| cdn.jsdelivr.net/npm/bootstrap-icons@1.8.1/font/bootstrap-icons.css | 151.101.129.229 | 200 OK | 11 kB |
URL GET HTTP/2cdn.jsdelivr.net/npm/bootstrap-icons@1.8.1/font/bootstrap-icons.css IP151.101.129.229:443
Requested byhttps://direct.zencloud.lol/?url=VlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX CertificateIssuerGlobalSign nv-sa Subjectjsdelivr.net Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09 ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT
Hash79877fb82de8ca50845081e3c9a201c5 4f6ea69c0e03431ffa1a097a45453b5b3b246d8b af35cc6aba34e5005de77099dfa72d4c1a7715d28ddcec343f48031dc8cb08bc
GET /npm/bootstrap-icons@1.8.1/font/bootstrap-icons.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 1.8.1
x-jsd-version-type: version
etag: W/"13a7e-T26mnA4DQx/6Ggl6RUU7WzskbYs"
content-encoding: br
accept-ranges: bytes
date: Fri, 10 May 2024 06:20:26 GMT
age: 151900
x-served-by: cache-fra-etou8220090-FRA, cache-hel1410025-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 10883
X-Firefox-Spdy: h2
|
|
| cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js | 151.101.129.229 | 200 OK | 24 kB |
URL GET HTTP/2cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js IP151.101.129.229:443
Requested byhttps://direct.zencloud.lol/?url=VlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX CertificateIssuerGlobalSign nv-sa Subjectjsdelivr.net Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09 ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT
File typeJavaScript source, ASCII text, with very long lines (65299) Hash7ccd9d390d31af98110f74f842ea9b32 a85e681624c91a106a514c31eacf80de817b2cc3 f5210fa3e7f0245a4c51eb7f280092c0ef99fdd28c45e17dab8cc5854fdf4fd3
GET /npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://direct.zencloud.lol
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 5.1.3
x-jsd-version-type: version
etag: W/"13131-qF5oFiTJGhBqUUwx6s+A3oF7LMM"
content-encoding: br
accept-ranges: bytes
date: Fri, 10 May 2024 06:20:26 GMT
age: 30861367
x-served-by: cache-fra-eddf8230075-FRA, cache-hel1410023-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 24376
X-Firefox-Spdy: h2
|
|
| cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.min.js | 151.101.129.229 | 200 OK | 18 kB |
URL GET HTTP/3cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.min.js IP151.101.129.229:443
Requested byhttps://direct.zencloud.lol/?url=VlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX CertificateIssuerGlobalSign nv-sa Subjectjsdelivr.net Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09 ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT
File typeJavaScript source, ASCII text, with very long lines (58940) Hash259e416ef6833be43801b8b68a93b008 19080c3b817985336aab5e1ce6925c99803f2efd 70c3d690bdc5ce3b9a1527c46044989a3176e610882fa99f4523e75bc395bcce
GET /npm/bootstrap@5.1.3/dist/js/bootstrap.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://direct.zencloud.lol
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 5.1.3
x-jsd-version-type: version
etag: W/"e753-GQgMO4F5hTNqq14c5pJcmYA/Lv0"
content-encoding: br
accept-ranges: bytes
date: Fri, 10 May 2024 06:20:26 GMT
age: 9330921
x-served-by: cache-fra-etou8220048-FRA, cache-hel1410023-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 17624
X-Firefox-Spdy: h2
|
|
| cdn.jsdelivr.net/npm/@popperjs/core@2.10.2/dist/umd/popper.min.js | 151.101.129.229 | 200 OK | 7.0 kB |
URL GET HTTP/2cdn.jsdelivr.net/npm/@popperjs/core@2.10.2/dist/umd/popper.min.js IP151.101.129.229:443
Requested byhttps://direct.zencloud.lol/?url=VlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX CertificateIssuerGlobalSign nv-sa Subjectjsdelivr.net Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09 ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT
File typeJavaScript source, ASCII text, with very long lines (18706) Hash541aecc95a7faeef0fc27558070f3647 0ec7ca4778ba3ccb4d1b1688094720834fbe9ed3 f395875eb5d58c5128c434812cd0a53d438b11536f7fd1577077d8a5c612e1fd
GET /npm/@popperjs/core@2.10.2/dist/umd/popper.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://direct.zencloud.lol
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 2.10.2
x-jsd-version-type: version
etag: W/"496b-DsfKR3i6PMtNGxaICUcgg0++ntM"
content-encoding: br
accept-ranges: bytes
date: Fri, 10 May 2024 06:20:26 GMT
age: 9330922
x-served-by: cache-fra-etou8220021-FRA, cache-hel1410023-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 6952
X-Firefox-Spdy: h2
|
|
| cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css | 151.101.129.229 | 200 OK | 26 kB |
URL GET HTTP/2cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css IP151.101.129.229:443
Requested byhttps://direct.zencloud.lol/?url=VlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX CertificateIssuerGlobalSign nv-sa Subjectjsdelivr.net Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09 ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT
File typeUnicode text, UTF-8 text, with very long lines (65306) Hash94994c66fec8c3468b269dc0cc242151 ec16bd19bf4ae9bc2e2336ac409a503bbbdaacad 62f74b1cf824a89f03554c638e719594c309b4d8a627a758928c0516fa7890ab
GET /npm/bootstrap@5.1.3/dist/css/bootstrap.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://direct.zencloud.lol
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 5.1.3
x-jsd-version-type: version
etag: W/"28021-7Ba9Gb9K6bwuIzasQJpQO7varK0"
content-encoding: br
accept-ranges: bytes
date: Fri, 10 May 2024 06:20:26 GMT
age: 2081768
x-served-by: cache-fra-etou8220101-FRA, cache-hel1410023-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 26333
X-Firefox-Spdy: h2
|
|
| i0.wp.com/blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgFPs1xOUjnQnlN8mNQhZt_Z8jJGPujHXUyZNhvERiNRcbd9079Z6VMIumnT5Mx-Ou1YKYx37Nb9WQxAChvhtcNxWTRdJD2xSNzKniXfjurs_vPyto585enp4zwSrblKIk6o8cR0DH7CxF-1uBWV-0TL_A_n-n-yuFkjpI0y-QBhQCzQIJ_gf4auly4MQ/s0/photo_2024-01-07_20-36-03.jpg | 192.0.77.2 | 302 Found | 138 B |
URL GET HTTP/2i0.wp.com/blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgFPs1xOUjnQnlN8mNQhZt_Z8jJGPujHXUyZNhvERiNRcbd9079Z6VMIumnT5Mx-Ou1YKYx37Nb9WQxAChvhtcNxWTRdJD2xSNzKniXfjurs_vPyto585enp4zwSrblKIk6o8cR0DH7CxF-1uBWV-0TL_A_n-n-yuFkjpI0y-QBhQCzQIJ_gf4auly4MQ/s0/photo_2024-01-07_20-36-03.jpg IP192.0.77.2:443
Requested byhttps://direct.zencloud.lol/?url=VlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX CertificateIssuerSectigo Limited Subject*.wp.com Fingerprint5D:DB:6E:AA:9E:A8:4A:C3:10:A5:DA:89:DC:1C:BB:D1:87:5F:E1:D2 ValidityTue, 28 Nov 2023 00:00:00 GMT - Sat, 28 Dec 2024 23:59:59 GMT
File typeHTML document, ASCII text, with CRLF line terminators Hashaff950cab4c0265e21d401db15f1026d f03e18461817f7a6546c8bf8fa8d686d7e30aca0 753e0dd54f28c4f7009b9c0b18a68aed175416bd8b7d134858264586eaac56f0
GET /blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgFPs1xOUjnQnlN8mNQhZt_Z8jJGPujHXUyZNhvERiNRcbd9079Z6VMIumnT5Mx-Ou1YKYx37Nb9WQxAChvhtcNxWTRdJD2xSNzKniXfjurs_vPyto585enp4zwSrblKIk6o8cR0DH7CxF-1uBWV-0TL_A_n-n-yuFkjpI0y-QBhQCzQIJ_gf4auly4MQ/s0/photo_2024-01-07_20-36-03.jpg HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx
date: Fri, 10 May 2024 06:20:26 GMT
content-type: text/html
content-length: 138
location: https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgFPs1xOUjnQnlN8mNQhZt_Z8jJGPujHXUyZNhvERiNRcbd9079Z6VMIumnT5Mx-Ou1YKYx37Nb9WQxAChvhtcNxWTRdJD2xSNzKniXfjurs_vPyto585enp4zwSrblKIk6o8cR0DH7CxF-1uBWV-0TL_A_n-n-yuFkjpI0y-QBhQCzQIJ_gf4auly4MQ/s0/photo_2024-01-07_20-36-03.jpg
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| ghastlyejection.com/9e77242938ed4c20d4b8f1c9c1246de6/invoke.js | 172.240.253.132 | 200 OK | 12 kB |
URL GET HTTP/1.1ghastlyejection.com/9e77242938ed4c20d4b8f1c9c1246de6/invoke.js IP172.240.253.132:443
Requested byhttps://direct.zencloud.lol/?url=VlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX CertificateIssuerLet's Encrypt Subjectghastlyejection.com Fingerprint65:2F:32:E2:B0:77:79:80:01:58:74:67:79:B5:76:80:C1:78:5C:09 ValidityTue, 19 Mar 2024 07:22:21 GMT - Mon, 17 Jun 2024 07:22:20 GMT
File typeJavaScript source, ASCII text, with very long lines (31288), with no line terminators Hash443282e6bf4ba50f24069e4dd293cdb4 d2e8e5a38e1a2b6db2c0ae1b10694a1921bfa413 f7cef0449d29a1fd51d93dd05eafd6e0c405c410f2ab6c44391d9b3f0ab4c067
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /9e77242938ed4c20d4b8f1c9c1246de6/invoke.js HTTP/1.1
Host: ghastlyejection.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 06:20:26 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d9e0593336dde98021bbb67295399f4a
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| ghastlyejection.com/d6/c6/9c/d6c69caa54fd5fdaf8def7abe2268296.js | 172.240.253.132 | 200 OK | 28 kB |
URL GET HTTP/1.1ghastlyejection.com/d6/c6/9c/d6c69caa54fd5fdaf8def7abe2268296.js IP172.240.253.132:443
Requested byhttps://direct.zencloud.lol/?url=VlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX CertificateIssuerLet's Encrypt Subjectghastlyejection.com Fingerprint65:2F:32:E2:B0:77:79:80:01:58:74:67:79:B5:76:80:C1:78:5C:09 ValidityTue, 19 Mar 2024 07:22:21 GMT - Mon, 17 Jun 2024 07:22:20 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hashcf677bc2573b749d0a9fa5190560380c 07e2ed46352ab09e6f6d83e362e3bbcb0bd961ba 18fe62c00e3628822d131dfd102b552270dd650767544387e3d3498cfe3d7cbe
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /d6/c6/9c/d6c69caa54fd5fdaf8def7abe2268296.js HTTP/1.1
Host: ghastlyejection.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 06:20:26 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ad861bb1c8803b8ad04f8ffb5931f2c1
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| direct.zencloud.lol/?url=VlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX | 104.21.1.52 | 200 OK | 28 kB |
URL User Request GET HTTP/2direct.zencloud.lol/?url=VlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX IP104.21.1.52:443
CertificateIssuerLet's Encrypt Subjectzencloud.lol FingerprintAF:41:F3:75:A7:7F:B2:21:D8:43:DF:36:AB:67:E2:8D:70:71:B0:55 ValidityWed, 10 Apr 2024 03:44:54 GMT - Tue, 09 Jul 2024 03:44:53 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (486), with CRLF line terminators Hash132e54a564e04b2c6aff61a8fbd14aa8 5d73d7ac8fc766e7e0bb3efed69e216427ec5d21 783b773ecf48e71421232e00afc15a2c2b96b3d93ad3dc7f533a0900cca2daa7
GET /?url=VlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX HTTP/1.1
Host: direct.zencloud.lol
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 06:20:25 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pVwMoWcrz53WCBcsUHX8vePNJ%2FgmHChxHXFnbuRIRrB6QSnumYIs0ngMhHx8qs6qf4l%2BzwYE5mhPLLNYcjEgxVAhpyZTsnES9v8tnVNHeVwmVErfgFyyus09Oj7K2kfhlkGFxKir"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8817d2c40bbf56ba-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdn.jsdelivr.net/npm/@popperjs/core@2.10.2/dist/umd/popper.min.js | 151.101.129.229 | 200 OK | 7.0 kB |
URL GET HTTP/2cdn.jsdelivr.net/npm/@popperjs/core@2.10.2/dist/umd/popper.min.js IP151.101.129.229:443
Requested byhttps://direct.zencloud.lol/?url=VlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX CertificateIssuerGlobalSign nv-sa Subjectjsdelivr.net Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09 ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT
File typeJavaScript source, ASCII text, with very long lines (18706) Hash541aecc95a7faeef0fc27558070f3647 0ec7ca4778ba3ccb4d1b1688094720834fbe9ed3 f395875eb5d58c5128c434812cd0a53d438b11536f7fd1577077d8a5c612e1fd
GET /npm/@popperjs/core@2.10.2/dist/umd/popper.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://direct.zencloud.lol
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 2.10.2
x-jsd-version-type: version
etag: W/"496b-DsfKR3i6PMtNGxaICUcgg0++ntM"
content-encoding: br
accept-ranges: bytes
date: Fri, 10 May 2024 06:20:26 GMT
age: 9330923
x-served-by: cache-fra-etou8220021-FRA, cache-hel1410023-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 6952
X-Firefox-Spdy: h2
|
|
| ocsp.r2m03.amazontrust.com/ | 54.230.218.11 | | 471 B |
URL ocsp.r2m03.amazontrust.com/ IP54.230.218.11:0
Hashc1ae368dfcd18c3fe0a38f18783ecfe1 591b78d8c937af6063def58fa5d376d07e7d005e 58ceb2cb03a41de3ae12171e7359276ed8fcbc1881b071c2783b782667cf124b
POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Fri, 10 May 2024 06:20:26 GMT
Last-Modified: Fri, 10 May 2024 04:37:18 GMT
Server: ECAcc (ska/F6E1)
X-Cache: Miss from cloudfront
Via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: aam72E_x2T-mpWZ7ufrtIWBtWobgh6bhKGZQGdWxeQZl2f1RPSJErw==
Age: 6188
|
|
| ocsp.r2m03.amazontrust.com/ | 54.230.218.11 | | 471 B |
URL ocsp.r2m03.amazontrust.com/ IP54.230.218.11:0
Hashc1ae368dfcd18c3fe0a38f18783ecfe1 591b78d8c937af6063def58fa5d376d07e7d005e 58ceb2cb03a41de3ae12171e7359276ed8fcbc1881b071c2783b782667cf124b
POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Fri, 10 May 2024 06:20:26 GMT
Last-Modified: Fri, 10 May 2024 04:37:18 GMT
Server: ECAcc (ska/F6E1)
X-Cache: Miss from cloudfront
Via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: wtJ7IHBArlAUJ59g_Vhta7FE_z19c_gxlJFxBi1hNQKgi03H8q_Dbw==
Age: 6188
|
|
| proftrafficcounter.com/stats | 52.29.105.35 | 200 OK | 40 B |
URL GET HTTP/2proftrafficcounter.com/stats IP52.29.105.35:443
Requested byhttps://direct.zencloud.lol/?url=VlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX CertificateIssuerAmazon Subjectproftrafficcounter.com FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6 ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT
File typeASCII text, with no line terminators Hashc5f1cb0ade477e3cef42c46317fba8fc 08f95d5e4dd77a9381338b53f1077aa8d7bb22eb f168e1dff16bd82271c5777e2077d2c8885690fac41a31a3ab000050ce66389c
GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://direct.zencloud.lol
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 06:20:26 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://direct.zencloud.lol
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=93b1a16c-0acc-4325-b4fa-3a9784ec94f0:3:1; expires=Mon, 08 May 2034 06:20:26 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
|
|
| proftrafficcounter.com/stats | 52.29.105.35 | 200 OK | 40 B |
URL GET HTTP/2proftrafficcounter.com/stats IP52.29.105.35:443
Requested byhttps://direct.zencloud.lol/?url=VlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX CertificateIssuerAmazon Subjectproftrafficcounter.com FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6 ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT
File typeASCII text, with no line terminators Hash38ab7d236ed5875ba3c77f73cc332f68 01680e0423673b019d8734ee12cb081805fc1c37 9637a603037e0d6df2449d4f5d28afd4aff6e666af0739ebc4fbc8a95cfa0b4e
GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://direct.zencloud.lol
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 06:20:26 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://direct.zencloud.lol
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=7541fd04-40c3-43d9-96f2-dfe8647aa98c:3:1; expires=Mon, 08 May 2034 06:20:26 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
|
|
| cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.min.js | 151.101.129.229 | 200 OK | 18 kB |
URL GET HTTP/3cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.min.js IP151.101.129.229:443
Requested byhttps://direct.zencloud.lol/?url=VlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX CertificateIssuerGlobalSign nv-sa Subjectjsdelivr.net Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09 ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT
File typeJavaScript source, ASCII text, with very long lines (58940) Hash259e416ef6833be43801b8b68a93b008 19080c3b817985336aab5e1ce6925c99803f2efd 70c3d690bdc5ce3b9a1527c46044989a3176e610882fa99f4523e75bc395bcce
GET /npm/bootstrap@5.1.3/dist/js/bootstrap.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://direct.zencloud.lol
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-length: 17624
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 5.1.3
x-jsd-version-type: version
etag: W/"e753-GQgMO4F5hTNqq14c5pJcmYA/Lv0"
content-encoding: br
accept-ranges: bytes
date: Fri, 10 May 2024 06:20:26 GMT
age: 9330922
x-served-by: cache-fra-etou8220048-FRA, cache-hel1410020-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
|
|
| assuretwelfth.com/watch.1687175983570.js?key=9e77242938ed4c20d4b8f1c9c1246de6&kw=%5B%22video%22%2C%22downloader%22%5D&refer=https%3A%2F%2Fdirect.zencloud.lol%2F%3Furl%3DVlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX&tz=0&dev=e&res=14.2071&uuid=7541fd04-40c3-43d9-96f2-dfe8647aa98c%3A3%3A1 | 172.240.108.84 | 307 Temporary Redirect | 0 B |
URL GET HTTP/1.1assuretwelfth.com/watch.1687175983570.js?key=9e77242938ed4c20d4b8f1c9c1246de6&kw=%5B%22video%22%2C%22downloader%22%5D&refer=https%3A%2F%2Fdirect.zencloud.lol%2F%3Furl%3DVlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX&tz=0&dev=e&res=14.2071&uuid=7541fd04-40c3-43d9-96f2-dfe8647aa98c%3A3%3A1 IP172.240.108.84:443
Requested byhttps://direct.zencloud.lol/?url=VlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX CertificateIssuerLet's Encrypt Subjectassuretwelfth.com FingerprintD9:11:36:DE:81:3C:EB:74:03:CF:D9:5E:8C:BD:4E:B1:B8:86:B3:5F ValidityMon, 06 May 2024 08:17:14 GMT - Sun, 04 Aug 2024 08:17:13 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.1687175983570.js?key=9e77242938ed4c20d4b8f1c9c1246de6&kw=%5B%22video%22%2C%22downloader%22%5D&refer=https%3A%2F%2Fdirect.zencloud.lol%2F%3Furl%3DVlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX&tz=0&dev=e&res=14.2071&uuid=7541fd04-40c3-43d9-96f2-dfe8647aa98c%3A3%3A1 HTTP/1.1
Host: assuretwelfth.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://direct.zencloud.lol
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Fri, 10 May 2024 06:20:27 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://direct.zencloud.lol
Access-Control-Allow-Origin: https://direct.zencloud.lol
Access-Control-Allow-Credentials: true
Location: https://assuretwelfth.com/watch.1687175983570.js?dev=e&key=9e77242938ed4c20d4b8f1c9c1246de6&kw=%5B%22video%22%2C%22downloader%22%5D&pst=1715322087&refer=https%3A%2F%2Fdirect.zencloud.lol%2F%3Furl%3DVlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX&res=14.2071&rmtc=t&shu=f840c88bcea758f48182ab089474e61556fefb6778595771b68cdc340efba58fe1ffeb0e0c3e588007b9366053baaaf2633b59414162e78ad0a98ec919ef6a44b36d277fff12defaf6d592347062abfc930f192e72b3717477d5731dd33860f3&tz=0&uuid=7541fd04-40c3-43d9-96f2-dfe8647aa98c%3A3%3A1
Set-Cookie: u_pl=22980864; expires=Sat, 11 May 2024 06:20:27 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjk4MDg2NCwiayI6IjllNzcyNDI5MzhlZDRjMjBkNGI4ZjFjOWMxMjQ2ZGU2Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxMzgxMTE3LCJwaWQiOjE1NjczMiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxLCJhaWQiOjUsInB0Ijo0LCJwayI6InNicGpoNHU1MCIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo3OTk1NDE5NiwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMTY2NzAsImJuIjoiRmlyZWZveCIsImJ2IjoiOTYuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2RpcmVjdC56ZW5jbG91ZC5sb2wvP3VybD1WbGhyUlVkb1RpdFVUemx4VUhoWFlYcDJTRWh6TVZKQlJUWkhRbGhvUmxkMEt5dEJkbEpMT0UxVVNXMWlkbTVKVHpJeEwzSnVXbFY1YlVOYVIwRldTVEp1YzFFclN6TXdXa3RoUkZsNE5ITTJlVVF2WW5CTlJXVXpaR2ROVFRRMmIzb3llRWhJTW5kTFRXcFlWUzlJY0RoMWVGSkxVVVptVUdzNFUwRlRNV2xtTTJoeUwwcHBUWGd4VERCdFkweHRXblZvV1VSRk5TdExaelIxV1VJM0wwUlBaamxHWjFnelZIaEpVMWxoYW5sdlQxaDBNekpCTUU1S1VsVkNZVEZYIiwiYXIiOltdfX0.AyCBVcJg4LTQJaA9wVg8DklyRyLK9qAgVVo8hU0pIKw; expires=Fri, 10 May 2024 06:21:27 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 265a9728b30e0ba42732b20066c17687
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| assuretwelfth.com/watch.1687175983570.js?dev=e&key=9e77242938ed4c20d4b8f1c9c1246de6&kw=%5B%22video%22%2C%22downloader%22%5D&pst=1715322087&refer=https%3A%2F%2Fdirect.zencloud.lol%2F%3Furl%3DVlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX&res=14.2071&rmtc=t&shu=f840c88bcea758f48182ab089474e61556fefb6778595771b68cdc340efba58fe1ffeb0e0c3e588007b9366053baaaf2633b59414162e78ad0a98ec919ef6a44b36d277fff12defaf6d592347062abfc930f192e72b3717477d5731dd33860f3&tz=0&uuid=7541fd04-40c3-43d9-96f2-dfe8647aa98c%3A3%3A1 | 172.240.108.84 | 200 OK | 2.1 kB |
URL GET HTTP/1.1assuretwelfth.com/watch.1687175983570.js?dev=e&key=9e77242938ed4c20d4b8f1c9c1246de6&kw=%5B%22video%22%2C%22downloader%22%5D&pst=1715322087&refer=https%3A%2F%2Fdirect.zencloud.lol%2F%3Furl%3DVlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX&res=14.2071&rmtc=t&shu=f840c88bcea758f48182ab089474e61556fefb6778595771b68cdc340efba58fe1ffeb0e0c3e588007b9366053baaaf2633b59414162e78ad0a98ec919ef6a44b36d277fff12defaf6d592347062abfc930f192e72b3717477d5731dd33860f3&tz=0&uuid=7541fd04-40c3-43d9-96f2-dfe8647aa98c%3A3%3A1 IP172.240.108.84:443
Requested byhttps://direct.zencloud.lol/?url=VlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX CertificateIssuerLet's Encrypt Subjectassuretwelfth.com FingerprintD9:11:36:DE:81:3C:EB:74:03:CF:D9:5E:8C:BD:4E:B1:B8:86:B3:5F ValidityMon, 06 May 2024 08:17:14 GMT - Sun, 04 Aug 2024 08:17:13 GMT
File typeJavaScript source, ASCII text, with very long lines (2637) Hash3eeb51052b40dddb04c55d91b1c98f59 ef86409a059a821a5b027d167162d0421b33d263 43848090096aef0bd04febe558df2c1ec1167429966fbab3486e1121bef343ec
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.1687175983570.js?dev=e&key=9e77242938ed4c20d4b8f1c9c1246de6&kw=%5B%22video%22%2C%22downloader%22%5D&pst=1715322087&refer=https%3A%2F%2Fdirect.zencloud.lol%2F%3Furl%3DVlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX&res=14.2071&rmtc=t&shu=f840c88bcea758f48182ab089474e61556fefb6778595771b68cdc340efba58fe1ffeb0e0c3e588007b9366053baaaf2633b59414162e78ad0a98ec919ef6a44b36d277fff12defaf6d592347062abfc930f192e72b3717477d5731dd33860f3&tz=0&uuid=7541fd04-40c3-43d9-96f2-dfe8647aa98c%3A3%3A1 HTTP/1.1
Host: assuretwelfth.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://direct.zencloud.lol
Referer: https://direct.zencloud.lol/
DNT: 1
Connection: keep-alive
Cookie: u_pl=22980864; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjk4MDg2NCwiayI6IjllNzcyNDI5MzhlZDRjMjBkNGI4ZjFjOWMxMjQ2ZGU2Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxMzgxMTE3LCJwaWQiOjE1NjczMiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxLCJhaWQiOjUsInB0Ijo0LCJwayI6InNicGpoNHU1MCIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo3OTk1NDE5NiwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMTY2NzAsImJuIjoiRmlyZWZveCIsImJ2IjoiOTYuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2RpcmVjdC56ZW5jbG91ZC5sb2wvP3VybD1WbGhyUlVkb1RpdFVUemx4VUhoWFlYcDJTRWh6TVZKQlJUWkhRbGhvUmxkMEt5dEJkbEpMT0UxVVNXMWlkbTVKVHpJeEwzSnVXbFY1YlVOYVIwRldTVEp1YzFFclN6TXdXa3RoUkZsNE5ITTJlVVF2WW5CTlJXVXpaR2ROVFRRMmIzb3llRWhJTW5kTFRXcFlWUzlJY0RoMWVGSkxVVVptVUdzNFUwRlRNV2xtTTJoeUwwcHBUWGd4VERCdFkweHRXblZvV1VSRk5TdExaelIxV1VJM0wwUlBaamxHWjFnelZIaEpVMWxoYW5sdlQxaDBNekpCTUU1S1VsVkNZVEZYIiwiYXIiOltdfX0.AyCBVcJg4LTQJaA9wVg8DklyRyLK9qAgVVo8hU0pIKw
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 06:20:27 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://direct.zencloud.lol
Access-Control-Allow-Origin: https://direct.zencloud.lol
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=7541fd04-40c3-43d9-96f2-dfe8647aa98c:3:1; expires=Fri, 17 May 2024 06:20:27 GMT; secure; SameSite=None
iprc20665b46710c140bfbf351bdc8df461b=3569806; expires=Fri, 10 May 2024 10:20:27 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 11 May 2024 06:20:27 GMT; secure; SameSite=None
uncs=1; expires=Sat, 11 May 2024 06:20:27 GMT; secure; SameSite=None
pdhtkv5=true; expires=Sat, 11 May 2024 06:20:27 GMT; secure; SameSite=None
uncs5=1; expires=Sat, 11 May 2024 06:20:27 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 95974f0abeab76719d0438a8c3d4aa71
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| capaciousdrewreligion.com/advertisers.js | 172.240.108.84 | 200 OK | 0 B |
URL GET HTTP/1.1capaciousdrewreligion.com/advertisers.js IP172.240.108.84:443
Requested byhttps://direct.zencloud.lol/?url=VlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX CertificateIssuerLet's Encrypt Subjectcapaciousdrewreligion.com FingerprintBB:9C:12:88:24:43:D4:47:71:3F:F0:A4:BB:E1:85:65:CE:E7:92:E4 ValidityMon, 06 May 2024 02:35:23 GMT - Sun, 04 Aug 2024 02:35:22 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /advertisers.js HTTP/1.1
Host: capaciousdrewreligion.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 06:20:27 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f41999672d354636dd91dda457938fbd
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| downstairsnegotiatebarren.com/sfp.js | 188.114.96.1 | 200 OK | 57 kB |
URL GET HTTP/2downstairsnegotiatebarren.com/sfp.js IP188.114.96.1:443
Requested byhttps://direct.zencloud.lol/?url=VlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX CertificateIssuerLet's Encrypt Subjectdownstairsnegotiatebarren.com Fingerprint5D:DB:CB:C6:CE:2A:8B:34:7D:BC:43:74:33:1D:5F:77:48:F7:BC:1B ValidityThu, 02 May 2024 21:26:34 GMT - Wed, 31 Jul 2024 21:26:33 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators Hashf4a2f8f9f99541c6f105bbd0a025bd40 1f8e3eff12168fdd9e719adfc098d24a45b6916a b717cb04231a10d425fd55b73c85a5407119c6826a8bac94142fddfff6958716
GET /sfp.js HTTP/1.1
Host: downstairsnegotiatebarren.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 06:20:27 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 11def9d8101dae4171a2747850b25510
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Fri, 10 May 2024 06:20:26 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uvYSrslMecd6%2BFmea3W2B5RgBIl6bGDUdRTaGy9SPV57f2q6YTroLb2e6GMuds8q%2FQt1h7EZaxba56wkaRcc0WFXslHUWXeKPepcQb1BUGPc604gXsAl0e%2BBybKk%2BOqY8jX7sYabvkLc88c3HWXt5Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817d2cc684256b4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdn.cloudimagesb.com/cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png | 45.133.44.10 | 200 OK | 144 kB |
URL GET HTTP/2cdn.cloudimagesb.com/cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png IP45.133.44.10:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://direct.zencloud.lol/?url=VlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX CertificateIssuerLet's Encrypt Subjectcdn.cloudimagesb.com FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0 ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT
File typePNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced Size144 kB (144379 bytes) Hash33c304429dc1a4408a96e6a74ffa2feb c45fa8e65528d1bb2b46bf8a28af9eeaa1903d04 dbed482e5948ead5587d30a22306a5b611305f704de940bd22c76daf90e0a314
GET /cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 06:20:27 GMT
content-type: image/png
content-length: 144379
server: nginx/1.21.6
last-modified: Wed, 27 Jul 2022 11:07:21 GMT
etag: "62e11c69-233fb"
expires: Sun, 12 May 2024 06:20:27 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| unseenreport.com/pxf.gif?uuid=7541fd04-40c3-43d9-96f2-dfe8647aa98c&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=d6c69caa54fd5fdaf8def7abe2268296&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=6 | 192.243.61.225 | 200 OK | 1 B |
URL GET HTTP/1.1unseenreport.com/pxf.gif?uuid=7541fd04-40c3-43d9-96f2-dfe8647aa98c&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=d6c69caa54fd5fdaf8def7abe2268296&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=6 IP192.243.61.225:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://direct.zencloud.lol/?url=VlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX CertificateIssuerLet's Encrypt Subject*.unseenreport.com Fingerprint71:46:15:FD:76:6A:F5:5B:51:06:CC:93:DD:D8:63:E3:8B:10:BF:13 ValidityFri, 22 Mar 2024 07:32:41 GMT - Thu, 20 Jun 2024 07:32:40 GMT
File typevery short file (no magic) Hash93b885adfe0da089cdf634904fd59f71 5ba93c9db0cff93f52b521d7420e43f6eda2784f 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pxf.gif?uuid=7541fd04-40c3-43d9-96f2-dfe8647aa98c&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=d6c69caa54fd5fdaf8def7abe2268296&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=6 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 06:20:28 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 95d2640f59c9c301ff03e701a23bad40
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgFPs1xOUjnQnlN8mNQhZt_Z8jJGPujHXUyZNhvERiNRcbd9079Z6VMIumnT5Mx-Ou1YKYx37Nb9WQxAChvhtcNxWTRdJD2xSNzKniXfjurs_vPyto585enp4zwSrblKIk6o8cR0DH7CxF-1uBWV-0TL_A_n-n-yuFkjpI0y-QBhQCzQIJ_gf4auly4MQ/s0/photo_2024-01-07_20-36-03.jpg | 142.250.74.97 | 200 OK | 30 kB |
URL GET HTTP/2blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgFPs1xOUjnQnlN8mNQhZt_Z8jJGPujHXUyZNhvERiNRcbd9079Z6VMIumnT5Mx-Ou1YKYx37Nb9WQxAChvhtcNxWTRdJD2xSNzKniXfjurs_vPyto585enp4zwSrblKIk6o8cR0DH7CxF-1uBWV-0TL_A_n-n-yuFkjpI0y-QBhQCzQIJ_gf4auly4MQ/s0/photo_2024-01-07_20-36-03.jpg IP142.250.74.97:443
Requested byhttps://direct.zencloud.lol/?url=VlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX CertificateIssuerGoogle Trust Services LLC Subject*.googleusercontent.com Fingerprint7B:64:D0:4F:29:87:0A:A8:90:15:F1:9F:B6:8F:FB:D6:AC:D2:76:56 ValidityTue, 16 Apr 2024 04:13:47 GMT - Tue, 09 Jul 2024 04:13:46 GMT
File typeJPEG image data, JFIF standard 1.02, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=4, orientation=upper-left, software=Google], progressive, precision 8, 1230x341, components 3 Hash0d27ed7ac40c261dfd376a1f7b08f15d 19f80adb4411466812b1b557a73ce56bec1d46ae 03ff475ebb83e9d1257919fec1ae6119d414fe655b4d143ecba2ce112ae912eb
GET /img/b/R29vZ2xl/AVvXsEgFPs1xOUjnQnlN8mNQhZt_Z8jJGPujHXUyZNhvERiNRcbd9079Z6VMIumnT5Mx-Ou1YKYx37Nb9WQxAChvhtcNxWTRdJD2xSNzKniXfjurs_vPyto585enp4zwSrblKIk6o8cR0DH7CxF-1uBWV-0TL_A_n-n-yuFkjpI0y-QBhQCzQIJ_gf4auly4MQ/s0/photo_2024-01-07_20-36-03.jpg HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://direct.zencloud.lol/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/jpeg
vary: Origin
access-control-expose-headers: Content-Length
etag: "v1978"
expires: Sat, 11 May 2024 06:20:27 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="photo_2024-01-07_20-36-03.jpg"
x-content-type-options: nosniff
date: Fri, 10 May 2024 06:20:27 GMT
server: fife
content-length: 29812
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| direct.zencloud.lol/favicon.ico | 104.21.1.52 | 404 Not Found | 708 B |
URL GET HTTP/3direct.zencloud.lol/favicon.ico IP104.21.1.52:443
Requested byhttps://direct.zencloud.lol/?url=VlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX CertificateIssuerLet's Encrypt Subjectzencloud.lol FingerprintAF:41:F3:75:A7:7F:B2:21:D8:43:DF:36:AB:67:E2:8D:70:71:B0:55 ValidityWed, 10 Apr 2024 03:44:54 GMT - Tue, 09 Jul 2024 03:44:53 GMT
File typeHTML document, ASCII text, with very long lines (739), with no line terminators Hash9a088ded79e56cc72e737869c04f755f 1431a084bae06f9a31fc4f1f9c87887be8f64b2d 768cb8655c2f2a1c7d68551a7e858fe3f13e2101172c4898638a2240b5b25ad2
GET /favicon.ico HTTP/1.1
Host: direct.zencloud.lol
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/?url=VlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=7541fd04-40c3-43d9-96f2-dfe8647aa98c%3A3%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 404 Not Found
date: Fri, 10 May 2024 06:20:27 GMT
content-type: text/html
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=muCTCAXNPQuNhy5F2I2cYGkDmEoeYfiqF%2F3B39vSWjD6XPBrTR66%2F7mzG%2FFOOx2M4rDixoAqDuJf2u39P2NwCu8klX3pc84Nf4umWGGhSJm%2B1Dw5R0b0Xj7eJ3NdtCwSR026%2FWTp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817d2cdfaf80b3d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|