Report - x.s788n.com/click?pid=6&offer_id=686&ref_id=a25e01218d6371032626d8af4eb38Fym_4a8c9935

Report Overview

Submitted URL
x.s788n.com/click?pid=6&offer_id=686&ref_id=a25e01218d6371032626d8af4eb38Fym_4a8c9935_4fc4400d&sub1=4a8c9935&sub8=
IP
188.114.96.1
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-02 21:53:12
Access
public
Website Title
Unlock your favorite content now!
Final URL
flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
82

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
secureanalytic.com	13422	2019-05-02	2015-12-31	2024-04-16	449 B	9.5 kB	188.114.97.1
x.s788n.com	unknown	2023-08-08	2023-11-23	2024-04-18	568 B	905 B	188.114.97.1
go.bluelinknow.com	unknown	2021-03-08	2021-07-12	2024-03-18	542 B	810 B	54.243.225.205
flaredownload.com	unknown	2024-01-18	2024-01-19	2024-04-18	33 kB	516 kB	104.21.19.111
www.googletagmanager.com	75	2011-11-11	2013-05-22	2024-05-01	881 B	165 kB	142.250.74.168
event.secureanalytic.com	30491	2019-05-02	2021-07-14	2024-04-30	548 B	1.6 kB	188.114.97.1
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-05-02	446 B	9.4 kB	216.58.207.234

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-02	medium	flaredownload.com	Sinkholed
2024-05-02	medium	flaredownload.com	Sinkholed
2024-05-02	medium	flaredownload.com	Sinkholed
2024-05-02	medium	flaredownload.com	Sinkholed
2024-05-02	medium	flaredownload.com	Sinkholed
2024-05-02	medium	flaredownload.com	Sinkholed
2024-05-02	medium	flaredownload.com	Sinkholed
2024-05-02	medium	flaredownload.com	Sinkholed
2024-05-02	medium	flaredownload.com	Sinkholed
2024-05-02	medium	flaredownload.com	Sinkholed
2024-05-02	medium	flaredownload.com	Sinkholed
2024-05-02	medium	flaredownload.com	Sinkholed
2024-05-02	medium	flaredownload.com	Sinkholed
2024-05-02	medium	flaredownload.com	Sinkholed
2024-05-02	medium	flaredownload.com	Sinkholed
2024-05-02	medium	flaredownload.com	Sinkholed
2024-05-02	medium	flaredownload.com	Sinkholed
2024-05-02	medium	flaredownload.com	Sinkholed
2024-05-02	medium	flaredownload.com	Sinkholed
2024-05-02	medium	flaredownload.com	Sinkholed
2024-05-02	medium	flaredownload.com	Sinkholed
2024-05-02	medium	flaredownload.com	Sinkholed
2024-05-02	medium	flaredownload.com	Sinkholed
2024-05-02	medium	flaredownload.com	Sinkholed
2024-05-02	medium	flaredownload.com	Sinkholed
2024-05-02	medium	flaredownload.com	Sinkholed
2024-05-02	medium	flaredownload.com	Sinkholed
2024-05-02	medium	flaredownload.com	Sinkholed
2024-05-02	medium	flaredownload.com	Sinkholed
2024-05-02	medium	flaredownload.com	Sinkholed
2024-05-02	medium	flaredownload.com	Sinkholed
2024-05-02	medium	flaredownload.com	Sinkholed
2024-05-02	medium	flaredownload.com	Sinkholed
2024-05-02	medium	flaredownload.com	Sinkholed
2024-05-02	medium	flaredownload.com	Sinkholed
2024-05-02	medium	flaredownload.com	Sinkholed
2024-05-02	medium	flaredownload.com	Sinkholed
2024-05-02	medium	flaredownload.com	Sinkholed
2024-05-02	medium	flaredownload.com	Sinkholed
2024-05-02	medium	flaredownload.com	Sinkholed
2024-05-02	medium	flaredownload.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (25)

	URL	Size	First Seen	Last Seen
	flaredownload.com/assets/hl-e23d783b.js	1.9 kB	2024-04-30	2024-05-05
Pretty URL flaredownload.com/assets/hl-e23d783b.js IP 104.21.19.111 ASN #13335 CLOUDFLARENET Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-30 15:16:15 Last Seen2024-05-05 19:35:20 Times Seen28 Hash 36f589520a75fc40147713ec23bdd82b b0f0f0b43ffa0388561a8670591e4a656e66169d eeca14b6169a558b5b5e618ecddae6eb2de4aeb8a90077795ab183960a2b1593 Loading...

	flaredownload.com/assets/hl-02495a6a.js	426 B	2024-04-30	2024-05-05
Pretty URL flaredownload.com/assets/hl-02495a6a.js IP 104.21.19.111 ASN #13335 CLOUDFLARENET Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-30 15:16:16 Last Seen2024-05-05 19:35:20 Times Seen27 Hash 912f59657d54aba299034bb96afd55e1 040acac319733a336483c2ad127ad94639d0246d c0457067e0eacfe454c88e82080674c81fdd3f57bc9eb515efa18aa17870cee2 Loading...

	flaredownload.com/assets/hl-de833af9.js	690 B	2023-11-04	2024-05-16
Pretty URL flaredownload.com/assets/hl-de833af9.js IP 104.21.19.111 ASN #13335 CLOUDFLARENET Introduced by importedModule Embedded in HTML false Observations First Seen2023-11-04 19:20:12 Last Seen2024-05-16 10:43:51 Times Seen177 Hash 07f4201d4f772dc3825f3399bb217552 e70c0af48037b02ab9ea515952b889f9eb7bcdb1 5103bcdb5637c56d4a70564479cef8e07ec2d3f00620b428cdb36c28c430d906 Loading...

	flaredownload.com/assets/hl-b2285d0c.js	418 B	2024-04-30	2024-05-07
Pretty URL flaredownload.com/assets/hl-b2285d0c.js IP 104.21.19.111 ASN #13335 CLOUDFLARENET Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-30 15:16:16 Last Seen2024-05-07 09:45:28 Times Seen87 Hash e04fab019b3ffc66a89c9e965dea3c7f f5ef2fc1217f8db227a465dc623b807d100703fc 077eca1fc357bc9c2d6b933f6a33a1adbff1068109fb52a27a140ef4f4530cc8 Loading...

	www.googletagmanager.com/gtag/js?id=G-CK9NSGSVJF&l=dataLayer&cx=c	254 kB	2024-05-02	2024-05-02
Pretty URL www.googletagmanager.com/gtag/js?id=G-CK9NSGSVJF&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 23:53:13 Last Seen2024-05-02 23:53:14 Times Seen2 Hash 87efbddf1d010e65c52c29e4c6458d1d 7c9c2bd77b8c803a1c007c2b5eeeb31d678549e3 cf7fab2bb9537dd3b24f3d655777da58f7f6f6ffd20991af91f4fef8b9d99b5b Loading...

	flaredownload.com/assets/hl-9b82fb7e.js	4.8 kB	2024-04-30	2024-05-07
Pretty URL flaredownload.com/assets/hl-9b82fb7e.js IP 104.21.19.111 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-30 15:16:15 Last Seen2024-05-07 09:45:28 Times Seen95 Hash 737adc24f1ad958f56cebb57886fe4f2 ccf17e31a365c676ace9c1d5bba2d817136cca8a 61c8151311a12f8f05014d2af7ad8fd6a0e6fae148a346213150845f187afdf9 Loading...

	flaredownload.com/assets/hl-35a77ba0.js	72 kB	2024-04-18	2024-05-16
Pretty URL flaredownload.com/assets/hl-35a77ba0.js IP 104.21.19.111 ASN #13335 CLOUDFLARENET Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-18 12:16:42 Last Seen2024-05-16 10:43:51 Times Seen177 Hash f87da472e47dc575b6cb8dc377d18916 bff262654ae71f3be0a658cfbe5a53c787c05d55 5c38207c92f3650eaef6616521c8b1e0a03ceb384030f1c2b67cb75e25925ca8 Loading...

	secureanalytic.com/scripts/push/script/02eyoyxdkz?url=flaredownload.com	8.1 kB	2024-05-02	2024-05-16
Pretty URL secureanalytic.com/scripts/push/script/02eyoyxdkz?url=flaredownload.com IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 23:53:13 Last Seen2024-05-16 10:43:51 Times Seen71 Hash f0fab3cc04750bba62119045aad0cca4 c4bac1f34757d7d9553b0f9d23b1d419e908e62e 4590979b3d0fa22e8974e8b9d80124d0f02b6accbb154ff6e9c67b59e9fcf2c6 Loading...

	flaredownload.com/assets/hl-08811a43.js	1.9 kB	2024-04-30	2024-05-07
Pretty URL flaredownload.com/assets/hl-08811a43.js IP 104.21.19.111 ASN #13335 CLOUDFLARENET Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-30 15:16:16 Last Seen2024-05-07 09:45:28 Times Seen73 Hash b3cc658ff9142451c0996b8387b9d0a8 e3c6e04ce8075674ff655e2c40972357de28b831 452f2f0c2d36818e3fef0ce6f98c9bcbf9a04430f36bb20128c46b402f0dd401 Loading...

	flaredownload.com/assets/hl-c19e0283.js	2.8 kB	2024-04-30	2024-05-07
Pretty URL flaredownload.com/assets/hl-c19e0283.js IP 104.21.19.111 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-30 15:16:16 Last Seen2024-05-07 09:45:28 Times Seen87 Hash 5364ad1b0f5b59fcd9c02c0f3c957dce 30091f623e0d4fd19a4263939921801b8496747b bd801f4af0ece9b9292c0495cc3a14f03300f644b4eb3136ecc189f7de838762 Loading...

	flaredownload.com/assets/hl-0b0bf188.js	360 B	2024-04-30	2024-05-05
Pretty URL flaredownload.com/assets/hl-0b0bf188.js IP 104.21.19.111 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-30 15:16:16 Last Seen2024-05-05 19:35:20 Times Seen26 Hash 96de889f939ba92725dcd6509ce3a39e c20d3f7ad0871f253b67d8da84fe39b8c73d3c68 803c41be01289bc55301a91007de053c3a90ca4fa4b1cda8c9a7d22141eff9f4 Loading...

	flaredownload.com/assets/hl-edb2da2a.js	1.4 kB	2024-04-18	2024-05-16
Pretty URL flaredownload.com/assets/hl-edb2da2a.js IP 104.21.19.111 ASN #13335 CLOUDFLARENET Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-18 12:16:43 Last Seen2024-05-16 10:43:51 Times Seen164 Hash 0fb9d8a5fba7f6a569da52896f965ea3 6e57202028341c2674083acf9e428817c6725c6c 30137b4b0317a40d0c195fff2b2cd054bb39adf2fb94d357f269cb36e3c11581 Loading...

	flaredownload.com/assets/hl-1ce00f64.js	1.3 kB	2024-04-30	2024-05-07
Pretty URL flaredownload.com/assets/hl-1ce00f64.js IP 104.21.19.111 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-30 15:16:16 Last Seen2024-05-07 09:45:19 Times Seen67 Hash 78a9504a05183785e2753cdfd3cd1f8c fd82ab2cfb812608e8f23df024f29e2e19395824 e91c3fd916da5ff8e1d06b75bf67745fc2865edddfdec054d68339eb816d4186 Loading...

	www.googletagmanager.com/gtag/js?id=UA-195162716-6	206 kB	2024-05-02	2024-05-02
Pretty URL www.googletagmanager.com/gtag/js?id=UA-195162716-6 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 23:53:14 Last Seen2024-05-02 23:53:14 Times Seen2 Hash c764b9fe3d76bde33ccdd296217fa169 82c053ba8c8c6616178464ed1f3d53319e11c250 f6674a99d17aed405ae7a925a5990ba7a320750ad1eca79208cffe8e0d2e0f3b Loading...

	flaredownload.com/en_us/sandbox%20eval%20code	147 B	2023-04-11	2024-05-17
Pretty URL flaredownload.com/en_us/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-05-17 10:20:05 Times Seen349556 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	flaredownload.com/assets/hl-cecfe82c.js	3.2 kB	2024-04-30	2024-05-07
Pretty URL flaredownload.com/assets/hl-cecfe82c.js IP 104.21.19.111 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-30 15:16:15 Last Seen2024-05-07 09:45:28 Times Seen70 Hash c87c14cd6f3ce86da2fb0b3ba023ac56 0fe4b7972f7f3c6d315f71b3a0d01ac0afb96b72 acc6f4129ed26087050eff4a23516f973acba7650dbf82314e4468176b5becdd Loading...

	www.google-analytics.com/analytics.js	4.7 kB	2023-04-11	2024-05-17
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-05-17 10:20:02 Times Seen349045 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	flaredownload.com/assets/hl-10019e0a.js	915 B	2024-04-30	2024-05-07
Pretty URL flaredownload.com/assets/hl-10019e0a.js IP 104.21.19.111 ASN #13335 CLOUDFLARENET Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-30 15:16:16 Last Seen2024-05-07 09:45:28 Times Seen84 Hash 1e3a1a6723609eeef1ca18aec31ede1d 405b4e4497e97405e5995f09124499ac81fac9e9 bf2961388d2f4dfc52a8de4cb9c8950391e67b7663f19816825b4e94045096b3 Loading...

	flaredownload.com/assets/hl-a4d1bde7.js	616 B	2024-04-30	2024-05-07
Pretty URL flaredownload.com/assets/hl-a4d1bde7.js IP 104.21.19.111 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-30 15:16:16 Last Seen2024-05-07 09:45:28 Times Seen73 Hash d8ea30018e0da74ad761ec9316f8f453 d043c4f9f1a74d79fa8d31804db780a30334bf57 d8f8f3a67399e639be2e02d80bc69ed925d292bcda9df7aed5542efcf8c64b12 Loading...

	flaredownload.com/assets/hl-4f383950.js	561 B	2024-04-30	2024-05-07
Pretty URL flaredownload.com/assets/hl-4f383950.js IP 104.21.19.111 ASN #13335 CLOUDFLARENET Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-30 15:16:16 Last Seen2024-05-07 09:45:28 Times Seen96 Hash 3ffc3476cff6cca96cb96876f8b67d96 86cf88d21b81051f6e1da044c3b7867ffff617ea 38b6ba19a3c3455aba80b3198455d48ce70dff2b5eac2c05c0361cd737d81d8a Loading...

	flaredownload.com/assets/hl-cb0a5a8f.js	779 B	2024-04-30	2024-05-07
Pretty URL flaredownload.com/assets/hl-cb0a5a8f.js IP 104.21.19.111 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-30 15:16:16 Last Seen2024-05-07 09:45:28 Times Seen84 Hash 907173b9fd8b43cc2f410c95205ae736 fc7244501458e3e52756b9b63d3c69261a896cc1 319cf4c29a8e27a45fd11d1069c65991071dc10bf4d2107be22ef5d668161205 Loading...

	flaredownload.com/assets/hl-d9848c4e.js	266 kB	2024-04-30	2024-05-07
Pretty URL flaredownload.com/assets/hl-d9848c4e.js IP 104.21.19.111 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-30 15:16:15 Last Seen2024-05-07 09:45:28 Times Seen154 Hash bc391c99295126181f9f7d4f7df0a3a7 26cdaa77397971dfdcec4ea470232af8a75ccee5 887814e7c041b00843e836ce38cbd9a0815681b9e8f26dc4c35f218484b91c06 Loading...

	unknown	162 B	2024-04-06	2024-05-15
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-06 17:32:25 Last Seen2024-05-15 23:42:26 Times Seen24 Hash e193bf714b31c897879cd92880a395e0 723115770c90558282dee4dbcfde3175c2a30a1f e0ab77eab014566a6194727273a32d9d4586baf3ab126564e0d30ed4a8c53db3 Loading...

	flaredownload.com/assets/hl-6f73767e.js	1.3 kB	2024-04-30	2024-05-05
Pretty URL flaredownload.com/assets/hl-6f73767e.js IP 104.21.19.111 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-30 15:16:15 Last Seen2024-05-05 19:35:20 Times Seen30 Hash 5168e2bd6ea61c61ffc85070695db0a0 015634c336e6b853b1459cc2f915cf32286d966d bc6e2004c6005453b32fa7483ca27faf09c39e08c6c64be3642bd58dd864541d Loading...

	flaredownload.com/assets/hl-5c2cfe2f.js	6.1 kB	2024-04-30	2024-05-07
Pretty URL flaredownload.com/assets/hl-5c2cfe2f.js IP 104.21.19.111 ASN #13335 CLOUDFLARENET Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-30 15:16:16 Last Seen2024-05-07 09:45:28 Times Seen98 Hash 1688ac06cc894985a8a82aee191cba8c b26ccd34be5c0a5c6b31d01e272af637302189c4 cdef597b7b8f1cb9114a5a5929e21ce2201dbe7230717b3a759b93b674cd7a9a Loading...

HTTP Transactions (48)

URL IP Response Size

x.s788n.com/click?pid=6&offer_id=686&ref_id=a25e01218d6371032626d8af4eb38Fym_4a8c9935_4fc4400d&sub1=4a8c9935&sub8=

188.114.97.1

302 Found

0 B

URL User Request GET HTTP/2
x.s788n.com/click?pid=6&offer_id=686&ref_id=a25e01218d6371032626d8af4eb38Fym_4a8c9935_4fc4400d&sub1=4a8c9935&sub8=
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjects788n.com
Fingerprint7B:57:28:7D:08:B1:32:B9:AF:EE:21:E5:18:A8:A6:96:C0:D6:63:AB
ValidityMon, 01 Apr 2024 03:04:14 GMT - Sun, 30 Jun 2024 03:04:13 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /click?pid=6&offer_id=686&ref_id=a25e01218d6371032626d8af4eb38Fym_4a8c9935_4fc4400d&sub1=4a8c9935&sub8= HTTP/1.1
Host: x.s788n.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Thu, 02 May 2024 21:52:46 GMT
content-length: 0
location: https://go.bluelinknow.com/t/clk?id=vKH9LMLsvqfyVwC2&s1=66340b2e39813200015ab9ee&s2=4a8c9935&s8=
x-adjust-use-original-forwarded-for: 1
set-cookie: afclick=66340b2e39813200015ab9ee; expires=Fri, 02 May 2025 21:52:46 GMT; secure; SameSite=None
afoffers={"686":1714686766}; expires=Fri, 02 May 2025 21:52:46 GMT; secure; SameSite=None
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nBRDIVgxp%2FF1X5ScOPWNlp2ttfM7SdscKlsvrlNaRmRpcf%2Bz0OxpPkOGvJjbZKrZoeKsx3w0IDOXHxl%2BafHU6JvwNSCQrwlOr%2BqcgUiYdwTMetdLEYO88%2B2gxxuaGg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87db3d844a2a7127-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

go.bluelinknow.com/t/clk?id=vKH9LMLsvqfyVwC2&s1=66340b2e39813200015ab9ee&s2=4a8c9935&s8=

54.243.225.205

302 Found

0 B

URL User Request GET HTTP/2
go.bluelinknow.com/t/clk?id=vKH9LMLsvqfyVwC2&s1=66340b2e39813200015ab9ee&s2=4a8c9935&s8=
IP
54.243.225.205:443
ASN
#14618 AMAZON-AES

Certificate
IssuerAmazon
Subject*.redlinknow.com
Fingerprint79:82:ED:1B:55:67:44:54:B9:21:32:61:9D:61:C9:1A:2F:AF:97:76
ValiditySun, 17 Dec 2023 00:00:00 GMT - Tue, 14 Jan 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /t/clk?id=vKH9LMLsvqfyVwC2&s1=66340b2e39813200015ab9ee&s2=4a8c9935&s8= HTTP/1.1
Host: go.bluelinknow.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Thu, 02 May 2024 21:52:47 GMT
content-type: text/html; charset=utf-8
content-length: 0
location: https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
server: nginx/1.14.2
cache-control: no-transform
x-frame-options: SAMEORIGIN
vary: Accept-Language, Cookie, Origin
content-language: en
set-cookie: uip="[\"l6sLx8g\"\054 {\"Yv74\": \"xy3aRrl\"}]:1s2eMB:Roz_tnE5BrycxJbiPisIqdHYbug"; expires=Sat, 01 Jun 2024 21:52:47 GMT; Max-Age=2592000; Path=/
ydt_a31a0322edef4efaa328c3e667d70925="[\"8f9683bc-1ffa-4450-95a2-62ca40531570\"]:1s2eMB:PM4cOjvKy5o7B7dGGyNZ5UK_5NA"; expires=Sat, 01 Jun 2024 23:52:47 GMT; Max-Age=2599200; Path=/; SameSite=None; Secure
X-Firefox-Spdy: h2

flaredownload.com/assets/hl-1ce00f64.js

104.21.19.111

200 OK

1.1 kB

URL GET HTTP/3
flaredownload.com/assets/hl-1ce00f64.js
IP
104.21.19.111:443
ASN
#13335 CLOUDFLARENET

Requested by
https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
Certificate
IssuerGoogle Trust Services LLC
Subjectflaredownload.com
FingerprintA7:68:A0:75:94:62:A1:45:DE:7D:F0:07:04:B4:D1:B8:96:E1:C2:50
ValidityMon, 18 Mar 2024 15:26:29 GMT - Sun, 16 Jun 2024 15:26:28 GMT

File type
ASCII text, with very long lines (305)
Size
1.1 kB (1135 bytes)
Hash
78a9504a05183785e2753cdfd3cd1f8c
fd82ab2cfb812608e8f23df024f29e2e19395824
e91c3fd916da5ff8e1d06b75bf67745fc2865edddfdec054d68339eb816d4186

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/hl-1ce00f64.js HTTP/1.1
Host: flaredownload.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://flaredownload.com/assets/hl-d9848c4e.js
Cookie: visitInfo::6573=c5081eb4f71b3e83a40f29fac1124e037f56902dab686688b93b637c8b4795bca%3A2%3A%7Bi%3A0%3Bs%3A15%3A%22visitInfo%3A%3A6573%22%3Bi%3A1%3Ba%3A5%3A%7Bs%3A8%3A%22cookieId%22%3Bs%3A32%3A%227cb763c0bfc785466b79c98c35a44c5f%22%3Bs%3A7%3A%22network%22%3Bs%3A6%3A%22200347%22%3Bs%3A9%3A%22publisher%22%3Bs%3A8%3A%224a8c9935%22%3Bs%3A10%3A%22externalId%22%3Bs%3A36%3A%228f9683bc-1ffa-4450-95a2-62ca40531570%22%3Bs%3A7%3A%22isNewTr%22%3Bb%3A1%3B%7D%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 02 May 2024 21:52:48 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=1286
access-control-allow-origin: *
etag: W/"6630d038-506"
last-modified: Tue, 30 Apr 2024 11:04:24 GMT
cache-control: max-age=1800
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZnRFkhM9pvtCaC8IVeB8Tx69a1Y8i0szs1zDKa8HTOfyTMNlKd5wb3Mp32dksJVmwsU9ygrSCoyZeKULuDRdaRAmuX4ZXB3tMxh5iUw4gK6hRsj4fWCaA5pp2PKm1Gpkd%2F6Pfa5c4Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
server: cloudflare
cf-ray: 87db3d8da9e90b69-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

flaredownload.com/assets/hl-6f73767e.js

104.21.19.111

200 OK

887 B

URL GET HTTP/3
flaredownload.com/assets/hl-6f73767e.js
IP
104.21.19.111:443
ASN
#13335 CLOUDFLARENET

Requested by
https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
Certificate
IssuerGoogle Trust Services LLC
Subjectflaredownload.com
FingerprintA7:68:A0:75:94:62:A1:45:DE:7D:F0:07:04:B4:D1:B8:96:E1:C2:50
ValidityMon, 18 Mar 2024 15:26:29 GMT - Sun, 16 Jun 2024 15:26:28 GMT

File type
ASCII text, with very long lines (1263), with no line terminators
Size
887 B (887 bytes)
Hash
5168e2bd6ea61c61ffc85070695db0a0
015634c336e6b853b1459cc2f915cf32286d966d
bc6e2004c6005453b32fa7483ca27faf09c39e08c6c64be3642bd58dd864541d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/hl-6f73767e.js HTTP/1.1
Host: flaredownload.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 02 May 2024 21:52:48 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=1264
access-control-allow-origin: *
etag: W/"6630d038-4f0"
last-modified: Tue, 30 Apr 2024 11:04:24 GMT
cache-control: max-age=1800
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LeqJ6AXDVsnEEsJdXOcM0cRD5xtn%2BPQHhZukrBQpNT8EvmpCHrsJLnj0dIaQtSMGEfA1JkxpZ62bPsGr0QU5WVWdugMxcK4NmO0%2FJLhvGv57SAs%2BEE2PAk3SqOdVd661dOIEC9gDOg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
server: cloudflare
cf-ray: 87db3d8e4a850b69-OSL
content-encoding: br

www.googletagmanager.com/gtag/js?id=UA-195162716-6

142.250.74.168

200 OK

74 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=UA-195162716-6
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintFC:B1:16:E0:D8:F3:2B:F3:AB:33:E5:E1:23:57:F4:48:66:FD:4D:52
ValidityMon, 08 Apr 2024 06:34:55 GMT - Mon, 01 Jul 2024 06:34:54 GMT

File type
JavaScript source, ASCII text, with very long lines (4179)
Size
74 kB (74290 bytes)
Hash
c764b9fe3d76bde33ccdd296217fa169
82c053ba8c8c6616178464ed1f3d53319e11c250
f6674a99d17aed405ae7a925a5990ba7a320750ad1eca79208cffe8e0d2e0f3b

HTTP Headers

GET /gtag/js?id=UA-195162716-6 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://flaredownload.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 02 May 2024 21:52:48 GMT
expires: Thu, 02 May 2024 21:52:48 GMT
cache-control: private, max-age=900
last-modified: Thu, 02 May 2024 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 74290
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

flaredownload.com/assets/hl-d9848c4e.js

104.21.19.111

200 OK

96 kB

URL GET HTTP/3
flaredownload.com/assets/hl-d9848c4e.js
IP
104.21.19.111:443
ASN
#13335 CLOUDFLARENET

Requested by
https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
Certificate
IssuerGoogle Trust Services LLC
Subjectflaredownload.com
FingerprintA7:68:A0:75:94:62:A1:45:DE:7D:F0:07:04:B4:D1:B8:96:E1:C2:50
ValidityMon, 18 Mar 2024 15:26:29 GMT - Sun, 16 Jun 2024 15:26:28 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
96 kB (96346 bytes)
Hash
bc391c99295126181f9f7d4f7df0a3a7
26cdaa77397971dfdcec4ea470232af8a75ccee5
887814e7c041b00843e836ce38cbd9a0815681b9e8f26dc4c35f218484b91c06

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/hl-d9848c4e.js HTTP/1.1
Host: flaredownload.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 02 May 2024 21:52:47 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=265778
access-control-allow-origin: *
etag: W/"6630d038-40e32"
last-modified: Tue, 30 Apr 2024 11:04:24 GMT
cache-control: max-age=1800
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AXaYywz%2BD6PkXjYJ1hTc%2FUWzRt5aq5H0gPbX%2Bcw3NMwSzFilbPQIJTQWHQuwAd6qPZEMz2MUK0E5M%2FIHPMZdoCNp%2FobTAb19DO6AUAWvOoZY12iU5zsjDXSxUPRU2Ytkp1qKNjvz0g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: REVALIDATED
server: cloudflare
cf-ray: 87db3d8b68320b69-OSL
content-encoding: br

www.googletagmanager.com/gtag/js?id=G-CK9NSGSVJF&l=dataLayer&cx=c

142.250.74.168

200 OK

90 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-CK9NSGSVJF&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintFC:B1:16:E0:D8:F3:2B:F3:AB:33:E5:E1:23:57:F4:48:66:FD:4D:52
ValidityMon, 08 Apr 2024 06:34:55 GMT - Mon, 01 Jul 2024 06:34:54 GMT

File type
JavaScript source, ASCII text, with very long lines (5955)
Size
90 kB (89717 bytes)
Hash
87efbddf1d010e65c52c29e4c6458d1d
7c9c2bd77b8c803a1c007c2b5eeeb31d678549e3
cf7fab2bb9537dd3b24f3d655777da58f7f6f6ffd20991af91f4fef8b9d99b5b

HTTP Headers

GET /gtag/js?id=G-CK9NSGSVJF&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://flaredownload.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 02 May 2024 21:52:48 GMT
expires: Thu, 02 May 2024 21:52:48 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 89717
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

flaredownload.com/assets/hl-edb2da2a.js

104.21.19.111

200 OK

15 kB

URL GET HTTP/3
flaredownload.com/assets/hl-edb2da2a.js
IP
104.21.19.111:443
ASN
#13335 CLOUDFLARENET

Requested by
https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
Certificate
IssuerGoogle Trust Services LLC
Subjectflaredownload.com
FingerprintA7:68:A0:75:94:62:A1:45:DE:7D:F0:07:04:B4:D1:B8:96:E1:C2:50
ValidityMon, 18 Mar 2024 15:26:29 GMT - Sun, 16 Jun 2024 15:26:28 GMT

File type
JavaScript source, ASCII text, with very long lines (1410), with no line terminators
Size
15 kB (15186 bytes)
Hash
0fb9d8a5fba7f6a569da52896f965ea3
6e57202028341c2674083acf9e428817c6725c6c
30137b4b0317a40d0c195fff2b2cd054bb39adf2fb94d357f269cb36e3c11581

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/hl-edb2da2a.js HTTP/1.1
Host: flaredownload.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 02 May 2024 21:52:48 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=1413
access-control-allow-origin: *
etag: W/"6630d038-585"
last-modified: Tue, 30 Apr 2024 11:04:24 GMT
cache-control: max-age=1800
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ErS4f%2F0QsBFBq8ErNEZGDAZq3FWlK2Homif0axYbS7ybb8yLsVbg8FUaFthr8eIoz6GIFunFh7KXj4Z4xAlfjDVoJgBD4x%2B0UewXmQRR%2FlMbwRTisaWiWKlnWSfyfd9KdFuce%2FX%2FJg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
server: cloudflare
cf-ray: 87db3d8d99d00b69-OSL
content-encoding: br

flaredownload.com/prod/images/fd770a0f13896c5ac8a09bc7a642de92.png

104.21.19.111

200 OK

3.2 kB

URL GET HTTP/3
flaredownload.com/prod/images/fd770a0f13896c5ac8a09bc7a642de92.png
IP
104.21.19.111:443
ASN
#13335 CLOUDFLARENET

Requested by
https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
Certificate
IssuerGoogle Trust Services LLC
Subjectflaredownload.com
FingerprintA7:68:A0:75:94:62:A1:45:DE:7D:F0:07:04:B4:D1:B8:96:E1:C2:50
ValidityMon, 18 Mar 2024 15:26:29 GMT - Sun, 16 Jun 2024 15:26:28 GMT

File type
PNG image data, 100 x 100, 8-bit colormap, non-interlaced
Size
3.2 kB (3235 bytes)
Hash
18e8c55ad549933e62ee40b8c7adbdd0
f7bc824a4c70a4babc07b21fcbd413885128e92e
69bec757694a537e73efba217eaca74df87935a063fe5c6a25f22c7e196f6520

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /prod/images/fd770a0f13896c5ac8a09bc7a642de92.png HTTP/1.1
Host: flaredownload.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
Cookie: visitInfo::6573=c5081eb4f71b3e83a40f29fac1124e037f56902dab686688b93b637c8b4795bca%3A2%3A%7Bi%3A0%3Bs%3A15%3A%22visitInfo%3A%3A6573%22%3Bi%3A1%3Ba%3A5%3A%7Bs%3A8%3A%22cookieId%22%3Bs%3A32%3A%227cb763c0bfc785466b79c98c35a44c5f%22%3Bs%3A7%3A%22network%22%3Bs%3A6%3A%22200347%22%3Bs%3A9%3A%22publisher%22%3Bs%3A8%3A%224a8c9935%22%3Bs%3A10%3A%22externalId%22%3Bs%3A36%3A%228f9683bc-1ffa-4450-95a2-62ca40531570%22%3Bs%3A7%3A%22isNewTr%22%3Bb%3A1%3B%7D%7D; _ga_CK9NSGSVJF=GS1.1.1714686768.1.0.1714686768.0.0.0; _ga=GA1.1.418617194.1714686769
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 02 May 2024 21:52:48 GMT
content-type: image/png
content-length: 3235
last-modified: Tue, 30 Apr 2024 11:23:17 GMT
etag: "6630d4a5-ca3"
access-control-allow-origin: *
cache-control: max-age=1800
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=44ZWUvY%2F5jVZWr1boPX1XgecxnfKsqMfeKkdFfArg0vWYsWC6PvbPOCutdBvwAGkBB5FjkIJwPxQEUXyeplkhwxvjlc7vTiTgfuJq90d%2FQAmTLDBSnK8UZNayMleAQze3kZB3DQ%2BAA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 0
accept-ranges: bytes
server: cloudflare
cf-ray: 87db3d921dfd0b69-OSL
alt-svc: h3=":443"; ma=86400

flaredownload.com/prod/images/da11c15fabd9787f963615c6708cf278.png

104.21.19.111

200 OK

971 B

URL GET HTTP/3
flaredownload.com/prod/images/da11c15fabd9787f963615c6708cf278.png
IP
104.21.19.111:443
ASN
#13335 CLOUDFLARENET

Requested by
https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
Certificate
IssuerGoogle Trust Services LLC
Subjectflaredownload.com
FingerprintA7:68:A0:75:94:62:A1:45:DE:7D:F0:07:04:B4:D1:B8:96:E1:C2:50
ValidityMon, 18 Mar 2024 15:26:29 GMT - Sun, 16 Jun 2024 15:26:28 GMT

File type
PNG image data, 111 x 75, 8-bit colormap, non-interlaced
Size
971 B (971 bytes)
Hash
2f40fa92fce11c340f70807da03ac0b2
89ef777357b185dee8937a3da0983f39f156fb10
44990fb54269fdec9302792e2c01543679151dbfb279e63089e28656884b3794

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /prod/images/da11c15fabd9787f963615c6708cf278.png HTTP/1.1
Host: flaredownload.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
Cookie: visitInfo::6573=c5081eb4f71b3e83a40f29fac1124e037f56902dab686688b93b637c8b4795bca%3A2%3A%7Bi%3A0%3Bs%3A15%3A%22visitInfo%3A%3A6573%22%3Bi%3A1%3Ba%3A5%3A%7Bs%3A8%3A%22cookieId%22%3Bs%3A32%3A%227cb763c0bfc785466b79c98c35a44c5f%22%3Bs%3A7%3A%22network%22%3Bs%3A6%3A%22200347%22%3Bs%3A9%3A%22publisher%22%3Bs%3A8%3A%224a8c9935%22%3Bs%3A10%3A%22externalId%22%3Bs%3A36%3A%228f9683bc-1ffa-4450-95a2-62ca40531570%22%3Bs%3A7%3A%22isNewTr%22%3Bb%3A1%3B%7D%7D; _ga_CK9NSGSVJF=GS1.1.1714686768.1.0.1714686768.0.0.0; _ga=GA1.1.418617194.1714686769
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 02 May 2024 21:52:48 GMT
content-type: image/png
content-length: 971
last-modified: Tue, 30 Apr 2024 11:23:17 GMT
etag: "6630d4a5-3cb"
access-control-allow-origin: *
cache-control: max-age=1800
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=925gqIhi%2B4z9%2BtxpYU2zhqWro6EsP6%2FVDprw9IRfvUaTZiAnH%2Bxpl7f4wuB%2Fz536TTJTkxuiw3AFZCLNlR9Te6lFjNbzyKnhf6ZSsoAXQMOLbARYvo1SREzasMo4tbaxRskN7%2Bym2g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 0
accept-ranges: bytes
server: cloudflare
cf-ray: 87db3d922dff0b69-OSL
alt-svc: h3=":443"; ma=86400

flaredownload.com/visit/get-data?landingId=6573&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=

104.21.19.111

200 OK

11 kB

URL GET HTTP/3
flaredownload.com/visit/get-data?landingId=6573&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
IP
104.21.19.111:443
ASN
#13335 CLOUDFLARENET

Requested by
https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
Certificate
IssuerGoogle Trust Services LLC
Subjectflaredownload.com
FingerprintA7:68:A0:75:94:62:A1:45:DE:7D:F0:07:04:B4:D1:B8:96:E1:C2:50
ValidityMon, 18 Mar 2024 15:26:29 GMT - Sun, 16 Jun 2024 15:26:28 GMT

File type
JSON text data
Size
11 kB (10743 bytes)
Hash
38bcf8d7b1a2dc93fc2d72f67f64d9a7
b6304f21bfb79baa347bc5122358f0df771b70bb
6365b1f7a156a2884ed36b1517a93e40a12ebb93f77b58a366933ebd9adfe075

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /visit/get-data?landingId=6573&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource= HTTP/1.1
Host: flaredownload.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
sentry-trace: 0280c89102424cc9b9486a2698a87403-857a783c48bca37f-0
baggage: sentry-environment=production,sentry-public_key=9056b383582c444792eb65c1726488d9,sentry-trace_id=0280c89102424cc9b9486a2698a87403,sentry-sample_rate=0.1,sentry-sampled=false
DNT: 1
Connection: keep-alive
Referer: https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 02 May 2024 21:52:48 GMT
content-type: application/json; charset=UTF-8
set-cookie: visitInfo::6573=c5081eb4f71b3e83a40f29fac1124e037f56902dab686688b93b637c8b4795bca%3A2%3A%7Bi%3A0%3Bs%3A15%3A%22visitInfo%3A%3A6573%22%3Bi%3A1%3Ba%3A5%3A%7Bs%3A8%3A%22cookieId%22%3Bs%3A32%3A%227cb763c0bfc785466b79c98c35a44c5f%22%3Bs%3A7%3A%22network%22%3Bs%3A6%3A%22200347%22%3Bs%3A9%3A%22publisher%22%3Bs%3A8%3A%224a8c9935%22%3Bs%3A10%3A%22externalId%22%3Bs%3A36%3A%228f9683bc-1ffa-4450-95a2-62ca40531570%22%3Bs%3A7%3A%22isNewTr%22%3Bb%3A1%3B%7D%7D; path=/; HttpOnly; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FgqUZgC21Lr%2B%2Bl8ibLU%2BFnea6av3s2P%2BxojLV4jNMXbb1Z8muM%2FD%2BwEMTzcPrFIHF5DBWqVgyfdaEbhR4nZRShwC0Osln%2FmGKrTE%2Bz5XU5B7jP9dtyBDWG92KmassCVwRLOZrQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87db3d8c59020b69-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

flaredownload.com/assets/hl-41e46faf.woff2

104.21.19.111

200 OK

7.9 kB

URL GET HTTP/3
flaredownload.com/assets/hl-41e46faf.woff2
IP
104.21.19.111:443
ASN
#13335 CLOUDFLARENET

Requested by
https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
Certificate
IssuerGoogle Trust Services LLC
Subjectflaredownload.com
FingerprintA7:68:A0:75:94:62:A1:45:DE:7D:F0:07:04:B4:D1:B8:96:E1:C2:50
ValidityMon, 18 Mar 2024 15:26:29 GMT - Sun, 16 Jun 2024 15:26:28 GMT

File type
Web Open Font Format (Version 2), TrueType, length 7900, version 1.0
Size
7.9 kB (7900 bytes)
Hash
9ed361bba8488aeb2797b82befda20f1
6f80d965a066aff81c0a344d4b7297bd009cc099
41e46faff74c6a77d581689ec35eb040f6c96d17f4d2c5b25dccd42ed498b01c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/hl-41e46faf.woff2 HTTP/1.1
Host: flaredownload.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://flaredownload.com/assets/hl-78f24724.css
Cookie: visitInfo::6573=c5081eb4f71b3e83a40f29fac1124e037f56902dab686688b93b637c8b4795bca%3A2%3A%7Bi%3A0%3Bs%3A15%3A%22visitInfo%3A%3A6573%22%3Bi%3A1%3Ba%3A5%3A%7Bs%3A8%3A%22cookieId%22%3Bs%3A32%3A%227cb763c0bfc785466b79c98c35a44c5f%22%3Bs%3A7%3A%22network%22%3Bs%3A6%3A%22200347%22%3Bs%3A9%3A%22publisher%22%3Bs%3A8%3A%224a8c9935%22%3Bs%3A10%3A%22externalId%22%3Bs%3A36%3A%228f9683bc-1ffa-4450-95a2-62ca40531570%22%3Bs%3A7%3A%22isNewTr%22%3Bb%3A1%3B%7D%7D; _ga_CK9NSGSVJF=GS1.1.1714686768.1.0.1714686768.0.0.0; _ga=GA1.1.418617194.1714686769
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 02 May 2024 21:52:49 GMT
content-type: application/octet-stream
content-length: 7900
last-modified: Tue, 30 Apr 2024 11:04:24 GMT
etag: "6630d038-1edc"
access-control-allow-origin: *
cache-control: max-age=1800
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JCATm8SShkCBS3WuyVWphB6xr0soxkY4mq0Kq4PlVtc8wkyRG7sGEB2YmRtj4HgsQCOoiC2dcuwt8WQYh%2BmLt5g%2FaM3%2BBtnjhtUuGNMr3SC8nlNPC4Az6pz6uq7Qg3ogOYU%2FDlwXcQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 87db3d923e0c0b69-OSL
alt-svc: h3=":443"; ma=86400

event.secureanalytic.com/register/event_log/v9e179lqez

188.114.97.1

200 OK

0 B

URL POST HTTP/2
event.secureanalytic.com/register/event_log/v9e179lqez
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
Certificate
IssuerLet's Encrypt
Subjectsecureanalytic.com
FingerprintE8:56:22:9E:5D:B8:81:BD:9C:20:0E:24:64:BE:C4:CA:4E:D6:C9:63
ValidityFri, 29 Mar 2024 10:27:40 GMT - Thu, 27 Jun 2024 10:27:39 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /register/event_log/v9e179lqez HTTP/1.1
Host: event.secureanalytic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://flaredownload.com/
Origin: https://flaredownload.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 May 2024 21:52:49 GMT
content-length: 0
expires: 0
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-headers: content-type
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src * 'self' https://* blob: data:; font-src 'self' data:
access-control-allow-methods: POST
x-frame-options: SAMEORIGIN
access-control-expose-headers: Authorization, Link, X-Total-Count, X-pushPlatformApp-alert, X-pushPlatformApp-error, X-pushPlatformApp-params
access-control-allow-origin: *
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-content-type-options: nosniff
permissions-policy: camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()
access-control-max-age: 1800
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yMot6RffCRy53VI6TM5Ycg4tl70dpZqnKDkXgZd0FwNTMFXdAQoxz%2BZ46TQ3%2Fw31AS1lVquVFEaFCz8Q0k6L69nsyGPqpksq8x3coxJ9EcurxrN0hu4oTke7D0%2FOC9%2Fhm7P9hjwgtlfckDw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87db3d91ff5cb50f-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

flaredownload.com/assets/hl-6f73767e.js

104.21.19.111

200 OK

415 B

URL GET HTTP/3
flaredownload.com/assets/hl-6f73767e.js
IP
104.21.19.111:443
ASN
#13335 CLOUDFLARENET

Requested by
https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
Certificate
IssuerGoogle Trust Services LLC
Subjectflaredownload.com
FingerprintA7:68:A0:75:94:62:A1:45:DE:7D:F0:07:04:B4:D1:B8:96:E1:C2:50
ValidityMon, 18 Mar 2024 15:26:29 GMT - Sun, 16 Jun 2024 15:26:28 GMT

File type
ASCII text, with very long lines (1263), with no line terminators
Size
415 B (415 bytes)
Hash
5168e2bd6ea61c61ffc85070695db0a0
015634c336e6b853b1459cc2f915cf32286d966d
bc6e2004c6005453b32fa7483ca27faf09c39e08c6c64be3642bd58dd864541d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/hl-6f73767e.js HTTP/1.1
Host: flaredownload.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://flaredownload.com/assets/hl-9b82fb7e.js
Cookie: visitInfo::6573=c5081eb4f71b3e83a40f29fac1124e037f56902dab686688b93b637c8b4795bca%3A2%3A%7Bi%3A0%3Bs%3A15%3A%22visitInfo%3A%3A6573%22%3Bi%3A1%3Ba%3A5%3A%7Bs%3A8%3A%22cookieId%22%3Bs%3A32%3A%227cb763c0bfc785466b79c98c35a44c5f%22%3Bs%3A7%3A%22network%22%3Bs%3A6%3A%22200347%22%3Bs%3A9%3A%22publisher%22%3Bs%3A8%3A%224a8c9935%22%3Bs%3A10%3A%22externalId%22%3Bs%3A36%3A%228f9683bc-1ffa-4450-95a2-62ca40531570%22%3Bs%3A7%3A%22isNewTr%22%3Bb%3A1%3B%7D%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 02 May 2024 21:52:48 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=1264
access-control-allow-origin: *
etag: W/"6630d038-4f0"
last-modified: Tue, 30 Apr 2024 11:04:24 GMT
cache-control: max-age=1800
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LeqJ6AXDVsnEEsJdXOcM0cRD5xtn%2BPQHhZukrBQpNT8EvmpCHrsJLnj0dIaQtSMGEfA1JkxpZ62bPsGr0QU5WVWdugMxcK4NmO0%2FJLhvGv57SAs%2BEE2PAk3SqOdVd661dOIEC9gDOg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 0
server: cloudflare
cf-ray: 87db3d904c010b69-OSL
content-encoding: br

flaredownload.com/assets/hl-08811a43.js

104.21.19.111

200 OK

4.4 kB

URL GET HTTP/3
flaredownload.com/assets/hl-08811a43.js
IP
104.21.19.111:443
ASN
#13335 CLOUDFLARENET

Requested by
https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
Certificate
IssuerGoogle Trust Services LLC
Subjectflaredownload.com
FingerprintA7:68:A0:75:94:62:A1:45:DE:7D:F0:07:04:B4:D1:B8:96:E1:C2:50
ValidityMon, 18 Mar 2024 15:26:29 GMT - Sun, 16 Jun 2024 15:26:28 GMT

File type
JavaScript source, ASCII text, with very long lines (1922), with no line terminators
Size
4.4 kB (4436 bytes)
Hash
b3cc658ff9142451c0996b8387b9d0a8
e3c6e04ce8075674ff655e2c40972357de28b831
452f2f0c2d36818e3fef0ce6f98c9bcbf9a04430f36bb20128c46b402f0dd401

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/hl-08811a43.js HTTP/1.1
Host: flaredownload.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://flaredownload.com/assets/hl-a4d1bde7.js
Cookie: visitInfo::6573=c5081eb4f71b3e83a40f29fac1124e037f56902dab686688b93b637c8b4795bca%3A2%3A%7Bi%3A0%3Bs%3A15%3A%22visitInfo%3A%3A6573%22%3Bi%3A1%3Ba%3A5%3A%7Bs%3A8%3A%22cookieId%22%3Bs%3A32%3A%227cb763c0bfc785466b79c98c35a44c5f%22%3Bs%3A7%3A%22network%22%3Bs%3A6%3A%22200347%22%3Bs%3A9%3A%22publisher%22%3Bs%3A8%3A%224a8c9935%22%3Bs%3A10%3A%22externalId%22%3Bs%3A36%3A%228f9683bc-1ffa-4450-95a2-62ca40531570%22%3Bs%3A7%3A%22isNewTr%22%3Bb%3A1%3B%7D%7D; _ga_CK9NSGSVJF=GS1.1.1714686768.1.0.1714686768.0.0.0; _ga=GA1.1.418617194.1714686769
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 02 May 2024 21:52:49 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=1923
access-control-allow-origin: *
etag: W/"6630d038-783"
last-modified: Tue, 30 Apr 2024 11:04:24 GMT
cache-control: max-age=1800
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5yeJK8hwCK70Ljgp9ruqkI3uTQPi4SVhqNxfk46dhuPXfaU6k7hHZuGVFdJ4maCdsHif2t9kp0%2FvFyln8MammmwL8f1HWVuR9R5NpjBgGrt1ISx835Gd2NoMAU2ywUC2wIXXk2UyLw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 0
server: cloudflare
cf-ray: 87db3d928e3d0b69-OSL
content-encoding: br

flaredownload.com/assets/hl-10019e0a.js

104.21.19.111

200 OK

12 kB

URL GET HTTP/3
flaredownload.com/assets/hl-10019e0a.js
IP
104.21.19.111:443
ASN
#13335 CLOUDFLARENET

Requested by
https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
Certificate
IssuerGoogle Trust Services LLC
Subjectflaredownload.com
FingerprintA7:68:A0:75:94:62:A1:45:DE:7D:F0:07:04:B4:D1:B8:96:E1:C2:50
ValidityMon, 18 Mar 2024 15:26:29 GMT - Sun, 16 Jun 2024 15:26:28 GMT

File type
ASCII text, with very long lines (915), with no line terminators
Size
12 kB (11946 bytes)
Hash
1e3a1a6723609eeef1ca18aec31ede1d
405b4e4497e97405e5995f09124499ac81fac9e9
bf2961388d2f4dfc52a8de4cb9c8950391e67b7663f19816825b4e94045096b3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/hl-10019e0a.js HTTP/1.1
Host: flaredownload.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 02 May 2024 21:52:48 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=916
access-control-allow-origin: *
etag: W/"6630d038-394"
last-modified: Tue, 30 Apr 2024 11:04:24 GMT
cache-control: max-age=1800
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xxkkSLAmcA4oxnCGW8DMngCyQ%2BRlS7kyC6fBpa6cInHJarUGC4s1lwZVdLIwzKVfMSsL8IX77uSEi7Od69ySApLoms2kaqSYKNyoPohFq7vwsJJbUxiKq4k3U2s8qPw6NETWF9%2Fpsg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
server: cloudflare
cf-ray: 87db3d90ac6a0b69-OSL
content-encoding: br

flaredownload.com/assets/hl-0b0bf188.js

104.21.19.111

200 OK

9.4 kB

URL GET HTTP/3
flaredownload.com/assets/hl-0b0bf188.js
IP
104.21.19.111:443
ASN
#13335 CLOUDFLARENET

Requested by
https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
Certificate
IssuerGoogle Trust Services LLC
Subjectflaredownload.com
FingerprintA7:68:A0:75:94:62:A1:45:DE:7D:F0:07:04:B4:D1:B8:96:E1:C2:50
ValidityMon, 18 Mar 2024 15:26:29 GMT - Sun, 16 Jun 2024 15:26:28 GMT

File type
ASCII text, with very long lines (360), with no line terminators
Size
9.4 kB (9417 bytes)
Hash
96de889f939ba92725dcd6509ce3a39e
c20d3f7ad0871f253b67d8da84fe39b8c73d3c68
803c41be01289bc55301a91007de053c3a90ca4fa4b1cda8c9a7d22141eff9f4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/hl-0b0bf188.js HTTP/1.1
Host: flaredownload.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://flaredownload.com/assets/hl-6f73767e.js
Cookie: visitInfo::6573=c5081eb4f71b3e83a40f29fac1124e037f56902dab686688b93b637c8b4795bca%3A2%3A%7Bi%3A0%3Bs%3A15%3A%22visitInfo%3A%3A6573%22%3Bi%3A1%3Ba%3A5%3A%7Bs%3A8%3A%22cookieId%22%3Bs%3A32%3A%227cb763c0bfc785466b79c98c35a44c5f%22%3Bs%3A7%3A%22network%22%3Bs%3A6%3A%22200347%22%3Bs%3A9%3A%22publisher%22%3Bs%3A8%3A%224a8c9935%22%3Bs%3A10%3A%22externalId%22%3Bs%3A36%3A%228f9683bc-1ffa-4450-95a2-62ca40531570%22%3Bs%3A7%3A%22isNewTr%22%3Bb%3A1%3B%7D%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 02 May 2024 21:52:48 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=361
access-control-allow-origin: *
etag: W/"6630d038-169"
last-modified: Tue, 30 Apr 2024 11:04:24 GMT
cache-control: max-age=1800
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=F83bJvzvcyJgkJ6fbkKUXt%2FgEFGoMnnFoZTZvQJXSEb8RbPTTN2GG080hxNcEjoAex5v2v5u9gHMtFyIpldvqCMYQRPRtkPpBPwB0ootraMXkLAmX%2Fys18uvMoqnb5F0J9vzfRa5Hw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 0
server: cloudflare
cf-ray: 87db3d90cc750b69-OSL
content-encoding: br

flaredownload.com/assets/hl-e23d783b.js

104.21.19.111

200 OK

13 kB

URL GET HTTP/3
flaredownload.com/assets/hl-e23d783b.js
IP
104.21.19.111:443
ASN
#13335 CLOUDFLARENET

Requested by
https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
Certificate
IssuerGoogle Trust Services LLC
Subjectflaredownload.com
FingerprintA7:68:A0:75:94:62:A1:45:DE:7D:F0:07:04:B4:D1:B8:96:E1:C2:50
ValidityMon, 18 Mar 2024 15:26:29 GMT - Sun, 16 Jun 2024 15:26:28 GMT

File type
ASCII text, with very long lines (1877), with no line terminators
Size
13 kB (12554 bytes)
Hash
36f589520a75fc40147713ec23bdd82b
b0f0f0b43ffa0388561a8670591e4a656e66169d
eeca14b6169a558b5b5e618ecddae6eb2de4aeb8a90077795ab183960a2b1593

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/hl-e23d783b.js HTTP/1.1
Host: flaredownload.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 02 May 2024 21:52:48 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=1878
access-control-allow-origin: *
etag: W/"6630d038-756"
last-modified: Tue, 30 Apr 2024 11:04:24 GMT
cache-control: max-age=1800
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bHn4rXhS7%2Fk2yaUJ0dkR7a%2FLsNa403gq3RtlmrsJahX6o10Z7XiUX6uU0A8jxVylh1A3deFzMJOT%2FHSfN7xPVunmwLgx9TPKfZg1U60%2F2MP3bPWNpzC%2BFLUO5%2FZ3cSpH6%2FbfFelM4w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
server: cloudflare
cf-ray: 87db3d907c420b69-OSL
content-encoding: br

flaredownload.com/assets/hl-b93b9165.woff2

104.21.19.111

200 OK

8.0 kB

URL GET HTTP/3
flaredownload.com/assets/hl-b93b9165.woff2
IP
104.21.19.111:443
ASN
#13335 CLOUDFLARENET

Requested by
https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
Certificate
IssuerGoogle Trust Services LLC
Subjectflaredownload.com
FingerprintA7:68:A0:75:94:62:A1:45:DE:7D:F0:07:04:B4:D1:B8:96:E1:C2:50
ValidityMon, 18 Mar 2024 15:26:29 GMT - Sun, 16 Jun 2024 15:26:28 GMT

File type
Web Open Font Format (Version 2), TrueType, length 7988, version 1.0
Size
8.0 kB (7988 bytes)
Hash
087457026965f98466618a478c4b1b07
00b024ccb35e3694de662d180d6ea7f56de6d654
b93b9165269362989e2855d0bf0ae232d7193a45c43627b2d03b26d7eb98263b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/hl-b93b9165.woff2 HTTP/1.1
Host: flaredownload.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://flaredownload.com/assets/hl-78f24724.css
Cookie: visitInfo::6573=c5081eb4f71b3e83a40f29fac1124e037f56902dab686688b93b637c8b4795bca%3A2%3A%7Bi%3A0%3Bs%3A15%3A%22visitInfo%3A%3A6573%22%3Bi%3A1%3Ba%3A5%3A%7Bs%3A8%3A%22cookieId%22%3Bs%3A32%3A%227cb763c0bfc785466b79c98c35a44c5f%22%3Bs%3A7%3A%22network%22%3Bs%3A6%3A%22200347%22%3Bs%3A9%3A%22publisher%22%3Bs%3A8%3A%224a8c9935%22%3Bs%3A10%3A%22externalId%22%3Bs%3A36%3A%228f9683bc-1ffa-4450-95a2-62ca40531570%22%3Bs%3A7%3A%22isNewTr%22%3Bb%3A1%3B%7D%7D; _ga_CK9NSGSVJF=GS1.1.1714686768.1.0.1714686768.0.0.0; _ga=GA1.1.418617194.1714686769
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 02 May 2024 21:52:49 GMT
content-type: application/octet-stream
content-length: 7988
last-modified: Tue, 30 Apr 2024 11:04:24 GMT
etag: "6630d038-1f34"
access-control-allow-origin: *
cache-control: max-age=1800
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MAHZhg0Uro0jOejcWPmh0vo7sRhyhXOYju0iQr0XxNZFFSCrT8205q1ipqc%2F1WkkzMN605uFTl6hVcIzzG5dFZYXPx9jqc5YWfK7vROO3ModF%2Bp32WZIQiFLbW1%2Fgi5IFWi9iJfHoA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
accept-ranges: bytes
server: cloudflare
cf-ray: 87db3d923e0a0b69-OSL
alt-svc: h3=":443"; ma=86400

flaredownload.com/lead/prefill

104.21.19.111

200 OK

64 B

URL POST HTTP/3
flaredownload.com/lead/prefill
IP
104.21.19.111:443
ASN
#13335 CLOUDFLARENET

Requested by
https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
Certificate
IssuerGoogle Trust Services LLC
Subjectflaredownload.com
FingerprintA7:68:A0:75:94:62:A1:45:DE:7D:F0:07:04:B4:D1:B8:96:E1:C2:50
ValidityMon, 18 Mar 2024 15:26:29 GMT - Sun, 16 Jun 2024 15:26:28 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
64 B (64 bytes)
Hash
0a00dc476383c35bcfbc0ea44c3a60ea
36ebdfa0bfa4aa0ec8f4d7417d2112bae7d406db
819bd596583bc3bc638b2fa8d87d80b16551a1d68abb86261795db848cc226d2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /lead/prefill HTTP/1.1
Host: flaredownload.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
sentry-trace: 0280c89102424cc9b9486a2698a87403-9230d945e548e937-0
baggage: sentry-environment=production,sentry-public_key=9056b383582c444792eb65c1726488d9,sentry-trace_id=0280c89102424cc9b9486a2698a87403,sentry-sample_rate=0.1,sentry-transaction=LandingHome,sentry-sampled=false
Content-Length: 56
Origin: https://flaredownload.com
DNT: 1
Connection: keep-alive
Referer: https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
Cookie: visitInfo::6573=c5081eb4f71b3e83a40f29fac1124e037f56902dab686688b93b637c8b4795bca%3A2%3A%7Bi%3A0%3Bs%3A15%3A%22visitInfo%3A%3A6573%22%3Bi%3A1%3Ba%3A5%3A%7Bs%3A8%3A%22cookieId%22%3Bs%3A32%3A%227cb763c0bfc785466b79c98c35a44c5f%22%3Bs%3A7%3A%22network%22%3Bs%3A6%3A%22200347%22%3Bs%3A9%3A%22publisher%22%3Bs%3A8%3A%224a8c9935%22%3Bs%3A10%3A%22externalId%22%3Bs%3A36%3A%228f9683bc-1ffa-4450-95a2-62ca40531570%22%3Bs%3A7%3A%22isNewTr%22%3Bb%3A1%3B%7D%7D; _ga_CK9NSGSVJF=GS1.1.1714686768.1.0.1714686768.0.0.0; _ga=GA1.1.418617194.1714686769
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 02 May 2024 21:52:49 GMT
content-type: application/json; charset=UTF-8
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BtQylcVw8vVbWllTuTYvoFUOWNRHnoaxPHNO8AcuXzTUueKWUTHNh337C6Ud6xRIq0YjdXFQFUGeND1f7kUKKvs6zbYrNeurB5nFEeO0GOWdzUx89aRkNSl2c%2FlB4ZkOW%2FAHGg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87db3d91fddd0b69-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

flaredownload.com/assets/hl-02495a6a.js

104.21.19.111

200 OK

426 B

URL GET HTTP/3
flaredownload.com/assets/hl-02495a6a.js
IP
104.21.19.111:443
ASN
#13335 CLOUDFLARENET

Requested by
https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
Certificate
IssuerGoogle Trust Services LLC
Subjectflaredownload.com
FingerprintA7:68:A0:75:94:62:A1:45:DE:7D:F0:07:04:B4:D1:B8:96:E1:C2:50
ValidityMon, 18 Mar 2024 15:26:29 GMT - Sun, 16 Jun 2024 15:26:28 GMT

File type
ASCII text, with very long lines (456), with no line terminators
Size
426 B (426 bytes)
Hash
047d44e23ee756a959c50f65e5bf1d4f
a53215ab0671ad9f389e32edcaf078174e430df1
da2d8aaffaf9e40b0b9107dc66ef091b6fd4b24074e9789015e1bd2bf7ed5a0d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/hl-02495a6a.js HTTP/1.1
Host: flaredownload.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://flaredownload.com/assets/hl-0b0bf188.js
Cookie: visitInfo::6573=c5081eb4f71b3e83a40f29fac1124e037f56902dab686688b93b637c8b4795bca%3A2%3A%7Bi%3A0%3Bs%3A15%3A%22visitInfo%3A%3A6573%22%3Bi%3A1%3Ba%3A5%3A%7Bs%3A8%3A%22cookieId%22%3Bs%3A32%3A%227cb763c0bfc785466b79c98c35a44c5f%22%3Bs%3A7%3A%22network%22%3Bs%3A6%3A%22200347%22%3Bs%3A9%3A%22publisher%22%3Bs%3A8%3A%224a8c9935%22%3Bs%3A10%3A%22externalId%22%3Bs%3A36%3A%228f9683bc-1ffa-4450-95a2-62ca40531570%22%3Bs%3A7%3A%22isNewTr%22%3Bb%3A1%3B%7D%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 02 May 2024 21:52:48 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=427
access-control-allow-origin: *
etag: W/"6630d038-1ab"
last-modified: Tue, 30 Apr 2024 11:04:24 GMT
cache-control: max-age=1800
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GwLv7JDegq%2FdfSocntJubC3iSev7UDEkKf1GVNSHBAFCEhLv%2Fje6GcLZuHlDF6IZAyiWwwCvgHt2twbdSoMKlfnb9KxOnCZjC%2BZvixY4DR%2FaRLBx%2BnshocHK8ZFpfxfbRmmS7lExnw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 0
server: cloudflare
cf-ray: 87db3d90ecca0b69-OSL
content-encoding: br

flaredownload.com/assets/hl-de833af9.js

104.21.19.111

200 OK

690 B

URL GET HTTP/3
flaredownload.com/assets/hl-de833af9.js
IP
104.21.19.111:443
ASN
#13335 CLOUDFLARENET

Requested by
https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
Certificate
IssuerGoogle Trust Services LLC
Subjectflaredownload.com
FingerprintA7:68:A0:75:94:62:A1:45:DE:7D:F0:07:04:B4:D1:B8:96:E1:C2:50
ValidityMon, 18 Mar 2024 15:26:29 GMT - Sun, 16 Jun 2024 15:26:28 GMT

File type
JavaScript source, ASCII text, with very long lines (704), with no line terminators
Size
690 B (690 bytes)
Hash
25a523c7c0658e2bf768f0e26f59fbd8
fdae37e60c01daf3551830ba3639873e313e6495
37c6c8ba37235a274a7739b7021a9ea8104d57dd951ede499d1691f28175fb59

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/hl-de833af9.js HTTP/1.1
Host: flaredownload.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://flaredownload.com/assets/hl-1ce00f64.js
Cookie: visitInfo::6573=c5081eb4f71b3e83a40f29fac1124e037f56902dab686688b93b637c8b4795bca%3A2%3A%7Bi%3A0%3Bs%3A15%3A%22visitInfo%3A%3A6573%22%3Bi%3A1%3Ba%3A5%3A%7Bs%3A8%3A%22cookieId%22%3Bs%3A32%3A%227cb763c0bfc785466b79c98c35a44c5f%22%3Bs%3A7%3A%22network%22%3Bs%3A6%3A%22200347%22%3Bs%3A9%3A%22publisher%22%3Bs%3A8%3A%224a8c9935%22%3Bs%3A10%3A%22externalId%22%3Bs%3A36%3A%228f9683bc-1ffa-4450-95a2-62ca40531570%22%3Bs%3A7%3A%22isNewTr%22%3Bb%3A1%3B%7D%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 02 May 2024 21:52:48 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=691
access-control-allow-origin: *
etag: W/"6630d038-2b3"
last-modified: Tue, 30 Apr 2024 11:04:24 GMT
cache-control: max-age=1800
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sE2wRjcE0eBMndkNipetbxGf4G0H06HS%2B%2Fjsykl0%2BapfAX5z89UA%2B28nlRckqFnRy0KmEhg%2F7tBFQlE74VQOLwWui9GX0r8u1V4y7s%2B2VD2Z0HY2sde175RSjZZbZXQll5QQ4b4Umw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 0
server: cloudflare
cf-ray: 87db3d8e0a470b69-OSL
content-encoding: br

flaredownload.com/assets/hl-4f383950.js

104.21.19.111

200 OK

561 B

URL GET HTTP/3
flaredownload.com/assets/hl-4f383950.js
IP
104.21.19.111:443
ASN
#13335 CLOUDFLARENET

Requested by
https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
Certificate
IssuerGoogle Trust Services LLC
Subjectflaredownload.com
FingerprintA7:68:A0:75:94:62:A1:45:DE:7D:F0:07:04:B4:D1:B8:96:E1:C2:50
ValidityMon, 18 Mar 2024 15:26:29 GMT - Sun, 16 Jun 2024 15:26:28 GMT

File type
ASCII text, with very long lines (583), with no line terminators
Size
561 B (561 bytes)
Hash
ecfa1edea2124a26c0eebe13301df934
7daea65038b70ae4169779de3cb9b371958118fd
c6229eac3f5dffc7af687347ae6e6768c08e8c91c6f1101cec7a31110508c327

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/hl-4f383950.js HTTP/1.1
Host: flaredownload.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://flaredownload.com/assets/hl-0b0bf188.js
Cookie: visitInfo::6573=c5081eb4f71b3e83a40f29fac1124e037f56902dab686688b93b637c8b4795bca%3A2%3A%7Bi%3A0%3Bs%3A15%3A%22visitInfo%3A%3A6573%22%3Bi%3A1%3Ba%3A5%3A%7Bs%3A8%3A%22cookieId%22%3Bs%3A32%3A%227cb763c0bfc785466b79c98c35a44c5f%22%3Bs%3A7%3A%22network%22%3Bs%3A6%3A%22200347%22%3Bs%3A9%3A%22publisher%22%3Bs%3A8%3A%224a8c9935%22%3Bs%3A10%3A%22externalId%22%3Bs%3A36%3A%228f9683bc-1ffa-4450-95a2-62ca40531570%22%3Bs%3A7%3A%22isNewTr%22%3Bb%3A1%3B%7D%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 02 May 2024 21:52:48 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=562
access-control-allow-origin: *
etag: W/"6630d038-232"
last-modified: Tue, 30 Apr 2024 11:04:24 GMT
cache-control: max-age=1800
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ci6pFPdqu6vera3XCfB9jLUhGQXnyvXzxwdAm9CHYDHOFVgKWkDZvceenLC3pEjH6V%2BSaO7ceiQJvveMw8KMFMrNFKbt%2FtaWmGFUqpFulzsAzjDuQnMkUKb%2BRSpfSj8AsHdIeeqKHg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 0
server: cloudflare
cf-ray: 87db3d90dc9b0b69-OSL
content-encoding: br

flaredownload.com/assets/hl-35a77ba0.js

104.21.19.111

200 OK

72 kB

URL GET HTTP/3
flaredownload.com/assets/hl-35a77ba0.js
IP
104.21.19.111:443
ASN
#13335 CLOUDFLARENET

Requested by
https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
Certificate
IssuerGoogle Trust Services LLC
Subjectflaredownload.com
FingerprintA7:68:A0:75:94:62:A1:45:DE:7D:F0:07:04:B4:D1:B8:96:E1:C2:50
ValidityMon, 18 Mar 2024 15:26:29 GMT - Sun, 16 Jun 2024 15:26:28 GMT

File type

Size
72 kB (71682 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/hl-35a77ba0.js HTTP/1.1
Host: flaredownload.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://flaredownload.com/assets/hl-1ce00f64.js
Cookie: visitInfo::6573=c5081eb4f71b3e83a40f29fac1124e037f56902dab686688b93b637c8b4795bca%3A2%3A%7Bi%3A0%3Bs%3A15%3A%22visitInfo%3A%3A6573%22%3Bi%3A1%3Ba%3A5%3A%7Bs%3A8%3A%22cookieId%22%3Bs%3A32%3A%227cb763c0bfc785466b79c98c35a44c5f%22%3Bs%3A7%3A%22network%22%3Bs%3A6%3A%22200347%22%3Bs%3A9%3A%22publisher%22%3Bs%3A8%3A%224a8c9935%22%3Bs%3A10%3A%22externalId%22%3Bs%3A36%3A%228f9683bc-1ffa-4450-95a2-62ca40531570%22%3Bs%3A7%3A%22isNewTr%22%3Bb%3A1%3B%7D%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 02 May 2024 21:52:48 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=72018
access-control-allow-origin: *
etag: W/"6630d038-11952"
last-modified: Tue, 30 Apr 2024 11:04:24 GMT
cache-control: max-age=1800
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ao3GGfl8ETrmKyShZMMI7Ckm%2FqiqYtDBUB0jg2e%2BbyBgMZGg9sj%2FupfVKF4shWTZJZ7J2L7XPPHjARpuVfKE1bxwDBXw%2Ban%2FZHcS8TX4s3dTpPIwUoqBQ9qgiT6HR5tF7JBnPfa1fA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 0
server: cloudflare
cf-ray: 87db3d8e0a430b69-OSL
content-encoding: br

flaredownload.com/assets/hl-78f24724.css

104.21.19.111

200 OK

26 kB

URL GET HTTP/3
flaredownload.com/assets/hl-78f24724.css
IP
104.21.19.111:443
ASN
#13335 CLOUDFLARENET

Requested by
https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
Certificate
IssuerGoogle Trust Services LLC
Subjectflaredownload.com
FingerprintA7:68:A0:75:94:62:A1:45:DE:7D:F0:07:04:B4:D1:B8:96:E1:C2:50
ValidityMon, 18 Mar 2024 15:26:29 GMT - Sun, 16 Jun 2024 15:26:28 GMT

File type
ASCII text, with very long lines (26409), with no line terminators
Size
26 kB (26409 bytes)
Hash
f89cae638a8015aae1089a2222424d0c
2af82acafcc3e922b30bed5dd5516def3003b013
5043dc083072fc72e3ac45b97c961ee95ad1b6ad9d31f5d461dad48e63454371

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/hl-78f24724.css HTTP/1.1
Host: flaredownload.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
Cookie: visitInfo::6573=c5081eb4f71b3e83a40f29fac1124e037f56902dab686688b93b637c8b4795bca%3A2%3A%7Bi%3A0%3Bs%3A15%3A%22visitInfo%3A%3A6573%22%3Bi%3A1%3Ba%3A5%3A%7Bs%3A8%3A%22cookieId%22%3Bs%3A32%3A%227cb763c0bfc785466b79c98c35a44c5f%22%3Bs%3A7%3A%22network%22%3Bs%3A6%3A%22200347%22%3Bs%3A9%3A%22publisher%22%3Bs%3A8%3A%224a8c9935%22%3Bs%3A10%3A%22externalId%22%3Bs%3A36%3A%228f9683bc-1ffa-4450-95a2-62ca40531570%22%3Bs%3A7%3A%22isNewTr%22%3Bb%3A1%3B%7D%7D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 02 May 2024 21:52:48 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=26547
access-control-allow-origin: *
etag: W/"6630d038-67b3"
last-modified: Tue, 30 Apr 2024 11:04:24 GMT
cache-control: max-age=1800
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FWBFL2I1d%2BVR9aLN6sPCL9o8cWWI5JDxylfhZJjNibVorE7aCXOtiY%2BoGCt%2BUjwoiwk7qMFLWlzJsTdtiKdfNs8qT7SGBfjQgpF%2BppcU4lpQTLnKSw04W9LJmSQFMyMCvyWS6FIfsg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
server: cloudflare
cf-ray: 87db3d905c290b69-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

flaredownload.com/prod/images/dcc108854556e12dfd36f01828010f0f.png

104.21.19.111

200 OK

9.2 kB

URL GET HTTP/3
flaredownload.com/prod/images/dcc108854556e12dfd36f01828010f0f.png
IP
104.21.19.111:443
ASN
#13335 CLOUDFLARENET

Requested by
https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
Certificate
IssuerGoogle Trust Services LLC
Subjectflaredownload.com
FingerprintA7:68:A0:75:94:62:A1:45:DE:7D:F0:07:04:B4:D1:B8:96:E1:C2:50
ValidityMon, 18 Mar 2024 15:26:29 GMT - Sun, 16 Jun 2024 15:26:28 GMT

File type
PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
Size
9.2 kB (9232 bytes)
Hash
f4a32eb2e5f203dab4882f7b7581b06e
8d51933205a3ed27c2c6bd0182142d6f8432d929
83ec91fc25549922aa0f873a3dc6a3e71f83d8b8cd75fb018475762be29a894e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /prod/images/dcc108854556e12dfd36f01828010f0f.png HTTP/1.1
Host: flaredownload.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
Cookie: visitInfo::6573=c5081eb4f71b3e83a40f29fac1124e037f56902dab686688b93b637c8b4795bca%3A2%3A%7Bi%3A0%3Bs%3A15%3A%22visitInfo%3A%3A6573%22%3Bi%3A1%3Ba%3A5%3A%7Bs%3A8%3A%22cookieId%22%3Bs%3A32%3A%227cb763c0bfc785466b79c98c35a44c5f%22%3Bs%3A7%3A%22network%22%3Bs%3A6%3A%22200347%22%3Bs%3A9%3A%22publisher%22%3Bs%3A8%3A%224a8c9935%22%3Bs%3A10%3A%22externalId%22%3Bs%3A36%3A%228f9683bc-1ffa-4450-95a2-62ca40531570%22%3Bs%3A7%3A%22isNewTr%22%3Bb%3A1%3B%7D%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 02 May 2024 21:52:48 GMT
content-type: image/png
content-length: 9232
last-modified: Tue, 30 Apr 2024 12:55:37 GMT
etag: "6630ea49-2410"
access-control-allow-origin: *
cache-control: max-age=1800
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eEcmdsIrmZ%2BTk2%2FoWr44nOm4xgJkYrWWPdfRxvdcT23jg2AFUqERGKYKafXD%2F56Wn5A9dKoeYm49ewicWl8pFgMlmJNukFKhomrdiNREphAUgFAn2uPUxK2cnWN%2FcHxtiiJhivLpCw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 87db3d915d5a0b69-OSL
alt-svc: h3=":443"; ma=86400

flaredownload.com/assets/hl-35a77ba0.js

104.21.19.111

200 OK

72 kB

URL GET HTTP/3
flaredownload.com/assets/hl-35a77ba0.js
IP
104.21.19.111:443
ASN
#13335 CLOUDFLARENET

Requested by
https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
Certificate
IssuerGoogle Trust Services LLC
Subjectflaredownload.com
FingerprintA7:68:A0:75:94:62:A1:45:DE:7D:F0:07:04:B4:D1:B8:96:E1:C2:50
ValidityMon, 18 Mar 2024 15:26:29 GMT - Sun, 16 Jun 2024 15:26:28 GMT

File type

Size
72 kB (71682 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/hl-35a77ba0.js HTTP/1.1
Host: flaredownload.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 02 May 2024 21:52:48 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=72018
access-control-allow-origin: *
etag: W/"6630d038-11952"
last-modified: Tue, 30 Apr 2024 11:04:24 GMT
cache-control: max-age=1800
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ao3GGfl8ETrmKyShZMMI7Ckm%2FqiqYtDBUB0jg2e%2BbyBgMZGg9sj%2FupfVKF4shWTZJZ7J2L7XPPHjARpuVfKE1bxwDBXw%2Ban%2FZHcS8TX4s3dTpPIwUoqBQ9qgiT6HR5tF7JBnPfa1fA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
server: cloudflare
cf-ray: 87db3d8d99d90b69-OSL
content-encoding: br

flaredownload.com/assets/hl-c19e0283.js

104.21.19.111

200 OK

2.8 kB

URL GET HTTP/3
flaredownload.com/assets/hl-c19e0283.js
IP
104.21.19.111:443
ASN
#13335 CLOUDFLARENET

Requested by
https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
Certificate
IssuerGoogle Trust Services LLC
Subjectflaredownload.com
FingerprintA7:68:A0:75:94:62:A1:45:DE:7D:F0:07:04:B4:D1:B8:96:E1:C2:50
ValidityMon, 18 Mar 2024 15:26:29 GMT - Sun, 16 Jun 2024 15:26:28 GMT

File type
JavaScript source, ASCII text, with very long lines (2919), with no line terminators
Size
2.8 kB (2841 bytes)
Hash
8b71a60b5768b9cced21d3a8fea48b9a
772986f0db471c4d8df2d8199cf20e8d1d2d1aea
d00f6a255df62d96cdefa8aa4776e04495761586cc950c94a09d3145109fb783

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/hl-c19e0283.js HTTP/1.1
Host: flaredownload.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://flaredownload.com/assets/hl-5c2cfe2f.js
Cookie: visitInfo::6573=c5081eb4f71b3e83a40f29fac1124e037f56902dab686688b93b637c8b4795bca%3A2%3A%7Bi%3A0%3Bs%3A15%3A%22visitInfo%3A%3A6573%22%3Bi%3A1%3Ba%3A5%3A%7Bs%3A8%3A%22cookieId%22%3Bs%3A32%3A%227cb763c0bfc785466b79c98c35a44c5f%22%3Bs%3A7%3A%22network%22%3Bs%3A6%3A%22200347%22%3Bs%3A9%3A%22publisher%22%3Bs%3A8%3A%224a8c9935%22%3Bs%3A10%3A%22externalId%22%3Bs%3A36%3A%228f9683bc-1ffa-4450-95a2-62ca40531570%22%3Bs%3A7%3A%22isNewTr%22%3Bb%3A1%3B%7D%7D; _ga_CK9NSGSVJF=GS1.1.1714686768.1.0.1714686768.0.0.0; _ga=GA1.1.418617194.1714686769
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 02 May 2024 21:52:49 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=2842
access-control-allow-origin: *
etag: W/"6630d038-b1a"
last-modified: Tue, 30 Apr 2024 11:04:24 GMT
cache-control: max-age=1800
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Bb9UMKdCpLXdtIbecWffDH4BIze9VczAsF9MiXKi%2BfpyObzGpfmMh9H9fgMrhrtDowvP%2FZixmqiX0U8eoTZLssOGGIszWx2VBVevb2kllhRLxO0fBJI%2FD7WQ1X2f5XQPMbivKrwppg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
server: cloudflare
cf-ray: 87db3d922e030b69-OSL
content-encoding: br

flaredownload.com/assets/hl-c19e0283.js

104.21.19.111

200 OK

2.8 kB

URL GET HTTP/3
flaredownload.com/assets/hl-c19e0283.js
IP
104.21.19.111:443
ASN
#13335 CLOUDFLARENET

Requested by
https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
Certificate
IssuerGoogle Trust Services LLC
Subjectflaredownload.com
FingerprintA7:68:A0:75:94:62:A1:45:DE:7D:F0:07:04:B4:D1:B8:96:E1:C2:50
ValidityMon, 18 Mar 2024 15:26:29 GMT - Sun, 16 Jun 2024 15:26:28 GMT

File type
JavaScript source, ASCII text, with very long lines (2919), with no line terminators
Size
2.8 kB (2841 bytes)
Hash
8b71a60b5768b9cced21d3a8fea48b9a
772986f0db471c4d8df2d8199cf20e8d1d2d1aea
d00f6a255df62d96cdefa8aa4776e04495761586cc950c94a09d3145109fb783

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/hl-c19e0283.js HTTP/1.1
Host: flaredownload.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 02 May 2024 21:52:49 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=2842
access-control-allow-origin: *
etag: W/"6630d038-b1a"
last-modified: Tue, 30 Apr 2024 11:04:24 GMT
cache-control: max-age=1800
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Bb9UMKdCpLXdtIbecWffDH4BIze9VczAsF9MiXKi%2BfpyObzGpfmMh9H9fgMrhrtDowvP%2FZixmqiX0U8eoTZLssOGGIszWx2VBVevb2kllhRLxO0fBJI%2FD7WQ1X2f5XQPMbivKrwppg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
server: cloudflare
cf-ray: 87db3d921df00b69-OSL
content-encoding: br

flaredownload.com/assets/hl-5c2cfe2f.js

104.21.19.111

200 OK

6.1 kB

URL GET HTTP/3
flaredownload.com/assets/hl-5c2cfe2f.js
IP
104.21.19.111:443
ASN
#13335 CLOUDFLARENET

Requested by
https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
Certificate
IssuerGoogle Trust Services LLC
Subjectflaredownload.com
FingerprintA7:68:A0:75:94:62:A1:45:DE:7D:F0:07:04:B4:D1:B8:96:E1:C2:50
ValidityMon, 18 Mar 2024 15:26:29 GMT - Sun, 16 Jun 2024 15:26:28 GMT

File type
ASCII text, with very long lines (6412), with no line terminators
Size
6.1 kB (6096 bytes)
Hash
04dd0557e174d7af20aedf066f6090f1
e29ddf8f5c47aa621ecc05dbec82db786a9f8282
a13d33bccb559f8b859c0ffae80398d2e3312b0c47e79fbec4f7dd8619ac32e5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/hl-5c2cfe2f.js HTTP/1.1
Host: flaredownload.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 02 May 2024 21:52:48 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=6097
access-control-allow-origin: *
etag: W/"6630d038-17d1"
last-modified: Tue, 30 Apr 2024 11:04:24 GMT
cache-control: max-age=1800
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xoO%2BxMgfHJs96M50P0ezNmkd4hbTAijAjb3QH%2Fji%2BYsuZMDgIuG0rtYAB%2BNE2BrUo6vhwUH4SJT6xVkLv8jXDrzPl02ejumkUb7KfXWRp1Ni8%2BjZohwew8vpJHgNDKKVvh4IIwdsmQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
server: cloudflare
cf-ray: 87db3d90ac6b0b69-OSL
content-encoding: br

flaredownload.com/assets/hl-cb0a5a8f.js

104.21.19.111

200 OK

779 B

URL GET HTTP/3
flaredownload.com/assets/hl-cb0a5a8f.js
IP
104.21.19.111:443
ASN
#13335 CLOUDFLARENET

Requested by
https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
Certificate
IssuerGoogle Trust Services LLC
Subjectflaredownload.com
FingerprintA7:68:A0:75:94:62:A1:45:DE:7D:F0:07:04:B4:D1:B8:96:E1:C2:50
ValidityMon, 18 Mar 2024 15:26:29 GMT - Sun, 16 Jun 2024 15:26:28 GMT

File type
ASCII text, with very long lines (821), with no line terminators
Size
779 B (779 bytes)
Hash
f058ffd65de848c85f1c8530f12b2662
e9c93ba580d348525c24b3151dec389e0024c8d0
3dd776711e35db679c1de366efe262f6de9027e36aa19f5703e797a8183f3169

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/hl-cb0a5a8f.js HTTP/1.1
Host: flaredownload.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://flaredownload.com/assets/hl-5c2cfe2f.js
Cookie: visitInfo::6573=c5081eb4f71b3e83a40f29fac1124e037f56902dab686688b93b637c8b4795bca%3A2%3A%7Bi%3A0%3Bs%3A15%3A%22visitInfo%3A%3A6573%22%3Bi%3A1%3Ba%3A5%3A%7Bs%3A8%3A%22cookieId%22%3Bs%3A32%3A%227cb763c0bfc785466b79c98c35a44c5f%22%3Bs%3A7%3A%22network%22%3Bs%3A6%3A%22200347%22%3Bs%3A9%3A%22publisher%22%3Bs%3A8%3A%224a8c9935%22%3Bs%3A10%3A%22externalId%22%3Bs%3A36%3A%228f9683bc-1ffa-4450-95a2-62ca40531570%22%3Bs%3A7%3A%22isNewTr%22%3Bb%3A1%3B%7D%7D; _ga_CK9NSGSVJF=GS1.1.1714686768.1.0.1714686768.0.0.0; _ga=GA1.1.418617194.1714686769
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 02 May 2024 21:52:49 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=780
access-control-allow-origin: *
etag: W/"6630d038-30c"
last-modified: Tue, 30 Apr 2024 11:04:24 GMT
cache-control: max-age=1800
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4oB6LD5Uju%2BRo8BpQ6InLQzOI1Wwh3%2FqZrOCzn3HnLf5M0cwE5lBiMxpUx6ULCAMz1L2Rh7cyyrBeUs%2Freww62Yx9oG7Bk2bXzOdAVpL1yfjFECfI2TOD6%2BeJFEY2014piuBP2btYw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
server: cloudflare
cf-ray: 87db3d922e040b69-OSL
content-encoding: br

flaredownload.com/assets/hl-a4d1bde7.js

104.21.19.111

200 OK

616 B

URL GET HTTP/3
flaredownload.com/assets/hl-a4d1bde7.js
IP
104.21.19.111:443
ASN
#13335 CLOUDFLARENET

Requested by
https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
Certificate
IssuerGoogle Trust Services LLC
Subjectflaredownload.com
FingerprintA7:68:A0:75:94:62:A1:45:DE:7D:F0:07:04:B4:D1:B8:96:E1:C2:50
ValidityMon, 18 Mar 2024 15:26:29 GMT - Sun, 16 Jun 2024 15:26:28 GMT

File type
ASCII text, with very long lines (636), with no line terminators
Size
616 B (616 bytes)
Hash
d64c13ef8009002b5acd79f4a90c7cd1
68dfd81e5e5543166f4855b3f26001601ff20861
60858ca0dc0ac6d0cbe762fd28432b53b4832135668792a07932e5d269ef59ba

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/hl-a4d1bde7.js HTTP/1.1
Host: flaredownload.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://flaredownload.com/assets/hl-5c2cfe2f.js
Cookie: visitInfo::6573=c5081eb4f71b3e83a40f29fac1124e037f56902dab686688b93b637c8b4795bca%3A2%3A%7Bi%3A0%3Bs%3A15%3A%22visitInfo%3A%3A6573%22%3Bi%3A1%3Ba%3A5%3A%7Bs%3A8%3A%22cookieId%22%3Bs%3A32%3A%227cb763c0bfc785466b79c98c35a44c5f%22%3Bs%3A7%3A%22network%22%3Bs%3A6%3A%22200347%22%3Bs%3A9%3A%22publisher%22%3Bs%3A8%3A%224a8c9935%22%3Bs%3A10%3A%22externalId%22%3Bs%3A36%3A%228f9683bc-1ffa-4450-95a2-62ca40531570%22%3Bs%3A7%3A%22isNewTr%22%3Bb%3A1%3B%7D%7D; _ga_CK9NSGSVJF=GS1.1.1714686768.1.0.1714686768.0.0.0; _ga=GA1.1.418617194.1714686769
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 02 May 2024 21:52:49 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=617
access-control-allow-origin: *
etag: W/"6630d038-269"
last-modified: Tue, 30 Apr 2024 11:04:24 GMT
cache-control: max-age=1800
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jqolbZf5rSd%2BlJpWAqec5UjAi%2FENOz111tj3IqGcJANbv2UCqRX4Xo6r0TtqaX%2BXajewbFZSgBEk7N%2FFXkW25FFjt53KlKmJuu2S%2F%2FIj0uro4J9ZcbGaVrt8TBdvtKs1VV3xGnxPaA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
server: cloudflare
cf-ray: 87db3d922e070b69-OSL
content-encoding: br

flaredownload.com/assets/hl-d98910d4.css

104.21.19.111

200 OK

78 kB

URL GET HTTP/3
flaredownload.com/assets/hl-d98910d4.css
IP
104.21.19.111:443
ASN
#13335 CLOUDFLARENET

Requested by
https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
Certificate
IssuerGoogle Trust Services LLC
Subjectflaredownload.com
FingerprintA7:68:A0:75:94:62:A1:45:DE:7D:F0:07:04:B4:D1:B8:96:E1:C2:50
ValidityMon, 18 Mar 2024 15:26:29 GMT - Sun, 16 Jun 2024 15:26:28 GMT

File type
ASCII text, with very long lines (65329)
Size
78 kB (77513 bytes)
Hash
a1713c7a8fb53e78bbd5a1c76068791d
c15ca4f1e62bde996f9c72fb4a3e3f584b966741
cd7e4b31039bf939306ab3d38291f59e92069a24744e4b359b557aba0eb5b219

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/hl-d98910d4.css HTTP/1.1
Host: flaredownload.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
Cookie: visitInfo::6573=c5081eb4f71b3e83a40f29fac1124e037f56902dab686688b93b637c8b4795bca%3A2%3A%7Bi%3A0%3Bs%3A15%3A%22visitInfo%3A%3A6573%22%3Bi%3A1%3Ba%3A5%3A%7Bs%3A8%3A%22cookieId%22%3Bs%3A32%3A%227cb763c0bfc785466b79c98c35a44c5f%22%3Bs%3A7%3A%22network%22%3Bs%3A6%3A%22200347%22%3Bs%3A9%3A%22publisher%22%3Bs%3A8%3A%224a8c9935%22%3Bs%3A10%3A%22externalId%22%3Bs%3A36%3A%228f9683bc-1ffa-4450-95a2-62ca40531570%22%3Bs%3A7%3A%22isNewTr%22%3Bb%3A1%3B%7D%7D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 02 May 2024 21:52:48 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=77791
access-control-allow-origin: *
etag: W/"6630d038-12fdf"
last-modified: Tue, 30 Apr 2024 11:04:24 GMT
cache-control: max-age=1800
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Br37s1%2BriG%2FM1wp6X%2Fb1qfFdT3zUG3Kbvdm2x58W6Xkp%2F%2B%2B4fvPzSau6HGcM%2FT6eyDH%2BQ24EUTSe9hqirh1j9LAi3RoPULAVtkF65kcTRBOJfuoJr6VW2DqFswMBpQd4%2Fm6qTtnx%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
server: cloudflare
cf-ray: 87db3d8e3a820b69-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

flaredownload.com/assets/hl-de833af9.js

104.21.19.111

200 OK

690 B

URL GET HTTP/3
flaredownload.com/assets/hl-de833af9.js
IP
104.21.19.111:443
ASN
#13335 CLOUDFLARENET

Requested by
https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
Certificate
IssuerGoogle Trust Services LLC
Subjectflaredownload.com
FingerprintA7:68:A0:75:94:62:A1:45:DE:7D:F0:07:04:B4:D1:B8:96:E1:C2:50
ValidityMon, 18 Mar 2024 15:26:29 GMT - Sun, 16 Jun 2024 15:26:28 GMT

File type
JavaScript source, ASCII text, with very long lines (704), with no line terminators
Size
690 B (690 bytes)
Hash
25a523c7c0658e2bf768f0e26f59fbd8
fdae37e60c01daf3551830ba3639873e313e6495
37c6c8ba37235a274a7739b7021a9ea8104d57dd951ede499d1691f28175fb59

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/hl-de833af9.js HTTP/1.1
Host: flaredownload.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 02 May 2024 21:52:48 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=691
access-control-allow-origin: *
etag: W/"6630d038-2b3"
last-modified: Tue, 30 Apr 2024 11:04:24 GMT
cache-control: max-age=1800
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sE2wRjcE0eBMndkNipetbxGf4G0H06HS%2B%2Fjsykl0%2BapfAX5z89UA%2B28nlRckqFnRy0KmEhg%2F7tBFQlE74VQOLwWui9GX0r8u1V4y7s%2B2VD2Z0HY2sde175RSjZZbZXQll5QQ4b4Umw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
server: cloudflare
cf-ray: 87db3d8da9de0b69-OSL
content-encoding: br

flaredownload.com/assets/hl-9b82fb7e.js

104.21.19.111

200 OK

4.8 kB

URL GET HTTP/3
flaredownload.com/assets/hl-9b82fb7e.js
IP
104.21.19.111:443
ASN
#13335 CLOUDFLARENET

Requested by
https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
Certificate
IssuerGoogle Trust Services LLC
Subjectflaredownload.com
FingerprintA7:68:A0:75:94:62:A1:45:DE:7D:F0:07:04:B4:D1:B8:96:E1:C2:50
ValidityMon, 18 Mar 2024 15:26:29 GMT - Sun, 16 Jun 2024 15:26:28 GMT

File type
ASCII text, with very long lines (5067), with no line terminators
Size
4.8 kB (4793 bytes)
Hash
d6a5fd5adbf8c12b0cca48ec179c49a3
a209a4cb9020c5233beaf96ea3aa33d6de7ed3b2
448378f8afda38d2a252bc2c362707b7ceb0ecbf724768ff2de171bdb535fc6a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/hl-9b82fb7e.js HTTP/1.1
Host: flaredownload.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://flaredownload.com/assets/hl-d9848c4e.js
Cookie: visitInfo::6573=c5081eb4f71b3e83a40f29fac1124e037f56902dab686688b93b637c8b4795bca%3A2%3A%7Bi%3A0%3Bs%3A15%3A%22visitInfo%3A%3A6573%22%3Bi%3A1%3Ba%3A5%3A%7Bs%3A8%3A%22cookieId%22%3Bs%3A32%3A%227cb763c0bfc785466b79c98c35a44c5f%22%3Bs%3A7%3A%22network%22%3Bs%3A6%3A%22200347%22%3Bs%3A9%3A%22publisher%22%3Bs%3A8%3A%224a8c9935%22%3Bs%3A10%3A%22externalId%22%3Bs%3A36%3A%228f9683bc-1ffa-4450-95a2-62ca40531570%22%3Bs%3A7%3A%22isNewTr%22%3Bb%3A1%3B%7D%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 02 May 2024 21:52:48 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=4794
access-control-allow-origin: *
etag: W/"6630d038-12ba"
last-modified: Tue, 30 Apr 2024 11:04:24 GMT
cache-control: max-age=1800
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qUYp8k107CQEzCfBS1RJONM7CXoioGZEEUZTp371cxqYo%2B0NrkECSxtT7O53hX09r6UcUMD2hB6Jmf%2BaO6rI%2FGpFaEmWvgJGMAEUYPLBK85MYAh8XLsWz8TjZ9umOC1fevpIDQE4aA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
server: cloudflare
cf-ray: 87db3d8da9e00b69-OSL
content-encoding: br

flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=

104.21.19.111

200 OK

417 B

URL User Request GET HTTP/2
flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
IP
104.21.19.111:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectflaredownload.com
FingerprintA7:68:A0:75:94:62:A1:45:DE:7D:F0:07:04:B4:D1:B8:96:E1:C2:50
ValidityMon, 18 Mar 2024 15:26:29 GMT - Sun, 16 Jun 2024 15:26:28 GMT

File type
HTML document, ASCII text, with very long lines (456), with no line terminators
Size
417 B (417 bytes)
Hash
5186ad3b20dea9c7b029bf8652580330
6b099aa0b693f334a52fd2b6baa5d8cc1543de18
a2825203be6baf062c5257ff3f33408cb95e977f40242da719ff276cb71d005c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource= HTTP/1.1
Host: flaredownload.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 May 2024 21:52:47 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0N%2Bu0Tn2ijXmjVgsNqdCau9H9d5gQYsNRRvZs%2FQD20qTIXS5GWTX%2FvCQ9O%2F9BAWLxIK5PHfbmJJGpNDrLsANRsC65taBhMZFzKRfNsP5%2FTs0g4wGbxqSjk3zAykdKsy71smxaQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87db3d8878a056cc-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

flaredownload.com/assets/hl-5c2cfe2f.js

104.21.19.111

200 OK

6.1 kB

URL GET HTTP/3
flaredownload.com/assets/hl-5c2cfe2f.js
IP
104.21.19.111:443
ASN
#13335 CLOUDFLARENET

Requested by
https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
Certificate
IssuerGoogle Trust Services LLC
Subjectflaredownload.com
FingerprintA7:68:A0:75:94:62:A1:45:DE:7D:F0:07:04:B4:D1:B8:96:E1:C2:50
ValidityMon, 18 Mar 2024 15:26:29 GMT - Sun, 16 Jun 2024 15:26:28 GMT

File type
ASCII text, with very long lines (6412), with no line terminators
Size
6.1 kB (6096 bytes)
Hash
04dd0557e174d7af20aedf066f6090f1
e29ddf8f5c47aa621ecc05dbec82db786a9f8282
a13d33bccb559f8b859c0ffae80398d2e3312b0c47e79fbec4f7dd8619ac32e5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/hl-5c2cfe2f.js HTTP/1.1
Host: flaredownload.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://flaredownload.com/assets/hl-0b0bf188.js
Cookie: visitInfo::6573=c5081eb4f71b3e83a40f29fac1124e037f56902dab686688b93b637c8b4795bca%3A2%3A%7Bi%3A0%3Bs%3A15%3A%22visitInfo%3A%3A6573%22%3Bi%3A1%3Ba%3A5%3A%7Bs%3A8%3A%22cookieId%22%3Bs%3A32%3A%227cb763c0bfc785466b79c98c35a44c5f%22%3Bs%3A7%3A%22network%22%3Bs%3A6%3A%22200347%22%3Bs%3A9%3A%22publisher%22%3Bs%3A8%3A%224a8c9935%22%3Bs%3A10%3A%22externalId%22%3Bs%3A36%3A%228f9683bc-1ffa-4450-95a2-62ca40531570%22%3Bs%3A7%3A%22isNewTr%22%3Bb%3A1%3B%7D%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 02 May 2024 21:52:48 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=6097
access-control-allow-origin: *
etag: W/"6630d038-17d1"
last-modified: Tue, 30 Apr 2024 11:04:24 GMT
cache-control: max-age=1800
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xoO%2BxMgfHJs96M50P0ezNmkd4hbTAijAjb3QH%2Fji%2BYsuZMDgIuG0rtYAB%2BNE2BrUo6vhwUH4SJT6xVkLv8jXDrzPl02ejumkUb7KfXWRp1Ni8%2BjZohwew8vpJHgNDKKVvh4IIwdsmQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 0
server: cloudflare
cf-ray: 87db3d90ecb20b69-OSL
content-encoding: br

flaredownload.com/assets/hl-a4d1bde7.js

104.21.19.111

200 OK

616 B

URL GET HTTP/3
flaredownload.com/assets/hl-a4d1bde7.js
IP
104.21.19.111:443
ASN
#13335 CLOUDFLARENET

Requested by
https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
Certificate
IssuerGoogle Trust Services LLC
Subjectflaredownload.com
FingerprintA7:68:A0:75:94:62:A1:45:DE:7D:F0:07:04:B4:D1:B8:96:E1:C2:50
ValidityMon, 18 Mar 2024 15:26:29 GMT - Sun, 16 Jun 2024 15:26:28 GMT

File type
ASCII text, with very long lines (636), with no line terminators
Size
616 B (616 bytes)
Hash
d64c13ef8009002b5acd79f4a90c7cd1
68dfd81e5e5543166f4855b3f26001601ff20861
60858ca0dc0ac6d0cbe762fd28432b53b4832135668792a07932e5d269ef59ba

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/hl-a4d1bde7.js HTTP/1.1
Host: flaredownload.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 02 May 2024 21:52:49 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=617
access-control-allow-origin: *
etag: W/"6630d038-269"
last-modified: Tue, 30 Apr 2024 11:04:24 GMT
cache-control: max-age=1800
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jqolbZf5rSd%2BlJpWAqec5UjAi%2FENOz111tj3IqGcJANbv2UCqRX4Xo6r0TtqaX%2BXajewbFZSgBEk7N%2FFXkW25FFjt53KlKmJuu2S%2F%2FIj0uro4J9ZcbGaVrt8TBdvtKs1VV3xGnxPaA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
server: cloudflare
cf-ray: 87db3d921df80b69-OSL
content-encoding: br

flaredownload.com/assets/hl-cb0a5a8f.js

104.21.19.111

200 OK

779 B

URL GET HTTP/3
flaredownload.com/assets/hl-cb0a5a8f.js
IP
104.21.19.111:443
ASN
#13335 CLOUDFLARENET

Requested by
https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
Certificate
IssuerGoogle Trust Services LLC
Subjectflaredownload.com
FingerprintA7:68:A0:75:94:62:A1:45:DE:7D:F0:07:04:B4:D1:B8:96:E1:C2:50
ValidityMon, 18 Mar 2024 15:26:29 GMT - Sun, 16 Jun 2024 15:26:28 GMT

File type
ASCII text, with very long lines (821), with no line terminators
Size
779 B (779 bytes)
Hash
f058ffd65de848c85f1c8530f12b2662
e9c93ba580d348525c24b3151dec389e0024c8d0
3dd776711e35db679c1de366efe262f6de9027e36aa19f5703e797a8183f3169

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/hl-cb0a5a8f.js HTTP/1.1
Host: flaredownload.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 02 May 2024 21:52:49 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=780
access-control-allow-origin: *
etag: W/"6630d038-30c"
last-modified: Tue, 30 Apr 2024 11:04:24 GMT
cache-control: max-age=1800
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4oB6LD5Uju%2BRo8BpQ6InLQzOI1Wwh3%2FqZrOCzn3HnLf5M0cwE5lBiMxpUx6ULCAMz1L2Rh7cyyrBeUs%2Freww62Yx9oG7Bk2bXzOdAVpL1yfjFECfI2TOD6%2BeJFEY2014piuBP2btYw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
server: cloudflare
cf-ray: 87db3d921df60b69-OSL
content-encoding: br

flaredownload.com/assets/hl-b2285d0c.js

104.21.19.111

200 OK

418 B

URL GET HTTP/3
flaredownload.com/assets/hl-b2285d0c.js
IP
104.21.19.111:443
ASN
#13335 CLOUDFLARENET

Requested by
https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
Certificate
IssuerGoogle Trust Services LLC
Subjectflaredownload.com
FingerprintA7:68:A0:75:94:62:A1:45:DE:7D:F0:07:04:B4:D1:B8:96:E1:C2:50
ValidityMon, 18 Mar 2024 15:26:29 GMT - Sun, 16 Jun 2024 15:26:28 GMT

File type
ASCII text, with very long lines (440), with no line terminators
Size
418 B (418 bytes)
Hash
85588ca35855f6b2ae9286b7196feeae
bf251e5fd48bb9b6c73edb97db4c4a836716cc2e
d6b4dba6dff1850017bd0192679ea50a68d766afe6a3ffb9857082a46315e45a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/hl-b2285d0c.js HTTP/1.1
Host: flaredownload.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 02 May 2024 21:52:48 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=419
access-control-allow-origin: *
etag: W/"6630d038-1a3"
last-modified: Tue, 30 Apr 2024 11:04:24 GMT
cache-control: max-age=1800
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7QVmyjbIZ2O5K4Lw93daefJhpPophmiRvAhrefWRCr99G8PG%2BLFZNhM39aKvaXp%2B%2BSDTOh%2B9MTAzyNS5MadPak0D1sO9ULMzVit%2FUoa7wtUWvYiF7Sl%2BkKx1rLIMhfxMLzRWiNQ7cw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
server: cloudflare
cf-ray: 87db3d8d99ce0b69-OSL
content-encoding: br

flaredownload.com/assets/hl-cecfe82c.js

104.21.19.111

200 OK

3.2 kB

URL GET HTTP/3
flaredownload.com/assets/hl-cecfe82c.js
IP
104.21.19.111:443
ASN
#13335 CLOUDFLARENET

Requested by
https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
Certificate
IssuerGoogle Trust Services LLC
Subjectflaredownload.com
FingerprintA7:68:A0:75:94:62:A1:45:DE:7D:F0:07:04:B4:D1:B8:96:E1:C2:50
ValidityMon, 18 Mar 2024 15:26:29 GMT - Sun, 16 Jun 2024 15:26:28 GMT

File type
JavaScript source, ASCII text, with very long lines (3246), with no line terminators
Size
3.2 kB (3166 bytes)
Hash
baeaddeb391232a249395c13f7f379b5
3e1199f529c869f163ccaa0354c043190453dda3
ac234644125deb03f142d4cf9dc6d234551a5f3f00bfb7875eaa7ed037971b12

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/hl-cecfe82c.js HTTP/1.1
Host: flaredownload.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://flaredownload.com/assets/hl-d9848c4e.js
Cookie: visitInfo::6573=c5081eb4f71b3e83a40f29fac1124e037f56902dab686688b93b637c8b4795bca%3A2%3A%7Bi%3A0%3Bs%3A15%3A%22visitInfo%3A%3A6573%22%3Bi%3A1%3Ba%3A5%3A%7Bs%3A8%3A%22cookieId%22%3Bs%3A32%3A%227cb763c0bfc785466b79c98c35a44c5f%22%3Bs%3A7%3A%22network%22%3Bs%3A6%3A%22200347%22%3Bs%3A9%3A%22publisher%22%3Bs%3A8%3A%224a8c9935%22%3Bs%3A10%3A%22externalId%22%3Bs%3A36%3A%228f9683bc-1ffa-4450-95a2-62ca40531570%22%3Bs%3A7%3A%22isNewTr%22%3Bb%3A1%3B%7D%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 02 May 2024 21:52:48 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=3167
access-control-allow-origin: *
etag: W/"6630d038-c5f"
last-modified: Tue, 30 Apr 2024 11:04:24 GMT
cache-control: max-age=1800
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6M87wyqlZnxojVpmkSp%2BbxV01ISQC6opKwQi6ctdKIYxBLYDSxksAyybfWdF68tNUNB09PIAjkcvPYwRZuOd5mIh729ev4jFljI9C7gpin7pWa7%2Fa7Tfy6cKcpBoTPxMzXnZWc8igg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: REVALIDATED
server: cloudflare
cf-ray: 87db3d8d89c30b69-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

flaredownload.com/assets/hl-9b82fb7e.js

104.21.19.111

200 OK

4.8 kB

URL GET HTTP/3
flaredownload.com/assets/hl-9b82fb7e.js
IP
104.21.19.111:443
ASN
#13335 CLOUDFLARENET

Requested by
https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
Certificate
IssuerGoogle Trust Services LLC
Subjectflaredownload.com
FingerprintA7:68:A0:75:94:62:A1:45:DE:7D:F0:07:04:B4:D1:B8:96:E1:C2:50
ValidityMon, 18 Mar 2024 15:26:29 GMT - Sun, 16 Jun 2024 15:26:28 GMT

File type
ASCII text, with very long lines (5067), with no line terminators
Size
4.8 kB (4793 bytes)
Hash
d6a5fd5adbf8c12b0cca48ec179c49a3
a209a4cb9020c5233beaf96ea3aa33d6de7ed3b2
448378f8afda38d2a252bc2c362707b7ceb0ecbf724768ff2de171bdb535fc6a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/hl-9b82fb7e.js HTTP/1.1
Host: flaredownload.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 02 May 2024 21:52:48 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=4794
access-control-allow-origin: *
etag: W/"6630d038-12ba"
last-modified: Tue, 30 Apr 2024 11:04:24 GMT
cache-control: max-age=1800
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qUYp8k107CQEzCfBS1RJONM7CXoioGZEEUZTp371cxqYo%2B0NrkECSxtT7O53hX09r6UcUMD2hB6Jmf%2BaO6rI%2FGpFaEmWvgJGMAEUYPLBK85MYAh8XLsWz8TjZ9umOC1fevpIDQE4aA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
server: cloudflare
cf-ray: 87db3d8d89ca0b69-OSL
content-encoding: br

fonts.googleapis.com/css?family=Roboto:300,400,500,700

216.58.207.234

200 OK

8.7 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Roboto:300,400,500,700
IP
216.58.207.234:443
ASN
#15169 GOOGLE

Requested by
https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint5F:6D:48:87:16:89:1E:A5:57:29:92:8B:34:BD:F2:92:0C:7F:F2:50
ValidityMon, 08 Apr 2024 07:32:03 GMT - Mon, 01 Jul 2024 07:32:02 GMT

File type
ASCII text, with very long lines (8956), with no line terminators
Size
8.7 kB (8732 bytes)
Hash
91804c0df51e58b0bf469561e1ac2732
cc5a9023e310b49ef8f8ae32bb89ea774fe116ec
8a8aed46bfb9cdec8e34e76343b7e66796cf09926aef42efdfe5fa8a1fdda8aa

HTTP Headers

GET /css?family=Roboto:300,400,500,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://flaredownload.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 02 May 2024 21:52:48 GMT
date: Thu, 02 May 2024 21:52:48 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

flaredownload.com/assets/hl-4f383950.js

104.21.19.111

200 OK

561 B

URL GET HTTP/3
flaredownload.com/assets/hl-4f383950.js
IP
104.21.19.111:443
ASN
#13335 CLOUDFLARENET

Requested by
https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
Certificate
IssuerGoogle Trust Services LLC
Subjectflaredownload.com
FingerprintA7:68:A0:75:94:62:A1:45:DE:7D:F0:07:04:B4:D1:B8:96:E1:C2:50
ValidityMon, 18 Mar 2024 15:26:29 GMT - Sun, 16 Jun 2024 15:26:28 GMT

File type
ASCII text, with very long lines (583), with no line terminators
Size
561 B (561 bytes)
Hash
ecfa1edea2124a26c0eebe13301df934
7daea65038b70ae4169779de3cb9b371958118fd
c6229eac3f5dffc7af687347ae6e6768c08e8c91c6f1101cec7a31110508c327

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/hl-4f383950.js HTTP/1.1
Host: flaredownload.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 02 May 2024 21:52:48 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=562
access-control-allow-origin: *
etag: W/"6630d038-232"
last-modified: Tue, 30 Apr 2024 11:04:24 GMT
cache-control: max-age=1800
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ci6pFPdqu6vera3XCfB9jLUhGQXnyvXzxwdAm9CHYDHOFVgKWkDZvceenLC3pEjH6V%2BSaO7ceiQJvveMw8KMFMrNFKbt%2FtaWmGFUqpFulzsAzjDuQnMkUKb%2BRSpfSj8AsHdIeeqKHg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
server: cloudflare
cf-ray: 87db3d90ac690b69-OSL
content-encoding: br

flaredownload.com/favicon.ico

104.21.19.111

200 OK

4.3 kB

URL GET HTTP/3
flaredownload.com/favicon.ico
IP
104.21.19.111:443
ASN
#13335 CLOUDFLARENET

Requested by
https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
Certificate
IssuerGoogle Trust Services LLC
Subjectflaredownload.com
FingerprintA7:68:A0:75:94:62:A1:45:DE:7D:F0:07:04:B4:D1:B8:96:E1:C2:50
ValidityMon, 18 Mar 2024 15:26:29 GMT - Sun, 16 Jun 2024 15:26:28 GMT

File type
MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
Size
4.3 kB (4286 bytes)
Hash
1ba2ae710d927f13d483fd5d1e548c9b
c0605efed936ee2600284e6480521d06fa64f872
db74ab0b78338c1f778f8398c45f4103c99aea0e845a3118a7750b4eeafd3445

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: flaredownload.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 02 May 2024 21:52:48 GMT
content-type: image/x-icon
last-modified: Wed, 13 Sep 2023 08:04:59 GMT
etag: W/"65016d2b-10be"
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2w70x4XLMdTDi2VYKshyW6PDGMi5k0kKLe2F20us54Ifqd5BWHODR%2BAeGKVDtwLPPk46vFvcfuQwIfBSrlbKCBWzrbCIrI%2BdLCDaxf5GQ9xcqAeffdvs6FKkcTThHnq2pYyyVw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87db3d8d09690b69-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

secureanalytic.com/scripts/push/script/02eyoyxdkz?url=flaredownload.com

188.114.97.1

200 OK

8.1 kB

URL GET HTTP/2
secureanalytic.com/scripts/push/script/02eyoyxdkz?url=flaredownload.com
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
Certificate
IssuerLet's Encrypt
Subjectsecureanalytic.com
FingerprintE8:56:22:9E:5D:B8:81:BD:9C:20:0E:24:64:BE:C4:CA:4E:D6:C9:63
ValidityFri, 29 Mar 2024 10:27:40 GMT - Thu, 27 Jun 2024 10:27:39 GMT

File type
JavaScript source, ASCII text, with very long lines (8385), with no line terminators
Size
8.1 kB (8143 bytes)
Hash
b45c7286594795de3b392f6f8942604d
51239b08544394e811b8fdcc3bdc1df3832256e5
d1cfecd1075f9a9eea50304717a1fbd7cf2601c2d2bc80c698d4136846fdbef7

HTTP Headers

GET /scripts/push/script/02eyoyxdkz?url=flaredownload.com HTTP/1.1
Host: secureanalytic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://flaredownload.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 May 2024 21:52:48 GMT
content-type: application/javascript;charset=UTF-8
expires: 0
cache-control: max-age=14400, must-revalidate
x-xss-protection: 1; mode=block
pragma: no-cache
x-frame-options: SAMEORIGIN
referrer-policy: strict-origin-when-cross-origin
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src * 'self' https://* blob: data:; font-src 'self' data:
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-content-type-options: nosniff
permissions-policy: camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()
cf-cache-status: EXPIRED
last-modified: Thu, 02 May 2024 15:26:46 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=04W85ro8%2BoeEA%2F9tmLYvPpwxpTtVvQ9rNjJU%2BsoZk59jcXqnKlYt636MJOa60NkhfVKEd3DO6mWgRSeWMzQpuAiTk7W3ZSG3oOn6InaREPXcLR3UNC4H47S9G7uqgy%2F06pdiDfE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87db3d8e4a64b509-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

flaredownload.com/assets/hl-02495a6a.js

104.21.19.111

200 OK

426 B

URL GET HTTP/3
flaredownload.com/assets/hl-02495a6a.js
IP
104.21.19.111:443
ASN
#13335 CLOUDFLARENET

Requested by
https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
Certificate
IssuerGoogle Trust Services LLC
Subjectflaredownload.com
FingerprintA7:68:A0:75:94:62:A1:45:DE:7D:F0:07:04:B4:D1:B8:96:E1:C2:50
ValidityMon, 18 Mar 2024 15:26:29 GMT - Sun, 16 Jun 2024 15:26:28 GMT

File type
ASCII text, with very long lines (456), with no line terminators
Size
426 B (426 bytes)
Hash
047d44e23ee756a959c50f65e5bf1d4f
a53215ab0671ad9f389e32edcaf078174e430df1
da2d8aaffaf9e40b0b9107dc66ef091b6fd4b24074e9789015e1bd2bf7ed5a0d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/hl-02495a6a.js HTTP/1.1
Host: flaredownload.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 02 May 2024 21:52:48 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=427
access-control-allow-origin: *
etag: W/"6630d038-1ab"
last-modified: Tue, 30 Apr 2024 11:04:24 GMT
cache-control: max-age=1800
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GwLv7JDegq%2FdfSocntJubC3iSev7UDEkKf1GVNSHBAFCEhLv%2Fje6GcLZuHlDF6IZAyiWwwCvgHt2twbdSoMKlfnb9KxOnCZjC%2BZvixY4DR%2FaRLBx%2BnshocHK8ZFpfxfbRmmS7lExnw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
server: cloudflare
cf-ray: 87db3d90ac6c0b69-OSL
content-encoding: br

flaredownload.com/assets/hl-b2285d0c.js

104.21.19.111

200 OK

418 B

URL GET HTTP/3
flaredownload.com/assets/hl-b2285d0c.js
IP
104.21.19.111:443
ASN
#13335 CLOUDFLARENET

Requested by
https://flaredownload.com/en_us/unlock-content-now?&subid=8f9683bc-1ffa-4450-95a2-62ca40531570&networkid=200347&publisher=4a8c9935&isNewTr=1&stream=&subsource=
Certificate
IssuerGoogle Trust Services LLC
Subjectflaredownload.com
FingerprintA7:68:A0:75:94:62:A1:45:DE:7D:F0:07:04:B4:D1:B8:96:E1:C2:50
ValidityMon, 18 Mar 2024 15:26:29 GMT - Sun, 16 Jun 2024 15:26:28 GMT

File type
ASCII text, with very long lines (440), with no line terminators
Size
418 B (418 bytes)
Hash
85588ca35855f6b2ae9286b7196feeae
bf251e5fd48bb9b6c73edb97db4c4a836716cc2e
d6b4dba6dff1850017bd0192679ea50a68d766afe6a3ffb9857082a46315e45a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/hl-b2285d0c.js HTTP/1.1
Host: flaredownload.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://flaredownload.com/assets/hl-9b82fb7e.js
Cookie: visitInfo::6573=c5081eb4f71b3e83a40f29fac1124e037f56902dab686688b93b637c8b4795bca%3A2%3A%7Bi%3A0%3Bs%3A15%3A%22visitInfo%3A%3A6573%22%3Bi%3A1%3Ba%3A5%3A%7Bs%3A8%3A%22cookieId%22%3Bs%3A32%3A%227cb763c0bfc785466b79c98c35a44c5f%22%3Bs%3A7%3A%22network%22%3Bs%3A6%3A%22200347%22%3Bs%3A9%3A%22publisher%22%3Bs%3A8%3A%224a8c9935%22%3Bs%3A10%3A%22externalId%22%3Bs%3A36%3A%228f9683bc-1ffa-4450-95a2-62ca40531570%22%3Bs%3A7%3A%22isNewTr%22%3Bb%3A1%3B%7D%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 02 May 2024 21:52:48 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=419
access-control-allow-origin: *
etag: W/"6630d038-1a3"
last-modified: Tue, 30 Apr 2024 11:04:24 GMT
cache-control: max-age=1800
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7QVmyjbIZ2O5K4Lw93daefJhpPophmiRvAhrefWRCr99G8PG%2BLFZNhM39aKvaXp%2B%2BSDTOh%2B9MTAzyNS5MadPak0D1sO9ULMzVit%2FUoa7wtUWvYiF7Sl%2BkKx1rLIMhfxMLzRWiNQ7cw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 0
server: cloudflare
cf-ray: 87db3d8e0a3f0b69-OSL
content-encoding: br

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (25)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML