Report - protectingapplication.com/index.php?key=ixfkt9lbj00npzq1evqm&visitor_id=811471965926731776&cost=0.000670&zoneid=7222987&campaignid=8007615

Report Overview

Submitted URL
protectingapplication.com/index.php?key=ixfkt9lbj00npzq1evqm&visitor_id=811471965926731776&cost=0.000670&zoneid=7222987&campaignid=8007615
IP
136.243.81.51
ASN
#24940 Hetzner Online GmbH
Submitted
2024-05-07 20:24:47
Access
public
Website Title
Attention
Final URL
protectingapplication.com/index.php?key=ixfkt9lbj00npzq1evqm&visitor_id=811471965926731776&cost=0.000670&zoneid=7222987&campaignid=8007615
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
12

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
protectingapplication.com	unknown	2023-04-08	2023-04-08	2024-02-19	2.6 kB	128 kB	136.243.81.51
loadingscripts.com	unknown	2023-04-27	2023-04-29	2024-04-25	2.8 kB	23 kB	194.63.143.61
aureatedreams.com	unknown	2023-07-27	2023-07-27	2024-03-20	1.9 kB	114 kB	104.21.92.120
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-05-07	463 B	7.6 kB	142.250.74.170

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-07	medium	loadingscripts.com	Sinkholed
2024-05-07	medium	loadingscripts.com	Sinkholed
2024-05-07	medium	loadingscripts.com	Sinkholed
2024-05-07	medium	loadingscripts.com	Sinkholed
2024-05-07	medium	loadingscripts.com	Sinkholed
2024-05-07	medium	loadingscripts.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (7)

	URL	Size	First Seen	Last Seen
	protectingapplication.com/landers/for_mac_1/1/assets/jquery-3.4.1.min.js	88 kB	2023-03-07	2024-05-19
Pretty URL protectingapplication.com/landers/for_mac_1/1/assets/jquery-3.4.1.min.js IP 136.243.81.51 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:34 Last Seen2024-05-19 17:42:51 Times Seen99088 Hash 220afd743d9e9643852e31a135a9f3ae 88523924351bac0b5d560fe0c5781e2556e7693d 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a Loading...

	protectingapplication.com/index.php?key=ixfkt9lbj00npzq1evqm&visitor_id=811471965926731776&cost=0.000670&zoneid=7222987&campaignid=8007615	110 B	2024-05-07	2024-05-07
Pretty URL protectingapplication.com/index.php?key=ixfkt9lbj00npzq1evqm&visitor_id=811471965926731776&cost=0.000670&zoneid=7222987&campaignid=8007615 IP 136.243.81.51 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-07 22:24:47 Last Seen2024-05-07 22:24:47 Times Seen1 Hash e8f5ce92c77980c87e11a5cb29b998be 74facdebb4afd2ea89ac12fc2c099915ce4f054f 5870e5cbd14788970bb117fd2d9b34b6d1d8eae678507ec2380537d2f7060d91 Loading...

	unknown	29 B	2023-10-20	2024-05-18
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-10-20 18:51:14 Last Seen2024-05-18 08:54:47 Times Seen288 Hash f43bc2d45661d975eaeae1bf81070ed6 2ce38cfcd1d6959d8ae1525cf1ed7351376e6fdb 65a181304273b279f1962ca78052297016d760707becfc66780d1c1dd85d7943 Loading...

	protectingapplication.com/index.php?key=ixfkt9lbj00npzq1evqm&visitor_id=811471965926731776&cost=0.000670&zoneid=7222987&campaignid=8007615	272 B	2023-03-08	2024-05-07
Pretty URL protectingapplication.com/index.php?key=ixfkt9lbj00npzq1evqm&visitor_id=811471965926731776&cost=0.000670&zoneid=7222987&campaignid=8007615 IP 136.243.81.51 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 07:53:03 Last Seen2024-05-07 22:24:47 Times Seen76 Hash 3dcec6da48d670f4f315419524a9c2c8 73a628378e38e4d7791b770d26c7745001e0354f 007ce08edd795b184ce9a3ea3c13d65754aec28f145b383af4a1969a5572c823 Loading...

	protectingapplication.com/index.php?key=ixfkt9lbj00npzq1evqm&visitor_id=811471965926731776&cost=0.000670&zoneid=7222987&campaignid=8007615	12 kB	2024-04-29	2024-05-07
Pretty URL protectingapplication.com/index.php?key=ixfkt9lbj00npzq1evqm&visitor_id=811471965926731776&cost=0.000670&zoneid=7222987&campaignid=8007615 IP 136.243.81.51 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-29 23:51:25 Last Seen2024-05-07 22:24:47 Times Seen3 Hash 9ea5d8c282928976f16f133d679886cd e344054d4cfd745576f249d6d5237171b926e590 8f235f3338943cff3d400f0a87969ec39ea61f9412c6a9bb5a62057df35f5587 Loading...

	loadingscripts.com/progress_p/pwa_links/main/vpn/ios-widget-black/1/pwa_custom.js	1.2 kB	2023-10-22	2024-05-07
Pretty URL loadingscripts.com/progress_p/pwa_links/main/vpn/ios-widget-black/1/pwa_custom.js IP 194.63.143.61 ASN #50113 NTX Technologies s.r.o. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-22 08:35:24 Last Seen2024-05-07 22:24:47 Times Seen17 Hash f256ce864a814c15fe64303e0547592c 11fbcd921242131d3c6038149b7b3d301d6121eb 9f35b32d1443ad83c8615ca12eee6ee6a4593d90a26838337855e1acc363f2a8 Loading...

	loadingscripts.com/progress_p/pwa_links/default_scripts/notification.js	2.8 kB	2023-03-29	2024-05-18
Pretty URL loadingscripts.com/progress_p/pwa_links/default_scripts/notification.js IP 194.63.143.61 ASN #50113 NTX Technologies s.r.o. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-29 21:47:11 Last Seen2024-05-18 08:54:48 Times Seen1959 Hash 01a2c61eb40ce8e341a0801f78da7735 1cb39b0674bc20c3208c16c53c131e74704759ed 03d593cbf7b72d3c70caedac0c0259330ce8b1a45b708e92e3f19245b6ca9929 Loading...

HTTP Transactions (15)

URL IP Response Size

protectingapplication.com/landers/for_mac_1/1/assets/css

136.243.81.51

200 OK

11 kB

URL GET HTTP/2
protectingapplication.com/landers/for_mac_1/1/assets/css
IP
136.243.81.51:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://protectingapplication.com/index.php?key=ixfkt9lbj00npzq1evqm&visitor_id=811471965926731776&cost=0.000670&zoneid=7222987&campaignid=8007615
Certificate
IssuerLet's Encrypt
Subjectprotectingapplication.com
FingerprintA2:A2:D3:41:8B:E4:06:76:44:B2:A3:35:41:94:56:D7:4C:95:7A:4A
ValidityThu, 04 Apr 2024 10:47:33 GMT - Wed, 03 Jul 2024 10:47:32 GMT

File type
ASCII text
Size
11 kB (10732 bytes)
Hash
5454cc941676226534a07ec5f8f6e888
55ff7c865d4dcd418dab3affe4521d64bbfe4f95
707f86fb8e996ca33be3a2871034cae28d069e3c42803d04c368465c668c409c

HTTP Headers

GET /landers/for_mac_1/1/assets/css HTTP/1.1
Host: protectingapplication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://protectingapplication.com/index.php?key=ixfkt9lbj00npzq1evqm&visitor_id=811471965926731776&cost=0.000670&zoneid=7222987&campaignid=8007615
Cookie: uclick=q5xs8ra2ir; uclickhash=q5xs8ra2ir-q5xs8ra2ir-52a2-0-gxp2bl-fvb7fe-uotwvr-612467
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 20:24:21 GMT
content-type: application/octet-stream
content-length: 10732
last-modified: Fri, 15 Mar 2024 12:57:55 GMT
etag: "65f445d3-29ec"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: img-src https: data:; upgrade-insecure-requests
accept-ranges: bytes
X-Firefox-Spdy: h2

loadingscripts.com/progress_p/pwa_links/default_scripts/notification.js

194.63.143.61

200 OK

2.8 kB

URL GET HTTP/1.1
loadingscripts.com/progress_p/pwa_links/default_scripts/notification.js
IP
194.63.143.61:443
ASN
#50113 NTX Technologies s.r.o.

Requested by
https://protectingapplication.com/index.php?key=ixfkt9lbj00npzq1evqm&visitor_id=811471965926731776&cost=0.000670&zoneid=7222987&campaignid=8007615
Certificate
IssuerLet's Encrypt
Subjectloadingscripts.com
Fingerprint68:58:92:29:16:78:CF:4C:B7:14:6E:86:39:61:E2:B9:E7:53:BF:D9
ValiditySun, 21 Apr 2024 06:35:52 GMT - Sat, 20 Jul 2024 06:35:51 GMT

File type
JavaScript source, ASCII text, with very long lines (2801), with no line terminators
Size
2.8 kB (2801 bytes)
Hash
01a2c61eb40ce8e341a0801f78da7735
1cb39b0674bc20c3208c16c53c131e74704759ed
03d593cbf7b72d3c70caedac0c0259330ce8b1a45b708e92e3f19245b6ca9929

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /progress_p/pwa_links/default_scripts/notification.js HTTP/1.1
Host: loadingscripts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://protectingapplication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.15.10
Date: Tue, 07 May 2024 20:24:21 GMT
Content-Type: application/javascript
Content-Length: 2801
Last-Modified: Fri, 24 Mar 2023 17:31:52 GMT
Connection: keep-alive
Keep-Alive: timeout=10
ETag: "641dde88-af1"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

loadingscripts.com/progress_p/pwa_links/main/vpn/ios-widget-black/1/style.css

194.63.143.61

200 OK

1.1 kB

URL GET HTTP/1.1
loadingscripts.com/progress_p/pwa_links/main/vpn/ios-widget-black/1/style.css
IP
194.63.143.61:443
ASN
#50113 NTX Technologies s.r.o.

Requested by
https://protectingapplication.com/index.php?key=ixfkt9lbj00npzq1evqm&visitor_id=811471965926731776&cost=0.000670&zoneid=7222987&campaignid=8007615
Certificate
IssuerLet's Encrypt
Subjectloadingscripts.com
Fingerprint68:58:92:29:16:78:CF:4C:B7:14:6E:86:39:61:E2:B9:E7:53:BF:D9
ValiditySun, 21 Apr 2024 06:35:52 GMT - Sat, 20 Jul 2024 06:35:51 GMT

File type
ASCII text
Size
1.1 kB (1057 bytes)
Hash
90cabd7a8ba3c5f17aa8041325222afd
18dddf46f9becdd62df462659c3949d34f1b6652
a5176431b7248a5c3a9314209c30b5ddc518043159c98190f97640df3c88682b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /progress_p/pwa_links/main/vpn/ios-widget-black/1/style.css HTTP/1.1
Host: loadingscripts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://protectingapplication.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.15.10
Date: Tue, 07 May 2024 20:24:21 GMT
Content-Type: text/css
Last-Modified: Thu, 03 Aug 2023 09:24:24 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=10
ETag: W/"64cb7248-110e"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Access-Control-Allow-Origin: *
Content-Encoding: gzip

loadingscripts.com/progress_p/pwa_links/main/vpn/ios-widget-black/1/pwa_custom.js

194.63.143.61

200 OK

1.2 kB

URL GET HTTP/1.1
loadingscripts.com/progress_p/pwa_links/main/vpn/ios-widget-black/1/pwa_custom.js
IP
194.63.143.61:443
ASN
#50113 NTX Technologies s.r.o.

Requested by
https://protectingapplication.com/index.php?key=ixfkt9lbj00npzq1evqm&visitor_id=811471965926731776&cost=0.000670&zoneid=7222987&campaignid=8007615
Certificate
IssuerLet's Encrypt
Subjectloadingscripts.com
Fingerprint68:58:92:29:16:78:CF:4C:B7:14:6E:86:39:61:E2:B9:E7:53:BF:D9
ValiditySun, 21 Apr 2024 06:35:52 GMT - Sat, 20 Jul 2024 06:35:51 GMT

File type
ASCII text
Size
1.2 kB (1191 bytes)
Hash
f256ce864a814c15fe64303e0547592c
11fbcd921242131d3c6038149b7b3d301d6121eb
9f35b32d1443ad83c8615ca12eee6ee6a4593d90a26838337855e1acc363f2a8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /progress_p/pwa_links/main/vpn/ios-widget-black/1/pwa_custom.js HTTP/1.1
Host: loadingscripts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://protectingapplication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.15.10
Date: Tue, 07 May 2024 20:24:21 GMT
Content-Type: application/javascript
Content-Length: 1191
Last-Modified: Tue, 05 Sep 2023 13:38:20 GMT
Connection: keep-alive
Keep-Alive: timeout=10
ETag: "64f72f4c-4a7"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

aureatedreams.com/downloadapp/vpn/default/video-player/1/assets/bg_GIF.gif

104.21.92.120

200 OK

108 kB

URL GET HTTP/3
aureatedreams.com/downloadapp/vpn/default/video-player/1/assets/bg_GIF.gif
IP
104.21.92.120:443
ASN
#13335 CLOUDFLARENET

Requested by
https://protectingapplication.com/index.php?key=ixfkt9lbj00npzq1evqm&visitor_id=811471965926731776&cost=0.000670&zoneid=7222987&campaignid=8007615
Certificate
IssuerGoogle Trust Services LLC
Subjectaureatedreams.com
FingerprintF7:C0:A5:CD:BE:46:06:17:F5:FC:C8:D6:0C:59:8A:A9:8D:66:3A:4F
ValidityTue, 19 Mar 2024 06:38:27 GMT - Mon, 17 Jun 2024 06:38:26 GMT

File type
GIF image data, version 89a, 720 x 300
Size
108 kB (108273 bytes)
Hash
a6b212fa77f857e28d6c6818f0f835af
498dd97ca14ebbe60c14d92b42f19dea9002bf5d
cbb959f194e072a173ee27e20aff979766b86fa16d0a8bf588677606979bc7ca

HTTP Headers

GET /downloadapp/vpn/default/video-player/1/assets/bg_GIF.gif HTTP/1.1
Host: aureatedreams.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://protectingapplication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 20:24:21 GMT
content-type: image/gif
content-length: 108273
last-modified: Thu, 16 Nov 2023 10:02:48 GMT
etag: "6555e8c8-1a6f1"
cache-control: max-age=28800
cf-cache-status: HIT
age: 3076
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Woy4a7p7C33usOA2km8%2FANtq0oTkviX5NpA1BhJFElqJdkMaOBN2Tj4Kl3bSgYB52Fvi8X7OJemsxYZPNUcKDcGbk4u1T5oYhRBG8YYzw8T7s4Tp8gPgDx59M4eDZQtGU4ixOA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803eee08ce9b4f7-OSL
alt-svc: h3=":443"; ma=86400

loadingscripts.com/progress_p/pwa_links/main/vpn/ios-widget-black/1/more.png

194.63.143.61

200 OK

1.7 kB

URL GET HTTP/1.1
loadingscripts.com/progress_p/pwa_links/main/vpn/ios-widget-black/1/more.png
IP
194.63.143.61:443
ASN
#50113 NTX Technologies s.r.o.

Requested by
https://protectingapplication.com/index.php?key=ixfkt9lbj00npzq1evqm&visitor_id=811471965926731776&cost=0.000670&zoneid=7222987&campaignid=8007615
Certificate
IssuerLet's Encrypt
Subjectloadingscripts.com
Fingerprint68:58:92:29:16:78:CF:4C:B7:14:6E:86:39:61:E2:B9:E7:53:BF:D9
ValiditySun, 21 Apr 2024 06:35:52 GMT - Sat, 20 Jul 2024 06:35:51 GMT

File type
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Size
1.7 kB (1724 bytes)
Hash
0151c0d5cb6897fa5e55777e139e5c90
51beaa6c5ad3334eb134789a1e83e3e01481337d
16e6097a93e5dcd6061b6fedce354d7ec8dd8aaf02820b6a656443e7edcca1b7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /progress_p/pwa_links/main/vpn/ios-widget-black/1/more.png HTTP/1.1
Host: loadingscripts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://protectingapplication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.15.10
Date: Tue, 07 May 2024 20:24:21 GMT
Content-Type: image/png
Content-Length: 1724
Last-Modified: Tue, 01 Aug 2023 13:24:07 GMT
Connection: keep-alive
Keep-Alive: timeout=10
ETag: "64c90777-6bc"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

loadingscripts.com/progress_p/pwa_links/main/vpn/ios-widget-black/1/close.png

194.63.143.61

200 OK

13 kB

URL GET HTTP/1.1
loadingscripts.com/progress_p/pwa_links/main/vpn/ios-widget-black/1/close.png
IP
194.63.143.61:443
ASN
#50113 NTX Technologies s.r.o.

Requested by
https://protectingapplication.com/index.php?key=ixfkt9lbj00npzq1evqm&visitor_id=811471965926731776&cost=0.000670&zoneid=7222987&campaignid=8007615
Certificate
IssuerLet's Encrypt
Subjectloadingscripts.com
Fingerprint68:58:92:29:16:78:CF:4C:B7:14:6E:86:39:61:E2:B9:E7:53:BF:D9
ValiditySun, 21 Apr 2024 06:35:52 GMT - Sat, 20 Jul 2024 06:35:51 GMT

File type
PNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced
Size
13 kB (12752 bytes)
Hash
8e61cf3dccea6ab862bfb51e362a1516
967f3b30680bd39126eeeb3b3c131833cb89ca51
cead1002bb2a8ef60efc22804d0ef0596b9e19a7362d40cde2d5a3a7c6b83668

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /progress_p/pwa_links/main/vpn/ios-widget-black/1/close.png HTTP/1.1
Host: loadingscripts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://protectingapplication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.15.10
Date: Tue, 07 May 2024 20:24:21 GMT
Content-Type: image/png
Content-Length: 12752
Last-Modified: Tue, 01 Aug 2023 13:24:07 GMT
Connection: keep-alive
Keep-Alive: timeout=10
ETag: "64c90777-31d0"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

loadingscripts.com/progress_p/pwa_links/main/vpn/ios-widget-black/1/alert.svg

194.63.143.61

200 OK

1.4 kB

URL GET HTTP/1.1
loadingscripts.com/progress_p/pwa_links/main/vpn/ios-widget-black/1/alert.svg
IP
194.63.143.61:443
ASN
#50113 NTX Technologies s.r.o.

Requested by
https://protectingapplication.com/index.php?key=ixfkt9lbj00npzq1evqm&visitor_id=811471965926731776&cost=0.000670&zoneid=7222987&campaignid=8007615
Certificate
IssuerLet's Encrypt
Subjectloadingscripts.com
Fingerprint68:58:92:29:16:78:CF:4C:B7:14:6E:86:39:61:E2:B9:E7:53:BF:D9
ValiditySun, 21 Apr 2024 06:35:52 GMT - Sat, 20 Jul 2024 06:35:51 GMT

File type
SVG Scalable Vector Graphics image
Size
1.4 kB (1433 bytes)
Hash
0ccc0731fc32e0d7176f5159dc3a9b3e
e594c18e1a6a86b481ecc9ae54ee0a088a814b91
0f0834563aa719bde5e7c02f797289eac205c5511f4a35e1f0aad6bef6fbf666

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /progress_p/pwa_links/main/vpn/ios-widget-black/1/alert.svg HTTP/1.1
Host: loadingscripts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://protectingapplication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.15.10
Date: Tue, 07 May 2024 20:24:21 GMT
Content-Type: image/svg+xml
Content-Length: 1433
Last-Modified: Tue, 01 Aug 2023 13:24:07 GMT
Connection: keep-alive
Keep-Alive: timeout=10
ETag: "64c90777-599"
Accept-Ranges: bytes

aureatedreams.com/downloadapp/vpn/default/video-player/1/assets/fav.png

104.21.92.120

200 OK

545 B

URL GET HTTP/3
aureatedreams.com/downloadapp/vpn/default/video-player/1/assets/fav.png
IP
104.21.92.120:443
ASN
#13335 CLOUDFLARENET

Requested by
https://protectingapplication.com/index.php?key=ixfkt9lbj00npzq1evqm&visitor_id=811471965926731776&cost=0.000670&zoneid=7222987&campaignid=8007615
Certificate
IssuerGoogle Trust Services LLC
Subjectaureatedreams.com
FingerprintF7:C0:A5:CD:BE:46:06:17:F5:FC:C8:D6:0C:59:8A:A9:8D:66:3A:4F
ValidityTue, 19 Mar 2024 06:38:27 GMT - Mon, 17 Jun 2024 06:38:26 GMT

File type
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Size
545 B (545 bytes)
Hash
418a1f510d301f62a0976ebcf9cda640
89b5dbdf41afda654ad9f95e1b2672ffe4c51c20
34ca666275595ea71b9787f7269141b947e95af772221947f5ddb060448ed77f

HTTP Headers

GET /downloadapp/vpn/default/video-player/1/assets/fav.png HTTP/1.1
Host: aureatedreams.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://protectingapplication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 20:24:21 GMT
content-type: image/png
content-length: 545
last-modified: Thu, 16 Nov 2023 10:02:49 GMT
etag: "6555e8c9-221"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 605213
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H9j5O43tY3B3ZYN8cdGAJUhOQdcByWeabXT5mOptbBu5A5FfVhqFoMxWEmG3qIGgbb8dFGTiL4Nbbnuko96zvmwi9VF19k9eASJLlI%2BPG5jG%2FCZ%2B1K%2F9ze7SK%2F24RdF5%2Fa7EzA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803eee16e60b4f7-OSL
alt-svc: h3=":443"; ma=86400

aureatedreams.com/downloadapp/vpn/default/video-player/1/assets/new_free.svg

104.21.92.120

200 OK

1.6 kB

URL GET HTTP/2
aureatedreams.com/downloadapp/vpn/default/video-player/1/assets/new_free.svg
IP
104.21.92.120:443
ASN
#13335 CLOUDFLARENET

Requested by
https://protectingapplication.com/index.php?key=ixfkt9lbj00npzq1evqm&visitor_id=811471965926731776&cost=0.000670&zoneid=7222987&campaignid=8007615
Certificate
IssuerGoogle Trust Services LLC
Subjectaureatedreams.com
FingerprintF7:C0:A5:CD:BE:46:06:17:F5:FC:C8:D6:0C:59:8A:A9:8D:66:3A:4F
ValidityTue, 19 Mar 2024 06:38:27 GMT - Mon, 17 Jun 2024 06:38:26 GMT

File type
SVG Scalable Vector Graphics image
Size
1.6 kB (1571 bytes)
Hash
bbef52d8d1c012ba6d708c64c77c504d
8aabaf51c377dbad555b6593cb8246ed8289ed17
9ccc5d74202ba771479b9468f00f5fb297263d1eb1e8abaf9cee84365ac98380

HTTP Headers

GET /downloadapp/vpn/default/video-player/1/assets/new_free.svg HTTP/1.1
Host: aureatedreams.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://protectingapplication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 20:24:21 GMT
content-type: image/svg+xml
last-modified: Thu, 16 Nov 2023 10:02:49 GMT
etag: W/"6555e8c9-623"
cache-control: max-age=28800
cf-cache-status: HIT
age: 3076
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E8r1qds2f7ngVMKji976ge%2FXXjdN8GlAtCd3ZVQXee0YC%2BeBgMrSwwmGU0pjcyNFiapsu4gPsWv8%2FCebnGAf%2B5t5I5XBJSlcF9PheANenUp5WFTa0aBoaaQ3hL6rSLM2YrLS0A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803eedd3dbc569d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

protectingapplication.com/landers/for_mac_1/1/style.css

136.243.81.51

200 OK

7.2 kB

URL GET HTTP/2
protectingapplication.com/landers/for_mac_1/1/style.css
IP
136.243.81.51:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://protectingapplication.com/index.php?key=ixfkt9lbj00npzq1evqm&visitor_id=811471965926731776&cost=0.000670&zoneid=7222987&campaignid=8007615
Certificate
IssuerLet's Encrypt
Subjectprotectingapplication.com
FingerprintA2:A2:D3:41:8B:E4:06:76:44:B2:A3:35:41:94:56:D7:4C:95:7A:4A
ValidityThu, 04 Apr 2024 10:47:33 GMT - Wed, 03 Jul 2024 10:47:32 GMT

File type
ASCII text, with very long lines (8005), with no line terminators
Size
7.2 kB (7225 bytes)
Hash
bd268d31391d6eb864e65cb12e3f6ff7
7f019bb89cc9f5902507fd7add1b8e1b95bf399b
e2d5dc4b83604781c1b9aa6e221e0c02321f6e61306e72ab37c8015823a52561

HTTP Headers

GET /landers/for_mac_1/1/style.css HTTP/1.1
Host: protectingapplication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://protectingapplication.com/index.php?key=ixfkt9lbj00npzq1evqm&visitor_id=811471965926731776&cost=0.000670&zoneid=7222987&campaignid=8007615
Cookie: uclick=q5xs8ra2ir; uclickhash=q5xs8ra2ir-q5xs8ra2ir-52a2-0-gxp2bl-fvb7fe-uotwvr-612467
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 20:24:21 GMT
content-type: text/css
last-modified: Fri, 15 Mar 2024 12:57:55 GMT
vary: Accept-Encoding
etag: W/"65f445d3-1c39"
expires: Thu, 06 Jun 2024 20:24:21 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: img-src https: data:; upgrade-insecure-requests
content-encoding: gzip
X-Firefox-Spdy: h2

protectingapplication.com/landers/for_mac_1/1/assets/jquery-3.4.1.min.js

136.243.81.51

200 OK

88 kB

URL GET HTTP/2
protectingapplication.com/landers/for_mac_1/1/assets/jquery-3.4.1.min.js
IP
136.243.81.51:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://protectingapplication.com/index.php?key=ixfkt9lbj00npzq1evqm&visitor_id=811471965926731776&cost=0.000670&zoneid=7222987&campaignid=8007615
Certificate
IssuerLet's Encrypt
Subjectprotectingapplication.com
FingerprintA2:A2:D3:41:8B:E4:06:76:44:B2:A3:35:41:94:56:D7:4C:95:7A:4A
ValidityThu, 04 Apr 2024 10:47:33 GMT - Wed, 03 Jul 2024 10:47:32 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
88 kB (88145 bytes)
Hash
220afd743d9e9643852e31a135a9f3ae
88523924351bac0b5d560fe0c5781e2556e7693d
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

HTTP Headers

GET /landers/for_mac_1/1/assets/jquery-3.4.1.min.js HTTP/1.1
Host: protectingapplication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://protectingapplication.com/index.php?key=ixfkt9lbj00npzq1evqm&visitor_id=811471965926731776&cost=0.000670&zoneid=7222987&campaignid=8007615
Cookie: uclick=q5xs8ra2ir; uclickhash=q5xs8ra2ir-q5xs8ra2ir-52a2-0-gxp2bl-fvb7fe-uotwvr-612467
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 20:24:21 GMT
content-type: application/javascript
last-modified: Fri, 15 Mar 2024 12:57:55 GMT
vary: Accept-Encoding
etag: W/"65f445d3-15851"
expires: Tue, 07 May 2024 22:24:21 GMT
cache-control: max-age=7200
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: img-src https: data:; upgrade-insecure-requests
content-encoding: gzip
X-Firefox-Spdy: h2

aureatedreams.com/downloadapp/vpn/default/video-player/1/assets/loading.svg

104.21.92.120

200 OK

386 B

URL GET HTTP/2
aureatedreams.com/downloadapp/vpn/default/video-player/1/assets/loading.svg
IP
104.21.92.120:443
ASN
#13335 CLOUDFLARENET

Requested by
https://protectingapplication.com/index.php?key=ixfkt9lbj00npzq1evqm&visitor_id=811471965926731776&cost=0.000670&zoneid=7222987&campaignid=8007615
Certificate
IssuerGoogle Trust Services LLC
Subjectaureatedreams.com
FingerprintF7:C0:A5:CD:BE:46:06:17:F5:FC:C8:D6:0C:59:8A:A9:8D:66:3A:4F
ValidityTue, 19 Mar 2024 06:38:27 GMT - Mon, 17 Jun 2024 06:38:26 GMT

File type
SVG Scalable Vector Graphics image
Size
386 B (386 bytes)
Hash
fb0d7c6792838b69dfa3f2e6307b4bc5
ffb3304847d17f3e10542489fb4a577db5e5a53c
a543a597d7f74aff5c34c7e89005b541629313f9bb8a67910d5f776d500960c8

HTTP Headers

GET /downloadapp/vpn/default/video-player/1/assets/loading.svg HTTP/1.1
Host: aureatedreams.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://protectingapplication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 20:24:21 GMT
content-type: image/svg+xml
last-modified: Thu, 16 Nov 2023 10:02:49 GMT
etag: W/"6555e8c9-182"
cache-control: max-age=28800
cf-cache-status: HIT
age: 3076
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VWk4U3SNV%2F%2FavvUAW11TdGYUuPY0zuztyEzmDvIItWlV6lLjYOgQtM5tiPXnsA%2BnEEyFI3OAkpXy%2FYUVhY%2FLMX5DZEdK8W0fA0MA5s0F%2B4mkXJtPcqgAGjW0H8asFXiCbTYiVA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803eedd3dbd569d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap

142.250.74.170

200 OK

7.0 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP
142.250.74.170:443
ASN
#15169 GOOGLE

Requested by
https://protectingapplication.com/index.php?key=ixfkt9lbj00npzq1evqm&visitor_id=811471965926731776&cost=0.000670&zoneid=7222987&campaignid=8007615
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
ASCII text, with very long lines (7193), with no line terminators
Size
7.0 kB (7004 bytes)
Hash
16b49a99486594c0b42d9bd7821deb2c
2fb46e5e86d6b37d4497cc04bfd89b3cb33a276a
3f3540952441e06ef81189cf63d46bac242804e386779dbb0cdd78ed10025c21

HTTP Headers

GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://protectingapplication.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 07 May 2024 20:24:21 GMT
date: Tue, 07 May 2024 20:24:21 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

protectingapplication.com/index.php?key=ixfkt9lbj00npzq1evqm&visitor_id=811471965926731776&cost=0.000670&zoneid=7222987&campaignid=8007615

136.243.81.51

200 OK

20 kB

URL User Request GET HTTP/2
protectingapplication.com/index.php?key=ixfkt9lbj00npzq1evqm&visitor_id=811471965926731776&cost=0.000670&zoneid=7222987&campaignid=8007615
IP
136.243.81.51:443
ASN
#24940 Hetzner Online GmbH

Certificate
IssuerLet's Encrypt
Subjectprotectingapplication.com
FingerprintA2:A2:D3:41:8B:E4:06:76:44:B2:A3:35:41:94:56:D7:4C:95:7A:4A
ValidityThu, 04 Apr 2024 10:47:33 GMT - Wed, 03 Jul 2024 10:47:32 GMT

File type

Size
20 kB (19744 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /index.php?key=ixfkt9lbj00npzq1evqm&visitor_id=811471965926731776&cost=0.000670&zoneid=7222987&campaignid=8007615 HTTP/1.1
Host: protectingapplication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 20:24:20 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
set-cookie: uclick=q5xs8ra2ir; expires=Wed, 08-May-2024 20:24:20 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclickhash=q5xs8ra2ir-q5xs8ra2ir-52a2-0-gxp2bl-fvb7fe-uotwvr-612467; expires=Wed, 08-May-2024 20:24:20 GMT; Max-Age=86400; path=/; secure; SameSite=none
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: img-src https: data:; upgrade-insecure-requests
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (7)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (15)

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size