Report - direct.zencloud.lol/?url=VlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX

Report Overview

Submitted URL
direct.zencloud.lol/?url=VlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX
IP
104.21.1.52
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-10 06:20:51
Access
public
Website Title
Video Downloader
Final URL
direct.zencloud.lol/?url=VlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
10

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
proftrafficcounter.com	unknown	2023-11-16	2023-11-21	2024-05-09	878 B	852 B	52.29.105.35
assuretwelfth.com	unknown	2024-05-06	2024-05-07	2024-05-08	3.3 kB	6.4 kB	172.240.108.84
cdn.cloudimagesb.com	23099	2020-10-06	2021-02-12	2024-05-09	441 B	145 kB	45.133.44.10
blogger.googleusercontent.com	16485	2008-11-17	2012-05-25	2024-05-09	673 B	30 kB	142.250.74.97
cdn.jsdelivr.net	439	2012-05-16	2012-09-30	2024-05-09	3.4 kB	116 kB	151.101.129.229
ghastlyejection.com	unknown	2023-03-24	2023-04-09	2024-02-17	882 B	42 kB	172.240.253.132
direct.zencloud.lol	unknown	2024-02-10	2024-04-16	2024-04-17	1.5 kB	30 kB	104.21.1.52
downstairsnegotiatebarren.com	unknown	2024-03-04	2024-03-04	2024-05-09	414 B	58 kB	188.114.96.1
unseenreport.com	unknown	2022-03-30	2022-03-30	2024-05-09	738 B	423 B	192.243.61.225
i0.wp.com	3021	1997-03-28	2013-09-17	2024-05-09	681 B	596 B	192.0.77.2
ocsp.r2m03.amazontrust.com	unknown	2007-05-11	2023-02-21	2024-05-09	676 B	1.9 kB	54.230.218.11
capaciousdrewreligion.com	unknown	2023-11-07	2023-11-27	2024-05-09	418 B	327 B	172.240.108.84

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-10	medium	ghastlyejection.com	Sinkholed
2024-05-10	medium	ghastlyejection.com	Sinkholed
2024-05-10	medium	assuretwelfth.com	Sinkholed
2024-05-10	medium	assuretwelfth.com	Sinkholed
2024-05-10	medium	unseenreport.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (13)

	URL	Size	First Seen	Last Seen
	cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.min.js	59 kB	2023-03-07	2024-05-20
Pretty URL cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.min.js IP 151.101.129.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23:52 Last Seen2024-05-20 16:39:33 Times Seen3488 Hash 259e416ef6833be43801b8b68a93b008 19080c3b817985336aab5e1ce6925c99803f2efd 70c3d690bdc5ce3b9a1527c46044989a3176e610882fa99f4523e75bc395bcce Loading...

	ghastlyejection.com/d6/c6/9c/d6c69caa54fd5fdaf8def7abe2268296.js	76 kB	2024-05-10	2024-05-10
Pretty URL ghastlyejection.com/d6/c6/9c/d6c69caa54fd5fdaf8def7abe2268296.js IP 172.240.253.132 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 08:20:53 Last Seen2024-05-10 08:20:53 Times Seen2 Hash cf677bc2573b749d0a9fa5190560380c 07e2ed46352ab09e6f6d83e362e3bbcb0bd961ba 18fe62c00e3628822d131dfd102b552270dd650767544387e3d3498cfe3d7cbe Loading...

	cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js	78 kB	2023-03-07	2024-05-20
Pretty URL cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js IP 151.101.129.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:26 Last Seen2024-05-20 18:34:55 Times Seen9151 Hash 7ccd9d390d31af98110f74f842ea9b32 a85e681624c91a106a514c31eacf80de817b2cc3 f5210fa3e7f0245a4c51eb7f280092c0ef99fdd28c45e17dab8cc5854fdf4fd3 Loading...

	downstairsnegotiatebarren.com/sfp.js	86 kB	2024-03-29	2024-05-17
Pretty URL downstairsnegotiatebarren.com/sfp.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 13:13:34 Last Seen2024-05-17 14:49:08 Times Seen3553 Hash f4a2f8f9f99541c6f105bbd0a025bd40 1f8e3eff12168fdd9e719adfc098d24a45b6916a b717cb04231a10d425fd55b73c85a5407119c6826a8bac94142fddfff6958716 Loading...

	capaciousdrewreligion.com/advertisers.js	0 B	2023-03-07	2024-05-20
Pretty URL capaciousdrewreligion.com/advertisers.js IP 172.240.108.84 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-20 18:50:34 Times Seen37887525 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	cdn.jsdelivr.net/npm/@popperjs/core@2.10.2/dist/umd/popper.min.js	19 kB	2023-03-07	2024-05-19
Pretty URL cdn.jsdelivr.net/npm/@popperjs/core@2.10.2/dist/umd/popper.min.js IP 151.101.129.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23:52 Last Seen2024-05-19 16:51:11 Times Seen2521 Hash 541aecc95a7faeef0fc27558070f3647 0ec7ca4778ba3ccb4d1b1688094720834fbe9ed3 f395875eb5d58c5128c434812cd0a53d438b11536f7fd1577077d8a5c612e1fd Loading...

	ghastlyejection.com/9e77242938ed4c20d4b8f1c9c1246de6/invoke.js	31 kB	2024-05-10	2024-05-10
Pretty URL ghastlyejection.com/9e77242938ed4c20d4b8f1c9c1246de6/invoke.js IP 172.240.253.132 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 08:20:53 Last Seen2024-05-10 08:20:53 Times Seen2 Hash 443282e6bf4ba50f24069e4dd293cdb4 d2e8e5a38e1a2b6db2c0ae1b10694a1921bfa413 f7cef0449d29a1fd51d93dd05eafd6e0c405c410f2ab6c44391d9b3f0ab4c067 Loading...

	direct.zencloud.lol/?url=VlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX	140 B	2024-04-28	2024-05-10
Pretty URL direct.zencloud.lol/?url=VlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX IP 104.21.1.52 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-28 01:29:58 Last Seen2024-05-10 08:20:53 Times Seen9 Hash e57f681e533dce1ed37417d9c1cd0b8b a134be60f1d069be31ce298c0ef73e3198bba50e 3449e5cb12ac89986a8940f1fe55cc3157ca3a32be72c9be7108d8f5dedc825a Loading...

	unknown	3.3 kB	2024-05-10	2024-05-10
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 08:20:53 Last Seen2024-05-10 08:20:53 Times Seen1 Hash 1724d61de85e1193589db52d6dae3d79 305569b20795836cadb9b9727da1b3be3b32ce02 ef6e697fc7023b4e645da7180df2f37e698c6467ac7f3b6a15571af7376a37bd Loading...

	direct.zencloud.lol/?url=VlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX	4.1 kB	2024-01-25	2024-05-10
Pretty URL direct.zencloud.lol/?url=VlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX IP 104.21.1.52 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-01-25 07:39:34 Last Seen2024-05-10 08:20:53 Times Seen15 Hash 42fb35480631e583224c20e9f00c1f0d 2e30c877234085a6372b7081f24544b7e75d4dcb 212164355499a9e24d4bb29172bc9896c46a0680edeb8a55920b42f39ff75a2e Loading...

	unknown	196 B	2024-04-28	2024-05-10
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-28 01:29:58 Last Seen2024-05-10 08:20:53 Times Seen9 Hash d7a5416a938a2f242e52c2e9544c50f3 996e7d672eb5d189cb62b67f4bd7ca6535f89e9f 6eef2eaf44fdcf2a36d7241bfb70c89b604c7f81de6400c43d2a205e454ea175 Loading...

	unknown	145 B	2024-04-28	2024-05-10
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-28 01:29:58 Last Seen2024-05-10 08:20:53 Times Seen9 Hash cefef4084102ea96199270b0a77280f8 ca546055f61c2c3c1d35f4bf54d9ebdd87cb6288 70c3cd9cd3f290e0b3a5f5a402a91a5b1665f8d8e8c46f5194f6b2137a863ef5 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 21515a30a3579df773b64840886b4038	2.1 kB	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 08:20:53 Last Seen2024-05-10 08:20:53 Times Seen1 Hash 21515a30a3579df773b64840886b4038 096c1b4fd83d20e03ed95c77c54847cf94e790d0 1d707fb77080ef21ca47d4bedf530ff38570f3b66fe08036c74d5b8382ce5f03 Loading...

HTTP Transactions (23)

URL IP Response Size

cdn.jsdelivr.net/npm/bootstrap-icons@1.8.1/font/bootstrap-icons.css

151.101.129.229

200 OK

11 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/bootstrap-icons@1.8.1/font/bootstrap-icons.css
IP
151.101.129.229:443
ASN
#54113 FASTLY

Requested by
https://direct.zencloud.lol/?url=VlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
ASCII text
Size
11 kB (10883 bytes)
Hash
79877fb82de8ca50845081e3c9a201c5
4f6ea69c0e03431ffa1a097a45453b5b3b246d8b
af35cc6aba34e5005de77099dfa72d4c1a7715d28ddcec343f48031dc8cb08bc

HTTP Headers

GET /npm/bootstrap-icons@1.8.1/font/bootstrap-icons.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 1.8.1
x-jsd-version-type: version
etag: W/"13a7e-T26mnA4DQx/6Ggl6RUU7WzskbYs"
content-encoding: br
accept-ranges: bytes
date: Fri, 10 May 2024 06:20:26 GMT
age: 151900
x-served-by: cache-fra-etou8220090-FRA, cache-hel1410025-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 10883
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js

151.101.129.229

200 OK

24 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js
IP
151.101.129.229:443
ASN
#54113 FASTLY

Requested by
https://direct.zencloud.lol/?url=VlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
JavaScript source, ASCII text, with very long lines (65299)
Size
24 kB (24376 bytes)
Hash
7ccd9d390d31af98110f74f842ea9b32
a85e681624c91a106a514c31eacf80de817b2cc3
f5210fa3e7f0245a4c51eb7f280092c0ef99fdd28c45e17dab8cc5854fdf4fd3

HTTP Headers

GET /npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://direct.zencloud.lol
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 5.1.3
x-jsd-version-type: version
etag: W/"13131-qF5oFiTJGhBqUUwx6s+A3oF7LMM"
content-encoding: br
accept-ranges: bytes
date: Fri, 10 May 2024 06:20:26 GMT
age: 30861367
x-served-by: cache-fra-eddf8230075-FRA, cache-hel1410023-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 24376
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.min.js

151.101.129.229

200 OK

18 kB

URL GET HTTP/3
cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.min.js
IP
151.101.129.229:443
ASN
#54113 FASTLY

Requested by
https://direct.zencloud.lol/?url=VlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
JavaScript source, ASCII text, with very long lines (58940)
Size
18 kB (17624 bytes)
Hash
259e416ef6833be43801b8b68a93b008
19080c3b817985336aab5e1ce6925c99803f2efd
70c3d690bdc5ce3b9a1527c46044989a3176e610882fa99f4523e75bc395bcce

HTTP Headers

GET /npm/bootstrap@5.1.3/dist/js/bootstrap.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://direct.zencloud.lol
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 5.1.3
x-jsd-version-type: version
etag: W/"e753-GQgMO4F5hTNqq14c5pJcmYA/Lv0"
content-encoding: br
accept-ranges: bytes
date: Fri, 10 May 2024 06:20:26 GMT
age: 9330921
x-served-by: cache-fra-etou8220048-FRA, cache-hel1410023-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 17624
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/@popperjs/core@2.10.2/dist/umd/popper.min.js

151.101.129.229

200 OK

7.0 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/@popperjs/core@2.10.2/dist/umd/popper.min.js
IP
151.101.129.229:443
ASN
#54113 FASTLY

Requested by
https://direct.zencloud.lol/?url=VlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
JavaScript source, ASCII text, with very long lines (18706)
Size
7.0 kB (6952 bytes)
Hash
541aecc95a7faeef0fc27558070f3647
0ec7ca4778ba3ccb4d1b1688094720834fbe9ed3
f395875eb5d58c5128c434812cd0a53d438b11536f7fd1577077d8a5c612e1fd

HTTP Headers

GET /npm/@popperjs/core@2.10.2/dist/umd/popper.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://direct.zencloud.lol
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 2.10.2
x-jsd-version-type: version
etag: W/"496b-DsfKR3i6PMtNGxaICUcgg0++ntM"
content-encoding: br
accept-ranges: bytes
date: Fri, 10 May 2024 06:20:26 GMT
age: 9330922
x-served-by: cache-fra-etou8220021-FRA, cache-hel1410023-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 6952
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css

151.101.129.229

200 OK

26 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css
IP
151.101.129.229:443
ASN
#54113 FASTLY

Requested by
https://direct.zencloud.lol/?url=VlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
Unicode text, UTF-8 text, with very long lines (65306)
Size
26 kB (26333 bytes)
Hash
94994c66fec8c3468b269dc0cc242151
ec16bd19bf4ae9bc2e2336ac409a503bbbdaacad
62f74b1cf824a89f03554c638e719594c309b4d8a627a758928c0516fa7890ab

HTTP Headers

GET /npm/bootstrap@5.1.3/dist/css/bootstrap.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://direct.zencloud.lol
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 5.1.3
x-jsd-version-type: version
etag: W/"28021-7Ba9Gb9K6bwuIzasQJpQO7varK0"
content-encoding: br
accept-ranges: bytes
date: Fri, 10 May 2024 06:20:26 GMT
age: 2081768
x-served-by: cache-fra-etou8220101-FRA, cache-hel1410023-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 26333
X-Firefox-Spdy: h2

i0.wp.com/blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgFPs1xOUjnQnlN8mNQhZt_Z8jJGPujHXUyZNhvERiNRcbd9079Z6VMIumnT5Mx-Ou1YKYx37Nb9WQxAChvhtcNxWTRdJD2xSNzKniXfjurs_vPyto585enp4zwSrblKIk6o8cR0DH7CxF-1uBWV-0TL_A_n-n-yuFkjpI0y-QBhQCzQIJ_gf4auly4MQ/s0/photo_2024-01-07_20-36-03.jpg

192.0.77.2

302 Found

138 B

URL GET HTTP/2
i0.wp.com/blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgFPs1xOUjnQnlN8mNQhZt_Z8jJGPujHXUyZNhvERiNRcbd9079Z6VMIumnT5Mx-Ou1YKYx37Nb9WQxAChvhtcNxWTRdJD2xSNzKniXfjurs_vPyto585enp4zwSrblKIk6o8cR0DH7CxF-1uBWV-0TL_A_n-n-yuFkjpI0y-QBhQCzQIJ_gf4auly4MQ/s0/photo_2024-01-07_20-36-03.jpg
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://direct.zencloud.lol/?url=VlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint5D:DB:6E:AA:9E:A8:4A:C3:10:A5:DA:89:DC:1C:BB:D1:87:5F:E1:D2
ValidityTue, 28 Nov 2023 00:00:00 GMT - Sat, 28 Dec 2024 23:59:59 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
138 B (138 bytes)
Hash
aff950cab4c0265e21d401db15f1026d
f03e18461817f7a6546c8bf8fa8d686d7e30aca0
753e0dd54f28c4f7009b9c0b18a68aed175416bd8b7d134858264586eaac56f0

HTTP Headers

GET /blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgFPs1xOUjnQnlN8mNQhZt_Z8jJGPujHXUyZNhvERiNRcbd9079Z6VMIumnT5Mx-Ou1YKYx37Nb9WQxAChvhtcNxWTRdJD2xSNzKniXfjurs_vPyto585enp4zwSrblKIk6o8cR0DH7CxF-1uBWV-0TL_A_n-n-yuFkjpI0y-QBhQCzQIJ_gf4auly4MQ/s0/photo_2024-01-07_20-36-03.jpg HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx
date: Fri, 10 May 2024 06:20:26 GMT
content-type: text/html
content-length: 138
location: https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgFPs1xOUjnQnlN8mNQhZt_Z8jJGPujHXUyZNhvERiNRcbd9079Z6VMIumnT5Mx-Ou1YKYx37Nb9WQxAChvhtcNxWTRdJD2xSNzKniXfjurs_vPyto585enp4zwSrblKIk6o8cR0DH7CxF-1uBWV-0TL_A_n-n-yuFkjpI0y-QBhQCzQIJ_gf4auly4MQ/s0/photo_2024-01-07_20-36-03.jpg
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ghastlyejection.com/9e77242938ed4c20d4b8f1c9c1246de6/invoke.js

172.240.253.132

200 OK

12 kB

URL GET HTTP/1.1
ghastlyejection.com/9e77242938ed4c20d4b8f1c9c1246de6/invoke.js
IP
172.240.253.132:443
ASN
#7979 SERVERS-COM

Requested by
https://direct.zencloud.lol/?url=VlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX
Certificate
IssuerLet's Encrypt
Subjectghastlyejection.com
Fingerprint65:2F:32:E2:B0:77:79:80:01:58:74:67:79:B5:76:80:C1:78:5C:09
ValidityTue, 19 Mar 2024 07:22:21 GMT - Mon, 17 Jun 2024 07:22:20 GMT

File type
JavaScript source, ASCII text, with very long lines (31288), with no line terminators
Size
12 kB (11835 bytes)
Hash
443282e6bf4ba50f24069e4dd293cdb4
d2e8e5a38e1a2b6db2c0ae1b10694a1921bfa413
f7cef0449d29a1fd51d93dd05eafd6e0c405c410f2ab6c44391d9b3f0ab4c067

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /9e77242938ed4c20d4b8f1c9c1246de6/invoke.js HTTP/1.1
Host: ghastlyejection.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 06:20:26 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d9e0593336dde98021bbb67295399f4a
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

ghastlyejection.com/d6/c6/9c/d6c69caa54fd5fdaf8def7abe2268296.js

172.240.253.132

200 OK

28 kB

URL GET HTTP/1.1
ghastlyejection.com/d6/c6/9c/d6c69caa54fd5fdaf8def7abe2268296.js
IP
172.240.253.132:443
ASN
#7979 SERVERS-COM

Requested by
https://direct.zencloud.lol/?url=VlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX
Certificate
IssuerLet's Encrypt
Subjectghastlyejection.com
Fingerprint65:2F:32:E2:B0:77:79:80:01:58:74:67:79:B5:76:80:C1:78:5C:09
ValidityTue, 19 Mar 2024 07:22:21 GMT - Mon, 17 Jun 2024 07:22:20 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
28 kB (28365 bytes)
Hash
cf677bc2573b749d0a9fa5190560380c
07e2ed46352ab09e6f6d83e362e3bbcb0bd961ba
18fe62c00e3628822d131dfd102b552270dd650767544387e3d3498cfe3d7cbe

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /d6/c6/9c/d6c69caa54fd5fdaf8def7abe2268296.js HTTP/1.1
Host: ghastlyejection.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 06:20:26 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ad861bb1c8803b8ad04f8ffb5931f2c1
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

direct.zencloud.lol/?url=VlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX

104.21.1.52

200 OK

28 kB

URL User Request GET HTTP/2
direct.zencloud.lol/?url=VlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX
IP
104.21.1.52:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectzencloud.lol
FingerprintAF:41:F3:75:A7:7F:B2:21:D8:43:DF:36:AB:67:E2:8D:70:71:B0:55
ValidityWed, 10 Apr 2024 03:44:54 GMT - Tue, 09 Jul 2024 03:44:53 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (486), with CRLF line terminators
Size
28 kB (27501 bytes)
Hash
132e54a564e04b2c6aff61a8fbd14aa8
5d73d7ac8fc766e7e0bb3efed69e216427ec5d21
783b773ecf48e71421232e00afc15a2c2b96b3d93ad3dc7f533a0900cca2daa7

HTTP Headers

GET /?url=VlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX HTTP/1.1
Host: direct.zencloud.lol
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 06:20:25 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pVwMoWcrz53WCBcsUHX8vePNJ%2FgmHChxHXFnbuRIRrB6QSnumYIs0ngMhHx8qs6qf4l%2BzwYE5mhPLLNYcjEgxVAhpyZTsnES9v8tnVNHeVwmVErfgFyyus09Oj7K2kfhlkGFxKir"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8817d2c40bbf56ba-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/@popperjs/core@2.10.2/dist/umd/popper.min.js

151.101.129.229

200 OK

7.0 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/@popperjs/core@2.10.2/dist/umd/popper.min.js
IP
151.101.129.229:443
ASN
#54113 FASTLY

Requested by
https://direct.zencloud.lol/?url=VlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
JavaScript source, ASCII text, with very long lines (18706)
Size
7.0 kB (6952 bytes)
Hash
541aecc95a7faeef0fc27558070f3647
0ec7ca4778ba3ccb4d1b1688094720834fbe9ed3
f395875eb5d58c5128c434812cd0a53d438b11536f7fd1577077d8a5c612e1fd

HTTP Headers

GET /npm/@popperjs/core@2.10.2/dist/umd/popper.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://direct.zencloud.lol
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 2.10.2
x-jsd-version-type: version
etag: W/"496b-DsfKR3i6PMtNGxaICUcgg0++ntM"
content-encoding: br
accept-ranges: bytes
date: Fri, 10 May 2024 06:20:26 GMT
age: 9330923
x-served-by: cache-fra-etou8220021-FRA, cache-hel1410023-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 6952
X-Firefox-Spdy: h2

ocsp.r2m03.amazontrust.com/

54.230.218.11

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
54.230.218.11:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
c1ae368dfcd18c3fe0a38f18783ecfe1
591b78d8c937af6063def58fa5d376d07e7d005e
58ceb2cb03a41de3ae12171e7359276ed8fcbc1881b071c2783b782667cf124b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Fri, 10 May 2024 06:20:26 GMT
Last-Modified: Fri, 10 May 2024 04:37:18 GMT
Server: ECAcc (ska/F6E1)
X-Cache: Miss from cloudfront
Via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: aam72E_x2T-mpWZ7ufrtIWBtWobgh6bhKGZQGdWxeQZl2f1RPSJErw==
Age: 6188

ocsp.r2m03.amazontrust.com/

54.230.218.11

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
54.230.218.11:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
c1ae368dfcd18c3fe0a38f18783ecfe1
591b78d8c937af6063def58fa5d376d07e7d005e
58ceb2cb03a41de3ae12171e7359276ed8fcbc1881b071c2783b782667cf124b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Fri, 10 May 2024 06:20:26 GMT
Last-Modified: Fri, 10 May 2024 04:37:18 GMT
Server: ECAcc (ska/F6E1)
X-Cache: Miss from cloudfront
Via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: wtJ7IHBArlAUJ59g_Vhta7FE_z19c_gxlJFxBi1hNQKgi03H8q_Dbw==
Age: 6188

proftrafficcounter.com/stats

52.29.105.35

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
52.29.105.35:443
ASN
#16509 AMAZON-02

Requested by
https://direct.zencloud.lol/?url=VlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
c5f1cb0ade477e3cef42c46317fba8fc
08f95d5e4dd77a9381338b53f1077aa8d7bb22eb
f168e1dff16bd82271c5777e2077d2c8885690fac41a31a3ab000050ce66389c

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://direct.zencloud.lol
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 06:20:26 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://direct.zencloud.lol
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=93b1a16c-0acc-4325-b4fa-3a9784ec94f0:3:1; expires=Mon, 08 May 2034 06:20:26 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

proftrafficcounter.com/stats

52.29.105.35

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
52.29.105.35:443
ASN
#16509 AMAZON-02

Requested by
https://direct.zencloud.lol/?url=VlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
38ab7d236ed5875ba3c77f73cc332f68
01680e0423673b019d8734ee12cb081805fc1c37
9637a603037e0d6df2449d4f5d28afd4aff6e666af0739ebc4fbc8a95cfa0b4e

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://direct.zencloud.lol
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 06:20:26 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://direct.zencloud.lol
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=7541fd04-40c3-43d9-96f2-dfe8647aa98c:3:1; expires=Mon, 08 May 2034 06:20:26 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.min.js

151.101.129.229

200 OK

18 kB

URL GET HTTP/3
cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.min.js
IP
151.101.129.229:443
ASN
#54113 FASTLY

Requested by
https://direct.zencloud.lol/?url=VlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
JavaScript source, ASCII text, with very long lines (58940)
Size
18 kB (17624 bytes)
Hash
259e416ef6833be43801b8b68a93b008
19080c3b817985336aab5e1ce6925c99803f2efd
70c3d690bdc5ce3b9a1527c46044989a3176e610882fa99f4523e75bc395bcce

HTTP Headers

GET /npm/bootstrap@5.1.3/dist/js/bootstrap.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://direct.zencloud.lol
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-length: 17624
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 5.1.3
x-jsd-version-type: version
etag: W/"e753-GQgMO4F5hTNqq14c5pJcmYA/Lv0"
content-encoding: br
accept-ranges: bytes
date: Fri, 10 May 2024 06:20:26 GMT
age: 9330922
x-served-by: cache-fra-etou8220048-FRA, cache-hel1410020-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400

assuretwelfth.com/watch.1687175983570.js?key=9e77242938ed4c20d4b8f1c9c1246de6&kw=%5B%22video%22%2C%22downloader%22%5D&refer=https%3A%2F%2Fdirect.zencloud.lol%2F%3Furl%3DVlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX&tz=0&dev=e&res=14.2071&uuid=7541fd04-40c3-43d9-96f2-dfe8647aa98c%3A3%3A1

172.240.108.84

307 Temporary Redirect

0 B

URL GET HTTP/1.1
assuretwelfth.com/watch.1687175983570.js?key=9e77242938ed4c20d4b8f1c9c1246de6&kw=%5B%22video%22%2C%22downloader%22%5D&refer=https%3A%2F%2Fdirect.zencloud.lol%2F%3Furl%3DVlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX&tz=0&dev=e&res=14.2071&uuid=7541fd04-40c3-43d9-96f2-dfe8647aa98c%3A3%3A1
IP
172.240.108.84:443
ASN
#7979 SERVERS-COM

Requested by
https://direct.zencloud.lol/?url=VlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX
Certificate
IssuerLet's Encrypt
Subjectassuretwelfth.com
FingerprintD9:11:36:DE:81:3C:EB:74:03:CF:D9:5E:8C:BD:4E:B1:B8:86:B3:5F
ValidityMon, 06 May 2024 08:17:14 GMT - Sun, 04 Aug 2024 08:17:13 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1687175983570.js?key=9e77242938ed4c20d4b8f1c9c1246de6&kw=%5B%22video%22%2C%22downloader%22%5D&refer=https%3A%2F%2Fdirect.zencloud.lol%2F%3Furl%3DVlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX&tz=0&dev=e&res=14.2071&uuid=7541fd04-40c3-43d9-96f2-dfe8647aa98c%3A3%3A1 HTTP/1.1
Host: assuretwelfth.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://direct.zencloud.lol
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Fri, 10 May 2024 06:20:27 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://direct.zencloud.lol
Access-Control-Allow-Origin: https://direct.zencloud.lol
Access-Control-Allow-Credentials: true
Location: https://assuretwelfth.com/watch.1687175983570.js?dev=e&key=9e77242938ed4c20d4b8f1c9c1246de6&kw=%5B%22video%22%2C%22downloader%22%5D&pst=1715322087&refer=https%3A%2F%2Fdirect.zencloud.lol%2F%3Furl%3DVlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX&res=14.2071&rmtc=t&shu=f840c88bcea758f48182ab089474e61556fefb6778595771b68cdc340efba58fe1ffeb0e0c3e588007b9366053baaaf2633b59414162e78ad0a98ec919ef6a44b36d277fff12defaf6d592347062abfc930f192e72b3717477d5731dd33860f3&tz=0&uuid=7541fd04-40c3-43d9-96f2-dfe8647aa98c%3A3%3A1
Set-Cookie: u_pl=22980864; expires=Sat, 11 May 2024 06:20:27 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjk4MDg2NCwiayI6IjllNzcyNDI5MzhlZDRjMjBkNGI4ZjFjOWMxMjQ2ZGU2Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxMzgxMTE3LCJwaWQiOjE1NjczMiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxLCJhaWQiOjUsInB0Ijo0LCJwayI6InNicGpoNHU1MCIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo3OTk1NDE5NiwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMTY2NzAsImJuIjoiRmlyZWZveCIsImJ2IjoiOTYuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2RpcmVjdC56ZW5jbG91ZC5sb2wvP3VybD1WbGhyUlVkb1RpdFVUemx4VUhoWFlYcDJTRWh6TVZKQlJUWkhRbGhvUmxkMEt5dEJkbEpMT0UxVVNXMWlkbTVKVHpJeEwzSnVXbFY1YlVOYVIwRldTVEp1YzFFclN6TXdXa3RoUkZsNE5ITTJlVVF2WW5CTlJXVXpaR2ROVFRRMmIzb3llRWhJTW5kTFRXcFlWUzlJY0RoMWVGSkxVVVptVUdzNFUwRlRNV2xtTTJoeUwwcHBUWGd4VERCdFkweHRXblZvV1VSRk5TdExaelIxV1VJM0wwUlBaamxHWjFnelZIaEpVMWxoYW5sdlQxaDBNekpCTUU1S1VsVkNZVEZYIiwiYXIiOltdfX0.AyCBVcJg4LTQJaA9wVg8DklyRyLK9qAgVVo8hU0pIKw; expires=Fri, 10 May 2024 06:21:27 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 265a9728b30e0ba42732b20066c17687
Strict-Transport-Security: max-age=0; includeSubdomains

assuretwelfth.com/watch.1687175983570.js?dev=e&key=9e77242938ed4c20d4b8f1c9c1246de6&kw=%5B%22video%22%2C%22downloader%22%5D&pst=1715322087&refer=https%3A%2F%2Fdirect.zencloud.lol%2F%3Furl%3DVlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX&res=14.2071&rmtc=t&shu=f840c88bcea758f48182ab089474e61556fefb6778595771b68cdc340efba58fe1ffeb0e0c3e588007b9366053baaaf2633b59414162e78ad0a98ec919ef6a44b36d277fff12defaf6d592347062abfc930f192e72b3717477d5731dd33860f3&tz=0&uuid=7541fd04-40c3-43d9-96f2-dfe8647aa98c%3A3%3A1

172.240.108.84

200 OK

2.1 kB

URL GET HTTP/1.1
assuretwelfth.com/watch.1687175983570.js?dev=e&key=9e77242938ed4c20d4b8f1c9c1246de6&kw=%5B%22video%22%2C%22downloader%22%5D&pst=1715322087&refer=https%3A%2F%2Fdirect.zencloud.lol%2F%3Furl%3DVlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX&res=14.2071&rmtc=t&shu=f840c88bcea758f48182ab089474e61556fefb6778595771b68cdc340efba58fe1ffeb0e0c3e588007b9366053baaaf2633b59414162e78ad0a98ec919ef6a44b36d277fff12defaf6d592347062abfc930f192e72b3717477d5731dd33860f3&tz=0&uuid=7541fd04-40c3-43d9-96f2-dfe8647aa98c%3A3%3A1
IP
172.240.108.84:443
ASN
#7979 SERVERS-COM

Requested by
https://direct.zencloud.lol/?url=VlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX
Certificate
IssuerLet's Encrypt
Subjectassuretwelfth.com
FingerprintD9:11:36:DE:81:3C:EB:74:03:CF:D9:5E:8C:BD:4E:B1:B8:86:B3:5F
ValidityMon, 06 May 2024 08:17:14 GMT - Sun, 04 Aug 2024 08:17:13 GMT

File type
JavaScript source, ASCII text, with very long lines (2637)
Size
2.1 kB (2097 bytes)
Hash
3eeb51052b40dddb04c55d91b1c98f59
ef86409a059a821a5b027d167162d0421b33d263
43848090096aef0bd04febe558df2c1ec1167429966fbab3486e1121bef343ec

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1687175983570.js?dev=e&key=9e77242938ed4c20d4b8f1c9c1246de6&kw=%5B%22video%22%2C%22downloader%22%5D&pst=1715322087&refer=https%3A%2F%2Fdirect.zencloud.lol%2F%3Furl%3DVlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX&res=14.2071&rmtc=t&shu=f840c88bcea758f48182ab089474e61556fefb6778595771b68cdc340efba58fe1ffeb0e0c3e588007b9366053baaaf2633b59414162e78ad0a98ec919ef6a44b36d277fff12defaf6d592347062abfc930f192e72b3717477d5731dd33860f3&tz=0&uuid=7541fd04-40c3-43d9-96f2-dfe8647aa98c%3A3%3A1 HTTP/1.1
Host: assuretwelfth.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://direct.zencloud.lol
Referer: https://direct.zencloud.lol/
DNT: 1
Connection: keep-alive
Cookie: u_pl=22980864; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjk4MDg2NCwiayI6IjllNzcyNDI5MzhlZDRjMjBkNGI4ZjFjOWMxMjQ2ZGU2Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxMzgxMTE3LCJwaWQiOjE1NjczMiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxLCJhaWQiOjUsInB0Ijo0LCJwayI6InNicGpoNHU1MCIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo3OTk1NDE5NiwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMTY2NzAsImJuIjoiRmlyZWZveCIsImJ2IjoiOTYuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2RpcmVjdC56ZW5jbG91ZC5sb2wvP3VybD1WbGhyUlVkb1RpdFVUemx4VUhoWFlYcDJTRWh6TVZKQlJUWkhRbGhvUmxkMEt5dEJkbEpMT0UxVVNXMWlkbTVKVHpJeEwzSnVXbFY1YlVOYVIwRldTVEp1YzFFclN6TXdXa3RoUkZsNE5ITTJlVVF2WW5CTlJXVXpaR2ROVFRRMmIzb3llRWhJTW5kTFRXcFlWUzlJY0RoMWVGSkxVVVptVUdzNFUwRlRNV2xtTTJoeUwwcHBUWGd4VERCdFkweHRXblZvV1VSRk5TdExaelIxV1VJM0wwUlBaamxHWjFnelZIaEpVMWxoYW5sdlQxaDBNekpCTUU1S1VsVkNZVEZYIiwiYXIiOltdfX0.AyCBVcJg4LTQJaA9wVg8DklyRyLK9qAgVVo8hU0pIKw
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 06:20:27 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://direct.zencloud.lol
Access-Control-Allow-Origin: https://direct.zencloud.lol
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=7541fd04-40c3-43d9-96f2-dfe8647aa98c:3:1; expires=Fri, 17 May 2024 06:20:27 GMT; secure; SameSite=None
iprc20665b46710c140bfbf351bdc8df461b=3569806; expires=Fri, 10 May 2024 10:20:27 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 11 May 2024 06:20:27 GMT; secure; SameSite=None
uncs=1; expires=Sat, 11 May 2024 06:20:27 GMT; secure; SameSite=None
pdhtkv5=true; expires=Sat, 11 May 2024 06:20:27 GMT; secure; SameSite=None
uncs5=1; expires=Sat, 11 May 2024 06:20:27 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 95974f0abeab76719d0438a8c3d4aa71
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

capaciousdrewreligion.com/advertisers.js

172.240.108.84

200 OK

0 B

URL GET HTTP/1.1
capaciousdrewreligion.com/advertisers.js
IP
172.240.108.84:443
ASN
#7979 SERVERS-COM

Requested by
https://direct.zencloud.lol/?url=VlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX
Certificate
IssuerLet's Encrypt
Subjectcapaciousdrewreligion.com
FingerprintBB:9C:12:88:24:43:D4:47:71:3F:F0:A4:BB:E1:85:65:CE:E7:92:E4
ValidityMon, 06 May 2024 02:35:23 GMT - Sun, 04 Aug 2024 02:35:22 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /advertisers.js HTTP/1.1
Host: capaciousdrewreligion.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 06:20:27 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f41999672d354636dd91dda457938fbd
Strict-Transport-Security: max-age=0; includeSubdomains

downstairsnegotiatebarren.com/sfp.js

188.114.96.1

200 OK

57 kB

URL GET HTTP/2
downstairsnegotiatebarren.com/sfp.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://direct.zencloud.lol/?url=VlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX
Certificate
IssuerLet's Encrypt
Subjectdownstairsnegotiatebarren.com
Fingerprint5D:DB:CB:C6:CE:2A:8B:34:7D:BC:43:74:33:1D:5F:77:48:F7:BC:1B
ValidityThu, 02 May 2024 21:26:34 GMT - Wed, 31 Jul 2024 21:26:33 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
57 kB (57273 bytes)
Hash
f4a2f8f9f99541c6f105bbd0a025bd40
1f8e3eff12168fdd9e719adfc098d24a45b6916a
b717cb04231a10d425fd55b73c85a5407119c6826a8bac94142fddfff6958716

HTTP Headers

GET /sfp.js HTTP/1.1
Host: downstairsnegotiatebarren.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 06:20:27 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 11def9d8101dae4171a2747850b25510
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Fri, 10 May 2024 06:20:26 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uvYSrslMecd6%2BFmea3W2B5RgBIl6bGDUdRTaGy9SPV57f2q6YTroLb2e6GMuds8q%2FQt1h7EZaxba56wkaRcc0WFXslHUWXeKPepcQb1BUGPc604gXsAl0e%2BBybKk%2BOqY8jX7sYabvkLc88c3HWXt5Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817d2cc684256b4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png

45.133.44.10

200 OK

144 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png
IP
45.133.44.10:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://direct.zencloud.lol/?url=VlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced
Size
144 kB (144379 bytes)
Hash
33c304429dc1a4408a96e6a74ffa2feb
c45fa8e65528d1bb2b46bf8a28af9eeaa1903d04
dbed482e5948ead5587d30a22306a5b611305f704de940bd22c76daf90e0a314

HTTP Headers

GET /cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 06:20:27 GMT
content-type: image/png
content-length: 144379
server: nginx/1.21.6
last-modified: Wed, 27 Jul 2022 11:07:21 GMT
etag: "62e11c69-233fb"
expires: Sun, 12 May 2024 06:20:27 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

unseenreport.com/pxf.gif?uuid=7541fd04-40c3-43d9-96f2-dfe8647aa98c&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=d6c69caa54fd5fdaf8def7abe2268296&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=6

192.243.61.225

200 OK

1 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=7541fd04-40c3-43d9-96f2-dfe8647aa98c&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=d6c69caa54fd5fdaf8def7abe2268296&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=6
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://direct.zencloud.lol/?url=VlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint71:46:15:FD:76:6A:F5:5B:51:06:CC:93:DD:D8:63:E3:8B:10:BF:13
ValidityFri, 22 Mar 2024 07:32:41 GMT - Thu, 20 Jun 2024 07:32:40 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=7541fd04-40c3-43d9-96f2-dfe8647aa98c&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=d6c69caa54fd5fdaf8def7abe2268296&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=6 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 06:20:28 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 95d2640f59c9c301ff03e701a23bad40
Strict-Transport-Security: max-age=0; includeSubdomains

blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgFPs1xOUjnQnlN8mNQhZt_Z8jJGPujHXUyZNhvERiNRcbd9079Z6VMIumnT5Mx-Ou1YKYx37Nb9WQxAChvhtcNxWTRdJD2xSNzKniXfjurs_vPyto585enp4zwSrblKIk6o8cR0DH7CxF-1uBWV-0TL_A_n-n-yuFkjpI0y-QBhQCzQIJ_gf4auly4MQ/s0/photo_2024-01-07_20-36-03.jpg

142.250.74.97

200 OK

30 kB

URL GET HTTP/2
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgFPs1xOUjnQnlN8mNQhZt_Z8jJGPujHXUyZNhvERiNRcbd9079Z6VMIumnT5Mx-Ou1YKYx37Nb9WQxAChvhtcNxWTRdJD2xSNzKniXfjurs_vPyto585enp4zwSrblKIk6o8cR0DH7CxF-1uBWV-0TL_A_n-n-yuFkjpI0y-QBhQCzQIJ_gf4auly4MQ/s0/photo_2024-01-07_20-36-03.jpg
IP
142.250.74.97:443
ASN
#15169 GOOGLE

Requested by
https://direct.zencloud.lol/?url=VlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX
Certificate
IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint7B:64:D0:4F:29:87:0A:A8:90:15:F1:9F:B6:8F:FB:D6:AC:D2:76:56
ValidityTue, 16 Apr 2024 04:13:47 GMT - Tue, 09 Jul 2024 04:13:46 GMT

File type
JPEG image data, JFIF standard 1.02, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=4, orientation=upper-left, software=Google], progressive, precision 8, 1230x341, components 3
Size
30 kB (29812 bytes)
Hash
0d27ed7ac40c261dfd376a1f7b08f15d
19f80adb4411466812b1b557a73ce56bec1d46ae
03ff475ebb83e9d1257919fec1ae6119d414fe655b4d143ecba2ce112ae912eb

HTTP Headers

GET /img/b/R29vZ2xl/AVvXsEgFPs1xOUjnQnlN8mNQhZt_Z8jJGPujHXUyZNhvERiNRcbd9079Z6VMIumnT5Mx-Ou1YKYx37Nb9WQxAChvhtcNxWTRdJD2xSNzKniXfjurs_vPyto585enp4zwSrblKIk6o8cR0DH7CxF-1uBWV-0TL_A_n-n-yuFkjpI0y-QBhQCzQIJ_gf4auly4MQ/s0/photo_2024-01-07_20-36-03.jpg HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://direct.zencloud.lol/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/jpeg
vary: Origin
access-control-expose-headers: Content-Length
etag: "v1978"
expires: Sat, 11 May 2024 06:20:27 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="photo_2024-01-07_20-36-03.jpg"
x-content-type-options: nosniff
date: Fri, 10 May 2024 06:20:27 GMT
server: fife
content-length: 29812
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

direct.zencloud.lol/favicon.ico

104.21.1.52

404 Not Found

708 B

URL GET HTTP/3
direct.zencloud.lol/favicon.ico
IP
104.21.1.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://direct.zencloud.lol/?url=VlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX
Certificate
IssuerLet's Encrypt
Subjectzencloud.lol
FingerprintAF:41:F3:75:A7:7F:B2:21:D8:43:DF:36:AB:67:E2:8D:70:71:B0:55
ValidityWed, 10 Apr 2024 03:44:54 GMT - Tue, 09 Jul 2024 03:44:53 GMT

File type
HTML document, ASCII text, with very long lines (739), with no line terminators
Size
708 B (708 bytes)
Hash
9a088ded79e56cc72e737869c04f755f
1431a084bae06f9a31fc4f1f9c87887be8f64b2d
768cb8655c2f2a1c7d68551a7e858fe3f13e2101172c4898638a2240b5b25ad2

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: direct.zencloud.lol
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://direct.zencloud.lol/?url=VlhrRUdoTitUTzlxUHhXYXp2SEhzMVJBRTZHQlhoRld0KytBdlJLOE1USW1idm5JTzIxL3JuWlV5bUNaR0FWSTJuc1ErSzMwWkthRFl4NHM2eUQvYnBNRWUzZGdNTTQ2b3oyeEhIMndLTWpYVS9IcDh1eFJLUUZmUGs4U0FTMWlmM2hyL0ppTXgxTDBtY0xtWnVoWURFNStLZzR1WUI3L0RPZjlGZ1gzVHhJU1lhanlvT1h0MzJBME5KUlVCYTFX
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=7541fd04-40c3-43d9-96f2-dfe8647aa98c%3A3%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Fri, 10 May 2024 06:20:27 GMT
content-type: text/html
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=muCTCAXNPQuNhy5F2I2cYGkDmEoeYfiqF%2F3B39vSWjD6XPBrTR66%2F7mzG%2FFOOx2M4rDixoAqDuJf2u39P2NwCu8klX3pc84Nf4umWGGhSJm%2B1Dw5R0b0Xj7eJ3NdtCwSR026%2FWTp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817d2cdfaf80b3d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (13)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML