt-svc: h3=":443"; ma=86400

bicmifeg.top/js/v-utilities.js.19b3f04f.js

104.21.92.135

200 OK

2.6 kB

URL GET HTTP/3
bicmifeg.top/js/v-utilities.js.19b3f04f.js
IP
104.21.92.135:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=
Certificate
IssuerGoogle Trust Services LLC
Subjectbicmifeg.top
Fingerprint4A:CE:EE:B9:D0:1E:7C:34:E9:18:E4:44:33:A9:5B:A6:78:BF:DC:CB
ValidityMon, 02 Oct 2023 09:29:41 GMT - Sun, 31 Dec 2023 09:29:40 GMT

File type
ASCII text, with very long lines (2645), with no line terminators
Size
2.6 kB (2577 bytes)
Hash
57b6967935e08c0fb359ce8771442eca
4eea464f0570cffc2f99452d425bd660d277772f
0e87cfdf83717a131c755ebcc0824805e4fc80cfcc7899e0cc37c0746f419280

HTTP Headers

GET /js/v-utilities.js.19b3f04f.js HTTP/1.1
Host: bicmifeg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 26 Nov 2023 03:14:11 GMT
content-type: application/javascript
last-modified: Thu, 23 Nov 2023 12:24:11 GMT
vary: Accept-Encoding
etag: W/"655f446b-a11"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0qT7HtrRdMOh28%2FlZgApwi0mnepHP8ue%2FqcRSpbSmAS7AjLbRIHjYiHKTibGGRoJSu5dbx%2FiCclhkWQ2t%2FKiLRTjE3mrw2pkGGVrGPZeHLy0SSf7UbH9RjLTfu0K%2BZI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82bef5b29c1b56a4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

bicmifeg.top/img/comments/person-4.webp

104.21.92.135

200 OK

1.4 kB

URL GET HTTP/3
bicmifeg.top/img/comments/person-4.webp
IP
104.21.92.135:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=
Certificate
IssuerGoogle Trust Services LLC
Subjectbicmifeg.top
Fingerprint4A:CE:EE:B9:D0:1E:7C:34:E9:18:E4:44:33:A9:5B:A6:78:BF:DC:CB
ValidityMon, 02 Oct 2023 09:29:41 GMT - Sun, 31 Dec 2023 09:29:40 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
1.4 kB (1356 bytes)
Hash
a78233e0cf1abbb3c5c98ef32a087d96
5ac6cdfb7f9e7be828a4d01e57f10379ef173889
3854114bf0acf8bc190e93893a80429d611c1d16b61d6cde07af182c232a30d7

HTTP Headers

GET /img/comments/person-4.webp HTTP/1.1
Host: bicmifeg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: ID=8kmmvuymcwgw36gssi53nnh855jrwxfs; OAID=3b8c81cffb924ea48e9ffdb22be47f51; oaidts=1700968451
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 26 Nov 2023 03:14:11 GMT
content-type: image/webp
content-length: 1356
last-modified: Thu, 23 Nov 2023 12:24:13 GMT
vary: Accept-Encoding
etag: "655f446d-54c"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QstoQEFnosURFjfgwO6JrRwptf5kxNj%2BrU2aSGpPzrsxQi3suhgur%2BcuzKNSvUDrOMejcPCOIIhMg%2FNk83qWBizodJzS4hpl7Nb8hNFR0msQghgEvHUxNrD5DKxMre8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82bef5b3ccba56a4-OSL
alt-svc: h3=":443"; ma=86400

bicmifeg.top/pfe/current/stattag.js

104.21.92.135

200 OK

19 kB

URL GET HTTP/3
bicmifeg.top/pfe/current/stattag.js
IP
104.21.92.135:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=
Certificate
IssuerGoogle Trust Services LLC
Subjectbicmifeg.top
Fingerprint4A:CE:EE:B9:D0:1E:7C:34:E9:18:E4:44:33:A9:5B:A6:78:BF:DC:CB
ValidityMon, 02 Oct 2023 09:29:41 GMT - Sun, 31 Dec 2023 09:29:40 GMT

File type
ASCII text, with very long lines (19024), with no line terminators
Size
19 kB (19024 bytes)
Hash
eee0fa1cefab154ab482da73fe023bee
1d3c88baee1b8527a30190d694cc8c6378b7f3bc
333132f2f62e5bcef5ab8a1950e7a8342023c0cea68b563b1130bea16dd0bc6a

HTTP Headers

GET /pfe/current/stattag.js HTTP/1.1
Host: bicmifeg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: ID=8kmmvuymcwgw36gssi53nnh855jrwxfs; OAID=3b8c81cffb924ea48e9ffdb22be47f51; oaidts=1700968451; prefetchAd_6606128=true
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 26 Nov 2023 03:14:11 GMT
content-type: application/javascript
last-modified: Thu, 23 Nov 2023 12:24:11 GMT
vary: Accept-Encoding
etag: W/"655f446b-4a50"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QG%2BL601VfsseV9BpfY5MCzq%2B%2FRGURtuUg6S5duC7XDlp57uG8XV2PiHEglAdu3uj%2F5%2F4D7U33eBqCKnMv8zCohp1jUIhuhF6nmcflzlXEkx5iOdY%2BrnjRnuDtA51GAQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82bef5b4cda656a4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

bicmifeg.top/js/config/dict/cookie-consent-1.json?v=10

104.21.92.135

200 OK

6.8 kB

URL GET HTTP/3
bicmifeg.top/js/config/dict/cookie-consent-1.json?v=10
IP
104.21.92.135:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=
Certificate
IssuerGoogle Trust Services LLC
Subjectbicmifeg.top
Fingerprint4A:CE:EE:B9:D0:1E:7C:34:E9:18:E4:44:33:A9:5B:A6:78:BF:DC:CB
ValidityMon, 02 Oct 2023 09:29:41 GMT - Sun, 31 Dec 2023 09:29:40 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (6009), with no line terminators
Size
6.8 kB (6757 bytes)
Hash
4b2ff958e811a50d2f641818590b443d
6abae297812bb55fad869e953e7fdf7469cbe1ae
9c77a5f3d0028d9ba122ed15728ee7b144619431f8302503a19c5785ddaa06b8

HTTP Headers

GET /js/config/dict/cookie-consent-1.json?v=10 HTTP/1.1
Host: bicmifeg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 26 Nov 2023 03:14:10 GMT
content-type: application/json
last-modified: Thu, 23 Nov 2023 12:24:12 GMT
vary: Accept-Encoding
etag: W/"655f446c-1a65"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0kM7cgjGMAKOEWwekf9W0LBlTufUrVhUJ%2FncZ8r1NXOhX13AUVCAY%2FJtAGpJnC3mw86AyzCWpjU6JAffNhPPhq2FmLD%2FWEVMb36HY0Fa5lfRj1KxMEgVGAVB%2BQLUuP4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82bef5b1fbc356a4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

bicmifeg.top/js/v-node.js.c33802d9.js

104.21.92.135

200 OK

6.3 kB

URL GET HTTP/3
bicmifeg.top/js/v-node.js.c33802d9.js
IP
104.21.92.135:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=
Certificate
IssuerGoogle Trust Services LLC
Subjectbicmifeg.top
Fingerprint4A:CE:EE:B9:D0:1E:7C:34:E9:18:E4:44:33:A9:5B:A6:78:BF:DC:CB
ValidityMon, 02 Oct 2023 09:29:41 GMT - Sun, 31 Dec 2023 09:29:40 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (6337), with no line terminators
Size
6.3 kB (6251 bytes)
Hash
b40ba9b392e96f7df57aec116e992578
eaf3f003b154cb1f7ddbb18c18625566d94b4320
a8386496dd39eac74f6a1d09bc9f5f1bf74ac2d78e30e831b9be57609e91e4f7

HTTP Headers

GET /js/v-node.js.c33802d9.js HTTP/1.1
Host: bicmifeg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 26 Nov 2023 03:14:11 GMT
content-type: application/javascript
last-modified: Thu, 23 Nov 2023 12:24:11 GMT
vary: Accept-Encoding
etag: W/"655f446b-186b"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J7e9HWHMfu9qGs2chWNOFPnfzXk21aYjzrHmP3Wyyu6y3aWpVqJeZUS2mtwM%2BcMtn%2B41XA8d8FOf7HkiqWbaBsMtoBLW1smxMVBi7KN4GQUSq9ifPKBQzKHZ823wsEA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82bef5b29c1856a4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

bicmifeg.top/js/v-attributes-to-props.js.6755ce80.js

104.21.92.135

200 OK

702 B

URL GET HTTP/3
bicmifeg.top/js/v-attributes-to-props.js.6755ce80.js
IP
104.21.92.135:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=
Certificate
IssuerGoogle Trust Services LLC
Subjectbicmifeg.top
Fingerprint4A:CE:EE:B9:D0:1E:7C:34:E9:18:E4:44:33:A9:5B:A6:78:BF:DC:CB
ValidityMon, 02 Oct 2023 09:29:41 GMT - Sun, 31 Dec 2023 09:29:40 GMT

File type
ASCII text, with very long lines (718), with no line terminators
Size
702 B (702 bytes)
Hash
46737961f2bc163ed5dee52b0262ee71
d09e187339fa8a36520da1f0d91b83f21d9d5a0f
06eeb1ed62e5ff1219fdfd5238d78c6dd1d15ed749c0e977559b318e4d2331ab

HTTP Headers

GET /js/v-attributes-to-props.js.6755ce80.js HTTP/1.1
Host: bicmifeg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 26 Nov 2023 03:14:11 GMT
content-type: application/javascript
last-modified: Thu, 23 Nov 2023 12:24:11 GMT
vary: Accept-Encoding
etag: W/"655f446b-2be"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EV43stdP92jZcjrl7h00l0f3M4O6IEW0gjisjq6SMf0DNuyXpfd6E01Z6IEqNbWl8Zte5PCwq6fzpKwxfEeFMDuZwXOoLJXs%2BJP3Gxu0M4UWic0X8%2BuknUVuC%2Butoko%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82bef5b29c1e56a4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

bicmifeg.top/js/SurveyContainer.cc370497.js

104.21.92.135

200 OK

55 kB

URL GET HTTP/3
bicmifeg.top/js/SurveyContainer.cc370497.js
IP
104.21.92.135:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=
Certificate
IssuerGoogle Trust Services LLC
Subjectbicmifeg.top
Fingerprint4A:CE:EE:B9:D0:1E:7C:34:E9:18:E4:44:33:A9:5B:A6:78:BF:DC:CB
ValidityMon, 02 Oct 2023 09:29:41 GMT - Sun, 31 Dec 2023 09:29:40 GMT

File type
ASCII text, with very long lines (54692)
Size
55 kB (54774 bytes)
Hash
79e21d21eee81f51daf1e5042776101e
791c6d6a842e127315103fbcd77cc47bd5e0e30f
5eb5e75c45d376b1abdebb9e9b81f5641ef5309d4da18cbefdb9182340ed13e6

HTTP Headers

GET /js/SurveyContainer.cc370497.js HTTP/1.1
Host: bicmifeg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 26 Nov 2023 03:14:11 GMT
content-type: application/javascript
last-modified: Thu, 23 Nov 2023 12:24:11 GMT
vary: Accept-Encoding
etag: W/"655f446b-d5f6"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gt%2B2Y%2BzgZm6fc%2FXbVtFNlbDnXmmQfzun2YCd2VSS85Ps92yImSxiz08LkPiJKJZOd0hFEaBX6kvYitU2KT881xsNSn1tZhZXBb7hIhrhsC4uaET6WNgHjBcFAEJpVHQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82bef5b29c2256a4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

bicmifeg.top/img/comments/person-1.webp

104.21.92.135

200 OK

1.1 kB

URL GET HTTP/3
bicmifeg.top/img/comments/person-1.webp
IP
104.21.92.135:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=
Certificate
IssuerGoogle Trust Services LLC
Subjectbicmifeg.top
Fingerprint4A:CE:EE:B9:D0:1E:7C:34:E9:18:E4:44:33:A9:5B:A6:78:BF:DC:CB
ValidityMon, 02 Oct 2023 09:29:41 GMT - Sun, 31 Dec 2023 09:29:40 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
1.1 kB (1122 bytes)
Hash
56441eb05774cd7ed15d829e06947346
25649e1ed3820d97bd8bcdc737974e0c65adc1aa
5be168d58cf2dc0e41bc5a9b386add0d57fee26848613ca601f0c31378a8ad02

HTTP Headers

GET /img/comments/person-1.webp HTTP/1.1
Host: bicmifeg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: ID=8kmmvuymcwgw36gssi53nnh855jrwxfs; OAID=3b8c81cffb924ea48e9ffdb22be47f51; oaidts=1700968451
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 26 Nov 2023 03:14:11 GMT
content-type: image/webp
content-length: 1122
last-modified: Thu, 23 Nov 2023 12:24:13 GMT
vary: Accept-Encoding
etag: "655f446d-462"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sMqlARUKAFMmqMAlBc9jX2NdCyminrx%2BV7%2FrW8a4q0sNKfXizbmz2hbxvUBqQPH7gpwAXOKq7QTNSABqRXRa2XatenTURqsCQRazOzE4z5dDlRPBvo%2BoByQCj8rP4Hc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82bef5b3ccb256a4-OSL
alt-svc: h3=":443"; ma=86400

bicmifeg.top/js/v-index.js.6fb19376.js

104.21.92.135

200 OK

41 kB

URL GET HTTP/3
bicmifeg.top/js/v-index.js.6fb19376.js
IP
104.21.92.135:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=
Certificate
IssuerGoogle Trust Services LLC
Subjectbicmifeg.top
Fingerprint4A:CE:EE:B9:D0:1E:7C:34:E9:18:E4:44:33:A9:5B:A6:78:BF:DC:CB
ValidityMon, 02 Oct 2023 09:29:41 GMT - Sun, 31 Dec 2023 09:29:40 GMT

File type
ASCII text, with very long lines (40911)
Size
41 kB (40988 bytes)
Hash
3a5adbbe9b92a6cc98700c87d7c519f7
b5805a547df6cb1d908d3f9e2657ee343f1f2b52
1d2e931b0560744a9ca8db6c68516aeb271f6d38e3eaa37a50790643bf5a4251

HTTP Headers

GET /js/v-index.js.6fb19376.js HTTP/1.1
Host: bicmifeg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 26 Nov 2023 03:14:10 GMT
content-type: application/javascript
last-modified: Thu, 23 Nov 2023 12:24:12 GMT
vary: Accept-Encoding
etag: W/"655f446c-a01c"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TILJTpnr7tKnNwWNctdpZ%2B2u5rIYFAQHoL9ziW1jfTiGSo0%2F1okLIUe%2Bu9%2Fz6cLsNvFa16h51r2W5mzAZRgQm47NqaU4vaUAad9cFFtVZhJrAOgGHXaATRAXm5u9Ri4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82bef5b04ae356a4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

bicmifeg.top/js/_core-survey.5b374ff7.js

104.21.92.135

200 OK

171 kB

URL GET HTTP/3
bicmifeg.top/js/_core-survey.5b374ff7.js
IP
104.21.92.135:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=
Certificate
IssuerGoogle Trust Services LLC
Subjectbicmifeg.top
Fingerprint4A:CE:EE:B9:D0:1E:7C:34:E9:18:E4:44:33:A9:5B:A6:78:BF:DC:CB
ValidityMon, 02 Oct 2023 09:29:41 GMT - Sun, 31 Dec 2023 09:29:40 GMT

File type

Size
171 kB (171171 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /js/_core-survey.5b374ff7.js HTTP/1.1
Host: bicmifeg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 26 Nov 2023 03:14:10 GMT
content-type: application/javascript
last-modified: Thu, 23 Nov 2023 12:24:13 GMT
vary: Accept-Encoding
etag: W/"655f446d-29ca3"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3voPfwCrMBULdXwl3vDDWcUQsCl0qMc2xBe2mZEqrCUksuzjmg5viYXftndwCNmlnANWR%2F0Gwh1R2xQsPt%2Fwzfgbbbnc3reaC7C%2BoNxN8gFoXkHeGkrt4aFvOW3nL%2F4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82bef5b04aee56a4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

bicmifeg.top/js/config/comments/en.json

104.21.92.135

200 OK

4.5 kB

URL GET HTTP/3
bicmifeg.top/js/config/comments/en.json
IP
104.21.92.135:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=
Certificate
IssuerGoogle Trust Services LLC
Subjectbicmifeg.top
Fingerprint4A:CE:EE:B9:D0:1E:7C:34:E9:18:E4:44:33:A9:5B:A6:78:BF:DC:CB
ValidityMon, 02 Oct 2023 09:29:41 GMT - Sun, 31 Dec 2023 09:29:40 GMT

File type
Unicode text, UTF-8 text, with very long lines (5173), with no line terminators
Size
4.5 kB (4522 bytes)
Hash
50680109e350a76b2bb8131cdaeb735e
0c14dde15f13c0deefd1ff3eb8c4608e73d133b6
a9ebf6b7ceb48bd6c63b99320183934f2b183af64cc7f27fd85ebe7191d92e42

HTTP Headers

GET /js/config/comments/en.json HTTP/1.1
Host: bicmifeg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 26 Nov 2023 03:14:11 GMT
content-type: application/json
last-modified: Thu, 23 Nov 2023 12:24:11 GMT
vary: Accept-Encoding
etag: W/"655f446b-11aa"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uzII8bdIsJ5Y0j44MxzzSN%2F55dmdds3Y8Nm4Z%2BWNzFK9NY2RF4WnkiIykYhO6zZRVktKrvHtg51gedgP8NYj4diO7K2%2Fj1nHboTRLhWU5cmVlcCLWrDfEsGGSFEiCBM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82bef5b29c1556a4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

bicmifeg.top/js/v-dom-to-react.js.791d093f.js

104.21.92.135

200 OK

1.1 kB

URL GET HTTP/3
bicmifeg.top/js/v-dom-to-react.js.791d093f.js
IP
104.21.92.135:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bicmifeg.top/survey.html?offer_id=2025&geo=NO&z=4271345&b=8588505&var=&var2=f759995c-f2c7-4306-928c-967472e8fafc&ymid=wmga5rtcf9fftr9tifqi214o&var3=&var4=
Certificate
IssuerGoogle Trust Services LLC
Subjectbicmifeg.top
Fingerprint4A:CE:EE:B9:D0:1E:7C:34:E9:18:E4:44:33:A9:5B:A6:78:BF:DC:CB
ValidityMon, 02 Oct 2023 09:29:41 GMT - Sun, 31 Dec 2023 09:29:40 GMT

File type
ASCII text, with very long lines (1101), with no line terminators
Size
1.1 kB (1085 bytes)
Hash
c598e88802bb8fade2815174a68995aa
e3b8753954fd2dc2a828b715df2a811c8769ef5b
1602cfea95e955d4193c39f02844a9943e8081db2b3073973674f7babb6cd77b

HTTP Headers

GET /js/v-dom-to-react.js.791d093f.js HTTP/1.1
Host: bicmifeg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 26 Nov 2023 03:14:11 GMT
content-type: application/javascript
last-modified: Thu, 23 Nov 2023 12:24:11 GMT
vary: Accept-Encoding
etag: W/"655f446b-43d"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YRTEmidMprZ5ANjZmecBJ%2F%2FM9bD4Bn5Y2gYIfEfN9KgqXGxoFpKVNxIYIVrH3Ku5wsTRSwx22vhra%2B47iuHeBHoR1aP89XgIWT3Ddhn6H2n2tTOSIrSvE1bWgjJuP6s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82bef5b29c1d56a4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (33)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by