Report - discordproxy.zavo.eu/

Report Overview

Submitted URL
discordproxy.zavo.eu/
IP
5.189.161.208
ASN
#51167 Contabo GmbH
Submitted
2023-06-05 23:42:49
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
78

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.googletagmanager.com	75	2011-11-11	2013-05-22	2023-06-05	495 B	50 kB	142.250.74.168
discord.com	1053	2000-11-06	2013-06-04	2023-06-05	6.8 kB	18 kB	162.159.137.232
geolocation.onetrust.com	802	2004-01-12	2018-02-07	2023-06-05	487 B	468 B	104.18.28.38
discordproxy.zavo.eu	unknown	unknown	2022-01-24	2023-05-21	24 kB	2.8 MB	5.189.161.208
ocsp.pki.goog	175	2016-06-13	2018-07-01	2023-06-05	999 B	2.1 kB	142.250.74.131
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2023-06-05	441 B	1.6 kB	142.250.74.106

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator
2023-06-05	medium	discordproxy.zavo.eu/
2023-06-05	medium	discordproxy.zavo.eu/
2023-06-05	medium	discordproxy.zavo.eu/
2023-06-05	medium	discordproxy.zavo.eu/
2023-06-05	medium	discordproxy.zavo.eu/
2023-06-05	medium	discordproxy.zavo.eu/
2023-06-05	medium	discordproxy.zavo.eu/
2023-06-05	medium	discordproxy.zavo.eu/
2023-06-05	medium	discordproxy.zavo.eu/
2023-06-05	medium	discordproxy.zavo.eu/
2023-06-05	medium	discordproxy.zavo.eu/
2023-06-05	medium	discordproxy.zavo.eu/
2023-06-05	medium	discordproxy.zavo.eu/
2023-06-05	medium	discordproxy.zavo.eu/
2023-06-05	medium	discordproxy.zavo.eu/
2023-06-05	medium	discordproxy.zavo.eu/
2023-06-05	medium	discordproxy.zavo.eu/
2023-06-05	medium	discordproxy.zavo.eu/
2023-06-05	medium	discordproxy.zavo.eu/
2023-06-05	medium	discordproxy.zavo.eu/
2023-06-05	medium	discordproxy.zavo.eu/
2023-06-05	medium	discordproxy.zavo.eu/
2023-06-05	medium	discordproxy.zavo.eu/
2023-06-05	medium	discordproxy.zavo.eu/
2023-06-05	medium	discordproxy.zavo.eu/
2023-06-05	medium	discordproxy.zavo.eu/
2023-06-05	medium	discordproxy.zavo.eu/
2023-06-05	medium	discordproxy.zavo.eu/
2023-06-05	medium	discordproxy.zavo.eu/
2023-06-05	medium	discordproxy.zavo.eu/
2023-06-05	medium	discordproxy.zavo.eu/
2023-06-05	medium	discordproxy.zavo.eu/
2023-06-05	medium	discordproxy.zavo.eu/
2023-06-05	medium	discordproxy.zavo.eu/
2023-06-05	medium	discordproxy.zavo.eu/
2023-06-05	medium	discordproxy.zavo.eu/
2023-06-05	medium	discordproxy.zavo.eu/
2023-06-05	medium	discordproxy.zavo.eu/
2023-06-05	medium	discordproxy.zavo.eu/

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (19)

	URL	Size	First Seen	Last Seen
	discordproxy.zavo.eu/assets/5dad45edaf34653f44ae.js	10 kB	2023-05-22	2023-06-06
Pretty URL discordproxy.zavo.eu/assets/5dad45edaf34653f44ae.js IP 5.189.161.208 ASN #51167 Contabo GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-22 03:01:13 Last Seen2023-06-06 14:51:27 Times Seen22 Hash aa97b684457f812703bea85b6e80089b c4c708d9a91aabfaea2b4ca9a373d536dc88c78c 2370e588945eb309259b38f5a71d27917210fdfa942b8b6c5ff8d3a1b7461e51 Loading...

	discordproxy.zavo.eu/assets/ab6b85947fdc029972fc.js	27 kB	2023-05-22	2023-06-06
Pretty URL discordproxy.zavo.eu/assets/ab6b85947fdc029972fc.js IP 5.189.161.208 ASN #51167 Contabo GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-22 03:01:13 Last Seen2023-06-06 14:51:27 Times Seen22 Hash 36295d596d24d4c1e90ae336e50b80df 2952cc373ed1408eeb91eb927b5ff6a96a296970 c8fce93be1c2c96540cc08877974ace7c0120221e30e357c437937820679425b Loading...

	discordproxy.zavo.eu/assets/oneTrust/v4/scripttemplates/otSDKStub.js	21 kB	2023-03-07	2024-05-06
Pretty URL discordproxy.zavo.eu/assets/oneTrust/v4/scripttemplates/otSDKStub.js IP 5.189.161.208 ASN #51167 Contabo GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:42:58 Last Seen2024-05-06 18:28:26 Times Seen464 Hash 5b2ab40ec5c55209f5747c46875e2061 c86a5fa5cbc45390f38afb67552bde9e167d45e5 03aa6fcac2902227e1b66a01b87824692f708bbf9bfe441784f8ed22d677f6de Loading...

	discordproxy.zavo.eu/assets/dd0a4446599090ce6f77.js	7.6 kB	2023-05-22	2023-06-06
Pretty URL discordproxy.zavo.eu/assets/dd0a4446599090ce6f77.js IP 5.189.161.208 ASN #51167 Contabo GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-22 03:01:14 Last Seen2023-06-06 14:51:27 Times Seen17 Hash 755666f3f79b0f9be242452f568b0a12 002f5e20b999792de73a5e18a29cb07d8d8688df 9ea00a56c347ee4c1dd821d6bae819c5c058f89a0fb3ea44573e0dc38409d312 Loading...

	discordproxy.zavo.eu/assets/a8d94c3758e4ecb0a978.js	12 kB	2023-05-22	2023-06-06
Pretty URL discordproxy.zavo.eu/assets/a8d94c3758e4ecb0a978.js IP 5.189.161.208 ASN #51167 Contabo GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-22 03:01:14 Last Seen2023-06-06 14:51:27 Times Seen22 Hash 41ea4dc75e776338b5e267bf8dee4b60 2fb64c67589c1358bb21debb19f2cb1d465772c2 2c320c0c658d611c806a5f1d2cfc580cdf47e4081526549a00f04fc94373216e Loading...

	discordproxy.zavo.eu/assets/e5f146e759a4009131da.js	39 kB	2023-05-22	2023-06-06
Pretty URL discordproxy.zavo.eu/assets/e5f146e759a4009131da.js IP 5.189.161.208 ASN #51167 Contabo GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-22 03:01:13 Last Seen2023-06-06 14:51:27 Times Seen22 Hash 98967a1f8ca8124c0f7d87936b0dcc9f fe0e5e0385f4ff650483d770d0f7125918977271 0488b7200906d01ebfc26a9898918b3e219433f560316cbb79fb4f39cc0eefa5 Loading...

	discordproxy.zavo.eu/assets/oneTrust/v4/scripttemplates/6.33.0/otBannerSdk.js	344 kB	2023-04-05	2024-05-10
Pretty URL discordproxy.zavo.eu/assets/oneTrust/v4/scripttemplates/6.33.0/otBannerSdk.js IP 5.189.161.208 ASN #51167 Contabo GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 02:48:13 Last Seen2024-05-10 09:07:11 Times Seen1662 Hash 656a4fd9013f905080debdd038f06b94 6843484ea4be1a3415ea554bb8b7aaa6e311554a 0152531ece5b19aa743208c31fd9f9284282bc97a2ec666de5cf770a9aeee0fa Loading...

	discordproxy.zavo.eu/	2 B	2023-03-07	2024-05-10
Pretty URL discordproxy.zavo.eu/ IP 5.189.161.208 ASN #51167 Contabo GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:16:29 Last Seen2024-05-10 16:06:42 Times Seen2642 Hash 23b58def11b45727d3351702515f86af 099600a10a944114aac406d136b625fb416dd779 6c179f21e6f62b629055d8ab40f454ed02e48b68563913473b857d3638e23b28 Loading...

	discordproxy.zavo.eu/	103 B	2023-03-07	2024-03-29
Pretty URL discordproxy.zavo.eu/ IP 5.189.161.208 ASN #51167 Contabo GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:23:32 Last Seen2024-03-29 17:05:24 Times Seen210 Hash b2924e35869393bfdd378a7a4e0cd0c5 9804c773ba3f80804a4d916ae25291a369183a0c eae0fa4bdd53b76cef02cb2db3f9331f910a4ba35e32cefe36b06842369e479f Loading...

	discordproxy.zavo.eu/	988 B	2023-03-07	2023-10-03
Pretty URL discordproxy.zavo.eu/ IP 5.189.161.208 ASN #51167 Contabo GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:42:58 Last Seen2023-10-03 09:46:51 Times Seen84 Hash e6aa1058566ee26b816d34283cf45328 7841313364bcc53feed5dfd03367999ace10878c 4bc7f7554f50625895a95cdf70140ef97e7f38f33a5da497e171723a0f3a4fe2 Loading...

	discordproxy.zavo.eu/assets/fe3820012a2ad71a1c47.js	49 kB	2023-05-22	2023-06-06
Pretty URL discordproxy.zavo.eu/assets/fe3820012a2ad71a1c47.js IP 5.189.161.208 ASN #51167 Contabo GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-22 03:01:14 Last Seen2023-06-06 14:51:27 Times Seen22 Hash 9bbd27944291b5d0b739520f551015be 5c07ed32f5f26dfd3ac4560029dad2faa0970158 d351f77f8a0e004a2520780ce0eaf4f7a9c0e255af24a59e6f6d2c9e285a92fd Loading...

	discordproxy.zavo.eu/cdn-cgi/challenge-platform/scripts/invisible.js	25 kB	2023-06-06	2023-06-06
Pretty URL discordproxy.zavo.eu/cdn-cgi/challenge-platform/scripts/invisible.js IP 5.189.161.208 ASN #51167 Contabo GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-06 01:34:34 Last Seen2023-06-06 01:42:52 Times Seen4 Hash 340ccf0f9db71ff6cfa08bec4faa2507 5ea621144f4f42cc85a5e62526eb4c7d0e09dad9 4883a5ad6ef448b44685bb099b1f0f9673d1135f1a88549c40440b9be98b7c8c Loading...

	discordproxy.zavo.eu/	381 B	2023-03-07	2024-03-29
Pretty URL discordproxy.zavo.eu/ IP 5.189.161.208 ASN #51167 Contabo GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:42:58 Last Seen2024-03-29 17:05:24 Times Seen193 Hash 2d64cceb2ac83bd0f27352d5e7f31bda 5a5ee99329457c9f010a6c81e3d9526782926002 96bf8b95cd8e6615d29735b57016378e585a524ae3b4218f4801366c538fe96b Loading...

	discordproxy.zavo.eu/assets/13610c6bf22c3c298b1c.js	6.9 MB	2023-05-22	2023-06-06
Pretty URL discordproxy.zavo.eu/assets/13610c6bf22c3c298b1c.js IP 5.189.161.208 ASN #51167 Contabo GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-22 03:01:14 Last Seen2023-06-06 14:51:26 Times Seen17 Hash 6862a75144e860ae2611e7a7d55ddced 3c7856c4bcf74ad6ea967453ebb6eb0ee3298bc5 49caceded55f4effcfa68ccd087c293f50b1c7af6f4e4d7b8144e6db1d603d7c Loading...

	discordproxy.zavo.eu/assets/bc835ffec1786d03072a.js	296 kB	2023-05-04	2023-06-06
Pretty URL discordproxy.zavo.eu/assets/bc835ffec1786d03072a.js IP 5.189.161.208 ASN #51167 Contabo GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-04 14:44:07 Last Seen2023-06-06 14:51:27 Times Seen24 Hash b7cbeafbf30bdfa4fd3cee11c3179520 b5fa229ad1c5e200ed2605784ebeeea883fb0e5c 4ed3b9d5d4d7485eec7f725b6545e975d2ed98f8b50417226470a2d800e1a091 Loading...

	discordproxy.zavo.eu/	1.3 kB	2023-06-06	2023-06-06
Pretty URL discordproxy.zavo.eu/ IP 5.189.161.208 ASN #51167 Contabo GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-06 01:42:51 Last Seen2023-06-06 01:42:51 Times Seen1 Hash 69948c872135efb0a0b7b22eada9b219 2e99cb743b9cf9cf5415852e9f64241693251855 30c6d5e13f668ef1c59edb31d480dc2bc7c46594d7d146955c8d237d7f6d6f8a Loading...

	unknown	397 B	2023-06-06	2023-06-06
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-06 01:42:51 Last Seen2023-06-06 01:42:51 Times Seen1 Hash 6d191431b860d191b8877fcc5ecbd391 998830ae1b4d047e7a8c184899a5499d849af3d8 3535099de5fdbe6030d81efa85582d42a2b4706580ecace59ea5325da7a8795f Loading...

	discordproxy.zavo.eu/assets/98bfb77520b6bf4380ee.js	80 kB	2023-05-01	2023-06-21
Pretty URL discordproxy.zavo.eu/assets/98bfb77520b6bf4380ee.js IP 5.189.161.208 ASN #51167 Contabo GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-01 12:55:20 Last Seen2023-06-21 02:17:29 Times Seen37 Hash d0b2a6e98ea68140f32238a9cc4a1bad 520961236007bed857c49fffb62e4fb64c8a234f 97591a5e79b5967135a4b721e89d7a1d46a841860cb7fe4d45e4a56651ff7cc0 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-N7BVC2W&gtm_auth=GI0g9O-54_SitcgmxQKxlA&gtm_preview=env-2&gtm_cookies_win=x	128 kB	2023-06-06	2023-06-06
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-N7BVC2W&gtm_auth=GI0g9O-54_SitcgmxQKxlA&gtm_preview=env-2&gtm_cookies_win=x IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-06 01:42:51 Last Seen2023-06-06 01:42:51 Times Seen2 Hash f33815f035df9f6d2cb6cfa75630b2d5 a84b5221e2e6520782655cfcfc9c592642d6b290 4f2bf3fd10f3cc188ac894c23379bf38fc1d5a7ecc482753ae3902ec8fc5de53 Loading...

HTTP Transactions (53)

URL IP Response Size

discordproxy.zavo.eu/

5.189.161.208

200 OK

10 kB

URL User Request GET HTTP/1.1
discordproxy.zavo.eu/
IP
5.189.161.208:443
ASN
#51167 Contabo GmbH

Certificate
IssuerLet's Encrypt
Subjectdiscordproxy.zavo.eu
Fingerprint04:6A:2F:EE:57:1D:13:1C:32:B2:04:1C:62:15:73:98:8A:15:32:09
ValiditySun, 21 May 2023 19:03:07 GMT - Sat, 19 Aug 2023 19:03:06 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (37597)
Size
10 kB (10506 bytes)
Hash
a54dd4a833d446326ffa32845f66f678
78fc4b6466ace2a065cb205e53ea2ff74befdfd4
48c8cb2a0db68267e4fcdc099f17fb81231271f2296c02f7593f8b829c8612e8

Detections

Analyzer	Verdict	Alert
openphish	Discord

HTTP Headers

GET / HTTP/1.1
Host: discordproxy.zavo.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Mon, 05 Jun 2023 23:42:27 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 7d2c45af1fe99b95-FRA
CF-Cache-Status: HIT
Cache-Control: private
Last-Modified: Fri, 19 May 2023 19:21:16 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'nonce-NTMsMTAyLDE5OSwxOTAsNjAsNDgsNTgsMjA0' https://discord.com https://www.googletagmanager.com https://connect.facebook.net https://www.google-analytics.com https://ssl.google-analytics.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://hcaptcha.com https://*.hcaptcha.com https://s.ytimg.com/yts/jsbin/ https://www.youtube.com/iframe_api https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.hcaptcha.com https://hcaptcha.com; img-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://www.facebook.com https://cdn.discordapp.com https://hackerone-api.discord.workers.dev/user-avatars/ https://safety.discord.com https://discordmoderatoracademy.zendesk.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://discordapp.com https://discord.com https://connect.facebook.net https://api.greenhouse.io https://api.github.com https://sentry.io https://www.google-analytics.com https://hackerone-api.discord.workers.dev https://*.hcaptcha.com https://hcaptcha.com https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location ws://127.0.0.1:* http://127.0.0.1:*; media-src 'self' https://cdn.discordapp.com/assets/; frame-src https://discordapp.com/domain-migration https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://*.hcaptcha.com https://hcaptcha.com https://www.youtube.com/embed/ https://hackerone.com/631fba12-9388-43c3-8b48-348f11a883c0/ https://10851314.fls.doubleclick.net/;
Permissions-Policy: interest-cohort=()
X-Build-Id: d309c27b1517b65c859ed694e4c935c5c046e678
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qUqvBbsXlr3noIidHDQCYPF4oXrqKuEOcOwPWFIDmbb%2B2tBI9NRW00PCZmawY%2Fg9Pb53NfScuBOEsYpmig0GLyBLrJhBR40fwmR9ix4PY0%2BVxN1WBBG6PwX%2BF6SL"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Set-Cookie: __dcfduid=a140cd3003fa11eeb7e8cf3f5833ef74; Expires=Sat, 03 Jun 2028 23:42:27 GMT; Max-Age=157680000; Path=/; Secure; HttpOnly; SameSite=Lax
__sdcfduid=a140cd3103fa11eeb7e8cf3f5833ef74a9b5cf02801626dfc084d52a96b7ccfd6b591fe1c4b6f0bbe7c775c016754186; Expires=Sat, 03 Jun 2028 23:42:27 GMT; Max-Age=157680000; Path=/; Secure; HttpOnly; SameSite=Lax
__cfruid=9bb204536fd6e4b06e9fa4a4279bf0551e548c96-1686008547; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Content-Encoding: br
alt-svc: h3=":443"; ma=86400

discordproxy.zavo.eu/assets/0.c47519b5668780f22629.css

5.189.161.208

200 OK

52 kB

URL GET HTTP/1.1
discordproxy.zavo.eu/assets/0.c47519b5668780f22629.css
IP
5.189.161.208:443
ASN
#51167 Contabo GmbH

Requested by
https://discordproxy.zavo.eu/
Certificate
IssuerLet's Encrypt
Subjectdiscordproxy.zavo.eu
Fingerprint04:6A:2F:EE:57:1D:13:1C:32:B2:04:1C:62:15:73:98:8A:15:32:09
ValiditySun, 21 May 2023 19:03:07 GMT - Sat, 19 Aug 2023 19:03:06 GMT

File type
assembler source, ASCII text, with very long lines (44458)
Size
52 kB (52510 bytes)
Hash
ed95a394dbf3b88bad64d53839f05816
07db0802263ea7059f381eb59f90a1e7eb9e4286
ecf322ac732d6668bc1770e95d93e72a3f3cda3aa99be8c2979f88b89cb43d64

Detections

Analyzer	Verdict	Alert
openphish	Discord

HTTP Headers

GET /assets/0.c47519b5668780f22629.css HTTP/1.1
Host: discordproxy.zavo.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://discordproxy.zavo.eu/
Cookie: __dcfduid=a140cd3003fa11eeb7e8cf3f5833ef74; __sdcfduid=a140cd3103fa11eeb7e8cf3f5833ef74a9b5cf02801626dfc084d52a96b7ccfd6b591fe1c4b6f0bbe7c775c016754186
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Mon, 05 Jun 2023 23:42:28 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 7d2c45b1796630c0-FRA
CF-Cache-Status: HIT
Access-Control-Allow-Origin: https://discord.com
Cache-Control: public, max-age=2592000
ETag: W/"ed95a394dbf3b88bad64d53839f05816"
Last-Modified: Fri, 19 May 2023 19:21:14 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Vary: Origin, Accept-Encoding
Permissions-Policy: interest-cohort=()
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C3sU6R40J5%2B2CWXAWrOywIbRNTFSC1BelugETpyTxD4mYG7CV83WzCL5CLuSbOg%2Fccf9qLqCeJKK097ZfFaLPjWSwWWm6ezh%2B8BV7YMa8MdtTkzr%2BlV1T%2BiAVfJE"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Set-Cookie: __cfruid=a3431ba21d5c04ca8100b658e0c86a781667bba9-1686008548; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Content-Encoding: br
alt-svc: h3=":443"; ma=86400

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
f6e0fad54cb828605d258b3a3fc3494d
1998f119ae42787f25cac22435e05b7d8a7ecbcc
fdde19b20684979988b4db7567fdb883ef8cd0438f4c4ef053bdd058011f1dbc

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Jun 2023 23:42:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

discordproxy.zavo.eu/assets/a8d94c3758e4ecb0a978.js

5.189.161.208

200 OK

4.0 kB

URL GET HTTP/1.1
discordproxy.zavo.eu/assets/a8d94c3758e4ecb0a978.js
IP
5.189.161.208:443
ASN
#51167 Contabo GmbH

Requested by
https://discordproxy.zavo.eu/
Certificate
IssuerLet's Encrypt
Subjectdiscordproxy.zavo.eu
Fingerprint04:6A:2F:EE:57:1D:13:1C:32:B2:04:1C:62:15:73:98:8A:15:32:09
ValiditySun, 21 May 2023 19:03:07 GMT - Sat, 19 Aug 2023 19:03:06 GMT

File type
ASCII text, with very long lines (1000)
Size
4.0 kB (3995 bytes)
Hash
41ea4dc75e776338b5e267bf8dee4b60
2fb64c67589c1358bb21debb19f2cb1d465772c2
2c320c0c658d611c806a5f1d2cfc580cdf47e4081526549a00f04fc94373216e

Detections

Analyzer	Verdict	Alert
openphish	Discord

HTTP Headers

GET /assets/a8d94c3758e4ecb0a978.js HTTP/1.1
Host: discordproxy.zavo.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://discordproxy.zavo.eu/
Cookie: __dcfduid=a140cd3003fa11eeb7e8cf3f5833ef74; __sdcfduid=a140cd3103fa11eeb7e8cf3f5833ef74a9b5cf02801626dfc084d52a96b7ccfd6b591fe1c4b6f0bbe7c775c016754186
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Mon, 05 Jun 2023 23:42:28 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 7d2c45b2dc8e37f8-FRA
CF-Cache-Status: HIT
Access-Control-Allow-Origin: https://discord.com
Cache-Control: public, max-age=2592000
ETag: W/"41ea4dc75e776338b5e267bf8dee4b60"
Last-Modified: Fri, 21 Apr 2023 22:46:48 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Vary: Origin, Accept-Encoding
Permissions-Policy: interest-cohort=()
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bhB4vTxsyG3HUiPxgW1cgCznXk23s1zRhIINAoEknEqOF4tohZj0G6rJZthIYDrX1JrbUkidC3Bet1NqMSSjJj9QkRmWgy6JEyMLRyarlR0IGqD35%2BtEF0t97tHD"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Set-Cookie: __cfruid=a3431ba21d5c04ca8100b658e0c86a781667bba9-1686008548; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Content-Encoding: br
alt-svc: h3=":443"; ma=86400

discordproxy.zavo.eu/assets/oneTrust/v4/scripttemplates/otSDKStub.js

5.189.161.208

200 OK

6.9 kB

URL GET HTTP/1.1
discordproxy.zavo.eu/assets/oneTrust/v4/scripttemplates/otSDKStub.js
IP
5.189.161.208:443
ASN
#51167 Contabo GmbH

Requested by
https://discordproxy.zavo.eu/
Certificate
IssuerLet's Encrypt
Subjectdiscordproxy.zavo.eu
Fingerprint04:6A:2F:EE:57:1D:13:1C:32:B2:04:1C:62:15:73:98:8A:15:32:09
ValiditySun, 21 May 2023 19:03:07 GMT - Sat, 19 Aug 2023 19:03:06 GMT

File type
ASCII text, with very long lines (20605)
Size
6.9 kB (6928 bytes)
Hash
5b2ab40ec5c55209f5747c46875e2061
c86a5fa5cbc45390f38afb67552bde9e167d45e5
03aa6fcac2902227e1b66a01b87824692f708bbf9bfe441784f8ed22d677f6de

Detections

Analyzer	Verdict	Alert
openphish	Discord

HTTP Headers

GET /assets/oneTrust/v4/scripttemplates/otSDKStub.js HTTP/1.1
Host: discordproxy.zavo.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://discordproxy.zavo.eu/
Cookie: __dcfduid=a140cd3003fa11eeb7e8cf3f5833ef74; __sdcfduid=a140cd3103fa11eeb7e8cf3f5833ef74a9b5cf02801626dfc084d52a96b7ccfd6b591fe1c4b6f0bbe7c775c016754186
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Mon, 05 Jun 2023 23:42:28 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 7d2c45b2dd481a49-FRA
CF-Cache-Status: HIT
Access-Control-Allow-Origin: https://discord.com
Cache-Control: public, max-age=2592000
ETag: W/"5b2ab40ec5c55209f5747c46875e2061"
Last-Modified: Tue, 19 Apr 2022 21:08:45 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Vary: Origin, Accept-Encoding
Permissions-Policy: interest-cohort=()
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bp1xAIuW%2FsLXs2WGD3Zxkjsvwz3ZAD%2FLlN8EIM10nOIDTkgSRWEB8j3QFZzanGiu3QwXrlMBU%2BvId0FWOYcWGi7ftOQb7pwArTtoHXtPP2xzZ72XlsSk%2FauEOBNV"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Set-Cookie: __cfruid=a3431ba21d5c04ca8100b658e0c86a781667bba9-1686008548; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Content-Encoding: br
alt-svc: h3=":443"; ma=86400

discordproxy.zavo.eu/assets/dd0a4446599090ce6f77.js

5.189.161.208

200 OK

4.2 kB

URL GET HTTP/1.1
discordproxy.zavo.eu/assets/dd0a4446599090ce6f77.js
IP
5.189.161.208:443
ASN
#51167 Contabo GmbH

Requested by
https://discordproxy.zavo.eu/
Certificate
IssuerLet's Encrypt
Subjectdiscordproxy.zavo.eu
Fingerprint04:6A:2F:EE:57:1D:13:1C:32:B2:04:1C:62:15:73:98:8A:15:32:09
ValiditySun, 21 May 2023 19:03:07 GMT - Sat, 19 Aug 2023 19:03:06 GMT

File type
ASCII text, with very long lines (999)
Size
4.2 kB (4237 bytes)
Hash
755666f3f79b0f9be242452f568b0a12
002f5e20b999792de73a5e18a29cb07d8d8688df
9ea00a56c347ee4c1dd821d6bae819c5c058f89a0fb3ea44573e0dc38409d312

Detections

Analyzer	Verdict	Alert
openphish	Discord

HTTP Headers

GET /assets/dd0a4446599090ce6f77.js HTTP/1.1
Host: discordproxy.zavo.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://discordproxy.zavo.eu/
Cookie: __dcfduid=a140cd3003fa11eeb7e8cf3f5833ef74; __sdcfduid=a140cd3103fa11eeb7e8cf3f5833ef74a9b5cf02801626dfc084d52a96b7ccfd6b591fe1c4b6f0bbe7c775c016754186
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Mon, 05 Jun 2023 23:42:28 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 7d2c45b2d8b19bd4-FRA
CF-Cache-Status: HIT
Access-Control-Allow-Origin: https://discord.com
Cache-Control: public, max-age=2592000
ETag: W/"755666f3f79b0f9be242452f568b0a12"
Last-Modified: Thu, 18 May 2023 17:24:28 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Vary: Origin, Accept-Encoding
Permissions-Policy: interest-cohort=()
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CpXC0xBL1dhxjqX%2BgQ6mJo4gDWy7b53qPGm3BhO4asHCpH5kzaI7SF%2B98VkqMy7r%2Br4tL4BeubOduwjcwuBAIhagZEU7qjvXMKaFUeOtOvj7JxTEsPktjZ%2B%2BWIZr"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Set-Cookie: __cfruid=a3431ba21d5c04ca8100b658e0c86a781667bba9-1686008548; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Content-Encoding: br
alt-svc: h3=":443"; ma=86400

discordproxy.zavo.eu/assets/fe3820012a2ad71a1c47.js

5.189.161.208

200 OK

15 kB

URL GET HTTP/1.1
discordproxy.zavo.eu/assets/fe3820012a2ad71a1c47.js
IP
5.189.161.208:443
ASN
#51167 Contabo GmbH

Requested by
https://discordproxy.zavo.eu/
Certificate
IssuerLet's Encrypt
Subjectdiscordproxy.zavo.eu
Fingerprint04:6A:2F:EE:57:1D:13:1C:32:B2:04:1C:62:15:73:98:8A:15:32:09
ValiditySun, 21 May 2023 19:03:07 GMT - Sat, 19 Aug 2023 19:03:06 GMT

File type
ASCII text, with very long lines (1000)
Size
15 kB (14988 bytes)
Hash
9bbd27944291b5d0b739520f551015be
5c07ed32f5f26dfd3ac4560029dad2faa0970158
d351f77f8a0e004a2520780ce0eaf4f7a9c0e255af24a59e6f6d2c9e285a92fd

Detections

Analyzer	Verdict	Alert
openphish	Discord

HTTP Headers

GET /assets/fe3820012a2ad71a1c47.js HTTP/1.1
Host: discordproxy.zavo.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://discordproxy.zavo.eu/
Cookie: __dcfduid=a140cd3003fa11eeb7e8cf3f5833ef74; __sdcfduid=a140cd3103fa11eeb7e8cf3f5833ef74a9b5cf02801626dfc084d52a96b7ccfd6b591fe1c4b6f0bbe7c775c016754186
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Mon, 05 Jun 2023 23:42:28 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 7d2c45b2d9d1bba7-FRA
CF-Cache-Status: HIT
Access-Control-Allow-Origin: https://discord.com
Cache-Control: public, max-age=2592000
ETag: W/"9bbd27944291b5d0b739520f551015be"
Last-Modified: Fri, 19 May 2023 19:21:14 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Vary: Origin, Accept-Encoding
Permissions-Policy: interest-cohort=()
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pWYlvRBibDFA9tIqrvjnhGMStUMzoDmblBGSsWzkjgx1nD%2FOfw9OKbtrhcFwmg1xcstzSywbGQO4n5WKQkNRk4Twp6DzrrW18Ey4sv9tCIrIiOpj8ijJCD6Z2TRm"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Set-Cookie: __cfruid=a3431ba21d5c04ca8100b658e0c86a781667bba9-1686008548; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Content-Encoding: br
alt-svc: h3=":443"; ma=86400

discordproxy.zavo.eu/assets/98bfb77520b6bf4380ee.js

5.189.161.208

200 OK

28 kB

URL GET HTTP/1.1
discordproxy.zavo.eu/assets/98bfb77520b6bf4380ee.js
IP
5.189.161.208:443
ASN
#51167 Contabo GmbH

Requested by
https://discordproxy.zavo.eu/
Certificate
IssuerLet's Encrypt
Subjectdiscordproxy.zavo.eu
Fingerprint04:6A:2F:EE:57:1D:13:1C:32:B2:04:1C:62:15:73:98:8A:15:32:09
ValiditySun, 21 May 2023 19:03:07 GMT - Sat, 19 Aug 2023 19:03:06 GMT

File type
Unicode text, UTF-8 text, with very long lines (44471)
Size
28 kB (28163 bytes)
Hash
d0b2a6e98ea68140f32238a9cc4a1bad
520961236007bed857c49fffb62e4fb64c8a234f
97591a5e79b5967135a4b721e89d7a1d46a841860cb7fe4d45e4a56651ff7cc0

Detections

Analyzer	Verdict	Alert
openphish	Discord

HTTP Headers

GET /assets/98bfb77520b6bf4380ee.js HTTP/1.1
Host: discordproxy.zavo.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://discordproxy.zavo.eu/
Cookie: __dcfduid=a140cd3003fa11eeb7e8cf3f5833ef74; __sdcfduid=a140cd3103fa11eeb7e8cf3f5833ef74a9b5cf02801626dfc084d52a96b7ccfd6b591fe1c4b6f0bbe7c775c016754186
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Mon, 05 Jun 2023 23:42:28 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 7d2c45b36bcb35f3-FRA
CF-Cache-Status: HIT
Access-Control-Allow-Origin: https://discord.com
Cache-Control: public, max-age=2592000
ETag: W/"d0b2a6e98ea68140f32238a9cc4a1bad"
Last-Modified: Fri, 21 Apr 2023 22:46:49 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Vary: Origin, Accept-Encoding
Permissions-Policy: interest-cohort=()
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n7doT3SQ2mhonNoqhZBvQEJ78wsimuD3Dg%2FAKSejsTG9TbG0%2FTmbiNr6vUy4q1W6hBtMkWnD8Maldl%2Blzd3wvWzgUggt%2BR5BFO7s2MhK1qkv%2F5hwgcBrT710G7KC"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Set-Cookie: __cfruid=a3431ba21d5c04ca8100b658e0c86a781667bba9-1686008548; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Content-Encoding: br
alt-svc: h3=":443"; ma=86400

fonts.googleapis.com/css?family=Press+Start+2P

142.250.74.106

200 OK

946 B

URL GET HTTP/2
fonts.googleapis.com/css?family=Press+Start+2P
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://discordproxy.zavo.eu/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint3F:94:23:08:F7:DB:8B:36:93:90:93:F4:9E:46:A6:6A:93:75:15:C0
ValidityFri, 19 May 2023 12:57:42 GMT - Fri, 11 Aug 2023 12:57:41 GMT

File type
gzip compressed data, max compression\012- data
Size
946 B (946 bytes)
Hash
b8f12b405e2e42af18416ce3ddbfcbc5
47066610f59e25291dd96f092965bcedb450e605
b36267d40e3be4410e24c3f1aece23de5a1d45838d862a26ed175757e68109d9

HTTP Headers

GET /css?family=Press+Start+2P HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://discordproxy.zavo.eu/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 05 Jun 2023 23:42:28 GMT
date: Mon, 05 Jun 2023 23:42:28 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
793e96f16cfbafdfdfd065788089310e
d306bdb5e8a019aa638d23cd45513e1310e5b53e
ff417cdcfab1cb1e2a6d3793ed1a81ad9823c3d91d919cbec3a8d333832a275f

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Jun 2023 23:42:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

discordproxy.zavo.eu/assets/e5f146e759a4009131da.js

5.189.161.208

200 OK

9.5 kB

URL GET HTTP/1.1
discordproxy.zavo.eu/assets/e5f146e759a4009131da.js
IP
5.189.161.208:443
ASN
#51167 Contabo GmbH

Requested by
https://discordproxy.zavo.eu/
Certificate
IssuerLet's Encrypt
Subjectdiscordproxy.zavo.eu
Fingerprint04:6A:2F:EE:57:1D:13:1C:32:B2:04:1C:62:15:73:98:8A:15:32:09
ValiditySun, 21 May 2023 19:03:07 GMT - Sat, 19 Aug 2023 19:03:06 GMT

File type
ASCII text, with very long lines (1000)
Size
9.5 kB (9504 bytes)
Hash
98967a1f8ca8124c0f7d87936b0dcc9f
fe0e5e0385f4ff650483d770d0f7125918977271
0488b7200906d01ebfc26a9898918b3e219433f560316cbb79fb4f39cc0eefa5

Detections

Analyzer	Verdict	Alert
openphish	Discord

HTTP Headers

GET /assets/e5f146e759a4009131da.js HTTP/1.1
Host: discordproxy.zavo.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://discordproxy.zavo.eu/
Cookie: __dcfduid=a140cd3003fa11eeb7e8cf3f5833ef74; __sdcfduid=a140cd3103fa11eeb7e8cf3f5833ef74a9b5cf02801626dfc084d52a96b7ccfd6b591fe1c4b6f0bbe7c775c016754186
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Mon, 05 Jun 2023 23:42:28 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 7d2c45b41ed81bc3-FRA
CF-Cache-Status: HIT
Access-Control-Allow-Origin: https://discord.com
Cache-Control: public, max-age=2592000
ETag: W/"98967a1f8ca8124c0f7d87936b0dcc9f"
Last-Modified: Thu, 18 May 2023 17:24:28 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Vary: Origin, Accept-Encoding
Permissions-Policy: interest-cohort=()
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vu7oBjZKmjID5YBHO%2FftKDQ7xzgBDHUvl3pxuwQUNKOGDqPFY5TO9kX%2BgTRCSrWpa6bvCs0iF6vtU1lCtwJsiLtT05w2OVlaJNCMBsfA%2Fh5nOIugLx0fykdal5zc"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Set-Cookie: __cfruid=a3431ba21d5c04ca8100b658e0c86a781667bba9-1686008548; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Content-Encoding: br
alt-svc: h3=":443"; ma=86400

www.googletagmanager.com/gtm.js?id=GTM-N7BVC2W&gtm_auth=GI0g9O-54_SitcgmxQKxlA&gtm_preview=env-2&gtm_cookies_win=x

142.250.74.168

200 OK

49 kB

URL GET HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-N7BVC2W&gtm_auth=GI0g9O-54_SitcgmxQKxlA&gtm_preview=env-2&gtm_cookies_win=x
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://discordproxy.zavo.eu/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint73:BF:B0:D4:62:48:8E:EF:09:5F:00:57:95:98:82:16:BB:07:35:0C
ValidityFri, 19 May 2023 12:53:06 GMT - Fri, 11 Aug 2023 12:53:05 GMT

File type
ASCII text, with very long lines (2332)
Size
49 kB (48841 bytes)
Hash
f33815f035df9f6d2cb6cfa75630b2d5
a84b5221e2e6520782655cfcfc9c592642d6b290
4f2bf3fd10f3cc188ac894c23379bf38fc1d5a7ecc482753ae3902ec8fc5de53

HTTP Headers

GET /gtm.js?id=GTM-N7BVC2W&gtm_auth=GI0g9O-54_SitcgmxQKxlA&gtm_preview=env-2&gtm_cookies_win=x HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://discordproxy.zavo.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: *
date: Mon, 05 Jun 2023 23:42:28 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 48841
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

discordproxy.zavo.eu/assets/98ea5b9e92e304c7d352ac462996adc5.svg

5.189.161.208

200 OK

38 kB

URL GET HTTP/1.1
discordproxy.zavo.eu/assets/98ea5b9e92e304c7d352ac462996adc5.svg
IP
5.189.161.208:443
ASN
#51167 Contabo GmbH

Requested by
https://discordproxy.zavo.eu/
Certificate
IssuerLet's Encrypt
Subjectdiscordproxy.zavo.eu
Fingerprint04:6A:2F:EE:57:1D:13:1C:32:B2:04:1C:62:15:73:98:8A:15:32:09
ValiditySun, 21 May 2023 19:03:07 GMT - Sat, 19 Aug 2023 19:03:06 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1401)
Size
38 kB (37791 bytes)
Hash
98ea5b9e92e304c7d352ac462996adc5
1917a68090e9c69a922595fcf8f83e6e3aa09f71
0455dc9d38a4e0ae85d1b8a00b9c38d0ec90db2a7c82ca7b379df79b32ffd933

Detections

Analyzer	Verdict	Alert
openphish	Discord

HTTP Headers

GET /assets/98ea5b9e92e304c7d352ac462996adc5.svg HTTP/1.1
Host: discordproxy.zavo.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://discordproxy.zavo.eu/
Cookie: __dcfduid=a140cd3003fa11eeb7e8cf3f5833ef74; __sdcfduid=a140cd3103fa11eeb7e8cf3f5833ef74a9b5cf02801626dfc084d52a96b7ccfd6b591fe1c4b6f0bbe7c775c016754186
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Mon, 05 Jun 2023 23:42:28 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 7d2c45b42e2dbbe3-FRA
CF-Cache-Status: HIT
Access-Control-Allow-Origin: https://discord.com
Cache-Control: public, max-age=2592000
ETag: W/"98ea5b9e92e304c7d352ac462996adc5"
Last-Modified: Wed, 29 Mar 2023 20:09:30 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Vary: Origin, Accept-Encoding
Permissions-Policy: interest-cohort=()
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c4qprL%2B4g0bxZf2I1Yx5w%2FYg4NTzgS5dVNPQnCwumvQFh2UzNGgrsQh3iX%2BBt7heTorwf3YUPdZ8jwioffsRmwdDxvlj92A2F9m6pCQEo8fCEY7%2BLhqmBjAJh27A"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Set-Cookie: __cfruid=a3431ba21d5c04ca8100b658e0c86a781667bba9-1686008548; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Content-Encoding: br
alt-svc: h3=":443"; ma=86400

discordproxy.zavo.eu/assets/575a0322f3b36ca2fecb23ad2c6dd5ad.svg

5.189.161.208

200 OK

57 kB

URL GET HTTP/1.1
discordproxy.zavo.eu/assets/575a0322f3b36ca2fecb23ad2c6dd5ad.svg
IP
5.189.161.208:443
ASN
#51167 Contabo GmbH

Requested by
https://discordproxy.zavo.eu/
Certificate
IssuerLet's Encrypt
Subjectdiscordproxy.zavo.eu
Fingerprint04:6A:2F:EE:57:1D:13:1C:32:B2:04:1C:62:15:73:98:8A:15:32:09
ValiditySun, 21 May 2023 19:03:07 GMT - Sat, 19 Aug 2023 19:03:06 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (4941)
Size
57 kB (57194 bytes)
Hash
575a0322f3b36ca2fecb23ad2c6dd5ad
6239dae6c6e43750e7dab523c91c625f110f25f7
ab6807510010aaa210a2337a11dea877bd3162e0b0e6f3598afb9732ced0ddf0

Detections

Analyzer	Verdict	Alert
openphish	Discord

HTTP Headers

GET /assets/575a0322f3b36ca2fecb23ad2c6dd5ad.svg HTTP/1.1
Host: discordproxy.zavo.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://discordproxy.zavo.eu/
Cookie: __dcfduid=a140cd3003fa11eeb7e8cf3f5833ef74; __sdcfduid=a140cd3103fa11eeb7e8cf3f5833ef74a9b5cf02801626dfc084d52a96b7ccfd6b591fe1c4b6f0bbe7c775c016754186
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Mon, 05 Jun 2023 23:42:28 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 7d2c45b42db49bd7-FRA
CF-Cache-Status: HIT
Access-Control-Allow-Origin: https://discord.com
Cache-Control: public, max-age=2592000
ETag: W/"575a0322f3b36ca2fecb23ad2c6dd5ad"
Last-Modified: Wed, 29 Mar 2023 20:09:30 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Vary: Origin, Accept-Encoding
Permissions-Policy: interest-cohort=()
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Fo8lR7te4NMxtNcte2ahetmCy%2FJ5AEjWyWTDZvRGwlVCg4%2BwUIUiGx3xccHOJCA6oN%2BggZ86FLUIuGzsFqk9BmqIg6WzXrClTmdQAdRJLKaVJ6yxcrHL0StwQT03"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Set-Cookie: __cfruid=a3431ba21d5c04ca8100b658e0c86a781667bba9-1686008548; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Content-Encoding: br
alt-svc: h3=":443"; ma=86400

discordproxy.zavo.eu/assets/oneTrust/v4/consent/04da1d72-0626-4fff-b3c6-150c719cc115/04da1d72-0626-4fff-b3c6-150c719cc115.json

5.189.161.208

200 OK

1.8 kB

URL GET HTTP/1.1
discordproxy.zavo.eu/assets/oneTrust/v4/consent/04da1d72-0626-4fff-b3c6-150c719cc115/04da1d72-0626-4fff-b3c6-150c719cc115.json
IP
5.189.161.208:443
ASN
#51167 Contabo GmbH

Requested by
https://discordproxy.zavo.eu/
Certificate
IssuerLet's Encrypt
Subjectdiscordproxy.zavo.eu
Fingerprint04:6A:2F:EE:57:1D:13:1C:32:B2:04:1C:62:15:73:98:8A:15:32:09
ValiditySun, 21 May 2023 19:03:07 GMT - Sat, 19 Aug 2023 19:03:06 GMT

File type
JSON data\012- , ASCII text, with very long lines (4324), with no line terminators
Size
1.8 kB (1801 bytes)
Hash
de9b2c3b18688a8f7220e9ec15f3516d
59368ba3b727fe2b46d0defe8b05b56f2216a3fc
0526c9a0c082bd2dad1cff8595a12ecb477456816e48180ef07b3c469f8a11a8

Detections

Analyzer	Verdict	Alert
openphish	Discord

HTTP Headers

GET /assets/oneTrust/v4/consent/04da1d72-0626-4fff-b3c6-150c719cc115/04da1d72-0626-4fff-b3c6-150c719cc115.json HTTP/1.1
Host: discordproxy.zavo.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://discordproxy.zavo.eu/
Cookie: __dcfduid=a140cd3003fa11eeb7e8cf3f5833ef74; __sdcfduid=a140cd3103fa11eeb7e8cf3f5833ef74a9b5cf02801626dfc084d52a96b7ccfd6b591fe1c4b6f0bbe7c775c016754186
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Mon, 05 Jun 2023 23:42:28 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 7d2c45b4bc7e92b4-FRA
CF-Cache-Status: HIT
Access-Control-Allow-Origin: https://discord.com
Cache-Control: public, max-age=2592000
ETag: W/"de9b2c3b18688a8f7220e9ec15f3516d"
Last-Modified: Tue, 19 Apr 2022 21:08:45 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Vary: Origin, Accept-Encoding
Permissions-Policy: interest-cohort=()
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=02xhycvrtFu1AVJ%2BWbNixI303mZjzG9%2ByC3QeXArj6JH9iamK5QxeVsdRABu3LKK5LSSctRhXLHAitXrP4SlPyAgx1tV8pB9UWAsiALznPIG5H%2F68Wvip1iczP3h"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Set-Cookie: __cfruid=a3431ba21d5c04ca8100b658e0c86a781667bba9-1686008548; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Content-Encoding: br
alt-svc: h3=":443"; ma=86400

discordproxy.zavo.eu/assets/921b1ae33edca174b6ebe787bb8b6c3b.svg

5.189.161.208

200 OK

38 kB

URL GET HTTP/1.1
discordproxy.zavo.eu/assets/921b1ae33edca174b6ebe787bb8b6c3b.svg
IP
5.189.161.208:443
ASN
#51167 Contabo GmbH

Requested by
https://discordproxy.zavo.eu/
Certificate
IssuerLet's Encrypt
Subjectdiscordproxy.zavo.eu
Fingerprint04:6A:2F:EE:57:1D:13:1C:32:B2:04:1C:62:15:73:98:8A:15:32:09
ValiditySun, 21 May 2023 19:03:07 GMT - Sat, 19 Aug 2023 19:03:06 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (6487)
Size
38 kB (37846 bytes)
Hash
921b1ae33edca174b6ebe787bb8b6c3b
1b3a8f3507401d78e14caf92378c088e3a620db2
408e11366e6d62e8b08d71b85d20a6bfa1c1f35f3b7c6ada379cf43367ac492a

Detections

Analyzer	Verdict	Alert
openphish	Discord

HTTP Headers

GET /assets/921b1ae33edca174b6ebe787bb8b6c3b.svg HTTP/1.1
Host: discordproxy.zavo.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://discordproxy.zavo.eu/
Cookie: __dcfduid=a140cd3003fa11eeb7e8cf3f5833ef74; __sdcfduid=a140cd3103fa11eeb7e8cf3f5833ef74a9b5cf02801626dfc084d52a96b7ccfd6b591fe1c4b6f0bbe7c775c016754186
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Mon, 05 Jun 2023 23:42:28 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 7d2c45b42fb0694c-FRA
CF-Cache-Status: HIT
Access-Control-Allow-Origin: https://discord.com
Cache-Control: public, max-age=2592000
ETag: W/"921b1ae33edca174b6ebe787bb8b6c3b"
Last-Modified: Fri, 07 May 2021 17:25:24 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Vary: Origin, Accept-Encoding
Permissions-Policy: interest-cohort=()
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hSlLA%2BvajT7LBofKzGbK8Qcc5uEfabcrLytQwYm6gh53djad%2BSaL%2FpwBynaCea6c3qYamu7dnrO92YNbWc6hdGtjKEI18YQ7RmuUDZ%2B9XtDIBb35UpmHqvlnk4wT"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Set-Cookie: __cfruid=a3431ba21d5c04ca8100b658e0c86a781667bba9-1686008548; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Content-Encoding: br
alt-svc: h3=":443"; ma=86400

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
793e96f16cfbafdfdfd065788089310e
d306bdb5e8a019aa638d23cd45513e1310e5b53e
ff417cdcfab1cb1e2a6d3793ed1a81ad9823c3d91d919cbec3a8d333832a275f

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Jun 2023 23:42:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

discordproxy.zavo.eu/cdn-cgi/challenge-platform/scripts/invisible.js

5.189.161.208

302 Found

0 B

URL GET HTTP/1.1
discordproxy.zavo.eu/cdn-cgi/challenge-platform/scripts/invisible.js
IP
5.189.161.208:443
ASN
#51167 Contabo GmbH

Requested by
https://discordproxy.zavo.eu/
Certificate
IssuerLet's Encrypt
Subjectdiscordproxy.zavo.eu
Fingerprint04:6A:2F:EE:57:1D:13:1C:32:B2:04:1C:62:15:73:98:8A:15:32:09
ValiditySun, 21 May 2023 19:03:07 GMT - Sat, 19 Aug 2023 19:03:06 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Discord

HTTP Headers

GET /cdn-cgi/challenge-platform/scripts/invisible.js HTTP/1.1
Host: discordproxy.zavo.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: __dcfduid=a140cd3003fa11eeb7e8cf3f5833ef74; __sdcfduid=a140cd3103fa11eeb7e8cf3f5833ef74a9b5cf02801626dfc084d52a96b7ccfd6b591fe1c4b6f0bbe7c775c016754186
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.14.2
Date: Mon, 05 Jun 2023 23:42:28 GMT
Transfer-Encoding: chunked
Connection: keep-alive
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/68662470/invisible.js
access-control-allow-origin: *
cache-control: max-age=300, public
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kdZeA7bNqI6ncw9TdMA52CqraN6BFF%2B%2BUEgI3gyyhnTE4JWZ0VopyqjuOv2ATUfWrrE2AKbmmh%2BU1%2BPm%2BDL6UasKL7t1rJUSdyCrLG0VBfdBPSfdaFj93ESOMr4N"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-RAY: 7d2c45b55f1290fe-FRA
alt-svc: h3=":443"; ma=86400

discordproxy.zavo.eu/assets/3d42d9a7b9b2a544ffef1474e2cb5db9.woff2

5.189.161.208

200 OK

29 kB

URL GET HTTP/1.1
discordproxy.zavo.eu/assets/3d42d9a7b9b2a544ffef1474e2cb5db9.woff2
IP
5.189.161.208:443
ASN
#51167 Contabo GmbH

Requested by
https://discordproxy.zavo.eu/
Certificate
IssuerLet's Encrypt
Subjectdiscordproxy.zavo.eu
Fingerprint04:6A:2F:EE:57:1D:13:1C:32:B2:04:1C:62:15:73:98:8A:15:32:09
ValiditySun, 21 May 2023 19:03:07 GMT - Sat, 19 Aug 2023 19:03:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 28820, version 1.983\012- data
Size
29 kB (28820 bytes)
Hash
3d42d9a7b9b2a544ffef1474e2cb5db9
c5fb2f18557a6e23d70eb5dc59459873e07a90cd
0487a3519e009bac6aecfa0f2ec6c4b3bdd6c42dce1a8a2b6422a904d55d424f

Detections

Analyzer	Verdict	Alert
openphish	Discord

HTTP Headers

GET /assets/3d42d9a7b9b2a544ffef1474e2cb5db9.woff2 HTTP/1.1
Host: discordproxy.zavo.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://discordproxy.zavo.eu/assets/0.c47519b5668780f22629.css
Cookie: __dcfduid=a140cd3003fa11eeb7e8cf3f5833ef74; __sdcfduid=a140cd3103fa11eeb7e8cf3f5833ef74a9b5cf02801626dfc084d52a96b7ccfd6b591fe1c4b6f0bbe7c775c016754186
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Mon, 05 Jun 2023 23:42:28 GMT
Content-Type: font/woff2
Content-Length: 28820
Connection: keep-alive
CF-Ray: 7d2c45b56fba90e8-FRA
CF-Cache-Status: HIT
Accept-Ranges: bytes
Access-Control-Allow-Origin: https://discord.com
Cache-Control: public, max-age=2592000
ETag: "3d42d9a7b9b2a544ffef1474e2cb5db9"
Last-Modified: Thu, 11 May 2023 17:57:01 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Vary: Origin, Accept-Encoding
Permissions-Policy: interest-cohort=()
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=llpC1Ux9T%2FJ5m12dh1ACmvBODWQ1sfxWp%2BVg0ACqy6OsUTL5X8GCzdet3QGU2oU2k8ClPabeAjiruGdphCJLRtWd09gjAFHgeH7%2FmFomTNLeR7sTfFidJV7dD9BU"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Set-Cookie: __cfruid=a3431ba21d5c04ca8100b658e0c86a781667bba9-1686008548; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
alt-svc: h3=":443"; ma=86400

discordproxy.zavo.eu/assets/3d07f5abf272fbb5670d02ed687453d0.woff2

5.189.161.208

200 OK

42 kB

URL GET HTTP/1.1
discordproxy.zavo.eu/assets/3d07f5abf272fbb5670d02ed687453d0.woff2
IP
5.189.161.208:443
ASN
#51167 Contabo GmbH

Requested by
https://discordproxy.zavo.eu/
Certificate
IssuerLet's Encrypt
Subjectdiscordproxy.zavo.eu
Fingerprint04:6A:2F:EE:57:1D:13:1C:32:B2:04:1C:62:15:73:98:8A:15:32:09
ValiditySun, 21 May 2023 19:03:07 GMT - Sat, 19 Aug 2023 19:03:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 41872, version 1.6553\012- data
Size
42 kB (41872 bytes)
Hash
3d07f5abf272fbb5670d02ed687453d0
5ba49c861917331a4d29d2a81ed4f93e94f62212
3afc8b61c01534f04c628962b34e53104e0487b010f197a54d2e9ce357bf9733

Detections

Analyzer	Verdict	Alert
openphish	Discord

HTTP Headers

GET /assets/3d07f5abf272fbb5670d02ed687453d0.woff2 HTTP/1.1
Host: discordproxy.zavo.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://discordproxy.zavo.eu/assets/0.c47519b5668780f22629.css
Cookie: __dcfduid=a140cd3003fa11eeb7e8cf3f5833ef74; __sdcfduid=a140cd3103fa11eeb7e8cf3f5833ef74a9b5cf02801626dfc084d52a96b7ccfd6b591fe1c4b6f0bbe7c775c016754186
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Mon, 05 Jun 2023 23:42:28 GMT
Content-Type: font/woff2
Content-Length: 41872
Connection: keep-alive
CF-Ray: 7d2c45b56ce32bdc-FRA
CF-Cache-Status: HIT
Accept-Ranges: bytes
Access-Control-Allow-Origin: https://discord.com
Cache-Control: public, max-age=2592000
ETag: "3d07f5abf272fbb5670d02ed687453d0"
Last-Modified: Wed, 02 Nov 2022 19:38:50 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Vary: Origin, Accept-Encoding
Permissions-Policy: interest-cohort=()
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rnNAp%2FDmZTutKcbsQl2WQR1p1LocKj97Q%2BsrdPQMzvHgy8GXpGUvp7S8lg3UopbIoxc16g%2BD8tVoVe24NV37WIv6etqfW%2F5XmFhsC2zfGRIX3tPRMkya6PSr6PhW"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Set-Cookie: __cfruid=a3431ba21d5c04ca8100b658e0c86a781667bba9-1686008548; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
alt-svc: h3=":443"; ma=86400

discordproxy.zavo.eu/assets/32e2ccd44de2de2c7f5b94a37e5db3e5.woff2

5.189.161.208

200 OK

28 kB

URL GET HTTP/1.1
discordproxy.zavo.eu/assets/32e2ccd44de2de2c7f5b94a37e5db3e5.woff2
IP
5.189.161.208:443
ASN
#51167 Contabo GmbH

Requested by
https://discordproxy.zavo.eu/
Certificate
IssuerLet's Encrypt
Subjectdiscordproxy.zavo.eu
Fingerprint04:6A:2F:EE:57:1D:13:1C:32:B2:04:1C:62:15:73:98:8A:15:32:09
ValiditySun, 21 May 2023 19:03:07 GMT - Sat, 19 Aug 2023 19:03:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 27836, version 1.983\012- data
Size
28 kB (27836 bytes)
Hash
32e2ccd44de2de2c7f5b94a37e5db3e5
7ab5318130a778ad533f0aaf8bce8571b5e7ecea
1149038fd11f377161a2c28ddd9f33abe37a19628fa1e118940755ba967b8e8e

Detections

Analyzer	Verdict	Alert
openphish	Discord

HTTP Headers

GET /assets/32e2ccd44de2de2c7f5b94a37e5db3e5.woff2 HTTP/1.1
Host: discordproxy.zavo.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://discordproxy.zavo.eu/assets/0.c47519b5668780f22629.css
Cookie: __dcfduid=a140cd3003fa11eeb7e8cf3f5833ef74; __sdcfduid=a140cd3103fa11eeb7e8cf3f5833ef74a9b5cf02801626dfc084d52a96b7ccfd6b591fe1c4b6f0bbe7c775c016754186
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Mon, 05 Jun 2023 23:42:28 GMT
Content-Type: font/woff2
Content-Length: 27836
Connection: keep-alive
CF-Ray: 7d2c45b57fe19004-FRA
CF-Cache-Status: HIT
Accept-Ranges: bytes
Access-Control-Allow-Origin: https://discord.com
Cache-Control: public, max-age=2592000
ETag: "32e2ccd44de2de2c7f5b94a37e5db3e5"
Last-Modified: Thu, 11 May 2023 17:57:01 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Vary: Origin, Accept-Encoding
Permissions-Policy: interest-cohort=()
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kNfkGKP65FAKkLuIzt1SS3oMxrCdkDq2aVodBIt3I42pHMbU%2BtoECTL7XByaJ68vE2K5VXbYc7Nxzu8P%2BJkarZzB4C0BsP%2F7nynNNYrOTQYNr41S%2FoKHfGm9XpQq"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Set-Cookie: __cfruid=a3431ba21d5c04ca8100b658e0c86a781667bba9-1686008548; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
alt-svc: h3=":443"; ma=86400

discordproxy.zavo.eu/assets/5972f529ce487a43ff5fd8776b9784ab.woff2

5.189.161.208

200 OK

29 kB

URL GET HTTP/1.1
discordproxy.zavo.eu/assets/5972f529ce487a43ff5fd8776b9784ab.woff2
IP
5.189.161.208:443
ASN
#51167 Contabo GmbH

Requested by
https://discordproxy.zavo.eu/
Certificate
IssuerLet's Encrypt
Subjectdiscordproxy.zavo.eu
Fingerprint04:6A:2F:EE:57:1D:13:1C:32:B2:04:1C:62:15:73:98:8A:15:32:09
ValiditySun, 21 May 2023 19:03:07 GMT - Sat, 19 Aug 2023 19:03:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 28936, version 1.983\012- data
Size
29 kB (28936 bytes)
Hash
5972f529ce487a43ff5fd8776b9784ab
0a1cc227e99be0fdaeaf426d3414e4e74be6ddd9
3b0e985f966378f6642bc37883359d71e2cce913cca8de4dd65b7141fea163fb

Detections

Analyzer	Verdict	Alert
openphish	Discord

HTTP Headers

GET /assets/5972f529ce487a43ff5fd8776b9784ab.woff2 HTTP/1.1
Host: discordproxy.zavo.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://discordproxy.zavo.eu/assets/0.c47519b5668780f22629.css
Cookie: __dcfduid=a140cd3003fa11eeb7e8cf3f5833ef74; __sdcfduid=a140cd3103fa11eeb7e8cf3f5833ef74a9b5cf02801626dfc084d52a96b7ccfd6b591fe1c4b6f0bbe7c775c016754186
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Mon, 05 Jun 2023 23:42:28 GMT
Content-Type: font/woff2
Content-Length: 28936
Connection: keep-alive
CF-Ray: 7d2c45b57da735e7-FRA
CF-Cache-Status: HIT
Accept-Ranges: bytes
Access-Control-Allow-Origin: https://discord.com
Cache-Control: public, max-age=2592000
ETag: "5972f529ce487a43ff5fd8776b9784ab"
Last-Modified: Thu, 11 May 2023 17:57:01 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Vary: Origin, Accept-Encoding
Permissions-Policy: interest-cohort=()
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W0SN3SqnTudsf9T7XJG8D4O5eOoWsP%2BUI3GObbnjQXZEPGhZ1%2FjT76eGkeSNwKKSYJyUcY5Q1xb6eaZH2kz%2FAd6J45l%2BT71ROeIyvlXbrc46YJTDOc1kewNKScxC"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Set-Cookie: __cfruid=a3431ba21d5c04ca8100b658e0c86a781667bba9-1686008548; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
alt-svc: h3=":443"; ma=86400

discordproxy.zavo.eu/cdn-cgi/challenge-platform/h/g/scripts/jsd/68662470/invisible.js

5.189.161.208

200 OK

11 kB

URL GET HTTP/1.1
discordproxy.zavo.eu/cdn-cgi/challenge-platform/h/g/scripts/jsd/68662470/invisible.js
IP
5.189.161.208:443
ASN
#51167 Contabo GmbH

Requested by
https://discordproxy.zavo.eu/
Certificate
IssuerLet's Encrypt
Subjectdiscordproxy.zavo.eu
Fingerprint04:6A:2F:EE:57:1D:13:1C:32:B2:04:1C:62:15:73:98:8A:15:32:09
ValiditySun, 21 May 2023 19:03:07 GMT - Sat, 19 Aug 2023 19:03:06 GMT

File type
ASCII text, with very long lines (24665), with no line terminators
Size
11 kB (11203 bytes)
Hash
340ccf0f9db71ff6cfa08bec4faa2507
5ea621144f4f42cc85a5e62526eb4c7d0e09dad9
4883a5ad6ef448b44685bb099b1f0f9673d1135f1a88549c40440b9be98b7c8c

Detections

Analyzer	Verdict	Alert
openphish	Discord

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/68662470/invisible.js HTTP/1.1
Host: discordproxy.zavo.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: __dcfduid=a140cd3003fa11eeb7e8cf3f5833ef74; __sdcfduid=a140cd3103fa11eeb7e8cf3f5833ef74a9b5cf02801626dfc084d52a96b7ccfd6b591fe1c4b6f0bbe7c775c016754186
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Mon, 05 Jun 2023 23:42:28 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
vary: accept-encoding
cache-control: max-age=14400, public
x-content-type-options: nosniff
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BDlMS4%2B8syiXk755werj2csYS5bO04NsHMkT6mNObJ1QGvK2%2FPXKp3cYuaTCYG3VRX%2FyyEAuzA36nUaHSiayiqV6GpPzf1DDgJbRGVxnSKKXt120HvliXH4NphX3"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
CF-RAY: 7d2c45b60b74901e-FRA
Content-Encoding: br
alt-svc: h3=":443"; ma=86400

discordproxy.zavo.eu/assets/1999f1db992930e3ab1f90236a60e623.woff2

5.189.161.208

200 OK

30 kB

URL GET HTTP/1.1
discordproxy.zavo.eu/assets/1999f1db992930e3ab1f90236a60e623.woff2
IP
5.189.161.208:443
ASN
#51167 Contabo GmbH

Requested by
https://discordproxy.zavo.eu/
Certificate
IssuerLet's Encrypt
Subjectdiscordproxy.zavo.eu
Fingerprint04:6A:2F:EE:57:1D:13:1C:32:B2:04:1C:62:15:73:98:8A:15:32:09
ValiditySun, 21 May 2023 19:03:07 GMT - Sat, 19 Aug 2023 19:03:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 29804, version 1.983\012- data
Size
30 kB (29804 bytes)
Hash
1999f1db992930e3ab1f90236a60e623
99af6ff15de490a00d62b198e1a2c070b09fc188
8299a06731f187a57d922aaa09d6a83b50f0fba01f4725917337bd31b5583e98

Detections

Analyzer	Verdict	Alert
openphish	Discord

HTTP Headers

GET /assets/1999f1db992930e3ab1f90236a60e623.woff2 HTTP/1.1
Host: discordproxy.zavo.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://discordproxy.zavo.eu/assets/0.c47519b5668780f22629.css
Cookie: __dcfduid=a140cd3003fa11eeb7e8cf3f5833ef74; __sdcfduid=a140cd3103fa11eeb7e8cf3f5833ef74a9b5cf02801626dfc084d52a96b7ccfd6b591fe1c4b6f0bbe7c775c016754186
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Mon, 05 Jun 2023 23:42:28 GMT
Content-Type: font/woff2
Content-Length: 29804
Connection: keep-alive
CF-Ray: 7d2c45b61c34915f-FRA
CF-Cache-Status: HIT
Accept-Ranges: bytes
Access-Control-Allow-Origin: https://discord.com
Cache-Control: public, max-age=2592000
ETag: "1999f1db992930e3ab1f90236a60e623"
Last-Modified: Thu, 11 May 2023 17:57:01 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Vary: Origin, Accept-Encoding
Permissions-Policy: interest-cohort=()
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0e206vljz4UvJiWLKi9lo9EMW6Zx08vw9MmL2zCT1HS4U2ORv3zLsmFYDOePPOZ9O3n3%2Fh0WgIW%2FCTCp%2BSPEZjIZ8uGgf0SqOvnDGi8DElbG%2F7RSfvaz21LJricq"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Set-Cookie: __cfruid=a3431ba21d5c04ca8100b658e0c86a781667bba9-1686008548; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
alt-svc: h3=":443"; ma=86400

discordproxy.zavo.eu/assets/2ab99ceb59ed8c892ea4c4cc0919ad25.woff2

5.189.161.208

200 OK

29 kB

URL GET HTTP/1.1
discordproxy.zavo.eu/assets/2ab99ceb59ed8c892ea4c4cc0919ad25.woff2
IP
5.189.161.208:443
ASN
#51167 Contabo GmbH

Requested by
https://discordproxy.zavo.eu/
Certificate
IssuerLet's Encrypt
Subjectdiscordproxy.zavo.eu
Fingerprint04:6A:2F:EE:57:1D:13:1C:32:B2:04:1C:62:15:73:98:8A:15:32:09
ValiditySun, 21 May 2023 19:03:07 GMT - Sat, 19 Aug 2023 19:03:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 29044, version 1.983\012- data
Size
29 kB (29044 bytes)
Hash
2ab99ceb59ed8c892ea4c4cc0919ad25
351e070a6e7e9c9c6d53b6cc8e1f997aff5f60ec
24d3b35b1aec1f3c00086defba200a285d655eed1a0303b27dfb32e4149e3f3e

Detections

Analyzer	Verdict	Alert
openphish	Discord

HTTP Headers

GET /assets/2ab99ceb59ed8c892ea4c4cc0919ad25.woff2 HTTP/1.1
Host: discordproxy.zavo.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://discordproxy.zavo.eu/assets/0.c47519b5668780f22629.css
Cookie: __dcfduid=a140cd3003fa11eeb7e8cf3f5833ef74; __sdcfduid=a140cd3103fa11eeb7e8cf3f5833ef74a9b5cf02801626dfc084d52a96b7ccfd6b591fe1c4b6f0bbe7c775c016754186
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Mon, 05 Jun 2023 23:42:28 GMT
Content-Type: font/woff2
Content-Length: 29044
Connection: keep-alive
CF-Ray: 7d2c45b64e1c1901-FRA
CF-Cache-Status: HIT
Accept-Ranges: bytes
Access-Control-Allow-Origin: https://discord.com
Cache-Control: public, max-age=2592000
ETag: "2ab99ceb59ed8c892ea4c4cc0919ad25"
Last-Modified: Thu, 11 May 2023 17:57:01 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Vary: Origin, Accept-Encoding
Permissions-Policy: interest-cohort=()
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lVTf1lRzmNBRTRnUk1zyC2LNiFraWlbsrSKLFJ9wMfugOfCeKvCpkyzmNkn7VQtA0Ar%2FZhxlZAuTKpK7RrBREiZ3Hn1F3yfC9shSuSfB5K206TpwkLMabEPxainS"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Set-Cookie: __cfruid=a3431ba21d5c04ca8100b658e0c86a781667bba9-1686008548; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
alt-svc: h3=":443"; ma=86400

discordproxy.zavo.eu/assets/e6d57714479874c665b36c7adee76b1d.svg

5.189.161.208

200 OK

5.1 kB

URL GET HTTP/1.1
discordproxy.zavo.eu/assets/e6d57714479874c665b36c7adee76b1d.svg
IP
5.189.161.208:443
ASN
#51167 Contabo GmbH

Requested by
https://discordproxy.zavo.eu/
Certificate
IssuerLet's Encrypt
Subjectdiscordproxy.zavo.eu
Fingerprint04:6A:2F:EE:57:1D:13:1C:32:B2:04:1C:62:15:73:98:8A:15:32:09
ValiditySun, 21 May 2023 19:03:07 GMT - Sat, 19 Aug 2023 19:03:06 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1734)
Size
5.1 kB (5101 bytes)
Hash
e6d57714479874c665b36c7adee76b1d
7d548455122292f8272c5672303fc786d2d3000f
8a22b3884eb5d0750875b97c8192cba5465ec2c8a438c92378a9650804607c76

Detections

Analyzer	Verdict	Alert
openphish	Discord

HTTP Headers

GET /assets/e6d57714479874c665b36c7adee76b1d.svg HTTP/1.1
Host: discordproxy.zavo.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://discordproxy.zavo.eu/
Cookie: __dcfduid=a140cd3003fa11eeb7e8cf3f5833ef74; __sdcfduid=a140cd3103fa11eeb7e8cf3f5833ef74a9b5cf02801626dfc084d52a96b7ccfd6b591fe1c4b6f0bbe7c775c016754186
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Mon, 05 Jun 2023 23:42:28 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 7d2c45b64bd09b6a-FRA
CF-Cache-Status: HIT
Access-Control-Allow-Origin: https://discord.com
Cache-Control: public, max-age=2592000
ETag: W/"e6d57714479874c665b36c7adee76b1d"
Last-Modified: Fri, 28 May 2021 21:18:18 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Vary: Origin, Accept-Encoding
Permissions-Policy: interest-cohort=()
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PxvmdakvrB%2BmLMFzytunTASNPB%2BMjV5gCXopIb0vMhjE6cWIKLysV6FiVUtMB4sekwqzEXlw%2BdooMdA4vDWgkrSmY864yR2TgBvHNZKnd6M6g6s3YDmcqEF76Cfv"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Set-Cookie: __cfruid=a3431ba21d5c04ca8100b658e0c86a781667bba9-1686008548; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Content-Encoding: br
alt-svc: h3=":443"; ma=86400

discordproxy.zavo.eu/assets/8a8375ab7908384e1fd6efe408284203.svg

5.189.161.208

200 OK

21 kB

URL GET HTTP/1.1
discordproxy.zavo.eu/assets/8a8375ab7908384e1fd6efe408284203.svg
IP
5.189.161.208:443
ASN
#51167 Contabo GmbH

Requested by
https://discordproxy.zavo.eu/
Certificate
IssuerLet's Encrypt
Subjectdiscordproxy.zavo.eu
Fingerprint04:6A:2F:EE:57:1D:13:1C:32:B2:04:1C:62:15:73:98:8A:15:32:09
ValiditySun, 21 May 2023 19:03:07 GMT - Sat, 19 Aug 2023 19:03:06 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1257)
Size
21 kB (20956 bytes)
Hash
8a8375ab7908384e1fd6efe408284203
c860bf9ebb02c0110e452b0d27b21d50083dd165
0863f0e2352e91b8f69c16eb1896aa0cc802ad66efca43f07ad6810da239025a

Detections

Analyzer	Verdict	Alert
openphish	Discord

HTTP Headers

GET /assets/8a8375ab7908384e1fd6efe408284203.svg HTTP/1.1
Host: discordproxy.zavo.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://discordproxy.zavo.eu/
Cookie: __dcfduid=a140cd3003fa11eeb7e8cf3f5833ef74; __sdcfduid=a140cd3103fa11eeb7e8cf3f5833ef74a9b5cf02801626dfc084d52a96b7ccfd6b591fe1c4b6f0bbe7c775c016754186
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Mon, 05 Jun 2023 23:42:28 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 7d2c45b6bbc791d5-FRA
CF-Cache-Status: HIT
Access-Control-Allow-Origin: https://discord.com
Cache-Control: public, max-age=2592000
ETag: W/"8a8375ab7908384e1fd6efe408284203"
Last-Modified: Wed, 29 Mar 2023 20:09:32 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Vary: Origin, Accept-Encoding
Permissions-Policy: interest-cohort=()
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dnzRwC%2FhBUQYeAwc4pkV%2BNNimO9ivUrvuoS%2Bo1e1SGJpeOxNMMPpZLLfHkLExxigglodHifxYcWqX9%2FpFX50N0Jy2lBN9ow1PRf3kzbSGic%2B7mhpfgKu2xw9d5Tx"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Set-Cookie: __cfruid=a3431ba21d5c04ca8100b658e0c86a781667bba9-1686008548; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Content-Encoding: br
alt-svc: h3=":443"; ma=86400

discordproxy.zavo.eu/cdn-cgi/challenge-platform/h/g/scripts/pica.js

5.189.161.208

200 OK

3.1 kB

URL GET HTTP/1.1
discordproxy.zavo.eu/cdn-cgi/challenge-platform/h/g/scripts/pica.js
IP
5.189.161.208:443
ASN
#51167 Contabo GmbH

Requested by
https://discordproxy.zavo.eu/
Certificate
IssuerLet's Encrypt
Subjectdiscordproxy.zavo.eu
Fingerprint04:6A:2F:EE:57:1D:13:1C:32:B2:04:1C:62:15:73:98:8A:15:32:09
ValiditySun, 21 May 2023 19:03:07 GMT - Sat, 19 Aug 2023 19:03:06 GMT

File type
ASCII text, with very long lines (5636), with no line terminators
Size
3.1 kB (3089 bytes)
Hash
d9777c62b88f144980142edbcfe177b0
4facb7f2cf18cf3bb8178a02e6bf9bcfa6099603
6b058e7689f83e945c445060c3061d7d9f6ac40e0117ed77e0a932adb3f1189f

Detections

Analyzer	Verdict	Alert
openphish	Discord

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/scripts/pica.js HTTP/1.1
Host: discordproxy.zavo.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://discordproxy.zavo.eu/
Cookie: __dcfduid=a140cd3003fa11eeb7e8cf3f5833ef74; __sdcfduid=a140cd3103fa11eeb7e8cf3f5833ef74a9b5cf02801626dfc084d52a96b7ccfd6b591fe1c4b6f0bbe7c775c016754186
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Mon, 05 Jun 2023 23:42:28 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
x-content-type-options: nosniff
cache-control: max-age=14400, public
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XLR0WJexEUt7rCiEMiva3awUKmyfd8wz2oHtnHvNyVRQoKUgJ51mqz3tZD%2FIs9pgqOYc9TzzSWuHVlCGBBC0XQDutd2tBq36Pn%2FHMleirfpKEOxskZpXiOXcEHYo"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
CF-RAY: 7d2c45b6e9053a72-FRA
Content-Encoding: br
alt-svc: h3=":443"; ma=86400

discordproxy.zavo.eu/assets/980082c4328266be3342a03dcb37c432.woff2

5.189.161.208

200 OK

182 kB

URL GET HTTP/1.1
discordproxy.zavo.eu/assets/980082c4328266be3342a03dcb37c432.woff2
IP
5.189.161.208:443
ASN
#51167 Contabo GmbH

Requested by
https://discordproxy.zavo.eu/
Certificate
IssuerLet's Encrypt
Subjectdiscordproxy.zavo.eu
Fingerprint04:6A:2F:EE:57:1D:13:1C:32:B2:04:1C:62:15:73:98:8A:15:32:09
ValiditySun, 21 May 2023 19:03:07 GMT - Sat, 19 Aug 2023 19:03:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 181532, version 2.459\012- data
Size
182 kB (181532 bytes)
Hash
980082c4328266be3342a03dcb37c432
4179f54fd61655067a20a2b37224fde3d8e5024e
1b03dae61d613604b3d41d61cc4bc2e05f19bd27c7ff2638242f9036f2b8794e

Detections

Analyzer	Verdict	Alert
openphish	Discord

HTTP Headers

GET /assets/980082c4328266be3342a03dcb37c432.woff2 HTTP/1.1
Host: discordproxy.zavo.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://discordproxy.zavo.eu/assets/0.c47519b5668780f22629.css
Cookie: __dcfduid=a140cd3003fa11eeb7e8cf3f5833ef74; __sdcfduid=a140cd3103fa11eeb7e8cf3f5833ef74a9b5cf02801626dfc084d52a96b7ccfd6b591fe1c4b6f0bbe7c775c016754186
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Mon, 05 Jun 2023 23:42:28 GMT
Content-Type: font/woff2
Content-Length: 181532
Connection: keep-alive
CF-Ray: 7d2c45b6488f18df-FRA
CF-Cache-Status: HIT
Accept-Ranges: bytes
Access-Control-Allow-Origin: https://discord.com
Cache-Control: public, max-age=2592000
ETag: "980082c4328266be3342a03dcb37c432"
Last-Modified: Thu, 01 Dec 2022 20:06:54 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Vary: Origin, Accept-Encoding
Permissions-Policy: interest-cohort=()
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2TptUZYO5JsEWGbJNDAkt34yY9nyPj8hXIZP2f0jg38nPulQu3XiWwThmJDk3pvZ66JXQdSf7skMjDwv8bQuOvnuUFB%2FK0%2BLuhgKGyeacxBqn39aN1kXaBf6OSDT"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Set-Cookie: __cfruid=a3431ba21d5c04ca8100b658e0c86a781667bba9-1686008548; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
alt-svc: h3=":443"; ma=86400

discordproxy.zavo.eu/assets/c40c84ca18d84633a9d86b4046a91437.svg

5.189.161.208

200 OK

21 kB

URL GET HTTP/1.1
discordproxy.zavo.eu/assets/c40c84ca18d84633a9d86b4046a91437.svg
IP
5.189.161.208:443
ASN
#51167 Contabo GmbH

Requested by
https://discordproxy.zavo.eu/
Certificate
IssuerLet's Encrypt
Subjectdiscordproxy.zavo.eu
Fingerprint04:6A:2F:EE:57:1D:13:1C:32:B2:04:1C:62:15:73:98:8A:15:32:09
ValiditySun, 21 May 2023 19:03:07 GMT - Sat, 19 Aug 2023 19:03:06 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1169)
Size
21 kB (21213 bytes)
Hash
c40c84ca18d84633a9d86b4046a91437
5b82d7686f8ee989d13bbe54938ae94e64cc7db7
f19a3178d88ee8de6f4ef47c0e9992059457d91e24204e5beff9602c1179f99b

Detections

Analyzer	Verdict	Alert
openphish	Discord

HTTP Headers

GET /assets/c40c84ca18d84633a9d86b4046a91437.svg HTTP/1.1
Host: discordproxy.zavo.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://discordproxy.zavo.eu/
Cookie: __dcfduid=a140cd3003fa11eeb7e8cf3f5833ef74; __sdcfduid=a140cd3103fa11eeb7e8cf3f5833ef74a9b5cf02801626dfc084d52a96b7ccfd6b591fe1c4b6f0bbe7c775c016754186
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Mon, 05 Jun 2023 23:42:28 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 7d2c45b6eb861c0f-FRA
CF-Cache-Status: HIT
Access-Control-Allow-Origin: https://discord.com
Cache-Control: public, max-age=2592000
ETag: W/"c40c84ca18d84633a9d86b4046a91437"
Last-Modified: Wed, 29 Mar 2023 20:09:29 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Vary: Origin, Accept-Encoding
Permissions-Policy: interest-cohort=()
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ANUM54vcOt5EPUTEpLc5NBiUZ8OW8JNMDN7cTS7HsB3Cmhk%2FVelUyNaVsUyvC8VU8U%2FdnzhDY6q3QLDMDPGSkZQdlRfLf1TCVLt0njxw%2BXluabt4R8JXYDp5Hyef"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Set-Cookie: __cfruid=a3431ba21d5c04ca8100b658e0c86a781667bba9-1686008548; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Content-Encoding: br
alt-svc: h3=":443"; ma=86400

discordproxy.zavo.eu/assets/46b2132c01604c9493d558de444929f4.svg

5.189.161.208

200 OK

48 kB

URL GET HTTP/1.1
discordproxy.zavo.eu/assets/46b2132c01604c9493d558de444929f4.svg
IP
5.189.161.208:443
ASN
#51167 Contabo GmbH

Requested by
https://discordproxy.zavo.eu/
Certificate
IssuerLet's Encrypt
Subjectdiscordproxy.zavo.eu
Fingerprint04:6A:2F:EE:57:1D:13:1C:32:B2:04:1C:62:15:73:98:8A:15:32:09
ValiditySun, 21 May 2023 19:03:07 GMT - Sat, 19 Aug 2023 19:03:06 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1260)
Size
48 kB (48092 bytes)
Hash
46b2132c01604c9493d558de444929f4
a63d471cbfbdf09181d70f67f9a0b054f6d65b76
61ea1a1326a282c228ce7f5a3aa7d911e712d8cf568be619e512d33c7bafb22c

Detections

Analyzer	Verdict	Alert
openphish	Discord

HTTP Headers

GET /assets/46b2132c01604c9493d558de444929f4.svg HTTP/1.1
Host: discordproxy.zavo.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://discordproxy.zavo.eu/
Cookie: __dcfduid=a140cd3003fa11eeb7e8cf3f5833ef74; __sdcfduid=a140cd3103fa11eeb7e8cf3f5833ef74a9b5cf02801626dfc084d52a96b7ccfd6b591fe1c4b6f0bbe7c775c016754186
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Mon, 05 Jun 2023 23:42:28 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 7d2c45b6ef18365f-FRA
CF-Cache-Status: HIT
Access-Control-Allow-Origin: https://discord.com
Cache-Control: public, max-age=2592000
ETag: W/"46b2132c01604c9493d558de444929f4"
Last-Modified: Fri, 07 May 2021 17:25:22 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Vary: Origin, Accept-Encoding
Permissions-Policy: interest-cohort=()
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Hflg%2FgodH15OnpLWNk%2BI1G65HmCunGdLI8Qcwu12JqXcsH%2B0B%2FHdKzJLKhrijGYXgfoMh4gB%2Fb86KyqYhcwYgCVLzfVkTI7l%2BidnKHud%2FEzuZrMU3OELXfFi8Ki%2B"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Set-Cookie: __cfruid=a3431ba21d5c04ca8100b658e0c86a781667bba9-1686008548; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Content-Encoding: br
alt-svc: h3=":443"; ma=86400

discordproxy.zavo.eu/assets/a188414ce83f2454b9d71a47c3d95909.svg

5.189.161.208

200 OK

792 B

URL GET HTTP/1.1
discordproxy.zavo.eu/assets/a188414ce83f2454b9d71a47c3d95909.svg
IP
5.189.161.208:443
ASN
#51167 Contabo GmbH

Requested by
https://discordproxy.zavo.eu/
Certificate
IssuerLet's Encrypt
Subjectdiscordproxy.zavo.eu
Fingerprint04:6A:2F:EE:57:1D:13:1C:32:B2:04:1C:62:15:73:98:8A:15:32:09
ValiditySun, 21 May 2023 19:03:07 GMT - Sat, 19 Aug 2023 19:03:06 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (698)
Size
792 B (792 bytes)
Hash
a188414ce83f2454b9d71a47c3d95909
4749daec1bb855414543dad2d39bce25200fda84
d3dbc7bcd233bfac8173445517b5683e18f6ebad9d025493d37f3f26a8259b8a

Detections

Analyzer	Verdict	Alert
openphish	Discord

HTTP Headers

GET /assets/a188414ce83f2454b9d71a47c3d95909.svg HTTP/1.1
Host: discordproxy.zavo.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://discordproxy.zavo.eu/
Cookie: __dcfduid=a140cd3003fa11eeb7e8cf3f5833ef74; __sdcfduid=a140cd3103fa11eeb7e8cf3f5833ef74a9b5cf02801626dfc084d52a96b7ccfd6b591fe1c4b6f0bbe7c775c016754186
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Mon, 05 Jun 2023 23:42:29 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 7d2c45b75a1d1947-FRA
CF-Cache-Status: HIT
Access-Control-Allow-Origin: https://discord.com
Cache-Control: public, max-age=2592000
ETag: W/"a188414ce83f2454b9d71a47c3d95909"
Last-Modified: Tue, 23 Jun 2020 22:27:09 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Vary: Origin, Accept-Encoding
Permissions-Policy: interest-cohort=()
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=80uc5F3oD955FhtNcGd9UiHoGhqX9USPSOsVej6oqsbz%2FhmTCI%2FkVrfuNhMM5rNuP9GKiEuJkD60ent%2FdfCDUSoLuisBYQq6gXSJJnGcsaG1HYD7mXRSp449giMv"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Set-Cookie: __cfruid=f494a4f2abb6bb7f5b4d02b687229b89b2fd9cfd-1686008549; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Content-Encoding: br
alt-svc: h3=":443"; ma=86400

discordproxy.zavo.eu/assets/779a770c34fcb823a598a7277301adaf.svg

5.189.161.208

200 OK

147 B

URL GET HTTP/1.1
discordproxy.zavo.eu/assets/779a770c34fcb823a598a7277301adaf.svg
IP
5.189.161.208:443
ASN
#51167 Contabo GmbH

Requested by
https://discordproxy.zavo.eu/
Certificate
IssuerLet's Encrypt
Subjectdiscordproxy.zavo.eu
Fingerprint04:6A:2F:EE:57:1D:13:1C:32:B2:04:1C:62:15:73:98:8A:15:32:09
ValiditySun, 21 May 2023 19:03:07 GMT - Sat, 19 Aug 2023 19:03:06 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with no line terminators
Size
147 B (147 bytes)
Hash
779a770c34fcb823a598a7277301adaf
b5169ff4a1b4c56fdbf786e499036b9442b41a83
34141e9a95e611f7ba839276d4fbcf27228af1a3a903c2724098fab7df60d447

Detections

Analyzer	Verdict	Alert
openphish	Discord

HTTP Headers

GET /assets/779a770c34fcb823a598a7277301adaf.svg HTTP/1.1
Host: discordproxy.zavo.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://discordproxy.zavo.eu/
Cookie: __dcfduid=a140cd3003fa11eeb7e8cf3f5833ef74; __sdcfduid=a140cd3103fa11eeb7e8cf3f5833ef74a9b5cf02801626dfc084d52a96b7ccfd6b591fe1c4b6f0bbe7c775c016754186
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Mon, 05 Jun 2023 23:42:29 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 7d2c45b7689b9b33-FRA
CF-Cache-Status: HIT
Access-Control-Allow-Origin: https://discord.com
Cache-Control: public, max-age=2592000
ETag: W/"779a770c34fcb823a598a7277301adaf"
Last-Modified: Wed, 01 Apr 2020 21:34:09 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Vary: Origin, Accept-Encoding
Permissions-Policy: interest-cohort=()
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HpMdKG%2F54ipytq4phQqwnMEzsormjWZXGNw6GR1%2BaFW3dNF13cATYIk8BaOtxVPFsaeD0BnpuNhNwV8Uyehx8MRHa8GOee%2B8MOCsZg6P%2FiplNLRly%2BY5cBy5VcqD"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Set-Cookie: __cfruid=f494a4f2abb6bb7f5b4d02b687229b89b2fd9cfd-1686008549; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Content-Encoding: br
alt-svc: h3=":443"; ma=86400

discordproxy.zavo.eu/assets/oneTrust/v4/scripttemplates/6.33.0/otBannerSdk.js

5.189.161.208

200 OK

79 kB

URL GET HTTP/1.1
discordproxy.zavo.eu/assets/oneTrust/v4/scripttemplates/6.33.0/otBannerSdk.js
IP
5.189.161.208:443
ASN
#51167 Contabo GmbH

Requested by
https://discordproxy.zavo.eu/
Certificate
IssuerLet's Encrypt
Subjectdiscordproxy.zavo.eu
Fingerprint04:6A:2F:EE:57:1D:13:1C:32:B2:04:1C:62:15:73:98:8A:15:32:09
ValiditySun, 21 May 2023 19:03:07 GMT - Sat, 19 Aug 2023 19:03:06 GMT

File type
ASCII text, with very long lines (65455)
Size
79 kB (79038 bytes)
Hash
656a4fd9013f905080debdd038f06b94
6843484ea4be1a3415ea554bb8b7aaa6e311554a
0152531ece5b19aa743208c31fd9f9284282bc97a2ec666de5cf770a9aeee0fa

Detections

Analyzer	Verdict	Alert
openphish	Discord

HTTP Headers

GET /assets/oneTrust/v4/scripttemplates/6.33.0/otBannerSdk.js HTTP/1.1
Host: discordproxy.zavo.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://discordproxy.zavo.eu/
Cookie: __dcfduid=a140cd3003fa11eeb7e8cf3f5833ef74; __sdcfduid=a140cd3103fa11eeb7e8cf3f5833ef74a9b5cf02801626dfc084d52a96b7ccfd6b591fe1c4b6f0bbe7c775c016754186
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Mon, 05 Jun 2023 23:42:29 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 7d2c45b7ad9e19a9-FRA
CF-Cache-Status: HIT
Access-Control-Allow-Origin: https://discord.com
Cache-Control: public, max-age=2592000
ETag: W/"656a4fd9013f905080debdd038f06b94"
Last-Modified: Tue, 19 Apr 2022 21:08:45 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Vary: Origin, Accept-Encoding
Permissions-Policy: interest-cohort=()
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5cwWznH4fyfNrelJIxTrhV7N93OyBE1PzaWqrEYiZAO8dwhiSJACnvWKF7NUDuzE2WIOOfpvAgL7QMJXFlJg9yYbkY52ESduUnNjjl%2B1mDHnNY%2Fhd%2FLD5gl26DUS"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Set-Cookie: __cfruid=f494a4f2abb6bb7f5b4d02b687229b89b2fd9cfd-1686008549; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Content-Encoding: br
alt-svc: h3=":443"; ma=86400

discordproxy.zavo.eu/assets/13610c6bf22c3c298b1c.js

5.189.161.208

200 OK

1.9 MB

URL GET HTTP/1.1
discordproxy.zavo.eu/assets/13610c6bf22c3c298b1c.js
IP
5.189.161.208:443
ASN
#51167 Contabo GmbH

Requested by
https://discordproxy.zavo.eu/
Certificate
IssuerLet's Encrypt
Subjectdiscordproxy.zavo.eu
Fingerprint04:6A:2F:EE:57:1D:13:1C:32:B2:04:1C:62:15:73:98:8A:15:32:09
ValiditySun, 21 May 2023 19:03:07 GMT - Sat, 19 Aug 2023 19:03:06 GMT

File type
ASCII text, with very long lines (1000)
Size
1.9 MB (1850690 bytes)
Hash
6862a75144e860ae2611e7a7d55ddced
3c7856c4bcf74ad6ea967453ebb6eb0ee3298bc5
49caceded55f4effcfa68ccd087c293f50b1c7af6f4e4d7b8144e6db1d603d7c

Detections

Analyzer	Verdict	Alert
openphish	Discord

HTTP Headers

GET /assets/13610c6bf22c3c298b1c.js HTTP/1.1
Host: discordproxy.zavo.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://discordproxy.zavo.eu/
Cookie: __dcfduid=a140cd3003fa11eeb7e8cf3f5833ef74; __sdcfduid=a140cd3103fa11eeb7e8cf3f5833ef74a9b5cf02801626dfc084d52a96b7ccfd6b591fe1c4b6f0bbe7c775c016754186
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Mon, 05 Jun 2023 23:42:28 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 7d2c45b2d8893764-FRA
CF-Cache-Status: HIT
Access-Control-Allow-Origin: https://discord.com
Cache-Control: public, max-age=2592000
ETag: W/"6862a75144e860ae2611e7a7d55ddced"
Last-Modified: Fri, 19 May 2023 18:07:28 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Vary: Origin, Accept-Encoding
Permissions-Policy: interest-cohort=()
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DxsNCb0RAJ%2FHNQ1GZS4WyoKjibSRutLtE5xF8XgXvx632jqGpf2eqjqWnPCd0pBqWBkZpyd%2F5%2Fncr83Jm8t%2FdaKtNo5x7Y6vJlgX3ngieYXtZnhVE1hTiVs8o8Qd"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Set-Cookie: __cfruid=a3431ba21d5c04ca8100b658e0c86a781667bba9-1686008548; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Content-Encoding: br
alt-svc: h3=":443"; ma=86400

discordproxy.zavo.eu/assets/847541504914fd33810e70a0ea73177e.ico

5.189.161.208

200 OK

11 kB

URL GET HTTP/1.1
discordproxy.zavo.eu/assets/847541504914fd33810e70a0ea73177e.ico
IP
5.189.161.208:443
ASN
#51167 Contabo GmbH

Requested by
https://discordproxy.zavo.eu/
Certificate
IssuerLet's Encrypt
Subjectdiscordproxy.zavo.eu
Fingerprint04:6A:2F:EE:57:1D:13:1C:32:B2:04:1C:62:15:73:98:8A:15:32:09
ValiditySun, 21 May 2023 19:03:07 GMT - Sat, 19 Aug 2023 19:03:06 GMT

File type
MS Windows icon resource - 4 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Size
11 kB (10623 bytes)
Hash
847541504914fd33810e70a0ea73177e
84b82d07b293907113d9d4dafd29bfa170bbf9b6
0ff2884845f93cd730470ad755f5c38d334e6976ad59c8016b1353b8e30e64f8

Detections

Analyzer	Verdict	Alert
openphish	Discord

HTTP Headers

GET /assets/847541504914fd33810e70a0ea73177e.ico HTTP/1.1
Host: discordproxy.zavo.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://discordproxy.zavo.eu/
Cookie: __dcfduid=a140cd3003fa11eeb7e8cf3f5833ef74; __sdcfduid=a140cd3103fa11eeb7e8cf3f5833ef74a9b5cf02801626dfc084d52a96b7ccfd6b591fe1c4b6f0bbe7c775c016754186
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Mon, 05 Jun 2023 23:42:29 GMT
Content-Type: image/vnd.microsoft.icon
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 7d2c45b93bea9043-FRA
CF-Cache-Status: HIT
Access-Control-Allow-Origin: https://discord.com
Cache-Control: public, max-age=2592000
ETag: W/"847541504914fd33810e70a0ea73177e"
Last-Modified: Wed, 28 Apr 2021 21:33:57 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Vary: Origin, Accept-Encoding
Permissions-Policy: interest-cohort=()
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F%2F1HADSQRzZO2PhgvPXJOuTDMuNhk6B8s8KvILAPpsBkE6LKSPRdazuyOkekYZcuiM4mDzq1zOQkRR%2B8fSbTzaTMcPfBg4YN04UlGNvfU5IMNTakxHFqKGFFR3yb"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Set-Cookie: __cfruid=f494a4f2abb6bb7f5b4d02b687229b89b2fd9cfd-1686008549; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Content-Encoding: br
alt-svc: h3=":443"; ma=86400

discordproxy.zavo.eu/cdn-cgi/challenge-platform/h/g/cv/result/7d2c45af1fe99b95

5.189.161.208

200 OK

6 B

URL POST HTTP/1.1
discordproxy.zavo.eu/cdn-cgi/challenge-platform/h/g/cv/result/7d2c45af1fe99b95
IP
5.189.161.208:443
ASN
#51167 Contabo GmbH

Requested by
https://discordproxy.zavo.eu/
Certificate
IssuerLet's Encrypt
Subjectdiscordproxy.zavo.eu
Fingerprint04:6A:2F:EE:57:1D:13:1C:32:B2:04:1C:62:15:73:98:8A:15:32:09
ValiditySun, 21 May 2023 19:03:07 GMT - Sat, 19 Aug 2023 19:03:06 GMT

File type
ASCII text, with no line terminators
Size
6 B (6 bytes)
Hash
444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Detections

Analyzer	Verdict	Alert
openphish	Discord

HTTP Headers

POST /cdn-cgi/challenge-platform/h/g/cv/result/7d2c45af1fe99b95 HTTP/1.1
Host: discordproxy.zavo.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 12383
Origin: https://discordproxy.zavo.eu
DNT: 1
Connection: keep-alive
Referer: https://discordproxy.zavo.eu/
Cookie: __dcfduid=a140cd3003fa11eeb7e8cf3f5833ef74; __sdcfduid=a140cd3103fa11eeb7e8cf3f5833ef74a9b5cf02801626dfc084d52a96b7ccfd6b591fe1c4b6f0bbe7c775c016754186
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Mon, 05 Jun 2023 23:42:29 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cf_bm=Nh20TAigyKPvCtdnzXqJX3chUlr9.614oLIkcLupth4-1686008549-0-Ae4/30uNh1MNcdOfjUIB3+VR2fH+FqdQ9NeLbnI0diZP7Aya6pI+I21o9+AzKqrR/+AL+Eg61BBPQEVFOxKkOi3lK0iEfrZffC7BeYbvfmQu; path=/; expires=Tue, 06-Jun-23 00:12:29 GMT; domain=.discord.com; HttpOnly; Secure; SameSite=None
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bRCe2SKIrjLd2YZVZZtPMEEWevP8VyoBJ7ZrX49o2NYu6SLQbD3ZOEwULLxgrr0F6ENDqOiScEblVXeK5AxwjuxmNxJcnYgyzPPSqZzHImQZb1Rw6osK8oIoeBrQ"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-RAY: 7d2c45b95f9e5b7a-FRA
Content-Encoding: br
alt-svc: h3=":443"; ma=86400

discordproxy.zavo.eu/assets/oneTrust/v4/consent/04da1d72-0626-4fff-b3c6-150c719cc115/8daa7890-435c-48f7-bd01-7768ea5f9ebf/en.json

5.189.161.208

200 OK

8.6 kB

URL GET HTTP/1.1
discordproxy.zavo.eu/assets/oneTrust/v4/consent/04da1d72-0626-4fff-b3c6-150c719cc115/8daa7890-435c-48f7-bd01-7768ea5f9ebf/en.json
IP
5.189.161.208:443
ASN
#51167 Contabo GmbH

Requested by
https://discordproxy.zavo.eu/
Certificate
IssuerLet's Encrypt
Subjectdiscordproxy.zavo.eu
Fingerprint04:6A:2F:EE:57:1D:13:1C:32:B2:04:1C:62:15:73:98:8A:15:32:09
ValiditySun, 21 May 2023 19:03:07 GMT - Sat, 19 Aug 2023 19:03:06 GMT

File type
JSON data\012- HTML document, Unicode text, UTF-8 text, with very long lines (36351), with no line terminators
Size
8.6 kB (8645 bytes)
Hash
e1b97dfa18acc4f22dadfb16d5454bf4
5e77ac9b5a3191bc9dbc1692fbe2499b71a61fb1
a97cbbfee0f2a0f093a51d6a3e732a76c36848cc481a21c0c96da60d3c72258f

Detections

Analyzer	Verdict	Alert
openphish	Discord

HTTP Headers

GET /assets/oneTrust/v4/consent/04da1d72-0626-4fff-b3c6-150c719cc115/8daa7890-435c-48f7-bd01-7768ea5f9ebf/en.json HTTP/1.1
Host: discordproxy.zavo.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://discordproxy.zavo.eu/
DNT: 1
Connection: keep-alive
Cookie: __dcfduid=a140cd3003fa11eeb7e8cf3f5833ef74; __sdcfduid=a140cd3103fa11eeb7e8cf3f5833ef74a9b5cf02801626dfc084d52a96b7ccfd6b591fe1c4b6f0bbe7c775c016754186
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Mon, 05 Jun 2023 23:42:29 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 7d2c45b9ca9e9c07-FRA
CF-Cache-Status: HIT
Access-Control-Allow-Origin: https://discord.com
Cache-Control: public, max-age=2592000
ETag: W/"e1b97dfa18acc4f22dadfb16d5454bf4"
Last-Modified: Tue, 19 Apr 2022 21:08:45 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Vary: Origin, Accept-Encoding
Permissions-Policy: interest-cohort=()
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ju7E%2FptQ9FN6pQBTiWl%2BHlVw47NoZINQhEksyymw0TroXgY8QyNWFQ3%2BPK8YCjBvliwSbweldlt%2Fw1FRZIxj73CVH86B37NovP%2B0yy5moQEZh9tjOCIt4ohht2M2"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Set-Cookie: __cfruid=f494a4f2abb6bb7f5b4d02b687229b89b2fd9cfd-1686008549; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Content-Encoding: br
alt-svc: h3=":443"; ma=86400

discordproxy.zavo.eu/assets/oneTrust/v4/scripttemplates/6.33.0/assets/otFlat.json

5.189.161.208

200 OK

3.1 kB

URL GET HTTP/1.1
discordproxy.zavo.eu/assets/oneTrust/v4/scripttemplates/6.33.0/assets/otFlat.json
IP
5.189.161.208:443
ASN
#51167 Contabo GmbH

Requested by
https://discordproxy.zavo.eu/
Certificate
IssuerLet's Encrypt
Subjectdiscordproxy.zavo.eu
Fingerprint04:6A:2F:EE:57:1D:13:1C:32:B2:04:1C:62:15:73:98:8A:15:32:09
ValiditySun, 21 May 2023 19:03:07 GMT - Sat, 19 Aug 2023 19:03:06 GMT

File type
JSON data\012- , ASCII text, with very long lines (10856)
Size
3.1 kB (3108 bytes)
Hash
803b2c8a7143c1fae821a92911644919
4499b1ab1361d38c38044f0707f4bff0cc36fcd6
8ae30f6f2162279a812bf9e00efd0c985e20e76efece9444125b410f3a6822a6

Detections

Analyzer	Verdict	Alert
openphish	Discord

HTTP Headers

GET /assets/oneTrust/v4/scripttemplates/6.33.0/assets/otFlat.json HTTP/1.1
Host: discordproxy.zavo.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://discordproxy.zavo.eu/
DNT: 1
Connection: keep-alive
Cookie: __dcfduid=a140cd3003fa11eeb7e8cf3f5833ef74; __sdcfduid=a140cd3103fa11eeb7e8cf3f5833ef74a9b5cf02801626dfc084d52a96b7ccfd6b591fe1c4b6f0bbe7c775c016754186
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Mon, 05 Jun 2023 23:42:29 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 7d2c45bafbaebbb5-FRA
CF-Cache-Status: HIT
Access-Control-Allow-Origin: https://discord.com
Cache-Control: public, max-age=2592000
ETag: W/"803b2c8a7143c1fae821a92911644919"
Last-Modified: Wed, 29 Mar 2023 20:09:37 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Vary: Origin, Accept-Encoding
Permissions-Policy: interest-cohort=()
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jMTzVR34xTvtIhp5XsRU9ObTvELxVb3pOagk38o%2BmEXtQMWC6phYyUXI6sa%2FYL2UWrR2dTztvYmESujBnTJu60AFiJB%2F79gz2xAYXfBrdsAWIlqU6XUt3N93kKb0"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Set-Cookie: __cfruid=f494a4f2abb6bb7f5b4d02b687229b89b2fd9cfd-1686008549; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Content-Encoding: br
alt-svc: h3=":443"; ma=86400

discordproxy.zavo.eu/assets/oneTrust/v4/scripttemplates/6.33.0/assets/otCommonStyles.css

5.189.161.208

200 OK

4.3 kB

URL GET HTTP/1.1
discordproxy.zavo.eu/assets/oneTrust/v4/scripttemplates/6.33.0/assets/otCommonStyles.css
IP
5.189.161.208:443
ASN
#51167 Contabo GmbH

Requested by
https://discordproxy.zavo.eu/
Certificate
IssuerLet's Encrypt
Subjectdiscordproxy.zavo.eu
Fingerprint04:6A:2F:EE:57:1D:13:1C:32:B2:04:1C:62:15:73:98:8A:15:32:09
ValiditySun, 21 May 2023 19:03:07 GMT - Sat, 19 Aug 2023 19:03:06 GMT

File type
ASCII text, with very long lines (11123)
Size
4.3 kB (4279 bytes)
Hash
487143b593b69c366e88f0d6f37a7521
24c38c758bd6ec62b838e5e9fb4a3d7a9e2acb17
8edbd08b9bb87f815ad871e44aae03af609fc44b1961d608e94eff3f4e010375

Detections

Analyzer	Verdict	Alert
openphish	Discord

HTTP Headers

GET /assets/oneTrust/v4/scripttemplates/6.33.0/assets/otCommonStyles.css HTTP/1.1
Host: discordproxy.zavo.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://discordproxy.zavo.eu/
DNT: 1
Connection: keep-alive
Cookie: __dcfduid=a140cd3003fa11eeb7e8cf3f5833ef74; __sdcfduid=a140cd3103fa11eeb7e8cf3f5833ef74a9b5cf02801626dfc084d52a96b7ccfd6b591fe1c4b6f0bbe7c775c016754186
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Mon, 05 Jun 2023 23:42:29 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 7d2c45baf9083834-FRA
CF-Cache-Status: HIT
Access-Control-Allow-Origin: https://discord.com
Cache-Control: public, max-age=2592000
ETag: W/"487143b593b69c366e88f0d6f37a7521"
Last-Modified: Thu, 28 Jul 2022 23:37:06 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Vary: Origin, Accept-Encoding
Permissions-Policy: interest-cohort=()
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kiUoneFUPZ1xa8Syz9Dkve9fL%2BazUHYkLTg06hsbNbMlM%2BcieRBb1x0W0%2F3fVukg%2FqqSjoa0dyPQaW7OLEVNYJEHm42W0HTQa1Nm57TrP%2BS8kuBUJbPLI%2BszXDAm"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Set-Cookie: __cfruid=f494a4f2abb6bb7f5b4d02b687229b89b2fd9cfd-1686008549; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Content-Encoding: br
alt-svc: h3=":443"; ma=86400

discordproxy.zavo.eu/assets/e6d6b255259ac878d00819a9555072ad.png

5.189.161.208

200 OK

288 B

URL GET HTTP/1.1
discordproxy.zavo.eu/assets/e6d6b255259ac878d00819a9555072ad.png
IP
5.189.161.208:443
ASN
#51167 Contabo GmbH

Requested by
https://discordproxy.zavo.eu/
Certificate
IssuerLet's Encrypt
Subjectdiscordproxy.zavo.eu
Fingerprint04:6A:2F:EE:57:1D:13:1C:32:B2:04:1C:62:15:73:98:8A:15:32:09
ValiditySun, 21 May 2023 19:03:07 GMT - Sat, 19 Aug 2023 19:03:06 GMT

File type
PNG image data, 70 x 47, 8-bit/color RGBA, non-interlaced\012- data
Size
288 B (288 bytes)
Hash
e6d6b255259ac878d00819a9555072ad
6beb12d36acbad79743495aef581891a1ff4f5f5
21d34772ed80c8be7ab9e7338498bdfe2f66c77b61542cc48e103fd77ecd7f60

Detections

Analyzer	Verdict	Alert
openphish	Discord

HTTP Headers

GET /assets/e6d6b255259ac878d00819a9555072ad.png HTTP/1.1
Host: discordproxy.zavo.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://discordproxy.zavo.eu/
Cookie: __dcfduid=a140cd3003fa11eeb7e8cf3f5833ef74; __sdcfduid=a140cd3103fa11eeb7e8cf3f5833ef74a9b5cf02801626dfc084d52a96b7ccfd6b591fe1c4b6f0bbe7c775c016754186; locale=en-US
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Mon, 05 Jun 2023 23:42:29 GMT
Content-Type: image/png
Content-Length: 288
Connection: keep-alive
CF-Ray: 7d2c45bccafb1e18-FRA
CF-Cache-Status: HIT
Accept-Ranges: bytes
Access-Control-Allow-Origin: https://discord.com
Cache-Control: public, max-age=2592000
ETag: "e6d6b255259ac878d00819a9555072ad"
Last-Modified: Fri, 20 May 2022 22:11:58 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Vary: Origin, Accept-Encoding
Permissions-Policy: interest-cohort=()
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BQH3vlpE22Iu8zv%2FbP%2Bc4PWwmD2E87pctKebmjRj2azRIBINNbR7o5HoBnaXwvlRXnpS7ZWa%2F3Xfx9%2BBaaVHkWnnWOs99UKj13boHDfHk%2FN334far35FsTunKH6Y"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Set-Cookie: __cfruid=f494a4f2abb6bb7f5b4d02b687229b89b2fd9cfd-1686008549; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
alt-svc: h3=":443"; ma=86400

discord.com/api/v9/users/@me?with_analytics_token=true

162.159.137.232

200 OK

43 B

URL OPTIONS HTTP/2
discord.com/api/v9/users/@me?with_analytics_token=true
IP
162.159.137.232:443
ASN
#13335 CLOUDFLARENET

Requested by
https://discordproxy.zavo.eu/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintA3:EA:27:1A:3D:E8:8C:05:5E:1C:C8:1D:59:0E:D2:F2:A1:76:4D:2E
ValiditySat, 19 Nov 2022 00:00:00 GMT - Sun, 19 Nov 2023 23:59:59 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
43 B (43 bytes)
Hash
041912d109d349cf8c39ccccc812126a
d677b242a21df8bb9d696998193de662b96a9ff0
774085c73d7aeecdd59894443d83d16b7e4e731c89420ca9f7356a5c9c928056

HTTP Headers

GET /api/v9/users/@me?with_analytics_token=true HTTP/1.1
Host: discord.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Track: eyJvcyI6IkxpbnV4IiwiYnJvd3NlciI6IkZpcmVmb3giLCJkZXZpY2UiOiIiLCJzeXN0ZW1fbG9jYWxlIjoiZW4tVVMiLCJicm93c2VyX3VzZXJfYWdlbnQiOiJNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQ7IHJ2OjEwOS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzExMS4wIiwiYnJvd3Nlcl92ZXJzaW9uIjoiMTExLjAiLCJvc192ZXJzaW9uIjoiIiwicmVmZXJyZXIiOiIiLCJyZWZlcnJpbmdfZG9tYWluIjoiIiwicmVmZXJyZXJfY3VycmVudCI6IiIsInJlZmVycmluZ19kb21haW5fY3VycmVudCI6IiIsInJlbGVhc2VfY2hhbm5lbCI6InN0YWJsZSIsImNsaWVudF9idWlsZF9udW1iZXIiOjk5OTksImNsaWVudF9ldmVudF9zb3VyY2UiOm51bGx9
Origin: https://discordproxy.zavo.eu
DNT: 1
Connection: keep-alive
Referer: https://discordproxy.zavo.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 401 Unauthorized
date: Mon, 05 Jun 2023 23:42:30 GMT
content-type: application/json
content-length: 43
access-control-allow-origin: https://discordproxy.zavo.eu
access-control-allow-credentials: true
access-control-allow-methods: POST, GET, PUT, PATCH, DELETE
access-control-allow-headers: Content-Type, Authorization, X-Audit-Log-Reason, X-Track, X-Super-Properties, X-Context-Properties, X-Failed-Requests, X-Fingerprint, X-RPC-Proxy, X-Discord-Locale, X-Discord-Timezone, X-Debug-Options, x-client-trace-id, If-None-Match, X-Captcha-Key, X-Captcha-Rqtoken, X-Discord-MFA-Authorization, Range, X-RateLimit-Precision
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uNbUjNboFK2Ux1i9zijvz69U%2Bi7ZW1saYjcdzg4r%2F2V%2FoOW3YFb4opiZwcB8vJHCjwMqFx1xP3%2BYObCMhF0g%2BHj6HVeULlUIXtYrV5rL4CGq1AJsMTTJnUq0mdqc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
set-cookie: __dcfduid=a2a9a8b803fa11eeb4711e8a9dc0b380; Expires=Sat, 03-Jun-2028 23:42:30 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/
__sdcfduid=a2a9a8b803fa11eeb4711e8a9dc0b380bca6c2745c07da410f4b817ffeb62ef9ee999ba0399cb1a5c7621453d06cbc7a; Expires=Sat, 03-Jun-2028 23:42:30 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/
__cfruid=6dee195949d3b6cd639d90e4f04ad3cfe48b23b4-1686008550; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
content-security-policy: frame-ancestors 'none'; default-src 'none'
server: cloudflare
cf-ray: 7d2c45bd8c9cb4f3-OSL
X-Firefox-Spdy: h2

discord.com/api/v9/science

162.159.137.232

200 OK

0 B

URL OPTIONS HTTP/2
discord.com/api/v9/science
IP
162.159.137.232:443
ASN
#13335 CLOUDFLARENET

Requested by
https://discordproxy.zavo.eu/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintA3:EA:27:1A:3D:E8:8C:05:5E:1C:C8:1D:59:0E:D2:F2:A1:76:4D:2E
ValiditySat, 19 Nov 2022 00:00:00 GMT - Sun, 19 Nov 2023 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /api/v9/science HTTP/1.1
Host: discord.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-fingerprint,x-track
Referer: https://discordproxy.zavo.eu/
Origin: https://discordproxy.zavo.eu
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 05 Jun 2023 23:42:30 GMT
content-length: 0
access-control-allow-origin: https://discordproxy.zavo.eu
access-control-max-age: 3600
access-control-allow-headers: content-type,x-fingerprint,x-track
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST
via: 1.1 google
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0qDqE5Y6KI%2BwExVFMXpJJjleq1wVFp05ug%2F2wiT%2B5rHJqZtplNpXzCUmbdAxTTtuv28laRIkOlyhhJcPAcGTdeErJuM81rrtD4yiMQrXG1uHU14boSl2JcT4RPpO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
set-cookie: __cfruid=6dee195949d3b6cd639d90e4f04ad3cfe48b23b4-1686008550; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
content-security-policy: frame-ancestors 'none'; default-src 'none'
server: cloudflare
cf-ray: 7d2c45be6d37b4f3-OSL
X-Firefox-Spdy: h2

discord.com/api/v9/auth/location-metadata

162.159.137.232

200 OK

2.8 kB

URL GET HTTP/2
discord.com/api/v9/auth/location-metadata
IP
162.159.137.232:443
ASN
#13335 CLOUDFLARENET

Requested by
https://discordproxy.zavo.eu/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintA3:EA:27:1A:3D:E8:8C:05:5E:1C:C8:1D:59:0E:D2:F2:A1:76:4D:2E
ValiditySat, 19 Nov 2022 00:00:00 GMT - Sun, 19 Nov 2023 23:59:59 GMT

File type
data
Size
2.8 kB (2797 bytes)
Hash
334863988f30665f208d0386564302d4
1b009319293bcd45c668e6025c191d9c01e0dbed
0c28f81ccf302b05c5ae41fc94d24e89932d5adb270cf1f5a5512a0d5b6848ff

HTTP Headers

OPTIONS /api/v9/auth/location-metadata HTTP/1.1
Host: discord.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-track
Referer: https://discordproxy.zavo.eu/
Origin: https://discordproxy.zavo.eu
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 05 Jun 2023 23:42:29 GMT
content-type: text/html; charset=utf-8
allow: HEAD, GET, OPTIONS
access-control-allow-origin: https://discordproxy.zavo.eu
access-control-allow-credentials: true
access-control-allow-methods: POST, GET, PUT, PATCH, DELETE
access-control-allow-headers: Content-Type, Authorization, X-Audit-Log-Reason, X-Track, X-Super-Properties, X-Context-Properties, X-Failed-Requests, X-Fingerprint, X-RPC-Proxy, X-Discord-Locale, X-Discord-Timezone, X-Debug-Options, x-client-trace-id, If-None-Match, X-Captcha-Key, X-Captcha-Rqtoken, X-Discord-MFA-Authorization, Range, X-RateLimit-Precision
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AX6L2sYFhM5ef3DgFfoZuUCHv8Ig3xWWohV8cFv5%2BdKJUSo%2Bz0IpVwgIvKARBKLazOctPJJG6Oj7hU8w0iQW9f5s6ujhGTqQ1mnB2Wo8HaQc9yvEtyUK%2BRAJio7R"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
set-cookie: __dcfduid=a2917d1003fa11eea427b69a9bfa8c4c; Expires=Sat, 03-Jun-2028 23:42:29 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/
__sdcfduid=a2917d1003fa11eea427b69a9bfa8c4c531d1bdbbed8d0c9e21ae1cd88bd1299537e4fed1d4555f9788b1596ac3e6893; Expires=Sat, 03-Jun-2028 23:42:29 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/
__cfruid=b61274c1564be17188f098123c8c78781eff6010-1686008549; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
content-security-policy: frame-ancestors 'none'; default-src 'none'
server: cloudflare
cf-ray: 7d2c45bc7ba9b4f3-OSL
content-encoding: br
X-Firefox-Spdy: h2

discordproxy.zavo.eu/assets/ab6b85947fdc029972fc.js

5.189.161.208

200 OK

6.3 kB

URL GET HTTP/1.1
discordproxy.zavo.eu/assets/ab6b85947fdc029972fc.js
IP
5.189.161.208:443
ASN
#51167 Contabo GmbH

Requested by
https://discordproxy.zavo.eu/
Certificate
IssuerLet's Encrypt
Subjectdiscordproxy.zavo.eu
Fingerprint04:6A:2F:EE:57:1D:13:1C:32:B2:04:1C:62:15:73:98:8A:15:32:09
ValiditySun, 21 May 2023 19:03:07 GMT - Sat, 19 Aug 2023 19:03:06 GMT

File type
ASCII text, with very long lines (1000)
Size
6.3 kB (6279 bytes)
Hash
36295d596d24d4c1e90ae336e50b80df
2952cc373ed1408eeb91eb927b5ff6a96a296970
c8fce93be1c2c96540cc08877974ace7c0120221e30e357c437937820679425b

Detections

Analyzer	Verdict	Alert
openphish	Discord

HTTP Headers

GET /assets/ab6b85947fdc029972fc.js HTTP/1.1
Host: discordproxy.zavo.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://discordproxy.zavo.eu/
Cookie: __dcfduid=a140cd3003fa11eeb7e8cf3f5833ef74; __sdcfduid=a140cd3103fa11eeb7e8cf3f5833ef74a9b5cf02801626dfc084d52a96b7ccfd6b591fe1c4b6f0bbe7c775c016754186; locale=en-US
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Mon, 05 Jun 2023 23:42:30 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 7d2c45bf48c65c80-FRA
CF-Cache-Status: HIT
Access-Control-Allow-Origin: https://discord.com
Cache-Control: public, max-age=2592000
ETag: W/"36295d596d24d4c1e90ae336e50b80df"
Last-Modified: Thu, 18 May 2023 17:24:28 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Vary: Origin, Accept-Encoding
Permissions-Policy: interest-cohort=()
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FWI%2B3INvCIVRe4n4wZ5xUb0tbAH58s5crgPbia5HXyz4DlebR6Q15F1a0nXmNUmPHiB%2BRd7b4j93dG7YxRYyt%2BsCS1WyC1R%2BKev2s4NOmWk7Kh%2FERpso6D6uIH9f"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Set-Cookie: __cfruid=8584b4d45037327f108e948c5f962f892decf974-1686008550; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Content-Encoding: br
alt-svc: h3=":443"; ma=86400

discord.com/api/v9/science

162.159.137.232

200 OK

0 B

URL OPTIONS HTTP/2
discord.com/api/v9/science
IP
162.159.137.232:443
ASN
#13335 CLOUDFLARENET

Requested by
https://discordproxy.zavo.eu/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintA3:EA:27:1A:3D:E8:8C:05:5E:1C:C8:1D:59:0E:D2:F2:A1:76:4D:2E
ValiditySat, 19 Nov 2022 00:00:00 GMT - Sun, 19 Nov 2023 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /api/v9/science HTTP/1.1
Host: discord.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
X-Track: eyJvcyI6IkxpbnV4IiwiYnJvd3NlciI6IkZpcmVmb3giLCJkZXZpY2UiOiIiLCJzeXN0ZW1fbG9jYWxlIjoiZW4tVVMiLCJicm93c2VyX3VzZXJfYWdlbnQiOiJNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQ7IHJ2OjEwOS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzExMS4wIiwiYnJvd3Nlcl92ZXJzaW9uIjoiMTExLjAiLCJvc192ZXJzaW9uIjoiIiwicmVmZXJyZXIiOiIiLCJyZWZlcnJpbmdfZG9tYWluIjoiIiwicmVmZXJyZXJfY3VycmVudCI6IiIsInJlZmVycmluZ19kb21haW5fY3VycmVudCI6IiIsInJlbGVhc2VfY2hhbm5lbCI6InN0YWJsZSIsImNsaWVudF9idWlsZF9udW1iZXIiOjk5OTksImNsaWVudF9ldmVudF9zb3VyY2UiOm51bGx9
X-Fingerprint: 1115425446109118495.gOqkdn2jYMibfzcrdT7cCZJcTAs
Content-Length: 348
Origin: https://discordproxy.zavo.eu
DNT: 1
Connection: keep-alive
Referer: https://discordproxy.zavo.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Mon, 05 Jun 2023 23:42:30 GMT
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://discordproxy.zavo.eu
via: 1.1 google
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HIKMrPzk%2BhZrL%2B09yXijYwzdkTQvi33XWv56EUUj89AgMfeii%2BmEW7Qz%2F9RwNfw52Rq6Vlmvi89PirybjdBaDXH76Jton4ijJnNhljBEUuDfpdqW63Cu9iqx40dK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
set-cookie: __cfruid=6dee195949d3b6cd639d90e4f04ad3cfe48b23b4-1686008550; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
content-security-policy: frame-ancestors 'none'; default-src 'none'
server: cloudflare
cf-ray: 7d2c45bf398cb51d-OSL

discord.com/api/v9/track/ott

162.159.137.232

204 No Content

0 B

URL POST HTTP/3
discord.com/api/v9/track/ott
IP
162.159.137.232:443
ASN
#13335 CLOUDFLARENET

Requested by
https://discordproxy.zavo.eu/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintA3:EA:27:1A:3D:E8:8C:05:5E:1C:C8:1D:59:0E:D2:F2:A1:76:4D:2E
ValiditySat, 19 Nov 2022 00:00:00 GMT - Sun, 19 Nov 2023 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /api/v9/track/ott HTTP/1.1
Host: discord.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
X-Track: eyJvcyI6IkxpbnV4IiwiYnJvd3NlciI6IkZpcmVmb3giLCJkZXZpY2UiOiIiLCJzeXN0ZW1fbG9jYWxlIjoiZW4tVVMiLCJicm93c2VyX3VzZXJfYWdlbnQiOiJNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQ7IHJ2OjEwOS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzExMS4wIiwiYnJvd3Nlcl92ZXJzaW9uIjoiMTExLjAiLCJvc192ZXJzaW9uIjoiIiwicmVmZXJyZXIiOiIiLCJyZWZlcnJpbmdfZG9tYWluIjoiIiwicmVmZXJyZXJfY3VycmVudCI6IiIsInJlZmVycmluZ19kb21haW5fY3VycmVudCI6IiIsInJlbGVhc2VfY2hhbm5lbCI6InN0YWJsZSIsImNsaWVudF9idWlsZF9udW1iZXIiOjk5OTksImNsaWVudF9ldmVudF9zb3VyY2UiOm51bGx9
X-Fingerprint: 1115425446109118495.gOqkdn2jYMibfzcrdT7cCZJcTAs
Content-Length: 18
Origin: https://discordproxy.zavo.eu
DNT: 1
Connection: keep-alive
Referer: https://discordproxy.zavo.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Mon, 05 Jun 2023 23:42:30 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: https://discordproxy.zavo.eu
access-control-allow-credentials: true
access-control-allow-methods: POST, GET, PUT, PATCH, DELETE
access-control-allow-headers: Content-Type, Authorization, X-Audit-Log-Reason, X-Track, X-Super-Properties, X-Context-Properties, X-Failed-Requests, X-Fingerprint, X-RPC-Proxy, X-Discord-Locale, X-Discord-Timezone, X-Debug-Options, x-client-trace-id, If-None-Match, X-Captcha-Key, X-Captcha-Rqtoken, X-Discord-MFA-Authorization, Range, X-RateLimit-Precision
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2fxCjluyGVlQCxqf9JjvI43aicZhdiP2Mb7IPFNW2AC84GKvPqjVboLFk5PqDFAU6kocyiUFcClPGmH4O4qKX7JXioblPUJv08S2plXqVucIVrBzt2sjQ4rEV2bv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
set-cookie: __dcfduid=a2d8e82603fa11eebe684af019821b77; Expires=Sat, 03-Jun-2028 23:42:30 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/
__sdcfduid=a2d8e82603fa11eebe684af019821b77e85910f0023425e7ee20ec42b535b9bc9a338c294910d879a12aa0bab1715aec; Expires=Sat, 03-Jun-2028 23:42:30 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/
__cfruid=6dee195949d3b6cd639d90e4f04ad3cfe48b23b4-1686008550; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
content-security-policy: frame-ancestors 'none'; default-src 'none'
server: cloudflare
cf-ray: 7d2c45bf79b8b51d-OSL

discord.com/api/v9/science

162.159.137.232

200 OK

0 B

URL OPTIONS HTTP/2
discord.com/api/v9/science
IP
162.159.137.232:443
ASN
#13335 CLOUDFLARENET

Requested by
https://discordproxy.zavo.eu/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintA3:EA:27:1A:3D:E8:8C:05:5E:1C:C8:1D:59:0E:D2:F2:A1:76:4D:2E
ValiditySat, 19 Nov 2022 00:00:00 GMT - Sun, 19 Nov 2023 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /api/v9/science HTTP/1.1
Host: discord.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
X-Track: eyJvcyI6IkxpbnV4IiwiYnJvd3NlciI6IkZpcmVmb3giLCJkZXZpY2UiOiIiLCJzeXN0ZW1fbG9jYWxlIjoiZW4tVVMiLCJicm93c2VyX3VzZXJfYWdlbnQiOiJNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQ7IHJ2OjEwOS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzExMS4wIiwiYnJvd3Nlcl92ZXJzaW9uIjoiMTExLjAiLCJvc192ZXJzaW9uIjoiIiwicmVmZXJyZXIiOiIiLCJyZWZlcnJpbmdfZG9tYWluIjoiIiwicmVmZXJyZXJfY3VycmVudCI6IiIsInJlZmVycmluZ19kb21haW5fY3VycmVudCI6IiIsInJlbGVhc2VfY2hhbm5lbCI6InN0YWJsZSIsImNsaWVudF9idWlsZF9udW1iZXIiOjk5OTksImNsaWVudF9ldmVudF9zb3VyY2UiOm51bGx9
X-Fingerprint: 1115425446109118495.gOqkdn2jYMibfzcrdT7cCZJcTAs
Content-Length: 336
Origin: https://discordproxy.zavo.eu
DNT: 1
Connection: keep-alive
Referer: https://discordproxy.zavo.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Mon, 05 Jun 2023 23:42:30 GMT
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://discordproxy.zavo.eu
via: 1.1 google
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RzjdywaL1Y0l9gkhR8cJkS5G71YINPKhsergT%2BQcnTijpSmgsUN0ep44A2fXA5D7tq7PRsk2uAk0%2Blj0MZKSDZAWZ%2F4W6b6qXbQgoWRMDEEZq9cyXmW49zSZ%2FRQE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
set-cookie: __cfruid=6dee195949d3b6cd639d90e4f04ad3cfe48b23b4-1686008550; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
content-security-policy: frame-ancestors 'none'; default-src 'none'
server: cloudflare
cf-ray: 7d2c45c02a20b51d-OSL

discordproxy.zavo.eu/assets/bc835ffec1786d03072a.js

5.189.161.208

200 OK

79 kB

URL GET HTTP/1.1
discordproxy.zavo.eu/assets/bc835ffec1786d03072a.js
IP
5.189.161.208:443
ASN
#51167 Contabo GmbH

Requested by
https://discordproxy.zavo.eu/
Certificate
IssuerLet's Encrypt
Subjectdiscordproxy.zavo.eu
Fingerprint04:6A:2F:EE:57:1D:13:1C:32:B2:04:1C:62:15:73:98:8A:15:32:09
ValiditySun, 21 May 2023 19:03:07 GMT - Sat, 19 Aug 2023 19:03:06 GMT

File type
ASCII text, with very long lines (1000)
Size
79 kB (78782 bytes)
Hash
b7cbeafbf30bdfa4fd3cee11c3179520
b5fa229ad1c5e200ed2605784ebeeea883fb0e5c
4ed3b9d5d4d7485eec7f725b6545e975d2ed98f8b50417226470a2d800e1a091

Detections

Analyzer	Verdict	Alert
openphish	Discord

HTTP Headers

GET /assets/bc835ffec1786d03072a.js HTTP/1.1
Host: discordproxy.zavo.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://discordproxy.zavo.eu/
Cookie: __dcfduid=a140cd3003fa11eeb7e8cf3f5833ef74; __sdcfduid=a140cd3103fa11eeb7e8cf3f5833ef74a9b5cf02801626dfc084d52a96b7ccfd6b591fe1c4b6f0bbe7c775c016754186; locale=en-US
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Mon, 05 Jun 2023 23:42:30 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 7d2c45bf4a8d190f-FRA
CF-Cache-Status: HIT
Access-Control-Allow-Origin: https://discord.com
Cache-Control: public, max-age=2592000
ETag: W/"b7cbeafbf30bdfa4fd3cee11c3179520"
Last-Modified: Fri, 21 Apr 2023 22:46:49 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Vary: Origin, Accept-Encoding
Permissions-Policy: interest-cohort=()
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l73Zr85P%2B3rhjdurcsrXXPmyQdu141pz9cNeVjci6OTjsM8kZmm5MhxBkIFMQTwNRApsAoyAsBjhDWLM0%2BOI3mk8M5SZwlpolfy%2FHirLvUt1SuPBZv1sg3oyQwnN"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Set-Cookie: __cfruid=8584b4d45037327f108e948c5f962f892decf974-1686008550; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Content-Encoding: br
alt-svc: h3=":443"; ma=86400

discord.com/api/v9/experiments

162.159.137.232

200 OK

3.4 kB

URL GET HTTP/2
discord.com/api/v9/experiments
IP
162.159.137.232:443
ASN
#13335 CLOUDFLARENET

Requested by
https://discordproxy.zavo.eu/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintA3:EA:27:1A:3D:E8:8C:05:5E:1C:C8:1D:59:0E:D2:F2:A1:76:4D:2E
ValiditySat, 19 Nov 2022 00:00:00 GMT - Sun, 19 Nov 2023 23:59:59 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (3409), with no line terminators
Size
3.4 kB (3403 bytes)
Hash
ed1e197bd026b52302c031df2d7a3afd
dc63af82d2e3e2b385097a14710d060cf595f3f2
38ded87751992ab3044c9549535dcd359da2fc64135ba8bfb0426deabc3d25cd

HTTP Headers

GET /api/v9/experiments HTTP/1.1
Host: discord.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Track: eyJvcyI6IkxpbnV4IiwiYnJvd3NlciI6IkZpcmVmb3giLCJkZXZpY2UiOiIiLCJzeXN0ZW1fbG9jYWxlIjoiZW4tVVMiLCJicm93c2VyX3VzZXJfYWdlbnQiOiJNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQ7IHJ2OjEwOS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzExMS4wIiwiYnJvd3Nlcl92ZXJzaW9uIjoiMTExLjAiLCJvc192ZXJzaW9uIjoiIiwicmVmZXJyZXIiOiIiLCJyZWZlcnJpbmdfZG9tYWluIjoiIiwicmVmZXJyZXJfY3VycmVudCI6IiIsInJlZmVycmluZ19kb21haW5fY3VycmVudCI6IiIsInJlbGVhc2VfY2hhbm5lbCI6InN0YWJsZSIsImNsaWVudF9idWlsZF9udW1iZXIiOjk5OTksImNsaWVudF9ldmVudF9zb3VyY2UiOm51bGx9
Origin: https://discordproxy.zavo.eu
DNT: 1
Connection: keep-alive
Referer: https://discordproxy.zavo.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 05 Jun 2023 23:42:30 GMT
content-type: application/json
access-control-allow-origin: https://discordproxy.zavo.eu
access-control-allow-credentials: true
access-control-allow-methods: POST, GET, PUT, PATCH, DELETE
access-control-allow-headers: Content-Type, Authorization, X-Audit-Log-Reason, X-Track, X-Super-Properties, X-Context-Properties, X-Failed-Requests, X-Fingerprint, X-RPC-Proxy, X-Discord-Locale, X-Discord-Timezone, X-Debug-Options, x-client-trace-id, If-None-Match, X-Captcha-Key, X-Captcha-Rqtoken, X-Discord-MFA-Authorization, Range, X-RateLimit-Precision
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5POT0mFTbNJ9ANMDHW8zDfp%2FQUy%2BXmCS2F0hotlnbW9o2wsPPGI01TeZl8Wi74gljcZqgcA%2BHLgbfw%2BzE57GPrd9RmmravLebGojA9x2LGVwJC4GX27B8tOjG4ra"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
set-cookie: __dcfduid=a2a6a0fa03fa11ee9e3ce214c257f04e; Expires=Sat, 03-Jun-2028 23:42:30 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/
__sdcfduid=a2a6a0fa03fa11ee9e3ce214c257f04ecee354babfb0da481cc5530b7991285dcd5ef3f3cfa5d1c47dd1c61245659134; Expires=Sat, 03-Jun-2028 23:42:30 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/
__cfruid=6dee195949d3b6cd639d90e4f04ad3cfe48b23b4-1686008550; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
content-security-policy: frame-ancestors 'none'; default-src 'none'
server: cloudflare
cf-ray: 7d2c45bd5c62b4f3-OSL
content-encoding: br
X-Firefox-Spdy: h2

discordproxy.zavo.eu/assets/5dad45edaf34653f44ae.js

5.189.161.208

200 OK

10 kB

URL GET HTTP/1.1
discordproxy.zavo.eu/assets/5dad45edaf34653f44ae.js
IP
5.189.161.208:443
ASN
#51167 Contabo GmbH

Requested by
https://discordproxy.zavo.eu/
Certificate
IssuerLet's Encrypt
Subjectdiscordproxy.zavo.eu
Fingerprint04:6A:2F:EE:57:1D:13:1C:32:B2:04:1C:62:15:73:98:8A:15:32:09
ValiditySun, 21 May 2023 19:03:07 GMT - Sat, 19 Aug 2023 19:03:06 GMT

File type
ASCII text, with very long lines (997)
Size
10 kB (10453 bytes)
Hash
aa97b684457f812703bea85b6e80089b
c4c708d9a91aabfaea2b4ca9a373d536dc88c78c
2370e588945eb309259b38f5a71d27917210fdfa942b8b6c5ff8d3a1b7461e51

Detections

Analyzer	Verdict	Alert
openphish	Discord

HTTP Headers

GET /assets/5dad45edaf34653f44ae.js HTTP/1.1
Host: discordproxy.zavo.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://discordproxy.zavo.eu/
Cookie: __dcfduid=a140cd3003fa11eeb7e8cf3f5833ef74; __sdcfduid=a140cd3103fa11eeb7e8cf3f5833ef74a9b5cf02801626dfc084d52a96b7ccfd6b591fe1c4b6f0bbe7c775c016754186; locale=en-US
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Mon, 05 Jun 2023 23:42:30 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 7d2c45bf4a129bc5-FRA
CF-Cache-Status: HIT
Access-Control-Allow-Origin: https://discord.com
Cache-Control: public, max-age=2592000
ETag: W/"aa97b684457f812703bea85b6e80089b"
Last-Modified: Thu, 18 May 2023 17:24:28 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Vary: Origin, Accept-Encoding
Permissions-Policy: interest-cohort=()
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tHUQ2oZ5hMAOM3WUMKRRzGzqN%2BhWHKdCeRMOFYlPTsU3mdcjW4D8uWnDOTv1%2B6jxhXUo5NaDeVn50f7ljlGQcZBuR4MenW0CthUBxH6KkXeR7iKHs%2BfQc43R4hPV"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Set-Cookie: __cfruid=8584b4d45037327f108e948c5f962f892decf974-1686008550; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Content-Encoding: br
alt-svc: h3=":443"; ma=86400

discord.com/api/v9/experiments

162.159.137.232

200 OK

0 B

URL OPTIONS HTTP/2
discord.com/api/v9/experiments
IP
162.159.137.232:443
ASN
#13335 CLOUDFLARENET

Requested by
https://discordproxy.zavo.eu/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintA3:EA:27:1A:3D:E8:8C:05:5E:1C:C8:1D:59:0E:D2:F2:A1:76:4D:2E
ValiditySat, 19 Nov 2022 00:00:00 GMT - Sun, 19 Nov 2023 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /api/v9/experiments HTTP/1.1
Host: discord.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-track
Referer: https://discordproxy.zavo.eu/
Origin: https://discordproxy.zavo.eu
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 05 Jun 2023 23:42:29 GMT
content-type: text/html; charset=utf-8
allow: GET, OPTIONS, HEAD
access-control-allow-origin: https://discordproxy.zavo.eu
access-control-allow-credentials: true
access-control-allow-methods: POST, GET, PUT, PATCH, DELETE
access-control-allow-headers: Content-Type, Authorization, X-Audit-Log-Reason, X-Track, X-Super-Properties, X-Context-Properties, X-Failed-Requests, X-Fingerprint, X-RPC-Proxy, X-Discord-Locale, X-Discord-Timezone, X-Debug-Options, x-client-trace-id, If-None-Match, X-Captcha-Key, X-Captcha-Rqtoken, X-Discord-MFA-Authorization, Range, X-RateLimit-Precision
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Uz9qGnTERUUTSk1W18kTQT0%2FWaF0MQr4CizSsz6tMfaz8Z3wQ86PFZYqHYRIkqXxbbqiVtOAgYk2ibUrKWgVeLeA9rjE39%2FcUgUaKe1DA2FZhmbqbMm0SQosJSEE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
set-cookie: __dcfduid=a28f191c03fa11ee8a841a2edcecab9c; Expires=Sat, 03-Jun-2028 23:42:29 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/
__sdcfduid=a28f191c03fa11ee8a841a2edcecab9cdc014e1ccced80c0c7655b8001049bdb9c5cd1cf9274ba5149f14603285e243b; Expires=Sat, 03-Jun-2028 23:42:29 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/
__cfruid=b61274c1564be17188f098123c8c78781eff6010-1686008549; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
content-security-policy: frame-ancestors 'none'; default-src 'none'
server: cloudflare
cf-ray: 7d2c45bc7ba7b4f3-OSL
content-encoding: br
X-Firefox-Spdy: h2

geolocation.onetrust.com/cookieconsentpub/v1/geo/location

104.18.28.38

200 OK

72 B

URL GET HTTP/2
geolocation.onetrust.com/cookieconsentpub/v1/geo/location
IP
104.18.28.38:443
ASN
#13335 CLOUDFLARENET

Requested by
https://discordproxy.zavo.eu/
Certificate
IssuerCloudflare, Inc.
Subjectonetrust.com
Fingerprint9E:F3:57:7F:94:76:6C:42:96:83:B5:15:57:B4:17:C4:0A:90:F6:3D
ValidityTue, 13 Dec 2022 00:00:00 GMT - Wed, 13 Dec 2023 23:59:59 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
72 B (72 bytes)
Hash
adf75b99dbbf416c627dfc5de30f9ad1
699f3845f7dfb3fa9968c2117b44c3f3eb728fff
a0e4a8f457272bd17d07ae2e1e09731df6cc6fdc3ea9e32e713ef4a8a012fc27

HTTP Headers

GET /cookieconsentpub/v1/geo/location HTTP/1.1
Host: geolocation.onetrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://discordproxy.zavo.eu
DNT: 1
Connection: keep-alive
Referer: https://discordproxy.zavo.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 05 Jun 2023 23:42:28 GMT
content-type: application/json
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, OPTIONS
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7d2c45b6b828fabc-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (19)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML