bad.download Open in urlscan Pro
2607:ff18:80::5fad Public Scan

Go To Rescan
Add Verdict Report

URL:
https://bad.download/?utm_campaign=hydme&utm_medium=paypal.com.0.security-confirmation.2b0f6f86f6e028fd9164f0ea12d17c...
Submission: On October 30 via api (October 30th 2024, 8:07:33 am UTC) from US — Scanned from DE

Summary HTTP 9 Redirects Links 14 Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 9 HTTP transactions. The main IP is 2607:ff18:80::5fad, located in United States and belongs to GRIDFURY-AS, US. The main domain is bad.download.
TLS certificate: Issued by E5 on September 13th 2024. Valid for: 3 months.

This is the only time bad.download was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
8	2607:ff18:80:... 2607:ff18:80::5fad		40630 (GRIDFURY-AS) (GRIDFURY-AS)
9	2

8 2607:ff18:80::5fad (United States)

ASN40630 (GRIDFURY-AS, US)

bad.download	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	bad.download bad.download lavenderhaze.bad.download Failed	39 KB
9	1

	Domain	Requested by
8	bad.download	bad.download
0	lavenderhaze.bad.download Failed	bad.download
9	2

This site contains links to these domains. Also see Links.

Domain
www.vistell.net
www.404media.co
neocities.org
www.asofterworld.com
boinc.berkeley.edu
web.archive.org
withcabin.com
en.wikipedia.org
kopimi.com

Subject Issuer	Validity	Valid
bad.download E5	`2024-09-13` - `2024-12-12`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://bad.download/?utm_campaign=hydme&utm_medium=paypal.com.0.security-confirmation.2b0f6f86f6e028fd9164f0ea12d17ca7.er44&utm_source=http
Frame ID: D1083356322174A30AA5A2B3B0A9865D
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

bad.download

Page Statistics

9
Requests

89 %
HTTPS

100 %
IPv6

1
Domains

2
Subdomains

2
IPs

1
Countries

39 kB
Transfer

48 kB
Size

0
Cookies

14 Outgoing links

These are links going to different origins than the main page.

URL: https://www.vistell.net/
Title: Vistell (Discord Bot for GPT-4 Vision)

Search URL Search Domain Scan URL

URL: https://www.404media.co/
Title: 404 Media (Tech News)

Search URL Search Domain Scan URL

URL: https://neocities.org/browse
Title: Neocities (Static Hosting)

Search URL Search Domain Scan URL

URL: https://www.asofterworld.com/index.php?id=721
Title: A Softer World (Comic)

Search URL Search Domain Scan URL

URL: https://boinc.berkeley.edu/
Title: BOINC (Donate Compute)

Search URL Search Domain Scan URL

URL: https://web.archive.org/web/20060601131154/http://www.firefox.com/

Search URL Search Domain Scan URL

URL: https://web.archive.org/web/19961220154856/http://www.aol.com/

Search URL Search Domain Scan URL

URL: https://web.archive.org/web/20010124041700/http://www.macromedia.com/software/flashplayer/

Search URL Search Domain Scan URL

URL: https://web.archive.org/web/20010520140719/http://www.apple.com/hardware/

Search URL Search Domain Scan URL

URL: https://web.archive.org/web/20040831083815/http://www.openoffice.org/

Search URL Search Domain Scan URL

URL: https://web.archive.org/web/20040808010220/http://www.win-rar.com/index.php

Search URL Search Domain Scan URL

URL: https://withcabin.com/privacy/bad.download
Title: User surveillance by Cabin

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Special:Random
Title: Random Wikipedia Article

Search URL Search Domain Scan URL

URL: https://kopimi.com/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response bad.download/	13 KB 4 KB	609ms 227ms	Document text/html	2607:ff18:80::5fad GRIDFURY-AS
General Check archive.org Show headers Download Go to Full URL https://bad.download/?utm_campaign=hydme&utm_medium=paypal.com.0.security-confirmation.2b0f6f86f6e028fd9164f0ea12d17ca7.er44&utm_source=http Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2607:ff18:80::5fad , United States, ASN40630 (GRIDFURY-AS, US), Reverse DNS Software Apache / Resource Hash `94147d534fe99dc681a4522ceb57bc97540595b30a8c4a26b903d8dc6e135a77` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Response headers accept-ranges bytes content-encoding gzip content-length 4017 content-type text/html; charset=UTF-8 date Wed, 30 Oct 2024 08:07:28 GMT etag "33d1-6198d4e4a7a7e" last-modified Wed, 29 May 2024 01:02:34 GMT server Apache vary Accept-Encoding via e8s
GET H2	200	sidebar-firefox.gif bad.download/images/	9 KB 9 KB	141ms 141ms	Image image/gif	2607:ff18:80::5fad GRIDFURY-AS
General Check archive.org Show headers Download Go to Show image Full URL https://bad.download/images/sidebar-firefox.gif Requested by Host: bad.download URL: https://bad.download/?utm_campaign=hydme&utm_medium=paypal.com.0.security-confirmation.2b0f6f86f6e028fd9164f0ea12d17ca7.er44&utm_source=http Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2607:ff18:80::5fad , United States, ASN40630 (GRIDFURY-AS, US), Reverse DNS Software Apache / Resource Hash `7314af11cafb8cca143391063d3c902cd50f6654599326f94d1c37478fafd039` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://bad.download/?utm_campaign=hydme&utm_medium=paypal.com.0.security-confirmation.2b0f6f86f6e028fd9164f0ea12d17ca7.er44&utm_source=http Response headers etag "244f-5f4771c4cefed" via e8s accept-ranges bytes content-length 9295 date Wed, 30 Oct 2024 08:07:28 GMT last-modified Sun, 12 Feb 2023 02:01:36 GMT content-type image/gif server Apache
GET H2	200	sidebar-aol-instant-messenger-aim.gif bad.download/images/	2 KB 2 KB	138ms 138ms	Image image/gif	2607:ff18:80::5fad GRIDFURY-AS
General Check archive.org Show headers Download Go to Show image Full URL https://bad.download/images/sidebar-aol-instant-messenger-aim.gif Requested by Host: bad.download URL: https://bad.download/?utm_campaign=hydme&utm_medium=paypal.com.0.security-confirmation.2b0f6f86f6e028fd9164f0ea12d17ca7.er44&utm_source=http Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2607:ff18:80::5fad , United States, ASN40630 (GRIDFURY-AS, US), Reverse DNS Software Apache / Resource Hash `c1ad76c98ee93aca2ff82e319ed2126f95486cc80abb1856b62e902f1c5218b4` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://bad.download/?utm_campaign=hydme&utm_medium=paypal.com.0.security-confirmation.2b0f6f86f6e028fd9164f0ea12d17ca7.er44&utm_source=http Response headers etag "6e1-5f4771a99062d" via e8s accept-ranges bytes content-length 1761 date Wed, 30 Oct 2024 08:07:28 GMT last-modified Sun, 12 Feb 2023 02:01:08 GMT content-type image/gif server Apache
GET H2	200	sidebar-macromedia-flashplayer.gif bad.download/images/	938 B 996 B	271ms 271ms	Image image/gif	2607:ff18:80::5fad GRIDFURY-AS
General Check archive.org Show headers Download Go to Show image Full URL https://bad.download/images/sidebar-macromedia-flashplayer.gif Requested by Host: bad.download URL: https://bad.download/?utm_campaign=hydme&utm_medium=paypal.com.0.security-confirmation.2b0f6f86f6e028fd9164f0ea12d17ca7.er44&utm_source=http Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2607:ff18:80::5fad , United States, ASN40630 (GRIDFURY-AS, US), Reverse DNS Software Apache / Resource Hash `3d6afaaf480f65d8479a5ac01471704ebbf6217ea10072f2e0ef0849a4a96cf3` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://bad.download/?utm_campaign=hydme&utm_medium=paypal.com.0.security-confirmation.2b0f6f86f6e028fd9164f0ea12d17ca7.er44&utm_source=http Response headers etag "3aa-5f4771a99832d" via e8s accept-ranges bytes content-length 938 date Wed, 30 Oct 2024 08:07:28 GMT last-modified Sun, 12 Feb 2023 02:01:08 GMT content-type image/gif server Apache
GET H2	200	sidebar-macos.gif bad.download/images/	2 KB 2 KB	142ms 142ms	Image image/gif	2607:ff18:80::5fad GRIDFURY-AS
General Check archive.org Show headers Download Go to Show image Full URL https://bad.download/images/sidebar-macos.gif Requested by Host: bad.download URL: https://bad.download/?utm_campaign=hydme&utm_medium=paypal.com.0.security-confirmation.2b0f6f86f6e028fd9164f0ea12d17ca7.er44&utm_source=http Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2607:ff18:80::5fad , United States, ASN40630 (GRIDFURY-AS, US), Reverse DNS Software Apache / Resource Hash `766c5986e6fc4dc69553d27d02b74714e73cfcb1ab0e1548a7662f19d3052a94` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://bad.download/?utm_campaign=hydme&utm_medium=paypal.com.0.security-confirmation.2b0f6f86f6e028fd9164f0ea12d17ca7.er44&utm_source=http Response headers etag "669-5f4771a93b6cd" via e8s accept-ranges bytes content-length 1641 date Wed, 30 Oct 2024 08:07:28 GMT last-modified Sun, 12 Feb 2023 02:01:07 GMT content-type image/gif server Apache
GET H2	200	sidebar-openoffice.gif bad.download/images/	3 KB 3 KB	139ms 139ms	Image image/gif	2607:ff18:80::5fad GRIDFURY-AS
General Check archive.org Show headers Download Go to Show image Full URL https://bad.download/images/sidebar-openoffice.gif Requested by Host: bad.download URL: https://bad.download/?utm_campaign=hydme&utm_medium=paypal.com.0.security-confirmation.2b0f6f86f6e028fd9164f0ea12d17ca7.er44&utm_source=http Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2607:ff18:80::5fad , United States, ASN40630 (GRIDFURY-AS, US), Reverse DNS Software Apache / Resource Hash `8f83f77a7c6e279c5d282859382174aba946ae2d27bf03f8c370023023dbd258` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://bad.download/?utm_campaign=hydme&utm_medium=paypal.com.0.security-confirmation.2b0f6f86f6e028fd9164f0ea12d17ca7.er44&utm_source=http Response headers etag "bf9-60ad8b96b6587" via e8s accept-ranges bytes content-length 3065 date Wed, 30 Oct 2024 08:07:28 GMT last-modified Thu, 23 Nov 2023 21:43:20 GMT content-type image/gif server Apache
GET H2	200	sidebar-winrar.gif bad.download/images/	4 KB 4 KB	143ms 143ms	Image image/gif	2607:ff18:80::5fad GRIDFURY-AS
General Check archive.org Show headers Download Go to Show image Full URL https://bad.download/images/sidebar-winrar.gif Requested by Host: bad.download URL: https://bad.download/?utm_campaign=hydme&utm_medium=paypal.com.0.security-confirmation.2b0f6f86f6e028fd9164f0ea12d17ca7.er44&utm_source=http Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2607:ff18:80::5fad , United States, ASN40630 (GRIDFURY-AS, US), Reverse DNS Software Apache / Resource Hash `0045ac32fbc9c9f7c0d032ec35169bd7dde337272cd2bbf126ad6dcddb839282` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://bad.download/?utm_campaign=hydme&utm_medium=paypal.com.0.security-confirmation.2b0f6f86f6e028fd9164f0ea12d17ca7.er44&utm_source=http Response headers etag "e00-60ad8b088876b" via e8s accept-ranges bytes content-length 3584 date Wed, 30 Oct 2024 08:07:28 GMT last-modified Thu, 23 Nov 2023 21:40:51 GMT content-type image/gif server Apache
GET H2	200	kopimi.png bad.download/images/	15 KB 15 KB	204ms 203ms	Image image/png	2607:ff18:80::5fad GRIDFURY-AS
General Check archive.org Show headers Download Go to Show image Full URL https://bad.download/images/kopimi.png Requested by Host: bad.download URL: https://bad.download/?utm_campaign=hydme&utm_medium=paypal.com.0.security-confirmation.2b0f6f86f6e028fd9164f0ea12d17ca7.er44&utm_source=http Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2607:ff18:80::5fad , United States, ASN40630 (GRIDFURY-AS, US), Reverse DNS Software Apache / Resource Hash `e9b570a154988c4931745d748cf4e28b8d8e79e729f762400185c6ae85ea8c80` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://bad.download/?utm_campaign=hydme&utm_medium=paypal.com.0.security-confirmation.2b0f6f86f6e028fd9164f0ea12d17ca7.er44&utm_source=http Response headers etag "3b94-60a8e197bde02" via e8s accept-ranges bytes content-length 15252 date Wed, 30 Oct 2024 08:07:28 GMT last-modified Mon, 20 Nov 2023 04:41:29 GMT content-type image/png server Apache
GET		hello.js lavenderhaze.bad.download/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: lavenderhaze.bad.download
URL: https://lavenderhaze.bad.download/hello.js

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bad.download
lavenderhaze.bad.download
lavenderhaze.bad.download
2607:ff18:80::5fad
0045ac32fbc9c9f7c0d032ec35169bd7dde337272cd2bbf126ad6dcddb839282
3d6afaaf480f65d8479a5ac01471704ebbf6217ea10072f2e0ef0849a4a96cf3
7314af11cafb8cca143391063d3c902cd50f6654599326f94d1c37478fafd039
766c5986e6fc4dc69553d27d02b74714e73cfcb1ab0e1548a7662f19d3052a94
8f83f77a7c6e279c5d282859382174aba946ae2d27bf03f8c370023023dbd258
94147d534fe99dc681a4522ceb57bc97540595b30a8c4a26b903d8dc6e135a77
c1ad76c98ee93aca2ff82e319ed2126f95486cc80abb1856b62e902f1c5218b4
e9b570a154988c4931745d748cf4e28b8d8e79e729f762400185c6ae85ea8c80

bad.download Open in urlscan Pro 2607:ff18:80::5fad Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

9 Requests

89 %HTTPS

100 %IPv6

1 Domains

2 Subdomains

2 IPs

1 Countries

39 kBTransfer

48 kBSize

0 Cookies

14 Outgoing links

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

0 Cookies

Indicators

bad.download Open in urlscan Pro
2607:ff18:80::5fad Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

89 %
HTTPS

100 %
IPv6

1
Domains

2
Subdomains

2
IPs

1
Countries

39 kB
Transfer

48 kB
Size

0
Cookies

9 HTTP transactions
0 data transactions