Report - direct.zencloud.lol/?url=VmRxcDNrNko1RUduN0dUeHhpZWZjR1dXbEJsTTJDUkZJZWYyY3FRS28vUnZGb2J1eWp0Tm5FMUcyb3lCcEhROVNIcXhCSzVlVzJMY3ppc00yckF5T2NpdVUxbE9kVnJOVHJNbXMvZ05JOUlvc1FMSlVGK2licXdwY2ZDUmZaeU1iQTh0Z2ZrNUNlclF1emgvV3NHS0RpbGNuTjVTdGlWdTBvcTAvSklnekgvaEo3UDkvREJpUktOWWh6ckNneG0x

Report Overview

Submitted URL
direct.zencloud.lol/?url=VmRxcDNrNko1RUduN0dUeHhpZWZjR1dXbEJsTTJDUkZJZWYyY3FRS28vUnZGb2J1eWp0Tm5FMUcyb3lCcEhROVNIcXhCSzVlVzJMY3ppc00yckF5T2NpdVUxbE9kVnJOVHJNbXMvZ05JOUlvc1FMSlVGK2licXdwY2ZDUmZaeU1iQTh0Z2ZrNUNlclF1emgvV3NHS0RpbGNuTjVTdGlWdTBvcTAvSklnekgvaEo3UDkvREJpUktOWWh6ckNneG0x
IP
172.67.128.140
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-08 17:43:25
Access
public
Website Title
Video Downloader
Final URL
direct.zencloud.lol/?url=VmRxcDNrNko1RUduN0dUeHhpZWZjR1dXbEJsTTJDUkZJZWYyY3FRS28vUnZGb2J1eWp0Tm5FMUcyb3lCcEhROVNIcXhCSzVlVzJMY3ppc00yckF5T2NpdVUxbE9kVnJOVHJNbXMvZ05JOUlvc1FMSlVGK2licXdwY2ZDUmZaeU1iQTh0Z2ZrNUNlclF1emgvV3NHS0RpbGNuTjVTdGlWdTBvcTAvSklnekgvaEo3UDkvREJpUktOWWh6ckNneG0x
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
10

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
capaciousdrewreligion.com	unknown	2023-11-07	2023-11-27	2024-05-07	418 B	327 B	172.240.127.234
i0.wp.com	3021	1997-03-28	2013-09-17	2024-05-07	683 B	30 kB	192.0.77.2
cdn.jsdelivr.net	439	2012-05-16	2012-09-30	2024-05-07	3.9 kB	141 kB	151.101.193.229
direct.zencloud.lol	unknown	unknown	No data	No data	1.6 kB	14 kB	104.21.1.52
ghastlyejection.com	unknown	2023-03-24	2023-04-09	2024-02-17	882 B	42 kB	192.243.59.12
ocsp.r2m03.amazontrust.com	unknown	2007-05-11	2023-02-21	2024-05-07	338 B	942 B	143.204.53.97
dividetribute.com	unknown	unknown	No data	No data	3.3 kB	6.4 kB	192.243.59.20
proftrafficcounter.com	unknown	2023-11-16	2023-11-21	2024-05-08	878 B	852 B	18.185.9.67
cdn.cloudimagesb.com	23099	2020-10-06	2021-02-12	2024-05-08	441 B	145 kB	45.133.44.10
blogger.googleusercontent.com	16485	2008-11-17	2012-05-25	2024-05-07	671 B	30 kB	142.250.74.97
unseenreport.com	unknown	2022-03-30	2022-03-30	2024-05-07	739 B	423 B	192.243.61.227
downstairsnegotiatebarren.com	unknown	2024-03-04	2024-03-04	2024-05-08	416 B	87 kB	172.67.180.87

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-08	medium	ghastlyejection.com	Sinkholed
2024-05-08	medium	ghastlyejection.com	Sinkholed
2024-05-08	medium	dividetribute.com	Sinkholed
2024-05-08	medium	dividetribute.com	Sinkholed
2024-05-08	medium	unseenreport.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (13)

	URL	Size	First Seen	Last Seen
	unknown	3.3 kB	2024-05-08	2024-05-08
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 19:43:32 Last Seen2024-05-08 19:43:32 Times Seen1 Hash d4cbbac1130c1c19b47198e7af293825 9882117851e83e25ff4298572637c10decd63bac afeaf66af86f771742e6346a3c0ecd87945071be2e0462347fb775cda108c740 Loading...

	cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.min.js	59 kB	2023-03-07	2024-05-19
Pretty URL cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.min.js IP 151.101.193.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23:52 Last Seen2024-05-19 16:51:11 Times Seen3486 Hash 259e416ef6833be43801b8b68a93b008 19080c3b817985336aab5e1ce6925c99803f2efd 70c3d690bdc5ce3b9a1527c46044989a3176e610882fa99f4523e75bc395bcce Loading...

	cdn.jsdelivr.net/npm/@popperjs/core@2.10.2/dist/umd/popper.min.js	19 kB	2023-03-07	2024-05-19
Pretty URL cdn.jsdelivr.net/npm/@popperjs/core@2.10.2/dist/umd/popper.min.js IP 151.101.193.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23:52 Last Seen2024-05-19 16:51:11 Times Seen2521 Hash 541aecc95a7faeef0fc27558070f3647 0ec7ca4778ba3ccb4d1b1688094720834fbe9ed3 f395875eb5d58c5128c434812cd0a53d438b11536f7fd1577077d8a5c612e1fd Loading...

	unknown	145 B	2024-04-28	2024-05-10
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-28 01:29:58 Last Seen2024-05-10 08:20:53 Times Seen9 Hash cefef4084102ea96199270b0a77280f8 ca546055f61c2c3c1d35f4bf54d9ebdd87cb6288 70c3cd9cd3f290e0b3a5f5a402a91a5b1665f8d8e8c46f5194f6b2137a863ef5 Loading...

	ghastlyejection.com/9e77242938ed4c20d4b8f1c9c1246de6/invoke.js	31 kB	2024-05-08	2024-05-08
Pretty URL ghastlyejection.com/9e77242938ed4c20d4b8f1c9c1246de6/invoke.js IP 192.243.59.12 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 19:43:32 Last Seen2024-05-08 19:43:32 Times Seen2 Hash 242aaf5e3e84c3c4566df3584ab7f08e ea0f509ca911bdc0ce1f79f4eba74543ae3ea880 c708994d60a178f5d2a593f414f6617704361d60f05348b4fac042334a1e8077 Loading...

	cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js	78 kB	2023-03-07	2024-05-19
Pretty URL cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js IP 151.101.193.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:26 Last Seen2024-05-19 23:32:38 Times Seen9141 Hash 7ccd9d390d31af98110f74f842ea9b32 a85e681624c91a106a514c31eacf80de817b2cc3 f5210fa3e7f0245a4c51eb7f280092c0ef99fdd28c45e17dab8cc5854fdf4fd3 Loading...

	direct.zencloud.lol/?url=VmRxcDNrNko1RUduN0dUeHhpZWZjR1dXbEJsTTJDUkZJZWYyY3FRS28vUnZGb2J1eWp0Tm5FMUcyb3lCcEhROVNIcXhCSzVlVzJMY3ppc00yckF5T2NpdVUxbE9kVnJOVHJNbXMvZ05JOUlvc1FMSlVGK2licXdwY2ZDUmZaeU1iQTh0Z2ZrNUNlclF1emgvV3NHS0RpbGNuTjVTdGlWdTBvcTAvSklnekgvaEo3UDkvREJpUktOWWh6ckNneG0x	140 B	2024-04-28	2024-05-10
Pretty URL direct.zencloud.lol/?url=VmRxcDNrNko1RUduN0dUeHhpZWZjR1dXbEJsTTJDUkZJZWYyY3FRS28vUnZGb2J1eWp0Tm5FMUcyb3lCcEhROVNIcXhCSzVlVzJMY3ppc00yckF5T2NpdVUxbE9kVnJOVHJNbXMvZ05JOUlvc1FMSlVGK2licXdwY2ZDUmZaeU1iQTh0Z2ZrNUNlclF1emgvV3NHS0RpbGNuTjVTdGlWdTBvcTAvSklnekgvaEo3UDkvREJpUktOWWh6ckNneG0x IP 104.21.1.52 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-28 01:29:58 Last Seen2024-05-10 08:20:53 Times Seen9 Hash e57f681e533dce1ed37417d9c1cd0b8b a134be60f1d069be31ce298c0ef73e3198bba50e 3449e5cb12ac89986a8940f1fe55cc3157ca3a32be72c9be7108d8f5dedc825a Loading...

	ghastlyejection.com/d6/c6/9c/d6c69caa54fd5fdaf8def7abe2268296.js	76 kB	2024-05-08	2024-05-08
Pretty URL ghastlyejection.com/d6/c6/9c/d6c69caa54fd5fdaf8def7abe2268296.js IP 192.243.59.12 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 19:43:32 Last Seen2024-05-08 19:43:32 Times Seen2 Hash a5dd8fd1a029f4da99d4b9a2f420c872 ccab9df20c006ee0ce34ba669ff38221beaee884 2a79c314164258da8bc97fb1f43a79e5e6834a8f7ac89ce3c75ef55773f66fa6 Loading...

	direct.zencloud.lol/?url=VmRxcDNrNko1RUduN0dUeHhpZWZjR1dXbEJsTTJDUkZJZWYyY3FRS28vUnZGb2J1eWp0Tm5FMUcyb3lCcEhROVNIcXhCSzVlVzJMY3ppc00yckF5T2NpdVUxbE9kVnJOVHJNbXMvZ05JOUlvc1FMSlVGK2licXdwY2ZDUmZaeU1iQTh0Z2ZrNUNlclF1emgvV3NHS0RpbGNuTjVTdGlWdTBvcTAvSklnekgvaEo3UDkvREJpUktOWWh6ckNneG0x	4.1 kB	2024-01-25	2024-05-10
Pretty URL direct.zencloud.lol/?url=VmRxcDNrNko1RUduN0dUeHhpZWZjR1dXbEJsTTJDUkZJZWYyY3FRS28vUnZGb2J1eWp0Tm5FMUcyb3lCcEhROVNIcXhCSzVlVzJMY3ppc00yckF5T2NpdVUxbE9kVnJOVHJNbXMvZ05JOUlvc1FMSlVGK2licXdwY2ZDUmZaeU1iQTh0Z2ZrNUNlclF1emgvV3NHS0RpbGNuTjVTdGlWdTBvcTAvSklnekgvaEo3UDkvREJpUktOWWh6ckNneG0x IP 104.21.1.52 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-01-25 07:39:34 Last Seen2024-05-10 08:20:53 Times Seen15 Hash 42fb35480631e583224c20e9f00c1f0d 2e30c877234085a6372b7081f24544b7e75d4dcb 212164355499a9e24d4bb29172bc9896c46a0680edeb8a55920b42f39ff75a2e Loading...

	downstairsnegotiatebarren.com/sfp.js	86 kB	2024-03-29	2024-05-17
Pretty URL downstairsnegotiatebarren.com/sfp.js IP 172.67.180.87 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 13:13:34 Last Seen2024-05-17 14:49:08 Times Seen3553 Hash f4a2f8f9f99541c6f105bbd0a025bd40 1f8e3eff12168fdd9e719adfc098d24a45b6916a b717cb04231a10d425fd55b73c85a5407119c6826a8bac94142fddfff6958716 Loading...

	unknown	196 B	2024-04-28	2024-05-10
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-28 01:29:58 Last Seen2024-05-10 08:20:53 Times Seen9 Hash d7a5416a938a2f242e52c2e9544c50f3 996e7d672eb5d189cb62b67f4bd7ca6535f89e9f 6eef2eaf44fdcf2a36d7241bfb70c89b604c7f81de6400c43d2a205e454ea175 Loading...

	capaciousdrewreligion.com/advertisers.js	0 B	2023-03-07	2024-05-20
Pretty URL capaciousdrewreligion.com/advertisers.js IP 172.240.127.234 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-20 00:05:16 Times Seen37847016 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 40bc5190d6f2a0fbaa65dc45ebcb9a94	2.1 kB	2024-05-08	2024-05-08
Pretty Observations First Seen2024-05-08 19:43:32 Last Seen2024-05-08 19:43:32 Times Seen1 Hash 40bc5190d6f2a0fbaa65dc45ebcb9a94 b93b7087e13d9809fea884a24d59f33c77cc75f3 19257b14816e488c5c0feb65e725a91e7fc65c3a10250287ce4fae75ee737673 Loading...

HTTP Transactions (23)

URL IP Response Size

cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css

151.101.193.229

200 OK

26 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css
IP
151.101.193.229:443
ASN
#54113 FASTLY

Requested by
https://direct.zencloud.lol/?url=VmRxcDNrNko1RUduN0dUeHhpZWZjR1dXbEJsTTJDUkZJZWYyY3FRS28vUnZGb2J1eWp0Tm5FMUcyb3lCcEhROVNIcXhCSzVlVzJMY3ppc00yckF5T2NpdVUxbE9kVnJOVHJNbXMvZ05JOUlvc1FMSlVGK2licXdwY2ZDUmZaeU1iQTh0Z2ZrNUNlclF1emgvV3NHS0RpbGNuTjVTdGlWdTBvcTAvSklnekgvaEo3UDkvREJpUktOWWh6ckNneG0x
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
Unicode text, UTF-8 text, with very long lines (65306)
Size
26 kB (26333 bytes)
Hash
94994c66fec8c3468b269dc0cc242151
ec16bd19bf4ae9bc2e2336ac409a503bbbdaacad
62f74b1cf824a89f03554c638e719594c309b4d8a627a758928c0516fa7890ab

HTTP Headers

GET /npm/bootstrap@5.1.3/dist/css/bootstrap.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://direct.zencloud.lol
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 5.1.3
x-jsd-version-type: version
etag: W/"28021-7Ba9Gb9K6bwuIzasQJpQO7varK0"
content-encoding: br
accept-ranges: bytes
date: Wed, 08 May 2024 17:42:59 GMT
age: 1949922
x-served-by: cache-fra-etou8220101-FRA, cache-hel1410023-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 26333
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/@popperjs/core@2.10.2/dist/umd/popper.min.js

151.101.193.229

200 OK

7.0 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/@popperjs/core@2.10.2/dist/umd/popper.min.js
IP
151.101.193.229:443
ASN
#54113 FASTLY

Requested by
https://direct.zencloud.lol/?url=VmRxcDNrNko1RUduN0dUeHhpZWZjR1dXbEJsTTJDUkZJZWYyY3FRS28vUnZGb2J1eWp0Tm5FMUcyb3lCcEhROVNIcXhCSzVlVzJMY3ppc00yckF5T2NpdVUxbE9kVnJOVHJNbXMvZ05JOUlvc1FMSlVGK2licXdwY2ZDUmZaeU1iQTh0Z2ZrNUNlclF1emgvV3NHS0RpbGNuTjVTdGlWdTBvcTAvSklnekgvaEo3UDkvREJpUktOWWh6ckNneG0x
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
JavaScript source, ASCII text, with very long lines (18706)
Size
7.0 kB (6952 bytes)
Hash
541aecc95a7faeef0fc27558070f3647
0ec7ca4778ba3ccb4d1b1688094720834fbe9ed3
f395875eb5d58c5128c434812cd0a53d438b11536f7fd1577077d8a5c612e1fd

HTTP Headers

GET /npm/@popperjs/core@2.10.2/dist/umd/popper.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://direct.zencloud.lol
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 2.10.2
x-jsd-version-type: version
etag: W/"496b-DsfKR3i6PMtNGxaICUcgg0++ntM"
content-encoding: br
accept-ranges: bytes
date: Wed, 08 May 2024 17:42:59 GMT
age: 9199076
x-served-by: cache-fra-etou8220021-FRA, cache-hel1410023-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 6952
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.min.js

151.101.193.229

200 OK

18 kB

URL GET HTTP/3
cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.min.js
IP
151.101.193.229:443
ASN
#54113 FASTLY

Requested by
https://direct.zencloud.lol/?url=VmRxcDNrNko1RUduN0dUeHhpZWZjR1dXbEJsTTJDUkZJZWYyY3FRS28vUnZGb2J1eWp0Tm5FMUcyb3lCcEhROVNIcXhCSzVlVzJMY3ppc00yckF5T2NpdVUxbE9kVnJOVHJNbXMvZ05JOUlvc1FMSlVGK2licXdwY2ZDUmZaeU1iQTh0Z2ZrNUNlclF1emgvV3NHS0RpbGNuTjVTdGlWdTBvcTAvSklnekgvaEo3UDkvREJpUktOWWh6ckNneG0x
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
JavaScript source, ASCII text, with very long lines (58940)
Size
18 kB (17624 bytes)
Hash
259e416ef6833be43801b8b68a93b008
19080c3b817985336aab5e1ce6925c99803f2efd
70c3d690bdc5ce3b9a1527c46044989a3176e610882fa99f4523e75bc395bcce

HTTP Headers

GET /npm/bootstrap@5.1.3/dist/js/bootstrap.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://direct.zencloud.lol
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 5.1.3
x-jsd-version-type: version
etag: W/"e753-GQgMO4F5hTNqq14c5pJcmYA/Lv0"
content-encoding: br
accept-ranges: bytes
date: Wed, 08 May 2024 17:42:59 GMT
age: 9199075
x-served-by: cache-fra-etou8220048-FRA, cache-hel1410023-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 17624
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js

151.101.193.229

200 OK

24 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js
IP
151.101.193.229:443
ASN
#54113 FASTLY

Requested by
https://direct.zencloud.lol/?url=VmRxcDNrNko1RUduN0dUeHhpZWZjR1dXbEJsTTJDUkZJZWYyY3FRS28vUnZGb2J1eWp0Tm5FMUcyb3lCcEhROVNIcXhCSzVlVzJMY3ppc00yckF5T2NpdVUxbE9kVnJOVHJNbXMvZ05JOUlvc1FMSlVGK2licXdwY2ZDUmZaeU1iQTh0Z2ZrNUNlclF1emgvV3NHS0RpbGNuTjVTdGlWdTBvcTAvSklnekgvaEo3UDkvREJpUktOWWh6ckNneG0x
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
JavaScript source, ASCII text, with very long lines (65299)
Size
24 kB (24376 bytes)
Hash
7ccd9d390d31af98110f74f842ea9b32
a85e681624c91a106a514c31eacf80de817b2cc3
f5210fa3e7f0245a4c51eb7f280092c0ef99fdd28c45e17dab8cc5854fdf4fd3

HTTP Headers

GET /npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://direct.zencloud.lol
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 5.1.3
x-jsd-version-type: version
etag: W/"13131-qF5oFiTJGhBqUUwx6s+A3oF7LMM"
content-encoding: br
accept-ranges: bytes
date: Wed, 08 May 2024 17:42:59 GMT
age: 30729521
x-served-by: cache-fra-eddf8230075-FRA, cache-hel1410023-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 24376
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/bootstrap-icons@1.8.1/font/bootstrap-icons.css

151.101.193.229

200 OK

11 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/bootstrap-icons@1.8.1/font/bootstrap-icons.css
IP
151.101.193.229:443
ASN
#54113 FASTLY

Requested by
https://direct.zencloud.lol/?url=VmRxcDNrNko1RUduN0dUeHhpZWZjR1dXbEJsTTJDUkZJZWYyY3FRS28vUnZGb2J1eWp0Tm5FMUcyb3lCcEhROVNIcXhCSzVlVzJMY3ppc00yckF5T2NpdVUxbE9kVnJOVHJNbXMvZ05JOUlvc1FMSlVGK2licXdwY2ZDUmZaeU1iQTh0Z2ZrNUNlclF1emgvV3NHS0RpbGNuTjVTdGlWdTBvcTAvSklnekgvaEo3UDkvREJpUktOWWh6ckNneG0x
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
ASCII text
Size
11 kB (10883 bytes)
Hash
79877fb82de8ca50845081e3c9a201c5
4f6ea69c0e03431ffa1a097a45453b5b3b246d8b
af35cc6aba34e5005de77099dfa72d4c1a7715d28ddcec343f48031dc8cb08bc

HTTP Headers

GET /npm/bootstrap-icons@1.8.1/font/bootstrap-icons.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 1.8.1
x-jsd-version-type: version
etag: W/"13a7e-T26mnA4DQx/6Ggl6RUU7WzskbYs"
content-encoding: br
accept-ranges: bytes
date: Wed, 08 May 2024 17:42:59 GMT
age: 20053
x-served-by: cache-fra-etou8220090-FRA, cache-hel1410022-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 10883
X-Firefox-Spdy: h2

direct.zencloud.lol/?url=VmRxcDNrNko1RUduN0dUeHhpZWZjR1dXbEJsTTJDUkZJZWYyY3FRS28vUnZGb2J1eWp0Tm5FMUcyb3lCcEhROVNIcXhCSzVlVzJMY3ppc00yckF5T2NpdVUxbE9kVnJOVHJNbXMvZ05JOUlvc1FMSlVGK2licXdwY2ZDUmZaeU1iQTh0Z2ZrNUNlclF1emgvV3NHS0RpbGNuTjVTdGlWdTBvcTAvSklnekgvaEo3UDkvREJpUktOWWh6ckNneG0x

104.21.1.52

200 OK

3.2 kB

URL User Request GET HTTP/2
direct.zencloud.lol/?url=VmRxcDNrNko1RUduN0dUeHhpZWZjR1dXbEJsTTJDUkZJZWYyY3FRS28vUnZGb2J1eWp0Tm5FMUcyb3lCcEhROVNIcXhCSzVlVzJMY3ppc00yckF5T2NpdVUxbE9kVnJOVHJNbXMvZ05JOUlvc1FMSlVGK2licXdwY2ZDUmZaeU1iQTh0Z2ZrNUNlclF1emgvV3NHS0RpbGNuTjVTdGlWdTBvcTAvSklnekgvaEo3UDkvREJpUktOWWh6ckNneG0x
IP
104.21.1.52:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectzencloud.lol
FingerprintAF:41:F3:75:A7:7F:B2:21:D8:43:DF:36:AB:67:E2:8D:70:71:B0:55
ValidityWed, 10 Apr 2024 03:44:54 GMT - Tue, 09 Jul 2024 03:44:53 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (486), with CRLF line terminators
Size
3.2 kB (3217 bytes)
Hash
132e54a564e04b2c6aff61a8fbd14aa8
5d73d7ac8fc766e7e0bb3efed69e216427ec5d21
783b773ecf48e71421232e00afc15a2c2b96b3d93ad3dc7f533a0900cca2daa7

HTTP Headers

GET /?url=VmRxcDNrNko1RUduN0dUeHhpZWZjR1dXbEJsTTJDUkZJZWYyY3FRS28vUnZGb2J1eWp0Tm5FMUcyb3lCcEhROVNIcXhCSzVlVzJMY3ppc00yckF5T2NpdVUxbE9kVnJOVHJNbXMvZ05JOUlvc1FMSlVGK2licXdwY2ZDUmZaeU1iQTh0Z2ZrNUNlclF1emgvV3NHS0RpbGNuTjVTdGlWdTBvcTAvSklnekgvaEo3UDkvREJpUktOWWh6ckNneG0x HTTP/1.1
Host: direct.zencloud.lol
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 17:42:59 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IaOjE4%2FGS%2FNQUcDmSt9x2sjDYJJh2cME0De6Z193cj5gYZRA3sFDjnNkUTHhbL7O0M3PTq2YbOIzoQp%2B8j3D3Z0H8cKgty5ESQ9XJp8aYf5XDdb%2BVlWP%2FeuQ97XV%2BeLpnw2VPdrW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880b3fdcdb4d712b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ghastlyejection.com/9e77242938ed4c20d4b8f1c9c1246de6/invoke.js

192.243.59.12

200 OK

12 kB

URL GET HTTP/1.1
ghastlyejection.com/9e77242938ed4c20d4b8f1c9c1246de6/invoke.js
IP
192.243.59.12:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://direct.zencloud.lol/?url=VmRxcDNrNko1RUduN0dUeHhpZWZjR1dXbEJsTTJDUkZJZWYyY3FRS28vUnZGb2J1eWp0Tm5FMUcyb3lCcEhROVNIcXhCSzVlVzJMY3ppc00yckF5T2NpdVUxbE9kVnJOVHJNbXMvZ05JOUlvc1FMSlVGK2licXdwY2ZDUmZaeU1iQTh0Z2ZrNUNlclF1emgvV3NHS0RpbGNuTjVTdGlWdTBvcTAvSklnekgvaEo3UDkvREJpUktOWWh6ckNneG0x
Certificate
IssuerLet's Encrypt
Subjectghastlyejection.com
Fingerprint65:2F:32:E2:B0:77:79:80:01:58:74:67:79:B5:76:80:C1:78:5C:09
ValidityTue, 19 Mar 2024 07:22:21 GMT - Mon, 17 Jun 2024 07:22:20 GMT

File type
JavaScript source, ASCII text, with very long lines (31288), with no line terminators
Size
12 kB (11833 bytes)
Hash
242aaf5e3e84c3c4566df3584ab7f08e
ea0f509ca911bdc0ce1f79f4eba74543ae3ea880
c708994d60a178f5d2a593f414f6617704361d60f05348b4fac042334a1e8077

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /9e77242938ed4c20d4b8f1c9c1246de6/invoke.js HTTP/1.1
Host: ghastlyejection.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 May 2024 17:43:00 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: bb5f18153504b1c67e6e4d6cfc0b5897
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

ghastlyejection.com/d6/c6/9c/d6c69caa54fd5fdaf8def7abe2268296.js

192.243.59.12

200 OK

28 kB

URL GET HTTP/1.1
ghastlyejection.com/d6/c6/9c/d6c69caa54fd5fdaf8def7abe2268296.js
IP
192.243.59.12:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://direct.zencloud.lol/?url=VmRxcDNrNko1RUduN0dUeHhpZWZjR1dXbEJsTTJDUkZJZWYyY3FRS28vUnZGb2J1eWp0Tm5FMUcyb3lCcEhROVNIcXhCSzVlVzJMY3ppc00yckF5T2NpdVUxbE9kVnJOVHJNbXMvZ05JOUlvc1FMSlVGK2licXdwY2ZDUmZaeU1iQTh0Z2ZrNUNlclF1emgvV3NHS0RpbGNuTjVTdGlWdTBvcTAvSklnekgvaEo3UDkvREJpUktOWWh6ckNneG0x
Certificate
IssuerLet's Encrypt
Subjectghastlyejection.com
Fingerprint65:2F:32:E2:B0:77:79:80:01:58:74:67:79:B5:76:80:C1:78:5C:09
ValidityTue, 19 Mar 2024 07:22:21 GMT - Mon, 17 Jun 2024 07:22:20 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
28 kB (28360 bytes)
Hash
a5dd8fd1a029f4da99d4b9a2f420c872
ccab9df20c006ee0ce34ba669ff38221beaee884
2a79c314164258da8bc97fb1f43a79e5e6834a8f7ac89ce3c75ef55773f66fa6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /d6/c6/9c/d6c69caa54fd5fdaf8def7abe2268296.js HTTP/1.1
Host: ghastlyejection.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 May 2024 17:43:00 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9b1b42c1f02027151699a9ddf9b667f8
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js

151.101.193.229

200 OK

24 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js
IP
151.101.193.229:443
ASN
#54113 FASTLY

Requested by
https://direct.zencloud.lol/?url=VmRxcDNrNko1RUduN0dUeHhpZWZjR1dXbEJsTTJDUkZJZWYyY3FRS28vUnZGb2J1eWp0Tm5FMUcyb3lCcEhROVNIcXhCSzVlVzJMY3ppc00yckF5T2NpdVUxbE9kVnJOVHJNbXMvZ05JOUlvc1FMSlVGK2licXdwY2ZDUmZaeU1iQTh0Z2ZrNUNlclF1emgvV3NHS0RpbGNuTjVTdGlWdTBvcTAvSklnekgvaEo3UDkvREJpUktOWWh6ckNneG0x
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
JavaScript source, ASCII text, with very long lines (65299)
Size
24 kB (24376 bytes)
Hash
7ccd9d390d31af98110f74f842ea9b32
a85e681624c91a106a514c31eacf80de817b2cc3
f5210fa3e7f0245a4c51eb7f280092c0ef99fdd28c45e17dab8cc5854fdf4fd3

HTTP Headers

GET /npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://direct.zencloud.lol
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 5.1.3
x-jsd-version-type: version
etag: W/"13131-qF5oFiTJGhBqUUwx6s+A3oF7LMM"
content-encoding: br
accept-ranges: bytes
date: Wed, 08 May 2024 17:43:00 GMT
age: 30729522
x-served-by: cache-fra-eddf8230075-FRA, cache-hel1410023-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 24376
X-Firefox-Spdy: h2

ocsp.r2m03.amazontrust.com/

143.204.53.97

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
143.204.53.97:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
17d83a6a1ce5ec032b9d0be6c8c68106
9b412e1c9f9694753b73daa262811ec4c420e7d1
935af939ae598190c9c8175f1ac54241ab2614b3c7599a4c92e1be2ecd42ab23

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Wed, 08 May 2024 17:43:00 GMT
Last-Modified: Wed, 08 May 2024 16:43:36 GMT
Server: ECAcc (ska/F7AF)
X-Cache: Miss from cloudfront
Via: 1.1 9ede9483eb891e14681c7c693b47c862.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Hy0irSSlbmjq8FYvSHgm4zUg30BQYuOpq33FSOmj-_0KHsTZFQ5YjQ==
Age: 3564

proftrafficcounter.com/stats

18.185.9.67

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
18.185.9.67:443
ASN
#16509 AMAZON-02

Requested by
https://direct.zencloud.lol/?url=VmRxcDNrNko1RUduN0dUeHhpZWZjR1dXbEJsTTJDUkZJZWYyY3FRS28vUnZGb2J1eWp0Tm5FMUcyb3lCcEhROVNIcXhCSzVlVzJMY3ppc00yckF5T2NpdVUxbE9kVnJOVHJNbXMvZ05JOUlvc1FMSlVGK2licXdwY2ZDUmZaeU1iQTh0Z2ZrNUNlclF1emgvV3NHS0RpbGNuTjVTdGlWdTBvcTAvSklnekgvaEo3UDkvREJpUktOWWh6ckNneG0x
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
5f80307f5468e66ddf284bb26f7fa148
f080fc9b62acfdb6e26ea81e727461c4044d85b7
7ebdf4c78c23c2ebc13d4c43a1a6a38dd292ad0bf806e01ce591654344dab495

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://direct.zencloud.lol
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 17:43:00 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://direct.zencloud.lol
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=8f6db3a6-046c-487d-bd5f-5cae11b0b408:2:1; expires=Sat, 06 May 2034 17:43:00 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

proftrafficcounter.com/stats

18.185.9.67

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
18.185.9.67:443
ASN
#16509 AMAZON-02

Requested by
https://direct.zencloud.lol/?url=VmRxcDNrNko1RUduN0dUeHhpZWZjR1dXbEJsTTJDUkZJZWYyY3FRS28vUnZGb2J1eWp0Tm5FMUcyb3lCcEhROVNIcXhCSzVlVzJMY3ppc00yckF5T2NpdVUxbE9kVnJOVHJNbXMvZ05JOUlvc1FMSlVGK2licXdwY2ZDUmZaeU1iQTh0Z2ZrNUNlclF1emgvV3NHS0RpbGNuTjVTdGlWdTBvcTAvSklnekgvaEo3UDkvREJpUktOWWh6ckNneG0x
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
526cf501755b7eb14a53db927932174b
86738c08cda430ba3499683aa8df2ebcefd90274
df2df21c72dd28ae95ab88146e152884a52622ad1ae69000a31f876e0302836b

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://direct.zencloud.lol
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 17:43:00 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://direct.zencloud.lol
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=1bb54161-34d4-452a-bd2d-ede080eb6894:1:1; expires=Sat, 06 May 2034 17:43:00 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/@popperjs/core@2.10.2/dist/umd/popper.min.js

151.101.193.229

200 OK

7.0 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/@popperjs/core@2.10.2/dist/umd/popper.min.js
IP
151.101.193.229:443
ASN
#54113 FASTLY

Requested by
https://direct.zencloud.lol/?url=VmRxcDNrNko1RUduN0dUeHhpZWZjR1dXbEJsTTJDUkZJZWYyY3FRS28vUnZGb2J1eWp0Tm5FMUcyb3lCcEhROVNIcXhCSzVlVzJMY3ppc00yckF5T2NpdVUxbE9kVnJOVHJNbXMvZ05JOUlvc1FMSlVGK2licXdwY2ZDUmZaeU1iQTh0Z2ZrNUNlclF1emgvV3NHS0RpbGNuTjVTdGlWdTBvcTAvSklnekgvaEo3UDkvREJpUktOWWh6ckNneG0x
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
JavaScript source, ASCII text, with very long lines (18706)
Size
7.0 kB (6952 bytes)
Hash
541aecc95a7faeef0fc27558070f3647
0ec7ca4778ba3ccb4d1b1688094720834fbe9ed3
f395875eb5d58c5128c434812cd0a53d438b11536f7fd1577077d8a5c612e1fd

HTTP Headers

GET /npm/@popperjs/core@2.10.2/dist/umd/popper.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://direct.zencloud.lol
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-length: 6952
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 2.10.2
x-jsd-version-type: version
etag: W/"496b-DsfKR3i6PMtNGxaICUcgg0++ntM"
content-encoding: br
accept-ranges: bytes
date: Wed, 08 May 2024 17:43:00 GMT
age: 9199076
x-served-by: cache-fra-etou8220021-FRA, cache-hel1410024-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400

cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.min.js

151.101.193.229

200 OK

18 kB

URL GET HTTP/3
cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.min.js
IP
151.101.193.229:443
ASN
#54113 FASTLY

Requested by
https://direct.zencloud.lol/?url=VmRxcDNrNko1RUduN0dUeHhpZWZjR1dXbEJsTTJDUkZJZWYyY3FRS28vUnZGb2J1eWp0Tm5FMUcyb3lCcEhROVNIcXhCSzVlVzJMY3ppc00yckF5T2NpdVUxbE9kVnJOVHJNbXMvZ05JOUlvc1FMSlVGK2licXdwY2ZDUmZaeU1iQTh0Z2ZrNUNlclF1emgvV3NHS0RpbGNuTjVTdGlWdTBvcTAvSklnekgvaEo3UDkvREJpUktOWWh6ckNneG0x
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
JavaScript source, ASCII text, with very long lines (58940)
Size
18 kB (17624 bytes)
Hash
259e416ef6833be43801b8b68a93b008
19080c3b817985336aab5e1ce6925c99803f2efd
70c3d690bdc5ce3b9a1527c46044989a3176e610882fa99f4523e75bc395bcce

HTTP Headers

GET /npm/bootstrap@5.1.3/dist/js/bootstrap.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://direct.zencloud.lol
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-length: 17624
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 5.1.3
x-jsd-version-type: version
etag: W/"e753-GQgMO4F5hTNqq14c5pJcmYA/Lv0"
content-encoding: br
accept-ranges: bytes
date: Wed, 08 May 2024 17:43:00 GMT
age: 9199076
x-served-by: cache-fra-etou8220048-FRA, cache-hel1410024-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400

dividetribute.com/watch.1104583737432.js?key=9e77242938ed4c20d4b8f1c9c1246de6&kw=%5B%22video%22%2C%22downloader%22%5D&refer=https%3A%2F%2Fdirect.zencloud.lol%2F%3Furl%3DVmRxcDNrNko1RUduN0dUeHhpZWZjR1dXbEJsTTJDUkZJZWYyY3FRS28vUnZGb2J1eWp0Tm5FMUcyb3lCcEhROVNIcXhCSzVlVzJMY3ppc00yckF5T2NpdVUxbE9kVnJOVHJNbXMvZ05JOUlvc1FMSlVGK2licXdwY2ZDUmZaeU1iQTh0Z2ZrNUNlclF1emgvV3NHS0RpbGNuTjVTdGlWdTBvcTAvSklnekgvaEo3UDkvREJpUktOWWh6ckNneG0x&tz=0&dev=e&res=14.2071&uuid=8f6db3a6-046c-487d-bd5f-5cae11b0b408%3A2%3A1

192.243.59.20

307 Temporary Redirect

0 B

URL GET HTTP/1.1
dividetribute.com/watch.1104583737432.js?key=9e77242938ed4c20d4b8f1c9c1246de6&kw=%5B%22video%22%2C%22downloader%22%5D&refer=https%3A%2F%2Fdirect.zencloud.lol%2F%3Furl%3DVmRxcDNrNko1RUduN0dUeHhpZWZjR1dXbEJsTTJDUkZJZWYyY3FRS28vUnZGb2J1eWp0Tm5FMUcyb3lCcEhROVNIcXhCSzVlVzJMY3ppc00yckF5T2NpdVUxbE9kVnJOVHJNbXMvZ05JOUlvc1FMSlVGK2licXdwY2ZDUmZaeU1iQTh0Z2ZrNUNlclF1emgvV3NHS0RpbGNuTjVTdGlWdTBvcTAvSklnekgvaEo3UDkvREJpUktOWWh6ckNneG0x&tz=0&dev=e&res=14.2071&uuid=8f6db3a6-046c-487d-bd5f-5cae11b0b408%3A2%3A1
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://direct.zencloud.lol/?url=VmRxcDNrNko1RUduN0dUeHhpZWZjR1dXbEJsTTJDUkZJZWYyY3FRS28vUnZGb2J1eWp0Tm5FMUcyb3lCcEhROVNIcXhCSzVlVzJMY3ppc00yckF5T2NpdVUxbE9kVnJOVHJNbXMvZ05JOUlvc1FMSlVGK2licXdwY2ZDUmZaeU1iQTh0Z2ZrNUNlclF1emgvV3NHS0RpbGNuTjVTdGlWdTBvcTAvSklnekgvaEo3UDkvREJpUktOWWh6ckNneG0x
Certificate
IssuerLet's Encrypt
Subjectdividetribute.com
Fingerprint30:E5:4B:5E:DA:82:06:08:07:00:D4:B5:15:81:46:C4:46:04:EB:00
ValidityMon, 06 May 2024 08:01:59 GMT - Sun, 04 Aug 2024 08:01:58 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1104583737432.js?key=9e77242938ed4c20d4b8f1c9c1246de6&kw=%5B%22video%22%2C%22downloader%22%5D&refer=https%3A%2F%2Fdirect.zencloud.lol%2F%3Furl%3DVmRxcDNrNko1RUduN0dUeHhpZWZjR1dXbEJsTTJDUkZJZWYyY3FRS28vUnZGb2J1eWp0Tm5FMUcyb3lCcEhROVNIcXhCSzVlVzJMY3ppc00yckF5T2NpdVUxbE9kVnJOVHJNbXMvZ05JOUlvc1FMSlVGK2licXdwY2ZDUmZaeU1iQTh0Z2ZrNUNlclF1emgvV3NHS0RpbGNuTjVTdGlWdTBvcTAvSklnekgvaEo3UDkvREJpUktOWWh6ckNneG0x&tz=0&dev=e&res=14.2071&uuid=8f6db3a6-046c-487d-bd5f-5cae11b0b408%3A2%3A1 HTTP/1.1
Host: dividetribute.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://direct.zencloud.lol
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Wed, 08 May 2024 17:43:01 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://direct.zencloud.lol
Access-Control-Allow-Origin: https://direct.zencloud.lol
Access-Control-Allow-Credentials: true
Location: https://dividetribute.com/watch.1104583737432.js?dev=e&key=9e77242938ed4c20d4b8f1c9c1246de6&kw=%5B%22video%22%2C%22downloader%22%5D&pst=1715190241&refer=https%3A%2F%2Fdirect.zencloud.lol%2F%3Furl%3DVmRxcDNrNko1RUduN0dUeHhpZWZjR1dXbEJsTTJDUkZJZWYyY3FRS28vUnZGb2J1eWp0Tm5FMUcyb3lCcEhROVNIcXhCSzVlVzJMY3ppc00yckF5T2NpdVUxbE9kVnJOVHJNbXMvZ05JOUlvc1FMSlVGK2licXdwY2ZDUmZaeU1iQTh0Z2ZrNUNlclF1emgvV3NHS0RpbGNuTjVTdGlWdTBvcTAvSklnekgvaEo3UDkvREJpUktOWWh6ckNneG0x&res=14.2071&rmtc=t&shu=8e493c0d2eba91de03ac0ebc747bca5e2d991aa73aa755894ebc8d670d2f33d8f07c73e844a68653e133acee3d847434c23842204b843fafb6a3218963a977c62eb60eb506c3922f2876762272c8b5ace97094456361fcfc68eaaad70468d8&tz=0&uuid=8f6db3a6-046c-487d-bd5f-5cae11b0b408%3A2%3A1
Set-Cookie: u_pl=22980864; expires=Thu, 09 May 2024 17:43:01 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjk4MDg2NCwiayI6IjllNzcyNDI5MzhlZDRjMjBkNGI4ZjFjOWMxMjQ2ZGU2Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxMzgxMTE3LCJwaWQiOjE1NjczMiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxLCJhaWQiOjUsInB0Ijo0LCJwayI6InNicGpoNHU1MCIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo3OTk1NDE5NiwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMTY2NzAsImJuIjoiRmlyZWZveCIsImJ2IjoiOTYuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2RpcmVjdC56ZW5jbG91ZC5sb2wvP3VybD1WbVJ4Y0ROck5rbzFSVWR1TjBkVWVIaHBaV1pqUjFkWGJFSnNUVEpEVWtaSlpXWXlZM0ZSUzI4dlVuWkdiMkoxZVdwMFRtNUZNVWN5YjNsQ2NFaFJPVk5JY1hoQ1N6VmxWekpNWTNwcGMwMHlja0Y1VDJOcGRWVXhiRTlrVm5KT1ZISk5iWE12WjA1Sk9VbHZjMUZNU2xWR0sybGljWGR3WTJaRFVtWmFlVTFpUVRoMFoyWnJOVU5sY2xGMWVtZ3ZWM05IUzBScGJHTnVUalZUZEdsV2RUQnZjVEF2U2tsbmVrZ3ZhRW8zVURrdlJFSnBVa3RPV1doNmNrTm5lRzB4IiwiYXIiOltdfX0.Yc0ABrBO4ZFT17n4i-6s_Ms9Wg82a9LjIZEu36L8nMQ; expires=Wed, 08 May 2024 17:44:01 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: da6e38a0e61a59d2c1c6adcc52e8e891
Strict-Transport-Security: max-age=0; includeSubdomains

dividetribute.com/watch.1104583737432.js?dev=e&key=9e77242938ed4c20d4b8f1c9c1246de6&kw=%5B%22video%22%2C%22downloader%22%5D&pst=1715190241&refer=https%3A%2F%2Fdirect.zencloud.lol%2F%3Furl%3DVmRxcDNrNko1RUduN0dUeHhpZWZjR1dXbEJsTTJDUkZJZWYyY3FRS28vUnZGb2J1eWp0Tm5FMUcyb3lCcEhROVNIcXhCSzVlVzJMY3ppc00yckF5T2NpdVUxbE9kVnJOVHJNbXMvZ05JOUlvc1FMSlVGK2licXdwY2ZDUmZaeU1iQTh0Z2ZrNUNlclF1emgvV3NHS0RpbGNuTjVTdGlWdTBvcTAvSklnekgvaEo3UDkvREJpUktOWWh6ckNneG0x&res=14.2071&rmtc=t&shu=8e493c0d2eba91de03ac0ebc747bca5e2d991aa73aa755894ebc8d670d2f33d8f07c73e844a68653e133acee3d847434c23842204b843fafb6a3218963a977c62eb60eb506c3922f2876762272c8b5ace97094456361fcfc68eaaad70468d8&tz=0&uuid=8f6db3a6-046c-487d-bd5f-5cae11b0b408%3A2%3A1

192.243.59.20

200 OK

2.1 kB

URL GET HTTP/1.1
dividetribute.com/watch.1104583737432.js?dev=e&key=9e77242938ed4c20d4b8f1c9c1246de6&kw=%5B%22video%22%2C%22downloader%22%5D&pst=1715190241&refer=https%3A%2F%2Fdirect.zencloud.lol%2F%3Furl%3DVmRxcDNrNko1RUduN0dUeHhpZWZjR1dXbEJsTTJDUkZJZWYyY3FRS28vUnZGb2J1eWp0Tm5FMUcyb3lCcEhROVNIcXhCSzVlVzJMY3ppc00yckF5T2NpdVUxbE9kVnJOVHJNbXMvZ05JOUlvc1FMSlVGK2licXdwY2ZDUmZaeU1iQTh0Z2ZrNUNlclF1emgvV3NHS0RpbGNuTjVTdGlWdTBvcTAvSklnekgvaEo3UDkvREJpUktOWWh6ckNneG0x&res=14.2071&rmtc=t&shu=8e493c0d2eba91de03ac0ebc747bca5e2d991aa73aa755894ebc8d670d2f33d8f07c73e844a68653e133acee3d847434c23842204b843fafb6a3218963a977c62eb60eb506c3922f2876762272c8b5ace97094456361fcfc68eaaad70468d8&tz=0&uuid=8f6db3a6-046c-487d-bd5f-5cae11b0b408%3A2%3A1
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://direct.zencloud.lol/?url=VmRxcDNrNko1RUduN0dUeHhpZWZjR1dXbEJsTTJDUkZJZWYyY3FRS28vUnZGb2J1eWp0Tm5FMUcyb3lCcEhROVNIcXhCSzVlVzJMY3ppc00yckF5T2NpdVUxbE9kVnJOVHJNbXMvZ05JOUlvc1FMSlVGK2licXdwY2ZDUmZaeU1iQTh0Z2ZrNUNlclF1emgvV3NHS0RpbGNuTjVTdGlWdTBvcTAvSklnekgvaEo3UDkvREJpUktOWWh6ckNneG0x
Certificate
IssuerLet's Encrypt
Subjectdividetribute.com
Fingerprint30:E5:4B:5E:DA:82:06:08:07:00:D4:B5:15:81:46:C4:46:04:EB:00
ValidityMon, 06 May 2024 08:01:59 GMT - Sun, 04 Aug 2024 08:01:58 GMT

File type
JavaScript source, ASCII text, with very long lines (2629)
Size
2.1 kB (2092 bytes)
Hash
f0fbeef67b4962eac07a61783ee1d650
7855d31965f4c04fd82b159d7af2927c02a2886e
094e03719d60aa65e71bae8612d5fceca7559efef0d4e764e846ed9a173730db

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1104583737432.js?dev=e&key=9e77242938ed4c20d4b8f1c9c1246de6&kw=%5B%22video%22%2C%22downloader%22%5D&pst=1715190241&refer=https%3A%2F%2Fdirect.zencloud.lol%2F%3Furl%3DVmRxcDNrNko1RUduN0dUeHhpZWZjR1dXbEJsTTJDUkZJZWYyY3FRS28vUnZGb2J1eWp0Tm5FMUcyb3lCcEhROVNIcXhCSzVlVzJMY3ppc00yckF5T2NpdVUxbE9kVnJOVHJNbXMvZ05JOUlvc1FMSlVGK2licXdwY2ZDUmZaeU1iQTh0Z2ZrNUNlclF1emgvV3NHS0RpbGNuTjVTdGlWdTBvcTAvSklnekgvaEo3UDkvREJpUktOWWh6ckNneG0x&res=14.2071&rmtc=t&shu=8e493c0d2eba91de03ac0ebc747bca5e2d991aa73aa755894ebc8d670d2f33d8f07c73e844a68653e133acee3d847434c23842204b843fafb6a3218963a977c62eb60eb506c3922f2876762272c8b5ace97094456361fcfc68eaaad70468d8&tz=0&uuid=8f6db3a6-046c-487d-bd5f-5cae11b0b408%3A2%3A1 HTTP/1.1
Host: dividetribute.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://direct.zencloud.lol
Referer: https://direct.zencloud.lol/
DNT: 1
Connection: keep-alive
Cookie: u_pl=22980864; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjk4MDg2NCwiayI6IjllNzcyNDI5MzhlZDRjMjBkNGI4ZjFjOWMxMjQ2ZGU2Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxMzgxMTE3LCJwaWQiOjE1NjczMiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxLCJhaWQiOjUsInB0Ijo0LCJwayI6InNicGpoNHU1MCIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo3OTk1NDE5NiwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMTY2NzAsImJuIjoiRmlyZWZveCIsImJ2IjoiOTYuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2RpcmVjdC56ZW5jbG91ZC5sb2wvP3VybD1WbVJ4Y0ROck5rbzFSVWR1TjBkVWVIaHBaV1pqUjFkWGJFSnNUVEpEVWtaSlpXWXlZM0ZSUzI4dlVuWkdiMkoxZVdwMFRtNUZNVWN5YjNsQ2NFaFJPVk5JY1hoQ1N6VmxWekpNWTNwcGMwMHlja0Y1VDJOcGRWVXhiRTlrVm5KT1ZISk5iWE12WjA1Sk9VbHZjMUZNU2xWR0sybGljWGR3WTJaRFVtWmFlVTFpUVRoMFoyWnJOVU5sY2xGMWVtZ3ZWM05IUzBScGJHTnVUalZUZEdsV2RUQnZjVEF2U2tsbmVrZ3ZhRW8zVURrdlJFSnBVa3RPV1doNmNrTm5lRzB4IiwiYXIiOltdfX0.Yc0ABrBO4ZFT17n4i-6s_Ms9Wg82a9LjIZEu36L8nMQ
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 May 2024 17:43:01 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://direct.zencloud.lol
Access-Control-Allow-Origin: https://direct.zencloud.lol
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=8f6db3a6-046c-487d-bd5f-5cae11b0b408:2:1; expires=Wed, 15 May 2024 17:43:01 GMT; secure; SameSite=None
iprc40a5f3ee718616403f3ed284b51613ad=3569806; expires=Wed, 08 May 2024 21:43:01 GMT; secure; SameSite=None
pdhtkv=true; expires=Thu, 09 May 2024 17:43:01 GMT; secure; SameSite=None
uncs=1; expires=Thu, 09 May 2024 17:43:01 GMT; secure; SameSite=None
pdhtkv5=true; expires=Thu, 09 May 2024 17:43:01 GMT; secure; SameSite=None
uncs5=1; expires=Thu, 09 May 2024 17:43:01 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4cf7b34099e6622e336b03077052642e
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

capaciousdrewreligion.com/advertisers.js

172.240.127.234

200 OK

0 B

URL GET HTTP/1.1
capaciousdrewreligion.com/advertisers.js
IP
172.240.127.234:443
ASN
#7979 SERVERS-COM

Requested by
https://direct.zencloud.lol/?url=VmRxcDNrNko1RUduN0dUeHhpZWZjR1dXbEJsTTJDUkZJZWYyY3FRS28vUnZGb2J1eWp0Tm5FMUcyb3lCcEhROVNIcXhCSzVlVzJMY3ppc00yckF5T2NpdVUxbE9kVnJOVHJNbXMvZ05JOUlvc1FMSlVGK2licXdwY2ZDUmZaeU1iQTh0Z2ZrNUNlclF1emgvV3NHS0RpbGNuTjVTdGlWdTBvcTAvSklnekgvaEo3UDkvREJpUktOWWh6ckNneG0x
Certificate
IssuerLet's Encrypt
Subjectcapaciousdrewreligion.com
FingerprintBB:9C:12:88:24:43:D4:47:71:3F:F0:A4:BB:E1:85:65:CE:E7:92:E4
ValidityMon, 06 May 2024 02:35:23 GMT - Sun, 04 Aug 2024 02:35:22 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /advertisers.js HTTP/1.1
Host: capaciousdrewreligion.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 08 May 2024 17:43:01 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 55171391976d5e4e39dfc8b6afa03c42
Strict-Transport-Security: max-age=0; includeSubdomains

cdn.cloudimagesb.com/cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png

45.133.44.10

200 OK

144 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png
IP
45.133.44.10:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://direct.zencloud.lol/?url=VmRxcDNrNko1RUduN0dUeHhpZWZjR1dXbEJsTTJDUkZJZWYyY3FRS28vUnZGb2J1eWp0Tm5FMUcyb3lCcEhROVNIcXhCSzVlVzJMY3ppc00yckF5T2NpdVUxbE9kVnJOVHJNbXMvZ05JOUlvc1FMSlVGK2licXdwY2ZDUmZaeU1iQTh0Z2ZrNUNlclF1emgvV3NHS0RpbGNuTjVTdGlWdTBvcTAvSklnekgvaEo3UDkvREJpUktOWWh6ckNneG0x
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced
Size
144 kB (144379 bytes)
Hash
33c304429dc1a4408a96e6a74ffa2feb
c45fa8e65528d1bb2b46bf8a28af9eeaa1903d04
dbed482e5948ead5587d30a22306a5b611305f704de940bd22c76daf90e0a314

HTTP Headers

GET /cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 17:43:01 GMT
content-type: image/png
content-length: 144379
server: nginx/1.21.6
last-modified: Wed, 27 Jul 2022 11:07:21 GMT
etag: "62e11c69-233fb"
expires: Fri, 10 May 2024 17:43:01 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgFPs1xOUjnQnlN8mNQhZt_Z8jJGPujHXUyZNhvERiNRcbd9079Z6VMIumnT5Mx-Ou1YKYx37Nb9WQxAChvhtcNxWTRdJD2xSNzKniXfjurs_vPyto585enp4zwSrblKIk6o8cR0DH7CxF-1uBWV-0TL_A_n-n-yuFkjpI0y-QBhQCzQIJ_gf4auly4MQ/s0/photo_2024-01-07_20-36-03.jpg

142.250.74.97

200 OK

30 kB

URL GET HTTP/2
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgFPs1xOUjnQnlN8mNQhZt_Z8jJGPujHXUyZNhvERiNRcbd9079Z6VMIumnT5Mx-Ou1YKYx37Nb9WQxAChvhtcNxWTRdJD2xSNzKniXfjurs_vPyto585enp4zwSrblKIk6o8cR0DH7CxF-1uBWV-0TL_A_n-n-yuFkjpI0y-QBhQCzQIJ_gf4auly4MQ/s0/photo_2024-01-07_20-36-03.jpg
IP
142.250.74.97:443
ASN
#15169 GOOGLE

Requested by
https://direct.zencloud.lol/?url=VmRxcDNrNko1RUduN0dUeHhpZWZjR1dXbEJsTTJDUkZJZWYyY3FRS28vUnZGb2J1eWp0Tm5FMUcyb3lCcEhROVNIcXhCSzVlVzJMY3ppc00yckF5T2NpdVUxbE9kVnJOVHJNbXMvZ05JOUlvc1FMSlVGK2licXdwY2ZDUmZaeU1iQTh0Z2ZrNUNlclF1emgvV3NHS0RpbGNuTjVTdGlWdTBvcTAvSklnekgvaEo3UDkvREJpUktOWWh6ckNneG0x
Certificate
IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint7B:64:D0:4F:29:87:0A:A8:90:15:F1:9F:B6:8F:FB:D6:AC:D2:76:56
ValidityTue, 16 Apr 2024 04:13:47 GMT - Tue, 09 Jul 2024 04:13:46 GMT

File type
JPEG image data, JFIF standard 1.02, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=4, orientation=upper-left, software=Google], progressive, precision 8, 1230x341, components 3
Size
30 kB (29812 bytes)
Hash
0d27ed7ac40c261dfd376a1f7b08f15d
19f80adb4411466812b1b557a73ce56bec1d46ae
03ff475ebb83e9d1257919fec1ae6119d414fe655b4d143ecba2ce112ae912eb

HTTP Headers

GET /img/b/R29vZ2xl/AVvXsEgFPs1xOUjnQnlN8mNQhZt_Z8jJGPujHXUyZNhvERiNRcbd9079Z6VMIumnT5Mx-Ou1YKYx37Nb9WQxAChvhtcNxWTRdJD2xSNzKniXfjurs_vPyto585enp4zwSrblKIk6o8cR0DH7CxF-1uBWV-0TL_A_n-n-yuFkjpI0y-QBhQCzQIJ_gf4auly4MQ/s0/photo_2024-01-07_20-36-03.jpg HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://direct.zencloud.lol/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/jpeg
vary: Origin
access-control-expose-headers: Content-Length
etag: "v1978"
expires: Thu, 09 May 2024 17:43:01 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="photo_2024-01-07_20-36-03.jpg"
x-content-type-options: nosniff
date: Wed, 08 May 2024 17:43:01 GMT
server: fife
content-length: 29812
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

unseenreport.com/pxf.gif?uuid=1bb54161-34d4-452a-bd2d-ede080eb6894&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=d6c69caa54fd5fdaf8def7abe2268296&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=17

192.243.61.227

200 OK

1 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=1bb54161-34d4-452a-bd2d-ede080eb6894&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=d6c69caa54fd5fdaf8def7abe2268296&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=17
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://direct.zencloud.lol/?url=VmRxcDNrNko1RUduN0dUeHhpZWZjR1dXbEJsTTJDUkZJZWYyY3FRS28vUnZGb2J1eWp0Tm5FMUcyb3lCcEhROVNIcXhCSzVlVzJMY3ppc00yckF5T2NpdVUxbE9kVnJOVHJNbXMvZ05JOUlvc1FMSlVGK2licXdwY2ZDUmZaeU1iQTh0Z2ZrNUNlclF1emgvV3NHS0RpbGNuTjVTdGlWdTBvcTAvSklnekgvaEo3UDkvREJpUktOWWh6ckNneG0x
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint71:46:15:FD:76:6A:F5:5B:51:06:CC:93:DD:D8:63:E3:8B:10:BF:13
ValidityFri, 22 Mar 2024 07:32:41 GMT - Thu, 20 Jun 2024 07:32:40 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=1bb54161-34d4-452a-bd2d-ede080eb6894&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=d6c69caa54fd5fdaf8def7abe2268296&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=17 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 08 May 2024 17:43:02 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c6428b0520099c57b9770b100d30baca
Strict-Transport-Security: max-age=0; includeSubdomains

direct.zencloud.lol/favicon.ico

104.21.1.52

404 Not Found

9.9 kB

URL GET HTTP/3
direct.zencloud.lol/favicon.ico
IP
104.21.1.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://direct.zencloud.lol/?url=VmRxcDNrNko1RUduN0dUeHhpZWZjR1dXbEJsTTJDUkZJZWYyY3FRS28vUnZGb2J1eWp0Tm5FMUcyb3lCcEhROVNIcXhCSzVlVzJMY3ppc00yckF5T2NpdVUxbE9kVnJOVHJNbXMvZ05JOUlvc1FMSlVGK2licXdwY2ZDUmZaeU1iQTh0Z2ZrNUNlclF1emgvV3NHS0RpbGNuTjVTdGlWdTBvcTAvSklnekgvaEo3UDkvREJpUktOWWh6ckNneG0x
Certificate
IssuerLet's Encrypt
Subjectzencloud.lol
FingerprintAF:41:F3:75:A7:7F:B2:21:D8:43:DF:36:AB:67:E2:8D:70:71:B0:55
ValidityWed, 10 Apr 2024 03:44:54 GMT - Tue, 09 Jul 2024 03:44:53 GMT

File type
HTML document, ASCII text, with CRLF, LF line terminators
Size
9.9 kB (9923 bytes)
Hash
2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: direct.zencloud.lol
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/?url=VmRxcDNrNko1RUduN0dUeHhpZWZjR1dXbEJsTTJDUkZJZWYyY3FRS28vUnZGb2J1eWp0Tm5FMUcyb3lCcEhROVNIcXhCSzVlVzJMY3ppc00yckF5T2NpdVUxbE9kVnJOVHJNbXMvZ05JOUlvc1FMSlVGK2licXdwY2ZDUmZaeU1iQTh0Z2ZrNUNlclF1emgvV3NHS0RpbGNuTjVTdGlWdTBvcTAvSklnekgvaEo3UDkvREJpUktOWWh6ckNneG0x
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=1bb54161-34d4-452a-bd2d-ede080eb6894%3A1%3A1; pp_main_d6c69caa54fd5fdaf8def7abe2268296=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 404 Not Found
date: Wed, 08 May 2024 17:43:01 GMT
content-type: text/html
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zhf13%2FAeLKZBa23ItkN9zAQ2fmMmw708rSmP7FOEN596qXU%2Bk6ASK4kII%2Fk0kok1sHrCWqQxBoWSMTDxn20YnJ%2BCQLxZ1r9icVhpJAv8IofpHl9n%2BFqVMV6F888rYyPWmwoXCVc3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b3fe95f20569d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

downstairsnegotiatebarren.com/sfp.js

172.67.180.87

200 OK

86 kB

URL GET HTTP/2
downstairsnegotiatebarren.com/sfp.js
IP
172.67.180.87:443
ASN
#13335 CLOUDFLARENET

Requested by
https://direct.zencloud.lol/?url=VmRxcDNrNko1RUduN0dUeHhpZWZjR1dXbEJsTTJDUkZJZWYyY3FRS28vUnZGb2J1eWp0Tm5FMUcyb3lCcEhROVNIcXhCSzVlVzJMY3ppc00yckF5T2NpdVUxbE9kVnJOVHJNbXMvZ05JOUlvc1FMSlVGK2licXdwY2ZDUmZaeU1iQTh0Z2ZrNUNlclF1emgvV3NHS0RpbGNuTjVTdGlWdTBvcTAvSklnekgvaEo3UDkvREJpUktOWWh6ckNneG0x
Certificate
IssuerLet's Encrypt
Subjectdownstairsnegotiatebarren.com
Fingerprint5D:DB:CB:C6:CE:2A:8B:34:7D:BC:43:74:33:1D:5F:77:48:F7:BC:1B
ValidityThu, 02 May 2024 21:26:34 GMT - Wed, 31 Jul 2024 21:26:33 GMT

File type

Size
86 kB (85611 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sfp.js HTTP/1.1
Host: downstairsnegotiatebarren.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 17:43:00 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 27c05c29e23d3ede78f802906cc9505d
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Wed, 08 May 2024 17:43:00 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FZ6m7k3ngy8%2B%2FridY5zyXP1RMtdSSlsVUEwLgUELbbrbaPDlHKoEihJ5qObgRJ48tk8T7K45s8tRYfykBd8IxszXGgGNCAfhDFrrzMFoN6K%2Bw%2F1q8egPtTlEi5EjFDl4OhTkSfFrvWAzUD%2FngmJa7A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b3fe488360b06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

i0.wp.com/blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgFPs1xOUjnQnlN8mNQhZt_Z8jJGPujHXUyZNhvERiNRcbd9079Z6VMIumnT5Mx-Ou1YKYx37Nb9WQxAChvhtcNxWTRdJD2xSNzKniXfjurs_vPyto585enp4zwSrblKIk6o8cR0DH7CxF-1uBWV-0TL_A_n-n-yuFkjpI0y-QBhQCzQIJ_gf4auly4MQ/s0/photo_2024-01-07_20-36-03.jpg

192.0.77.2

302 Found

30 kB

URL GET HTTP/2
i0.wp.com/blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgFPs1xOUjnQnlN8mNQhZt_Z8jJGPujHXUyZNhvERiNRcbd9079Z6VMIumnT5Mx-Ou1YKYx37Nb9WQxAChvhtcNxWTRdJD2xSNzKniXfjurs_vPyto585enp4zwSrblKIk6o8cR0DH7CxF-1uBWV-0TL_A_n-n-yuFkjpI0y-QBhQCzQIJ_gf4auly4MQ/s0/photo_2024-01-07_20-36-03.jpg
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://direct.zencloud.lol/?url=VmRxcDNrNko1RUduN0dUeHhpZWZjR1dXbEJsTTJDUkZJZWYyY3FRS28vUnZGb2J1eWp0Tm5FMUcyb3lCcEhROVNIcXhCSzVlVzJMY3ppc00yckF5T2NpdVUxbE9kVnJOVHJNbXMvZ05JOUlvc1FMSlVGK2licXdwY2ZDUmZaeU1iQTh0Z2ZrNUNlclF1emgvV3NHS0RpbGNuTjVTdGlWdTBvcTAvSklnekgvaEo3UDkvREJpUktOWWh6ckNneG0x
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint5D:DB:6E:AA:9E:A8:4A:C3:10:A5:DA:89:DC:1C:BB:D1:87:5F:E1:D2
ValidityTue, 28 Nov 2023 00:00:00 GMT - Sat, 28 Dec 2024 23:59:59 GMT

File type

Size
30 kB (29812 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgFPs1xOUjnQnlN8mNQhZt_Z8jJGPujHXUyZNhvERiNRcbd9079Z6VMIumnT5Mx-Ou1YKYx37Nb9WQxAChvhtcNxWTRdJD2xSNzKniXfjurs_vPyto585enp4zwSrblKIk6o8cR0DH7CxF-1uBWV-0TL_A_n-n-yuFkjpI0y-QBhQCzQIJ_gf4auly4MQ/s0/photo_2024-01-07_20-36-03.jpg HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx
date: Wed, 08 May 2024 17:43:00 GMT
content-type: text/html
content-length: 138
location: https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgFPs1xOUjnQnlN8mNQhZt_Z8jJGPujHXUyZNhvERiNRcbd9079Z6VMIumnT5Mx-Ou1YKYx37Nb9WQxAChvhtcNxWTRdJD2xSNzKniXfjurs_vPyto585enp4zwSrblKIk6o8cR0DH7CxF-1uBWV-0TL_A_n-n-yuFkjpI0y-QBhQCzQIJ_gf4auly4MQ/s0/photo_2024-01-07_20-36-03.jpg
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (13)

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by