Report - bitly.ws/Gbq4

Report Overview

Submitted URL
bitly.ws/Gbq4
IP
185.11.100.204
ASN
#29522 Cyber_Folks S.A.
Submitted
2024-05-04 08:32:50
Access
public
Website Title
Zip | URL Shortener
Final URL
zip.lu/?banned=1
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
52

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.paypalobjects.com	1467	2005-05-12	2012-05-30	2024-05-02	429 B	703 B	192.229.221.25
downstairsnegotiatebarren.com	unknown	2024-03-04	2024-03-04	2024-05-03	401 B	34 kB	188.114.97.1
ravekeptarose.com	unknown	unknown	No data	No data	16 kB	56 kB	192.243.59.13
cdn.cloudimagesb.com	23099	2020-10-06	2021-02-12	2024-05-03	2.8 kB	279 kB	45.133.44.10
gluttonydressed.com	unknown	unknown	No data	No data	477 B	467 B	172.240.127.234
www.googletagmanager.com	75	2011-11-11	2013-05-22	2024-05-03	415 B	247 kB	142.250.74.40
zip.lu	unknown	unknown	2016-07-06	2023-09-22	4.6 kB	58 kB	185.11.100.204
pl22826180.profitablegatecpm.com	unknown	2024-02-05	2024-03-26	2024-04-16	440 B	11 kB	192.243.61.225
landings-cdn.adsterratech.com	unknown	2015-03-02	2022-07-07	2024-04-03	458 B	91 kB	142.0.204.220
www.topcreativeformat.com	unknown	2023-11-21	2023-11-22	2024-05-01	866 B	25 kB	172.240.108.76
threeinvincible.com	unknown	2024-04-30	2024-05-02	2024-05-02	2.3 kB	5.7 kB	172.240.253.132
fundingchoicesmessages.google.com	2397	1997-09-15	2019-01-16	2024-05-02	429 B	25 kB	216.58.211.14
gobreadthpopcorn.com	unknown	2024-04-29	2024-04-30	2024-05-03	2.3 kB	5.7 kB	172.240.108.84
unseenreport.com	unknown	2022-03-30	2022-03-30	2024-05-03	725 B	423 B	192.243.61.227
bitly.ws	365777	2018-01-01	2018-04-13	2024-04-25	958 B	94 kB	185.11.100.204
ocsp.r2m03.amazontrust.com	unknown	2007-05-11	2023-02-21	2024-05-03	338 B	942 B	143.204.53.97
proftrafficcounter.com	unknown	2023-11-16	2023-11-21	2024-05-03	826 B	826 B	18.185.9.67

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-04	medium	zip.lu	Sinkholed
2024-05-04	medium	zip.lu	Sinkholed
2024-05-04	medium	zip.lu	Sinkholed
2024-05-04	medium	zip.lu	Sinkholed
2024-05-04	medium	zip.lu	Sinkholed
2024-05-04	medium	zip.lu	Sinkholed
2024-05-04	medium	zip.lu	Sinkholed
2024-05-04	medium	zip.lu	Sinkholed
2024-05-04	medium	threeinvincible.com	Sinkholed
2024-05-04	medium	gobreadthpopcorn.com	Sinkholed
2024-05-04	medium	threeinvincible.com	Sinkholed
2024-05-04	medium	gobreadthpopcorn.com	Sinkholed
2024-05-04	medium	ravekeptarose.com	Sinkholed
2024-05-04	medium	ravekeptarose.com	Sinkholed
2024-05-04	medium	ravekeptarose.com	Sinkholed
2024-05-04	medium	ravekeptarose.com	Sinkholed
2024-05-04	medium	ravekeptarose.com	Sinkholed
2024-05-04	medium	ravekeptarose.com	Sinkholed
2024-05-04	medium	gluttonydressed.com	Sinkholed
2024-05-04	medium	ravekeptarose.com	Sinkholed
2024-05-04	medium	ravekeptarose.com	Sinkholed
2024-05-04	medium	ravekeptarose.com	Sinkholed
2024-05-04	medium	ravekeptarose.com	Sinkholed
2024-05-04	medium	zip.lu	Sinkholed
2024-05-04	medium	unseenreport.com	Sinkholed
2024-05-04	medium	zip.lu	Sinkholed

ThreatFox

No alerts detected

JavaScript (28)

	URL	Size	First Seen	Last Seen
	zip.lu/?banned=1	158 B	2023-12-29	2024-05-19
Pretty URL zip.lu/?banned=1 IP 185.11.100.204 ASN #29522 Cyber_Folks S.A. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-29 08:38:24 Last Seen2024-05-19 09:57:58 Times Seen44 Hash e2171717aacde6f9cef85e4e87f10e62 43ba3696cdc3c063250c6a1355b58c2e5ddeb388 0b92cbfe6dce4f0f76ed2d385a9009f91ba7d37faecdca9fa7735095cc166ac0 Loading...

	zip.lu/js/adframe.js	16 B	2023-03-07	2024-05-19
Pretty URL zip.lu/js/adframe.js IP 185.11.100.204 ASN #29522 Cyber_Folks S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18:41 Last Seen2024-05-19 09:57:59 Times Seen398 Hash 760222d2e529d3e84eb01378cfc46e2e f789f3c0007640b5549fca2710cf3da500b95e86 0059cb4ff0a271382c38af8a7367aaf45cbeb31449637d3928d25317401e2828 Loading...

	pagead2.googlesyndication.com/pagead/js/adsbygoogle.js	1.6 kB	2023-05-06	2024-05-23
Pretty URL pagead2.googlesyndication.com/pagead/js/adsbygoogle.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-06 01:21:43 Last Seen2024-05-23 07:05:03 Times Seen21641 Hash 2e9e391ad98fbe1b2de0b7b4fa9ca904 21d7771223e8286a06ad878af425094a40de32b5 1468d954f25ab75355f3c0f42cd9c84efd64a67922c47d3b69bdb6d0eb399e69 Loading...

	unknown	145 B	2024-03-26	2024-05-19
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-26 01:45:32 Last Seen2024-05-19 09:57:58 Times Seen34 Hash f21e79189dbf24bcfc96766c51c39b95 c3ca59be0bfb49b8dae005a1682a16ab256c7560 7a3f523acb8306f5748e772f8ce97105abf172ca8f0c904f33f6987e3e5e3198 Loading...

	unknown	3.3 kB	2024-05-04	2024-05-04
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 10:32:56 Last Seen2024-05-04 10:32:56 Times Seen1 Hash ea8deb9577df21a0f9582e0bd8a2919d 093150e076d7dc4fe06a23794d4aabd014c40a2b c75c5183203e6fd3086a5cc7f999e46b2f0b5e0415d3a09530def27f6e42d94c Loading...

	ravekeptarose.com/78/66/ea/7866ead300fcf9e425beaf01fe308949.js	84 kB	2024-05-04	2024-05-04
Pretty URL ravekeptarose.com/78/66/ea/7866ead300fcf9e425beaf01fe308949.js IP 192.243.59.13 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 10:32:56 Last Seen2024-05-04 10:32:57 Times Seen2 Hash 60829db93297537e976edce9b9fad2cd cd3376a44f53ca1a29b72d55a3225bb103798899 9cfce3b8f537f56a305a83a1870c8169dbe6f10f2a6e7740b1b764581ba6eef9 Loading...

	zip.lu/?banned=1	162 B	2023-12-29	2024-05-19
Pretty URL zip.lu/?banned=1 IP 185.11.100.204 ASN #29522 Cyber_Folks S.A. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-29 08:38:24 Last Seen2024-05-19 09:57:58 Times Seen44 Hash 56462d0b896d498b410c38451babc53b ac4fabda549e9c2299c8871c724e7c20fe98267f 68b133d98713866d41cc2a4b2e8a779041106fd7be66bd34844bf825028f4f0f Loading...

	zip.lu/?banned=1	429 B	2023-03-07	2024-05-23
Pretty URL zip.lu/?banned=1 IP 185.11.100.204 ASN #29522 Cyber_Folks S.A. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 14:02:48 Last Seen2024-05-23 10:16:46 Times Seen1528 Hash eafaa0be830db11da3770638100b686f db325dc427493ed0c2988ef229573b7093425466 96adbda6f380d09bfd780e4143e165a48037b43421d3964980a4343aedc644ab Loading...

	www.googletagmanager.com/gtag/js?id=G-8Q1W6PKNCX	246 kB	2024-05-04	2024-05-04
Pretty URL www.googletagmanager.com/gtag/js?id=G-8Q1W6PKNCX IP 142.250.74.40 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 10:32:56 Last Seen2024-05-04 10:32:57 Times Seen2 Hash 02b8805c01eaf4da38723c19b240761d 94744a949bb6368706572cd56de9f02a4d2c8c1c 1012863e0fdee6938182a395b2bed48f51f77962b2efdc321d153e356762f979 Loading...

	downstairsnegotiatebarren.com/sfp.js	86 kB	2024-03-29	2024-05-17
Pretty URL downstairsnegotiatebarren.com/sfp.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 13:13:34 Last Seen2024-05-17 14:49:08 Times Seen3553 Hash f4a2f8f9f99541c6f105bbd0a025bd40 1f8e3eff12168fdd9e719adfc098d24a45b6916a b717cb04231a10d425fd55b73c85a5407119c6826a8bac94142fddfff6958716 Loading...

	zip.lu/?banned=1	25 B	2023-03-08	2024-05-19
Pretty URL zip.lu/?banned=1 IP 185.11.100.204 ASN #29522 Cyber_Folks S.A. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 23:04:05 Last Seen2024-05-19 09:57:58 Times Seen119 Hash 1427fb2f549ac96d4f0e885993d3b40f 6a355726d3939081aa39ce7eb406a55d45181f24 0fbaf8209057a6df7d107a22189b5892bc1edc1f73b1f5428a8977e66e3f95e4 Loading...

	pl22826180.profitablegatecpm.com/172d9680245553e8052aafbe1bd64a13/invoke.js	27 kB	2024-05-04	2024-05-04
Pretty URL pl22826180.profitablegatecpm.com/172d9680245553e8052aafbe1bd64a13/invoke.js IP 192.243.61.225 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 10:32:56 Last Seen2024-05-04 10:32:57 Times Seen2 Hash ae9ae6b3c773fe152305dae4a06be7de 67c0b43293b49f374cebec1c7c1f0ee1a4cc9576 37607619e5d6f402d95f697f6aa739f941272af2debb60025a195abf9babebb9 Loading...

	unknown	145 B	2024-04-16	2024-05-19
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-16 15:12:45 Last Seen2024-05-19 09:57:58 Times Seen30 Hash daf8d2c9b90ad6cec0ebb9349b91a45c 0642a4a6468012dd728122226d2eb14adf1116eb 249557d780ab8f0d4d5d3c5fc2c39cf39b060ed6687d822937669fc6b738f25e Loading...

	unknown	3.3 kB	2024-05-04	2024-05-04
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 10:32:56 Last Seen2024-05-04 10:32:56 Times Seen1 Hash adddfe33da941485e4e7365f8da059c5 bceaf616a15abae3ce43a70be88cef242675b6b1 e95cc0e21da12f5e3c52d4ac540e31928f3fbe2916740362ba9ce373c5f2178c Loading...

	fundingchoicesmessages.google.com/i/pub-2614556310778759?ers=1	23 kB	2024-05-04	2024-05-10
Pretty URL fundingchoicesmessages.google.com/i/pub-2614556310778759?ers=1 IP 216.58.211.14 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 03:54:33 Last Seen2024-05-10 04:19:39 Times Seen17 Hash 9754c2080bd6eeb50a177d8fe467af8a c3afa9beb46d62d62d599bc3d7525d7ebceb1268 9b652fa53b5c1a8e0eeea48d657d83d1bb0c3f0305b61d31f885dfb8cb0f8ba7 Loading...

	zip.lu/sandbox%20eval%20code	128 B	2023-05-06	2024-05-23
Pretty URL zip.lu/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-05-06 01:21:43 Last Seen2024-05-23 07:05:03 Times Seen21785 Hash 23c336606ee3a6d444b305153fa0e2e2 473a2111970ae2a94b373e656d20c4bd4184d703 305375d5052f6a14434d2d338f852f0f4f04fb26495f88a5d62b6afde2e2cc60 Loading...

	zip.lu/?banned=1	139 B	2023-03-08	2024-05-19
Pretty URL zip.lu/?banned=1 IP 185.11.100.204 ASN #29522 Cyber_Folks S.A. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 23:04:05 Last Seen2024-05-19 09:57:58 Times Seen116 Hash 823be5a9c0f24749f43b86566f77a14b bf5f7bd2719df6c9e0f947ab6aedda322f4146e7 b8a0d1db414563caff84583ba167c841e703ad08f909b38f852e6c3e29212749 Loading...

	www.topcreativeformat.com/6dc3a27552b5aedfb96aeaa00aa1c37b/invoke.js	31 kB	2024-05-02	2024-05-04
Pretty URL www.topcreativeformat.com/6dc3a27552b5aedfb96aeaa00aa1c37b/invoke.js IP 172.240.108.76 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 06:45:23 Last Seen2024-05-04 10:32:57 Times Seen4 Hash ba5e57282e49f35bbc4fb8ef3cbeac95 7c67ded7953fd3cd51dccdf45ce06648863ebffe 72a2e3d91546e063b101c83408cb3996f2386c2ee519f96780cc22b573983f07 Loading...

	zip.lu/?banned=1	288 B	2024-03-26	2024-05-19
Pretty URL zip.lu/?banned=1 IP 185.11.100.204 ASN #29522 Cyber_Folks S.A. Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-26 01:45:32 Last Seen2024-05-19 09:57:58 Times Seen34 Hash 144182c3ec7831d18e2c274c89447882 bad8ff287f93bfbb5fcc4460e4cb0513f57bfe29 cd479d93f5a86092e83334d5798624273bd64dc22669c535d13975fb9f4c8f08 Loading...

	zip.lu/?banned=1	287 B	2024-04-16	2024-05-19
Pretty URL zip.lu/?banned=1 IP 185.11.100.204 ASN #29522 Cyber_Folks S.A. Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-16 15:12:46 Last Seen2024-05-19 09:57:58 Times Seen30 Hash c476dfcc7ccffbc3b926b30bd70864e8 4ff18fad8515676c7479993924ce1c8a1879d752 611dbbba80df17837ab416c027716f42b87c22097db100d6d542ad9bcf9fa246 Loading...

	unknown	196 B	2024-03-26	2024-05-19
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-26 01:45:31 Last Seen2024-05-19 09:57:58 Times Seen31 Hash 8613f227c34a344219873f805fd1f3d0 9e9db017a412162287aa13af94fd24141452fb4c 64c2845767e6b7cdd73807f7fbfc5f6ef1bb7f9ed3e07a067b6a0defbc6435d2 Loading...

	unknown	196 B	2024-04-16	2024-05-19
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-16 15:12:44 Last Seen2024-05-19 09:57:58 Times Seen20 Hash 9d1e7befddc07d8f8470fe8baeb8e5f4 4b2476acac084b9d5ca1161c4fec54689bd71273 4e1942df509e84b6c09608fab2b70199d500981449f7e4ac6ee68d637f9de91a Loading...

	www.topcreativeformat.com/fb87135eb1bdee211d55a6d31f28b1bc/invoke.js	31 kB	2024-05-04	2024-05-04
Pretty URL www.topcreativeformat.com/fb87135eb1bdee211d55a6d31f28b1bc/invoke.js IP 172.240.108.76 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 04:49:20 Last Seen2024-05-04 10:32:57 Times Seen4 Hash 4d4d5fcb7ddc99977ad384f12d95b38b 8aec563649cdb7a346c56c575db6a36be6206cc9 2fee586ebf6bfd443136a75bc301fdf469f51a405c3b7ff9c569126ac080db4c Loading...

	zip.lu/?banned=1	503 B	2024-05-04	2024-05-04
Pretty URL zip.lu/?banned=1 IP 185.11.100.204 ASN #29522 Cyber_Folks S.A. Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-04 10:32:56 Last Seen2024-05-04 10:32:56 Times Seen1 Hash 6d01f451562dd7f7b985d258cf1fbfc9 6ddafbc88cf47fe48e147974b54dbaa16cd3800a 2fa95ec20cafe0bef6a41bced4378a0412a9d24a11d52ad8e6e6b1fc2d301f6e Loading...

		Size	First Seen	Last Seen
	#1 Eval - d45b6f3818a0277c96eec0a048213529	2.1 kB	2024-05-04	2024-05-04
Pretty Observations First Seen2024-05-04 10:32:56 Last Seen2024-05-04 10:32:56 Times Seen1 Hash d45b6f3818a0277c96eec0a048213529 ca6b10130125eb8fd908670f328bbcc32b49f549 8e75415cc1c84d11e6e1e135c99045300e6d1588dfaf3a34a5c07e1950de0633 Loading...

	#2 Eval - 9ed9a809842244df833e28cc6754a114	2.1 kB	2024-05-04	2024-05-04
Pretty Observations First Seen2024-05-04 10:32:56 Last Seen2024-05-04 10:32:57 Times Seen1 Hash 9ed9a809842244df833e28cc6754a114 ca05065f6948bb5fb38c07718bb4f2cc07da536e d18f240adf17303c768614f31cb5c8db8e06de8c7d3554b51452e60fda721abb Loading...

		Size	First Seen	Last Seen
	#1 Write - 7162f4f4a6377b3d138be45535f1a62d	117 B	2024-04-16	2024-05-19
Pretty Observations First Seen2024-04-16 15:12:46 Last Seen2024-05-19 09:57:59 Times Seen30 Hash 7162f4f4a6377b3d138be45535f1a62d aab5d1c55fd1cd149f081f3de2d407db3a798516 50ff35d6b03598970774c8d6102eea07cdec9fccd625c594a26b0df5e8d83a09 Loading...

	#2 Write - 04c29f6703f2211413850b120776a8a2	117 B	2024-03-26	2024-05-19
Pretty Observations First Seen2024-03-26 01:45:32 Last Seen2024-05-19 09:57:59 Times Seen33 Hash 04c29f6703f2211413850b120776a8a2 6dd9403c30602b5ae12d2d04a63c2f416a7e41f1 4abede4ad4c2b996ff0b13f8289a58b996c0914d3ec1491877da44fc3cc3e573 Loading...

HTTP Transactions (45)

URL IP Response Size

bitly.ws/Gbq4

185.11.100.204

301 Moved Permanently

239 B

URL User Request GET HTTP/2
bitly.ws/Gbq4
IP
185.11.100.204:443
ASN
#29522 Cyber_Folks S.A.

Certificate
IssuerLet's Encrypt
Subjectbitly.ws
Fingerprint2E:32:BE:AA:55:57:6D:B9:D0:4B:B5:E4:B8:69:A8:99:AF:37:26:88
ValidityThu, 02 May 2024 22:01:15 GMT - Wed, 31 Jul 2024 22:01:14 GMT

File type
HTML document, ASCII text
Size
239 B (239 bytes)
Hash
f1c0b9be5645ef8ff1d113195f297175
89f2fafaab25eeffdece725a2ee3526e087c42a0
c341e402236ba1dc399c53fcc0961fbd0763928aaf338beeaf3d3bbd659b1649

HTTP Headers

GET /Gbq4 HTTP/1.1
Host: bitly.ws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Sat, 04 May 2024 08:32:23 GMT
server: Apache
location: https://bitly.ws/?redirect=Gbq4
cache-control: max-age=0
expires: Sat, 04 May 2024 08:32:23 GMT
content-length: 239
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2

zip.lu/gfx/bmac.png

185.11.100.204

200 OK

3.2 kB

URL GET HTTP/2
zip.lu/gfx/bmac.png
IP
185.11.100.204:443
ASN
#29522 Cyber_Folks S.A.

Requested by
https://zip.lu/?banned=1
Certificate
IssuerLet's Encrypt
Subjectzip.lu
FingerprintBA:69:B8:76:30:88:C6:A1:75:27:5D:FB:93:55:75:0C:F7:FE:CB:36
ValiditySat, 20 Apr 2024 15:39:44 GMT - Fri, 19 Jul 2024 15:39:43 GMT

File type
PNG image data, 214 x 60, 8-bit colormap, non-interlaced
Size
3.2 kB (3206 bytes)
Hash
781860bb7eb619aa3b173144c6d29646
6ba3a103709f121cf9f5ab214610d0215dab93e9
54339f1c8cb089c05773b2b18fd5da6e702956decbf7dea6ef0348a64203c657

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /gfx/bmac.png HTTP/1.1
Host: zip.lu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/?banned=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 08:32:24 GMT
server: Apache
last-modified: Sat, 19 Aug 2023 15:45:47 GMT
etag: "c86-6034889f203e4"
accept-ranges: bytes
content-length: 3206
cache-control: max-age=31536000
expires: Sun, 04 May 2025 08:32:24 GMT
content-type: image/png
X-Firefox-Spdy: h2

zip.lu/css/style.css

185.11.100.204

200 OK

2.8 kB

URL GET HTTP/2
zip.lu/css/style.css
IP
185.11.100.204:443
ASN
#29522 Cyber_Folks S.A.

Requested by
https://zip.lu/?banned=1
Certificate
IssuerLet's Encrypt
Subjectzip.lu
FingerprintBA:69:B8:76:30:88:C6:A1:75:27:5D:FB:93:55:75:0C:F7:FE:CB:36
ValiditySat, 20 Apr 2024 15:39:44 GMT - Fri, 19 Jul 2024 15:39:43 GMT

File type
assembler source, Unicode text, UTF-8 text, with CRLF line terminators
Size
2.8 kB (2777 bytes)
Hash
4f01ddcf0e75cdacc7614891a0267ef0
cfeaf4c177b3033406ce9b5725c48be4b50fa066
b321e7e91fe1b3cf4c2f490cc83c6ef52585f23db09aeeb7a5e962f671663fd4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/style.css HTTP/1.1
Host: zip.lu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/?banned=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 08:32:24 GMT
server: Apache
last-modified: Sat, 20 Apr 2024 08:02:52 GMT
etag: "2d75-61682a18e99c0-gzip"
accept-ranges: bytes
cache-control: max-age=0
expires: Sat, 04 May 2024 08:32:24 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 2777
content-type: text/css
X-Firefox-Spdy: h2

zip.lu/gfx/stripe.png

185.11.100.204

200 OK

1.4 kB

URL GET HTTP/2
zip.lu/gfx/stripe.png
IP
185.11.100.204:443
ASN
#29522 Cyber_Folks S.A.

Requested by
https://zip.lu/?banned=1
Certificate
IssuerLet's Encrypt
Subjectzip.lu
FingerprintBA:69:B8:76:30:88:C6:A1:75:27:5D:FB:93:55:75:0C:F7:FE:CB:36
ValiditySat, 20 Apr 2024 15:39:44 GMT - Fri, 19 Jul 2024 15:39:43 GMT

File type
PNG image data, 91 x 60, 8-bit colormap, non-interlaced
Size
1.4 kB (1359 bytes)
Hash
17aaa9dc48a895306b06de8ae9a8b104
f75e086497b3743ac83d85dc4ca456e8bb556e55
b8214bd5cbd9197f329d1df98d908dc7a1cd38c28e8010b92e49b3f35dd9986a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /gfx/stripe.png HTTP/1.1
Host: zip.lu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/?banned=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 08:32:24 GMT
server: Apache
last-modified: Sat, 19 Aug 2023 15:45:50 GMT
etag: "54f-603488a24201d"
accept-ranges: bytes
content-length: 1359
cache-control: max-age=31536000
expires: Sun, 04 May 2025 08:32:24 GMT
content-type: image/png
X-Firefox-Spdy: h2

zip.lu/js/adframe.js

185.11.100.204

200 OK

16 B

URL GET HTTP/2
zip.lu/js/adframe.js
IP
185.11.100.204:443
ASN
#29522 Cyber_Folks S.A.

Requested by
https://zip.lu/?banned=1
Certificate
IssuerLet's Encrypt
Subjectzip.lu
FingerprintBA:69:B8:76:30:88:C6:A1:75:27:5D:FB:93:55:75:0C:F7:FE:CB:36
ValiditySat, 20 Apr 2024 15:39:44 GMT - Fri, 19 Jul 2024 15:39:43 GMT

File type
ASCII text, with no line terminators
Size
16 B (16 bytes)
Hash
760222d2e529d3e84eb01378cfc46e2e
f789f3c0007640b5549fca2710cf3da500b95e86
0059cb4ff0a271382c38af8a7367aaf45cbeb31449637d3928d25317401e2828

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/adframe.js HTTP/1.1
Host: zip.lu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/?banned=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 08:32:24 GMT
server: Apache
last-modified: Sat, 30 Dec 2017 21:02:30 GMT
etag: "10-5619511402320"
accept-ranges: bytes
content-length: 16
cache-control: max-age=0
expires: Sat, 04 May 2024 08:32:24 GMT
content-type: application/javascript
X-Firefox-Spdy: h2

zip.lu/gfx/ziplu-chart.png

185.11.100.204

200 OK

2.0 kB

URL GET HTTP/2
zip.lu/gfx/ziplu-chart.png
IP
185.11.100.204:443
ASN
#29522 Cyber_Folks S.A.

Requested by
https://zip.lu/?banned=1
Certificate
IssuerLet's Encrypt
Subjectzip.lu
FingerprintBA:69:B8:76:30:88:C6:A1:75:27:5D:FB:93:55:75:0C:F7:FE:CB:36
ValiditySat, 20 Apr 2024 15:39:44 GMT - Fri, 19 Jul 2024 15:39:43 GMT

File type
PNG image data, 1200 x 1200, 2-bit colormap, non-interlaced
Size
2.0 kB (1997 bytes)
Hash
0ce170cef8f689ab343636f7e8683808
ef2e58ee55b2ebeb24fd3d9a0d11a6495e36ecc2
c982e300b4c5093be2adaa79428c053dff57ea90ef4f93e3cf2633a680685d03

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /gfx/ziplu-chart.png HTTP/1.1
Host: zip.lu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/?banned=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 08:32:24 GMT
server: Apache
last-modified: Wed, 24 Apr 2024 17:59:41 GMT
etag: "7cd-616db6f4dc1f1"
accept-ranges: bytes
content-length: 1997
cache-control: max-age=31536000
expires: Sun, 04 May 2025 08:32:24 GMT
content-type: image/png
X-Firefox-Spdy: h2

zip.lu/gfx/adsterra2.png

185.11.100.204

200 OK

15 kB

URL GET HTTP/2
zip.lu/gfx/adsterra2.png
IP
185.11.100.204:443
ASN
#29522 Cyber_Folks S.A.

Requested by
https://zip.lu/?banned=1
Certificate
IssuerLet's Encrypt
Subjectzip.lu
FingerprintBA:69:B8:76:30:88:C6:A1:75:27:5D:FB:93:55:75:0C:F7:FE:CB:36
ValiditySat, 20 Apr 2024 15:39:44 GMT - Fri, 19 Jul 2024 15:39:43 GMT

File type
PNG image data, 200 x 200, 8-bit colormap, non-interlaced
Size
15 kB (15266 bytes)
Hash
5d4aab7e8b7267e1876143c7bd308318
5e1827fa8442e7b1e06cfbdec4c52bdec22c9063
f9b415d80dc86d44446a312e855460fb4ac16207f5b2caa0620e69013598bde6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /gfx/adsterra2.png HTTP/1.1
Host: zip.lu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/?banned=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 08:32:24 GMT
server: Apache
last-modified: Sat, 30 Mar 2024 10:55:14 GMT
etag: "3ba2-614de974dba8f"
accept-ranges: bytes
content-length: 15266
cache-control: max-age=31536000
expires: Sun, 04 May 2025 08:32:24 GMT
content-type: image/png
X-Firefox-Spdy: h2

www.paypalobjects.com/pl_PL/i/scr/pixel.gif

192.229.221.25

200 OK

43 B

URL GET HTTP/2
www.paypalobjects.com/pl_PL/i/scr/pixel.gif
IP
192.229.221.25:443
ASN
#15133 EDGECAST

Requested by
https://zip.lu/?banned=1
Certificate
IssuerDigiCert Inc
Subjectwww.paypal.com
Fingerprint4B:C0:E1:F0:16:B3:A4:B3:63:08:41:DF:F2:EF:8D:65:54:1D:30:B1
ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 31 Oct 2024 23:59:59 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
fc94fb0c3ed8a8f909dbc7630a0987ff
56d45f8a17f5078a20af9962c992ca4678450765
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

HTTP Headers

GET /pl_PL/i/scr/pixel.gif HTTP/1.1
Host: www.paypalobjects.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
cache-control: s-maxage=31536000, public,max-age=3600
content-type: image/gif
date: Sat, 04 May 2024 08:32:24 GMT
dc: ccg11-origin-www-1.paypal.com
etag: "5d5637c5-2b"
expires: Sat, 04 May 2024 09:32:24 GMT
last-modified: Fri, 16 Aug 2019 04:57:41 GMT
paypal-debug-id: 2b5a4d618fa0a
server: ECAcc (ska/F6B7)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-00000000000000000002b5a4d618fa0a-1ee1f9b462072736-01
x-cache: HIT
x-content-type-options: nosniff
content-length: 43
X-Firefox-Spdy: h2

zip.lu/gfx/paypal.png

185.11.100.204

200 OK

5.5 kB

URL GET HTTP/2
zip.lu/gfx/paypal.png
IP
185.11.100.204:443
ASN
#29522 Cyber_Folks S.A.

Requested by
https://zip.lu/?banned=1
Certificate
IssuerLet's Encrypt
Subjectzip.lu
FingerprintBA:69:B8:76:30:88:C6:A1:75:27:5D:FB:93:55:75:0C:F7:FE:CB:36
ValiditySat, 20 Apr 2024 15:39:44 GMT - Fri, 19 Jul 2024 15:39:43 GMT

File type
PNG image data, 200 x 150, 8-bit colormap, non-interlaced
Size
5.5 kB (5516 bytes)
Hash
164e7543a819062962815f4bd99b8419
0355f9dad012daa6adf4bae4e47e44d4b2c51888
675f6b6dc673aae01f8ef949697ee544c8df8574ca090a4dd690776ec6e442ea

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /gfx/paypal.png HTTP/1.1
Host: zip.lu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/?banned=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 08:32:24 GMT
server: Apache
last-modified: Tue, 02 Jan 2018 13:00:54 GMT
etag: "158c-561cab06562ce"
accept-ranges: bytes
content-length: 5516
cache-control: max-age=31536000
expires: Sun, 04 May 2025 08:32:24 GMT
content-type: image/png
X-Firefox-Spdy: h2

zip.lu/gfx/paypal.jpg

185.11.100.204

200 OK

8.7 kB

URL GET HTTP/2
zip.lu/gfx/paypal.jpg
IP
185.11.100.204:443
ASN
#29522 Cyber_Folks S.A.

Requested by
https://zip.lu/?banned=1
Certificate
IssuerLet's Encrypt
Subjectzip.lu
FingerprintBA:69:B8:76:30:88:C6:A1:75:27:5D:FB:93:55:75:0C:F7:FE:CB:36
ValiditySat, 20 Apr 2024 15:39:44 GMT - Fri, 19 Jul 2024 15:39:43 GMT

File type
PNG image data, 380 x 130, 8-bit colormap, non-interlaced
Size
8.7 kB (8708 bytes)
Hash
eeb10183dfe4b9ec6bcfea9aa6fa07f6
b55d89bc1ead011821dd3371f2885996fe99785a
1ae6619173f92af4f0201b7204322213c714b56df437aa7d6482a1c141d5337c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /gfx/paypal.jpg HTTP/1.1
Host: zip.lu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/?banned=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 08:32:24 GMT
server: Apache
last-modified: Tue, 02 Jan 2018 13:00:56 GMT
etag: "2204-561cab086d14b"
accept-ranges: bytes
content-length: 8708
cache-control: max-age=31536000
expires: Sun, 04 May 2025 08:32:24 GMT
content-type: image/jpeg
X-Firefox-Spdy: h2

bitly.ws/?redirect=Gbq4

185.11.100.204

301 Moved Permanently

93 kB

URL User Request GET HTTP/2
bitly.ws/?redirect=Gbq4
IP
185.11.100.204:443
ASN
#29522 Cyber_Folks S.A.

Certificate
IssuerLet's Encrypt
Subjectbitly.ws
Fingerprint2E:32:BE:AA:55:57:6D:B9:D0:4B:B5:E4:B8:69:A8:99:AF:37:26:88
ValidityThu, 02 May 2024 22:01:15 GMT - Wed, 31 Jul 2024 22:01:14 GMT

File type
data
Size
93 kB (92790 bytes)
Hash
09c2f1cb54e828d76ad6dbea326dc966
ffb1b7f218da9e6d81cffee9cd9539bef1638265
587f2eff23dcd0dc354e8c5be5d254728f86448fc9acaed0118337f2c048cbb1

HTTP Headers

GET /?redirect=Gbq4 HTTP/1.1
Host: bitly.ws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 301 Moved Permanently
date: Sat, 04 May 2024 08:32:23 GMT
server: Apache
x-powered-by: PHP/5.5.38
location: https://zip.lu?banned=1
cache-control: max-age=0
expires: Sat, 04 May 2024 08:32:23 GMT
content-type: text/html
X-Firefox-Spdy: h2

www.topcreativeformat.com/6dc3a27552b5aedfb96aeaa00aa1c37b/invoke.js

172.240.108.76

200 OK

12 kB

URL GET HTTP/1.1
www.topcreativeformat.com/6dc3a27552b5aedfb96aeaa00aa1c37b/invoke.js
IP
172.240.108.76:443
ASN
#7979 SERVERS-COM

Requested by
https://zip.lu/?banned=1
Certificate
IssuerLet's Encrypt
Subjecttopcreativeformat.com
Fingerprint6D:98:D9:61:FC:CF:D9:8C:FE:5E:1C:15:5A:A5:F2:28:38:04:A4:A4
ValidityWed, 20 Mar 2024 07:51:41 GMT - Tue, 18 Jun 2024 07:51:40 GMT

File type
JavaScript source, ASCII text, with very long lines (31298), with no line terminators
Size
12 kB (11844 bytes)
Hash
ba5e57282e49f35bbc4fb8ef3cbeac95
7c67ded7953fd3cd51dccdf45ce06648863ebffe
72a2e3d91546e063b101c83408cb3996f2386c2ee519f96780cc22b573983f07

HTTP Headers

GET /6dc3a27552b5aedfb96aeaa00aa1c37b/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 08:32:24 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 36ce887a4491cc13ac16b4579b90fa11
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

www.topcreativeformat.com/fb87135eb1bdee211d55a6d31f28b1bc/invoke.js

172.240.108.76

200 OK

12 kB

URL GET HTTP/1.1
www.topcreativeformat.com/fb87135eb1bdee211d55a6d31f28b1bc/invoke.js
IP
172.240.108.76:443
ASN
#7979 SERVERS-COM

Requested by
https://zip.lu/?banned=1
Certificate
IssuerLet's Encrypt
Subjecttopcreativeformat.com
Fingerprint6D:98:D9:61:FC:CF:D9:8C:FE:5E:1C:15:5A:A5:F2:28:38:04:A4:A4
ValidityWed, 20 Mar 2024 07:51:41 GMT - Tue, 18 Jun 2024 07:51:40 GMT

File type
JavaScript source, ASCII text, with very long lines (31301), with no line terminators
Size
12 kB (11843 bytes)
Hash
4d4d5fcb7ddc99977ad384f12d95b38b
8aec563649cdb7a346c56c575db6a36be6206cc9
2fee586ebf6bfd443136a75bc301fdf469f51a405c3b7ff9c569126ac080db4c

HTTP Headers

GET /fb87135eb1bdee211d55a6d31f28b1bc/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 08:32:24 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 69b893c172d03a4f5a66edef7bbb55b5
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

ocsp.r2m03.amazontrust.com/

143.204.53.97

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
143.204.53.97:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
353dbae1e1b45a750770ae51bef13ba7
465917a2a0bbb947e9727e7f08b584a82aa6fb81
9fa5becc3e07f31f2f08bf5f331d6bfda4f6386634ea524bc3a8c56ac1c0bc2b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Sat, 04 May 2024 08:32:24 GMT
Last-Modified: Sat, 04 May 2024 06:51:24 GMT
Server: ECAcc (ska/F6A0)
X-Cache: Miss from cloudfront
Via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 5C7QnP3BTZROl9ia79ldvuwPSv22eBW1_6m089aDiqWu-WFkMA_ZaQ==
Age: 6060

proftrafficcounter.com/stats

18.185.9.67

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
18.185.9.67:443
ASN
#16509 AMAZON-02

Requested by
https://zip.lu/?banned=1
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
845f9bab0f9eb4547d0a7bb32fdeac26
45d69bd5a3f293e3e1e819cfbe460e0c4985759c
cab733be27203321d12f9efc41558426a3b84b6b5a4080f0d014f5b3239759b1

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://zip.lu
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 08:32:25 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://zip.lu
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=ae01a057-053a-4201-986d-d948ee3d0c6a:2:1; expires=Tue, 02 May 2034 08:32:25 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

proftrafficcounter.com/stats

18.185.9.67

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
18.185.9.67:443
ASN
#16509 AMAZON-02

Requested by
https://zip.lu/?banned=1
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
beb032e40475d5048edc58bc906521f2
c523cef10c118ea17abcd73c5ff8486744aee82c
58c309e5f04ea8d429889ff4c82efdf83ba8a0403fa3da00dc831aa3d6af1e6b

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://zip.lu
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 08:32:25 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://zip.lu
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=fb382ce3-8add-446f-80d9-186d49434233:1:1; expires=Tue, 02 May 2034 08:32:25 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

pl22826180.profitablegatecpm.com/172d9680245553e8052aafbe1bd64a13/invoke.js

192.243.61.225

200 OK

9.8 kB

URL GET HTTP/1.1
pl22826180.profitablegatecpm.com/172d9680245553e8052aafbe1bd64a13/invoke.js
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://zip.lu/?banned=1
Certificate
IssuerLet's Encrypt
Subjectprofitablegatecpm.com
Fingerprint9D:FB:8C:AD:4D:64:98:6B:85:78:33:54:E7:A3:BB:10:ED:77:63:30
ValidityFri, 05 Apr 2024 18:10:33 GMT - Thu, 04 Jul 2024 18:10:32 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (26606), with no line terminators
Size
9.8 kB (9822 bytes)
Hash
ae9ae6b3c773fe152305dae4a06be7de
67c0b43293b49f374cebec1c7c1f0ee1a4cc9576
37607619e5d6f402d95f697f6aa739f941272af2debb60025a195abf9babebb9

HTTP Headers

GET /172d9680245553e8052aafbe1bd64a13/invoke.js HTTP/1.1
Host: pl22826180.profitablegatecpm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 08:32:25 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2faf3771166aae94dea18c1b37c22210
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

landings-cdn.adsterratech.com/referralBanners/png/300%20x%20250%20px.png

142.0.204.220

200 OK

90 kB

URL GET HTTP/1.1
landings-cdn.adsterratech.com/referralBanners/png/300%20x%20250%20px.png
IP
142.0.204.220:443
ASN
#7979 SERVERS-COM

Requested by
https://zip.lu/?banned=1
Certificate
IssuerLet's Encrypt
Subjectlandings-cdn.adsterratech.com
FingerprintCA:79:50:AF:4F:E1:B9:4D:FD:EE:28:B7:AD:6C:21:7A:99:D2:DB:93
ValiditySun, 28 Apr 2024 07:09:01 GMT - Sat, 27 Jul 2024 07:09:00 GMT

File type
PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced
Size
90 kB (90409 bytes)
Hash
a28902cd41b26954be2c97eea41089a1
c69d00be80adbcba05b788d2dcf7967d0d15a65f
5b4fa649af59a8350f401a661a5ecfed92130aa0aa9825ac3777c2a893a96e61

HTTP Headers

GET /referralBanners/png/300%20x%20250%20px.png HTTP/1.1
Host: landings-cdn.adsterratech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 08:32:24 GMT
Content-Type: image/png
Content-Length: 90409
Last-Modified: Wed, 02 Feb 2022 00:50:11 GMT
Connection: keep-alive
ETag: "61f9d543-16129"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Date
Cache-Control: max-age=315360000, public
Accept-Ranges: bytes

threeinvincible.com/watch.1261056827929.js?key=6dc3a27552b5aedfb96aeaa00aa1c37b&kw=%5B%22zip%22%2C%22url%22%2C%22shortener%22%5D&refer=https%3A%2F%2Fzip.lu%2F%3Fbanned%3D1&tz=0&dev=e&res=14.2071&uuid=ae01a057-053a-4201-986d-d948ee3d0c6a%3A2%3A1

172.240.253.132

307 Temporary Redirect

0 B

URL GET HTTP/1.1
threeinvincible.com/watch.1261056827929.js?key=6dc3a27552b5aedfb96aeaa00aa1c37b&kw=%5B%22zip%22%2C%22url%22%2C%22shortener%22%5D&refer=https%3A%2F%2Fzip.lu%2F%3Fbanned%3D1&tz=0&dev=e&res=14.2071&uuid=ae01a057-053a-4201-986d-d948ee3d0c6a%3A2%3A1
IP
172.240.253.132:443
ASN
#7979 SERVERS-COM

Requested by
https://zip.lu/?banned=1
Certificate
IssuerLet's Encrypt
Subjectthreeinvincible.com
Fingerprint80:A7:5B:F8:68:36:7B:02:02:07:18:D1:59:E5:E8:BF:94:77:25:84
ValidityTue, 30 Apr 2024 15:27:42 GMT - Mon, 29 Jul 2024 15:27:41 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1261056827929.js?key=6dc3a27552b5aedfb96aeaa00aa1c37b&kw=%5B%22zip%22%2C%22url%22%2C%22shortener%22%5D&refer=https%3A%2F%2Fzip.lu%2F%3Fbanned%3D1&tz=0&dev=e&res=14.2071&uuid=ae01a057-053a-4201-986d-d948ee3d0c6a%3A2%3A1 HTTP/1.1
Host: threeinvincible.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://zip.lu
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Sat, 04 May 2024 08:32:25 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://zip.lu
Access-Control-Allow-Origin: https://zip.lu
Access-Control-Allow-Credentials: true
Location: https://threeinvincible.com/watch.1261056827929.js?dev=e&key=6dc3a27552b5aedfb96aeaa00aa1c37b&kw=%5B%22zip%22%2C%22url%22%2C%22shortener%22%5D&pst=1714811605&refer=https%3A%2F%2Fzip.lu%2F%3Fbanned%3D1&res=14.2071&rmtc=t&shu=d5a5dd2ba51490c50c7f30255833ff3cf780de3ad15cbf9a936a81ac1a2952006ca2d07abceb433e28ae25e50b9840f2041820096b0226b280068ab27a5f29346d15e350f81e7bf6ec23ba54984d65ffec4a09ea3f1194ff5bf346ba26559669a8&tz=0&uuid=ae01a057-053a-4201-986d-d948ee3d0c6a%3A2%3A1
Set-Cookie: u_pl=22735548; expires=Sun, 05 May 2024 08:32:25 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjczNTU0OCwiayI6IjZkYzNhMjc1NTJiNWFlZGZiOTZhZWFhMDBhYTFjMzdiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNjc1ODY4LCJwaWQiOjkzMDg4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjM0LCJhaWQiOjUsInB0Ijo0LCJwayI6Inc3cTYxZHZqbWUiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly96aXAubHUvP2Jhbm5lZD0xIiwiYXIiOltdfX0.Wlik0i7U6TMsAzL1Ct4uONsIP4EB7gWVCej1azy-STE; expires=Sat, 04 May 2024 08:33:25 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9aeb223e7a5880a65f2986bcf1189841
Strict-Transport-Security: max-age=0; includeSubdomains

gobreadthpopcorn.com/watch.1651131739569.js?key=fb87135eb1bdee211d55a6d31f28b1bc&kw=%5B%22zip%22%2C%22url%22%2C%22shortener%22%5D&refer=https%3A%2F%2Fzip.lu%2F%3Fbanned%3D1&tz=0&dev=e&res=14.2071&uuid=fb382ce3-8add-446f-80d9-186d49434233%3A1%3A1

172.240.108.84

307 Temporary Redirect

0 B

URL GET HTTP/1.1
gobreadthpopcorn.com/watch.1651131739569.js?key=fb87135eb1bdee211d55a6d31f28b1bc&kw=%5B%22zip%22%2C%22url%22%2C%22shortener%22%5D&refer=https%3A%2F%2Fzip.lu%2F%3Fbanned%3D1&tz=0&dev=e&res=14.2071&uuid=fb382ce3-8add-446f-80d9-186d49434233%3A1%3A1
IP
172.240.108.84:443
ASN
#7979 SERVERS-COM

Requested by
https://zip.lu/?banned=1
Certificate
IssuerLet's Encrypt
Subjectgobreadthpopcorn.com
FingerprintC5:CA:73:FB:70:A9:E9:62:8F:51:AE:54:ED:96:FB:84:99:6B:A6:B9
ValidityMon, 29 Apr 2024 08:16:23 GMT - Sun, 28 Jul 2024 08:16:22 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1651131739569.js?key=fb87135eb1bdee211d55a6d31f28b1bc&kw=%5B%22zip%22%2C%22url%22%2C%22shortener%22%5D&refer=https%3A%2F%2Fzip.lu%2F%3Fbanned%3D1&tz=0&dev=e&res=14.2071&uuid=fb382ce3-8add-446f-80d9-186d49434233%3A1%3A1 HTTP/1.1
Host: gobreadthpopcorn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://zip.lu
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Sat, 04 May 2024 08:32:25 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://zip.lu
Access-Control-Allow-Origin: https://zip.lu
Access-Control-Allow-Credentials: true
Location: https://gobreadthpopcorn.com/watch.1651131739569.js?dev=e&key=fb87135eb1bdee211d55a6d31f28b1bc&kw=%5B%22zip%22%2C%22url%22%2C%22shortener%22%5D&pst=1714811605&refer=https%3A%2F%2Fzip.lu%2F%3Fbanned%3D1&res=14.2071&rmtc=t&shu=ebd2a3d97fefc4018c5bd80303a769d535a02016922e3bce9682451f432b898ed9f88808469a9f95dc0a0a2aab051214ee804c02b2061386ac617fadb553597f058972ab7145e15dbc8090015ca752d255fe4fbd7330eb6970c45ccdc48f&tz=0&uuid=fb382ce3-8add-446f-80d9-186d49434233%3A1%3A1
Set-Cookie: u_pl=22829219; expires=Sun, 05 May 2024 08:32:25 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjgyOTIxOSwiayI6ImZiODcxMzVlYjFiZGVlMjExZDU1YTZkMzFmMjhiMWJjIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNjc1ODY4LCJwaWQiOjkzMDg4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjM0LCJhaWQiOjMyLCJwdCI6NCwicGsiOiJ6YXM3dzFtanQiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly96aXAubHUvP2Jhbm5lZD0xIiwiYXIiOltdfX0.x4V-YbMaz28DxGpGZqZohRewgpsltxYPfC_5fIrdH0Y; expires=Sat, 04 May 2024 08:33:25 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 073bc14806694a936bb83f5310362e10
Strict-Transport-Security: max-age=0; includeSubdomains

threeinvincible.com/watch.1261056827929.js?dev=e&key=6dc3a27552b5aedfb96aeaa00aa1c37b&kw=%5B%22zip%22%2C%22url%22%2C%22shortener%22%5D&pst=1714811605&refer=https%3A%2F%2Fzip.lu%2F%3Fbanned%3D1&res=14.2071&rmtc=t&shu=d5a5dd2ba51490c50c7f30255833ff3cf780de3ad15cbf9a936a81ac1a2952006ca2d07abceb433e28ae25e50b9840f2041820096b0226b280068ab27a5f29346d15e350f81e7bf6ec23ba54984d65ffec4a09ea3f1194ff5bf346ba26559669a8&tz=0&uuid=ae01a057-053a-4201-986d-d948ee3d0c6a%3A2%3A1

172.240.253.132

200 OK

2.1 kB

URL GET HTTP/1.1
threeinvincible.com/watch.1261056827929.js?dev=e&key=6dc3a27552b5aedfb96aeaa00aa1c37b&kw=%5B%22zip%22%2C%22url%22%2C%22shortener%22%5D&pst=1714811605&refer=https%3A%2F%2Fzip.lu%2F%3Fbanned%3D1&res=14.2071&rmtc=t&shu=d5a5dd2ba51490c50c7f30255833ff3cf780de3ad15cbf9a936a81ac1a2952006ca2d07abceb433e28ae25e50b9840f2041820096b0226b280068ab27a5f29346d15e350f81e7bf6ec23ba54984d65ffec4a09ea3f1194ff5bf346ba26559669a8&tz=0&uuid=ae01a057-053a-4201-986d-d948ee3d0c6a%3A2%3A1
IP
172.240.253.132:443
ASN
#7979 SERVERS-COM

Requested by
https://zip.lu/?banned=1
Certificate
IssuerLet's Encrypt
Subjectthreeinvincible.com
Fingerprint80:A7:5B:F8:68:36:7B:02:02:07:18:D1:59:E5:E8:BF:94:77:25:84
ValidityTue, 30 Apr 2024 15:27:42 GMT - Mon, 29 Jul 2024 15:27:41 GMT

File type
JavaScript source, ASCII text, with very long lines (2639)
Size
2.1 kB (2100 bytes)
Hash
0207e9ef0abc722a778c827b86bca706
b09679ec09cd0ea92c599f6f764f1e8ecf641c11
b87c2701aa102b75a3bdfa8d6278d4ed9b79acf05340d29b58615e3893c31376

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1261056827929.js?dev=e&key=6dc3a27552b5aedfb96aeaa00aa1c37b&kw=%5B%22zip%22%2C%22url%22%2C%22shortener%22%5D&pst=1714811605&refer=https%3A%2F%2Fzip.lu%2F%3Fbanned%3D1&res=14.2071&rmtc=t&shu=d5a5dd2ba51490c50c7f30255833ff3cf780de3ad15cbf9a936a81ac1a2952006ca2d07abceb433e28ae25e50b9840f2041820096b0226b280068ab27a5f29346d15e350f81e7bf6ec23ba54984d65ffec4a09ea3f1194ff5bf346ba26559669a8&tz=0&uuid=ae01a057-053a-4201-986d-d948ee3d0c6a%3A2%3A1 HTTP/1.1
Host: threeinvincible.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://zip.lu
Referer: https://zip.lu/
DNT: 1
Connection: keep-alive
Cookie: u_pl=22735548; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjczNTU0OCwiayI6IjZkYzNhMjc1NTJiNWFlZGZiOTZhZWFhMDBhYTFjMzdiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNjc1ODY4LCJwaWQiOjkzMDg4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjM0LCJhaWQiOjUsInB0Ijo0LCJwayI6Inc3cTYxZHZqbWUiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly96aXAubHUvP2Jhbm5lZD0xIiwiYXIiOltdfX0.Wlik0i7U6TMsAzL1Ct4uONsIP4EB7gWVCej1azy-STE
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 08:32:25 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://zip.lu
Access-Control-Allow-Origin: https://zip.lu
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=ae01a057-053a-4201-986d-d948ee3d0c6a:2:1; expires=Sat, 11 May 2024 08:32:25 GMT; secure; SameSite=None
iprcbda25b7df33a6255ac5306d6db079f8e=3569806; expires=Sat, 04 May 2024 12:32:25 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 05 May 2024 08:32:25 GMT; secure; SameSite=None
uncs=1; expires=Sun, 05 May 2024 08:32:25 GMT; secure; SameSite=None
pdhtkv5=true; expires=Sun, 05 May 2024 08:32:25 GMT; secure; SameSite=None
uncs5=1; expires=Sun, 05 May 2024 08:32:25 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 773920c522d9a1a94163786f7479ae71
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

gobreadthpopcorn.com/watch.1651131739569.js?dev=e&key=fb87135eb1bdee211d55a6d31f28b1bc&kw=%5B%22zip%22%2C%22url%22%2C%22shortener%22%5D&pst=1714811605&refer=https%3A%2F%2Fzip.lu%2F%3Fbanned%3D1&res=14.2071&rmtc=t&shu=ebd2a3d97fefc4018c5bd80303a769d535a02016922e3bce9682451f432b898ed9f88808469a9f95dc0a0a2aab051214ee804c02b2061386ac617fadb553597f058972ab7145e15dbc8090015ca752d255fe4fbd7330eb6970c45ccdc48f&tz=0&uuid=fb382ce3-8add-446f-80d9-186d49434233%3A1%3A1

172.240.108.84

200 OK

2.1 kB

URL GET HTTP/1.1
gobreadthpopcorn.com/watch.1651131739569.js?dev=e&key=fb87135eb1bdee211d55a6d31f28b1bc&kw=%5B%22zip%22%2C%22url%22%2C%22shortener%22%5D&pst=1714811605&refer=https%3A%2F%2Fzip.lu%2F%3Fbanned%3D1&res=14.2071&rmtc=t&shu=ebd2a3d97fefc4018c5bd80303a769d535a02016922e3bce9682451f432b898ed9f88808469a9f95dc0a0a2aab051214ee804c02b2061386ac617fadb553597f058972ab7145e15dbc8090015ca752d255fe4fbd7330eb6970c45ccdc48f&tz=0&uuid=fb382ce3-8add-446f-80d9-186d49434233%3A1%3A1
IP
172.240.108.84:443
ASN
#7979 SERVERS-COM

Requested by
https://zip.lu/?banned=1
Certificate
IssuerLet's Encrypt
Subjectgobreadthpopcorn.com
FingerprintC5:CA:73:FB:70:A9:E9:62:8F:51:AE:54:ED:96:FB:84:99:6B:A6:B9
ValidityMon, 29 Apr 2024 08:16:23 GMT - Sun, 28 Jul 2024 08:16:22 GMT

File type
JavaScript source, ASCII text, with very long lines (2629)
Size
2.1 kB (2096 bytes)
Hash
a33aef7276a47aff09e186d4598198ad
62fade345a1b180fed9832f514ecb52aa94a23e5
d0eb595dca23662c8e4afe70d12c82fc9be53ee4dc2a3c6721d0141c80c3bd71

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1651131739569.js?dev=e&key=fb87135eb1bdee211d55a6d31f28b1bc&kw=%5B%22zip%22%2C%22url%22%2C%22shortener%22%5D&pst=1714811605&refer=https%3A%2F%2Fzip.lu%2F%3Fbanned%3D1&res=14.2071&rmtc=t&shu=ebd2a3d97fefc4018c5bd80303a769d535a02016922e3bce9682451f432b898ed9f88808469a9f95dc0a0a2aab051214ee804c02b2061386ac617fadb553597f058972ab7145e15dbc8090015ca752d255fe4fbd7330eb6970c45ccdc48f&tz=0&uuid=fb382ce3-8add-446f-80d9-186d49434233%3A1%3A1 HTTP/1.1
Host: gobreadthpopcorn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://zip.lu
Referer: https://zip.lu/
DNT: 1
Connection: keep-alive
Cookie: u_pl=22829219; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjgyOTIxOSwiayI6ImZiODcxMzVlYjFiZGVlMjExZDU1YTZkMzFmMjhiMWJjIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNjc1ODY4LCJwaWQiOjkzMDg4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjM0LCJhaWQiOjMyLCJwdCI6NCwicGsiOiJ6YXM3dzFtanQiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly96aXAubHUvP2Jhbm5lZD0xIiwiYXIiOltdfX0.x4V-YbMaz28DxGpGZqZohRewgpsltxYPfC_5fIrdH0Y
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 08:32:25 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://zip.lu
Access-Control-Allow-Origin: https://zip.lu
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=fb382ce3-8add-446f-80d9-186d49434233:1:1; expires=Sat, 11 May 2024 08:32:25 GMT; secure; SameSite=None
iprcf16313649d7f093603ff603c79464e61=3570421; expires=Sat, 04 May 2024 12:32:25 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 05 May 2024 08:32:25 GMT; secure; SameSite=None
uncs=1; expires=Sun, 05 May 2024 08:32:25 GMT; secure; SameSite=None
pdhtkv32=true; expires=Sun, 05 May 2024 08:32:25 GMT; secure; SameSite=None
uncs32=1; expires=Sun, 05 May 2024 08:32:25 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ba4e640ede08b24699f8b9120b4672e6
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

ravekeptarose.com/78/66/ea/7866ead300fcf9e425beaf01fe308949.js

192.243.59.13

200 OK

30 kB

URL GET HTTP/1.1
ravekeptarose.com/78/66/ea/7866ead300fcf9e425beaf01fe308949.js
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://zip.lu/?banned=1
Certificate
IssuerLet's Encrypt
Subjectravekeptarose.com
FingerprintA6:10:D9:7F:DD:57:D1:90:92:BE:55:3D:08:27:D6:54:A9:D2:F1:69
ValidityTue, 30 Apr 2024 15:35:21 GMT - Mon, 29 Jul 2024 15:35:20 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
30 kB (30409 bytes)
Hash
60829db93297537e976edce9b9fad2cd
cd3376a44f53ca1a29b72d55a3225bb103798899
9cfce3b8f537f56a305a83a1870c8169dbe6f10f2a6e7740b1b764581ba6eef9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /78/66/ea/7866ead300fcf9e425beaf01fe308949.js HTTP/1.1
Host: ravekeptarose.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 May 2024 08:32:25 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 348892ba1724f3f69b707c94aec12a41
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

ravekeptarose.com/ntv.json?key=172d9680245553e8052aafbe1bd64a13&vstc=4&uuid=ae01a057-053a-4201-986d-d948ee3d0c6a%3A2%3A1&custom=%7B%22d37e3bc4%22%3A%22b%22%7D

192.243.59.13

200 OK

18 kB

URL GET HTTP/1.1
ravekeptarose.com/ntv.json?key=172d9680245553e8052aafbe1bd64a13&vstc=4&uuid=ae01a057-053a-4201-986d-d948ee3d0c6a%3A2%3A1&custom=%7B%22d37e3bc4%22%3A%22b%22%7D
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://zip.lu/?banned=1
Certificate
IssuerLet's Encrypt
Subjectravekeptarose.com
FingerprintA6:10:D9:7F:DD:57:D1:90:92:BE:55:3D:08:27:D6:54:A9:D2:F1:69
ValidityTue, 30 Apr 2024 15:35:21 GMT - Mon, 29 Jul 2024 15:35:20 GMT

File type
JSON text data
Size
18 kB (17772 bytes)
Hash
f349a3f0a37e9586a0ee393254bb315b
f181398c4096ca10ee4c8fd064277c8ad7263110
f4c639fcfd7dacec2555b876bd0a57de16d3c776eb5ed3c76cba7b6afb59078d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ntv.json?key=172d9680245553e8052aafbe1bd64a13&vstc=4&uuid=ae01a057-053a-4201-986d-d948ee3d0c6a%3A2%3A1&custom=%7B%22d37e3bc4%22%3A%22b%22%7D HTTP/1.1
Host: ravekeptarose.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://zip.lu
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 May 2024 08:32:25 GMT
Content-Type: application/json
Content-Length: 17772
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://zip.lu
Access-Control-Allow-Origin: https://zip.lu
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=22725681; expires=Sun, 05 May 2024 08:32:25 GMT; secure; SameSite=None
uid_id2=ae01a057-053a-4201-986d-d948ee3d0c6a:2:1; expires=Sat, 11 May 2024 08:32:25 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 05 May 2024 08:32:25 GMT; secure; SameSite=None
uncs=1; expires=Sun, 05 May 2024 08:32:25 GMT; secure; SameSite=None
pdhtkv49=true; expires=Sun, 05 May 2024 08:32:25 GMT; secure; SameSite=None
uncs49=1; expires=Sun, 05 May 2024 08:32:25 GMT; secure; SameSite=None
nlec172d9680245553e8052aafbe1bd64a13=[2019380,2229329,2229337,2229333]; expires=Sat, 04 May 2024 08:32:30 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 799ced508c7ae1f13a41e5140f2fef32
Strict-Transport-Security: max-age=0; includeSubdomains

ravekeptarose.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuuzm9O%2BYGgBi%2BCDEFBxZ3t7pnpmTFIMMYNi2s2JgY%2FLlLdVTNbTnVXU9U1PTteogHJcQ5e4qnnmd2sH0vQP8AgswtBFsSdiyzogv%2BCQvAoPS6uvof3o5634KnnqU8n9pj4sPTo8ptqJKSky82aW33%2BXc%2B7UF0TiR1Wh%2B3gg6BxoaoHL3eCmvtC9QqP%2BmrZdz3X9VyvuiI076rhcglCpLsdr9Zxaw2%2F5jUbGOr%2FzsY6MNQBGxyTJyDYvLLvnIOIZkjiby5z089U%2BtLrsZU0UxoDtnMz6ScqTxCftl3toJvsnGxDmcOVB1DJ9oIu1OCfxVDMifPwAcJk54QkwsHWgmcowROE7P%2FIBzNwOYOgM0TqNgQ7JEDEcHUdSXzvqtI53fwbpSU6J5VHf0Dkc1L59RyS%2BP4lKYbVG0raTKjEYNgtIIYziN4Mqd1DNjoDke8hyj6BYD%2BS5UdrSOKtdSMVBDt6lnLXo26zteQ263Sp4bveUqcdsCXWabQ5rzM3CuhCICFmEN0ZJB%2BDmjOwxoEVDmzXgU0dxOyoGnme13JZRN12J4rqrMXDgLkebXU96rlBGzYq3zBGlo4RyTEifQup%2FvgLVm%2Fxehg1JiH6Ygxtv4fZKGCYA5MRDFiBnBPkhiCnBLkgyDOCfFBsM2l8U9xj0tjQO6n%2BSa0XU5X1JnRbZT2eEFA9hmbFJD0mj5daOu%2Fve%2Bjzo6rX8lknaLt%2Bo9ls1nnbbfqUdkPuhSxoUK8OIwoIcwbUOBiJOWk%2F9QvS0t9%2BgZDuwcg9ROI8qPVA8wJ0o8Ao2c1Esmm1rMUqFGCqQJpVkG06E3lMnl64%2BcxPDfDo4OLDs6%2Bk05%2FPItIFUl3gQ7FP0JN3ptdVTrauq9yQb9fTTMRiREunb2Q04%2F%2F76g2%2BmSvNVi%2Bb8ZevRiVQtrtvc5Ot0YSJpGfI15cEY1yvKB1x8t2qeYeH16zZuGR1YtO1a6%2BtrMap5sYIlcxAxeH6n4jEnFSee3LxhR87fBFCz6BtgdgekJOAUHuI0lsw6cHFbPTblfvnPoJRBFqe7oSpg9wWU%2B2Hp4dSEEh%2BOtOwgPnXHJ72U03L21QUE3MHPV0BzW4jiQsMdIGBLEDlGMaenWapPrj4w90yPkcoK9NQ6spWKLX8bCHynJyvvFWm98p0E0YcVVv1ukuDTtNrtShvhQ2%2F3Q08RqnfCPwgoHVkZt5t%2Fn73LwAAAP%2F%2FAQAA%2F%2F%2F4CBgFpgQAAA%3D%3D

192.243.59.13

200 OK

7 B

URL GET HTTP/1.1
ravekeptarose.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuuzm9O%2BYGgBi%2BCDEFBxZ3t7pnpmTFIMMYNi2s2JgY%2FLlLdVTNbTnVXU9U1PTteogHJcQ5e4qnnmd2sH0vQP8AgswtBFsSdiyzogv%2BCQvAoPS6uvof3o5634KnnqU8n9pj4sPTo8ptqJKSky82aW33%2BXc%2B7UF0TiR1Wh%2B3gg6BxoaoHL3eCmvtC9QqP%2BmrZdz3X9VyvuiI076rhcglCpLsdr9Zxaw2%2F5jUbGOr%2FzsY6MNQBGxyTJyDYvLLvnIOIZkjiby5z089U%2BtLrsZU0UxoDtnMz6ScqTxCftl3toJvsnGxDmcOVB1DJ9oIu1OCfxVDMifPwAcJk54QkwsHWgmcowROE7P%2FIBzNwOYOgM0TqNgQ7JEDEcHUdSXzvqtI53fwbpSU6J5VHf0Dkc1L59RyS%2BP4lKYbVG0raTKjEYNgtIIYziN4Mqd1DNjoDke8hyj6BYD%2BS5UdrSOKtdSMVBDt6lnLXo26zteQ263Sp4bveUqcdsCXWabQ5rzM3CuhCICFmEN0ZJB%2BDmjOwxoEVDmzXgU0dxOyoGnme13JZRN12J4rqrMXDgLkebXU96rlBGzYq3zBGlo4RyTEifQup%2FvgLVm%2Fxehg1JiH6Ygxtv4fZKGCYA5MRDFiBnBPkhiCnBLkgyDOCfFBsM2l8U9xj0tjQO6n%2BSa0XU5X1JnRbZT2eEFA9hmbFJD0mj5daOu%2Fve%2Bjzo6rX8lknaLt%2Bo9ls1nnbbfqUdkPuhSxoUK8OIwoIcwbUOBiJOWk%2F9QvS0t9%2BgZDuwcg9ROI8qPVA8wJ0o8Ao2c1Esmm1rMUqFGCqQJpVkG06E3lMnl64%2BcxPDfDo4OLDs6%2Bk05%2FPItIFUl3gQ7FP0JN3ptdVTrauq9yQb9fTTMRiREunb2Q04%2F%2F76g2%2BmSvNVi%2Bb8ZevRiVQtrtvc5Ot0YSJpGfI15cEY1yvKB1x8t2qeYeH16zZuGR1YtO1a6%2BtrMap5sYIlcxAxeH6n4jEnFSee3LxhR87fBFCz6BtgdgekJOAUHuI0lsw6cHFbPTblfvnPoJRBFqe7oSpg9wWU%2B2Hp4dSEEh%2BOtOwgPnXHJ72U03L21QUE3MHPV0BzW4jiQsMdIGBLEDlGMaenWapPrj4w90yPkcoK9NQ6spWKLX8bCHynJyvvFWm98p0E0YcVVv1ukuDTtNrtShvhQ2%2F3Q08RqnfCPwgoHVkZt5t%2Fn73LwAAAP%2F%2FAQAA%2F%2F%2F4CBgFpgQAAA%3D%3D
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://zip.lu/?banned=1
Certificate
IssuerLet's Encrypt
Subjectravekeptarose.com
FingerprintA6:10:D9:7F:DD:57:D1:90:92:BE:55:3D:08:27:D6:54:A9:D2:F1:69
ValidityTue, 30 Apr 2024 15:35:21 GMT - Mon, 29 Jul 2024 15:35:20 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuuzm9O%2BYGgBi%2BCDEFBxZ3t7pnpmTFIMMYNi2s2JgY%2FLlLdVTNbTnVXU9U1PTteogHJcQ5e4qnnmd2sH0vQP8AgswtBFsSdiyzogv%2BCQvAoPS6uvof3o5634KnnqU8n9pj4sPTo8ptqJKSky82aW33%2BXc%2B7UF0TiR1Wh%2B3gg6BxoaoHL3eCmvtC9QqP%2BmrZdz3X9VyvuiI076rhcglCpLsdr9Zxaw2%2F5jUbGOr%2FzsY6MNQBGxyTJyDYvLLvnIOIZkjiby5z089U%2BtLrsZU0UxoDtnMz6ScqTxCftl3toJvsnGxDmcOVB1DJ9oIu1OCfxVDMifPwAcJk54QkwsHWgmcowROE7P%2FIBzNwOYOgM0TqNgQ7JEDEcHUdSXzvqtI53fwbpSU6J5VHf0Dkc1L59RyS%2BP4lKYbVG0raTKjEYNgtIIYziN4Mqd1DNjoDke8hyj6BYD%2BS5UdrSOKtdSMVBDt6lnLXo26zteQ263Sp4bveUqcdsCXWabQ5rzM3CuhCICFmEN0ZJB%2BDmjOwxoEVDmzXgU0dxOyoGnme13JZRN12J4rqrMXDgLkebXU96rlBGzYq3zBGlo4RyTEifQup%2FvgLVm%2Fxehg1JiH6Ygxtv4fZKGCYA5MRDFiBnBPkhiCnBLkgyDOCfFBsM2l8U9xj0tjQO6n%2BSa0XU5X1JnRbZT2eEFA9hmbFJD0mj5daOu%2Fve%2Bjzo6rX8lknaLt%2Bo9ls1nnbbfqUdkPuhSxoUK8OIwoIcwbUOBiJOWk%2F9QvS0t9%2BgZDuwcg9ROI8qPVA8wJ0o8Ao2c1Esmm1rMUqFGCqQJpVkG06E3lMnl64%2BcxPDfDo4OLDs6%2Bk05%2FPItIFUl3gQ7FP0JN3ptdVTrauq9yQb9fTTMRiREunb2Q04%2F%2F76g2%2BmSvNVi%2Bb8ZevRiVQtrtvc5Ot0YSJpGfI15cEY1yvKB1x8t2qeYeH16zZuGR1YtO1a6%2BtrMap5sYIlcxAxeH6n4jEnFSee3LxhR87fBFCz6BtgdgekJOAUHuI0lsw6cHFbPTblfvnPoJRBFqe7oSpg9wWU%2B2Hp4dSEEh%2BOtOwgPnXHJ72U03L21QUE3MHPV0BzW4jiQsMdIGBLEDlGMaenWapPrj4w90yPkcoK9NQ6spWKLX8bCHynJyvvFWm98p0E0YcVVv1ukuDTtNrtShvhQ2%2F3Q08RqnfCPwgoHVkZt5t%2Fn73LwAAAP%2F%2FAQAA%2F%2F%2F4CBgFpgQAAA%3D%3D HTTP/1.1
Host: ravekeptarose.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Cookie: u_pl=22725681; uid_id2=ae01a057-053a-4201-986d-d948ee3d0c6a:2:1; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec172d9680245553e8052aafbe1bd64a13=[2019380,2229329,2229337,2229333]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 May 2024 08:32:25 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e239ad156330d474a0be5f64483ef861
Strict-Transport-Security: max-age=0; includeSubdomains

ravekeptarose.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzWskRRytjnNaL34sXgQZFgUFM%2BnumemZcZHFdY0E42bddfHjItVdNZNyqruaqq7pSU6rC7LHOXhZTz1vko0fQfQPcJFJYJGgmLlIQPMfeFFYPEqPwdHf4fdR71fw6r36ZGxPiQ9LT668qbaFlHSlWXOrz7%2FreRer6yKxw%2BqwHXwQNC5W9eClTlBzX6i%2BzqO%2BWvFdz3U916uuCs27arhSghDpfserddxaw695zQaG%2Bv%2BzsQ4MdcAGp%2BQJCDarHDrnIaIpkvibK9z0M5W%2B%2BFpsJc2UxoDt3Uz6icoTxIu2qx10k72zbShzvHofKtmd04Ua%2FLsYihlxHtxHmOydkUQ42JnzDCV4gpA9inwwBZdTCDpFpG5DsGMCRAxXN5DE964qndOtf1BaojNSefgnRD4jld%2FOI4m%2FvizFsHpDSZsJlRgMuwXEcArRmyK1B8i2lyDyA0TZxxDsJ7LycB1JvLNhpIJgJ89S7nrUbbaW3WadLjd811vutAO2zDqNNud15kYBnQskxBSiO4XkI1CzBGscWOHAdh3Y1EHMTqqR53ktl0XUbXeiqM5aPAyY69FW16OeG7Rho%2FINI2TpCJEcIdK3kOqPPmf1Fq%2BHUWMcoi9G0PZ7mM0ChjkwGcGAFcg5QW4IckqQC4I8I8gHxS6TxjfFPSaNDb2z6p%2FVejFRWW9Md1XW4wkB1SNoVozTU%2FJ4qaXz%2FqGHPj%2Bpei2fdYK26zeazWadt92mT2k35F7Iggb16jCigDBLoMbBtpiR9lO%2FIi397RcI6QGMPEAkLoBaDzQvQDcLbCf7mUi2rJa1WIUCTBVIswqyLWcsT8nTczcvVN4Cj44uPTj3cjr55RwiXSDVBT4UhwQ9eWdyXeVk57rKDfl2I81ELLZp6fSNjGb8kS%2Ff4Fu50mztihl98UpUAmW7%2FzY32TpNmEh6hnx1WTDG9arSESffrZl3eHjNms3LVic2Xb%2F26upanGpujFDJFFQcb%2FyFSMxI5bkn51%2F4sR9%2Fh9BTaFsgtkfkLCDUAaL0Fky6YG8UgZaLnTBdQm6LifbDxaEUBJIvZhoWMP%2BZw0U%2F0bS8TUUxNnfQ0xXQ7DaSuMBAFxjIAlSOYOy5SZbqo0s%2F3C3jM4SyMgmlruyEUstPZ%2BSZnxtzpcv0XpluwoiTaqted2nQaXqtFuWtsOG3u4HHKPUbgR8EtI7MzLrNP%2B7%2BDQAA%2F%2F8BAAD%2F%2F6Pmi3umBAAA

192.243.59.13

200 OK

7 B

URL GET HTTP/1.1
ravekeptarose.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzWskRRytjnNaL34sXgQZFgUFM%2BnumemZcZHFdY0E42bddfHjItVdNZNyqruaqq7pSU6rC7LHOXhZTz1vko0fQfQPcJFJYJGgmLlIQPMfeFFYPEqPwdHf4fdR71fw6r36ZGxPiQ9LT668qbaFlHSlWXOrz7%2FreRer6yKxw%2BqwHXwQNC5W9eClTlBzX6i%2BzqO%2BWvFdz3U916uuCs27arhSghDpfserddxaw695zQaG%2Bv%2BzsQ4MdcAGp%2BQJCDarHDrnIaIpkvibK9z0M5W%2B%2BFpsJc2UxoDt3Uz6icoTxIu2qx10k72zbShzvHofKtmd04Ua%2FLsYihlxHtxHmOydkUQ42JnzDCV4gpA9inwwBZdTCDpFpG5DsGMCRAxXN5DE964qndOtf1BaojNSefgnRD4jld%2FOI4m%2FvizFsHpDSZsJlRgMuwXEcArRmyK1B8i2lyDyA0TZxxDsJ7LycB1JvLNhpIJgJ89S7nrUbbaW3WadLjd811vutAO2zDqNNud15kYBnQskxBSiO4XkI1CzBGscWOHAdh3Y1EHMTqqR53ktl0XUbXeiqM5aPAyY69FW16OeG7Rho%2FINI2TpCJEcIdK3kOqPPmf1Fq%2BHUWMcoi9G0PZ7mM0ChjkwGcGAFcg5QW4IckqQC4I8I8gHxS6TxjfFPSaNDb2z6p%2FVejFRWW9Md1XW4wkB1SNoVozTU%2FJ4qaXz%2FqGHPj%2Bpei2fdYK26zeazWadt92mT2k35F7Iggb16jCigDBLoMbBtpiR9lO%2FIi397RcI6QGMPEAkLoBaDzQvQDcLbCf7mUi2rJa1WIUCTBVIswqyLWcsT8nTczcvVN4Cj44uPTj3cjr55RwiXSDVBT4UhwQ9eWdyXeVk57rKDfl2I81ELLZp6fSNjGb8kS%2Ff4Fu50mztihl98UpUAmW7%2FzY32TpNmEh6hnx1WTDG9arSESffrZl3eHjNms3LVic2Xb%2F26upanGpujFDJFFQcb%2FyFSMxI5bkn51%2F4sR9%2Fh9BTaFsgtkfkLCDUAaL0Fky6YG8UgZaLnTBdQm6LifbDxaEUBJIvZhoWMP%2BZw0U%2F0bS8TUUxNnfQ0xXQ7DaSuMBAFxjIAlSOYOy5SZbqo0s%2F3C3jM4SyMgmlruyEUstPZ%2BSZnxtzpcv0XpluwoiTaqted2nQaXqtFuWtsOG3u4HHKPUbgR8EtI7MzLrNP%2B7%2BDQAA%2F%2F8BAAD%2F%2F6Pmi3umBAAA
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://zip.lu/?banned=1
Certificate
IssuerLet's Encrypt
Subjectravekeptarose.com
FingerprintA6:10:D9:7F:DD:57:D1:90:92:BE:55:3D:08:27:D6:54:A9:D2:F1:69
ValidityTue, 30 Apr 2024 15:35:21 GMT - Mon, 29 Jul 2024 15:35:20 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSzWskRRytjnNaL34sXgQZFgUFM%2BnumemZcZHFdY0E42bddfHjItVdNZNyqruaqq7pSU6rC7LHOXhZTz1vko0fQfQPcJFJYJGgmLlIQPMfeFFYPEqPwdHf4fdR71fw6r36ZGxPiQ9LT668qbaFlHSlWXOrz7%2FreRer6yKxw%2BqwHXwQNC5W9eClTlBzX6i%2BzqO%2BWvFdz3U916uuCs27arhSghDpfserddxaw695zQaG%2Bv%2BzsQ4MdcAGp%2BQJCDarHDrnIaIpkvibK9z0M5W%2B%2BFpsJc2UxoDt3Uz6icoTxIu2qx10k72zbShzvHofKtmd04Ua%2FLsYihlxHtxHmOydkUQ42JnzDCV4gpA9inwwBZdTCDpFpG5DsGMCRAxXN5DE964qndOtf1BaojNSefgnRD4jld%2FOI4m%2FvizFsHpDSZsJlRgMuwXEcArRmyK1B8i2lyDyA0TZxxDsJ7LycB1JvLNhpIJgJ89S7nrUbbaW3WadLjd811vutAO2zDqNNud15kYBnQskxBSiO4XkI1CzBGscWOHAdh3Y1EHMTqqR53ktl0XUbXeiqM5aPAyY69FW16OeG7Rho%2FINI2TpCJEcIdK3kOqPPmf1Fq%2BHUWMcoi9G0PZ7mM0ChjkwGcGAFcg5QW4IckqQC4I8I8gHxS6TxjfFPSaNDb2z6p%2FVejFRWW9Md1XW4wkB1SNoVozTU%2FJ4qaXz%2FqGHPj%2Bpei2fdYK26zeazWadt92mT2k35F7Iggb16jCigDBLoMbBtpiR9lO%2FIi397RcI6QGMPEAkLoBaDzQvQDcLbCf7mUi2rJa1WIUCTBVIswqyLWcsT8nTczcvVN4Cj44uPTj3cjr55RwiXSDVBT4UhwQ9eWdyXeVk57rKDfl2I81ELLZp6fSNjGb8kS%2Ff4Fu50mztihl98UpUAmW7%2FzY32TpNmEh6hnx1WTDG9arSESffrZl3eHjNms3LVic2Xb%2F26upanGpujFDJFFQcb%2FyFSMxI5bkn51%2F4sR9%2Fh9BTaFsgtkfkLCDUAaL0Fky6YG8UgZaLnTBdQm6LifbDxaEUBJIvZhoWMP%2BZw0U%2F0bS8TUUxNnfQ0xXQ7DaSuMBAFxjIAlSOYOy5SZbqo0s%2F3C3jM4SyMgmlruyEUstPZ%2BSZnxtzpcv0XpluwoiTaqted2nQaXqtFuWtsOG3u4HHKPUbgR8EtI7MzLrNP%2B7%2BDQAA%2F%2F8BAAD%2F%2F6Pmi3umBAAA HTTP/1.1
Host: ravekeptarose.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Cookie: u_pl=22725681; uid_id2=ae01a057-053a-4201-986d-d948ee3d0c6a:2:1; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec172d9680245553e8052aafbe1bd64a13=[2019380,2229329,2229337,2229333]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 May 2024 08:32:25 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9e7dc5eb83462555692c7b699990e161
Strict-Transport-Security: max-age=0; includeSubdomains

cdn.cloudimagesb.com/cti/f7/13/0e/f7130e7f47db248dc886c97a1e4c3e2b/1588233482.jpg

45.133.44.10

200 OK

32 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/f7/13/0e/f7130e7f47db248dc886c97a1e4c3e2b/1588233482.jpg
IP
45.133.44.10:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://zip.lu/?banned=1
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 321x240, components 3
Size
32 kB (32471 bytes)
Hash
3528385dd0c31dbd2e5bfc4af7a6bec5
832c580ffd7711115d6c036ab4232f5bd88480a4
bfbfeebfcb679ca578055235614cc679b0757bad272996ef89b7fd5615a2db75

HTTP Headers

GET /cti/f7/13/0e/f7130e7f47db248dc886c97a1e4c3e2b/1588233482.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 08:32:25 GMT
content-type: image/jpeg
content-length: 32471
server: nginx/1.21.6
last-modified: Thu, 30 Apr 2020 07:58:05 GMT
etag: "5eaa850d-7ed7"
expires: Mon, 06 May 2024 08:32:25 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/cti/d7/14/ea/d714ea0356c58a2679ce4074962c0e16/1588233398.jpeg

45.133.44.10

200 OK

23 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/d7/14/ea/d714ea0356c58a2679ce4074962c0e16/1588233398.jpeg
IP
45.133.44.10:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://zip.lu/?banned=1
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 320x240, components 3
Size
23 kB (22757 bytes)
Hash
9a2dc4fe2ebb70df2dfb1566d22970b8
b85a5f4ef7bd68b834d03d8b9a552e2e546e8701
1983c705f5f4315c8cd002183eb9ed3c846abed8fc2a6f0a073185c249552efd

HTTP Headers

GET /cti/d7/14/ea/d714ea0356c58a2679ce4074962c0e16/1588233398.jpeg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 08:32:25 GMT
content-type: image/jpeg
content-length: 22757
server: nginx/1.21.6
last-modified: Thu, 30 Apr 2020 07:56:41 GMT
etag: "5eaa84b9-58e5"
expires: Mon, 06 May 2024 08:32:25 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/cti/d6/e8/37/d6e83777d7311d26f1ac5b2b62a81218/1588233535.jpg

45.133.44.10

200 OK

28 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/d6/e8/37/d6e83777d7311d26f1ac5b2b62a81218/1588233535.jpg
IP
45.133.44.10:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://zip.lu/?banned=1
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 320x240, components 3
Size
28 kB (27832 bytes)
Hash
1dcde64d47d24d151a1433ecf4403dd7
443d6704b5a294e000084d7a8ac823e526093928
d11bcd65a82589c2c31d6fd87cb16ec673dd5640462ad3d20ff53e014a435376

HTTP Headers

GET /cti/d6/e8/37/d6e83777d7311d26f1ac5b2b62a81218/1588233535.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 08:32:25 GMT
content-type: image/jpeg
content-length: 27832
server: nginx/1.21.6
last-modified: Thu, 30 Apr 2020 07:58:58 GMT
etag: "5eaa8542-6cb8"
expires: Mon, 06 May 2024 08:32:25 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/cti/5e/78/a9/5e78a94057ff65f06ec19e727c7be04f/1588233511.jpg

45.133.44.10

200 OK

24 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/5e/78/a9/5e78a94057ff65f06ec19e727c7be04f/1588233511.jpg
IP
45.133.44.10:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://zip.lu/?banned=1
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 320x240, components 3
Size
24 kB (24518 bytes)
Hash
d71c872fb9f50bd9383abc0721d1d51e
1f69b40ef2f95798b4e0fd738d630ad4319cd739
6b4a622b9de1ffab8fe905fc8c4633994c732476664b5190ceedd62a3795ab08

HTTP Headers

GET /cti/5e/78/a9/5e78a94057ff65f06ec19e727c7be04f/1588233511.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 08:32:25 GMT
content-type: image/jpeg
content-length: 24518
server: nginx/1.21.6
last-modified: Thu, 30 Apr 2020 07:58:34 GMT
etag: "5eaa852a-5fc6"
expires: Mon, 06 May 2024 08:32:25 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png

45.133.44.10

200 OK

144 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png
IP
45.133.44.10:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://zip.lu/?banned=1
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced
Size
144 kB (144379 bytes)
Hash
33c304429dc1a4408a96e6a74ffa2feb
c45fa8e65528d1bb2b46bf8a28af9eeaa1903d04
dbed482e5948ead5587d30a22306a5b611305f704de940bd22c76daf90e0a314

HTTP Headers

GET /cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 08:32:25 GMT
content-type: image/png
content-length: 144379
server: nginx/1.21.6
last-modified: Wed, 27 Jul 2022 11:07:21 GMT
etag: "62e11c69-233fb"
expires: Mon, 06 May 2024 08:32:25 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/cti/43/ff/51/43ff51c07da75eaedd548042d5154cfe/1658930770.jpg

45.133.44.10

200 OK

25 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/43/ff/51/43ff51c07da75eaedd548042d5154cfe/1658930770.jpg
IP
45.133.44.10:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://zip.lu/?banned=1
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
JPEG image data, baseline, precision 8, 320x50, components 3
Size
25 kB (24714 bytes)
Hash
d465d02b90e928dfd9d9846e102a9dac
22f7333777bec813bd9a7b870913a2b79b6d2fe4
e393d4f1c6b5d4973e157f0f10764b92037dc18239500f42b72bed8ecef462fd

HTTP Headers

GET /cti/43/ff/51/43ff51c07da75eaedd548042d5154cfe/1658930770.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 08:32:25 GMT
content-type: image/jpeg
content-length: 24714
server: nginx/1.21.6
last-modified: Wed, 27 Jul 2022 14:06:18 GMT
etag: "62e1465a-608a"
expires: Mon, 06 May 2024 08:32:25 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

ravekeptarose.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzWskxRuu3t%2Bc8rv4sXgRZFgUFMyku2emZ8ZFFmOMBONm3XXx4yLVXTWTcqq7mqqu6UlOqwuyxzl4WU89zyQbP4LoH%2BAik8AiQTFzkYDmT%2FCgsHiUzgZH30O%2F79vPU%2FDU89QnY3tKfFh6svKm2hZS0qVmza0%2B%2F67nXa6ui8QOq8N28EHQuFzVg5c6Qc19ofo6j%2FpqyXc91%2FVcr7oqNO%2Bq4VIJQqT7Ha%2FWcWsNv%2BY1Gxjq%2F%2B7GOjDUARuckicg2Kxy6FyEiKZI4m9WuOlnKn3xtdhKmimNAdu7mfQTlSeI52NXO%2Bgme%2BdsKHO8eh8q2T2TCzX4hxiKGXEe3EeY7J2LRDjYOdMZSvAEIfs%2F8sEUXE4h6BSRug3BjgkQMVzdQBLfu6p0TrceobREZ6Ty8E%2BIfEYqv11EEn%2B9LMWwekNJmwmVGAy7BcRwCtGbIrUHyLYvQOQHiLKPIdhPZOnhOpJ4Z8NIBcFOnqXc9ajbbC26zTpdbPiut9hpB2yRdRptzuvMjQJ6ZpAQU4juFJKPQM0FWOPACge268CmDmJ2Uo08z2u5LKJuuxNFddbiYcBcj7a6HvXcoA0blXcYIUtHiOQIkb6FVH%2F0Oau3eD2MGuMQfTGCtt%2FDbBYwzIHJCAasQM4JckOQU4JcEOQZQT4odpk0vinuMWls6J13%2F7zXi4nKemO6q7IeTwioHkGzYpyeksdLL533Dz30%2BUnVa%2FmsE7Rdv9FsNuu87TZ9Srsh90IWNKhXhxEFhLkAahxsixlpP%2FUr0jLffoGQHsDIA0TiEqj1QPMCdLPAdrKfiWTLalmLVSjAVIE0qyDbcsbylDx9lualyk3w6OjKg4WX08kvC4h0gVQX%2BFAcEvTkncl1lZOd6yo35NuNNBOx2KZl0jcymvH%2FffkG38qVZmsrZvTFK1EJlOP%2B29xk6zRhIukZ8tWyYIzrVaUjTr5bM%2B%2Fw8Jo1m8tWJzZdv%2Fbq6lqcam6MUMkUVBxv%2FIVIzEjluSfPnvBjP%2F4OoafQtkBsj8h5QagDROktmHSu3igCLeecMK0gt8VE%2B%2BH8pxQEks93GhYw%2F9rD%2BTzRtDxNRTE2d9DTFdDsNpK4wEAXGMgCVI5g7MIkS%2FXRlR%2FulvUZQlmZhFJXdkKp5acz8szPjdLpt8rPe488N%2BKk2qrXXRp0ml6rRXkrbPjtbuAxSv1G4AcBrSMzs27zj7t%2FAwAA%2F%2F8BAAD%2F%2FzVVUgymBAAA

192.243.59.13

200 OK

7 B

URL GET HTTP/1.1
ravekeptarose.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzWskxRuu3t%2Bc8rv4sXgRZFgUFMyku2emZ8ZFFmOMBONm3XXx4yLVXTWTcqq7mqqu6UlOqwuyxzl4WU89zyQbP4LoH%2BAik8AiQTFzkYDmT%2FCgsHiUzgZH30O%2F79vPU%2FDU89QnY3tKfFh6svKm2hZS0qVmza0%2B%2F67nXa6ui8QOq8N28EHQuFzVg5c6Qc19ofo6j%2FpqyXc91%2FVcr7oqNO%2Bq4VIJQqT7Ha%2FWcWsNv%2BY1Gxjq%2F%2B7GOjDUARuckicg2Kxy6FyEiKZI4m9WuOlnKn3xtdhKmimNAdu7mfQTlSeI52NXO%2Bgme%2BdsKHO8eh8q2T2TCzX4hxiKGXEe3EeY7J2LRDjYOdMZSvAEIfs%2F8sEUXE4h6BSRug3BjgkQMVzdQBLfu6p0TrceobREZ6Ty8E%2BIfEYqv11EEn%2B9LMWwekNJmwmVGAy7BcRwCtGbIrUHyLYvQOQHiLKPIdhPZOnhOpJ4Z8NIBcFOnqXc9ajbbC26zTpdbPiut9hpB2yRdRptzuvMjQJ6ZpAQU4juFJKPQM0FWOPACge268CmDmJ2Uo08z2u5LKJuuxNFddbiYcBcj7a6HvXcoA0blXcYIUtHiOQIkb6FVH%2F0Oau3eD2MGuMQfTGCtt%2FDbBYwzIHJCAasQM4JckOQU4JcEOQZQT4odpk0vinuMWls6J13%2F7zXi4nKemO6q7IeTwioHkGzYpyeksdLL533Dz30%2BUnVa%2FmsE7Rdv9FsNuu87TZ9Srsh90IWNKhXhxEFhLkAahxsixlpP%2FUr0jLffoGQHsDIA0TiEqj1QPMCdLPAdrKfiWTLalmLVSjAVIE0qyDbcsbylDx9lualyk3w6OjKg4WX08kvC4h0gVQX%2BFAcEvTkncl1lZOd6yo35NuNNBOx2KZl0jcymvH%2FffkG38qVZmsrZvTFK1EJlOP%2B29xk6zRhIukZ8tWyYIzrVaUjTr5bM%2B%2Fw8Jo1m8tWJzZdv%2Fbq6lqcam6MUMkUVBxv%2FIVIzEjluSfPnvBjP%2F4OoafQtkBsj8h5QagDROktmHSu3igCLeecMK0gt8VE%2B%2BH8pxQEks93GhYw%2F9rD%2BTzRtDxNRTE2d9DTFdDsNpK4wEAXGMgCVI5g7MIkS%2FXRlR%2FulvUZQlmZhFJXdkKp5acz8szPjdLpt8rPe488N%2BKk2qrXXRp0ml6rRXkrbPjtbuAxSv1G4AcBrSMzs27zj7t%2FAwAA%2F%2F8BAAD%2F%2FzVVUgymBAAA
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://zip.lu/?banned=1
Certificate
IssuerLet's Encrypt
Subjectravekeptarose.com
FingerprintA6:10:D9:7F:DD:57:D1:90:92:BE:55:3D:08:27:D6:54:A9:D2:F1:69
ValidityTue, 30 Apr 2024 15:35:21 GMT - Mon, 29 Jul 2024 15:35:20 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSzWskxRuu3t%2Bc8rv4sXgRZFgUFMyku2emZ8ZFFmOMBONm3XXx4yLVXTWTcqq7mqqu6UlOqwuyxzl4WU89zyQbP4LoH%2BAik8AiQTFzkYDmT%2FCgsHiUzgZH30O%2F79vPU%2FDU89QnY3tKfFh6svKm2hZS0qVmza0%2B%2F67nXa6ui8QOq8N28EHQuFzVg5c6Qc19ofo6j%2FpqyXc91%2FVcr7oqNO%2Bq4VIJQqT7Ha%2FWcWsNv%2BY1Gxjq%2F%2B7GOjDUARuckicg2Kxy6FyEiKZI4m9WuOlnKn3xtdhKmimNAdu7mfQTlSeI52NXO%2Bgme%2BdsKHO8eh8q2T2TCzX4hxiKGXEe3EeY7J2LRDjYOdMZSvAEIfs%2F8sEUXE4h6BSRug3BjgkQMVzdQBLfu6p0TrceobREZ6Ty8E%2BIfEYqv11EEn%2B9LMWwekNJmwmVGAy7BcRwCtGbIrUHyLYvQOQHiLKPIdhPZOnhOpJ4Z8NIBcFOnqXc9ajbbC26zTpdbPiut9hpB2yRdRptzuvMjQJ6ZpAQU4juFJKPQM0FWOPACge268CmDmJ2Uo08z2u5LKJuuxNFddbiYcBcj7a6HvXcoA0blXcYIUtHiOQIkb6FVH%2F0Oau3eD2MGuMQfTGCtt%2FDbBYwzIHJCAasQM4JckOQU4JcEOQZQT4odpk0vinuMWls6J13%2F7zXi4nKemO6q7IeTwioHkGzYpyeksdLL533Dz30%2BUnVa%2FmsE7Rdv9FsNuu87TZ9Srsh90IWNKhXhxEFhLkAahxsixlpP%2FUr0jLffoGQHsDIA0TiEqj1QPMCdLPAdrKfiWTLalmLVSjAVIE0qyDbcsbylDx9lualyk3w6OjKg4WX08kvC4h0gVQX%2BFAcEvTkncl1lZOd6yo35NuNNBOx2KZl0jcymvH%2FffkG38qVZmsrZvTFK1EJlOP%2B29xk6zRhIukZ8tWyYIzrVaUjTr5bM%2B%2Fw8Jo1m8tWJzZdv%2Fbq6lqcam6MUMkUVBxv%2FIVIzEjluSfPnvBjP%2F4OoafQtkBsj8h5QagDROktmHSu3igCLeecMK0gt8VE%2B%2BH8pxQEks93GhYw%2F9rD%2BTzRtDxNRTE2d9DTFdDsNpK4wEAXGMgCVI5g7MIkS%2FXRlR%2FulvUZQlmZhFJXdkKp5acz8szPjdLpt8rPe488N%2BKk2qrXXRp0ml6rRXkrbPjtbuAxSv1G4AcBrSMzs27zj7t%2FAwAA%2F%2F8BAAD%2F%2FzVVUgymBAAA HTTP/1.1
Host: ravekeptarose.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Cookie: u_pl=22725681; uid_id2=ae01a057-053a-4201-986d-d948ee3d0c6a:2:1; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec172d9680245553e8052aafbe1bd64a13=[2019380,2229329,2229337,2229333]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 May 2024 08:32:26 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4f2d8f16025b8c88f70d4e80ff206cec
Strict-Transport-Security: max-age=0; includeSubdomains

ravekeptarose.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scxR%2BtTuaU7%2BWrBi%2BCDEFBwZ3t7pnpmTFIMK4ri2s2JgZ%2FXKS6q2a2nOqupqprenZP0YDkOAcv8dTzZjfrj0X0DzDI7EKQRXHnIgu6%2F4KgEDxKj4ujn0N%2FPp9%2Br%2BDVe%2FXx2J4SH5aerLyhtoWUdLlZc6vPveN5l6vrIrHD6rAdvB80Llf14MVOUHOfr77Go75a9l3PdT3Xq64KzbtquFyCEOl%2Bx6t13FrDr3nNBob6v7uxDgx1wAan5HEINqscOhchoimS%2BOsVbvqZSl94NbaSZkpjwPZuJf1E5QnixdjVDrrJ3hkbyhyvPoBKdudyoQb%2FEEMxI87DBwiTvTORCAc7c52hBE8Qsv8hH0zB5RSCThGpOxDsmAARw7UNJPH9a0rndOtvlJbojFQe%2FQGRz0jl14tI4q%2BuSjGs3lTSZkIlBsNuATGcQvSmSO0Bsu1zEPkBouwjCPYjWX60jiTe2TBSQbCTZyh3Peo2W0tus06XGr7rLXXaAVtinUab8zpzo4DODRJiCtGdQvIRqDkHaxxY4cB2HdjUQcxOqpHneS2XRdRtd6Kozlo8DJjr0VbXo54btGGj8g4jZOkIkRwh0reR6g8%2FY%2FUWr4dRYxyiL0bQ9juYzQKGOTAZwYAVyDlBbghySpALgjwjyAfFLpPGN8V9Jo0NvbPun%2FV6MVFZb0x3VdbjCQHVI2hWjNNT8ljppfPeoYc%2BP6l6LZ91grbrN5rNZp233aZPaTfkXsiCBvXqMKKAMOdAjYNtMSPtJ39BWubbLxDSAxh5gEhcArUeaF6AbhbYTvYzkWxZLWuxCgWYKpBmFWRbzliekqfmaV6qvAseHV15eOGldPLzBUS6QKoLfCAOCXry7uSGysnODZUb8s1GmolYbNMy6ZsZzfj5L17nW7nSbG3FjD5%2FOSqBctx%2Fi5tsnSZMJD1DvrwqGON6VemIk2%2FXzNs8vG7N5lWrE5uuX39ldS1ONTdGqGQKKo43%2FkQkZqTy7BPzJ%2Fz%2FH36D0FNoWyC2R%2BSsINQBovQ2TLpQbxSBlgtOmJ5HbouJ9sPFTykIJF%2FsNCxg%2FrWHi3miaXmaimJs7qKnK6DZHSRxgYEuMJAFqBzB2AuTLNVHV76%2FV9anCGVlEkpd2Qmllp%2FMyNM%2FNUqn35zbXX5uwYiTaqted2nQaXqtFuWtsOG3u4HHKPUbgR8EtI7MzLrN3%2B%2F9BQAA%2F%2F8BAAD%2F%2F%2FwmEbCmBAAA

192.243.59.13

200 OK

7 B

URL GET HTTP/1.1
ravekeptarose.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scxR%2BtTuaU7%2BWrBi%2BCDEFBwZ3t7pnpmTFIMK4ri2s2JgZ%2FXKS6q2a2nOqupqprenZP0YDkOAcv8dTzZjfrj0X0DzDI7EKQRXHnIgu6%2F4KgEDxKj4ujn0N%2FPp9%2Br%2BDVe%2FXx2J4SH5aerLyhtoWUdLlZc6vPveN5l6vrIrHD6rAdvB80Llf14MVOUHOfr77Go75a9l3PdT3Xq64KzbtquFyCEOl%2Bx6t13FrDr3nNBob6v7uxDgx1wAan5HEINqscOhchoimS%2BOsVbvqZSl94NbaSZkpjwPZuJf1E5QnixdjVDrrJ3hkbyhyvPoBKdudyoQb%2FEEMxI87DBwiTvTORCAc7c52hBE8Qsv8hH0zB5RSCThGpOxDsmAARw7UNJPH9a0rndOtvlJbojFQe%2FQGRz0jl14tI4q%2BuSjGs3lTSZkIlBsNuATGcQvSmSO0Bsu1zEPkBouwjCPYjWX60jiTe2TBSQbCTZyh3Peo2W0tus06XGr7rLXXaAVtinUab8zpzo4DODRJiCtGdQvIRqDkHaxxY4cB2HdjUQcxOqpHneS2XRdRtd6Kozlo8DJjr0VbXo54btGGj8g4jZOkIkRwh0reR6g8%2FY%2FUWr4dRYxyiL0bQ9juYzQKGOTAZwYAVyDlBbghySpALgjwjyAfFLpPGN8V9Jo0NvbPun%2FV6MVFZb0x3VdbjCQHVI2hWjNNT8ljppfPeoYc%2BP6l6LZ91grbrN5rNZp233aZPaTfkXsiCBvXqMKKAMOdAjYNtMSPtJ39BWubbLxDSAxh5gEhcArUeaF6AbhbYTvYzkWxZLWuxCgWYKpBmFWRbzliekqfmaV6qvAseHV15eOGldPLzBUS6QKoLfCAOCXry7uSGysnODZUb8s1GmolYbNMy6ZsZzfj5L17nW7nSbG3FjD5%2FOSqBctx%2Fi5tsnSZMJD1DvrwqGON6VemIk2%2FXzNs8vG7N5lWrE5uuX39ldS1ONTdGqGQKKo43%2FkQkZqTy7BPzJ%2Fz%2FH36D0FNoWyC2R%2BSsINQBovQ2TLpQbxSBlgtOmJ5HbouJ9sPFTykIJF%2FsNCxg%2FrWHi3miaXmaimJs7qKnK6DZHSRxgYEuMJAFqBzB2AuTLNVHV76%2FV9anCGVlEkpd2Qmllp%2FMyNM%2FNUqn35zbXX5uwYiTaqted2nQaXqtFuWtsOG3u4HHKPUbgR8EtI7MzLrN3%2B%2F9BQAA%2F%2F8BAAD%2F%2F%2FwmEbCmBAAA
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://zip.lu/?banned=1
Certificate
IssuerLet's Encrypt
Subjectravekeptarose.com
FingerprintA6:10:D9:7F:DD:57:D1:90:92:BE:55:3D:08:27:D6:54:A9:D2:F1:69
ValidityTue, 30 Apr 2024 15:35:21 GMT - Mon, 29 Jul 2024 15:35:20 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scxR%2BtTuaU7%2BWrBi%2BCDEFBwZ3t7pnpmTFIMK4ri2s2JgZ%2FXKS6q2a2nOqupqprenZP0YDkOAcv8dTzZjfrj0X0DzDI7EKQRXHnIgu6%2F4KgEDxKj4ujn0N%2FPp9%2Br%2BDVe%2FXx2J4SH5aerLyhtoWUdLlZc6vPveN5l6vrIrHD6rAdvB80Llf14MVOUHOfr77Go75a9l3PdT3Xq64KzbtquFyCEOl%2Bx6t13FrDr3nNBob6v7uxDgx1wAan5HEINqscOhchoimS%2BOsVbvqZSl94NbaSZkpjwPZuJf1E5QnixdjVDrrJ3hkbyhyvPoBKdudyoQb%2FEEMxI87DBwiTvTORCAc7c52hBE8Qsv8hH0zB5RSCThGpOxDsmAARw7UNJPH9a0rndOtvlJbojFQe%2FQGRz0jl14tI4q%2BuSjGs3lTSZkIlBsNuATGcQvSmSO0Bsu1zEPkBouwjCPYjWX60jiTe2TBSQbCTZyh3Peo2W0tus06XGr7rLXXaAVtinUab8zpzo4DODRJiCtGdQvIRqDkHaxxY4cB2HdjUQcxOqpHneS2XRdRtd6Kozlo8DJjr0VbXo54btGGj8g4jZOkIkRwh0reR6g8%2FY%2FUWr4dRYxyiL0bQ9juYzQKGOTAZwYAVyDlBbghySpALgjwjyAfFLpPGN8V9Jo0NvbPun%2FV6MVFZb0x3VdbjCQHVI2hWjNNT8ljppfPeoYc%2BP6l6LZ91grbrN5rNZp233aZPaTfkXsiCBvXqMKKAMOdAjYNtMSPtJ39BWubbLxDSAxh5gEhcArUeaF6AbhbYTvYzkWxZLWuxCgWYKpBmFWRbzliekqfmaV6qvAseHV15eOGldPLzBUS6QKoLfCAOCXry7uSGysnODZUb8s1GmolYbNMy6ZsZzfj5L17nW7nSbG3FjD5%2FOSqBctx%2Fi5tsnSZMJD1DvrwqGON6VemIk2%2FXzNs8vG7N5lWrE5uuX39ldS1ONTdGqGQKKo43%2FkQkZqTy7BPzJ%2Fz%2FH36D0FNoWyC2R%2BSsINQBovQ2TLpQbxSBlgtOmJ5HbouJ9sPFTykIJF%2FsNCxg%2FrWHi3miaXmaimJs7qKnK6DZHSRxgYEuMJAFqBzB2AuTLNVHV76%2FV9anCGVlEkpd2Qmllp%2FMyNM%2FNUqn35zbXX5uwYiTaqted2nQaXqtFuWtsOG3u4HHKPUbgR8EtI7MzLrN3%2B%2F9BQAA%2F%2F8BAAD%2F%2F%2FwmEbCmBAAA HTTP/1.1
Host: ravekeptarose.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Cookie: u_pl=22725681; uid_id2=ae01a057-053a-4201-986d-d948ee3d0c6a:2:1; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec172d9680245553e8052aafbe1bd64a13=[2019380,2229329,2229337,2229333]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 May 2024 08:32:26 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0b0b947266e2c36535d0d670e6940299
Strict-Transport-Security: max-age=0; includeSubdomains

gluttonydressed.com/pixel/purst?dl=0&th=0&sc=0&rs=2536&rd=2536&fd=610&bv=24.5.6485&tmpl=136

172.240.127.234

200 OK

0 B

URL GET HTTP/1.1
gluttonydressed.com/pixel/purst?dl=0&th=0&sc=0&rs=2536&rd=2536&fd=610&bv=24.5.6485&tmpl=136
IP
172.240.127.234:443
ASN
#7979 SERVERS-COM

Requested by
https://zip.lu/?banned=1
Certificate
IssuerLet's Encrypt
Subjectgluttonydressed.com
Fingerprint1F:81:84:BF:32:51:26:A1:F6:72:64:E8:DD:A7:26:F2:BA:7E:D8:9B
ValidityMon, 29 Apr 2024 13:14:32 GMT - Sun, 28 Jul 2024 13:14:31 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/purst?dl=0&th=0&sc=0&rs=2536&rd=2536&fd=610&bv=24.5.6485&tmpl=136 HTTP/1.1
Host: gluttonydressed.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 08:32:26 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

ravekeptarose.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuuzm9O%2BYGgBi%2BCDEFBxd3tnpmeD4MEY9wQXLMxMfhxkfrqSTnVXU1V9%2FTseIkGJMc5eImnnmc2iR8h6B9gkNlAkAVx5yILuuC%2FoBA8So%2BLq%2B%2Fh%2FajnLXjqeerTaX5AGsjp%2Ftk3zVhpTdfCVb%2F%2B%2FLtBcKq%2BoZJ8VB912x%2B0W6fqdvhyr73qv1A%2FJ%2FnArDX8wPcDP6ivKysjM1qrQKj0bi9Y7fmrrcZqELYwsv%2BdXe7BUQ9ieECegBKL2gPvBBSfI4m%2FOSvdIDPpS6%2FHuaaZsRiKO1eSQWKKBPFRG1kPUXLncBvG7a3fh0luLenCDP9ZZGpBvIf3wZI7hyTBhttLnkxDJmDi%2FyiGc0g9h6JzcHMdSuwRgAtc2EQS375gbEG3%2FkZphS5I7dEfUMWC1H49gSS%2Bd0arUf2y0XmmTOIwikqo0RyqP0ea7yAbH4MqdsCzT6DEj2Tt0QaSeHvTaQMl9p%2Bl0g%2BoH3ZW%2FLBJV1oNP1jpddtiRfRaXSmbwudtuhRIqTlUNIeWE1B3DLnzkCsPeeQhTz3EYr%2FOgyDo%2BIJTv9vjvCk6krWFH9BOFNDAb3eR8%2BoNE2TpBFxPwO01pPbjL0SzI5uMt6YMAzWBzb%2BHu1rCCQ8uIxiKEoUkKBxBQQkKRVBkBMWwvCW0a7jyttAuZ8FhbRzWZjkzWX9Kb5msLxMCaiewopymB%2BTxSkvv%2FQcBBnK%2FHnQaotfu%2Bo1WGIZN2fXDBqURkwET7RYNmnCqhHLHQJ2HsVqQ7lO%2FIK38HZRgdAdO74Crk6B5AFqUoFdLjJO7mUq2cqtXY8MUhCmRZjVkW95UH5Cnl24%2B81MLku%2Befnj8lXT283FwWyK1JT5UDwj6%2BsbskinI9iVTOPLtZpqpWI1p5fTljGbyf1%2B9IbcKY8X5s27y5au8Aqr27tvSZRs0ESrpO%2FL1GSWEtOvGckm%2BO%2B%2Fekexi7q6eyW2SpxsXX1s%2FH6dWOqdMMgdVe5t%2FgqsFqT335PILP7b3IpSdw%2BYl4nyXHAaU2QFPr8Glu6ez8W%2Fn7p34CM4QWH20w1IPRV7ObIMdHWpFoOXRTFkJ96%2BZHfUzS6vbVJVTdwN9WwPNriOJSwxtiaEuQfUELj8%2By1K7e%2FqHm1V8DqZrM6ZtbZtpqz9birwgJ2tvVem9Kl2BU%2Fv1pi86TEayw2QrbEWSCxaGzOcRZ03R7XJkbhGFv9%2F8CwAA%2F%2F8BAAD%2F%2F3jcze2mBAAA

192.243.59.13

200 OK

7 B

URL GET HTTP/1.1
ravekeptarose.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuuzm9O%2BYGgBi%2BCDEFBxd3tnpmeD4MEY9wQXLMxMfhxkfrqSTnVXU1V9%2FTseIkGJMc5eImnnmc2iR8h6B9gkNlAkAVx5yILuuC%2FoBA8So%2BLq%2B%2Fh%2FajnLXjqeerTaX5AGsjp%2Ftk3zVhpTdfCVb%2F%2B%2FLtBcKq%2BoZJ8VB912x%2B0W6fqdvhyr73qv1A%2FJ%2FnArDX8wPcDP6ivKysjM1qrQKj0bi9Y7fmrrcZqELYwsv%2BdXe7BUQ9ieECegBKL2gPvBBSfI4m%2FOSvdIDPpS6%2FHuaaZsRiKO1eSQWKKBPFRG1kPUXLncBvG7a3fh0luLenCDP9ZZGpBvIf3wZI7hyTBhttLnkxDJmDi%2FyiGc0g9h6JzcHMdSuwRgAtc2EQS375gbEG3%2FkZphS5I7dEfUMWC1H49gSS%2Bd0arUf2y0XmmTOIwikqo0RyqP0ea7yAbH4MqdsCzT6DEj2Tt0QaSeHvTaQMl9p%2Bl0g%2BoH3ZW%2FLBJV1oNP1jpddtiRfRaXSmbwudtuhRIqTlUNIeWE1B3DLnzkCsPeeQhTz3EYr%2FOgyDo%2BIJTv9vjvCk6krWFH9BOFNDAb3eR8%2BoNE2TpBFxPwO01pPbjL0SzI5uMt6YMAzWBzb%2BHu1rCCQ8uIxiKEoUkKBxBQQkKRVBkBMWwvCW0a7jyttAuZ8FhbRzWZjkzWX9Kb5msLxMCaiewopymB%2BTxSkvv%2FQcBBnK%2FHnQaotfu%2Bo1WGIZN2fXDBqURkwET7RYNmnCqhHLHQJ2HsVqQ7lO%2FIK38HZRgdAdO74Crk6B5AFqUoFdLjJO7mUq2cqtXY8MUhCmRZjVkW95UH5Cnl24%2B81MLku%2Befnj8lXT283FwWyK1JT5UDwj6%2BsbskinI9iVTOPLtZpqpWI1p5fTljGbyf1%2B9IbcKY8X5s27y5au8Aqr27tvSZRs0ESrpO%2FL1GSWEtOvGckm%2BO%2B%2Fekexi7q6eyW2SpxsXX1s%2FH6dWOqdMMgdVe5t%2FgqsFqT335PILP7b3IpSdw%2BYl4nyXHAaU2QFPr8Glu6ez8W%2Fn7p34CM4QWH20w1IPRV7ObIMdHWpFoOXRTFkJ96%2BZHfUzS6vbVJVTdwN9WwPNriOJSwxtiaEuQfUELj8%2By1K7e%2FqHm1V8DqZrM6ZtbZtpqz9birwgJ2tvVem9Kl2BU%2Fv1pi86TEayw2QrbEWSCxaGzOcRZ03R7XJkbhGFv9%2F8CwAA%2F%2F8BAAD%2F%2F3jcze2mBAAA
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://zip.lu/?banned=1
Certificate
IssuerLet's Encrypt
Subjectravekeptarose.com
FingerprintA6:10:D9:7F:DD:57:D1:90:92:BE:55:3D:08:27:D6:54:A9:D2:F1:69
ValidityTue, 30 Apr 2024 15:35:21 GMT - Mon, 29 Jul 2024 15:35:20 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuuzm9O%2BYGgBi%2BCDEFBxd3tnpmeD4MEY9wQXLMxMfhxkfrqSTnVXU1V9%2FTseIkGJMc5eImnnmc2iR8h6B9gkNlAkAVx5yILuuC%2FoBA8So%2BLq%2B%2Fh%2FajnLXjqeerTaX5AGsjp%2Ftk3zVhpTdfCVb%2F%2B%2FLtBcKq%2BoZJ8VB912x%2B0W6fqdvhyr73qv1A%2FJ%2FnArDX8wPcDP6ivKysjM1qrQKj0bi9Y7fmrrcZqELYwsv%2BdXe7BUQ9ieECegBKL2gPvBBSfI4m%2FOSvdIDPpS6%2FHuaaZsRiKO1eSQWKKBPFRG1kPUXLncBvG7a3fh0luLenCDP9ZZGpBvIf3wZI7hyTBhttLnkxDJmDi%2FyiGc0g9h6JzcHMdSuwRgAtc2EQS375gbEG3%2FkZphS5I7dEfUMWC1H49gSS%2Bd0arUf2y0XmmTOIwikqo0RyqP0ea7yAbH4MqdsCzT6DEj2Tt0QaSeHvTaQMl9p%2Bl0g%2BoH3ZW%2FLBJV1oNP1jpddtiRfRaXSmbwudtuhRIqTlUNIeWE1B3DLnzkCsPeeQhTz3EYr%2FOgyDo%2BIJTv9vjvCk6krWFH9BOFNDAb3eR8%2BoNE2TpBFxPwO01pPbjL0SzI5uMt6YMAzWBzb%2BHu1rCCQ8uIxiKEoUkKBxBQQkKRVBkBMWwvCW0a7jyttAuZ8FhbRzWZjkzWX9Kb5msLxMCaiewopymB%2BTxSkvv%2FQcBBnK%2FHnQaotfu%2Bo1WGIZN2fXDBqURkwET7RYNmnCqhHLHQJ2HsVqQ7lO%2FIK38HZRgdAdO74Crk6B5AFqUoFdLjJO7mUq2cqtXY8MUhCmRZjVkW95UH5Cnl24%2B81MLku%2Befnj8lXT283FwWyK1JT5UDwj6%2BsbskinI9iVTOPLtZpqpWI1p5fTljGbyf1%2B9IbcKY8X5s27y5au8Aqr27tvSZRs0ESrpO%2FL1GSWEtOvGckm%2BO%2B%2Fekexi7q6eyW2SpxsXX1s%2FH6dWOqdMMgdVe5t%2FgqsFqT335PILP7b3IpSdw%2BYl4nyXHAaU2QFPr8Glu6ez8W%2Fn7p34CM4QWH20w1IPRV7ObIMdHWpFoOXRTFkJ96%2BZHfUzS6vbVJVTdwN9WwPNriOJSwxtiaEuQfUELj8%2By1K7e%2FqHm1V8DqZrM6ZtbZtpqz9birwgJ2tvVem9Kl2BU%2Fv1pi86TEayw2QrbEWSCxaGzOcRZ03R7XJkbhGFv9%2F8CwAA%2F%2F8BAAD%2F%2F3jcze2mBAAA HTTP/1.1
Host: ravekeptarose.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Cookie: u_pl=22725681; uid_id2=ae01a057-053a-4201-986d-d948ee3d0c6a:2:1; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec172d9680245553e8052aafbe1bd64a13=[2019380,2229329,2229337,2229333]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 May 2024 08:32:26 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b8d66492a0da2d6a7635dd03bcc6b957
Strict-Transport-Security: max-age=0; includeSubdomains

ravekeptarose.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSy4scRRyuXucULz6CF0GGoKDgznbPTM%2FDIMEYV4JrNiYGHxepV0%2FKqe5qqrqnZ%2FcUDUiOc%2FASTz3fbBIfQfQPMMhsIEhQzFxkQfc%2F8KIQPEqPi6O%2Fw%2B9R36%2Fgq%2B%2BrT6b5IWkipwdn3jS7Smu6ETb8%2BvPvBsHJ%2BpZK8nF93Ot80GmfrNvRS%2F1Ow3%2Bh%2FrrkQ7PR9APfD%2FygvqmsjMx4owKh0tv9oNH3G%2B1mIwjbGNv%2Fzy734KgHMTokT0CJRe2udxyKz5HE35yRbpiZ9MXX4lzTzFiMxK1LyTAxRYJ41UbWQ5TcOtqGcQ8278AkN5Z0YUb%2FLjK1IN69O2DJrSOSYKO9JU%2BmIRMw8SiK0RxSz6HoHNxchRIPCMAFzm0jiW%2BeM7agO%2F%2BgtEIXpPbwT6hiQWq%2FHUcSf31aq3H9otF5pkziMI5KqPEcajBHmu8j212DKvbBs4%2BhxE9k4%2BEWknhv22kDJQ6epdIPqB921%2F2wRdfbTT9Y7%2Fc6Yl302z0pW8LnHboUSKk5VDSHlhNQt4bceciVhzzykKceYnFQ50EQdH3Bqd%2Frc94SXck6wg9oNwpo4Hd6yHn1hgmydAKuJ%2BD2ClL70eei1ZUtxttThqGawObfw10u4YQHlxGMRIlCEhSOoKAEhSIoMoJiVN4Q2jVdeVNol7PgqDaPaqucmWwwpTdMNpAJAbUTWFFO00PyeKWl9%2F7dAEN5UA%2B6TdHv9PxmOwzDluz5YZPSiMmAiU6bBi04VUK5NVDnYVctSO%2BpX5FW%2Fg5LMLoPp%2FfB1QnQPAAtStDLJXaT25lKdnKrG7FhCsKUSLMash1vqg%2FJ00s3T9TeguT3T9079nI6%2B%2BUYuC2R2hIfqrsEA31tdsEUZO%2BCKRz5djvNVKx2aeX0xYxm8pEv35A7hbHi7Bk3%2BeIVXgFVe%2Ftt6bItmgiVDBz56rQSQtpNY7kk351170h2PneXT%2Bc2ydOt869uno1TK51TJpmDqgfbf4GrBak99%2BTyCz%2F24%2B9Qdg6bl4jz%2B%2BQooMw%2BeHoFLl2xd4bA6tUOS9dQ5OXMNtnqUCsCLVczZSXcf2a26meWVrepKqfuGga2BppdRRKXGNkSI12C6glcfmyWpfb%2BqR%2BuV%2FEZmK7NmLa1Paat%2FnRBnvm5vVS6Su9V6RKcOqi3fNFlMpJdJtthO5JcsDBkPo84a4lejyNziyj84%2FrfAAAA%2F%2F8BAAD%2F%2FyMyXpOmBAAA

192.243.59.13

200 OK

7 B

URL GET HTTP/1.1
ravekeptarose.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSy4scRRyuXucULz6CF0GGoKDgznbPTM%2FDIMEYV4JrNiYGHxepV0%2FKqe5qqrqnZ%2FcUDUiOc%2FASTz3fbBIfQfQPMMhsIEhQzFxkQfc%2F8KIQPEqPi6O%2Fw%2B9R36%2Fgq%2B%2BrT6b5IWkipwdn3jS7Smu6ETb8%2BvPvBsHJ%2BpZK8nF93Ot80GmfrNvRS%2F1Ow3%2Bh%2FrrkQ7PR9APfD%2FygvqmsjMx4owKh0tv9oNH3G%2B1mIwjbGNv%2Fzy734KgHMTokT0CJRe2udxyKz5HE35yRbpiZ9MXX4lzTzFiMxK1LyTAxRYJ41UbWQ5TcOtqGcQ8278AkN5Z0YUb%2FLjK1IN69O2DJrSOSYKO9JU%2BmIRMw8SiK0RxSz6HoHNxchRIPCMAFzm0jiW%2BeM7agO%2F%2BgtEIXpPbwT6hiQWq%2FHUcSf31aq3H9otF5pkziMI5KqPEcajBHmu8j212DKvbBs4%2BhxE9k4%2BEWknhv22kDJQ6epdIPqB921%2F2wRdfbTT9Y7%2Fc6Yl302z0pW8LnHboUSKk5VDSHlhNQt4bceciVhzzykKceYnFQ50EQdH3Bqd%2Frc94SXck6wg9oNwpo4Hd6yHn1hgmydAKuJ%2BD2ClL70eei1ZUtxttThqGawObfw10u4YQHlxGMRIlCEhSOoKAEhSIoMoJiVN4Q2jVdeVNol7PgqDaPaqucmWwwpTdMNpAJAbUTWFFO00PyeKWl9%2F7dAEN5UA%2B6TdHv9PxmOwzDluz5YZPSiMmAiU6bBi04VUK5NVDnYVctSO%2BpX5FW%2Fg5LMLoPp%2FfB1QnQPAAtStDLJXaT25lKdnKrG7FhCsKUSLMash1vqg%2FJ00s3T9TeguT3T9079nI6%2B%2BUYuC2R2hIfqrsEA31tdsEUZO%2BCKRz5djvNVKx2aeX0xYxm8pEv35A7hbHi7Bk3%2BeIVXgFVe%2Ftt6bItmgiVDBz56rQSQtpNY7kk351170h2PneXT%2Bc2ydOt869uno1TK51TJpmDqgfbf4GrBak99%2BTyCz%2F24%2B9Qdg6bl4jz%2B%2BQooMw%2BeHoFLl2xd4bA6tUOS9dQ5OXMNtnqUCsCLVczZSXcf2a26meWVrepKqfuGga2BppdRRKXGNkSI12C6glcfmyWpfb%2BqR%2BuV%2FEZmK7NmLa1Paat%2FnRBnvm5vVS6Su9V6RKcOqi3fNFlMpJdJtthO5JcsDBkPo84a4lejyNziyj84%2FrfAAAA%2F%2F8BAAD%2F%2FyMyXpOmBAAA
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://zip.lu/?banned=1
Certificate
IssuerLet's Encrypt
Subjectravekeptarose.com
FingerprintA6:10:D9:7F:DD:57:D1:90:92:BE:55:3D:08:27:D6:54:A9:D2:F1:69
ValidityTue, 30 Apr 2024 15:35:21 GMT - Mon, 29 Jul 2024 15:35:20 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSy4scRRyuXucULz6CF0GGoKDgznbPTM%2FDIMEYV4JrNiYGHxepV0%2FKqe5qqrqnZ%2FcUDUiOc%2FASTz3fbBIfQfQPMMhsIEhQzFxkQfc%2F8KIQPEqPi6O%2Fw%2B9R36%2Fgq%2B%2BrT6b5IWkipwdn3jS7Smu6ETb8%2BvPvBsHJ%2BpZK8nF93Ot80GmfrNvRS%2F1Ow3%2Bh%2FrrkQ7PR9APfD%2FygvqmsjMx4owKh0tv9oNH3G%2B1mIwjbGNv%2Fzy734KgHMTokT0CJRe2udxyKz5HE35yRbpiZ9MXX4lzTzFiMxK1LyTAxRYJ41UbWQ5TcOtqGcQ8278AkN5Z0YUb%2FLjK1IN69O2DJrSOSYKO9JU%2BmIRMw8SiK0RxSz6HoHNxchRIPCMAFzm0jiW%2BeM7agO%2F%2BgtEIXpPbwT6hiQWq%2FHUcSf31aq3H9otF5pkziMI5KqPEcajBHmu8j212DKvbBs4%2BhxE9k4%2BEWknhv22kDJQ6epdIPqB921%2F2wRdfbTT9Y7%2Fc6Yl302z0pW8LnHboUSKk5VDSHlhNQt4bceciVhzzykKceYnFQ50EQdH3Bqd%2Frc94SXck6wg9oNwpo4Hd6yHn1hgmydAKuJ%2BD2ClL70eei1ZUtxttThqGawObfw10u4YQHlxGMRIlCEhSOoKAEhSIoMoJiVN4Q2jVdeVNol7PgqDaPaqucmWwwpTdMNpAJAbUTWFFO00PyeKWl9%2F7dAEN5UA%2B6TdHv9PxmOwzDluz5YZPSiMmAiU6bBi04VUK5NVDnYVctSO%2BpX5FW%2Fg5LMLoPp%2FfB1QnQPAAtStDLJXaT25lKdnKrG7FhCsKUSLMash1vqg%2FJ00s3T9TeguT3T9079nI6%2B%2BUYuC2R2hIfqrsEA31tdsEUZO%2BCKRz5djvNVKx2aeX0xYxm8pEv35A7hbHi7Bk3%2BeIVXgFVe%2Ftt6bItmgiVDBz56rQSQtpNY7kk351170h2PneXT%2Bc2ydOt869uno1TK51TJpmDqgfbf4GrBak99%2BTyCz%2F24%2B9Qdg6bl4jz%2B%2BQooMw%2BeHoFLl2xd4bA6tUOS9dQ5OXMNtnqUCsCLVczZSXcf2a26meWVrepKqfuGga2BppdRRKXGNkSI12C6glcfmyWpfb%2BqR%2BuV%2FEZmK7NmLa1Paat%2FnRBnvm5vVS6Su9V6RKcOqi3fNFlMpJdJtthO5JcsDBkPo84a4lejyNziyj84%2FrfAAAA%2F%2F8BAAD%2F%2FyMyXpOmBAAA HTTP/1.1
Host: ravekeptarose.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Cookie: u_pl=22725681; uid_id2=ae01a057-053a-4201-986d-d948ee3d0c6a:2:1; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec172d9680245553e8052aafbe1bd64a13=[2019380,2229329,2229337,2229333]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 May 2024 08:32:26 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: fb9f4c79485a862d7e888561a12c101e
Strict-Transport-Security: max-age=0; includeSubdomains

ravekeptarose.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuuTuaU3%2BWnBi%2BCDEFBwZ3tnpmeD4MEY1wJrtmYGPy4SH31pJzqrqaqe3p2T9GA5DgHL%2FHU88wm8SOI%2FgEGmQ0ECYo7F1nQ%2FRcEheBRelwcfQ%2F9vm8%2FT8FTz1MfT%2FND0kROD869YXaU1nQ9bPj1594JgtP1TZXk4%2Fq413m%2F0z5dt6MX%2B52G%2F3z9NcmHZr3pB74f%2BEF9Q1kZmfF6BUKld%2FtBo%2B832s1GELYxtv%2FdXe7BUQ9idEgehxKL2n3vJBSfI4m%2FPifdMDPpC6%2FGuaaZsRiJO1eSYWKKBPFqjKyHKLlzxIZx%2Bxv3YJJbS7kwo3%2BITC2I9%2BAeWHLnSCTYaHepk2nIBEz8D8VoDqnnUHQObq5DiX0CcIELW0ji2xeMLej23yit0AWpPfoDqliQ2q8nkcRfndVqXL9sdJ4pkziMoxJqPIcazJHme8h2jkEVe%2BDZR1DiR7L%2BaBNJvLvltIESB89Q6QfUD7trftiia%2B2mH6z1ex2xJvrtnpQt4fMOXRqk1BwqmkPLCag7htx5yJWHPPKQpx5icVDnQRB0fcGp3%2Btz3hJdyTrCD2g3Cmjgd3rIeXWHCbJ0Aq4n4PYaUvvhZ6LVlS3G21OGoZrA5t%2FBXS3hhAeXEYxEiUISFI6goASFIigygmJU3hLaNV15W2iXs%2BCoN496q5yZbDClt0w2kAkBtRNYUU7TQ%2FJY5aX33v0AQ3lQD7pN0e%2F0%2FGY7DMOW7Plhk9KIyYCJTpsGLThVQrljoM7DjlqQ3pO%2FIK3yHZZgdA9O74GrU6B5AFqUoFdL7CR3M5Vs51Y3YsMUhCmRZjVk295UH5Knlmmeqr0LyR%2BeeXDipXT28wlwWyK1JT5Q9wkG%2BsbskinI7iVTOPLNVpqpWO3QKunLGc3k8S9el9uFseL8OTf5%2FGVeAdV49y3psk2aCJUMHPnyrBJC2g1juSTfnndvS3Yxd1fP5jbJ082Lr2ycj1MrnVMmmYOq%2Fa0%2FwdWC1J59YvmE%2F%2F%2FDb1B2DpuXiPOH5KigzB54eg0uXal3hsDqFYelx1Hk5cw22eqnVgRarnbKSrh%2F7Ww1zyytTlNVTt0NDGwNNLuOJC4xsiVGugTVE7j8xCxL7cMz39%2Bs6lMwXZsxbWu7TFv9yYI8%2FVO7cvrNpd3V5wqcOqi3fNFlMpJdJtthO5JcsDBkPo84a4lejyNziyj8%2FeZfAAAA%2F%2F8BAAD%2F%2F3zyxFimBAAA

192.243.59.13

200 OK

7 B

URL GET HTTP/1.1
ravekeptarose.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuuTuaU3%2BWnBi%2BCDEFBwZ3tnpmeD4MEY1wJrtmYGPy4SH31pJzqrqaqe3p2T9GA5DgHL%2FHU88wm8SOI%2FgEGmQ0ECYo7F1nQ%2FRcEheBRelwcfQ%2F9vm8%2FT8FTz1MfT%2FND0kROD869YXaU1nQ9bPj1594JgtP1TZXk4%2Fq413m%2F0z5dt6MX%2B52G%2F3z9NcmHZr3pB74f%2BEF9Q1kZmfF6BUKld%2FtBo%2B832s1GELYxtv%2FdXe7BUQ9idEgehxKL2n3vJBSfI4m%2FPifdMDPpC6%2FGuaaZsRiJO1eSYWKKBPFqjKyHKLlzxIZx%2Bxv3YJJbS7kwo3%2BITC2I9%2BAeWHLnSCTYaHepk2nIBEz8D8VoDqnnUHQObq5DiX0CcIELW0ji2xeMLej23yit0AWpPfoDqliQ2q8nkcRfndVqXL9sdJ4pkziMoxJqPIcazJHme8h2jkEVe%2BDZR1DiR7L%2BaBNJvLvltIESB89Q6QfUD7trftiia%2B2mH6z1ex2xJvrtnpQt4fMOXRqk1BwqmkPLCag7htx5yJWHPPKQpx5icVDnQRB0fcGp3%2Btz3hJdyTrCD2g3Cmjgd3rIeXWHCbJ0Aq4n4PYaUvvhZ6LVlS3G21OGoZrA5t%2FBXS3hhAeXEYxEiUISFI6goASFIigygmJU3hLaNV15W2iXs%2BCoN496q5yZbDClt0w2kAkBtRNYUU7TQ%2FJY5aX33v0AQ3lQD7pN0e%2F0%2FGY7DMOW7Plhk9KIyYCJTpsGLThVQrljoM7DjlqQ3pO%2FIK3yHZZgdA9O74GrU6B5AFqUoFdL7CR3M5Vs51Y3YsMUhCmRZjVk295UH5Knlmmeqr0LyR%2BeeXDipXT28wlwWyK1JT5Q9wkG%2BsbskinI7iVTOPLNVpqpWO3QKunLGc3k8S9el9uFseL8OTf5%2FGVeAdV49y3psk2aCJUMHPnyrBJC2g1juSTfnndvS3Yxd1fP5jbJ082Lr2ycj1MrnVMmmYOq%2Fa0%2FwdWC1J59YvmE%2F%2F%2FDb1B2DpuXiPOH5KigzB54eg0uXal3hsDqFYelx1Hk5cw22eqnVgRarnbKSrh%2F7Ww1zyytTlNVTt0NDGwNNLuOJC4xsiVGugTVE7j8xCxL7cMz39%2Bs6lMwXZsxbWu7TFv9yYI8%2FVO7cvrNpd3V5wqcOqi3fNFlMpJdJtthO5JcsDBkPo84a4lejyNziyj8%2FeZfAAAA%2F%2F8BAAD%2F%2F3zyxFimBAAA
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://zip.lu/?banned=1
Certificate
IssuerLet's Encrypt
Subjectravekeptarose.com
FingerprintA6:10:D9:7F:DD:57:D1:90:92:BE:55:3D:08:27:D6:54:A9:D2:F1:69
ValidityTue, 30 Apr 2024 15:35:21 GMT - Mon, 29 Jul 2024 15:35:20 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuuTuaU3%2BWnBi%2BCDEFBwZ3tnpmeD4MEY1wJrtmYGPy4SH31pJzqrqaqe3p2T9GA5DgHL%2FHU88wm8SOI%2FgEGmQ0ECYo7F1nQ%2FRcEheBRelwcfQ%2F9vm8%2FT8FTz1MfT%2FND0kROD869YXaU1nQ9bPj1594JgtP1TZXk4%2Fq413m%2F0z5dt6MX%2B52G%2F3z9NcmHZr3pB74f%2BEF9Q1kZmfF6BUKld%2FtBo%2B832s1GELYxtv%2FdXe7BUQ9idEgehxKL2n3vJBSfI4m%2FPifdMDPpC6%2FGuaaZsRiJO1eSYWKKBPFqjKyHKLlzxIZx%2Bxv3YJJbS7kwo3%2BITC2I9%2BAeWHLnSCTYaHepk2nIBEz8D8VoDqnnUHQObq5DiX0CcIELW0ji2xeMLej23yit0AWpPfoDqliQ2q8nkcRfndVqXL9sdJ4pkziMoxJqPIcazJHme8h2jkEVe%2BDZR1DiR7L%2BaBNJvLvltIESB89Q6QfUD7trftiia%2B2mH6z1ex2xJvrtnpQt4fMOXRqk1BwqmkPLCag7htx5yJWHPPKQpx5icVDnQRB0fcGp3%2Btz3hJdyTrCD2g3Cmjgd3rIeXWHCbJ0Aq4n4PYaUvvhZ6LVlS3G21OGoZrA5t%2FBXS3hhAeXEYxEiUISFI6goASFIigygmJU3hLaNV15W2iXs%2BCoN496q5yZbDClt0w2kAkBtRNYUU7TQ%2FJY5aX33v0AQ3lQD7pN0e%2F0%2FGY7DMOW7Plhk9KIyYCJTpsGLThVQrljoM7DjlqQ3pO%2FIK3yHZZgdA9O74GrU6B5AFqUoFdL7CR3M5Vs51Y3YsMUhCmRZjVk295UH5Knlmmeqr0LyR%2BeeXDipXT28wlwWyK1JT5Q9wkG%2BsbskinI7iVTOPLNVpqpWO3QKunLGc3k8S9el9uFseL8OTf5%2FGVeAdV49y3psk2aCJUMHPnyrBJC2g1juSTfnndvS3Yxd1fP5jbJ082Lr2ycj1MrnVMmmYOq%2Fa0%2FwdWC1J59YvmE%2F%2F%2FDb1B2DpuXiPOH5KigzB54eg0uXal3hsDqFYelx1Hk5cw22eqnVgRarnbKSrh%2F7Ww1zyytTlNVTt0NDGwNNLuOJC4xsiVGugTVE7j8xCxL7cMz39%2Bs6lMwXZsxbWu7TFv9yYI8%2FVO7cvrNpd3V5wqcOqi3fNFlMpJdJtthO5JcsDBkPo84a4lejyNziyj8%2FeZfAAAA%2F%2F8BAAD%2F%2F3zyxFimBAAA HTTP/1.1
Host: ravekeptarose.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Cookie: u_pl=22725681; uid_id2=ae01a057-053a-4201-986d-d948ee3d0c6a:2:1; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec172d9680245553e8052aafbe1bd64a13=[2019380,2229329,2229337,2229333]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 May 2024 08:32:26 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1c1c334eff26d25026ed87a7ececd677
Strict-Transport-Security: max-age=0; includeSubdomains

ravekeptarose.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSy4sc1Ru9lV%2Bv8tv4CG4EaYKCgtNT1d3VD4MEYxwJjpmYGHxs5L6qc%2B1bdYt7q7p6ZhUNSJa9cBNX1acniY8g%2BgcYpGcgyKA4vZEBnT%2FBhUJwKTUZbP0W9X1fnXPh3HPuJ9P8kDSR04Pzb5otpTVdDRt%2B%2Ffl3g%2BBMfV0l%2Bbg%2B7nU%2B6LTP1O3opX6n4b9Qf13yoVlt%2BoHvB35QX1NWRma8WoFQ6b1%2B0Oj7jXazEYRtjO1%2Fd5d7cNSDGB2SJ6DEorbrnYLicyTxN%2BelG2YmffG1ONc0MxYjcfdqMkxMkSBejpH1ECV3j9kwbn%2FtPkxy%2B0guzOgfIlML4j24D5bcPRYJNto%2B0sk0ZAIm%2Fo9iNIfUcyg6Bzc3oMQ%2BAbjAxQ0k8Z2LxhZ08xFKK3RBag%2F%2FhCoWpPbbKSTx1%2Be0GtevGJ1nyiQO46iEGs%2BhBnOk%2BQ6yrRNQxQ549jGU%2BImsPlxHEm9vOG2gxMGzVPoB9cPuih%2B26Eq76Qcr%2FV5HrIh%2BuydlS%2Fi8Q48MUmoOFc2h5QTUnUDuPOTKQx55yFMPsTio8yAIur7g1O%2F1OW%2BJrmQd4Qe0GwU08Ds95Ly6wwRZOgHXE3B7Han96HPR6soW4%2B0pw1BNYPPv4a6VcMKDywhGokQhCQpHUFCCQhEUGUExKm8L7ZquvCO0y1lw3JvHvVXOTDaY0tsmG8iEgNoJrCin6SF5vPLSe383wFAe1INuU%2FQ7Pb%2FZDsOwJXt%2B2KQ0YjJgotOmQQtOlVDuBKjzsKUWpPfUr0irfIclGN2B0zvg6jRoHoAWJei1ElvJvUwlm7nVjdgwBWFKpFkN2aY31Yfk6aM0T9euQvK9sw9OvpzOfjkJbkuktsSHapdgoG%2FOLpuCbF82hSPfbqSZitUWrZK%2BktFM%2Fu%2FLN%2BRmYay4cN5NvniFV0A13ntbumydJkIlA0e%2BOqeEkHbNWC7JdxfcO5Jdyt21c7lN8nT90qtrF%2BLUSueUSeagan%2FjL3C1ILXnnjx6wo%2F9%2BDuUncPmJeJ8jxwXlNkBT6%2FDpUv1zhBYveSwtIYiL2e2yZY%2FtSLQcrlTVsL9a2fLeWZpdZqqcupuYmBroNkNJHGJkS0x0iWonsDlJ2dZavfO%2FnCrqs%2FAdG3GtK1tM231pwvyzM%2Ftyum3qs97jzx36qDe8kWXyUh2mWyH7UhywcKQ%2BTzirCV6PY7MLaLwj1t%2FAwAA%2F%2F8BAAD%2F%2F7WBh%2BSmBAAA

192.243.59.13

200 OK

7 B

URL GET HTTP/1.1
ravekeptarose.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSy4sc1Ru9lV%2Bv8tv4CG4EaYKCgtNT1d3VD4MEYxwJjpmYGHxs5L6qc%2B1bdYt7q7p6ZhUNSJa9cBNX1acniY8g%2BgcYpGcgyKA4vZEBnT%2FBhUJwKTUZbP0W9X1fnXPh3HPuJ9P8kDSR04Pzb5otpTVdDRt%2B%2Ffl3g%2BBMfV0l%2Bbg%2B7nU%2B6LTP1O3opX6n4b9Qf13yoVlt%2BoHvB35QX1NWRma8WoFQ6b1%2B0Oj7jXazEYRtjO1%2Fd5d7cNSDGB2SJ6DEorbrnYLicyTxN%2BelG2YmffG1ONc0MxYjcfdqMkxMkSBejpH1ECV3j9kwbn%2FtPkxy%2B0guzOgfIlML4j24D5bcPRYJNto%2B0sk0ZAIm%2Fo9iNIfUcyg6Bzc3oMQ%2BAbjAxQ0k8Z2LxhZ08xFKK3RBag%2F%2FhCoWpPbbKSTx1%2Be0GtevGJ1nyiQO46iEGs%2BhBnOk%2BQ6yrRNQxQ549jGU%2BImsPlxHEm9vOG2gxMGzVPoB9cPuih%2B26Eq76Qcr%2FV5HrIh%2BuydlS%2Fi8Q48MUmoOFc2h5QTUnUDuPOTKQx55yFMPsTio8yAIur7g1O%2F1OW%2BJrmQd4Qe0GwU08Ds95Ly6wwRZOgHXE3B7Han96HPR6soW4%2B0pw1BNYPPv4a6VcMKDywhGokQhCQpHUFCCQhEUGUExKm8L7ZquvCO0y1lw3JvHvVXOTDaY0tsmG8iEgNoJrCin6SF5vPLSe383wFAe1INuU%2FQ7Pb%2FZDsOwJXt%2B2KQ0YjJgotOmQQtOlVDuBKjzsKUWpPfUr0irfIclGN2B0zvg6jRoHoAWJei1ElvJvUwlm7nVjdgwBWFKpFkN2aY31Yfk6aM0T9euQvK9sw9OvpzOfjkJbkuktsSHapdgoG%2FOLpuCbF82hSPfbqSZitUWrZK%2BktFM%2Fu%2FLN%2BRmYay4cN5NvniFV0A13ntbumydJkIlA0e%2BOqeEkHbNWC7JdxfcO5Jdyt21c7lN8nT90qtrF%2BLUSueUSeagan%2FjL3C1ILXnnjx6wo%2F9%2BDuUncPmJeJ8jxwXlNkBT6%2FDpUv1zhBYveSwtIYiL2e2yZY%2FtSLQcrlTVsL9a2fLeWZpdZqqcupuYmBroNkNJHGJkS0x0iWonsDlJ2dZavfO%2FnCrqs%2FAdG3GtK1tM231pwvyzM%2Ftyum3qs97jzx36qDe8kWXyUh2mWyH7UhywcKQ%2BTzirCV6PY7MLaLwj1t%2FAwAA%2F%2F8BAAD%2F%2F7WBh%2BSmBAAA
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://zip.lu/?banned=1
Certificate
IssuerLet's Encrypt
Subjectravekeptarose.com
FingerprintA6:10:D9:7F:DD:57:D1:90:92:BE:55:3D:08:27:D6:54:A9:D2:F1:69
ValidityTue, 30 Apr 2024 15:35:21 GMT - Mon, 29 Jul 2024 15:35:20 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSy4sc1Ru9lV%2Bv8tv4CG4EaYKCgtNT1d3VD4MEYxwJjpmYGHxs5L6qc%2B1bdYt7q7p6ZhUNSJa9cBNX1acniY8g%2BgcYpGcgyKA4vZEBnT%2FBhUJwKTUZbP0W9X1fnXPh3HPuJ9P8kDSR04Pzb5otpTVdDRt%2B%2Ffl3g%2BBMfV0l%2Bbg%2B7nU%2B6LTP1O3opX6n4b9Qf13yoVlt%2BoHvB35QX1NWRma8WoFQ6b1%2B0Oj7jXazEYRtjO1%2Fd5d7cNSDGB2SJ6DEorbrnYLicyTxN%2BelG2YmffG1ONc0MxYjcfdqMkxMkSBejpH1ECV3j9kwbn%2FtPkxy%2B0guzOgfIlML4j24D5bcPRYJNto%2B0sk0ZAIm%2Fo9iNIfUcyg6Bzc3oMQ%2BAbjAxQ0k8Z2LxhZ08xFKK3RBag%2F%2FhCoWpPbbKSTx1%2Be0GtevGJ1nyiQO46iEGs%2BhBnOk%2BQ6yrRNQxQ549jGU%2BImsPlxHEm9vOG2gxMGzVPoB9cPuih%2B26Eq76Qcr%2FV5HrIh%2BuydlS%2Fi8Q48MUmoOFc2h5QTUnUDuPOTKQx55yFMPsTio8yAIur7g1O%2F1OW%2BJrmQd4Qe0GwU08Ds95Ly6wwRZOgHXE3B7Han96HPR6soW4%2B0pw1BNYPPv4a6VcMKDywhGokQhCQpHUFCCQhEUGUExKm8L7ZquvCO0y1lw3JvHvVXOTDaY0tsmG8iEgNoJrCin6SF5vPLSe383wFAe1INuU%2FQ7Pb%2FZDsOwJXt%2B2KQ0YjJgotOmQQtOlVDuBKjzsKUWpPfUr0irfIclGN2B0zvg6jRoHoAWJei1ElvJvUwlm7nVjdgwBWFKpFkN2aY31Yfk6aM0T9euQvK9sw9OvpzOfjkJbkuktsSHapdgoG%2FOLpuCbF82hSPfbqSZitUWrZK%2BktFM%2Fu%2FLN%2BRmYay4cN5NvniFV0A13ntbumydJkIlA0e%2BOqeEkHbNWC7JdxfcO5Jdyt21c7lN8nT90qtrF%2BLUSueUSeagan%2FjL3C1ILXnnjx6wo%2F9%2BDuUncPmJeJ8jxwXlNkBT6%2FDpUv1zhBYveSwtIYiL2e2yZY%2FtSLQcrlTVsL9a2fLeWZpdZqqcupuYmBroNkNJHGJkS0x0iWonsDlJ2dZavfO%2FnCrqs%2FAdG3GtK1tM231pwvyzM%2Ftyum3qs97jzx36qDe8kWXyUh2mWyH7UhywcKQ%2BTzirCV6PY7MLaLwj1t%2FAwAA%2F%2F8BAAD%2F%2F7WBh%2BSmBAAA HTTP/1.1
Host: ravekeptarose.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Cookie: u_pl=22725681; uid_id2=ae01a057-053a-4201-986d-d948ee3d0c6a:2:1; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec172d9680245553e8052aafbe1bd64a13=[2019380,2229329,2229337,2229333]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 May 2024 08:32:26 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9d1849ce7caf10dfd06a7c855e2ca44c
Strict-Transport-Security: max-age=0; includeSubdomains

zip.lu/gfx/favicon.png

185.11.100.204

200 OK

2.0 kB

URL GET HTTP/2
zip.lu/gfx/favicon.png
IP
185.11.100.204:443
ASN
#29522 Cyber_Folks S.A.

Requested by
https://zip.lu/?banned=1
Certificate
IssuerLet's Encrypt
Subjectzip.lu
FingerprintBA:69:B8:76:30:88:C6:A1:75:27:5D:FB:93:55:75:0C:F7:FE:CB:36
ValiditySat, 20 Apr 2024 15:39:44 GMT - Fri, 19 Jul 2024 15:39:43 GMT

File type
PNG image data, 48 x 48, 8-bit colormap, non-interlaced
Size
2.0 kB (1973 bytes)
Hash
549c8f6c3f6b1340852212e7c784d187
e8fe075cef3bf487bd9e4e89e9b4a6b63a81e0cc
00495e504ff3e4604b6404a1ae9469f40bd4642bef08239d4d0b0b83c095f590

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /gfx/favicon.png HTTP/1.1
Host: zip.lu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/?banned=1
Cookie: _ga_8Q1W6PKNCX=GS1.1.1714811544.1.0.1714811544.0.0.0; _ga=GA1.1.1949559781.1714811545; dom3ic8zudi28v8lr6fgphwffqoz0j6c=fb382ce3-8add-446f-80d9-186d49434233%3A1%3A1; m5a4xojbcp2nx3gptmm633qal3gzmadn=ravekeptarose.com; pp_main_7866ead300fcf9e425beaf01fe308949=1; pp_idelay_7866ead300fcf9e425beaf01fe308949=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 08:32:26 GMT
server: Apache
last-modified: Tue, 02 Apr 2024 12:49:39 GMT
etag: "7b5-6151c8a0cb469"
accept-ranges: bytes
content-length: 1973
cache-control: max-age=31536000
expires: Sun, 04 May 2025 08:32:26 GMT
content-type: image/png
X-Firefox-Spdy: h2

unseenreport.com/pxf.gif?uuid=fb382ce3-8add-446f-80d9-186d49434233&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=7866ead300fcf9e425beaf01fe308949&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=8

192.243.61.227

200 OK

1 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=fb382ce3-8add-446f-80d9-186d49434233&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=7866ead300fcf9e425beaf01fe308949&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=8
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://zip.lu/?banned=1
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint71:46:15:FD:76:6A:F5:5B:51:06:CC:93:DD:D8:63:E3:8B:10:BF:13
ValidityFri, 22 Mar 2024 07:32:41 GMT - Thu, 20 Jun 2024 07:32:40 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=fb382ce3-8add-446f-80d9-186d49434233&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=7866ead300fcf9e425beaf01fe308949&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=8 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 08:32:27 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d7aaa3e9a784bca09c3542d7b4f40af5
Strict-Transport-Security: max-age=0; includeSubdomains

downstairsnegotiatebarren.com/sfp.js

188.114.97.1

200 OK

33 kB

URL GET HTTP/2
downstairsnegotiatebarren.com/sfp.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://zip.lu/?banned=1
Certificate
IssuerLet's Encrypt
Subjectdownstairsnegotiatebarren.com
Fingerprint5D:DB:CB:C6:CE:2A:8B:34:7D:BC:43:74:33:1D:5F:77:48:F7:BC:1B
ValidityThu, 02 May 2024 21:26:34 GMT - Wed, 31 Jul 2024 21:26:33 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
33 kB (32691 bytes)
Hash
f4a2f8f9f99541c6f105bbd0a025bd40
1f8e3eff12168fdd9e719adfc098d24a45b6916a
b717cb04231a10d425fd55b73c85a5407119c6826a8bac94142fddfff6958716

HTTP Headers

GET /sfp.js HTTP/1.1
Host: downstairsnegotiatebarren.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 08:32:25 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: b775ad72a54d8696928b4b46546f86c7
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sat, 04 May 2024 08:32:25 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w%2BJUQVvzR9wlA7G%2BVdGxEvCqBMkZRy7CzCUDwJfzWRU9Ah%2BplUIJykH%2FwXSwBfs8pwccLp64Geq%2Be7%2FxqBVFqAme2jfJKccN1UFrunify3ePq3LUKvZOvC5LEO05f5qMdyj0Tx5EgV91uvP4rrAyDg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e723e19c657127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

zip.lu/?banned=1

185.11.100.204

200 OK

14 kB

URL User Request GET HTTP/2
zip.lu/?banned=1
IP
185.11.100.204:443
ASN
#29522 Cyber_Folks S.A.

Certificate
IssuerLet's Encrypt
Subjectzip.lu
FingerprintBA:69:B8:76:30:88:C6:A1:75:27:5D:FB:93:55:75:0C:F7:FE:CB:36
ValiditySat, 20 Apr 2024 15:39:44 GMT - Fri, 19 Jul 2024 15:39:43 GMT

File type
JavaScript source, ASCII text, with very long lines (610), with CRLF line terminators
Size
14 kB (14320 bytes)
Hash
d4355dd9a3d6192b6ddde573cacd27ac
f0e2544da5f458c260687286f88a2c180d138caa
5e58a244f242a8e66f50362688c424b723793cebfd16b8f508e4d5701cdee7b7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?banned=1 HTTP/1.1
Host: zip.lu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 08:32:23 GMT
server: Apache
x-powered-by: PHP/5.5.38
cache-control: max-age=0
expires: Sat, 04 May 2024 08:32:23 GMT
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-8Q1W6PKNCX

142.250.74.40

200 OK

246 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-8Q1W6PKNCX
IP
142.250.74.40:443
ASN
#15169 GOOGLE

Requested by
https://zip.lu/?banned=1
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type
JavaScript source, ASCII text, with very long lines (5955)
Size
246 kB (246476 bytes)
Hash
02b8805c01eaf4da38723c19b240761d
94744a949bb6368706572cd56de9f02a4d2c8c1c
1012863e0fdee6938182a395b2bed48f51f77962b2efdc321d153e356762f979

HTTP Headers

GET /gtag/js?id=G-8Q1W6PKNCX HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 04 May 2024 08:32:24 GMT
expires: Sat, 04 May 2024 08:32:24 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 87650
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fundingchoicesmessages.google.com/i/pub-2614556310778759?ers=1

216.58.211.14

200 OK

23 kB

URL GET HTTP/2
fundingchoicesmessages.google.com/i/pub-2614556310778759?ers=1
IP
216.58.211.14:443
ASN
#15169 GOOGLE

Requested by
https://zip.lu/?banned=1
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint7C:B7:E1:97:03:6E:82:B6:52:F8:EC:C6:C6:50:D9:DD:80:47:E6:A0
ValidityTue, 16 Apr 2024 03:18:53 GMT - Tue, 09 Jul 2024 03:18:52 GMT

File type
JavaScript source, ASCII text, with very long lines (1823)
Size
23 kB (23338 bytes)
Hash
9754c2080bd6eeb50a177d8fe467af8a
c3afa9beb46d62d62d599bc3d7525d7ebceb1268
9b652fa53b5c1a8e0eeea48d657d83d1bb0c3f0305b61d31f885dfb8cb0f8ba7

HTTP Headers

GET /i/pub-2614556310778759?ers=1 HTTP/1.1
Host: fundingchoicesmessages.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 04 May 2024 08:32:26 GMT
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: script-src 'nonce-_pghp3rg-dnTH6YR9wXOfA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjStDikmLw1pBiOO90h-k6ENcyPGNqBWIDjedMFkAs8fUlkxYQxzyfzpoCxE7pM1hDgNinfgZrHBC33jzHOh2ITy44z3oRiJP-nWctAeKdiy-wHgRiIR6OWU-vb2QTuLD60SdGAIJNMD0"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (28)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by