getsweetchickshere.com Open in urlscan Pro
2606:4700:30::681b:961b Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://protect2.fireeye.com/url?k=7aec53f5-26cabbe6-7ae860fa-000babd906fc-7c7c49911db5dafd&u=http://cutt.us/Ko6su
Effective URL:
https://getsweetchickshere.com/qeqcpoepizykyce?t=LIHA
Submission: On February 22 via manual (February 22nd 2019, 7:09:20 pm UTC) from US

Summary HTTP 16 Redirects Behaviour Indicators

Summary

This website contacted 11 IPs in 5 countries across 13 domains to perform 16 HTTP transactions. The main IP is 2606:4700:30::681b:961b, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is getsweetchickshere.com.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on January 21st 2019. Valid for: a year.

This is the only time getsweetchickshere.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Porn Scam (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 1	2a02:e980:d::a0 2a02:e980:d::a0	19551 (INCAPSULA) (INCAPSULA - Incapsula Inc)
1	104.200.150.207 104.200.150.207	46562 (TOTAL-SER...) (TOTAL-SERVER-SOLUTIONS - Total Server Solutions L.L.C.)
1	2a00:1450:400... 2a00:1450:4001:81b::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
1 1	2a00:1450:400... 2a00:1450:4001:821::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
1	91.121.43.227 91.121.43.227	16276 (OVH) (OVH)
1	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:401... 2a00:1450:4016:80a::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
3	172.217.21.226 172.217.21.226	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:4001:808::2001	15169 (GOOGLE) (GOOGLE - Google LLC)
2	2606:4700:30:... 2606:4700:30::681b:961b	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	2606:4700::68... 2606:4700::6813:c597	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
3	116.202.29.204 116.202.29.204	24940 (HETZNER-AS) (HETZNER-AS)
1	205.185.208.52 205.185.208.52	20446 (HIGHWINDS3) (HIGHWINDS3 - Highwinds Network Group)
16	11

1 2a02:e980:d::a0 (Israel) 1 redirects

ASN19551 (INCAPSULA - Incapsula Inc, US)

protect2.fireeye.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.200.150.207 (Atlanta, United States)

ASN46562 (TOTAL-SERVER-SOLUTIONS - Total Server Solutions L.L.C., US)

cutt.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81b::2002 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:821::200e (Ireland) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

goo.gl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 91.121.43.227 (France)

ASN16276 (OVH, FR)
PTR: up.top4top.net

up.top4top.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2002 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4016:80a::2002 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.217.21.226 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s13-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2001 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:30::681b:961b (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

getsweetchickshere.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6813:c597 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 116.202.29.204 (Bangalore, India)

ASN24940 (HETZNER-AS, DE)
PTR: static.204.29.202.116.clients.your-server.de

t-r-f-k.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 205.185.208.52 (Phoenix, United States)

ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
PTR: vip052.ssl.hwcdn.net

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	t-r-f-k.com t-r-f-k.com	1 MB
3	doubleclick.net securepubads.g.doubleclick.net	88 KB
2	getsweetchickshere.com getsweetchickshere.com	5 KB
1	jquery.com code.jquery.com	30 KB
1	cloudflare.com cdnjs.cloudflare.com	4 KB
1	googlesyndication.com tpc.googlesyndication.com
1	google.com adservice.google.com	171 B
1	google.de adservice.google.de	171 B
1	top4top.net up.top4top.net	1 KB
1	goo.gl 1 redirects goo.gl	626 B
1	googletagservices.com www.googletagservices.com	10 KB
1	cutt.us cutt.us	2 KB
1	fireeye.com 1 redirects protect2.fireeye.com	681 B
16	13

	Domain	Requested by
3	t-r-f-k.com	getsweetchickshere.com
3	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net
2	getsweetchickshere.com	cutt.us getsweetchickshere.com
1	code.jquery.com	getsweetchickshere.com
1	cdnjs.cloudflare.com	getsweetchickshere.com
1	tpc.googlesyndication.com	securepubads.g.doubleclick.net
1	adservice.google.com	www.googletagservices.com
1	adservice.google.de	www.googletagservices.com
1	up.top4top.net	cutt.us
1	goo.gl	1 redirects
1	www.googletagservices.com	cutt.us
1	cutt.us
1	protect2.fireeye.com	1 redirects
16	13

This site contains no links.

Subject Issuer	Validity	Valid
*.g.doubleclick.net Google Internet Authority G3	`2019-01-29` - `2019-04-23`	3 months	crt.sh
*.top4top.net AlphaSSL CA - SHA256 - G2	`2018-03-03` - `2020-04-03`	2 years	crt.sh
*.google.com Google Internet Authority G3	`2019-01-29` - `2019-04-23`	3 months	crt.sh
sni.cloudflaressl.com CloudFlare Inc ECC CA-2	`2019-01-21` - `2020-01-21`	a year	crt.sh
ssl412106.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2018-09-22` - `2019-03-31`	6 months	crt.sh
t-r-f-k.com Let's Encrypt Authority X3	`2019-01-11` - `2019-04-11`	3 months	crt.sh
jquery.org COMODO RSA Domain Validation Secure Server CA	`2018-10-17` - `2020-10-16`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://getsweetchickshere.com/qeqcpoepizykyce?t=LIHA
Frame ID: 8CECCF8BD2E9DB5F1D8926D8AC2F0FF4
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://protect2.fireeye.com/url?k=7aec53f5-26cabbe6-7ae860fa-000babd906fc-7c7c49911db5dafd&u=http://cutt... HTTP 302
http://cutt.us/Ko6su Page URL
https://getsweetchickshere.com/qeqcpoepizykyce?t=LIHA Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

env /^jQuery$/i

Page Statistics

16
Requests

88 %
HTTPS

62 %
IPv6

13
Domains

13
Subdomains

11
IPs

5
Countries

1169 kB
Transfer

1464 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://protect2.fireeye.com/url?k=7aec53f5-26cabbe6-7ae860fa-000babd906fc-7c7c49911db5dafd&u=http://cutt.us/Ko6su HTTP 302
http://cutt.us/Ko6su Page URL
https://getsweetchickshere.com/qeqcpoepizykyce?t=LIHA Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://protect2.fireeye.com/url?k=7aec53f5-26cabbe6-7ae860fa-000babd906fc-7c7c49911db5dafd&u=http://cutt.us/Ko6su HTTP 302
http://cutt.us/Ko6su

Request Chain 2

https://goo.gl/p6vTYw HTTP 302
https://up.top4top.net/images/spacer.gif

16 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Ko6su Show response
cutt.us/
Redirect Chain

https://protect2.fireeye.com/url?k=7aec53f5-26cabbe6-7ae860fa-000babd906fc-7c7c49911db5dafd&u=http://cutt.us/Ko6su
http://cutt.us/Ko6su

3 KB
2 KB

355ms
124ms

Document
text/html

104.200.150.207
Total Server Solu...

General

Check archive.org

Show headers Download Go to

Full URL: http://cutt.us/Ko6su
Protocol: HTTP/1.1
Server: 104.200.150.207 Atlanta, United States, ASN46562 (TOTAL-SERVER-SOLUTIONS - Total Server Solutions L.L.C., US),
Reverse DNS
Software: nginx /
Resource Hash: 5a1e4f52fbe63e46cd614c298317b6e2146dd44c2ec1a185ac92fccd7236f0e4

Request headers

Host: cutt.us
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Server: nginx
Date: Fri, 22 Feb 2019 19:09:03 GMT
Content-Type: text/html; Charset=UTF-8;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
I-AM: Alpha
Content-Encoding: gzip

Redirect headers

Date: Fri, 22 Feb 2019 19:09:03 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
X-Fireeye-Faude: Benign
Location: http://cutt.us/Ko6su
Set-Cookie: visid_incap_813375=leFMme/4QaWQ0eh+F3Bq2M1IcFwAAAAAQUIPAAAAAACjHWaQLqdhOPJfFk1zehgA; expires=Sat, 22 Feb 2020 18:39:16 GMT; path=/; Domain=.fireeye.com nlbi_813375=BUBEb7qb5H6WVI4Tt7E59gAAAACoFYIwMcmCkb55kZJFXZhv; path=/; Domain=.fireeye.com incap_ses_878_813375=WTM1GF3rb2yKhdN1/kgvDM5IcFwAAAAAQyFasf5P5wUtAdsgwZaN1A==; path=/; Domain=.fireeye.com
X-Iinfo: 7-48505942-48505945 NNNN CT(164 330 0) RT(1550862541754 17) q(0 0 5 0) r(10 10) U11

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 31 KB
10 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:81b::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: cutt.us
URL: http://cutt.us/Ko6su

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:81b::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

1311e0b478b4378e1ad756d4f3030b7bcf8e897d6de4ee5ab06de668dd931519

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://cutt.us/Ko6su
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 22 Feb 2019 19:09:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "91 / 816 of 1000 / last-modified: 1550787710"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39",quic=":443"; ma=2592000; v="44,43,39"
content-length: 10534
x-xss-protection: 1; mode=block
expires: Fri, 22 Feb 2019 19:09:04 GMT

GET
H/1.1

200
OK

spacer.gif
up.top4top.net/images/
Redirect Chain

https://goo.gl/p6vTYw
https://up.top4top.net/images/spacer.gif

807 B
1 KB

73ms
18ms

Image
image/gif

91.121.43.227
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://up.top4top.net/images/spacer.gif
Requested by: Host: cutt.us
URL: http://cutt.us/Ko6su
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 91.121.43.227 , France, ASN16276 (OVH, FR),
Reverse DNS: up.top4top.net
Software: HotCores /
Resource Hash: 6bf788214f0920f04146aa23bc2d8588b55a3e81b5c7f25acc4377b895030979

Request headers

Referer: http://cutt.us/Ko6su
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 22 Feb 2019 19:09:04 GMT
Last-Modified: Mon, 26 Sep 2016 09:33:17 GMT
Server: HotCores
ETag: "57e8eb5d-327"
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
Accept-Ranges: bytes
Content-Length: 807
Expires: Fri, 01 Mar 2019 19:09:04 GMT

Redirect headers

pragma: no-cache
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
server: ESF
location: https://up.top4top.net/images/spacer.gif
date: Fri, 22 Feb 2019 19:09:04 GMT
x-frame-options: SAMEORIGIN
content-type: application/binary
status: 302
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-security-policy: script-src 'report-sample' 'nonce-lr0VSBVQS+38xIZXa2YrdA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DurableDeepLinkUi/cspreport;worker-src 'self', script-src 'nonce-lr0VSBVQS+38xIZXa2YrdA' 'self' 'unsafe-eval' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DurableDeepLinkUi/cspreport
alt-svc: quic=":443"; ma=2592000; v="44,43,39"
content-length: 0
x-xss-protection: 1; mode=block
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 109 B
171 B 17ms
16ms Script
application/javascript 2a00:1450:4001:809::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=cutt.us

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:809::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://cutt.us/Ko6su
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 22 Feb 2019 19:09:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: application/javascript; charset=UTF-8
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39",quic=":443"; ma=2592000; v="44,43,39"
content-length: 104
x-xss-protection: 1; mode=block

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 109 B
171 B 30ms
29ms Script
application/javascript 2a00:1450:4016:80a::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=cutt.us

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4016:80a::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://cutt.us/Ko6su
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 22 Feb 2019 19:09:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: application/javascript; charset=UTF-8
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39",quic=":443"; ma=2592000; v="44,43,39"
content-length: 104
x-xss-protection: 1; mode=block

GET
H2 200 pubads_impl_308.js Show response
securepubads.g.doubleclick.net/gpt/ 182 KB
62 KB 43ms
42ms Script
text/javascript 172.217.21.226
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_308.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.217.21.226 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s13-in-f2.1e100.net

Software

sffe /

Resource Hash

54f11fd621e5939eb06040298235228ebe3c089d22ecaddc65ed877d1a977c1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://cutt.us/Ko6su
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 22 Feb 2019 19:09:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 19 Feb 2019 18:41:49 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39"
content-length: 63519
x-xss-protection: 1; mode=block
expires: Fri, 22 Feb 2019 19:09:04 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 416 B
514 B 36ms
36ms XHR
text/plain 172.217.21.226
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2196163429703654&correlator=3280715344697983&output=ldjh&callback=googletag.impl.pubads.callbackProxy1&impl=fif&adsid=NT&eid=21062069%2C21062887%2C21062889%2C21063016%2C21063139%2C53887176&vrg=308&guci=1.2.0.0.2.2.0.0&plat=1%3A32776%2C2%3A32776%2C8%3A32776&sc=0&sfv=1-0-32&iu=%2F5837603%2FCutt_360&sz=300x360&cookie_enabled=1&bc=7&abxe=1&lmt=1550862544&dt=1550862544191&dlt=1550862544040&idt=137&frm=20&biw=1600&bih=1200&oid=3&adx=0&ady=0&adk=1933368604&uci=1&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fcutt.us%2FKo6su&dssz=7&icsg=170&std=0&vis=1&scr_x=0&scr_y=0&psz=300x423&msz=0x0&blev=1&bisch=1&ga_vid=753631988.1550862544&ga_sid=1550862544&ga_hid=404997239&fws=128

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_308.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.217.21.226 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s13-in-f2.1e100.net

Software

cafe /

Resource Hash

80f9e2799f9780309d9df282ae52230a81792d8198505d7163d52dc0a7802229

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: http://cutt.us/Ko6su
Origin: http://cutt.us

Response headers

date: Fri, 22 Feb 2019 19:09:04 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39"
content-length: 286
x-xss-protection: 1; mode=block
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://cutt.us
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubads_impl_rendering_308.js Show response
securepubads.g.doubleclick.net/gpt/ 67 KB
25 KB 42ms
42ms Script
text/javascript 172.217.21.226
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_308.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_308.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.217.21.226 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s13-in-f2.1e100.net

Software

sffe /

Resource Hash

d58f7e95bf8f6784186de8e32db1ab79e9e3521a17494dfefc8b30e7f4475a73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://cutt.us/Ko6su
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 22 Feb 2019 19:09:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 19 Feb 2019 18:41:49 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39"
content-length: 25416
x-xss-protection: 1; mode=block
expires: Fri, 22 Feb 2019 19:09:04 GMT

GET
H/1.1 200
OK container.html
tpc.googlesyndication.com/safeframe/1-0-32/html/ 0
0 11ms
6ms Other
text/html 2a00:1450:4001:808::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: http://tpc.googlesyndication.com/safeframe/1-0-32/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_308.js
Protocol: HTTP/1.1
Server: 2a00:1450:4001:808::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Purpose: prefetch
Referer: http://cutt.us/Ko6su
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

GET
H2 200 Primary Request qeqcpoepizykyce Show response
getsweetchickshere.com/ 16 KB
5 KB 115ms
45ms Document
text/html 2606:4700:30::681b:961b
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://getsweetchickshere.com/qeqcpoepizykyce?t=LIHA

Requested by

Host: cutt.us
URL: http://cutt.us/Ko6su

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::681b:961b , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

258f66116f5fd6502ca63f4c4d27ad268d4ce8bea512be8ce6ddc3d3b5e93272

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: getsweetchickshere.com
:scheme: https
:path: /qeqcpoepizykyce?t=LIHA
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer: http://cutt.us/Ko6su
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: http://cutt.us/Ko6su

Response headers

status: 200
date: Fri, 22 Feb 2019 19:09:04 GMT
content-type: text/html; charset=utf-8
set-cookie: __cfduid=d9c19a96046e7f0c021be618c68de15801550862544; expires=Sat, 22-Feb-20 19:09:04 GMT; path=/; domain=.getsweetchickshere.com; HttpOnly uord=5bbf144cd9cf561281f75c726b457dd1; path=/; expires=Sun, 21 Feb 2021 19:09:04 GMT; max-age=63072000; HttpOnly k=SFMyNTY.g3QAAAAIbQAAAARhdW5xbQAAABZ7IjE5NTcwIjoid0JBYnJQcmdvUiJ9bQAAAANoaWRtAAAAHGtiVU9VS1JxdHJQWHRycGlyR094Uk5vTUJWV3htAAAAAmhsZAADbmlsbQAAAAJyZHQAAAAEZAAKX19zdHJ1Y3RfX2QAGEVsaXhpci5UZGV4LlJvdGF0aW9uRGF0YWQADmNsaWNrZWRfb2ZmZXJzdAAAAABkAAhsYW5kaW5nc2wAAAABYgAAArlqZAALc2Vlbl9vZmZlcnNsAAAAAWIAAD9Iam0AAAAFc3ViXzFkAANuaWxtAAAABXN1Yl8yZAADbmlsbQAAAAd0cmFja2VybQAAAARMSUhBbQAAAAN1bnFtAAAADFZBaG94UGJQYUxJag.XSEf5gqYFm6vyBeEgzFEer0DpOVcQSthV3JpwJxafOA; path=/; expires=Sat, 22 Feb 2020 19:09:04 GMT; max-age=31536000
vary: Accept-Encoding
cache-control: max-age=0, private, must-revalidate
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 4ad3beb69d8997f8-FRA
content-encoding: br

GET
H2 200 animate.min.css
cdnjs.cloudflare.com/ajax/libs/animate.css/3.5.2/ 52 KB
4 KB 15ms
13ms Stylesheet
text/css 2606:4700::6813:c597
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/animate.css/3.5.2/animate.min.css

Requested by

Host: getsweetchickshere.com
URL: https://getsweetchickshere.com/qeqcpoepizykyce?t=LIHA

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:c597 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8fe3fa119255adb5e0c12479331f9e092e85bcff56ab6ecc0510bfa2056b898d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: https://getsweetchickshere.com/qeqcpoepizykyce?t=LIHA
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 22 Feb 2019 19:09:04 GMT
content-encoding: br
cf-cache-status: HIT
status: 200
strict-transport-security: max-age=15780000; includeSubDomains
last-modified: Thu, 17 May 2018 09:15:36 GMT
server: cloudflare
etag: W/"5afd4838-ce35"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
expires: Wed, 12 Feb 2020 19:09:04 GMT
cache-control: public, max-age=30672000
cf-ray: 4ad3beb6f8cd97c8-FRA
served-in-seconds: 0.001

GET
H/1.1 200
OK 123.png
t-r-f-k.com/assets/a839d8605434e7a7e3dcac0469d935a7/images/ 790 KB
790 KB 121ms
25ms Image
image/png 116.202.29.204
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t-r-f-k.com/assets/a839d8605434e7a7e3dcac0469d935a7/images/123.png
Requested by: Host: getsweetchickshere.com
URL: https://getsweetchickshere.com/qeqcpoepizykyce?t=LIHA
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 116.202.29.204 Bangalore, India, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.204.29.202.116.clients.your-server.de
Software: /
Resource Hash: e08eb5bb46cf75aa30658f3506f3de8c274af04007e1fbf27f175d0db00cdfe1

Request headers

Referer: https://getsweetchickshere.com/qeqcpoepizykyce?t=LIHA
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 22 Feb 2019 19:09:04 GMT
Last-Modified: Fri, 15 Feb 2019 10:44:35 GMT
ETag: "5c669813-c569f"
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/png
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,Content-Range
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Content-Length: 808607

GET
H/1.1 200
OK jquery-2.2.4.min.js Show response
code.jquery.com/ 84 KB
30 KB 102ms
19ms Script
application/javascript 205.185.208.52
Highwinds Network...

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-2.2.4.min.js
Requested by: Host: getsweetchickshere.com
URL: https://getsweetchickshere.com/qeqcpoepizykyce?t=LIHA
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.185.208.52 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS: vip052.ssl.hwcdn.net
Software: nginx /
Resource Hash: 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://getsweetchickshere.com/qeqcpoepizykyce?t=LIHA
Origin: https://getsweetchickshere.com

Response headers

Date: Fri, 22 Feb 2019 19:09:04 GMT
Content-Encoding: gzip
Last-Modified: Fri, 20 May 2016 17:24:41 GMT
Server: nginx
ETag: W/"573f4859-14e4a"
Vary: Accept-Encoding
X-HW: 1550862544.dop002.pa1.t,1550862544.cds011.pa1.shn,1550862544.cds011.pa1.c
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 29811

GET
H2 200 p.js Show response
getsweetchickshere.com/ 0
132 B 50ms
50ms Script
application/javascript 2606:4700:30::681b:961b
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://getsweetchickshere.com/p.js?a=262694&lid=6772&mh=a2JVT1VLUnF0clBYdHJwaXJHT3hSTm9NQlZXeC0xNzc0Mg%3D%3D

Requested by

Host: getsweetchickshere.com
URL: https://getsweetchickshere.com/qeqcpoepizykyce?t=LIHA

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::681b:961b , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /p.js?a=262694&lid=6772&mh=a2JVT1VLUnF0clBYdHJwaXJHT3hSTm9NQlZXeC0xNzc0Mg%3D%3D
pragma: no-cache
cookie: __cfduid=d9c19a96046e7f0c021be618c68de15801550862544; uord=5bbf144cd9cf561281f75c726b457dd1; k=SFMyNTY.g3QAAAAIbQAAAARhdW5xbQAAABZ7IjE5NTcwIjoid0JBYnJQcmdvUiJ9bQAAAANoaWRtAAAAHGtiVU9VS1JxdHJQWHRycGlyR094Uk5vTUJWV3htAAAAAmhsZAADbmlsbQAAAAJyZHQAAAAEZAAKX19zdHJ1Y3RfX2QAGEVsaXhpci5UZGV4LlJvdGF0aW9uRGF0YWQADmNsaWNrZWRfb2ZmZXJzdAAAAABkAAhsYW5kaW5nc2wAAAABYgAAArlqZAALc2Vlbl9vZmZlcnNsAAAAAWIAAD9Iam0AAAAFc3ViXzFkAANuaWxtAAAABXN1Yl8yZAADbmlsbQAAAAd0cmFja2VybQAAAARMSUhBbQAAAAN1bnFtAAAADFZBaG94UGJQYUxJag.XSEf5gqYFm6vyBeEgzFEer0DpOVcQSthV3JpwJxafOA
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: getsweetchickshere.com
referer: https://getsweetchickshere.com/qeqcpoepizykyce?t=LIHA
:scheme: https
:method: GET
Referer: https://getsweetchickshere.com/qeqcpoepizykyce?t=LIHA
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 22 Feb 2019 19:09:04 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
x-permitted-cross-domain-policies: none
status: 200
vary: Accept-Encoding
content-length: 0
x-xss-protection: 1; mode=block
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-download-options: noopen
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 4ad3beb6fe4997f8-FRA
expires: Fri, 22 Feb 2019 23:09:04 GMT

GET
H/1.1 200
OK bg.jpg
t-r-f-k.com/assets/a839d8605434e7a7e3dcac0469d935a7/images/ 121 KB
122 KB 133ms
55ms Image
image/jpeg 116.202.29.204
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t-r-f-k.com/assets/a839d8605434e7a7e3dcac0469d935a7/images/bg.jpg
Requested by: Host: getsweetchickshere.com
URL: https://getsweetchickshere.com/qeqcpoepizykyce?t=LIHA
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 116.202.29.204 Bangalore, India, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.204.29.202.116.clients.your-server.de
Software: /
Resource Hash: a686d49f3fa9c90d45340f0e26975d8299f165f7091bf88a0597e05db49ed4cc

Request headers

Referer: https://getsweetchickshere.com/qeqcpoepizykyce?t=LIHA
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 22 Feb 2019 19:09:04 GMT
Last-Modified: Fri, 15 Feb 2019 10:44:35 GMT
ETag: "5c669813-1e58c"
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,Content-Range
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Content-Length: 124300

GET
H/1.1 200
OK Lato-Regular.ttf
t-r-f-k.com/assets/a839d8605434e7a7e3dcac0469d935a7/fonts/ 117 KB
118 KB 139ms
28ms Font
application/octet-stream 116.202.29.204
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://t-r-f-k.com/assets/a839d8605434e7a7e3dcac0469d935a7/fonts/Lato-Regular.ttf
Requested by: Host: getsweetchickshere.com
URL: https://getsweetchickshere.com/qeqcpoepizykyce?t=LIHA
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 116.202.29.204 Bangalore, India, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.204.29.202.116.clients.your-server.de
Software: /
Resource Hash: 7ae714b63c2c8b940bdd211a0cc678f01168a34eea8aa13c0df25364f29238a7

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://getsweetchickshere.com/qeqcpoepizykyce?t=LIHA
Origin: https://getsweetchickshere.com

Response headers

Date: Fri, 22 Feb 2019 19:09:04 GMT
Last-Modified: Fri, 15 Feb 2019 10:44:35 GMT
ETag: "5c669813-1d584"
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: application/octet-stream
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,Content-Range
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Content-Length: 120196

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Porn Scam (Online)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
getsweetchickshere.com/	1970-01-19 16:18:54	Name: uord Value: 5bbf144cd9cf561281f75c726b457dd1
getsweetchickshere.com/	1970-01-19 07:33:18	Name: k Value: SFMyNTY.g3QAAAAIbQAAAARhdW5xbQAAABZ7IjE5NTcwIjoid0JBYnJQcmdvUiJ9bQAAAANoaWRtAAAAHGtiVU9VS1JxdHJQWHRycGlyR094Uk5vTUJWV3htAAAAAmhsZAADbmlsbQAAAAJyZHQAAAAEZAAKX19zdHJ1Y3RfX2QAGEVsaXhpci5UZGV4LlJvdGF0aW9uRGF0YWQADmNsaWNrZWRfb2ZmZXJzdAAAAABkAAhsYW5kaW5nc2wAAAABYgAAArlqZAALc2Vlbl9vZmZlcnNsAAAAAWIAAD9Iam0AAAAFc3ViXzFkAANuaWxtAAAABXN1Yl8yZAADbmlsbQAAAAd0cmFja2VybQAAAARMSUhBbQAAAAN1bnFtAAAADFZBaG94UGJQYUxJag.XSEf5gqYFm6vyBeEgzFEer0DpOVcQSthV3JpwJxafOA
.getsweetchickshere.com/	1970-01-19 07:33:18	Name: __cfduid Value: d9c19a96046e7f0c021be618c68de15801550862544

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
cdnjs.cloudflare.com
code.jquery.com
cutt.us
getsweetchickshere.com
goo.gl
protect2.fireeye.com
securepubads.g.doubleclick.net
t-r-f-k.com
tpc.googlesyndication.com
up.top4top.net
www.googletagservices.com
104.200.150.207
116.202.29.204
172.217.21.226
205.185.208.52
2606:4700:30::681b:961b
2606:4700::6813:c597
2a00:1450:4001:808::2001
2a00:1450:4001:809::2002
2a00:1450:4001:81b::2002
2a00:1450:4001:821::200e
2a00:1450:4016:80a::2002
2a02:e980:d::a0
91.121.43.227
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
1311e0b478b4378e1ad756d4f3030b7bcf8e897d6de4ee5ab06de668dd931519
258f66116f5fd6502ca63f4c4d27ad268d4ce8bea512be8ce6ddc3d3b5e93272
54f11fd621e5939eb06040298235228ebe3c089d22ecaddc65ed877d1a977c1f
5a1e4f52fbe63e46cd614c298317b6e2146dd44c2ec1a185ac92fccd7236f0e4
6bf788214f0920f04146aa23bc2d8588b55a3e81b5c7f25acc4377b895030979
7ae714b63c2c8b940bdd211a0cc678f01168a34eea8aa13c0df25364f29238a7
80f9e2799f9780309d9df282ae52230a81792d8198505d7163d52dc0a7802229
8fe3fa119255adb5e0c12479331f9e092e85bcff56ab6ecc0510bfa2056b898d
a686d49f3fa9c90d45340f0e26975d8299f165f7091bf88a0597e05db49ed4cc
d58f7e95bf8f6784186de8e32db1ab79e9e3521a17494dfefc8b30e7f4475a73
e08eb5bb46cf75aa30658f3506f3de8c274af04007e1fbf27f175d0db00cdfe1
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

getsweetchickshere.com Open in urlscan Pro 2606:4700:30::681b:961b Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

16 Requests

88 %HTTPS

62 %IPv6

13 Domains

13 Subdomains

11 IPs

5 Countries

1169 kBTransfer

1464 kBSize

3 Cookies

0 Outgoing links

Page URL History

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

6 JavaScript Global Variables

3 Cookies

Indicators

getsweetchickshere.com Open in urlscan Pro
2606:4700:30::681b:961b Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

88 %
HTTPS

62 %
IPv6

13
Domains

13
Subdomains

11
IPs

5
Countries

1169 kB
Transfer

1464 kB
Size

3
Cookies

16 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!