code.jquery.com/jquery-3.6.0.min.js
200 OK 31 kB URL GET HTTP/2 code.jquery.com/jquery-3.6.0.min.js
IP
Requested by https://cloudswindfreshj.xyz/
Certificate IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT
File type ASCII text, with very long lines (65447)
Hash 8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cloudswindfreshj.xyz
DNT: 1
Connection: keep-alive
Referer: https://cloudswindfreshj.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 04 Dec 2023 04:27:36 GMT
age: 1061439
x-served-by: cache-lga21931-LGA, cache-bma1649-BMA
x-cache: HIT, HIT
x-cache-hits: 14, 283014
x-timer: S1701664056.486420,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/@mdi/font@6.x/css/materialdesignicons.min.css
200 OK 53 kB URL GET HTTP/2 cdn.jsdelivr.net/npm/@mdi/font@6.x/css/materialdesignicons.min.css
IP
Requested by https://cloudswindfreshj.xyz/
Certificate IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Hash dc663f2307f9ab02cf06ab357efa7845
d43eb079acc592caee325ab01694641459c82853
29e461b3a66dfb905a602e4c0ea68a1e541100deee2cb8f385f15607f162f914
GET /npm/@mdi/font@6.x/css/materialdesignicons.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cloudswindfreshj.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 6.9.96
x-jsd-version-type: version
etag: W/"4f282-1D6weazFksruMlqwFpRkFFnIKFM"
content-encoding: br
accept-ranges: bytes
date: Mon, 04 Dec 2023 04:27:36 GMT
age: 14341
x-served-by: cache-fra-etou8220087-FRA, cache-bma1640-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 52730
X-Firefox-Spdy: h2
cloudswindfreshj.xyz/images/logo-footer-new.png
200 OK 2.5 kB URL GET HTTP/3 cloudswindfreshj.xyz/images/logo-footer-new.png
IP
Requested by https://cloudswindfreshj.xyz/
Certificate IssuerLet's Encrypt
Subjectcloudswindfreshj.xyz
FingerprintDA:4F:11:81:1D:BF:8C:77:0A:04:16:AA:B5:E6:84:30:CF:BF:EE:B2
ValidityMon, 06 Nov 2023 11:06:57 GMT - Sun, 04 Feb 2024 11:06:56 GMT
File type PNG image data, 99 x 99, 8-bit/color RGBA, non-interlaced\012- data
Hash 098fd59eb3395c2779a2c74dbe74d2be
3a64dca657ec988e3a23e53620004e0c80ff609d
81a20eaa7c576e4012a425b4b142eddf5f23e5afa223a132cde47b8624ccd0f6
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /images/logo-footer-new.png HTTP/1.1
Host: cloudswindfreshj.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cloudswindfreshj.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 04 Dec 2023 04:27:36 GMT
content-type: image/png
content-length: 2532
etag: "098fd59eb3395c2779a2c74dbe74d2be"
last-modified: Tue, 19 Sep 2023 08:46:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Origin, Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gtUoboUnHjCPdgKFj3aseqD5c6bNHKVL830tNgrsROaQ%2BpV4vpxhkigobPA00bIZjTwyzhk2S7oCoFHEo0De9DTO%2Fld2WT53h6a0kq%2BGepgl71YfI%2FpMqAurAlwIA8%2B0qHOvt38kIQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 83014c40bfd4569b-OSL
alt-svc: h3=":443"; ma=86400
200 OK 5.1 kB URL User Request GET HTTP/2 IP
Certificate IssuerLet's Encrypt
Subjectcloudswindfreshj.xyz
FingerprintDA:4F:11:81:1D:BF:8C:77:0A:04:16:AA:B5:E6:84:30:CF:BF:EE:B2
ValidityMon, 06 Nov 2023 11:06:57 GMT - Sun, 04 Feb 2024 11:06:56 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1100)
Hash 58fee6f8e606b01d7136bc7718d19662
ac1984f469eaee144d27853bf2c88255db3736c2
c2e261a4352ed390fc272fe4b8604bdb85eca1590c6c53dacf3489636516ffd0
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET / HTTP/1.1
Host: cloudswindfreshj.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 04:27:36 GMT
content-type: text/html; charset=utf-8
last-modified: Tue, 19 Sep 2023 08:46:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Origin, Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dzOsM%2BK6gD1k7%2BLTwdCmHz2YFjRPj%2FzhM64bfdePf7R22y%2Fm7Ii6a7qLZUuIoSXoIndgTAypbrXrohiS9OJVdpruusbCp4HCc%2B3Jctgqi3cSTWOt%2BV2exW16aew2lGDNUisZMXUS3Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 83014c3b9afb568a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
cloudswindfreshj.xyz/images/poster-1.jpg
200 OK 53 kB URL GET HTTP/3 cloudswindfreshj.xyz/images/poster-1.jpg
IP
Requested by https://cloudswindfreshj.xyz/
Certificate IssuerLet's Encrypt
Subjectcloudswindfreshj.xyz
FingerprintDA:4F:11:81:1D:BF:8C:77:0A:04:16:AA:B5:E6:84:30:CF:BF:EE:B2
ValidityMon, 06 Nov 2023 11:06:57 GMT - Sun, 04 Feb 2024 11:06:56 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 907x512, components 3\012- data
Hash 233de6f91fd1421f7aa551023aeb5974
cdfe5529ce3bbc92f482d09fddabbae0bf11958d
510263eb3fd8f8a27ab15da787d2114e96adca663c4da215641ea975220e7983
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /images/poster-1.jpg HTTP/1.1
Host: cloudswindfreshj.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cloudswindfreshj.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 04 Dec 2023 04:27:36 GMT
content-type: image/jpeg
content-length: 52725
etag: "233de6f91fd1421f7aa551023aeb5974"
last-modified: Tue, 19 Sep 2023 08:46:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Origin, Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rWa%2BR6Y06tjzRw98kSnvuaJIwAr28Rq5M4hqZZzXtb3NCed0Kyw%2FKfVTUScbciqhi9MfoftPdDCzuZen%2FOvSsDHCs8fUiI5MX3nbsWyOuXuya2Ti4e2k8%2BhyeEdgEqAGHzlAptK89Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 83014c40bfd3569b-OSL
alt-svc: h3=":443"; ma=86400
cloudswindfreshj.xyz/images/1599482537header.png
200 OK 4.1 kB URL GET HTTP/3 cloudswindfreshj.xyz/images/1599482537header.png
IP
Requested by https://cloudswindfreshj.xyz/
Certificate IssuerLet's Encrypt
Subjectcloudswindfreshj.xyz
FingerprintDA:4F:11:81:1D:BF:8C:77:0A:04:16:AA:B5:E6:84:30:CF:BF:EE:B2
ValidityMon, 06 Nov 2023 11:06:57 GMT - Sun, 04 Feb 2024 11:06:56 GMT
File type PNG image data, 1210 x 91, 8-bit/color RGBA, non-interlaced\012- data
Hash c5c539af814a34471d3ae4812e5c980c
176b66743a154bee800affdf69eefdb714f96a5f
64cf2714b95699a7308e586a0873b1b38b7145c502090b0102562622af215cf6
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /images/1599482537header.png HTTP/1.1
Host: cloudswindfreshj.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cloudswindfreshj.xyz/css/css_custom.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 04 Dec 2023 04:27:37 GMT
content-type: image/png
content-length: 4098
etag: "c5c539af814a34471d3ae4812e5c980c"
last-modified: Tue, 19 Sep 2023 08:46:08 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Origin, Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ARZof6T7of0VTNEryy5v6AlkQ4ns3j8i5XAdg0buSLjcXPWt3y0jiX4P4QajxjIKe2RQBtqQ8WkMIkpeHExe%2BjcZGaDjUMdNlstCuDwMzi6kAV1JGJLi14y8yCchukyOS1d3WGSSzw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 83014c45d9b1569b-OSL
alt-svc: h3=":443"; ma=86400
fonts.googleapis.com/css2?family=Inter:wght@400;500;700&display=swap
200 OK 36 kB URL GET HTTP/3 fonts.googleapis.com/css2?family=Inter:wght@400;500;700&display=swap
IP
Requested by https://cloudswindfreshj.xyz/
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type gzip compressed data, max compression\012- data
Hash 243568538dea02294691571c2ffeab32
f6a0720148d24cf9ecf129740ffd3425087ef34c
15b15cad86b6e3ef35c721df512018cfe4ad3fb7c2ca6c8fd23192fb7b94a528
GET /css2?family=Inter:wght@400;500;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cloudswindfreshj.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 04 Dec 2023 04:27:37 GMT
date: Mon, 04 Dec 2023 04:27:37 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cloudswindfreshj.xyz/images/1599482537-foot.png
200 OK 4.7 kB URL GET HTTP/3 cloudswindfreshj.xyz/images/1599482537-foot.png
IP
Requested by https://cloudswindfreshj.xyz/
Certificate IssuerLet's Encrypt
Subjectcloudswindfreshj.xyz
FingerprintDA:4F:11:81:1D:BF:8C:77:0A:04:16:AA:B5:E6:84:30:CF:BF:EE:B2
ValidityMon, 06 Nov 2023 11:06:57 GMT - Sun, 04 Feb 2024 11:06:56 GMT
File type PNG image data, 198 x 157, 8-bit/color RGBA, non-interlaced\012- data
Hash f4b0aa3fdbf45b6a763bc7d713472fc3
969376d2968835c57fb0675a1d4b36f16b01ca1f
4d2ab0d86a43eef555dbf56249130e777f3647017b5a7328a6f5868810a49a3b
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /images/1599482537-foot.png HTTP/1.1
Host: cloudswindfreshj.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cloudswindfreshj.xyz/css/css_custom.css
Cookie: tr_uuid=d03b239f-57ee-4ba1-83ab-d5c7875286bf
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 04 Dec 2023 04:27:37 GMT
content-type: image/png
content-length: 4674
etag: "f4b0aa3fdbf45b6a763bc7d713472fc3"
last-modified: Tue, 19 Sep 2023 08:46:08 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Origin, Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pO%2BL%2FeZwu6SkcyxAhBzeBz9Q%2BZr05jHM0Zd6zLIHGMOVQnkUSoO73UpN0W7zk3o%2FDVsVUig50oXr%2FvD4b5xGIzbW4r6ZMcHXpyqfteT04KmFVisDruD7uPSOvDnlXFGjzNiFRM1VoA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 83014c4679e5569b-OSL
alt-svc: h3=":443"; ma=86400
cloudswindfreshj.xyz/images/1599482537-arrow.png
200 OK 1.5 kB URL GET HTTP/3 cloudswindfreshj.xyz/images/1599482537-arrow.png
IP
Requested by https://cloudswindfreshj.xyz/
Certificate IssuerLet's Encrypt
Subjectcloudswindfreshj.xyz
FingerprintDA:4F:11:81:1D:BF:8C:77:0A:04:16:AA:B5:E6:84:30:CF:BF:EE:B2
ValidityMon, 06 Nov 2023 11:06:57 GMT - Sun, 04 Feb 2024 11:06:56 GMT
File type PNG image data, 46 x 29, 8-bit/color RGBA, non-interlaced\012- data
Hash 6e4d38943272674329798c37e80f736b
ecf59c4bcde0d79c111c87c5971dfad099013667
6304a6b4945b260f9ed327ba4b4c7da3f40792acd3849499fe92286e82370654
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /images/1599482537-arrow.png HTTP/1.1
Host: cloudswindfreshj.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cloudswindfreshj.xyz/css/css_custom.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 04 Dec 2023 04:27:37 GMT
content-type: image/png
content-length: 1479
etag: "6e4d38943272674329798c37e80f736b"
last-modified: Tue, 19 Sep 2023 08:46:08 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Origin, Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B1MRD0S14%2F%2FPjzv1iB0GFeE18xqDnTeGiEH4hCRJKh1W8hT3nnuIIxo0BhWbZxO0hbbmAVQ%2BqfsrBDTdwauO1STQ3ZBo9D1d3RWBSymO3SOOFzOLQs0OAv2Sq2c9u6xXDzcXNRDQDQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 83014c45e9b7569b-OSL
alt-svc: h3=":443"; ma=86400
cloudswindfreshj.xyz/images/overone.jpg
200 OK 1.0 MB URL GET HTTP/3 cloudswindfreshj.xyz/images/overone.jpg
IP
Requested by https://cloudswindfreshj.xyz/
Certificate IssuerLet's Encrypt
Subjectcloudswindfreshj.xyz
FingerprintDA:4F:11:81:1D:BF:8C:77:0A:04:16:AA:B5:E6:84:30:CF:BF:EE:B2
ValidityMon, 06 Nov 2023 11:06:57 GMT - Sun, 04 Feb 2024 11:06:56 GMT
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC 2019 (Windows), datetime=2021:07:26 22:26:13], progressive, precision 8, 1920x888, components 3\012- data
Size 1.0 MB (1029376 bytes)
Hash 60a8df8a62f4234703af2c990f1e5e64
e6dfa9138ef35bb0b6195612e58e98d22c0f3fb0
155a3ba0fedb946a824e6bcb0c69daf885934a3029d71acaf0d67f8be6fd2975
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /images/overone.jpg HTTP/1.1
Host: cloudswindfreshj.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cloudswindfreshj.xyz/css/css_custom.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 04 Dec 2023 04:27:38 GMT
content-type: image/jpeg
content-length: 1029376
etag: "60a8df8a62f4234703af2c990f1e5e64"
last-modified: Tue, 19 Sep 2023 08:46:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Origin, Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0VtBVYJRWGtMDV1Mjqf5k26CSCtP1afaqoZnpvDREuJFnjvxRyKKmPpiXCNCKqr%2Be3ziepnBoAKxpAj62WRcLQ3tiRp9K5qq5j3HMz38wVOlxleTWD3xevBtWbhGT2KD6V9e4Vz%2BsQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 83014c45d9b5569b-OSL
alt-svc: h3=":443"; ma=86400
cloudswindfreshj.xyz/cdn-cgi/challenge-platform/scripts/jsd/main.js
302 Found 7.4 kB URL GET HTTP/3 cloudswindfreshj.xyz/cdn-cgi/challenge-platform/scripts/jsd/main.js
IP
Requested by https://cloudswindfreshj.xyz/
Certificate IssuerLet's Encrypt
Subjectcloudswindfreshj.xyz
FingerprintDA:4F:11:81:1D:BF:8C:77:0A:04:16:AA:B5:E6:84:30:CF:BF:EE:B2
ValidityMon, 06 Nov 2023 11:06:57 GMT - Sun, 04 Feb 2024 11:06:56 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: cloudswindfreshj.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: tr_uuid=d03b239f-57ee-4ba1-83ab-d5c7875286bf
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 302 Found
date: Mon, 04 Dec 2023 04:27:37 GMT
cache-control: max-age=300, public
access-control-allow-origin: *
vary: accept-encoding
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rXkn5Cuig9dZ8kweaZvNWDbdDBtka32YdzXQMNjV0y44tfeJUOB0v3na1uNApuxvydl%2F%2BhkXIsFEzQHDiy%2BtgbbaS8nONjorSJw3683eCdnbcS5xnX9lu5w%2F9F6LMjpF9h%2BYiPZzVA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 83014c473a2d569b-OSL
alt-svc: h3=":443"; ma=86400
cloudswindfreshj.xyz/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js
200 OK 7.4 kB URL GET HTTP/3 cloudswindfreshj.xyz/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js
IP
Requested by https://cloudswindfreshj.xyz/
Certificate IssuerLet's Encrypt
Subjectcloudswindfreshj.xyz
FingerprintDA:4F:11:81:1D:BF:8C:77:0A:04:16:AA:B5:E6:84:30:CF:BF:EE:B2
ValidityMon, 06 Nov 2023 11:06:57 GMT - Sun, 04 Feb 2024 11:06:56 GMT
File type ASCII text, with very long lines (7350), with no line terminators
Hash fc2a21098e314ac00cff71870e9f1763
712021ecd58e482b3d1b71e0fa7520c35c5b611b
2f47f6ed57dd103916e7ab9aefdd73abc79177f2f36ff131b7cfeca96bd455c6
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js HTTP/1.1
Host: cloudswindfreshj.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: tr_uuid=d03b239f-57ee-4ba1-83ab-d5c7875286bf
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 04 Dec 2023 04:27:37 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
x-content-type-options: nosniff
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ma5CKvAdSKfzRCdLlhUeCpgui4V7tiJ9BwvarRN5zlKhDKc1AzrWW3V8XmeREjfNQbNeEWoPJVpMa6m3rs478j6myRT0SS72ssaG3YBHz4maLGT7YUhCn4%2By5y1C46enjgQs5w2ieA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 83014c474a36569b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
cloudswindfreshj.xyz/images/logo-new.png
200 OK 2.9 kB URL GET HTTP/3 cloudswindfreshj.xyz/images/logo-new.png
IP
Requested by https://cloudswindfreshj.xyz/
Certificate IssuerLet's Encrypt
Subjectcloudswindfreshj.xyz
FingerprintDA:4F:11:81:1D:BF:8C:77:0A:04:16:AA:B5:E6:84:30:CF:BF:EE:B2
ValidityMon, 06 Nov 2023 11:06:57 GMT - Sun, 04 Feb 2024 11:06:56 GMT
File type PNG image data, 257 x 50, 8-bit/color RGBA, non-interlaced\012- data
Hash d19a967796b8548c95ddd22a66a93945
8a7c89db0565bed1e432c0eec40e6c8745c8d63f
95615897029f4e33be8c4338fa577b49461ca9281376cc37671032ad3e07c958
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /images/logo-new.png HTTP/1.1
Host: cloudswindfreshj.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cloudswindfreshj.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 04 Dec 2023 04:27:36 GMT
content-type: image/png
content-length: 2879
etag: "d19a967796b8548c95ddd22a66a93945"
last-modified: Tue, 19 Sep 2023 08:46:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Origin, Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZkJsbnUWAW0s4pKC97yg238BFGlGyrlG7zk%2B7nW%2BMo%2Fp%2FppMx5D%2B4SU9mwUZ5BaclbUO7zAiE5kykWacDndccw2R9inTil33oTiRs1i2Rzhv3TSrr%2FwthEfNBWWB%2FfGrYfy9YT2Pwg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 83014c40bfd2569b-OSL
alt-svc: h3=":443"; ma=86400
cloudswindfreshj.xyz/favicon.ico
200 OK 362 B URL GET HTTP/3 cloudswindfreshj.xyz/favicon.ico
IP
Requested by https://cloudswindfreshj.xyz/
Certificate IssuerLet's Encrypt
Subjectcloudswindfreshj.xyz
FingerprintDA:4F:11:81:1D:BF:8C:77:0A:04:16:AA:B5:E6:84:30:CF:BF:EE:B2
ValidityMon, 06 Nov 2023 11:06:57 GMT - Sun, 04 Feb 2024 11:06:56 GMT
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash 18a5cc6dd0355df99ce66d861df4f28f
ab28a221b1ebdf81003a6b322792bdd548b2a08d
f86884014f0c13c5d421b83c6b011b231a274c54cbd8e79cb4244166ccfa4e7e
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /favicon.ico HTTP/1.1
Host: cloudswindfreshj.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cloudswindfreshj.xyz/
Cookie: tr_uuid=d03b239f-57ee-4ba1-83ab-d5c7875286bf; cf_clearance=nkBsNRm3zybrJX2mo6HtNjzVO8eG5y._LFd2A_ebU2A-1701664057-0-1-730ca2d2.73a07051.5b213570-0.2.1701664057
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 04 Dec 2023 04:27:38 GMT
content-type: image/vnd.microsoft.icon
etag: W/"18a5cc6dd0355df99ce66d861df4f28f"
last-modified: Tue, 19 Sep 2023 08:46:08 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Origin, Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F8knEJYQZqmxWt213V%2F0q1UBWS%2BcveK0xEq%2BqK6FFtiiKMxEhgwTyvoOvTkilZrPbYydwa9S1evj4zFIPkKx5%2BYIIQ09bBjhmE%2FA9VNs%2F1tqi8KBIy7SPQ36MPPufcE5crBDTgVDEw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 83014c4a6b0b569b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
cloudswindfreshj.xyz/css/app.css
200 OK 25 kB URL GET HTTP/3 cloudswindfreshj.xyz/css/app.css
IP
Requested by https://cloudswindfreshj.xyz/
Certificate IssuerLet's Encrypt
Subjectcloudswindfreshj.xyz
FingerprintDA:4F:11:81:1D:BF:8C:77:0A:04:16:AA:B5:E6:84:30:CF:BF:EE:B2
ValidityMon, 06 Nov 2023 11:06:57 GMT - Sun, 04 Feb 2024 11:06:56 GMT
Hash 3e10883098140da5dab910117be7b1e6
0079fefa53b2806fa19506628a1cba411eb528b0
1cef1dc91869def5b41e707eb9d6913f92f85698dda89cf4a25b95eb26b42ba3
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /css/app.css HTTP/1.1
Host: cloudswindfreshj.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cloudswindfreshj.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 04 Dec 2023 04:27:36 GMT
content-type: text/css; charset=utf-8
etag: W/"3e10883098140da5dab910117be7b1e6"
last-modified: Tue, 19 Sep 2023 08:46:08 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Origin, Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5cTWabWHnv4DN%2F3MzMb%2BMJjGnmWSSxWCYOXJuRlnbifmleEafXG87fcKJQAcXWzpafsg%2FmtjhUANpjD08RRf19A0f7EH%2B%2FiU8KvkUAAQniHTuqfG50BcnpSPqHMcIAMEGMubLPBSOA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 83014c40afc7569b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
cloudswindfreshj.xyz/css/all.css
200 OK 55 kB URL GET HTTP/3 cloudswindfreshj.xyz/css/all.css
IP
Requested by https://cloudswindfreshj.xyz/
Certificate IssuerLet's Encrypt
Subjectcloudswindfreshj.xyz
FingerprintDA:4F:11:81:1D:BF:8C:77:0A:04:16:AA:B5:E6:84:30:CF:BF:EE:B2
ValidityMon, 06 Nov 2023 11:06:57 GMT - Sun, 04 Feb 2024 11:06:56 GMT
File type ASCII text, with very long lines (54869)
Hash da1dc77fa83b1304fa4c891cf2c2be91
5550a6aefafde8147cb1c05f5c1d438f6fc9f1d2
0ac50fe0f38f942a09c62ded7b92d4cc76829190b781741423e6d0b4376b7d19
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /css/all.css HTTP/1.1
Host: cloudswindfreshj.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cloudswindfreshj.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 04 Dec 2023 04:27:36 GMT
content-type: text/css; charset=utf-8
etag: W/"da1dc77fa83b1304fa4c891cf2c2be91"
last-modified: Tue, 19 Sep 2023 08:46:08 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Origin, Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jmuxCXTGKjqT6yqnyQvImo0GmxUaO%2Fo2Ad5MeZiyK4ZbbN8dRbxIpOUHqyFDwmzdTe6wbi6n%2B6FCQ7439bfNJsxAaO4hIr4dbUbukhm834AGx%2FtH9WIFgYb6VPv47f1%2FLi%2Bbkt4PtQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 83014c40bfce569b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
fonts.googleapis.com/css?family=Roboto:100,300,400,500,700,900
200 OK 13 kB URL GET HTTP/2 fonts.googleapis.com/css?family=Roboto:100,300,400,500,700,900
IP
Requested by https://cloudswindfreshj.xyz/
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
Hash cab222f7a352cb95160ade2bbba39be2
e0e5635227481ab966c10c7bc8a015c6132dda53
d175185dc8199dc8531d2c25a84073ad93a7c605a921b0168ed6106a193d21ee
GET /css?family=Roboto:100,300,400,500,700,900 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cloudswindfreshj.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 04 Dec 2023 04:27:36 GMT
date: Mon, 04 Dec 2023 04:27:36 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cloudswindfreshj.xyz/regform/reg-form.min.js
200 OK 515 kB URL GET HTTP/3 cloudswindfreshj.xyz/regform/reg-form.min.js
IP
Requested by https://cloudswindfreshj.xyz/
Certificate IssuerLet's Encrypt
Subjectcloudswindfreshj.xyz
FingerprintDA:4F:11:81:1D:BF:8C:77:0A:04:16:AA:B5:E6:84:30:CF:BF:EE:B2
ValidityMon, 06 Nov 2023 11:06:57 GMT - Sun, 04 Feb 2024 11:06:56 GMT
Size 515 kB (515342 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /regform/reg-form.min.js HTTP/1.1
Host: cloudswindfreshj.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cloudswindfreshj.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 04 Dec 2023 04:27:36 GMT
content-type: application/javascript
last-modified: Thu, 30 Nov 2023 11:39:37 GMT
etag: W/"65687479-7dd0e"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FNHa6Jz3vecHa%2FX0yXRojQF3POWULWL9fOyWDq6QWJ3FOMLabToj8Zl8BiE4yFou%2BdnFxFG13XP8EttzWXS41Szyv9PHxAL9CwGvRuVeg%2Bt8WLmig3%2FQl1TQozPzZQ1RexH2XzANsg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 83014c40bfd0569b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
cloudswindfreshj.xyz/images/1599482537footer.png
200 OK 36 kB URL GET HTTP/3 cloudswindfreshj.xyz/images/1599482537footer.png
IP
Requested by https://cloudswindfreshj.xyz/
Certificate IssuerLet's Encrypt
Subjectcloudswindfreshj.xyz
FingerprintDA:4F:11:81:1D:BF:8C:77:0A:04:16:AA:B5:E6:84:30:CF:BF:EE:B2
ValidityMon, 06 Nov 2023 11:06:57 GMT - Sun, 04 Feb 2024 11:06:56 GMT
File type PNG image data, 1900 x 245, 8-bit/color RGBA, non-interlaced\012- data
Hash cee5581bc1eb4162f12025645f47118d
3831659318eb119400e2c8b50c3a8ed8803705f6
a0d9dbff94540d378ac3745c4fbac0c416ac053b063708b5e0ae15400716a83a
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /images/1599482537footer.png HTTP/1.1
Host: cloudswindfreshj.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cloudswindfreshj.xyz/css/css_custom.css
Cookie: tr_uuid=d03b239f-57ee-4ba1-83ab-d5c7875286bf
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 04 Dec 2023 04:27:37 GMT
content-type: image/png
content-length: 35724
etag: "cee5581bc1eb4162f12025645f47118d"
last-modified: Tue, 19 Sep 2023 08:46:08 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Origin, Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jyQ1aW2weMXLgx6RbuSEipsDCTDEZhv4z684J0RwZSIrriAXz6ZRuohbEixM7m7mGsIOtDmAxNw8e3DuaIGY5rsXLjd1b%2BOUmNC7h%2FGYYKJuizUZDmWJVzHrJ%2Bi0ry8l7%2F4%2FEqIyQg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 83014c4679e3569b-OSL
alt-svc: h3=":443"; ma=86400
cloudswindfreshj.xyz/video/49.mp4
206 Partial Content 2.0 MB URL GET HTTP/3 cloudswindfreshj.xyz/video/49.mp4
IP
Requested by https://cloudswindfreshj.xyz/
Certificate IssuerLet's Encrypt
Subjectcloudswindfreshj.xyz
FingerprintDA:4F:11:81:1D:BF:8C:77:0A:04:16:AA:B5:E6:84:30:CF:BF:EE:B2
ValidityMon, 06 Nov 2023 11:06:57 GMT - Sun, 04 Feb 2024 11:06:56 GMT
Size 2.0 MB (1996969 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /video/49.mp4 HTTP/1.1
Host: cloudswindfreshj.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://cloudswindfreshj.xyz/
Cookie: tr_uuid=d03b239f-57ee-4ba1-83ab-d5c7875286bf
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 206 Partial Content
date: Mon, 04 Dec 2023 04:27:37 GMT
content-type: video/mp4
content-length: 225622414
etag: "649970205a15f01fcc9c693e3fcc9f9b"
last-modified: Thu, 08 Jun 2023 12:55:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Origin, Accept-Encoding
x-amz-id-2: b50e14525c49a5ea77d9f033f4b9a1609e3c4226e8ba0db2b6faff8a325af964
x-amz-request-id: 179D86710E814BE4
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-cache-status: HIT
cache-control: max-age=14400
cf-cache-status: MISS
content-range: bytes 0-225622413/225622414
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a4IAWRLZHjiIau%2BnnvRLjy8wMpE%2BxZ2bWgIRHgDe%2Bgen3s9mRVn%2BL39F7qkzDCI9ZqxpWaWzCEiQt7t47zd%2FJgnuKMO220uvl8RSgr3UVwivvfBhwTAp8J5CVtad8dJ4dZmf3s2%2FrA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 83014c46ca00569b-OSL
alt-svc: h3=":443"; ma=86400
cloudswindfreshj.xyz/css/css_custom.css
200 OK 46 kB URL GET HTTP/3 cloudswindfreshj.xyz/css/css_custom.css
IP
Requested by https://cloudswindfreshj.xyz/
Certificate IssuerLet's Encrypt
Subjectcloudswindfreshj.xyz
FingerprintDA:4F:11:81:1D:BF:8C:77:0A:04:16:AA:B5:E6:84:30:CF:BF:EE:B2
ValidityMon, 06 Nov 2023 11:06:57 GMT - Sun, 04 Feb 2024 11:06:56 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /css/css_custom.css HTTP/1.1
Host: cloudswindfreshj.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cloudswindfreshj.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 04 Dec 2023 04:27:37 GMT
content-type: text/css; charset=utf-8
etag: W/"0d4b1dd9104821caa2bcbad405695a98"
last-modified: Tue, 19 Sep 2023 08:46:08 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Origin, Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i1lgrLcU5jyeeyccoS5ZpxhoBOFMJxOyPCmvFf97iMsyyl0GY8oaNP5527b1bxwj7lw0xHZNtc%2Bt0SZShmgEZirMMNfH9dQEZ8Xp%2BaVgM5n18Kz7iPt0FUT2eX54D9GwWV2WEZSbOA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 83014c40afcc569b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
fonts.googleapis.com/css?family=Open+Sans:300,400,600,700,900&subset=latin,cyrillic
200 OK 11 kB URL GET HTTP/2 fonts.googleapis.com/css?family=Open+Sans:300,400,600,700,900&subset=latin,cyrillic
IP
Requested by https://cloudswindfreshj.xyz/
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
Hash 913a405cc0fe7aff9fdf74a52e76d9b5
15e43177f3e5d516836ff707568651bc09b6319d
575bbbf8b2076fd27f1020084ed48b141c1045ad0165c4154643bc1ae0476a65
GET /css?family=Open+Sans:300,400,600,700,900&subset=latin,cyrillic HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cloudswindfreshj.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 04 Dec 2023 04:27:36 GMT
date: Mon, 04 Dec 2023 04:27:36 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cloudswindfreshj.xyz/geo.js
200 OK 418 B URL GET HTTP/3 cloudswindfreshj.xyz/geo.js
IP
Requested by https://cloudswindfreshj.xyz/
Certificate IssuerLet's Encrypt
Subjectcloudswindfreshj.xyz
FingerprintDA:4F:11:81:1D:BF:8C:77:0A:04:16:AA:B5:E6:84:30:CF:BF:EE:B2
ValidityMon, 06 Nov 2023 11:06:57 GMT - Sun, 04 Feb 2024 11:06:56 GMT
File type ASCII text, with very long lines (487), with no line terminators
Hash a5833224a06521d6d9aef9951e2f220d
4175d8db434cde753677d215fb16e7a994a8ee13
9b885d5c69a5af222034a7895d120c4414683988b7440015b1a506db057a6762
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /geo.js HTTP/1.1
Host: cloudswindfreshj.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cloudswindfreshj.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 04 Dec 2023 04:27:36 GMT
content-type: application/javascript
country_code: NO
country_name: Norway
city_name: Lorenskog
region_iso: 30
region_name: Viken
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q84B5DvXsEjVEIq5T47qX3eNyyg%2BnBtuoKXAAkRctwRK3Boxv55UHrxImCZwtXNbLjKIltbuHFeHm1mRc2Jlcr%2FRQFOhavAoBLOnMgjdlmFxbIiCw4LFPJQoymw0b8SUEA0qeuAa0g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 83014c40cfe3569b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
cloudswindfreshj.xyz/js/bootstrap.js
200 OK 41 kB URL GET HTTP/3 cloudswindfreshj.xyz/js/bootstrap.js
IP
Requested by https://cloudswindfreshj.xyz/
Certificate IssuerLet's Encrypt
Subjectcloudswindfreshj.xyz
FingerprintDA:4F:11:81:1D:BF:8C:77:0A:04:16:AA:B5:E6:84:30:CF:BF:EE:B2
ValidityMon, 06 Nov 2023 11:06:57 GMT - Sun, 04 Feb 2024 11:06:56 GMT
File type ASCII text, with very long lines (41032), with no line terminators
Hash 30fc5f0c973df94fda932f36a4cbc372
491715eabeac1c79b5f6f3ed9c3c1d599b894ea2
3f959d88727d64ae731699491ec0a17e0de889419ef0bba6fcc56176598e4532
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /js/bootstrap.js HTTP/1.1
Host: cloudswindfreshj.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cloudswindfreshj.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 04 Dec 2023 04:27:37 GMT
content-type: application/javascript; charset=utf-8
etag: W/"30fc5f0c973df94fda932f36a4cbc372"
last-modified: Tue, 19 Sep 2023 08:46:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Origin, Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ruI7gcppRinsI8smPOiiFQQ4b2ZtYXUnsiLZhjqhwxVnSUNWqn6GYFjOs07LFbAWycAAZQf8SYJdbblEBQl%2F3HxtjtUWiPuDsd1L%2BVyfIHvRBDSFsjhzBaBqBMILaXeDl8DZHkXMIA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 83014c40cfe5569b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
cloudswindfreshj.xyz/js/main.js
200 OK 418 B URL GET HTTP/3 cloudswindfreshj.xyz/js/main.js
IP
Requested by https://cloudswindfreshj.xyz/
Certificate IssuerLet's Encrypt
Subjectcloudswindfreshj.xyz
FingerprintDA:4F:11:81:1D:BF:8C:77:0A:04:16:AA:B5:E6:84:30:CF:BF:EE:B2
ValidityMon, 06 Nov 2023 11:06:57 GMT - Sun, 04 Feb 2024 11:06:56 GMT
File type ASCII text, with very long lines (430), with no line terminators
Hash 468195e9829411c4aeaa8c2d44567142
1584411987735a2550305abe62c5d44c3b9a8132
51f5487061f68fae3800eeb642d827b5f5c225f1e7c22794969b8f57e1012a33
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /js/main.js HTTP/1.1
Host: cloudswindfreshj.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cloudswindfreshj.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 04 Dec 2023 04:27:36 GMT
content-type: application/javascript; charset=utf-8
etag: W/"805fbd4297b7acfbb105a3d64fb6adeb"
last-modified: Tue, 19 Sep 2023 08:46:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Origin, Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SgIIZRHUwH%2Bzq4xpiN4%2BUssQEOkrk2Hkju%2B9uCmLJqaGFE2htL9K%2BbVF%2ByiTp2LkLwGV0EAZPLDEYUx95mFgB8TgQqdG2o2e3TT1w7S52tL1igaZw3Osm%2FLYCKHBFM9IdnphzxuUHA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 83014c40cfe6569b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
cloudswindfreshj.xyz/css/css.css
200 OK 230 kB URL GET HTTP/3 cloudswindfreshj.xyz/css/css.css
IP
Requested by https://cloudswindfreshj.xyz/
Certificate IssuerLet's Encrypt
Subjectcloudswindfreshj.xyz
FingerprintDA:4F:11:81:1D:BF:8C:77:0A:04:16:AA:B5:E6:84:30:CF:BF:EE:B2
ValidityMon, 06 Nov 2023 11:06:57 GMT - Sun, 04 Feb 2024 11:06:56 GMT
Size 230 kB (230156 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /css/css.css HTTP/1.1
Host: cloudswindfreshj.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cloudswindfreshj.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 04 Dec 2023 04:27:36 GMT
content-type: text/css; charset=utf-8
etag: W/"3cc6a3c54d338b17c9b832558ac782f1"
last-modified: Tue, 19 Sep 2023 08:46:08 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Origin, Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kUmZnjHxCIFI2w1pMpBf8CoGGM3Hyub%2B0P2yH5odUTNDWXQbwFjdjf8fORe807KhsEyIbr4fSzKpFKq0aDTONSa4tTN1ACxiU4U4xvXGlHKv8iwzy7UTFU6iXHJz%2BgsjwGNID6ZCIw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 83014c40afca569b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
cloudswindfreshj.xyz/cdn-cgi/challenge-platform/h/b/jsd/r/83014c3b9afb568a
200 OK 0 B URL POST HTTP/3 cloudswindfreshj.xyz/cdn-cgi/challenge-platform/h/b/jsd/r/83014c3b9afb568a
IP
Requested by https://cloudswindfreshj.xyz/
Certificate IssuerLet's Encrypt
Subjectcloudswindfreshj.xyz
FingerprintDA:4F:11:81:1D:BF:8C:77:0A:04:16:AA:B5:E6:84:30:CF:BF:EE:B2
ValidityMon, 06 Nov 2023 11:06:57 GMT - Sun, 04 Feb 2024 11:06:56 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /cdn-cgi/challenge-platform/h/b/jsd/r/83014c3b9afb568a HTTP/1.1
Host: cloudswindfreshj.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 12202
Origin: https://cloudswindfreshj.xyz
DNT: 1
Connection: keep-alive
Referer: https://cloudswindfreshj.xyz/
Cookie: tr_uuid=d03b239f-57ee-4ba1-83ab-d5c7875286bf
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 04 Dec 2023 04:27:37 GMT
content-type: text/plain; charset=UTF-8
set-cookie: cf_clearance=nkBsNRm3zybrJX2mo6HtNjzVO8eG5y._LFd2A_ebU2A-1701664057-0-1-730ca2d2.73a07051.5b213570-0.2.1701664057; path=/; expires=Tue, 03-Dec-24 04:27:37 GMT; domain=.cloudswindfreshj.xyz; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pjEEtOcJpQErDwvvB%2F3Fs9DRkkz3g%2BYwbPQCJNa4SZwW2oOXATAZmi0c28QNLnt8JgER1Fo2MZKLGZGmg%2FIb%2FXSdSAhAcxZJxFDJLI%2Btg1UK2bNgcKB8b5zo8cyIlfl0xa8GvjFo%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 83014c487a89569b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
172.67.141.198