Report - ad.adsrvr.me/372f24f9-b324-4dc1-b93e-758bed1f5a2d?campaign=ss_es_117_mb169&banner={banner}&site={siteId}&pub={SubId1}&subsource={%25utm

Report Overview

Submitted URL
ad.adsrvr.me/372f24f9-b324-4dc1-b93e-758bed1f5a2d?campaign=ss_es_117_mb169&banner={banner}&site={siteId}&pub={SubId1}&subsource={%25utm_term|url|%25}&ts=117
IP
18.156.93.177
ASN
#16509 AMAZON-02
Submitted
2024-04-26 18:18:00
Access
public
Website Title
¿TIENES SUFICIENTES CONDONES?
Final URL
picknfuck.com/27-623673-es/?cep=lz-Uh0jT6UMLISH4mfVS8TpHG-etPB8xaBmqXsUBqweT1jl5YFaOII-3If_-wHZEGkWh087IKh0tqG6167SGiF0bLrOOIjrOJEOpLUalVeZwrovB3dyRHogpO5OdhevsiIk3wlRfOUj65VZhVhTdqFktgcKx59OIaJxMopuXbbHkK0DwwcC5kpFTsVrzNjE6BJxgkBrA7OdLBX0TuLWUcojAq3EAUUlhuo5FrKyO2Zgv4ijDRvHrN6oxdXo-iw1FkDx5rAdr1cK-y45UCw4xe6Sq7O6qFi_90yqSM7V_DIBJkZL94e7AoPowuK8BdU9W60ZoOVBK2EZzCTeabRn02U0htZ291ESEnnzyZhghLyk3vEhMyz9DEFpreCrkpWwN3FntvsFWDA9xOrgt2OjO5XhGaBI_P0uBuz7dvKJufP2_YvhFv9Dsr7Jra_Ee9F3bVzDkEuCzNV3kfqxbBdHoq_MVEX3Fqh0UQ4ifBFp1MLI&lptoken=17eb147e15b972c755c4&campaign=ss_es_117_mb169&banner=%7Bbanner%7D&site=%7BsiteId%7D&pub=%7BSubId1%7D&subsource=%7B%25utm_term%7Curl%7C%25%7D&ts=117
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
26

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ad.adsrvr.me	unknown	2017-11-21	2019-06-14	2024-02-28	610 B	1.8 kB	18.156.93.177
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-04-25	494 B	6.6 MB	216.58.207.234
alexatracker.com	unknown	2020-07-27	2020-10-28	2024-04-25	452 B	963 B	104.21.85.99
zeniocloud.com	unknown	2022-02-15	2022-02-16	2024-04-25	413 B	1.7 kB	188.114.96.1
picknfuck.com	unknown	2022-12-30	2021-05-29	2024-02-28	11 kB	6.7 MB	104.21.51.242
static.production.push-sender.com	unknown	2023-04-06	2023-06-07	2024-04-25	1.3 kB	56 kB	143.204.55.26

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-26	medium	picknfuck.com	Sinkholed
2024-04-26	medium	picknfuck.com	Sinkholed
2024-04-26	medium	picknfuck.com	Sinkholed
2024-04-26	medium	picknfuck.com	Sinkholed
2024-04-26	medium	picknfuck.com	Sinkholed
2024-04-26	medium	picknfuck.com	Sinkholed
2024-04-26	medium	picknfuck.com	Sinkholed
2024-04-26	medium	picknfuck.com	Sinkholed
2024-04-26	medium	picknfuck.com	Sinkholed
2024-04-26	medium	picknfuck.com	Sinkholed
2024-04-26	medium	picknfuck.com	Sinkholed
2024-04-26	medium	picknfuck.com	Sinkholed
2024-04-26	medium	picknfuck.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (9)

	URL	Size	First Seen	Last Seen
	zeniocloud.com/JAIA.js?sub1=picknfuck.com	598 B	2023-03-13	2024-04-29
Pretty URL zeniocloud.com/JAIA.js?sub1=picknfuck.com IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 11:46:03 Last Seen2024-04-29 06:20:53 Times Seen36 Hash e9414592334fafe3fe5318d2cfdba4dc 53666ac06ed64d404f31d3458b40327be74b3b18 a9eea4076be67034edf423daefb7ca62bd74d141000534aed38cc752041e7df1 Loading...

	static.production.push-sender.com/mng/channels/init.min.js?ver=1673340492	28 kB	2024-02-14	2024-05-07
Pretty URL static.production.push-sender.com/mng/channels/init.min.js?ver=1673340492 IP 143.204.55.26 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-14 21:41:26 Last Seen2024-05-07 20:11:42 Times Seen76 Hash 8853549c3d94b135cff7696e087dc08f 92ff4b057e92c46752e87b593677e960f80afb09 09c57ca60b3ff9fc47a5cf1b9c5eb52017bb130a3347af01be1d05ab1f7f91a0 Loading...

	picknfuck.com/27-623673-es/?cep=lz-Uh0jT6UMLISH4mfVS8TpHG-etPB8xaBmqXsUBqweT1jl5YFaOII-3If_-wHZEGkWh087IKh0tqG6167SGiF0bLrOOIjrOJEOpLUalVeZwrovB3dyRHogpO5OdhevsiIk3wlRfOUj65VZhVhTdqFktgcKx59OIaJxMopuXbbHkK0DwwcC5kpFTsVrzNjE6BJxgkBrA7OdLBX0TuLWUcojAq3EAUUlhuo5FrKyO2Zgv4ijDRvHrN6oxdXo-iw1FkDx5rAdr1cK-y45UCw4xe6Sq7O6qFi_90yqSM7V_DIBJkZL94e7AoPowuK8BdU9W60ZoOVBK2EZzCTeabRn02U0htZ291ESEnnzyZhghLyk3vEhMyz9DEFpreCrkpWwN3FntvsFWDA9xOrgt2OjO5XhGaBI_P0uBuz7dvKJufP2_YvhFv9Dsr7Jra_Ee9F3bVzDkEuCzNV3kfqxbBdHoq_MVEX3Fqh0UQ4ifBFp1MLI&lptoken=17eb147e15b972c755c4&campaign=ss_es_117_mb169&banner=%7Bbanner%7D&site=%7BsiteId%7D&pub=%7BSubId1%7D&subsource=%7B%25utm_term%7Curl%7C%25%7D&ts=117	0 B	2023-03-07	2024-05-07
Pretty URL picknfuck.com/27-623673-es/?cep=lz-Uh0jT6UMLISH4mfVS8TpHG-etPB8xaBmqXsUBqweT1jl5YFaOII-3If_-wHZEGkWh087IKh0tqG6167SGiF0bLrOOIjrOJEOpLUalVeZwrovB3dyRHogpO5OdhevsiIk3wlRfOUj65VZhVhTdqFktgcKx59OIaJxMopuXbbHkK0DwwcC5kpFTsVrzNjE6BJxgkBrA7OdLBX0TuLWUcojAq3EAUUlhuo5FrKyO2Zgv4ijDRvHrN6oxdXo-iw1FkDx5rAdr1cK-y45UCw4xe6Sq7O6qFi_90yqSM7V_DIBJkZL94e7AoPowuK8BdU9W60ZoOVBK2EZzCTeabRn02U0htZ291ESEnnzyZhghLyk3vEhMyz9DEFpreCrkpWwN3FntvsFWDA9xOrgt2OjO5XhGaBI_P0uBuz7dvKJufP2_YvhFv9Dsr7Jra_Ee9F3bVzDkEuCzNV3kfqxbBdHoq_MVEX3Fqh0UQ4ifBFp1MLI&lptoken=17eb147e15b972c755c4&campaign=ss_es_117_mb169&banner=%7Bbanner%7D&site=%7BsiteId%7D&pub=%7BSubId1%7D&subsource=%7B%25utm_term%7Curl%7C%25%7D&ts=117 IP 104.21.51.242 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-07 23:32:34 Times Seen37421276 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	alexatracker.com/jscode/JAIA.js?sub1=picknfuck.com&sub2=&sub3=&sub4=&sub5=&prid=	0 B	2023-03-07	2024-05-07
Pretty URL alexatracker.com/jscode/JAIA.js?sub1=picknfuck.com&sub2=&sub3=&sub4=&sub5=&prid= IP 104.21.85.99 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-07 23:32:34 Times Seen37421276 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	picknfuck.com/27-623673-es/js/jquery.min.js	96 kB	2023-03-07	2024-05-07
Pretty URL picknfuck.com/27-623673-es/js/jquery.min.js IP 104.21.51.242 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:51 Last Seen2024-05-07 21:54:04 Times Seen10176 Hash 5790ead7ad3ba27397aedfa3d263b867 8130544c215fe5d1ec081d83461bf4a711e74882 2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0 Loading...

	picknfuck.com/27-623673-es/js/inline_video.js	3.0 kB	2023-03-07	2024-04-26
Pretty URL picknfuck.com/27-623673-es/js/inline_video.js IP 104.21.51.242 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:16:56 Last Seen2024-04-26 20:18:02 Times Seen95 Hash 5fd7f170bc3d37a875af363e2a37ded3 73ca3e1b09e2c2fbcd58ba689aa2ab7b0a95795c 3ebf4e4084cb10ce005e4e6893ccbc42a73faa5129a9860d4e743fc5c27b678a Loading...

	picknfuck.com/27-623673-es/js/backoffer.js	430 B	2023-03-07	2024-05-07
Pretty URL picknfuck.com/27-623673-es/js/backoffer.js IP 104.21.51.242 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:00 Last Seen2024-05-07 20:11:42 Times Seen5846 Hash 6d5aa83d23ce0b9f72d3b87d000d8fae 034fb8768eb58ffc0b5849e2c162989741a6cbec 89266112a6c823b9c03dd5a32d8f1c5e9f4cbf4cf876b56c825781ea389d0800 Loading...

	picknfuck.com/27-623673-es/?cep=lz-Uh0jT6UMLISH4mfVS8TpHG-etPB8xaBmqXsUBqweT1jl5YFaOII-3If_-wHZEGkWh087IKh0tqG6167SGiF0bLrOOIjrOJEOpLUalVeZwrovB3dyRHogpO5OdhevsiIk3wlRfOUj65VZhVhTdqFktgcKx59OIaJxMopuXbbHkK0DwwcC5kpFTsVrzNjE6BJxgkBrA7OdLBX0TuLWUcojAq3EAUUlhuo5FrKyO2Zgv4ijDRvHrN6oxdXo-iw1FkDx5rAdr1cK-y45UCw4xe6Sq7O6qFi_90yqSM7V_DIBJkZL94e7AoPowuK8BdU9W60ZoOVBK2EZzCTeabRn02U0htZ291ESEnnzyZhghLyk3vEhMyz9DEFpreCrkpWwN3FntvsFWDA9xOrgt2OjO5XhGaBI_P0uBuz7dvKJufP2_YvhFv9Dsr7Jra_Ee9F3bVzDkEuCzNV3kfqxbBdHoq_MVEX3Fqh0UQ4ifBFp1MLI&lptoken=17eb147e15b972c755c4&campaign=ss_es_117_mb169&banner=%7Bbanner%7D&site=%7BsiteId%7D&pub=%7BSubId1%7D&subsource=%7B%25utm_term%7Curl%7C%25%7D&ts=117	0 B	2023-03-07	2024-05-07
Pretty URL picknfuck.com/27-623673-es/?cep=lz-Uh0jT6UMLISH4mfVS8TpHG-etPB8xaBmqXsUBqweT1jl5YFaOII-3If_-wHZEGkWh087IKh0tqG6167SGiF0bLrOOIjrOJEOpLUalVeZwrovB3dyRHogpO5OdhevsiIk3wlRfOUj65VZhVhTdqFktgcKx59OIaJxMopuXbbHkK0DwwcC5kpFTsVrzNjE6BJxgkBrA7OdLBX0TuLWUcojAq3EAUUlhuo5FrKyO2Zgv4ijDRvHrN6oxdXo-iw1FkDx5rAdr1cK-y45UCw4xe6Sq7O6qFi_90yqSM7V_DIBJkZL94e7AoPowuK8BdU9W60ZoOVBK2EZzCTeabRn02U0htZ291ESEnnzyZhghLyk3vEhMyz9DEFpreCrkpWwN3FntvsFWDA9xOrgt2OjO5XhGaBI_P0uBuz7dvKJufP2_YvhFv9Dsr7Jra_Ee9F3bVzDkEuCzNV3kfqxbBdHoq_MVEX3Fqh0UQ4ifBFp1MLI&lptoken=17eb147e15b972c755c4&campaign=ss_es_117_mb169&banner=%7Bbanner%7D&site=%7BsiteId%7D&pub=%7BSubId1%7D&subsource=%7B%25utm_term%7Curl%7C%25%7D&ts=117 IP 104.21.51.242 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-07 23:32:34 Times Seen37421276 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	static.production.push-sender.com/mng/subs_window.js?ver=1673340492	20 kB	2023-08-10	2024-05-07
Pretty URL static.production.push-sender.com/mng/subs_window.js?ver=1673340492 IP 143.204.55.26 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-10 17:34:39 Last Seen2024-05-07 20:11:42 Times Seen453 Hash e554bff5d51655316050fcc4cbc318eb fd76cffd35b9dd8efd673f9f9531c4416a2137ca d7bc6f18c4f0da715cbd5fc46ddc1f98d164bce41bbb6ce068b767107367c93e Loading...

HTTP Transactions (20)

URL IP Response Size

ad.adsrvr.me/372f24f9-b324-4dc1-b93e-758bed1f5a2d?campaign=ss_es_117_mb169&banner={banner}&site={siteId}&pub={SubId1}&subsource={%25utm_term|url|%25}&ts=117

18.156.93.177

302 Found

0 B

URL User Request GET HTTP/2
ad.adsrvr.me/372f24f9-b324-4dc1-b93e-758bed1f5a2d?campaign=ss_es_117_mb169&banner={banner}&site={siteId}&pub={SubId1}&subsource={%25utm_term|url|%25}&ts=117
IP
18.156.93.177:443
ASN
#16509 AMAZON-02

Certificate
IssuerSectigo Limited
Subjectad.adsrvr.me
FingerprintC1:E1:AE:21:E0:F4:EF:03:70:13:EB:17:90:F5:5B:49:C1:DE:8B:1E
ValidityFri, 02 Jun 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /372f24f9-b324-4dc1-b93e-758bed1f5a2d?campaign=ss_es_117_mb169&banner={banner}&site={siteId}&pub={SubId1}&subsource={%25utm_term|url|%25}&ts=117 HTTP/1.1
Host: ad.adsrvr.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 18:17:35 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://picknfuck.com/27-623673-es/?cep=lz-Uh0jT6UMLISH4mfVS8TpHG-etPB8xaBmqXsUBqweT1jl5YFaOII-3If_-wHZEGkWh087IKh0tqG6167SGiF0bLrOOIjrOJEOpLUalVeZwrovB3dyRHogpO5OdhevsiIk3wlRfOUj65VZhVhTdqFktgcKx59OIaJxMopuXbbHkK0DwwcC5kpFTsVrzNjE6BJxgkBrA7OdLBX0TuLWUcojAq3EAUUlhuo5FrKyO2Zgv4ijDRvHrN6oxdXo-iw1FkDx5rAdr1cK-y45UCw4xe6Sq7O6qFi_90yqSM7V_DIBJkZL94e7AoPowuK8BdU9W60ZoOVBK2EZzCTeabRn02U0htZ291ESEnnzyZhghLyk3vEhMyz9DEFpreCrkpWwN3FntvsFWDA9xOrgt2OjO5XhGaBI_P0uBuz7dvKJufP2_YvhFv9Dsr7Jra_Ee9F3bVzDkEuCzNV3kfqxbBdHoq_MVEX3Fqh0UQ4ifBFp1MLI&lptoken=17eb147e15b972c755c4&campaign=ss_es_117_mb169&banner=%7Bbanner%7D&site=%7BsiteId%7D&pub=%7BSubId1%7D&subsource=%7B%25utm_term%7Curl%7C%25%7D&ts=117
pragma: no-cache
set-cookie: 372f24f9-b324-4dc1-b93e-758bed1f5a2d-v4=geWKpoG0jXotKGCInD27zGlfm5FPlrx54AaKnmlNHtk; Max-Age=86400; Expires=Sat, 27-Apr-2024 18:17:35 GMT; Domain=ad.adsrvr.me; Path=/; Secure; HttpOnly;SameSite=None
cep-v4=eYqr7rcCHsDvvHclWWbH_2lhJMjXRs0yDBpzsJTWQb6kGx78aUygB3Io9-lBAeN0gtQJMY1ccf-bo-0At5FoKSCYbZ2nhzV39HMOQqfbpHI0vRgrlY0_u4x8kpkzmgh6RE_7kTgQnDYyG9X8RgYL5EC8_qd-rfZ7ShruCw632RxZnLqOGRB89rQiscuoVFQM_8ByrLAruoyXvGTYG8hnA6ZhKU5QQbkW3zEmX0thL3V24s-en40e44cX6_hyFhiR_MHHEuhhHCQsX1ZlCIANdevkp9erHTSnJ0G2macvIsum8eMdhZvynGjPxPCtGQdT0CwQN2ZNrhKzqoCLMCxZ92a8cue_AlUHymaWFdsdTFCy8Wa0IeHJ82II9UmKjNbpilqk1a1ivgnwPvjZdlsDae7rZrh4dV4LfLIplWK4e3SxAGSQVpjF8yn2un0dvqFdBT8Tm6VpQhmyn7fMOuiC7v1W793gcT0UXphRYnv0DyE; Max-Age=86400; Expires=Sat, 27-Apr-2024 18:17:35 GMT; Domain=ad.adsrvr.me; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Source+Sans+Pro:400,700,400italic,700italic,900italic&subset=latin,latin-ext

216.58.207.234

200 OK

6.6 MB

URL GET HTTP/2
fonts.googleapis.com/css?family=Source+Sans+Pro:400,700,400italic,700italic,900italic&subset=latin,latin-ext
IP
216.58.207.234:443
ASN
#15169 GOOGLE

Requested by
https://picknfuck.com/27-623673-es/?cep=lz-Uh0jT6UMLISH4mfVS8TpHG-etPB8xaBmqXsUBqweT1jl5YFaOII-3If_-wHZEGkWh087IKh0tqG6167SGiF0bLrOOIjrOJEOpLUalVeZwrovB3dyRHogpO5OdhevsiIk3wlRfOUj65VZhVhTdqFktgcKx59OIaJxMopuXbbHkK0DwwcC5kpFTsVrzNjE6BJxgkBrA7OdLBX0TuLWUcojAq3EAUUlhuo5FrKyO2Zgv4ijDRvHrN6oxdXo-iw1FkDx5rAdr1cK-y45UCw4xe6Sq7O6qFi_90yqSM7V_DIBJkZL94e7AoPowuK8BdU9W60ZoOVBK2EZzCTeabRn02U0htZ291ESEnnzyZhghLyk3vEhMyz9DEFpreCrkpWwN3FntvsFWDA9xOrgt2OjO5XhGaBI_P0uBuz7dvKJufP2_YvhFv9Dsr7Jra_Ee9F3bVzDkEuCzNV3kfqxbBdHoq_MVEX3Fqh0UQ4ifBFp1MLI&lptoken=17eb147e15b972c755c4&campaign=ss_es_117_mb169&banner=%7Bbanner%7D&site=%7BsiteId%7D&pub=%7BSubId1%7D&subsource=%7B%25utm_term%7Curl%7C%25%7D&ts=117
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint5F:6D:48:87:16:89:1E:A5:57:29:92:8B:34:BD:F2:92:0C:7F:F2:50
ValidityMon, 08 Apr 2024 07:32:03 GMT - Mon, 01 Jul 2024 07:32:02 GMT

File type
gzip compressed data, max compression
Size
6.6 MB (6597475 bytes)
Hash
4f66e3bd66fff00ac990d410a02c2a4e
8ab223bf6891f72f4ccdf72e2bd6a124bbbe18f7
2c527f8e65fac4b6c5cf36b6469b210d7377a619bacb8d28320cbbe7477666c1

HTTP Headers

GET /css?family=Source+Sans+Pro:400,700,400italic,700italic,900italic&subset=latin,latin-ext HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://picknfuck.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 26 Apr 2024 18:17:36 GMT
date: Fri, 26 Apr 2024 18:17:36 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

alexatracker.com/jscode/JAIA.js?sub1=picknfuck.com&sub2=&sub3=&sub4=&sub5=&prid=

104.21.85.99

200 OK

0 B

URL GET HTTP/2
alexatracker.com/jscode/JAIA.js?sub1=picknfuck.com&sub2=&sub3=&sub4=&sub5=&prid=
IP
104.21.85.99:443
ASN
#13335 CLOUDFLARENET

Requested by
https://picknfuck.com/27-623673-es/?cep=lz-Uh0jT6UMLISH4mfVS8TpHG-etPB8xaBmqXsUBqweT1jl5YFaOII-3If_-wHZEGkWh087IKh0tqG6167SGiF0bLrOOIjrOJEOpLUalVeZwrovB3dyRHogpO5OdhevsiIk3wlRfOUj65VZhVhTdqFktgcKx59OIaJxMopuXbbHkK0DwwcC5kpFTsVrzNjE6BJxgkBrA7OdLBX0TuLWUcojAq3EAUUlhuo5FrKyO2Zgv4ijDRvHrN6oxdXo-iw1FkDx5rAdr1cK-y45UCw4xe6Sq7O6qFi_90yqSM7V_DIBJkZL94e7AoPowuK8BdU9W60ZoOVBK2EZzCTeabRn02U0htZ291ESEnnzyZhghLyk3vEhMyz9DEFpreCrkpWwN3FntvsFWDA9xOrgt2OjO5XhGaBI_P0uBuz7dvKJufP2_YvhFv9Dsr7Jra_Ee9F3bVzDkEuCzNV3kfqxbBdHoq_MVEX3Fqh0UQ4ifBFp1MLI&lptoken=17eb147e15b972c755c4&campaign=ss_es_117_mb169&banner=%7Bbanner%7D&site=%7BsiteId%7D&pub=%7BSubId1%7D&subsource=%7B%25utm_term%7Curl%7C%25%7D&ts=117
Certificate
IssuerGoogle Trust Services LLC
Subjectalexatracker.com
Fingerprint74:C4:C5:AB:F0:96:19:8D:55:C1:FC:49:6D:EF:28:5C:C0:A3:FD:48
ValidityThu, 21 Mar 2024 13:35:40 GMT - Wed, 19 Jun 2024 13:35:39 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /jscode/JAIA.js?sub1=picknfuck.com&sub2=&sub3=&sub4=&sub5=&prid= HTTP/1.1
Host: alexatracker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://picknfuck.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 18:17:37 GMT
content-type: application/json; charset=UTF-8
content-length: 0
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
cf-cache-status: BYPASS
set-cookie: trbarid=cb1dacbc1eaf55d47ab35829730a97ca7cf352364de60f220ebb9e40dc2a0e75a%3A2%3A%7Bi%3A0%3Bs%3A7%3A%22trbarid%22%3Bi%3A1%3Bi%3A2766923474028720065%3B%7D; expires=Fri, 01 May 2026 18:17:37 GMT; Max-Age=63504000; path=/; secure; HttpOnly; SameSite=None
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eWgP%2FiSiZsIZqTFX9od8Gl5G%2BCHfs4TFAestfiYefxTD7BrGhdI2NL4ocaoxkn1%2FcxKld5D3ggvccQcNKcdEU2AXs6fQHXRfiGr%2Bb%2Br5D5wOO4aMshUOlhEbkyUzA%2B5BNVtd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a89215c95e0b4d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

zeniocloud.com/JAIA.js?sub1=picknfuck.com

188.114.96.1

200 OK

1.0 kB

URL GET HTTP/2
zeniocloud.com/JAIA.js?sub1=picknfuck.com
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://picknfuck.com/27-623673-es/?cep=lz-Uh0jT6UMLISH4mfVS8TpHG-etPB8xaBmqXsUBqweT1jl5YFaOII-3If_-wHZEGkWh087IKh0tqG6167SGiF0bLrOOIjrOJEOpLUalVeZwrovB3dyRHogpO5OdhevsiIk3wlRfOUj65VZhVhTdqFktgcKx59OIaJxMopuXbbHkK0DwwcC5kpFTsVrzNjE6BJxgkBrA7OdLBX0TuLWUcojAq3EAUUlhuo5FrKyO2Zgv4ijDRvHrN6oxdXo-iw1FkDx5rAdr1cK-y45UCw4xe6Sq7O6qFi_90yqSM7V_DIBJkZL94e7AoPowuK8BdU9W60ZoOVBK2EZzCTeabRn02U0htZ291ESEnnzyZhghLyk3vEhMyz9DEFpreCrkpWwN3FntvsFWDA9xOrgt2OjO5XhGaBI_P0uBuz7dvKJufP2_YvhFv9Dsr7Jra_Ee9F3bVzDkEuCzNV3kfqxbBdHoq_MVEX3Fqh0UQ4ifBFp1MLI&lptoken=17eb147e15b972c755c4&campaign=ss_es_117_mb169&banner=%7Bbanner%7D&site=%7BsiteId%7D&pub=%7BSubId1%7D&subsource=%7B%25utm_term%7Curl%7C%25%7D&ts=117
Certificate
IssuerGoogle Trust Services LLC
Subjectzeniocloud.com
FingerprintFD:31:E5:23:F0:E6:E0:B5:7F:67:26:F7:34:69:A7:B3:CA:39:1C:37
ValidityMon, 11 Mar 2024 16:41:24 GMT - Sun, 09 Jun 2024 16:41:23 GMT

File type
ASCII text
Size
1.0 kB (1044 bytes)
Hash
e9414592334fafe3fe5318d2cfdba4dc
53666ac06ed64d404f31d3458b40327be74b3b18
a9eea4076be67034edf423daefb7ca62bd74d141000534aed38cc752041e7df1

HTTP Headers

GET /JAIA.js?sub1=picknfuck.com HTTP/1.1
Host: zeniocloud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://picknfuck.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 18:17:36 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: EXPIRED
last-modified: Thu, 25 Apr 2024 03:15:55 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Zf9jsdLWV5NBLGrcCLG%2BgsN8MPEzp0RCRnxjY2pG%2BE5BewyeY8duEfQfxlNwLgE04EtIgThtXWl6k%2By1ql3hHJcQSRz5lW%2B8Qs2MMxHeeTgxaJeLwURSFGGXW4dcBrOImg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a892121ec1b4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

picknfuck.com/27-623673-es/images/android-chrome-192x192.png

104.21.51.242

200 OK

4.6 kB

URL GET HTTP/3
picknfuck.com/27-623673-es/images/android-chrome-192x192.png
IP
104.21.51.242:443
ASN
#13335 CLOUDFLARENET

Requested by
https://picknfuck.com/27-623673-es/?cep=lz-Uh0jT6UMLISH4mfVS8TpHG-etPB8xaBmqXsUBqweT1jl5YFaOII-3If_-wHZEGkWh087IKh0tqG6167SGiF0bLrOOIjrOJEOpLUalVeZwrovB3dyRHogpO5OdhevsiIk3wlRfOUj65VZhVhTdqFktgcKx59OIaJxMopuXbbHkK0DwwcC5kpFTsVrzNjE6BJxgkBrA7OdLBX0TuLWUcojAq3EAUUlhuo5FrKyO2Zgv4ijDRvHrN6oxdXo-iw1FkDx5rAdr1cK-y45UCw4xe6Sq7O6qFi_90yqSM7V_DIBJkZL94e7AoPowuK8BdU9W60ZoOVBK2EZzCTeabRn02U0htZ291ESEnnzyZhghLyk3vEhMyz9DEFpreCrkpWwN3FntvsFWDA9xOrgt2OjO5XhGaBI_P0uBuz7dvKJufP2_YvhFv9Dsr7Jra_Ee9F3bVzDkEuCzNV3kfqxbBdHoq_MVEX3Fqh0UQ4ifBFp1MLI&lptoken=17eb147e15b972c755c4&campaign=ss_es_117_mb169&banner=%7Bbanner%7D&site=%7BsiteId%7D&pub=%7BSubId1%7D&subsource=%7B%25utm_term%7Curl%7C%25%7D&ts=117
Certificate
IssuerLet's Encrypt
Subjectpicknfuck.com
FingerprintC4:BE:77:B5:14:39:D1:B9:5C:D5:AF:6D:95:97:60:F4:74:C6:C8:AD
ValidityWed, 20 Mar 2024 14:19:15 GMT - Tue, 18 Jun 2024 14:19:14 GMT

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced
Size
4.6 kB (4586 bytes)
Hash
778e66e7fde13f01ee89c9123b329d87
4cd8141fd8726576c3bebb90341cab147c2b030d
890d3daf02c38dcb64b0505231458a17597bf4f2bc5cd9820ebbc16fc52e8ba1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /27-623673-es/images/android-chrome-192x192.png HTTP/1.1
Host: picknfuck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://picknfuck.com/27-623673-es/?cep=lz-Uh0jT6UMLISH4mfVS8TpHG-etPB8xaBmqXsUBqweT1jl5YFaOII-3If_-wHZEGkWh087IKh0tqG6167SGiF0bLrOOIjrOJEOpLUalVeZwrovB3dyRHogpO5OdhevsiIk3wlRfOUj65VZhVhTdqFktgcKx59OIaJxMopuXbbHkK0DwwcC5kpFTsVrzNjE6BJxgkBrA7OdLBX0TuLWUcojAq3EAUUlhuo5FrKyO2Zgv4ijDRvHrN6oxdXo-iw1FkDx5rAdr1cK-y45UCw4xe6Sq7O6qFi_90yqSM7V_DIBJkZL94e7AoPowuK8BdU9W60ZoOVBK2EZzCTeabRn02U0htZ291ESEnnzyZhghLyk3vEhMyz9DEFpreCrkpWwN3FntvsFWDA9xOrgt2OjO5XhGaBI_P0uBuz7dvKJufP2_YvhFv9Dsr7Jra_Ee9F3bVzDkEuCzNV3kfqxbBdHoq_MVEX3Fqh0UQ4ifBFp1MLI&lptoken=17eb147e15b972c755c4&campaign=ss_es_117_mb169&banner=%7Bbanner%7D&site=%7BsiteId%7D&pub=%7BSubId1%7D&subsource=%7B%25utm_term%7Curl%7C%25%7D&ts=117
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 18:17:37 GMT
content-type: image/png
content-length: 4586
last-modified: Thu, 14 Nov 2019 13:35:18 GMT
cache-control: public, max-age=31536000
expires: Sat, 26 Apr 2025 18:17:37 GMT
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f%2B%2FIrcjRZ3ePWAJQMrmCcO0YOgHueLxjhxO5txblWZmBDBBrKytsngcWdKgoPaKgZO3rR7Zby8eCKJ4xAuiYOl20%2Boa6%2BTe764sxFEanj54LJPTLHdDV777wy48%2BxVQS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a89219d87b569d-OSL
alt-svc: h3=":443"; ma=86400

picknfuck.com/27-623673-es/css/normalize.css

104.21.51.242

200 OK

9.0 kB

URL GET HTTP/3
picknfuck.com/27-623673-es/css/normalize.css
IP
104.21.51.242:443
ASN
#13335 CLOUDFLARENET

Requested by
https://picknfuck.com/27-623673-es/?cep=lz-Uh0jT6UMLISH4mfVS8TpHG-etPB8xaBmqXsUBqweT1jl5YFaOII-3If_-wHZEGkWh087IKh0tqG6167SGiF0bLrOOIjrOJEOpLUalVeZwrovB3dyRHogpO5OdhevsiIk3wlRfOUj65VZhVhTdqFktgcKx59OIaJxMopuXbbHkK0DwwcC5kpFTsVrzNjE6BJxgkBrA7OdLBX0TuLWUcojAq3EAUUlhuo5FrKyO2Zgv4ijDRvHrN6oxdXo-iw1FkDx5rAdr1cK-y45UCw4xe6Sq7O6qFi_90yqSM7V_DIBJkZL94e7AoPowuK8BdU9W60ZoOVBK2EZzCTeabRn02U0htZ291ESEnnzyZhghLyk3vEhMyz9DEFpreCrkpWwN3FntvsFWDA9xOrgt2OjO5XhGaBI_P0uBuz7dvKJufP2_YvhFv9Dsr7Jra_Ee9F3bVzDkEuCzNV3kfqxbBdHoq_MVEX3Fqh0UQ4ifBFp1MLI&lptoken=17eb147e15b972c755c4&campaign=ss_es_117_mb169&banner=%7Bbanner%7D&site=%7BsiteId%7D&pub=%7BSubId1%7D&subsource=%7B%25utm_term%7Curl%7C%25%7D&ts=117
Certificate
IssuerLet's Encrypt
Subjectpicknfuck.com
FingerprintC4:BE:77:B5:14:39:D1:B9:5C:D5:AF:6D:95:97:60:F4:74:C6:C8:AD
ValidityWed, 20 Mar 2024 14:19:15 GMT - Tue, 18 Jun 2024 14:19:14 GMT

File type
ASCII text
Size
9.0 kB (8975 bytes)
Hash
cf25d32bf7efb5e09dd6cf0810835e8b
bcc5ac6ec15e3e05c4e0162d3a6a5ada9f68cf9c
840b24a805bda861d1adddfe9dc2a6289bd857ae86689d68ecd7a2d69e8e0916

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /27-623673-es/css/normalize.css HTTP/1.1
Host: picknfuck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://picknfuck.com/27-623673-es/?cep=lz-Uh0jT6UMLISH4mfVS8TpHG-etPB8xaBmqXsUBqweT1jl5YFaOII-3If_-wHZEGkWh087IKh0tqG6167SGiF0bLrOOIjrOJEOpLUalVeZwrovB3dyRHogpO5OdhevsiIk3wlRfOUj65VZhVhTdqFktgcKx59OIaJxMopuXbbHkK0DwwcC5kpFTsVrzNjE6BJxgkBrA7OdLBX0TuLWUcojAq3EAUUlhuo5FrKyO2Zgv4ijDRvHrN6oxdXo-iw1FkDx5rAdr1cK-y45UCw4xe6Sq7O6qFi_90yqSM7V_DIBJkZL94e7AoPowuK8BdU9W60ZoOVBK2EZzCTeabRn02U0htZ291ESEnnzyZhghLyk3vEhMyz9DEFpreCrkpWwN3FntvsFWDA9xOrgt2OjO5XhGaBI_P0uBuz7dvKJufP2_YvhFv9Dsr7Jra_Ee9F3bVzDkEuCzNV3kfqxbBdHoq_MVEX3Fqh0UQ4ifBFp1MLI&lptoken=17eb147e15b972c755c4&campaign=ss_es_117_mb169&banner=%7Bbanner%7D&site=%7BsiteId%7D&pub=%7BSubId1%7D&subsource=%7B%25utm_term%7Curl%7C%25%7D&ts=117
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 18:17:36 GMT
content-type: text/css
last-modified: Thu, 14 Nov 2019 13:35:17 GMT
cache-control: public, max-age=2592000
expires: Sun, 26 May 2024 18:17:36 GMT
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4TzZn3cPMHz0YIPc%2FvrNj2yRMYQ%2FGzpTzrbst0uKEjzmsX%2FwEZ3%2BIQZ9PAmBgBwmYxvxk3iulU7CTO3JcNAhO0kkP2RBLY8aggKnNEhwjBiG6VswFZgXvg8TQ2mAxm2r"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a89211aaee569d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

static.production.push-sender.com/mng/subs_window.css?ver=1673340492

143.204.55.26

200 OK

7.1 kB

URL GET HTTP/2
static.production.push-sender.com/mng/subs_window.css?ver=1673340492
IP
143.204.55.26:443
ASN
#16509 AMAZON-02

Requested by
https://picknfuck.com/27-623673-es/?cep=lz-Uh0jT6UMLISH4mfVS8TpHG-etPB8xaBmqXsUBqweT1jl5YFaOII-3If_-wHZEGkWh087IKh0tqG6167SGiF0bLrOOIjrOJEOpLUalVeZwrovB3dyRHogpO5OdhevsiIk3wlRfOUj65VZhVhTdqFktgcKx59OIaJxMopuXbbHkK0DwwcC5kpFTsVrzNjE6BJxgkBrA7OdLBX0TuLWUcojAq3EAUUlhuo5FrKyO2Zgv4ijDRvHrN6oxdXo-iw1FkDx5rAdr1cK-y45UCw4xe6Sq7O6qFi_90yqSM7V_DIBJkZL94e7AoPowuK8BdU9W60ZoOVBK2EZzCTeabRn02U0htZ291ESEnnzyZhghLyk3vEhMyz9DEFpreCrkpWwN3FntvsFWDA9xOrgt2OjO5XhGaBI_P0uBuz7dvKJufP2_YvhFv9Dsr7Jra_Ee9F3bVzDkEuCzNV3kfqxbBdHoq_MVEX3Fqh0UQ4ifBFp1MLI&lptoken=17eb147e15b972c755c4&campaign=ss_es_117_mb169&banner=%7Bbanner%7D&site=%7BsiteId%7D&pub=%7BSubId1%7D&subsource=%7B%25utm_term%7Curl%7C%25%7D&ts=117
Certificate
IssuerAmazon
Subjectproduction.push-sender.com
FingerprintFF:F5:0A:96:D0:0D:81:D4:34:60:CB:E8:B6:BA:85:5B:40:30:38:AE
ValidityMon, 18 Mar 2024 00:00:00 GMT - Thu, 17 Apr 2025 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (7434), with no line terminators
Size
7.1 kB (7130 bytes)
Hash
7edfc18d48d2641549d953ad7b35769d
b57f256b8a85278ce3459c2aac1b517b40889f94
460354d6acce1e481e3f0a6436a6484f25f9a58e1c8540eaa61047573e72d968

HTTP Headers

GET /mng/subs_window.css?ver=1673340492 HTTP/1.1
Host: static.production.push-sender.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://picknfuck.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css
last-modified: Thu, 08 Feb 2024 14:25:55 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
date: Fri, 26 Apr 2024 04:57:36 GMT
etag: W/"adb85744f96b502ad68d63ede0adcd4e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: z51f40Vmev4CNltW3S9yXwInzGycLnF7PDfKPjrnusPh1CwYiuBFUA==
age: 56255
X-Firefox-Spdy: h2

static.production.push-sender.com/mng/channels/init.min.js?ver=1673340492

143.204.55.26

200 OK

28 kB

URL GET HTTP/2
static.production.push-sender.com/mng/channels/init.min.js?ver=1673340492
IP
143.204.55.26:443
ASN
#16509 AMAZON-02

Requested by
https://picknfuck.com/27-623673-es/?cep=lz-Uh0jT6UMLISH4mfVS8TpHG-etPB8xaBmqXsUBqweT1jl5YFaOII-3If_-wHZEGkWh087IKh0tqG6167SGiF0bLrOOIjrOJEOpLUalVeZwrovB3dyRHogpO5OdhevsiIk3wlRfOUj65VZhVhTdqFktgcKx59OIaJxMopuXbbHkK0DwwcC5kpFTsVrzNjE6BJxgkBrA7OdLBX0TuLWUcojAq3EAUUlhuo5FrKyO2Zgv4ijDRvHrN6oxdXo-iw1FkDx5rAdr1cK-y45UCw4xe6Sq7O6qFi_90yqSM7V_DIBJkZL94e7AoPowuK8BdU9W60ZoOVBK2EZzCTeabRn02U0htZ291ESEnnzyZhghLyk3vEhMyz9DEFpreCrkpWwN3FntvsFWDA9xOrgt2OjO5XhGaBI_P0uBuz7dvKJufP2_YvhFv9Dsr7Jra_Ee9F3bVzDkEuCzNV3kfqxbBdHoq_MVEX3Fqh0UQ4ifBFp1MLI&lptoken=17eb147e15b972c755c4&campaign=ss_es_117_mb169&banner=%7Bbanner%7D&site=%7BsiteId%7D&pub=%7BSubId1%7D&subsource=%7B%25utm_term%7Curl%7C%25%7D&ts=117
Certificate
IssuerAmazon
Subjectproduction.push-sender.com
FingerprintFF:F5:0A:96:D0:0D:81:D4:34:60:CB:E8:B6:BA:85:5B:40:30:38:AE
ValidityMon, 18 Mar 2024 00:00:00 GMT - Thu, 17 Apr 2025 23:59:59 GMT

File type
JavaScript source, ASCII text
Size
28 kB (27548 bytes)
Hash
8853549c3d94b135cff7696e087dc08f
92ff4b057e92c46752e87b593677e960f80afb09
09c57ca60b3ff9fc47a5cf1b9c5eb52017bb130a3347af01be1d05ab1f7f91a0

HTTP Headers

GET /mng/channels/init.min.js?ver=1673340492 HTTP/1.1
Host: static.production.push-sender.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://picknfuck.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript
last-modified: Thu, 08 Feb 2024 14:25:55 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
date: Fri, 26 Apr 2024 07:00:54 GMT
etag: W/"8853549c3d94b135cff7696e087dc08f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: rVwOaUvNrugZsQJ3TA1GutP4AY3uU69j-9mlFS3Phnwnq-88OXxVDw==
age: 40738
X-Firefox-Spdy: h2

picknfuck.com/27-623673-es/css/CenturyGothic.woff

104.21.51.242

404 Not Found

315 B

URL GET HTTP/3
picknfuck.com/27-623673-es/css/CenturyGothic.woff
IP
104.21.51.242:443
ASN
#13335 CLOUDFLARENET

Requested by
https://picknfuck.com/27-623673-es/?cep=lz-Uh0jT6UMLISH4mfVS8TpHG-etPB8xaBmqXsUBqweT1jl5YFaOII-3If_-wHZEGkWh087IKh0tqG6167SGiF0bLrOOIjrOJEOpLUalVeZwrovB3dyRHogpO5OdhevsiIk3wlRfOUj65VZhVhTdqFktgcKx59OIaJxMopuXbbHkK0DwwcC5kpFTsVrzNjE6BJxgkBrA7OdLBX0TuLWUcojAq3EAUUlhuo5FrKyO2Zgv4ijDRvHrN6oxdXo-iw1FkDx5rAdr1cK-y45UCw4xe6Sq7O6qFi_90yqSM7V_DIBJkZL94e7AoPowuK8BdU9W60ZoOVBK2EZzCTeabRn02U0htZ291ESEnnzyZhghLyk3vEhMyz9DEFpreCrkpWwN3FntvsFWDA9xOrgt2OjO5XhGaBI_P0uBuz7dvKJufP2_YvhFv9Dsr7Jra_Ee9F3bVzDkEuCzNV3kfqxbBdHoq_MVEX3Fqh0UQ4ifBFp1MLI&lptoken=17eb147e15b972c755c4&campaign=ss_es_117_mb169&banner=%7Bbanner%7D&site=%7BsiteId%7D&pub=%7BSubId1%7D&subsource=%7B%25utm_term%7Curl%7C%25%7D&ts=117
Certificate
IssuerLet's Encrypt
Subjectpicknfuck.com
FingerprintC4:BE:77:B5:14:39:D1:B9:5C:D5:AF:6D:95:97:60:F4:74:C6:C8:AD
ValidityWed, 20 Mar 2024 14:19:15 GMT - Tue, 18 Jun 2024 14:19:14 GMT

File type
HTML document, ASCII text, with very long lines (326), with no line terminators
Size
315 B (315 bytes)
Hash
97ef40509b73c101d6815511c3adf98d
a4242322497ea630ea72e26ba297a95a2bbe5ccd
322c1f60d9d454c801f7cff3173ef16b61cf9963a64e09a4d9e21d36218b56be

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /27-623673-es/css/CenturyGothic.woff HTTP/1.1
Host: picknfuck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://picknfuck.com/27-623673-es/css/style.css?v=2
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Fri, 26 Apr 2024 18:17:37 GMT
content-type: text/html; charset=iso-8859-1
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MDgDKeqjskz7jiaJbuJcjGmBOmEBwG6%2BamXi2KVI4Io93Sp1dps4Zydbxzm5uU%2Fy1NjcBcfYZcsjhY9RR7e14IvyRoWixj7BE1mNcgVh4A3ddYyCXnDt4eWKBmbmJcic"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a89215ca16569d-OSL
alt-svc: h3=":443"; ma=86400

picknfuck.com/27-623673-es/css/CenturyGothic.ttf

104.21.51.242

404 Not Found

315 B

URL GET HTTP/3
picknfuck.com/27-623673-es/css/CenturyGothic.ttf
IP
104.21.51.242:443
ASN
#13335 CLOUDFLARENET

Requested by
https://picknfuck.com/27-623673-es/?cep=lz-Uh0jT6UMLISH4mfVS8TpHG-etPB8xaBmqXsUBqweT1jl5YFaOII-3If_-wHZEGkWh087IKh0tqG6167SGiF0bLrOOIjrOJEOpLUalVeZwrovB3dyRHogpO5OdhevsiIk3wlRfOUj65VZhVhTdqFktgcKx59OIaJxMopuXbbHkK0DwwcC5kpFTsVrzNjE6BJxgkBrA7OdLBX0TuLWUcojAq3EAUUlhuo5FrKyO2Zgv4ijDRvHrN6oxdXo-iw1FkDx5rAdr1cK-y45UCw4xe6Sq7O6qFi_90yqSM7V_DIBJkZL94e7AoPowuK8BdU9W60ZoOVBK2EZzCTeabRn02U0htZ291ESEnnzyZhghLyk3vEhMyz9DEFpreCrkpWwN3FntvsFWDA9xOrgt2OjO5XhGaBI_P0uBuz7dvKJufP2_YvhFv9Dsr7Jra_Ee9F3bVzDkEuCzNV3kfqxbBdHoq_MVEX3Fqh0UQ4ifBFp1MLI&lptoken=17eb147e15b972c755c4&campaign=ss_es_117_mb169&banner=%7Bbanner%7D&site=%7BsiteId%7D&pub=%7BSubId1%7D&subsource=%7B%25utm_term%7Curl%7C%25%7D&ts=117
Certificate
IssuerLet's Encrypt
Subjectpicknfuck.com
FingerprintC4:BE:77:B5:14:39:D1:B9:5C:D5:AF:6D:95:97:60:F4:74:C6:C8:AD
ValidityWed, 20 Mar 2024 14:19:15 GMT - Tue, 18 Jun 2024 14:19:14 GMT

File type
HTML document, ASCII text, with very long lines (326), with no line terminators
Size
315 B (315 bytes)
Hash
97ef40509b73c101d6815511c3adf98d
a4242322497ea630ea72e26ba297a95a2bbe5ccd
322c1f60d9d454c801f7cff3173ef16b61cf9963a64e09a4d9e21d36218b56be

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /27-623673-es/css/CenturyGothic.ttf HTTP/1.1
Host: picknfuck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://picknfuck.com/27-623673-es/css/style.css?v=2
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Fri, 26 Apr 2024 18:17:37 GMT
content-type: text/html; charset=iso-8859-1
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mUAPSnax4AzHovIu0aZRBsLgbIOyrPpF1Ty0cQwppIpjUc9Hb7cuPAZPK0WzAcP0oyKCnAjtCywX3GIB5JF62Txm4PRLIPN1pVvfzJrhqRZ3ctBCGJM79UPeASKeTUrL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a89217acfa569d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

picknfuck.com/27-623673-es/css/style.css?v=2

104.21.51.242

200 OK

6.6 kB

URL GET HTTP/3
picknfuck.com/27-623673-es/css/style.css?v=2
IP
104.21.51.242:443
ASN
#13335 CLOUDFLARENET

Requested by
https://picknfuck.com/27-623673-es/?cep=lz-Uh0jT6UMLISH4mfVS8TpHG-etPB8xaBmqXsUBqweT1jl5YFaOII-3If_-wHZEGkWh087IKh0tqG6167SGiF0bLrOOIjrOJEOpLUalVeZwrovB3dyRHogpO5OdhevsiIk3wlRfOUj65VZhVhTdqFktgcKx59OIaJxMopuXbbHkK0DwwcC5kpFTsVrzNjE6BJxgkBrA7OdLBX0TuLWUcojAq3EAUUlhuo5FrKyO2Zgv4ijDRvHrN6oxdXo-iw1FkDx5rAdr1cK-y45UCw4xe6Sq7O6qFi_90yqSM7V_DIBJkZL94e7AoPowuK8BdU9W60ZoOVBK2EZzCTeabRn02U0htZ291ESEnnzyZhghLyk3vEhMyz9DEFpreCrkpWwN3FntvsFWDA9xOrgt2OjO5XhGaBI_P0uBuz7dvKJufP2_YvhFv9Dsr7Jra_Ee9F3bVzDkEuCzNV3kfqxbBdHoq_MVEX3Fqh0UQ4ifBFp1MLI&lptoken=17eb147e15b972c755c4&campaign=ss_es_117_mb169&banner=%7Bbanner%7D&site=%7BsiteId%7D&pub=%7BSubId1%7D&subsource=%7B%25utm_term%7Curl%7C%25%7D&ts=117
Certificate
IssuerLet's Encrypt
Subjectpicknfuck.com
FingerprintC4:BE:77:B5:14:39:D1:B9:5C:D5:AF:6D:95:97:60:F4:74:C6:C8:AD
ValidityWed, 20 Mar 2024 14:19:15 GMT - Tue, 18 Jun 2024 14:19:14 GMT

File type
ASCII text, with very long lines (7174), with no line terminators
Size
6.6 kB (6560 bytes)
Hash
63757c95f6a7dc9bbc42c3378cd94c0a
4349f76f890931f0ebd60f94f3fe575970ae1ebc
3d3e04afe83d9999f3fa67704db3b8d07b9d99be92971f0ae93f054ccf2730ac

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /27-623673-es/css/style.css?v=2 HTTP/1.1
Host: picknfuck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://picknfuck.com/27-623673-es/?cep=lz-Uh0jT6UMLISH4mfVS8TpHG-etPB8xaBmqXsUBqweT1jl5YFaOII-3If_-wHZEGkWh087IKh0tqG6167SGiF0bLrOOIjrOJEOpLUalVeZwrovB3dyRHogpO5OdhevsiIk3wlRfOUj65VZhVhTdqFktgcKx59OIaJxMopuXbbHkK0DwwcC5kpFTsVrzNjE6BJxgkBrA7OdLBX0TuLWUcojAq3EAUUlhuo5FrKyO2Zgv4ijDRvHrN6oxdXo-iw1FkDx5rAdr1cK-y45UCw4xe6Sq7O6qFi_90yqSM7V_DIBJkZL94e7AoPowuK8BdU9W60ZoOVBK2EZzCTeabRn02U0htZ291ESEnnzyZhghLyk3vEhMyz9DEFpreCrkpWwN3FntvsFWDA9xOrgt2OjO5XhGaBI_P0uBuz7dvKJufP2_YvhFv9Dsr7Jra_Ee9F3bVzDkEuCzNV3kfqxbBdHoq_MVEX3Fqh0UQ4ifBFp1MLI&lptoken=17eb147e15b972c755c4&campaign=ss_es_117_mb169&banner=%7Bbanner%7D&site=%7BsiteId%7D&pub=%7BSubId1%7D&subsource=%7B%25utm_term%7Curl%7C%25%7D&ts=117
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 18:17:36 GMT
content-type: text/css
last-modified: Thu, 14 Nov 2019 13:35:17 GMT
cache-control: public, max-age=2592000
expires: Sun, 26 May 2024 18:17:36 GMT
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xEz%2Be1uAs8g%2Fb%2BVoYA18g6Xs7pY7Y4QknZbJOoaFD5qYNL5LmFE9mrpTWbFMmzXlkOyoTO%2FncItp3lFkABR%2Fdir9qtTH4flEokpvGgA92dbN4iveQ7Zs%2BAcebwdyfBjr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a89211aaf2569d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

picknfuck.com/27-623673-es/js/jquery.min.js

104.21.51.242

200 OK

96 kB

URL GET HTTP/3
picknfuck.com/27-623673-es/js/jquery.min.js
IP
104.21.51.242:443
ASN
#13335 CLOUDFLARENET

Requested by
https://picknfuck.com/27-623673-es/?cep=lz-Uh0jT6UMLISH4mfVS8TpHG-etPB8xaBmqXsUBqweT1jl5YFaOII-3If_-wHZEGkWh087IKh0tqG6167SGiF0bLrOOIjrOJEOpLUalVeZwrovB3dyRHogpO5OdhevsiIk3wlRfOUj65VZhVhTdqFktgcKx59OIaJxMopuXbbHkK0DwwcC5kpFTsVrzNjE6BJxgkBrA7OdLBX0TuLWUcojAq3EAUUlhuo5FrKyO2Zgv4ijDRvHrN6oxdXo-iw1FkDx5rAdr1cK-y45UCw4xe6Sq7O6qFi_90yqSM7V_DIBJkZL94e7AoPowuK8BdU9W60ZoOVBK2EZzCTeabRn02U0htZ291ESEnnzyZhghLyk3vEhMyz9DEFpreCrkpWwN3FntvsFWDA9xOrgt2OjO5XhGaBI_P0uBuz7dvKJufP2_YvhFv9Dsr7Jra_Ee9F3bVzDkEuCzNV3kfqxbBdHoq_MVEX3Fqh0UQ4ifBFp1MLI&lptoken=17eb147e15b972c755c4&campaign=ss_es_117_mb169&banner=%7Bbanner%7D&site=%7BsiteId%7D&pub=%7BSubId1%7D&subsource=%7B%25utm_term%7Curl%7C%25%7D&ts=117
Certificate
IssuerLet's Encrypt
Subjectpicknfuck.com
FingerprintC4:BE:77:B5:14:39:D1:B9:5C:D5:AF:6D:95:97:60:F4:74:C6:C8:AD
ValidityWed, 20 Mar 2024 14:19:15 GMT - Tue, 18 Jun 2024 14:19:14 GMT

File type
JavaScript source, ASCII text, with very long lines (32047)
Size
96 kB (95931 bytes)
Hash
5790ead7ad3ba27397aedfa3d263b867
8130544c215fe5d1ec081d83461bf4a711e74882
2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /27-623673-es/js/jquery.min.js HTTP/1.1
Host: picknfuck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://picknfuck.com/27-623673-es/?cep=lz-Uh0jT6UMLISH4mfVS8TpHG-etPB8xaBmqXsUBqweT1jl5YFaOII-3If_-wHZEGkWh087IKh0tqG6167SGiF0bLrOOIjrOJEOpLUalVeZwrovB3dyRHogpO5OdhevsiIk3wlRfOUj65VZhVhTdqFktgcKx59OIaJxMopuXbbHkK0DwwcC5kpFTsVrzNjE6BJxgkBrA7OdLBX0TuLWUcojAq3EAUUlhuo5FrKyO2Zgv4ijDRvHrN6oxdXo-iw1FkDx5rAdr1cK-y45UCw4xe6Sq7O6qFi_90yqSM7V_DIBJkZL94e7AoPowuK8BdU9W60ZoOVBK2EZzCTeabRn02U0htZ291ESEnnzyZhghLyk3vEhMyz9DEFpreCrkpWwN3FntvsFWDA9xOrgt2OjO5XhGaBI_P0uBuz7dvKJufP2_YvhFv9Dsr7Jra_Ee9F3bVzDkEuCzNV3kfqxbBdHoq_MVEX3Fqh0UQ4ifBFp1MLI&lptoken=17eb147e15b972c755c4&campaign=ss_es_117_mb169&banner=%7Bbanner%7D&site=%7BsiteId%7D&pub=%7BSubId1%7D&subsource=%7B%25utm_term%7Curl%7C%25%7D&ts=117
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 18:17:36 GMT
content-type: text/javascript
last-modified: Thu, 14 Nov 2019 13:35:21 GMT
cache-control: max-age=2592000, private
expires: Sun, 26 May 2024 18:17:36 GMT
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tuL00P%2BH8VxMAYBDxS%2BfSELoV%2Fgq5joM9ce2ZPOnyuMxt5xSxNeOtl3YQvqE3fG8PZwfmihGAPF67ZhiUlOg%2BYN6suIapo2w8065z2hAcRycImfB9KLtIsw1fKXkooTg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a89211aafc569d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

picknfuck.com/27-623673-es/css/CenturyGothic-Bold.woff

104.21.51.242

404 Not Found

315 B

URL GET HTTP/3
picknfuck.com/27-623673-es/css/CenturyGothic-Bold.woff
IP
104.21.51.242:443
ASN
#13335 CLOUDFLARENET

Requested by
https://picknfuck.com/27-623673-es/?cep=lz-Uh0jT6UMLISH4mfVS8TpHG-etPB8xaBmqXsUBqweT1jl5YFaOII-3If_-wHZEGkWh087IKh0tqG6167SGiF0bLrOOIjrOJEOpLUalVeZwrovB3dyRHogpO5OdhevsiIk3wlRfOUj65VZhVhTdqFktgcKx59OIaJxMopuXbbHkK0DwwcC5kpFTsVrzNjE6BJxgkBrA7OdLBX0TuLWUcojAq3EAUUlhuo5FrKyO2Zgv4ijDRvHrN6oxdXo-iw1FkDx5rAdr1cK-y45UCw4xe6Sq7O6qFi_90yqSM7V_DIBJkZL94e7AoPowuK8BdU9W60ZoOVBK2EZzCTeabRn02U0htZ291ESEnnzyZhghLyk3vEhMyz9DEFpreCrkpWwN3FntvsFWDA9xOrgt2OjO5XhGaBI_P0uBuz7dvKJufP2_YvhFv9Dsr7Jra_Ee9F3bVzDkEuCzNV3kfqxbBdHoq_MVEX3Fqh0UQ4ifBFp1MLI&lptoken=17eb147e15b972c755c4&campaign=ss_es_117_mb169&banner=%7Bbanner%7D&site=%7BsiteId%7D&pub=%7BSubId1%7D&subsource=%7B%25utm_term%7Curl%7C%25%7D&ts=117
Certificate
IssuerLet's Encrypt
Subjectpicknfuck.com
FingerprintC4:BE:77:B5:14:39:D1:B9:5C:D5:AF:6D:95:97:60:F4:74:C6:C8:AD
ValidityWed, 20 Mar 2024 14:19:15 GMT - Tue, 18 Jun 2024 14:19:14 GMT

File type
HTML document, ASCII text, with very long lines (326), with no line terminators
Size
315 B (315 bytes)
Hash
97ef40509b73c101d6815511c3adf98d
a4242322497ea630ea72e26ba297a95a2bbe5ccd
322c1f60d9d454c801f7cff3173ef16b61cf9963a64e09a4d9e21d36218b56be

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /27-623673-es/css/CenturyGothic-Bold.woff HTTP/1.1
Host: picknfuck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://picknfuck.com/27-623673-es/css/style.css?v=2
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Fri, 26 Apr 2024 18:17:36 GMT
content-type: text/html; charset=iso-8859-1
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BVUfZs8GagcpswmIfJ5c1t23BbkWbbik5fOdjC6E3VBXgO0gp4b%2BQ9yS%2Fztw%2FeaPlTl8HA%2FS9azeRGxRK0OtL3SpR8BNYPYI%2FLfyLSy9UjkIpVup506cUzkArtsKTDPg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a89215da23569d-OSL
alt-svc: h3=":443"; ma=86400

static.production.push-sender.com/mng/subs_window.js?ver=1673340492

143.204.55.26

200 OK

20 kB

URL GET HTTP/2
static.production.push-sender.com/mng/subs_window.js?ver=1673340492
IP
143.204.55.26:443
ASN
#16509 AMAZON-02

Requested by
https://picknfuck.com/27-623673-es/?cep=lz-Uh0jT6UMLISH4mfVS8TpHG-etPB8xaBmqXsUBqweT1jl5YFaOII-3If_-wHZEGkWh087IKh0tqG6167SGiF0bLrOOIjrOJEOpLUalVeZwrovB3dyRHogpO5OdhevsiIk3wlRfOUj65VZhVhTdqFktgcKx59OIaJxMopuXbbHkK0DwwcC5kpFTsVrzNjE6BJxgkBrA7OdLBX0TuLWUcojAq3EAUUlhuo5FrKyO2Zgv4ijDRvHrN6oxdXo-iw1FkDx5rAdr1cK-y45UCw4xe6Sq7O6qFi_90yqSM7V_DIBJkZL94e7AoPowuK8BdU9W60ZoOVBK2EZzCTeabRn02U0htZ291ESEnnzyZhghLyk3vEhMyz9DEFpreCrkpWwN3FntvsFWDA9xOrgt2OjO5XhGaBI_P0uBuz7dvKJufP2_YvhFv9Dsr7Jra_Ee9F3bVzDkEuCzNV3kfqxbBdHoq_MVEX3Fqh0UQ4ifBFp1MLI&lptoken=17eb147e15b972c755c4&campaign=ss_es_117_mb169&banner=%7Bbanner%7D&site=%7BsiteId%7D&pub=%7BSubId1%7D&subsource=%7B%25utm_term%7Curl%7C%25%7D&ts=117
Certificate
IssuerAmazon
Subjectproduction.push-sender.com
FingerprintFF:F5:0A:96:D0:0D:81:D4:34:60:CB:E8:B6:BA:85:5B:40:30:38:AE
ValidityMon, 18 Mar 2024 00:00:00 GMT - Thu, 17 Apr 2025 23:59:59 GMT

File type

Size
20 kB (19706 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /mng/subs_window.js?ver=1673340492 HTTP/1.1
Host: static.production.push-sender.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://picknfuck.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript
last-modified: Thu, 08 Feb 2024 14:25:55 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
date: Fri, 26 Apr 2024 05:24:30 GMT
etag: W/"2b3010e6d2440c83b9cfff48def5f0c1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 7vmpYhO_FS0-9RgoOWCSFYw27zK4BR5klOZLGu6xI1vS_WpQGqZW-Q==
age: 46408
X-Firefox-Spdy: h2

picknfuck.com/27-623673-es/js/backoffer.js

104.21.51.242

200 OK

430 B

URL GET HTTP/3
picknfuck.com/27-623673-es/js/backoffer.js
IP
104.21.51.242:443
ASN
#13335 CLOUDFLARENET

Requested by
https://picknfuck.com/27-623673-es/?cep=lz-Uh0jT6UMLISH4mfVS8TpHG-etPB8xaBmqXsUBqweT1jl5YFaOII-3If_-wHZEGkWh087IKh0tqG6167SGiF0bLrOOIjrOJEOpLUalVeZwrovB3dyRHogpO5OdhevsiIk3wlRfOUj65VZhVhTdqFktgcKx59OIaJxMopuXbbHkK0DwwcC5kpFTsVrzNjE6BJxgkBrA7OdLBX0TuLWUcojAq3EAUUlhuo5FrKyO2Zgv4ijDRvHrN6oxdXo-iw1FkDx5rAdr1cK-y45UCw4xe6Sq7O6qFi_90yqSM7V_DIBJkZL94e7AoPowuK8BdU9W60ZoOVBK2EZzCTeabRn02U0htZ291ESEnnzyZhghLyk3vEhMyz9DEFpreCrkpWwN3FntvsFWDA9xOrgt2OjO5XhGaBI_P0uBuz7dvKJufP2_YvhFv9Dsr7Jra_Ee9F3bVzDkEuCzNV3kfqxbBdHoq_MVEX3Fqh0UQ4ifBFp1MLI&lptoken=17eb147e15b972c755c4&campaign=ss_es_117_mb169&banner=%7Bbanner%7D&site=%7BsiteId%7D&pub=%7BSubId1%7D&subsource=%7B%25utm_term%7Curl%7C%25%7D&ts=117
Certificate
IssuerLet's Encrypt
Subjectpicknfuck.com
FingerprintC4:BE:77:B5:14:39:D1:B9:5C:D5:AF:6D:95:97:60:F4:74:C6:C8:AD
ValidityWed, 20 Mar 2024 14:19:15 GMT - Tue, 18 Jun 2024 14:19:14 GMT

File type
JavaScript source, ASCII text, with very long lines (430), with no line terminators
Size
430 B (430 bytes)
Hash
6d5aa83d23ce0b9f72d3b87d000d8fae
034fb8768eb58ffc0b5849e2c162989741a6cbec
89266112a6c823b9c03dd5a32d8f1c5e9f4cbf4cf876b56c825781ea389d0800

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /27-623673-es/js/backoffer.js HTTP/1.1
Host: picknfuck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://picknfuck.com/27-623673-es/?cep=lz-Uh0jT6UMLISH4mfVS8TpHG-etPB8xaBmqXsUBqweT1jl5YFaOII-3If_-wHZEGkWh087IKh0tqG6167SGiF0bLrOOIjrOJEOpLUalVeZwrovB3dyRHogpO5OdhevsiIk3wlRfOUj65VZhVhTdqFktgcKx59OIaJxMopuXbbHkK0DwwcC5kpFTsVrzNjE6BJxgkBrA7OdLBX0TuLWUcojAq3EAUUlhuo5FrKyO2Zgv4ijDRvHrN6oxdXo-iw1FkDx5rAdr1cK-y45UCw4xe6Sq7O6qFi_90yqSM7V_DIBJkZL94e7AoPowuK8BdU9W60ZoOVBK2EZzCTeabRn02U0htZ291ESEnnzyZhghLyk3vEhMyz9DEFpreCrkpWwN3FntvsFWDA9xOrgt2OjO5XhGaBI_P0uBuz7dvKJufP2_YvhFv9Dsr7Jra_Ee9F3bVzDkEuCzNV3kfqxbBdHoq_MVEX3Fqh0UQ4ifBFp1MLI&lptoken=17eb147e15b972c755c4&campaign=ss_es_117_mb169&banner=%7Bbanner%7D&site=%7BsiteId%7D&pub=%7BSubId1%7D&subsource=%7B%25utm_term%7Curl%7C%25%7D&ts=117
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 18:17:36 GMT
content-type: text/javascript
last-modified: Thu, 14 Nov 2019 13:35:21 GMT
cache-control: max-age=2592000, private
expires: Sun, 26 May 2024 18:17:36 GMT
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oFw%2FFN3yhpjrr4wPySnxUGStzSZheSV34HtS3w9ObwsIhwU7f7y9xGjN0dcK39KppQETSTLpd47qY8VyBJoxxguAz3l8IVi13YLdU27J2dMJRuUqoy1HkPANMXyMsjb5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a89211bb12569d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

picknfuck.com/27-623673-es/images/19.gif

104.21.51.242

200 OK

6.6 MB

URL GET HTTP/3
picknfuck.com/27-623673-es/images/19.gif
IP
104.21.51.242:443
ASN
#13335 CLOUDFLARENET

Requested by
https://picknfuck.com/27-623673-es/?cep=lz-Uh0jT6UMLISH4mfVS8TpHG-etPB8xaBmqXsUBqweT1jl5YFaOII-3If_-wHZEGkWh087IKh0tqG6167SGiF0bLrOOIjrOJEOpLUalVeZwrovB3dyRHogpO5OdhevsiIk3wlRfOUj65VZhVhTdqFktgcKx59OIaJxMopuXbbHkK0DwwcC5kpFTsVrzNjE6BJxgkBrA7OdLBX0TuLWUcojAq3EAUUlhuo5FrKyO2Zgv4ijDRvHrN6oxdXo-iw1FkDx5rAdr1cK-y45UCw4xe6Sq7O6qFi_90yqSM7V_DIBJkZL94e7AoPowuK8BdU9W60ZoOVBK2EZzCTeabRn02U0htZ291ESEnnzyZhghLyk3vEhMyz9DEFpreCrkpWwN3FntvsFWDA9xOrgt2OjO5XhGaBI_P0uBuz7dvKJufP2_YvhFv9Dsr7Jra_Ee9F3bVzDkEuCzNV3kfqxbBdHoq_MVEX3Fqh0UQ4ifBFp1MLI&lptoken=17eb147e15b972c755c4&campaign=ss_es_117_mb169&banner=%7Bbanner%7D&site=%7BsiteId%7D&pub=%7BSubId1%7D&subsource=%7B%25utm_term%7Curl%7C%25%7D&ts=117
Certificate
IssuerLet's Encrypt
Subjectpicknfuck.com
FingerprintC4:BE:77:B5:14:39:D1:B9:5C:D5:AF:6D:95:97:60:F4:74:C6:C8:AD
ValidityWed, 20 Mar 2024 14:19:15 GMT - Tue, 18 Jun 2024 14:19:14 GMT

File type

Size
6.6 MB (6596597 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /27-623673-es/images/19.gif HTTP/1.1
Host: picknfuck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://picknfuck.com/27-623673-es/css/style.css?v=2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 18:17:37 GMT
content-type: image/gif
content-length: 6596597
last-modified: Thu, 14 Nov 2019 13:35:19 GMT
cache-control: public, max-age=31536000
expires: Sat, 26 Apr 2025 18:17:36 GMT
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4EHbpVuU2%2Bp%2B7f7LkzBJ4EcwwEgCgH0uTaRBr4N1YxPhKMyOaJCOupa7%2FZxgBoj0zB6zEv%2BoDjOHpgZg15x11ZZ9rdSxbNOfdk4F7ZwbOmm4jdBFTAfZ1xZwwQGEPg7f"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a89215998d569d-OSL
alt-svc: h3=":443"; ma=86400

picknfuck.com/27-623673-es/images/favicon-16x16.png

104.21.51.242

200 OK

748 B

URL GET HTTP/3
picknfuck.com/27-623673-es/images/favicon-16x16.png
IP
104.21.51.242:443
ASN
#13335 CLOUDFLARENET

Requested by
https://picknfuck.com/27-623673-es/?cep=lz-Uh0jT6UMLISH4mfVS8TpHG-etPB8xaBmqXsUBqweT1jl5YFaOII-3If_-wHZEGkWh087IKh0tqG6167SGiF0bLrOOIjrOJEOpLUalVeZwrovB3dyRHogpO5OdhevsiIk3wlRfOUj65VZhVhTdqFktgcKx59OIaJxMopuXbbHkK0DwwcC5kpFTsVrzNjE6BJxgkBrA7OdLBX0TuLWUcojAq3EAUUlhuo5FrKyO2Zgv4ijDRvHrN6oxdXo-iw1FkDx5rAdr1cK-y45UCw4xe6Sq7O6qFi_90yqSM7V_DIBJkZL94e7AoPowuK8BdU9W60ZoOVBK2EZzCTeabRn02U0htZ291ESEnnzyZhghLyk3vEhMyz9DEFpreCrkpWwN3FntvsFWDA9xOrgt2OjO5XhGaBI_P0uBuz7dvKJufP2_YvhFv9Dsr7Jra_Ee9F3bVzDkEuCzNV3kfqxbBdHoq_MVEX3Fqh0UQ4ifBFp1MLI&lptoken=17eb147e15b972c755c4&campaign=ss_es_117_mb169&banner=%7Bbanner%7D&site=%7BsiteId%7D&pub=%7BSubId1%7D&subsource=%7B%25utm_term%7Curl%7C%25%7D&ts=117
Certificate
IssuerLet's Encrypt
Subjectpicknfuck.com
FingerprintC4:BE:77:B5:14:39:D1:B9:5C:D5:AF:6D:95:97:60:F4:74:C6:C8:AD
ValidityWed, 20 Mar 2024 14:19:15 GMT - Tue, 18 Jun 2024 14:19:14 GMT

File type
PNG image data, 16 x 16, 8-bit colormap, non-interlaced
Size
748 B (748 bytes)
Hash
2073755dce5f376126918f9088bfa40c
02152e71e873e4bc54dc043d11beeda57509b911
56735e3f974ead2524241c4d837bd6982bb10300d04fb2d1c5ce81f68b32afa3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /27-623673-es/images/favicon-16x16.png HTTP/1.1
Host: picknfuck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://picknfuck.com/27-623673-es/?cep=lz-Uh0jT6UMLISH4mfVS8TpHG-etPB8xaBmqXsUBqweT1jl5YFaOII-3If_-wHZEGkWh087IKh0tqG6167SGiF0bLrOOIjrOJEOpLUalVeZwrovB3dyRHogpO5OdhevsiIk3wlRfOUj65VZhVhTdqFktgcKx59OIaJxMopuXbbHkK0DwwcC5kpFTsVrzNjE6BJxgkBrA7OdLBX0TuLWUcojAq3EAUUlhuo5FrKyO2Zgv4ijDRvHrN6oxdXo-iw1FkDx5rAdr1cK-y45UCw4xe6Sq7O6qFi_90yqSM7V_DIBJkZL94e7AoPowuK8BdU9W60ZoOVBK2EZzCTeabRn02U0htZ291ESEnnzyZhghLyk3vEhMyz9DEFpreCrkpWwN3FntvsFWDA9xOrgt2OjO5XhGaBI_P0uBuz7dvKJufP2_YvhFv9Dsr7Jra_Ee9F3bVzDkEuCzNV3kfqxbBdHoq_MVEX3Fqh0UQ4ifBFp1MLI&lptoken=17eb147e15b972c755c4&campaign=ss_es_117_mb169&banner=%7Bbanner%7D&site=%7BsiteId%7D&pub=%7BSubId1%7D&subsource=%7B%25utm_term%7Curl%7C%25%7D&ts=117
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 18:17:37 GMT
content-type: image/png
content-length: 748
last-modified: Thu, 14 Nov 2019 13:35:18 GMT
cache-control: public, max-age=31536000
expires: Sat, 26 Apr 2025 18:17:37 GMT
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iHO5mQckXvFXmJ117l4A5IdjCj1lJxxMS7vI5nmBfafZDtzt6F9wZlYRW8%2F63ItWt1ZTW34gE%2FkF4r1RPip3%2B%2FFJrF1g75novHPtIzZFsSQsZSL2%2BNjopkvZtUW%2Bu1qX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a89219d87f569d-OSL
alt-svc: h3=":443"; ma=86400

picknfuck.com/27-623673-es/?cep=lz-Uh0jT6UMLISH4mfVS8TpHG-etPB8xaBmqXsUBqweT1jl5YFaOII-3If_-wHZEGkWh087IKh0tqG6167SGiF0bLrOOIjrOJEOpLUalVeZwrovB3dyRHogpO5OdhevsiIk3wlRfOUj65VZhVhTdqFktgcKx59OIaJxMopuXbbHkK0DwwcC5kpFTsVrzNjE6BJxgkBrA7OdLBX0TuLWUcojAq3EAUUlhuo5FrKyO2Zgv4ijDRvHrN6oxdXo-iw1FkDx5rAdr1cK-y45UCw4xe6Sq7O6qFi_90yqSM7V_DIBJkZL94e7AoPowuK8BdU9W60ZoOVBK2EZzCTeabRn02U0htZ291ESEnnzyZhghLyk3vEhMyz9DEFpreCrkpWwN3FntvsFWDA9xOrgt2OjO5XhGaBI_P0uBuz7dvKJufP2_YvhFv9Dsr7Jra_Ee9F3bVzDkEuCzNV3kfqxbBdHoq_MVEX3Fqh0UQ4ifBFp1MLI&lptoken=17eb147e15b972c755c4&campaign=ss_es_117_mb169&banner=%7Bbanner%7D&site=%7BsiteId%7D&pub=%7BSubId1%7D&subsource=%7B%25utm_term%7Curl%7C%25%7D&ts=117

104.21.51.242

200 OK

4.4 kB

URL User Request GET HTTP/2
picknfuck.com/27-623673-es/?cep=lz-Uh0jT6UMLISH4mfVS8TpHG-etPB8xaBmqXsUBqweT1jl5YFaOII-3If_-wHZEGkWh087IKh0tqG6167SGiF0bLrOOIjrOJEOpLUalVeZwrovB3dyRHogpO5OdhevsiIk3wlRfOUj65VZhVhTdqFktgcKx59OIaJxMopuXbbHkK0DwwcC5kpFTsVrzNjE6BJxgkBrA7OdLBX0TuLWUcojAq3EAUUlhuo5FrKyO2Zgv4ijDRvHrN6oxdXo-iw1FkDx5rAdr1cK-y45UCw4xe6Sq7O6qFi_90yqSM7V_DIBJkZL94e7AoPowuK8BdU9W60ZoOVBK2EZzCTeabRn02U0htZ291ESEnnzyZhghLyk3vEhMyz9DEFpreCrkpWwN3FntvsFWDA9xOrgt2OjO5XhGaBI_P0uBuz7dvKJufP2_YvhFv9Dsr7Jra_Ee9F3bVzDkEuCzNV3kfqxbBdHoq_MVEX3Fqh0UQ4ifBFp1MLI&lptoken=17eb147e15b972c755c4&campaign=ss_es_117_mb169&banner=%7Bbanner%7D&site=%7BsiteId%7D&pub=%7BSubId1%7D&subsource=%7B%25utm_term%7Curl%7C%25%7D&ts=117
IP
104.21.51.242:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectpicknfuck.com
FingerprintC4:BE:77:B5:14:39:D1:B9:5C:D5:AF:6D:95:97:60:F4:74:C6:C8:AD
ValidityWed, 20 Mar 2024 14:19:15 GMT - Tue, 18 Jun 2024 14:19:14 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (4738), with no line terminators
Size
4.4 kB (4448 bytes)
Hash
63f1caaa5d39736c123a7ebc24c28a5e
f098077756288d5b0d462357b25839ac5d848524
4cc6b04d3bf7a0726b57ee20569c93f72bf57b347aa69c2b8a1b3b2770eb9890

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /27-623673-es/?cep=lz-Uh0jT6UMLISH4mfVS8TpHG-etPB8xaBmqXsUBqweT1jl5YFaOII-3If_-wHZEGkWh087IKh0tqG6167SGiF0bLrOOIjrOJEOpLUalVeZwrovB3dyRHogpO5OdhevsiIk3wlRfOUj65VZhVhTdqFktgcKx59OIaJxMopuXbbHkK0DwwcC5kpFTsVrzNjE6BJxgkBrA7OdLBX0TuLWUcojAq3EAUUlhuo5FrKyO2Zgv4ijDRvHrN6oxdXo-iw1FkDx5rAdr1cK-y45UCw4xe6Sq7O6qFi_90yqSM7V_DIBJkZL94e7AoPowuK8BdU9W60ZoOVBK2EZzCTeabRn02U0htZ291ESEnnzyZhghLyk3vEhMyz9DEFpreCrkpWwN3FntvsFWDA9xOrgt2OjO5XhGaBI_P0uBuz7dvKJufP2_YvhFv9Dsr7Jra_Ee9F3bVzDkEuCzNV3kfqxbBdHoq_MVEX3Fqh0UQ4ifBFp1MLI&lptoken=17eb147e15b972c755c4&campaign=ss_es_117_mb169&banner=%7Bbanner%7D&site=%7BsiteId%7D&pub=%7BSubId1%7D&subsource=%7B%25utm_term%7Curl%7C%25%7D&ts=117 HTTP/1.1
Host: picknfuck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 18:17:35 GMT
content-type: text/html; charset=UTF-8
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a6d1%2FOgIP0dmd1RcZDaGHvK8xiTtQDyVBnblXX9pk5xhwXNn5s4kwziU5ohVfd0n4AHfAXy%2FpBk5mrEawM8ksNZDiY%2FCwpzsapEXkNvvWeUr6Bis6dKCbXgSkgYajJFX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a8920a9a1bb50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

picknfuck.com/27-623673-es/js/inline_video.js

104.21.51.242

200 OK

3.0 kB

URL GET HTTP/3
picknfuck.com/27-623673-es/js/inline_video.js
IP
104.21.51.242:443
ASN
#13335 CLOUDFLARENET

Requested by
https://picknfuck.com/27-623673-es/?cep=lz-Uh0jT6UMLISH4mfVS8TpHG-etPB8xaBmqXsUBqweT1jl5YFaOII-3If_-wHZEGkWh087IKh0tqG6167SGiF0bLrOOIjrOJEOpLUalVeZwrovB3dyRHogpO5OdhevsiIk3wlRfOUj65VZhVhTdqFktgcKx59OIaJxMopuXbbHkK0DwwcC5kpFTsVrzNjE6BJxgkBrA7OdLBX0TuLWUcojAq3EAUUlhuo5FrKyO2Zgv4ijDRvHrN6oxdXo-iw1FkDx5rAdr1cK-y45UCw4xe6Sq7O6qFi_90yqSM7V_DIBJkZL94e7AoPowuK8BdU9W60ZoOVBK2EZzCTeabRn02U0htZ291ESEnnzyZhghLyk3vEhMyz9DEFpreCrkpWwN3FntvsFWDA9xOrgt2OjO5XhGaBI_P0uBuz7dvKJufP2_YvhFv9Dsr7Jra_Ee9F3bVzDkEuCzNV3kfqxbBdHoq_MVEX3Fqh0UQ4ifBFp1MLI&lptoken=17eb147e15b972c755c4&campaign=ss_es_117_mb169&banner=%7Bbanner%7D&site=%7BsiteId%7D&pub=%7BSubId1%7D&subsource=%7B%25utm_term%7Curl%7C%25%7D&ts=117
Certificate
IssuerLet's Encrypt
Subjectpicknfuck.com
FingerprintC4:BE:77:B5:14:39:D1:B9:5C:D5:AF:6D:95:97:60:F4:74:C6:C8:AD
ValidityWed, 20 Mar 2024 14:19:15 GMT - Tue, 18 Jun 2024 14:19:14 GMT

File type
JavaScript source, ASCII text, with very long lines (3065), with no line terminators
Size
3.0 kB (3012 bytes)
Hash
e175bdfcc4b171365efc49e1ea0dfb7d
24d2ffb1437bfae00f7c45a15a356f3a5e35429a
e5962ae0ff8087856fce6a84548a742c61496e2bb37011dca33ab004eabeb5c7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /27-623673-es/js/inline_video.js HTTP/1.1
Host: picknfuck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://picknfuck.com/27-623673-es/?cep=lz-Uh0jT6UMLISH4mfVS8TpHG-etPB8xaBmqXsUBqweT1jl5YFaOII-3If_-wHZEGkWh087IKh0tqG6167SGiF0bLrOOIjrOJEOpLUalVeZwrovB3dyRHogpO5OdhevsiIk3wlRfOUj65VZhVhTdqFktgcKx59OIaJxMopuXbbHkK0DwwcC5kpFTsVrzNjE6BJxgkBrA7OdLBX0TuLWUcojAq3EAUUlhuo5FrKyO2Zgv4ijDRvHrN6oxdXo-iw1FkDx5rAdr1cK-y45UCw4xe6Sq7O6qFi_90yqSM7V_DIBJkZL94e7AoPowuK8BdU9W60ZoOVBK2EZzCTeabRn02U0htZ291ESEnnzyZhghLyk3vEhMyz9DEFpreCrkpWwN3FntvsFWDA9xOrgt2OjO5XhGaBI_P0uBuz7dvKJufP2_YvhFv9Dsr7Jra_Ee9F3bVzDkEuCzNV3kfqxbBdHoq_MVEX3Fqh0UQ4ifBFp1MLI&lptoken=17eb147e15b972c755c4&campaign=ss_es_117_mb169&banner=%7Bbanner%7D&site=%7BsiteId%7D&pub=%7BSubId1%7D&subsource=%7B%25utm_term%7Curl%7C%25%7D&ts=117
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 18:17:36 GMT
content-type: text/javascript
last-modified: Thu, 14 Nov 2019 13:35:21 GMT
cache-control: max-age=2592000, private
expires: Sun, 26 May 2024 18:17:36 GMT
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gbnab8z7Q6iY9O8PkXNmp9mVMOmXkj5HiWLtYlK0edilSyoEZAkg7NsrwMutQ1HbOaCtTBjuafXhLd0CKlPscIBlQERu%2BQUgTR8hcTfOTycTr9UtVR9bVjfHMUwLmgJf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a89211bb11569d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

picknfuck.com/27-623673-es/css/CenturyGothic-Bold.ttf

104.21.51.242

404 Not Found

315 B

URL GET HTTP/3
picknfuck.com/27-623673-es/css/CenturyGothic-Bold.ttf
IP
104.21.51.242:443
ASN
#13335 CLOUDFLARENET

Requested by
https://picknfuck.com/27-623673-es/?cep=lz-Uh0jT6UMLISH4mfVS8TpHG-etPB8xaBmqXsUBqweT1jl5YFaOII-3If_-wHZEGkWh087IKh0tqG6167SGiF0bLrOOIjrOJEOpLUalVeZwrovB3dyRHogpO5OdhevsiIk3wlRfOUj65VZhVhTdqFktgcKx59OIaJxMopuXbbHkK0DwwcC5kpFTsVrzNjE6BJxgkBrA7OdLBX0TuLWUcojAq3EAUUlhuo5FrKyO2Zgv4ijDRvHrN6oxdXo-iw1FkDx5rAdr1cK-y45UCw4xe6Sq7O6qFi_90yqSM7V_DIBJkZL94e7AoPowuK8BdU9W60ZoOVBK2EZzCTeabRn02U0htZ291ESEnnzyZhghLyk3vEhMyz9DEFpreCrkpWwN3FntvsFWDA9xOrgt2OjO5XhGaBI_P0uBuz7dvKJufP2_YvhFv9Dsr7Jra_Ee9F3bVzDkEuCzNV3kfqxbBdHoq_MVEX3Fqh0UQ4ifBFp1MLI&lptoken=17eb147e15b972c755c4&campaign=ss_es_117_mb169&banner=%7Bbanner%7D&site=%7BsiteId%7D&pub=%7BSubId1%7D&subsource=%7B%25utm_term%7Curl%7C%25%7D&ts=117
Certificate
IssuerLet's Encrypt
Subjectpicknfuck.com
FingerprintC4:BE:77:B5:14:39:D1:B9:5C:D5:AF:6D:95:97:60:F4:74:C6:C8:AD
ValidityWed, 20 Mar 2024 14:19:15 GMT - Tue, 18 Jun 2024 14:19:14 GMT

File type
HTML document, ASCII text, with very long lines (326), with no line terminators
Size
315 B (315 bytes)
Hash
97ef40509b73c101d6815511c3adf98d
a4242322497ea630ea72e26ba297a95a2bbe5ccd
322c1f60d9d454c801f7cff3173ef16b61cf9963a64e09a4d9e21d36218b56be

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /27-623673-es/css/CenturyGothic-Bold.ttf HTTP/1.1
Host: picknfuck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://picknfuck.com/27-623673-es/css/style.css?v=2
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Fri, 26 Apr 2024 18:17:37 GMT
content-type: text/html; charset=iso-8859-1
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YlVX7N54WP82Aej1V9jpKdT4V%2BWzPLZDQIRCp%2FfDWwKTJ5NydQgxvLot8BAWCCjUJ2FKOnn8fCA0JTy809bbehoogWhAhGFxXV2HjWGfSKHrqgiauyzLn2eFUUYf7YUA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a892164ac4569d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (9)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML