urlscan.io logo urlscan.io
SecurityTrails logo

bzdic.shbzek.com Open in urlscan Pro
185.56.234.205  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://mail.fha.org.ir/
Effective URL: https://bzdic.shbzek.com/bot-captcha-1?h=waWQiOjEwNTQwMzAsInNpZCI6MTIxMjUwNiwid2lkIjo0NTE5MTcsInNyYyI6Mn0=eyJ&si1=983458&...
Submission Tags: l4ing an sub h8 ir org Search All
Submission: On May 29 via api from CH — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 5 countries across 6 domains to perform 16 HTTP transactions. The main IP is 185.56.234.205, located in Netherlands and belongs to ADVANCEDHOSTERS-AS, NL. The main domain is bzdic.shbzek.com.
TLS certificate: Issued by R3 on April 4th 2023. Valid for: 3 months.
This is the only time bzdic.shbzek.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 88.99.234.134 24940 (HETZNER-AS)
1 91.238.104.193 50321 (BYTES-AS)
1 194.135.30.210 50321 (BYTES-AS)
1 2 2.59.222.113 209155 (ONEHOSTPL...)
1 5 185.56.234.205 39572 (ADVANCEDH...)
4 2606:4700:303... 13335 (CLOUDFLAR...)
1 2a02:b4a:1:7:... 39572 (ADVANCEDH...)
16 8
1    88.99.234.134 (Falkenstein, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: vip16-134.cp.htz.privatedns.biz
mail.fha.org.ir
1    91.238.104.193 (Ukraine)

ASN50321 (BYTES-AS, UA)
click.clickandanalytics.com
1    194.135.30.210 (Madrid, Spain)

ASN50321 (BYTES-AS, UA)
statistic.scriptsplatform.com
2    2.59.222.113 (Kyiv, Ukraine)

ASN209155 (ONEHOSTPLANET, CZ)
come.scriptsplatform.com
5    185.56.234.205 (Netherlands)

ASN39572 (ADVANCEDHOSTERS-AS, NL)
shbzek.com
3q1bf.shbzek.com
7yjfu.shbzek.com
bzdic.shbzek.com
4    2606:4700:3033::ac43:dd04 (United States)

ASN13335 (CLOUDFLARENET, US)
ulmoyc.com
1    2a02:b4a:1:7::9167:1 (Netherlands)

ASN39572 (ADVANCEDHOSTERS-AS, NL)
azkcqs.com
Apex Domain
Subdomains		 Transfer
5 shbzek.com
shbzek.com — Cisco Umbrella Rank: 247087
3q1bf.shbzek.com
7yjfu.shbzek.com
bzdic.shbzek.com
249 KB
4 ulmoyc.com
ulmoyc.com — Cisco Umbrella Rank: 49423
16 KB
3 scriptsplatform.com
statistic.scriptsplatform.com — Cisco Umbrella Rank: 92454
come.scriptsplatform.com — Cisco Umbrella Rank: 90383 Failed
3 KB
1 azkcqs.com
azkcqs.com — Cisco Umbrella Rank: 31003 Failed
101 B
1 clickandanalytics.com
click.clickandanalytics.com
2 KB
1 fha.org.ir
mail.fha.org.ir
302 B
16 6
Domain Requested by
4 ulmoyc.com shbzek.com
ulmoyc.com
3q1bf.shbzek.com
7yjfu.shbzek.com
2 shbzek.com 1 redirects come.scriptsplatform.com
2 come.scriptsplatform.com statistic.scriptsplatform.com
come.scriptsplatform.com
1 bzdic.shbzek.com 7yjfu.shbzek.com
1 7yjfu.shbzek.com 3q1bf.shbzek.com
1 3q1bf.shbzek.com shbzek.com
1 azkcqs.com shbzek.com
3q1bf.shbzek.com
1 statistic.scriptsplatform.com click.clickandanalytics.com
1 click.clickandanalytics.com mail.fha.org.ir
1 mail.fha.org.ir
16 10

This site contains no links.

Subject Issuer Validity Valid
click.clickandanalytics.com
R3		 2023-05-21 -
2023-08-19		 3 months crt.sh
statistic.scriptsplatform.com
R3		 2023-05-15 -
2023-08-13		 3 months crt.sh
come.scriptsplatform.com
R3		 2023-05-14 -
2023-08-12		 3 months crt.sh
shbzek.com
R3		 2023-04-04 -
2023-07-03		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-01-29 -
2024-01-28		 a year crt.sh
azkcqs.com
R3		 2023-04-27 -
2023-07-26		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://bzdic.shbzek.com/bot-captcha-1?h=waWQiOjEwNTQwMzAsInNpZCI6MTIxMjUwNiwid2lkIjo0NTE5MTcsInNyYyI6Mn0=eyJ&si1=983458&si2=05demos&i=3
Frame ID: 3B417F74B7E872940DDFF32FC1B98215
Requests: 24 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Bot captcha

Page URL History Show full URLs

  1. http://mail.fha.org.ir/ Page URL
  2. https://come.scriptsplatform.com/away.php?sourceid=43637753&suid=364&pid=23468658 Page URL
  3. https://come.scriptsplatform.com/go.php HTTP 302
    https://shbzek.com/gosl/InNpZCI6MTIxMjUwNiwic21hcnRsaW5rIjp0cnVlfQ==eyJwaWQiOjEwNTQwMzAs?si1=98... HTTP 302
    https://shbzek.com/bot-captcha-1?h=waWQiOjEwNTQwMzAsInNpZCI6MTIxMjUwNiwid2lkIjo0NTE5MTcsInNyYyI... Page URL
  4. https://3q1bf.shbzek.com/bot-captcha-1?h=waWQiOjEwNTQwMzAsInNpZCI6MTIxMjUwNiwid2lkIjo0NTE5MTcsInNyYyI... Page URL
  5. https://7yjfu.shbzek.com/bot-captcha-1?h=waWQiOjEwNTQwMzAsInNpZCI6MTIxMjUwNiwid2lkIjo0NTE5MTcsInNyYyI... Page URL
  6. https://bzdic.shbzek.com/bot-captcha-1?h=waWQiOjEwNTQwMzAsInNpZCI6MTIxMjUwNiwid2lkIjo0NTE5MTcsInNyYyI... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • [^a-z]mtc.*\.js

Page Statistics

16
Requests

75 %
HTTPS

29 %
IPv6

6
Domains

10
Subdomains

8
IPs

5
Countries

270 kB
Transfer

603 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://mail.fha.org.ir/ Page URL
  2. https://come.scriptsplatform.com/away.php?sourceid=43637753&suid=364&pid=23468658 Page URL
  3. https://come.scriptsplatform.com/go.php HTTP 302
    https://shbzek.com/gosl/InNpZCI6MTIxMjUwNiwic21hcnRsaW5rIjp0cnVlfQ==eyJwaWQiOjEwNTQwMzAs?si1=983458&si2=05demos HTTP 302
    https://shbzek.com/bot-captcha-1?h=waWQiOjEwNTQwMzAsInNpZCI6MTIxMjUwNiwid2lkIjo0NTE5MTcsInNyYyI6Mn0=eyJ&si1=983458&si2=05demos Page URL
  4. https://3q1bf.shbzek.com/bot-captcha-1?h=waWQiOjEwNTQwMzAsInNpZCI6MTIxMjUwNiwid2lkIjo0NTE5MTcsInNyYyI6Mn0=eyJ&si1=983458&si2=05demos&i=1 Page URL
  5. https://7yjfu.shbzek.com/bot-captcha-1?h=waWQiOjEwNTQwMzAsInNpZCI6MTIxMjUwNiwid2lkIjo0NTE5MTcsInNyYyI6Mn0=eyJ&si1=983458&si2=05demos&i=2 Page URL
  6. https://bzdic.shbzek.com/bot-captcha-1?h=waWQiOjEwNTQwMzAsInNpZCI6MTIxMjUwNiwid2lkIjo0NTE5MTcsInNyYyI6Mn0=eyJ&si1=983458&si2=05demos&i=3 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6
  • https://come.scriptsplatform.com/go.php HTTP 302
  • https://shbzek.com/gosl/InNpZCI6MTIxMjUwNiwic21hcnRsaW5rIjp0cnVlfQ==eyJwaWQiOjEwNTQwMzAs?si1=983458&si2=05demos HTTP 302
  • https://shbzek.com/bot-captcha-1?h=waWQiOjEwNTQwMzAsInNpZCI6MTIxMjUwNiwid2lkIjo0NTE5MTcsInNyYyI6Mn0=eyJ&si1=983458&si2=05demos

16 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
mail.fha.org.ir/ 		548 B
302 B 		Document
General
Check archive.org
Download Go to
Full URL
http://mail.fha.org.ir/
Protocol
HTTP/1.1
Server
88.99.234.134 Falkenstein, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
vip16-134.cp.htz.privatedns.biz
Software
/
Resource Hash
aa0afc147781556923d3224f4ad50d2d30d55d93c8ce79547863ddbc0ec841fc

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
content-encoding
gzip
content-length
83
content-type
text/html; charset=UTF-8
date
Mon, 29 May 2023 02:14:59 GMT
vary
Accept-Encoding
take
click.clickandanalytics.com/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://click.clickandanalytics.com/take
Requested by
Host: mail.fha.org.ir
URL: http://mail.fha.org.ir/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
91.238.104.193 , Ukraine, ASN50321 (BYTES-AS, UA),
Reverse DNS
Software
nginx /
Resource Hash
d971ad919ca1b24b8d3d4a06eca8ffb097381f37e675d38d8c6e102f3d2c8418

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://mail.fha.org.ir/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 29 May 2023 02:15:00 GMT
Content-Encoding
gzip
Server
nginx
Vary
Accept-Encoding
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
1798
Expires
0
collect
statistic.scriptsplatform.com/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://statistic.scriptsplatform.com/collect
Requested by
Host: click.clickandanalytics.com
URL: https://click.clickandanalytics.com/take
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
194.135.30.210 Madrid, Spain, ASN50321 (BYTES-AS, UA),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://mail.fha.org.ir/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 29 May 2023 02:15:00 GMT
Content-Encoding
gzip
Server
nginx
Vary
Accept-Encoding
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
1470
Expires
0
away.php
come.scriptsplatform.com/ 		0
0
away.php
come.scriptsplatform.com/ 		153 B
270 B 		Document
General
Check archive.org
Download Go to
Full URL
https://come.scriptsplatform.com/away.php?sourceid=43637753&suid=364&pid=23468658
Requested by
Host: statistic.scriptsplatform.com
URL: https://statistic.scriptsplatform.com/collect
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.59.222.113 Kyiv, Ukraine, ASN209155 (ONEHOSTPLANET, CZ),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15768000;

Request headers

Referer
http://mail.fha.org.ir/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-length
127
content-type
text/html; charset=UTF-8
date
Mon, 29 May 2023 02:15:01 GMT
server
nginx
strict-transport-security
max-age=15768000;
vary
Accept-Encoding
go.php
come.scriptsplatform.com/ 		0
0
bot-captcha-1
shbzek.com/
Redirect Chain
  • https://come.scriptsplatform.com/go.php
  • https://shbzek.com/gosl/InNpZCI6MTIxMjUwNiwic21hcnRsaW5rIjp0cnVlfQ==eyJwaWQiOjEwNTQwMzAs?si1=983458&si2=05demos
  • https://shbzek.com/bot-captcha-1?h=waWQiOjEwNTQwMzAsInNpZCI6MTIxMjUwNiwid2lkIjo0NTE5MTcsInNyYyI6Mn0=eyJ&si1=983458&si2=05demos
91 KB
62 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://shbzek.com/bot-captcha-1?h=waWQiOjEwNTQwMzAsInNpZCI6MTIxMjUwNiwid2lkIjo0NTE5MTcsInNyYyI6Mn0=eyJ&si1=983458&si2=05demos
Requested by
Host: come.scriptsplatform.com
URL: https://come.scriptsplatform.com/away.php?sourceid=43637753&suid=364&pid=23468658
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.56.234.205 , Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.21.1 /
Resource Hash
6a9471f6e52b39238481211f9547c683bdcbe5d0bdaab644c889819cb0c578f7

Request headers

Referer
https://come.scriptsplatform.com/away.php?sourceid=43637753&suid=364&pid=23468658
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Mon, 29 May 2023 02:15:02 GMT
server
nginx/1.21.1
vary
Accept-Encoding
x-zone
eu

Redirect headers

cache-control
no-cache
content-type
text/html; charset=UTF-8
date
Mon, 29 May 2023 02:15:02 GMT
location
https://shbzek.com/bot-captcha-1?h=waWQiOjEwNTQwMzAsInNpZCI6MTIxMjUwNiwid2lkIjo0NTE5MTcsInNyYyI6Mn0=eyJ&si1=983458&si2=05demos
max-age
0
server
nginx/1.21.1
x-zone
eu3
truncated
/ 		45 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
942975400f4dba33ae453b5d2da7cb55a58f3cbcdd5182fd11bca092542968a5

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e87849dd13972aa35e307b9589b873f6c5a126d9773f846aa758b28aa9ac4fc3

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Type
image/jpeg
rpe
azkcqs.com/ 		0
0
sdk.js
ulmoyc.com/v1/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ulmoyc.com/v1/sdk.js?h=waWQiOjEwNTQwMzAsInNpZCI6MTIxMjUwNiwid2lkIjo0NTE5MTcsInNyYyI6MiwicG0iOjJ9eyJ&d=shbzek.com&tpl=30&pbd=iOjEwNTQwMzAsInNpZCI6MTIxMjUwNiwid2lkIjo0NTE5MTcsInNpMSI6Ijk4MzQ1OCIsInNpMiI6IjA1ZGVtb3MifQ==eyJwaWQ
Requested by
Host: shbzek.com
URL: https://shbzek.com/bot-captcha-1?h=waWQiOjEwNTQwMzAsInNpZCI6MTIxMjUwNiwid2lkIjo0NTE5MTcsInNyYyI6Mn0=eyJ&si1=983458&si2=05demos
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:dd04 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
97ff4363c83524545b916ad9f58820e4250be33cf6148684979876900c37f2e6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://shbzek.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Mon, 29 May 2023 02:15:03 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"HZ+AWyuqa00keuoFPuHy0KuUq8g"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K9kiv%2BXGP9sFnncYjaVURbBTP6XOApZp4VGw8LkpZdCsWPJoN6zF8tmJnYWRuwqCqCzK%2FGBMj%2BOMvVtRsDuMi9WY%2Blorsfl8TxOXcJ0pIeK6tes7tTQQYKHxZ8w7xtBn%2F%2Fxlyz2XWXjc"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
https://shbzek.com
cache-control
public, max-age=14400
x-zone
eu
cf-ray
7ceb3a341f36085c-FRA
alt-svc
h3=":443"; ma=86400
fp.js
ulmoyc.com/ 		1 KB
874 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ulmoyc.com/fp.js?d=shbzek.com
Requested by
Host: ulmoyc.com
URL: https://ulmoyc.com/v1/sdk.js?h=waWQiOjEwNTQwMzAsInNpZCI6MTIxMjUwNiwid2lkIjo0NTE5MTcsInNyYyI6MiwicG0iOjJ9eyJ&d=shbzek.com&tpl=30&pbd=iOjEwNTQwMzAsInNpZCI6MTIxMjUwNiwid2lkIjo0NTE5MTcsInNpMSI6Ijk4MzQ1OCIsInNpMiI6IjA1ZGVtb3MifQ==eyJwaWQ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:dd04 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8183f73de13c2861c1c4da12e6ddc90d0b87071c801ee3ae47f1c2918fb4d794

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://shbzek.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Mon, 29 May 2023 02:15:03 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Mon, 29 May 2023 02:15:02 GMT
max-age
0
server
cloudflare
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BE2wXQvP87jUtbN%2B7APyIqt4JT4endkxhV4dgXYBMxcerPkXUPqABAaOKDsbIKMx4hCR%2BLxmes86y3ozf98Jox%2FeLMBkJ51nI0IHGrlTrq7FD5d4otJeWDCy9kKFp6i5V8XW0JKoQgVB"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
https://shbzek.com
cache-control
max-age=14400
x-zone
eu
cf-ray
7ceb3a349f86085c-FRA
alt-svc
h3=":443"; ma=86400
bot-captcha-1
3q1bf.shbzek.com/ 		91 KB
62 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://3q1bf.shbzek.com/bot-captcha-1?h=waWQiOjEwNTQwMzAsInNpZCI6MTIxMjUwNiwid2lkIjo0NTE5MTcsInNyYyI6Mn0=eyJ&si1=983458&si2=05demos&i=1
Requested by
Host: shbzek.com
URL: https://shbzek.com/bot-captcha-1?h=waWQiOjEwNTQwMzAsInNpZCI6MTIxMjUwNiwid2lkIjo0NTE5MTcsInNyYyI6Mn0=eyJ&si1=983458&si2=05demos
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.56.234.205 , Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.21.1 /
Resource Hash
cf496570a0c0040de29c04e62027d6250d6bf3a4b8781918ae2e52d85debcb97

Request headers

Referer
https://shbzek.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Mon, 29 May 2023 02:15:03 GMT
server
nginx/1.21.1
vary
Accept-Encoding
x-zone
eu
rpe
azkcqs.com/ 		0
101 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://azkcqs.com/rpe?a=1&s=1&act=17&src=2&p=1054030&st=1212506&wd=451917&d=shbzek.com&tpl=30&rnd=0.2431574849740441&sbid=983458&sbid2=05demos
Requested by
Host: 3q1bf.shbzek.com
URL: https://3q1bf.shbzek.com/bot-captcha-1?h=waWQiOjEwNTQwMzAsInNpZCI6MTIxMjUwNiwid2lkIjo0NTE5MTcsInNyYyI6Mn0=eyJ&si1=983458&si2=05demos&i=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
2a02:b4a:1:7::9167:1 , Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3q1bf.shbzek.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

access-control-allow-origin
*
date
Mon, 29 May 2023 02:15:03 GMT
accept-ch
Sec-CH-UA-Platform-Version
server
nginx/1.18.0
content-length
0
truncated
/ 		45 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
942975400f4dba33ae453b5d2da7cb55a58f3cbcdd5182fd11bca092542968a5

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e87849dd13972aa35e307b9589b873f6c5a126d9773f846aa758b28aa9ac4fc3

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Type
image/jpeg
sdk.js
ulmoyc.com/v1/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ulmoyc.com/v1/sdk.js?h=waWQiOjEwNTQwMzAsInNpZCI6MTIxMjUwNiwid2lkIjo0NTE5MTcsInNyYyI6MiwicG0iOjJ9eyJ&d=shbzek.com&tpl=30&pbd=iOjEwNTQwMzAsInNpZCI6MTIxMjUwNiwid2lkIjo0NTE5MTcsInNpMSI6Ijk4MzQ1OCIsInNpMiI6IjA1ZGVtb3MiLCJpIjoiMSJ9eyJwaWQ
Requested by
Host: 3q1bf.shbzek.com
URL: https://3q1bf.shbzek.com/bot-captcha-1?h=waWQiOjEwNTQwMzAsInNpZCI6MTIxMjUwNiwid2lkIjo0NTE5MTcsInNyYyI6Mn0=eyJ&si1=983458&si2=05demos&i=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3033::ac43:dd04 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
506fb7219e17a077b1dad7d70fa235d5b0faa57e84037100ae6635dd4fd4e57e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3q1bf.shbzek.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Mon, 29 May 2023 02:15:03 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"g8/BMPw1PmMXpm+OtRdzQwWV+nc"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C2xmfA8dpzER3%2BIv%2FslngeAjdg2Mtrzd3s%2B5zv48WpGkFRtynh7RF3RZlkc1eGRDWUK%2Bu0A8hZvZmvUwmP9hLgeo2ABMOkiDfC5HFK8SJqzK8Ss6xcVfqMqy7u88cAQbq0SC9KmeBZT%2F"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
https://shbzek.com
cache-control
public, max-age=14400
x-zone
eu
cf-ray
7ceb3a35cdb29255-FRA
alt-svc
h3=":443"; ma=86400
bot-captcha-1
7yjfu.shbzek.com/ 		91 KB
62 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://7yjfu.shbzek.com/bot-captcha-1?h=waWQiOjEwNTQwMzAsInNpZCI6MTIxMjUwNiwid2lkIjo0NTE5MTcsInNyYyI6Mn0=eyJ&si1=983458&si2=05demos&i=2
Requested by
Host: 3q1bf.shbzek.com
URL: https://3q1bf.shbzek.com/bot-captcha-1?h=waWQiOjEwNTQwMzAsInNpZCI6MTIxMjUwNiwid2lkIjo0NTE5MTcsInNyYyI6Mn0=eyJ&si1=983458&si2=05demos&i=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.56.234.205 , Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.21.1 /
Resource Hash
2f4e7ee19635c4b0b637980137c3dafa75efeeb874f529a326e1edba6b55b45d

Request headers

Referer
https://3q1bf.shbzek.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Mon, 29 May 2023 02:15:03 GMT
server
nginx/1.21.1
vary
Accept-Encoding
x-zone
eu4
truncated
/ 		45 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
942975400f4dba33ae453b5d2da7cb55a58f3cbcdd5182fd11bca092542968a5

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e87849dd13972aa35e307b9589b873f6c5a126d9773f846aa758b28aa9ac4fc3

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Type
image/jpeg
sdk.js
ulmoyc.com/v1/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ulmoyc.com/v1/sdk.js?h=waWQiOjEwNTQwMzAsInNpZCI6MTIxMjUwNiwid2lkIjo0NTE5MTcsInNyYyI6MiwicG0iOjJ9eyJ&d=shbzek.com&tpl=30&pbd=iOjEwNTQwMzAsInNpZCI6MTIxMjUwNiwid2lkIjo0NTE5MTcsInNpMSI6Ijk4MzQ1OCIsInNpMiI6IjA1ZGVtb3MiLCJpIjoiMiJ9eyJwaWQ
Requested by
Host: 7yjfu.shbzek.com
URL: https://7yjfu.shbzek.com/bot-captcha-1?h=waWQiOjEwNTQwMzAsInNpZCI6MTIxMjUwNiwid2lkIjo0NTE5MTcsInNyYyI6Mn0=eyJ&si1=983458&si2=05demos&i=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3033::ac43:dd04 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://7yjfu.shbzek.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Mon, 29 May 2023 02:15:03 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"lFnuDmQiDJZQ4elrYJVQzh5goAM"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PPDCRp3Myi9WpcClZjghPNeN8x4t3ywL0NFxVGu5sYBYzyxWLZmwmlyk7z39sE6any2OT2%2F%2BaGEK2H00z%2BhnleRKM4%2F6W%2F6b8S3Q4yRPZb3z7CLVAYCIYeyQa0PmR5jGXrDCwUc1o8xy"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
https://shbzek.com
cache-control
public, max-age=14400
x-zone
eu
cf-ray
7ceb3a36fe449255-FRA
alt-svc
h3=":443"; ma=86400
Primary Request bot-captcha-1
bzdic.shbzek.com/ 		91 KB
62 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://bzdic.shbzek.com/bot-captcha-1?h=waWQiOjEwNTQwMzAsInNpZCI6MTIxMjUwNiwid2lkIjo0NTE5MTcsInNyYyI6Mn0=eyJ&si1=983458&si2=05demos&i=3
Requested by
Host: 7yjfu.shbzek.com
URL: https://7yjfu.shbzek.com/bot-captcha-1?h=waWQiOjEwNTQwMzAsInNpZCI6MTIxMjUwNiwid2lkIjo0NTE5MTcsInNyYyI6Mn0=eyJ&si1=983458&si2=05demos&i=2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.56.234.205 , Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.21.1 /
Resource Hash

Request headers

Referer
https://7yjfu.shbzek.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Mon, 29 May 2023 02:15:04 GMT
server
nginx/1.21.1
vary
Accept-Encoding
x-zone
eu
truncated
/ 		45 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Type
image/jpeg

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
come.scriptsplatform.com
URL
https://come.scriptsplatform.com/away.php?sourceid=43637753&suid=364&pid=23468658
Domain
come.scriptsplatform.com
URL
https://come.scriptsplatform.com/go.php
Domain
azkcqs.com
URL
https://azkcqs.com/rpe?a=1&s=1&act=17&src=2&p=1054030&st=1212506&wd=451917&d=shbzek.com&tpl=30&rnd=0.3491397228166535&sbid=983458&sbid2=05demos

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| edPushSDK

4 Cookies

Domain/Path Name / Value
mail.fha.org.ir/ Name: simpeladus
Value: 1
.shbzek.com/ Name: truniq
Value: 1
.shbzek.com/ Name: ufp2
Value: 847550f20592037ebd389767885035c774a316c4
.shbzek.com/ Name: prompt
Value: 1