| | 185.11.100.204 | 301 Moved Permanently | 239 B |
URL User Request GET HTTP/2IP185.11.100.204:443 ASN#29522 Cyber_Folks S.A.
CertificateIssuerLet's Encrypt Subjectbitly.ws Fingerprint2E:32:BE:AA:55:57:6D:B9:D0:4B:B5:E4:B8:69:A8:99:AF:37:26:88 ValidityThu, 02 May 2024 22:01:15 GMT - Wed, 31 Jul 2024 22:01:14 GMT
File typeHTML document, ASCII text Hashecf2a02345232d39944e48c227545515 a7401469e0c2162a0552de6617f72b2129f31167 e14b1ff1e62bb421e743cbba125d4244ef0f9b0051d0eae8db41d4086ce10920
GET /SjzZ HTTP/1.1
Host: bitly.ws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
date: Sat, 04 May 2024 07:24:13 GMT
server: Apache
location: https://bitly.ws/?redirect=SjzZ
cache-control: max-age=0
expires: Sat, 04 May 2024 07:24:13 GMT
content-length: 239
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2
|
|
| zip.lu/gfx/stripe.png | 185.11.100.204 | 200 OK | 1.4 kB |
IP185.11.100.204:443 ASN#29522 Cyber_Folks S.A.
CertificateIssuerLet's Encrypt Subjectzip.lu FingerprintBA:69:B8:76:30:88:C6:A1:75:27:5D:FB:93:55:75:0C:F7:FE:CB:36 ValiditySat, 20 Apr 2024 15:39:44 GMT - Fri, 19 Jul 2024 15:39:43 GMT
File typePNG image data, 91 x 60, 8-bit colormap, non-interlaced Hash17aaa9dc48a895306b06de8ae9a8b104 f75e086497b3743ac83d85dc4ca456e8bb556e55 b8214bd5cbd9197f329d1df98d908dc7a1cd38c28e8010b92e49b3f35dd9986a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /gfx/stripe.png HTTP/1.1
Host: zip.lu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/?banned=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 07:24:15 GMT
server: Apache
last-modified: Sat, 19 Aug 2023 15:45:50 GMT
etag: "54f-603488a24201d"
accept-ranges: bytes
content-length: 1359
cache-control: max-age=31536000
expires: Sun, 04 May 2025 07:24:15 GMT
content-type: image/png
X-Firefox-Spdy: h2
|
|
| www.paypalobjects.com/pl_PL/i/scr/pixel.gif | 192.229.221.25 | 200 OK | 43 B |
URL GET HTTP/2www.paypalobjects.com/pl_PL/i/scr/pixel.gif IP192.229.221.25:443
CertificateIssuerDigiCert Inc Subjectwww.paypal.com Fingerprint4B:C0:E1:F0:16:B3:A4:B3:63:08:41:DF:F2:EF:8D:65:54:1D:30:B1 ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 31 Oct 2024 23:59:59 GMT
File typeGIF image data, version 89a, 1 x 1 Hashfc94fb0c3ed8a8f909dbc7630a0987ff 56d45f8a17f5078a20af9962c992ca4678450765 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
GET /pl_PL/i/scr/pixel.gif HTTP/1.1
Host: www.paypalobjects.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
cache-control: s-maxage=31536000, public,max-age=3600
content-type: image/gif
date: Sat, 04 May 2024 07:24:15 GMT
dc: ccg11-origin-www-1.paypal.com
etag: "5d5637c5-2b"
expires: Sat, 04 May 2024 08:24:15 GMT
last-modified: Fri, 16 Aug 2019 04:57:41 GMT
paypal-debug-id: 2b5a4d618fa0a
server: ECAcc (ska/F6B7)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-00000000000000000002b5a4d618fa0a-1ee1f9b462072736-01
x-cache: HIT
x-content-type-options: nosniff
content-length: 43
X-Firefox-Spdy: h2
|
|
| zip.lu/gfx/adsterra2.png | 185.11.100.204 | 200 OK | 15 kB |
IP185.11.100.204:443 ASN#29522 Cyber_Folks S.A.
CertificateIssuerLet's Encrypt Subjectzip.lu FingerprintBA:69:B8:76:30:88:C6:A1:75:27:5D:FB:93:55:75:0C:F7:FE:CB:36 ValiditySat, 20 Apr 2024 15:39:44 GMT - Fri, 19 Jul 2024 15:39:43 GMT
File typePNG image data, 200 x 200, 8-bit colormap, non-interlaced Hash5d4aab7e8b7267e1876143c7bd308318 5e1827fa8442e7b1e06cfbdec4c52bdec22c9063 f9b415d80dc86d44446a312e855460fb4ac16207f5b2caa0620e69013598bde6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /gfx/adsterra2.png HTTP/1.1
Host: zip.lu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/?banned=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 07:24:15 GMT
server: Apache
last-modified: Sat, 30 Mar 2024 10:55:14 GMT
etag: "3ba2-614de974dba8f"
accept-ranges: bytes
content-length: 15266
cache-control: max-age=31536000
expires: Sun, 04 May 2025 07:24:15 GMT
content-type: image/png
X-Firefox-Spdy: h2
|
|
| zip.lu/css/style.css | 185.11.100.204 | 200 OK | 2.8 kB |
IP185.11.100.204:443 ASN#29522 Cyber_Folks S.A.
CertificateIssuerLet's Encrypt Subjectzip.lu FingerprintBA:69:B8:76:30:88:C6:A1:75:27:5D:FB:93:55:75:0C:F7:FE:CB:36 ValiditySat, 20 Apr 2024 15:39:44 GMT - Fri, 19 Jul 2024 15:39:43 GMT
File typeassembler source, Unicode text, UTF-8 text, with CRLF line terminators Hash4f01ddcf0e75cdacc7614891a0267ef0 cfeaf4c177b3033406ce9b5725c48be4b50fa066 b321e7e91fe1b3cf4c2f490cc83c6ef52585f23db09aeeb7a5e962f671663fd4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /css/style.css HTTP/1.1
Host: zip.lu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/?banned=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 07:24:15 GMT
server: Apache
last-modified: Sat, 20 Apr 2024 08:02:52 GMT
etag: "2d75-61682a18e99c0-gzip"
accept-ranges: bytes
cache-control: max-age=0
expires: Sat, 04 May 2024 07:24:15 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 2777
content-type: text/css
X-Firefox-Spdy: h2
|
|
| zip.lu/gfx/ziplu-chart.png | 185.11.100.204 | 200 OK | 2.0 kB |
URL GET HTTP/2zip.lu/gfx/ziplu-chart.png IP185.11.100.204:443 ASN#29522 Cyber_Folks S.A.
CertificateIssuerLet's Encrypt Subjectzip.lu FingerprintBA:69:B8:76:30:88:C6:A1:75:27:5D:FB:93:55:75:0C:F7:FE:CB:36 ValiditySat, 20 Apr 2024 15:39:44 GMT - Fri, 19 Jul 2024 15:39:43 GMT
File typePNG image data, 1200 x 1200, 2-bit colormap, non-interlaced Hash0ce170cef8f689ab343636f7e8683808 ef2e58ee55b2ebeb24fd3d9a0d11a6495e36ecc2 c982e300b4c5093be2adaa79428c053dff57ea90ef4f93e3cf2633a680685d03
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /gfx/ziplu-chart.png HTTP/1.1
Host: zip.lu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/?banned=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 07:24:15 GMT
server: Apache
last-modified: Wed, 24 Apr 2024 17:59:41 GMT
etag: "7cd-616db6f4dc1f1"
accept-ranges: bytes
content-length: 1997
cache-control: max-age=31536000
expires: Sun, 04 May 2025 07:24:15 GMT
content-type: image/png
X-Firefox-Spdy: h2
|
|
| zip.lu/js/adframe.js | 185.11.100.204 | 200 OK | 16 B |
IP185.11.100.204:443 ASN#29522 Cyber_Folks S.A.
CertificateIssuerLet's Encrypt Subjectzip.lu FingerprintBA:69:B8:76:30:88:C6:A1:75:27:5D:FB:93:55:75:0C:F7:FE:CB:36 ValiditySat, 20 Apr 2024 15:39:44 GMT - Fri, 19 Jul 2024 15:39:43 GMT
File typeASCII text, with no line terminators Hash760222d2e529d3e84eb01378cfc46e2e f789f3c0007640b5549fca2710cf3da500b95e86 0059cb4ff0a271382c38af8a7367aaf45cbeb31449637d3928d25317401e2828
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/adframe.js HTTP/1.1
Host: zip.lu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/?banned=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 07:24:15 GMT
server: Apache
last-modified: Sat, 30 Dec 2017 21:02:30 GMT
etag: "10-5619511402320"
accept-ranges: bytes
content-length: 16
cache-control: max-age=0
expires: Sat, 04 May 2024 07:24:15 GMT
content-type: application/javascript
X-Firefox-Spdy: h2
|
|
| zip.lu/gfx/bmac.png | 185.11.100.204 | 200 OK | 3.2 kB |
IP185.11.100.204:443 ASN#29522 Cyber_Folks S.A.
CertificateIssuerLet's Encrypt Subjectzip.lu FingerprintBA:69:B8:76:30:88:C6:A1:75:27:5D:FB:93:55:75:0C:F7:FE:CB:36 ValiditySat, 20 Apr 2024 15:39:44 GMT - Fri, 19 Jul 2024 15:39:43 GMT
File typePNG image data, 214 x 60, 8-bit colormap, non-interlaced Hash781860bb7eb619aa3b173144c6d29646 6ba3a103709f121cf9f5ab214610d0215dab93e9 54339f1c8cb089c05773b2b18fd5da6e702956decbf7dea6ef0348a64203c657
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /gfx/bmac.png HTTP/1.1
Host: zip.lu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/?banned=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 07:24:15 GMT
server: Apache
last-modified: Sat, 19 Aug 2023 15:45:47 GMT
etag: "c86-6034889f203e4"
accept-ranges: bytes
content-length: 3206
cache-control: max-age=31536000
expires: Sun, 04 May 2025 07:24:15 GMT
content-type: image/png
X-Firefox-Spdy: h2
|
|
| zip.lu/gfx/paypal.jpg | 185.11.100.204 | 200 OK | 8.7 kB |
IP185.11.100.204:443 ASN#29522 Cyber_Folks S.A.
CertificateIssuerLet's Encrypt Subjectzip.lu FingerprintBA:69:B8:76:30:88:C6:A1:75:27:5D:FB:93:55:75:0C:F7:FE:CB:36 ValiditySat, 20 Apr 2024 15:39:44 GMT - Fri, 19 Jul 2024 15:39:43 GMT
File typePNG image data, 380 x 130, 8-bit colormap, non-interlaced Hasheeb10183dfe4b9ec6bcfea9aa6fa07f6 b55d89bc1ead011821dd3371f2885996fe99785a 1ae6619173f92af4f0201b7204322213c714b56df437aa7d6482a1c141d5337c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /gfx/paypal.jpg HTTP/1.1
Host: zip.lu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/?banned=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 07:24:15 GMT
server: Apache
last-modified: Tue, 02 Jan 2018 13:00:56 GMT
etag: "2204-561cab086d14b"
accept-ranges: bytes
content-length: 8708
cache-control: max-age=31536000
expires: Sun, 04 May 2025 07:24:15 GMT
content-type: image/jpeg
X-Firefox-Spdy: h2
|
|
| zip.lu/gfx/paypal.png | 185.11.100.204 | 200 OK | 5.5 kB |
IP185.11.100.204:443 ASN#29522 Cyber_Folks S.A.
CertificateIssuerLet's Encrypt Subjectzip.lu FingerprintBA:69:B8:76:30:88:C6:A1:75:27:5D:FB:93:55:75:0C:F7:FE:CB:36 ValiditySat, 20 Apr 2024 15:39:44 GMT - Fri, 19 Jul 2024 15:39:43 GMT
File typePNG image data, 200 x 150, 8-bit colormap, non-interlaced Hash164e7543a819062962815f4bd99b8419 0355f9dad012daa6adf4bae4e47e44d4b2c51888 675f6b6dc673aae01f8ef949697ee544c8df8574ca090a4dd690776ec6e442ea
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /gfx/paypal.png HTTP/1.1
Host: zip.lu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/?banned=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 07:24:15 GMT
server: Apache
last-modified: Tue, 02 Jan 2018 13:00:54 GMT
etag: "158c-561cab06562ce"
accept-ranges: bytes
content-length: 5516
cache-control: max-age=31536000
expires: Sun, 04 May 2025 07:24:15 GMT
content-type: image/png
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtag/js?id=G-8Q1W6PKNCX | 142.250.74.168 | 200 OK | 88 kB |
URL GET HTTP/2www.googletagmanager.com/gtag/js?id=G-8Q1W6PKNCX IP142.250.74.168:443
CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
File typeJavaScript source, ASCII text, with very long lines (5955) Hash80dd0a7c47bc26afa9e734e7798ee8a0 0b6d6e68e03e87bd4b039395d20f21cb2f79efed f8317b6a822913b5439222dfb48a97a761a2cdcc2d201b55fd6e12829bc43401
GET /gtag/js?id=G-8Q1W6PKNCX HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 04 May 2024 07:24:15 GMT
expires: Sat, 04 May 2024 07:24:15 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 87655
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| pl22826180.profitablegatecpm.com/172d9680245553e8052aafbe1bd64a13/invoke.js | 192.243.61.225 | 200 OK | 9.8 kB |
URL GET HTTP/1.1pl22826180.profitablegatecpm.com/172d9680245553e8052aafbe1bd64a13/invoke.js IP192.243.61.225:443 ASN#39572 DataWeb Global Group B.V.
CertificateIssuerLet's Encrypt Subjectprofitablegatecpm.com Fingerprint9D:FB:8C:AD:4D:64:98:6B:85:78:33:54:E7:A3:BB:10:ED:77:63:30 ValidityFri, 05 Apr 2024 18:10:33 GMT - Thu, 04 Jul 2024 18:10:32 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (26642), with no line terminators Hash0a57fdb3e674fcc6b65875beab10dcfd d2870f710f718666a0900e3b974c6f5908be183d 96451223791bde470c3c60dab3664382b56af022b6b5f2a7067ac8dfad2d239c
GET /172d9680245553e8052aafbe1bd64a13/invoke.js HTTP/1.1
Host: pl22826180.profitablegatecpm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 07:24:15 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 91848eaf462186fc6e2e165c4a9cb9ba
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| ocsp.r2m03.amazontrust.com/ | 143.204.53.97 | | 471 B |
URL ocsp.r2m03.amazontrust.com/ IP143.204.53.97:0
Hash353dbae1e1b45a750770ae51bef13ba7 465917a2a0bbb947e9727e7f08b584a82aa6fb81 9fa5becc3e07f31f2f08bf5f331d6bfda4f6386634ea524bc3a8c56ac1c0bc2b
POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Sat, 04 May 2024 07:24:15 GMT
Last-Modified: Sat, 04 May 2024 06:01:30 GMT
Server: ECAcc (ska/F775)
X-Cache: Miss from cloudfront
Via: 1.1 9ede9483eb891e14681c7c693b47c862.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: j0PO0dJgSZahpkYx61IQ9p3vuaVfcgJBEn5-lTAJmAKNTn0euI0GFw==
Age: 4965
|
|
| proftrafficcounter.com/stats | 18.185.9.67 | 200 OK | 40 B |
URL GET HTTP/2proftrafficcounter.com/stats IP18.185.9.67:443
CertificateIssuerAmazon Subjectproftrafficcounter.com FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6 ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT
File typeASCII text, with no line terminators Hashdf90e999811798e78361ba4ffb7bf556 05fcdc12df8cfb36e98700a76a313815a3306309 7a454fb75024bc155c455b46b09b5172e01a1e552c657aca1004c1a7fc1d163c
GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://zip.lu
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 07:24:16 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://zip.lu
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=e4bce864-fa29-4097-b6f4-e34a05d623f5:3:1; expires=Tue, 02 May 2034 07:24:16 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
|
|
| www.topcreativeformat.com/6dc3a27552b5aedfb96aeaa00aa1c37b/invoke.js | 172.240.108.84 | 200 OK | 12 kB |
URL GET HTTP/1.1www.topcreativeformat.com/6dc3a27552b5aedfb96aeaa00aa1c37b/invoke.js IP172.240.108.84:443
CertificateIssuerLet's Encrypt Subjecttopcreativeformat.com Fingerprint6D:98:D9:61:FC:CF:D9:8C:FE:5E:1C:15:5A:A5:F2:28:38:04:A4:A4 ValidityWed, 20 Mar 2024 07:51:41 GMT - Tue, 18 Jun 2024 07:51:40 GMT
File typeJavaScript source, ASCII text, with very long lines (31286), with no line terminators Hash522e2a0d8400d2b86e741ff901fa6345 63481b63beda046446df3fadd532abb8234c8108 c2eb1bb8879199b90906d96bb5eead4033bdef896c1cc046f8ddbb3eb8bd3f79
GET /6dc3a27552b5aedfb96aeaa00aa1c37b/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 07:24:16 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 578545acde14819879097ac00552ad85
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| www.topcreativeformat.com/fb87135eb1bdee211d55a6d31f28b1bc/invoke.js | 172.240.108.84 | 200 OK | 12 kB |
URL GET HTTP/1.1www.topcreativeformat.com/fb87135eb1bdee211d55a6d31f28b1bc/invoke.js IP172.240.108.84:443
CertificateIssuerLet's Encrypt Subjecttopcreativeformat.com Fingerprint6D:98:D9:61:FC:CF:D9:8C:FE:5E:1C:15:5A:A5:F2:28:38:04:A4:A4 ValidityWed, 20 Mar 2024 07:51:41 GMT - Tue, 18 Jun 2024 07:51:40 GMT
File typeJavaScript source, ASCII text, with very long lines (31331), with no line terminators Hashef23e105ee6efa8b6b9d4e6225a963d9 1b9b807d10f4ccc4221f87ec37f3fc989fc9ac4f 671c1fa231e9ce9157b8b431df7c17a094d9804bbe4d9907ca6fcf1e7f003460
GET /fb87135eb1bdee211d55a6d31f28b1bc/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 07:24:16 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 41f11ed8c00eeefad61d7f21931029fc
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| landings-cdn.adsterratech.com/referralBanners/png/300%20x%20250%20px.png | 142.0.204.220 | 200 OK | 90 kB |
URL GET HTTP/1.1landings-cdn.adsterratech.com/referralBanners/png/300%20x%20250%20px.png IP142.0.204.220:443
CertificateIssuerLet's Encrypt Subjectlandings-cdn.adsterratech.com FingerprintCA:79:50:AF:4F:E1:B9:4D:FD:EE:28:B7:AD:6C:21:7A:99:D2:DB:93 ValiditySun, 28 Apr 2024 07:09:01 GMT - Sat, 27 Jul 2024 07:09:00 GMT
File typePNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced Hasha28902cd41b26954be2c97eea41089a1 c69d00be80adbcba05b788d2dcf7967d0d15a65f 5b4fa649af59a8350f401a661a5ecfed92130aa0aa9825ac3777c2a893a96e61
GET /referralBanners/png/300%20x%20250%20px.png HTTP/1.1
Host: landings-cdn.adsterratech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 07:24:15 GMT
Content-Type: image/png
Content-Length: 90409
Last-Modified: Wed, 02 Feb 2022 00:50:11 GMT
Connection: keep-alive
ETag: "61f9d543-16129"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Date
Cache-Control: max-age=315360000, public
Accept-Ranges: bytes
|
|
| keynotefool.com/watch.1300304930387.js?key=6dc3a27552b5aedfb96aeaa00aa1c37b&kw=%5B%22zip%22%2C%22url%22%2C%22shortener%22%5D&refer=https%3A%2F%2Fzip.lu%2F%3Fbanned%3D1&tz=0&dev=e&res=14.2071&uuid=e4bce864-fa29-4097-b6f4-e34a05d623f5%3A3%3A1 | 172.240.108.84 | 307 Temporary Redirect | 0 B |
URL GET HTTP/1.1keynotefool.com/watch.1300304930387.js?key=6dc3a27552b5aedfb96aeaa00aa1c37b&kw=%5B%22zip%22%2C%22url%22%2C%22shortener%22%5D&refer=https%3A%2F%2Fzip.lu%2F%3Fbanned%3D1&tz=0&dev=e&res=14.2071&uuid=e4bce864-fa29-4097-b6f4-e34a05d623f5%3A3%3A1 IP172.240.108.84:443
CertificateIssuerLet's Encrypt Subjectkeynotefool.com Fingerprint1C:E8:3F:EA:63:6D:90:43:86:99:91:6E:E4:0E:BE:C0:A8:FC:1A:12 ValidityMon, 29 Apr 2024 08:11:50 GMT - Sun, 28 Jul 2024 08:11:49 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.1300304930387.js?key=6dc3a27552b5aedfb96aeaa00aa1c37b&kw=%5B%22zip%22%2C%22url%22%2C%22shortener%22%5D&refer=https%3A%2F%2Fzip.lu%2F%3Fbanned%3D1&tz=0&dev=e&res=14.2071&uuid=e4bce864-fa29-4097-b6f4-e34a05d623f5%3A3%3A1 HTTP/1.1
Host: keynotefool.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://zip.lu
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Sat, 04 May 2024 07:24:16 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://zip.lu
Access-Control-Allow-Origin: https://zip.lu
Access-Control-Allow-Credentials: true
Location: https://keynotefool.com/watch.1300304930387.js?dev=e&key=6dc3a27552b5aedfb96aeaa00aa1c37b&kw=%5B%22zip%22%2C%22url%22%2C%22shortener%22%5D&pst=1714807516&refer=https%3A%2F%2Fzip.lu%2F%3Fbanned%3D1&res=14.2071&rmtc=t&shu=34e3bcc5552dd3e764eee62c776a70691c7d1412be6fdcc12af4da79a83d8fb86816978b63e63ccb61d54d2cbd9f61b3230546f815e17e54290b232b6ea49c46eeb76121658192c61687d307260ef8a8a075eec15e1a3034a75eb2d09665df0585&tz=0&uuid=e4bce864-fa29-4097-b6f4-e34a05d623f5%3A3%3A1
Set-Cookie: u_pl=22735548; expires=Sun, 05 May 2024 07:24:16 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjczNTU0OCwiayI6IjZkYzNhMjc1NTJiNWFlZGZiOTZhZWFhMDBhYTFjMzdiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNjc1ODY4LCJwaWQiOjkzMDg4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjM0LCJhaWQiOjUsInB0Ijo0LCJwayI6Inc3cTYxZHZqbWUiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly96aXAubHUvP2Jhbm5lZD0xIiwiYXIiOltdfX0.Wlik0i7U6TMsAzL1Ct4uONsIP4EB7gWVCej1azy-STE; expires=Sat, 04 May 2024 07:25:16 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d75f11a0a9fe60d3c65321822aaa69d2
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| fibaffluencebetting.com/78/66/ea/7866ead300fcf9e425beaf01fe308949.js | 192.243.59.13 | 200 OK | 30 kB |
URL GET HTTP/1.1fibaffluencebetting.com/78/66/ea/7866ead300fcf9e425beaf01fe308949.js IP192.243.59.13:443 ASN#39572 DataWeb Global Group B.V.
CertificateIssuerLet's Encrypt Subjectfibaffluencebetting.com Fingerprint75:D4:BF:BA:3B:8C:FF:E6:24:A2:A7:5E:0B:09:29:D2:E7:B2:6B:38 ValidityMon, 29 Apr 2024 08:42:41 GMT - Sun, 28 Jul 2024 08:42:40 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash06dc27ecde183fa473eccfc54135c037 b1582cefd8eda469370ce2a97d09e3a14464433d 9f95bf272f5c44377051318e6c0a7971feaa6f1f4d19ab3da55893542c95213f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /78/66/ea/7866ead300fcf9e425beaf01fe308949.js HTTP/1.1
Host: fibaffluencebetting.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 May 2024 07:24:16 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9d5e4221f952ac5f2ea9d5acc9537649
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| keynotefool.com/watch.1300304930387.js?dev=e&key=6dc3a27552b5aedfb96aeaa00aa1c37b&kw=%5B%22zip%22%2C%22url%22%2C%22shortener%22%5D&pst=1714807516&refer=https%3A%2F%2Fzip.lu%2F%3Fbanned%3D1&res=14.2071&rmtc=t&shu=34e3bcc5552dd3e764eee62c776a70691c7d1412be6fdcc12af4da79a83d8fb86816978b63e63ccb61d54d2cbd9f61b3230546f815e17e54290b232b6ea49c46eeb76121658192c61687d307260ef8a8a075eec15e1a3034a75eb2d09665df0585&tz=0&uuid=e4bce864-fa29-4097-b6f4-e34a05d623f5%3A3%3A1 | 172.240.108.84 | 200 OK | 2.1 kB |
URL GET HTTP/1.1keynotefool.com/watch.1300304930387.js?dev=e&key=6dc3a27552b5aedfb96aeaa00aa1c37b&kw=%5B%22zip%22%2C%22url%22%2C%22shortener%22%5D&pst=1714807516&refer=https%3A%2F%2Fzip.lu%2F%3Fbanned%3D1&res=14.2071&rmtc=t&shu=34e3bcc5552dd3e764eee62c776a70691c7d1412be6fdcc12af4da79a83d8fb86816978b63e63ccb61d54d2cbd9f61b3230546f815e17e54290b232b6ea49c46eeb76121658192c61687d307260ef8a8a075eec15e1a3034a75eb2d09665df0585&tz=0&uuid=e4bce864-fa29-4097-b6f4-e34a05d623f5%3A3%3A1 IP172.240.108.84:443
CertificateIssuerLet's Encrypt Subjectkeynotefool.com Fingerprint1C:E8:3F:EA:63:6D:90:43:86:99:91:6E:E4:0E:BE:C0:A8:FC:1A:12 ValidityMon, 29 Apr 2024 08:11:50 GMT - Sun, 28 Jul 2024 08:11:49 GMT
File typeJavaScript source, ASCII text, with very long lines (2653) Hashe6d5ee28a9162dd483cbb6bdc1d658a4 ba2434a9e6f81ca079684fc49af520ba95f6fe76 ba686868c2acdd501229774368cc3f19c58fefe87ad432dd35bb6bf9ee6f9a21
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.1300304930387.js?dev=e&key=6dc3a27552b5aedfb96aeaa00aa1c37b&kw=%5B%22zip%22%2C%22url%22%2C%22shortener%22%5D&pst=1714807516&refer=https%3A%2F%2Fzip.lu%2F%3Fbanned%3D1&res=14.2071&rmtc=t&shu=34e3bcc5552dd3e764eee62c776a70691c7d1412be6fdcc12af4da79a83d8fb86816978b63e63ccb61d54d2cbd9f61b3230546f815e17e54290b232b6ea49c46eeb76121658192c61687d307260ef8a8a075eec15e1a3034a75eb2d09665df0585&tz=0&uuid=e4bce864-fa29-4097-b6f4-e34a05d623f5%3A3%3A1 HTTP/1.1
Host: keynotefool.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://zip.lu
Referer: https://zip.lu/
DNT: 1
Connection: keep-alive
Cookie: u_pl=22735548; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjczNTU0OCwiayI6IjZkYzNhMjc1NTJiNWFlZGZiOTZhZWFhMDBhYTFjMzdiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNjc1ODY4LCJwaWQiOjkzMDg4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjM0LCJhaWQiOjUsInB0Ijo0LCJwayI6Inc3cTYxZHZqbWUiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly96aXAubHUvP2Jhbm5lZD0xIiwiYXIiOltdfX0.Wlik0i7U6TMsAzL1Ct4uONsIP4EB7gWVCej1azy-STE
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 07:24:16 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://zip.lu
Access-Control-Allow-Origin: https://zip.lu
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=e4bce864-fa29-4097-b6f4-e34a05d623f5:3:1; expires=Sat, 11 May 2024 07:24:16 GMT; secure; SameSite=None
iprc82e4e389faa42a30f173be88f98c5f4e=3569806; expires=Sat, 04 May 2024 11:24:16 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 05 May 2024 07:24:16 GMT; secure; SameSite=None
uncs=1; expires=Sun, 05 May 2024 07:24:16 GMT; secure; SameSite=None
pdhtkv5=true; expires=Sun, 05 May 2024 07:24:16 GMT; secure; SameSite=None
uncs5=1; expires=Sun, 05 May 2024 07:24:16 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 11be93756a3ee1573ea818eabe1121b7
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| designingpupilintermediary.com/watch.127576493755.js?key=fb87135eb1bdee211d55a6d31f28b1bc&kw=%5B%22zip%22%2C%22url%22%2C%22shortener%22%5D&refer=https%3A%2F%2Fzip.lu%2F%3Fbanned%3D1&tz=0&dev=e&res=14.2071&uuid=e4bce864-fa29-4097-b6f4-e34a05d623f5%3A3%3A1 | 192.243.59.20 | 307 Temporary Redirect | 0 B |
URL GET HTTP/1.1designingpupilintermediary.com/watch.127576493755.js?key=fb87135eb1bdee211d55a6d31f28b1bc&kw=%5B%22zip%22%2C%22url%22%2C%22shortener%22%5D&refer=https%3A%2F%2Fzip.lu%2F%3Fbanned%3D1&tz=0&dev=e&res=14.2071&uuid=e4bce864-fa29-4097-b6f4-e34a05d623f5%3A3%3A1 IP192.243.59.20:443 ASN#39572 DataWeb Global Group B.V.
CertificateIssuerLet's Encrypt Subjectdesigningpupilintermediary.com FingerprintC6:2A:2C:CE:46:0C:19:DC:3F:A3:33:F7:CD:1E:20:1D:CC:46:93:78 ValidityMon, 29 Apr 2024 08:22:29 GMT - Sun, 28 Jul 2024 08:22:28 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.127576493755.js?key=fb87135eb1bdee211d55a6d31f28b1bc&kw=%5B%22zip%22%2C%22url%22%2C%22shortener%22%5D&refer=https%3A%2F%2Fzip.lu%2F%3Fbanned%3D1&tz=0&dev=e&res=14.2071&uuid=e4bce864-fa29-4097-b6f4-e34a05d623f5%3A3%3A1 HTTP/1.1
Host: designingpupilintermediary.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://zip.lu
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Sat, 04 May 2024 07:24:16 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://zip.lu
Access-Control-Allow-Origin: https://zip.lu
Access-Control-Allow-Credentials: true
Location: https://designingpupilintermediary.com/watch.127576493755.js?dev=e&key=fb87135eb1bdee211d55a6d31f28b1bc&kw=%5B%22zip%22%2C%22url%22%2C%22shortener%22%5D&pst=1714807516&refer=https%3A%2F%2Fzip.lu%2F%3Fbanned%3D1&res=14.2071&rmtc=t&shu=7d9dfe366b6a827e695a5135e310a6a956215e2f57ac7c84e9aff210031dde219a4b8bd84bc76c33950471aea0a2a5eb0a27d82651241a95dacc7b9353631a2c8ce8d44fd93d9994f8871bc336aae77edd91877becbd0fb865866ee830772752109552&tz=0&uuid=e4bce864-fa29-4097-b6f4-e34a05d623f5%3A3%3A1
Set-Cookie: u_pl=22829219; expires=Sun, 05 May 2024 07:24:16 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjgyOTIxOSwiayI6ImZiODcxMzVlYjFiZGVlMjExZDU1YTZkMzFmMjhiMWJjIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNjc1ODY4LCJwaWQiOjkzMDg4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjM0LCJhaWQiOjMyLCJwdCI6NCwicGsiOiJ6YXM3dzFtanQiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly96aXAubHUvP2Jhbm5lZD0xIiwiYXIiOltdfX0.x4V-YbMaz28DxGpGZqZohRewgpsltxYPfC_5fIrdH0Y; expires=Sat, 04 May 2024 07:25:16 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d91e894947280b635ea388e97539c0f9
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| fibaffluencebetting.com/ntv.json?key=172d9680245553e8052aafbe1bd64a13&vstc=4 | 192.243.59.13 | 200 OK | 17 kB |
URL GET HTTP/1.1fibaffluencebetting.com/ntv.json?key=172d9680245553e8052aafbe1bd64a13&vstc=4 IP192.243.59.13:443 ASN#39572 DataWeb Global Group B.V.
CertificateIssuerLet's Encrypt Subjectfibaffluencebetting.com Fingerprint75:D4:BF:BA:3B:8C:FF:E6:24:A2:A7:5E:0B:09:29:D2:E7:B2:6B:38 ValidityMon, 29 Apr 2024 08:42:41 GMT - Sun, 28 Jul 2024 08:42:40 GMT
Hash209fb57023f6a20f47dddc44a728e630 502af61cc89ec96de0e67a310b9e2f0ea54e258f db6cdcc78ad03a6ef3d4606e76d86be74b12ef983120a600a73d43ed1cc36206
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /ntv.json?key=172d9680245553e8052aafbe1bd64a13&vstc=4 HTTP/1.1
Host: fibaffluencebetting.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://zip.lu
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 May 2024 07:24:16 GMT
Content-Type: application/json
Content-Length: 17124
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://zip.lu
Access-Control-Allow-Origin: https://zip.lu
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=22725681; expires=Sun, 05 May 2024 07:24:16 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 05 May 2024 07:24:16 GMT; secure; SameSite=None
uncs=1; expires=Sun, 05 May 2024 07:24:16 GMT; secure; SameSite=None
pdhtkv49=true; expires=Sun, 05 May 2024 07:24:16 GMT; secure; SameSite=None
uncs49=1; expires=Sun, 05 May 2024 07:24:16 GMT; secure; SameSite=None
nlec172d9680245553e8052aafbe1bd64a13=[2019380,2229329,2229333,2229337]; expires=Sat, 04 May 2024 07:24:21 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1439df2b55df9716b4da2051ac330d20
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| designingpupilintermediary.com/watch.127576493755.js?dev=e&key=fb87135eb1bdee211d55a6d31f28b1bc&kw=%5B%22zip%22%2C%22url%22%2C%22shortener%22%5D&pst=1714807516&refer=https%3A%2F%2Fzip.lu%2F%3Fbanned%3D1&res=14.2071&rmtc=t&shu=7d9dfe366b6a827e695a5135e310a6a956215e2f57ac7c84e9aff210031dde219a4b8bd84bc76c33950471aea0a2a5eb0a27d82651241a95dacc7b9353631a2c8ce8d44fd93d9994f8871bc336aae77edd91877becbd0fb865866ee830772752109552&tz=0&uuid=e4bce864-fa29-4097-b6f4-e34a05d623f5%3A3%3A1 | 192.243.59.20 | 200 OK | 2.0 kB |
URL GET HTTP/1.1designingpupilintermediary.com/watch.127576493755.js?dev=e&key=fb87135eb1bdee211d55a6d31f28b1bc&kw=%5B%22zip%22%2C%22url%22%2C%22shortener%22%5D&pst=1714807516&refer=https%3A%2F%2Fzip.lu%2F%3Fbanned%3D1&res=14.2071&rmtc=t&shu=7d9dfe366b6a827e695a5135e310a6a956215e2f57ac7c84e9aff210031dde219a4b8bd84bc76c33950471aea0a2a5eb0a27d82651241a95dacc7b9353631a2c8ce8d44fd93d9994f8871bc336aae77edd91877becbd0fb865866ee830772752109552&tz=0&uuid=e4bce864-fa29-4097-b6f4-e34a05d623f5%3A3%3A1 IP192.243.59.20:443 ASN#39572 DataWeb Global Group B.V.
CertificateIssuerLet's Encrypt Subjectdesigningpupilintermediary.com FingerprintC6:2A:2C:CE:46:0C:19:DC:3F:A3:33:F7:CD:1E:20:1D:CC:46:93:78 ValidityMon, 29 Apr 2024 08:22:29 GMT - Sun, 28 Jul 2024 08:22:28 GMT
File typeJavaScript source, ASCII text, with very long lines (2497) Hash1df35b374fd3ba8b8bd7c670949db54b 809a311a5681fd48e13dcf583b7a4ab2d0075020 3fad818633a01d8821c98b3ee9d0b52e9f030e0dbf562c81123ac8bbccf64a20
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.127576493755.js?dev=e&key=fb87135eb1bdee211d55a6d31f28b1bc&kw=%5B%22zip%22%2C%22url%22%2C%22shortener%22%5D&pst=1714807516&refer=https%3A%2F%2Fzip.lu%2F%3Fbanned%3D1&res=14.2071&rmtc=t&shu=7d9dfe366b6a827e695a5135e310a6a956215e2f57ac7c84e9aff210031dde219a4b8bd84bc76c33950471aea0a2a5eb0a27d82651241a95dacc7b9353631a2c8ce8d44fd93d9994f8871bc336aae77edd91877becbd0fb865866ee830772752109552&tz=0&uuid=e4bce864-fa29-4097-b6f4-e34a05d623f5%3A3%3A1 HTTP/1.1
Host: designingpupilintermediary.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://zip.lu
Referer: https://zip.lu/
DNT: 1
Connection: keep-alive
Cookie: u_pl=22829219; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjgyOTIxOSwiayI6ImZiODcxMzVlYjFiZGVlMjExZDU1YTZkMzFmMjhiMWJjIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNjc1ODY4LCJwaWQiOjkzMDg4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjM0LCJhaWQiOjMyLCJwdCI6NCwicGsiOiJ6YXM3dzFtanQiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly96aXAubHUvP2Jhbm5lZD0xIiwiYXIiOltdfX0.x4V-YbMaz28DxGpGZqZohRewgpsltxYPfC_5fIrdH0Y
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 May 2024 07:24:16 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://zip.lu
Access-Control-Allow-Origin: https://zip.lu
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=e4bce864-fa29-4097-b6f4-e34a05d623f5:3:1; expires=Sat, 11 May 2024 07:24:16 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 05 May 2024 07:24:16 GMT; secure; SameSite=None
uncs=1; expires=Sun, 05 May 2024 07:24:16 GMT; secure; SameSite=None
pdhtkv32=true; expires=Sun, 05 May 2024 07:24:16 GMT; secure; SameSite=None
uncs32=1; expires=Sun, 05 May 2024 07:24:16 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: aa527b76dbec7835181f534e2bb6d539
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| cdn.cloudimagesb.com/cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png | 45.133.44.9 | 200 OK | 144 kB |
URL GET HTTP/2cdn.cloudimagesb.com/cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png IP45.133.44.9:443 ASN#39572 DataWeb Global Group B.V.
CertificateIssuerLet's Encrypt Subjectcdn.cloudimagesb.com FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0 ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT
File typePNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced Size144 kB (144379 bytes) Hash33c304429dc1a4408a96e6a74ffa2feb c45fa8e65528d1bb2b46bf8a28af9eeaa1903d04 dbed482e5948ead5587d30a22306a5b611305f704de940bd22c76daf90e0a314
GET /cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 07:24:16 GMT
content-type: image/png
content-length: 144379
server: nginx/1.21.6
last-modified: Wed, 27 Jul 2022 11:07:21 GMT
etag: "62e11c69-233fb"
expires: Mon, 06 May 2024 07:24:16 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| cdn.cloudimagesb.com/cti/d7/14/ea/d714ea0356c58a2679ce4074962c0e16/1588233398.jpeg | 45.133.44.9 | 200 OK | 23 kB |
URL GET HTTP/2cdn.cloudimagesb.com/cti/d7/14/ea/d714ea0356c58a2679ce4074962c0e16/1588233398.jpeg IP45.133.44.9:443 ASN#39572 DataWeb Global Group B.V.
CertificateIssuerLet's Encrypt Subjectcdn.cloudimagesb.com FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0 ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 320x240, components 3 Hash9a2dc4fe2ebb70df2dfb1566d22970b8 b85a5f4ef7bd68b834d03d8b9a552e2e546e8701 1983c705f5f4315c8cd002183eb9ed3c846abed8fc2a6f0a073185c249552efd
GET /cti/d7/14/ea/d714ea0356c58a2679ce4074962c0e16/1588233398.jpeg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 07:24:16 GMT
content-type: image/jpeg
content-length: 22757
server: nginx/1.21.6
last-modified: Thu, 30 Apr 2020 07:56:41 GMT
etag: "5eaa84b9-58e5"
expires: Mon, 06 May 2024 07:24:16 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| fibaffluencebetting.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz4sjRRSuXnNaQVAXL4KEBUFFMt2dpJO4yOK6jiyOO%2FvDxR8Xqe6qZMtUdzVVXenMnAYXZI85eNFTzZeZHdRB9A9wkczAIgPi5CIDOgf%2FBWHxKB0How%2Fq%2FajvFXzvffXZtj0lISw9ufqu2hRS0pV2w6%2B%2F9EEQXKqvicyO6%2BNu9HHUulTXo9d6UcN%2Fuf42T4ZqJfQD3w%2F8oL4qNO%2Br8UoFQuT7vaDR8xutsBG0Wxjr%2F9fGejDUAxudkmcg2Lx26F2ASGbI0u%2BucjMsVP7qW6mVtFAaI7Z3JxtmqsyQLtO%2B9tDP9s66oczx6kOobHdBF2r0b2Ms5sR79BBxtndGEvFoZ8EzluAZYvYkytEMXM4g6AyJugfBjgmQMFxfR5Y%2BuK50STf%2BQWmFzknt8Z8Q5ZzUfr%2BALP32ihTj%2Bm0lbSFUZjDuO4jxDGIwQ24PUGyegygPkBSfQrCfycrjNWTpzrqRCoK5xexCzCD6M0g%2BATUebHWEB9v3YHMPKTupJ0EQdHyWUL%2FbS5Im6%2FA4Yn5AO%2F2ABn7UhU0qehMU%2BQSJnCDRW8j1FoZiAm1%2FhLnrYJgHU8yJd3MLI%2BZQcoLSEJSUoBQEZUFQjtwukyY07gGTxsbBWQzPYtNNVTHYpruqGPCMgOoJNHPb%2BSl5utqP99FhgCE%2FqQedkPWirh%2B22u12k3f9dkhpP%2BZBzKIWDZowwkGYc4uRN8WcdJ%2F7DXml2dAhpgcw8gCJuAhqA9DSgd512Mz2C5FtWC0bqYoFmHLIixqKDW9bnpLnFwq98EsLPDm6%2FOj86%2Fn01%2FNItEOuHT4RhwQDeX96S5Vk55YqDfl%2BPS9EKjZppd7tghb8ia%2Ff4Rul0uzaVTP56o2kAqp0%2Fz1uijWaMZENDPnmimCM61WlE05%2BuGbe5%2FENa%2B5esTqz%2BdqNN1evpbnmxgiVzUDF8fpfSMSc1F58dvEtnzp%2BBULPoK1Dao%2FImUGoAyT5Fky%2BZG8UgZbLnjj3UFo31WG8vJSCQPJlTWMH8586XuZTTavXVLhtcx8DXQMt7iFLHUbaYSQdqJzA2PPTItdHl3%2F6orIvEcvaNJa6thNLLT9fLHlOLtZuVu5O5T6EESf1TrPp06jXDjodyjtxK%2Bz2o4BRGraiMIpoE4WZ99t%2FuL8BAAD%2F%2FwEAAP%2F%2F1jIBzXoEAAA%3D | 192.243.59.13 | 200 OK | 7 B |
URL GET HTTP/1.1fibaffluencebetting.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz4sjRRSuXnNaQVAXL4KEBUFFMt2dpJO4yOK6jiyOO%2FvDxR8Xqe6qZMtUdzVVXenMnAYXZI85eNFTzZeZHdRB9A9wkczAIgPi5CIDOgf%2FBWHxKB0How%2Fq%2FajvFXzvffXZtj0lISw9ufqu2hRS0pV2w6%2B%2F9EEQXKqvicyO6%2BNu9HHUulTXo9d6UcN%2Fuf42T4ZqJfQD3w%2F8oL4qNO%2Br8UoFQuT7vaDR8xutsBG0Wxjr%2F9fGejDUAxudkmcg2Lx26F2ASGbI0u%2BucjMsVP7qW6mVtFAaI7Z3JxtmqsyQLtO%2B9tDP9s66oczx6kOobHdBF2r0b2Ms5sR79BBxtndGEvFoZ8EzluAZYvYkytEMXM4g6AyJugfBjgmQMFxfR5Y%2BuK50STf%2BQWmFzknt8Z8Q5ZzUfr%2BALP32ihTj%2Bm0lbSFUZjDuO4jxDGIwQ24PUGyegygPkBSfQrCfycrjNWTpzrqRCoK5xexCzCD6M0g%2BATUebHWEB9v3YHMPKTupJ0EQdHyWUL%2FbS5Im6%2FA4Yn5AO%2F2ABn7UhU0qehMU%2BQSJnCDRW8j1FoZiAm1%2FhLnrYJgHU8yJd3MLI%2BZQcoLSEJSUoBQEZUFQjtwukyY07gGTxsbBWQzPYtNNVTHYpruqGPCMgOoJNHPb%2BSl5utqP99FhgCE%2FqQedkPWirh%2B22u12k3f9dkhpP%2BZBzKIWDZowwkGYc4uRN8WcdJ%2F7DXml2dAhpgcw8gCJuAhqA9DSgd512Mz2C5FtWC0bqYoFmHLIixqKDW9bnpLnFwq98EsLPDm6%2FOj86%2Fn01%2FNItEOuHT4RhwQDeX96S5Vk55YqDfl%2BPS9EKjZppd7tghb8ia%2Ff4Rul0uzaVTP56o2kAqp0%2Fz1uijWaMZENDPnmimCM61WlE05%2BuGbe5%2FENa%2B5esTqz%2BdqNN1evpbnmxgiVzUDF8fpfSMSc1F58dvEtnzp%2BBULPoK1Dao%2FImUGoAyT5Fky%2BZG8UgZbLnjj3UFo31WG8vJSCQPJlTWMH8586XuZTTavXVLhtcx8DXQMt7iFLHUbaYSQdqJzA2PPTItdHl3%2F6orIvEcvaNJa6thNLLT9fLHlOLtZuVu5O5T6EESf1TrPp06jXDjodyjtxK%2Bz2o4BRGraiMIpoE4WZ99t%2FuL8BAAD%2F%2FwEAAP%2F%2F1jIBzXoEAAA%3D IP192.243.59.13:443 ASN#39572 DataWeb Global Group B.V.
CertificateIssuerLet's Encrypt Subjectfibaffluencebetting.com Fingerprint75:D4:BF:BA:3B:8C:FF:E6:24:A2:A7:5E:0B:09:29:D2:E7:B2:6B:38 ValidityMon, 29 Apr 2024 08:42:41 GMT - Sun, 28 Jul 2024 08:42:40 GMT
File typeASCII text, with no line terminators Hash132d6af1b46048b45cf86cdee7991d31 eb7007d03d59b65bc6da7e098c4d38fc6dfb6285 ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz4sjRRSuXnNaQVAXL4KEBUFFMt2dpJO4yOK6jiyOO%2FvDxR8Xqe6qZMtUdzVVXenMnAYXZI85eNFTzZeZHdRB9A9wkczAIgPi5CIDOgf%2FBWHxKB0How%2Fq%2FajvFXzvffXZtj0lISw9ufqu2hRS0pV2w6%2B%2F9EEQXKqvicyO6%2BNu9HHUulTXo9d6UcN%2Fuf42T4ZqJfQD3w%2F8oL4qNO%2Br8UoFQuT7vaDR8xutsBG0Wxjr%2F9fGejDUAxudkmcg2Lx26F2ASGbI0u%2BucjMsVP7qW6mVtFAaI7Z3JxtmqsyQLtO%2B9tDP9s66oczx6kOobHdBF2r0b2Ms5sR79BBxtndGEvFoZ8EzluAZYvYkytEMXM4g6AyJugfBjgmQMFxfR5Y%2BuK50STf%2BQWmFzknt8Z8Q5ZzUfr%2BALP32ihTj%2Bm0lbSFUZjDuO4jxDGIwQ24PUGyegygPkBSfQrCfycrjNWTpzrqRCoK5xexCzCD6M0g%2BATUebHWEB9v3YHMPKTupJ0EQdHyWUL%2FbS5Im6%2FA4Yn5AO%2F2ABn7UhU0qehMU%2BQSJnCDRW8j1FoZiAm1%2FhLnrYJgHU8yJd3MLI%2BZQcoLSEJSUoBQEZUFQjtwukyY07gGTxsbBWQzPYtNNVTHYpruqGPCMgOoJNHPb%2BSl5utqP99FhgCE%2FqQedkPWirh%2B22u12k3f9dkhpP%2BZBzKIWDZowwkGYc4uRN8WcdJ%2F7DXml2dAhpgcw8gCJuAhqA9DSgd512Mz2C5FtWC0bqYoFmHLIixqKDW9bnpLnFwq98EsLPDm6%2FOj86%2Fn01%2FNItEOuHT4RhwQDeX96S5Vk55YqDfl%2BPS9EKjZppd7tghb8ia%2Ff4Rul0uzaVTP56o2kAqp0%2Fz1uijWaMZENDPnmimCM61WlE05%2BuGbe5%2FENa%2B5esTqz%2BdqNN1evpbnmxgiVzUDF8fpfSMSc1F58dvEtnzp%2BBULPoK1Dao%2FImUGoAyT5Fky%2BZG8UgZbLnjj3UFo31WG8vJSCQPJlTWMH8586XuZTTavXVLhtcx8DXQMt7iFLHUbaYSQdqJzA2PPTItdHl3%2F6orIvEcvaNJa6thNLLT9fLHlOLtZuVu5O5T6EESf1TrPp06jXDjodyjtxK%2Bz2o4BRGraiMIpoE4WZ99t%2FuL8BAAD%2F%2FwEAAP%2F%2F1jIBzXoEAAA%3D HTTP/1.1
Host: fibaffluencebetting.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Cookie: u_pl=22725681; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec172d9680245553e8052aafbe1bd64a13=[2019380,2229329,2229333,2229337]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 May 2024 07:24:16 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 220f4719574d0751f53c38ab595a05ac
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| cdn.cloudimagesb.com/cti/f7/13/0e/f7130e7f47db248dc886c97a1e4c3e2b/1588233482.jpg | 45.133.44.9 | 200 OK | 32 kB |
URL GET HTTP/2cdn.cloudimagesb.com/cti/f7/13/0e/f7130e7f47db248dc886c97a1e4c3e2b/1588233482.jpg IP45.133.44.9:443 ASN#39572 DataWeb Global Group B.V.
CertificateIssuerLet's Encrypt Subjectcdn.cloudimagesb.com FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0 ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 321x240, components 3 Hash3528385dd0c31dbd2e5bfc4af7a6bec5 832c580ffd7711115d6c036ab4232f5bd88480a4 bfbfeebfcb679ca578055235614cc679b0757bad272996ef89b7fd5615a2db75
GET /cti/f7/13/0e/f7130e7f47db248dc886c97a1e4c3e2b/1588233482.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 07:24:16 GMT
content-type: image/jpeg
content-length: 32471
server: nginx/1.21.6
last-modified: Thu, 30 Apr 2020 07:58:05 GMT
etag: "5eaa850d-7ed7"
expires: Mon, 06 May 2024 07:24:16 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| cdn.cloudimagesb.com/cti/5e/78/a9/5e78a94057ff65f06ec19e727c7be04f/1588233511.jpg | 45.133.44.9 | 200 OK | 24 kB |
URL GET HTTP/2cdn.cloudimagesb.com/cti/5e/78/a9/5e78a94057ff65f06ec19e727c7be04f/1588233511.jpg IP45.133.44.9:443 ASN#39572 DataWeb Global Group B.V.
CertificateIssuerLet's Encrypt Subjectcdn.cloudimagesb.com FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0 ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 320x240, components 3 Hashd71c872fb9f50bd9383abc0721d1d51e 1f69b40ef2f95798b4e0fd738d630ad4319cd739 6b4a622b9de1ffab8fe905fc8c4633994c732476664b5190ceedd62a3795ab08
GET /cti/5e/78/a9/5e78a94057ff65f06ec19e727c7be04f/1588233511.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 07:24:16 GMT
content-type: image/jpeg
content-length: 24518
server: nginx/1.21.6
last-modified: Thu, 30 Apr 2020 07:58:34 GMT
etag: "5eaa852a-5fc6"
expires: Mon, 06 May 2024 07:24:16 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| cdn.cloudimagesb.com/cti/d6/e8/37/d6e83777d7311d26f1ac5b2b62a81218/1588233535.jpg | 45.133.44.9 | 200 OK | 28 kB |
URL GET HTTP/2cdn.cloudimagesb.com/cti/d6/e8/37/d6e83777d7311d26f1ac5b2b62a81218/1588233535.jpg IP45.133.44.9:443 ASN#39572 DataWeb Global Group B.V.
CertificateIssuerLet's Encrypt Subjectcdn.cloudimagesb.com FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0 ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 320x240, components 3 Hash1dcde64d47d24d151a1433ecf4403dd7 443d6704b5a294e000084d7a8ac823e526093928 d11bcd65a82589c2c31d6fd87cb16ec673dd5640462ad3d20ff53e014a435376
GET /cti/d6/e8/37/d6e83777d7311d26f1ac5b2b62a81218/1588233535.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 07:24:16 GMT
content-type: image/jpeg
content-length: 27832
server: nginx/1.21.6
last-modified: Thu, 30 Apr 2020 07:58:58 GMT
etag: "5eaa8542-6cb8"
expires: Mon, 06 May 2024 07:24:16 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| fibaffluencebetting.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzWskxRuuzm9O%2BV38WLwIMiwICjLp7pnpmXGRxRgjwbjZDxc%2FLlLd1TMpp7qrqeqanuQUXJA9zsGLnirPJBvUIPoHuMgksEhQzFwkoDl49yQsHqXHwdEX6v2o5y143vepj%2FfNJfFh6MXaW3KXC0FXmjW3%2BsK7nnetuslTM6wO28EHQeNaVQ1e7gQ198XqG3HUlyu%2B67mu53rVda7irhyulCB4dtzxah231vBrXrOBofpvrY0DTR2wwSV5CpxNK6fOFfBogjT5ei3W%2FVxmL72eGEFzqTBgR3fTfiqLFMki7SoH3fRo3g2pz9cfQqaHM7qQg38aQz4lzqOHCNOjOUmEg4MZz1AgThGy%2F6MYTBCLCTidIJL3wNk5ASKGG1tIkwc3pCrozt8oLdEpqTz%2BA7yYksqvV5AmX60KPqzekcLkXKYaw64FH07AexNk5gT57hJ4cYIo%2Fwic%2FUhWHm8iTQ62tJDgzM5m53wC3p1AxCNQ7cCUhzswXQcmc5Cwi2rkeV7LZRF1250oqrNWHAbM9Wir61HPDdowUUlvhDwbIRIjRGoPmdpDn4%2BgzHfQ2xaaOdD5lDi39jBgFkVMUGiCghIUnKDICYqBPWRC%2B9o%2BYEKb0JtHfx7rdizz3j49lHkvTgmoGkExu59dkifL%2FTjvn3roxxdVr%2BWzTtB2%2FUaz2azHbbfpU9oNYy9kQYN6dWhuwfXSbORdPiXtZ35BVmrWtwjpCbQ4QcSvghoPtLCg2xa76XHO0x2jRC2RIQeTFlleQb7j7ItL8uxMoauVW4ijs%2BuPll%2FJxj8vI1IWmbL4kJ8S9MT98W1ZkIPbstDkm60s5wnfpaV6d3Kax%2F%2F74s14p5CKbazp0eevRiVQpsdvxzrfpCnjaU%2BTL1c5Y7FalyqKybcb%2Bp04vGn09qpRqck2b762vpFkKtaay3QCys%2B3%2FkTEp6Ty%2FNOzb%2FnED7%2BDqwmUsUjMGZkbuDxBlO1BZwv2WhIosegJsyUUxo6VHy4uBScQ8aKmoYX%2BVx0u8rGi5WvK7b6%2Bj56qgOb3kCYWA2UxEBZUjKDN8jjP1Nn17z8t7TOEojIOhaochEKJT6bkuZ8as02X7m7p3oPmF9VWve7SoNP0Wi0at8KG3%2B4GHqPUbwR%2BENA6cj3tNn%2BzfwEAAP%2F%2FAQAA%2F%2F%2Fn3UMxegQAAA%3D%3D | 192.243.59.13 | 200 OK | 7 B |
URL GET HTTP/1.1fibaffluencebetting.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzWskxRuuzm9O%2BV38WLwIMiwICjLp7pnpmXGRxRgjwbjZDxc%2FLlLd1TMpp7qrqeqanuQUXJA9zsGLnirPJBvUIPoHuMgksEhQzFwkoDl49yQsHqXHwdEX6v2o5y143vepj%2FfNJfFh6MXaW3KXC0FXmjW3%2BsK7nnetuslTM6wO28EHQeNaVQ1e7gQ198XqG3HUlyu%2B67mu53rVda7irhyulCB4dtzxah231vBrXrOBofpvrY0DTR2wwSV5CpxNK6fOFfBogjT5ei3W%2FVxmL72eGEFzqTBgR3fTfiqLFMki7SoH3fRo3g2pz9cfQqaHM7qQg38aQz4lzqOHCNOjOUmEg4MZz1AgThGy%2F6MYTBCLCTidIJL3wNk5ASKGG1tIkwc3pCrozt8oLdEpqTz%2BA7yYksqvV5AmX60KPqzekcLkXKYaw64FH07AexNk5gT57hJ4cYIo%2Fwic%2FUhWHm8iTQ62tJDgzM5m53wC3p1AxCNQ7cCUhzswXQcmc5Cwi2rkeV7LZRF1250oqrNWHAbM9Wir61HPDdowUUlvhDwbIRIjRGoPmdpDn4%2BgzHfQ2xaaOdD5lDi39jBgFkVMUGiCghIUnKDICYqBPWRC%2B9o%2BYEKb0JtHfx7rdizz3j49lHkvTgmoGkExu59dkifL%2FTjvn3roxxdVr%2BWzTtB2%2FUaz2azHbbfpU9oNYy9kQYN6dWhuwfXSbORdPiXtZ35BVmrWtwjpCbQ4QcSvghoPtLCg2xa76XHO0x2jRC2RIQeTFlleQb7j7ItL8uxMoauVW4ijs%2BuPll%2FJxj8vI1IWmbL4kJ8S9MT98W1ZkIPbstDkm60s5wnfpaV6d3Kax%2F%2F74s14p5CKbazp0eevRiVQpsdvxzrfpCnjaU%2BTL1c5Y7FalyqKybcb%2Bp04vGn09qpRqck2b762vpFkKtaay3QCys%2B3%2FkTEp6Ty%2FNOzb%2FnED7%2BDqwmUsUjMGZkbuDxBlO1BZwv2WhIosegJsyUUxo6VHy4uBScQ8aKmoYX%2BVx0u8rGi5WvK7b6%2Bj56qgOb3kCYWA2UxEBZUjKDN8jjP1Nn17z8t7TOEojIOhaochEKJT6bkuZ8as02X7m7p3oPmF9VWve7SoNP0Wi0at8KG3%2B4GHqPUbwR%2BENA6cj3tNn%2BzfwEAAP%2F%2FAQAA%2F%2F%2Fn3UMxegQAAA%3D%3D IP192.243.59.13:443 ASN#39572 DataWeb Global Group B.V.
CertificateIssuerLet's Encrypt Subjectfibaffluencebetting.com Fingerprint75:D4:BF:BA:3B:8C:FF:E6:24:A2:A7:5E:0B:09:29:D2:E7:B2:6B:38 ValidityMon, 29 Apr 2024 08:42:41 GMT - Sun, 28 Jul 2024 08:42:40 GMT
File typeASCII text, with no line terminators Hash132d6af1b46048b45cf86cdee7991d31 eb7007d03d59b65bc6da7e098c4d38fc6dfb6285 ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSzWskxRuuzm9O%2BV38WLwIMiwICjLp7pnpmXGRxRgjwbjZDxc%2FLlLd1TMpp7qrqeqanuQUXJA9zsGLnirPJBvUIPoHuMgksEhQzFwkoDl49yQsHqXHwdEX6v2o5y143vepj%2FfNJfFh6MXaW3KXC0FXmjW3%2BsK7nnetuslTM6wO28EHQeNaVQ1e7gQ198XqG3HUlyu%2B67mu53rVda7irhyulCB4dtzxah231vBrXrOBofpvrY0DTR2wwSV5CpxNK6fOFfBogjT5ei3W%2FVxmL72eGEFzqTBgR3fTfiqLFMki7SoH3fRo3g2pz9cfQqaHM7qQg38aQz4lzqOHCNOjOUmEg4MZz1AgThGy%2F6MYTBCLCTidIJL3wNk5ASKGG1tIkwc3pCrozt8oLdEpqTz%2BA7yYksqvV5AmX60KPqzekcLkXKYaw64FH07AexNk5gT57hJ4cYIo%2Fwic%2FUhWHm8iTQ62tJDgzM5m53wC3p1AxCNQ7cCUhzswXQcmc5Cwi2rkeV7LZRF1250oqrNWHAbM9Wir61HPDdowUUlvhDwbIRIjRGoPmdpDn4%2BgzHfQ2xaaOdD5lDi39jBgFkVMUGiCghIUnKDICYqBPWRC%2B9o%2BYEKb0JtHfx7rdizz3j49lHkvTgmoGkExu59dkifL%2FTjvn3roxxdVr%2BWzTtB2%2FUaz2azHbbfpU9oNYy9kQYN6dWhuwfXSbORdPiXtZ35BVmrWtwjpCbQ4QcSvghoPtLCg2xa76XHO0x2jRC2RIQeTFlleQb7j7ItL8uxMoauVW4ijs%2BuPll%2FJxj8vI1IWmbL4kJ8S9MT98W1ZkIPbstDkm60s5wnfpaV6d3Kax%2F%2F74s14p5CKbazp0eevRiVQpsdvxzrfpCnjaU%2BTL1c5Y7FalyqKybcb%2Bp04vGn09qpRqck2b762vpFkKtaay3QCys%2B3%2FkTEp6Ty%2FNOzb%2FnED7%2BDqwmUsUjMGZkbuDxBlO1BZwv2WhIosegJsyUUxo6VHy4uBScQ8aKmoYX%2BVx0u8rGi5WvK7b6%2Bj56qgOb3kCYWA2UxEBZUjKDN8jjP1Nn17z8t7TOEojIOhaochEKJT6bkuZ8as02X7m7p3oPmF9VWve7SoNP0Wi0at8KG3%2B4GHqPUbwR%2BENA6cj3tNn%2BzfwEAAP%2F%2FAQAA%2F%2F%2Fn3UMxegQAAA%3D%3D HTTP/1.1
Host: fibaffluencebetting.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Cookie: u_pl=22725681; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec172d9680245553e8052aafbe1bd64a13=[2019380,2229329,2229333,2229337]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 May 2024 07:24:16 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 233cc8045118c885b114a6814a16a805
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| fibaffluencebetting.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuXucUL%2F5YvAgyLAgKMunumemZcZHFGCPBuNkfLv64SHVXz6Sc6q6mqmt6klNwQfY4By96qnyTbFCD6B%2FgIpPAIkExc5GA5uA%2F4EFYPErPDo4%2B6H7v1fcKvvd99emeuSA%2BDD1ffUfucCHocrPmVl963%2FOuVjd4aobVYTv4KGhcrarBq52g5r5cfSuO%2BnLZdz3X9VyvusZV3JXD5RIEz446Xq3j1hp%2BzWs2MFT%2F77VxoKkDNrggz4CzaeXEuQweTZAm367Gup%2FL7JU3EyNoLhUG7PBO2k9lkSJZlF3loJsezqch9dnaA8j0YEYXcvDvYMinxHn4AGF6OCeJcLA%2F4xkKxClC9iSKwQSxmIDTCSJ5F5ydESBiuL6JNLl%2FXaqCbj9GaYlOSeXRX%2BDFlFR%2Bv4w0%2BWZF8GH1thQm5zLVGHYt%2BHAC3psgM8fIdy6BF8eI8k%2FA2c9k%2BdEG0mR%2FUwsJzuxsd84n4N0JRDwC1Q5M%2BXEHpuvAZA4Sdl6NPM9ruSyibrsTRXXWisOAuR5tdT3quUEbJirpjZBnI0RihEjtIlO76PMRlPkBestCMwc6nxLn5i4GzKKICQpNUFCCghMUOUExsAdMaF%2Fb%2B0xoE3rz7M9z3Y5l3tujBzLvxSkBVSMoZveyC%2FJ0qY%2Fz4YmHfnxe9Vo%2B6wRt1280m8163HabPqXdMPZCFjSoV4fmFlxfmq28w6ek%2FdxvyErP%2BhYhPYYWx4j4FVDjgRYWdMtiJz3KebptlKglMuRg0iLLK8i3nT1xQZ6fOXSl8gHi6PTaw6XXsvGvS4iURaYsPuYnBD1xb3xLFmT%2Fliw0%2BW4zy3nCd2jp3u2c5vETX70dbxdSsfVVPfry9agEyvLo3VjnGzRlPO1p8vUKZyxWa1JFMfl%2BXb8XhzeM3loxKjXZxo031taTTMVac5lOQPnZ5t%2BI%2BJRUXnx29iyf%2BulPcDWBMhaJOSXzAJfHiLJd6GzBXksCJRYzYVZBYexY%2BeHiUHACES96Glro%2F%2FThoh4rWt6m3O7pe%2BipCmh%2BF2liMVAWA2FBxQjaLI3zTJ1e%2B%2FHzMr5AKCrjUKjKfiiU%2BGxKXvilUSp9s%2Fzdeay55ufVVr3u0qDT9FotGrfCht%2FuBh6j1G8EfhDQOnI97Tb%2FsP8AAAD%2F%2FwEAAP%2F%2Fu%2FZuFnoEAAA%3D | 192.243.59.13 | 200 OK | 7 B |
URL GET HTTP/1.1fibaffluencebetting.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuXucUL%2F5YvAgyLAgKMunumemZcZHFGCPBuNkfLv64SHVXz6Sc6q6mqmt6klNwQfY4By96qnyTbFCD6B%2FgIpPAIkExc5GA5uA%2F4EFYPErPDo4%2B6H7v1fcKvvd99emeuSA%2BDD1ffUfucCHocrPmVl963%2FOuVjd4aobVYTv4KGhcrarBq52g5r5cfSuO%2BnLZdz3X9VyvusZV3JXD5RIEz446Xq3j1hp%2BzWs2MFT%2F77VxoKkDNrggz4CzaeXEuQweTZAm367Gup%2FL7JU3EyNoLhUG7PBO2k9lkSJZlF3loJsezqch9dnaA8j0YEYXcvDvYMinxHn4AGF6OCeJcLA%2F4xkKxClC9iSKwQSxmIDTCSJ5F5ydESBiuL6JNLl%2FXaqCbj9GaYlOSeXRX%2BDFlFR%2Bv4w0%2BWZF8GH1thQm5zLVGHYt%2BHAC3psgM8fIdy6BF8eI8k%2FA2c9k%2BdEG0mR%2FUwsJzuxsd84n4N0JRDwC1Q5M%2BXEHpuvAZA4Sdl6NPM9ruSyibrsTRXXWisOAuR5tdT3quUEbJirpjZBnI0RihEjtIlO76PMRlPkBestCMwc6nxLn5i4GzKKICQpNUFCCghMUOUExsAdMaF%2Fb%2B0xoE3rz7M9z3Y5l3tujBzLvxSkBVSMoZveyC%2FJ0qY%2Fz4YmHfnxe9Vo%2B6wRt1280m8163HabPqXdMPZCFjSoV4fmFlxfmq28w6ek%2FdxvyErP%2BhYhPYYWx4j4FVDjgRYWdMtiJz3KebptlKglMuRg0iLLK8i3nT1xQZ6fOXSl8gHi6PTaw6XXsvGvS4iURaYsPuYnBD1xb3xLFmT%2Fliw0%2BW4zy3nCd2jp3u2c5vETX70dbxdSsfVVPfry9agEyvLo3VjnGzRlPO1p8vUKZyxWa1JFMfl%2BXb8XhzeM3loxKjXZxo031taTTMVac5lOQPnZ5t%2BI%2BJRUXnx29iyf%2BulPcDWBMhaJOSXzAJfHiLJd6GzBXksCJRYzYVZBYexY%2BeHiUHACES96Glro%2F%2FThoh4rWt6m3O7pe%2BipCmh%2BF2liMVAWA2FBxQjaLI3zTJ1e%2B%2FHzMr5AKCrjUKjKfiiU%2BGxKXvilUSp9s%2Fzdeay55ufVVr3u0qDT9FotGrfCht%2FuBh6j1G8EfhDQOnI97Tb%2FsP8AAAD%2F%2FwEAAP%2F%2Fu%2FZuFnoEAAA%3D IP192.243.59.13:443 ASN#39572 DataWeb Global Group B.V.
CertificateIssuerLet's Encrypt Subjectfibaffluencebetting.com Fingerprint75:D4:BF:BA:3B:8C:FF:E6:24:A2:A7:5E:0B:09:29:D2:E7:B2:6B:38 ValidityMon, 29 Apr 2024 08:42:41 GMT - Sun, 28 Jul 2024 08:42:40 GMT
File typeASCII text, with no line terminators Hash132d6af1b46048b45cf86cdee7991d31 eb7007d03d59b65bc6da7e098c4d38fc6dfb6285 ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuXucUL%2F5YvAgyLAgKMunumemZcZHFGCPBuNkfLv64SHVXz6Sc6q6mqmt6klNwQfY4By96qnyTbFCD6B%2FgIpPAIkExc5GA5uA%2F4EFYPErPDo4%2B6H7v1fcKvvd99emeuSA%2BDD1ffUfucCHocrPmVl963%2FOuVjd4aobVYTv4KGhcrarBq52g5r5cfSuO%2BnLZdz3X9VyvusZV3JXD5RIEz446Xq3j1hp%2BzWs2MFT%2F77VxoKkDNrggz4CzaeXEuQweTZAm367Gup%2FL7JU3EyNoLhUG7PBO2k9lkSJZlF3loJsezqch9dnaA8j0YEYXcvDvYMinxHn4AGF6OCeJcLA%2F4xkKxClC9iSKwQSxmIDTCSJ5F5ydESBiuL6JNLl%2FXaqCbj9GaYlOSeXRX%2BDFlFR%2Bv4w0%2BWZF8GH1thQm5zLVGHYt%2BHAC3psgM8fIdy6BF8eI8k%2FA2c9k%2BdEG0mR%2FUwsJzuxsd84n4N0JRDwC1Q5M%2BXEHpuvAZA4Sdl6NPM9ruSyibrsTRXXWisOAuR5tdT3quUEbJirpjZBnI0RihEjtIlO76PMRlPkBestCMwc6nxLn5i4GzKKICQpNUFCCghMUOUExsAdMaF%2Fb%2B0xoE3rz7M9z3Y5l3tujBzLvxSkBVSMoZveyC%2FJ0qY%2Fz4YmHfnxe9Vo%2B6wRt1280m8163HabPqXdMPZCFjSoV4fmFlxfmq28w6ek%2FdxvyErP%2BhYhPYYWx4j4FVDjgRYWdMtiJz3KebptlKglMuRg0iLLK8i3nT1xQZ6fOXSl8gHi6PTaw6XXsvGvS4iURaYsPuYnBD1xb3xLFmT%2Fliw0%2BW4zy3nCd2jp3u2c5vETX70dbxdSsfVVPfry9agEyvLo3VjnGzRlPO1p8vUKZyxWa1JFMfl%2BXb8XhzeM3loxKjXZxo031taTTMVac5lOQPnZ5t%2BI%2BJRUXnx29iyf%2BulPcDWBMhaJOSXzAJfHiLJd6GzBXksCJRYzYVZBYexY%2BeHiUHACES96Glro%2F%2FThoh4rWt6m3O7pe%2BipCmh%2BF2liMVAWA2FBxQjaLI3zTJ1e%2B%2FHzMr5AKCrjUKjKfiiU%2BGxKXvilUSp9s%2Fzdeay55ufVVr3u0qDT9FotGrfCht%2FuBh6j1G8EfhDQOnI97Tb%2FsP8AAAD%2F%2FwEAAP%2F%2Fu%2FZuFnoEAAA%3D HTTP/1.1
Host: fibaffluencebetting.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Cookie: u_pl=22725681; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec172d9680245553e8052aafbe1bd64a13=[2019380,2229329,2229333,2229337]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 May 2024 07:24:17 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9b6970a32196bbcb3ac3690d3a613847
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| cdn.cloudimagesb.com/cti/42/9d/39/429d39c381ed333edc13827196e894b4/1708270395.jpg | 45.133.44.9 | 200 OK | 39 kB |
URL GET HTTP/2cdn.cloudimagesb.com/cti/42/9d/39/429d39c381ed333edc13827196e894b4/1708270395.jpg IP45.133.44.9:443 ASN#39572 DataWeb Global Group B.V.
CertificateIssuerLet's Encrypt Subjectcdn.cloudimagesb.com FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0 ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT
File typeJPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 24.5 (Windows), datetime=2024:02:18 16:14:48], progressive, precision 8, 320x50, components 3 Hash263f39132887c7add9bcf040df119271 23e11d4587d65cf9e1a634f357e34c90023ea716 aba32ac81423e3689fb90338e51fbdf841d9aa5ddcb38f485be2fdd17efd1597
GET /cti/42/9d/39/429d39c381ed333edc13827196e894b4/1708270395.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 07:24:17 GMT
content-type: image/jpeg
content-length: 38953
server: nginx/1.21.6
last-modified: Sun, 18 Feb 2024 15:33:24 GMT
etag: "65d22344-9829"
expires: Mon, 06 May 2024 07:24:17 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| fibaffluencebetting.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSTYscRRiujnOKIKjBiyBDQFCR2e75XoMEY1wJrtl8GPy4SH31pJzqrqaqe3p2T4sByXEOXvRU%2B8wmQV1Ef4BBZheCLIg7F1nQPfgXhOBRelwcfaHej3regud9n%2FpspzghTRT0%2BPK7ZktpTVc6jbD%2B0gdRdKG%2BrtJiXB%2F3ux932xfqdvTaarcRvlx%2FW%2FKhWWmGURhGYVRfU1bGZrxSgVDZ3mrUWA0b7WYj6rQxtv%2BvXRHA0QBidEKegRLz2kFwDorPkCbfXZZumJvs1beSQtPcWIzEg1vpMDVlimSZxjZAnD447YZxR2sPYdJ7C7owo38bmZqT4NFDsPTBKUmw0e6CJ9OQKZh4EuVoBqlnUHQGbu5AiSMCcIGrG0iT%2B1eNLenmPyit0DmpPf4TqpyT2u%2FnkCbfXtJqXL9pdJErkzqMYw81nkENZsiKfeRbZ6DKffD8UyjxM1l5vI402d1w2kAJv5hdqRlUPIOWE1AXoKiOClDEAYosQCKO6zyKol4oOA37q5y3RE%2Byrggj2osjGoXdPgpe0ZsgzybgegJut5HZbQzVBLb4Ee62hxMBXD4nwfVtjIRHKQlKR1BSglIRlDlBOfL3hHZN5%2B8L7QoWncbmaWz5qckHO%2FSeyQcyJaB2Aiv8TnZCnq72E3x0EGEoj%2BtRrylWu%2F2w2e50Oi3ZDztNSmMmIya6bRq14JSHcmcWI2%2BpOek%2F9xuySrOhB6P7cHofXJ0HLSLQ0oPe9thK93KVbhZWNxLDFITxyPIa8s1gR5%2BQ5xcKvfBLG5IfXnx09vVs%2ButZcOuRWY9P1AHBQN%2Bd3jAl2b1hSke%2B38hylagtWql3M6e5fOLrd%2BRmaay4ctlNvnqDV0CV7r0nXb5OU6HSgSPfXFJCSLtmLJfkhyvufcmuFe72pcKmRbZ%2B7c21K0lmpXPKpDNQdbTxF7iak9qLzy6%2B5VNHr0DZGWzhkRSH5NSgzD54tg2XLdk7Q2D1sodlAcrCT22TLS%2B1ItByWVPm4f5Ts2U%2BtbR6TZXfcXcxsDXQ%2FA7SxGNkPUbag%2BoJXHF2mmf28OJPX1T2JZiuTZm2tV2mrf58seQ5OV%2B7XrlblfsQTh3XW6HoMRnLHpPtTjuWXLBOh4U85qwl%2Bn2O3M3jzh%2F%2BbwAAAP%2F%2FAQAA%2F%2F9W5tQlegQAAA%3D%3D | 192.243.59.13 | 200 OK | 7 B |
URL GET HTTP/1.1fibaffluencebetting.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSTYscRRiujnOKIKjBiyBDQFCR2e75XoMEY1wJrtl8GPy4SH31pJzqrqaqe3p2T4sByXEOXvRU%2B8wmQV1Ef4BBZheCLIg7F1nQPfgXhOBRelwcfaHej3regud9n%2FpspzghTRT0%2BPK7ZktpTVc6jbD%2B0gdRdKG%2BrtJiXB%2F3ux932xfqdvTaarcRvlx%2FW%2FKhWWmGURhGYVRfU1bGZrxSgVDZ3mrUWA0b7WYj6rQxtv%2BvXRHA0QBidEKegRLz2kFwDorPkCbfXZZumJvs1beSQtPcWIzEg1vpMDVlimSZxjZAnD447YZxR2sPYdJ7C7owo38bmZqT4NFDsPTBKUmw0e6CJ9OQKZh4EuVoBqlnUHQGbu5AiSMCcIGrG0iT%2B1eNLenmPyit0DmpPf4TqpyT2u%2FnkCbfXtJqXL9pdJErkzqMYw81nkENZsiKfeRbZ6DKffD8UyjxM1l5vI402d1w2kAJv5hdqRlUPIOWE1AXoKiOClDEAYosQCKO6zyKol4oOA37q5y3RE%2Byrggj2osjGoXdPgpe0ZsgzybgegJut5HZbQzVBLb4Ee62hxMBXD4nwfVtjIRHKQlKR1BSglIRlDlBOfL3hHZN5%2B8L7QoWncbmaWz5qckHO%2FSeyQcyJaB2Aiv8TnZCnq72E3x0EGEoj%2BtRrylWu%2F2w2e50Oi3ZDztNSmMmIya6bRq14JSHcmcWI2%2BpOek%2F9xuySrOhB6P7cHofXJ0HLSLQ0oPe9thK93KVbhZWNxLDFITxyPIa8s1gR5%2BQ5xcKvfBLG5IfXnx09vVs%2ButZcOuRWY9P1AHBQN%2Bd3jAl2b1hSke%2B38hylagtWql3M6e5fOLrd%2BRmaay4ctlNvnqDV0CV7r0nXb5OU6HSgSPfXFJCSLtmLJfkhyvufcmuFe72pcKmRbZ%2B7c21K0lmpXPKpDNQdbTxF7iak9qLzy6%2B5VNHr0DZGWzhkRSH5NSgzD54tg2XLdk7Q2D1sodlAcrCT22TLS%2B1ItByWVPm4f5Ts2U%2BtbR6TZXfcXcxsDXQ%2FA7SxGNkPUbag%2BoJXHF2mmf28OJPX1T2JZiuTZm2tV2mrf58seQ5OV%2B7XrlblfsQTh3XW6HoMRnLHpPtTjuWXLBOh4U85qwl%2Bn2O3M3jzh%2F%2BbwAAAP%2F%2FAQAA%2F%2F9W5tQlegQAAA%3D%3D IP192.243.59.13:443 ASN#39572 DataWeb Global Group B.V.
CertificateIssuerLet's Encrypt Subjectfibaffluencebetting.com Fingerprint75:D4:BF:BA:3B:8C:FF:E6:24:A2:A7:5E:0B:09:29:D2:E7:B2:6B:38 ValidityMon, 29 Apr 2024 08:42:41 GMT - Sun, 28 Jul 2024 08:42:40 GMT
File typeASCII text, with no line terminators Hash132d6af1b46048b45cf86cdee7991d31 eb7007d03d59b65bc6da7e098c4d38fc6dfb6285 ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSTYscRRiujnOKIKjBiyBDQFCR2e75XoMEY1wJrtl8GPy4SH31pJzqrqaqe3p2T4sByXEOXvRU%2B8wmQV1Ef4BBZheCLIg7F1nQPfgXhOBRelwcfaHej3regud9n%2FpspzghTRT0%2BPK7ZktpTVc6jbD%2B0gdRdKG%2BrtJiXB%2F3ux932xfqdvTaarcRvlx%2FW%2FKhWWmGURhGYVRfU1bGZrxSgVDZ3mrUWA0b7WYj6rQxtv%2BvXRHA0QBidEKegRLz2kFwDorPkCbfXZZumJvs1beSQtPcWIzEg1vpMDVlimSZxjZAnD447YZxR2sPYdJ7C7owo38bmZqT4NFDsPTBKUmw0e6CJ9OQKZh4EuVoBqlnUHQGbu5AiSMCcIGrG0iT%2B1eNLenmPyit0DmpPf4TqpyT2u%2FnkCbfXtJqXL9pdJErkzqMYw81nkENZsiKfeRbZ6DKffD8UyjxM1l5vI402d1w2kAJv5hdqRlUPIOWE1AXoKiOClDEAYosQCKO6zyKol4oOA37q5y3RE%2Byrggj2osjGoXdPgpe0ZsgzybgegJut5HZbQzVBLb4Ee62hxMBXD4nwfVtjIRHKQlKR1BSglIRlDlBOfL3hHZN5%2B8L7QoWncbmaWz5qckHO%2FSeyQcyJaB2Aiv8TnZCnq72E3x0EGEoj%2BtRrylWu%2F2w2e50Oi3ZDztNSmMmIya6bRq14JSHcmcWI2%2BpOek%2F9xuySrOhB6P7cHofXJ0HLSLQ0oPe9thK93KVbhZWNxLDFITxyPIa8s1gR5%2BQ5xcKvfBLG5IfXnx09vVs%2ButZcOuRWY9P1AHBQN%2Bd3jAl2b1hSke%2B38hylagtWql3M6e5fOLrd%2BRmaay4ctlNvnqDV0CV7r0nXb5OU6HSgSPfXFJCSLtmLJfkhyvufcmuFe72pcKmRbZ%2B7c21K0lmpXPKpDNQdbTxF7iak9qLzy6%2B5VNHr0DZGWzhkRSH5NSgzD54tg2XLdk7Q2D1sodlAcrCT22TLS%2B1ItByWVPm4f5Ts2U%2BtbR6TZXfcXcxsDXQ%2FA7SxGNkPUbag%2BoJXHF2mmf28OJPX1T2JZiuTZm2tV2mrf58seQ5OV%2B7XrlblfsQTh3XW6HoMRnLHpPtTjuWXLBOh4U85qwl%2Bn2O3M3jzh%2F%2BbwAAAP%2F%2FAQAA%2F%2F9W5tQlegQAAA%3D%3D HTTP/1.1
Host: fibaffluencebetting.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Cookie: u_pl=22725681; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec172d9680245553e8052aafbe1bd64a13=[2019380,2229329,2229333,2229337]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 May 2024 07:24:17 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6da4684f4e22df8ee952611ac1d668e2
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| compositeclauseviscount.com/pixel/purst?dl=0&th=0&sc=0&rs=3380&rd=3380&fd=763&bv=24.5.6485&tmpl=136 | 192.243.59.20 | 200 OK | 0 B |
URL GET HTTP/1.1compositeclauseviscount.com/pixel/purst?dl=0&th=0&sc=0&rs=3380&rd=3380&fd=763&bv=24.5.6485&tmpl=136 IP192.243.59.20:443 ASN#39572 DataWeb Global Group B.V.
CertificateIssuerLet's Encrypt Subjectcompositeclauseviscount.com Fingerprint43:62:25:F8:16:A9:06:21:0F:31:1E:1E:A7:99:DC:0E:98:0D:E9:B0 ValidityTue, 30 Apr 2024 15:26:58 GMT - Mon, 29 Jul 2024 15:26:57 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pixel/purst?dl=0&th=0&sc=0&rs=3380&rd=3380&fd=763&bv=24.5.6485&tmpl=136 HTTP/1.1
Host: compositeclauseviscount.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 May 2024 07:24:17 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| fibaffluencebetting.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSu3p3TevHH4kWQYUFQkEl3z0zPjIsEY8wSjJv94eKPi1R39UzKqe5qqrqmJ%2BMluCB7nIMXPVW%2BSTaoYdE%2FwEUmgUWCYuYiAQ3oH%2BBFWDxKj8Hog%2B73Xn2v4HvfV59sm1Piw9CT5bfkiAtBF5o1t%2Friu553tbrGUzOsDtvBB0HjalUNXukENfel6rU46ssF3%2FVc13O96gpXcVcOF0oQPNvveLWOW2v4Na%2FZwFD9v9fGgaYO2OCUPA3OZpVD5zJ4NEWafL0c634us5ffSIyguVQYsL07aT%2BVRYrkvOwqB91072waUh%2BvPIRMd%2Bd0IQf%2FDoZ8RpxHDxGme2ckEQ525jxDgThFyJ5AMZgiFlNwOkUk74KzYwJEDNfXkSb3r0tV0M1%2FUFqiM1J5%2FCd4MSOVXy8jTR4sCT6s3pbC5FymGsOuBR9OwXtTZOYA%2BegCeHGAKP8YnP1IFh6vIU121rWQ4MzOd%2Bd8Ct6dQsRjUO3AlB93YLoOTOYgYSfVyPO8lssi6rY7UVRnrTgMmOvRVtejnhu0YaKS3hh5NkYkxojUFjK1hT4fQ5nvoDcsNHOg8xlxbm5hwCyKmKDQBAUlKDhBkRMUA7vLhPa1vc%2BENqF3lv2zXLcTmfe26a7Me3FKQNUYitnt7JQ8VerjvH%2FooR%2BfVL2WzzpB2%2FUbzWazHrfdpk9pN4y9kAUN6tWhuQXXF%2BYrj%2FiMtJ%2F9BVnpWd8ipAfQ4gARvwJqPNDCgm5YjNL9nKebRolaIkMOJi2yvIJ809kWp%2BS5uUNXKncQR0eLjy69mk1%2BvoRIWWTK4kN%2BSNAT9ya3ZEF2bslCk2%2FWs5wnfERL927nNI8vfvlmvFlIxVaX9fiL16ISKMv9t2Odr9GU8bSnyVdLnLFYrUgVxeTbVf1OHN4wemPJqNRkazdeX1lNMhVrzWU6BeXH638h4jNSeeGZ%2BbN88oc%2FwNUUylgk5oicBbg8QJRtQWdHi%2Fnot2sPLn8ELQmUOJ8Js4sojJ0oPzw%2FFJxAxOc9DS30f%2FrwvJ4oWt6m3G7re%2BipCmh%2BF2liMVAWA2FBxRjaXJrkmTpa%2FP6zMj5HKCqTUKjKTiiU%2BHRGnv%2BpUSp9cy53%2BXsPmp9UW%2FW6S4NO02u1aNwKG367G3iMUr8R%2BEFA68j1rNv83f4NAAD%2F%2FwEAAP%2F%2FGIT8KHoEAAA%3D | 192.243.61.227 | 200 OK | 7 B |
URL GET HTTP/1.1fibaffluencebetting.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSu3p3TevHH4kWQYUFQkEl3z0zPjIsEY8wSjJv94eKPi1R39UzKqe5qqrqmJ%2BMluCB7nIMXPVW%2BSTaoYdE%2FwEUmgUWCYuYiAQ3oH%2BBFWDxKj8Hog%2B73Xn2v4HvfV59sm1Piw9CT5bfkiAtBF5o1t%2Friu553tbrGUzOsDtvBB0HjalUNXukENfel6rU46ssF3%2FVc13O96gpXcVcOF0oQPNvveLWOW2v4Na%2FZwFD9v9fGgaYO2OCUPA3OZpVD5zJ4NEWafL0c634us5ffSIyguVQYsL07aT%2BVRYrkvOwqB91072waUh%2BvPIRMd%2Bd0IQf%2FDoZ8RpxHDxGme2ckEQ525jxDgThFyJ5AMZgiFlNwOkUk74KzYwJEDNfXkSb3r0tV0M1%2FUFqiM1J5%2FCd4MSOVXy8jTR4sCT6s3pbC5FymGsOuBR9OwXtTZOYA%2BegCeHGAKP8YnP1IFh6vIU121rWQ4MzOd%2Bd8Ct6dQsRjUO3AlB93YLoOTOYgYSfVyPO8lssi6rY7UVRnrTgMmOvRVtejnhu0YaKS3hh5NkYkxojUFjK1hT4fQ5nvoDcsNHOg8xlxbm5hwCyKmKDQBAUlKDhBkRMUA7vLhPa1vc%2BENqF3lv2zXLcTmfe26a7Me3FKQNUYitnt7JQ8VerjvH%2FooR%2BfVL2WzzpB2%2FUbzWazHrfdpk9pN4y9kAUN6tWhuQXXF%2BYrj%2FiMtJ%2F9BVnpWd8ipAfQ4gARvwJqPNDCgm5YjNL9nKebRolaIkMOJi2yvIJ809kWp%2BS5uUNXKncQR0eLjy69mk1%2BvoRIWWTK4kN%2BSNAT9ya3ZEF2bslCk2%2FWs5wnfERL927nNI8vfvlmvFlIxVaX9fiL16ISKMv9t2Odr9GU8bSnyVdLnLFYrUgVxeTbVf1OHN4wemPJqNRkazdeX1lNMhVrzWU6BeXH638h4jNSeeGZ%2BbN88oc%2FwNUUylgk5oicBbg8QJRtQWdHi%2Fnot2sPLn8ELQmUOJ8Js4sojJ0oPzw%2FFJxAxOc9DS30f%2FrwvJ4oWt6m3G7re%2BipCmh%2BF2liMVAWA2FBxRjaXJrkmTpa%2FP6zMj5HKCqTUKjKTiiU%2BHRGnv%2BpUSp9cy53%2BXsPmp9UW%2FW6S4NO02u1aNwKG367G3iMUr8R%2BEFA68j1rNv83f4NAAD%2F%2FwEAAP%2F%2FGIT8KHoEAAA%3D IP192.243.61.227:443 ASN#39572 DataWeb Global Group B.V.
CertificateIssuerLet's Encrypt Subjectfibaffluencebetting.com Fingerprint75:D4:BF:BA:3B:8C:FF:E6:24:A2:A7:5E:0B:09:29:D2:E7:B2:6B:38 ValidityMon, 29 Apr 2024 08:42:41 GMT - Sun, 28 Jul 2024 08:42:40 GMT
File typeASCII text, with no line terminators Hash132d6af1b46048b45cf86cdee7991d31 eb7007d03d59b65bc6da7e098c4d38fc6dfb6285 ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSu3p3TevHH4kWQYUFQkEl3z0zPjIsEY8wSjJv94eKPi1R39UzKqe5qqrqmJ%2BMluCB7nIMXPVW%2BSTaoYdE%2FwEUmgUWCYuYiAQ3oH%2BBFWDxKj8Hog%2B73Xn2v4HvfV59sm1Piw9CT5bfkiAtBF5o1t%2Friu553tbrGUzOsDtvBB0HjalUNXukENfel6rU46ssF3%2FVc13O96gpXcVcOF0oQPNvveLWOW2v4Na%2FZwFD9v9fGgaYO2OCUPA3OZpVD5zJ4NEWafL0c634us5ffSIyguVQYsL07aT%2BVRYrkvOwqB91072waUh%2BvPIRMd%2Bd0IQf%2FDoZ8RpxHDxGme2ckEQ525jxDgThFyJ5AMZgiFlNwOkUk74KzYwJEDNfXkSb3r0tV0M1%2FUFqiM1J5%2FCd4MSOVXy8jTR4sCT6s3pbC5FymGsOuBR9OwXtTZOYA%2BegCeHGAKP8YnP1IFh6vIU121rWQ4MzOd%2Bd8Ct6dQsRjUO3AlB93YLoOTOYgYSfVyPO8lssi6rY7UVRnrTgMmOvRVtejnhu0YaKS3hh5NkYkxojUFjK1hT4fQ5nvoDcsNHOg8xlxbm5hwCyKmKDQBAUlKDhBkRMUA7vLhPa1vc%2BENqF3lv2zXLcTmfe26a7Me3FKQNUYitnt7JQ8VerjvH%2FooR%2BfVL2WzzpB2%2FUbzWazHrfdpk9pN4y9kAUN6tWhuQXXF%2BYrj%2FiMtJ%2F9BVnpWd8ipAfQ4gARvwJqPNDCgm5YjNL9nKebRolaIkMOJi2yvIJ809kWp%2BS5uUNXKncQR0eLjy69mk1%2BvoRIWWTK4kN%2BSNAT9ya3ZEF2bslCk2%2FWs5wnfERL927nNI8vfvlmvFlIxVaX9fiL16ISKMv9t2Odr9GU8bSnyVdLnLFYrUgVxeTbVf1OHN4wemPJqNRkazdeX1lNMhVrzWU6BeXH638h4jNSeeGZ%2BbN88oc%2FwNUUylgk5oicBbg8QJRtQWdHi%2Fnot2sPLn8ELQmUOJ8Js4sojJ0oPzw%2FFJxAxOc9DS30f%2FrwvJ4oWt6m3G7re%2BipCmh%2BF2liMVAWA2FBxRjaXJrkmTpa%2FP6zMj5HKCqTUKjKTiiU%2BHRGnv%2BpUSp9cy53%2BXsPmp9UW%2FW6S4NO02u1aNwKG367G3iMUr8R%2BEFA68j1rNv83f4NAAD%2F%2FwEAAP%2F%2FGIT8KHoEAAA%3D HTTP/1.1
Host: fibaffluencebetting.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Cookie: u_pl=22725681; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec172d9680245553e8052aafbe1bd64a13=[2019380,2229329,2229333,2229337]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 07:24:17 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ba6effd3cf94045fd5b70d4b85d1684d
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| fibaffluencebetting.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSzWskxRuuzm9O%2BV38WLwIMiwICjLpnu%2B4yGKMkWDc7IeLHxep6qqelFPd1VR1T09yCi7IHufgRU%2BVZ5INahD9A1xkElgkKGYuEtAcvHsSFo%2FSY3D0hXo%2F6nkLnvd96uO9%2FILUkdPz1bf0jlSKLrVqfvWFd4PgWnVDJvmwOuy2P2g3r1XN4OXlds1%2FsfqGCPt6qe4Hvh%2F4QXVNGhHp4VIJQqZHy0Ft2a8167Wg1cTQ%2FLe2uQdLPfDBBXkKkk8rJ94VyHCCJP56Vdh%2BptOXXo9zRTNtMOCHd5N%2BoosE8TyNjIcoObzshrZnaw%2Bhk4MZXejBP41MTon36CFYcnhJEmywP%2BPJFEQCxv%2BPYjCBUBNIOkGo70HyMwKEHDc2kcQPbmhT0O2%2FUVqiU1J5%2FAdkMSWVX68gib9aUXJYvaNVnkmdWAwjBzmcQPYmSPNjZDsLkMUxwuwjSP4jWXq8gSTe37RKQ3I3m13KCWQ0gRIjUOshL4%2F0kEce8tRDzM%2BrYRAEHZ%2BH1O8uh2GDdwRrcz%2BgnSiggd%2FuIg9LeiNk6QihGiE0u0jNLvpyBJN%2FB7vlYLkHm02Jd2sXA%2B5QCILCEhSUoJAERUZQDNwBV7Zu3QOubM6Cy1i%2FjA031llvjx7orCcSAmpGMNztpRfkyXI%2F3vsnAfrivBp06ny53fXrzVar1RBdv1WnNGIiYLzdpEEDVjpIuzAbeUdOSfeZX5CWmvUdGD2GVccI5VXQPAAtHOiWw05ylMlkOzeqFmsmwbVDmlWQbXt76oI8O1PoauUWRHh6%2FdHiK%2Bn450WExiE1Dh%2FKE4Keuj%2B%2BrQuyf1sXlnyzmWYylju0VO9ORjPxvy%2FeFNuFNnx91Y4%2BfzUsgTI9elvYbIMmXCY9S75ckZwLs6ZNKMi36%2FYdwW7mdmslN0mebtx8bW09To2wVupkAirPNv9EKKek8vzTs2%2F5xA%2B%2FQ5oJTO4Q56fk0iD1McJ0Fzads7eawKh5D0sXUORubOpsfqkkgRLzmjIH%2B6%2BazfOxoeVrKt2evY%2BeqYBm95DEDgPjMFAOVI1g88VxlprT699%2FWtpnYKoyZspU9pky6pMpee6n5mzTpbtbuvdg5Xm14fMOE5HoMNFsNSMRctZqMT%2BMQtbg3W6IzE6j1m%2FuLwAAAP%2F%2FAQAA%2F%2F9nCZbZegQAAA%3D%3D | 192.243.61.227 | 200 OK | 7 B |
URL GET HTTP/1.1fibaffluencebetting.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSzWskxRuuzm9O%2BV38WLwIMiwICjLpnu%2B4yGKMkWDc7IeLHxep6qqelFPd1VR1T09yCi7IHufgRU%2BVZ5INahD9A1xkElgkKGYuEtAcvHsSFo%2FSY3D0hXo%2F6nkLnvd96uO9%2FILUkdPz1bf0jlSKLrVqfvWFd4PgWnVDJvmwOuy2P2g3r1XN4OXlds1%2FsfqGCPt6qe4Hvh%2F4QXVNGhHp4VIJQqZHy0Ft2a8167Wg1cTQ%2FLe2uQdLPfDBBXkKkk8rJ94VyHCCJP56Vdh%2BptOXXo9zRTNtMOCHd5N%2BoosE8TyNjIcoObzshrZnaw%2Bhk4MZXejBP41MTon36CFYcnhJEmywP%2BPJFEQCxv%2BPYjCBUBNIOkGo70HyMwKEHDc2kcQPbmhT0O2%2FUVqiU1J5%2FAdkMSWVX68gib9aUXJYvaNVnkmdWAwjBzmcQPYmSPNjZDsLkMUxwuwjSP4jWXq8gSTe37RKQ3I3m13KCWQ0gRIjUOshL4%2F0kEce8tRDzM%2BrYRAEHZ%2BH1O8uh2GDdwRrcz%2BgnSiggd%2FuIg9LeiNk6QihGiE0u0jNLvpyBJN%2FB7vlYLkHm02Jd2sXA%2B5QCILCEhSUoJAERUZQDNwBV7Zu3QOubM6Cy1i%2FjA031llvjx7orCcSAmpGMNztpRfkyXI%2F3vsnAfrivBp06ny53fXrzVar1RBdv1WnNGIiYLzdpEEDVjpIuzAbeUdOSfeZX5CWmvUdGD2GVccI5VXQPAAtHOiWw05ylMlkOzeqFmsmwbVDmlWQbXt76oI8O1PoauUWRHh6%2FdHiK%2Bn450WExiE1Dh%2FKE4Keuj%2B%2BrQuyf1sXlnyzmWYylju0VO9ORjPxvy%2FeFNuFNnx91Y4%2BfzUsgTI9elvYbIMmXCY9S75ckZwLs6ZNKMi36%2FYdwW7mdmslN0mebtx8bW09To2wVupkAirPNv9EKKek8vzTs2%2F5xA%2B%2FQ5oJTO4Q56fk0iD1McJ0Fzads7eawKh5D0sXUORubOpsfqkkgRLzmjIH%2B6%2BazfOxoeVrKt2evY%2BeqYBm95DEDgPjMFAOVI1g88VxlprT699%2FWtpnYKoyZspU9pky6pMpee6n5mzTpbtbuvdg5Xm14fMOE5HoMNFsNSMRctZqMT%2BMQtbg3W6IzE6j1m%2FuLwAAAP%2F%2FAQAA%2F%2F9nCZbZegQAAA%3D%3D IP192.243.61.227:443 ASN#39572 DataWeb Global Group B.V.
CertificateIssuerLet's Encrypt Subjectfibaffluencebetting.com Fingerprint75:D4:BF:BA:3B:8C:FF:E6:24:A2:A7:5E:0B:09:29:D2:E7:B2:6B:38 ValidityMon, 29 Apr 2024 08:42:41 GMT - Sun, 28 Jul 2024 08:42:40 GMT
File typeASCII text, with no line terminators Hash132d6af1b46048b45cf86cdee7991d31 eb7007d03d59b65bc6da7e098c4d38fc6dfb6285 ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSzWskxRuuzm9O%2BV38WLwIMiwICjLpnu%2B4yGKMkWDc7IeLHxep6qqelFPd1VR1T09yCi7IHufgRU%2BVZ5INahD9A1xkElgkKGYuEtAcvHsSFo%2FSY3D0hXo%2F6nkLnvd96uO9%2FILUkdPz1bf0jlSKLrVqfvWFd4PgWnVDJvmwOuy2P2g3r1XN4OXlds1%2FsfqGCPt6qe4Hvh%2F4QXVNGhHp4VIJQqZHy0Ft2a8167Wg1cTQ%2FLe2uQdLPfDBBXkKkk8rJ94VyHCCJP56Vdh%2BptOXXo9zRTNtMOCHd5N%2BoosE8TyNjIcoObzshrZnaw%2Bhk4MZXejBP41MTon36CFYcnhJEmywP%2BPJFEQCxv%2BPYjCBUBNIOkGo70HyMwKEHDc2kcQPbmhT0O2%2FUVqiU1J5%2FAdkMSWVX68gib9aUXJYvaNVnkmdWAwjBzmcQPYmSPNjZDsLkMUxwuwjSP4jWXq8gSTe37RKQ3I3m13KCWQ0gRIjUOshL4%2F0kEce8tRDzM%2BrYRAEHZ%2BH1O8uh2GDdwRrcz%2BgnSiggd%2FuIg9LeiNk6QihGiE0u0jNLvpyBJN%2FB7vlYLkHm02Jd2sXA%2B5QCILCEhSUoJAERUZQDNwBV7Zu3QOubM6Cy1i%2FjA031llvjx7orCcSAmpGMNztpRfkyXI%2F3vsnAfrivBp06ny53fXrzVar1RBdv1WnNGIiYLzdpEEDVjpIuzAbeUdOSfeZX5CWmvUdGD2GVccI5VXQPAAtHOiWw05ylMlkOzeqFmsmwbVDmlWQbXt76oI8O1PoauUWRHh6%2FdHiK%2Bn450WExiE1Dh%2FKE4Keuj%2B%2BrQuyf1sXlnyzmWYylju0VO9ORjPxvy%2FeFNuFNnx91Y4%2BfzUsgTI9elvYbIMmXCY9S75ckZwLs6ZNKMi36%2FYdwW7mdmslN0mebtx8bW09To2wVupkAirPNv9EKKek8vzTs2%2F5xA%2B%2FQ5oJTO4Q56fk0iD1McJ0Fzads7eawKh5D0sXUORubOpsfqkkgRLzmjIH%2B6%2BazfOxoeVrKt2evY%2BeqYBm95DEDgPjMFAOVI1g88VxlprT699%2FWtpnYKoyZspU9pky6pMpee6n5mzTpbtbuvdg5Xm14fMOE5HoMNFsNSMRctZqMT%2BMQtbg3W6IzE6j1m%2FuLwAAAP%2F%2FAQAA%2F%2F9nCZbZegQAAA%3D%3D HTTP/1.1
Host: fibaffluencebetting.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Cookie: u_pl=22725681; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec172d9680245553e8052aafbe1bd64a13=[2019380,2229329,2229333,2229337]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 07:24:17 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a12ff338243378c7cf92a280f854bf89
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| fibaffluencebetting.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSu3p3TevHH4kWQYUFQkEn3%2FI6LLK4xSzBu9oeLPy5S1VU9Kae6q6nqnp6Ml%2BCC7HEOXvRU%2BSbZoIZF%2FwAXmQQWCYqZiwQ0oH%2BAF2HxKD0Gow%2B633v1vYLvfV99spWfkDpyerz0lh5JpehCq%2BZXX3w3CC5XV2WSD6vDbvuDdvNy1QxeWWzX%2FJeq10TY1wt1P%2FD9wA%2Bqy9KISA8XShAy3VsMaot%2BrVmvBa0mhub%2Fvc09WOqBD07I05B8VjnwLkKGUyTx10vC9jOdvvxGnCuaaYMB372T9BNdJIjPysh4iJLd02loe7T8EDrZmdOFHvw7yOSMeI8egiW7pyTBBttznkxBJGD8CRSDKYSaQtIpQn0Xkh8RIOS4voYkvn9dm4Ju%2FIPSEp2RyuM%2FIYsZqfx6EUn84KqSw%2BptrfJM6sRiGDnI4RSyN0Wa7yMbnYMs9hFmH0PyH8nC41Uk8faaVRqSu%2FnuUk4hoymUGINaD3n5SQ955CFPPcT8uBoGQdDxeUj97mIYNnhHsDb3A9qJAhr47S7ysKQ3RpaOEaoxQrOJ1GyiL8cw%2BXew6w6We7DZjHg3NzHgDoUgKCxBQQkKSVBkBMXA7XBl69bd58rmLDjN9dPccBOd9bbojs56IiGgZgzD3VZ6Qp4q9fHePwjQF8fVoFPni%2B2uX2%2B2Wq2G6PqtOqUREwHj7SYNGrDSQdpz85VHcka6z%2F6CtPSs78DoPqzaRygvgeYBaOFA1x1GyV4mk43cqFqsmQTXDmlWQbbhbakT8tzcoUuVOxDh4ZVHF15NJz9fQGgcUuPwoTwg6Kl7k1u6INu3dGHJN2tpJmM5oqV7tzOaifNfvik2Cm34ypIdf%2FFaWAJlufe2sNkqTbhMepZ8dVVyLsyyNqEg367YdwS7kdv1q7lJ8nT1xuvLK3FqhLVSJ1NQebT2F0I5I5UXnpk%2Fyyd%2F%2BAPSTGFyhzg%2FJKcBqfcRppuw6eGVbPTbtQcXP4LVBEadzbD0PIrcTUydnR0qSaDEWU%2BZg%2F1Pz87qiaHlbSrdlr2HnqmAZneRxA4D4zBQDlSNYfMLkyw1h1e%2B%2F6yMz8FUZcKUqWwzZdSnM%2FL8T81S6Ztzucvfe7DyuNrweYeJSHSYaLaakQg5a7WYH0Yha%2FBuN0RmZ1Hrd%2Fc3AAAA%2F%2F8BAAD%2F%2F5hQKcB6BAAA | 192.243.61.227 | 200 OK | 7 B |
URL GET HTTP/1.1fibaffluencebetting.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSu3p3TevHH4kWQYUFQkEn3%2FI6LLK4xSzBu9oeLPy5S1VU9Kae6q6nqnp6Ml%2BCC7HEOXvRU%2BSbZoIZF%2FwAXmQQWCYqZiwQ0oH%2BAF2HxKD0Gow%2B633v1vYLvfV99spWfkDpyerz0lh5JpehCq%2BZXX3w3CC5XV2WSD6vDbvuDdvNy1QxeWWzX%2FJeq10TY1wt1P%2FD9wA%2Bqy9KISA8XShAy3VsMaot%2BrVmvBa0mhub%2Fvc09WOqBD07I05B8VjnwLkKGUyTx10vC9jOdvvxGnCuaaYMB372T9BNdJIjPysh4iJLd02loe7T8EDrZmdOFHvw7yOSMeI8egiW7pyTBBttznkxBJGD8CRSDKYSaQtIpQn0Xkh8RIOS4voYkvn9dm4Ju%2FIPSEp2RyuM%2FIYsZqfx6EUn84KqSw%2BptrfJM6sRiGDnI4RSyN0Wa7yMbnYMs9hFmH0PyH8nC41Uk8faaVRqSu%2FnuUk4hoymUGINaD3n5SQ955CFPPcT8uBoGQdDxeUj97mIYNnhHsDb3A9qJAhr47S7ysKQ3RpaOEaoxQrOJ1GyiL8cw%2BXew6w6We7DZjHg3NzHgDoUgKCxBQQkKSVBkBMXA7XBl69bd58rmLDjN9dPccBOd9bbojs56IiGgZgzD3VZ6Qp4q9fHePwjQF8fVoFPni%2B2uX2%2B2Wq2G6PqtOqUREwHj7SYNGrDSQdpz85VHcka6z%2F6CtPSs78DoPqzaRygvgeYBaOFA1x1GyV4mk43cqFqsmQTXDmlWQbbhbakT8tzcoUuVOxDh4ZVHF15NJz9fQGgcUuPwoTwg6Kl7k1u6INu3dGHJN2tpJmM5oqV7tzOaifNfvik2Cm34ypIdf%2FFaWAJlufe2sNkqTbhMepZ8dVVyLsyyNqEg367YdwS7kdv1q7lJ8nT1xuvLK3FqhLVSJ1NQebT2F0I5I5UXnpk%2Fyyd%2F%2BAPSTGFyhzg%2FJKcBqfcRppuw6eGVbPTbtQcXP4LVBEadzbD0PIrcTUydnR0qSaDEWU%2BZg%2F1Pz87qiaHlbSrdlr2HnqmAZneRxA4D4zBQDlSNYfMLkyw1h1e%2B%2F6yMz8FUZcKUqWwzZdSnM%2FL8T81S6Ztzucvfe7DyuNrweYeJSHSYaLaakQg5a7WYH0Yha%2FBuN0RmZ1Hrd%2Fc3AAAA%2F%2F8BAAD%2F%2F5hQKcB6BAAA IP192.243.61.227:443 ASN#39572 DataWeb Global Group B.V.
CertificateIssuerLet's Encrypt Subjectfibaffluencebetting.com Fingerprint75:D4:BF:BA:3B:8C:FF:E6:24:A2:A7:5E:0B:09:29:D2:E7:B2:6B:38 ValidityMon, 29 Apr 2024 08:42:41 GMT - Sun, 28 Jul 2024 08:42:40 GMT
File typeASCII text, with no line terminators Hash132d6af1b46048b45cf86cdee7991d31 eb7007d03d59b65bc6da7e098c4d38fc6dfb6285 ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSu3p3TevHH4kWQYUFQkEn3%2FI6LLK4xSzBu9oeLPy5S1VU9Kae6q6nqnp6Ml%2BCC7HEOXvRU%2BSbZoIZF%2FwAXmQQWCYqZiwQ0oH%2BAF2HxKD0Gow%2B633v1vYLvfV99spWfkDpyerz0lh5JpehCq%2BZXX3w3CC5XV2WSD6vDbvuDdvNy1QxeWWzX%2FJeq10TY1wt1P%2FD9wA%2Bqy9KISA8XShAy3VsMaot%2BrVmvBa0mhub%2Fvc09WOqBD07I05B8VjnwLkKGUyTx10vC9jOdvvxGnCuaaYMB372T9BNdJIjPysh4iJLd02loe7T8EDrZmdOFHvw7yOSMeI8egiW7pyTBBttznkxBJGD8CRSDKYSaQtIpQn0Xkh8RIOS4voYkvn9dm4Ju%2FIPSEp2RyuM%2FIYsZqfx6EUn84KqSw%2BptrfJM6sRiGDnI4RSyN0Wa7yMbnYMs9hFmH0PyH8nC41Uk8faaVRqSu%2FnuUk4hoymUGINaD3n5SQ955CFPPcT8uBoGQdDxeUj97mIYNnhHsDb3A9qJAhr47S7ysKQ3RpaOEaoxQrOJ1GyiL8cw%2BXew6w6We7DZjHg3NzHgDoUgKCxBQQkKSVBkBMXA7XBl69bd58rmLDjN9dPccBOd9bbojs56IiGgZgzD3VZ6Qp4q9fHePwjQF8fVoFPni%2B2uX2%2B2Wq2G6PqtOqUREwHj7SYNGrDSQdpz85VHcka6z%2F6CtPSs78DoPqzaRygvgeYBaOFA1x1GyV4mk43cqFqsmQTXDmlWQbbhbakT8tzcoUuVOxDh4ZVHF15NJz9fQGgcUuPwoTwg6Kl7k1u6INu3dGHJN2tpJmM5oqV7tzOaifNfvik2Cm34ypIdf%2FFaWAJlufe2sNkqTbhMepZ8dVVyLsyyNqEg367YdwS7kdv1q7lJ8nT1xuvLK3FqhLVSJ1NQebT2F0I5I5UXnpk%2Fyyd%2F%2BAPSTGFyhzg%2FJKcBqfcRppuw6eGVbPTbtQcXP4LVBEadzbD0PIrcTUydnR0qSaDEWU%2BZg%2F1Pz87qiaHlbSrdlr2HnqmAZneRxA4D4zBQDlSNYfMLkyw1h1e%2B%2F6yMz8FUZcKUqWwzZdSnM%2FL8T81S6Ztzucvfe7DyuNrweYeJSHSYaLaakQg5a7WYH0Yha%2FBuN0RmZ1Hrd%2Fc3AAAA%2F%2F8BAAD%2F%2F5hQKcB6BAAA HTTP/1.1
Host: fibaffluencebetting.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Cookie: u_pl=22725681; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec172d9680245553e8052aafbe1bd64a13=[2019380,2229329,2229333,2229337]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 07:24:17 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: db77a8396e2e28e734402c5a7da3d811
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| downstairsnegotiatebarren.com/sfp.js | 172.67.180.87 | 200 OK | 28 kB |
URL GET HTTP/2downstairsnegotiatebarren.com/sfp.js IP172.67.180.87:443
CertificateIssuerLet's Encrypt Subjectdownstairsnegotiatebarren.com Fingerprint5D:DB:CB:C6:CE:2A:8B:34:7D:BC:43:74:33:1D:5F:77:48:F7:BC:1B ValidityThu, 02 May 2024 21:26:34 GMT - Wed, 31 Jul 2024 21:26:33 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators Hashf4a2f8f9f99541c6f105bbd0a025bd40 1f8e3eff12168fdd9e719adfc098d24a45b6916a b717cb04231a10d425fd55b73c85a5407119c6826a8bac94142fddfff6958716
GET /sfp.js HTTP/1.1
Host: downstairsnegotiatebarren.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 07:24:16 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 8186e26be245bb780fbc6845abf74f50
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sat, 04 May 2024 07:24:16 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ngB6OM6ZNKLc%2F8iKQMc47%2BIjHpNcgzLeeV9M51ep4tPsXiVAyNZI0MADOYjvjtjl8UIjIGBD0OaLBYhh9Bf1hF6DUlD5hMtCmPfgUaUx7Xggk4K5TePizGwQSA1ZBEuF87vgnU6OokTKwwjQpsaf%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e6c00cc87a7129-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| zip.lu/gfx/favicon.png | 185.11.100.204 | 200 OK | 2.0 kB |
IP185.11.100.204:443 ASN#29522 Cyber_Folks S.A.
CertificateIssuerLet's Encrypt Subjectzip.lu FingerprintBA:69:B8:76:30:88:C6:A1:75:27:5D:FB:93:55:75:0C:F7:FE:CB:36 ValiditySat, 20 Apr 2024 15:39:44 GMT - Fri, 19 Jul 2024 15:39:43 GMT
File typePNG image data, 48 x 48, 8-bit colormap, non-interlaced Hash549c8f6c3f6b1340852212e7c784d187 e8fe075cef3bf487bd9e4e89e9b4a6b63a81e0cc 00495e504ff3e4604b6404a1ae9469f40bd4642bef08239d4d0b0b83c095f590
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /gfx/favicon.png HTTP/1.1
Host: zip.lu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/?banned=1
Cookie: _ga_8Q1W6PKNCX=GS1.1.1714807455.1.0.1714807455.0.0.0; _ga=GA1.1.1026180027.1714807456; dom3ic8zudi28v8lr6fgphwffqoz0j6c=e4bce864-fa29-4097-b6f4-e34a05d623f5%3A3%3A1; m5a4xojbcp2nx3gptmm633qal3gzmadn=fibaffluencebetting.com; pp_main_7866ead300fcf9e425beaf01fe308949=1; pp_idelay_7866ead300fcf9e425beaf01fe308949=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 07:24:17 GMT
server: Apache
last-modified: Tue, 02 Apr 2024 12:49:39 GMT
etag: "7b5-6151c8a0cb469"
accept-ranges: bytes
content-length: 1973
cache-control: max-age=31536000
expires: Sun, 04 May 2025 07:24:17 GMT
content-type: image/png
X-Firefox-Spdy: h2
|
|
| unseenreport.com/pxf.gif?uuid=e4bce864-fa29-4097-b6f4-e34a05d623f5&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=7866ead300fcf9e425beaf01fe308949&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=7 | 192.243.59.12 | 200 OK | 1 B |
URL GET HTTP/1.1unseenreport.com/pxf.gif?uuid=e4bce864-fa29-4097-b6f4-e34a05d623f5&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=7866ead300fcf9e425beaf01fe308949&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=7 IP192.243.59.12:443 ASN#39572 DataWeb Global Group B.V.
CertificateIssuerLet's Encrypt Subject*.unseenreport.com Fingerprint71:46:15:FD:76:6A:F5:5B:51:06:CC:93:DD:D8:63:E3:8B:10:BF:13 ValidityFri, 22 Mar 2024 07:32:41 GMT - Thu, 20 Jun 2024 07:32:40 GMT
File typevery short file (no magic) Hash93b885adfe0da089cdf634904fd59f71 5ba93c9db0cff93f52b521d7420e43f6eda2784f 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pxf.gif?uuid=e4bce864-fa29-4097-b6f4-e34a05d623f5&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=7866ead300fcf9e425beaf01fe308949&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=7 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 May 2024 07:24:18 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d202f27366cd886a738dde729d660921
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| fundingchoicesmessages.google.com/i/pub-2614556310778759?ers=1 | 216.58.211.14 | 200 OK | 16 kB |
URL GET HTTP/2fundingchoicesmessages.google.com/i/pub-2614556310778759?ers=1 IP216.58.211.14:443
CertificateIssuerGoogle Trust Services LLC Subject*.google.com Fingerprint7C:B7:E1:97:03:6E:82:B6:52:F8:EC:C6:C6:50:D9:DD:80:47:E6:A0 ValidityTue, 16 Apr 2024 03:18:53 GMT - Tue, 09 Jul 2024 03:18:52 GMT
File typegzip compressed data, max compression Hash7870e9740d0ae5209aeaa9885b78181e fe3a21db28a16aa4b9e61fbf1e986bec31e9d6f6 972f52c0fe29d58dd2a1a54e045a90d2c0abb1770fe174dc17c077f1bba44902
GET /i/pub-2614556310778759?ers=1 HTTP/1.1
Host: fundingchoicesmessages.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 04 May 2024 07:24:17 GMT
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: script-src 'nonce-Z--DhT3DLfrEq-_fR0bZFg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjytDikmLw0JBiOO90h-k6ENcyPGNqBWIDjedMFkAs8fUlkxYQxzyfzpoCxE7pM1hDgNinfgZrHBC33jzHOh2ITy44z3oRiJP-nWctAeKdiy-wHgTib-wXWf8BsRAPx8Kj1zeyCZzY8_AXIwAXazPn"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| | 185.11.100.204 | 301 Moved Permanently | 14 kB |
URL User Request GET HTTP/2IP185.11.100.204:443 ASN#29522 Cyber_Folks S.A.
CertificateIssuerLet's Encrypt Subjectbitly.ws Fingerprint2E:32:BE:AA:55:57:6D:B9:D0:4B:B5:E4:B8:69:A8:99:AF:37:26:88 ValidityThu, 02 May 2024 22:01:15 GMT - Wed, 31 Jul 2024 22:01:14 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?redirect=SjzZ HTTP/1.1
Host: bitly.ws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
date: Sat, 04 May 2024 07:24:13 GMT
server: Apache
x-powered-by: PHP/5.5.38
location: https://zip.lu?banned=1
cache-control: max-age=0
expires: Sat, 04 May 2024 07:24:13 GMT
content-type: text/html
X-Firefox-Spdy: h2
|
|
| | 185.11.100.204 | 200 OK | 14 kB |
URL User Request GET HTTP/2IP185.11.100.204:443 ASN#29522 Cyber_Folks S.A.
CertificateIssuerLet's Encrypt Subjectzip.lu FingerprintBA:69:B8:76:30:88:C6:A1:75:27:5D:FB:93:55:75:0C:F7:FE:CB:36 ValiditySat, 20 Apr 2024 15:39:44 GMT - Fri, 19 Jul 2024 15:39:43 GMT
File typeJavaScript source, ASCII text, with very long lines (610), with CRLF line terminators Hash1b13ba9eec9bd7f4cca3732c4e677abe 1af8cb2b0202c6f96db75dffeb817ffc7fdfba9f 04a992b44fdaf61bec8ed041baa233e8678ae5d375c75d55c19f447b4fed66ea
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /?banned=1 HTTP/1.1
Host: zip.lu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 07:24:14 GMT
server: Apache
x-powered-by: PHP/5.5.38
cache-control: max-age=0
expires: Sat, 04 May 2024 07:24:14 GMT
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
X-Firefox-Spdy: h2
|
|
| fibaffluencebetting.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuXucUL%2F5YvAgyLAgKMume33GRxRgjwbjZHy7%2BuEhVV%2FWknOqupqp7epJTcEH2OAcveqp8k2xQg%2Bgf4CKTwCJBMXORgObgP%2BBBWDxKzwZHH3S%2F9%2Bp7Bd%2F7vvp0Nz8ndeT0bOUdvS2Vooutml996f0guFpdl0k%2BrA677Y%2FazatVM3h1qV3zX66%2BJcK%2BXqz7ge8HflBdlUZEerhYgpDp4VJQW%2FJrzXotaDUxNP%2Fvbe7BUg98cE6egeTTyrF3GTKcIIm%2FXRG2n%2Bn0lTfjXNFMGwz4wZ2kn%2BgiQTwvI%2BMhSg4upqHt6eoD6GR%2FRhd68O8gk1PiPXwAlhxckAQb7M14MgWRgPEnUQwmEGoCSScI9V1IfkqAkOP6BpL4%2FnVtCrr1GKUlOiWVR39BFlNS%2Bf0ykvibZSWH1dta5ZnUicUwcpDDCWRvgjQ%2FQrZ9CbI4Qph9Asl%2FJouP1pHEextWaUjuZrtLOYGMJlBiBGo95OUnPeSRhzz1EPOzahgEQcfnIfW7S2HY4B3B2twPaCcKaOC3u8jDkt4IWTpCqEYIzQ5Ss4O%2BHMHkP8BuOljuwWZT4t3cwYA7FIKgsAQFJSgkQZERFAO3z5WtW3efK5uz4CLXL3LDjXXW26X7OuuJhICaEQx3u%2Bk5ebrUx%2FvwOEBfnFWDTp0vtbt%2BvdlqtRqi67fqlEZMBIy3mzRowEoHaS%2FNVt6WU9J97jekpWd9B0aPYNURQnkFNA9ACwe66bCdHGYy2cqNqsWaSXDtkGYVZFverjonz88culL5ACI8ufZw4bV0%2FOsCQuOQGoeP5TFBT90b39IF2bulC0u%2B20gzGcttWrp3O6OZeOKrt8VWoQ1fW7GjL18PS6AsD98VNlunCZdJz5KvlyXnwqxqEwry%2FZp9T7Abud1czk2Sp%2Bs33lhdi1MjrJU6mYDK042%2FEcopqbz47OxZPvXTn5BmApM7xPkJuQhIfYQw3YFN5%2BytJjBqPsPSCorcjU2dzQ%2BVJFBi3lPmYP%2FTs3k9NrS8TaXbtffQMxXQ7C6S2GFgHAbKgaoRbL4wzlJzcu3Hz8v4AkxVxkyZyh5TRn02JS%2F80iyVvln%2B7jzW3MqzasPnHSYi0WGi2WpGIuSs1WJ%2BGIWswbvdEJmdRq0%2F3D8AAAD%2F%2FwEAAP%2F%2FOyK7%2FnoEAAA%3D | 192.243.61.227 | 200 OK | 0 B |
URL GET HTTP/1.1fibaffluencebetting.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuXucUL%2F5YvAgyLAgKMume33GRxRgjwbjZHy7%2BuEhVV%2FWknOqupqp7epJTcEH2OAcveqp8k2xQg%2Bgf4CKTwCJBMXORgObgP%2BBBWDxKzwZHH3S%2F9%2Bp7Bd%2F7vvp0Nz8ndeT0bOUdvS2Vooutml996f0guFpdl0k%2BrA677Y%2FazatVM3h1qV3zX66%2BJcK%2BXqz7ge8HflBdlUZEerhYgpDp4VJQW%2FJrzXotaDUxNP%2Fvbe7BUg98cE6egeTTyrF3GTKcIIm%2FXRG2n%2Bn0lTfjXNFMGwz4wZ2kn%2BgiQTwvI%2BMhSg4upqHt6eoD6GR%2FRhd68O8gk1PiPXwAlhxckAQb7M14MgWRgPEnUQwmEGoCSScI9V1IfkqAkOP6BpL4%2FnVtCrr1GKUlOiWVR39BFlNS%2Bf0ykvibZSWH1dta5ZnUicUwcpDDCWRvgjQ%2FQrZ9CbI4Qph9Asl%2FJouP1pHEextWaUjuZrtLOYGMJlBiBGo95OUnPeSRhzz1EPOzahgEQcfnIfW7S2HY4B3B2twPaCcKaOC3u8jDkt4IWTpCqEYIzQ5Ss4O%2BHMHkP8BuOljuwWZT4t3cwYA7FIKgsAQFJSgkQZERFAO3z5WtW3efK5uz4CLXL3LDjXXW26X7OuuJhICaEQx3u%2Bk5ebrUx%2FvwOEBfnFWDTp0vtbt%2BvdlqtRqi67fqlEZMBIy3mzRowEoHaS%2FNVt6WU9J97jekpWd9B0aPYNURQnkFNA9ACwe66bCdHGYy2cqNqsWaSXDtkGYVZFverjonz88culL5ACI8ufZw4bV0%2FOsCQuOQGoeP5TFBT90b39IF2bulC0u%2B20gzGcttWrp3O6OZeOKrt8VWoQ1fW7GjL18PS6AsD98VNlunCZdJz5KvlyXnwqxqEwry%2FZp9T7Abud1czk2Sp%2Bs33lhdi1MjrJU6mYDK042%2FEcopqbz47OxZPvXTn5BmApM7xPkJuQhIfYQw3YFN5%2BytJjBqPsPSCorcjU2dzQ%2BVJFBi3lPmYP%2FTs3k9NrS8TaXbtffQMxXQ7C6S2GFgHAbKgaoRbL4wzlJzcu3Hz8v4AkxVxkyZyh5TRn02JS%2F80iyVvln%2B7jzW3MqzasPnHSYi0WGi2WpGIuSs1WJ%2BGIWswbvdEJmdRq0%2F3D8AAAD%2F%2FwEAAP%2F%2FOyK7%2FnoEAAA%3D IP192.243.61.227:443 ASN#39572 DataWeb Global Group B.V.
CertificateIssuerLet's Encrypt Subjectfibaffluencebetting.com Fingerprint75:D4:BF:BA:3B:8C:FF:E6:24:A2:A7:5E:0B:09:29:D2:E7:B2:6B:38 ValidityMon, 29 Apr 2024 08:42:41 GMT - Sun, 28 Jul 2024 08:42:40 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuXucUL%2F5YvAgyLAgKMume33GRxRgjwbjZHy7%2BuEhVV%2FWknOqupqp7epJTcEH2OAcveqp8k2xQg%2Bgf4CKTwCJBMXORgObgP%2BBBWDxKzwZHH3S%2F9%2Bp7Bd%2F7vvp0Nz8ndeT0bOUdvS2Vooutml996f0guFpdl0k%2BrA677Y%2FazatVM3h1qV3zX66%2BJcK%2BXqz7ge8HflBdlUZEerhYgpDp4VJQW%2FJrzXotaDUxNP%2Fvbe7BUg98cE6egeTTyrF3GTKcIIm%2FXRG2n%2Bn0lTfjXNFMGwz4wZ2kn%2BgiQTwvI%2BMhSg4upqHt6eoD6GR%2FRhd68O8gk1PiPXwAlhxckAQb7M14MgWRgPEnUQwmEGoCSScI9V1IfkqAkOP6BpL4%2FnVtCrr1GKUlOiWVR39BFlNS%2Bf0ykvibZSWH1dta5ZnUicUwcpDDCWRvgjQ%2FQrZ9CbI4Qph9Asl%2FJouP1pHEextWaUjuZrtLOYGMJlBiBGo95OUnPeSRhzz1EPOzahgEQcfnIfW7S2HY4B3B2twPaCcKaOC3u8jDkt4IWTpCqEYIzQ5Ss4O%2BHMHkP8BuOljuwWZT4t3cwYA7FIKgsAQFJSgkQZERFAO3z5WtW3efK5uz4CLXL3LDjXXW26X7OuuJhICaEQx3u%2Bk5ebrUx%2FvwOEBfnFWDTp0vtbt%2BvdlqtRqi67fqlEZMBIy3mzRowEoHaS%2FNVt6WU9J97jekpWd9B0aPYNURQnkFNA9ACwe66bCdHGYy2cqNqsWaSXDtkGYVZFverjonz88culL5ACI8ufZw4bV0%2FOsCQuOQGoeP5TFBT90b39IF2bulC0u%2B20gzGcttWrp3O6OZeOKrt8VWoQ1fW7GjL18PS6AsD98VNlunCZdJz5KvlyXnwqxqEwry%2FZp9T7Abud1czk2Sp%2Bs33lhdi1MjrJU6mYDK042%2FEcopqbz47OxZPvXTn5BmApM7xPkJuQhIfYQw3YFN5%2BytJjBqPsPSCorcjU2dzQ%2BVJFBi3lPmYP%2FTs3k9NrS8TaXbtffQMxXQ7C6S2GFgHAbKgaoRbL4wzlJzcu3Hz8v4AkxVxkyZyh5TRn02JS%2F80iyVvln%2B7jzW3MqzasPnHSYi0WGi2WpGIuSs1WJ%2BGIWswbvdEJmdRq0%2F3D8AAAD%2F%2FwEAAP%2F%2FOyK7%2FnoEAAA%3D HTTP/1.1
Host: fibaffluencebetting.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Cookie: u_pl=22725681; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec172d9680245553e8052aafbe1bd64a13=[2019380,2229329,2229333,2229337]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 07:24:17 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1b456df32d25c9c0e9c8caf538eabc2a
Strict-Transport-Security: max-age=0; includeSubdomains
|
|