Report - lookpapanohands.com/?b=104075265&ba=1&campid=102946102&did=714&dm=1&ep=1&g=IN&i18db=1&l=Q4MZSNiaIejU66V&oaid=b8918bb2587179123007fafdc4d0fc1e&rid={reverse_id|1224055}&s=918519197972045824&ssk=6decea7ef3f98e79fdbd3efb4eeed26b&svar=1740555560&vi=1&vo=1&z=7707380&tr=default&stest=bbfcb34816e7ea56691fda653ef87bc3

Report Overview

Visited public
2025-02-27 01:50:22
Tags
URL
lookpapanohands.com/?b=104075265&ba=1&campid=102946102&did=714&dm=1&ep=1&g=IN&i18db=1&l=Q4MZSNiaIejU66V&oaid=b8918bb2587179123007fafdc4d0fc1e&rid={reverse_id|1224055}&s=918519197972045824&ssk=6decea7ef3f98e79fdbd3efb4eeed26b&svar=1740555560&vi=1&vo=1&z=7707380&tr=default&stest=bbfcb34816e7ea56691fda653ef87bc3
Finishing URL
lookpapanohands.com/?b=104075265&ba=1&campid=102946102&did=714&dm=1&ep=1&g=IN&i18db=1&l=Q4MZSNiaIejU66V&oaid=b8918bb2587179123007fafdc4d0fc1e&rid={reverse_id|1224055}&s=918519197972045824&ssk=6decea7ef3f98e79fdbd3efb4eeed26b&svar=1740555560&vi=1&vo=1&z=7707380&tr=default&stest=bbfcb34816e7ea56691fda653ef87bc3#
IP / ASN
172.67.189.13
#13335 CLOUDFLARENET
Title
Video Live Chat & Meet

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
veryfastcdn.com	unknown	2025-02-17	2025-02-20	2025-02-20	6.3 kB	761 kB	172.67.163.86
lookpapanohands.com	unknown	2024-08-01	2024-08-01	2025-02-01	1.3 kB	26 kB	172.67.189.13

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-02-27	medium	veryfastcdn.com	Sinkholed
2025-02-27	medium	veryfastcdn.com	Sinkholed
2025-02-27	medium	veryfastcdn.com	Sinkholed
2025-02-27	medium	veryfastcdn.com	Sinkholed
2025-02-27	medium	veryfastcdn.com	Sinkholed
2025-02-27	medium	veryfastcdn.com	Sinkholed
2025-02-27	medium	veryfastcdn.com	Sinkholed
2025-02-27	medium	veryfastcdn.com	Sinkholed
2025-02-27	medium	veryfastcdn.com	Sinkholed
2025-02-27	medium	veryfastcdn.com	Sinkholed
2025-02-27	medium	veryfastcdn.com	Sinkholed
2025-02-27	medium	veryfastcdn.com	Sinkholed
2025-02-27	medium	veryfastcdn.com	Sinkholed
2025-02-27	medium	veryfastcdn.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (1)

	URL	From	Size	First Seen	Last Seen
	lookpapanohands.com/?b=104075265&ba=1&campid=102946102&did=714&dm=1&ep=1&g=IN&i18db=1&l=Q4MZSNiaIejU66V&oaid=b8918bb2587179123007fafdc4d0fc1e&rid={reverse_id\|1224055}&s=918519197972045824&ssk=6decea7ef3f98e79fdbd3efb4eeed26b&svar=1740555560&vi=1&vo=1&z=7707380&tr=default&stest=bbfcb34816e7ea56691fda653ef87bc3	ScriptElement	1.5 kB	2025-02-27	2025-02-27
Pretty URL lookpapanohands.com/?b=104075265&ba=1&campid=102946102&did=714&dm=1&ep=1&g=IN&i18db=1&l=Q4MZSNiaIejU66V&oaid=b8918bb2587179123007fafdc4d0fc1e&rid={reverse_id\|1224055}&s=918519197972045824&ssk=6decea7ef3f98e79fdbd3efb4eeed26b&svar=1740555560&vi=1&vo=1&z=7707380&tr=default&stest=bbfcb34816e7ea56691fda653ef87bc3 IP 172.67.189.13 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-02-27 01:50 Last Seen2025-02-27 01:50 Times Seen1 Hash 63f07cff6b12b1568d4d06cdfca23e2d 293d8f6292ed4261078f45f93884c4c8fefb842e 86e6050414789f530c6030a18bc7f38b3f7bf78cfff7d52ce8f7cc40e28ccf85 Loading...

HTTP Transactions (16)

URL IP Response Size

veryfastcdn.com/clickadu/templates/mobileSchema/tt/img/india/7.jpg

172.67.163.86

200 OK

19 kB

URL GET HTTP/2
veryfastcdn.com/clickadu/templates/mobileSchema/tt/img/india/7.jpg
IP
172.67.163.86:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lookpapanohands.com/?b=104075265&ba=1&campid=102946102&did=714&dm=1&ep=1&g=IN&i18db=1&l=Q4MZSNiaIejU66V&oaid=b8918bb2587179123007fafdc4d0fc1e&rid={reverse_id|1224055}&s=918519197972045824&ssk=6decea7ef3f98e79fdbd3efb4eeed26b&svar=1740555560&vi=1&vo=1&z=7707380&tr=default&stest=bbfcb34816e7ea56691fda653ef87bc3
Certificate
IssuerGoogle Trust Services
Subjectveryfastcdn.com
FingerprintF9:71:36:AF:1A:7F:C3:70:1A:FB:5F:92:7F:FA:39:7F:85:DA:A1:E7
ValidityMon, 17 Feb 2025 11:46:54 GMT - Sun, 18 May 2025 12:42:50 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 214x380, components 3
Size
19 kB (18697 bytes)
Hash
4ea9daf01766f39cfc41af9389608d4f
d7dd56ec4e35113aeaf00fb82af1f6c47a9b9107
be4b7d253fb9dd66c63661a6b82778721db884c5645ee25fd8c50970e61217ba

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /clickadu/templates/mobileSchema/tt/img/india/7.jpg HTTP/1.1
Host: veryfastcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 27 Feb 2025 01:49:51 GMT
content-type: image/jpeg
content-length: 18697
last-modified: Tue, 25 Feb 2025 14:59:18 GMT
vary: Accept-Encoding
etag: "67bddac6-4909"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
age: 1195
cache-control: max-age=14400
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5tfP0mG1HP7XIEUKpQ1eIIkJ42VunfLhh6O%2BSj%2FPDh2MGYSOWPL9%2FroP%2BRxhSryILS0umgICT8Z%2BdhY4JOEgT1uFAufk1NzNB0ByRdz7HomJNFO%2FaKc5K%2Bsb4z8iwt9rRp8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 9184854f2fe75685-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=568&min_rtt=415&rtt_var=321&sent=11&recv=23&lost=0&retrans=0&sent_bytes=3212&recv_bytes=2342&delivery_rate=8337811&cwnd=254&unsent_bytes=0&cid=43f2fd6206f4bf56&ts=60&x=0"
X-Firefox-Spdy: h2

veryfastcdn.com/clickadu/templates/mobileSchema/tt/img/india/8.jpg

172.67.163.86

200 OK

18 kB

URL GET HTTP/2
veryfastcdn.com/clickadu/templates/mobileSchema/tt/img/india/8.jpg
IP
172.67.163.86:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lookpapanohands.com/?b=104075265&ba=1&campid=102946102&did=714&dm=1&ep=1&g=IN&i18db=1&l=Q4MZSNiaIejU66V&oaid=b8918bb2587179123007fafdc4d0fc1e&rid={reverse_id|1224055}&s=918519197972045824&ssk=6decea7ef3f98e79fdbd3efb4eeed26b&svar=1740555560&vi=1&vo=1&z=7707380&tr=default&stest=bbfcb34816e7ea56691fda653ef87bc3
Certificate
IssuerGoogle Trust Services
Subjectveryfastcdn.com
FingerprintF9:71:36:AF:1A:7F:C3:70:1A:FB:5F:92:7F:FA:39:7F:85:DA:A1:E7
ValidityMon, 17 Feb 2025 11:46:54 GMT - Sun, 18 May 2025 12:42:50 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 214x380, components 3
Size
18 kB (17764 bytes)
Hash
fa2529799a89ab7a73a2c30321c7e94f
297faaabd7c47ea64bef1d90a19fd139270aa758
576bf56c30f2ad8818ca14ab530055c7d0b24788a841eb457061808566948068

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /clickadu/templates/mobileSchema/tt/img/india/8.jpg HTTP/1.1
Host: veryfastcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 27 Feb 2025 01:49:51 GMT
content-type: image/jpeg
content-length: 17764
last-modified: Tue, 25 Feb 2025 14:59:18 GMT
vary: Accept-Encoding
etag: "67bddac6-4564"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=14400
cf-cache-status: HIT
age: 1195
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8aMkVQFh9tjZtSGWcubA75eT3hX7nPT9zQ798JrPg2d2aeI4CWTW%2FEA13qYXTGzFYOBG29rdoYrP8MERwaWHDTShOa2UgZo8La3zDVGFH6ydQkBhz2lU4cAa1nfDtnb6nZE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 9184854f2fe85685-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=568&min_rtt=415&rtt_var=321&sent=27&recv=23&lost=0&retrans=0&sent_bytes=23658&recv_bytes=2342&delivery_rate=8337811&cwnd=254&unsent_bytes=0&cid=43f2fd6206f4bf56&ts=61&x=0"
X-Firefox-Spdy: h2

veryfastcdn.com/clickadu/templates/mobileSchema/tt/img/india/4.jpg

172.67.163.86

200 OK

17 kB

URL GET HTTP/2
veryfastcdn.com/clickadu/templates/mobileSchema/tt/img/india/4.jpg
IP
172.67.163.86:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lookpapanohands.com/?b=104075265&ba=1&campid=102946102&did=714&dm=1&ep=1&g=IN&i18db=1&l=Q4MZSNiaIejU66V&oaid=b8918bb2587179123007fafdc4d0fc1e&rid={reverse_id|1224055}&s=918519197972045824&ssk=6decea7ef3f98e79fdbd3efb4eeed26b&svar=1740555560&vi=1&vo=1&z=7707380&tr=default&stest=bbfcb34816e7ea56691fda653ef87bc3
Certificate
IssuerGoogle Trust Services
Subjectveryfastcdn.com
FingerprintF9:71:36:AF:1A:7F:C3:70:1A:FB:5F:92:7F:FA:39:7F:85:DA:A1:E7
ValidityMon, 17 Feb 2025 11:46:54 GMT - Sun, 18 May 2025 12:42:50 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 214x380, components 3
Size
17 kB (16616 bytes)
Hash
1c8a9003305117514be2e1f749126aa4
ef6e8f3c845b04748db803417a5dcdec3c3c3fb4
0b4042c6147ee47baab2c29cd813068c5cd0251a267be2d8b45d346daf277664

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /clickadu/templates/mobileSchema/tt/img/india/4.jpg HTTP/1.1
Host: veryfastcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 27 Feb 2025 01:49:51 GMT
content-type: image/jpeg
content-length: 16616
last-modified: Tue, 25 Feb 2025 14:59:18 GMT
vary: Accept-Encoding
etag: "67bddac6-40e8"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
age: 1195
cache-control: max-age=14400
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S%2BC3B5kOiCNEmCNLBlYarbARvc5eC85Cx2q0vXnegyqnZyj9QJ4QdoENMKrB9UgLh573t6gmvKBWiLiQpAQwZH6bfvVlDlpLc2PGSX1Wp2T4JYFv3NxpBFlXDGuY%2FTGxIxw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 9184854f2fe95685-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=568&min_rtt=415&rtt_var=321&sent=26&recv=23&lost=0&retrans=0&sent_bytes=23211&recv_bytes=2342&delivery_rate=8337811&cwnd=254&unsent_bytes=0&cid=43f2fd6206f4bf56&ts=61&x=0"
X-Firefox-Spdy: h2

veryfastcdn.com/clickadu/templates/mobileSchema/tt/img/india/3.jpg

172.67.163.86

200 OK

19 kB

URL GET HTTP/2
veryfastcdn.com/clickadu/templates/mobileSchema/tt/img/india/3.jpg
IP
172.67.163.86:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lookpapanohands.com/?b=104075265&ba=1&campid=102946102&did=714&dm=1&ep=1&g=IN&i18db=1&l=Q4MZSNiaIejU66V&oaid=b8918bb2587179123007fafdc4d0fc1e&rid={reverse_id|1224055}&s=918519197972045824&ssk=6decea7ef3f98e79fdbd3efb4eeed26b&svar=1740555560&vi=1&vo=1&z=7707380&tr=default&stest=bbfcb34816e7ea56691fda653ef87bc3
Certificate
IssuerGoogle Trust Services
Subjectveryfastcdn.com
FingerprintF9:71:36:AF:1A:7F:C3:70:1A:FB:5F:92:7F:FA:39:7F:85:DA:A1:E7
ValidityMon, 17 Feb 2025 11:46:54 GMT - Sun, 18 May 2025 12:42:50 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 214x380, components 3
Size
19 kB (19384 bytes)
Hash
bc23d38a78b7505b075e343cf5daa8fc
f7683dd94729554791e8a1096eb9f70dae8ad189
128e6c5bd76e1c7cac31ebaaeaa803ef06070e2773bafde7cbf31422e0434a9c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /clickadu/templates/mobileSchema/tt/img/india/3.jpg HTTP/1.1
Host: veryfastcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 27 Feb 2025 01:49:51 GMT
content-type: image/jpeg
content-length: 19384
last-modified: Tue, 25 Feb 2025 14:59:18 GMT
vary: Accept-Encoding
etag: "67bddac6-4bb8"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=14400
cf-cache-status: HIT
age: 1195
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UeyA8lVNAtC8ss%2FY2%2FZUvq%2For0R3CwMnnsgIbPABRaIYi%2F0muh1qp3NmsBmZvDW50Qn%2F7nNWNwjjkB6teDzmSnM5845vOzXA3GAoN%2FxF3MaLD1YirDAe9jglMIzfCTiYxbk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 9184854f2fe65685-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=568&min_rtt=415&rtt_var=321&sent=44&recv=23&lost=0&retrans=0&sent_bytes=46382&recv_bytes=2342&delivery_rate=8337811&cwnd=254&unsent_bytes=12699&cid=43f2fd6206f4bf56&ts=61&x=0"
X-Firefox-Spdy: h2

lookpapanohands.com/?b=104075265&ba=1&campid=102946102&did=714&dm=1&ep=1&g=IN&i18db=1&l=Q4MZSNiaIejU66V&oaid=b8918bb2587179123007fafdc4d0fc1e&rid={reverse_id|1224055}&s=918519197972045824&ssk=6decea7ef3f98e79fdbd3efb4eeed26b&svar=1740555560&vi=1&vo=1&z=7707380&tr=default&stest=bbfcb34816e7ea56691fda653ef87bc3

172.67.189.13

200 OK

24 kB

URL User Request GET HTTP/2
lookpapanohands.com/?b=104075265&ba=1&campid=102946102&did=714&dm=1&ep=1&g=IN&i18db=1&l=Q4MZSNiaIejU66V&oaid=b8918bb2587179123007fafdc4d0fc1e&rid={reverse_id|1224055}&s=918519197972045824&ssk=6decea7ef3f98e79fdbd3efb4eeed26b&svar=1740555560&vi=1&vo=1&z=7707380&tr=default&stest=bbfcb34816e7ea56691fda653ef87bc3
IP
172.67.189.13:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectlookpapanohands.com
FingerprintD4:C7:E4:D6:46:9D:F1:54:14:6F:3E:76:F4:B6:CB:B9:C0:B6:A1:D6
ValiditySat, 25 Jan 2025 06:34:13 GMT - Fri, 25 Apr 2025 07:31:52 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (1954), with CRLF, LF line terminators
Size
24 kB (23833 bytes)
Hash
0f158fa1bfefe057e14f4d826e0ec9fe
9fb01771976d817ddf7ed1c5a0e8a09fb141ede9
c643db4dba80612ce1722f6dd20a07a8d4c47966182d586b54b6ce206e493c2f

HTTP Headers

GET /?b=104075265&ba=1&campid=102946102&did=714&dm=1&ep=1&g=IN&i18db=1&l=Q4MZSNiaIejU66V&oaid=b8918bb2587179123007fafdc4d0fc1e&rid={reverse_id|1224055}&s=918519197972045824&ssk=6decea7ef3f98e79fdbd3efb4eeed26b&svar=1740555560&vi=1&vo=1&z=7707380&tr=default&stest=bbfcb34816e7ea56691fda653ef87bc3 HTTP/1.1
Host: lookpapanohands.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 27 Feb 2025 01:49:51 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cf-cache-status: DYNAMIC
content-encoding: br
set-cookie: reverse=z8qk18vFkC3aiGRRbawcli9KkIgfiWdEoQxcEpYAafg; Path=/; Max-Age=3600; Expires=Thu, 27 Feb 2025 02:49:51 GMT
OAID=b8918bb2587179123007fafdc4d0fc1e; Path=/; Max-Age=1772156991; Expires=Fri, 25 Apr 2081 03:39:42 GMT
oaidts=1740620991; Path=/; Max-Age=1772156991; Expires=Fri, 25 Apr 2081 03:39:42 GMT
syncedCookie=deleted; Path=/; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:01 GMT
cf-ray: 9184854c1ec3b523-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

veryfastcdn.com/clickadu/templates/mobileSchema/tt/img/india/9.jpg

172.67.163.86

200 OK

16 kB

URL GET HTTP/2
veryfastcdn.com/clickadu/templates/mobileSchema/tt/img/india/9.jpg
IP
172.67.163.86:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lookpapanohands.com/?b=104075265&ba=1&campid=102946102&did=714&dm=1&ep=1&g=IN&i18db=1&l=Q4MZSNiaIejU66V&oaid=b8918bb2587179123007fafdc4d0fc1e&rid={reverse_id|1224055}&s=918519197972045824&ssk=6decea7ef3f98e79fdbd3efb4eeed26b&svar=1740555560&vi=1&vo=1&z=7707380&tr=default&stest=bbfcb34816e7ea56691fda653ef87bc3
Certificate
IssuerGoogle Trust Services
Subjectveryfastcdn.com
FingerprintF9:71:36:AF:1A:7F:C3:70:1A:FB:5F:92:7F:FA:39:7F:85:DA:A1:E7
ValidityMon, 17 Feb 2025 11:46:54 GMT - Sun, 18 May 2025 12:42:50 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 214x380, components 3
Size
16 kB (15965 bytes)
Hash
972b6cb737ce106684dd1b99045d4a27
732af24c940749a6e0c1a00158dfe8a0f7d89127
231f05026000b0ef2c3dda1c4aeced320766cc086e040c063b50060189692ea1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /clickadu/templates/mobileSchema/tt/img/india/9.jpg HTTP/1.1
Host: veryfastcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 27 Feb 2025 01:49:51 GMT
content-type: image/jpeg
content-length: 15965
last-modified: Tue, 25 Feb 2025 14:59:18 GMT
vary: Accept-Encoding
etag: "67bddac6-3e5d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
age: 1195
cache-control: max-age=14400
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q3tjQnEM4GpzXQ2zNJGLn8niVoWYaNk5OfYMqJktfbS9E60%2F1mxNgcvGvf8kMCknLaCvOS4dKYdkz%2BpIudgXi9GDfSNb9NIjK8aIvGiEqGhglyanSeKLczMksEgw2n2tzXk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 9184854f2ff05685-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=702&min_rtt=415&rtt_var=371&sent=68&recv=26&lost=0&retrans=0&sent_bytes=78988&recv_bytes=2443&delivery_rate=35624807&cwnd=254&unsent_bytes=18491&cid=43f2fd6206f4bf56&ts=63&x=0"
X-Firefox-Spdy: h2

veryfastcdn.com/clickadu/templates/mobileSchema/tt/img/india/5.jpg

172.67.163.86

200 OK

19 kB

URL GET HTTP/2
veryfastcdn.com/clickadu/templates/mobileSchema/tt/img/india/5.jpg
IP
172.67.163.86:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lookpapanohands.com/?b=104075265&ba=1&campid=102946102&did=714&dm=1&ep=1&g=IN&i18db=1&l=Q4MZSNiaIejU66V&oaid=b8918bb2587179123007fafdc4d0fc1e&rid={reverse_id|1224055}&s=918519197972045824&ssk=6decea7ef3f98e79fdbd3efb4eeed26b&svar=1740555560&vi=1&vo=1&z=7707380&tr=default&stest=bbfcb34816e7ea56691fda653ef87bc3
Certificate
IssuerGoogle Trust Services
Subjectveryfastcdn.com
FingerprintF9:71:36:AF:1A:7F:C3:70:1A:FB:5F:92:7F:FA:39:7F:85:DA:A1:E7
ValidityMon, 17 Feb 2025 11:46:54 GMT - Sun, 18 May 2025 12:42:50 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 214x380, components 3
Size
19 kB (18983 bytes)
Hash
9384ffd7dfb9124998fc8a8161c70fd0
72a1e82e2042023d17c8e234c9483f17fc827997
112a111934ac6840269ba4b5172858a9f7cbf5cce72a295f73f9bab96b441863

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /clickadu/templates/mobileSchema/tt/img/india/5.jpg HTTP/1.1
Host: veryfastcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 27 Feb 2025 01:49:51 GMT
content-type: image/jpeg
content-length: 18983
last-modified: Tue, 25 Feb 2025 14:59:18 GMT
vary: Accept-Encoding
etag: "67bddac6-4a27"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=14400
cf-cache-status: HIT
age: 1195
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cmX08HD8IiFxvq9Vy0aftEbBrVgVA0Fdcz1p8JUQ08Xa50RH1KesQKJStn6l0IaqAClAheo%2Bdn3QHZ0iXaNvx2Ym%2BABl1f41TsJp5j2ouYyZNr1RQlojB3QXmRkHxAx8Rjo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 9184854f2fed5685-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=703&min_rtt=415&rtt_var=311&sent=79&recv=30&lost=0&retrans=0&sent_bytes=93660&recv_bytes=2443&delivery_rate=14809090&cwnd=254&unsent_bytes=17184&cid=43f2fd6206f4bf56&ts=64&x=0"
X-Firefox-Spdy: h2

veryfastcdn.com/clickadu/templates/mobileSchema/tt/img/india/10.jpg

172.67.163.86

200 OK

19 kB

URL GET HTTP/2
veryfastcdn.com/clickadu/templates/mobileSchema/tt/img/india/10.jpg
IP
172.67.163.86:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lookpapanohands.com/?b=104075265&ba=1&campid=102946102&did=714&dm=1&ep=1&g=IN&i18db=1&l=Q4MZSNiaIejU66V&oaid=b8918bb2587179123007fafdc4d0fc1e&rid={reverse_id|1224055}&s=918519197972045824&ssk=6decea7ef3f98e79fdbd3efb4eeed26b&svar=1740555560&vi=1&vo=1&z=7707380&tr=default&stest=bbfcb34816e7ea56691fda653ef87bc3
Certificate
IssuerGoogle Trust Services
Subjectveryfastcdn.com
FingerprintF9:71:36:AF:1A:7F:C3:70:1A:FB:5F:92:7F:FA:39:7F:85:DA:A1:E7
ValidityMon, 17 Feb 2025 11:46:54 GMT - Sun, 18 May 2025 12:42:50 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 214x380, components 3
Size
19 kB (18566 bytes)
Hash
0a673c87fd3380ca7adc1c6e249bc805
35b42bf528b2acd604c24b137b2b628951e2f3b6
6b452401fb4095909d22f4ae676f2ded1837d19d110f454869c6835bd572ab3a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /clickadu/templates/mobileSchema/tt/img/india/10.jpg HTTP/1.1
Host: veryfastcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 27 Feb 2025 01:49:51 GMT
content-type: image/jpeg
content-length: 18566
last-modified: Tue, 25 Feb 2025 14:59:18 GMT
vary: Accept-Encoding
etag: "67bddac6-4886"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=14400
cf-cache-status: HIT
age: 1195
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3Na1w3OuZ2V8POLx7a4t%2FYlJrXI52femVf72ksTWjzarRmGnNAGrVJOX8K21YtgLwpaZ%2Fgzga3vf6ESYE82aPkHSCrZNvCjH08MdzCVUJ%2BOW33cGR7tEdFWSIpxE%2BegjAnU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 9184854f2ff15685-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=681&min_rtt=415&rtt_var=277&sent=79&recv=31&lost=0&retrans=0&sent_bytes=93660&recv_bytes=2443&delivery_rate=14809090&cwnd=254&unsent_bytes=17184&cid=43f2fd6206f4bf56&ts=64&x=0"
X-Firefox-Spdy: h2

veryfastcdn.com/clickadu/templates/mobileSchema/tt/img/india/11.jpg

172.67.163.86

200 OK

18 kB

URL GET HTTP/2
veryfastcdn.com/clickadu/templates/mobileSchema/tt/img/india/11.jpg
IP
172.67.163.86:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lookpapanohands.com/?b=104075265&ba=1&campid=102946102&did=714&dm=1&ep=1&g=IN&i18db=1&l=Q4MZSNiaIejU66V&oaid=b8918bb2587179123007fafdc4d0fc1e&rid={reverse_id|1224055}&s=918519197972045824&ssk=6decea7ef3f98e79fdbd3efb4eeed26b&svar=1740555560&vi=1&vo=1&z=7707380&tr=default&stest=bbfcb34816e7ea56691fda653ef87bc3
Certificate
IssuerGoogle Trust Services
Subjectveryfastcdn.com
FingerprintF9:71:36:AF:1A:7F:C3:70:1A:FB:5F:92:7F:FA:39:7F:85:DA:A1:E7
ValidityMon, 17 Feb 2025 11:46:54 GMT - Sun, 18 May 2025 12:42:50 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 214x380, components 3
Size
18 kB (18019 bytes)
Hash
4665b7129d7255d0f6efd5cca5c85073
dc64b55b4a207cd4d52c157faa7b1d33bc820676
973f5679f55af240a659bed4ad9973f315469ab2000b25e1f172db38769d0217

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /clickadu/templates/mobileSchema/tt/img/india/11.jpg HTTP/1.1
Host: veryfastcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 27 Feb 2025 01:49:51 GMT
content-type: image/jpeg
content-length: 18019
last-modified: Tue, 25 Feb 2025 14:59:18 GMT
vary: Accept-Encoding
etag: "67bddac6-4663"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=14400
cf-cache-status: HIT
age: 1195
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bbH6HlXn7nad4zmCOLMtEKaCZkOEPfQZ8FFxZ4e4AGcEdHKh8nw50lXPnLDGk3CX4glYM4qnroNIGIp%2FLXMx9hKCs3TEeY1%2BdF4WF0kkb0k2crLkwaiPABRn87KJYQ9sEXQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 9184854f3ff35685-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=713&min_rtt=415&rtt_var=272&sent=79&recv=32&lost=0&retrans=0&sent_bytes=93660&recv_bytes=2443&delivery_rate=18226573&cwnd=254&unsent_bytes=17184&cid=43f2fd6206f4bf56&ts=65&x=0"
X-Firefox-Spdy: h2

veryfastcdn.com/clickadu/templates/mobileSchema/tt/img/india/12.jpg

172.67.163.86

200 OK

16 kB

URL GET HTTP/2
veryfastcdn.com/clickadu/templates/mobileSchema/tt/img/india/12.jpg
IP
172.67.163.86:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lookpapanohands.com/?b=104075265&ba=1&campid=102946102&did=714&dm=1&ep=1&g=IN&i18db=1&l=Q4MZSNiaIejU66V&oaid=b8918bb2587179123007fafdc4d0fc1e&rid={reverse_id|1224055}&s=918519197972045824&ssk=6decea7ef3f98e79fdbd3efb4eeed26b&svar=1740555560&vi=1&vo=1&z=7707380&tr=default&stest=bbfcb34816e7ea56691fda653ef87bc3
Certificate
IssuerGoogle Trust Services
Subjectveryfastcdn.com
FingerprintF9:71:36:AF:1A:7F:C3:70:1A:FB:5F:92:7F:FA:39:7F:85:DA:A1:E7
ValidityMon, 17 Feb 2025 11:46:54 GMT - Sun, 18 May 2025 12:42:50 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 214x380, components 3
Size
16 kB (15923 bytes)
Hash
61bfc07a713a7cf98e010bd0cc6b5fc2
eb92290d2ec3affac94f168c89de23ed2110a9ef
5ff7ca08d4405d2af102a2e20657839cf843ec102ccf16598d86e9680603a802

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /clickadu/templates/mobileSchema/tt/img/india/12.jpg HTTP/1.1
Host: veryfastcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 27 Feb 2025 01:49:51 GMT
content-type: image/jpeg
content-length: 15923
last-modified: Tue, 25 Feb 2025 14:59:18 GMT
vary: Accept-Encoding
etag: "67bddac6-3e33"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=14400
cf-cache-status: HIT
age: 1195
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Up%2BBZmrY%2FN4cbeaP2Q6NAgtMkzH7iIU0w3%2BxPUmOipZsSIPpOMZWzJfd36SmGt0Sw5s55flDlkXd608p8SMHkHZPlBdC2ZCZNwbXM7eoCHC2h7HV8YMuGckR%2F79%2Bt1A08%2Bg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 9184854f3ff55685-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=681&min_rtt=415&rtt_var=267&sent=93&recv=35&lost=0&retrans=0&sent_bytes=111142&recv_bytes=2443&delivery_rate=6309368&cwnd=254&unsent_bytes=31856&cid=43f2fd6206f4bf56&ts=66&x=0"
X-Firefox-Spdy: h2

veryfastcdn.com/clickadu/templates/mobileSchema/tt/img/india/6.jpg

172.67.163.86

200 OK

17 kB

URL GET HTTP/2
veryfastcdn.com/clickadu/templates/mobileSchema/tt/img/india/6.jpg
IP
172.67.163.86:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lookpapanohands.com/?b=104075265&ba=1&campid=102946102&did=714&dm=1&ep=1&g=IN&i18db=1&l=Q4MZSNiaIejU66V&oaid=b8918bb2587179123007fafdc4d0fc1e&rid={reverse_id|1224055}&s=918519197972045824&ssk=6decea7ef3f98e79fdbd3efb4eeed26b&svar=1740555560&vi=1&vo=1&z=7707380&tr=default&stest=bbfcb34816e7ea56691fda653ef87bc3
Certificate
IssuerGoogle Trust Services
Subjectveryfastcdn.com
FingerprintF9:71:36:AF:1A:7F:C3:70:1A:FB:5F:92:7F:FA:39:7F:85:DA:A1:E7
ValidityMon, 17 Feb 2025 11:46:54 GMT - Sun, 18 May 2025 12:42:50 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 214x380, components 3
Size
17 kB (17169 bytes)
Hash
3f5c5210d3b27118bd9c74097c49cc46
bd0f61e3a6a411853673a45f1a944a56c3dba701
412390a145b374b3ac8969e644bdf590776b1c28b94e39e3ed9021fc729b701a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /clickadu/templates/mobileSchema/tt/img/india/6.jpg HTTP/1.1
Host: veryfastcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 27 Feb 2025 01:49:51 GMT
content-type: image/jpeg
content-length: 17169
last-modified: Tue, 25 Feb 2025 14:59:18 GMT
vary: Accept-Encoding
etag: "67bddac6-4311"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=14400
cf-cache-status: HIT
age: 1195
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ruU8fYRny7XeL7%2FameBnv3ypmRjPqLXQAM1b0CRmvqjKJadDtwu1zpjBs7YeS%2BRturQG1%2FW5DufknbQWj967Ig8iEUOImqL3KYMcz%2FFy69YBIEIFsKO6h0NzDXxkwVp5RJA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 9184854f3ff65685-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=875&min_rtt=415&rtt_var=655&sent=125&recv=38&lost=0&retrans=0&sent_bytes=155374&recv_bytes=2443&delivery_rate=14003868&cwnd=138&unsent_bytes=16936&cid=43f2fd6206f4bf56&ts=70&x=0"
X-Firefox-Spdy: h2

veryfastcdn.com/clickadu/templates/mobileSchema/tt/img/india/1.jpg

172.67.163.86

200 OK

18 kB

URL GET HTTP/2
veryfastcdn.com/clickadu/templates/mobileSchema/tt/img/india/1.jpg
IP
172.67.163.86:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lookpapanohands.com/?b=104075265&ba=1&campid=102946102&did=714&dm=1&ep=1&g=IN&i18db=1&l=Q4MZSNiaIejU66V&oaid=b8918bb2587179123007fafdc4d0fc1e&rid={reverse_id|1224055}&s=918519197972045824&ssk=6decea7ef3f98e79fdbd3efb4eeed26b&svar=1740555560&vi=1&vo=1&z=7707380&tr=default&stest=bbfcb34816e7ea56691fda653ef87bc3
Certificate
IssuerGoogle Trust Services
Subjectveryfastcdn.com
FingerprintF9:71:36:AF:1A:7F:C3:70:1A:FB:5F:92:7F:FA:39:7F:85:DA:A1:E7
ValidityMon, 17 Feb 2025 11:46:54 GMT - Sun, 18 May 2025 12:42:50 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 214x380, components 3
Size
18 kB (17478 bytes)
Hash
4533c3ff6f947d1ee4fe0ce6e7ee41bd
461097f3c9eae20c14e4a670d8974d19a24be4c1
ad1c1dd180c66defc8e3ce76b9e2b105b462e3006cb82e3b3d8d5deaf20d6884

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /clickadu/templates/mobileSchema/tt/img/india/1.jpg HTTP/1.1
Host: veryfastcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 27 Feb 2025 01:49:51 GMT
content-type: image/jpeg
content-length: 17478
last-modified: Tue, 25 Feb 2025 14:59:18 GMT
vary: Accept-Encoding
etag: "67bddac6-4446"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=14400
cf-cache-status: HIT
age: 1195
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B%2Btc4Wn3HLBPhjm4HUEQOAcbs0KL%2B7ynvVDq7%2Bitca0xCvMBVImR319viKXNTxSglxsmGAAslQzRG1QWzmp4wGM1E2OOObh%2FGYaImfYUfCWPdJSp47O%2BTc5QHRChPgujUIg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 9184854f3ff85685-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=875&min_rtt=415&rtt_var=655&sent=125&recv=38&lost=0&retrans=0&sent_bytes=155374&recv_bytes=2443&delivery_rate=14003868&cwnd=138&unsent_bytes=16936&cid=43f2fd6206f4bf56&ts=71&x=0"
X-Firefox-Spdy: h2

veryfastcdn.com/clickadu/contents/s/08/00/9a/633aa6f03dd7e7be84a8878cb3/01040348843858.gif

172.67.163.86

200 OK

513 kB

URL GET HTTP/2
veryfastcdn.com/clickadu/contents/s/08/00/9a/633aa6f03dd7e7be84a8878cb3/01040348843858.gif
IP
172.67.163.86:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lookpapanohands.com/?b=104075265&ba=1&campid=102946102&did=714&dm=1&ep=1&g=IN&i18db=1&l=Q4MZSNiaIejU66V&oaid=b8918bb2587179123007fafdc4d0fc1e&rid={reverse_id|1224055}&s=918519197972045824&ssk=6decea7ef3f98e79fdbd3efb4eeed26b&svar=1740555560&vi=1&vo=1&z=7707380&tr=default&stest=bbfcb34816e7ea56691fda653ef87bc3
Certificate
IssuerGoogle Trust Services
Subjectveryfastcdn.com
FingerprintF9:71:36:AF:1A:7F:C3:70:1A:FB:5F:92:7F:FA:39:7F:85:DA:A1:E7
ValidityMon, 17 Feb 2025 11:46:54 GMT - Sun, 18 May 2025 12:42:50 GMT

File type
GIF image data, version 89a, 192 x 192
Size
513 kB (513199 bytes)
Hash
08009a633aa6f03dd7e7be84a8878cb3
c0b34cdf527cc1c7b823c409227bae4a6a7bd443
5cb232dfb1e7f0b142b15ad79a94ee3e3de2b65f628405643605d5c0987ce312

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /clickadu/contents/s/08/00/9a/633aa6f03dd7e7be84a8878cb3/01040348843858.gif HTTP/1.1
Host: veryfastcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 27 Feb 2025 01:49:51 GMT
content-type: image/gif
content-length: 513199
last-modified: Wed, 21 Jun 2023 11:03:27 GMT
vary: Accept-Encoding
etag: "6492d8ff-7d4af"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VTwK53hy5i3wspZjZfW25s%2FHSpv%2BgOn%2BtlaQUO5BwVgGPaa6HjpTIQOW%2FJBYrx9L%2FV0DnxoICj3bdqaKkq6OZi8PNDFVC%2BOEy4ucAqNt18KlLMDW%2Bx7n%2Bs7YP3hfGnFrL6k%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 9184854f2feb5685-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=2750&min_rtt=415&rtt_var=3258&sent=180&recv=58&lost=0&retrans=1&sent_bytes=229465&recv_bytes=2443&delivery_rate=8829268&cwnd=78&unsent_bytes=0&cid=43f2fd6206f4bf56&ts=128&x=0"
X-Firefox-Spdy: h2

lookpapanohands.com/favicon.ico

172.67.189.13

204 No Content

0 B

URL GET HTTP/3
lookpapanohands.com/favicon.ico
IP
172.67.189.13:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lookpapanohands.com/?b=104075265&ba=1&campid=102946102&did=714&dm=1&ep=1&g=IN&i18db=1&l=Q4MZSNiaIejU66V&oaid=b8918bb2587179123007fafdc4d0fc1e&rid={reverse_id|1224055}&s=918519197972045824&ssk=6decea7ef3f98e79fdbd3efb4eeed26b&svar=1740555560&vi=1&vo=1&z=7707380&tr=default&stest=bbfcb34816e7ea56691fda653ef87bc3
Certificate
IssuerGoogle Trust Services
Subjectlookpapanohands.com
FingerprintD4:C7:E4:D6:46:9D:F1:54:14:6F:3E:76:F4:B6:CB:B9:C0:B6:A1:D6
ValiditySat, 25 Jan 2025 06:34:13 GMT - Fri, 25 Apr 2025 07:31:52 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: lookpapanohands.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: reverse=z8qk18vFkC3aiGRRbawcli9KkIgfiWdEoQxcEpYAafg; OAID=b8918bb2587179123007fafdc4d0fc1e; oaidts=1740620991
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Thu, 27 Feb 2025 01:49:52 GMT
x-content-type-options: nosniff
age: 6940
cache-control: max-age=86400
cf-cache-status: HIT
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bIbe3RAhjP8uGIYHYXKskRhTniIG%2FqhhHxVxUdZmcerGdFxCGLVZwDjbyaHBYeCf9eK7q9%2FiGMcknjJn7NVlp3OM4Tqus1lR8Du8t8fesJxLgc40HXB1gWKh8BqHW%2BfNKkH6pzvC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 918485525ddc569a-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3023&min_rtt=1876&rtt_var=1522&sent=13&recv=9&lost=0&retrans=0&sent_bytes=4168&recv_bytes=1316&delivery_rate=316508&cwnd=12000&unsent_bytes=0&cid=49e2e7064f8370f2&ts=773&x=1", cfExtPri, cfHdrFlush;dur=0

veryfastcdn.com/clickadu/templates/mobileSchema/tt/img/india/2.jpg

172.67.163.86

200 OK

18 kB

URL GET HTTP/2
veryfastcdn.com/clickadu/templates/mobileSchema/tt/img/india/2.jpg
IP
172.67.163.86:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lookpapanohands.com/?b=104075265&ba=1&campid=102946102&did=714&dm=1&ep=1&g=IN&i18db=1&l=Q4MZSNiaIejU66V&oaid=b8918bb2587179123007fafdc4d0fc1e&rid={reverse_id|1224055}&s=918519197972045824&ssk=6decea7ef3f98e79fdbd3efb4eeed26b&svar=1740555560&vi=1&vo=1&z=7707380&tr=default&stest=bbfcb34816e7ea56691fda653ef87bc3
Certificate
IssuerGoogle Trust Services
Subjectveryfastcdn.com
FingerprintF9:71:36:AF:1A:7F:C3:70:1A:FB:5F:92:7F:FA:39:7F:85:DA:A1:E7
ValidityMon, 17 Feb 2025 11:46:54 GMT - Sun, 18 May 2025 12:42:50 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 214x380, components 3
Size
18 kB (17774 bytes)
Hash
63b6a7b1eeababdca555c50abe5d7088
8061f74246e06762f385521faa46204429f4ddf7
ec5d458b6a4eb67c1597cbc9ce9ba5105c3242a0f544359ffd19300c93e99486

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /clickadu/templates/mobileSchema/tt/img/india/2.jpg HTTP/1.1
Host: veryfastcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 27 Feb 2025 01:49:51 GMT
content-type: image/jpeg
content-length: 17774
last-modified: Tue, 25 Feb 2025 14:59:18 GMT
vary: Accept-Encoding
etag: "67bddac6-456e"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=14400
cf-cache-status: HIT
age: 1195
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Gp%2B4RMLseIqna25gcfLroAQKYbHEOGb0MYIZ46StwsiUa4BxN8BUwta8FZixbKAT%2FtSycxya%2BKpqFYUa3%2F613RJ%2FHWt6KC1c3AarQlRz7TVcdXLE1bgUEwE8f9F1Eh%2Be51E%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 9184854f2fea5685-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=702&min_rtt=415&rtt_var=371&sent=68&recv=26&lost=0&retrans=0&sent_bytes=78988&recv_bytes=2443&delivery_rate=35624807&cwnd=254&unsent_bytes=98&cid=43f2fd6206f4bf56&ts=63&x=0"
X-Firefox-Spdy: h2

veryfastcdn.com/clickadu/templates/mobileSchema/tt/css/style.css

172.67.163.86

200 OK

17 kB

URL GET HTTP/2
veryfastcdn.com/clickadu/templates/mobileSchema/tt/css/style.css
IP
172.67.163.86:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lookpapanohands.com/?b=104075265&ba=1&campid=102946102&did=714&dm=1&ep=1&g=IN&i18db=1&l=Q4MZSNiaIejU66V&oaid=b8918bb2587179123007fafdc4d0fc1e&rid={reverse_id|1224055}&s=918519197972045824&ssk=6decea7ef3f98e79fdbd3efb4eeed26b&svar=1740555560&vi=1&vo=1&z=7707380&tr=default&stest=bbfcb34816e7ea56691fda653ef87bc3
Certificate
IssuerGoogle Trust Services
Subjectveryfastcdn.com
FingerprintF9:71:36:AF:1A:7F:C3:70:1A:FB:5F:92:7F:FA:39:7F:85:DA:A1:E7
ValidityMon, 17 Feb 2025 11:46:54 GMT - Sun, 18 May 2025 12:42:50 GMT

File type
ASCII text, with very long lines (16600), with no line terminators
Size
17 kB (16600 bytes)
Hash
d30a9b344731ac8f25be161778972b9b
41ea7bfbf8923572403d15afb84b4e2af86c957a
36590ceed38afd1742d4c42aa4eb88cc3f4fbb12830373ce7545bc2a1588d61e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /clickadu/templates/mobileSchema/tt/css/style.css HTTP/1.1
Host: veryfastcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 27 Feb 2025 01:49:51 GMT
content-type: text/css
last-modified: Tue, 25 Feb 2025 14:59:18 GMT
vary: Accept-Encoding
etag: W/"67bddac6-40d8"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=14400
cf-cache-status: HIT
age: 4047
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e67pLKM2rzgjutMNN%2B1XFoJdornCfxQVNiivD5xojA1%2BegrC2q3DFD27h%2FnjEA2CP30CXVrg8qHGPZoe%2FLvS9sqtLfCd9QsXR4APpWXlCUFXgu43e1vV6Iepl3NixdzT5BI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 9184854f2fe45685-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=681&min_rtt=415&rtt_var=277&sent=79&recv=31&lost=0&retrans=0&sent_bytes=93660&recv_bytes=2443&delivery_rate=14809090&cwnd=254&unsent_bytes=17184&cid=43f2fd6206f4bf56&ts=64&x=0"
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (1)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (16)

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP