bad.download
Open in
urlscan Pro
208.94.117.188
Public Scan
Effective URL: https://bad.download/?utm_campaign=hydme&utm_medium=com.0.security-confirmation.3ab8ead9635bb05d63b15c8ce9623d9e.awda...
Submission: On March 06 via api from US — Scanned from US
Summary
TLS certificate: Issued by R3 on January 22nd 2024. Valid for: 3 months.
This is the only time bad.download was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 111.90.144.112 111.90.144.112 | 45839 (SHINJIRU-...) (SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd) | |
8 | 208.94.117.188 208.94.117.188 | 40630 (GRIDFURY-AS) (GRIDFURY-AS) | |
4 | 54.184.199.155 54.184.199.155 | 16509 (AMAZON-02) (AMAZON-02) | |
12 | 2 |
ASN45839 (SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd, MY)
PTR: server1.kamon.la
com.0.security-confirmation.3ab8ead9635bb05d63b15c8ce9623d9e.awda.hyd.me |
ASN40630 (GRIDFURY-AS, US)
PTR: ip-208-94-117-188.sites.nearlyfreespeech.net
bad.download |
ASN16509 (AMAZON-02, US)
PTR: ec2-54-184-199-155.us-west-2.compute.amazonaws.com
lavenderhaze.bad.download |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
bad.download
bad.download lavenderhaze.bad.download |
42 KB |
1 |
hyd.me
1 redirects
com.0.security-confirmation.3ab8ead9635bb05d63b15c8ce9623d9e.awda.hyd.me |
389 B |
12 | 2 |
Domain | Requested by | |
---|---|---|
8 | bad.download |
bad.download
|
4 | lavenderhaze.bad.download |
bad.download
lavenderhaze.bad.download |
1 | com.0.security-confirmation.3ab8ead9635bb05d63b15c8ce9623d9e.awda.hyd.me | 1 redirects |
12 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.vistell.net |
www.404media.co |
neocities.org |
www.asofterworld.com |
boinc.berkeley.edu |
web.archive.org |
withcabin.com |
en.wikipedia.org |
Subject Issuer | Validity | Valid | |
---|---|---|---|
bad.download R3 |
2024-01-22 - 2024-04-21 |
3 months | crt.sh |
lavenderhaze.bad.download R3 |
2024-03-03 - 2024-06-01 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://bad.download/?utm_campaign=hydme&utm_medium=com.0.security-confirmation.3ab8ead9635bb05d63b15c8ce9623d9e.awda&utm_source=https://com.0.security-confirmation.3ab8ead9635bb05d63b15c8ce9623d9e.awda.hyd.me/
Frame ID: 62B91530B4FAD26F982E722BB6FA1AA9
Requests: 12 HTTP requests in this frame
Screenshot
Page Title
bad.downloadPage URL History Show full URLs
-
https://com.0.security-confirmation.3ab8ead9635bb05d63b15c8ce9623d9e.awda.hyd.me/
HTTP 302
https://bad.download/?utm_campaign=hydme&utm_medium=com.0.security-confirmation.3ab8ead9635bb05d6... Page URL
Page Statistics
14 Outgoing links
These are links going to different origins than the main page.
Title: Vistell (Discord Bot for GPT-4 Vision)
Search URL Search Domain Scan URL
Title: 404 Media (Tech News)
Search URL Search Domain Scan URL
Title: Neocities (Static Hosting)
Search URL Search Domain Scan URL
Title: A Softer World (Comic)
Search URL Search Domain Scan URL
Title: BOINC (Donate Compute)
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: User surveillance by Cabin
Search URL Search Domain Scan URL
Title: Random Wikipedia Article
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://com.0.security-confirmation.3ab8ead9635bb05d63b15c8ce9623d9e.awda.hyd.me/
HTTP 302
https://bad.download/?utm_campaign=hydme&utm_medium=com.0.security-confirmation.3ab8ead9635bb05d63b15c8ce9623d9e.awda&utm_source=https://com.0.security-confirmation.3ab8ead9635bb05d63b15c8ce9623d9e.awda.hyd.me/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
bad.download/ Redirect Chain
|
13 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sidebar-firefox.gif
bad.download/images/ |
9 KB 9 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sidebar-aol-instant-messenger-aim.gif
bad.download/images/ |
2 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sidebar-macromedia-flashplayer.gif
bad.download/images/ |
938 B 987 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sidebar-macos.gif
bad.download/images/ |
2 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sidebar-openoffice.gif
bad.download/images/ |
3 KB 3 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sidebar-winrar.gif
bad.download/images/ |
4 KB 4 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
kopimi.png
bad.download/images/ |
15 KB 15 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hello.js
lavenderhaze.bad.download/ |
2 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cache
lavenderhaze.bad.download/ |
1 B 703 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cache
lavenderhaze.bad.download/ |
1 B 49 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hello
lavenderhaze.bad.download/ |
0 68 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| cabin0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bad.download
com.0.security-confirmation.3ab8ead9635bb05d63b15c8ce9623d9e.awda.hyd.me
lavenderhaze.bad.download
111.90.144.112
208.94.117.188
54.184.199.155
0045ac32fbc9c9f7c0d032ec35169bd7dde337272cd2bbf126ad6dcddb839282
2fdea14a807681a7dcd6e5a43495ec197664e2614786fdd7257022358e855fa7
3d6afaaf480f65d8479a5ac01471704ebbf6217ea10072f2e0ef0849a4a96cf3
5f959945f5aab404690f2c44c17916346ea1218a36298b76a492fc70f430478a
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
7314af11cafb8cca143391063d3c902cd50f6654599326f94d1c37478fafd039
766c5986e6fc4dc69553d27d02b74714e73cfcb1ab0e1548a7662f19d3052a94
8f83f77a7c6e279c5d282859382174aba946ae2d27bf03f8c370023023dbd258
c1ad76c98ee93aca2ff82e319ed2126f95486cc80abb1856b62e902f1c5218b4
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9b570a154988c4931745d748cf4e28b8d8e79e729f762400185c6ae85ea8c80