Report - www.cdflarecdn.com/lp-ach/adult-18check-4rubx-01/?bg=bg-01&td=t.cdimg.org&campaignid=63c26834e01fcf0001faf352&sourceid=5c10d5056a25120001760933&sub1=&sub2=&ref_id=(ref_id}&rtkcid=646bd88a7a07ac00018367a9&rtkcmpid=63c26834e01fcf0001faf352

Report Overview

Submitted URL
www.cdflarecdn.com/lp-ach/adult-18check-4rubx-01/?bg=bg-01&td=t.cdimg.org&campaignid=63c26834e01fcf0001faf352&sourceid=5c10d5056a25120001760933&sub1=&sub2=&ref_id=(ref_id}&rtkcid=646bd88a7a07ac00018367a9&rtkcmpid=63c26834e01fcf0001faf352
IP
198.50.224.42
ASN
#16276 OVH SAS
Submitted
2023-05-22 21:03:45
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
8

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ajax.googleapis.com	12905	2005-01-25	2013-08-16	2023-05-22	436 B	35 kB	172.217.21.170
ocsp.sectigo.com	487	2018-08-16	2019-11-29	2023-05-22	330 B	964 B	104.18.32.68
t.cdimg.org	unknown	2022-10-25	2022-10-25	2023-05-21	859 B	4.1 kB	37.48.87.182
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2023-05-22	469 B	17 kB	172.217.21.170
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2023-05-22	1.6 kB	50 kB	216.58.207.227
deefauph.com	135892	2021-03-12	2021-03-12	2023-05-22	1.0 kB	43 kB	139.45.197.251
www.cdflarecdn.com	unknown	2022-10-24	2017-05-22	2023-05-21	6.1 kB	86 kB	198.50.224.42
ocsp.pki.goog	175	2016-06-13	2018-07-01	2023-05-22	2.0 kB	4.2 kB	142.250.74.131

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator
2023-05-22	medium	www.cdflarecdn.com/lp-codes/js/tool.js
2023-05-22	medium	t.cdimg.org/track.js
2023-05-22	medium	www.cdflarecdn.com/sw-check-permissions-8bbee.js
2023-05-22	medium	t.cdimg.org/view?clickid=646bd88a7a07ac00018367a9

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (9)

	URL	Size	First Seen	Last Seen
	www.cdflarecdn.com/lp-codes/js/tool.js	5.4 kB	2023-03-08	2023-06-30
Pretty URL www.cdflarecdn.com/lp-codes/js/tool.js IP 198.50.224.42 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:08:54 Last Seen2023-06-30 20:34:18 Times Seen57 Hash 83c7cbc815d44832136e6a2856444491 8197168788e787aaae67fcfcbbbbd5892a9a44dd 8e2dd0b405d4bfc2e080182639170b05e2637584876bbae4865c8a2115fffd03 Loading...

	www.cdflarecdn.com/lp-ach/adult-18check-4rubx-01/?bg=bg-01&td=t.cdimg.org&campaignid=63c26834e01fcf0001faf352&sourceid=5c10d5056a25120001760933&sub1=&sub2=&ref_id=(ref_id}&rtkcid=646bd88a7a07ac00018367a9&rtkcmpid=63c26834e01fcf0001faf352	0 B	2023-03-07	2024-04-19
Pretty URL www.cdflarecdn.com/lp-ach/adult-18check-4rubx-01/?bg=bg-01&td=t.cdimg.org&campaignid=63c26834e01fcf0001faf352&sourceid=5c10d5056a25120001760933&sub1=&sub2=&ref_id=(ref_id}&rtkcid=646bd88a7a07ac00018367a9&rtkcmpid=63c26834e01fcf0001faf352 IP 198.50.224.42 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-19 03:23:00 Times Seen36952009 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.cdflarecdn.com/lp-ach/adult-18check-4rubx-01/?bg=bg-01&td=t.cdimg.org&campaignid=63c26834e01fcf0001faf352&sourceid=5c10d5056a25120001760933&sub1=&sub2=&ref_id=(ref_id}&rtkcid=646bd88a7a07ac00018367a9&rtkcmpid=63c26834e01fcf0001faf352	0 B	2023-03-07	2024-04-19
Pretty URL www.cdflarecdn.com/lp-ach/adult-18check-4rubx-01/?bg=bg-01&td=t.cdimg.org&campaignid=63c26834e01fcf0001faf352&sourceid=5c10d5056a25120001760933&sub1=&sub2=&ref_id=(ref_id}&rtkcid=646bd88a7a07ac00018367a9&rtkcmpid=63c26834e01fcf0001faf352 IP 198.50.224.42 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-19 03:23:00 Times Seen36952009 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	deefauph.com/pfe/current/micro.tag.min.js?z=5491820&sw=/sw-check-permissions-8bbee.js	42 kB	2023-05-11	2023-05-29
Pretty URL deefauph.com/pfe/current/micro.tag.min.js?z=5491820&sw=/sw-check-permissions-8bbee.js IP 139.45.197.251 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-11 16:26:45 Last Seen2023-05-29 09:32:34 Times Seen6742 Hash d44fd7b96fceca8f81b472766025d0d2 237541097413baf5cd3e703413f8bc9ea538a4db b6c7c1e7fb1a437f100bdcb253df8b0468f130835fbb82c5687505a099997d16 Loading...

	ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js	97 kB	2023-03-07	2024-04-18
Pretty URL ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js IP 172.217.21.170 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:06 Last Seen2024-04-18 15:00:37 Times Seen118523 Hash 4f252523d4af0b478c810c2547a63e19 5a9dcfbef655a2668e78baebeaa8dc6f41d8dabb 668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404 Loading...

	www.cdflarecdn.com/lp-ach/adult-18check-4rubx-01/?bg=bg-01&td=t.cdimg.org&campaignid=63c26834e01fcf0001faf352&sourceid=5c10d5056a25120001760933&sub1=&sub2=&ref_id=(ref_id}&rtkcid=646bd88a7a07ac00018367a9&rtkcmpid=63c26834e01fcf0001faf352	0 B	2023-03-07	2024-04-19
Pretty URL www.cdflarecdn.com/lp-ach/adult-18check-4rubx-01/?bg=bg-01&td=t.cdimg.org&campaignid=63c26834e01fcf0001faf352&sourceid=5c10d5056a25120001760933&sub1=&sub2=&ref_id=(ref_id}&rtkcid=646bd88a7a07ac00018367a9&rtkcmpid=63c26834e01fcf0001faf352 IP 198.50.224.42 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-19 03:23:00 Times Seen36952009 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	unknown	64 B	2023-05-04	2023-06-30
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-05-04 13:55:18 Last Seen2023-06-30 20:34:18 Times Seen25 Hash bbd7860ae4a90ccc1619cab5e6ea403f f42e04548329457fce57498d08a8d03eb408f99c 62375ee7d1a1a1cc950f500e1cf677f4573bae0881953049ff3bdec2c670d28d Loading...

	www.cdflarecdn.com/lp-ach/adult-18check-4rubx-01/?bg=bg-01&td=t.cdimg.org&campaignid=63c26834e01fcf0001faf352&sourceid=5c10d5056a25120001760933&sub1=&sub2=&ref_id=(ref_id}&rtkcid=646bd88a7a07ac00018367a9&rtkcmpid=63c26834e01fcf0001faf352	0 B	2023-03-07	2024-04-19
Pretty URL www.cdflarecdn.com/lp-ach/adult-18check-4rubx-01/?bg=bg-01&td=t.cdimg.org&campaignid=63c26834e01fcf0001faf352&sourceid=5c10d5056a25120001760933&sub1=&sub2=&ref_id=(ref_id}&rtkcid=646bd88a7a07ac00018367a9&rtkcmpid=63c26834e01fcf0001faf352 IP 198.50.224.42 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-19 03:23:00 Times Seen36952009 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	t.cdimg.org/track.js	3.5 kB	2023-03-08	2023-05-27
Pretty URL t.cdimg.org/track.js IP 37.48.87.182 ASN #60781 LeaseWeb Netherlands B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:08:54 Last Seen2023-05-27 23:57:18 Times Seen48 Hash 96db89300498f154ff585942a89e19ca f5d2773f1be0c039982da2076efe88e767e2dfb7 4d1721dbcd24912d0c5d3942bcbab726ac7887b13e039fd853f7b04a402de46d Loading...

HTTP Transactions (25)

URL IP Response Size

www.cdflarecdn.com/lp-ach/adult-18check-4rubx-01/?bg=bg-01&td=t.cdimg.org&campaignid=63c26834e01fcf0001faf352&sourceid=5c10d5056a25120001760933&sub1=&sub2=&ref_id=(ref_id}&rtkcid=646bd88a7a07ac00018367a9&rtkcmpid=63c26834e01fcf0001faf352

198.50.224.42

200 OK

1.8 kB

URL User Request GET HTTP/1.1
www.cdflarecdn.com/lp-ach/adult-18check-4rubx-01/?bg=bg-01&td=t.cdimg.org&campaignid=63c26834e01fcf0001faf352&sourceid=5c10d5056a25120001760933&sub1=&sub2=&ref_id=(ref_id}&rtkcid=646bd88a7a07ac00018367a9&rtkcmpid=63c26834e01fcf0001faf352
IP
198.50.224.42:443
ASN
#16276 OVH SAS

Certificate
IssuerSectigo Limited
Subjectwww.cdflarecdn.com
Fingerprint4D:9D:9E:BE:6E:BC:B8:8C:4B:D6:0A:5D:9A:FA:27:0C:22:67:C1:5F
ValidityMon, 24 Oct 2022 00:00:00 GMT - Tue, 24 Oct 2023 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.8 kB (1750 bytes)
Hash
b7a48e7dc457a48e0099e5e4d527d906
01fb3c60a5b2d33a2eabf2ad91e1fa0b602f69b8
329e900b3672f1e99a0ca35d0983d12f52e76edeca9c9c35168fd48712edca8e

HTTP Headers

GET /lp-ach/adult-18check-4rubx-01/?bg=bg-01&td=t.cdimg.org&campaignid=63c26834e01fcf0001faf352&sourceid=5c10d5056a25120001760933&sub1=&sub2=&ref_id=(ref_id}&rtkcid=646bd88a7a07ac00018367a9&rtkcmpid=63c26834e01fcf0001faf352 HTTP/1.1
Host: www.cdflarecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 22 May 2023 21:03:20 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1750
Keep-Alive: timeout=5, max=50
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
8d1ffc63ece540992319c6f7637db168
b84a5580317750f11fea9fb0ca41710c88e66d38
905441c3ec5505f8196be1b4c4123cd1862bc6f03ce2bc5cf5fe37b21e07c907

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 22 May 2023 21:03:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js

172.217.21.170

200 OK

34 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js
IP
172.217.21.170:443
ASN
#15169 GOOGLE

Requested by
https://www.cdflarecdn.com/lp-ach/adult-18check-4rubx-01/?bg=bg-01&td=t.cdimg.org&campaignid=63c26834e01fcf0001faf352&sourceid=5c10d5056a25120001760933&sub1=&sub2=&ref_id=(ref_id}&rtkcid=646bd88a7a07ac00018367a9&rtkcmpid=63c26834e01fcf0001faf352
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint9B:D0:53:C4:55:9D:41:A4:94:03:4A:2B:6A:5B:57:EB:EB:A5:F0:4A
ValidityMon, 24 Apr 2023 12:00:43 GMT - Mon, 17 Jul 2023 12:00:42 GMT

File type
ASCII text, with very long lines (32077)
Size
34 kB (33951 bytes)
Hash
4f252523d4af0b478c810c2547a63e19
5a9dcfbef655a2668e78baebeaa8dc6f41d8dabb
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404

HTTP Headers

GET /ajax/libs/jquery/1.12.4/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.cdflarecdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33951
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 21 May 2023 15:37:39 GMT
expires: Mon, 20 May 2024 15:37:39 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 105942
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.cdflarecdn.com/lp-ach/adult-18check-4rubx-01/css/style.css

198.50.224.42

200 OK

850 B

URL GET HTTP/1.1
www.cdflarecdn.com/lp-ach/adult-18check-4rubx-01/css/style.css
IP
198.50.224.42:443
ASN
#16276 OVH SAS

Requested by
https://www.cdflarecdn.com/lp-ach/adult-18check-4rubx-01/?bg=bg-01&td=t.cdimg.org&campaignid=63c26834e01fcf0001faf352&sourceid=5c10d5056a25120001760933&sub1=&sub2=&ref_id=(ref_id}&rtkcid=646bd88a7a07ac00018367a9&rtkcmpid=63c26834e01fcf0001faf352
Certificate
IssuerSectigo Limited
Subjectwww.cdflarecdn.com
Fingerprint4D:9D:9E:BE:6E:BC:B8:8C:4B:D6:0A:5D:9A:FA:27:0C:22:67:C1:5F
ValidityMon, 24 Oct 2022 00:00:00 GMT - Tue, 24 Oct 2023 23:59:59 GMT

File type
ASCII text, with CRLF line terminators
Size
850 B (850 bytes)
Hash
8b06d0eacc01ab97e6023457510d16a6
8baee795e55c4ec35c54a6cccf896ccb2a498601
7d36a5e0b58cfa5351ae11f3c056dac2bbe67c670d0d55704deef8a1cb61a2fa

HTTP Headers

GET /lp-ach/adult-18check-4rubx-01/css/style.css HTTP/1.1
Host: www.cdflarecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.cdflarecdn.com/lp-ach/adult-18check-4rubx-01/?bg=bg-01&td=t.cdimg.org&campaignid=63c26834e01fcf0001faf352&sourceid=5c10d5056a25120001760933&sub1=&sub2=&ref_id=(ref_id}&rtkcid=646bd88a7a07ac00018367a9&rtkcmpid=63c26834e01fcf0001faf352
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 22 May 2023 21:03:21 GMT
Server: Apache
Last-Modified: Sun, 07 Apr 2019 17:44:28 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=172800, public, must-revalidate
Content-Length: 850
Keep-Alive: timeout=5, max=49
Connection: Keep-Alive
Content-Type: text/css

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
8d1ffc63ece540992319c6f7637db168
b84a5580317750f11fea9fb0ca41710c88e66d38
905441c3ec5505f8196be1b4c4123cd1862bc6f03ce2bc5cf5fe37b21e07c907

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 22 May 2023 21:03:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.cdflarecdn.com/lp-codes/js/tool.js

198.50.224.42

200 OK

1.6 kB

URL GET HTTP/1.1
www.cdflarecdn.com/lp-codes/js/tool.js
IP
198.50.224.42:443
ASN
#16276 OVH SAS

Requested by
https://www.cdflarecdn.com/lp-ach/adult-18check-4rubx-01/?bg=bg-01&td=t.cdimg.org&campaignid=63c26834e01fcf0001faf352&sourceid=5c10d5056a25120001760933&sub1=&sub2=&ref_id=(ref_id}&rtkcid=646bd88a7a07ac00018367a9&rtkcmpid=63c26834e01fcf0001faf352
Certificate
IssuerSectigo Limited
Subjectwww.cdflarecdn.com
Fingerprint4D:9D:9E:BE:6E:BC:B8:8C:4B:D6:0A:5D:9A:FA:27:0C:22:67:C1:5F
ValidityMon, 24 Oct 2022 00:00:00 GMT - Tue, 24 Oct 2023 23:59:59 GMT

File type
ASCII text, with CRLF line terminators
Size
1.6 kB (1619 bytes)
Hash
83c7cbc815d44832136e6a2856444491
8197168788e787aaae67fcfcbbbbd5892a9a44dd
8e2dd0b405d4bfc2e080182639170b05e2637584876bbae4865c8a2115fffd03

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /lp-codes/js/tool.js HTTP/1.1
Host: www.cdflarecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.cdflarecdn.com/lp-ach/adult-18check-4rubx-01/?bg=bg-01&td=t.cdimg.org&campaignid=63c26834e01fcf0001faf352&sourceid=5c10d5056a25120001760933&sub1=&sub2=&ref_id=(ref_id}&rtkcid=646bd88a7a07ac00018367a9&rtkcmpid=63c26834e01fcf0001faf352
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 22 May 2023 21:03:21 GMT
Server: Apache
Last-Modified: Thu, 14 Mar 2019 14:53:53 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=172800, public, must-revalidate
Content-Length: 1619
Keep-Alive: timeout=5, max=48
Connection: Keep-Alive
Content-Type: application/javascript

ocsp.sectigo.com/

104.18.32.68

472 B

URL
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
c3fdc6cd695c32f7a44393c55448f9b4
dfa7bed1cfbaa3f15af90c3b6366a8438cc418e2
25faa12828311b400e8995cfb1fe9fb3445cd3f690e4ffd22f0bbb57f0599f22

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 22 May 2023 21:03:21 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 19 May 2023 21:09:40 GMT
Expires: Fri, 26 May 2023 21:09:39 GMT
Etag: "dfa7bed1cfbaa3f15af90c3b6366a8438cc418e2"
Cache-Control: max-age=345377,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7cb8015fc9cfb4ff-OSL

t.cdimg.org/track.js

37.48.87.182

200 OK

3.5 kB

URL GET HTTP/1.1
t.cdimg.org/track.js
IP
37.48.87.182:443
ASN
#60781 LeaseWeb Netherlands B.V.

Requested by
https://www.cdflarecdn.com/lp-ach/adult-18check-4rubx-01/?bg=bg-01&td=t.cdimg.org&campaignid=63c26834e01fcf0001faf352&sourceid=5c10d5056a25120001760933&sub1=&sub2=&ref_id=(ref_id}&rtkcid=646bd88a7a07ac00018367a9&rtkcmpid=63c26834e01fcf0001faf352
Certificate
IssuerSectigo Limited
Subjectt.cdimg.org
FingerprintEB:B8:CF:C7:7A:DC:16:B9:60:1C:7C:37:F4:78:2E:CA:24:FE:E4:7D
ValidityTue, 25 Oct 2022 00:00:00 GMT - Wed, 25 Oct 2023 23:59:59 GMT

File type
ASCII text
Size
3.5 kB (3478 bytes)
Hash
96db89300498f154ff585942a89e19ca
f5d2773f1be0c039982da2076efe88e767e2dfb7
4d1721dbcd24912d0c5d3942bcbab726ac7887b13e039fd853f7b04a402de46d

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /track.js HTTP/1.1
Host: t.cdimg.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.cdflarecdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Mon, 22 May 2023 21:03:21 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range

www.cdflarecdn.com/lp-codes/css/style.css

198.50.224.42

200 OK

86 B

URL GET HTTP/1.1
www.cdflarecdn.com/lp-codes/css/style.css
IP
198.50.224.42:443
ASN
#16276 OVH SAS

Requested by
https://www.cdflarecdn.com/lp-ach/adult-18check-4rubx-01/?bg=bg-01&td=t.cdimg.org&campaignid=63c26834e01fcf0001faf352&sourceid=5c10d5056a25120001760933&sub1=&sub2=&ref_id=(ref_id}&rtkcid=646bd88a7a07ac00018367a9&rtkcmpid=63c26834e01fcf0001faf352
Certificate
IssuerSectigo Limited
Subjectwww.cdflarecdn.com
Fingerprint4D:9D:9E:BE:6E:BC:B8:8C:4B:D6:0A:5D:9A:FA:27:0C:22:67:C1:5F
ValidityMon, 24 Oct 2022 00:00:00 GMT - Tue, 24 Oct 2023 23:59:59 GMT

File type
ASCII text, with CRLF line terminators
Size
86 B (86 bytes)
Hash
45ff5d6684d15a8fdb2073c2eee8c777
787e0a8f29f1ce66ed6902d1a9959168b63fc8bd
4254e7cf1ab90040e4c49a20da1b8b6154d7a9992fc86406ff830325e02ffeff

HTTP Headers

GET /lp-codes/css/style.css HTTP/1.1
Host: www.cdflarecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.cdflarecdn.com/lp-ach/adult-18check-4rubx-01/?bg=bg-01&td=t.cdimg.org&campaignid=63c26834e01fcf0001faf352&sourceid=5c10d5056a25120001760933&sub1=&sub2=&ref_id=(ref_id}&rtkcid=646bd88a7a07ac00018367a9&rtkcmpid=63c26834e01fcf0001faf352
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 22 May 2023 21:03:21 GMT
Server: Apache
Last-Modified: Sun, 18 Dec 2022 13:04:15 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=172800, public, must-revalidate
Content-Length: 86
Keep-Alive: timeout=5, max=50
Connection: Keep-Alive
Content-Type: text/css

www.cdflarecdn.com/lp-ach/adult-18check-4rubx-01/css/bootstrap-iso.css

198.50.224.42

200 OK

24 kB

URL GET HTTP/1.1
www.cdflarecdn.com/lp-ach/adult-18check-4rubx-01/css/bootstrap-iso.css
IP
198.50.224.42:443
ASN
#16276 OVH SAS

Requested by
https://www.cdflarecdn.com/lp-ach/adult-18check-4rubx-01/?bg=bg-01&td=t.cdimg.org&campaignid=63c26834e01fcf0001faf352&sourceid=5c10d5056a25120001760933&sub1=&sub2=&ref_id=(ref_id}&rtkcid=646bd88a7a07ac00018367a9&rtkcmpid=63c26834e01fcf0001faf352
Certificate
IssuerSectigo Limited
Subjectwww.cdflarecdn.com
Fingerprint4D:9D:9E:BE:6E:BC:B8:8C:4B:D6:0A:5D:9A:FA:27:0C:22:67:C1:5F
ValidityMon, 24 Oct 2022 00:00:00 GMT - Tue, 24 Oct 2023 23:59:59 GMT

File type
ASCII text, with very long lines (386)
Size
24 kB (24370 bytes)
Hash
330b036e03c374c76fa067464c870acf
0bfd439521bfbe931d33ecd89765c68e3cb1f8ff
27458ceb0f2b338413580891809fde96a1dfd1e82bf25482783fc3879fc1c99c

HTTP Headers

GET /lp-ach/adult-18check-4rubx-01/css/bootstrap-iso.css HTTP/1.1
Host: www.cdflarecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.cdflarecdn.com/lp-ach/adult-18check-4rubx-01/?bg=bg-01&td=t.cdimg.org&campaignid=63c26834e01fcf0001faf352&sourceid=5c10d5056a25120001760933&sub1=&sub2=&ref_id=(ref_id}&rtkcid=646bd88a7a07ac00018367a9&rtkcmpid=63c26834e01fcf0001faf352
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 22 May 2023 21:03:21 GMT
Server: Apache
Last-Modified: Mon, 25 Mar 2019 15:39:42 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=172800, public, must-revalidate
Content-Length: 24370
Keep-Alive: timeout=5, max=50
Connection: Keep-Alive
Content-Type: text/css

www.cdflarecdn.com/lp-ach/adult-18check-4rubx-01/images/18plus.png

198.50.224.42

200 OK

10 kB

URL GET HTTP/1.1
www.cdflarecdn.com/lp-ach/adult-18check-4rubx-01/images/18plus.png
IP
198.50.224.42:443
ASN
#16276 OVH SAS

Requested by
https://www.cdflarecdn.com/lp-ach/adult-18check-4rubx-01/?bg=bg-01&td=t.cdimg.org&campaignid=63c26834e01fcf0001faf352&sourceid=5c10d5056a25120001760933&sub1=&sub2=&ref_id=(ref_id}&rtkcid=646bd88a7a07ac00018367a9&rtkcmpid=63c26834e01fcf0001faf352
Certificate
IssuerSectigo Limited
Subjectwww.cdflarecdn.com
Fingerprint4D:9D:9E:BE:6E:BC:B8:8C:4B:D6:0A:5D:9A:FA:27:0C:22:67:C1:5F
ValidityMon, 24 Oct 2022 00:00:00 GMT - Tue, 24 Oct 2023 23:59:59 GMT

File type
PNG image data, 250 x 250, 8-bit/color RGBA, non-interlaced\012- data
Size
10 kB (10172 bytes)
Hash
c84c67ecd2f6cd8454d4e3291bbd4270
819c3f9dd1e2965df71ea1633677259185ef6684
aeef31605d0bedb50f56ec42d3fec8fb21433409a8991e2a7d688db61249594f

HTTP Headers

GET /lp-ach/adult-18check-4rubx-01/images/18plus.png HTTP/1.1
Host: www.cdflarecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.cdflarecdn.com/lp-ach/adult-18check-4rubx-01/?bg=bg-01&td=t.cdimg.org&campaignid=63c26834e01fcf0001faf352&sourceid=5c10d5056a25120001760933&sub1=&sub2=&ref_id=(ref_id}&rtkcid=646bd88a7a07ac00018367a9&rtkcmpid=63c26834e01fcf0001faf352
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 22 May 2023 21:03:22 GMT
Server: Apache
Last-Modified: Mon, 25 Mar 2019 16:13:46 GMT
Accept-Ranges: bytes
Content-Length: 10172
Cache-Control: max-age=172800, public, must-revalidate
Keep-Alive: timeout=5, max=47
Connection: Keep-Alive
Content-Type: image/png

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
8ab94d7259411fe8a216956474b19511
48c63eaff708604c5f7af9514c3e77109a1f3f73
1dfd960074784d17f2fab64fab44d8aa41c1a794a7000980b428f6ab6392439a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 22 May 2023 21:03:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
8ab94d7259411fe8a216956474b19511
48c63eaff708604c5f7af9514c3e77109a1f3f73
1dfd960074784d17f2fab64fab44d8aa41c1a794a7000980b428f6ab6392439a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 22 May 2023 21:03:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
8ab94d7259411fe8a216956474b19511
48c63eaff708604c5f7af9514c3e77109a1f3f73
1dfd960074784d17f2fab64fab44d8aa41c1a794a7000980b428f6ab6392439a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 22 May 2023 21:03:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.googleapis.com/css?family=Roboto:100,300,400,500,700,900

172.217.21.170

200 OK

17 kB

URL GET HTTP/3
fonts.googleapis.com/css?family=Roboto:100,300,400,500,700,900
IP
172.217.21.170:443
ASN
#15169 GOOGLE

Requested by
https://www.cdflarecdn.com/lp-ach/adult-18check-4rubx-01/?bg=bg-01&td=t.cdimg.org&campaignid=63c26834e01fcf0001faf352&sourceid=5c10d5056a25120001760933&sub1=&sub2=&ref_id=(ref_id}&rtkcid=646bd88a7a07ac00018367a9&rtkcmpid=63c26834e01fcf0001faf352
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint9B:D0:53:C4:55:9D:41:A4:94:03:4A:2B:6A:5B:57:EB:EB:A5:F0:4A
ValidityMon, 24 Apr 2023 12:00:43 GMT - Mon, 17 Jul 2023 12:00:42 GMT

File type
gzip compressed data, max compression\012- data
Size
17 kB (16581 bytes)
Hash
0f5e7bbc743b61dbe65397db4e4c8adc
90c21c96069b8954e1e1f23ed314329145ee0ddb
33c65533349799a3dfac4be720d713f6840dd1803ccf4b889c458df9ab4ef9bc

HTTP Headers

GET /css?family=Roboto:100,300,400,500,700,900 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.cdflarecdn.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 22 May 2023 21:03:21 GMT
date: Mon, 22 May 2023 21:03:21 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://www.cdflarecdn.com/lp-ach/adult-18check-4rubx-01/?bg=bg-01&td=t.cdimg.org&campaignid=63c26834e01fcf0001faf352&sourceid=5c10d5056a25120001760933&sub1=&sub2=&ref_id=(ref_id}&rtkcid=646bd88a7a07ac00018367a9&rtkcmpid=63c26834e01fcf0001faf352
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE2:33:59:47:38:D7:4A:7A:9E:28:5D:EC:AA:94:7F:92:25:D2:B1:C4
ValidityMon, 24 Apr 2023 12:00:43 GMT - Mon, 17 Jul 2023 12:00:42 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.cdflarecdn.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 20 May 2023 03:11:48 GMT
expires: Sun, 19 May 2024 03:11:48 GMT
cache-control: public, max-age=31536000
age: 237094
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://www.cdflarecdn.com/lp-ach/adult-18check-4rubx-01/?bg=bg-01&td=t.cdimg.org&campaignid=63c26834e01fcf0001faf352&sourceid=5c10d5056a25120001760933&sub1=&sub2=&ref_id=(ref_id}&rtkcid=646bd88a7a07ac00018367a9&rtkcmpid=63c26834e01fcf0001faf352
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE2:33:59:47:38:D7:4A:7A:9E:28:5D:EC:AA:94:7F:92:25:D2:B1:C4
ValidityMon, 24 Apr 2023 12:00:43 GMT - Mon, 17 Jul 2023 12:00:42 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Size
16 kB (15920 bytes)
Hash
3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.cdflarecdn.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 17 May 2023 00:16:36 GMT
expires: Thu, 16 May 2024 00:16:36 GMT
cache-control: public, max-age=31536000
age: 506806
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.cdflarecdn.com/lp-ach/backgrounds/adult/bg-01.jpg

198.50.224.42

200 OK

44 kB

URL GET HTTP/1.1
www.cdflarecdn.com/lp-ach/backgrounds/adult/bg-01.jpg
IP
198.50.224.42:443
ASN
#16276 OVH SAS

Requested by
https://www.cdflarecdn.com/lp-ach/adult-18check-4rubx-01/?bg=bg-01&td=t.cdimg.org&campaignid=63c26834e01fcf0001faf352&sourceid=5c10d5056a25120001760933&sub1=&sub2=&ref_id=(ref_id}&rtkcid=646bd88a7a07ac00018367a9&rtkcmpid=63c26834e01fcf0001faf352
Certificate
IssuerSectigo Limited
Subjectwww.cdflarecdn.com
Fingerprint4D:9D:9E:BE:6E:BC:B8:8C:4B:D6:0A:5D:9A:FA:27:0C:22:67:C1:5F
ValidityMon, 24 Oct 2022 00:00:00 GMT - Tue, 24 Oct 2023 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 1000x587, components 3\012- data
Size
44 kB (44428 bytes)
Hash
5fd52a07b6f8a8961a072bf584e0de1c
eae02ac1ce17f867ae7b2db1fbec68ad10a18132
920e5ff9b659674f219b61ed3f2208daaac9aad263dac9561e4d7d0ed67a8ef7

HTTP Headers

GET /lp-ach/backgrounds/adult/bg-01.jpg HTTP/1.1
Host: www.cdflarecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.cdflarecdn.com/lp-ach/adult-18check-4rubx-01/?bg=bg-01&td=t.cdimg.org&campaignid=63c26834e01fcf0001faf352&sourceid=5c10d5056a25120001760933&sub1=&sub2=&ref_id=(ref_id}&rtkcid=646bd88a7a07ac00018367a9&rtkcmpid=63c26834e01fcf0001faf352
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 22 May 2023 21:03:22 GMT
Server: Apache
Last-Modified: Mon, 25 Mar 2019 16:12:42 GMT
Accept-Ranges: bytes
Content-Length: 44428
Cache-Control: max-age=172800, public, must-revalidate
Keep-Alive: timeout=5, max=49
Connection: Keep-Alive
Content-Type: image/jpeg

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
8ab94d7259411fe8a216956474b19511
48c63eaff708604c5f7af9514c3e77109a1f3f73
1dfd960074784d17f2fab64fab44d8aa41c1a794a7000980b428f6ab6392439a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 22 May 2023 21:03:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

deefauph.com/zone?&pub=0&zone_id=5491820&is_mobile=false&domain=www.cdflarecdn.com&var=&ymid=&var_3=&var_4=&dsig=&action=prerequest

139.45.197.251

200 OK

0 B

URL POST HTTP/2
deefauph.com/zone?&pub=0&zone_id=5491820&is_mobile=false&domain=www.cdflarecdn.com&var=&ymid=&var_3=&var_4=&dsig=&action=prerequest
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://www.cdflarecdn.com/lp-ach/adult-18check-4rubx-01/?bg=bg-01&td=t.cdimg.org&campaignid=63c26834e01fcf0001faf352&sourceid=5c10d5056a25120001760933&sub1=&sub2=&ref_id=(ref_id}&rtkcid=646bd88a7a07ac00018367a9&rtkcmpid=63c26834e01fcf0001faf352
Certificate
IssuerLet's Encrypt
Subjectdeefauph.com
Fingerprint31:9A:4F:89:02:91:AE:2A:8F:3A:45:32:15:99:BC:91:72:5F:DC:02
ValiditySun, 21 May 2023 05:15:27 GMT - Sat, 19 Aug 2023 05:15:26 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /zone?&pub=0&zone_id=5491820&is_mobile=false&domain=www.cdflarecdn.com&var=&ymid=&var_3=&var_4=&dsig=&action=prerequest HTTP/1.1
Host: deefauph.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.cdflarecdn.com
DNT: 1
Connection: keep-alive
Referer: https://www.cdflarecdn.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 22 May 2023 21:03:22 GMT
content-length: 0
x-trace-id: dc1e24138fbca0235f59d4ae78814bd5
access-control-allow-origin: https://www.cdflarecdn.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

www.cdflarecdn.com/sw-check-permissions-8bbee.js

198.50.224.42

200 OK

293 B

URL GET HTTP/1.1
www.cdflarecdn.com/sw-check-permissions-8bbee.js
IP
198.50.224.42:443
ASN
#16276 OVH SAS

Requested by
https://www.cdflarecdn.com/lp-ach/adult-18check-4rubx-01/?bg=bg-01&td=t.cdimg.org&campaignid=63c26834e01fcf0001faf352&sourceid=5c10d5056a25120001760933&sub1=&sub2=&ref_id=(ref_id}&rtkcid=646bd88a7a07ac00018367a9&rtkcmpid=63c26834e01fcf0001faf352
Certificate
IssuerSectigo Limited
Subjectwww.cdflarecdn.com
Fingerprint4D:9D:9E:BE:6E:BC:B8:8C:4B:D6:0A:5D:9A:FA:27:0C:22:67:C1:5F
ValidityMon, 24 Oct 2022 00:00:00 GMT - Tue, 24 Oct 2023 23:59:59 GMT

File type
Java source, ASCII text
Size
293 B (293 bytes)
Hash
62c3a518514607d04ce5b6b904f6d934
e48c41c80014e4f86b3e991e15e86a044dc4cccf
3ddd5ffc49ccc8db5f816414ff417d71bf530f675250a419d810e8c11eb449f8

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /sw-check-permissions-8bbee.js HTTP/1.1
Host: www.cdflarecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Referer: https://www.cdflarecdn.com/lp-ach/adult-18check-4rubx-01/?bg=bg-01&td=t.cdimg.org&campaignid=63c26834e01fcf0001faf352&sourceid=5c10d5056a25120001760933&sub1=&sub2=&ref_id=(ref_id}&rtkcid=646bd88a7a07ac00018367a9&rtkcmpid=63c26834e01fcf0001faf352
Cookie: rtkclickid-store=646bd88a7a07ac00018367a9
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 22 May 2023 21:03:22 GMT
Server: Apache
Last-Modified: Thu, 03 Nov 2022 09:14:57 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=172800, public, must-revalidate
Content-Length: 293
Keep-Alive: timeout=5, max=48
Connection: Keep-Alive
Content-Type: application/javascript

t.cdimg.org/view?clickid=646bd88a7a07ac00018367a9

37.48.87.182

204 No Content

0 B

URL GET HTTP/1.1
t.cdimg.org/view?clickid=646bd88a7a07ac00018367a9
IP
37.48.87.182:443
ASN
#60781 LeaseWeb Netherlands B.V.

Requested by
https://www.cdflarecdn.com/lp-ach/adult-18check-4rubx-01/?bg=bg-01&td=t.cdimg.org&campaignid=63c26834e01fcf0001faf352&sourceid=5c10d5056a25120001760933&sub1=&sub2=&ref_id=(ref_id}&rtkcid=646bd88a7a07ac00018367a9&rtkcmpid=63c26834e01fcf0001faf352
Certificate
IssuerSectigo Limited
Subjectt.cdimg.org
FingerprintEB:B8:CF:C7:7A:DC:16:B9:60:1C:7C:37:F4:78:2E:CA:24:FE:E4:7D
ValidityTue, 25 Oct 2022 00:00:00 GMT - Wed, 25 Oct 2023 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /view?clickid=646bd88a7a07ac00018367a9 HTTP/1.1
Host: t.cdimg.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.cdflarecdn.com
DNT: 1
Connection: keep-alive
Referer: https://www.cdflarecdn.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 204 No Content
Server: nginx/1.20.2
Date: Mon, 22 May 2023 21:03:22 GMT
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range

www.cdflarecdn.com/favicon.ico

198.50.224.42

404 Not Found

36 B

URL GET HTTP/1.1
www.cdflarecdn.com/favicon.ico
IP
198.50.224.42:443
ASN
#16276 OVH SAS

Requested by
https://www.cdflarecdn.com/lp-ach/adult-18check-4rubx-01/?bg=bg-01&td=t.cdimg.org&campaignid=63c26834e01fcf0001faf352&sourceid=5c10d5056a25120001760933&sub1=&sub2=&ref_id=(ref_id}&rtkcid=646bd88a7a07ac00018367a9&rtkcmpid=63c26834e01fcf0001faf352
Certificate
IssuerSectigo Limited
Subjectwww.cdflarecdn.com
Fingerprint4D:9D:9E:BE:6E:BC:B8:8C:4B:D6:0A:5D:9A:FA:27:0C:22:67:C1:5F
ValidityMon, 24 Oct 2022 00:00:00 GMT - Tue, 24 Oct 2023 23:59:59 GMT

File type
ASCII text
Size
36 B (36 bytes)
Hash
4845f01eaa8068384625e302e9a4eb05
fb6ff8293fa45e17ba97f84954e7d1d5b0d38f87
8a482f2271a42c5f54c96e816a84340a6f2357a5b81f927d07d00788f5140a41

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.cdflarecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.cdflarecdn.com/lp-ach/adult-18check-4rubx-01/?bg=bg-01&td=t.cdimg.org&campaignid=63c26834e01fcf0001faf352&sourceid=5c10d5056a25120001760933&sub1=&sub2=&ref_id=(ref_id}&rtkcid=646bd88a7a07ac00018367a9&rtkcmpid=63c26834e01fcf0001faf352
Cookie: rtkclickid-store=646bd88a7a07ac00018367a9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Mon, 22 May 2023 21:03:22 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 36
Keep-Alive: timeout=5, max=47
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://www.cdflarecdn.com/lp-ach/adult-18check-4rubx-01/?bg=bg-01&td=t.cdimg.org&campaignid=63c26834e01fcf0001faf352&sourceid=5c10d5056a25120001760933&sub1=&sub2=&ref_id=(ref_id}&rtkcid=646bd88a7a07ac00018367a9&rtkcmpid=63c26834e01fcf0001faf352
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE2:33:59:47:38:D7:4A:7A:9E:28:5D:EC:AA:94:7F:92:25:D2:B1:C4
ValidityMon, 24 Apr 2023 12:00:43 GMT - Mon, 17 Jul 2023 12:00:42 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.cdflarecdn.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 20 May 2023 07:44:41 GMT
expires: Sun, 19 May 2024 07:44:41 GMT
cache-control: public, max-age=31536000
age: 220721
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

deefauph.com/pfe/current/micro.tag.min.js?z=5491820&sw=/sw-check-permissions-8bbee.js

139.45.197.251

200 OK

42 kB

URL GET HTTP/2
deefauph.com/pfe/current/micro.tag.min.js?z=5491820&sw=/sw-check-permissions-8bbee.js
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://www.cdflarecdn.com/lp-ach/adult-18check-4rubx-01/?bg=bg-01&td=t.cdimg.org&campaignid=63c26834e01fcf0001faf352&sourceid=5c10d5056a25120001760933&sub1=&sub2=&ref_id=(ref_id}&rtkcid=646bd88a7a07ac00018367a9&rtkcmpid=63c26834e01fcf0001faf352
Certificate
IssuerLet's Encrypt
Subjectdeefauph.com
Fingerprint31:9A:4F:89:02:91:AE:2A:8F:3A:45:32:15:99:BC:91:72:5F:DC:02
ValiditySun, 21 May 2023 05:15:27 GMT - Sat, 19 Aug 2023 05:15:26 GMT

File type
C source, ASCII text, with very long lines (41979), with no line terminators
Size
42 kB (41979 bytes)
Hash
d44fd7b96fceca8f81b472766025d0d2
237541097413baf5cd3e703413f8bc9ea538a4db
b6c7c1e7fb1a437f100bdcb253df8b0468f130835fbb82c5687505a099997d16

HTTP Headers

GET /pfe/current/micro.tag.min.js?z=5491820&sw=/sw-check-permissions-8bbee.js HTTP/1.1
Host: deefauph.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.cdflarecdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 22 May 2023 21:03:22 GMT
content-type: application/javascript
last-modified: Thu, 11 May 2023 14:20:13 GMT
etag: W/"645cf99d-a3fb"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (9)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL