zeroday.ltd Open in urlscan Pro
104.18.36.152 Public Scan

Go To Rescan
Add Verdict Report

URL:
http://zeroday.ltd/protect.html
Submission: On January 24 via manual (January 24th 2018, 6:33:27 pm UTC) from US

Summary HTTP 20 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 20 HTTP transactions. The main IP is 104.18.36.152, located in San Francisco, United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is zeroday.ltd.

This is the only time zeroday.ltd was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2	104.18.36.152 104.18.36.152	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	94.130.129.239 94.130.129.239	24940 (HETZNER-AS) (HETZNER-AS)
20	3

2 104.18.36.152 (San Francisco, United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

zeroday.ltd	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 94.130.129.239 (Ukraine)

ASN24940 (HETZNER-AS, DE)
PTR: static.239.129.130.94.clients.your-server.de

coinhive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	zeroday.ltd zeroday.ltd	1 KB
1	coinhive.com coinhive.com	20 KB
20	2

	Domain	Requested by
2	zeroday.ltd	zeroday.ltd
1	coinhive.com	zeroday.ltd
20	2

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://zeroday.ltd/protect.html
Frame ID: (36110B0C9FCF5E77E14EC62DA6015C83)
Requests: 20 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /cloudflare/i

Page Statistics

20
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

22 kB
Transfer

834 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request Cookie set protect.html Show response zeroday.ltd/	95 B 490 B	204ms 191ms	Document text/html	104.18.36.152 Cloudflare
General Check archive.org Show headers Download Go to Full URL http://zeroday.ltd/protect.html Protocol HTTP/1.1 Server 104.18.36.152 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `61b12eb00372d68e6758930809592623f08f864ef4b1e4bdf675e113a142e582` Request headers Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Connection keep-alive Accept-Encoding gzip, deflate Host zeroday.ltd Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Wed, 24 Jan 2018 18:33:17 GMT Content-Encoding gzip Last-Modified Fri, 12 Jan 2018 22:28:58 GMT Server cloudflare Transfer-Encoding chunked Content-Type text/html Set-Cookie __cfduid=dfc28069d23b4dce9a14f50efca6673be1516818797; expires=Thu, 24-Jan-19 18:33:17 GMT; path=/; domain=.zeroday.ltd; HttpOnly Connection keep-alive CF-RAY 3e25148c70a02696-FRA
GET H/1.1	200 OK	coinhive.min.js Show response coinhive.com/lib/	62 KB 20 KB	12ms 6ms	Script application/javascript	94.130.129.239 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://coinhive.com/lib/coinhive.min.js Requested by Host: zeroday.ltd URL: http://zeroday.ltd/protect.html Protocol HTTP/1.1 Server 94.130.129.239 , Ukraine, ASN24940 (HETZNER-AS, DE), Reverse DNS static.239.129.130.94.clients.your-server.de Software nginx / Resource Hash `e72737a8cf29eeae795a3918e56c07b4efa2e9ce241ec56053d6a95f878be231` Request headers Referer http://zeroday.ltd/protect.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Wed, 24 Jan 2018 18:33:17 GMT Content-Encoding gzip Last-Modified Wed, 24 Jan 2018 10:12:50 GMT Server nginx ETag W/"5a685c22-f78d" Transfer-Encoding chunked Content-Type application/javascript; charset=utf-8 Access-Control-Allow-Origin * Cache-Control max-age=28800 Connection keep-alive Expires Thu, 25 Jan 2018 02:33:17 GMT
GET H/1.1	200 OK	jq.js Show response zeroday.ltd/	743 B 762 B	13ms 13ms	Script application/javascript	104.18.36.152 Cloudflare
General Check archive.org Show headers Download Go to Full URL http://zeroday.ltd/jq.js Requested by Host: zeroday.ltd URL: http://zeroday.ltd/protect.html Protocol HTTP/1.1 Server 104.18.36.152 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `369c58605e54a2cd8ac7fc43bdcfdf90bb0256687fd5f8af9a03b5230be4bbfc` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host zeroday.ltd User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept / Referer http://zeroday.ltd/protect.html Cookie __cfduid=dfc28069d23b4dce9a14f50efca6673be1516818797 Connection keep-alive Cache-Control no-cache Referer http://zeroday.ltd/protect.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Wed, 24 Jan 2018 18:33:17 GMT Content-Encoding gzip CF-Cache-Status HIT Last-Modified Fri, 12 Jan 2018 22:14:26 GMT Server cloudflare Vary Accept-Encoding Content-Type application/javascript Cache-Control public, max-age=14400 Transfer-Encoding chunked Connection keep-alive CF-RAY 3e25148da0f62696-FRA Expires Wed, 24 Jan 2018 22:33:17 GMT
GET BLOB	200 OK	d09c436b-423e-4f47-a067-8a181931f9df http://zeroday.ltd/	45 KB 0		Other text/plain
General Check archive.org Show headers Download Go to Full URL blob:http://zeroday.ltd/d09c436b-423e-4f47-a067-8a181931f9df Requested by Host: coinhive.com URL: https://coinhive.com/lib/coinhive.min.js Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash `3304893f3bf658af73447c37f6070e770adc0dad0f2ff49cb52df3c58d6700a9` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Content-Length 46471
GET BLOB	200 OK	d09c436b-423e-4f47-a067-8a181931f9df http://zeroday.ltd/	45 KB 0		Other text/plain
General Check archive.org Show headers Download Go to Full URL blob:http://zeroday.ltd/d09c436b-423e-4f47-a067-8a181931f9df Requested by Host: coinhive.com URL: https://coinhive.com/lib/coinhive.min.js Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash `3304893f3bf658af73447c37f6070e770adc0dad0f2ff49cb52df3c58d6700a9` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Content-Length 46471
GET BLOB	200 OK	d09c436b-423e-4f47-a067-8a181931f9df http://zeroday.ltd/	45 KB 0		Other text/plain
General Check archive.org Show headers Download Go to Full URL blob:http://zeroday.ltd/d09c436b-423e-4f47-a067-8a181931f9df Requested by Host: coinhive.com URL: https://coinhive.com/lib/coinhive.min.js Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash `3304893f3bf658af73447c37f6070e770adc0dad0f2ff49cb52df3c58d6700a9` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Content-Length 46471
GET BLOB	200 OK	d09c436b-423e-4f47-a067-8a181931f9df http://zeroday.ltd/	45 KB 0		Other text/plain
General Check archive.org Show headers Download Go to Full URL blob:http://zeroday.ltd/d09c436b-423e-4f47-a067-8a181931f9df Requested by Host: coinhive.com URL: https://coinhive.com/lib/coinhive.min.js Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash `3304893f3bf658af73447c37f6070e770adc0dad0f2ff49cb52df3c58d6700a9` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Content-Length 46471
GET BLOB	200 OK	d09c436b-423e-4f47-a067-8a181931f9df http://zeroday.ltd/	45 KB 0		Other text/plain
General Check archive.org Show headers Download Go to Full URL blob:http://zeroday.ltd/d09c436b-423e-4f47-a067-8a181931f9df Requested by Host: coinhive.com URL: https://coinhive.com/lib/coinhive.min.js Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash `3304893f3bf658af73447c37f6070e770adc0dad0f2ff49cb52df3c58d6700a9` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Content-Length 46471
GET BLOB	200 OK	d09c436b-423e-4f47-a067-8a181931f9df http://zeroday.ltd/	45 KB 0		Other text/plain
General Check archive.org Show headers Download Go to Full URL blob:http://zeroday.ltd/d09c436b-423e-4f47-a067-8a181931f9df Requested by Host: coinhive.com URL: https://coinhive.com/lib/coinhive.min.js Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash `3304893f3bf658af73447c37f6070e770adc0dad0f2ff49cb52df3c58d6700a9` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Content-Length 46471
GET BLOB	200 OK	d09c436b-423e-4f47-a067-8a181931f9df http://zeroday.ltd/	45 KB 0		Other text/plain
General Check archive.org Show headers Download Go to Full URL blob:http://zeroday.ltd/d09c436b-423e-4f47-a067-8a181931f9df Requested by Host: coinhive.com URL: https://coinhive.com/lib/coinhive.min.js Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash `3304893f3bf658af73447c37f6070e770adc0dad0f2ff49cb52df3c58d6700a9` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Content-Length 46471
GET BLOB	200 OK	d09c436b-423e-4f47-a067-8a181931f9df http://zeroday.ltd/	45 KB 0		Other text/plain
General Check archive.org Show headers Download Go to Full URL blob:http://zeroday.ltd/d09c436b-423e-4f47-a067-8a181931f9df Requested by Host: coinhive.com URL: https://coinhive.com/lib/coinhive.min.js Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash `3304893f3bf658af73447c37f6070e770adc0dad0f2ff49cb52df3c58d6700a9` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Content-Length 46471
GET BLOB	200 OK	d09c436b-423e-4f47-a067-8a181931f9df http://zeroday.ltd/	45 KB 0		Other text/plain
General Check archive.org Show headers Download Go to Full URL blob:http://zeroday.ltd/d09c436b-423e-4f47-a067-8a181931f9df Requested by Host: coinhive.com URL: https://coinhive.com/lib/coinhive.min.js Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash `3304893f3bf658af73447c37f6070e770adc0dad0f2ff49cb52df3c58d6700a9` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Content-Length 46471
GET BLOB	200 OK	d09c436b-423e-4f47-a067-8a181931f9df http://zeroday.ltd/	45 KB 0		Other text/plain
General Check archive.org Show headers Download Go to Full URL blob:http://zeroday.ltd/d09c436b-423e-4f47-a067-8a181931f9df Requested by Host: coinhive.com URL: https://coinhive.com/lib/coinhive.min.js Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash `3304893f3bf658af73447c37f6070e770adc0dad0f2ff49cb52df3c58d6700a9` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Content-Length 46471
GET BLOB	200 OK	d09c436b-423e-4f47-a067-8a181931f9df http://zeroday.ltd/	45 KB 0		Other text/plain
General Check archive.org Show headers Download Go to Full URL blob:http://zeroday.ltd/d09c436b-423e-4f47-a067-8a181931f9df Requested by Host: coinhive.com URL: https://coinhive.com/lib/coinhive.min.js Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash `3304893f3bf658af73447c37f6070e770adc0dad0f2ff49cb52df3c58d6700a9` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Content-Length 46471
GET BLOB	200 OK	d09c436b-423e-4f47-a067-8a181931f9df http://zeroday.ltd/	45 KB 0		Other text/plain
General Check archive.org Show headers Download Go to Full URL blob:http://zeroday.ltd/d09c436b-423e-4f47-a067-8a181931f9df Requested by Host: coinhive.com URL: https://coinhive.com/lib/coinhive.min.js Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash `3304893f3bf658af73447c37f6070e770adc0dad0f2ff49cb52df3c58d6700a9` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Content-Length 46471
GET BLOB	200 OK	d09c436b-423e-4f47-a067-8a181931f9df http://zeroday.ltd/	45 KB 0		Other text/plain
General Check archive.org Show headers Download Go to Full URL blob:http://zeroday.ltd/d09c436b-423e-4f47-a067-8a181931f9df Requested by Host: coinhive.com URL: https://coinhive.com/lib/coinhive.min.js Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash `3304893f3bf658af73447c37f6070e770adc0dad0f2ff49cb52df3c58d6700a9` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Content-Length 46471
GET BLOB	200 OK	d09c436b-423e-4f47-a067-8a181931f9df http://zeroday.ltd/	45 KB 0		Other text/plain
General Check archive.org Show headers Download Go to Full URL blob:http://zeroday.ltd/d09c436b-423e-4f47-a067-8a181931f9df Requested by Host: coinhive.com URL: https://coinhive.com/lib/coinhive.min.js Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash `3304893f3bf658af73447c37f6070e770adc0dad0f2ff49cb52df3c58d6700a9` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Content-Length 46471
GET BLOB	200 OK	d09c436b-423e-4f47-a067-8a181931f9df http://zeroday.ltd/	45 KB 0		Other text/plain
General Check archive.org Show headers Download Go to Full URL blob:http://zeroday.ltd/d09c436b-423e-4f47-a067-8a181931f9df Requested by Host: coinhive.com URL: https://coinhive.com/lib/coinhive.min.js Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash `3304893f3bf658af73447c37f6070e770adc0dad0f2ff49cb52df3c58d6700a9` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Content-Length 46471
GET BLOB	200 OK	d09c436b-423e-4f47-a067-8a181931f9df http://zeroday.ltd/	45 KB 0		Other text/plain
General Check archive.org Show headers Download Go to Full URL blob:http://zeroday.ltd/d09c436b-423e-4f47-a067-8a181931f9df Requested by Host: coinhive.com URL: https://coinhive.com/lib/coinhive.min.js Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash `3304893f3bf658af73447c37f6070e770adc0dad0f2ff49cb52df3c58d6700a9` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Content-Length 46471
GET BLOB	200 OK	d09c436b-423e-4f47-a067-8a181931f9df http://zeroday.ltd/	45 KB 0		Other text/plain
General Check archive.org Show headers Download Go to Full URL blob:http://zeroday.ltd/d09c436b-423e-4f47-a067-8a181931f9df Requested by Host: coinhive.com URL: https://coinhive.com/lib/coinhive.min.js Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash `3304893f3bf658af73447c37f6070e770adc0dad0f2ff49cb52df3c58d6700a9` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Content-Length 46471

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| CoinHive object| _0xcbb2 object| miner

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.zeroday.ltd/	1970-01-18 22:05:54	Name: __cfduid Value: dfc28069d23b4dce9a14f50efca6673be1516818797

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

coinhive.com
zeroday.ltd
104.18.36.152
94.130.129.239
3304893f3bf658af73447c37f6070e770adc0dad0f2ff49cb52df3c58d6700a9
369c58605e54a2cd8ac7fc43bdcfdf90bb0256687fd5f8af9a03b5230be4bbfc
61b12eb00372d68e6758930809592623f08f864ef4b1e4bdf675e113a142e582
e72737a8cf29eeae795a3918e56c07b4efa2e9ce241ec56053d6a95f878be231

zeroday.ltd Open in urlscan Pro 104.18.36.152 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

20 Requests

0 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

22 kBTransfer

834 kBSize

1 Cookies

0 Outgoing links

Redirected requests

20 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

1 Cookies

Indicators

zeroday.ltd Open in urlscan Pro
104.18.36.152 Public Scan

Screenshot
Live screenshot

Full Image

20
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

22 kB
Transfer

834 kB
Size

1
Cookies

20 HTTP transactions
0 data transactions