| | 185.11.100.204 | 301 Moved Permanently | 239 B |
URL User Request GET HTTP/2IP185.11.100.204:443 ASN#29522 Cyber_Folks S.A.
CertificateIssuerLet's Encrypt Subjectbitly.ws FingerprintE2:6E:62:93:28:D8:B3:0A:23:56:6C:21:A4:BD:CC:EF:CD:1B:33:55 ValiditySun, 18 Feb 2024 07:59:14 GMT - Sat, 18 May 2024 07:59:13 GMT
File typeHTML document, ASCII text Hashdaafffb776baf046420cfb811a99f299 5755c906cc693b76aba32e0e8d2277295efae92a 835341ad12ecedfbc276acde8a717ddac0d9de5ac294fd3b4d6ea8d3394d56d4
GET /rXLk HTTP/1.1
Host: bitly.ws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
date: Thu, 02 May 2024 19:08:38 GMT
server: Apache
location: https://bitly.ws/?redirect=rXLk
cache-control: max-age=0
expires: Thu, 02 May 2024 19:08:38 GMT
content-length: 239
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2
|
|
| zip.lu/js/adframe.js | 185.11.100.204 | 200 OK | 16 B |
IP185.11.100.204:443 ASN#29522 Cyber_Folks S.A.
CertificateIssuerLet's Encrypt Subjectzip.lu FingerprintBA:69:B8:76:30:88:C6:A1:75:27:5D:FB:93:55:75:0C:F7:FE:CB:36 ValiditySat, 20 Apr 2024 15:39:44 GMT - Fri, 19 Jul 2024 15:39:43 GMT
File typeASCII text, with no line terminators Hash760222d2e529d3e84eb01378cfc46e2e f789f3c0007640b5549fca2710cf3da500b95e86 0059cb4ff0a271382c38af8a7367aaf45cbeb31449637d3928d25317401e2828
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/adframe.js HTTP/1.1
Host: zip.lu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/?banned=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 02 May 2024 19:08:39 GMT
server: Apache
last-modified: Sat, 30 Dec 2017 21:02:30 GMT
etag: "10-5619511402320"
accept-ranges: bytes
content-length: 16
cache-control: max-age=0
expires: Thu, 02 May 2024 19:08:39 GMT
content-type: application/javascript
X-Firefox-Spdy: h2
|
|
| zip.lu/gfx/stripe.png | 185.11.100.204 | 200 OK | 1.4 kB |
IP185.11.100.204:443 ASN#29522 Cyber_Folks S.A.
CertificateIssuerLet's Encrypt Subjectzip.lu FingerprintBA:69:B8:76:30:88:C6:A1:75:27:5D:FB:93:55:75:0C:F7:FE:CB:36 ValiditySat, 20 Apr 2024 15:39:44 GMT - Fri, 19 Jul 2024 15:39:43 GMT
File typePNG image data, 91 x 60, 8-bit colormap, non-interlaced Hash17aaa9dc48a895306b06de8ae9a8b104 f75e086497b3743ac83d85dc4ca456e8bb556e55 b8214bd5cbd9197f329d1df98d908dc7a1cd38c28e8010b92e49b3f35dd9986a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /gfx/stripe.png HTTP/1.1
Host: zip.lu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/?banned=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 02 May 2024 19:08:39 GMT
server: Apache
last-modified: Sat, 19 Aug 2023 15:45:50 GMT
etag: "54f-603488a24201d"
accept-ranges: bytes
content-length: 1359
cache-control: max-age=31536000
expires: Fri, 02 May 2025 19:08:39 GMT
content-type: image/png
X-Firefox-Spdy: h2
|
|
| zip.lu/gfx/adsterra2.png | 185.11.100.204 | 200 OK | 15 kB |
IP185.11.100.204:443 ASN#29522 Cyber_Folks S.A.
CertificateIssuerLet's Encrypt Subjectzip.lu FingerprintBA:69:B8:76:30:88:C6:A1:75:27:5D:FB:93:55:75:0C:F7:FE:CB:36 ValiditySat, 20 Apr 2024 15:39:44 GMT - Fri, 19 Jul 2024 15:39:43 GMT
File typePNG image data, 200 x 200, 8-bit colormap, non-interlaced Hash5d4aab7e8b7267e1876143c7bd308318 5e1827fa8442e7b1e06cfbdec4c52bdec22c9063 f9b415d80dc86d44446a312e855460fb4ac16207f5b2caa0620e69013598bde6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /gfx/adsterra2.png HTTP/1.1
Host: zip.lu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/?banned=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 02 May 2024 19:08:39 GMT
server: Apache
last-modified: Sat, 30 Mar 2024 10:55:14 GMT
etag: "3ba2-614de974dba8f"
accept-ranges: bytes
content-length: 15266
cache-control: max-age=31536000
expires: Fri, 02 May 2025 19:08:39 GMT
content-type: image/png
X-Firefox-Spdy: h2
|
|
| zip.lu/css/style.css | 185.11.100.204 | 200 OK | 2.8 kB |
IP185.11.100.204:443 ASN#29522 Cyber_Folks S.A.
CertificateIssuerLet's Encrypt Subjectzip.lu FingerprintBA:69:B8:76:30:88:C6:A1:75:27:5D:FB:93:55:75:0C:F7:FE:CB:36 ValiditySat, 20 Apr 2024 15:39:44 GMT - Fri, 19 Jul 2024 15:39:43 GMT
File typeassembler source, Unicode text, UTF-8 text, with CRLF line terminators Hash4f01ddcf0e75cdacc7614891a0267ef0 cfeaf4c177b3033406ce9b5725c48be4b50fa066 b321e7e91fe1b3cf4c2f490cc83c6ef52585f23db09aeeb7a5e962f671663fd4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /css/style.css HTTP/1.1
Host: zip.lu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/?banned=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 02 May 2024 19:08:39 GMT
server: Apache
last-modified: Sat, 20 Apr 2024 08:02:52 GMT
etag: "2d75-61682a18e99c0-gzip"
accept-ranges: bytes
cache-control: max-age=0
expires: Thu, 02 May 2024 19:08:39 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 2777
content-type: text/css
X-Firefox-Spdy: h2
|
|
| zip.lu/gfx/bmac.png | 185.11.100.204 | 200 OK | 3.2 kB |
IP185.11.100.204:443 ASN#29522 Cyber_Folks S.A.
CertificateIssuerLet's Encrypt Subjectzip.lu FingerprintBA:69:B8:76:30:88:C6:A1:75:27:5D:FB:93:55:75:0C:F7:FE:CB:36 ValiditySat, 20 Apr 2024 15:39:44 GMT - Fri, 19 Jul 2024 15:39:43 GMT
File typePNG image data, 214 x 60, 8-bit colormap, non-interlaced Hash781860bb7eb619aa3b173144c6d29646 6ba3a103709f121cf9f5ab214610d0215dab93e9 54339f1c8cb089c05773b2b18fd5da6e702956decbf7dea6ef0348a64203c657
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /gfx/bmac.png HTTP/1.1
Host: zip.lu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/?banned=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 02 May 2024 19:08:39 GMT
server: Apache
last-modified: Sat, 19 Aug 2023 15:45:47 GMT
etag: "c86-6034889f203e4"
accept-ranges: bytes
content-length: 3206
cache-control: max-age=31536000
expires: Fri, 02 May 2025 19:08:39 GMT
content-type: image/png
X-Firefox-Spdy: h2
|
|
| zip.lu/gfx/ziplu-chart.png | 185.11.100.204 | 200 OK | 2.0 kB |
URL GET HTTP/2zip.lu/gfx/ziplu-chart.png IP185.11.100.204:443 ASN#29522 Cyber_Folks S.A.
CertificateIssuerLet's Encrypt Subjectzip.lu FingerprintBA:69:B8:76:30:88:C6:A1:75:27:5D:FB:93:55:75:0C:F7:FE:CB:36 ValiditySat, 20 Apr 2024 15:39:44 GMT - Fri, 19 Jul 2024 15:39:43 GMT
File typePNG image data, 1200 x 1200, 2-bit colormap, non-interlaced Hash0ce170cef8f689ab343636f7e8683808 ef2e58ee55b2ebeb24fd3d9a0d11a6495e36ecc2 c982e300b4c5093be2adaa79428c053dff57ea90ef4f93e3cf2633a680685d03
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /gfx/ziplu-chart.png HTTP/1.1
Host: zip.lu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/?banned=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 02 May 2024 19:08:39 GMT
server: Apache
last-modified: Wed, 24 Apr 2024 17:59:41 GMT
etag: "7cd-616db6f4dc1f1"
accept-ranges: bytes
content-length: 1997
cache-control: max-age=31536000
expires: Fri, 02 May 2025 19:08:39 GMT
content-type: image/png
X-Firefox-Spdy: h2
|
|
| www.paypalobjects.com/pl_PL/i/scr/pixel.gif | 192.229.221.25 | 200 OK | 43 B |
URL GET HTTP/2www.paypalobjects.com/pl_PL/i/scr/pixel.gif IP192.229.221.25:443
CertificateIssuerDigiCert Inc Subjectwww.paypal.com Fingerprint4B:C0:E1:F0:16:B3:A4:B3:63:08:41:DF:F2:EF:8D:65:54:1D:30:B1 ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 31 Oct 2024 23:59:59 GMT
File typeGIF image data, version 89a, 1 x 1 Hashfc94fb0c3ed8a8f909dbc7630a0987ff 56d45f8a17f5078a20af9962c992ca4678450765 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
GET /pl_PL/i/scr/pixel.gif HTTP/1.1
Host: www.paypalobjects.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
cache-control: s-maxage=31536000, public,max-age=3600
content-type: image/gif
date: Thu, 02 May 2024 19:08:39 GMT
dc: ccg11-origin-www-1.paypal.com
etag: "5d5637c5-2b"
expires: Thu, 02 May 2024 20:08:39 GMT
last-modified: Fri, 16 Aug 2019 04:57:41 GMT
paypal-debug-id: 2b5a4d618fa0a
server: ECAcc (ska/F6B7)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-00000000000000000002b5a4d618fa0a-1ee1f9b462072736-01
x-cache: HIT
x-content-type-options: nosniff
content-length: 43
X-Firefox-Spdy: h2
|
|
| zip.lu/gfx/paypal.png | 185.11.100.204 | 200 OK | 5.5 kB |
IP185.11.100.204:443 ASN#29522 Cyber_Folks S.A.
CertificateIssuerLet's Encrypt Subjectzip.lu FingerprintBA:69:B8:76:30:88:C6:A1:75:27:5D:FB:93:55:75:0C:F7:FE:CB:36 ValiditySat, 20 Apr 2024 15:39:44 GMT - Fri, 19 Jul 2024 15:39:43 GMT
File typePNG image data, 200 x 150, 8-bit colormap, non-interlaced Hash164e7543a819062962815f4bd99b8419 0355f9dad012daa6adf4bae4e47e44d4b2c51888 675f6b6dc673aae01f8ef949697ee544c8df8574ca090a4dd690776ec6e442ea
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /gfx/paypal.png HTTP/1.1
Host: zip.lu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/?banned=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 02 May 2024 19:08:39 GMT
server: Apache
last-modified: Tue, 02 Jan 2018 13:00:54 GMT
etag: "158c-561cab06562ce"
accept-ranges: bytes
content-length: 5516
cache-control: max-age=31536000
expires: Fri, 02 May 2025 19:08:39 GMT
content-type: image/png
X-Firefox-Spdy: h2
|
|
| zip.lu/gfx/paypal.jpg | 185.11.100.204 | 200 OK | 8.7 kB |
IP185.11.100.204:443 ASN#29522 Cyber_Folks S.A.
CertificateIssuerLet's Encrypt Subjectzip.lu FingerprintBA:69:B8:76:30:88:C6:A1:75:27:5D:FB:93:55:75:0C:F7:FE:CB:36 ValiditySat, 20 Apr 2024 15:39:44 GMT - Fri, 19 Jul 2024 15:39:43 GMT
File typePNG image data, 380 x 130, 8-bit colormap, non-interlaced Hasheeb10183dfe4b9ec6bcfea9aa6fa07f6 b55d89bc1ead011821dd3371f2885996fe99785a 1ae6619173f92af4f0201b7204322213c714b56df437aa7d6482a1c141d5337c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /gfx/paypal.jpg HTTP/1.1
Host: zip.lu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/?banned=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 02 May 2024 19:08:39 GMT
server: Apache
last-modified: Tue, 02 Jan 2018 13:00:56 GMT
etag: "2204-561cab086d14b"
accept-ranges: bytes
content-length: 8708
cache-control: max-age=31536000
expires: Fri, 02 May 2025 19:08:39 GMT
content-type: image/jpeg
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtag/js?id=G-8Q1W6PKNCX | 142.250.74.168 | 200 OK | 88 kB |
URL GET HTTP/2www.googletagmanager.com/gtag/js?id=G-8Q1W6PKNCX IP142.250.74.168:443
CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com FingerprintFC:B1:16:E0:D8:F3:2B:F3:AB:33:E5:E1:23:57:F4:48:66:FD:4D:52 ValidityMon, 08 Apr 2024 06:34:55 GMT - Mon, 01 Jul 2024 06:34:54 GMT
File typeJavaScript source, ASCII text, with very long lines (5945) Hash70a0868a74cd9662400e7d6a96f03e0f ef4d6b4f5d0f0d3282738353808978983813c91b 1111f2c8262785fceedca771b847d0610442a6c382ced18af3a0110a68b4bd1c
GET /gtag/js?id=G-8Q1W6PKNCX HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 02 May 2024 19:08:39 GMT
expires: Thu, 02 May 2024 19:08:39 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 87558
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| pl22826180.profitablegatecpm.com/172d9680245553e8052aafbe1bd64a13/invoke.js | 192.243.61.225 | 200 OK | 9.8 kB |
URL GET HTTP/1.1pl22826180.profitablegatecpm.com/172d9680245553e8052aafbe1bd64a13/invoke.js IP192.243.61.225:443 ASN#39572 DataWeb Global Group B.V.
CertificateIssuerLet's Encrypt Subjectprofitablegatecpm.com Fingerprint9D:FB:8C:AD:4D:64:98:6B:85:78:33:54:E7:A3:BB:10:ED:77:63:30 ValidityFri, 05 Apr 2024 18:10:33 GMT - Thu, 04 Jul 2024 18:10:32 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (26648), with no line terminators Hash1029b0c698117e891a1c7b0d267f505d ec77976893512d785cdc0497c238f32f92c3d5a7 5e2c2504b85d23a9f84e34869bf864df83bd8b1162765f190444511ce2391573
GET /172d9680245553e8052aafbe1bd64a13/invoke.js HTTP/1.1
Host: pl22826180.profitablegatecpm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 02 May 2024 19:08:40 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1edebf435eb38097ad51b06adb548922
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| www.topcreativeformat.com/6dc3a27552b5aedfb96aeaa00aa1c37b/invoke.js | 192.243.61.225 | 200 OK | 12 kB |
URL GET HTTP/1.1www.topcreativeformat.com/6dc3a27552b5aedfb96aeaa00aa1c37b/invoke.js IP192.243.61.225:443 ASN#39572 DataWeb Global Group B.V.
CertificateIssuerLet's Encrypt Subjecttopcreativeformat.com Fingerprint6D:98:D9:61:FC:CF:D9:8C:FE:5E:1C:15:5A:A5:F2:28:38:04:A4:A4 ValidityWed, 20 Mar 2024 07:51:41 GMT - Tue, 18 Jun 2024 07:51:40 GMT
File typeJavaScript source, ASCII text, with very long lines (31286), with no line terminators Hashdaeb2da8cb8ed797263f721c52d186ad 46463b935154c69ec0e3769eaa133b95d8ef5777 c0c0299be41386279eb04d6ca9aae75f619c7c4a3c95c87d61283e3f12faffbb
GET /6dc3a27552b5aedfb96aeaa00aa1c37b/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 02 May 2024 19:08:40 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 426d782556a1b47bd7b7f66328ed9d0f
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| ocsp.r2m03.amazontrust.com/ | 143.204.53.97 | | 471 B |
URL ocsp.r2m03.amazontrust.com/ IP143.204.53.97:0
Hash8b36a1d5c1baf125ac6c6e9dbbba0f9e ec227af9795dfdb98c3d64e9909aa9dd5813607a 448cf1c668a852a9500e3b540e3f70edcf0e5b980c36124f47487836a6f5b165
POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Thu, 02 May 2024 19:08:40 GMT
Last-Modified: Thu, 02 May 2024 18:34:11 GMT
Server: ECAcc (ska/F757)
X-Cache: Miss from cloudfront
Via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: sH2GFyPAWA5zjeddG7ujWyMFpW1B9StCR8vsIWiOpPfH2XNRGijpLw==
Age: 2070
|
|
| proftrafficcounter.com/stats | 18.185.9.67 | 200 OK | 40 B |
URL GET HTTP/2proftrafficcounter.com/stats IP18.185.9.67:443
CertificateIssuerAmazon Subjectproftrafficcounter.com FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6 ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT
File typeASCII text, with no line terminators Hash195650913bdae4b9e9c6fc3f445c2504 651607914987e313749877be194500f5086d09b6 36913d0be13e99d4ca0c972c4bb577692dfe2c9861864b2eb404444c6a0a8042
GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://zip.lu
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 02 May 2024 19:08:40 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://zip.lu
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=c2394279-ed01-4ea1-8556-0b52e2311fc8:3:1; expires=Sun, 30 Apr 2034 19:08:40 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
|
|
| ocsp.r2m03.amazontrust.com/ | 143.204.53.97 | | 471 B |
URL ocsp.r2m03.amazontrust.com/ IP143.204.53.97:0
Hash8b36a1d5c1baf125ac6c6e9dbbba0f9e ec227af9795dfdb98c3d64e9909aa9dd5813607a 448cf1c668a852a9500e3b540e3f70edcf0e5b980c36124f47487836a6f5b165
POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Thu, 02 May 2024 19:08:40 GMT
Last-Modified: Thu, 02 May 2024 18:33:53 GMT
Server: ECAcc (ska/F7A5)
X-Cache: Miss from cloudfront
Via: 1.1 2afd697fc5d0058ea30d6c4b939e714c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: qs9aixn3Sw-91QWQ6ajtQrI0Nx3CMKCkOOs5g1gQHvCfx2FerCPTPA==
Age: 2087
|
|
| landings-cdn.adsterratech.com/referralBanners/png/300%20x%20250%20px.png | 142.0.204.220 | 200 OK | 90 kB |
URL GET HTTP/1.1landings-cdn.adsterratech.com/referralBanners/png/300%20x%20250%20px.png IP142.0.204.220:443
CertificateIssuerLet's Encrypt Subjectlandings-cdn.adsterratech.com FingerprintCA:79:50:AF:4F:E1:B9:4D:FD:EE:28:B7:AD:6C:21:7A:99:D2:DB:93 ValiditySun, 28 Apr 2024 07:09:01 GMT - Sat, 27 Jul 2024 07:09:00 GMT
File typePNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced Hasha28902cd41b26954be2c97eea41089a1 c69d00be80adbcba05b788d2dcf7967d0d15a65f 5b4fa649af59a8350f401a661a5ecfed92130aa0aa9825ac3777c2a893a96e61
GET /referralBanners/png/300%20x%20250%20px.png HTTP/1.1
Host: landings-cdn.adsterratech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 02 May 2024 19:08:40 GMT
Content-Type: image/png
Content-Length: 90409
Last-Modified: Wed, 02 Feb 2022 00:50:11 GMT
Connection: keep-alive
ETag: "61f9d543-16129"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Date
Cache-Control: max-age=315360000, public
Accept-Ranges: bytes
|
|
| www.topcreativeformat.com/fb87135eb1bdee211d55a6d31f28b1bc/invoke.js | 192.243.61.225 | 200 OK | 12 kB |
URL GET HTTP/1.1www.topcreativeformat.com/fb87135eb1bdee211d55a6d31f28b1bc/invoke.js IP192.243.61.225:443 ASN#39572 DataWeb Global Group B.V.
CertificateIssuerLet's Encrypt Subjecttopcreativeformat.com Fingerprint6D:98:D9:61:FC:CF:D9:8C:FE:5E:1C:15:5A:A5:F2:28:38:04:A4:A4 ValidityWed, 20 Mar 2024 07:51:41 GMT - Tue, 18 Jun 2024 07:51:40 GMT
File typeJavaScript source, ASCII text, with very long lines (31328), with no line terminators Hashcad279a65bc6c5406e185f820fc0a38e 76288d8657752c144d772178e691e09449dc3629 81da0bc02388858b3a81a11c6ef989c8eed6b0419f2f0bd442ccfc4862ccf65f
GET /fb87135eb1bdee211d55a6d31f28b1bc/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 02 May 2024 19:08:40 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 95c42751fa4011bd51fe7bd9c2c3726d
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| proftrafficcounter.com/stats | 18.185.9.67 | 200 OK | 40 B |
URL GET HTTP/2proftrafficcounter.com/stats IP18.185.9.67:443
CertificateIssuerAmazon Subjectproftrafficcounter.com FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6 ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT
File typeASCII text, with no line terminators Hash09bc8c9679d9eaeb790cd51f868af9e0 a6ea90e3770b44665f26bed192ef1535f59cd4cd 54476c0d654a11b88d0004363a0f0ab844db9676ea992e69278159f8ed1d736e
GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://zip.lu
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 02 May 2024 19:08:40 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://zip.lu
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=165b288a-da70-49c5-a384-100fbf63169b:2:1; expires=Sun, 30 Apr 2034 19:08:40 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
|
|
| referredencouragedlearned.com/watch.1382172940863.js?key=fb87135eb1bdee211d55a6d31f28b1bc&kw=%5B%22zip%22%2C%22url%22%2C%22shortener%22%5D&refer=https%3A%2F%2Fzip.lu%2F%3Fbanned%3D1&tz=0&dev=e&res=14.2071&uuid=c2394279-ed01-4ea1-8556-0b52e2311fc8%3A3%3A1 | 192.243.61.227 | 307 Temporary Redirect | 0 B |
URL GET HTTP/1.1referredencouragedlearned.com/watch.1382172940863.js?key=fb87135eb1bdee211d55a6d31f28b1bc&kw=%5B%22zip%22%2C%22url%22%2C%22shortener%22%5D&refer=https%3A%2F%2Fzip.lu%2F%3Fbanned%3D1&tz=0&dev=e&res=14.2071&uuid=c2394279-ed01-4ea1-8556-0b52e2311fc8%3A3%3A1 IP192.243.61.227:443 ASN#39572 DataWeb Global Group B.V.
CertificateIssuerLet's Encrypt Subjectreferredencouragedlearned.com Fingerprint97:04:0E:FB:AD:8F:82:A7:EB:80:D7:6F:0B:29:51:D2:73:2B:A2:1B ValidityMon, 29 Apr 2024 08:20:12 GMT - Sun, 28 Jul 2024 08:20:11 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.1382172940863.js?key=fb87135eb1bdee211d55a6d31f28b1bc&kw=%5B%22zip%22%2C%22url%22%2C%22shortener%22%5D&refer=https%3A%2F%2Fzip.lu%2F%3Fbanned%3D1&tz=0&dev=e&res=14.2071&uuid=c2394279-ed01-4ea1-8556-0b52e2311fc8%3A3%3A1 HTTP/1.1
Host: referredencouragedlearned.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://zip.lu
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Thu, 02 May 2024 19:08:41 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://zip.lu
Access-Control-Allow-Origin: https://zip.lu
Access-Control-Allow-Credentials: true
Location: https://referredencouragedlearned.com/watch.1382172940863.js?dev=e&key=fb87135eb1bdee211d55a6d31f28b1bc&kw=%5B%22zip%22%2C%22url%22%2C%22shortener%22%5D&pst=1714676981&refer=https%3A%2F%2Fzip.lu%2F%3Fbanned%3D1&res=14.2071&rmtc=t&shu=9532aaed74697e681c63e596172bfc4adc6bae3d625922a7868a19eb1e83f578ac0ff93dfd98eb7c6d8f818942da39f7bd5485ef291a2fe7e6c123f5ee62abf83d249556b3eba96bb7d9a44f3c462ac0bc5d7c2e8b0475fae4da34990e3e3d&tz=0&uuid=c2394279-ed01-4ea1-8556-0b52e2311fc8%3A3%3A1
Set-Cookie: u_pl=22829219; expires=Fri, 03 May 2024 19:08:41 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjgyOTIxOSwiayI6ImZiODcxMzVlYjFiZGVlMjExZDU1YTZkMzFmMjhiMWJjIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNjc1ODY4LCJwaWQiOjkzMDg4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjM0LCJhaWQiOjMyLCJwdCI6NCwicGsiOiJ6YXM3dzFtanQiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly96aXAubHUvP2Jhbm5lZD0xIiwiYXIiOltdfX0.x4V-YbMaz28DxGpGZqZohRewgpsltxYPfC_5fIrdH0Y; expires=Thu, 02 May 2024 19:09:41 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9453b4263cbf1405ba9b0837b75f9e36
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| zip.lu/gfx/favicon.png | 185.11.100.204 | 200 OK | 2.0 kB |
IP185.11.100.204:443 ASN#29522 Cyber_Folks S.A.
CertificateIssuerLet's Encrypt Subjectzip.lu FingerprintBA:69:B8:76:30:88:C6:A1:75:27:5D:FB:93:55:75:0C:F7:FE:CB:36 ValiditySat, 20 Apr 2024 15:39:44 GMT - Fri, 19 Jul 2024 15:39:43 GMT
File typePNG image data, 48 x 48, 8-bit colormap, non-interlaced Hash549c8f6c3f6b1340852212e7c784d187 e8fe075cef3bf487bd9e4e89e9b4a6b63a81e0cc 00495e504ff3e4604b6404a1ae9469f40bd4642bef08239d4d0b0b83c095f590
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /gfx/favicon.png HTTP/1.1
Host: zip.lu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/?banned=1
Cookie: _ga_8Q1W6PKNCX=GS1.1.1714676920.1.0.1714676920.0.0.0; _ga=GA1.1.1483852018.1714676920; dom3ic8zudi28v8lr6fgphwffqoz0j6c=165b288a-da70-49c5-a384-100fbf63169b%3A2%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 02 May 2024 19:08:41 GMT
server: Apache
last-modified: Tue, 02 Apr 2024 12:49:39 GMT
etag: "7b5-6151c8a0cb469"
accept-ranges: bytes
content-length: 1973
cache-control: max-age=31536000
expires: Fri, 02 May 2025 19:08:41 GMT
content-type: image/png
X-Firefox-Spdy: h2
|
|
| roughindoor.com/watch.544746743174.js?key=6dc3a27552b5aedfb96aeaa00aa1c37b&kw=%5B%22zip%22%2C%22url%22%2C%22shortener%22%5D&refer=https%3A%2F%2Fzip.lu%2F%3Fbanned%3D1&tz=0&dev=e&res=14.2071&uuid=165b288a-da70-49c5-a384-100fbf63169b%3A2%3A1 | 192.243.59.20 | 307 Temporary Redirect | 0 B |
URL GET HTTP/1.1roughindoor.com/watch.544746743174.js?key=6dc3a27552b5aedfb96aeaa00aa1c37b&kw=%5B%22zip%22%2C%22url%22%2C%22shortener%22%5D&refer=https%3A%2F%2Fzip.lu%2F%3Fbanned%3D1&tz=0&dev=e&res=14.2071&uuid=165b288a-da70-49c5-a384-100fbf63169b%3A2%3A1 IP192.243.59.20:443 ASN#39572 DataWeb Global Group B.V.
CertificateIssuerLet's Encrypt Subjectroughindoor.com Fingerprint2F:BA:92:51:9E:67:BD:A3:02:2C:29:6B:2F:12:C5:AD:96:07:37:80 ValidityMon, 29 Apr 2024 12:56:52 GMT - Sun, 28 Jul 2024 12:56:51 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.544746743174.js?key=6dc3a27552b5aedfb96aeaa00aa1c37b&kw=%5B%22zip%22%2C%22url%22%2C%22shortener%22%5D&refer=https%3A%2F%2Fzip.lu%2F%3Fbanned%3D1&tz=0&dev=e&res=14.2071&uuid=165b288a-da70-49c5-a384-100fbf63169b%3A2%3A1 HTTP/1.1
Host: roughindoor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://zip.lu
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Thu, 02 May 2024 19:08:41 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://zip.lu
Access-Control-Allow-Origin: https://zip.lu
Access-Control-Allow-Credentials: true
Location: https://roughindoor.com/watch.544746743174.js?dev=e&key=6dc3a27552b5aedfb96aeaa00aa1c37b&kw=%5B%22zip%22%2C%22url%22%2C%22shortener%22%5D&pst=1714676981&refer=https%3A%2F%2Fzip.lu%2F%3Fbanned%3D1&res=14.2071&rmtc=t&shu=965439dc81f6fb13d0ee898b7d4fe549433c7175d080a802c981624dcb2395a5bfe3ceb4c796fda099d300256cd63483955b3283b2c354533185059eff54042fac332b313699d82e209a1e27b04f4570f592cdb20f657e10105712d4a5b2&tz=0&uuid=165b288a-da70-49c5-a384-100fbf63169b%3A2%3A1
Set-Cookie: u_pl=22735548; expires=Fri, 03 May 2024 19:08:41 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjczNTU0OCwiayI6IjZkYzNhMjc1NTJiNWFlZGZiOTZhZWFhMDBhYTFjMzdiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNjc1ODY4LCJwaWQiOjkzMDg4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjM0LCJhaWQiOjUsInB0Ijo0LCJwayI6Inc3cTYxZHZqbWUiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly96aXAubHUvP2Jhbm5lZD0xIiwiYXIiOltdfX0.Wlik0i7U6TMsAzL1Ct4uONsIP4EB7gWVCej1azy-STE; expires=Thu, 02 May 2024 19:09:41 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1e985c23340b9319e4afe678b9298ecd
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| referredencouragedlearned.com/watch.1382172940863.js?dev=e&key=fb87135eb1bdee211d55a6d31f28b1bc&kw=%5B%22zip%22%2C%22url%22%2C%22shortener%22%5D&pst=1714676981&refer=https%3A%2F%2Fzip.lu%2F%3Fbanned%3D1&res=14.2071&rmtc=t&shu=9532aaed74697e681c63e596172bfc4adc6bae3d625922a7868a19eb1e83f578ac0ff93dfd98eb7c6d8f818942da39f7bd5485ef291a2fe7e6c123f5ee62abf83d249556b3eba96bb7d9a44f3c462ac0bc5d7c2e8b0475fae4da34990e3e3d&tz=0&uuid=c2394279-ed01-4ea1-8556-0b52e2311fc8%3A3%3A1 | 192.243.61.227 | 200 OK | 2.1 kB |
URL GET HTTP/1.1referredencouragedlearned.com/watch.1382172940863.js?dev=e&key=fb87135eb1bdee211d55a6d31f28b1bc&kw=%5B%22zip%22%2C%22url%22%2C%22shortener%22%5D&pst=1714676981&refer=https%3A%2F%2Fzip.lu%2F%3Fbanned%3D1&res=14.2071&rmtc=t&shu=9532aaed74697e681c63e596172bfc4adc6bae3d625922a7868a19eb1e83f578ac0ff93dfd98eb7c6d8f818942da39f7bd5485ef291a2fe7e6c123f5ee62abf83d249556b3eba96bb7d9a44f3c462ac0bc5d7c2e8b0475fae4da34990e3e3d&tz=0&uuid=c2394279-ed01-4ea1-8556-0b52e2311fc8%3A3%3A1 IP192.243.61.227:443 ASN#39572 DataWeb Global Group B.V.
CertificateIssuerLet's Encrypt Subjectreferredencouragedlearned.com Fingerprint97:04:0E:FB:AD:8F:82:A7:EB:80:D7:6F:0B:29:51:D2:73:2B:A2:1B ValidityMon, 29 Apr 2024 08:20:12 GMT - Sun, 28 Jul 2024 08:20:11 GMT
File typeJavaScript source, ASCII text, with very long lines (2648) Hashab19998a51a1dd53d97885728cdf0458 fa368b4baa322a2e3b557bbb6dee349f059fbbdd 6eb3e2558eee4bf18b396f359fdd68298c75d5bcd6c6fe6eb2a2bbf1b5967018
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.1382172940863.js?dev=e&key=fb87135eb1bdee211d55a6d31f28b1bc&kw=%5B%22zip%22%2C%22url%22%2C%22shortener%22%5D&pst=1714676981&refer=https%3A%2F%2Fzip.lu%2F%3Fbanned%3D1&res=14.2071&rmtc=t&shu=9532aaed74697e681c63e596172bfc4adc6bae3d625922a7868a19eb1e83f578ac0ff93dfd98eb7c6d8f818942da39f7bd5485ef291a2fe7e6c123f5ee62abf83d249556b3eba96bb7d9a44f3c462ac0bc5d7c2e8b0475fae4da34990e3e3d&tz=0&uuid=c2394279-ed01-4ea1-8556-0b52e2311fc8%3A3%3A1 HTTP/1.1
Host: referredencouragedlearned.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://zip.lu
Referer: https://zip.lu/
DNT: 1
Connection: keep-alive
Cookie: u_pl=22829219; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjgyOTIxOSwiayI6ImZiODcxMzVlYjFiZGVlMjExZDU1YTZkMzFmMjhiMWJjIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNjc1ODY4LCJwaWQiOjkzMDg4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjM0LCJhaWQiOjMyLCJwdCI6NCwicGsiOiJ6YXM3dzFtanQiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly96aXAubHUvP2Jhbm5lZD0xIiwiYXIiOltdfX0.x4V-YbMaz28DxGpGZqZohRewgpsltxYPfC_5fIrdH0Y
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 02 May 2024 19:08:41 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://zip.lu
Access-Control-Allow-Origin: https://zip.lu
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=c2394279-ed01-4ea1-8556-0b52e2311fc8:3:1; expires=Thu, 09 May 2024 19:08:41 GMT; secure; SameSite=None
iprc6b582b98b956992d7ce5a2bec33b71ad=3570421; expires=Thu, 02 May 2024 23:08:41 GMT; secure; SameSite=None
pdhtkv=true; expires=Fri, 03 May 2024 19:08:41 GMT; secure; SameSite=None
uncs=1; expires=Fri, 03 May 2024 19:08:41 GMT; secure; SameSite=None
pdhtkv32=true; expires=Fri, 03 May 2024 19:08:41 GMT; secure; SameSite=None
uncs32=1; expires=Fri, 03 May 2024 19:08:41 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d43869e94c69119cedc6d762f590a5d5
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| roughindoor.com/watch.544746743174.js?dev=e&key=6dc3a27552b5aedfb96aeaa00aa1c37b&kw=%5B%22zip%22%2C%22url%22%2C%22shortener%22%5D&pst=1714676981&refer=https%3A%2F%2Fzip.lu%2F%3Fbanned%3D1&res=14.2071&rmtc=t&shu=965439dc81f6fb13d0ee898b7d4fe549433c7175d080a802c981624dcb2395a5bfe3ceb4c796fda099d300256cd63483955b3283b2c354533185059eff54042fac332b313699d82e209a1e27b04f4570f592cdb20f657e10105712d4a5b2&tz=0&uuid=165b288a-da70-49c5-a384-100fbf63169b%3A2%3A1 | 192.243.59.20 | 200 OK | 2.1 kB |
URL GET HTTP/1.1roughindoor.com/watch.544746743174.js?dev=e&key=6dc3a27552b5aedfb96aeaa00aa1c37b&kw=%5B%22zip%22%2C%22url%22%2C%22shortener%22%5D&pst=1714676981&refer=https%3A%2F%2Fzip.lu%2F%3Fbanned%3D1&res=14.2071&rmtc=t&shu=965439dc81f6fb13d0ee898b7d4fe549433c7175d080a802c981624dcb2395a5bfe3ceb4c796fda099d300256cd63483955b3283b2c354533185059eff54042fac332b313699d82e209a1e27b04f4570f592cdb20f657e10105712d4a5b2&tz=0&uuid=165b288a-da70-49c5-a384-100fbf63169b%3A2%3A1 IP192.243.59.20:443 ASN#39572 DataWeb Global Group B.V.
CertificateIssuerLet's Encrypt Subjectroughindoor.com Fingerprint2F:BA:92:51:9E:67:BD:A3:02:2C:29:6B:2F:12:C5:AD:96:07:37:80 ValidityMon, 29 Apr 2024 12:56:52 GMT - Sun, 28 Jul 2024 12:56:51 GMT
File typeJavaScript source, ASCII text, with very long lines (2633) Hash338e97dd425b14d1448bde668e9d1cd3 5aecc84b0f303f91e1dea9776631d5dcc7cfd71d 91b3bc360fb617d368f1273f39d8fcefa3365574b904c1a08bb4401283720e9a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.544746743174.js?dev=e&key=6dc3a27552b5aedfb96aeaa00aa1c37b&kw=%5B%22zip%22%2C%22url%22%2C%22shortener%22%5D&pst=1714676981&refer=https%3A%2F%2Fzip.lu%2F%3Fbanned%3D1&res=14.2071&rmtc=t&shu=965439dc81f6fb13d0ee898b7d4fe549433c7175d080a802c981624dcb2395a5bfe3ceb4c796fda099d300256cd63483955b3283b2c354533185059eff54042fac332b313699d82e209a1e27b04f4570f592cdb20f657e10105712d4a5b2&tz=0&uuid=165b288a-da70-49c5-a384-100fbf63169b%3A2%3A1 HTTP/1.1
Host: roughindoor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://zip.lu
Referer: https://zip.lu/
DNT: 1
Connection: keep-alive
Cookie: u_pl=22735548; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjczNTU0OCwiayI6IjZkYzNhMjc1NTJiNWFlZGZiOTZhZWFhMDBhYTFjMzdiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNjc1ODY4LCJwaWQiOjkzMDg4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjM0LCJhaWQiOjUsInB0Ijo0LCJwayI6Inc3cTYxZHZqbWUiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly96aXAubHUvP2Jhbm5lZD0xIiwiYXIiOltdfX0.Wlik0i7U6TMsAzL1Ct4uONsIP4EB7gWVCej1azy-STE
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 02 May 2024 19:08:41 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://zip.lu
Access-Control-Allow-Origin: https://zip.lu
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=165b288a-da70-49c5-a384-100fbf63169b:2:1; expires=Thu, 09 May 2024 19:08:41 GMT; secure; SameSite=None
iprc4ece2586347da18a339019e28fd787cf=3569806; expires=Thu, 02 May 2024 23:08:41 GMT; secure; SameSite=None
pdhtkv=true; expires=Fri, 03 May 2024 19:08:41 GMT; secure; SameSite=None
uncs=1; expires=Fri, 03 May 2024 19:08:41 GMT; secure; SameSite=None
pdhtkv5=true; expires=Fri, 03 May 2024 19:08:41 GMT; secure; SameSite=None
uncs5=1; expires=Fri, 03 May 2024 19:08:41 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4b481f4d32fb9986f000e41430e6e4c5
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| impostersierraglands.com/78/66/ea/7866ead300fcf9e425beaf01fe308949.js | 192.243.59.13 | 200 OK | 30 kB |
URL GET HTTP/1.1impostersierraglands.com/78/66/ea/7866ead300fcf9e425beaf01fe308949.js IP192.243.59.13:443 ASN#39572 DataWeb Global Group B.V.
CertificateIssuerLet's Encrypt Subjectimpostersierraglands.com Fingerprint2F:7B:27:C2:0D:EE:8C:B7:B5:3C:0D:29:8F:73:5B:FD:2E:C0:AE:86 ValidityMon, 29 Apr 2024 08:30:48 GMT - Sun, 28 Jul 2024 08:30:47 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash098e7d7b78b7b5a57b5931663b38416f fb8d6875ef52f46d5369175d5e9451018cd5cdcb eadc9a7f35dc221d0afc1451926832bdcbfdfe072e5878e60332bb48b5357800
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /78/66/ea/7866ead300fcf9e425beaf01fe308949.js HTTP/1.1
Host: impostersierraglands.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 02 May 2024 19:08:41 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ffdcb07105a4fa14a50d7f23a63cc0a3
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| impostersierraglands.com/ntv.json?key=172d9680245553e8052aafbe1bd64a13&vstc=4 | 192.243.59.13 | 200 OK | 17 kB |
URL GET HTTP/1.1impostersierraglands.com/ntv.json?key=172d9680245553e8052aafbe1bd64a13&vstc=4 IP192.243.59.13:443 ASN#39572 DataWeb Global Group B.V.
CertificateIssuerLet's Encrypt Subjectimpostersierraglands.com Fingerprint2F:7B:27:C2:0D:EE:8C:B7:B5:3C:0D:29:8F:73:5B:FD:2E:C0:AE:86 ValidityMon, 29 Apr 2024 08:30:48 GMT - Sun, 28 Jul 2024 08:30:47 GMT
Hash42f3b9419fa893413d963bf0d4c5ef17 e5bfb9baa16a57e09fcba97ea5759959b830c97b 2567df89d00e36d081910e65a4d9762489aba5ed556d8b5cb0ea69f593564e9f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /ntv.json?key=172d9680245553e8052aafbe1bd64a13&vstc=4 HTTP/1.1
Host: impostersierraglands.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://zip.lu
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 02 May 2024 19:08:41 GMT
Content-Type: application/json
Content-Length: 17088
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://zip.lu
Access-Control-Allow-Origin: https://zip.lu
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=22725681; expires=Fri, 03 May 2024 19:08:41 GMT; secure; SameSite=None
pdhtkv=true; expires=Fri, 03 May 2024 19:08:41 GMT; secure; SameSite=None
uncs=1; expires=Fri, 03 May 2024 19:08:41 GMT; secure; SameSite=None
pdhtkv49=true; expires=Fri, 03 May 2024 19:08:41 GMT; secure; SameSite=None
uncs49=1; expires=Fri, 03 May 2024 19:08:41 GMT; secure; SameSite=None
nlec172d9680245553e8052aafbe1bd64a13=[2229337,2229333,2229329,2019380]; expires=Thu, 02 May 2024 19:08:46 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6b5417f992f369873915ba356aef1505
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| cdn.cloudimagesb.com/cti/43/ff/51/43ff51c07da75eaedd548042d5154cfe/1658930770.jpg | 45.133.44.9 | 200 OK | 25 kB |
URL GET HTTP/2cdn.cloudimagesb.com/cti/43/ff/51/43ff51c07da75eaedd548042d5154cfe/1658930770.jpg IP45.133.44.9:443 ASN#39572 DataWeb Global Group B.V.
CertificateIssuerLet's Encrypt Subjectcdn.cloudimagesb.com FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0 ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT
File typeJPEG image data, baseline, precision 8, 320x50, components 3 Hashd465d02b90e928dfd9d9846e102a9dac 22f7333777bec813bd9a7b870913a2b79b6d2fe4 e393d4f1c6b5d4973e157f0f10764b92037dc18239500f42b72bed8ecef462fd
GET /cti/43/ff/51/43ff51c07da75eaedd548042d5154cfe/1658930770.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 02 May 2024 19:08:41 GMT
content-type: image/jpeg
content-length: 24714
server: nginx/1.21.6
last-modified: Wed, 27 Jul 2022 14:06:18 GMT
etag: "62e1465a-608a"
expires: Sat, 04 May 2024 19:08:41 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| cdn.cloudimagesb.com/cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png | 45.133.44.9 | 200 OK | 144 kB |
URL GET HTTP/2cdn.cloudimagesb.com/cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png IP45.133.44.9:443 ASN#39572 DataWeb Global Group B.V.
CertificateIssuerLet's Encrypt Subjectcdn.cloudimagesb.com FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0 ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT
File typePNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced Size144 kB (144379 bytes) Hash33c304429dc1a4408a96e6a74ffa2feb c45fa8e65528d1bb2b46bf8a28af9eeaa1903d04 dbed482e5948ead5587d30a22306a5b611305f704de940bd22c76daf90e0a314
GET /cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 02 May 2024 19:08:41 GMT
content-type: image/png
content-length: 144379
server: nginx/1.21.6
last-modified: Wed, 27 Jul 2022 11:07:21 GMT
etag: "62e11c69-233fb"
expires: Sat, 04 May 2024 19:08:41 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| cdn.cloudimagesb.com/cti/d6/e8/37/d6e83777d7311d26f1ac5b2b62a81218/1588233535.jpg | 45.133.44.9 | 200 OK | 28 kB |
URL GET HTTP/2cdn.cloudimagesb.com/cti/d6/e8/37/d6e83777d7311d26f1ac5b2b62a81218/1588233535.jpg IP45.133.44.9:443 ASN#39572 DataWeb Global Group B.V.
CertificateIssuerLet's Encrypt Subjectcdn.cloudimagesb.com FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0 ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 320x240, components 3 Hash1dcde64d47d24d151a1433ecf4403dd7 443d6704b5a294e000084d7a8ac823e526093928 d11bcd65a82589c2c31d6fd87cb16ec673dd5640462ad3d20ff53e014a435376
GET /cti/d6/e8/37/d6e83777d7311d26f1ac5b2b62a81218/1588233535.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 02 May 2024 19:08:42 GMT
content-type: image/jpeg
content-length: 27832
server: nginx/1.21.6
last-modified: Thu, 30 Apr 2020 07:58:58 GMT
etag: "5eaa8542-6cb8"
expires: Sat, 04 May 2024 19:08:42 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| cdn.cloudimagesb.com/cti/5e/78/a9/5e78a94057ff65f06ec19e727c7be04f/1588233511.jpg | 45.133.44.9 | 200 OK | 24 kB |
URL GET HTTP/2cdn.cloudimagesb.com/cti/5e/78/a9/5e78a94057ff65f06ec19e727c7be04f/1588233511.jpg IP45.133.44.9:443 ASN#39572 DataWeb Global Group B.V.
CertificateIssuerLet's Encrypt Subjectcdn.cloudimagesb.com FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0 ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 320x240, components 3 Hashd71c872fb9f50bd9383abc0721d1d51e 1f69b40ef2f95798b4e0fd738d630ad4319cd739 6b4a622b9de1ffab8fe905fc8c4633994c732476664b5190ceedd62a3795ab08
GET /cti/5e/78/a9/5e78a94057ff65f06ec19e727c7be04f/1588233511.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 02 May 2024 19:08:42 GMT
content-type: image/jpeg
content-length: 24518
server: nginx/1.21.6
last-modified: Thu, 30 Apr 2020 07:58:34 GMT
etag: "5eaa852a-5fc6"
expires: Sat, 04 May 2024 19:08:42 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| cdn.cloudimagesb.com/cti/f7/13/0e/f7130e7f47db248dc886c97a1e4c3e2b/1588233482.jpg | 45.133.44.9 | 200 OK | 32 kB |
URL GET HTTP/2cdn.cloudimagesb.com/cti/f7/13/0e/f7130e7f47db248dc886c97a1e4c3e2b/1588233482.jpg IP45.133.44.9:443 ASN#39572 DataWeb Global Group B.V.
CertificateIssuerLet's Encrypt Subjectcdn.cloudimagesb.com FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0 ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 321x240, components 3 Hash3528385dd0c31dbd2e5bfc4af7a6bec5 832c580ffd7711115d6c036ab4232f5bd88480a4 bfbfeebfcb679ca578055235614cc679b0757bad272996ef89b7fd5615a2db75
GET /cti/f7/13/0e/f7130e7f47db248dc886c97a1e4c3e2b/1588233482.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 02 May 2024 19:08:42 GMT
content-type: image/jpeg
content-length: 32471
server: nginx/1.21.6
last-modified: Thu, 30 Apr 2020 07:58:05 GMT
etag: "5eaa850d-7ed7"
expires: Sat, 04 May 2024 19:08:42 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| cdn.cloudimagesb.com/cti/d7/14/ea/d714ea0356c58a2679ce4074962c0e16/1588233398.jpeg | 45.133.44.9 | 200 OK | 23 kB |
URL GET HTTP/2cdn.cloudimagesb.com/cti/d7/14/ea/d714ea0356c58a2679ce4074962c0e16/1588233398.jpeg IP45.133.44.9:443 ASN#39572 DataWeb Global Group B.V.
CertificateIssuerLet's Encrypt Subjectcdn.cloudimagesb.com FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0 ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 320x240, components 3 Hash9a2dc4fe2ebb70df2dfb1566d22970b8 b85a5f4ef7bd68b834d03d8b9a552e2e546e8701 1983c705f5f4315c8cd002183eb9ed3c846abed8fc2a6f0a073185c249552efd
GET /cti/d7/14/ea/d714ea0356c58a2679ce4074962c0e16/1588233398.jpeg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 02 May 2024 19:08:42 GMT
content-type: image/jpeg
content-length: 22757
server: nginx/1.21.6
last-modified: Thu, 30 Apr 2020 07:56:41 GMT
etag: "5eaa84b9-58e5"
expires: Sat, 04 May 2024 19:08:42 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| impostersierraglands.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSTWgkRRSuXucUL%2F4sXgQZFgQFmXT3zPTMuMhijJFg3OyPiz8Xqe7qmZRT3dVUdU1PcgouyB7n4EVPlW%2BSDWoQPXpwkUlgkaCYuUhAc%2FLuQVg8So%2BDow%2Fq%2FdT3Cr73vvp4z1wQH4aer74ld7gQdLlZc6svvOt5V6sbPDXD6rAdfBA0rlbV4OVOUHNfrL4RR3257Lue63quV13jKu7K4XIJgmdHHa%2FWcWsNv%2BY1Gxiq%2F9faONDUARtckKfA2bRy4lwGjyZIk69XY93PZfbS64kRNJcKA3Z4J%2B2nskiRLNKuctBND%2BfdkPps7QFkejCjCzn4tzHkU%2BI8fIAwPZyTRDjYn%2FEMBeIUIXscxWCCWEzA6QSRvAvOzggQMVzfRJrcvy5VQbf%2FQWmJTknl0Z%2FgxZRUfruMNPlqRfBh9bYUJucy1Rh2LfhwAt6bIDPHyHcugRfHiPKPwNlPZPnRBtJkf1MLCc7sbHbOJ%2BDdCUQ8AtUOTHm4A9N1YDIHCTuvRp7ntVwWUbfdiaI6a8VhwFyPtroe9dygDROV9EbIsxEiMUKkdpGpXfT5CMp8D71loZkDnU%2BJc3MXA2ZRxASFJigoQcEJipygGNgDJrSv7X0mtAm9efTnsW7HMu%2Ft0QOZ9%2BKUgKoRFLN72QV5styP8%2F6Jh358XvVaPusEbddvNJvNetx2mz6l3TD2QhY0qFeH5hZcX5qNvMOnpP3Mr8hKzfoWIT2GFseI%2BBVQ44EWFnTLYic9ynm6bZSoJTLkYNIiyyvIt509cUGenSl0pfIe4uj02sOlV7LxL0uIlEWmLD7kJwQ9cW98SxZk%2F5YsNPlmM8t5wndoqd7tnObxY1%2B8GW8XUrH1VT36%2FNWoBMr06O1Y5xs0ZTztafLlCmcsVmtSRTH5bl2%2FE4c3jN5aMSo12caN19bWk0zFWnOZTkD52eZfiPiUVJ5%2FevYtn%2FjxD3A1gTIWiTklcwOXx4iyXehswV5LAiUWPWHmoDB2rPxwcSk4gYgXNQ0t9H%2FqcJGPFS1fU2739D30VAU0v4s0sRgoi4GwoGIEbZbGeaZOr%2F3waWmfIRSVcShUZT8USnwyW3Lp7pTu5pQ893MDmp9XW%2FW6S4NO02u1aNwKG367G3iMUr8R%2BEFA68j1tFv%2F%2Fdu%2FAQAA%2F%2F8BAAD%2F%2FzNe3Xt6BAAA | 192.243.59.13 | 200 OK | 7 B |
URL GET HTTP/1.1impostersierraglands.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSTWgkRRSuXucUL%2F4sXgQZFgQFmXT3zPTMuMhijJFg3OyPiz8Xqe7qmZRT3dVUdU1PcgouyB7n4EVPlW%2BSDWoQPXpwkUlgkaCYuUhAc%2FLuQVg8So%2BDow%2Fq%2FdT3Cr73vvp4z1wQH4aer74ld7gQdLlZc6svvOt5V6sbPDXD6rAdfBA0rlbV4OVOUHNfrL4RR3257Lue63quV13jKu7K4XIJgmdHHa%2FWcWsNv%2BY1Gxiq%2F9faONDUARtckKfA2bRy4lwGjyZIk69XY93PZfbS64kRNJcKA3Z4J%2B2nskiRLNKuctBND%2BfdkPps7QFkejCjCzn4tzHkU%2BI8fIAwPZyTRDjYn%2FEMBeIUIXscxWCCWEzA6QSRvAvOzggQMVzfRJrcvy5VQbf%2FQWmJTknl0Z%2FgxZRUfruMNPlqRfBh9bYUJucy1Rh2LfhwAt6bIDPHyHcugRfHiPKPwNlPZPnRBtJkf1MLCc7sbHbOJ%2BDdCUQ8AtUOTHm4A9N1YDIHCTuvRp7ntVwWUbfdiaI6a8VhwFyPtroe9dygDROV9EbIsxEiMUKkdpGpXfT5CMp8D71loZkDnU%2BJc3MXA2ZRxASFJigoQcEJipygGNgDJrSv7X0mtAm9efTnsW7HMu%2Ft0QOZ9%2BKUgKoRFLN72QV5styP8%2F6Jh358XvVaPusEbddvNJvNetx2mz6l3TD2QhY0qFeH5hZcX5qNvMOnpP3Mr8hKzfoWIT2GFseI%2BBVQ44EWFnTLYic9ynm6bZSoJTLkYNIiyyvIt509cUGenSl0pfIe4uj02sOlV7LxL0uIlEWmLD7kJwQ9cW98SxZk%2F5YsNPlmM8t5wndoqd7tnObxY1%2B8GW8XUrH1VT36%2FNWoBMr06O1Y5xs0ZTztafLlCmcsVmtSRTH5bl2%2FE4c3jN5aMSo12caN19bWk0zFWnOZTkD52eZfiPiUVJ5%2FevYtn%2FjxD3A1gTIWiTklcwOXx4iyXehswV5LAiUWPWHmoDB2rPxwcSk4gYgXNQ0t9H%2FqcJGPFS1fU2739D30VAU0v4s0sRgoi4GwoGIEbZbGeaZOr%2F3waWmfIRSVcShUZT8USnwyW3Lp7pTu5pQ893MDmp9XW%2FW6S4NO02u1aNwKG367G3iMUr8R%2BEFA68j1tFv%2F%2Fdu%2FAQAA%2F%2F8BAAD%2F%2FzNe3Xt6BAAA IP192.243.59.13:443 ASN#39572 DataWeb Global Group B.V.
CertificateIssuerLet's Encrypt Subjectimpostersierraglands.com Fingerprint2F:7B:27:C2:0D:EE:8C:B7:B5:3C:0D:29:8F:73:5B:FD:2E:C0:AE:86 ValidityMon, 29 Apr 2024 08:30:48 GMT - Sun, 28 Jul 2024 08:30:47 GMT
File typeASCII text, with no line terminators Hash132d6af1b46048b45cf86cdee7991d31 eb7007d03d59b65bc6da7e098c4d38fc6dfb6285 ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSTWgkRRSuXucUL%2F4sXgQZFgQFmXT3zPTMuMhijJFg3OyPiz8Xqe7qmZRT3dVUdU1PcgouyB7n4EVPlW%2BSDWoQPXpwkUlgkaCYuUhAc%2FLuQVg8So%2BDow%2Fq%2FdT3Cr73vvp4z1wQH4aer74ld7gQdLlZc6svvOt5V6sbPDXD6rAdfBA0rlbV4OVOUHNfrL4RR3257Lue63quV13jKu7K4XIJgmdHHa%2FWcWsNv%2BY1Gxiq%2F9faONDUARtckKfA2bRy4lwGjyZIk69XY93PZfbS64kRNJcKA3Z4J%2B2nskiRLNKuctBND%2BfdkPps7QFkejCjCzn4tzHkU%2BI8fIAwPZyTRDjYn%2FEMBeIUIXscxWCCWEzA6QSRvAvOzggQMVzfRJrcvy5VQbf%2FQWmJTknl0Z%2FgxZRUfruMNPlqRfBh9bYUJucy1Rh2LfhwAt6bIDPHyHcugRfHiPKPwNlPZPnRBtJkf1MLCc7sbHbOJ%2BDdCUQ8AtUOTHm4A9N1YDIHCTuvRp7ntVwWUbfdiaI6a8VhwFyPtroe9dygDROV9EbIsxEiMUKkdpGpXfT5CMp8D71loZkDnU%2BJc3MXA2ZRxASFJigoQcEJipygGNgDJrSv7X0mtAm9efTnsW7HMu%2Ft0QOZ9%2BKUgKoRFLN72QV5styP8%2F6Jh358XvVaPusEbddvNJvNetx2mz6l3TD2QhY0qFeH5hZcX5qNvMOnpP3Mr8hKzfoWIT2GFseI%2BBVQ44EWFnTLYic9ynm6bZSoJTLkYNIiyyvIt509cUGenSl0pfIe4uj02sOlV7LxL0uIlEWmLD7kJwQ9cW98SxZk%2F5YsNPlmM8t5wndoqd7tnObxY1%2B8GW8XUrH1VT36%2FNWoBMr06O1Y5xs0ZTztafLlCmcsVmtSRTH5bl2%2FE4c3jN5aMSo12caN19bWk0zFWnOZTkD52eZfiPiUVJ5%2FevYtn%2FjxD3A1gTIWiTklcwOXx4iyXehswV5LAiUWPWHmoDB2rPxwcSk4gYgXNQ0t9H%2FqcJGPFS1fU2739D30VAU0v4s0sRgoi4GwoGIEbZbGeaZOr%2F3waWmfIRSVcShUZT8USnwyW3Lp7pTu5pQ893MDmp9XW%2FW6S4NO02u1aNwKG367G3iMUr8R%2BEFA68j1tFv%2F%2Fdu%2FAQAA%2F%2F8BAAD%2F%2FzNe3Xt6BAAA HTTP/1.1
Host: impostersierraglands.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Cookie: u_pl=22725681; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec172d9680245553e8052aafbe1bd64a13=[2229337,2229333,2229329,2019380]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 02 May 2024 19:08:42 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1ce8f57f52298e7270729fe19ea7dd32
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| impostersierraglands.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSTWgkRRSuXue0XvxZvAgyLAgKMunumemZcZFgjFmCcbM%2FLv5cpLqrZ1JOdVdT1TU9GS%2FBBdnjHLzoqfJNskENix49uMgksEhQzFwkoAHBsxdh8Sg9BqMPut979b2C731ffbxtTokPQ0%2BW35QjLgRdaNbc6gvveN6V6hpPzbA6bAfvB40rVTV4uRPU3BerV%2BOoLxd813Ndz%2FWqK1zFXTlcKEHwbL%2Fj1TpureHXvGYDQ%2FX%2FXhsHmjpgg1PyFDibVQ6dS%2BDRFGny1XKs%2B7nMXno9MYLmUmHA9m6n%2FVQWKZLzsqscdNO9s2lIfbzyADLdndOFHPw7GPIZcR4%2BQJjunZFEONiZ8wwF4hQhexzFYIpYTMHpFJG8A86OCRAxXFtHmty7JlVBN%2F9BaYnOSOXRn%2BDFjFR%2BvYQ0ub8k%2BLB6SwqTc5lqDLsWfDgF702RmQPkowvgxQGi%2FCNw9iNZeLSGNNlZ10KCMzvfnfMpeHcKEY9BtQNTftyB6TowmYOEnVQjz%2FNaLouo2%2B5EUZ214jBgrkdbXY96btCGiUp6Y%2BTZGJEYI1JbyNQW%2BnwMZb6D3rDQzIHOZ8S5sYUBsyhigkITFJSg4ARFTlAM7C4T2tf2HhPahN5Z9s9y3U5k3tumuzLvxSkBVWMoZrezU%2FJkqY%2Fz3qGHfnxS9Vo%2B6wRt1280m8163HabPqXdMPZCFjSoV4fmFlxfmK884jPSfuYXZKVnfYuQHkCLA0T8MqjxQAsLumExSvdznm4aJWqJDDmYtMjyCvJNZ1uckmfnDl2u3EYcHS0%2BvPhKNvn5IiJlkSmLD%2FghQU%2FcndyUBdm5KQtNvl7Pcp7wES3du5XTPH7sizfizUIqtrqsx5%2B%2FGpVAWe6%2FFet8jaaMpz1NvlzijMVqRaooJt%2Bu6rfj8LrRG0tGpSZbu%2F7aymqSqVhrLtMpKD9e%2FwsRn5HK80%2FPn%2BUTP%2FwBrqZQxiIxR%2BQswOUBomwLOjtazEe%2FXb1%2F6UNoSaDE%2BUyYXUBh7ET54fmh4AQiPu9paKH%2F04fn9UTR8jbldlvfRU9VQPM7SBOLgbIYCAsqxtDm4iTP1NHi95%2BW8RlCUZmEQlV2QqHEJ6XI786VLn83ZuS5nxrQ%2FKTaqtddGnSaXqtF41bY8NvdwGOU%2Bo3ADwJaR65n3frv3%2FwNAAD%2F%2FwEAAP%2F%2FCXvgAXoEAAA%3D | 192.243.59.13 | 200 OK | 7 B |
URL GET HTTP/1.1impostersierraglands.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSTWgkRRSuXue0XvxZvAgyLAgKMunumemZcZFgjFmCcbM%2FLv5cpLqrZ1JOdVdT1TU9GS%2FBBdnjHLzoqfJNskENix49uMgksEhQzFwkoAHBsxdh8Sg9BqMPut979b2C731ffbxtTokPQ0%2BW35QjLgRdaNbc6gvveN6V6hpPzbA6bAfvB40rVTV4uRPU3BerV%2BOoLxd813Ndz%2FWqK1zFXTlcKEHwbL%2Fj1TpureHXvGYDQ%2FX%2FXhsHmjpgg1PyFDibVQ6dS%2BDRFGny1XKs%2B7nMXno9MYLmUmHA9m6n%2FVQWKZLzsqscdNO9s2lIfbzyADLdndOFHPw7GPIZcR4%2BQJjunZFEONiZ8wwF4hQhexzFYIpYTMHpFJG8A86OCRAxXFtHmty7JlVBN%2F9BaYnOSOXRn%2BDFjFR%2BvYQ0ub8k%2BLB6SwqTc5lqDLsWfDgF702RmQPkowvgxQGi%2FCNw9iNZeLSGNNlZ10KCMzvfnfMpeHcKEY9BtQNTftyB6TowmYOEnVQjz%2FNaLouo2%2B5EUZ214jBgrkdbXY96btCGiUp6Y%2BTZGJEYI1JbyNQW%2BnwMZb6D3rDQzIHOZ8S5sYUBsyhigkITFJSg4ARFTlAM7C4T2tf2HhPahN5Z9s9y3U5k3tumuzLvxSkBVWMoZrezU%2FJkqY%2Fz3qGHfnxS9Vo%2B6wRt1280m8163HabPqXdMPZCFjSoV4fmFlxfmK884jPSfuYXZKVnfYuQHkCLA0T8MqjxQAsLumExSvdznm4aJWqJDDmYtMjyCvJNZ1uckmfnDl2u3EYcHS0%2BvPhKNvn5IiJlkSmLD%2FghQU%2FcndyUBdm5KQtNvl7Pcp7wES3du5XTPH7sizfizUIqtrqsx5%2B%2FGpVAWe6%2FFet8jaaMpz1NvlzijMVqRaooJt%2Bu6rfj8LrRG0tGpSZbu%2F7aymqSqVhrLtMpKD9e%2FwsRn5HK80%2FPn%2BUTP%2FwBrqZQxiIxR%2BQswOUBomwLOjtazEe%2FXb1%2F6UNoSaDE%2BUyYXUBh7ET54fmh4AQiPu9paKH%2F04fn9UTR8jbldlvfRU9VQPM7SBOLgbIYCAsqxtDm4iTP1NHi95%2BW8RlCUZmEQlV2QqHEJ6XI786VLn83ZuS5nxrQ%2FKTaqtddGnSaXqtF41bY8NvdwGOU%2Bo3ADwJaR65n3frv3%2FwNAAD%2F%2FwEAAP%2F%2FCXvgAXoEAAA%3D IP192.243.59.13:443 ASN#39572 DataWeb Global Group B.V.
CertificateIssuerLet's Encrypt Subjectimpostersierraglands.com Fingerprint2F:7B:27:C2:0D:EE:8C:B7:B5:3C:0D:29:8F:73:5B:FD:2E:C0:AE:86 ValidityMon, 29 Apr 2024 08:30:48 GMT - Sun, 28 Jul 2024 08:30:47 GMT
File typeASCII text, with no line terminators Hash132d6af1b46048b45cf86cdee7991d31 eb7007d03d59b65bc6da7e098c4d38fc6dfb6285 ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSTWgkRRSuXue0XvxZvAgyLAgKMunumemZcZFgjFmCcbM%2FLv5cpLqrZ1JOdVdT1TU9GS%2FBBdnjHLzoqfJNskENix49uMgksEhQzFwkoAHBsxdh8Sg9BqMPut979b2C731ffbxtTokPQ0%2BW35QjLgRdaNbc6gvveN6V6hpPzbA6bAfvB40rVTV4uRPU3BerV%2BOoLxd813Ndz%2FWqK1zFXTlcKEHwbL%2Fj1TpureHXvGYDQ%2FX%2FXhsHmjpgg1PyFDibVQ6dS%2BDRFGny1XKs%2B7nMXno9MYLmUmHA9m6n%2FVQWKZLzsqscdNO9s2lIfbzyADLdndOFHPw7GPIZcR4%2BQJjunZFEONiZ8wwF4hQhexzFYIpYTMHpFJG8A86OCRAxXFtHmty7JlVBN%2F9BaYnOSOXRn%2BDFjFR%2BvYQ0ub8k%2BLB6SwqTc5lqDLsWfDgF702RmQPkowvgxQGi%2FCNw9iNZeLSGNNlZ10KCMzvfnfMpeHcKEY9BtQNTftyB6TowmYOEnVQjz%2FNaLouo2%2B5EUZ214jBgrkdbXY96btCGiUp6Y%2BTZGJEYI1JbyNQW%2BnwMZb6D3rDQzIHOZ8S5sYUBsyhigkITFJSg4ARFTlAM7C4T2tf2HhPahN5Z9s9y3U5k3tumuzLvxSkBVWMoZrezU%2FJkqY%2Fz3qGHfnxS9Vo%2B6wRt1280m8163HabPqXdMPZCFjSoV4fmFlxfmK884jPSfuYXZKVnfYuQHkCLA0T8MqjxQAsLumExSvdznm4aJWqJDDmYtMjyCvJNZ1uckmfnDl2u3EYcHS0%2BvPhKNvn5IiJlkSmLD%2FghQU%2FcndyUBdm5KQtNvl7Pcp7wES3du5XTPH7sizfizUIqtrqsx5%2B%2FGpVAWe6%2FFet8jaaMpz1NvlzijMVqRaooJt%2Bu6rfj8LrRG0tGpSZbu%2F7aymqSqVhrLtMpKD9e%2FwsRn5HK80%2FPn%2BUTP%2FwBrqZQxiIxR%2BQswOUBomwLOjtazEe%2FXb1%2F6UNoSaDE%2BUyYXUBh7ET54fmh4AQiPu9paKH%2F04fn9UTR8jbldlvfRU9VQPM7SBOLgbIYCAsqxtDm4iTP1NHi95%2BW8RlCUZmEQlV2QqHEJ6XI786VLn83ZuS5nxrQ%2FKTaqtddGnSaXqtF41bY8NvdwGOU%2Bo3ADwJaR65n3frv3%2FwNAAD%2F%2FwEAAP%2F%2FCXvgAXoEAAA%3D HTTP/1.1
Host: impostersierraglands.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Cookie: u_pl=22725681; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec172d9680245553e8052aafbe1bd64a13=[2229337,2229333,2229329,2019380]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 02 May 2024 19:08:42 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a3702f7ef9ee5001037957dbeeee1713
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| impostersierraglands.com/ren.gif?sid=H4sIAAAAAAAC%2F1RST2gkxReu3p1TfpefungRZFgQFGTS3TPTM%2BMiizFGgnGzf1z8c5Hqrp5JOdVdTVXX9CSn4ILscQ5e9FT5JtmgBtGjBxeZBBYJipmLBDQnr56ExaP0ODj6oPu9V98r%2BN731Ud75oL4MPR89U25w4Wgy82aW33%2BHc%2B7Vt3gqRlWh%2B3g%2FaBxraoGL3WCmvtC9fU46stl3%2FVc13O96hpXcVcOl0sQPDvqeLWOW2v4Na%2FZwFD9t9fGgaYO2OCCPAnOppUT5wp4NEGafLUa634usxdfS4yguVQYsMO7aT%2BVRYpkUXaVg256OJ%2BG1GdrDyHTgxldyME%2FgyGfEufRQ4Tp4ZwkwsH%2BjGcoEKcI2f9QDCaIxQScThDJe%2BDsjAARw41NpMmDG1IVdPtvlJbolFQe%2FwFeTEnl1ytIky9XBB9W70hhci5TjWHXgg8n4L0JMnOMfOcSeHGMKP8QnP1Ilh9vIE32N7WQ4MzOdud8At6dQMQjUO3AlB93YLoOTOYgYefVyPO8lssi6rY7UVRnrTgMmOvRVtejnhu0YaKS3gh5NkIkRojULjK1iz4fQZnvoLcsNHOg8ylxbu1iwCyKmKDQBAUlKDhBkRMUA3vAhPa1fcCENqE3z%2F481%2B1Y5r09eiDzXpwSUDWCYnYvuyBPlPo475146MfnVa%2Fls07Qdv1Gs9msx2236VPaDWMvZEGDenVobsH1pdnKO3xK2k%2F%2Fgqz0rG8R0mNocYyIXwU1HmhhQbcsdtKjnKfbRolaIkMOJi2yvIJ829kTF%2BSZmUNXK7cQR6fXHy29nI1%2FXkKkLDJl8QE%2FIeiJ%2B%2BPbsiD7t2WhydebWc4TvkNL9%2B7kNI8vf%2F5GvF1IxdZX9eizV6ISKMujt2Kdb9CU8bSnyRcrnLFYrUkVxeTbdf12HN40emvFqNRkGzdfXVtPMhVrzWU6AeVnm38i4lNSee6p2bP8%2Fw%2B%2Fg6sJlLFIzCmZB7g8RpTtQmcL9loSKLGYCbPLKIwdKz9cHApOIOJFT0ML%2Fa8%2BXNRjRcvblNs9fR89VQHN7yFNLAbKYiAsqBhBm6VxnqnT699%2FUsanCEVlHApV2Q%2BFEh%2BXIr9b%2Fu7O5J6SZ39qQPPzaqted2nQaXqtFo1bYcNvdwOPUeo3Aj8IaB25nnbrv33zFwAAAP%2F%2FAQAA%2F%2F%2F2Il8YegQAAA%3D%3D | 192.243.59.13 | 200 OK | 7 B |
URL GET HTTP/1.1impostersierraglands.com/ren.gif?sid=H4sIAAAAAAAC%2F1RST2gkxReu3p1TfpefungRZFgQFGTS3TPTM%2BMiizFGgnGzf1z8c5Hqrp5JOdVdTVXX9CSn4ILscQ5e9FT5JtmgBtGjBxeZBBYJipmLBDQnr56ExaP0ODj6oPu9V98r%2BN731Ud75oL4MPR89U25w4Wgy82aW33%2BHc%2B7Vt3gqRlWh%2B3g%2FaBxraoGL3WCmvtC9fU46stl3%2FVc13O96hpXcVcOl0sQPDvqeLWOW2v4Na%2FZwFD9t9fGgaYO2OCCPAnOppUT5wp4NEGafLUa634usxdfS4yguVQYsMO7aT%2BVRYpkUXaVg256OJ%2BG1GdrDyHTgxldyME%2FgyGfEufRQ4Tp4ZwkwsH%2BjGcoEKcI2f9QDCaIxQScThDJe%2BDsjAARw41NpMmDG1IVdPtvlJbolFQe%2FwFeTEnl1ytIky9XBB9W70hhci5TjWHXgg8n4L0JMnOMfOcSeHGMKP8QnP1Ilh9vIE32N7WQ4MzOdud8At6dQMQjUO3AlB93YLoOTOYgYefVyPO8lssi6rY7UVRnrTgMmOvRVtejnhu0YaKS3gh5NkIkRojULjK1iz4fQZnvoLcsNHOg8ylxbu1iwCyKmKDQBAUlKDhBkRMUA3vAhPa1fcCENqE3z%2F481%2B1Y5r09eiDzXpwSUDWCYnYvuyBPlPo475146MfnVa%2Fls07Qdv1Gs9msx2236VPaDWMvZEGDenVobsH1pdnKO3xK2k%2F%2Fgqz0rG8R0mNocYyIXwU1HmhhQbcsdtKjnKfbRolaIkMOJi2yvIJ829kTF%2BSZmUNXK7cQR6fXHy29nI1%2FXkKkLDJl8QE%2FIeiJ%2B%2BPbsiD7t2WhydebWc4TvkNL9%2B7kNI8vf%2F5GvF1IxdZX9eizV6ISKMujt2Kdb9CU8bSnyRcrnLFYrUkVxeTbdf12HN40emvFqNRkGzdfXVtPMhVrzWU6AeVnm38i4lNSee6p2bP8%2Fw%2B%2Fg6sJlLFIzCmZB7g8RpTtQmcL9loSKLGYCbPLKIwdKz9cHApOIOJFT0ML%2Fa8%2BXNRjRcvblNs9fR89VQHN7yFNLAbKYiAsqBhBm6VxnqnT699%2FUsanCEVlHApV2Q%2BFEh%2BXIr9b%2Fu7O5J6SZ39qQPPzaqted2nQaXqtFo1bYcNvdwOPUeo3Aj8IaB25nnbrv33zFwAAAP%2F%2FAQAA%2F%2F%2F2Il8YegQAAA%3D%3D IP192.243.59.13:443 ASN#39572 DataWeb Global Group B.V.
CertificateIssuerLet's Encrypt Subjectimpostersierraglands.com Fingerprint2F:7B:27:C2:0D:EE:8C:B7:B5:3C:0D:29:8F:73:5B:FD:2E:C0:AE:86 ValidityMon, 29 Apr 2024 08:30:48 GMT - Sun, 28 Jul 2024 08:30:47 GMT
File typeASCII text, with no line terminators Hash132d6af1b46048b45cf86cdee7991d31 eb7007d03d59b65bc6da7e098c4d38fc6dfb6285 ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RST2gkxReu3p1TfpefungRZFgQFGTS3TPTM%2BMiizFGgnGzf1z8c5Hqrp5JOdVdTVXX9CSn4ILscQ5e9FT5JtmgBtGjBxeZBBYJipmLBDQnr56ExaP0ODj6oPu9V98r%2BN731Ud75oL4MPR89U25w4Wgy82aW33%2BHc%2B7Vt3gqRlWh%2B3g%2FaBxraoGL3WCmvtC9fU46stl3%2FVc13O96hpXcVcOl0sQPDvqeLWOW2v4Na%2FZwFD9t9fGgaYO2OCCPAnOppUT5wp4NEGafLUa634usxdfS4yguVQYsMO7aT%2BVRYpkUXaVg256OJ%2BG1GdrDyHTgxldyME%2FgyGfEufRQ4Tp4ZwkwsH%2BjGcoEKcI2f9QDCaIxQScThDJe%2BDsjAARw41NpMmDG1IVdPtvlJbolFQe%2FwFeTEnl1ytIky9XBB9W70hhci5TjWHXgg8n4L0JMnOMfOcSeHGMKP8QnP1Ilh9vIE32N7WQ4MzOdud8At6dQMQjUO3AlB93YLoOTOYgYefVyPO8lssi6rY7UVRnrTgMmOvRVtejnhu0YaKS3gh5NkIkRojULjK1iz4fQZnvoLcsNHOg8ylxbu1iwCyKmKDQBAUlKDhBkRMUA3vAhPa1fcCENqE3z%2F481%2B1Y5r09eiDzXpwSUDWCYnYvuyBPlPo475146MfnVa%2Fls07Qdv1Gs9msx2236VPaDWMvZEGDenVobsH1pdnKO3xK2k%2F%2Fgqz0rG8R0mNocYyIXwU1HmhhQbcsdtKjnKfbRolaIkMOJi2yvIJ829kTF%2BSZmUNXK7cQR6fXHy29nI1%2FXkKkLDJl8QE%2FIeiJ%2B%2BPbsiD7t2WhydebWc4TvkNL9%2B7kNI8vf%2F5GvF1IxdZX9eizV6ISKMujt2Kdb9CU8bSnyRcrnLFYrUkVxeTbdf12HN40emvFqNRkGzdfXVtPMhVrzWU6AeVnm38i4lNSee6p2bP8%2Fw%2B%2Fg6sJlLFIzCmZB7g8RpTtQmcL9loSKLGYCbPLKIwdKz9cHApOIOJFT0ML%2Fa8%2BXNRjRcvblNs9fR89VQHN7yFNLAbKYiAsqBhBm6VxnqnT699%2FUsanCEVlHApV2Q%2BFEh%2BXIr9b%2Fu7O5J6SZ39qQPPzaqted2nQaXqtFo1bYcNvdwOPUeo3Aj8IaB25nnbrv33zFwAAAP%2F%2FAQAA%2F%2F%2F2Il8YegQAAA%3D%3D HTTP/1.1
Host: impostersierraglands.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Cookie: u_pl=22725681; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec172d9680245553e8052aafbe1bd64a13=[2229337,2229333,2229329,2019380]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 02 May 2024 19:08:42 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7203cf0511eb1958b4045746d3377936
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| impostersierraglands.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSS2gkRRiuXucULz4WL4IMC4KCTLrnHRdZjDESjJt9uPi4SL16Uk51V1PVPT3JKbgge5yDFz11vkk2qEH06MFFJoFFgmLmIgHNybsHYfEoPQZHf6j%2FUd9f8P3%2FVx%2FvZuekjoyerbxltpXWdLFV86svvBsEV6vrKs6G1WG3%2FUG7ebVqBy8vtWv%2Bi9U3JO%2Bbxbof%2BH7gB9VVZWVohoslCJUcLgW1Jb%2FWrNeCVhND%2B%2F%2FaZR4c9SAG5%2BQpKDGtHHuXofgEcfT1inT91CQvvR5lmqbGYiAO7sT92OQxonkaWg9hfHDRDeNOVx%2FAxPszujCDfxuZmhLv4QOw%2BOCCJNhgb8aTacgYTDyOfDCB1BMoOgE3d6HEKQG4wPUNxNH968bmdOsflJbolFQe%2FQmVT0nlt8uIo6%2BWtRpWbxudpcrEDsOwgBpOoHoTJNkR0u1LUPkRePoRlPiJLD5aRxztbThtoEQxm12pCVQ4gZYjUOchK4%2FykIUessRDJM6qPAiCji849btLnDdER7K28APaCQMa%2BO0uMl7SGyFNRuB6BG53kNgd9NUINvsebrOAEx5cOiXezR0MRIFcEuSOIKcEuSLIU4J8UOwL7equuC%2B0y1hwEesXsVGMTdrbpfsm7cmYgNoRrCh2k3PyZLkf7%2F3jAH15Vg06dbHU7vr1ZqvVasiu36pTGjIZMNFu0qABpwood2k28raaku4zvyIpNesXYPQITh%2BBqyugWQCaF6CbBbbjw1TFW5nVtcgwBWEKJGkF6Za3q8%2FJszOFrlTeg%2BQn1x4uvJKMf1kAtwUSW%2BBDdUzQ0%2FfGt0xO9m6Z3JFvNpJURWqblurdTmkqH%2FviTbmVGyvWVtzo81d5CZTp4dvSpes0FiruOfLlshJC2lVjuSTfrbl3JLuRuc3lzMZZsn7jtdW1KLHSOWXiCag63fgLXE1J5fmnZ9%2FyiR%2F%2FgLIT2KxAlJ2QC4MyR%2BDJDlwyZ%2B8MgdXzHpZ4yLNibOtsfqkVgZbzmrIC7j81m%2BdjS8vXVBW77h56tgKa3kUcFRjYAgNdgOoRXLYwThN7cu2HT0v7DExXxkzbyh7TVn8yW3Lp7pTu5pQ893MTTp1VG77oMBnKDpPNVjOUXLBWi%2Fk85Kwhul2O1E3Dxu%2Ff%2Fg0AAP%2F%2FAQAA%2F%2F%2BzigiTegQAAA%3D%3D | 192.243.59.13 | 200 OK | 7 B |
URL GET HTTP/1.1impostersierraglands.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSS2gkRRiuXucULz4WL4IMC4KCTLrnHRdZjDESjJt9uPi4SL16Uk51V1PVPT3JKbgge5yDFz11vkk2qEH06MFFJoFFgmLmIgHNybsHYfEoPQZHf6j%2FUd9f8P3%2FVx%2FvZuekjoyerbxltpXWdLFV86svvBsEV6vrKs6G1WG3%2FUG7ebVqBy8vtWv%2Bi9U3JO%2Bbxbof%2BH7gB9VVZWVohoslCJUcLgW1Jb%2FWrNeCVhND%2B%2F%2FaZR4c9SAG5%2BQpKDGtHHuXofgEcfT1inT91CQvvR5lmqbGYiAO7sT92OQxonkaWg9hfHDRDeNOVx%2FAxPszujCDfxuZmhLv4QOw%2BOCCJNhgb8aTacgYTDyOfDCB1BMoOgE3d6HEKQG4wPUNxNH968bmdOsflJbolFQe%2FQmVT0nlt8uIo6%2BWtRpWbxudpcrEDsOwgBpOoHoTJNkR0u1LUPkRePoRlPiJLD5aRxztbThtoEQxm12pCVQ4gZYjUOchK4%2FykIUessRDJM6qPAiCji849btLnDdER7K28APaCQMa%2BO0uMl7SGyFNRuB6BG53kNgd9NUINvsebrOAEx5cOiXezR0MRIFcEuSOIKcEuSLIU4J8UOwL7equuC%2B0y1hwEesXsVGMTdrbpfsm7cmYgNoRrCh2k3PyZLkf7%2F3jAH15Vg06dbHU7vr1ZqvVasiu36pTGjIZMNFu0qABpwood2k28raaku4zvyIpNesXYPQITh%2BBqyugWQCaF6CbBbbjw1TFW5nVtcgwBWEKJGkF6Za3q8%2FJszOFrlTeg%2BQn1x4uvJKMf1kAtwUSW%2BBDdUzQ0%2FfGt0xO9m6Z3JFvNpJURWqblurdTmkqH%2FviTbmVGyvWVtzo81d5CZTp4dvSpes0FiruOfLlshJC2lVjuSTfrbl3JLuRuc3lzMZZsn7jtdW1KLHSOWXiCag63fgLXE1J5fmnZ9%2FyiR%2F%2FgLIT2KxAlJ2QC4MyR%2BDJDlwyZ%2B8MgdXzHpZ4yLNibOtsfqkVgZbzmrIC7j81m%2BdjS8vXVBW77h56tgKa3kUcFRjYAgNdgOoRXLYwThN7cu2HT0v7DExXxkzbyh7TVn8yW3Lp7pTu5pQ893MTTp1VG77oMBnKDpPNVjOUXLBWi%2Fk85Kwhul2O1E3Dxu%2Ff%2Fg0AAP%2F%2FAQAA%2F%2F%2BzigiTegQAAA%3D%3D IP192.243.59.13:443 ASN#39572 DataWeb Global Group B.V.
CertificateIssuerLet's Encrypt Subjectimpostersierraglands.com Fingerprint2F:7B:27:C2:0D:EE:8C:B7:B5:3C:0D:29:8F:73:5B:FD:2E:C0:AE:86 ValidityMon, 29 Apr 2024 08:30:48 GMT - Sun, 28 Jul 2024 08:30:47 GMT
File typeASCII text, with no line terminators Hash132d6af1b46048b45cf86cdee7991d31 eb7007d03d59b65bc6da7e098c4d38fc6dfb6285 ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSS2gkRRiuXucULz4WL4IMC4KCTLrnHRdZjDESjJt9uPi4SL16Uk51V1PVPT3JKbgge5yDFz11vkk2qEH06MFFJoFFgmLmIgHNybsHYfEoPQZHf6j%2FUd9f8P3%2FVx%2FvZuekjoyerbxltpXWdLFV86svvBsEV6vrKs6G1WG3%2FUG7ebVqBy8vtWv%2Bi9U3JO%2Bbxbof%2BH7gB9VVZWVohoslCJUcLgW1Jb%2FWrNeCVhND%2B%2F%2FaZR4c9SAG5%2BQpKDGtHHuXofgEcfT1inT91CQvvR5lmqbGYiAO7sT92OQxonkaWg9hfHDRDeNOVx%2FAxPszujCDfxuZmhLv4QOw%2BOCCJNhgb8aTacgYTDyOfDCB1BMoOgE3d6HEKQG4wPUNxNH968bmdOsflJbolFQe%2FQmVT0nlt8uIo6%2BWtRpWbxudpcrEDsOwgBpOoHoTJNkR0u1LUPkRePoRlPiJLD5aRxztbThtoEQxm12pCVQ4gZYjUOchK4%2FykIUessRDJM6qPAiCji849btLnDdER7K28APaCQMa%2BO0uMl7SGyFNRuB6BG53kNgd9NUINvsebrOAEx5cOiXezR0MRIFcEuSOIKcEuSLIU4J8UOwL7equuC%2B0y1hwEesXsVGMTdrbpfsm7cmYgNoRrCh2k3PyZLkf7%2F3jAH15Vg06dbHU7vr1ZqvVasiu36pTGjIZMNFu0qABpwood2k28raaku4zvyIpNesXYPQITh%2BBqyugWQCaF6CbBbbjw1TFW5nVtcgwBWEKJGkF6Za3q8%2FJszOFrlTeg%2BQn1x4uvJKMf1kAtwUSW%2BBDdUzQ0%2FfGt0xO9m6Z3JFvNpJURWqblurdTmkqH%2FviTbmVGyvWVtzo81d5CZTp4dvSpes0FiruOfLlshJC2lVjuSTfrbl3JLuRuc3lzMZZsn7jtdW1KLHSOWXiCag63fgLXE1J5fmnZ9%2FyiR%2F%2FgLIT2KxAlJ2QC4MyR%2BDJDlwyZ%2B8MgdXzHpZ4yLNibOtsfqkVgZbzmrIC7j81m%2BdjS8vXVBW77h56tgKa3kUcFRjYAgNdgOoRXLYwThN7cu2HT0v7DExXxkzbyh7TVn8yW3Lp7pTu5pQ893MTTp1VG77oMBnKDpPNVjOUXLBWi%2Fk85Kwhul2O1E3Dxu%2Ff%2Fg0AAP%2F%2FAQAA%2F%2F%2BzigiTegQAAA%3D%3D HTTP/1.1
Host: impostersierraglands.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Cookie: u_pl=22725681; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec172d9680245553e8052aafbe1bd64a13=[2229337,2229333,2229329,2019380]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 02 May 2024 19:08:42 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b9b6bd0d16a68da83689562974289d42
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| libelradioactive.com/pixel/purst?dl=0&th=0&sc=0&rs=2996&rd=2996&fd=912&bv=24.4.7838&tmpl=136 | 192.243.59.12 | 200 OK | 0 B |
URL GET HTTP/1.1libelradioactive.com/pixel/purst?dl=0&th=0&sc=0&rs=2996&rd=2996&fd=912&bv=24.4.7838&tmpl=136 IP192.243.59.12:443 ASN#39572 DataWeb Global Group B.V.
CertificateIssuerLet's Encrypt Subjectlibelradioactive.com Fingerprint67:CA:55:0B:86:A5:5E:11:56:7F:8D:2D:DA:DF:44:8B:02:34:F3:5D ValidityMon, 29 Apr 2024 13:04:09 GMT - Sun, 28 Jul 2024 13:04:08 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pixel/purst?dl=0&th=0&sc=0&rs=2996&rd=2996&fd=912&bv=24.4.7838&tmpl=136 HTTP/1.1
Host: libelradioactive.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 02 May 2024 19:08:42 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| downstairsnegotiatebarren.com/sfp.js | 188.114.96.1 | 200 OK | 28 kB |
URL GET HTTP/2downstairsnegotiatebarren.com/sfp.js IP188.114.96.1:443
CertificateIssuerLet's Encrypt Subjectdownstairsnegotiatebarren.com Fingerprint2C:6A:E1:8E:26:5B:1D:8B:86:CB:C1:72:4E:52:4B:8B:67:3A:D2:44 ValidityMon, 04 Mar 2024 21:53:07 GMT - Sun, 02 Jun 2024 21:53:06 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators Hashf4a2f8f9f99541c6f105bbd0a025bd40 1f8e3eff12168fdd9e719adfc098d24a45b6916a b717cb04231a10d425fd55b73c85a5407119c6826a8bac94142fddfff6958716
GET /sfp.js HTTP/1.1
Host: downstairsnegotiatebarren.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 02 May 2024 19:08:41 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: d49878e8ec34184a94ae94f61b282ebf
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Thu, 02 May 2024 19:08:41 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9pHf1lmz4W%2Bh%2Fppev4jvdFCB9VjjdVIEG3zX5v6db0EWmzbUFDHqbyVVX2n5bH5la0u9shX4PV3l8yipt336%2F76cchHdbn1pePln3wI5vTuCGlb0zbUsmq5I2qostSMiqxrOOv17jBRH9DrO%2FUD69Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87da4d299c1a56bd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| impostersierraglands.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSTWgkRRSuXue0XvxZvAgyLAgKMume%2F7jI4hqzBONmf1z8uUj99aSc6q6mqnt6Ml6CC7LHOXjRU%2BebZIMaFj16cJFJYJGgmLlIQAOCZy%2FC4lF6DEYfdL%2F36nsF3%2Fu%2B%2BngrOyF1ZPR46U0zUlrThVbNr77wThBcqq6qOBtWh932%2B%2B3mpaodvLzYrvkvVq9K3jcLdT%2Fw%2FcAPqsvKytAMF0oQKtlbDGqLfq1ZrwWtJob2%2F73LPDjqQQxOyFNQYlY58C5A8Sni6Ksl6fqpSV56Pco0TY3FQOzejvuxyWNEZ2VoPYTx7uk0jDtafgAT78zpwgz%2BHWRqRryHD8Di3VOSYIPtOU%2BmIWMw8TjywRRST6HoFNzcgRJHBOAC19YQR%2FeuGZvTjX9QWqIzUnn0J1Q%2BI5VfLyCO7l%2FRali9ZXSWKhM7DMMCajiF6k2RZPtIR%2Beg8n3w9CMo8SNZeLSKONpec9pAiWK%2Bu1JTqHAKLcegzkNWfspDFnrIEg%2BROK7yIAg6vuDU7y5y3hAdydrCD2gnDGjgt7vIeElvjDQZg%2BsxuN1EYjfRV2PY7Du49QJOeHDpjHg3NjEQBXJJkDuCnBLkiiBPCfJBsSO0q7vintAuY8Fprp%2FmRjExaW%2BL7pi0J2MCasewothKTsiTpT7eewcB%2BvK4GnTqYrHd9evNVqvVkF2%2FVac0ZDJgot2kQQNOFVDu3HzlkZqR7jO%2FICk96xdgdB9O74Ori6BZAJoXoOsFRvFequKNzOpaZJiCMAWStIJ0w9vSJ%2BTZuUMXK7ch%2BeHlh%2BdfSSY%2Fnwe3BRJb4AN1QNDTdyc3TU62b5rcka%2FXklRFakRL926lNJWPffGG3MiNFStLbvz5q7wEynLvLenSVRoLFfcc%2BfKKEkLaZWO5JN%2BuuLclu5659SuZjbNk9fpryytRYqVzysRTUHW09he4mpHK80%2FPn%2BUTP%2FwBZaewWYEoOySnAWX2wZNNuOTwcjr67er9Cx%2FCGQKrz2ZYcg55VkxsnZ0dakWg5VlPWQH3n56d1RNLy9tUFVvuLnq2ApreQRwVGNgCA12A6jFcdn6SJvbw8veflvEZmK5MmLaVbaat%2FqQU%2Bd250uXvxow891MTTh1XG77oMBnKDpPNVjOUXLBWi%2Fk85Kwhul2O1M3Cxu%2Ff%2FA0AAP%2F%2FAQAA%2F%2F%2BJrzXpegQAAA%3D%3D | 172.240.127.234 | 200 OK | 7 B |
URL GET HTTP/1.1impostersierraglands.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSTWgkRRSuXue0XvxZvAgyLAgKMume%2F7jI4hqzBONmf1z8uUj99aSc6q6mqnt6Ml6CC7LHOXjRU%2BebZIMaFj16cJFJYJGgmLlIQAOCZy%2FC4lF6DEYfdL%2F36nsF3%2Fu%2B%2BngrOyF1ZPR46U0zUlrThVbNr77wThBcqq6qOBtWh932%2B%2B3mpaodvLzYrvkvVq9K3jcLdT%2Fw%2FcAPqsvKytAMF0oQKtlbDGqLfq1ZrwWtJob2%2F73LPDjqQQxOyFNQYlY58C5A8Sni6Ksl6fqpSV56Pco0TY3FQOzejvuxyWNEZ2VoPYTx7uk0jDtafgAT78zpwgz%2BHWRqRryHD8Di3VOSYIPtOU%2BmIWMw8TjywRRST6HoFNzcgRJHBOAC19YQR%2FeuGZvTjX9QWqIzUnn0J1Q%2BI5VfLyCO7l%2FRali9ZXSWKhM7DMMCajiF6k2RZPtIR%2Beg8n3w9CMo8SNZeLSKONpec9pAiWK%2Bu1JTqHAKLcegzkNWfspDFnrIEg%2BROK7yIAg6vuDU7y5y3hAdydrCD2gnDGjgt7vIeElvjDQZg%2BsxuN1EYjfRV2PY7Du49QJOeHDpjHg3NjEQBXJJkDuCnBLkiiBPCfJBsSO0q7vintAuY8Fprp%2FmRjExaW%2BL7pi0J2MCasewothKTsiTpT7eewcB%2BvK4GnTqYrHd9evNVqvVkF2%2FVac0ZDJgot2kQQNOFVDu3HzlkZqR7jO%2FICk96xdgdB9O74Ori6BZAJoXoOsFRvFequKNzOpaZJiCMAWStIJ0w9vSJ%2BTZuUMXK7ch%2BeHlh%2BdfSSY%2Fnwe3BRJb4AN1QNDTdyc3TU62b5rcka%2FXklRFakRL926lNJWPffGG3MiNFStLbvz5q7wEynLvLenSVRoLFfcc%2BfKKEkLaZWO5JN%2BuuLclu5659SuZjbNk9fpryytRYqVzysRTUHW09he4mpHK80%2FPn%2BUTP%2FwBZaewWYEoOySnAWX2wZNNuOTwcjr67er9Cx%2FCGQKrz2ZYcg55VkxsnZ0dakWg5VlPWQH3n56d1RNLy9tUFVvuLnq2ApreQRwVGNgCA12A6jFcdn6SJvbw8veflvEZmK5MmLaVbaat%2FqQU%2Bd250uXvxow891MTTh1XG77oMBnKDpPNVjOUXLBWi%2Fk85Kwhul2O1M3Cxu%2Ff%2FA0AAP%2F%2FAQAA%2F%2F%2BJrzXpegQAAA%3D%3D IP172.240.127.234:443
CertificateIssuerLet's Encrypt Subjectimpostersierraglands.com Fingerprint2F:7B:27:C2:0D:EE:8C:B7:B5:3C:0D:29:8F:73:5B:FD:2E:C0:AE:86 ValidityMon, 29 Apr 2024 08:30:48 GMT - Sun, 28 Jul 2024 08:30:47 GMT
File typeASCII text, with no line terminators Hash132d6af1b46048b45cf86cdee7991d31 eb7007d03d59b65bc6da7e098c4d38fc6dfb6285 ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSTWgkRRSuXue0XvxZvAgyLAgKMume%2F7jI4hqzBONmf1z8uUj99aSc6q6mqnt6Ml6CC7LHOXjRU%2BebZIMaFj16cJFJYJGgmLlIQAOCZy%2FC4lF6DEYfdL%2F36nsF3%2Fu%2B%2BngrOyF1ZPR46U0zUlrThVbNr77wThBcqq6qOBtWh932%2B%2B3mpaodvLzYrvkvVq9K3jcLdT%2Fw%2FcAPqsvKytAMF0oQKtlbDGqLfq1ZrwWtJob2%2F73LPDjqQQxOyFNQYlY58C5A8Sni6Ksl6fqpSV56Pco0TY3FQOzejvuxyWNEZ2VoPYTx7uk0jDtafgAT78zpwgz%2BHWRqRryHD8Di3VOSYIPtOU%2BmIWMw8TjywRRST6HoFNzcgRJHBOAC19YQR%2FeuGZvTjX9QWqIzUnn0J1Q%2BI5VfLyCO7l%2FRali9ZXSWKhM7DMMCajiF6k2RZPtIR%2Beg8n3w9CMo8SNZeLSKONpec9pAiWK%2Bu1JTqHAKLcegzkNWfspDFnrIEg%2BROK7yIAg6vuDU7y5y3hAdydrCD2gnDGjgt7vIeElvjDQZg%2BsxuN1EYjfRV2PY7Du49QJOeHDpjHg3NjEQBXJJkDuCnBLkiiBPCfJBsSO0q7vintAuY8Fprp%2FmRjExaW%2BL7pi0J2MCasewothKTsiTpT7eewcB%2BvK4GnTqYrHd9evNVqvVkF2%2FVac0ZDJgot2kQQNOFVDu3HzlkZqR7jO%2FICk96xdgdB9O74Ori6BZAJoXoOsFRvFequKNzOpaZJiCMAWStIJ0w9vSJ%2BTZuUMXK7ch%2BeHlh%2BdfSSY%2Fnwe3BRJb4AN1QNDTdyc3TU62b5rcka%2FXklRFakRL926lNJWPffGG3MiNFStLbvz5q7wEynLvLenSVRoLFfcc%2BfKKEkLaZWO5JN%2BuuLclu5659SuZjbNk9fpryytRYqVzysRTUHW09he4mpHK80%2FPn%2BUTP%2FwBZaewWYEoOySnAWX2wZNNuOTwcjr67er9Cx%2FCGQKrz2ZYcg55VkxsnZ0dakWg5VlPWQH3n56d1RNLy9tUFVvuLnq2ApreQRwVGNgCA12A6jFcdn6SJvbw8veflvEZmK5MmLaVbaat%2FqQU%2Bd250uXvxow891MTTh1XG77oMBnKDpPNVjOUXLBWi%2Fk85Kwhul2O1M3Cxu%2Ff%2FA0AAP%2F%2FAQAA%2F%2F%2BJrzXpegQAAA%3D%3D HTTP/1.1
Host: impostersierraglands.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Cookie: u_pl=22725681; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec172d9680245553e8052aafbe1bd64a13=[2229337,2229333,2229329,2019380]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 02 May 2024 19:08:42 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c9a3523880cc010cb4d1459a1cb51e5d
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| impostersierraglands.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSy2skRRivXucUQVAXL4IMC4KKTLrnHRdZjDESjJt9uPi4SL16Uk51V1PVPT3JKbgge5yDFz11fpNsUIPo0YOLTAKLBMTMRQKak%2F%2BBsHiUng2OflDfo35fwe%2F7fvXZbnZO6sjo2cq7ZltpTRdbNb%2F60gdBcLW6ruJsWB122x%2B3m1erdvDaUrvmv1x9W%2FK%2BWaz7ge8HflBdVVaGZrhYglDJ4VJQW%2FJrzXotaDUxtP%2BvXebBUQ9icE6egRLTyrF3GYpPEEffrUjXT03y6ltRpmlqLAbi4E7cj00eI5qnofUQxgcX3TDudPUBTLw%2Fowsz%2BLeRqSnxHj4Aiw8uSIIN9mY8mYaMwcSTyAcTSD2BohNwcxdKnBKAC1zfQBzdv25sTrceo7REp6Ty6C%2BofEoqf1xGHH27rNWwetvoLFUmdhiGBdRwAtWbIMmOkG5fgsqPwNNPocQvZPHROuJob8NpAyWK2exKTaDCCbQcgToPWXmUhyz0kCUeInFW5UEQdHzBqd9d4rwhOpK1hR%2FQThjQwG93kfGS3ghpMgLXI3C7g8TuoK9GsNlPcJsFnPDg0inxbu5gIArkkiB3BDklyBVBnhLkg2JfaFd3xX2hXcaCi1i%2FiI1ibNLeLt03aU%2FGBNSOYEWxm5yTp8v9eB8dB%2BjLs2rQqYuldtevN1utVkN2%2FVad0pDJgIl2kwYNOFVAuUuzkbfVlHSf%2Bx1JqVm%2FAKNHcPoIXF0BzQLQvADdLLAdH6Yq3sqsrkWGKQhTIEkrSLe8XX1Onp8p9MKvTUh%2Bcu3hwuvJ%2BLcFcFsgsQU%2BUccEPX1vfMvkZO%2BWyR35fiNJVaS2aane7ZSm8omv35FbubFibcWNvnqDl0CZHr4nXbpOY6HiniPfLCshpF01lkvy45p7X7IbmdtczmycJes33lxdixIrnVMmnoCq042%2FwdWUVF58dvYtnzp9BcpOYLMCUXZCLgzKHIEnO3DJnL0zBFbPe1hSQZ4VY1tn80utCLSc15QVcP%2Bp2TwfW1q%2BpqrYdffQsxXQ9C7iqMDAFhjoAlSP4LKFcZrYk2s%2Ff1Hal2C6MmbaVvaYtvrzKblS%2BbB0d0p38%2FHOnTqrNnzRYTKUHSabrWYouWCtFvN5yFlDdLscqZuGjT9%2F%2BAcAAP%2F%2FAQAA%2F%2F%2FeTmdIegQAAA%3D%3D | 172.240.127.234 | 200 OK | 7 B |
URL GET HTTP/1.1impostersierraglands.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSy2skRRivXucUQVAXL4IMC4KKTLrnHRdZjDESjJt9uPi4SL16Uk51V1PVPT3JKbgge5yDFz11fpNsUIPo0YOLTAKLBMTMRQKak%2F%2BBsHiUng2OflDfo35fwe%2F7fvXZbnZO6sjo2cq7ZltpTRdbNb%2F60gdBcLW6ruJsWB122x%2B3m1erdvDaUrvmv1x9W%2FK%2BWaz7ge8HflBdVVaGZrhYglDJ4VJQW%2FJrzXotaDUxtP%2BvXebBUQ9icE6egRLTyrF3GYpPEEffrUjXT03y6ltRpmlqLAbi4E7cj00eI5qnofUQxgcX3TDudPUBTLw%2Fowsz%2BLeRqSnxHj4Aiw8uSIIN9mY8mYaMwcSTyAcTSD2BohNwcxdKnBKAC1zfQBzdv25sTrceo7REp6Ty6C%2BofEoqf1xGHH27rNWwetvoLFUmdhiGBdRwAtWbIMmOkG5fgsqPwNNPocQvZPHROuJob8NpAyWK2exKTaDCCbQcgToPWXmUhyz0kCUeInFW5UEQdHzBqd9d4rwhOpK1hR%2FQThjQwG93kfGS3ghpMgLXI3C7g8TuoK9GsNlPcJsFnPDg0inxbu5gIArkkiB3BDklyBVBnhLkg2JfaFd3xX2hXcaCi1i%2FiI1ibNLeLt03aU%2FGBNSOYEWxm5yTp8v9eB8dB%2BjLs2rQqYuldtevN1utVkN2%2FVad0pDJgIl2kwYNOFVAuUuzkbfVlHSf%2Bx1JqVm%2FAKNHcPoIXF0BzQLQvADdLLAdH6Yq3sqsrkWGKQhTIEkrSLe8XX1Onp8p9MKvTUh%2Bcu3hwuvJ%2BLcFcFsgsQU%2BUccEPX1vfMvkZO%2BWyR35fiNJVaS2aane7ZSm8omv35FbubFibcWNvnqDl0CZHr4nXbpOY6HiniPfLCshpF01lkvy45p7X7IbmdtczmycJes33lxdixIrnVMmnoCq042%2FwdWUVF58dvYtnzp9BcpOYLMCUXZCLgzKHIEnO3DJnL0zBFbPe1hSQZ4VY1tn80utCLSc15QVcP%2Bp2TwfW1q%2BpqrYdffQsxXQ9C7iqMDAFhjoAlSP4LKFcZrYk2s%2Ff1Hal2C6MmbaVvaYtvrzKblS%2BbB0d0p38%2FHOnTqrNnzRYTKUHSabrWYouWCtFvN5yFlDdLscqZuGjT9%2F%2BAcAAP%2F%2FAQAA%2F%2F%2FeTmdIegQAAA%3D%3D IP172.240.127.234:443
CertificateIssuerLet's Encrypt Subjectimpostersierraglands.com Fingerprint2F:7B:27:C2:0D:EE:8C:B7:B5:3C:0D:29:8F:73:5B:FD:2E:C0:AE:86 ValidityMon, 29 Apr 2024 08:30:48 GMT - Sun, 28 Jul 2024 08:30:47 GMT
File typeASCII text, with no line terminators Hash132d6af1b46048b45cf86cdee7991d31 eb7007d03d59b65bc6da7e098c4d38fc6dfb6285 ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSy2skRRivXucUQVAXL4IMC4KKTLrnHRdZjDESjJt9uPi4SL16Uk51V1PVPT3JKbgge5yDFz11fpNsUIPo0YOLTAKLBMTMRQKak%2F%2BBsHiUng2OflDfo35fwe%2F7fvXZbnZO6sjo2cq7ZltpTRdbNb%2F60gdBcLW6ruJsWB122x%2B3m1erdvDaUrvmv1x9W%2FK%2BWaz7ge8HflBdVVaGZrhYglDJ4VJQW%2FJrzXotaDUxtP%2BvXebBUQ9icE6egRLTyrF3GYpPEEffrUjXT03y6ltRpmlqLAbi4E7cj00eI5qnofUQxgcX3TDudPUBTLw%2Fowsz%2BLeRqSnxHj4Aiw8uSIIN9mY8mYaMwcSTyAcTSD2BohNwcxdKnBKAC1zfQBzdv25sTrceo7REp6Ty6C%2BofEoqf1xGHH27rNWwetvoLFUmdhiGBdRwAtWbIMmOkG5fgsqPwNNPocQvZPHROuJob8NpAyWK2exKTaDCCbQcgToPWXmUhyz0kCUeInFW5UEQdHzBqd9d4rwhOpK1hR%2FQThjQwG93kfGS3ghpMgLXI3C7g8TuoK9GsNlPcJsFnPDg0inxbu5gIArkkiB3BDklyBVBnhLkg2JfaFd3xX2hXcaCi1i%2FiI1ibNLeLt03aU%2FGBNSOYEWxm5yTp8v9eB8dB%2BjLs2rQqYuldtevN1utVkN2%2FVad0pDJgIl2kwYNOFVAuUuzkbfVlHSf%2Bx1JqVm%2FAKNHcPoIXF0BzQLQvADdLLAdH6Yq3sqsrkWGKQhTIEkrSLe8XX1Onp8p9MKvTUh%2Bcu3hwuvJ%2BLcFcFsgsQU%2BUccEPX1vfMvkZO%2BWyR35fiNJVaS2aane7ZSm8omv35FbubFibcWNvnqDl0CZHr4nXbpOY6HiniPfLCshpF01lkvy45p7X7IbmdtczmycJes33lxdixIrnVMmnoCq042%2FwdWUVF58dvYtnzp9BcpOYLMCUXZCLgzKHIEnO3DJnL0zBFbPe1hSQZ4VY1tn80utCLSc15QVcP%2Bp2TwfW1q%2BpqrYdffQsxXQ9C7iqMDAFhjoAlSP4LKFcZrYk2s%2Ff1Hal2C6MmbaVvaYtvrzKblS%2BbB0d0p38%2FHOnTqrNnzRYTKUHSabrWYouWCtFvN5yFlDdLscqZuGjT9%2F%2BAcAAP%2F%2FAQAA%2F%2F%2FeTmdIegQAAA%3D%3D HTTP/1.1
Host: impostersierraglands.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Cookie: u_pl=22725681; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec172d9680245553e8052aafbe1bd64a13=[2229337,2229333,2229329,2019380]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 02 May 2024 19:08:42 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: aa4f13ec260f689eb9447ffd04eacef9
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| impostersierraglands.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSTWgkVRd9NdOrfJtPHdwI0gwICtKp6v84yGCMkWCczI%2BDPxt5f9V59qt6xXtVXZ2sggMyy1640VXldDJBDaJLFw7SCQwSFNMbCWhWbl0Jg0upNth6oere%2B859cO4576Pd7JzUkdGzlTfNttKaLrZqfvX5d4LgWnVdxdmwOuy23283r1Xt4KWlds1%2Fofq65H2zWPcD3w%2F8oLqqrAzNcLEEoZLDpaC25Nea9VrQamJo%2F9u7zIOjHsTgnDwJJaaVY%2B8KFJ8gjr5aka6fmuTF16JM09RYDMTB3bgfmzxGNC9D6yGMDy6mYdzp6kOYeH9GF2bwzyBTU%2BI9eggWH1yQBBvszXgyDRmDif8hH0wg9QSKTsDNPShxSgAucGMDcfTghrE53fobpSU6JZXHf0DlU1L59Qri6MtlrYbVO0ZnqTKxwzAsoIYTqN4ESXaEdPsSVH4Enn4IJX4ki4%2FXEUd7G04bKFHMdldqAhVOoOUI1HnIyk95yEIPWeIhEmdVHgRBxxec%2Bt0lzhuiI1lb%2BAHthAEN%2FHYXGS%2FpjZAmI3A9Arc7SOwO%2BmoEm30Ht1nACQ8unRLv1g4GokAuCXJHkFOCXBHkKUE%2BKPaFdnVXPBDaZSy4yPWL3CjGJu3t0n2T9mRMQO0IVhS7yTl5otTHe%2B84QF%2BeVYNOXSy1u3692Wq1GrLrt%2BqUhkwGTLSbNGjAqQLKXZqtvK2mpPv0L0hKz%2FoFGD2C00fg6ipoFoDmBehmge34MFXxVmZ1LTJMQZgCSVpBuuXt6nPyzMyhq5VbkPzk%2BqOFl5PxzwvgtkBiC3ygjgl6%2Bv74tsnJ3m2TO%2FL1RpKqSG3T0r07KU3l5c%2FfkFu5sWJtxY0%2Be4WXQFkeviVduk5joeKeI18sKyGkXTWWS%2FLtmntbspuZ21zObJwl6zdfXV2LEiudUyaegKrTjT%2FB1ZRUnntq9iz%2F%2F8PvUHYCmxWIshNyEVDmCDzZgUvm7J0hsHo%2Bw5LLyLNibOtsfqgVgZbznrIC7l89m9djS8vbVBW77j56tgKa3kMcFRjYAgNdgOoRXLYwThN7cv37T8r4FExXxkzbyh7TVn9civxu%2Bbs7k3tKnv2pCafOqg1fdJgMZYfJZqsZSi5Yq8V8HnLWEN0uR%2BqmYeO3b%2F4CAAD%2F%2FwEAAP%2F%2FdvaK8HoEAAA%3D | 172.240.127.234 | 200 OK | 7 B |
URL GET HTTP/1.1impostersierraglands.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSTWgkVRd9NdOrfJtPHdwI0gwICtKp6v84yGCMkWCczI%2BDPxt5f9V59qt6xXtVXZ2sggMyy1640VXldDJBDaJLFw7SCQwSFNMbCWhWbl0Jg0upNth6oere%2B859cO4576Pd7JzUkdGzlTfNttKaLrZqfvX5d4LgWnVdxdmwOuy23283r1Xt4KWlds1%2Fofq65H2zWPcD3w%2F8oLqqrAzNcLEEoZLDpaC25Nea9VrQamJo%2F9u7zIOjHsTgnDwJJaaVY%2B8KFJ8gjr5aka6fmuTF16JM09RYDMTB3bgfmzxGNC9D6yGMDy6mYdzp6kOYeH9GF2bwzyBTU%2BI9eggWH1yQBBvszXgyDRmDif8hH0wg9QSKTsDNPShxSgAucGMDcfTghrE53fobpSU6JZXHf0DlU1L59Qri6MtlrYbVO0ZnqTKxwzAsoIYTqN4ESXaEdPsSVH4Enn4IJX4ki4%2FXEUd7G04bKFHMdldqAhVOoOUI1HnIyk95yEIPWeIhEmdVHgRBxxec%2Bt0lzhuiI1lb%2BAHthAEN%2FHYXGS%2FpjZAmI3A9Arc7SOwO%2BmoEm30Ht1nACQ8unRLv1g4GokAuCXJHkFOCXBHkKUE%2BKPaFdnVXPBDaZSy4yPWL3CjGJu3t0n2T9mRMQO0IVhS7yTl5otTHe%2B84QF%2BeVYNOXSy1u3692Wq1GrLrt%2BqUhkwGTLSbNGjAqQLKXZqtvK2mpPv0L0hKz%2FoFGD2C00fg6ipoFoDmBehmge34MFXxVmZ1LTJMQZgCSVpBuuXt6nPyzMyhq5VbkPzk%2BqOFl5PxzwvgtkBiC3ygjgl6%2Bv74tsnJ3m2TO%2FL1RpKqSG3T0r07KU3l5c%2FfkFu5sWJtxY0%2Be4WXQFkeviVduk5joeKeI18sKyGkXTWWS%2FLtmntbspuZ21zObJwl6zdfXV2LEiudUyaegKrTjT%2FB1ZRUnntq9iz%2F%2F8PvUHYCmxWIshNyEVDmCDzZgUvm7J0hsHo%2Bw5LLyLNibOtsfqgVgZbznrIC7l89m9djS8vbVBW77j56tgKa3kMcFRjYAgNdgOoRXLYwThN7cv37T8r4FExXxkzbyh7TVn9civxu%2Bbs7k3tKnv2pCafOqg1fdJgMZYfJZqsZSi5Yq8V8HnLWEN0uR%2BqmYeO3b%2F4CAAD%2F%2FwEAAP%2F%2FdvaK8HoEAAA%3D IP172.240.127.234:443
CertificateIssuerLet's Encrypt Subjectimpostersierraglands.com Fingerprint2F:7B:27:C2:0D:EE:8C:B7:B5:3C:0D:29:8F:73:5B:FD:2E:C0:AE:86 ValidityMon, 29 Apr 2024 08:30:48 GMT - Sun, 28 Jul 2024 08:30:47 GMT
File typeASCII text, with no line terminators Hash132d6af1b46048b45cf86cdee7991d31 eb7007d03d59b65bc6da7e098c4d38fc6dfb6285 ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSTWgkVRd9NdOrfJtPHdwI0gwICtKp6v84yGCMkWCczI%2BDPxt5f9V59qt6xXtVXZ2sggMyy1640VXldDJBDaJLFw7SCQwSFNMbCWhWbl0Jg0upNth6oere%2B859cO4576Pd7JzUkdGzlTfNttKaLrZqfvX5d4LgWnVdxdmwOuy23283r1Xt4KWlds1%2Fofq65H2zWPcD3w%2F8oLqqrAzNcLEEoZLDpaC25Nea9VrQamJo%2F9u7zIOjHsTgnDwJJaaVY%2B8KFJ8gjr5aka6fmuTF16JM09RYDMTB3bgfmzxGNC9D6yGMDy6mYdzp6kOYeH9GF2bwzyBTU%2BI9eggWH1yQBBvszXgyDRmDif8hH0wg9QSKTsDNPShxSgAucGMDcfTghrE53fobpSU6JZXHf0DlU1L59Qri6MtlrYbVO0ZnqTKxwzAsoIYTqN4ESXaEdPsSVH4Enn4IJX4ki4%2FXEUd7G04bKFHMdldqAhVOoOUI1HnIyk95yEIPWeIhEmdVHgRBxxec%2Bt0lzhuiI1lb%2BAHthAEN%2FHYXGS%2FpjZAmI3A9Arc7SOwO%2BmoEm30Ht1nACQ8unRLv1g4GokAuCXJHkFOCXBHkKUE%2BKPaFdnVXPBDaZSy4yPWL3CjGJu3t0n2T9mRMQO0IVhS7yTl5otTHe%2B84QF%2BeVYNOXSy1u3692Wq1GrLrt%2BqUhkwGTLSbNGjAqQLKXZqtvK2mpPv0L0hKz%2FoFGD2C00fg6ipoFoDmBehmge34MFXxVmZ1LTJMQZgCSVpBuuXt6nPyzMyhq5VbkPzk%2BqOFl5PxzwvgtkBiC3ygjgl6%2Bv74tsnJ3m2TO%2FL1RpKqSG3T0r07KU3l5c%2FfkFu5sWJtxY0%2Be4WXQFkeviVduk5joeKeI18sKyGkXTWWS%2FLtmntbspuZ21zObJwl6zdfXV2LEiudUyaegKrTjT%2FB1ZRUnntq9iz%2F%2F8PvUHYCmxWIshNyEVDmCDzZgUvm7J0hsHo%2Bw5LLyLNibOtsfqgVgZbznrIC7l89m9djS8vbVBW77j56tgKa3kMcFRjYAgNdgOoRXLYwThN7cv37T8r4FExXxkzbyh7TVn9civxu%2Bbs7k3tKnv2pCafOqg1fdJgMZYfJZqsZSi5Yq8V8HnLWEN0uR%2BqmYeO3b%2F4CAAD%2F%2FwEAAP%2F%2FdvaK8HoEAAA%3D HTTP/1.1
Host: impostersierraglands.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Cookie: u_pl=22725681; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec172d9680245553e8052aafbe1bd64a13=[2229337,2229333,2229329,2019380]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 02 May 2024 19:08:42 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6bdeab6946a7ce3a7931562bf9bde89f
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| unseenreport.com/pxf.gif?uuid=165b288a-da70-49c5-a384-100fbf63169b&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=7866ead300fcf9e425beaf01fe308949&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=19 | 192.243.59.12 | 200 OK | 1 B |
URL GET HTTP/1.1unseenreport.com/pxf.gif?uuid=165b288a-da70-49c5-a384-100fbf63169b&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=7866ead300fcf9e425beaf01fe308949&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=19 IP192.243.59.12:443 ASN#39572 DataWeb Global Group B.V.
CertificateIssuerLet's Encrypt Subject*.unseenreport.com Fingerprint71:46:15:FD:76:6A:F5:5B:51:06:CC:93:DD:D8:63:E3:8B:10:BF:13 ValidityFri, 22 Mar 2024 07:32:41 GMT - Thu, 20 Jun 2024 07:32:40 GMT
File typevery short file (no magic) Hash93b885adfe0da089cdf634904fd59f71 5ba93c9db0cff93f52b521d7420e43f6eda2784f 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pxf.gif?uuid=165b288a-da70-49c5-a384-100fbf63169b&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=7866ead300fcf9e425beaf01fe308949&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=19 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 02 May 2024 19:08:43 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: fb62999594ef3fa77787eab397b9f27f
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| | 185.11.100.204 | 200 OK | 14 kB |
URL User Request GET HTTP/2IP185.11.100.204:443 ASN#29522 Cyber_Folks S.A.
CertificateIssuerLet's Encrypt Subjectzip.lu FingerprintBA:69:B8:76:30:88:C6:A1:75:27:5D:FB:93:55:75:0C:F7:FE:CB:36 ValiditySat, 20 Apr 2024 15:39:44 GMT - Fri, 19 Jul 2024 15:39:43 GMT
File typeJavaScript source, ASCII text, with very long lines (610), with CRLF line terminators Hash514bc26426a4db5779aeaaf9a78b9097 aa885ccd43387447d009cea292f6fcdb52e73aa8 2108ce8a0dcc6b0d8dd1424df14b1d77f77fa2d74dac2f3a05a09613fc186bb4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /?banned=1 HTTP/1.1
Host: zip.lu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 02 May 2024 19:08:39 GMT
server: Apache
x-powered-by: PHP/5.5.38
cache-control: max-age=0
expires: Thu, 02 May 2024 19:08:39 GMT
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
X-Firefox-Spdy: h2
|
|
| fundingchoicesmessages.google.com/i/pub-2614556310778759?ers=1 | 216.58.211.14 | 200 OK | 23 kB |
URL GET HTTP/2fundingchoicesmessages.google.com/i/pub-2614556310778759?ers=1 IP216.58.211.14:443
CertificateIssuerGoogle Trust Services LLC Subject*.google.com Fingerprint01:16:A3:AE:CA:C9:AC:ED:3A:C9:AA:75:BE:C2:51:EF:65:CE:23:E1 ValidityMon, 08 Apr 2024 06:34:56 GMT - Mon, 01 Jul 2024 06:34:55 GMT
File typeJavaScript source, ASCII text, with very long lines (1876) Hashf6840a96b3ee3ecc3235ad6c73c2976d 90c2367cbeb2a259c8a638b47ebcd2d01382d154 318242ac44acc795cdd319233d9487b0577a4660fe25b62868e8b06297892186
GET /i/pub-2614556310778759?ers=1 HTTP/1.1
Host: fundingchoicesmessages.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 02 May 2024 19:08:41 GMT
content-security-policy: script-src 'nonce-FrHcZA-TCQhiKCorwYeHRg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
cross-origin-opener-policy: same-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-resource-policy: cross-origin
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjytDikmJw0pBiOHHrNtMFID7vdIfpOhDXMjxjagViA43nTBZALPH1JZMWEMc8n86aAsRO6TNYQ4DYp34GaxwQt948xzodiE8uOM96EYiT_p1nLQHinYsvsB4EYiEejp0nz29kE7ixb_J1RgCk4zTu"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| impostersierraglands.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuXucUQVAXL4IMC4KKTLp7ZnpmXGQxxkgwbvaHiz8uUt3VMymnuqup6pqe5BRckD3OwYueKt8kG9QgevTgIpPAIgExc5GA5uR%2FICwepWcHRx%2FU%2B1HfK%2Fje%2B%2BqzPXNBfBh6vvqu3OFC0OVmza2%2B9IHnXa1u8NQMq8N28HHQuFpVg9c6Qc19ufp2HPXlsu96ruu5XnWNq7grh8slCJ4ddbxax601%2FJrXbGCo%2Fl9r40BTB2xwQZ4BZ9PKiXMZPJogTb5bjXU%2Fl9mrbyVG0FwqDNjhnbSfyiJFski7ykE3PZx3Q%2BqztQeQ6cGMLuTg38aQT4nz8AHC9HBOEuFgf8YzFIhThOxJFIMJYjEBpxNE8i44OyNAxHB9E2ly%2F7pUBd1%2BjNISnZLKo7%2FAiymp%2FHEZafLtiuDD6m0pTM5lqjHsWvDhBLw3QWaOke9cAi%2BOEeWfgrNfyPKjDaTJ%2FqYWEpzZ2eycT8C7E4h4BKodmPJwB6brwGQOEnZejTzPa7ksom67E0V11orDgLkebXU96rlBGyYq6Y2QZyNEYoRI7SJTu%2BjzEZT5CXrLQjMHOp8S5%2BYuBsyiiAkKTVBQgoITFDlBMbAHTGhf2%2FtMaBN68%2BjPY92OZd7bowcy78UpAVUjKGb3sgvydLkf56MTD%2F34vOq1fNYJ2q7faDab9bjtNn1Ku2HshSxoUK8OzS24vjQbeYdPSfu535GVmvUtQnoMLY4R8SugxgMtLOiWxU56lPN02yhRS2TIwaRFlleQbzt74oI8P1PohV8biKPTaw%2BXXs%2FGvy0hUhaZsviEnxD0xL3xLVmQ%2FVuy0OT7zSznCd%2BhpXq3c5rHT3z9TrxdSMXWV%2FXoqzeiEijTo%2FdinW%2FQlPG0p8k3K5yxWK1JFcXkx3X9fhzeMHprxajUZBs33lxbTzIVa81lOgHlZ5t%2FI%2BJTUnnx2dm3fOrsFXA1gTIWiTklcwOXx4iyXehswV5LAiUWPWFWQWHsWPnh4lJwAhEvahpa6P%2FU4SIfK1q%2Bptzu6XvoqQpofhdpYjFQFgNhQcUI2iyN80ydXvv5i9K%2BRCgq41Coyn4olPh8Sq5UPizdndLdfLxzzc%2BrrXrdpUGn6bVaNG6FDb%2FdDTxGqd8I%2FCCgdeR62q3%2F%2BcM%2FAAAA%2F%2F8BAAD%2F%2F16asqB6BAAA | 172.240.127.234 | 200 OK | 0 B |
URL GET HTTP/1.1impostersierraglands.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuXucUQVAXL4IMC4KKTLp7ZnpmXGQxxkgwbvaHiz8uUt3VMymnuqup6pqe5BRckD3OwYueKt8kG9QgevTgIpPAIgExc5GA5uR%2FICwepWcHRx%2FU%2B1HfK%2Fje%2B%2BqzPXNBfBh6vvqu3OFC0OVmza2%2B9IHnXa1u8NQMq8N28HHQuFpVg9c6Qc19ufp2HPXlsu96ruu5XnWNq7grh8slCJ4ddbxax601%2FJrXbGCo%2Fl9r40BTB2xwQZ4BZ9PKiXMZPJogTb5bjXU%2Fl9mrbyVG0FwqDNjhnbSfyiJFski7ykE3PZx3Q%2BqztQeQ6cGMLuTg38aQT4nz8AHC9HBOEuFgf8YzFIhThOxJFIMJYjEBpxNE8i44OyNAxHB9E2ly%2F7pUBd1%2BjNISnZLKo7%2FAiymp%2FHEZafLtiuDD6m0pTM5lqjHsWvDhBLw3QWaOke9cAi%2BOEeWfgrNfyPKjDaTJ%2FqYWEpzZ2eycT8C7E4h4BKodmPJwB6brwGQOEnZejTzPa7ksom67E0V11orDgLkebXU96rlBGyYq6Y2QZyNEYoRI7SJTu%2BjzEZT5CXrLQjMHOp8S5%2BYuBsyiiAkKTVBQgoITFDlBMbAHTGhf2%2FtMaBN68%2BjPY92OZd7bowcy78UpAVUjKGb3sgvydLkf56MTD%2F34vOq1fNYJ2q7faDab9bjtNn1Ku2HshSxoUK8OzS24vjQbeYdPSfu535GVmvUtQnoMLY4R8SugxgMtLOiWxU56lPN02yhRS2TIwaRFlleQbzt74oI8P1PohV8biKPTaw%2BXXs%2FGvy0hUhaZsviEnxD0xL3xLVmQ%2FVuy0OT7zSznCd%2BhpXq3c5rHT3z9TrxdSMXWV%2FXoqzeiEijTo%2FdinW%2FQlPG0p8k3K5yxWK1JFcXkx3X9fhzeMHprxajUZBs33lxbTzIVa81lOgHlZ5t%2FI%2BJTUnnx2dm3fOrsFXA1gTIWiTklcwOXx4iyXehswV5LAiUWPWFWQWHsWPnh4lJwAhEvahpa6P%2FU4SIfK1q%2Bptzu6XvoqQpofhdpYjFQFgNhQcUI2iyN80ydXvv5i9K%2BRCgq41Coyn4olPh8Sq5UPizdndLdfLxzzc%2BrrXrdpUGn6bVaNG6FDb%2FdDTxGqd8I%2FCCgdeR62q3%2F%2BcM%2FAAAA%2F%2F8BAAD%2F%2F16asqB6BAAA IP172.240.127.234:443
CertificateIssuerLet's Encrypt Subjectimpostersierraglands.com Fingerprint2F:7B:27:C2:0D:EE:8C:B7:B5:3C:0D:29:8F:73:5B:FD:2E:C0:AE:86 ValidityMon, 29 Apr 2024 08:30:48 GMT - Sun, 28 Jul 2024 08:30:47 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuXucUQVAXL4IMC4KKTLp7ZnpmXGQxxkgwbvaHiz8uUt3VMymnuqup6pqe5BRckD3OwYueKt8kG9QgevTgIpPAIgExc5GA5uR%2FICwepWcHRx%2FU%2B1HfK%2Fje%2B%2BqzPXNBfBh6vvqu3OFC0OVmza2%2B9IHnXa1u8NQMq8N28HHQuFpVg9c6Qc19ufp2HPXlsu96ruu5XnWNq7grh8slCJ4ddbxax601%2FJrXbGCo%2Fl9r40BTB2xwQZ4BZ9PKiXMZPJogTb5bjXU%2Fl9mrbyVG0FwqDNjhnbSfyiJFski7ykE3PZx3Q%2BqztQeQ6cGMLuTg38aQT4nz8AHC9HBOEuFgf8YzFIhThOxJFIMJYjEBpxNE8i44OyNAxHB9E2ly%2F7pUBd1%2BjNISnZLKo7%2FAiymp%2FHEZafLtiuDD6m0pTM5lqjHsWvDhBLw3QWaOke9cAi%2BOEeWfgrNfyPKjDaTJ%2FqYWEpzZ2eycT8C7E4h4BKodmPJwB6brwGQOEnZejTzPa7ksom67E0V11orDgLkebXU96rlBGyYq6Y2QZyNEYoRI7SJTu%2BjzEZT5CXrLQjMHOp8S5%2BYuBsyiiAkKTVBQgoITFDlBMbAHTGhf2%2FtMaBN68%2BjPY92OZd7bowcy78UpAVUjKGb3sgvydLkf56MTD%2F34vOq1fNYJ2q7faDab9bjtNn1Ku2HshSxoUK8OzS24vjQbeYdPSfu535GVmvUtQnoMLY4R8SugxgMtLOiWxU56lPN02yhRS2TIwaRFlleQbzt74oI8P1PohV8biKPTaw%2BXXs%2FGvy0hUhaZsviEnxD0xL3xLVmQ%2FVuy0OT7zSznCd%2BhpXq3c5rHT3z9TrxdSMXWV%2FXoqzeiEijTo%2FdinW%2FQlPG0p8k3K5yxWK1JFcXkx3X9fhzeMHprxajUZBs33lxbTzIVa81lOgHlZ5t%2FI%2BJTUnnx2dm3fOrsFXA1gTIWiTklcwOXx4iyXehswV5LAiUWPWFWQWHsWPnh4lJwAhEvahpa6P%2FU4SIfK1q%2Bptzu6XvoqQpofhdpYjFQFgNhQcUI2iyN80ydXvv5i9K%2BRCgq41Coyn4olPh8Sq5UPizdndLdfLxzzc%2BrrXrdpUGn6bVaNG6FDb%2FdDTxGqd8I%2FCCgdeR62q3%2F%2BcM%2FAAAA%2F%2F8BAAD%2F%2F16asqB6BAAA HTTP/1.1
Host: impostersierraglands.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zip.lu/
Cookie: u_pl=22725681; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec172d9680245553e8052aafbe1bd64a13=[2229337,2229333,2229329,2019380]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 02 May 2024 19:08:42 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ea12a84a9002ac9fb5bae28e37d72668
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| | 185.11.100.204 | 301 Moved Permanently | 14 kB |
URL User Request GET HTTP/2IP185.11.100.204:443 ASN#29522 Cyber_Folks S.A.
CertificateIssuerLet's Encrypt Subjectbitly.ws FingerprintE2:6E:62:93:28:D8:B3:0A:23:56:6C:21:A4:BD:CC:EF:CD:1B:33:55 ValiditySun, 18 Feb 2024 07:59:14 GMT - Sat, 18 May 2024 07:59:13 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?redirect=rXLk HTTP/1.1
Host: bitly.ws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
date: Thu, 02 May 2024 19:08:39 GMT
server: Apache
x-powered-by: PHP/5.5.38
location: https://zip.lu?banned=1
cache-control: max-age=0
expires: Thu, 02 May 2024 19:08:39 GMT
content-type: text/html
X-Firefox-Spdy: h2
|
|