Report - blog.zeroupload.com/safe.php?link=/1f3c9cd9d387e44c8b3615c1af6516e6/

Report Overview

Visited public
2025-05-16 22:58:21
Tags
URL
blog.zeroupload.com/safe.php?link=/1f3c9cd9d387e44c8b3615c1af6516e6/
Finishing URL
blog.zeroupload.com/
IP / ASN
172.67.130.148
#13335 CLOUDFLARENET
Title
About Us

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
experttrafficcounter.com	unknown	2025-01-23	2025-01-24	2025-05-16	1.8 kB	1.7 kB	52.59.33.6
wearychallengeraise.com	unknown	2024-08-19	2025-01-23	2025-05-11	2.4 kB	3.3 kB	192.243.59.20
zerofirmware.com	unknown	2022-03-07	2024-11-22	2025-05-11	1.0 kB	0 B	0.0.0.0
shotgunchancecruel.com	unknown	2024-08-20	2025-01-25	2025-05-12	2.4 kB	3.3 kB	192.243.59.20
invadedisheartentrail.com	unknown	2024-09-01	2024-10-22	2025-05-11	2.5 kB	3.4 kB	192.243.59.20
blog.zeroupload.com	unknown	2020-11-29	2023-09-06	2025-05-11	3.8 kB	1.2 MB	188.114.97.1
cdnjs.cloudflare.com	235	2009-02-17	2012-05-23	2025-05-14	1.4 kB	295 kB	104.17.25.14
boostsubs.com	unknown	2021-09-18	2021-10-14	2025-05-11	411 B	230 B	52.20.84.62
wipehumorousbeen.com	unknown	2022-08-08	2022-08-08	2025-05-11	1.8 kB	108 kB	172.240.253.132
equipmentselfemployed.com	unknown	2025-03-31	2025-05-15	2025-05-15	507 B	894 B	192.243.61.227
www.googletagmanager.com	75	2011-11-11	2012-10-04	2025-05-14	440 B	378 kB	142.250.74.168

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-05-16	medium	wearychallengeraise.com	Sinkholed
2025-05-16	medium	zerofirmware.com	Sinkholed
2025-05-16	medium	shotgunchancecruel.com	Sinkholed
2025-05-16	medium	equipmentselfemployed.com	Sinkholed
2025-05-16	medium	invadedisheartentrail.com	Sinkholed
2025-05-16	medium	zerofirmware.com	Sinkholed
2025-05-16	medium	wearychallengeraise.com	Sinkholed
2025-05-16	medium	shotgunchancecruel.com	Sinkholed
2025-05-16	medium	invadedisheartentrail.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (17)

	URL	From	Size	First Seen	Last Seen
	blog.zeroupload.com/	ScriptElement	153 B	2023-03-13	2025-05-20
Pretty URL blog.zeroupload.com/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-13 15:35 Last Seen2025-05-20 13:06 Times Seen387 Hash 015a30348c0b5b8241f7a989433c15e2 897c6139de417ec6cdca993ebc2183e471cce901 40dd887c6f9bef3d7e74a8ac6b35c5725ec4814f9d1bb0fdf66d123366a57569 Loading...

	blog.zeroupload.com/	ScriptElement	794 B	2025-05-10	2025-05-16
Pretty URL blog.zeroupload.com/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-05-10 16:25 Last Seen2025-05-16 22:58 Times Seen31 Hash d649aaccb17dcea0e47e0d048c6463d4 0b51b62c7f82a0b15f3bd50824872fa1fef973d1 7cca620a1a87363a6f02363d12ca60e7f503c7ccac333623cf625c911349a60c Loading...

	wipehumorousbeen.com/6763e525233ad7862020fe39431107c9/invoke.js	ScriptElement	26 kB	2025-05-16	2025-05-16
Pretty URL wipehumorousbeen.com/6763e525233ad7862020fe39431107c9/invoke.js IP 172.240.253.132 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-16 22:58 Last Seen2025-05-16 22:58 Times Seen1 Hash f3a083e2fa40c277198d47c1037a252c 40cf3007f5c8eaa8ad598b77d44937f781038263 0cf5500702c425c396044c40335f19983065f478e561c41f353462f13feee549 Loading...

	blog.zeroupload.com/	ScriptElement	1.2 kB	2023-03-07	2025-05-16
Pretty URL blog.zeroupload.com/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 13:22 Last Seen2025-05-16 22:58 Times Seen37 Hash 9fe1f02677376bf755494de8f5410b4b 0443ca669a13d9c1eac130ce48cae4de371fd44a 1fa40afcccd521ef77aa40c2ca65133716faee86e324770326fbd09b7cd713f4 Loading...

	about:blank	ScriptElement	145 B	2024-05-18	2025-05-16
Pretty URL about:blank IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-18 11:01 Last Seen2025-05-16 22:58 Times Seen102 Hash a8bb44340103d721898191ea94e24bfe 5e2f538eed3a2ab057f3d50036ca782758520d7c 17039bc51fb0e74b8398bdc9226a4a924177a10a9f94f1c913143626c58d1112 Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery/3.4.0/jquery.min.js	ScriptElement	88 kB	2023-03-07	2025-06-07
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/3.4.0/jquery.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06 Last Seen2025-06-07 23:25 Times Seen4305 Hash bbcf3bf05fa6cb58a67cfd0498f00d23 e4925196f6f444fa58915420fbcd80f909c68d28 0497a8d2a9bde7db8c0466fae73e347a3258192811ed1108e3e096d5f34ac0e8 Loading...

	blog.zeroupload.com/	ScriptElement	236 B	2025-05-10	2025-05-16
Pretty URL blog.zeroupload.com/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-05-10 16:25 Last Seen2025-05-16 22:58 Times Seen31 Hash c39bbb2ffc78f2bd88a452fb0c2bf24c fe01ca6fc4ae1546292e1c2436e3a5ae992af009 31810b6e5d6ea8495204da9e22ceb16bf073f8875d977098350586fbc471f1e5 Loading...

	wipehumorousbeen.com/bbaf4058207091c9f7de97ab67b8b62f/invoke.js	ScriptElement	26 kB	2025-05-16	2025-05-16
Pretty URL wipehumorousbeen.com/bbaf4058207091c9f7de97ab67b8b62f/invoke.js IP 172.240.253.132 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-16 22:49 Last Seen2025-05-16 22:58 Times Seen2 Hash f7c76f5259fc61a10a0a0890f58ea1c1 7686b52244f45e05d1ca7df075ef3a19c8894b21 7a8a15150fe6b747c1f2065c6d0a0640b3d4e642cfc7b134e519b16f6224182e Loading...

	blog.zeroupload.com/	ScriptElement	139 B	2024-05-18	2025-05-16
Pretty URL blog.zeroupload.com/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-18 11:01 Last Seen2025-05-16 22:58 Times Seen130 Hash 6b22cf8621e1fb4974ac11d803c864d1 989d0c57d433a89b37ce22c38be12aeb23f0be2f 2a1eb5f73fff4094470823e934c321fffa78e3ef403cc4040c49ed03c55dd17f Loading...

	wipehumorousbeen.com/5e7680d4e20a2b8fe1ea5d23b257ce3f/invoke.js	ScriptElement	26 kB	2025-05-16	2025-05-16
Pretty URL wipehumorousbeen.com/5e7680d4e20a2b8fe1ea5d23b257ce3f/invoke.js IP 172.240.253.132 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-16 01:20 Last Seen2025-05-16 22:58 Times Seen2 Hash e691aa2993be5ff18f2f164cfaef82b1 d61588f7726b65c959906834e6d45c390841fe34 f65896b2a61f82db181766f281d5d9eafa43a7c6c8c70f33f0e7a96ea995e609 Loading...

	wipehumorousbeen.com/e4b478382527e12337447b38f0435c67/invoke.js	ScriptElement	26 kB	2025-05-16	2025-05-16
Pretty URL wipehumorousbeen.com/e4b478382527e12337447b38f0435c67/invoke.js IP 172.240.253.132 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-16 01:21 Last Seen2025-05-16 22:58 Times Seen4 Hash 38afca50e562ffeee4e8dff91fa1e54d e11094ae399bdec6b87d2f3ef5dd59e739178955 053b328e89fe4830f1e4aa29b85f1d6773e458bd78bed6bdae8e101a39e87352 Loading...

	www.googletagmanager.com/gtag/js?id=G-QDB60Q47TN	ScriptElement	378 kB	2025-05-16	2025-05-16
Pretty URL www.googletagmanager.com/gtag/js?id=G-QDB60Q47TN IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-16 22:58 Last Seen2025-05-16 22:58 Times Seen1 Hash 89952b901d2dbc0e0461ddfb6a74a766 688a06a24896584cf19b6b2c688a828b05c5b3df 15c7dc215bc4cbc080c202692481709ffc54b74549c905967a95fe916d0e6d99 Loading...

	blog.zeroupload.com/	ScriptElement	140 B	2024-10-26	2025-05-16
Pretty URL blog.zeroupload.com/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-10-26 16:33 Last Seen2025-05-16 22:58 Times Seen32 Hash 5be883025055d03cf03b107d4506fab1 d712c9b906479bac8e5d9f11f7db105b5dec905e 9bcd14759d1d4436f8a7e35cb97bc8afc44b9589cbcec13bb39defdb7e6ff723 Loading...

	blog.zeroupload.com/	ScriptElement	139 B	2024-10-26	2025-05-16
Pretty URL blog.zeroupload.com/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-10-26 16:33 Last Seen2025-05-16 22:58 Times Seen32 Hash 7281fdf4556a71ebb4e78ec638cc388b 3859ea05488eb211f0913e3fb7b2c4d5c4c6bee6 fc1e402da4fdb4cb2694b669a258ac2f66a7e89edf9a106d38c1e726fb0d132a Loading...

	blog.zeroupload.com/	ScriptElement	433 B	2025-05-10	2025-05-16
Pretty URL blog.zeroupload.com/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-05-10 16:25 Last Seen2025-05-16 22:58 Times Seen31 Hash 38bf563f6c004d4bf89c55eb936a46ea b2ba6c8012ac54ed8f2cc6c98d00bb2c482f3802 5e2d0cfd7b9ef57a26b76dfd847330c53dd47955f298506bf088323f85c968dc Loading...

	about:blank	ScriptElement	145 B	2024-10-26	2025-05-16
Pretty URL about:blank IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-10-26 16:33 Last Seen2025-05-16 22:58 Times Seen10 Hash 347548709aa1a88f52c51698a7babe8a bdf85e3c93804c66ede66aef78eaaf0d9875735a 64aecd89974f605fe626ca60b256f91797d95a4e25b1e19021ef91b56260744b Loading...

	about:blank	ScriptElement	145 B	2024-10-26	2025-05-16
Pretty URL about:blank IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-10-26 16:33 Last Seen2025-05-16 22:58 Times Seen10 Hash e4e58b9ba3bce3009dbed77d7d7398fe 072d336e42fd64c47313410a08f817f1aed658a6 0f10f2f8af8100858ba7a867934bd9ae38b1274801c78b5fc9e70433f2943136 Loading...

HTTP Transactions (29)

URL IP Response Size

blog.zeroupload.com/safe.php?link=/1f3c9cd9d387e44c8b3615c1af6516e6/

188.114.97.1

200 OK

696 B

URL User Request GET
blog.zeroupload.com/safe.php?link=/1f3c9cd9d387e44c8b3615c1af6516e6/
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectzeroupload.com
Fingerprint49:50:CA:2C:59:5F:BE:56:86:2F:C7:BE:E8:7E:E6:EF:2F:54:11:01
ValiditySat, 22 Mar 2025 15:18:13 GMT - Fri, 20 Jun 2025 16:15:37 GMT

File type
HTML document, ASCII text
Size
696 B (696 bytes)
Hash
179d336eae0ed0bfff058ecf42cfdf88
636be939755889c3e3566cfd8448ee3793d6084e
773a0f5a26d5c8aef41ded339ce01b4820e730ac2628d0315ee37c27867ee35e

HTTP Headers

GET /safe.php?link=/1f3c9cd9d387e44c8b3615c1af6516e6/ HTTP/1.1
Host: blog.zeroupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 16 May 2025 22:57:49 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
vary: Accept-Encoding, Accept-Encoding
strict-transport-security: max-age=31536000
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Zzet%2FWxO%2FClk%2FW29S5WNqHM47WaiSxQyDJwD64z9p8wYE7LF%2Bd3OuiUoJtZh4n91%2B8LTZh8GmClG8iQR86P1pf135Mcd3%2FVytubo2KrYnrtE"}]}
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-encoding: br
cf-ray: 940e79eb0c28569b-OSL
X-Firefox-Spdy: h2

blog.zeroupload.com/

188.114.97.1

200 OK

30 kB

URL User Request POST
blog.zeroupload.com/
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectzeroupload.com
Fingerprint49:50:CA:2C:59:5F:BE:56:86:2F:C7:BE:E8:7E:E6:EF:2F:54:11:01
ValiditySat, 22 Mar 2025 15:18:13 GMT - Fri, 20 Jun 2025 16:15:37 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (925)
Size
30 kB (30540 bytes)
Hash
25b3118e96eb8f438f16a68e43885de0
28651bc62dec2e62610fe338949970b49bfcaa46
748bb1cb45aed15d40d63d573fbd246167db5af15f92c80f39e57a5dada23229

HTTP Headers

POST / HTTP/1.1
Host: blog.zeroupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 50
Origin: https://blog.zeroupload.com
DNT: 1
Connection: keep-alive
Referer: https://blog.zeroupload.com/safe.php?link=/1f3c9cd9d387e44c8b3615c1af6516e6/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 16 May 2025 22:57:50 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
vary: Accept-Encoding, Accept-Encoding
link: <https://blog.zeroupload.com/wp-json/>; rel="https://api.w.org/", <https://blog.zeroupload.com/wp-json/wp/v2/pages/76731>; rel="alternate"; title="JSON"; type="application/json", <https://blog.zeroupload.com/>; rel=shortlink
strict-transport-security: max-age=31536000
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=VUp94PItB5hktJRtZRsm7GuwzDVo0Rue2JXINR8PQmrbIoQ7eGdlDPF4l4%2FTVQP4gC%2FP6hJ0O5Iy8diZROmwvnCFmhEdVTwbw00Bdz4yRiji"}]}
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-encoding: br
cf-ray: 940e79ed9de3569b-OSL
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/jquery/3.4.0/jquery.min.js

104.17.25.14

200 OK

88 kB

URL GET
cdnjs.cloudflare.com/ajax/libs/jquery/3.4.0/jquery.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://blog.zeroupload.com/
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint5D:9B:5B:BE:24:B7:4B:CA:F3:05:47:2F:AB:3F:3C:F7:4E:C3:4D:BC
ValidityMon, 24 Mar 2025 12:00:12 GMT - Sun, 22 Jun 2025 13:00:01 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
88 kB (88151 bytes)
Hash
bbcf3bf05fa6cb58a67cfd0498f00d23
e4925196f6f444fa58915420fbcd80f909c68d28
0497a8d2a9bde7db8c0466fae73e347a3258192811ed1108e3e096d5f34ac0e8

HTTP Headers

GET /ajax/libs/jquery/3.4.0/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://blog.zeroupload.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 16 May 2025 22:57:50 GMT
content-type: application/javascript; charset=utf-8
content-length: 27781
server: cloudflare
strict-transport-security: max-age=15780000
cf-ray: 940e79f4cd9e568d-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-15857"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 187214
expires: Wed, 06 May 2026 22:57:50 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D2GnC8uHOlHILJMsSWIEXmbkqNkemjo5xZFugZZxVd5jypBeLChIHCNs4puY5esPooa7n3D8tmJbSCMajQkfDqCEGqG9%2FJAIw%2BYTBzXspTGFsIzb2vQB9o8sTfUTBIaJ0T4n6Tm2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

blog.zeroupload.com/wp-content/uploads/2024/10/03.png

188.114.97.1

200 OK

276 kB

URL GET
blog.zeroupload.com/wp-content/uploads/2024/10/03.png
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://blog.zeroupload.com/
Certificate
IssuerGoogle Trust Services
Subjectzeroupload.com
Fingerprint49:50:CA:2C:59:5F:BE:56:86:2F:C7:BE:E8:7E:E6:EF:2F:54:11:01
ValiditySat, 22 Mar 2025 15:18:13 GMT - Fri, 20 Jun 2025 16:15:37 GMT

File type
PNG image data, 1849 x 823, 8-bit/color RGBA, non-interlaced
Size
276 kB (276383 bytes)
Hash
2519731839aeb11f61adb4fdd21f3357
e418850d4e99676a71a9456db039813c2c4c7dbd
9841e62d3b55564a5e8efa6e71b48221950b70b194b04200248e73231038087b

HTTP Headers

GET /wp-content/uploads/2024/10/03.png HTTP/1.1
Host: blog.zeroupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://blog.zeroupload.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 16 May 2025 22:57:50 GMT
content-type: image/png
content-length: 276383
server: cloudflare
last-modified: Wed, 23 Oct 2024 21:16:14 GMT
vary: Accept-Encoding
etag: "6719679e-4379f"
expires: Mon, 09 Jun 2025 16:25:01 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
accept-ranges: bytes
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
age: 180625
cf-cache-status: HIT
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=m4tC4gUpdtCzlieYU%2BhOwdI4PkQxEUvPyKxRvgdbSb0EZXE8L7Rss%2B6vr6N77Nvw276C4ciCbLa2cWidxjJe15fDYUIULDL8zIa6juTRqoDv"}]}
cf-ray: 940e79f43a57569b-OSL
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.0.0/css/bootstrap.min.css

104.17.25.14

200 OK

145 kB

URL GET
cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.0.0/css/bootstrap.min.css
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://blog.zeroupload.com/
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint5D:9B:5B:BE:24:B7:4B:CA:F3:05:47:2F:AB:3F:3C:F7:4E:C3:4D:BC
ValidityMon, 24 Mar 2025 12:00:12 GMT - Sun, 22 Jun 2025 13:00:01 GMT

File type
ASCII text, with very long lines (65325)
Size
145 kB (144877 bytes)
Hash
450fc463b8b1a349df717056fbb3e078
895125a4522a3b10ee7ada06ee6503587cbf95c5
2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d

HTTP Headers

GET /ajax/libs/twitter-bootstrap/4.0.0/css/bootstrap.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://blog.zeroupload.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 16 May 2025 22:57:50 GMT
content-type: text/css; charset=utf-8
content-length: 15359
server: cloudflare
strict-transport-security: max-age=15780000
cf-ray: 940e79f4aea2b4eb-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb04010-235ed"
last-modified: Mon, 04 May 2020 16:17:20 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 188945
expires: Wed, 06 May 2026 22:57:50 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ThtMIfN2iX5P67%2BM8jMO36YLExggJNFgKN0N8ZawyvPV6m8Pr8MAH3rhBbdj3%2FFVqdq4byV7%2FS1s10XkNCqlwOEUPxuJzTAANC1s8Bv354OaQksaNCYBBMtuqdz0kpPuNtkV2cdp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

blog.zeroupload.com/wp-content/uploads/2024/10/001.png

188.114.97.1

200 OK

192 kB

URL GET
blog.zeroupload.com/wp-content/uploads/2024/10/001.png
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://blog.zeroupload.com/
Certificate
IssuerGoogle Trust Services
Subjectzeroupload.com
Fingerprint49:50:CA:2C:59:5F:BE:56:86:2F:C7:BE:E8:7E:E6:EF:2F:54:11:01
ValiditySat, 22 Mar 2025 15:18:13 GMT - Fri, 20 Jun 2025 16:15:37 GMT

File type
PNG image data, 1437 x 835, 8-bit/color RGBA, non-interlaced
Size
192 kB (192524 bytes)
Hash
ee2f4bfb9ed3f24bc7f22eaa1e5061d6
f163d59f923ddd88f10dc152f08a5654e784bb42
66d739c23b939dd40ad1020c6b6e4e120e1d14fc6cb04cb30fb070690e8232dd

HTTP Headers

GET /wp-content/uploads/2024/10/001.png HTTP/1.1
Host: blog.zeroupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://blog.zeroupload.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 16 May 2025 22:57:50 GMT
content-type: image/png
content-length: 192524
server: cloudflare
last-modified: Wed, 23 Oct 2024 21:16:09 GMT
vary: Accept-Encoding
etag: "67196799-2f00c"
expires: Sun, 15 Jun 2025 20:47:39 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
accept-ranges: bytes
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
age: 7798
cf-cache-status: HIT
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=6z9xXIladHGMjUcELmgSyklcHpW%2FkPUjeMON2iL3jR93VbqVf7X6opMyRc1snYrKR1jt7yWvcq8%2Bq91laIVUkgVc7pNfy7q8RNOunjKhhLWV"}]}
cf-ray: 940e79f43a55569b-OSL
X-Firefox-Spdy: h2

experttrafficcounter.com/stats

52.59.33.6

200 OK

40 B

URL GET
experttrafficcounter.com/stats
IP
52.59.33.6:443
ASN
#16509 AMAZON-02

Requested by
https://blog.zeroupload.com/
Certificate
IssuerAmazon
Subjectexperttrafficcounter.com
FingerprintCE:93:F6:82:20:C2:20:51:6E:53:85:EC:03:9C:48:F0:13:0B:67:D7
ValidityTue, 29 Apr 2025 00:00:00 GMT - Thu, 28 May 2026 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
98fb2a16f4bc8a9db346f4c3751b3328
247eb45ca7ea1cdaa001b362b8affa00bf5bd3bb
9b67cbdc66190d4cf23aa94ffb9f1e3d50cb863440e595b4bcad605e881288a8

HTTP Headers

GET /stats HTTP/1.1
Host: experttrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://blog.zeroupload.com
DNT: 1
Connection: keep-alive
Referer: https://blog.zeroupload.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 16 May 2025 22:57:51 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://blog.zeroupload.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=b5a04aef-b868-4223-a33f-149a251e9d61:1:1; expires=Mon, 14 May 2035 22:57:51 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

wearychallengeraise.com/watch.66467353896.js?dev=e&key=6763e525233ad7862020fe39431107c9&kw=%5B%22about%22%2C%22us%22%5D&pst=1747436332&rb=&refer=https%3A%2F%2Fblog.zeroupload.com%2F&res=14.3095&rmtc=t&shu=53dcd947b4ecab7d05512fe74b6374b9cf7ca2bce393c8609676bf87275ad201234ca5840f8fd0683f31bf0001d4efebc72ae3406515d37b2048ffeb1fb00f7c164790ee256838677b61f1cd7e769ca9ee0ef9a1ce0c32ecf9d520&tz=0&uuid=5ba05410-3a30-4879-b44f-c39e2787c2e0%3A1%3A1

192.243.59.20

200 OK

0 B

URL GET
wearychallengeraise.com/watch.66467353896.js?dev=e&key=6763e525233ad7862020fe39431107c9&kw=%5B%22about%22%2C%22us%22%5D&pst=1747436332&rb=&refer=https%3A%2F%2Fblog.zeroupload.com%2F&res=14.3095&rmtc=t&shu=53dcd947b4ecab7d05512fe74b6374b9cf7ca2bce393c8609676bf87275ad201234ca5840f8fd0683f31bf0001d4efebc72ae3406515d37b2048ffeb1fb00f7c164790ee256838677b61f1cd7e769ca9ee0ef9a1ce0c32ecf9d520&tz=0&uuid=5ba05410-3a30-4879-b44f-c39e2787c2e0%3A1%3A1
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://blog.zeroupload.com/
Certificate
IssuerLet's Encrypt
Subjectwearychallengeraise.com
Fingerprint59:0D:D9:8E:52:01:C0:D1:1E:83:C9:8F:D9:E2:AA:FF:AF:B7:B8:51
ValiditySun, 20 Apr 2025 03:17:43 GMT - Sat, 19 Jul 2025 03:17:42 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.66467353896.js?dev=e&key=6763e525233ad7862020fe39431107c9&kw=%5B%22about%22%2C%22us%22%5D&pst=1747436332&rb=&refer=https%3A%2F%2Fblog.zeroupload.com%2F&res=14.3095&rmtc=t&shu=53dcd947b4ecab7d05512fe74b6374b9cf7ca2bce393c8609676bf87275ad201234ca5840f8fd0683f31bf0001d4efebc72ae3406515d37b2048ffeb1fb00f7c164790ee256838677b61f1cd7e769ca9ee0ef9a1ce0c32ecf9d520&tz=0&uuid=5ba05410-3a30-4879-b44f-c39e2787c2e0%3A1%3A1 HTTP/1.1
Host: wearychallengeraise.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://blog.zeroupload.com
Referer: https://blog.zeroupload.com/
DNT: 1
Connection: keep-alive
Cookie: ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMzI1NDEyMiwiayI6IjY3NjNlNTI1MjMzYWQ3ODYyMDIwZmUzOTQzMTEwN2M5Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozODU2OTY4LCJwaWQiOjE3OTMzMTAsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjEsImFpZCI6MjMsInB0Ijo0LCJwayI6ImtqdWEyaGRlNjYiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6MjY2NTYxMTE1LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTM2OTI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEzNC4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vYmxvZy56ZXJvdXBsb2FkLmNvbS8iLCJhciI6W119fQ.N_dgQrMj5TNHJc6P14BNHoIRyEA3c8_oRrJTYTDImMs
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 16 May 2025 22:57:52 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://blog.zeroupload.com
Access-Control-Allow-Origin: https://blog.zeroupload.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=5ba05410-3a30-4879-b44f-c39e2787c2e0:1:1; expires=Fri, 23 May 2025 22:57:52 GMT; path=/; secure; SameSite=None
Host: wearychallengeraise.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: b746a60d46abd8ccae6b250474e6771c
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

boostsubs.com/assets/css/button-panel-v1.css

52.20.84.62

404 Not Found

0 B

URL GET
boostsubs.com/assets/css/button-panel-v1.css
IP
52.20.84.62:443
ASN
#14618 AMAZON-AES

Requested by
https://blog.zeroupload.com/
Certificate
IssuerLet's Encrypt
Subjectboostsubs.com
FingerprintCC:92:30:15:AF:94:B3:0A:1D:C8:42:46:C0:3B:64:4D:06:00:9B:AA
ValidityTue, 22 Apr 2025 17:28:43 GMT - Mon, 21 Jul 2025 17:28:42 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /assets/css/button-panel-v1.css HTTP/1.1
Host: boostsubs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: openresty
Date: Fri, 16 May 2025 22:57:51 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"674da66a-439"
Content-Encoding: gzip

wipehumorousbeen.com/e4b478382527e12337447b38f0435c67/invoke.js

172.240.253.132

200 OK

26 kB

URL GET
wipehumorousbeen.com/e4b478382527e12337447b38f0435c67/invoke.js
IP
172.240.253.132:443
ASN
#7979 SERVERS-COM

Requested by
https://blog.zeroupload.com/
Certificate
IssuerLet's Encrypt
Subject*.wipehumorousbeen.com
Fingerprint01:2B:27:C3:52:5C:7C:53:37:8F:50:26:F5:A7:4F:A5:2F:39:5F:FC
ValidityFri, 28 Mar 2025 22:27:20 GMT - Thu, 26 Jun 2025 22:27:19 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (25558), with no line terminators
Size
26 kB (25560 bytes)
Hash
38afca50e562ffeee4e8dff91fa1e54d
e11094ae399bdec6b87d2f3ef5dd59e739178955
053b328e89fe4830f1e4aa29b85f1d6773e458bd78bed6bdae8e101a39e87352

HTTP Headers

GET /e4b478382527e12337447b38f0435c67/invoke.js HTTP/1.1
Host: wipehumorousbeen.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://blog.zeroupload.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 16 May 2025 22:57:51 GMT
Content-Type: application/javascript
Content-Length: 9511
Connection: keep-alive
content-encoding: gzip
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
accept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
x-envoy-upstream-service-time: 7
Host: wipehumorousbeen.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 603c3d1f299ac2ab01961a70ed4305c1
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

zerofirmware.com/wp-content/uploads/2024/02/360_F_553489791_x7xgnXUmCqXTv2SslehhCCKSblkGtrUD.jpg

0.0.0.0

0 B

URL GET
zerofirmware.com/wp-content/uploads/2024/02/360_F_553489791_x7xgnXUmCqXTv2SslehhCCKSblkGtrUD.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://blog.zeroupload.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2024/02/360_F_553489791_x7xgnXUmCqXTv2SslehhCCKSblkGtrUD.jpg HTTP/1.1
Host: zerofirmware.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://blog.zeroupload.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

shotgunchancecruel.com/watch.832970545415.js?dev=e&key=5e7680d4e20a2b8fe1ea5d23b257ce3f&kw=%5B%22about%22%2C%22us%22%5D&pst=1747436332&rb=&refer=https%3A%2F%2Fblog.zeroupload.com%2F&res=14.3095&rmtc=t&shu=3a1ed0911d91ef8054d1ad0e6b2aeada833ee3b7f06a33e66052db352836aae04df8a371cbeb0903b4ac30884a559ab7bc5fc1339cde16b03f6e709c363b7d534b189939db59c8e740c8f39eccb14c39fd826a7ef80897ba9a710e&tz=0&uuid=9615bc9d-55ed-4423-922e-f64d275d4f7c%3A1%3A1

192.243.59.20

200 OK

0 B

URL GET
shotgunchancecruel.com/watch.832970545415.js?dev=e&key=5e7680d4e20a2b8fe1ea5d23b257ce3f&kw=%5B%22about%22%2C%22us%22%5D&pst=1747436332&rb=&refer=https%3A%2F%2Fblog.zeroupload.com%2F&res=14.3095&rmtc=t&shu=3a1ed0911d91ef8054d1ad0e6b2aeada833ee3b7f06a33e66052db352836aae04df8a371cbeb0903b4ac30884a559ab7bc5fc1339cde16b03f6e709c363b7d534b189939db59c8e740c8f39eccb14c39fd826a7ef80897ba9a710e&tz=0&uuid=9615bc9d-55ed-4423-922e-f64d275d4f7c%3A1%3A1
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://blog.zeroupload.com/
Certificate
IssuerLet's Encrypt
Subjectshotgunchancecruel.com
Fingerprint57:F1:91:12:31:BB:80:19:FF:41:09:D0:8D:7B:40:3F:77:DF:B2:B3
ValiditySun, 20 Apr 2025 02:16:11 GMT - Sat, 19 Jul 2025 02:16:10 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.832970545415.js?dev=e&key=5e7680d4e20a2b8fe1ea5d23b257ce3f&kw=%5B%22about%22%2C%22us%22%5D&pst=1747436332&rb=&refer=https%3A%2F%2Fblog.zeroupload.com%2F&res=14.3095&rmtc=t&shu=3a1ed0911d91ef8054d1ad0e6b2aeada833ee3b7f06a33e66052db352836aae04df8a371cbeb0903b4ac30884a559ab7bc5fc1339cde16b03f6e709c363b7d534b189939db59c8e740c8f39eccb14c39fd826a7ef80897ba9a710e&tz=0&uuid=9615bc9d-55ed-4423-922e-f64d275d4f7c%3A1%3A1 HTTP/1.1
Host: shotgunchancecruel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://blog.zeroupload.com
Referer: https://blog.zeroupload.com/
DNT: 1
Connection: keep-alive
Cookie: ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjk0NTA2MiwiayI6IjVlNzY4MGQ0ZTIwYTJiOGZlMWVhNWQyM2IyNTdjZTNmIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNzUzNjEyLCJwaWQiOjE3OTMzMTAsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjEsImFpZCI6NSwicHQiOjQsInBrIjoiYzY0NDBmcmoiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6MjY2NTYxMTE1LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTM2OTI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEzNC4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vYmxvZy56ZXJvdXBsb2FkLmNvbS8iLCJhciI6W119fQ.n3bGthOnhSmd-aHMVayNhtX5NduMfg7ynIma4GlNpmM
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 16 May 2025 22:57:52 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://blog.zeroupload.com
Access-Control-Allow-Origin: https://blog.zeroupload.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=9615bc9d-55ed-4423-922e-f64d275d4f7c:1:1; expires=Fri, 23 May 2025 22:57:52 GMT; path=/; secure; SameSite=None
Host: shotgunchancecruel.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 82e13c022bbb08c24dbb38d9497137eb
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/css/all.min.css

104.17.25.14

200 OK

59 kB

URL GET
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/css/all.min.css
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://blog.zeroupload.com/
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint5D:9B:5B:BE:24:B7:4B:CA:F3:05:47:2F:AB:3F:3C:F7:4E:C3:4D:BC
ValidityMon, 24 Mar 2025 12:00:12 GMT - Sun, 22 Jun 2025 13:00:01 GMT

File type
ASCII text, with very long lines (58749)
Size
59 kB (58935 bytes)
Hash
84d8ad2b4fcdc0f0c58247e778133b3a
6f33eae92d42fe209167139940a0ad6a3c6c167e
14cbd9b866a9b092e3a2e03a93b128da5baca005fd8b44a1956146eaab7b48b7

HTTP Headers

GET /ajax/libs/font-awesome/5.14.0/css/all.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://blog.zeroupload.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 16 May 2025 22:57:50 GMT
content-type: text/css; charset=utf-8
content-length: 10391
server: cloudflare
strict-transport-security: max-age=15780000
cf-ray: 940e79f4ceb5b4eb-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5f0f47d3-e637"
last-modified: Wed, 15 Jul 2020 18:15:47 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 97395
expires: Wed, 06 May 2026 22:57:50 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8iVwVMvipJhaVGemk%2F2ADt12ivdnFjwSSSDI6w7i%2BDigpbs0GUlqXxPKMu2CVOfg%2Fbyzb5qt7TIT%2FfhW8%2BRlVYi17ODHxmGDTt0%2FqAWVVoTT9rt19%2Fp1EY7%2FwfMcrlQhEmedjBKv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

experttrafficcounter.com/stats

52.59.33.6

200 OK

40 B

URL GET
experttrafficcounter.com/stats
IP
52.59.33.6:443
ASN
#16509 AMAZON-02

Requested by
https://blog.zeroupload.com/
Certificate
IssuerAmazon
Subjectexperttrafficcounter.com
FingerprintCE:93:F6:82:20:C2:20:51:6E:53:85:EC:03:9C:48:F0:13:0B:67:D7
ValidityTue, 29 Apr 2025 00:00:00 GMT - Thu, 28 May 2026 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
aa31e87c2884eeb7f5e834b0a46b5740
29c23ef20a3980e2707dadd93aee43c6472ed662
b0f11ce1b5e16afd2a86e1ceda23c18c17cae86bbf3dc880fc762525c51a1a81

HTTP Headers

GET /stats HTTP/1.1
Host: experttrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://blog.zeroupload.com
DNT: 1
Connection: keep-alive
Referer: https://blog.zeroupload.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 16 May 2025 22:57:51 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://blog.zeroupload.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=f1806c95-800b-4ba2-9712-8477372ec27e:2:1; expires=Mon, 14 May 2035 22:57:51 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

experttrafficcounter.com/stats

52.59.33.6

200 OK

40 B

URL GET
experttrafficcounter.com/stats
IP
52.59.33.6:443
ASN
#16509 AMAZON-02

Requested by
https://blog.zeroupload.com/
Certificate
IssuerAmazon
Subjectexperttrafficcounter.com
FingerprintCE:93:F6:82:20:C2:20:51:6E:53:85:EC:03:9C:48:F0:13:0B:67:D7
ValidityTue, 29 Apr 2025 00:00:00 GMT - Thu, 28 May 2026 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
dc22959201483215653c4ac756cfa007
f5d08ca420cfa35b207a5d9cb94859c4a1e1dafd
7eca96c7a612ae4fade474147b2485e9fe8094181b1df7dc035e7ef9ad1e8d30

HTTP Headers

GET /stats HTTP/1.1
Host: experttrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://blog.zeroupload.com
DNT: 1
Connection: keep-alive
Referer: https://blog.zeroupload.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 16 May 2025 22:57:51 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://blog.zeroupload.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=9615bc9d-55ed-4423-922e-f64d275d4f7c:1:1; expires=Mon, 14 May 2035 22:57:51 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

equipmentselfemployed.com/ntv.json?key=e4b478382527e12337447b38f0435c67&vstc=4&rb=

192.243.61.227

200 OK

0 B

URL GET
equipmentselfemployed.com/ntv.json?key=e4b478382527e12337447b38f0435c67&vstc=4&rb=
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://blog.zeroupload.com/
Certificate
IssuerLet's Encrypt
Subjectequipmentselfemployed.com
Fingerprint2D:10:EF:46:AD:CF:E5:D6:AD:88:3D:D6:34:C1:DC:84:01:C9:00:EC
ValidityMon, 31 Mar 2025 07:42:13 GMT - Sun, 29 Jun 2025 07:42:12 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ntv.json?key=e4b478382527e12337447b38f0435c67&vstc=4&rb= HTTP/1.1
Host: equipmentselfemployed.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://blog.zeroupload.com
DNT: 1
Connection: keep-alive
Referer: https://blog.zeroupload.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 16 May 2025 22:57:52 GMT
Content-Type: application/json
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://blog.zeroupload.com
Access-Control-Allow-Origin: https://blog.zeroupload.com
Access-Control-Allow-Credentials: true
Host: equipmentselfemployed.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: d7a4ad62ed130f53637c6c1ed50453b3
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

blog.zeroupload.com/wp-content/uploads/2024/10/004.png

188.114.97.1

200 OK

182 kB

URL GET
blog.zeroupload.com/wp-content/uploads/2024/10/004.png
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://blog.zeroupload.com/
Certificate
IssuerGoogle Trust Services
Subjectzeroupload.com
Fingerprint49:50:CA:2C:59:5F:BE:56:86:2F:C7:BE:E8:7E:E6:EF:2F:54:11:01
ValiditySat, 22 Mar 2025 15:18:13 GMT - Fri, 20 Jun 2025 16:15:37 GMT

File type
PNG image data, 1471 x 801, 8-bit/color RGBA, non-interlaced
Size
182 kB (182322 bytes)
Hash
f1e90f5b07bb5f5c754f65a744321d40
859642e33e5d9c92a1d09777fe6888ab3c4ffbf2
6c498bb6de15e0eb97398d9edcfa7a0a135fa2790b82d5d1dedfb31f736db2ab

HTTP Headers

GET /wp-content/uploads/2024/10/004.png HTTP/1.1
Host: blog.zeroupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://blog.zeroupload.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 16 May 2025 22:57:50 GMT
content-type: image/png
content-length: 182322
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
last-modified: Wed, 23 Oct 2024 21:16:15 GMT
vary: Accept-Encoding
etag: "6719679f-2c832"
expires: Mon, 09 Jun 2025 16:25:01 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 500059
accept-ranges: bytes
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=09a693BLybDNqoCnZ91sPpDDFGciwr2gboBKdSHEm4p%2BlEwlg41JVzRCDoIbcosI2ZEBaaSlCmj9%2B2kEDGQTUXzG%2FrjqumMX46CyNS%2F9phYx"}]}
cf-ray: 940e79f43a60569b-OSL
X-Firefox-Spdy: h2

invadedisheartentrail.com/watch.1414219997207.js?key=bbaf4058207091c9f7de97ab67b8b62f&kw=%5B%22about%22%2C%22us%22%5D&refer=https%3A%2F%2Fblog.zeroupload.com%2F&tz=0&dev=e&res=14.3095&rb=&uuid=f1806c95-800b-4ba2-9712-8477372ec27e%3A2%3A1

192.243.59.20

307 Temporary Redirect

0 B

URL GET
invadedisheartentrail.com/watch.1414219997207.js?key=bbaf4058207091c9f7de97ab67b8b62f&kw=%5B%22about%22%2C%22us%22%5D&refer=https%3A%2F%2Fblog.zeroupload.com%2F&tz=0&dev=e&res=14.3095&rb=&uuid=f1806c95-800b-4ba2-9712-8477372ec27e%3A2%3A1
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://blog.zeroupload.com/
Certificate
IssuerLet's Encrypt
Subjectinvadedisheartentrail.com
Fingerprint95:61:8E:B5:87:C3:51:FF:61:D7:15:A0:D3:84:2F:F7:62:3D:AF:A5
ValidityTue, 29 Apr 2025 21:47:10 GMT - Mon, 28 Jul 2025 21:47:09 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1414219997207.js?key=bbaf4058207091c9f7de97ab67b8b62f&kw=%5B%22about%22%2C%22us%22%5D&refer=https%3A%2F%2Fblog.zeroupload.com%2F&tz=0&dev=e&res=14.3095&rb=&uuid=f1806c95-800b-4ba2-9712-8477372ec27e%3A2%3A1 HTTP/1.1
Host: invadedisheartentrail.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://blog.zeroupload.com
DNT: 1
Connection: keep-alive
Referer: https://blog.zeroupload.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Fri, 16 May 2025 22:57:52 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://blog.zeroupload.com
Access-Control-Allow-Origin: https://blog.zeroupload.com
Access-Control-Allow-Credentials: true
Location: https://invadedisheartentrail.com/watch.1414219997207.js?dev=e&key=bbaf4058207091c9f7de97ab67b8b62f&kw=%5B%22about%22%2C%22us%22%5D&pst=1747436332&rb=&refer=https%3A%2F%2Fblog.zeroupload.com%2F&res=14.3095&rmtc=t&shu=bab54d5b469758516363fc5d914e7484f03ff9a8c6bd8026a20c7f6d820f6c7557d3ba2cbc2f7241b1272501137d0ebedb7e16204597f7123050817bfe39590ce3fdbd00c6b96d6e6080feefb9bc93b0c1a2bb24362f811f8bd3d6&tz=0&uuid=f1806c95-800b-4ba2-9712-8477372ec27e%3A2%3A1
Set-Cookie: ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjk0NTEwMSwiayI6ImJiYWY0MDU4MjA3MDkxYzlmN2RlOTdhYjY3YjhiNjJmIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNzUzNjEyLCJwaWQiOjE3OTMzMTAsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjEsImFpZCI6MjMsInB0Ijo0LCJwayI6InFlMm4xcGgxIiwiY3BrcyI6eyIyOCI6IjliNDdlZjg0MjI3YjY1YjkwZDAzOGQyNGY1M2FlYTg3In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9ibG9nLnplcm91cGxvYWQuY29tLyIsImFyIjpbXX19.6DDHjpllE9hdAJR9v_40e871OUjr2gf_2B_HAiDlErc; expires=Fri, 16 May 2025 22:58:52 GMT; path=/; secure; SameSite=None
Host: invadedisheartentrail.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 3b3d51540fbdc4c4c52ebaf1131df1ad
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

www.googletagmanager.com/gtag/js?id=G-QDB60Q47TN

142.250.74.168

200 OK

378 kB

URL GET
www.googletagmanager.com/gtag/js?id=G-QDB60Q47TN
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://blog.zeroupload.com/
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint02:7D:56:C0:B9:20:0C:27:A4:AC:B9:8F:9D:45:1D:85:2A:30:50:AD
ValidityMon, 21 Apr 2025 08:40:41 GMT - Mon, 14 Jul 2025 08:40:40 GMT

File type
JavaScript source, ASCII text, with very long lines (5432)
Size
378 kB (377458 bytes)
Hash
89952b901d2dbc0e0461ddfb6a74a766
688a06a24896584cf19b6b2c688a828b05c5b3df
15c7dc215bc4cbc080c202692481709ffc54b74549c905967a95fe916d0e6d99

HTTP Headers

GET /gtag/js?id=G-QDB60Q47TN HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://blog.zeroupload.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 16 May 2025 22:57:51 GMT
expires: Fri, 16 May 2025 22:57:51 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1075:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1075:0
report-to: {"group":"ascgcycc:1075:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1075:0"}],}
server: Google Tag Manager
content-length: 126988
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

zerofirmware.com/wp-content/uploads/2024/02/360_F_553489791_x7xgnXUmCqXTv2SslehhCCKSblkGtrUD.jpg

0.0.0.0

0 B

URL GET
zerofirmware.com/wp-content/uploads/2024/02/360_F_553489791_x7xgnXUmCqXTv2SslehhCCKSblkGtrUD.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://blog.zeroupload.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2024/02/360_F_553489791_x7xgnXUmCqXTv2SslehhCCKSblkGtrUD.jpg HTTP/1.1
Host: zerofirmware.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://blog.zeroupload.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

wipehumorousbeen.com/6763e525233ad7862020fe39431107c9/invoke.js

172.240.253.132

200 OK

26 kB

URL GET
wipehumorousbeen.com/6763e525233ad7862020fe39431107c9/invoke.js
IP
172.240.253.132:443
ASN
#7979 SERVERS-COM

Requested by
https://blog.zeroupload.com/
Certificate
IssuerLet's Encrypt
Subject*.wipehumorousbeen.com
Fingerprint01:2B:27:C3:52:5C:7C:53:37:8F:50:26:F5:A7:4F:A5:2F:39:5F:FC
ValidityFri, 28 Mar 2025 22:27:20 GMT - Thu, 26 Jun 2025 22:27:19 GMT

File type
JavaScript source, ASCII text, with very long lines (26384), with no line terminators
Size
26 kB (26384 bytes)
Hash
f3a083e2fa40c277198d47c1037a252c
40cf3007f5c8eaa8ad598b77d44937f781038263
0cf5500702c425c396044c40335f19983065f478e561c41f353462f13feee549

HTTP Headers

GET /6763e525233ad7862020fe39431107c9/invoke.js HTTP/1.1
Host: wipehumorousbeen.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://blog.zeroupload.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 16 May 2025 22:57:51 GMT
Content-Type: application/javascript
Content-Length: 11052
Connection: keep-alive
content-encoding: gzip
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
accept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
x-envoy-upstream-service-time: 8
Host: wipehumorousbeen.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 0981c873ff727d0eac4d9bfa055b83eb
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

blog.zeroupload.com/wp-content/uploads/2024/10/002.png

188.114.97.1

200 OK

416 kB

URL GET
blog.zeroupload.com/wp-content/uploads/2024/10/002.png
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://blog.zeroupload.com/
Certificate
IssuerGoogle Trust Services
Subjectzeroupload.com
Fingerprint49:50:CA:2C:59:5F:BE:56:86:2F:C7:BE:E8:7E:E6:EF:2F:54:11:01
ValiditySat, 22 Mar 2025 15:18:13 GMT - Fri, 20 Jun 2025 16:15:37 GMT

File type
PNG image data, 1483 x 817, 8-bit/color RGBA, non-interlaced
Size
416 kB (415804 bytes)
Hash
6ff29a5270ae51c5ab944a63952479bb
c36b88fd8a467a58651463b17723f5cdbd4069ae
195c2e1feb76ad7db64181c1ca5e6666f2548274d1bf54f1f409e8555fb90277

HTTP Headers

GET /wp-content/uploads/2024/10/002.png HTTP/1.1
Host: blog.zeroupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://blog.zeroupload.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 16 May 2025 22:57:50 GMT
content-type: image/png
content-length: 415804
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
last-modified: Wed, 23 Oct 2024 21:16:12 GMT
vary: Accept-Encoding
etag: "6719679c-6583c"
expires: Mon, 09 Jun 2025 16:25:01 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 77861
accept-ranges: bytes
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=wo5N5VbRZaZe7BP8zCbsXpCMUUqSuudjsaYtSSL5yDXSi1UViHkDfMhFDPh5U2X%2F%2FlM1n0hGRJGkd9zRJi8UKqZxJATYeE2oFgBA4GNpOz6b"}]}
cf-ray: 940e79f43a56569b-OSL
X-Firefox-Spdy: h2

wearychallengeraise.com/watch.66467353896.js?key=6763e525233ad7862020fe39431107c9&kw=%5B%22about%22%2C%22us%22%5D&refer=https%3A%2F%2Fblog.zeroupload.com%2F&tz=0&dev=e&res=14.3095&rb=&uuid=5ba05410-3a30-4879-b44f-c39e2787c2e0%3A1%3A1

192.243.59.20

307 Temporary Redirect

0 B

URL GET
wearychallengeraise.com/watch.66467353896.js?key=6763e525233ad7862020fe39431107c9&kw=%5B%22about%22%2C%22us%22%5D&refer=https%3A%2F%2Fblog.zeroupload.com%2F&tz=0&dev=e&res=14.3095&rb=&uuid=5ba05410-3a30-4879-b44f-c39e2787c2e0%3A1%3A1
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://blog.zeroupload.com/
Certificate
IssuerLet's Encrypt
Subjectwearychallengeraise.com
Fingerprint59:0D:D9:8E:52:01:C0:D1:1E:83:C9:8F:D9:E2:AA:FF:AF:B7:B8:51
ValiditySun, 20 Apr 2025 03:17:43 GMT - Sat, 19 Jul 2025 03:17:42 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.66467353896.js?key=6763e525233ad7862020fe39431107c9&kw=%5B%22about%22%2C%22us%22%5D&refer=https%3A%2F%2Fblog.zeroupload.com%2F&tz=0&dev=e&res=14.3095&rb=&uuid=5ba05410-3a30-4879-b44f-c39e2787c2e0%3A1%3A1 HTTP/1.1
Host: wearychallengeraise.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://blog.zeroupload.com
DNT: 1
Connection: keep-alive
Referer: https://blog.zeroupload.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Fri, 16 May 2025 22:57:52 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://blog.zeroupload.com
Access-Control-Allow-Origin: https://blog.zeroupload.com
Access-Control-Allow-Credentials: true
Location: https://wearychallengeraise.com/watch.66467353896.js?dev=e&key=6763e525233ad7862020fe39431107c9&kw=%5B%22about%22%2C%22us%22%5D&pst=1747436332&rb=&refer=https%3A%2F%2Fblog.zeroupload.com%2F&res=14.3095&rmtc=t&shu=53dcd947b4ecab7d05512fe74b6374b9cf7ca2bce393c8609676bf87275ad201234ca5840f8fd0683f31bf0001d4efebc72ae3406515d37b2048ffeb1fb00f7c164790ee256838677b61f1cd7e769ca9ee0ef9a1ce0c32ecf9d520&tz=0&uuid=5ba05410-3a30-4879-b44f-c39e2787c2e0%3A1%3A1
Set-Cookie: ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMzI1NDEyMiwiayI6IjY3NjNlNTI1MjMzYWQ3ODYyMDIwZmUzOTQzMTEwN2M5Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozODU2OTY4LCJwaWQiOjE3OTMzMTAsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjEsImFpZCI6MjMsInB0Ijo0LCJwayI6ImtqdWEyaGRlNjYiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6MjY2NTYxMTE1LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTM2OTI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEzNC4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vYmxvZy56ZXJvdXBsb2FkLmNvbS8iLCJhciI6W119fQ.N_dgQrMj5TNHJc6P14BNHoIRyEA3c8_oRrJTYTDImMs; expires=Fri, 16 May 2025 22:58:52 GMT; path=/; secure; SameSite=None
Host: wearychallengeraise.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: eb9a09405f52b91c9d06c4bd25e5285f
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

wipehumorousbeen.com/5e7680d4e20a2b8fe1ea5d23b257ce3f/invoke.js

172.240.253.132

200 OK

26 kB

URL GET
wipehumorousbeen.com/5e7680d4e20a2b8fe1ea5d23b257ce3f/invoke.js
IP
172.240.253.132:443
ASN
#7979 SERVERS-COM

Requested by
https://blog.zeroupload.com/
Certificate
IssuerLet's Encrypt
Subject*.wipehumorousbeen.com
Fingerprint01:2B:27:C3:52:5C:7C:53:37:8F:50:26:F5:A7:4F:A5:2F:39:5F:FC
ValidityFri, 28 Mar 2025 22:27:20 GMT - Thu, 26 Jun 2025 22:27:19 GMT

File type
JavaScript source, ASCII text, with very long lines (26381), with no line terminators
Size
26 kB (26381 bytes)
Hash
e691aa2993be5ff18f2f164cfaef82b1
d61588f7726b65c959906834e6d45c390841fe34
f65896b2a61f82db181766f281d5d9eafa43a7c6c8c70f33f0e7a96ea995e609

HTTP Headers

GET /5e7680d4e20a2b8fe1ea5d23b257ce3f/invoke.js HTTP/1.1
Host: wipehumorousbeen.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://blog.zeroupload.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 16 May 2025 22:57:51 GMT
Content-Type: application/javascript
Content-Length: 11050
Connection: keep-alive
content-encoding: gzip
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
accept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
x-envoy-upstream-service-time: 8
Host: wipehumorousbeen.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: d891e3b63577513b4d9b3a9d04fe3022
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

blog.zeroupload.com/assets/img/favicon.png

188.114.97.1

404 Not Found

58 kB

URL GET
blog.zeroupload.com/assets/img/favicon.png
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://blog.zeroupload.com/
Certificate
IssuerGoogle Trust Services
Subjectzeroupload.com
Fingerprint49:50:CA:2C:59:5F:BE:56:86:2F:C7:BE:E8:7E:E6:EF:2F:54:11:01
ValiditySat, 22 Mar 2025 15:18:13 GMT - Fri, 20 Jun 2025 16:15:37 GMT

File type
HTML document, ASCII text, with very long lines (56756)
Size
58 kB (58288 bytes)
Hash
b6305f53b4d3432d561eb748f4af25fd
e01e5117f6fa0d6b1a82ae3c45839d8097d119b5
dc676cc52046a252ee86c463e49bce5b517c932ab100f21cb62e231cb3d7ed7a

HTTP Headers

GET /assets/img/favicon.png HTTP/1.1
Host: blog.zeroupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://blog.zeroupload.com/
Cookie: _ga_QDB60Q47TN=GS2.1.s1747436271$o1$g0$t1747436271$j0$l0$h0; _ga=GA1.1.1503591500.1747436271; dom3ic8zudi28v8lr6fgphwffqoz0j6c=5ba05410-3a30-4879-b44f-c39e2787c2e0%3A1%3A1; m5a4xojbcp2nx3gptmm633qal3gzmadn=equipmentselfemployed.com
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
date: Fri, 16 May 2025 22:57:52 GMT
content-type: text/html
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=FJl%2BpwAYH57er6LR%2BqXLTRt4LCi2%2F9%2BGWf8KosYJMUVU6SSy91MuX5iVGk0SbMb73Fy6p7JeqBOtgLUFQD%2FpHK5keOiti4wJ40I54xozsZ%2F9"}]}
cache-control: max-age=31536000
cf-cache-status: HIT
content-encoding: br
cf-ray: 940e79ff3b88569b-OSL
X-Firefox-Spdy: h2

wipehumorousbeen.com/bbaf4058207091c9f7de97ab67b8b62f/invoke.js

172.240.253.132

200 OK

26 kB

URL GET
wipehumorousbeen.com/bbaf4058207091c9f7de97ab67b8b62f/invoke.js
IP
172.240.253.132:443
ASN
#7979 SERVERS-COM

Requested by
https://blog.zeroupload.com/
Certificate
IssuerLet's Encrypt
Subject*.wipehumorousbeen.com
Fingerprint01:2B:27:C3:52:5C:7C:53:37:8F:50:26:F5:A7:4F:A5:2F:39:5F:FC
ValidityFri, 28 Mar 2025 22:27:20 GMT - Thu, 26 Jun 2025 22:27:19 GMT

File type
JavaScript source, ASCII text, with very long lines (26422), with no line terminators
Size
26 kB (26422 bytes)
Hash
f7c76f5259fc61a10a0a0890f58ea1c1
7686b52244f45e05d1ca7df075ef3a19c8894b21
7a8a15150fe6b747c1f2065c6d0a0640b3d4e642cfc7b134e519b16f6224182e

HTTP Headers

GET /bbaf4058207091c9f7de97ab67b8b62f/invoke.js HTTP/1.1
Host: wipehumorousbeen.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://blog.zeroupload.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 16 May 2025 22:57:51 GMT
Content-Type: application/javascript
Content-Length: 11080
Connection: keep-alive
content-encoding: gzip
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
accept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
x-envoy-upstream-service-time: 7
Host: wipehumorousbeen.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: bb62739c703380752c1a1a70da8e6cf8
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

experttrafficcounter.com/stats

52.59.33.6

200 OK

40 B

URL GET
experttrafficcounter.com/stats
IP
52.59.33.6:443
ASN
#16509 AMAZON-02

Requested by
https://blog.zeroupload.com/
Certificate
IssuerAmazon
Subjectexperttrafficcounter.com
FingerprintCE:93:F6:82:20:C2:20:51:6E:53:85:EC:03:9C:48:F0:13:0B:67:D7
ValidityTue, 29 Apr 2025 00:00:00 GMT - Thu, 28 May 2026 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
53f69abb3736622b8d9945d41670ea1e
cf7ddb85539dd6bb927756fe1246d93416e83874
73bc1e809c811a097bb818e6b331e1751edf298019bdf216505d673dc54f7db1

HTTP Headers

GET /stats HTTP/1.1
Host: experttrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://blog.zeroupload.com
DNT: 1
Connection: keep-alive
Referer: https://blog.zeroupload.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 16 May 2025 22:57:51 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://blog.zeroupload.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=5ba05410-3a30-4879-b44f-c39e2787c2e0:1:1; expires=Mon, 14 May 2035 22:57:51 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

shotgunchancecruel.com/watch.832970545415.js?key=5e7680d4e20a2b8fe1ea5d23b257ce3f&kw=%5B%22about%22%2C%22us%22%5D&refer=https%3A%2F%2Fblog.zeroupload.com%2F&tz=0&dev=e&res=14.3095&rb=&uuid=9615bc9d-55ed-4423-922e-f64d275d4f7c%3A1%3A1

192.243.59.20

307 Temporary Redirect

0 B

URL GET
shotgunchancecruel.com/watch.832970545415.js?key=5e7680d4e20a2b8fe1ea5d23b257ce3f&kw=%5B%22about%22%2C%22us%22%5D&refer=https%3A%2F%2Fblog.zeroupload.com%2F&tz=0&dev=e&res=14.3095&rb=&uuid=9615bc9d-55ed-4423-922e-f64d275d4f7c%3A1%3A1
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://blog.zeroupload.com/
Certificate
IssuerLet's Encrypt
Subjectshotgunchancecruel.com
Fingerprint57:F1:91:12:31:BB:80:19:FF:41:09:D0:8D:7B:40:3F:77:DF:B2:B3
ValiditySun, 20 Apr 2025 02:16:11 GMT - Sat, 19 Jul 2025 02:16:10 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.832970545415.js?key=5e7680d4e20a2b8fe1ea5d23b257ce3f&kw=%5B%22about%22%2C%22us%22%5D&refer=https%3A%2F%2Fblog.zeroupload.com%2F&tz=0&dev=e&res=14.3095&rb=&uuid=9615bc9d-55ed-4423-922e-f64d275d4f7c%3A1%3A1 HTTP/1.1
Host: shotgunchancecruel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://blog.zeroupload.com
DNT: 1
Connection: keep-alive
Referer: https://blog.zeroupload.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Fri, 16 May 2025 22:57:52 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://blog.zeroupload.com
Access-Control-Allow-Origin: https://blog.zeroupload.com
Access-Control-Allow-Credentials: true
Location: https://shotgunchancecruel.com/watch.832970545415.js?dev=e&key=5e7680d4e20a2b8fe1ea5d23b257ce3f&kw=%5B%22about%22%2C%22us%22%5D&pst=1747436332&rb=&refer=https%3A%2F%2Fblog.zeroupload.com%2F&res=14.3095&rmtc=t&shu=3a1ed0911d91ef8054d1ad0e6b2aeada833ee3b7f06a33e66052db352836aae04df8a371cbeb0903b4ac30884a559ab7bc5fc1339cde16b03f6e709c363b7d534b189939db59c8e740c8f39eccb14c39fd826a7ef80897ba9a710e&tz=0&uuid=9615bc9d-55ed-4423-922e-f64d275d4f7c%3A1%3A1
Set-Cookie: ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjk0NTA2MiwiayI6IjVlNzY4MGQ0ZTIwYTJiOGZlMWVhNWQyM2IyNTdjZTNmIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNzUzNjEyLCJwaWQiOjE3OTMzMTAsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjEsImFpZCI6NSwicHQiOjQsInBrIjoiYzY0NDBmcmoiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6MjY2NTYxMTE1LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTM2OTI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEzNC4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vYmxvZy56ZXJvdXBsb2FkLmNvbS8iLCJhciI6W119fQ.n3bGthOnhSmd-aHMVayNhtX5NduMfg7ynIma4GlNpmM; expires=Fri, 16 May 2025 22:58:52 GMT; path=/; secure; SameSite=None
Host: shotgunchancecruel.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 3cf90e76df52757a4d28bbf889f9392f
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

invadedisheartentrail.com/watch.1414219997207.js?dev=e&key=bbaf4058207091c9f7de97ab67b8b62f&kw=%5B%22about%22%2C%22us%22%5D&pst=1747436332&rb=&refer=https%3A%2F%2Fblog.zeroupload.com%2F&res=14.3095&rmtc=t&shu=bab54d5b469758516363fc5d914e7484f03ff9a8c6bd8026a20c7f6d820f6c7557d3ba2cbc2f7241b1272501137d0ebedb7e16204597f7123050817bfe39590ce3fdbd00c6b96d6e6080feefb9bc93b0c1a2bb24362f811f8bd3d6&tz=0&uuid=f1806c95-800b-4ba2-9712-8477372ec27e%3A2%3A1

192.243.59.20

200 OK

0 B

URL GET
invadedisheartentrail.com/watch.1414219997207.js?dev=e&key=bbaf4058207091c9f7de97ab67b8b62f&kw=%5B%22about%22%2C%22us%22%5D&pst=1747436332&rb=&refer=https%3A%2F%2Fblog.zeroupload.com%2F&res=14.3095&rmtc=t&shu=bab54d5b469758516363fc5d914e7484f03ff9a8c6bd8026a20c7f6d820f6c7557d3ba2cbc2f7241b1272501137d0ebedb7e16204597f7123050817bfe39590ce3fdbd00c6b96d6e6080feefb9bc93b0c1a2bb24362f811f8bd3d6&tz=0&uuid=f1806c95-800b-4ba2-9712-8477372ec27e%3A2%3A1
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://blog.zeroupload.com/
Certificate
IssuerLet's Encrypt
Subjectinvadedisheartentrail.com
Fingerprint95:61:8E:B5:87:C3:51:FF:61:D7:15:A0:D3:84:2F:F7:62:3D:AF:A5
ValidityTue, 29 Apr 2025 21:47:10 GMT - Mon, 28 Jul 2025 21:47:09 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1414219997207.js?dev=e&key=bbaf4058207091c9f7de97ab67b8b62f&kw=%5B%22about%22%2C%22us%22%5D&pst=1747436332&rb=&refer=https%3A%2F%2Fblog.zeroupload.com%2F&res=14.3095&rmtc=t&shu=bab54d5b469758516363fc5d914e7484f03ff9a8c6bd8026a20c7f6d820f6c7557d3ba2cbc2f7241b1272501137d0ebedb7e16204597f7123050817bfe39590ce3fdbd00c6b96d6e6080feefb9bc93b0c1a2bb24362f811f8bd3d6&tz=0&uuid=f1806c95-800b-4ba2-9712-8477372ec27e%3A2%3A1 HTTP/1.1
Host: invadedisheartentrail.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://blog.zeroupload.com
Referer: https://blog.zeroupload.com/
DNT: 1
Connection: keep-alive
Cookie: ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjk0NTEwMSwiayI6ImJiYWY0MDU4MjA3MDkxYzlmN2RlOTdhYjY3YjhiNjJmIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNzUzNjEyLCJwaWQiOjE3OTMzMTAsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjEsImFpZCI6MjMsInB0Ijo0LCJwayI6InFlMm4xcGgxIiwiY3BrcyI6eyIyOCI6IjliNDdlZjg0MjI3YjY1YjkwZDAzOGQyNGY1M2FlYTg3In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9ibG9nLnplcm91cGxvYWQuY29tLyIsImFyIjpbXX19.6DDHjpllE9hdAJR9v_40e871OUjr2gf_2B_HAiDlErc
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 16 May 2025 22:57:52 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://blog.zeroupload.com
Access-Control-Allow-Origin: https://blog.zeroupload.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=f1806c95-800b-4ba2-9712-8477372ec27e:2:1; expires=Fri, 23 May 2025 22:57:52 GMT; path=/; secure; SameSite=None
Host: invadedisheartentrail.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 5743826f74f94f7e49abb402fb92abb6
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (17)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML