ddec.blob.core.windows.net Open in urlscan Pro
20.60.220.225 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://zlotzlot.com/
Effective URL:
https://ddec.blob.core.windows.net/web/15152446w1hi.html
Submission: On December 19 via api (December 19th 2024, 5:35:36 am UTC) from BE — Scanned from DE

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 10 HTTP transactions. The main IP is 20.60.220.225, located in Washington, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is ddec.blob.core.windows.net.
TLS certificate: Issued by Microsoft Azure RSA TLS Issuing CA 08 on October 23rd 2024. Valid for: 6 months.

This is the only time ddec.blob.core.windows.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2	198.54.119.125 198.54.119.125	22612 (NAMECHEAP...) (NAMECHEAP-NET)
5	20.60.220.225 20.60.220.225	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	77.245.159.14 77.245.159.14	42868 (NiobeBili...) (NiobeBilisimHizmetleri Niobe Telekomunikasyon Bilisim Teknolojileri Yazilim Danismanlik Sanayi ve Ticaret Ltd. Sti.)
1	188.114.96.3 188.114.96.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	4

2 198.54.119.125 (United States)

ASN22612 (NAMECHEAP-NET, US)
PTR: paraslotgiris.com

zlotzlot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 20.60.220.225 (Washington, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

ddec.blob.core.windows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 77.245.159.14 (Turkey)

ASN42868 (NiobeBilisimHizmetleri Niobe Telekomunikasyon Bilisim Teknolojileri Yazilim Danismanlik Sanayi ve Ticaret Ltd. Sti., TR)
PTR: stilgar.wlsrv.com

www.cloakan.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 188.114.96.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)

braveheartspub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	windows.net ddec.blob.core.windows.net	90 KB
2	cloakan.co www.cloakan.co	672 B
2	zlotzlot.com zlotzlot.com	2 KB
1	braveheartspub.com braveheartspub.com
10	4

	Domain	Requested by
5	ddec.blob.core.windows.net	ddec.blob.core.windows.net
2	www.cloakan.co	ddec.blob.core.windows.net
2	zlotzlot.com
1	braveheartspub.com	www.cloakan.co
10	4

This site contains no links.

Subject Issuer	Validity	Valid
zlotzlot.com Sectigo RSA Domain Validation Secure Server CA	`2024-12-13` - `2025-12-13`	a year	crt.sh
*.blob.core.windows.net Microsoft Azure RSA TLS Issuing CA 08	`2024-10-23` - `2025-04-21`	6 months	crt.sh
www.cloakan.co R11	`2024-11-02` - `2025-01-31`	3 months	crt.sh
braveheartspub.com WE1	`2024-10-30` - `2025-01-28`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://ddec.blob.core.windows.net/web/15152446w1hi.html
Frame ID: BDC8876B93790064923C1E70DAF91CCC
Requests: 9 HTTP requests in this frame

Frame: https://braveheartspub.com/
Frame ID: 15672DF50F1B284D231DD3DCB9100789
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://zlotzlot.com/ Page URL
https://ddec.blob.core.windows.net/web/15152446w1hi.html Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

10
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

92 kB
Transfer

90 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://zlotzlot.com/ Page URL
https://ddec.blob.core.windows.net/web/15152446w1hi.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	/ Show response zlotzlot.com/	346 B 360 B	490ms 163ms	Document text/html	198.54.119.125 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://zlotzlot.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.54.119.125 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS paraslotgiris.com Software LiteSpeed / Resource Hash `951e376ec58825a75ca49622f4511a052160577215dc8ef238e3d6a4594cff66` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers accept-ranges bytes content-encoding br content-length 193 content-type text/html date Thu, 19 Dec 2024 05:35:29 GMT last-modified Fri, 13 Dec 2024 21:53:54 GMT server LiteSpeed vary Accept-Encoding x-turbo-charged-by LiteSpeed
GET H/1.1	200 OK	Primary Request 15152446w1hi.html Show response ddec.blob.core.windows.net/web/	1 KB 2 KB	537ms 202ms	Document text/html	20.60.220.225 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://ddec.blob.core.windows.net/web/15152446w1hi.html Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 20.60.220.225 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash `176cdf807c771cff42153955ad443d9b1c01c34af0cd48122cec3970a7f1335a` Request headers Referer https://zlotzlot.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers Content-Length 1313 Content-MD5 OVQPt6QLEbbHM/H8ZiSiTQ== Content-Type text/html Date Thu, 19 Dec 2024 05:35:30 GMT ETag 0x8DCAE63018FC835 Last-Modified Sat, 27 Jul 2024 17:39:03 GMT Server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 x-ms-blob-type BlockBlob x-ms-lease-status unlocked x-ms-request-id d9474d8d-401e-00f0-30d7-518c4c000000 x-ms-version 2009-09-19
GET H2	404	favicon.ico zlotzlot.com/	1 KB 1 KB	320ms 319ms	Other text/html	198.54.119.125 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://zlotzlot.com/favicon.ico Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.54.119.125 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS paraslotgiris.com Software LiteSpeed / Resource Hash Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://zlotzlot.com/ Response headers x-turbo-charged-by LiteSpeed cache-control private, no-cache, no-store, must-revalidate, max-age=0 content-length 1251 pragma no-cache date Thu, 19 Dec 2024 05:35:29 GMT content-type text/html server LiteSpeed
GET H/1.1	200 OK	jquery.min.js Show response ddec.blob.core.windows.net/web/	86 KB 86 KB	116ms 114ms	Script text/javascript	20.60.220.225 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://ddec.blob.core.windows.net/web/jquery.min.js Requested by Host: ddec.blob.core.windows.net URL: https://ddec.blob.core.windows.net/web/15152446w1hi.html Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 20.60.220.225 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash `412b8ff9c5ab32b9019fcd84bcd4a54c0e265a14528474f4ee45b27a20abeaeb` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://ddec.blob.core.windows.net/web/15152446w1hi.html Response headers Content-MD5 prY1DulKPqdFlcBly/WK8A== x-ms-version 2009-09-19 x-ms-lease-status unlocked ETag 0x8DCAE5F3BB7C769 x-ms-request-id d9474deb-401e-00f0-06d7-518c4c000000 Content-Length 88147 Date Thu, 19 Dec 2024 05:35:30 GMT Content-Type text/javascript Last-Modified Sat, 27 Jul 2024 17:12:02 GMT Server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 x-ms-blob-type BlockBlob
GET H/1.1	200 OK	cloakan.js Show response ddec.blob.core.windows.net/web/	309 B 718 B	509ms 200ms	Script text/javascript	20.60.220.225 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://ddec.blob.core.windows.net/web/cloakan.js Requested by Host: ddec.blob.core.windows.net URL: https://ddec.blob.core.windows.net/web/15152446w1hi.html Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 20.60.220.225 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash `98160d16e23afc381965f4a4419834532fa5a53f2f9821fd66419c14703151c3` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://ddec.blob.core.windows.net/web/15152446w1hi.html Response headers Content-MD5 SS+KII9lqYaH6XtpuF+O2Q== x-ms-version 2009-09-19 x-ms-lease-status unlocked ETag 0x8DCAE5F3B864079 x-ms-request-id 37b2180b-001e-010a-17d7-519007000000 Content-Length 309 Date Thu, 19 Dec 2024 05:35:30 GMT Content-Type text/javascript Last-Modified Sat, 27 Jul 2024 17:12:02 GMT Server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 x-ms-blob-type BlockBlob
GET H/1.1	200 OK	style.css ddec.blob.core.windows.net/web/	166 B 568 B	412ms 104ms	Stylesheet text/css	20.60.220.225 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://ddec.blob.core.windows.net/web/style.css Requested by Host: ddec.blob.core.windows.net URL: https://ddec.blob.core.windows.net/web/15152446w1hi.html Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 20.60.220.225 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash `cf906196a7c1414e11983955e101a051d55a864f2bc9fd52a453d952d92fd9b5` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://ddec.blob.core.windows.net/web/15152446w1hi.html Response headers Content-MD5 9ruAIrm4XHnQO3/sM8J0AQ== x-ms-version 2009-09-19 x-ms-lease-status unlocked ETag 0x8DCAE5F3B868E42 x-ms-request-id d9474e99-401e-00f0-2cd7-518c4c000000 Content-Length 166 Date Thu, 19 Dec 2024 05:35:30 GMT Content-Type text/css Last-Modified Sat, 27 Jul 2024 17:12:02 GMT Server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 x-ms-blob-type BlockBlob
GET H2	200	px.php Show response www.cloakan.co/	55 B 301 B	482ms 266ms	XHR text/html	77.245.159.14 NiobeBilisimHizme...
General Check archive.org Show headers Download Go to Full URL https://www.cloakan.co/px.php?id=15152446w1hi Requested by Host: ddec.blob.core.windows.net URL: https://ddec.blob.core.windows.net/web/15152446w1hi.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 77.245.159.14 , Turkey, ASN42868 (NiobeBilisimHizmetleri Niobe Telekomunikasyon Bilisim Teknolojileri Yazilim Danismanlik Sanayi ve Ticaret Ltd. Sti., TR), Reverse DNS stilgar.wlsrv.com Software LiteSpeed / Resource Hash `a9f55a9e4658a9960455f9485c446ea9874f2590ae283801311d84e908536cc2` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://ddec.blob.core.windows.net/ Response headers content-encoding br access-control-allow-origin * alt-svc quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000 content-length 45 date Thu, 19 Dec 2024 05:35:31 GMT content-type text/html; charset=UTF-8 vary Accept-Encoding,User-Agent server LiteSpeed
GET H2	200	nv.php Show response www.cloakan.co/	240 B 371 B	419ms 281ms	Script text/html	77.245.159.14 NiobeBilisimHizme...
General Check archive.org Show headers Download Go to Full URL https://www.cloakan.co/nv.php?id=15152446w1hi-m Requested by Host: ddec.blob.core.windows.net URL: https://ddec.blob.core.windows.net/web/cloakan.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 77.245.159.14 , Turkey, ASN42868 (NiobeBilisimHizmetleri Niobe Telekomunikasyon Bilisim Teknolojileri Yazilim Danismanlik Sanayi ve Ticaret Ltd. Sti., TR), Reverse DNS stilgar.wlsrv.com Software LiteSpeed / Resource Hash `20045d82874443aa04eda274577035e59330ac0cbdc7215f82a94f531db3b8ef` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://ddec.blob.core.windows.net/ Response headers alt-svc quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000 content-encoding br content-length 118 date Thu, 19 Dec 2024 05:35:31 GMT content-type text/html; charset=UTF-8 vary Accept-Encoding,User-Agent server LiteSpeed
GET H2	200	/ braveheartspub.com/ Frame 1567	0 0	510ms 462ms	Document text/html	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://braveheartspub.com/ Requested by Host: www.cloakan.co URL: https://www.cloakan.co/nv.php?id=15152446w1hi-m Protocol H2 Security TLS 1.3, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer https://ddec.blob.core.windows.net/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers alt-svc h3=":443"; ma=86400 cache-control no-cache cf-cache-status DYNAMIC cf-ray 8f45079f9acf1981-FRA content-encoding zstd content-type text/html; charset=UTF-8 date Thu, 19 Dec 2024 05:35:32 GMT last-modified Wed, 18 Dec 2024 12:16:58 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MPqKMg%2B0D62gmknR%2BQJSpeggBLiOso5miL0Gk7f3iHYdoMGxHdAiC0%2BOXmZrD4hJi6i5Dpkvu%2FX7r%2FKruaeRSWmVddW3JARETLxusAgSYQ%2F7iFl7CWxFdbYQ5ed51oqkBExOWTE%3D"}],"group":"cf-nel","max_age":604800} server cloudflare server-timing cfL4;desc="?proto=TCP&rtt=1183&min_rtt=439&rtt_var=1507&sent=7&recv=8&lost=0&retrans=0&sent_bytes=4032&recv_bytes=2369&delivery_rate=9589403&cwnd=249&unsent_bytes=0&cid=2f5a3f414eb0900a&ts=471&x=0" vary User-Agent accept-encoding wpo-cache-status cached
GET H/1.1	400 One of the request inputs is out of range.	favicon.ico ddec.blob.core.windows.net/	226 B 485 B	106ms 106ms	Other application/xml	20.60.220.225 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://ddec.blob.core.windows.net/favicon.ico Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 20.60.220.225 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Blob Service Version 1.0 Microsoft-HTTPAPI/2.0 / Resource Hash `f8d364f0eb91d0b291e787506bf342645c05dbfbfbde20b0787f0f2aaf5995c6` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://ddec.blob.core.windows.net/web/15152446w1hi.html Response headers x-ms-request-id 37b21ddb-001e-010a-0fd7-519007000000 Content-Length 226 Date Thu, 19 Dec 2024 05:35:32 GMT Content-Type application/xml Server Blob Service Version 1.0 Microsoft-HTTPAPI/2.0

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://zlotzlot.com/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://ddec.blob.core.windows.net/favicon.ico Message: Failed to load resource: the server responded with a status of 400 (One of the request inputs is out of range.)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

braveheartspub.com
ddec.blob.core.windows.net
www.cloakan.co
zlotzlot.com
188.114.96.3
198.54.119.125
20.60.220.225
77.245.159.14
176cdf807c771cff42153955ad443d9b1c01c34af0cd48122cec3970a7f1335a
20045d82874443aa04eda274577035e59330ac0cbdc7215f82a94f531db3b8ef
412b8ff9c5ab32b9019fcd84bcd4a54c0e265a14528474f4ee45b27a20abeaeb
951e376ec58825a75ca49622f4511a052160577215dc8ef238e3d6a4594cff66
98160d16e23afc381965f4a4419834532fa5a53f2f9821fd66419c14703151c3
a9f55a9e4658a9960455f9485c446ea9874f2590ae283801311d84e908536cc2
cf906196a7c1414e11983955e101a051d55a864f2bc9fd52a453d952d92fd9b5
f8d364f0eb91d0b291e787506bf342645c05dbfbfbde20b0787f0f2aaf5995c6

ddec.blob.core.windows.net Open in urlscan Pro 20.60.220.225 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

10 Requests

100 %HTTPS

0 %IPv6

4 Domains

4 Subdomains

4 IPs

3 Countries

92 kBTransfer

90 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

0 Cookies

2 Console Messages

Indicators

ddec.blob.core.windows.net Open in urlscan Pro
20.60.220.225 Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

92 kB
Transfer

90 kB
Size

0
Cookies

10 HTTP transactions
0 data transactions