Submitted URL: https://67c6a1e7ce56d3d6fa748ab6d9af3fd7.awda.hyd.me/
Effective URL: https://bad.download/?utm_campaign=hydme&utm_medium=67c6a1e7ce56d3d6fa748ab6d9af3fd7.awda&utm_source=https://67c6a1e7...
Submission: On August 02 via api from US — Scanned from CA

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 13 HTTP transactions. The main IP is 208.94.117.188, located in Phoenix, United States and belongs to GRIDFURY-AS, US. The main domain is bad.download.
TLS certificate: Issued by E5 on July 16th 2024. Valid for: 3 months.
This is the only time bad.download was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 111.90.144.112 45839 (SHINJIRU-...)
9 208.94.117.188 40630 (GRIDFURY-AS)
4 54.184.199.155 16509 (AMAZON-02)
13 2
Apex Domain
Subdomains
Transfer
13 bad.download
bad.download
lavenderhaze.bad.download
43 KB
1 hyd.me
67c6a1e7ce56d3d6fa748ab6d9af3fd7.awda.hyd.me
1 KB
13 2
Domain Requested by
9 bad.download bad.download
4 lavenderhaze.bad.download bad.download
lavenderhaze.bad.download
1 67c6a1e7ce56d3d6fa748ab6d9af3fd7.awda.hyd.me 1 redirects
13 3
Subject Issuer Validity Valid
bad.download
E5
2024-07-16 -
2024-10-14
3 months crt.sh
lavenderhaze.bad.download
E6
2024-07-01 -
2024-09-29
3 months crt.sh

This page contains 1 frames:

Primary Page: https://bad.download/?utm_campaign=hydme&utm_medium=67c6a1e7ce56d3d6fa748ab6d9af3fd7.awda&utm_source=https://67c6a1e7ce56d3d6fa748ab6d9af3fd7.awda.hyd.me/
Frame ID: 16B395557B5C650CE93A2A2300D7A90B
Requests: 13 HTTP requests in this frame

Screenshot

Page Title

bad.download

Page URL History Show full URLs

  1. https://67c6a1e7ce56d3d6fa748ab6d9af3fd7.awda.hyd.me/ HTTP 302
    https://bad.download/?utm_campaign=hydme&utm_medium=67c6a1e7ce56d3d6fa748ab6d9af3fd7.awda&utm_sou... Page URL

Page Statistics

13
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

2
IPs

2
Countries

43 kB
Transfer

51 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://67c6a1e7ce56d3d6fa748ab6d9af3fd7.awda.hyd.me/ HTTP 302
    https://bad.download/?utm_campaign=hydme&utm_medium=67c6a1e7ce56d3d6fa748ab6d9af3fd7.awda&utm_source=https://67c6a1e7ce56d3d6fa748ab6d9af3fd7.awda.hyd.me/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
bad.download/
Redirect Chain
  • https://67c6a1e7ce56d3d6fa748ab6d9af3fd7.awda.hyd.me/
  • https://bad.download/?utm_campaign=hydme&utm_medium=67c6a1e7ce56d3d6fa748ab6d9af3fd7.awda&utm_source=https://67c6a1e7ce56d3d6fa748ab6d9af3fd7.awda.hyd.me/
13 KB
4 KB
Document
General
Full URL
https://bad.download/?utm_campaign=hydme&utm_medium=67c6a1e7ce56d3d6fa748ab6d9af3fd7.awda&utm_source=https://67c6a1e7ce56d3d6fa748ab6d9af3fd7.awda.hyd.me/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
208.94.117.188 Phoenix, United States, ASN40630 (GRIDFURY-AS, US),
Reverse DNS
ip-208-94-117-188.sites.nearlyfreespeech.net
Software
Apache /
Resource Hash
94147d534fe99dc681a4522ceb57bc97540595b30a8c4a26b903d8dc6e135a77

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
content-encoding
gzip
content-length
4017
content-type
text/html; charset=UTF-8
date
Fri, 02 Aug 2024 09:25:16 GMT
etag
"33d1-6198d4e4a7a7e"
last-modified
Wed, 29 May 2024 01:02:34 GMT
server
Apache
vary
Accept-Encoding
via
e2s

Redirect headers

alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
cache-control
no-cache, no-store, must-revalidate, max-age=0
content-length
771
content-type
text/html
date
Fri, 02 Aug 2024 09:25:16 GMT
location
https://bad.download/?utm_campaign=hydme&utm_medium=67c6a1e7ce56d3d6fa748ab6d9af3fd7.awda&utm_source=https://67c6a1e7ce56d3d6fa748ab6d9af3fd7.awda.hyd.me/
server
LiteSpeed
sidebar-firefox.gif
bad.download/images/
9 KB
9 KB
Image
General
Full URL
https://bad.download/images/sidebar-firefox.gif
Requested by
Host: bad.download
URL: https://bad.download/?utm_campaign=hydme&utm_medium=67c6a1e7ce56d3d6fa748ab6d9af3fd7.awda&utm_source=https://67c6a1e7ce56d3d6fa748ab6d9af3fd7.awda.hyd.me/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
208.94.117.188 Phoenix, United States, ASN40630 (GRIDFURY-AS, US),
Reverse DNS
ip-208-94-117-188.sites.nearlyfreespeech.net
Software
Apache /
Resource Hash
7314af11cafb8cca143391063d3c902cd50f6654599326f94d1c37478fafd039

Request headers

Referer
https://bad.download/?utm_campaign=hydme&utm_medium=67c6a1e7ce56d3d6fa748ab6d9af3fd7.awda&utm_source=https://67c6a1e7ce56d3d6fa748ab6d9af3fd7.awda.hyd.me/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Fri, 02 Aug 2024 09:16:16 GMT
via
e2s
last-modified
Sun, 12 Feb 2023 02:01:36 GMT
server
Apache
age
541
etag
"244f-5f4771c4cefed"
content-type
image/gif
accept-ranges
bytes
content-length
9295
sidebar-aol-instant-messenger-aim.gif
bad.download/images/
2 KB
2 KB
Image
General
Full URL
https://bad.download/images/sidebar-aol-instant-messenger-aim.gif
Requested by
Host: bad.download
URL: https://bad.download/?utm_campaign=hydme&utm_medium=67c6a1e7ce56d3d6fa748ab6d9af3fd7.awda&utm_source=https://67c6a1e7ce56d3d6fa748ab6d9af3fd7.awda.hyd.me/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
208.94.117.188 Phoenix, United States, ASN40630 (GRIDFURY-AS, US),
Reverse DNS
ip-208-94-117-188.sites.nearlyfreespeech.net
Software
Apache /
Resource Hash
c1ad76c98ee93aca2ff82e319ed2126f95486cc80abb1856b62e902f1c5218b4

Request headers

Referer
https://bad.download/?utm_campaign=hydme&utm_medium=67c6a1e7ce56d3d6fa748ab6d9af3fd7.awda&utm_source=https://67c6a1e7ce56d3d6fa748ab6d9af3fd7.awda.hyd.me/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Fri, 02 Aug 2024 09:16:16 GMT
via
e2s
last-modified
Sun, 12 Feb 2023 02:01:08 GMT
server
Apache
age
541
etag
"6e1-5f4771a99062d"
content-type
image/gif
accept-ranges
bytes
content-length
1761
sidebar-macromedia-flashplayer.gif
bad.download/images/
938 B
993 B
Image
General
Full URL
https://bad.download/images/sidebar-macromedia-flashplayer.gif
Requested by
Host: bad.download
URL: https://bad.download/?utm_campaign=hydme&utm_medium=67c6a1e7ce56d3d6fa748ab6d9af3fd7.awda&utm_source=https://67c6a1e7ce56d3d6fa748ab6d9af3fd7.awda.hyd.me/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
208.94.117.188 Phoenix, United States, ASN40630 (GRIDFURY-AS, US),
Reverse DNS
ip-208-94-117-188.sites.nearlyfreespeech.net
Software
Apache /
Resource Hash
3d6afaaf480f65d8479a5ac01471704ebbf6217ea10072f2e0ef0849a4a96cf3

Request headers

Referer
https://bad.download/?utm_campaign=hydme&utm_medium=67c6a1e7ce56d3d6fa748ab6d9af3fd7.awda&utm_source=https://67c6a1e7ce56d3d6fa748ab6d9af3fd7.awda.hyd.me/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Fri, 02 Aug 2024 09:16:16 GMT
via
e2s
last-modified
Sun, 12 Feb 2023 02:01:08 GMT
server
Apache
age
541
etag
"3aa-5f4771a99832d"
content-type
image/gif
accept-ranges
bytes
content-length
938
sidebar-macos.gif
bad.download/images/
2 KB
2 KB
Image
General
Full URL
https://bad.download/images/sidebar-macos.gif
Requested by
Host: bad.download
URL: https://bad.download/?utm_campaign=hydme&utm_medium=67c6a1e7ce56d3d6fa748ab6d9af3fd7.awda&utm_source=https://67c6a1e7ce56d3d6fa748ab6d9af3fd7.awda.hyd.me/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
208.94.117.188 Phoenix, United States, ASN40630 (GRIDFURY-AS, US),
Reverse DNS
ip-208-94-117-188.sites.nearlyfreespeech.net
Software
Apache /
Resource Hash
766c5986e6fc4dc69553d27d02b74714e73cfcb1ab0e1548a7662f19d3052a94

Request headers

Referer
https://bad.download/?utm_campaign=hydme&utm_medium=67c6a1e7ce56d3d6fa748ab6d9af3fd7.awda&utm_source=https://67c6a1e7ce56d3d6fa748ab6d9af3fd7.awda.hyd.me/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Fri, 02 Aug 2024 09:16:16 GMT
via
e2s
last-modified
Sun, 12 Feb 2023 02:01:07 GMT
server
Apache
age
541
etag
"669-5f4771a93b6cd"
content-type
image/gif
accept-ranges
bytes
content-length
1641
sidebar-openoffice.gif
bad.download/images/
3 KB
3 KB
Image
General
Full URL
https://bad.download/images/sidebar-openoffice.gif
Requested by
Host: bad.download
URL: https://bad.download/?utm_campaign=hydme&utm_medium=67c6a1e7ce56d3d6fa748ab6d9af3fd7.awda&utm_source=https://67c6a1e7ce56d3d6fa748ab6d9af3fd7.awda.hyd.me/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
208.94.117.188 Phoenix, United States, ASN40630 (GRIDFURY-AS, US),
Reverse DNS
ip-208-94-117-188.sites.nearlyfreespeech.net
Software
Apache /
Resource Hash
8f83f77a7c6e279c5d282859382174aba946ae2d27bf03f8c370023023dbd258

Request headers

Referer
https://bad.download/?utm_campaign=hydme&utm_medium=67c6a1e7ce56d3d6fa748ab6d9af3fd7.awda&utm_source=https://67c6a1e7ce56d3d6fa748ab6d9af3fd7.awda.hyd.me/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Fri, 02 Aug 2024 09:16:16 GMT
via
e2s
last-modified
Thu, 23 Nov 2023 21:43:20 GMT
server
Apache
age
541
etag
"bf9-60ad8b96b6587"
content-type
image/gif
accept-ranges
bytes
content-length
3065
sidebar-winrar.gif
bad.download/images/
4 KB
4 KB
Image
General
Full URL
https://bad.download/images/sidebar-winrar.gif
Requested by
Host: bad.download
URL: https://bad.download/?utm_campaign=hydme&utm_medium=67c6a1e7ce56d3d6fa748ab6d9af3fd7.awda&utm_source=https://67c6a1e7ce56d3d6fa748ab6d9af3fd7.awda.hyd.me/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
208.94.117.188 Phoenix, United States, ASN40630 (GRIDFURY-AS, US),
Reverse DNS
ip-208-94-117-188.sites.nearlyfreespeech.net
Software
Apache /
Resource Hash
0045ac32fbc9c9f7c0d032ec35169bd7dde337272cd2bbf126ad6dcddb839282

Request headers

Referer
https://bad.download/?utm_campaign=hydme&utm_medium=67c6a1e7ce56d3d6fa748ab6d9af3fd7.awda&utm_source=https://67c6a1e7ce56d3d6fa748ab6d9af3fd7.awda.hyd.me/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Fri, 02 Aug 2024 09:16:16 GMT
via
e2s
last-modified
Thu, 23 Nov 2023 21:40:51 GMT
server
Apache
age
541
etag
"e00-60ad8b088876b"
content-type
image/gif
accept-ranges
bytes
content-length
3584
kopimi.png
bad.download/images/
15 KB
15 KB
Image
General
Full URL
https://bad.download/images/kopimi.png
Requested by
Host: bad.download
URL: https://bad.download/?utm_campaign=hydme&utm_medium=67c6a1e7ce56d3d6fa748ab6d9af3fd7.awda&utm_source=https://67c6a1e7ce56d3d6fa748ab6d9af3fd7.awda.hyd.me/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
208.94.117.188 Phoenix, United States, ASN40630 (GRIDFURY-AS, US),
Reverse DNS
ip-208-94-117-188.sites.nearlyfreespeech.net
Software
Apache /
Resource Hash
e9b570a154988c4931745d748cf4e28b8d8e79e729f762400185c6ae85ea8c80

Request headers

Referer
https://bad.download/?utm_campaign=hydme&utm_medium=67c6a1e7ce56d3d6fa748ab6d9af3fd7.awda&utm_source=https://67c6a1e7ce56d3d6fa748ab6d9af3fd7.awda.hyd.me/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Fri, 02 Aug 2024 09:16:16 GMT
via
e2s
last-modified
Mon, 20 Nov 2023 04:41:29 GMT
server
Apache
age
541
etag
"3b94-60a8e197bde02"
content-type
image/png
accept-ranges
bytes
content-length
15252
hello.js
lavenderhaze.bad.download/
2 KB
2 KB
Script
General
Full URL
https://lavenderhaze.bad.download/hello.js
Requested by
Host: bad.download
URL: https://bad.download/?utm_campaign=hydme&utm_medium=67c6a1e7ce56d3d6fa748ab6d9af3fd7.awda&utm_source=https://67c6a1e7ce56d3d6fa748ab6d9af3fd7.awda.hyd.me/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.184.199.155 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-184-199-155.us-west-2.compute.amazonaws.com
Software
Caddy /
Resource Hash
5f959945f5aab404690f2c44c17916346ea1218a36298b76a492fc70f430478a
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://bad.download/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 02 Aug 2024 09:25:17 GMT
x-permitted-cross-domain-policies
none
strict-transport-security
max-age=15552000; includeSubDomains
cross-origin-embedder-policy
require-corp
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
content-length
1209
x-xss-protection
0
referrer-policy
no-referrer
server
Caddy
cross-origin-opener-policy
same-origin
x-download-options
noopen
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
origin-agent-cluster
?1
x-ratelimit-remaining
2999
x-ratelimit-reset
1722590723
x-ratelimit-limit
3000
cache
lavenderhaze.bad.download/
1 B
49 B
XHR
General
Full URL
https://lavenderhaze.bad.download/cache?bad.download
Requested by
Host: lavenderhaze.bad.download
URL: https://lavenderhaze.bad.download/hello.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.184.199.155 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-184-199-155.us-west-2.compute.amazonaws.com
Software
Caddy /
Resource Hash
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://bad.download/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
date
Fri, 02 Aug 2024 09:25:17 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies
none
cross-origin-embedder-policy
require-corp
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
content-length
1
x-xss-protection
0
referrer-policy
no-referrer
last-modified
Fri, 02 Aug 2024 00:00:01 GMT
server
Caddy
cross-origin-opener-policy
same-origin
etag
false
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-ratelimit-remaining
2997
content-type
text/html; charset=utf-8
access-control-allow-origin
*
origin-agent-cluster
?1
cache-control
public, max-age=52482, no-cache
x-ratelimit-reset
1722590723
x-ratelimit-limit
3000
cache
lavenderhaze.bad.download/
1 B
703 B
XHR
General
Full URL
https://lavenderhaze.bad.download/cache?bad.download/
Requested by
Host: lavenderhaze.bad.download
URL: https://lavenderhaze.bad.download/hello.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.184.199.155 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-184-199-155.us-west-2.compute.amazonaws.com
Software
Caddy /
Resource Hash
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://bad.download/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
date
Fri, 02 Aug 2024 09:25:17 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies
none
cross-origin-embedder-policy
require-corp
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
content-length
1
x-xss-protection
0
referrer-policy
no-referrer
last-modified
Fri, 02 Aug 2024 00:00:01 GMT
server
Caddy
cross-origin-opener-policy
same-origin
etag
false
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-ratelimit-remaining
2998
content-type
text/html; charset=utf-8
access-control-allow-origin
*
origin-agent-cluster
?1
cache-control
public, max-age=52482, no-cache
x-ratelimit-reset
1722590723
x-ratelimit-limit
3000
favicon-32x32.png
bad.download/
956 B
1 KB
Other
General
Full URL
https://bad.download/favicon-32x32.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
208.94.117.188 Phoenix, United States, ASN40630 (GRIDFURY-AS, US),
Reverse DNS
ip-208-94-117-188.sites.nearlyfreespeech.net
Software
Apache /
Resource Hash
08d08587b39615760e2ecba2a8205f04fd236c3d2aa2c079bb39ddc307f4985a

Request headers

Referer
https://bad.download/?utm_campaign=hydme&utm_medium=67c6a1e7ce56d3d6fa748ab6d9af3fd7.awda&utm_source=https://67c6a1e7ce56d3d6fa748ab6d9af3fd7.awda.hyd.me/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Fri, 02 Aug 2024 08:37:14 GMT
via
e2s
last-modified
Tue, 21 Nov 2023 03:05:46 GMT
server
Apache
age
2883
etag
"3bc-60aa0e1092a0a"
content-type
image/png
accept-ranges
bytes
content-length
956
hello
lavenderhaze.bad.download/
0
68 B
XHR
General
Full URL
https://lavenderhaze.bad.download/hello?r=&w=1600&s=0&t=1616&p=https%3A%2F%2Fbad.download%2F%3Futm_campaign%3Dhydme%26utm_medium%3D67c6a1e7ce56d3d6fa748ab6d9af3fd7.awda%26utm_source%3Dhttps%3A%2F%2F67c6a1e7ce56d3d6fa748ab6d9af3fd7.awda.hyd.me%2F&up=0&u=0
Requested by
Host: lavenderhaze.bad.download
URL: https://lavenderhaze.bad.download/hello.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.184.199.155 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-184-199-155.us-west-2.compute.amazonaws.com
Software
Caddy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://bad.download/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
date
Fri, 02 Aug 2024 09:25:17 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies
none
cross-origin-embedder-policy
require-corp
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
content-length
0
x-xss-protection
0
referrer-policy
no-referrer
server
Caddy
cross-origin-opener-policy
same-origin
etag
W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-ratelimit-remaining
2996
content-type
text/html; charset=utf-8
access-control-allow-origin
*
origin-agent-cluster
?1
x-ratelimit-reset
1722590723
x-ratelimit-limit
3000

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| cabin

0 Cookies