yoursexymen.com
Open in
urlscan Pro
46.161.31.34
Malicious Activity!
Public Scan
Effective URL: https://yoursexymen.com/?u=775wwwr&o=e66p9zh&t=48332&cid=1027d5ab47490590aa1559345844c8
Submission: On May 28 via automatic, source certstream-suspicious
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on May 8th 2020. Valid for: 3 months.
This is the only time yoursexymen.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Porn Scam (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 91.197.228.193 91.197.228.193 | 29017 (GYRON ====) (GYRON ====) | |
1 | 107.178.242.109 107.178.242.109 | 15169 (GOOGLE) (GOOGLE) | |
2 | 205.185.216.10 205.185.216.10 | 20446 (HIGHWINDS3) (HIGHWINDS3) | |
2 2 | 18.195.71.253 18.195.71.253 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 18.235.78.3 18.235.78.3 | 14618 (AMAZON-AES) (AMAZON-AES) | |
1 16 | 46.161.31.34 46.161.31.34 | 209813 (FASTCONTENT) (FASTCONTENT) | |
1 | 2a00:1450:400... 2a00:1450:4001:814::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:820::2003 | 15169 (GOOGLE) (GOOGLE) | |
1 | 185.50.248.253 185.50.248.253 | 209813 (FASTCONTENT) (FASTCONTENT) | |
22 | 7 |
ASN29017 (GYRON ====, GB)
PTR: 193-228-197-91.ldn.kgix.net
www.gaysirno-usa.coronavirustips.online |
ASN15169 (GOOGLE, US)
PTR: 109.242.178.107.bc.googleusercontent.com
t.bawafx.com |
ASN20446 (HIGHWINDS3, US)
PTR: map2.hwcdn.net
ckstatic.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-71-253.eu-central-1.compute.amazonaws.com
a.vfghd.com |
ASN14618 (AMAZON-AES, US)
PTR: ec2-18-235-78-3.compute-1.amazonaws.com
s.slext.link |
Apex Domain Subdomains |
Transfer | |
---|---|---|
16 |
yoursexymen.com
1 redirects
yoursexymen.com |
776 KB |
2 |
vfghd.com
2 redirects
a.vfghd.com |
2 KB |
2 |
ckstatic.com
ckstatic.com |
14 KB |
1 |
tdsjsext3.com
tdsjsext3.com |
925 B |
1 |
gstatic.com
fonts.gstatic.com |
14 KB |
1 |
googleapis.com
fonts.googleapis.com |
475 B |
1 |
slext.link
s.slext.link |
2 KB |
1 |
bawafx.com
t.bawafx.com |
3 KB |
1 |
coronavirustips.online
1 redirects
www.gaysirno-usa.coronavirustips.online |
268 B |
22 | 9 |
Domain | Requested by | |
---|---|---|
16 | yoursexymen.com |
1 redirects
s.slext.link
yoursexymen.com |
2 | a.vfghd.com | 2 redirects |
2 | ckstatic.com |
t.bawafx.com
s.slext.link |
1 | tdsjsext3.com |
yoursexymen.com
|
1 | fonts.gstatic.com |
yoursexymen.com
|
1 | fonts.googleapis.com |
yoursexymen.com
|
1 | s.slext.link |
t.bawafx.com
|
1 | t.bawafx.com | |
1 | www.gaysirno-usa.coronavirustips.online | 1 redirects |
22 | 9 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
t.bawafx.com GTS CA 1D2 |
2020-04-10 - 2020-07-09 |
3 months | crt.sh |
ckstatic.com Let's Encrypt Authority X3 |
2020-04-15 - 2020-07-14 |
3 months | crt.sh |
*.frtaya.com Let's Encrypt Authority X3 |
2020-05-26 - 2020-08-24 |
3 months | crt.sh |
yoursexymen.com Let's Encrypt Authority X3 |
2020-05-08 - 2020-08-06 |
3 months | crt.sh |
upload.video.google.com GTS CA 1O1 |
2020-05-05 - 2020-07-28 |
3 months | crt.sh |
*.gstatic.com GTS CA 1O1 |
2020-05-05 - 2020-07-28 |
3 months | crt.sh |
tdsjsext3.com Let's Encrypt Authority X3 |
2020-03-24 - 2020-06-22 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://yoursexymen.com/?u=775wwwr&o=e66p9zh&t=48332&cid=1027d5ab47490590aa1559345844c8
Frame ID: FEF83C8B09E5293A8C0D3EA761A04DF7
Requests: 22 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://www.gaysirno-usa.coronavirustips.online/
HTTP 301
https://t.bawafx.com/cvhdmf4zcw?url_id=0&aff_id=126279&offer_id=4080&bo=2772,2771,2770,2769,2768 Page URL
-
https://a.vfghd.com/4b34bff2-3902-412d-b835-96ba8b317c78?subID1=&affiliateID=48332&source=102f23...
HTTP 302
http://a.vfghd.com/6ddcb568-f1a8-4cfb-b7ad-522fd0f97737?subID1=&affiliateID=48332&source=102f23... HTTP 302
https://s.slext.link/48332/6104/0?aff_sub=&aff_sub2=126279&aff_sub3=wua1hbisnraepecv1bgj6t02&sour... Page URL
-
http://yoursexymen.com/?u=775wwwr&o=e66p9zh&t=48332&cid=1027d5ab47490590aa1559345844c8
HTTP 301
https://yoursexymen.com/?u=775wwwr&o=e66p9zh&t=48332&cid=1027d5ab47490590aa1559345844c8 Page URL
Detected technologies
Nginx (Web Servers) ExpandDetected patterns
- headers server /nginx(?:\/([\d.]+))?/i
animate.css (Web Frameworks) Expand
Detected patterns
- html /<link [^>]+(?:\/([\d.]+)\/)?animate\.(?:min\.)?css/i
Google Cloud (CDN) Expand
Detected patterns
- headers via /^1\.1 google$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://www.gaysirno-usa.coronavirustips.online/
HTTP 301
https://t.bawafx.com/cvhdmf4zcw?url_id=0&aff_id=126279&offer_id=4080&bo=2772,2771,2770,2769,2768 Page URL
-
https://a.vfghd.com/4b34bff2-3902-412d-b835-96ba8b317c78?subID1=&affiliateID=48332&source=102f23e42f8cc3a047b66c47f43312&subID2=126279&Bnr=%7Bbnr%7D
HTTP 302
http://a.vfghd.com/6ddcb568-f1a8-4cfb-b7ad-522fd0f97737?subID1=&affiliateID=48332&source=102f23e42f8cc3a047b66c47f43312&subID2=126279&bnr=%7Bbnr%7D&cid=w183idfgtr4toecvhtcorlh6 HTTP 302
https://s.slext.link/48332/6104/0?aff_sub=&aff_sub2=126279&aff_sub3=wua1hbisnraepecv1bgj6t02&source=102f23e42f8cc3a047b66c47f43312&bo=2772,2771,2770,2769,2768 Page URL
-
http://yoursexymen.com/?u=775wwwr&o=e66p9zh&t=48332&cid=1027d5ab47490590aa1559345844c8
HTTP 301
https://yoursexymen.com/?u=775wwwr&o=e66p9zh&t=48332&cid=1027d5ab47490590aa1559345844c8 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://www.gaysirno-usa.coronavirustips.online/ HTTP 301
- https://t.bawafx.com/cvhdmf4zcw?url_id=0&aff_id=126279&offer_id=4080&bo=2772,2771,2770,2769,2768
- https://a.vfghd.com/4b34bff2-3902-412d-b835-96ba8b317c78?subID1=&affiliateID=48332&source=102f23e42f8cc3a047b66c47f43312&subID2=126279&Bnr=%7Bbnr%7D HTTP 302
- http://a.vfghd.com/6ddcb568-f1a8-4cfb-b7ad-522fd0f97737?subID1=&affiliateID=48332&source=102f23e42f8cc3a047b66c47f43312&subID2=126279&bnr=%7Bbnr%7D&cid=w183idfgtr4toecvhtcorlh6 HTTP 302
- https://s.slext.link/48332/6104/0?aff_sub=&aff_sub2=126279&aff_sub3=wua1hbisnraepecv1bgj6t02&source=102f23e42f8cc3a047b66c47f43312&bo=2772,2771,2770,2769,2768
22 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
cvhdmf4zcw
t.bawafx.com/ Redirect Chain
|
2 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
history.js
ckstatic.com/js/historyjs/ |
23 KB 7 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
0
s.slext.link/48332/6104/ Redirect Chain
|
2 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
history.js
ckstatic.com/js/historyjs/ |
23 KB 7 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
Cookie set
/
yoursexymen.com/ Redirect Chain
|
5 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
animate.min.css
yoursexymen.com/media/gay-dating/casualyellow/ |
52 KB 52 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
yoursexymen.com/media/gay-dating/casualyellow/ |
16 KB 17 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
js.cookie12.js
yoursexymen.com/cookie/ |
4 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utils-gd.js
yoursexymen.com/util/ |
5 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
script.min.js
yoursexymen.com/media/gay-dating/casualyellow/ |
253 KB 254 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bbg.js
yoursexymen.com/media/ |
1 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
767 B 475 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
no.png
yoursexymen.com/media/gay-dating/casualyellow/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
yes.png
yoursexymen.com/media/gay-dating/casualyellow/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1.jpg
yoursexymen.com/media/gay-dating/casualyellow/ |
94 KB 94 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pattern.png
yoursexymen.com/media/gay-dating/casualyellow/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
2.jpg
yoursexymen.com/media/gay-dating/casualyellow/ |
126 KB 126 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
3.jpg
yoursexymen.com/media/gay-dating/casualyellow/ |
101 KB 101 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
4.jpg
yoursexymen.com/media/gay-dating/casualyellow/ |
102 KB 103 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
S6uyw4BMUTPHjx4wXiWtFCc.woff2
fonts.gstatic.com/s/lato/v16/ |
14 KB 14 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
alert.mp3
yoursexymen.com/media/gay-dating/casualyellow/ |
2 KB 3 KB |
XHR
audio/mpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
getextparams
tdsjsext3.com/ExtService.svc/ |
626 B 925 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Porn Scam (Online)29 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| getBackendParams number| exDays boolean| validNavigation function| wireUpEvents function| Cookies function| docReady function| getParameterByName function| languageDetection function| writeLocation object| geoRefData function| showLocation function| getCookie function| getBackendParamsByName function| addSessionId function| changeTitle function| $ function| jQuery function| faviconPulse string| sMobile string| sDesktop function| isMobileDevice string| sound boolean| PreventBb string| curX string| nextX function| getUrlParameter function| getUrlWithParam1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
yoursexymen.com/ | Name: sid Value: t4~raughl2zteagtzfgjv30fnjo |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
a.vfghd.com
ckstatic.com
fonts.googleapis.com
fonts.gstatic.com
s.slext.link
t.bawafx.com
tdsjsext3.com
www.gaysirno-usa.coronavirustips.online
yoursexymen.com
107.178.242.109
18.195.71.253
18.235.78.3
185.50.248.253
205.185.216.10
2a00:1450:4001:814::200a
2a00:1450:4001:820::2003
46.161.31.34
91.197.228.193
036d841b132c14046e26d8f2da1bc634c6ad34885ed1295660694a91c98933a6
2324fa2acc1382ed8b1306e981e5c2273e57a0532efd1d6a5a0a4a0aab22d045
2b5fc448b0760f826e74420bdb4379e0038ba30ea47809ae778853932e7c6d8f
552b84ec5b2e3d951b9f5307c96eb350fd5cadf0a3c3d62715ca396ab23d6cbc
5cbc28ef1cf07ab8956014b581aa2b96baac861237975813702e63c886b0c004
67a6dc7e24f4a3c142724bb37a358037538befb731478c33d58f236ba836ed78
684acaeede1ee1c725c633bf9e40755f4e5c6cb2eb12be8c9c987a52db6a3d19
6884d0abf0c48c95ff240d122de7d06a12c48fbf0a92a446bd24eaeb7fecb0c5
6bfdecff876226c1e233f71e7b0b1a6e0eb238281a52156c39f051691dd88a43
81b45bad7643212cb8be56cf571945cad2c469dd5eeb5575335a7d2de1b617d4
847114c72993c1a2198bc005e59e44b9888f28550849997cb900ea8d743fb047
8584fe45b7f9ed22225e0461207a52dcf8ee9150272b49d781c0ad34a902488a
8fe3fa119255adb5e0c12479331f9e092e85bcff56ab6ecc0510bfa2056b898d
937b56fed15e05e9c90f278f2bef06f3969f3333a0b0d8be998ab22a13f9d673
9e564c40e93cda0a49bc0f9f46538d95fe7343c56f3c5ed63fa0c35911163dd3
aa5d1b6067126f0258e1eb7d49c12332eada6e0faa6d12780c5c7cceb7c2917b
b4723b5b14abe7a2062b65bf79b4d5d1e575e786a439e61ff95a38e7e9e140e9
cd7503f00f66d4dec518654e7a359ed02b22f358014d6de2ccf67049e9ebb7cc
ed53b06e744ea54cf80280e723b23eeecb8779208fb7b3e36242f29d392539a7
feb79b7a40fa872e4917af704e5588b698b0699ab2d0cd5d0e00eb0c5ba31d95
fedd7527d1cceee3052bf4bb62e76d56e8200a115d8a2affae23a125578b7ad1