Report - applabzzeydoo.com/?l=Ik3Z1hRmgbrHuHy&b=14556889&z=5332574&s=Rzf9h5cJmB35Y5svda8uyw&campid={campaignid}&var=&ymid=Rzf9h5cJmB35Y5svda8uyw&ymid=Rzf9h5cJmB35Y5svda8uyw

Report Overview

Visited public
2023-12-05 12:07:38
Tags
Submit Tags
URL
applabzzeydoo.com/?l=Ik3Z1hRmgbrHuHy&b=14556889&z=5332574&s=Rzf9h5cJmB35Y5svda8uyw&campid={campaignid}&var=&ymid=Rzf9h5cJmB35Y5svda8uyw&ymid=Rzf9h5cJmB35Y5svda8uyw
Finishing URL
applabzzeydoo.com/?l=Ik3Z1hRmgbrHuHy&b=14556889&z=5332574&s=Rzf9h5cJmB35Y5svda8uyw&campid={campaignid}&var=&ymid=Rzf9h5cJmB35Y5svda8uyw&ymid=Rzf9h5cJmB35Y5svda8uyw
IP / ASN
139.45.197.151
#9002 RETN Limited
Title
VPN is recommended.

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdntechone.com	64371	2021-12-24	2021-12-24 18:09:58	2023-12-03 19:41:05	415 B	20 kB	188.114.97.1
applabzzeydoo.com	unknown	2022-08-08	2022-08-11 14:46:20	2023-12-04 12:39:04	7.9 kB	142 kB	139.45.197.151
my.rtmark.net	9054	2014-10-29	2015-02-04 10:54:57	2023-12-05 05:52:37	991 B	1.5 kB	139.45.195.8
datatechone.com	unknown	2021-12-24	2015-06-17 15:52:19	2023-12-04 18:42:42	546 B	468 B	37.48.68.71
littlecdn.com	11785	2019-06-04	2019-06-04 12:44:02	2023-12-04 20:29:13	1.9 kB	36 kB	104.22.24.116

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-12-05	medium	applabzzeydoo.com	Sinkholed
2023-12-05	medium	applabzzeydoo.com	Sinkholed
2023-12-05	medium	datatechone.com	Sinkholed
2023-12-05	medium	applabzzeydoo.com	Sinkholed
2023-12-05	medium	applabzzeydoo.com	Sinkholed
2023-12-05	medium	applabzzeydoo.com	Sinkholed
2023-12-05	medium	applabzzeydoo.com	Sinkholed
2023-12-05	medium	applabzzeydoo.com	Sinkholed
2023-12-05	medium	applabzzeydoo.com	Sinkholed
2023-12-05	medium	applabzzeydoo.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (21)

	URL	From	Size	First Seen	Last Seen
	applabzzeydoo.com/pfe/current/micro.tag.min.js?uhd=1&z=4662763&ymid=&var=5332574&sw=/sw-check-permissions/4662763&var_3=14556889_&os_version=10.0	ScriptElement	27 kB	2023-11-02	2024-08-20
Pretty URL applabzzeydoo.com/pfe/current/micro.tag.min.js?uhd=1&z=4662763&ymid=&var=5332574&sw=/sw-check-permissions/4662763&var_3=14556889_&os_version=10.0 IP 139.45.197.151 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-02 09:44 Last Seen2024-08-20 21:23 Times Seen8998 Hash 5ccd2d5882a06f293d07510ac91c92e6 b44dc0eaa03981adb70d3313e728f9359c1d21c1 9fc2aa21f3a7bfe66783d35fdbb48147f73e72a41f87aea848f64a8cb4518eba Loading...

	littlecdn.com/apps/templates/constructor/constructor-app-lab-v1/build/js/main.js	ScriptElement	6.6 kB	2023-03-26	2024-12-15
Pretty URL littlecdn.com/apps/templates/constructor/constructor-app-lab-v1/build/js/main.js IP 104.22.24.116 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 09:18 Last Seen2024-12-15 05:44 Times Seen405 Hash dbde1e3d657732d8284a4699e001eaf3 13da1d26d9b4f02055a499f5aa016444e2c35403 220439eac7d24b4823dd71d57be38eeebc2efeac3a8a7dc74ee1bccc691b3fa0 Loading...

	cdntechone.com/stattag.js	ScriptElement	19 kB	2023-09-07	2024-08-21
Pretty URL cdntechone.com/stattag.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-07 10:30 Last Seen2024-08-21 07:21 Times Seen1442 Hash 8ec0c661780569e42736cfc20e4c69d7 0d857c9b9813975179cf323a344c934bcae598c6 38831e62c2e99f2f64b0352f13ef7daaa7c97e31dac314bb52caa89a6a7f58f5 Loading...

	applabzzeydoo.com/?l=Ik3Z1hRmgbrHuHy&b=14556889&z=5332574&s=Rzf9h5cJmB35Y5svda8uyw&campid={campaignid}&var=&ymid=Rzf9h5cJmB35Y5svda8uyw&ymid=Rzf9h5cJmB35Y5svda8uyw	ScriptElement	32 B	2023-03-13	2024-12-01
Pretty URL applabzzeydoo.com/?l=Ik3Z1hRmgbrHuHy&b=14556889&z=5332574&s=Rzf9h5cJmB35Y5svda8uyw&campid={campaignid}&var=&ymid=Rzf9h5cJmB35Y5svda8uyw&ymid=Rzf9h5cJmB35Y5svda8uyw IP 139.45.197.151 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-13 19:53 Last Seen2024-12-01 14:47 Times Seen738 Hash 4e5e8fb36d83dde24fb98e62a9779375 da75c65907e31036bfef95ac91601b3d748c1344 5c68e3331e69338f026762bb1b00dc710d7fe9c4eb0ae299d534010aa9ab33ab Loading...

	applabzzeydoo.com/?l=Ik3Z1hRmgbrHuHy&b=14556889&z=5332574&s=Rzf9h5cJmB35Y5svda8uyw&campid={campaignid}&var=&ymid=Rzf9h5cJmB35Y5svda8uyw&ymid=Rzf9h5cJmB35Y5svda8uyw	ScriptElement	679 B	2023-09-30	2024-08-21
Pretty URL applabzzeydoo.com/?l=Ik3Z1hRmgbrHuHy&b=14556889&z=5332574&s=Rzf9h5cJmB35Y5svda8uyw&campid={campaignid}&var=&ymid=Rzf9h5cJmB35Y5svda8uyw&ymid=Rzf9h5cJmB35Y5svda8uyw IP 139.45.197.151 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-30 06:56 Last Seen2024-08-21 05:28 Times Seen5057 Hash 81f2b3d0597f5fb3e59f0de7c72e56b0 f7fe43ee0344359c42a4501460b2d06dfcbeb46a 5fe54923fddbb41708ee1edb5375baafddf99ddca22cbb74e0350e498cbf4b3e Loading...

	applabzzeydoo.com/?l=Ik3Z1hRmgbrHuHy&b=14556889&z=5332574&s=Rzf9h5cJmB35Y5svda8uyw&campid={campaignid}&var=&ymid=Rzf9h5cJmB35Y5svda8uyw&ymid=Rzf9h5cJmB35Y5svda8uyw	ScriptElement	1.0 kB	2023-09-15	2025-01-21
Pretty URL applabzzeydoo.com/?l=Ik3Z1hRmgbrHuHy&b=14556889&z=5332574&s=Rzf9h5cJmB35Y5svda8uyw&campid={campaignid}&var=&ymid=Rzf9h5cJmB35Y5svda8uyw&ymid=Rzf9h5cJmB35Y5svda8uyw IP 139.45.197.151 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-15 06:48 Last Seen2025-01-21 11:42 Times Seen6367 Hash 1e000d88343060c761e3d7ae644a8732 98f67005a3b038378596137e93681310c394d980 cea17ebf90b967d519365b4f2c3a89f73e6b70003e81841d6b8696df4304210e Loading...

	applabzzeydoo.com/?l=Ik3Z1hRmgbrHuHy&b=14556889&z=5332574&s=Rzf9h5cJmB35Y5svda8uyw&campid={campaignid}&var=&ymid=Rzf9h5cJmB35Y5svda8uyw&ymid=Rzf9h5cJmB35Y5svda8uyw	ScriptElement	2.4 kB	2024-08-20	2024-08-20
Pretty URL applabzzeydoo.com/?l=Ik3Z1hRmgbrHuHy&b=14556889&z=5332574&s=Rzf9h5cJmB35Y5svda8uyw&campid={campaignid}&var=&ymid=Rzf9h5cJmB35Y5svda8uyw&ymid=Rzf9h5cJmB35Y5svda8uyw IP 139.45.197.151 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 16:42 Last Seen2024-08-20 16:42 Times Seen1 Hash 109690aeb622c9c0bb29350060591dcb 3d6e7e30ca0d31708d652c84df8d7fd175a50bd1 27d25395707b98daa544c132ba4acedede61a283d6dbabb8a4c8746359e5931c Loading...

	applabzzeydoo.com/?l=Ik3Z1hRmgbrHuHy&b=14556889&z=5332574&s=Rzf9h5cJmB35Y5svda8uyw&campid={campaignid}&var=&ymid=Rzf9h5cJmB35Y5svda8uyw&ymid=Rzf9h5cJmB35Y5svda8uyw	ScriptElement	2.0 kB	2024-08-20	2024-08-20
Pretty URL applabzzeydoo.com/?l=Ik3Z1hRmgbrHuHy&b=14556889&z=5332574&s=Rzf9h5cJmB35Y5svda8uyw&campid={campaignid}&var=&ymid=Rzf9h5cJmB35Y5svda8uyw&ymid=Rzf9h5cJmB35Y5svda8uyw IP 139.45.197.151 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 16:42 Last Seen2024-08-20 16:42 Times Seen1 Hash 8a9367eaafd3c726756c7528ae1d84d0 abff2e63337deefa68cb0ffa00a9987d5574ae6d 90321353f182ce7c78ac90c36bbcce67a5e7e19cf70ce866bfdab2b43543d873 Loading...

	applabzzeydoo.com/?l=Ik3Z1hRmgbrHuHy&b=14556889&z=5332574&s=Rzf9h5cJmB35Y5svda8uyw&campid={campaignid}&var=&ymid=Rzf9h5cJmB35Y5svda8uyw&ymid=Rzf9h5cJmB35Y5svda8uyw	ScriptElement	38 B	2023-03-13	2025-01-21
Pretty URL applabzzeydoo.com/?l=Ik3Z1hRmgbrHuHy&b=14556889&z=5332574&s=Rzf9h5cJmB35Y5svda8uyw&campid={campaignid}&var=&ymid=Rzf9h5cJmB35Y5svda8uyw&ymid=Rzf9h5cJmB35Y5svda8uyw IP 139.45.197.151 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-13 22:51 Last Seen2025-01-21 11:42 Times Seen5557 Hash 3ea1379d18e4ec6bccefeba76a1b33b4 90afb068cee6917494ddd820bcb2fe44de7e5e43 15c832dee58f1c08fb6bf51935a10f95cb0482d19441cefbb469a82278e54bae Loading...

	applabzzeydoo.com/?l=Ik3Z1hRmgbrHuHy&b=14556889&z=5332574&s=Rzf9h5cJmB35Y5svda8uyw&campid={campaignid}&var=&ymid=Rzf9h5cJmB35Y5svda8uyw&ymid=Rzf9h5cJmB35Y5svda8uyw	ScriptElement	11 kB	2024-08-20	2024-08-20
Pretty URL applabzzeydoo.com/?l=Ik3Z1hRmgbrHuHy&b=14556889&z=5332574&s=Rzf9h5cJmB35Y5svda8uyw&campid={campaignid}&var=&ymid=Rzf9h5cJmB35Y5svda8uyw&ymid=Rzf9h5cJmB35Y5svda8uyw IP 139.45.197.151 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 16:42 Last Seen2024-08-20 16:42 Times Seen1 Hash c22c22cd766e1b6854a1a1aaba901495 a8b37f5de07c0f1cabea7c5e1fd5ebc32346d5ca 2f28f8abbad56d59a8270997121ac4d24a9c22b7c39eb9d57e6e5d79dc112c07 Loading...

	applabzzeydoo.com/?l=Ik3Z1hRmgbrHuHy&b=14556889&z=5332574&s=Rzf9h5cJmB35Y5svda8uyw&campid={campaignid}&var=&ymid=Rzf9h5cJmB35Y5svda8uyw&ymid=Rzf9h5cJmB35Y5svda8uyw	ScriptElement	432 B	2023-08-15	2025-01-21
Pretty URL applabzzeydoo.com/?l=Ik3Z1hRmgbrHuHy&b=14556889&z=5332574&s=Rzf9h5cJmB35Y5svda8uyw&campid={campaignid}&var=&ymid=Rzf9h5cJmB35Y5svda8uyw&ymid=Rzf9h5cJmB35Y5svda8uyw IP 139.45.197.151 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-08-15 17:07 Last Seen2025-01-21 11:42 Times Seen6382 Hash a68df917a9d58006028bbbc7b6f30aa0 8412b7650e9351c4826eee83dc944ab8e7a5a660 003c5bfe078f1901b11f14e32f824a1696e54b3a72cd7462395986063f0cd571 Loading...

	applabzzeydoo.com/?l=Ik3Z1hRmgbrHuHy&b=14556889&z=5332574&s=Rzf9h5cJmB35Y5svda8uyw&campid={campaignid}&var=&ymid=Rzf9h5cJmB35Y5svda8uyw&ymid=Rzf9h5cJmB35Y5svda8uyw	ScriptElement	4.5 kB	2024-08-20	2024-08-20
Pretty URL applabzzeydoo.com/?l=Ik3Z1hRmgbrHuHy&b=14556889&z=5332574&s=Rzf9h5cJmB35Y5svda8uyw&campid={campaignid}&var=&ymid=Rzf9h5cJmB35Y5svda8uyw&ymid=Rzf9h5cJmB35Y5svda8uyw IP 139.45.197.151 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 16:42 Last Seen2024-08-20 16:42 Times Seen1 Hash a995664abd33bf70def1c7a62f33c629 ee98457a72e0befae7da37872e3c4773a3f59e80 96678fe9ce3fc1352156b0c84c4439a1648e73bbfdb8b79e9fc966afd59b4b82 Loading...

	applabzzeydoo.com/?l=Ik3Z1hRmgbrHuHy&b=14556889&z=5332574&s=Rzf9h5cJmB35Y5svda8uyw&campid={campaignid}&var=&ymid=Rzf9h5cJmB35Y5svda8uyw&ymid=Rzf9h5cJmB35Y5svda8uyw	ScriptElement	489 B	2023-03-07	2024-08-21
Pretty URL applabzzeydoo.com/?l=Ik3Z1hRmgbrHuHy&b=14556889&z=5332574&s=Rzf9h5cJmB35Y5svda8uyw&campid={campaignid}&var=&ymid=Rzf9h5cJmB35Y5svda8uyw&ymid=Rzf9h5cJmB35Y5svda8uyw IP 139.45.197.151 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:03 Last Seen2024-08-21 09:42 Times Seen4398 Hash b59d52e5c8c1c905dd20084f27bc5261 492b79822be8f2f1d46714e43274e2500de5c0c5 4795baeddefb045a60541029990e6da282eb7d0cb2f9d20da866382567029649 Loading...

	applabzzeydoo.com/?l=Ik3Z1hRmgbrHuHy&b=14556889&z=5332574&s=Rzf9h5cJmB35Y5svda8uyw&campid={campaignid}&var=&ymid=Rzf9h5cJmB35Y5svda8uyw&ymid=Rzf9h5cJmB35Y5svda8uyw	ScriptElement	27 B	2023-03-07	2025-01-21
Pretty URL applabzzeydoo.com/?l=Ik3Z1hRmgbrHuHy&b=14556889&z=5332574&s=Rzf9h5cJmB35Y5svda8uyw&campid={campaignid}&var=&ymid=Rzf9h5cJmB35Y5svda8uyw&ymid=Rzf9h5cJmB35Y5svda8uyw IP 139.45.197.151 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:27 Last Seen2025-01-21 11:42 Times Seen2810 Hash dcdca1271ff14fa2a37aac2fdd562ad7 6f8d97801b33f24f2a736c00e1bc5805d9fd5eb7 66d82b0643143d1e9fa6ec2c7e07af701b2b274bc4db74b60ee4dcf5862d229c Loading...

	applabzzeydoo.com/?l=Ik3Z1hRmgbrHuHy&b=14556889&z=5332574&s=Rzf9h5cJmB35Y5svda8uyw&campid={campaignid}&var=&ymid=Rzf9h5cJmB35Y5svda8uyw&ymid=Rzf9h5cJmB35Y5svda8uyw	ScriptElement	6.7 kB	2024-08-20	2024-08-20
Pretty URL applabzzeydoo.com/?l=Ik3Z1hRmgbrHuHy&b=14556889&z=5332574&s=Rzf9h5cJmB35Y5svda8uyw&campid={campaignid}&var=&ymid=Rzf9h5cJmB35Y5svda8uyw&ymid=Rzf9h5cJmB35Y5svda8uyw IP 139.45.197.151 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 16:42 Last Seen2024-08-20 16:42 Times Seen1 Hash 7fbdd43ed76dd3e39217f906681440a9 0df4603051d710aad601de2d0f0b71cfa1f46c5f 9f62fda342ddd60af16ebf6db88b27da9820190a845a7ae64ea3f1e724fb63c4 Loading...

	applabzzeydoo.com/?l=Ik3Z1hRmgbrHuHy&b=14556889&z=5332574&s=Rzf9h5cJmB35Y5svda8uyw&campid={campaignid}&var=&ymid=Rzf9h5cJmB35Y5svda8uyw&ymid=Rzf9h5cJmB35Y5svda8uyw	ScriptElement	3.6 kB	2024-08-20	2024-08-20
Pretty URL applabzzeydoo.com/?l=Ik3Z1hRmgbrHuHy&b=14556889&z=5332574&s=Rzf9h5cJmB35Y5svda8uyw&campid={campaignid}&var=&ymid=Rzf9h5cJmB35Y5svda8uyw&ymid=Rzf9h5cJmB35Y5svda8uyw IP 139.45.197.151 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 16:42 Last Seen2024-08-20 16:42 Times Seen1 Hash 39b2df238c4e6c51e84cf62e2b6cbdb7 d14bee79925ce7046d16798b190ec695347ade4e 99cf4e1b4e90eea241f73f3898c305296a7d6542e19d92fede87d12963527139 Loading...

	littlecdn.com/apps/templates/_assets/scripts/vanillaqr.min.js	ScriptElement	12 kB	2023-03-07	2024-12-15
Pretty URL littlecdn.com/apps/templates/_assets/scripts/vanillaqr.min.js IP 104.22.24.116 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:27 Last Seen2024-12-15 05:44 Times Seen405 Hash 52496515e5168e5cae52f68c2a08c160 f2f3d0ff9a721e527192a337646e64953e56da12 613928679e7493875c7503548e50e354341c8984b91cf28ba7e3317967022854 Loading...

	applabzzeydoo.com/?l=Ik3Z1hRmgbrHuHy&b=14556889&z=5332574&s=Rzf9h5cJmB35Y5svda8uyw&campid={campaignid}&var=&ymid=Rzf9h5cJmB35Y5svda8uyw&ymid=Rzf9h5cJmB35Y5svda8uyw	ScriptElement	4.0 kB	2024-08-20	2024-08-20
Pretty URL applabzzeydoo.com/?l=Ik3Z1hRmgbrHuHy&b=14556889&z=5332574&s=Rzf9h5cJmB35Y5svda8uyw&campid={campaignid}&var=&ymid=Rzf9h5cJmB35Y5svda8uyw&ymid=Rzf9h5cJmB35Y5svda8uyw IP 139.45.197.151 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 16:42 Last Seen2024-08-20 16:42 Times Seen1 Hash c736765972236cb7158f7b1946be5125 718b7060feb97e7d16cd0b01443a66399e94a496 8fc29b8090a55f978a821d3b5a355f317673f6daef7dd0af25cf79e03c12f5ce Loading...

	applabzzeydoo.com/?l=Ik3Z1hRmgbrHuHy&b=14556889&z=5332574&s=Rzf9h5cJmB35Y5svda8uyw&campid={campaignid}&var=&ymid=Rzf9h5cJmB35Y5svda8uyw&ymid=Rzf9h5cJmB35Y5svda8uyw	ScriptElement	2.9 kB	2024-08-20	2024-08-20
Pretty URL applabzzeydoo.com/?l=Ik3Z1hRmgbrHuHy&b=14556889&z=5332574&s=Rzf9h5cJmB35Y5svda8uyw&campid={campaignid}&var=&ymid=Rzf9h5cJmB35Y5svda8uyw&ymid=Rzf9h5cJmB35Y5svda8uyw IP 139.45.197.151 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 16:42 Last Seen2024-08-20 16:42 Times Seen1 Hash eceeddcd42316b5150e20961aa6b0441 8fe9c9521cfb59485a498f7c2db8ef145f16032e 08db1ac71c87a817bcf5091f1924c906a4c4a9a8291fb7d1e3e8c9743c3eb502 Loading...

	applabzzeydoo.com/?l=Ik3Z1hRmgbrHuHy&b=14556889&z=5332574&s=Rzf9h5cJmB35Y5svda8uyw&campid={campaignid}&var=&ymid=Rzf9h5cJmB35Y5svda8uyw&ymid=Rzf9h5cJmB35Y5svda8uyw	ScriptElement	3.0 kB	2024-08-20	2024-08-20
Pretty URL applabzzeydoo.com/?l=Ik3Z1hRmgbrHuHy&b=14556889&z=5332574&s=Rzf9h5cJmB35Y5svda8uyw&campid={campaignid}&var=&ymid=Rzf9h5cJmB35Y5svda8uyw&ymid=Rzf9h5cJmB35Y5svda8uyw IP 139.45.197.151 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 16:42 Last Seen2024-08-20 16:42 Times Seen1 Hash e386fad0e0819fdef3fed9146ece2c0b 24ffb842a701a099a2bee91313afca819365fb12 d0bbe6082eb35a0cfd82c7bf8728e25567f71f35981d9c88c4db8f1839c36887 Loading...

	applabzzeydoo.com/?l=Ik3Z1hRmgbrHuHy&b=14556889&z=5332574&s=Rzf9h5cJmB35Y5svda8uyw&campid={campaignid}&var=&ymid=Rzf9h5cJmB35Y5svda8uyw&ymid=Rzf9h5cJmB35Y5svda8uyw	ScriptElement	2.1 kB	2024-08-20	2024-08-20
Pretty URL applabzzeydoo.com/?l=Ik3Z1hRmgbrHuHy&b=14556889&z=5332574&s=Rzf9h5cJmB35Y5svda8uyw&campid={campaignid}&var=&ymid=Rzf9h5cJmB35Y5svda8uyw&ymid=Rzf9h5cJmB35Y5svda8uyw IP 139.45.197.151 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 16:42 Last Seen2024-08-20 16:42 Times Seen1 Hash 465a2c601d65830820a1dbff6567b8ce e3c873f84d53a33bba45dc6c415577f119f2087e e3d401a4440f2924df85e75694e28c751dec3617bf6cac22cd63fec9e669dce3 Loading...

HTTP Transactions (17)

URL IP Response Size

GET applabzzeydoo.com/contents/s/d9/c1/60/cdf387dbad88bf3862072e2593/01109594612996.jpeg

139.45.197.151

200 OK

53 kB

URL GET HTTP/2
applabzzeydoo.com/contents/s/d9/c1/60/cdf387dbad88bf3862072e2593/01109594612996.jpeg
IP
139.45.197.151:443
ASN
#9002 RETN Limited

Requested by
https://applabzzeydoo.com/?l=Ik3Z1hRmgbrHuHy&b=14556889&z=5332574&s=Rzf9h5cJmB35Y5svda8uyw&campid={campaignid}&var=&ymid=Rzf9h5cJmB35Y5svda8uyw&ymid=Rzf9h5cJmB35Y5svda8uyw
Certificate
IssuerLet's Encrypt
Subjectapplabzzeydoo.com
FingerprintBD:4B:E8:66:A5:A8:B7:72:9B:01:79:2D:5F:10:C9:B7:C4:65:EA:14
ValidityFri, 01 Dec 2023 05:07:54 GMT - Thu, 29 Feb 2024 05:07:53 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 740x1600, components 3\012- data
Size
53 kB (52948 bytes)
Hash
d9c160cdf387dbad88bf3862072e2593
682d1572c405d3e307e127884788f3bc28518918
55b39e0443cb0436fd8ee4c860ba541685d8ea440f1d2769ed382375b942696f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /contents/s/d9/c1/60/cdf387dbad88bf3862072e2593/01109594612996.jpeg HTTP/1.1
Host: applabzzeydoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://applabzzeydoo.com/?l=Ik3Z1hRmgbrHuHy&b=14556889&z=5332574&s=Rzf9h5cJmB35Y5svda8uyw&campid={campaignid}&var=&ymid=Rzf9h5cJmB35Y5svda8uyw&ymid=Rzf9h5cJmB35Y5svda8uyw
Cookie: reverse=ntMAuccf48gi6VASnIcRLPRofwh30j39GeJAOT1W5sM; OAID=f50d3f81f94f6af6a271415915773ec7; oaidts=1701778041
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 12:07:22 GMT
content-type: image/jpeg
content-length: 52948
last-modified: Wed, 08 Sep 2021 11:39:17 GMT
vary: Accept-Encoding
etag: "6138a0e5-ced4"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2

GET my.rtmark.net/gid.js?userId=f50d3f81f94f6af6a271415915773ec7

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?userId=f50d3f81f94f6af6a271415915773ec7
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://applabzzeydoo.com/?l=Ik3Z1hRmgbrHuHy&b=14556889&z=5332574&s=Rzf9h5cJmB35Y5svda8uyw&campid={campaignid}&var=&ymid=Rzf9h5cJmB35Y5svda8uyw&ymid=Rzf9h5cJmB35Y5svda8uyw
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintE8:81:4E:79:89:89:BE:CE:75:1F:E0:2A:60:54:8A:A4:11:2E:F7:42
ValiditySat, 07 Oct 2023 15:22:00 GMT - Fri, 05 Jan 2024 15:21:59 GMT

File type
JSON data\012- , ASCII text
Size
65 B (65 bytes)
Hash
e6806b05539ed950337256bd066025ad
bd36b8a4f86aecd69aa1f47e71218f4646a3176d
dbd7f36c6b88e7a1e0c2510cddf58d26961485dfc78c34b7c4e2a5e7970eab62

HTTP Headers

GET /gid.js?userId=f50d3f81f94f6af6a271415915773ec7 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://applabzzeydoo.com/
Origin: https://applabzzeydoo.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 12:07:22 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://applabzzeydoo.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=f50d3f81f94f6af6a271415915773ec7; expires=Wed, 04 Dec 2024 12:07:22 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

POST applabzzeydoo.com/zone?&pub=0&zone_id=4662763&is_mobile=false&domain=applabzzeydoo.com&var=5332574&ymid=&var_3=14556889_&var_4=&dsig=&tg=1&sw=3.1.471&action=prerequest

139.45.197.151

200 OK

0 B

URL POST HTTP/2
applabzzeydoo.com/zone?&pub=0&zone_id=4662763&is_mobile=false&domain=applabzzeydoo.com&var=5332574&ymid=&var_3=14556889_&var_4=&dsig=&tg=1&sw=3.1.471&action=prerequest
IP
139.45.197.151:443
ASN
#9002 RETN Limited

Requested by
https://applabzzeydoo.com/?l=Ik3Z1hRmgbrHuHy&b=14556889&z=5332574&s=Rzf9h5cJmB35Y5svda8uyw&campid={campaignid}&var=&ymid=Rzf9h5cJmB35Y5svda8uyw&ymid=Rzf9h5cJmB35Y5svda8uyw
Certificate
IssuerLet's Encrypt
Subjectapplabzzeydoo.com
FingerprintBD:4B:E8:66:A5:A8:B7:72:9B:01:79:2D:5F:10:C9:B7:C4:65:EA:14
ValidityFri, 01 Dec 2023 05:07:54 GMT - Thu, 29 Feb 2024 05:07:53 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /zone?&pub=0&zone_id=4662763&is_mobile=false&domain=applabzzeydoo.com&var=5332574&ymid=&var_3=14556889_&var_4=&dsig=&tg=1&sw=3.1.471&action=prerequest HTTP/1.1
Host: applabzzeydoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://applabzzeydoo.com
DNT: 1
Connection: keep-alive
Referer: https://applabzzeydoo.com/?l=Ik3Z1hRmgbrHuHy&b=14556889&z=5332574&s=Rzf9h5cJmB35Y5svda8uyw&campid={campaignid}&var=&ymid=Rzf9h5cJmB35Y5svda8uyw&ymid=Rzf9h5cJmB35Y5svda8uyw
Cookie: reverse=ntMAuccf48gi6VASnIcRLPRofwh30j39GeJAOT1W5sM; OAID=f50d3f81f94f6af6a271415915773ec7; oaidts=1701778041
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 12:07:22 GMT
content-length: 0
x-trace-id: 5077f94ca031319c526064085db6ad7e
access-control-allow-origin: https://applabzzeydoo.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

GET my.rtmark.net/gid.js

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://applabzzeydoo.com/?l=Ik3Z1hRmgbrHuHy&b=14556889&z=5332574&s=Rzf9h5cJmB35Y5svda8uyw&campid={campaignid}&var=&ymid=Rzf9h5cJmB35Y5svda8uyw&ymid=Rzf9h5cJmB35Y5svda8uyw
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintE8:81:4E:79:89:89:BE:CE:75:1F:E0:2A:60:54:8A:A4:11:2E:F7:42
ValiditySat, 07 Oct 2023 15:22:00 GMT - Fri, 05 Jan 2024 15:21:59 GMT

File type
JSON data\012- , ASCII text
Size
65 B (65 bytes)
Hash
e6806b05539ed950337256bd066025ad
bd36b8a4f86aecd69aa1f47e71218f4646a3176d
dbd7f36c6b88e7a1e0c2510cddf58d26961485dfc78c34b7c4e2a5e7970eab62

HTTP Headers

GET /gid.js HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://applabzzeydoo.com/
Origin: https://applabzzeydoo.com
DNT: 1
Connection: keep-alive
Cookie: ID=f50d3f81f94f6af6a271415915773ec7
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 12:07:22 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://applabzzeydoo.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=f50d3f81f94f6af6a271415915773ec7; expires=Wed, 04 Dec 2024 12:07:22 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

POST datatechone.com/log/add?cid=79b8b31a-f5b5-449e-9c97-e907dd6cec81

37.48.68.71

200 OK

2 B

URL POST HTTP/1.1
datatechone.com/log/add?cid=79b8b31a-f5b5-449e-9c97-e907dd6cec81
IP
37.48.68.71:443
ASN
#60781 LeaseWeb Netherlands B.V.

Requested by
https://applabzzeydoo.com/?l=Ik3Z1hRmgbrHuHy&b=14556889&z=5332574&s=Rzf9h5cJmB35Y5svda8uyw&campid={campaignid}&var=&ymid=Rzf9h5cJmB35Y5svda8uyw&ymid=Rzf9h5cJmB35Y5svda8uyw
Certificate
IssuerSectigo Limited
Subjectdatatechone.com
Fingerprint8E:B7:22:E4:97:95:3C:60:FC:7C:41:39:A6:B7:B7:E2:48:B2:D0:18
ValiditySun, 18 Dec 2022 00:00:00 GMT - Sun, 24 Dec 2023 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /log/add?cid=79b8b31a-f5b5-449e-9c97-e907dd6cec81 HTTP/1.1
Host: datatechone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1508
Origin: https://applabzzeydoo.com
DNT: 1
Connection: keep-alive
Referer: https://applabzzeydoo.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Tue, 05 Dec 2023 12:07:23 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
Access-Control-Allow-Origin: https://applabzzeydoo.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

GET applabzzeydoo.com/favicon.ico

139.45.197.151

204 No Content

0 B

URL GET HTTP/2
applabzzeydoo.com/favicon.ico
IP
139.45.197.151:443
ASN
#9002 RETN Limited

Requested by
https://applabzzeydoo.com/?l=Ik3Z1hRmgbrHuHy&b=14556889&z=5332574&s=Rzf9h5cJmB35Y5svda8uyw&campid={campaignid}&var=&ymid=Rzf9h5cJmB35Y5svda8uyw&ymid=Rzf9h5cJmB35Y5svda8uyw
Certificate
IssuerLet's Encrypt
Subjectapplabzzeydoo.com
FingerprintBD:4B:E8:66:A5:A8:B7:72:9B:01:79:2D:5F:10:C9:B7:C4:65:EA:14
ValidityFri, 01 Dec 2023 05:07:54 GMT - Thu, 29 Feb 2024 05:07:53 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: applabzzeydoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://applabzzeydoo.com/?l=Ik3Z1hRmgbrHuHy&b=14556889&z=5332574&s=Rzf9h5cJmB35Y5svda8uyw&campid={campaignid}&var=&ymid=Rzf9h5cJmB35Y5svda8uyw&ymid=Rzf9h5cJmB35Y5svda8uyw
Cookie: reverse=ntMAuccf48gi6VASnIcRLPRofwh30j39GeJAOT1W5sM; OAID=f50d3f81f94f6af6a271415915773ec7; oaidts=1701778041; syncedCookie=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Tue, 05 Dec 2023 12:07:23 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

GET littlecdn.com/apps/templates/_assets/scripts/vanillaqr.min.js

104.22.24.116

200 OK

12 kB

URL GET HTTP/2
littlecdn.com/apps/templates/_assets/scripts/vanillaqr.min.js
IP
104.22.24.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://applabzzeydoo.com/?l=Ik3Z1hRmgbrHuHy&b=14556889&z=5332574&s=Rzf9h5cJmB35Y5svda8uyw&campid={campaignid}&var=&ymid=Rzf9h5cJmB35Y5svda8uyw&ymid=Rzf9h5cJmB35Y5svda8uyw
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintF9:14:9E:F3:4F:17:83:0E:22:54:EF:3E:FD:37:20:6C:1D:08:CE:1F
ValidityTue, 11 Apr 2023 00:00:00 GMT - Wed, 10 Apr 2024 23:59:59 GMT

File type
ASCII text, with very long lines (11527)
Size
12 kB (11528 bytes)
Hash
52496515e5168e5cae52f68c2a08c160
f2f3d0ff9a721e527192a337646e64953e56da12
613928679e7493875c7503548e50e354341c8984b91cf28ba7e3317967022854

HTTP Headers

GET /apps/templates/_assets/scripts/vanillaqr.min.js HTTP/1.1
Host: littlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://applabzzeydoo.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 12:07:22 GMT
content-type: application/javascript
last-modified: Mon, 04 Dec 2023 15:55:20 GMT
vary: Accept-Encoding
etag: W/"656df668-2d08"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=3600
cf-cache-status: REVALIDATED
server: cloudflare
cf-ray: 830c2b1adc435695-OSL
content-encoding: br
X-Firefox-Spdy: h2

GET applabzzeydoo.com/pfe/current/micro.tag.min.js?uhd=1&z=4662763&ymid=&var=5332574&sw=/sw-check-permissions/4662763&var_3=14556889_&os_version=10.0

139.45.197.151

200 OK

27 kB

URL GET HTTP/2
applabzzeydoo.com/pfe/current/micro.tag.min.js?uhd=1&z=4662763&ymid=&var=5332574&sw=/sw-check-permissions/4662763&var_3=14556889_&os_version=10.0
IP
139.45.197.151:443
ASN
#9002 RETN Limited

Requested by
https://applabzzeydoo.com/?l=Ik3Z1hRmgbrHuHy&b=14556889&z=5332574&s=Rzf9h5cJmB35Y5svda8uyw&campid={campaignid}&var=&ymid=Rzf9h5cJmB35Y5svda8uyw&ymid=Rzf9h5cJmB35Y5svda8uyw
Certificate
IssuerLet's Encrypt
Subjectapplabzzeydoo.com
FingerprintBD:4B:E8:66:A5:A8:B7:72:9B:01:79:2D:5F:10:C9:B7:C4:65:EA:14
ValidityFri, 01 Dec 2023 05:07:54 GMT - Thu, 29 Feb 2024 05:07:53 GMT

File type
ASCII text, with very long lines (27007), with no line terminators
Size
27 kB (27007 bytes)
Hash
5ccd2d5882a06f293d07510ac91c92e6
b44dc0eaa03981adb70d3313e728f9359c1d21c1
9fc2aa21f3a7bfe66783d35fdbb48147f73e72a41f87aea848f64a8cb4518eba

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pfe/current/micro.tag.min.js?uhd=1&z=4662763&ymid=&var=5332574&sw=/sw-check-permissions/4662763&var_3=14556889_&os_version=10.0 HTTP/1.1
Host: applabzzeydoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://applabzzeydoo.com/?l=Ik3Z1hRmgbrHuHy&b=14556889&z=5332574&s=Rzf9h5cJmB35Y5svda8uyw&campid={campaignid}&var=&ymid=Rzf9h5cJmB35Y5svda8uyw&ymid=Rzf9h5cJmB35Y5svda8uyw
Cookie: reverse=ntMAuccf48gi6VASnIcRLPRofwh30j39GeJAOT1W5sM; OAID=f50d3f81f94f6af6a271415915773ec7; oaidts=1701778041
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 12:07:22 GMT
content-type: application/javascript
last-modified: Thu, 23 Nov 2023 20:42:33 GMT
vary: Accept-Encoding
etag: W/"655fb939-697f"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: br
X-Firefox-Spdy: h2

GET applabzzeydoo.com/rotate?zz=5939590&var=5332574&uid=f50d3f81f94f6af6a271415915773ec7&var_4=Rzf9h5cJmB35Y5svda8uyw&os_version=10.0

139.45.197.151

200 OK

697 B

URL GET HTTP/2
applabzzeydoo.com/rotate?zz=5939590&var=5332574&uid=f50d3f81f94f6af6a271415915773ec7&var_4=Rzf9h5cJmB35Y5svda8uyw&os_version=10.0
IP
139.45.197.151:443
ASN
#9002 RETN Limited

Requested by
https://applabzzeydoo.com/?l=Ik3Z1hRmgbrHuHy&b=14556889&z=5332574&s=Rzf9h5cJmB35Y5svda8uyw&campid={campaignid}&var=&ymid=Rzf9h5cJmB35Y5svda8uyw&ymid=Rzf9h5cJmB35Y5svda8uyw
Certificate
IssuerLet's Encrypt
Subjectapplabzzeydoo.com
FingerprintBD:4B:E8:66:A5:A8:B7:72:9B:01:79:2D:5F:10:C9:B7:C4:65:EA:14
ValidityFri, 01 Dec 2023 05:07:54 GMT - Thu, 29 Feb 2024 05:07:53 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (707), with no line terminators
Size
697 B (697 bytes)
Hash
607bc16fc43b82aaee1fdddfd433682c
29ba6d5059e17135392e1fba346c62e4facfec93
3a08806d0d762bf93a199fb6b3cbb7b0329f6a4c0520a60b73fa82b9bfd4ade4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /rotate?zz=5939590&var=5332574&uid=f50d3f81f94f6af6a271415915773ec7&var_4=Rzf9h5cJmB35Y5svda8uyw&os_version=10.0 HTTP/1.1
Host: applabzzeydoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://applabzzeydoo.com/?l=Ik3Z1hRmgbrHuHy&b=14556889&z=5332574&s=Rzf9h5cJmB35Y5svda8uyw&campid={campaignid}&var=&ymid=Rzf9h5cJmB35Y5svda8uyw&ymid=Rzf9h5cJmB35Y5svda8uyw
DNT: 1
Connection: keep-alive
Cookie: reverse=ntMAuccf48gi6VASnIcRLPRofwh30j39GeJAOT1W5sM; OAID=f50d3f81f94f6af6a271415915773ec7; oaidts=1701778041; syncedCookie=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 12:07:22 GMT
content-type: application/javascript
x-trace-id: 04f72f2fb3b5a3d58a4dde544823a3ef
timing-allow-origin: *
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
vary: Accept-Encoding, Origin
access-control-allow-origin: https://applabzzeydoo.com/
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
set-cookie: OAID=f50d3f81f94f6af6a271415915773ec7; expires=Wed, 04 Dec 2024 12:07:22 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2

GET applabzzeydoo.com/sw-check-permissions/4662763?var=5332574&var_3=14556889_&uhd=1

139.45.197.151

200 OK

940 B

URL GET HTTP/2
applabzzeydoo.com/sw-check-permissions/4662763?var=5332574&var_3=14556889_&uhd=1
IP
139.45.197.151:443
ASN
#9002 RETN Limited

Requested by
https://applabzzeydoo.com/?l=Ik3Z1hRmgbrHuHy&b=14556889&z=5332574&s=Rzf9h5cJmB35Y5svda8uyw&campid={campaignid}&var=&ymid=Rzf9h5cJmB35Y5svda8uyw&ymid=Rzf9h5cJmB35Y5svda8uyw
Certificate
IssuerLet's Encrypt
Subjectapplabzzeydoo.com
FingerprintBD:4B:E8:66:A5:A8:B7:72:9B:01:79:2D:5F:10:C9:B7:C4:65:EA:14
ValidityFri, 01 Dec 2023 05:07:54 GMT - Thu, 29 Feb 2024 05:07:53 GMT

File type
ASCII text, with very long lines (1001), with no line terminators
Size
940 B (940 bytes)
Hash
80483537955f167dd1b658a1fad144bf
6609abf257b14b22d8f35595da98c9b64a2bf3c5
13e914ee5fe967fc52154b6f4ddde5a3c665dd492258d1e80572e1637c18e509

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sw-check-permissions/4662763?var=5332574&var_3=14556889_&uhd=1 HTTP/1.1
Host: applabzzeydoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Referer: https://applabzzeydoo.com/?l=Ik3Z1hRmgbrHuHy&b=14556889&z=5332574&s=Rzf9h5cJmB35Y5svda8uyw&campid={campaignid}&var=&ymid=Rzf9h5cJmB35Y5svda8uyw&ymid=Rzf9h5cJmB35Y5svda8uyw
Cookie: reverse=ntMAuccf48gi6VASnIcRLPRofwh30j39GeJAOT1W5sM; OAID=f50d3f81f94f6af6a271415915773ec7; oaidts=1701778041; syncedCookie=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 12:07:22 GMT
content-type: application/javascript
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-encoding: br
X-Firefox-Spdy: h2

GET littlecdn.com/apps/templates/constructor/constructor-app-lab-v1/themes/glass-dark.css?31212

104.22.24.116

200 OK

1.3 kB

URL GET HTTP/2
littlecdn.com/apps/templates/constructor/constructor-app-lab-v1/themes/glass-dark.css?31212
IP
104.22.24.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://applabzzeydoo.com/?l=Ik3Z1hRmgbrHuHy&b=14556889&z=5332574&s=Rzf9h5cJmB35Y5svda8uyw&campid={campaignid}&var=&ymid=Rzf9h5cJmB35Y5svda8uyw&ymid=Rzf9h5cJmB35Y5svda8uyw
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintF9:14:9E:F3:4F:17:83:0E:22:54:EF:3E:FD:37:20:6C:1D:08:CE:1F
ValidityTue, 11 Apr 2023 00:00:00 GMT - Wed, 10 Apr 2024 23:59:59 GMT

File type
ASCII text, with very long lines (1333), with no line terminators
Size
1.3 kB (1263 bytes)
Hash
038abd065dcc7c5edfdc78d21b52bb66
d13865ae9ae730a627c6431b9130906038bebfc7
b70d1938961de94aa227d692051a839f437bd8f06ce6c11b086ce6639bfc359c

HTTP Headers

GET /apps/templates/constructor/constructor-app-lab-v1/themes/glass-dark.css?31212 HTTP/1.1
Host: littlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://applabzzeydoo.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 12:07:22 GMT
content-type: text/css
last-modified: Mon, 04 Dec 2023 15:55:20 GMT
vary: Accept-Encoding
etag: W/"656df668-4ef"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=3600
cf-cache-status: EXPIRED
server: cloudflare
cf-ray: 830c2b1adc445695-OSL
content-encoding: br
X-Firefox-Spdy: h2

GET cdntechone.com/stattag.js

188.114.97.1

200 OK

19 kB

URL GET HTTP/2
cdntechone.com/stattag.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://applabzzeydoo.com/?l=Ik3Z1hRmgbrHuHy&b=14556889&z=5332574&s=Rzf9h5cJmB35Y5svda8uyw&campid={campaignid}&var=&ymid=Rzf9h5cJmB35Y5svda8uyw&ymid=Rzf9h5cJmB35Y5svda8uyw
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint22:B1:48:87:A8:EF:B2:9B:65:EB:D6:C6:FD:8D:EF:A7:A7:DE:52:29
ValidityThu, 26 Jan 2023 00:00:00 GMT - Thu, 25 Jan 2024 23:59:59 GMT

File type
ASCII text, with very long lines (18335)
Size
19 kB (18985 bytes)
Hash
8ec0c661780569e42736cfc20e4c69d7
0d857c9b9813975179cf323a344c934bcae598c6
38831e62c2e99f2f64b0352f13ef7daaa7c97e31dac314bb52caa89a6a7f58f5

HTTP Headers

GET /stattag.js HTTP/1.1
Host: cdntechone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://applabzzeydoo.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 12:07:22 GMT
content-type: application/javascript
last-modified: Thu, 07 Sep 2023 08:19:46 GMT
etag: W/"64f987a2-4a29"
link: <https://datatechone.com/>; rel=preconnect; crossorigin, <https://datatechonert.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 5478
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=teeIH0krg3R0pKZe5azHgHE3wwDexMLF6jBUE1hg4HiZwLkaaTt7gBTS852PYuPo2qB7LrBAkCAfGqrXxVvkUemOYmZlvWit0trhi8syPonTsDVGWjc36BZJLrsn6KeOtQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 830c2b1efa95568e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET applabzzeydoo.com/?l=Ik3Z1hRmgbrHuHy&b=14556889&z=5332574&s=Rzf9h5cJmB35Y5svda8uyw&campid={campaignid}&var=&ymid=Rzf9h5cJmB35Y5svda8uyw&ymid=Rzf9h5cJmB35Y5svda8uyw

139.45.197.151

200 OK

54 kB

URL User Request GET HTTP/2
applabzzeydoo.com/?l=Ik3Z1hRmgbrHuHy&b=14556889&z=5332574&s=Rzf9h5cJmB35Y5svda8uyw&campid={campaignid}&var=&ymid=Rzf9h5cJmB35Y5svda8uyw&ymid=Rzf9h5cJmB35Y5svda8uyw
IP
139.45.197.151:443
ASN
#9002 RETN Limited

Certificate
IssuerLet's Encrypt
Subjectapplabzzeydoo.com
FingerprintBD:4B:E8:66:A5:A8:B7:72:9B:01:79:2D:5F:10:C9:B7:C4:65:EA:14
ValidityFri, 01 Dec 2023 05:07:54 GMT - Thu, 29 Feb 2024 05:07:53 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2807), with CRLF, LF line terminators
Size
54 kB (54535 bytes)
Hash
633b9c56a22551c554b5e0bef9145d34
c539e52f92b82cac1b9dc2ebe76891eddde97c68
5ef78a3614bc32ff86a1c965b4220ec2ebc50a9e7c4648f62814184fb865f57e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?l=Ik3Z1hRmgbrHuHy&b=14556889&z=5332574&s=Rzf9h5cJmB35Y5svda8uyw&campid={campaignid}&var=&ymid=Rzf9h5cJmB35Y5svda8uyw&ymid=Rzf9h5cJmB35Y5svda8uyw HTTP/1.1
Host: applabzzeydoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 12:07:21 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
set-cookie: reverse=ntMAuccf48gi6VASnIcRLPRofwh30j39GeJAOT1W5sM; expires=Tue, 05-Dec-2023 13:07:21 GMT; Max-Age=3600; path=/
OAID=f50d3f81f94f6af6a271415915773ec7; expires=Wed, 09-Nov-2078 00:14:42 GMT; Max-Age=1733400441; path=/
oaidts=1701778041; expires=Wed, 09-Nov-2078 00:14:42 GMT; Max-Age=1733400441; path=/
syncedCookie=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-encoding: br
X-Firefox-Spdy: h2

GET littlecdn.com/apps/templates/constructor/constructor-app-lab-v1/build/css/main.css?v4321212

104.22.24.116

200 OK

13 kB

URL GET HTTP/2
littlecdn.com/apps/templates/constructor/constructor-app-lab-v1/build/css/main.css?v4321212
IP
104.22.24.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://applabzzeydoo.com/?l=Ik3Z1hRmgbrHuHy&b=14556889&z=5332574&s=Rzf9h5cJmB35Y5svda8uyw&campid={campaignid}&var=&ymid=Rzf9h5cJmB35Y5svda8uyw&ymid=Rzf9h5cJmB35Y5svda8uyw
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintF9:14:9E:F3:4F:17:83:0E:22:54:EF:3E:FD:37:20:6C:1D:08:CE:1F
ValidityTue, 11 Apr 2023 00:00:00 GMT - Wed, 10 Apr 2024 23:59:59 GMT

File type
ASCII text, with very long lines (13295)
Size
13 kB (13296 bytes)
Hash
000b6df09e257d7412336068002f9d0b
f0f278ca2142e7c57d1d1088c9b1e94d20d6c360
f2d79b38aae354041a16ba4cba5a7e3147b6fe2f502ac38352f431d01687835c

HTTP Headers

GET /apps/templates/constructor/constructor-app-lab-v1/build/css/main.css?v4321212 HTTP/1.1
Host: littlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://applabzzeydoo.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 12:07:22 GMT
content-type: text/css
last-modified: Mon, 04 Dec 2023 15:55:20 GMT
vary: Accept-Encoding
etag: W/"656df668-33f0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=3600
cf-cache-status: REVALIDATED
server: cloudflare
cf-ray: 830c2b1acc385695-OSL
content-encoding: br
X-Firefox-Spdy: h2

POST applabzzeydoo.com/?l=Ik3Z1hRmgbrHuHy&b=14556889&z=5332574&s=Rzf9h5cJmB35Y5svda8uyw&campid={campaignid}&var=&ymid=Rzf9h5cJmB35Y5svda8uyw&ymid=Rzf9h5cJmB35Y5svda8uyw&mprtr=1&os_version=10.0

139.45.197.151

200 OK

2 B

URL POST HTTP/2
applabzzeydoo.com/?l=Ik3Z1hRmgbrHuHy&b=14556889&z=5332574&s=Rzf9h5cJmB35Y5svda8uyw&campid={campaignid}&var=&ymid=Rzf9h5cJmB35Y5svda8uyw&ymid=Rzf9h5cJmB35Y5svda8uyw&mprtr=1&os_version=10.0
IP
139.45.197.151:443
ASN
#9002 RETN Limited

Requested by
https://applabzzeydoo.com/?l=Ik3Z1hRmgbrHuHy&b=14556889&z=5332574&s=Rzf9h5cJmB35Y5svda8uyw&campid={campaignid}&var=&ymid=Rzf9h5cJmB35Y5svda8uyw&ymid=Rzf9h5cJmB35Y5svda8uyw
Certificate
IssuerLet's Encrypt
Subjectapplabzzeydoo.com
FingerprintBD:4B:E8:66:A5:A8:B7:72:9B:01:79:2D:5F:10:C9:B7:C4:65:EA:14
ValidityFri, 01 Dec 2023 05:07:54 GMT - Thu, 29 Feb 2024 05:07:53 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /?l=Ik3Z1hRmgbrHuHy&b=14556889&z=5332574&s=Rzf9h5cJmB35Y5svda8uyw&campid={campaignid}&var=&ymid=Rzf9h5cJmB35Y5svda8uyw&ymid=Rzf9h5cJmB35Y5svda8uyw&mprtr=1&os_version=10.0 HTTP/1.1
Host: applabzzeydoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://applabzzeydoo.com
DNT: 1
Connection: keep-alive
Referer: https://applabzzeydoo.com/?l=Ik3Z1hRmgbrHuHy&b=14556889&z=5332574&s=Rzf9h5cJmB35Y5svda8uyw&campid={campaignid}&var=&ymid=Rzf9h5cJmB35Y5svda8uyw&ymid=Rzf9h5cJmB35Y5svda8uyw
Cookie: reverse=ntMAuccf48gi6VASnIcRLPRofwh30j39GeJAOT1W5sM; OAID=f50d3f81f94f6af6a271415915773ec7; oaidts=1701778041; syncedCookie=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 12:07:22 GMT
content-type: application/json
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-encoding: br
X-Firefox-Spdy: h2

GET applabzzeydoo.com/track-impression-applab?z=5332574&b=14556889&ymid=Rzf9h5cJmB35Y5svda8uyw&var=&var_3=14556889_&redirect=false&redirectUrl=https%3A%2F%2Fplay.google.com%2Fstore%2Fapps%2Fdetails%3Fid%3Dcom.samoukale.jaxvpn%26referrer%3Dsubid%253D%24%7BSUBID%7D%2526utm_source%253D5332574%2526request_var%253D%2526os%253D%7Bos%7D%2526osversion%253D%7Bosversion%7D%2526browser%253D%7Bbrowser%7D%2526campaignid%253D%7Bcampaignid%7D%2526utm_campaign%253D%7Bcampaignid%7D%2526geo%253D%7Bgeo%7D%2526utm_medium%253Dzeydoo%2526land_state%253Dbefore_render%2526land_id%253DIk3Z1hRmgbrHuHy%2526land_generation_time%253D2023-12-05_07%253A07%253A21%2526land_error_code%253D%2526ruid%253D%7Bruid%7D%2526mgeo%253D%7Bmgeo%7D%2526oaid%253Df50d3f81f94f6af6a271415915773ec7%2526land_type%253Drtr%2526isPushSubscribed%253Dfalse%2526isPushAlreadySubscribed%253Dfalse%2526land_tracker%253Dmarker%2526land_purchase_method%253Dgoogle&os_version=10.0

139.45.197.151

200 OK

988 B

URL GET HTTP/2
applabzzeydoo.com/track-impression-applab?z=5332574&b=14556889&ymid=Rzf9h5cJmB35Y5svda8uyw&var=&var_3=14556889_&redirect=false&redirectUrl=https%3A%2F%2Fplay.google.com%2Fstore%2Fapps%2Fdetails%3Fid%3Dcom.samoukale.jaxvpn%26referrer%3Dsubid%253D%24%7BSUBID%7D%2526utm_source%253D5332574%2526request_var%253D%2526os%253D%7Bos%7D%2526osversion%253D%7Bosversion%7D%2526browser%253D%7Bbrowser%7D%2526campaignid%253D%7Bcampaignid%7D%2526utm_campaign%253D%7Bcampaignid%7D%2526geo%253D%7Bgeo%7D%2526utm_medium%253Dzeydoo%2526land_state%253Dbefore_render%2526land_id%253DIk3Z1hRmgbrHuHy%2526land_generation_time%253D2023-12-05_07%253A07%253A21%2526land_error_code%253D%2526ruid%253D%7Bruid%7D%2526mgeo%253D%7Bmgeo%7D%2526oaid%253Df50d3f81f94f6af6a271415915773ec7%2526land_type%253Drtr%2526isPushSubscribed%253Dfalse%2526isPushAlreadySubscribed%253Dfalse%2526land_tracker%253Dmarker%2526land_purchase_method%253Dgoogle&os_version=10.0
IP
139.45.197.151:443
ASN
#9002 RETN Limited

Requested by
https://applabzzeydoo.com/?l=Ik3Z1hRmgbrHuHy&b=14556889&z=5332574&s=Rzf9h5cJmB35Y5svda8uyw&campid={campaignid}&var=&ymid=Rzf9h5cJmB35Y5svda8uyw&ymid=Rzf9h5cJmB35Y5svda8uyw
Certificate
IssuerLet's Encrypt
Subjectapplabzzeydoo.com
FingerprintBD:4B:E8:66:A5:A8:B7:72:9B:01:79:2D:5F:10:C9:B7:C4:65:EA:14
ValidityFri, 01 Dec 2023 05:07:54 GMT - Thu, 29 Feb 2024 05:07:53 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (1037), with no line terminators
Size
988 B (988 bytes)
Hash
86c5fe10a03a40361e9a792151b8829c
18da64e5b3e406465ed934b999e356900faddc2a
1b4efedb43b446bdaaaf7979f59242b0c6f124ea99c87212199ddab1394c302b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /track-impression-applab?z=5332574&b=14556889&ymid=Rzf9h5cJmB35Y5svda8uyw&var=&var_3=14556889_&redirect=false&redirectUrl=https%3A%2F%2Fplay.google.com%2Fstore%2Fapps%2Fdetails%3Fid%3Dcom.samoukale.jaxvpn%26referrer%3Dsubid%253D%24%7BSUBID%7D%2526utm_source%253D5332574%2526request_var%253D%2526os%253D%7Bos%7D%2526osversion%253D%7Bosversion%7D%2526browser%253D%7Bbrowser%7D%2526campaignid%253D%7Bcampaignid%7D%2526utm_campaign%253D%7Bcampaignid%7D%2526geo%253D%7Bgeo%7D%2526utm_medium%253Dzeydoo%2526land_state%253Dbefore_render%2526land_id%253DIk3Z1hRmgbrHuHy%2526land_generation_time%253D2023-12-05_07%253A07%253A21%2526land_error_code%253D%2526ruid%253D%7Bruid%7D%2526mgeo%253D%7Bmgeo%7D%2526oaid%253Df50d3f81f94f6af6a271415915773ec7%2526land_type%253Drtr%2526isPushSubscribed%253Dfalse%2526isPushAlreadySubscribed%253Dfalse%2526land_tracker%253Dmarker%2526land_purchase_method%253Dgoogle&os_version=10.0 HTTP/1.1
Host: applabzzeydoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://applabzzeydoo.com/?l=Ik3Z1hRmgbrHuHy&b=14556889&z=5332574&s=Rzf9h5cJmB35Y5svda8uyw&campid={campaignid}&var=&ymid=Rzf9h5cJmB35Y5svda8uyw&ymid=Rzf9h5cJmB35Y5svda8uyw
DNT: 1
Connection: keep-alive
Cookie: reverse=ntMAuccf48gi6VASnIcRLPRofwh30j39GeJAOT1W5sM; OAID=f50d3f81f94f6af6a271415915773ec7; oaidts=1701778041; syncedCookie=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 12:07:22 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
x-trace-id: edfc95efc8d3922921f7456553cb5687
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: *
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2

GET littlecdn.com/apps/templates/constructor/constructor-app-lab-v1/build/js/main.js

104.22.24.116

200 OK

6.6 kB

URL GET HTTP/2
littlecdn.com/apps/templates/constructor/constructor-app-lab-v1/build/js/main.js
IP
104.22.24.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://applabzzeydoo.com/?l=Ik3Z1hRmgbrHuHy&b=14556889&z=5332574&s=Rzf9h5cJmB35Y5svda8uyw&campid={campaignid}&var=&ymid=Rzf9h5cJmB35Y5svda8uyw&ymid=Rzf9h5cJmB35Y5svda8uyw
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintF9:14:9E:F3:4F:17:83:0E:22:54:EF:3E:FD:37:20:6C:1D:08:CE:1F
ValidityTue, 11 Apr 2023 00:00:00 GMT - Wed, 10 Apr 2024 23:59:59 GMT

File type
ASCII text, with very long lines (6751), with no line terminators
Size
6.6 kB (6602 bytes)
Hash
74b85b3fe8ba5a4aba7ad4d63fc6e06a
9eafe8e70d0d802bf6a1e324ba4da44c5d1107dd
aa4404f5d7f505531adff5742d28b2fbd76aee84daa4b691d23b1bc7f31ae340

HTTP Headers

GET /apps/templates/constructor/constructor-app-lab-v1/build/js/main.js HTTP/1.1
Host: littlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://applabzzeydoo.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 12:07:22 GMT
content-type: application/javascript
last-modified: Mon, 04 Dec 2023 15:55:20 GMT
vary: Accept-Encoding
etag: W/"656df668-19ca"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=3600
cf-cache-status: REVALIDATED
server: cloudflare
cf-ray: 830c2b1adc405695-OSL
content-encoding: br
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (21)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by