POST omcrobata.com/zone?pub=0&zone_id=6199255&is_mobile=false&domain=lzu.binodone.com&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.609&trace_id=39d8ff11-cabe-41e6-89aa-40894a107841&action=prerequest&drf=
200 OK 0 B URL POST omcrobata.com/zone?pub=0&zone_id=6199255&is_mobile=false&domain=lzu.binodone.com&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.609&trace_id=39d8ff11-cabe-41e6-89aa-40894a107841&action=prerequest&drf=
IP
Requested by https://lzu.binodone.com/c.php?k=63r1l5p2seqav3mqsdvc&clickid=670fe133327922000142e655&affpid=365&action_id=usdesktop&referrer=https:/bing.com/&sub1=sxy&sub2=&sub3=&sub4=&sub5=&sub6=
Certificate IssuerLet's Encrypt
Subjectomcrobata.com
FingerprintDA:7D:F7:E4:F2:7A:61:12:53:50:98:91:8E:EC:D3:12:60:0E:16:CB
ValidityFri, 21 Feb 2025 05:09:51 GMT - Thu, 22 May 2025 05:09:50 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /zone?pub=0&zone_id=6199255&is_mobile=false&domain=lzu.binodone.com&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.609&trace_id=39d8ff11-cabe-41e6-89aa-40894a107841&action=prerequest&drf= HTTP/1.1
Host: omcrobata.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lzu.binodone.com
DNT: 1
Connection: keep-alive
Referer: https://lzu.binodone.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 200 OK
server: nginx
date: Mon, 14 Apr 2025 05:47:32 GMT
content-length: 0
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://lzu.binodone.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
GET lzu.binodone.com/landers/vcland1_univeral_oleg_no_quest_short_integrated/badge2.png
200 OK 5.7 kB URL GET lzu.binodone.com/landers/vcland1_univeral_oleg_no_quest_short_integrated/badge2.png
IP
Requested by https://lzu.binodone.com/c.php?k=63r1l5p2seqav3mqsdvc&clickid=670fe133327922000142e655&affpid=365&action_id=usdesktop&referrer=https:/bing.com/&sub1=sxy&sub2=&sub3=&sub4=&sub5=&sub6=
Certificate IssuerGoogle Trust Services
Subjectbinodone.com
Fingerprint83:A9:57:84:65:CB:A9:C3:4E:32:F8:9B:24:E4:AB:C5:FC:7C:03:64
ValidityWed, 02 Apr 2025 16:02:28 GMT - Tue, 01 Jul 2025 16:59:27 GMT
File type PNG image data, 181 x 181, 8-bit colormap, non-interlaced
Hash 0cb698f971887902e7e703dfeb001dde
f82834fe43efe7e0deebfa2cc2c7bc2225b30683
81e72bc00e98421c1c6f42843a6813314b27711c0ba1f430de7baaae55e6ca09
GET /landers/vcland1_univeral_oleg_no_quest_short_integrated/badge2.png HTTP/1.1
Host: lzu.binodone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lzu.binodone.com/c.php?k=63r1l5p2seqav3mqsdvc&clickid=670fe133327922000142e655&affpid=365&action_id=usdesktop&referrer=https:/bing.com/&sub1=sxy&sub2=&sub3=&sub4=&sub5=&sub6=
Cookie: uclick=zwa2e2dudz; uclickhash=zwa2e2dudz-zwa2e2du6o-j68n-twqd-2tx9dz-zw3v8n-zwrndz-a3681e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 14 Apr 2025 05:47:29 GMT
content-type: image/png
content-length: 5699
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=20dVphsVcG%2FZrDK1lyhKyQl66M8bxO967HbXvGa30x6zS2vxTU5Ma%2Fc7lDVX6axGYZosTnDpdr17N3a971xdqtujb7wFa709qJnzpW%2FsYyjDMAYLcTBaTim8%2BNxk31%2ByX4IE"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 20 Jul 2021 10:52:27 GMT
etag: "60f6aaeb-1643"
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
cf-ray: 9300e8a55c0212a5-CPH
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=54749&min_rtt=42784&rtt_var=21694&sent=30&recv=29&lost=0&retrans=0&sent_bytes=4459&recv_bytes=6563&delivery_rate=1215&cwnd=12000&unsent_bytes=0&cid=a4b1794b7e9e8aef&ts=1252&x=16"
GET lzu.binodone.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
302 Found 8.5 kB URL GET lzu.binodone.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
IP
Requested by https://lzu.binodone.com/c.php?k=63r1l5p2seqav3mqsdvc&clickid=670fe133327922000142e655&affpid=365&action_id=usdesktop&referrer=https:/bing.com/&sub1=sxy&sub2=&sub3=&sub4=&sub5=&sub6=
Certificate IssuerGoogle Trust Services
Subjectbinodone.com
Fingerprint83:A9:57:84:65:CB:A9:C3:4E:32:F8:9B:24:E4:AB:C5:FC:7C:03:64
ValidityWed, 02 Apr 2025 16:02:28 GMT - Tue, 01 Jul 2025 16:59:27 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: lzu.binodone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: uclick=zwa2e2dudz; uclickhash=zwa2e2dudz-zwa2e2du6o-j68n-twqd-2tx9dz-zw3v8n-zwrndz-a3681e
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 302 Found
date: Mon, 14 Apr 2025 05:47:29 GMT
content-length: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jGzWL%2FQa9rTvNM1XwuwdHzZ%2Fola8vRRb7j%2FbTKnsMUZ%2F1JkdwlNTEQ%2BNUEAO1r8fE6OMM6xMpT6wbdibI9f5ZAs2gEhcHZtry0fL6IpGtjFrek7q9rOJxEHB6fit1pDHOADx"}],"group":"cf-nel","max_age":604800}
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/580ba44007a6/main.js?
cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public
access-control-allow-origin: *
cf-ray: 9300e8a7ad3712a5-CPH
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=54749&min_rtt=42784&rtt_var=21694&sent=30&recv=29&lost=0&retrans=0&sent_bytes=4459&recv_bytes=6563&delivery_rate=1215&cwnd=12000&unsent_bytes=0&cid=a4b1794b7e9e8aef&ts=1248&x=16"
GET lzu.binodone.com/sw-check-permissions-b9b9f.js?zoneId=6199255&tg=1
200 OK 566 B URL GET lzu.binodone.com/sw-check-permissions-b9b9f.js?zoneId=6199255&tg=1
IP
Requested by https://lzu.binodone.com/c.php?k=63r1l5p2seqav3mqsdvc&clickid=670fe133327922000142e655&affpid=365&action_id=usdesktop&referrer=https:/bing.com/&sub1=sxy&sub2=&sub3=&sub4=&sub5=&sub6=
Certificate IssuerGoogle Trust Services
Subjectbinodone.com
Fingerprint83:A9:57:84:65:CB:A9:C3:4E:32:F8:9B:24:E4:AB:C5:FC:7C:03:64
ValidityWed, 02 Apr 2025 16:02:28 GMT - Tue, 01 Jul 2025 16:59:27 GMT
Hash 1ade7255e242c6cec4c00bcc54729c05
1eb122f3603d6eb859b0a20dd1b973d60a6d88cd
b7fa7e2933c2ff8d339c52fa118907b9a9dc48103b13d3cb009cec987943ba61
GET /sw-check-permissions-b9b9f.js?zoneId=6199255&tg=1 HTTP/1.1
Host: lzu.binodone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Referer: https://lzu.binodone.com/c.php?k=63r1l5p2seqav3mqsdvc&clickid=670fe133327922000142e655&affpid=365&action_id=usdesktop&referrer=https:/bing.com/&sub1=sxy&sub2=&sub3=&sub4=&sub5=&sub6=
Cookie: uclick=zwa2e2dudz; uclickhash=zwa2e2dudz-zwa2e2du6o-j68n-twqd-2tx9dz-zw3v8n-zwrndz-a3681e; cf_clearance=B9kaykFvqYyzkOgxnMsX4l8MZ36rKDqDt3wRGp41N_w-1744609650-1.2.1.1-lz3_UhYQL.y3mIZBa89V_vHK6CN39xW8jP0akMDwmfcfM9sEay0qR.VAb3wDMAw4O0G1vTilm3SM9D3VYvMYshHjtfgJ1DafIWUAjoUHok7Ef78pmrffGKZuGOhtpo8bleB5V2tGsW5xBC8RjTxqyfVTpmXFUiqN4vVtjMvL0NtEHI5fVeLH2DeE1nW7FYaUH84yLsQyO9w.ORivbOW.Di6nFKTM5MGkwnshVrnTwX9JpluVvP5srTcOe5UDiLNXdIQkZbEQIJ8o168oZby66.SDLeboO8M6hYbktGHVfHcIn3E4t917hNiOzQqxyn71.biV6paGRNNxyNCAZhOlcR8qlUKh4B87Ozc.L1uqN1Y
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 14 Apr 2025 05:47:32 GMT
content-type: application/javascript
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KZnh1VoZqEjpRFQ%2BP7TVQK4HS0FjPRgqQ47ri4epn8kQlOJiqCPAyazCW5%2Fa%2BOSuTHAIgMK02zTNmAni9gtrvBkxUuyvcMkp1gJ0wYjmSlB5%2FeqQIjQ0YIN51sFf9t1oHcJQ"}],"group":"cf-nel","max_age":604800}
last-modified: Mon, 07 Aug 2023 13:14:21 GMT
etag: W/"64d0ee2d-236"
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: HIT
age: 5052
content-encoding: br
cf-ray: 9300e8b5dcd312a5-CPH
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=54749&min_rtt=42784&rtt_var=21694&sent=30&recv=29&lost=0&retrans=0&sent_bytes=4459&recv_bytes=6563&delivery_rate=1215&cwnd=12000&unsent_bytes=0&cid=a4b1794b7e9e8aef&ts=3511&x=16"
GET lzu.binodone.com/landers/vcland1_univeral_oleg_no_quest_short_integrated/memb5.jpg
200 OK 11 kB URL GET lzu.binodone.com/landers/vcland1_univeral_oleg_no_quest_short_integrated/memb5.jpg
IP
Requested by https://lzu.binodone.com/c.php?k=63r1l5p2seqav3mqsdvc&clickid=670fe133327922000142e655&affpid=365&action_id=usdesktop&referrer=https:/bing.com/&sub1=sxy&sub2=&sub3=&sub4=&sub5=&sub6=
Certificate IssuerGoogle Trust Services
Subjectbinodone.com
Fingerprint83:A9:57:84:65:CB:A9:C3:4E:32:F8:9B:24:E4:AB:C5:FC:7C:03:64
ValidityWed, 02 Apr 2025 16:02:28 GMT - Tue, 01 Jul 2025 16:59:27 GMT
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=0, bps=0, PhotometricInterpretation=RGB, orientation=upper-left, width=0], baseline, precision 8, 48x48, components 3
Hash 3c9f6d15d5a257d305cfdfa70961b231
80b95358800339ffc0929cc50454d4ae01774f59
aae15a1042da4a630f891c71c0957fc98cb75a61ecc44245c394d17c808cb8ec
GET /landers/vcland1_univeral_oleg_no_quest_short_integrated/memb5.jpg HTTP/1.1
Host: lzu.binodone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lzu.binodone.com/c.php?k=63r1l5p2seqav3mqsdvc&clickid=670fe133327922000142e655&affpid=365&action_id=usdesktop&referrer=https:/bing.com/&sub1=sxy&sub2=&sub3=&sub4=&sub5=&sub6=
Cookie: uclick=zwa2e2dudz; uclickhash=zwa2e2dudz-zwa2e2du6o-j68n-twqd-2tx9dz-zw3v8n-zwrndz-a3681e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 14 Apr 2025 05:47:30 GMT
content-type: image/jpeg
content-length: 10973
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iPl%2BI4cwpRYSrmdb4vWAs65KwXsU%2FkDXfVoh4Fj%2BvUfwusK0MIRx1eUxH7LojnwBKYMKw136pkZR8f7Lbz8k%2Bbr6opFhrNY%2FxLymfh2Iffl%2FA3D%2FKvZ0vKlo6Qa3474HIMxE"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 20 Jul 2021 10:52:27 GMT
etag: "60f6aaeb-2add"
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
cf-ray: 9300e8a5ac3612a5-CPH
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=54749&min_rtt=42784&rtt_var=21694&sent=30&recv=29&lost=0&retrans=0&sent_bytes=4459&recv_bytes=6563&delivery_rate=1215&cwnd=12000&unsent_bytes=0&cid=a4b1794b7e9e8aef&ts=1501&x=16"
POST omcrobata.com/event
200 OK 81 B IP
Requested by https://lzu.binodone.com/c.php?k=63r1l5p2seqav3mqsdvc&clickid=670fe133327922000142e655&affpid=365&action_id=usdesktop&referrer=https:/bing.com/&sub1=sxy&sub2=&sub3=&sub4=&sub5=&sub6=
Certificate IssuerLet's Encrypt
Subjectomcrobata.com
FingerprintDA:7D:F7:E4:F2:7A:61:12:53:50:98:91:8E:EC:D3:12:60:0E:16:CB
ValidityFri, 21 Feb 2025 05:09:51 GMT - Thu, 22 May 2025 05:09:50 GMT
Hash 1925ac9acbb20af3fb748db78068c1da
d972cadaa9e2427d779c52f89bffc0f753775b36
8f7028c2ef18cedc6db5279757966d0abff025fe88cf9d089fb788ae397cc71d
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /event HTTP/1.1
Host: omcrobata.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lzu.binodone.com/
Content-Type: application/json
Content-Length: 513
Origin: https://lzu.binodone.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Mon, 14 Apr 2025 05:47:32 GMT
content-type: application/json; charset=utf-8
content-length: 81
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://lzu.binodone.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
OPTIONS omcrobata.com/event
200 OK 0 B IP
Requested by https://lzu.binodone.com/c.php?k=63r1l5p2seqav3mqsdvc&clickid=670fe133327922000142e655&affpid=365&action_id=usdesktop&referrer=https:/bing.com/&sub1=sxy&sub2=&sub3=&sub4=&sub5=&sub6=
Certificate IssuerLet's Encrypt
Subjectomcrobata.com
FingerprintDA:7D:F7:E4:F2:7A:61:12:53:50:98:91:8E:EC:D3:12:60:0E:16:CB
ValidityFri, 21 Feb 2025 05:09:51 GMT - Thu, 22 May 2025 05:09:50 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
OPTIONS /event HTTP/1.1
Host: omcrobata.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://lzu.binodone.com/
Origin: https://lzu.binodone.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Mon, 14 Apr 2025 05:47:32 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://lzu.binodone.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2
OPTIONS omcrobata.com/event
200 OK 0 B IP
Requested by https://lzu.binodone.com/c.php?k=63r1l5p2seqav3mqsdvc&clickid=670fe133327922000142e655&affpid=365&action_id=usdesktop&referrer=https:/bing.com/&sub1=sxy&sub2=&sub3=&sub4=&sub5=&sub6=
Certificate IssuerLet's Encrypt
Subjectomcrobata.com
FingerprintDA:7D:F7:E4:F2:7A:61:12:53:50:98:91:8E:EC:D3:12:60:0E:16:CB
ValidityFri, 21 Feb 2025 05:09:51 GMT - Thu, 22 May 2025 05:09:50 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
OPTIONS /event HTTP/1.1
Host: omcrobata.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://lzu.binodone.com/
Origin: https://lzu.binodone.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Mon, 14 Apr 2025 05:47:32 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://lzu.binodone.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2
POST omcrobata.com/event
200 OK 0 B IP
Requested by https://lzu.binodone.com/c.php?k=63r1l5p2seqav3mqsdvc&clickid=670fe133327922000142e655&affpid=365&action_id=usdesktop&referrer=https:/bing.com/&sub1=sxy&sub2=&sub3=&sub4=&sub5=&sub6=
Certificate IssuerLet's Encrypt
Subjectomcrobata.com
FingerprintDA:7D:F7:E4:F2:7A:61:12:53:50:98:91:8E:EC:D3:12:60:0E:16:CB
ValidityFri, 21 Feb 2025 05:09:51 GMT - Thu, 22 May 2025 05:09:50 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /event HTTP/1.1
Host: omcrobata.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 595
Origin: https://lzu.binodone.com
DNT: 1
Connection: keep-alive
Referer: https://lzu.binodone.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 14 Apr 2025 05:47:32 GMT
content-type: application/json; charset=utf-8
content-length: 26
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://lzu.binodone.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
POST omcrobata.com/event
200 OK 81 B IP
Requested by https://lzu.binodone.com/c.php?k=63r1l5p2seqav3mqsdvc&clickid=670fe133327922000142e655&affpid=365&action_id=usdesktop&referrer=https:/bing.com/&sub1=sxy&sub2=&sub3=&sub4=&sub5=&sub6=
Certificate IssuerLet's Encrypt
Subjectomcrobata.com
FingerprintDA:7D:F7:E4:F2:7A:61:12:53:50:98:91:8E:EC:D3:12:60:0E:16:CB
ValidityFri, 21 Feb 2025 05:09:51 GMT - Thu, 22 May 2025 05:09:50 GMT
Hash 48b445caf891ea0387186c77695727db
1b76c95399bdc99aa601932b7be3cb4c4ccc0556
659e996aeef1c11b6be42356370c22d723412c0f96e1b3338bd31cf9b598ad5a
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /event HTTP/1.1
Host: omcrobata.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lzu.binodone.com/
Content-Type: application/json
Content-Length: 517
Origin: https://lzu.binodone.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Mon, 14 Apr 2025 05:47:32 GMT
content-type: application/json; charset=utf-8
content-length: 81
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://lzu.binodone.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
GET lzu.binodone.com/landers/vcland1_univeral_oleg_no_quest_short_integrated/memb6.jpg
200 OK 2.2 kB URL GET lzu.binodone.com/landers/vcland1_univeral_oleg_no_quest_short_integrated/memb6.jpg
IP
Requested by https://lzu.binodone.com/c.php?k=63r1l5p2seqav3mqsdvc&clickid=670fe133327922000142e655&affpid=365&action_id=usdesktop&referrer=https:/bing.com/&sub1=sxy&sub2=&sub3=&sub4=&sub5=&sub6=
Certificate IssuerGoogle Trust Services
Subjectbinodone.com
Fingerprint83:A9:57:84:65:CB:A9:C3:4E:32:F8:9B:24:E4:AB:C5:FC:7C:03:64
ValidityWed, 02 Apr 2025 16:02:28 GMT - Tue, 01 Jul 2025 16:59:27 GMT
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], comment: "Optimized by JPEGmini 3.9.20.0L Internal 0x0d9a3bc4", progressive, precision 8, 48x48, components 3
Hash 7fd2d50571479bb605a87ecef56bff35
b89d7b873e25473ba6f384b0976b3f9b3178be9a
eb358a7957452820746f0a9951f4ed887fd03f6b5dec980f980f6a87c9c07544
GET /landers/vcland1_univeral_oleg_no_quest_short_integrated/memb6.jpg HTTP/1.1
Host: lzu.binodone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lzu.binodone.com/c.php?k=63r1l5p2seqav3mqsdvc&clickid=670fe133327922000142e655&affpid=365&action_id=usdesktop&referrer=https:/bing.com/&sub1=sxy&sub2=&sub3=&sub4=&sub5=&sub6=
Cookie: uclick=zwa2e2dudz; uclickhash=zwa2e2dudz-zwa2e2du6o-j68n-twqd-2tx9dz-zw3v8n-zwrndz-a3681e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 14 Apr 2025 05:47:29 GMT
content-type: image/jpeg
content-length: 2225
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=F%2BoczTQ7Py9D%2FW9sb6Kbnj1FQZJP5Omu%2FBqIZoM2tV32FMCM7htnzgjVF%2BskHjUNfd5rLxNm958fOxpT92i4yTJeyxzjma1JfEe5mHgEUIOpYsQ0UasyOlCRSJAQCtsO5RrE"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 20 Jul 2021 10:52:27 GMT
etag: "60f6aaeb-8b1"
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
cf-ray: 9300e8a5ac3912a5-CPH
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=54749&min_rtt=42784&rtt_var=21694&sent=30&recv=29&lost=0&retrans=0&sent_bytes=4459&recv_bytes=6563&delivery_rate=1215&cwnd=12000&unsent_bytes=0&cid=a4b1794b7e9e8aef&ts=1009&x=16"
POST omcrobata.com/event
200 OK 81 B IP
Requested by https://lzu.binodone.com/c.php?k=63r1l5p2seqav3mqsdvc&clickid=670fe133327922000142e655&affpid=365&action_id=usdesktop&referrer=https:/bing.com/&sub1=sxy&sub2=&sub3=&sub4=&sub5=&sub6=
Certificate IssuerLet's Encrypt
Subjectomcrobata.com
FingerprintDA:7D:F7:E4:F2:7A:61:12:53:50:98:91:8E:EC:D3:12:60:0E:16:CB
ValidityFri, 21 Feb 2025 05:09:51 GMT - Thu, 22 May 2025 05:09:50 GMT
Hash 4787062920a66f561bfa1e1db7c4f94e
4094e9e3d85f3078693c6ef030ba0a863f748b6f
b01ef1dac8a00e3602fa9435caa6d6d6309128c626a1c4a5f286a499f76e5fa4
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /event HTTP/1.1
Host: omcrobata.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lzu.binodone.com/
Content-Type: application/json
Content-Length: 921
Origin: https://lzu.binodone.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Mon, 14 Apr 2025 05:47:32 GMT
content-type: application/json; charset=utf-8
content-length: 81
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://lzu.binodone.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
GET m.binidone.com/c.php?k=63r1l5p2seqav3mqsdvc&clickid=670fe133327922000142e655&affpid=365&action_id=usdesktop&referrer=https:/bing.com/&sub1=sxy&sub2=&sub3=&sub4=&sub5=&sub6=
302 Found 14 kB URL User Request GET m.binidone.com/c.php?k=63r1l5p2seqav3mqsdvc&clickid=670fe133327922000142e655&affpid=365&action_id=usdesktop&referrer=https:/bing.com/&sub1=sxy&sub2=&sub3=&sub4=&sub5=&sub6=
IP
Certificate IssuerGoogle Trust Services
Subjectbinidone.com
FingerprintC5:B8:5E:46:CD:E8:F3:A9:FB:C9:7C:D6:C8:FD:D3:29:CA:F1:AF:EA
ValidityThu, 06 Mar 2025 02:46:14 GMT - Wed, 04 Jun 2025 03:44:29 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c.php?k=63r1l5p2seqav3mqsdvc&clickid=670fe133327922000142e655&affpid=365&action_id=usdesktop&referrer=https:/bing.com/&sub1=sxy&sub2=&sub3=&sub4=&sub5=&sub6= HTTP/1.1
Host: m.binidone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Mon, 14 Apr 2025 05:47:28 GMT
content-length: 0
location: https://lzu.binodone.com/c.php?k=63r1l5p2seqav3mqsdvc&clickid=670fe133327922000142e655&affpid=365&action_id=usdesktop&referrer=https:/bing.com/&sub1=sxy&sub2=&sub3=&sub4=&sub5=&sub6=
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GW5S4malnSA1eqER37yMLfdQGRdxLMp0p1P%2Bee2a5aGyYYdylulA%2Bh6a8z2rAp2o66Hng41sjMh9a0vC%2F4rKCordv67LlH6GasJygTkUdwVK1s0Y0t1UGV%2FWEV1mcY4rkQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 9300e89cabf24555-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=25646&min_rtt=19624&rtt_var=14633&sent=9&recv=11&lost=0&retrans=1&sent_bytes=3290&recv_bytes=1416&delivery_rate=220127&cwnd=256&unsent_bytes=0&cid=4dffe687193e5068&ts=108&x=0"
X-Firefox-Spdy: h2
GET lzu.binodone.com/landers/vcland1_univeral_oleg_no_quest_short_integrated/memb3.jpg
200 OK 11 kB URL GET lzu.binodone.com/landers/vcland1_univeral_oleg_no_quest_short_integrated/memb3.jpg
IP
Requested by https://lzu.binodone.com/c.php?k=63r1l5p2seqav3mqsdvc&clickid=670fe133327922000142e655&affpid=365&action_id=usdesktop&referrer=https:/bing.com/&sub1=sxy&sub2=&sub3=&sub4=&sub5=&sub6=
Certificate IssuerGoogle Trust Services
Subjectbinodone.com
Fingerprint83:A9:57:84:65:CB:A9:C3:4E:32:F8:9B:24:E4:AB:C5:FC:7C:03:64
ValidityWed, 02 Apr 2025 16:02:28 GMT - Tue, 01 Jul 2025 16:59:27 GMT
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=1377, bps=0, PhotometricInterpretation=RGB, orientation=upper-left, width=978], baseline, precision 8, 48x48, components 3
Hash fd371a66773d4503cb78ff8f391482b9
955f7e66da7d14c13b0ee493c93a8b74cbec7bbb
973764f8935a1dac122351915cd5733afa88f01ff8db08b3b25af4fc4b81ee90
GET /landers/vcland1_univeral_oleg_no_quest_short_integrated/memb3.jpg HTTP/1.1
Host: lzu.binodone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lzu.binodone.com/c.php?k=63r1l5p2seqav3mqsdvc&clickid=670fe133327922000142e655&affpid=365&action_id=usdesktop&referrer=https:/bing.com/&sub1=sxy&sub2=&sub3=&sub4=&sub5=&sub6=
Cookie: uclick=zwa2e2dudz; uclickhash=zwa2e2dudz-zwa2e2du6o-j68n-twqd-2tx9dz-zw3v8n-zwrndz-a3681e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 14 Apr 2025 05:47:29 GMT
content-type: image/jpeg
content-length: 10798
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KuqZysGComXmBSIl2CYiHgyKbg13R1pWl6oxkHGgDCllFe83NZsUfb2L54bVYkdmDYKyGKnq%2FWnyPoWGCPea9M2A8vLjoO1Grdx3On0Tmj%2BE6WqJk4WQZdEZ%2BgwULdiRt29S"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 20 Jul 2021 10:52:27 GMT
etag: "60f6aaeb-2a2e"
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
cf-ray: 9300e8a5ac2e12a5-CPH
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=54749&min_rtt=42784&rtt_var=21694&sent=30&recv=29&lost=0&retrans=0&sent_bytes=4459&recv_bytes=6563&delivery_rate=1215&cwnd=12000&unsent_bytes=0&cid=a4b1794b7e9e8aef&ts=999&x=16"
GET lzu.binodone.com/landers/vcland1_univeral_oleg_no_quest_short_integrated/memb4.jpg
200 OK 2.9 kB URL GET lzu.binodone.com/landers/vcland1_univeral_oleg_no_quest_short_integrated/memb4.jpg
IP
Requested by https://lzu.binodone.com/c.php?k=63r1l5p2seqav3mqsdvc&clickid=670fe133327922000142e655&affpid=365&action_id=usdesktop&referrer=https:/bing.com/&sub1=sxy&sub2=&sub3=&sub4=&sub5=&sub6=
Certificate IssuerGoogle Trust Services
Subjectbinodone.com
Fingerprint83:A9:57:84:65:CB:A9:C3:4E:32:F8:9B:24:E4:AB:C5:FC:7C:03:64
ValidityWed, 02 Apr 2025 16:02:28 GMT - Tue, 01 Jul 2025 16:59:27 GMT
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], comment: "Optimized by JPEGmini 3.9.20.0L Internal 0x0d9a3bc4", progressive, precision 8, 48x48, components 3
Hash ea1d3a3865e1328796aaf00d2ace5bb5
3c9ffb90420536a96ed532b95e0e61d6fa937a3d
72edf288cd5408018ebeb43c611dfa0943de2faa1ab33c1cb4f9d500897541e3
GET /landers/vcland1_univeral_oleg_no_quest_short_integrated/memb4.jpg HTTP/1.1
Host: lzu.binodone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lzu.binodone.com/c.php?k=63r1l5p2seqav3mqsdvc&clickid=670fe133327922000142e655&affpid=365&action_id=usdesktop&referrer=https:/bing.com/&sub1=sxy&sub2=&sub3=&sub4=&sub5=&sub6=
Cookie: uclick=zwa2e2dudz; uclickhash=zwa2e2dudz-zwa2e2du6o-j68n-twqd-2tx9dz-zw3v8n-zwrndz-a3681e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 14 Apr 2025 05:47:29 GMT
content-type: image/jpeg
content-length: 2858
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BBFnOSLaIET8EC4m7cVh0teweW0sSf3vpl4RMojKRS%2Bto8HPMsTry7yc4WCjR4l8vveTLP89%2BaSHMMTNyeOWq0khGjgxs8lgGii1DY%2Ft%2BkYXVIbFG9bdcaixbPoQdb%2FlLrI5"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 20 Jul 2021 10:52:27 GMT
etag: "60f6aaeb-b2a"
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
cf-ray: 9300e8a5ac3212a5-CPH
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=54749&min_rtt=42784&rtt_var=21694&sent=30&recv=29&lost=0&retrans=0&sent_bytes=4459&recv_bytes=6563&delivery_rate=1215&cwnd=12000&unsent_bytes=0&cid=a4b1794b7e9e8aef&ts=1264&x=16"
OPTIONS omcrobata.com/event
200 OK 0 B IP
Requested by https://lzu.binodone.com/c.php?k=63r1l5p2seqav3mqsdvc&clickid=670fe133327922000142e655&affpid=365&action_id=usdesktop&referrer=https:/bing.com/&sub1=sxy&sub2=&sub3=&sub4=&sub5=&sub6=
Certificate IssuerLet's Encrypt
Subjectomcrobata.com
FingerprintDA:7D:F7:E4:F2:7A:61:12:53:50:98:91:8E:EC:D3:12:60:0E:16:CB
ValidityFri, 21 Feb 2025 05:09:51 GMT - Thu, 22 May 2025 05:09:50 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
OPTIONS /event HTTP/1.1
Host: omcrobata.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://lzu.binodone.com/
Origin: https://lzu.binodone.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Mon, 14 Apr 2025 05:47:32 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://lzu.binodone.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2
POST omcrobata.com/event
200 OK 0 B IP
Requested by https://lzu.binodone.com/c.php?k=63r1l5p2seqav3mqsdvc&clickid=670fe133327922000142e655&affpid=365&action_id=usdesktop&referrer=https:/bing.com/&sub1=sxy&sub2=&sub3=&sub4=&sub5=&sub6=
Certificate IssuerLet's Encrypt
Subjectomcrobata.com
FingerprintDA:7D:F7:E4:F2:7A:61:12:53:50:98:91:8E:EC:D3:12:60:0E:16:CB
ValidityFri, 21 Feb 2025 05:09:51 GMT - Thu, 22 May 2025 05:09:50 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /event HTTP/1.1
Host: omcrobata.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 514
Origin: https://lzu.binodone.com
DNT: 1
Connection: keep-alive
Referer: https://lzu.binodone.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 14 Apr 2025 05:47:32 GMT
content-type: application/json; charset=utf-8
content-length: 26
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://lzu.binodone.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
GET lzu.binodone.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/580ba44007a6/main.js?
200 OK 8.5 kB URL GET lzu.binodone.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/580ba44007a6/main.js?
IP
Requested by https://lzu.binodone.com/c.php?k=63r1l5p2seqav3mqsdvc&clickid=670fe133327922000142e655&affpid=365&action_id=usdesktop&referrer=https:/bing.com/&sub1=sxy&sub2=&sub3=&sub4=&sub5=&sub6=
Certificate IssuerGoogle Trust Services
Subjectbinodone.com
Fingerprint83:A9:57:84:65:CB:A9:C3:4E:32:F8:9B:24:E4:AB:C5:FC:7C:03:64
ValidityWed, 02 Apr 2025 16:02:28 GMT - Tue, 01 Jul 2025 16:59:27 GMT
File type JavaScript source, ASCII text, with very long lines (8489), with no line terminators
Hash 3a32d1e46ebfb33feeac554a8f422a40
29d22b854e582cb93f927b2b1fbcab1c5e136253
2a02f43d24584003ff7305a21979a479dc1bb83149134a734ac08b7b1b59a492
GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/580ba44007a6/main.js? HTTP/1.1
Host: lzu.binodone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: uclick=zwa2e2dudz; uclickhash=zwa2e2dudz-zwa2e2du6o-j68n-twqd-2tx9dz-zw3v8n-zwrndz-a3681e
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 14 Apr 2025 05:47:30 GMT
content-type: application/javascript; charset=UTF-8
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NPGxxjBUBILdjse7FIhcyAPxYKGivP1BrtehT2IZlepHASz7IQqDynND06eyAw3oxrE2z6k9KojV1%2FbSQcb1LWE2TGGtaqzPAk26f2dd%2BZlMkSJe%2BgYIE%2F%2FgjZlvtBB69P7s"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public
x-content-type-options: nosniff
content-encoding: br
cf-ray: 9300e8a98e2712a5-CPH
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=54749&min_rtt=42784&rtt_var=21694&sent=30&recv=29&lost=0&retrans=0&sent_bytes=4459&recv_bytes=6563&delivery_rate=1215&cwnd=12000&unsent_bytes=0&cid=a4b1794b7e9e8aef&ts=1543&x=16"
POST omcrobata.com/event
200 OK 0 B IP
Requested by https://lzu.binodone.com/c.php?k=63r1l5p2seqav3mqsdvc&clickid=670fe133327922000142e655&affpid=365&action_id=usdesktop&referrer=https:/bing.com/&sub1=sxy&sub2=&sub3=&sub4=&sub5=&sub6=
Certificate IssuerLet's Encrypt
Subjectomcrobata.com
FingerprintDA:7D:F7:E4:F2:7A:61:12:53:50:98:91:8E:EC:D3:12:60:0E:16:CB
ValidityFri, 21 Feb 2025 05:09:51 GMT - Thu, 22 May 2025 05:09:50 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /event HTTP/1.1
Host: omcrobata.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 413
Origin: https://lzu.binodone.com
DNT: 1
Connection: keep-alive
Referer: https://lzu.binodone.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 14 Apr 2025 05:47:32 GMT
content-type: application/json; charset=utf-8
content-length: 26
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://lzu.binodone.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
OPTIONS omcrobata.com/event
200 OK 0 B IP
Requested by https://lzu.binodone.com/c.php?k=63r1l5p2seqav3mqsdvc&clickid=670fe133327922000142e655&affpid=365&action_id=usdesktop&referrer=https:/bing.com/&sub1=sxy&sub2=&sub3=&sub4=&sub5=&sub6=
Certificate IssuerLet's Encrypt
Subjectomcrobata.com
FingerprintDA:7D:F7:E4:F2:7A:61:12:53:50:98:91:8E:EC:D3:12:60:0E:16:CB
ValidityFri, 21 Feb 2025 05:09:51 GMT - Thu, 22 May 2025 05:09:50 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
OPTIONS /event HTTP/1.1
Host: omcrobata.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://lzu.binodone.com/
Origin: https://lzu.binodone.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Mon, 14 Apr 2025 05:47:32 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://lzu.binodone.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2
GET lzu.binodone.com/landers/vcland1_univeral_oleg_no_quest_short_integrated/ssl.jpg
200 OK 5.0 kB URL GET lzu.binodone.com/landers/vcland1_univeral_oleg_no_quest_short_integrated/ssl.jpg
IP
Requested by https://lzu.binodone.com/c.php?k=63r1l5p2seqav3mqsdvc&clickid=670fe133327922000142e655&affpid=365&action_id=usdesktop&referrer=https:/bing.com/&sub1=sxy&sub2=&sub3=&sub4=&sub5=&sub6=
Certificate IssuerGoogle Trust Services
Subjectbinodone.com
Fingerprint83:A9:57:84:65:CB:A9:C3:4E:32:F8:9B:24:E4:AB:C5:FC:7C:03:64
ValidityWed, 02 Apr 2025 16:02:28 GMT - Tue, 01 Jul 2025 16:59:27 GMT
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], comment: "Optimized by JPEGmini 3.9.20.0L Internal 0x89504e13", baseline, precision 8, 92x46, components 3
Hash 5e5f603966b5b6e53ab61d706cc5b6c2
a8ad1b8c76762a1a1937c56a0d3cfe888a861102
75efe102cd6a345ba47e81056324033e1b14d769ff824991db8a7337013b7c85
GET /landers/vcland1_univeral_oleg_no_quest_short_integrated/ssl.jpg HTTP/1.1
Host: lzu.binodone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lzu.binodone.com/c.php?k=63r1l5p2seqav3mqsdvc&clickid=670fe133327922000142e655&affpid=365&action_id=usdesktop&referrer=https:/bing.com/&sub1=sxy&sub2=&sub3=&sub4=&sub5=&sub6=
Cookie: uclick=zwa2e2dudz; uclickhash=zwa2e2dudz-zwa2e2du6o-j68n-twqd-2tx9dz-zw3v8n-zwrndz-a3681e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 14 Apr 2025 05:47:29 GMT
content-type: image/jpeg
content-length: 5014
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N3bmVtViyv2FXDr020PwnyV09noFaIU6gVcniDWxmA9gwvstccirXKyaCt4eShvuttJ7wQI%2BZRJdspVQm004%2BfMmArj2InSGmVZsVy9UM%2BvXWpPNc%2Bk8UNSU2DS2Br2s%2F%2Br9"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 20 Jul 2021 10:52:27 GMT
etag: "60f6aaeb-1396"
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
cf-ray: 9300e8a57c1412a5-CPH
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=54749&min_rtt=42784&rtt_var=21694&sent=30&recv=29&lost=0&retrans=0&sent_bytes=4459&recv_bytes=6563&delivery_rate=1215&cwnd=12000&unsent_bytes=0&cid=a4b1794b7e9e8aef&ts=974&x=16"
GET lzu.binodone.com/landers/vcland1_univeral_oleg_no_quest_short_integrated/memb2.jpg
200 OK 2.2 kB URL GET lzu.binodone.com/landers/vcland1_univeral_oleg_no_quest_short_integrated/memb2.jpg
IP
Requested by https://lzu.binodone.com/c.php?k=63r1l5p2seqav3mqsdvc&clickid=670fe133327922000142e655&affpid=365&action_id=usdesktop&referrer=https:/bing.com/&sub1=sxy&sub2=&sub3=&sub4=&sub5=&sub6=
Certificate IssuerGoogle Trust Services
Subjectbinodone.com
Fingerprint83:A9:57:84:65:CB:A9:C3:4E:32:F8:9B:24:E4:AB:C5:FC:7C:03:64
ValidityWed, 02 Apr 2025 16:02:28 GMT - Tue, 01 Jul 2025 16:59:27 GMT
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], comment: "Optimized by JPEGmini 3.9.20.0L Internal 0x0d9a3bc4", progressive, precision 8, 48x48, components 3
Hash c0fe9818b461c7c76fd0a8f732ac3b2d
2be4db5f40c53bfb0faf71e7e1ae404a9141581d
9a98ddd7a86a6c44fcd91545d9d353284d3f4b7eec6913d09e2bfd882589dbbb
GET /landers/vcland1_univeral_oleg_no_quest_short_integrated/memb2.jpg HTTP/1.1
Host: lzu.binodone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lzu.binodone.com/c.php?k=63r1l5p2seqav3mqsdvc&clickid=670fe133327922000142e655&affpid=365&action_id=usdesktop&referrer=https:/bing.com/&sub1=sxy&sub2=&sub3=&sub4=&sub5=&sub6=
Cookie: uclick=zwa2e2dudz; uclickhash=zwa2e2dudz-zwa2e2du6o-j68n-twqd-2tx9dz-zw3v8n-zwrndz-a3681e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 14 Apr 2025 05:47:29 GMT
content-type: image/jpeg
content-length: 2158
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=doMlOrwgq%2BtRUSQudlfQb3CQo90zAMdMqYRMbXNhVZ0qfu8UqgCCiZLJU2Pm%2F2IVBOIK%2BPT1y3WqhyWeiFjt1zVKCnN9MyRcRpU4j%2FoAF9SU9cRSxy8%2BR%2Bws9HnHaKB4j3nt"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 20 Jul 2021 10:52:27 GMT
etag: "60f6aaeb-86e"
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
cf-ray: 9300e8a5ac2d12a5-CPH
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=54749&min_rtt=42784&rtt_var=21694&sent=30&recv=29&lost=0&retrans=0&sent_bytes=4459&recv_bytes=6563&delivery_rate=1215&cwnd=12000&unsent_bytes=0&cid=a4b1794b7e9e8aef&ts=999&x=16"
GET lzu.binodone.com/landers/vcland1_univeral_oleg_no_quest_short_integrated/girl.jpg
200 OK 159 kB URL GET lzu.binodone.com/landers/vcland1_univeral_oleg_no_quest_short_integrated/girl.jpg
IP
Requested by https://lzu.binodone.com/c.php?k=63r1l5p2seqav3mqsdvc&clickid=670fe133327922000142e655&affpid=365&action_id=usdesktop&referrer=https:/bing.com/&sub1=sxy&sub2=&sub3=&sub4=&sub5=&sub6=
Certificate IssuerGoogle Trust Services
Subjectbinodone.com
Fingerprint83:A9:57:84:65:CB:A9:C3:4E:32:F8:9B:24:E4:AB:C5:FC:7C:03:64
ValidityWed, 02 Apr 2025 16:02:28 GMT - Tue, 01 Jul 2025 16:59:27 GMT
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 480x482, components 3
Size 159 kB (158803 bytes)
Hash 05b7986e46fbe523dd0d69e9af49e746
1b886c4cdbee7c7fbfbb8b09e0a11bd7a07fcd76
e2adf989e05a9d439d72b8a8b0db73932c30ec785db3b1305aed9e16b1099aec
GET /landers/vcland1_univeral_oleg_no_quest_short_integrated/girl.jpg HTTP/1.1
Host: lzu.binodone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lzu.binodone.com/c.php?k=63r1l5p2seqav3mqsdvc&clickid=670fe133327922000142e655&affpid=365&action_id=usdesktop&referrer=https:/bing.com/&sub1=sxy&sub2=&sub3=&sub4=&sub5=&sub6=
Cookie: uclick=zwa2e2dudz; uclickhash=zwa2e2dudz-zwa2e2du6o-j68n-twqd-2tx9dz-zw3v8n-zwrndz-a3681e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 14 Apr 2025 05:47:29 GMT
content-type: image/jpeg
content-length: 158803
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SmNZnxyrOn30y7%2FAo6LL8FHIt1jq63z9xbck9XzhZRCrakU0matfYAxcEehN0H0QmimkdkR8A%2B0FJNBDLuAYZdKwxDgZxS83Pa2eiG%2BXBPT4PxTtMkraHKulP6CIGpWBFDG3"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 20 Jul 2021 10:52:27 GMT
etag: "60f6aaeb-26c53"
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
cf-ray: 9300e8a57c1212a5-CPH
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=54749&min_rtt=42784&rtt_var=21694&sent=30&recv=29&lost=0&retrans=0&sent_bytes=4459&recv_bytes=6563&delivery_rate=1215&cwnd=12000&unsent_bytes=0&cid=a4b1794b7e9e8aef&ts=1170&x=16"
GET lzu.binodone.com/favicon.ico
200 OK 0 B URL GET lzu.binodone.com/favicon.ico
IP
Requested by https://lzu.binodone.com/c.php?k=63r1l5p2seqav3mqsdvc&clickid=670fe133327922000142e655&affpid=365&action_id=usdesktop&referrer=https:/bing.com/&sub1=sxy&sub2=&sub3=&sub4=&sub5=&sub6=
Certificate IssuerGoogle Trust Services
Subjectbinodone.com
Fingerprint83:A9:57:84:65:CB:A9:C3:4E:32:F8:9B:24:E4:AB:C5:FC:7C:03:64
ValidityWed, 02 Apr 2025 16:02:28 GMT - Tue, 01 Jul 2025 16:59:27 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: lzu.binodone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lzu.binodone.com/c.php?k=63r1l5p2seqav3mqsdvc&clickid=670fe133327922000142e655&affpid=365&action_id=usdesktop&referrer=https:/bing.com/&sub1=sxy&sub2=&sub3=&sub4=&sub5=&sub6=
Cookie: uclick=zwa2e2dudz; uclickhash=zwa2e2dudz-zwa2e2du6o-j68n-twqd-2tx9dz-zw3v8n-zwrndz-a3681e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 14 Apr 2025 05:47:30 GMT
content-type: text/html; charset=UTF-8
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z0U8ya0bBBP7oJRwcvsUyN01YIgWxwC%2Fiu8366G1DCzJ9bOlXA9E6gHgilal8Aeiv9fho5dnF07wkdd7EHuBsgrcm56QL%2BFiTCYd1mo%2FdecQWKp9Zx%2BFtHqv2TaWzT5X43Re"}],"group":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: HIT
age: 5686
last-modified: Mon, 14 Apr 2025 04:12:44 GMT
content-encoding: br
cf-ray: 9300e8aa4e7c12a5-CPH
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=54749&min_rtt=42784&rtt_var=21694&sent=30&recv=29&lost=0&retrans=0&sent_bytes=4459&recv_bytes=6563&delivery_rate=1215&cwnd=12000&unsent_bytes=0&cid=a4b1794b7e9e8aef&ts=1673&x=16"
POST lzu.binodone.com/cdn-cgi/challenge-platform/h/b/jsd/r/0.6538234075570615:1744607519:W9eGrYCWanE6ZIirfCW4lH0ATCg0ThnQkrcauwj24GY/9300e89e5f8c92bc
200 OK 0 B URL POST lzu.binodone.com/cdn-cgi/challenge-platform/h/b/jsd/r/0.6538234075570615:1744607519:W9eGrYCWanE6ZIirfCW4lH0ATCg0ThnQkrcauwj24GY/9300e89e5f8c92bc
IP
Requested by https://lzu.binodone.com/c.php?k=63r1l5p2seqav3mqsdvc&clickid=670fe133327922000142e655&affpid=365&action_id=usdesktop&referrer=https:/bing.com/&sub1=sxy&sub2=&sub3=&sub4=&sub5=&sub6=
Certificate IssuerGoogle Trust Services
Subjectbinodone.com
Fingerprint83:A9:57:84:65:CB:A9:C3:4E:32:F8:9B:24:E4:AB:C5:FC:7C:03:64
ValidityWed, 02 Apr 2025 16:02:28 GMT - Tue, 01 Jul 2025 16:59:27 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /cdn-cgi/challenge-platform/h/b/jsd/r/0.6538234075570615:1744607519:W9eGrYCWanE6ZIirfCW4lH0ATCg0ThnQkrcauwj24GY/9300e89e5f8c92bc HTTP/1.1
Host: lzu.binodone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 12146
Origin: https://lzu.binodone.com
DNT: 1
Connection: keep-alive
Referer: https://lzu.binodone.com/c.php?k=63r1l5p2seqav3mqsdvc&clickid=670fe133327922000142e655&affpid=365&action_id=usdesktop&referrer=https:/bing.com/&sub1=sxy&sub2=&sub3=&sub4=&sub5=&sub6=
Cookie: uclick=zwa2e2dudz; uclickhash=zwa2e2dudz-zwa2e2du6o-j68n-twqd-2tx9dz-zw3v8n-zwrndz-a3681e
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 14 Apr 2025 05:47:30 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CQNQNbVefYqcoWJ94oIIfkoQ7uQy9F9zYRleQxJBYQoefDa2qyjzIb1%2FupEMy%2FABEcXHp9qYBBVGlLEcAGmeEQTXA9pQPEvkDDLsaOaYcXrAixJ4ioO6D%2BXMA%2ByyvwuebKU3"}],"group":"cf-nel","max_age":604800}
set-cookie: cf_clearance=B9kaykFvqYyzkOgxnMsX4l8MZ36rKDqDt3wRGp41N_w-1744609650-1.2.1.1-lz3_UhYQL.y3mIZBa89V_vHK6CN39xW8jP0akMDwmfcfM9sEay0qR.VAb3wDMAw4O0G1vTilm3SM9D3VYvMYshHjtfgJ1DafIWUAjoUHok7Ef78pmrffGKZuGOhtpo8bleB5V2tGsW5xBC8RjTxqyfVTpmXFUiqN4vVtjMvL0NtEHI5fVeLH2DeE1nW7FYaUH84yLsQyO9w.ORivbOW.Di6nFKTM5MGkwnshVrnTwX9JpluVvP5srTcOe5UDiLNXdIQkZbEQIJ8o168oZby66.SDLeboO8M6hYbktGHVfHcIn3E4t917hNiOzQqxyn71.biV6paGRNNxyNCAZhOlcR8qlUKh4B87Ozc.L1uqN1Y; HttpOnly; SameSite=None; Partitioned; Secure; Path=/; Domain=binodone.com; Expires=Tue, 14 Apr 2026 05:47:30 GMT
cf-ray: 9300e8acdfb912a5-CPH
server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=54749&min_rtt=42784&rtt_var=21694&sent=30&recv=29&lost=0&retrans=0&sent_bytes=4459&recv_bytes=6563&delivery_rate=1215&cwnd=12000&unsent_bytes=0&cid=a4b1794b7e9e8aef&ts=2082&x=16"
GET omcrobata.com/pfe/current/micro.tag.min.js?z=6199255&sw=/sw-check-permissions-b9b9f.js
200 OK 48 kB URL GET omcrobata.com/pfe/current/micro.tag.min.js?z=6199255&sw=/sw-check-permissions-b9b9f.js
IP
Requested by https://lzu.binodone.com/c.php?k=63r1l5p2seqav3mqsdvc&clickid=670fe133327922000142e655&affpid=365&action_id=usdesktop&referrer=https:/bing.com/&sub1=sxy&sub2=&sub3=&sub4=&sub5=&sub6=
Certificate IssuerLet's Encrypt
Subjectomcrobata.com
FingerprintDA:7D:F7:E4:F2:7A:61:12:53:50:98:91:8E:EC:D3:12:60:0E:16:CB
ValidityFri, 21 Feb 2025 05:09:51 GMT - Thu, 22 May 2025 05:09:50 GMT
File type JavaScript source, ASCII text, with very long lines (48545), with no line terminators
Hash 57d9f7cadd2b693207dc99d2834fd686
b2bcb8110603329964e0b9e6693fd9d0ac341fee
9265c0c8d0c0498e8ecfbf77be9ebf811992a3293b17c4a983c52024697015d2
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /pfe/current/micro.tag.min.js?z=6199255&sw=/sw-check-permissions-b9b9f.js HTTP/1.1
Host: omcrobata.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lzu.binodone.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Mon, 14 Apr 2025 05:47:31 GMT
content-type: application/javascript
last-modified: Thu, 10 Apr 2025 16:32:07 GMT
etag: W/"67f7f287-bda1"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
POST omcrobata.com/event
200 OK 81 B IP
Requested by https://lzu.binodone.com/c.php?k=63r1l5p2seqav3mqsdvc&clickid=670fe133327922000142e655&affpid=365&action_id=usdesktop&referrer=https:/bing.com/&sub1=sxy&sub2=&sub3=&sub4=&sub5=&sub6=
Certificate IssuerLet's Encrypt
Subjectomcrobata.com
FingerprintDA:7D:F7:E4:F2:7A:61:12:53:50:98:91:8E:EC:D3:12:60:0E:16:CB
ValidityFri, 21 Feb 2025 05:09:51 GMT - Thu, 22 May 2025 05:09:50 GMT
Hash 2762ea199cea7e5b023705b34fd96cba
4311312d944615c33281d27e6f0487cf2e43d7c2
e11595a6516156d132a0cae6dcc93164dba534cfd8e885748a6449bb91fd8278
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /event HTTP/1.1
Host: omcrobata.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lzu.binodone.com/
Content-Type: application/json
Content-Length: 510
Origin: https://lzu.binodone.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Mon, 14 Apr 2025 05:47:32 GMT
content-type: application/json; charset=utf-8
content-length: 81
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://lzu.binodone.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
GET lzu.binodone.com/c.php?k=63r1l5p2seqav3mqsdvc&clickid=670fe133327922000142e655&affpid=365&action_id=usdesktop&referrer=https:/bing.com/&sub1=sxy&sub2=&sub3=&sub4=&sub5=&sub6=
200 OK 14 kB URL User Request GET lzu.binodone.com/c.php?k=63r1l5p2seqav3mqsdvc&clickid=670fe133327922000142e655&affpid=365&action_id=usdesktop&referrer=https:/bing.com/&sub1=sxy&sub2=&sub3=&sub4=&sub5=&sub6=
IP
Certificate IssuerGoogle Trust Services
Subjectbinodone.com
Fingerprint83:A9:57:84:65:CB:A9:C3:4E:32:F8:9B:24:E4:AB:C5:FC:7C:03:64
ValidityWed, 02 Apr 2025 16:02:28 GMT - Tue, 01 Jul 2025 16:59:27 GMT
File type HTML document, Unicode text, UTF-8 text, with very long lines (952)
Hash 6c6124047dc9db728767bb85c0d75f71
ebba6785b1912a55d587a8228f7695c958827258
ecaad37383669c3263279240f9f3bbffcdba62e4f018be8aea56c83471271dd4
GET /c.php?k=63r1l5p2seqav3mqsdvc&clickid=670fe133327922000142e655&affpid=365&action_id=usdesktop&referrer=https:/bing.com/&sub1=sxy&sub2=&sub3=&sub4=&sub5=&sub6= HTTP/1.1
Host: lzu.binodone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 14 Apr 2025 05:47:28 GMT
content-type: text/html; charset=utf-8
set-cookie: uclick=zwa2e2dudz; expires=Tue, 15-Apr-2025 05:47:28 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclickhash=zwa2e2dudz-zwa2e2dudz-1z-tw7s-9ra5-wfgmwj-wfgmvr-b1afd8; expires=Tue, 15-Apr-2025 05:47:28 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclick=zwa2e2dudz; expires=Tue, 15-Apr-2025 05:47:28 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclickhash=zwa2e2dudz-zwa2e2du6o-j68n-twqd-2tx9dz-zw3v8n-zwrndz-a3681e; expires=Tue, 15-Apr-2025 05:47:28 GMT; Max-Age=86400; path=/; secure; SameSite=none
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y9c2APpeAYYOBMCotQPJLvtlEE2TmcObMwo%2FpwynV%2FcNOOZPYuPEGAUe%2FiUsnXlOv7jFe8F2bJbWPPdS3aWXSoZq1J6UkAwS2InZROWyKf5cO2SlMtEcc2RuTeYh5vVl9mQn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 9300e89e5f8c92bc-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=22121&min_rtt=21779&rtt_var=4086&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3199&recv_bytes=1241&delivery_rate=197382&cwnd=254&unsent_bytes=0&cid=109b7a82703d50eb&ts=169&x=0"
X-Firefox-Spdy: h2
GET lzu.binodone.com/landers/vcland1_univeral_oleg_no_quest_short_integrated/style.css
200 OK 7.3 kB URL GET lzu.binodone.com/landers/vcland1_univeral_oleg_no_quest_short_integrated/style.css
IP
Requested by https://lzu.binodone.com/c.php?k=63r1l5p2seqav3mqsdvc&clickid=670fe133327922000142e655&affpid=365&action_id=usdesktop&referrer=https:/bing.com/&sub1=sxy&sub2=&sub3=&sub4=&sub5=&sub6=
Certificate IssuerGoogle Trust Services
Subjectbinodone.com
Fingerprint83:A9:57:84:65:CB:A9:C3:4E:32:F8:9B:24:E4:AB:C5:FC:7C:03:64
ValidityWed, 02 Apr 2025 16:02:28 GMT - Tue, 01 Jul 2025 16:59:27 GMT
File type ASCII text, with CRLF line terminators
Hash 9a49659ecc75425339dde0c7205a9e84
931f628c7aa8b9315a1b24c65725f0e7656fa042
e11590ae47f82307c777d17f9de9aa26a5fa46ec7fddfe7074876adde271848c
GET /landers/vcland1_univeral_oleg_no_quest_short_integrated/style.css HTTP/1.1
Host: lzu.binodone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lzu.binodone.com/c.php?k=63r1l5p2seqav3mqsdvc&clickid=670fe133327922000142e655&affpid=365&action_id=usdesktop&referrer=https:/bing.com/&sub1=sxy&sub2=&sub3=&sub4=&sub5=&sub6=
Cookie: uclick=zwa2e2dudz; uclickhash=zwa2e2dudz-zwa2e2du6o-j68n-twqd-2tx9dz-zw3v8n-zwrndz-a3681e
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 14 Apr 2025 05:47:29 GMT
content-type: text/css
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kqmON%2FpgeJ0acS0AEINWzdleTeu90glOencSRPmWlsMI5J6yhNp0xR5MEFTjR6MW79%2FHfzHRg09aLj8ZItIGcLyEmp5ZM4H9xcW8FdcR9boEmvHVQ2Oe3KqNMjbMNZvmfjea"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 20 Jul 2021 10:52:27 GMT
etag: W/"60f6aaeb-1c93"
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: MISS
content-encoding: br
cf-ray: 9300e8a55bff12a5-CPH
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=54749&min_rtt=42784&rtt_var=21694&sent=30&recv=29&lost=0&retrans=0&sent_bytes=4459&recv_bytes=6563&delivery_rate=1215&cwnd=12000&unsent_bytes=0&cid=a4b1794b7e9e8aef&ts=1013&x=16"
GET lzu.binodone.com/landers/vcland1_univeral_oleg_no_quest_short_integrated/memb1.jpg
200 OK 2.7 kB URL GET lzu.binodone.com/landers/vcland1_univeral_oleg_no_quest_short_integrated/memb1.jpg
IP
Requested by https://lzu.binodone.com/c.php?k=63r1l5p2seqav3mqsdvc&clickid=670fe133327922000142e655&affpid=365&action_id=usdesktop&referrer=https:/bing.com/&sub1=sxy&sub2=&sub3=&sub4=&sub5=&sub6=
Certificate IssuerGoogle Trust Services
Subjectbinodone.com
Fingerprint83:A9:57:84:65:CB:A9:C3:4E:32:F8:9B:24:E4:AB:C5:FC:7C:03:64
ValidityWed, 02 Apr 2025 16:02:28 GMT - Tue, 01 Jul 2025 16:59:27 GMT
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], comment: "Optimized by JPEGmini 3.9.20.0L Internal 0x950315ca", progressive, precision 8, 48x48, components 3
Hash 9ee12650decc6fc50965b11e97d010df
7b38bdfd199c94d02666025e86d2c00d8f335f55
b13adcf440f043e172db7bc264d1ecb350a01c09722b9f32e89aa3effc0ceb89
GET /landers/vcland1_univeral_oleg_no_quest_short_integrated/memb1.jpg HTTP/1.1
Host: lzu.binodone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lzu.binodone.com/c.php?k=63r1l5p2seqav3mqsdvc&clickid=670fe133327922000142e655&affpid=365&action_id=usdesktop&referrer=https:/bing.com/&sub1=sxy&sub2=&sub3=&sub4=&sub5=&sub6=
Cookie: uclick=zwa2e2dudz; uclickhash=zwa2e2dudz-zwa2e2du6o-j68n-twqd-2tx9dz-zw3v8n-zwrndz-a3681e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 14 Apr 2025 05:47:29 GMT
content-type: image/jpeg
content-length: 2733
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Jg7Z8vF9ZgchDjqHhxhBUlaeHxBrCI6iGVnTBkL%2BN5bd%2F2PMINTk%2B6PY7wiXLL2iV4CZrs53DCPoZXXpH54dK%2FG7BRYCAgJMpUT0uvPrwXfUvVrgm6fVZFqOAU%2FTbo9PHZMV"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 20 Jul 2021 10:52:27 GMT
etag: "60f6aaeb-aad"
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
cf-ray: 9300e8a58c1f12a5-CPH
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=54749&min_rtt=42784&rtt_var=21694&sent=30&recv=29&lost=0&retrans=0&sent_bytes=4459&recv_bytes=6563&delivery_rate=1215&cwnd=12000&unsent_bytes=0&cid=a4b1794b7e9e8aef&ts=979&x=16"
172.67.200.182
139.45.197.121
0.0.0.0