evrntzzldpad.duckdns.org Open in urlscan Pro
20.212.187.164 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://evrntzzldpad.duckdns.org/
Submission: On January 17 via api (January 17th 2022, 12:08:31 pm UTC) from JP — Scanned from JP

Summary HTTP 30 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 9 IPs in 5 countries across 9 domains to perform 30 HTTP transactions. The main IP is 20.212.187.164, located in Singapore, Singapore and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is evrntzzldpad.duckdns.org.
TLS certificate: Issued by R3 on January 15th 2022. Valid for: 3 months.

This is the only time evrntzzldpad.duckdns.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Gaming (Entertainment)

Domain & IP information

	IP Address	AS Autonomous System
22	20.212.187.164 20.212.187.164	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2606:4700::68... 2606:4700::6812:bcf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2404:6800:400... 2404:6800:4004:822::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:135e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:1a	20446 (HIGHWINDS3) (HIGHWINDS3)
1	128.1.157.225 128.1.157.225	21859 (ZEN-ECN) (ZEN-ECN)
1	65.21.235.194 65.21.235.194	24940 (HETZNER-AS) (HETZNER-AS)
1	2404:6800:400... 2404:6800:4004:80b::2003	15169 (GOOGLE) (GOOGLE)
1 2	65.9.29.148 65.9.29.148	16509 (AMAZON-02) (AMAZON-02)
30	9

22 20.212.187.164 (Singapore, Singapore)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

evrntzzldpad.duckdns.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)

stackpath.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2404:6800:4004:822::200a (Australia)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:135e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:1a (Netherlands)

ASN20446 (HIGHWINDS3, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 128.1.157.225 (United States)

ASN21859 (ZEN-ECN, US)

sdomino.boxiangyx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.21.235.194 (Helsinki, Finland)

ASN24940 (HETZNER-AS, DE)
PTR: static.194.235.21.65.clients.your-server.de

l.top4top.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2404:6800:4004:80b::2003 (Australia)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 65.9.29.148 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-65-9-29-148.nrt12.r.cloudfront.net

d1490khl9dq1ow.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dm0qx8t0i9gc9.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
22	duckdns.org evrntzzldpad.duckdns.org	4 MB
2	cloudfront.net 1 redirects d1490khl9dq1ow.cloudfront.net dm0qx8t0i9gc9.cloudfront.net	65 KB
1	gstatic.com fonts.gstatic.com	14 KB
1	top4top.io l.top4top.io — Cisco Umbrella Rank: 962716
1	boxiangyx.com sdomino.boxiangyx.com — Cisco Umbrella Rank: 705957	4 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 584	30 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 227	6 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 47	931 B
1	bootstrapcdn.com stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 2427	7 KB
30	9

	Domain	Requested by
22	evrntzzldpad.duckdns.org	evrntzzldpad.duckdns.org
1	dm0qx8t0i9gc9.cloudfront.net	evrntzzldpad.duckdns.org
1	d1490khl9dq1ow.cloudfront.net	1 redirects
1	fonts.gstatic.com	fonts.googleapis.com
1	l.top4top.io	evrntzzldpad.duckdns.org
1	sdomino.boxiangyx.com	evrntzzldpad.duckdns.org
1	code.jquery.com	evrntzzldpad.duckdns.org
1	cdnjs.cloudflare.com	evrntzzldpad.duckdns.org
1	fonts.googleapis.com	evrntzzldpad.duckdns.org
1	stackpath.bootstrapcdn.com	evrntzzldpad.duckdns.org
30	10

This site contains links to these domains. Also see Links.

Domain
www.facebook.com

Subject Issuer	Validity	Valid
webmail.evrntzzldpad.duckdns.org R3	`2022-01-15` - `2022-04-15`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-03-01` - `2022-02-28`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2021-07-14` - `2022-08-14`	a year	crt.sh
*.boxiangyx.com RapidSSL RSA CA 2018	`2020-05-12` - `2022-07-11`	2 years	crt.sh
top4top.io R3	`2022-01-13` - `2022-04-13`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://evrntzzldpad.duckdns.org/
Frame ID: 1785E5B38D5B96498628CF4F6FCAE40D
Requests: 30 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Higgs Domino : Event Lucky Spin

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

30
Requests

97 %
HTTPS

56 %
IPv6

9
Domains

10
Subdomains

9
IPs

5
Countries

3832 kB
Transfer

6015 kB
Size

0
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/login/identify/?ctx=recover&ars=facebook_login/
Title: Lupa Kata Sandi?

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 28

https://d1490khl9dq1ow.cloudfront.net/sfx/mp3preview/wheel-spin_Gk0rCUV_.mp3 HTTP 301
https://dm0qx8t0i9gc9.cloudfront.net/watermarks/audio/BsTwCwBHBjzwub4i4/wheel-spin_Gk0rCUV__WM.mp3

30 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
evrntzzldpad.duckdns.org/ 13 KB
13 KB 430ms
95ms Document
text/html 20.212.187.164
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://evrntzzldpad.duckdns.org/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 20.212.187.164 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Apache /
Resource Hash: 04f38f60b6b09ceda22485d489ede4ff04048afe21b18a62a892a4ec3c56c505

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: jp-JP,jp;q=0.9

Response headers

Date: Mon, 17 Jan 2022 12:08:25 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK style.css
evrntzzldpad.duckdns.org/css/ 3 KB
3 KB 76ms
76ms Stylesheet
text/css 20.212.187.164
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://evrntzzldpad.duckdns.org/css/style.css
Requested by: Host: evrntzzldpad.duckdns.org
URL: https://evrntzzldpad.duckdns.org/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 20.212.187.164 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Apache /
Resource Hash: a79a39eb146bbf56d0bcaf3e70edbbc445c683bad3b0dfd8e8fdb4205b8316bb

Request headers

Accept-Language: jp-JP,jp;q=0.9
Referer: https://evrntzzldpad.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 17 Jan 2022 12:08:26 GMT
Last-Modified: Tue, 02 Nov 2021 14:44:46 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 2903

GET
H/1.1 200
OK style-zone.css
evrntzzldpad.duckdns.org/css/ 13 KB
14 KB 156ms
77ms Stylesheet
text/css 20.212.187.164
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://evrntzzldpad.duckdns.org/css/style-zone.css
Requested by: Host: evrntzzldpad.duckdns.org
URL: https://evrntzzldpad.duckdns.org/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 20.212.187.164 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Apache /
Resource Hash: 6775cd0935f89a69c812b2b8c2891910f21f81ccd3d15454a1319eb24c9bb02f

Request headers

Accept-Language: jp-JP,jp;q=0.9
Referer: https://evrntzzldpad.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 17 Jan 2022 12:08:26 GMT
Last-Modified: Tue, 02 Nov 2021 14:44:46 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 13699

GET
H/1.1 200
OK zero-zone.css
evrntzzldpad.duckdns.org/css/ 4 KB
5 KB 227ms
75ms Stylesheet
text/css 20.212.187.164
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://evrntzzldpad.duckdns.org/css/zero-zone.css
Requested by: Host: evrntzzldpad.duckdns.org
URL: https://evrntzzldpad.duckdns.org/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 20.212.187.164 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Apache /
Resource Hash: 649552ada4ccd682ae941409408fa4fbed8b728547d322f3e1ff679100e33530

Request headers

Accept-Language: jp-JP,jp;q=0.9
Referer: https://evrntzzldpad.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 17 Jan 2022 12:08:26 GMT
Last-Modified: Tue, 02 Nov 2021 14:44:46 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 4569

GET
H/1.1 200
OK facebook.css
evrntzzldpad.duckdns.org/css/ 3 KB
4 KB 228ms
76ms Stylesheet
text/css 20.212.187.164
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://evrntzzldpad.duckdns.org/css/facebook.css
Requested by: Host: evrntzzldpad.duckdns.org
URL: https://evrntzzldpad.duckdns.org/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 20.212.187.164 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Apache /
Resource Hash: 4007b5116851045d53b426c5681811cd2b87a878bb1b5d32a2e6199091054987

Request headers

Accept-Language: jp-JP,jp;q=0.9
Referer: https://evrntzzldpad.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 17 Jan 2022 12:08:26 GMT
Last-Modified: Tue, 02 Nov 2021 14:44:46 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 3372

GET
H/1.1 200
OK twitter.css
evrntzzldpad.duckdns.org/css/ 1 KB
2 KB 234ms
76ms Stylesheet
text/css 20.212.187.164
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://evrntzzldpad.duckdns.org/css/twitter.css
Requested by: Host: evrntzzldpad.duckdns.org
URL: https://evrntzzldpad.duckdns.org/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 20.212.187.164 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Apache /
Resource Hash: 3878d28d15feba7e3531c12a2de6eee6a8a2fb6603133bd2fffbc2da75f6cbbd

Request headers

Accept-Language: jp-JP,jp;q=0.9
Referer: https://evrntzzldpad.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 17 Jan 2022 12:08:26 GMT
Last-Modified: Tue, 02 Nov 2021 14:44:46 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 1516

GET
H2 200 font-awesome.min.css
stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/ 30 KB
7 KB 28ms
19ms Stylesheet
text/css 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css

Requested by

Host: evrntzzldpad.duckdns.org
URL: https://evrntzzldpad.duckdns.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://evrntzzldpad.duckdns.org/
Origin: https://evrntzzldpad.duckdns.org
Accept-Language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 12:08:26 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 603
age: 28649
cdn-cachedat: 09/21/2021 22:23:33
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
cdn-proxyver: 1.0
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: 33cd2db32f92db2ccbf4f82449f47943
cf-ray: 6cef780ad87b1f47-NRT
cdn-requestcountrycode: US
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 css2
fonts.googleapis.com/ 1 KB
931 B 82ms
38ms Stylesheet
text/css 2404:6800:4004:822::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Teko&display=swap

Requested by

Host: evrntzzldpad.duckdns.org
URL: https://evrntzzldpad.duckdns.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4004:822::200a , Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

572b033ea8f1072b9cbbd17462095c08c070b3e898ec8952d3fc2228577e7dc4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: jp-JP,jp;q=0.9
Referer: https://evrntzzldpad.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 17 Jan 2022 11:37:37 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 17 Jan 2022 12:08:26 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 17 Jan 2022 12:08:26 GMT

GET
H2 200 material-design-iconic-font.min.css
cdnjs.cloudflare.com/ajax/libs/material-design-iconic-font/2.2.0/css/ 69 KB
6 KB 18ms
11ms Stylesheet
text/css 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/material-design-iconic-font/2.2.0/css/material-design-iconic-font.min.css

Requested by

Host: evrntzzldpad.duckdns.org
URL: https://evrntzzldpad.duckdns.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dec3e9f0190a504ed0c8f4a5e957c107206ba106cac4a1bbb6cbac6369a16d56

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: jp-JP,jp;q=0.9
Referer: https://evrntzzldpad.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 12:08:26 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 2885618
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 5845
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:12:09 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ed9-1149f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Frd9%2F%2BrX5oROn%2BebG0TP3Cydy8F1rYbuND%2FkLdfLBihailzwjDCPQ%2Bcjz1iQUKgT%2BVUM1dwfX5VjIcNAdqCDjX7Jz84vTA%2B0xsJtMHYr7WsjYHwJHH%2BjuGAIPI7vIcNvyHMIH0%2FJVvY5um59%2BQ7Dt9gW"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6cef780ad9f7206b-NRT
expires: Sat, 07 Jan 2023 12:08:26 GMT

GET
H/1.1 200
OK spin.png
evrntzzldpad.duckdns.org/img/ 749 KB
749 KB 159ms
75ms Image
image/png 20.212.187.164
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://evrntzzldpad.duckdns.org/img/spin.png
Requested by: Host: evrntzzldpad.duckdns.org
URL: https://evrntzzldpad.duckdns.org/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 20.212.187.164 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Apache /
Resource Hash: b16134ff62d29e9b9c97e64dd2f9e0020910e104454d784ad9d5d6dee968b4be

Request headers

Accept-Language: jp-JP,jp;q=0.9
Referer: https://evrntzzldpad.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 17 Jan 2022 12:08:26 GMT
Last-Modified: Tue, 02 Nov 2021 14:44:46 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 766717

GET
H/1.1 200
OK logo.png
evrntzzldpad.duckdns.org/img/ 5 KB
5 KB 79ms
76ms Image
image/png 20.212.187.164
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://evrntzzldpad.duckdns.org/img/logo.png
Requested by: Host: evrntzzldpad.duckdns.org
URL: https://evrntzzldpad.duckdns.org/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 20.212.187.164 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Apache /
Resource Hash: 246bfcc681a0143890127bf31f78382dab2b83c3d8809137ff416c3dd47f7bdd

Request headers

Accept-Language: jp-JP,jp;q=0.9
Referer: https://evrntzzldpad.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 17 Jan 2022 12:08:26 GMT
Last-Modified: Tue, 02 Nov 2021 14:44:46 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 5237

GET
H2 200 jquery-3.6.0.min.js Show response
code.jquery.com/ 87 KB
30 KB 702ms
233ms Script
application/javascript 2001:4de0:ac18::1:a:1a
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.6.0.min.js
Requested by: Host: evrntzzldpad.duckdns.org
URL: https://evrntzzldpad.duckdns.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:1a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: nginx /
Resource Hash: ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

Referer: https://evrntzzldpad.duckdns.org/
Origin: https://evrntzzldpad.duckdns.org
Accept-Language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 12:08:26 GMT
content-encoding: gzip
last-modified: Tue, 02 Mar 2021 17:27:20 GMT
server: nginx
etag: W/"603e7578-15d9d"
vary: Accept-Encoding
x-hw: 1642421306.dop039.pa1.t,1642421306.cds230.pa1.hn,1642421306.cds047.pa1.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 30875

GET
H/1.1 200
OK style.js Show response
evrntzzldpad.duckdns.org/js/ 1 KB
1 KB 230ms
74ms Script
application/javascript 20.212.187.164
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://evrntzzldpad.duckdns.org/js/style.js
Requested by: Host: evrntzzldpad.duckdns.org
URL: https://evrntzzldpad.duckdns.org/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 20.212.187.164 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Apache /
Resource Hash: cab0c6dc0debdf79124e922294930f3d637a5a5fe91d8b3df9938ca6d740a451

Request headers

Accept-Language: jp-JP,jp;q=0.9
Referer: https://evrntzzldpad.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 17 Jan 2022 12:08:26 GMT
Last-Modified: Tue, 02 Nov 2021 14:44:46 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 1134

GET
H/1.1 200
OK facebook_text.png
evrntzzldpad.duckdns.org/img/login/ 28 KB
28 KB 77ms
76ms Image
image/png 20.212.187.164
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://evrntzzldpad.duckdns.org/img/login/facebook_text.png
Requested by: Host: evrntzzldpad.duckdns.org
URL: https://evrntzzldpad.duckdns.org/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 20.212.187.164 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Apache /
Resource Hash: 092a3cd5f86b3f039feefdeb86694cd16ae545af214cfda614bdbbe2d1bde401

Request headers

Accept-Language: jp-JP,jp;q=0.9
Referer: https://evrntzzldpad.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 17 Jan 2022 12:08:26 GMT
Last-Modified: Tue, 02 Nov 2021 14:44:46 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 28789

GET
H/1.1 200
OK thumbnail.png
evrntzzldpad.duckdns.org/img/ 252 KB
252 KB 76ms
75ms Image
image/png 20.212.187.164
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://evrntzzldpad.duckdns.org/img/thumbnail.png
Requested by: Host: evrntzzldpad.duckdns.org
URL: https://evrntzzldpad.duckdns.org/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 20.212.187.164 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Apache /
Resource Hash: 13ec4a5f9b0724e1b674f02d0459ec8099677578285936cde90897ec5e2e13fc

Request headers

Accept-Language: jp-JP,jp;q=0.9
Referer: https://evrntzzldpad.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 17 Jan 2022 12:08:26 GMT
Last-Modified: Tue, 02 Nov 2021 14:44:46 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 257936

GET
H/1.1 200
OK twitter_text.png
evrntzzldpad.duckdns.org/img/login/ 2 KB
2 KB 78ms
75ms Image
image/png 20.212.187.164
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://evrntzzldpad.duckdns.org/img/login/twitter_text.png
Requested by: Host: evrntzzldpad.duckdns.org
URL: https://evrntzzldpad.duckdns.org/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 20.212.187.164 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Apache /
Resource Hash: 153e896235ec6b790db8e822baa949a5dbd774b7060a5b68f97705a04d9e940a

Request headers

Accept-Language: jp-JP,jp;q=0.9
Referer: https://evrntzzldpad.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 17 Jan 2022 12:08:26 GMT
Last-Modified: Tue, 02 Nov 2021 14:44:46 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 2017

GET
H2 200 submit_btn.png
sdomino.boxiangyx.com/images/website/webShop/ 4 KB
4 KB 9ms
2ms Image
image/png 128.1.157.225
ZEN-ECN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sdomino.boxiangyx.com/images/website/webShop/submit_btn.png
Requested by: Host: evrntzzldpad.duckdns.org
URL: https://evrntzzldpad.duckdns.org/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 128.1.157.225 , United States, ASN21859 (ZEN-ECN, US),
Reverse DNS
Software: Tengine /
Resource Hash: bd55d570d64508099db3b916fccc7a95a9234077087c9deeaf5d560b18619179

Request headers

Accept-Language: jp-JP,jp;q=0.9
Referer: https://evrntzzldpad.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sun, 09 Jan 2022 22:42:41 GMT
via: cache38.l2hk71[0,0,304-0,H], cache38.l2hk71[1,0], cache17.jp6[0,0,200-0,H], cache6.jp6[1,0]
age: 653145
x-cache: HIT TCP_HIT dirn:13:835184717
x-swift-cachetime: 2572430
x-swift-savetime: Mon, 10 Jan 2022 04:08:51 GMT
content-length: 4165
last-modified: Wed, 12 Jun 2019 06:06:48 GMT
server: Tengine
etag: "5d009678-1045"
ali-swift-global-savetime: 1641768161
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
eagleid: 80019d9a16424213060615857e
expires: Tue, 08 Feb 2022 22:42:41 GMT

GET
H/1.1 200
OK 1.png
evrntzzldpad.duckdns.org/img/reward/ 400 KB
401 KB 80ms
78ms Image
image/png 20.212.187.164
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://evrntzzldpad.duckdns.org/img/reward/1.png
Requested by: Host: evrntzzldpad.duckdns.org
URL: https://evrntzzldpad.duckdns.org/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 20.212.187.164 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Apache /
Resource Hash: 66f719d5112fefcc421096799ffc550b2ad31a925dba7969af98a569cd81ae90

Request headers

Accept-Language: jp-JP,jp;q=0.9
Referer: https://evrntzzldpad.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 17 Jan 2022 12:08:26 GMT
Last-Modified: Tue, 02 Nov 2021 14:44:46 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 409926

GET
H/1.1 200
OK 2.png
evrntzzldpad.duckdns.org/img/reward/ 468 KB
468 KB 76ms
75ms Image
image/png 20.212.187.164
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://evrntzzldpad.duckdns.org/img/reward/2.png
Requested by: Host: evrntzzldpad.duckdns.org
URL: https://evrntzzldpad.duckdns.org/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 20.212.187.164 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Apache /
Resource Hash: 1a79f647d774ddeff9fa9cc43d0823772df1ffbac5a9b10dc35a11f23ce37e5c

Request headers

Accept-Language: jp-JP,jp;q=0.9
Referer: https://evrntzzldpad.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 17 Jan 2022 12:08:26 GMT
Last-Modified: Tue, 02 Nov 2021 14:44:46 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 478922

GET
H/1.1 200
OK 3.png
evrntzzldpad.duckdns.org/img/reward/ 480 KB
480 KB 77ms
77ms Image
image/png 20.212.187.164
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://evrntzzldpad.duckdns.org/img/reward/3.png
Requested by: Host: evrntzzldpad.duckdns.org
URL: https://evrntzzldpad.duckdns.org/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 20.212.187.164 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Apache /
Resource Hash: eb7de2cf49044512a3e735e62e6038b850dedd84569d97a612a034f3e0bc86a6

Request headers

Accept-Language: jp-JP,jp;q=0.9
Referer: https://evrntzzldpad.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 17 Jan 2022 12:08:26 GMT
Last-Modified: Tue, 02 Nov 2021 14:44:46 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 491278

GET
H/1.1 200
OK 4.png
evrntzzldpad.duckdns.org/img/reward/ 411 KB
412 KB 451ms
451ms Image
image/png 20.212.187.164
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://evrntzzldpad.duckdns.org/img/reward/4.png
Requested by: Host: evrntzzldpad.duckdns.org
URL: https://evrntzzldpad.duckdns.org/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 20.212.187.164 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Apache /
Resource Hash: 62765d7d74e2af9e5fcba1665adef75f9e900e3307a615ff0e30811dd346e98e

Request headers

Accept-Language: jp-JP,jp;q=0.9
Referer: https://evrntzzldpad.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 17 Jan 2022 12:08:26 GMT
Last-Modified: Tue, 02 Nov 2021 14:44:46 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 421134

GET
H/1.1 200
OK 5.png
evrntzzldpad.duckdns.org/img/reward/ 447 KB
447 KB 76ms
75ms Image
image/png 20.212.187.164
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://evrntzzldpad.duckdns.org/img/reward/5.png
Requested by: Host: evrntzzldpad.duckdns.org
URL: https://evrntzzldpad.duckdns.org/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 20.212.187.164 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Apache /
Resource Hash: 4c5a39024eda9a75130801ae65c1543d139b3cc999e60c2c094d0ee15788ca0f

Request headers

Accept-Language: jp-JP,jp;q=0.9
Referer: https://evrntzzldpad.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 17 Jan 2022 12:08:26 GMT
Last-Modified: Tue, 02 Nov 2021 14:44:46 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 457269

GET
H/1.1 200
OK 6.png
evrntzzldpad.duckdns.org/img/reward/ 398 KB
398 KB 77ms
77ms Image
image/png 20.212.187.164
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://evrntzzldpad.duckdns.org/img/reward/6.png
Requested by: Host: evrntzzldpad.duckdns.org
URL: https://evrntzzldpad.duckdns.org/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 20.212.187.164 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Apache /
Resource Hash: 338cd463d7866cb42a822f096472fa463e81fa2aac59590582077131624b7fa2

Request headers

Accept-Language: jp-JP,jp;q=0.9
Referer: https://evrntzzldpad.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 17 Jan 2022 12:08:26 GMT
Last-Modified: Tue, 02 Nov 2021 14:44:46 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Content-Length: 407088

GET
H2 206 m_2067lyui91.mp4
l.top4top.io/ 2 MB
0 1105ms
545ms Media
video/mp4 65.21.235.194
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://l.top4top.io/m_2067lyui91.mp4
Requested by: Host: evrntzzldpad.duckdns.org
URL: https://evrntzzldpad.duckdns.org/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 65.21.235.194 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.194.235.21.65.clients.your-server.de
Software: nginx /
Resource Hash

Request headers

Referer: https://evrntzzldpad.duckdns.org/
Accept-Encoding: identity;q=1, *;q=0
Accept-Language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Range: bytes=0-

Response headers

x-file-id: x40415615x
date: Mon, 17 Jan 2022 12:08:26 GMT
last-modified: Sun, 29 Aug 2021 18:07:21 GMT
server: nginx
etag: "612bccd9-25371b"
content-type: video/mp4
Content-Range: bytes 0-2438938/2438939
cache-control: max-age=7200
content-disposition: inline; filename="header%20(1).mp4"
Content-Length: 2438939
expires: Mon, 17 Jan 2022 14:08:26 GMT

GET
H/1.1 200
OK container.jpg
evrntzzldpad.duckdns.org/img/ 1 KB
2 KB 101ms
75ms Image
image/jpeg 20.212.187.164
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://evrntzzldpad.duckdns.org/img/container.jpg
Requested by: Host: evrntzzldpad.duckdns.org
URL: https://evrntzzldpad.duckdns.org/css/style-zone.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 20.212.187.164 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Apache /
Resource Hash: e2604abe9be04f13d3e207f22f8be96df9364700272c10a0f75d57765f04560a

Request headers

Accept-Language: jp-JP,jp;q=0.9
Referer: https://evrntzzldpad.duckdns.org/css/style-zone.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 17 Jan 2022 12:08:26 GMT
Last-Modified: Tue, 02 Nov 2021 14:44:46 GMT
Server: Apache
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 1512

GET
H/1.1 200
OK subheader.png
evrntzzldpad.duckdns.org/img/ 6 KB
6 KB 177ms
75ms Image
image/png 20.212.187.164
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://evrntzzldpad.duckdns.org/img/subheader.png
Requested by: Host: evrntzzldpad.duckdns.org
URL: https://evrntzzldpad.duckdns.org/css/style-zone.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 20.212.187.164 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Apache /
Resource Hash: 11aa4f88089f576a689265136a18fbc0ff15ada4fbca903530a4cc458b0f2faa

Request headers

Accept-Language: jp-JP,jp;q=0.9
Referer: https://evrntzzldpad.duckdns.org/css/style-zone.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 17 Jan 2022 12:08:26 GMT
Last-Modified: Tue, 02 Nov 2021 14:44:46 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 5974

GET
H/1.1 200
OK item.png
evrntzzldpad.duckdns.org/img/ 1 KB
1 KB 160ms
76ms Image
image/png 20.212.187.164
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://evrntzzldpad.duckdns.org/img/item.png
Requested by: Host: evrntzzldpad.duckdns.org
URL: https://evrntzzldpad.duckdns.org/css/zero-zone.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 20.212.187.164 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Apache /
Resource Hash: dd08a3c5350279bba5d4b7f57e861d4f284f1d2f2b9ea983d190e1146a7551a8

Request headers

Accept-Language: jp-JP,jp;q=0.9
Referer: https://evrntzzldpad.duckdns.org/css/zero-zone.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 17 Jan 2022 12:08:26 GMT
Last-Modified: Tue, 02 Nov 2021 14:44:46 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 1077

GET
H2 200 LYjNdG7kmE0gfaN9pQ.woff2
fonts.gstatic.com/s/teko/v10/ 13 KB
14 KB 49ms
5ms Font
font/woff2 2404:6800:4004:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/teko/v10/LYjNdG7kmE0gfaN9pQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Teko&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4004:80b::2003 , Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

51b6a852f98c7140040a19aeed7333059105f04271c132beef28e0f28b86ae48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://evrntzzldpad.duckdns.org
Accept-Language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 07:58:52 GMT
x-content-type-options: nosniff
age: 446974
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13324
x-xss-protection: 0
last-modified: Tue, 01 Sep 2020 05:26:11 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 12 Jan 2023 07:58:52 GMT

GET
H/1.1 200
OK /
evrntzzldpad.duckdns.org/ 13 KB
13 KB 95ms
94ms Image
text/html 20.212.187.164
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://evrntzzldpad.duckdns.org/
Requested by: Host: evrntzzldpad.duckdns.org
URL: https://evrntzzldpad.duckdns.org/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 20.212.187.164 Singapore, Singapore, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: jp-JP,jp;q=0.9
Referer: https://evrntzzldpad.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 17 Jan 2022 12:08:27 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=94
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H2

206

wheel-spin_Gk0rCUV__WM.mp3
dm0qx8t0i9gc9.cloudfront.net/watermarks/audio/BsTwCwBHBjzwub4i4/
Redirect Chain

https://d1490khl9dq1ow.cloudfront.net/sfx/mp3preview/wheel-spin_Gk0rCUV_.mp3
https://dm0qx8t0i9gc9.cloudfront.net/watermarks/audio/BsTwCwBHBjzwub4i4/wheel-spin_Gk0rCUV__WM.mp3?

64 KB
64 KB

50ms
40ms

Media
audio/mpeg

65.9.29.148
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dm0qx8t0i9gc9.cloudfront.net/watermarks/audio/BsTwCwBHBjzwub4i4/wheel-spin_Gk0rCUV__WM.mp3?
Requested by: Host: evrntzzldpad.duckdns.org
URL: https://evrntzzldpad.duckdns.org/
Protocol: H2
Server: 65.9.29.148 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-29-148.nrt12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 073078020f08a608e9d44790cae2932474de828460db511644e06c1036389f36

Request headers

Accept-Language: jp-JP,jp;q=0.9
Referer: https://evrntzzldpad.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id: ouoq1gBldIQ3t4fd9gcLxPg04__gEaBd
via: 1.1 81f996ec256b4b15c47b23df66cf2372.cloudfront.net (CloudFront)
etag: "dae4c980d2caf7c4fb5c85f0896a46c9"
age: 56501
x-cache: Hit from cloudfront
Content-Range: bytes 0-65155/65156
cross-origin-resource-policy: cross-origin
x-amz-request-id: XT1EQRMQV68TMK9P
x-amz-id-2: u93tWt8WIg4sy3nzBhpMnpzF0CG6R2STgnsrpgRXk/eYxyCRuzjLw3Ie1RnCdvBodclu5UMqhMM=
accept-ranges: bytes
last-modified: Thu, 01 Jul 2021 20:58:38 GMT
server: AmazonS3
date: Sun, 16 Jan 2022 20:26:47 GMT
content-type: audio/mpeg
x-amz-cf-pop: NRT12-C5
Content-Length: 65156
x-amz-cf-id: QYpaTEh_P_II62DjW1NYZzOanCEuJuNRU8f7Wk-GJneo8j5zXZp17w==

Redirect headers

date: Mon, 17 Jan 2022 04:52:36 GMT
via: 1.1 0706bdcc30b9021a492a2676497fddf2.cloudfront.net (CloudFront), 1.1 81f996ec256b4b15c47b23df66cf2372.cloudfront.net (CloudFront)
age: 26151
x-amzn-requestid: c920e027-9c1d-4860-b2ab-ba50c7e37eeb
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-disposition: attachment
x-amz-apigw-id: MEtjOFBXIAMFUYA=
content-length: 679
access-control-allow-origin: *
server: CloudFront
x-amzn-trace-id: Root=1-61e4f614-77feef5f62531374199acb78;Sampled=0
content-type: application/json
location: https://dm0qx8t0i9gc9.cloudfront.net/watermarks/audio/BsTwCwBHBjzwub4i4/wheel-spin_Gk0rCUV__WM.mp3?
cache-control: max-age=86400
x-amz-cf-pop: NRT12-C5, NRT12-C5
x-amz-cf-id: xIZfGLKcafIcRgIBm-by-M64K2v1UT_kPneCdxcgtemauQtdCOa3iw==

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Gaming (Entertainment)

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdnjs.cloudflare.com
code.jquery.com
d1490khl9dq1ow.cloudfront.net
dm0qx8t0i9gc9.cloudfront.net
evrntzzldpad.duckdns.org
fonts.googleapis.com
fonts.gstatic.com
l.top4top.io
sdomino.boxiangyx.com
stackpath.bootstrapcdn.com
128.1.157.225
20.212.187.164
2001:4de0:ac18::1:a:1a
2404:6800:4004:80b::2003
2404:6800:4004:822::200a
2606:4700::6810:135e
2606:4700::6812:bcf
65.21.235.194
65.9.29.148
04f38f60b6b09ceda22485d489ede4ff04048afe21b18a62a892a4ec3c56c505
073078020f08a608e9d44790cae2932474de828460db511644e06c1036389f36
092a3cd5f86b3f039feefdeb86694cd16ae545af214cfda614bdbbe2d1bde401
11aa4f88089f576a689265136a18fbc0ff15ada4fbca903530a4cc458b0f2faa
13ec4a5f9b0724e1b674f02d0459ec8099677578285936cde90897ec5e2e13fc
153e896235ec6b790db8e822baa949a5dbd774b7060a5b68f97705a04d9e940a
1a79f647d774ddeff9fa9cc43d0823772df1ffbac5a9b10dc35a11f23ce37e5c
246bfcc681a0143890127bf31f78382dab2b83c3d8809137ff416c3dd47f7bdd
338cd463d7866cb42a822f096472fa463e81fa2aac59590582077131624b7fa2
3878d28d15feba7e3531c12a2de6eee6a8a2fb6603133bd2fffbc2da75f6cbbd
4007b5116851045d53b426c5681811cd2b87a878bb1b5d32a2e6199091054987
4c5a39024eda9a75130801ae65c1543d139b3cc999e60c2c094d0ee15788ca0f
51b6a852f98c7140040a19aeed7333059105f04271c132beef28e0f28b86ae48
572b033ea8f1072b9cbbd17462095c08c070b3e898ec8952d3fc2228577e7dc4
62765d7d74e2af9e5fcba1665adef75f9e900e3307a615ff0e30811dd346e98e
649552ada4ccd682ae941409408fa4fbed8b728547d322f3e1ff679100e33530
66f719d5112fefcc421096799ffc550b2ad31a925dba7969af98a569cd81ae90
6775cd0935f89a69c812b2b8c2891910f21f81ccd3d15454a1319eb24c9bb02f
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
a79a39eb146bbf56d0bcaf3e70edbbc445c683bad3b0dfd8e8fdb4205b8316bb
b16134ff62d29e9b9c97e64dd2f9e0020910e104454d784ad9d5d6dee968b4be
bd55d570d64508099db3b916fccc7a95a9234077087c9deeaf5d560b18619179
cab0c6dc0debdf79124e922294930f3d637a5a5fe91d8b3df9938ca6d740a451
dd08a3c5350279bba5d4b7f57e861d4f284f1d2f2b9ea983d190e1146a7551a8
dec3e9f0190a504ed0c8f4a5e957c107206ba106cac4a1bbb6cbac6369a16d56
e2604abe9be04f13d3e207f22f8be96df9364700272c10a0f75d57765f04560a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eb7de2cf49044512a3e735e62e6038b850dedd84569d97a612a034f3e0bc86a6
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

evrntzzldpad.duckdns.org Open in urlscan Pro 20.212.187.164 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

30 Requests

97 %HTTPS

56 %IPv6

9 Domains

10 Subdomains

9 IPs

5 Countries

3832 kBTransfer

6015 kBSize

0 Cookies

1 Outgoing links

Redirected requests

30 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

evrntzzldpad.duckdns.org Open in urlscan Pro
20.212.187.164 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

30
Requests

97 %
HTTPS

56 %
IPv6

9
Domains

10
Subdomains

9
IPs

5
Countries

3832 kB
Transfer

6015 kB
Size

0
Cookies

30 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!