| cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css | 151.101.1.229 | 200 OK | 26 kB |
URL GET HTTP/2cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css IP151.101.1.229:443
Requested byhttps://direct.zencloud.lol/?url=VytneGNRMlNKNkN1Y2Mrd2xOcHNFYktRUlBhWVhaYkxCQ05nRXBXNTFSeEZNd3V0VG5veldoZDlRTzI3KzgwZnUvTmdmMnZxazh4RzZ2U21RVmRNNytiUVIyTTMrRmg0ckpZYkx3VER1QlkyU0dZOGZjYVVNemo1NDZqRGJrWGxXYUJCYWcwcmU5OWtLckRKbFBBY3dhRUw2bHZzd2hDVkdoWXFBdytSRFdNcXB5U1kyRUFYSG5oQmcxdU1YblJ2 CertificateIssuerGlobalSign nv-sa Subjectjsdelivr.net Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09 ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT
File typeUnicode text, UTF-8 text, with very long lines (65306) Hash94994c66fec8c3468b269dc0cc242151 ec16bd19bf4ae9bc2e2336ac409a503bbbdaacad 62f74b1cf824a89f03554c638e719594c309b4d8a627a758928c0516fa7890ab
GET /npm/bootstrap@5.1.3/dist/css/bootstrap.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://direct.zencloud.lol
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 5.1.3
x-jsd-version-type: version
etag: W/"28021-7Ba9Gb9K6bwuIzasQJpQO7varK0"
content-encoding: br
accept-ranges: bytes
date: Wed, 08 May 2024 19:41:20 GMT
age: 1957023
x-served-by: cache-fra-etou8220101-FRA, cache-hel1410023-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 26333
X-Firefox-Spdy: h2
|
|
| cdn.jsdelivr.net/npm/@popperjs/core@2.10.2/dist/umd/popper.min.js | 151.101.1.229 | 200 OK | 7.0 kB |
URL GET HTTP/3cdn.jsdelivr.net/npm/@popperjs/core@2.10.2/dist/umd/popper.min.js IP151.101.1.229:443
Requested byhttps://direct.zencloud.lol/?url=VytneGNRMlNKNkN1Y2Mrd2xOcHNFYktRUlBhWVhaYkxCQ05nRXBXNTFSeEZNd3V0VG5veldoZDlRTzI3KzgwZnUvTmdmMnZxazh4RzZ2U21RVmRNNytiUVIyTTMrRmg0ckpZYkx3VER1QlkyU0dZOGZjYVVNemo1NDZqRGJrWGxXYUJCYWcwcmU5OWtLckRKbFBBY3dhRUw2bHZzd2hDVkdoWXFBdytSRFdNcXB5U1kyRUFYSG5oQmcxdU1YblJ2 CertificateIssuerGlobalSign nv-sa Subjectjsdelivr.net Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09 ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT
File typeJavaScript source, ASCII text, with very long lines (18706) Hash541aecc95a7faeef0fc27558070f3647 0ec7ca4778ba3ccb4d1b1688094720834fbe9ed3 f395875eb5d58c5128c434812cd0a53d438b11536f7fd1577077d8a5c612e1fd
GET /npm/@popperjs/core@2.10.2/dist/umd/popper.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://direct.zencloud.lol
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 2.10.2
x-jsd-version-type: version
etag: W/"496b-DsfKR3i6PMtNGxaICUcgg0++ntM"
content-encoding: br
accept-ranges: bytes
date: Wed, 08 May 2024 19:41:20 GMT
age: 9206176
x-served-by: cache-fra-etou8220021-FRA, cache-hel1410023-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 6952
X-Firefox-Spdy: h2
|
|
| cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js | 151.101.1.229 | 200 OK | 24 kB |
URL GET HTTP/2cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js IP151.101.1.229:443
Requested byhttps://direct.zencloud.lol/?url=VytneGNRMlNKNkN1Y2Mrd2xOcHNFYktRUlBhWVhaYkxCQ05nRXBXNTFSeEZNd3V0VG5veldoZDlRTzI3KzgwZnUvTmdmMnZxazh4RzZ2U21RVmRNNytiUVIyTTMrRmg0ckpZYkx3VER1QlkyU0dZOGZjYVVNemo1NDZqRGJrWGxXYUJCYWcwcmU5OWtLckRKbFBBY3dhRUw2bHZzd2hDVkdoWXFBdytSRFdNcXB5U1kyRUFYSG5oQmcxdU1YblJ2 CertificateIssuerGlobalSign nv-sa Subjectjsdelivr.net Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09 ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT
File typeJavaScript source, ASCII text, with very long lines (65299) Hash7ccd9d390d31af98110f74f842ea9b32 a85e681624c91a106a514c31eacf80de817b2cc3 f5210fa3e7f0245a4c51eb7f280092c0ef99fdd28c45e17dab8cc5854fdf4fd3
GET /npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://direct.zencloud.lol
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 5.1.3
x-jsd-version-type: version
etag: W/"13131-qF5oFiTJGhBqUUwx6s+A3oF7LMM"
content-encoding: br
accept-ranges: bytes
date: Wed, 08 May 2024 19:41:20 GMT
age: 30736622
x-served-by: cache-fra-eddf8230075-FRA, cache-hel1410023-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 24376
X-Firefox-Spdy: h2
|
|
| cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.min.js | 151.101.1.229 | 200 OK | 18 kB |
URL GET HTTP/3cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.min.js IP151.101.1.229:443
Requested byhttps://direct.zencloud.lol/?url=VytneGNRMlNKNkN1Y2Mrd2xOcHNFYktRUlBhWVhaYkxCQ05nRXBXNTFSeEZNd3V0VG5veldoZDlRTzI3KzgwZnUvTmdmMnZxazh4RzZ2U21RVmRNNytiUVIyTTMrRmg0ckpZYkx3VER1QlkyU0dZOGZjYVVNemo1NDZqRGJrWGxXYUJCYWcwcmU5OWtLckRKbFBBY3dhRUw2bHZzd2hDVkdoWXFBdytSRFdNcXB5U1kyRUFYSG5oQmcxdU1YblJ2 CertificateIssuerGlobalSign nv-sa Subjectjsdelivr.net Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09 ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT
File typeJavaScript source, ASCII text, with very long lines (58940) Hash259e416ef6833be43801b8b68a93b008 19080c3b817985336aab5e1ce6925c99803f2efd 70c3d690bdc5ce3b9a1527c46044989a3176e610882fa99f4523e75bc395bcce
GET /npm/bootstrap@5.1.3/dist/js/bootstrap.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://direct.zencloud.lol
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 5.1.3
x-jsd-version-type: version
etag: W/"e753-GQgMO4F5hTNqq14c5pJcmYA/Lv0"
content-encoding: br
accept-ranges: bytes
date: Wed, 08 May 2024 19:41:20 GMT
age: 9206175
x-served-by: cache-fra-etou8220048-FRA, cache-hel1410023-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 17624
X-Firefox-Spdy: h2
|
|
| direct.zencloud.lol/?url=VytneGNRMlNKNkN1Y2Mrd2xOcHNFYktRUlBhWVhaYkxCQ05nRXBXNTFSeEZNd3V0VG5veldoZDlRTzI3KzgwZnUvTmdmMnZxazh4RzZ2U21RVmRNNytiUVIyTTMrRmg0ckpZYkx3VER1QlkyU0dZOGZjYVVNemo1NDZqRGJrWGxXYUJCYWcwcmU5OWtLckRKbFBBY3dhRUw2bHZzd2hDVkdoWXFBdytSRFdNcXB5U1kyRUFYSG5oQmcxdU1YblJ2 | 172.67.128.140 | 200 OK | 14 kB |
URL User Request GET HTTP/2direct.zencloud.lol/?url=VytneGNRMlNKNkN1Y2Mrd2xOcHNFYktRUlBhWVhaYkxCQ05nRXBXNTFSeEZNd3V0VG5veldoZDlRTzI3KzgwZnUvTmdmMnZxazh4RzZ2U21RVmRNNytiUVIyTTMrRmg0ckpZYkx3VER1QlkyU0dZOGZjYVVNemo1NDZqRGJrWGxXYUJCYWcwcmU5OWtLckRKbFBBY3dhRUw2bHZzd2hDVkdoWXFBdytSRFdNcXB5U1kyRUFYSG5oQmcxdU1YblJ2 IP172.67.128.140:443
CertificateIssuerLet's Encrypt Subjectzencloud.lol FingerprintAF:41:F3:75:A7:7F:B2:21:D8:43:DF:36:AB:67:E2:8D:70:71:B0:55 ValidityWed, 10 Apr 2024 03:44:54 GMT - Tue, 09 Jul 2024 03:44:53 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (486), with CRLF line terminators Hash132e54a564e04b2c6aff61a8fbd14aa8 5d73d7ac8fc766e7e0bb3efed69e216427ec5d21 783b773ecf48e71421232e00afc15a2c2b96b3d93ad3dc7f533a0900cca2daa7
GET /?url=VytneGNRMlNKNkN1Y2Mrd2xOcHNFYktRUlBhWVhaYkxCQ05nRXBXNTFSeEZNd3V0VG5veldoZDlRTzI3KzgwZnUvTmdmMnZxazh4RzZ2U21RVmRNNytiUVIyTTMrRmg0ckpZYkx3VER1QlkyU0dZOGZjYVVNemo1NDZqRGJrWGxXYUJCYWcwcmU5OWtLckRKbFBBY3dhRUw2bHZzd2hDVkdoWXFBdytSRFdNcXB5U1kyRUFYSG5oQmcxdU1YblJ2 HTTP/1.1
Host: direct.zencloud.lol
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 19:41:20 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WnMcTaqh7aQBZMThGGg5kAHUjoj8WM4tKnRPVzF6BCer5R1fIuGgj%2BchUgcQtmjbF%2BibeveGE89KXxQQUO%2BqAWdAMrLAqXZpMnmvYaNa5nc6YH97Yd7U6Se6eHT7RM5PIiysEZw3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880bed377830b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| i0.wp.com/blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgFPs1xOUjnQnlN8mNQhZt_Z8jJGPujHXUyZNhvERiNRcbd9079Z6VMIumnT5Mx-Ou1YKYx37Nb9WQxAChvhtcNxWTRdJD2xSNzKniXfjurs_vPyto585enp4zwSrblKIk6o8cR0DH7CxF-1uBWV-0TL_A_n-n-yuFkjpI0y-QBhQCzQIJ_gf4auly4MQ/s0/photo_2024-01-07_20-36-03.jpg | 192.0.77.2 | 302 Found | 138 B |
URL GET HTTP/2i0.wp.com/blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgFPs1xOUjnQnlN8mNQhZt_Z8jJGPujHXUyZNhvERiNRcbd9079Z6VMIumnT5Mx-Ou1YKYx37Nb9WQxAChvhtcNxWTRdJD2xSNzKniXfjurs_vPyto585enp4zwSrblKIk6o8cR0DH7CxF-1uBWV-0TL_A_n-n-yuFkjpI0y-QBhQCzQIJ_gf4auly4MQ/s0/photo_2024-01-07_20-36-03.jpg IP192.0.77.2:443
Requested byhttps://direct.zencloud.lol/?url=VytneGNRMlNKNkN1Y2Mrd2xOcHNFYktRUlBhWVhaYkxCQ05nRXBXNTFSeEZNd3V0VG5veldoZDlRTzI3KzgwZnUvTmdmMnZxazh4RzZ2U21RVmRNNytiUVIyTTMrRmg0ckpZYkx3VER1QlkyU0dZOGZjYVVNemo1NDZqRGJrWGxXYUJCYWcwcmU5OWtLckRKbFBBY3dhRUw2bHZzd2hDVkdoWXFBdytSRFdNcXB5U1kyRUFYSG5oQmcxdU1YblJ2 CertificateIssuerSectigo Limited Subject*.wp.com Fingerprint5D:DB:6E:AA:9E:A8:4A:C3:10:A5:DA:89:DC:1C:BB:D1:87:5F:E1:D2 ValidityTue, 28 Nov 2023 00:00:00 GMT - Sat, 28 Dec 2024 23:59:59 GMT
File typeHTML document, ASCII text, with CRLF line terminators Hashaff950cab4c0265e21d401db15f1026d f03e18461817f7a6546c8bf8fa8d686d7e30aca0 753e0dd54f28c4f7009b9c0b18a68aed175416bd8b7d134858264586eaac56f0
GET /blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgFPs1xOUjnQnlN8mNQhZt_Z8jJGPujHXUyZNhvERiNRcbd9079Z6VMIumnT5Mx-Ou1YKYx37Nb9WQxAChvhtcNxWTRdJD2xSNzKniXfjurs_vPyto585enp4zwSrblKIk6o8cR0DH7CxF-1uBWV-0TL_A_n-n-yuFkjpI0y-QBhQCzQIJ_gf4auly4MQ/s0/photo_2024-01-07_20-36-03.jpg HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx
date: Wed, 08 May 2024 19:41:20 GMT
content-type: text/html
content-length: 138
location: https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgFPs1xOUjnQnlN8mNQhZt_Z8jJGPujHXUyZNhvERiNRcbd9079Z6VMIumnT5Mx-Ou1YKYx37Nb9WQxAChvhtcNxWTRdJD2xSNzKniXfjurs_vPyto585enp4zwSrblKIk6o8cR0DH7CxF-1uBWV-0TL_A_n-n-yuFkjpI0y-QBhQCzQIJ_gf4auly4MQ/s0/photo_2024-01-07_20-36-03.jpg
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| ghastlyejection.com/d6/c6/9c/d6c69caa54fd5fdaf8def7abe2268296.js | 172.240.108.68 | 200 OK | 28 kB |
URL GET HTTP/1.1ghastlyejection.com/d6/c6/9c/d6c69caa54fd5fdaf8def7abe2268296.js IP172.240.108.68:443
Requested byhttps://direct.zencloud.lol/?url=VytneGNRMlNKNkN1Y2Mrd2xOcHNFYktRUlBhWVhaYkxCQ05nRXBXNTFSeEZNd3V0VG5veldoZDlRTzI3KzgwZnUvTmdmMnZxazh4RzZ2U21RVmRNNytiUVIyTTMrRmg0ckpZYkx3VER1QlkyU0dZOGZjYVVNemo1NDZqRGJrWGxXYUJCYWcwcmU5OWtLckRKbFBBY3dhRUw2bHZzd2hDVkdoWXFBdytSRFdNcXB5U1kyRUFYSG5oQmcxdU1YblJ2 CertificateIssuerLet's Encrypt Subjectghastlyejection.com Fingerprint65:2F:32:E2:B0:77:79:80:01:58:74:67:79:B5:76:80:C1:78:5C:09 ValidityTue, 19 Mar 2024 07:22:21 GMT - Mon, 17 Jun 2024 07:22:20 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hashaa739966529988db1efbeae728a64321 42e50032ac184c5fe86a4748a27d16e31f7a19df bfad1b821cdb22c640c7e0dc8a818776f27501f4dea140d9b3e9b376de9b5cb4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /d6/c6/9c/d6c69caa54fd5fdaf8def7abe2268296.js HTTP/1.1
Host: ghastlyejection.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 08 May 2024 19:41:21 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: cf4a19141d80c7afc1313c982502ed67
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| ghastlyejection.com/9e77242938ed4c20d4b8f1c9c1246de6/invoke.js | 172.240.108.68 | 200 OK | 12 kB |
URL GET HTTP/1.1ghastlyejection.com/9e77242938ed4c20d4b8f1c9c1246de6/invoke.js IP172.240.108.68:443
Requested byhttps://direct.zencloud.lol/?url=VytneGNRMlNKNkN1Y2Mrd2xOcHNFYktRUlBhWVhaYkxCQ05nRXBXNTFSeEZNd3V0VG5veldoZDlRTzI3KzgwZnUvTmdmMnZxazh4RzZ2U21RVmRNNytiUVIyTTMrRmg0ckpZYkx3VER1QlkyU0dZOGZjYVVNemo1NDZqRGJrWGxXYUJCYWcwcmU5OWtLckRKbFBBY3dhRUw2bHZzd2hDVkdoWXFBdytSRFdNcXB5U1kyRUFYSG5oQmcxdU1YblJ2 CertificateIssuerLet's Encrypt Subjectghastlyejection.com Fingerprint65:2F:32:E2:B0:77:79:80:01:58:74:67:79:B5:76:80:C1:78:5C:09 ValidityTue, 19 Mar 2024 07:22:21 GMT - Mon, 17 Jun 2024 07:22:20 GMT
File typeJavaScript source, ASCII text, with very long lines (31294), with no line terminators Hash357fa05cc05904a982a012d9106f5ef2 79f931940e4df32fd33c0a37bdecaa38e1cb4820 39fb9f0e5bef70501fb262155147c42f7ef8c9a20637b824a5802f0ea4e956b0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /9e77242938ed4c20d4b8f1c9c1246de6/invoke.js HTTP/1.1
Host: ghastlyejection.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 08 May 2024 19:41:21 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 727eeab8ba6f4c03db8e83140527fd8b
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js | 151.101.1.229 | 200 OK | 24 kB |
URL GET HTTP/2cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js IP151.101.1.229:443
Requested byhttps://direct.zencloud.lol/?url=VytneGNRMlNKNkN1Y2Mrd2xOcHNFYktRUlBhWVhaYkxCQ05nRXBXNTFSeEZNd3V0VG5veldoZDlRTzI3KzgwZnUvTmdmMnZxazh4RzZ2U21RVmRNNytiUVIyTTMrRmg0ckpZYkx3VER1QlkyU0dZOGZjYVVNemo1NDZqRGJrWGxXYUJCYWcwcmU5OWtLckRKbFBBY3dhRUw2bHZzd2hDVkdoWXFBdytSRFdNcXB5U1kyRUFYSG5oQmcxdU1YblJ2 CertificateIssuerGlobalSign nv-sa Subjectjsdelivr.net Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09 ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT
File typeJavaScript source, ASCII text, with very long lines (65299) Hash7ccd9d390d31af98110f74f842ea9b32 a85e681624c91a106a514c31eacf80de817b2cc3 f5210fa3e7f0245a4c51eb7f280092c0ef99fdd28c45e17dab8cc5854fdf4fd3
GET /npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://direct.zencloud.lol
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 5.1.3
x-jsd-version-type: version
etag: W/"13131-qF5oFiTJGhBqUUwx6s+A3oF7LMM"
content-encoding: br
accept-ranges: bytes
date: Wed, 08 May 2024 19:41:21 GMT
age: 30736623
x-served-by: cache-fra-eddf8230075-FRA, cache-hel1410023-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 24376
X-Firefox-Spdy: h2
|
|
| cdn.jsdelivr.net/npm/@popperjs/core@2.10.2/dist/umd/popper.min.js | 151.101.1.229 | 200 OK | 7.0 kB |
URL GET HTTP/3cdn.jsdelivr.net/npm/@popperjs/core@2.10.2/dist/umd/popper.min.js IP151.101.1.229:443
Requested byhttps://direct.zencloud.lol/?url=VytneGNRMlNKNkN1Y2Mrd2xOcHNFYktRUlBhWVhaYkxCQ05nRXBXNTFSeEZNd3V0VG5veldoZDlRTzI3KzgwZnUvTmdmMnZxazh4RzZ2U21RVmRNNytiUVIyTTMrRmg0ckpZYkx3VER1QlkyU0dZOGZjYVVNemo1NDZqRGJrWGxXYUJCYWcwcmU5OWtLckRKbFBBY3dhRUw2bHZzd2hDVkdoWXFBdytSRFdNcXB5U1kyRUFYSG5oQmcxdU1YblJ2 CertificateIssuerGlobalSign nv-sa Subjectjsdelivr.net Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09 ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT
File typeJavaScript source, ASCII text, with very long lines (18706) Hash541aecc95a7faeef0fc27558070f3647 0ec7ca4778ba3ccb4d1b1688094720834fbe9ed3 f395875eb5d58c5128c434812cd0a53d438b11536f7fd1577077d8a5c612e1fd
GET /npm/@popperjs/core@2.10.2/dist/umd/popper.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://direct.zencloud.lol
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-length: 6952
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 2.10.2
x-jsd-version-type: version
etag: W/"496b-DsfKR3i6PMtNGxaICUcgg0++ntM"
content-encoding: br
accept-ranges: bytes
date: Wed, 08 May 2024 19:41:21 GMT
age: 9206177
x-served-by: cache-fra-etou8220021-FRA, cache-hel1410023-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
|
|
| ocsp.r2m03.amazontrust.com/ | 143.204.53.97 | | 471 B |
URL ocsp.r2m03.amazontrust.com/ IP143.204.53.97:0
Hash17d83a6a1ce5ec032b9d0be6c8c68106 9b412e1c9f9694753b73daa262811ec4c420e7d1 935af939ae598190c9c8175f1ac54241ab2614b3c7599a4c92e1be2ecd42ab23
POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Wed, 08 May 2024 19:41:21 GMT
Last-Modified: Wed, 08 May 2024 18:35:29 GMT
Server: ECAcc (ska/F6A0)
X-Cache: Miss from cloudfront
Via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: XGPFQMi32iPM1Upn798F6h3PrfM65m8lmtY2FWZqsLkDmTtyl4CLfw==
Age: 3953
|
|
| ocsp.r2m03.amazontrust.com/ | 143.204.53.97 | | 471 B |
URL ocsp.r2m03.amazontrust.com/ IP143.204.53.97:0
Hash17d83a6a1ce5ec032b9d0be6c8c68106 9b412e1c9f9694753b73daa262811ec4c420e7d1 935af939ae598190c9c8175f1ac54241ab2614b3c7599a4c92e1be2ecd42ab23
POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Wed, 08 May 2024 19:41:21 GMT
Last-Modified: Wed, 08 May 2024 18:35:00 GMT
Server: ECAcc (ska/F775)
X-Cache: Miss from cloudfront
Via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: SuGrirSAekIFJl1ohCOprrDl4SZ6RgbtFeu0LzSowoBAT94LwrpMyQ==
Age: 3981
|
|
| cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.min.js | 151.101.1.229 | 200 OK | 18 kB |
URL GET HTTP/3cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.min.js IP151.101.1.229:443
Requested byhttps://direct.zencloud.lol/?url=VytneGNRMlNKNkN1Y2Mrd2xOcHNFYktRUlBhWVhaYkxCQ05nRXBXNTFSeEZNd3V0VG5veldoZDlRTzI3KzgwZnUvTmdmMnZxazh4RzZ2U21RVmRNNytiUVIyTTMrRmg0ckpZYkx3VER1QlkyU0dZOGZjYVVNemo1NDZqRGJrWGxXYUJCYWcwcmU5OWtLckRKbFBBY3dhRUw2bHZzd2hDVkdoWXFBdytSRFdNcXB5U1kyRUFYSG5oQmcxdU1YblJ2 CertificateIssuerGlobalSign nv-sa Subjectjsdelivr.net Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09 ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT
File typeJavaScript source, ASCII text, with very long lines (58940) Hash259e416ef6833be43801b8b68a93b008 19080c3b817985336aab5e1ce6925c99803f2efd 70c3d690bdc5ce3b9a1527c46044989a3176e610882fa99f4523e75bc395bcce
GET /npm/bootstrap@5.1.3/dist/js/bootstrap.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://direct.zencloud.lol
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-length: 17624
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 5.1.3
x-jsd-version-type: version
etag: W/"e753-GQgMO4F5hTNqq14c5pJcmYA/Lv0"
content-encoding: br
accept-ranges: bytes
date: Wed, 08 May 2024 19:41:21 GMT
age: 9206177
x-served-by: cache-fra-etou8220048-FRA, cache-hel1410023-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
|
|
| proftrafficcounter.com/stats | 3.124.83.201 | 200 OK | 40 B |
URL GET HTTP/2proftrafficcounter.com/stats IP3.124.83.201:443
Requested byhttps://direct.zencloud.lol/?url=VytneGNRMlNKNkN1Y2Mrd2xOcHNFYktRUlBhWVhaYkxCQ05nRXBXNTFSeEZNd3V0VG5veldoZDlRTzI3KzgwZnUvTmdmMnZxazh4RzZ2U21RVmRNNytiUVIyTTMrRmg0ckpZYkx3VER1QlkyU0dZOGZjYVVNemo1NDZqRGJrWGxXYUJCYWcwcmU5OWtLckRKbFBBY3dhRUw2bHZzd2hDVkdoWXFBdytSRFdNcXB5U1kyRUFYSG5oQmcxdU1YblJ2 CertificateIssuerAmazon Subjectproftrafficcounter.com FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6 ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT
File typeASCII text, with no line terminators Hash115f0098382ca8a9675e09f97825e005 9d44dd45e1fa25b1137e075d51f28417f1300635 cfa30070298b5a95ff01597b38628c6f17c92b517b312104f65d93f145718db3
GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://direct.zencloud.lol
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 19:41:21 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://direct.zencloud.lol
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=3f3ba545-4007-440b-887d-65ffc7dc2712:1:1; expires=Sat, 06 May 2034 19:41:21 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
|
|
| proftrafficcounter.com/stats | 3.124.83.201 | 200 OK | 40 B |
URL GET HTTP/2proftrafficcounter.com/stats IP3.124.83.201:443
Requested byhttps://direct.zencloud.lol/?url=VytneGNRMlNKNkN1Y2Mrd2xOcHNFYktRUlBhWVhaYkxCQ05nRXBXNTFSeEZNd3V0VG5veldoZDlRTzI3KzgwZnUvTmdmMnZxazh4RzZ2U21RVmRNNytiUVIyTTMrRmg0ckpZYkx3VER1QlkyU0dZOGZjYVVNemo1NDZqRGJrWGxXYUJCYWcwcmU5OWtLckRKbFBBY3dhRUw2bHZzd2hDVkdoWXFBdytSRFdNcXB5U1kyRUFYSG5oQmcxdU1YblJ2 CertificateIssuerAmazon Subjectproftrafficcounter.com FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6 ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT
File typeASCII text, with no line terminators Hash55c36abed9167f7ab266b2faa3b0f905 9baf4e195716d7caa16033c9a1739577cc6e7a0b 9bc65f10f0d03bf0813016b3d9e352affc8758f6becb7fbe1ced8ee8775a7a13
GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://direct.zencloud.lol
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 19:41:21 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://direct.zencloud.lol
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=ecc8a067-62e0-48c9-861c-3bb634c686b9:2:1; expires=Sat, 06 May 2034 19:41:21 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
|
|
| direct.zencloud.lol/favicon.ico | 172.67.128.140 | 404 Not Found | 858 B |
URL GET HTTP/3direct.zencloud.lol/favicon.ico IP172.67.128.140:443
Requested byhttps://direct.zencloud.lol/?url=VytneGNRMlNKNkN1Y2Mrd2xOcHNFYktRUlBhWVhaYkxCQ05nRXBXNTFSeEZNd3V0VG5veldoZDlRTzI3KzgwZnUvTmdmMnZxazh4RzZ2U21RVmRNNytiUVIyTTMrRmg0ckpZYkx3VER1QlkyU0dZOGZjYVVNemo1NDZqRGJrWGxXYUJCYWcwcmU5OWtLckRKbFBBY3dhRUw2bHZzd2hDVkdoWXFBdytSRFdNcXB5U1kyRUFYSG5oQmcxdU1YblJ2 CertificateIssuerLet's Encrypt Subjectzencloud.lol FingerprintAF:41:F3:75:A7:7F:B2:21:D8:43:DF:36:AB:67:E2:8D:70:71:B0:55 ValidityWed, 10 Apr 2024 03:44:54 GMT - Tue, 09 Jul 2024 03:44:53 GMT
File typeHTML document, ASCII text, with CRLF, LF line terminators Hash2382378378c002d88b9a507c712c3349 2e894db3808b554abadc8b144338ad9e2ea937ba 37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
GET /favicon.ico HTTP/1.1
Host: direct.zencloud.lol
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/?url=VytneGNRMlNKNkN1Y2Mrd2xOcHNFYktRUlBhWVhaYkxCQ05nRXBXNTFSeEZNd3V0VG5veldoZDlRTzI3KzgwZnUvTmdmMnZxazh4RzZ2U21RVmRNNytiUVIyTTMrRmg0ckpZYkx3VER1QlkyU0dZOGZjYVVNemo1NDZqRGJrWGxXYUJCYWcwcmU5OWtLckRKbFBBY3dhRUw2bHZzd2hDVkdoWXFBdytSRFdNcXB5U1kyRUFYSG5oQmcxdU1YblJ2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 404 Not Found
date: Wed, 08 May 2024 19:41:22 GMT
content-type: text/html
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jtH6dHqywkgvBGV7Lh4IttQftlZCKBUhb8N3S3fp5E5delJUHlZKgsK9kSy8BZdoMF3xyVawNkF3SCgC8oj7ABtu2%2FUaH1dmOXKjIoct21Q%2Fn7Fvo%2FdpMfFbgXS3LinjWlw8ZPT1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880bed435ff6b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| downstairsnegotiatebarren.com/sfp.js | 188.114.96.1 | 200 OK | 35 kB |
URL GET HTTP/2downstairsnegotiatebarren.com/sfp.js IP188.114.96.1:443
Requested byhttps://direct.zencloud.lol/?url=VytneGNRMlNKNkN1Y2Mrd2xOcHNFYktRUlBhWVhaYkxCQ05nRXBXNTFSeEZNd3V0VG5veldoZDlRTzI3KzgwZnUvTmdmMnZxazh4RzZ2U21RVmRNNytiUVIyTTMrRmg0ckpZYkx3VER1QlkyU0dZOGZjYVVNemo1NDZqRGJrWGxXYUJCYWcwcmU5OWtLckRKbFBBY3dhRUw2bHZzd2hDVkdoWXFBdytSRFdNcXB5U1kyRUFYSG5oQmcxdU1YblJ2 CertificateIssuerLet's Encrypt Subjectdownstairsnegotiatebarren.com Fingerprint5D:DB:CB:C6:CE:2A:8B:34:7D:BC:43:74:33:1D:5F:77:48:F7:BC:1B ValidityThu, 02 May 2024 21:26:34 GMT - Wed, 31 Jul 2024 21:26:33 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators Hashf4a2f8f9f99541c6f105bbd0a025bd40 1f8e3eff12168fdd9e719adfc098d24a45b6916a b717cb04231a10d425fd55b73c85a5407119c6826a8bac94142fddfff6958716
GET /sfp.js HTTP/1.1
Host: downstairsnegotiatebarren.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 19:41:21 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 26e505945df6fb1de8dec79f67878a9d
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Wed, 08 May 2024 19:41:21 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sz8Z8XN2VPFJqKFLqgEuEQ90DvQKbU1x0ojZkqFc7KKS8VqI5wo7GYeU4Qg6o7yyXgYLy%2Bjp8dIqLRRzu%2F1Qa1MtKQYOj3Fo5qmv%2FquFn69yC9SvlN0s%2FAe%2BPQIcgJd2cMzoNF9MEaJ8WoIuJFD%2BsA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880bed424dbdb50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgFPs1xOUjnQnlN8mNQhZt_Z8jJGPujHXUyZNhvERiNRcbd9079Z6VMIumnT5Mx-Ou1YKYx37Nb9WQxAChvhtcNxWTRdJD2xSNzKniXfjurs_vPyto585enp4zwSrblKIk6o8cR0DH7CxF-1uBWV-0TL_A_n-n-yuFkjpI0y-QBhQCzQIJ_gf4auly4MQ/s0/photo_2024-01-07_20-36-03.jpg | 142.250.74.97 | 200 OK | 30 kB |
URL GET HTTP/2blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgFPs1xOUjnQnlN8mNQhZt_Z8jJGPujHXUyZNhvERiNRcbd9079Z6VMIumnT5Mx-Ou1YKYx37Nb9WQxAChvhtcNxWTRdJD2xSNzKniXfjurs_vPyto585enp4zwSrblKIk6o8cR0DH7CxF-1uBWV-0TL_A_n-n-yuFkjpI0y-QBhQCzQIJ_gf4auly4MQ/s0/photo_2024-01-07_20-36-03.jpg IP142.250.74.97:443
Requested byhttps://direct.zencloud.lol/?url=VytneGNRMlNKNkN1Y2Mrd2xOcHNFYktRUlBhWVhaYkxCQ05nRXBXNTFSeEZNd3V0VG5veldoZDlRTzI3KzgwZnUvTmdmMnZxazh4RzZ2U21RVmRNNytiUVIyTTMrRmg0ckpZYkx3VER1QlkyU0dZOGZjYVVNemo1NDZqRGJrWGxXYUJCYWcwcmU5OWtLckRKbFBBY3dhRUw2bHZzd2hDVkdoWXFBdytSRFdNcXB5U1kyRUFYSG5oQmcxdU1YblJ2 CertificateIssuerGoogle Trust Services LLC Subject*.googleusercontent.com Fingerprint7B:64:D0:4F:29:87:0A:A8:90:15:F1:9F:B6:8F:FB:D6:AC:D2:76:56 ValidityTue, 16 Apr 2024 04:13:47 GMT - Tue, 09 Jul 2024 04:13:46 GMT
File typeJPEG image data, JFIF standard 1.02, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=4, orientation=upper-left, software=Google], progressive, precision 8, 1230x341, components 3 Hash0d27ed7ac40c261dfd376a1f7b08f15d 19f80adb4411466812b1b557a73ce56bec1d46ae 03ff475ebb83e9d1257919fec1ae6119d414fe655b4d143ecba2ce112ae912eb
GET /img/b/R29vZ2xl/AVvXsEgFPs1xOUjnQnlN8mNQhZt_Z8jJGPujHXUyZNhvERiNRcbd9079Z6VMIumnT5Mx-Ou1YKYx37Nb9WQxAChvhtcNxWTRdJD2xSNzKniXfjurs_vPyto585enp4zwSrblKIk6o8cR0DH7CxF-1uBWV-0TL_A_n-n-yuFkjpI0y-QBhQCzQIJ_gf4auly4MQ/s0/photo_2024-01-07_20-36-03.jpg HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://direct.zencloud.lol/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/jpeg
vary: Origin
access-control-expose-headers: Content-Length
etag: "v1978"
expires: Thu, 09 May 2024 19:41:22 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="photo_2024-01-07_20-36-03.jpg"
x-content-type-options: nosniff
date: Wed, 08 May 2024 19:41:22 GMT
server: fife
content-length: 29812
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| bitterdefeatmid.com/watch.574285552079.js?key=9e77242938ed4c20d4b8f1c9c1246de6&kw=%5B%22video%22%2C%22downloader%22%5D&refer=https%3A%2F%2Fdirect.zencloud.lol%2F%3Furl%3DVytneGNRMlNKNkN1Y2Mrd2xOcHNFYktRUlBhWVhaYkxCQ05nRXBXNTFSeEZNd3V0VG5veldoZDlRTzI3KzgwZnUvTmdmMnZxazh4RzZ2U21RVmRNNytiUVIyTTMrRmg0ckpZYkx3VER1QlkyU0dZOGZjYVVNemo1NDZqRGJrWGxXYUJCYWcwcmU5OWtLckRKbFBBY3dhRUw2bHZzd2hDVkdoWXFBdytSRFdNcXB5U1kyRUFYSG5oQmcxdU1YblJ2&tz=0&dev=e&res=14.2071&uuid=ecc8a067-62e0-48c9-861c-3bb634c686b9%3A2%3A1 | 172.240.127.234 | 307 Temporary Redirect | 0 B |
URL GET HTTP/1.1bitterdefeatmid.com/watch.574285552079.js?key=9e77242938ed4c20d4b8f1c9c1246de6&kw=%5B%22video%22%2C%22downloader%22%5D&refer=https%3A%2F%2Fdirect.zencloud.lol%2F%3Furl%3DVytneGNRMlNKNkN1Y2Mrd2xOcHNFYktRUlBhWVhaYkxCQ05nRXBXNTFSeEZNd3V0VG5veldoZDlRTzI3KzgwZnUvTmdmMnZxazh4RzZ2U21RVmRNNytiUVIyTTMrRmg0ckpZYkx3VER1QlkyU0dZOGZjYVVNemo1NDZqRGJrWGxXYUJCYWcwcmU5OWtLckRKbFBBY3dhRUw2bHZzd2hDVkdoWXFBdytSRFdNcXB5U1kyRUFYSG5oQmcxdU1YblJ2&tz=0&dev=e&res=14.2071&uuid=ecc8a067-62e0-48c9-861c-3bb634c686b9%3A2%3A1 IP172.240.127.234:443
Requested byhttps://direct.zencloud.lol/?url=VytneGNRMlNKNkN1Y2Mrd2xOcHNFYktRUlBhWVhaYkxCQ05nRXBXNTFSeEZNd3V0VG5veldoZDlRTzI3KzgwZnUvTmdmMnZxazh4RzZ2U21RVmRNNytiUVIyTTMrRmg0ckpZYkx3VER1QlkyU0dZOGZjYVVNemo1NDZqRGJrWGxXYUJCYWcwcmU5OWtLckRKbFBBY3dhRUw2bHZzd2hDVkdoWXFBdytSRFdNcXB5U1kyRUFYSG5oQmcxdU1YblJ2 CertificateIssuerLet's Encrypt Subjectbitterdefeatmid.com Fingerprint1C:0E:0C:52:3F:0F:1C:3F:2A:DC:34:3C:CE:75:22:D3:24:6E:02:6A ValidityMon, 06 May 2024 08:01:12 GMT - Sun, 04 Aug 2024 08:01:11 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.574285552079.js?key=9e77242938ed4c20d4b8f1c9c1246de6&kw=%5B%22video%22%2C%22downloader%22%5D&refer=https%3A%2F%2Fdirect.zencloud.lol%2F%3Furl%3DVytneGNRMlNKNkN1Y2Mrd2xOcHNFYktRUlBhWVhaYkxCQ05nRXBXNTFSeEZNd3V0VG5veldoZDlRTzI3KzgwZnUvTmdmMnZxazh4RzZ2U21RVmRNNytiUVIyTTMrRmg0ckpZYkx3VER1QlkyU0dZOGZjYVVNemo1NDZqRGJrWGxXYUJCYWcwcmU5OWtLckRKbFBBY3dhRUw2bHZzd2hDVkdoWXFBdytSRFdNcXB5U1kyRUFYSG5oQmcxdU1YblJ2&tz=0&dev=e&res=14.2071&uuid=ecc8a067-62e0-48c9-861c-3bb634c686b9%3A2%3A1 HTTP/1.1
Host: bitterdefeatmid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://direct.zencloud.lol
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Wed, 08 May 2024 19:41:22 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://direct.zencloud.lol
Access-Control-Allow-Origin: https://direct.zencloud.lol
Access-Control-Allow-Credentials: true
Location: https://bitterdefeatmid.com/watch.574285552079.js?dev=e&key=9e77242938ed4c20d4b8f1c9c1246de6&kw=%5B%22video%22%2C%22downloader%22%5D&pst=1715197342&refer=https%3A%2F%2Fdirect.zencloud.lol%2F%3Furl%3DVytneGNRMlNKNkN1Y2Mrd2xOcHNFYktRUlBhWVhaYkxCQ05nRXBXNTFSeEZNd3V0VG5veldoZDlRTzI3KzgwZnUvTmdmMnZxazh4RzZ2U21RVmRNNytiUVIyTTMrRmg0ckpZYkx3VER1QlkyU0dZOGZjYVVNemo1NDZqRGJrWGxXYUJCYWcwcmU5OWtLckRKbFBBY3dhRUw2bHZzd2hDVkdoWXFBdytSRFdNcXB5U1kyRUFYSG5oQmcxdU1YblJ2&res=14.2071&rmtc=t&shu=44003ebc6d603ef4128ff55805f5c2e868abdb1ca74994030605b316a944ab4408f5b98e0c3313cc995c361f42d595bc35e40cc042f84409d79d9f0863101feac360ee70ac5a6b6a0a00b485b89f3aeb1d8539466058f1c25cc3f58168dce9&tz=0&uuid=ecc8a067-62e0-48c9-861c-3bb634c686b9%3A2%3A1
Set-Cookie: u_pl=22980864; expires=Thu, 09 May 2024 19:41:22 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjk4MDg2NCwiayI6IjllNzcyNDI5MzhlZDRjMjBkNGI4ZjFjOWMxMjQ2ZGU2Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxMzgxMTE3LCJwaWQiOjE1NjczMiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxLCJhaWQiOjUsInB0Ijo0LCJwayI6InNicGpoNHU1MCIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo3OTk1NDE5NiwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMTY2NzAsImJuIjoiRmlyZWZveCIsImJ2IjoiOTYuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2RpcmVjdC56ZW5jbG91ZC5sb2wvP3VybD1WeXRuZUdOUk1sTktOa04xWTJNcmQyeE9jSE5GWWt0UlVsQmhXVmhhWWt4Q1EwNW5SWEJYTlRGU2VFWk5kM1YwVkc1dmVsZG9aRGxSVHpJM0t6Z3dablV2VG1kbU1uWnhhemg0UnpaMlUyMVJWbVJOTnl0aVVWSXlUVE1yUm1nMGNrcFpZa3gzVkVSMVFsa3lVMGRaT0daallWVk5lbW8xTkRacVJHSnJXR3hYWVVKQ1lXY3djbVU1T1d0TGNrUktiRkJCWTNkaFJVdzJiSFp6ZDJoRFZrZG9XWEZCZHl0U1JGZE5jWEI1VTFreVJVRllTRzVvUW1jeGRVMVlibEoyIiwiYXIiOltdfX0.VJkChl-ywClzY4tZloI71Sfo6obfP3UzqQk3xS2jfAs; expires=Wed, 08 May 2024 19:42:22 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4f521e0f5d81ce6cdcf32db52ff660ca
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| capaciousdrewreligion.com/advertisers.js | 192.243.61.225 | 200 OK | 0 B |
URL GET HTTP/1.1capaciousdrewreligion.com/advertisers.js IP192.243.61.225:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://direct.zencloud.lol/?url=VytneGNRMlNKNkN1Y2Mrd2xOcHNFYktRUlBhWVhaYkxCQ05nRXBXNTFSeEZNd3V0VG5veldoZDlRTzI3KzgwZnUvTmdmMnZxazh4RzZ2U21RVmRNNytiUVIyTTMrRmg0ckpZYkx3VER1QlkyU0dZOGZjYVVNemo1NDZqRGJrWGxXYUJCYWcwcmU5OWtLckRKbFBBY3dhRUw2bHZzd2hDVkdoWXFBdytSRFdNcXB5U1kyRUFYSG5oQmcxdU1YblJ2 CertificateIssuerLet's Encrypt Subjectcapaciousdrewreligion.com FingerprintBB:9C:12:88:24:43:D4:47:71:3F:F0:A4:BB:E1:85:65:CE:E7:92:E4 ValidityMon, 06 May 2024 02:35:23 GMT - Sun, 04 Aug 2024 02:35:22 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /advertisers.js HTTP/1.1
Host: capaciousdrewreligion.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 08 May 2024 19:41:22 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0323a40b9b0e9478f97a381692445c18
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| bitterdefeatmid.com/watch.574285552079.js?dev=e&key=9e77242938ed4c20d4b8f1c9c1246de6&kw=%5B%22video%22%2C%22downloader%22%5D&pst=1715197342&refer=https%3A%2F%2Fdirect.zencloud.lol%2F%3Furl%3DVytneGNRMlNKNkN1Y2Mrd2xOcHNFYktRUlBhWVhaYkxCQ05nRXBXNTFSeEZNd3V0VG5veldoZDlRTzI3KzgwZnUvTmdmMnZxazh4RzZ2U21RVmRNNytiUVIyTTMrRmg0ckpZYkx3VER1QlkyU0dZOGZjYVVNemo1NDZqRGJrWGxXYUJCYWcwcmU5OWtLckRKbFBBY3dhRUw2bHZzd2hDVkdoWXFBdytSRFdNcXB5U1kyRUFYSG5oQmcxdU1YblJ2&res=14.2071&rmtc=t&shu=44003ebc6d603ef4128ff55805f5c2e868abdb1ca74994030605b316a944ab4408f5b98e0c3313cc995c361f42d595bc35e40cc042f84409d79d9f0863101feac360ee70ac5a6b6a0a00b485b89f3aeb1d8539466058f1c25cc3f58168dce9&tz=0&uuid=ecc8a067-62e0-48c9-861c-3bb634c686b9%3A2%3A1 | 172.240.127.234 | 200 OK | 2.1 kB |
URL GET HTTP/1.1bitterdefeatmid.com/watch.574285552079.js?dev=e&key=9e77242938ed4c20d4b8f1c9c1246de6&kw=%5B%22video%22%2C%22downloader%22%5D&pst=1715197342&refer=https%3A%2F%2Fdirect.zencloud.lol%2F%3Furl%3DVytneGNRMlNKNkN1Y2Mrd2xOcHNFYktRUlBhWVhaYkxCQ05nRXBXNTFSeEZNd3V0VG5veldoZDlRTzI3KzgwZnUvTmdmMnZxazh4RzZ2U21RVmRNNytiUVIyTTMrRmg0ckpZYkx3VER1QlkyU0dZOGZjYVVNemo1NDZqRGJrWGxXYUJCYWcwcmU5OWtLckRKbFBBY3dhRUw2bHZzd2hDVkdoWXFBdytSRFdNcXB5U1kyRUFYSG5oQmcxdU1YblJ2&res=14.2071&rmtc=t&shu=44003ebc6d603ef4128ff55805f5c2e868abdb1ca74994030605b316a944ab4408f5b98e0c3313cc995c361f42d595bc35e40cc042f84409d79d9f0863101feac360ee70ac5a6b6a0a00b485b89f3aeb1d8539466058f1c25cc3f58168dce9&tz=0&uuid=ecc8a067-62e0-48c9-861c-3bb634c686b9%3A2%3A1 IP172.240.127.234:443
Requested byhttps://direct.zencloud.lol/?url=VytneGNRMlNKNkN1Y2Mrd2xOcHNFYktRUlBhWVhaYkxCQ05nRXBXNTFSeEZNd3V0VG5veldoZDlRTzI3KzgwZnUvTmdmMnZxazh4RzZ2U21RVmRNNytiUVIyTTMrRmg0ckpZYkx3VER1QlkyU0dZOGZjYVVNemo1NDZqRGJrWGxXYUJCYWcwcmU5OWtLckRKbFBBY3dhRUw2bHZzd2hDVkdoWXFBdytSRFdNcXB5U1kyRUFYSG5oQmcxdU1YblJ2 CertificateIssuerLet's Encrypt Subjectbitterdefeatmid.com Fingerprint1C:0E:0C:52:3F:0F:1C:3F:2A:DC:34:3C:CE:75:22:D3:24:6E:02:6A ValidityMon, 06 May 2024 08:01:12 GMT - Sun, 04 Aug 2024 08:01:11 GMT
File typeJavaScript source, ASCII text, with very long lines (2655) Hash8e6e2127f7eb1ff5ad6c4481a95d8672 8c2727821a141a07f1bc8b58b3304a344f9bd04c 02ae9aa69811bb34fd5f1bca2f48698ef77d6c68c78110cec5fd7c1f1a520a18
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.574285552079.js?dev=e&key=9e77242938ed4c20d4b8f1c9c1246de6&kw=%5B%22video%22%2C%22downloader%22%5D&pst=1715197342&refer=https%3A%2F%2Fdirect.zencloud.lol%2F%3Furl%3DVytneGNRMlNKNkN1Y2Mrd2xOcHNFYktRUlBhWVhaYkxCQ05nRXBXNTFSeEZNd3V0VG5veldoZDlRTzI3KzgwZnUvTmdmMnZxazh4RzZ2U21RVmRNNytiUVIyTTMrRmg0ckpZYkx3VER1QlkyU0dZOGZjYVVNemo1NDZqRGJrWGxXYUJCYWcwcmU5OWtLckRKbFBBY3dhRUw2bHZzd2hDVkdoWXFBdytSRFdNcXB5U1kyRUFYSG5oQmcxdU1YblJ2&res=14.2071&rmtc=t&shu=44003ebc6d603ef4128ff55805f5c2e868abdb1ca74994030605b316a944ab4408f5b98e0c3313cc995c361f42d595bc35e40cc042f84409d79d9f0863101feac360ee70ac5a6b6a0a00b485b89f3aeb1d8539466058f1c25cc3f58168dce9&tz=0&uuid=ecc8a067-62e0-48c9-861c-3bb634c686b9%3A2%3A1 HTTP/1.1
Host: bitterdefeatmid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://direct.zencloud.lol
Referer: https://direct.zencloud.lol/
DNT: 1
Connection: keep-alive
Cookie: u_pl=22980864; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjk4MDg2NCwiayI6IjllNzcyNDI5MzhlZDRjMjBkNGI4ZjFjOWMxMjQ2ZGU2Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxMzgxMTE3LCJwaWQiOjE1NjczMiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxLCJhaWQiOjUsInB0Ijo0LCJwayI6InNicGpoNHU1MCIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo3OTk1NDE5NiwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMTY2NzAsImJuIjoiRmlyZWZveCIsImJ2IjoiOTYuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2RpcmVjdC56ZW5jbG91ZC5sb2wvP3VybD1WeXRuZUdOUk1sTktOa04xWTJNcmQyeE9jSE5GWWt0UlVsQmhXVmhhWWt4Q1EwNW5SWEJYTlRGU2VFWk5kM1YwVkc1dmVsZG9aRGxSVHpJM0t6Z3dablV2VG1kbU1uWnhhemg0UnpaMlUyMVJWbVJOTnl0aVVWSXlUVE1yUm1nMGNrcFpZa3gzVkVSMVFsa3lVMGRaT0daallWVk5lbW8xTkRacVJHSnJXR3hYWVVKQ1lXY3djbVU1T1d0TGNrUktiRkJCWTNkaFJVdzJiSFp6ZDJoRFZrZG9XWEZCZHl0U1JGZE5jWEI1VTFreVJVRllTRzVvUW1jeGRVMVlibEoyIiwiYXIiOltdfX0.VJkChl-ywClzY4tZloI71Sfo6obfP3UzqQk3xS2jfAs
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 08 May 2024 19:41:22 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://direct.zencloud.lol
Access-Control-Allow-Origin: https://direct.zencloud.lol
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=ecc8a067-62e0-48c9-861c-3bb634c686b9:2:1; expires=Wed, 15 May 2024 19:41:22 GMT; secure; SameSite=None
iprc8411d00f6ce7afb3cfeff721680d6a89=3569806; expires=Wed, 08 May 2024 23:41:22 GMT; secure; SameSite=None
pdhtkv=true; expires=Thu, 09 May 2024 19:41:22 GMT; secure; SameSite=None
uncs=1; expires=Thu, 09 May 2024 19:41:22 GMT; secure; SameSite=None
pdhtkv5=true; expires=Thu, 09 May 2024 19:41:22 GMT; secure; SameSite=None
uncs5=1; expires=Thu, 09 May 2024 19:41:22 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b1297f710f2086fb9c25e6aa50aa5394
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| cdn.cloudimagesb.com/cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png | 45.133.44.9 | 200 OK | 144 kB |
URL GET HTTP/2cdn.cloudimagesb.com/cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png IP45.133.44.9:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://direct.zencloud.lol/?url=VytneGNRMlNKNkN1Y2Mrd2xOcHNFYktRUlBhWVhaYkxCQ05nRXBXNTFSeEZNd3V0VG5veldoZDlRTzI3KzgwZnUvTmdmMnZxazh4RzZ2U21RVmRNNytiUVIyTTMrRmg0ckpZYkx3VER1QlkyU0dZOGZjYVVNemo1NDZqRGJrWGxXYUJCYWcwcmU5OWtLckRKbFBBY3dhRUw2bHZzd2hDVkdoWXFBdytSRFdNcXB5U1kyRUFYSG5oQmcxdU1YblJ2 CertificateIssuerLet's Encrypt Subjectcdn.cloudimagesb.com FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0 ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT
File typePNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced Size144 kB (144379 bytes) Hash33c304429dc1a4408a96e6a74ffa2feb c45fa8e65528d1bb2b46bf8a28af9eeaa1903d04 dbed482e5948ead5587d30a22306a5b611305f704de940bd22c76daf90e0a314
GET /cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 19:41:22 GMT
content-type: image/png
content-length: 144379
server: nginx/1.21.6
last-modified: Wed, 27 Jul 2022 11:07:21 GMT
etag: "62e11c69-233fb"
expires: Fri, 10 May 2024 19:41:22 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| unseenreport.com/pxf.gif?uuid=ecc8a067-62e0-48c9-861c-3bb634c686b9&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=d6c69caa54fd5fdaf8def7abe2268296&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=19 | 192.243.59.20 | 200 OK | 1 B |
URL GET HTTP/1.1unseenreport.com/pxf.gif?uuid=ecc8a067-62e0-48c9-861c-3bb634c686b9&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=d6c69caa54fd5fdaf8def7abe2268296&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=19 IP192.243.59.20:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://direct.zencloud.lol/?url=VytneGNRMlNKNkN1Y2Mrd2xOcHNFYktRUlBhWVhaYkxCQ05nRXBXNTFSeEZNd3V0VG5veldoZDlRTzI3KzgwZnUvTmdmMnZxazh4RzZ2U21RVmRNNytiUVIyTTMrRmg0ckpZYkx3VER1QlkyU0dZOGZjYVVNemo1NDZqRGJrWGxXYUJCYWcwcmU5OWtLckRKbFBBY3dhRUw2bHZzd2hDVkdoWXFBdytSRFdNcXB5U1kyRUFYSG5oQmcxdU1YblJ2 CertificateIssuerLet's Encrypt Subject*.unseenreport.com Fingerprint71:46:15:FD:76:6A:F5:5B:51:06:CC:93:DD:D8:63:E3:8B:10:BF:13 ValidityFri, 22 Mar 2024 07:32:41 GMT - Thu, 20 Jun 2024 07:32:40 GMT
File typevery short file (no magic) Hash93b885adfe0da089cdf634904fd59f71 5ba93c9db0cff93f52b521d7420e43f6eda2784f 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pxf.gif?uuid=ecc8a067-62e0-48c9-861c-3bb634c686b9&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=d6c69caa54fd5fdaf8def7abe2268296&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=19 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 May 2024 19:41:23 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9be7fe5b262d8d3bb073eeee8bc357d2
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| cdn.jsdelivr.net/npm/bootstrap-icons@1.8.1/font/bootstrap-icons.css | 151.101.1.229 | 200 OK | 80 kB |
URL GET HTTP/2cdn.jsdelivr.net/npm/bootstrap-icons@1.8.1/font/bootstrap-icons.css IP151.101.1.229:443
Requested byhttps://direct.zencloud.lol/?url=VytneGNRMlNKNkN1Y2Mrd2xOcHNFYktRUlBhWVhaYkxCQ05nRXBXNTFSeEZNd3V0VG5veldoZDlRTzI3KzgwZnUvTmdmMnZxazh4RzZ2U21RVmRNNytiUVIyTTMrRmg0ckpZYkx3VER1QlkyU0dZOGZjYVVNemo1NDZqRGJrWGxXYUJCYWcwcmU5OWtLckRKbFBBY3dhRUw2bHZzd2hDVkdoWXFBdytSRFdNcXB5U1kyRUFYSG5oQmcxdU1YblJ2 CertificateIssuerGlobalSign nv-sa Subjectjsdelivr.net Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09 ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT
Hash79877fb82de8ca50845081e3c9a201c5 4f6ea69c0e03431ffa1a097a45453b5b3b246d8b af35cc6aba34e5005de77099dfa72d4c1a7715d28ddcec343f48031dc8cb08bc
GET /npm/bootstrap-icons@1.8.1/font/bootstrap-icons.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 1.8.1
x-jsd-version-type: version
etag: W/"13a7e-T26mnA4DQx/6Ggl6RUU7WzskbYs"
content-encoding: br
accept-ranges: bytes
date: Wed, 08 May 2024 19:41:20 GMT
age: 27154
x-served-by: cache-fra-etou8220090-FRA, cache-hel1410032-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 10883
X-Firefox-Spdy: h2
|
|