| | 45.146.235.45 | 302 Found | 25 B |
URL User Request GET HTTP/1.1IP45.146.235.45:80 ASN#8100 ASN-QUADRANET-GLOBAL
File typeUnicode text, UTF-8 text, with no line terminators Hashac44ee63ed18dbf5f5efca9974ae6b13 7687a0d56712ec9556368e91ebe6d28f69189c6d b87d257f2007f6fe728c5778177fb1b3e92bcd82342b79705eb8c60293f26e28
NIDS | Severity | Alert | suricata | medium | ET INFO HTTP Request to a *.top domain |
GET / HTTP/1.1
Host: book.mgef.mhzxbt.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Thu, 18 Apr 2024 09:55:45 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://m.lxnthpf.icu/
|
|
| m.lxnthpf.icu/ | 104.21.92.114 | | 54 kB |
IP104.21.92.114:0
File typeHTML document, Unicode text, UTF-8 text, with very long lines (43996) Hash6abbb14b5261262141bacec9b48785ad 007232ae26b798684cc310036ff0c1b48e232e49 cc304314d4409135af46b1e3e82e815f6c3fe4483f92db9979fe87a13204cdfa
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET / HTTP/1.1
Host: m.lxnthpf.icu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 09:55:47 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: max-age=7200
cf-cache-status: MISS
last-modified: Thu, 18 Apr 2024 09:55:46 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=osDaS%2BQPwLpYazie%2B5EjvQzGd1FerxUn8qDvGq8ekw%2FmEjTed8ZwRwfykKrpnEWrEUUQvqqq3K20C6Ky7ZIPdhokX9Ci3H0Y413BP9lGPtxQ5NQPJFhrRpc5z1WAYxZd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8763c7f5fe57b500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| google.com/ | 142.250.74.142 | | 220 B |
IP142.250.74.142:0
CertificateIssuerGoogle Trust Services LLC Subject*.google.com Fingerprint02:6C:2F:38:A0:8A:95:AC:E8:2B:67:AA:69:A4:34:6E:15:99:F5:1D ValidityMon, 04 Mar 2024 06:35:50 GMT - Mon, 27 May 2024 06:35:49 GMT
File typeHTML document, ASCII text, with CRLF, LF line terminators Hash276bbb20c29087e88db63899fd8f9129 b52854d1f79de5ebeebf0160447a09c7a8c2cde4 5b61b0c2032b4aa9519d65cc98c6416c12415e02c7fbbaa1be5121dc75162edb
GET / HTTP/1.1
Host: google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
location: https://www.google.com/
content-type: text/html; charset=UTF-8
content-security-policy-report-only: object-src 'none';base-uri 'self';script-src 'nonce-q8yPpseQBpHKqdgp7iabaw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
date: Thu, 18 Apr 2024 09:55:50 GMT
expires: Sat, 18 May 2024 09:55:50 GMT
cache-control: public, max-age=2592000
server: gws
content-length: 220
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| www.google.com/ | 142.250.74.164 | | 72 kB |
IP142.250.74.164:0
CertificateIssuerGoogle Trust Services LLC Subjectwww.google.com FingerprintCC:CC:99:46:65:6C:77:0B:C8:AA:AD:5E:58:B6:2D:19:B2:C7:0B:06 ValidityMon, 04 Mar 2024 07:19:07 GMT - Mon, 27 May 2024 07:19:06 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (14782) Hash2d4d4e0cf230da1f15b17e68f9e84a35 1179146b88b11e9cd586f9b850f10170f96b9d2b b68ca45e163bd9dadf40ef900519204fb7e1b84ac08c96773881b789a73f4fcd
GET / HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 09:55:50 GMT
expires: -1
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=31536000
content-security-policy-report-only: object-src 'none';base-uri 'self';script-src 'nonce-Qd7VqWHUIzun8OeCGb92YQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-encoding: br
server: gws
content-length: 72107
x-xss-protection: 0
x-frame-options: SAMEORIGIN
set-cookie: AEC=AQTF6HxfFr-j4kR1DLP56UH8zqUm2ut63KtfUvLPgkvMGDOO5Wxpt-JGBg; expires=Tue, 15-Oct-2024 09:55:50 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
__Secure-ENID=19.SE=attK0QofUageH9eojgfWbW-fBKHA0ErN0TovTiIUa2dYmbvP-ucPPOFzw7k40cpxMw-5je0a8bq16Nel4J36O4wlCNLeXcwtGkpIVQUtlQ97htzK0TaJwEATsbnxlXwVv7L3EPGJmkHK9i7hP_2Ikf9UcZMllqIjspPu0XPL7eZ3FJnEi_c; expires=Mon, 19-May-2025 02:14:08 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| m.biding234.top/template/2917/https://fbcdn-sphotos-e-a.akamaihd.net/hphotos-ak-frc1/582546_344156198979857_678123957_n.jpg | 172.67.220.71 | 404 Not Found | 36 kB |
URL GET HTTP/3m.biding234.top/template/2917/https://fbcdn-sphotos-e-a.akamaihd.net/hphotos-ak-frc1/582546_344156198979857_678123957_n.jpg IP172.67.220.71:443
CertificateIssuerGoogle Trust Services LLC Subjectbiding234.top Fingerprint9D:89:88:B1:47:ED:14:73:49:AE:54:66:08:30:91:89:7C:9E:72:41 ValidityMon, 25 Mar 2024 07:54:36 GMT - Sun, 23 Jun 2024 07:54:35 GMT
File typeHTML document, ASCII text Hashdd44ba66ffd269006f58f19522dcc734 9d79382527337c2beb10b64b3bed8559331990db a8372991f0d57eade669c2c93bda7496ad3a6653b90202fb1c29dfd423d9ca5b
GET /template/2917/https://fbcdn-sphotos-e-a.akamaihd.net/hphotos-ak-frc1/582546_344156198979857_678123957_n.jpg HTTP/1.1
Host: m.biding234.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://m.biding234.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 404 Not Found
date: Thu, 18 Apr 2024 09:55:50 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=veq7FX7Y4GUJybgnGln%2BlVGvbSPzaNUJg1t6s85X4BkHQ43%2FpegMA0f4vWtBcsS54V7QqUHTqT%2BEJ17WqtyqbfTnK0G%2Fg9fhx6qsdb4cURNVrJ36eZhptxH%2FXyfBAMVf0sI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8763c80a8fd30b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| m.biding234.top/template/2917/css/main.css | 172.67.220.71 | 200 OK | 12 kB |
URL GET HTTP/3m.biding234.top/template/2917/css/main.css IP172.67.220.71:443
CertificateIssuerGoogle Trust Services LLC Subjectbiding234.top Fingerprint9D:89:88:B1:47:ED:14:73:49:AE:54:66:08:30:91:89:7C:9E:72:41 ValidityMon, 25 Mar 2024 07:54:36 GMT - Sun, 23 Jun 2024 07:54:35 GMT
Hashfd9a76daf19c492258fa09974e393f77 c99b9317d58e996c30ca2e76a4fd134f1923b3bf 0898fc1f43c175cbe78b1a131436c9d43fd24d33ce22aede93b104e41dee5ae0
GET /template/2917/css/main.css HTTP/1.1
Host: m.biding234.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://m.biding234.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 09:55:50 GMT
content-type: text/css
last-modified: Wed, 06 Nov 2019 13:47:32 GMT
vary: Accept-Encoding
etag: W/"5dc2cef4-442a"
expires: Thu, 18 Apr 2024 21:55:49 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qwu%2BOhTi1M%2FsCI8EHrVdWU%2FHCP1wR3hpXbq5yo2ScCCqpbQvXMMSku62f%2Bs7dYHJ7xxAhEBj%2BKaCXp5a64D36%2F2csX9FTGxB8bEXEOt5IYkDwtLyLZPcA5%2BPr2X5Z1K7WyA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8763c80a8fd00b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| www.lelifi.com/app/app.js?t=xia&c=googleee&mb=1 | 104.21.46.15 | 200 OK | 9.9 kB |
URL GET HTTP/3www.lelifi.com/app/app.js?t=xia&c=googleee&mb=1 IP104.21.46.15:443
CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com FingerprintA7:86:67:95:65:3F:9F:95:2C:EB:56:1E:31:DA:D9:C2:31:58:79:9F ValidityWed, 24 May 2023 00:00:00 GMT - Thu, 23 May 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (318) Hashc05d24e915a484f17846a3e4439e9889 74d4704effd793730975184a1d4c1349da0c4376 fcd21023540b2560a62a75fdd6560bd2097ea5c23f788c40ec7d1c2299be902f
GET /app/app.js?t=xia&c=googleee&mb=1 HTTP/1.1
Host: www.lelifi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://m.biding234.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 09:55:51 GMT
content-type: application/javascript
last-modified: Thu, 04 Apr 2024 11:15:30 GMT
vary: Accept-Encoding
etag: W/"660e8bd2-fc6"
expires: Thu, 18 Apr 2024 20:03:18 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 6753
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NyTmdEs8CoA%2FuB7vh%2BIM4GTk%2B9%2BdnkMeJBP0Wfd1riDOFmKpdjZlx9qQc1RtYzPf%2FoHtWthQWNy4Q8E5fWQhqmPlfO5IFmWTnQPn6P4Xi8qFrVT2sWZtKW6ud010DZs7nQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8763c8156a35b515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| | 172.67.220.71 | 200 OK | 148 kB |
URL User Request GET HTTP/2IP172.67.220.71:443
CertificateIssuerGoogle Trust Services LLC Subjectbiding234.top Fingerprint9D:89:88:B1:47:ED:14:73:49:AE:54:66:08:30:91:89:7C:9E:72:41 ValidityMon, 25 Mar 2024 07:54:36 GMT - Sun, 23 Jun 2024 07:54:35 GMT
Size148 kB (148332 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: m.biding234.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 09:55:49 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: MISS
last-modified: Thu, 18 Apr 2024 09:55:49 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5wFtoGqJzb46JLjc93evh%2Bg9gcJGfBTJcqoKYNoz%2FS%2BKVi1bOvEVyexbcjf7fKeQBq%2FGz2D7sA3A%2FPsHIYKYBgMckMvfnTrpnuxH%2BWxxRvxOep%2BQQC5hZMUVkoqvFLbDuUM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8763c8041baab51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| m.biding234.top/template/2917/images/floor.jpg | 172.67.220.71 | 200 OK | 36 kB |
URL GET HTTP/3m.biding234.top/template/2917/images/floor.jpg IP172.67.220.71:443
CertificateIssuerGoogle Trust Services LLC Subjectbiding234.top Fingerprint9D:89:88:B1:47:ED:14:73:49:AE:54:66:08:30:91:89:7C:9E:72:41 ValidityMon, 25 Mar 2024 07:54:36 GMT - Sun, 23 Jun 2024 07:54:35 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1700x470, components 3 Hasha87cc786ba5756de4747ff9dab520428 0a65ecd61d71f3a3403c3c334202e07d096c4779 a202ac2925ce351015341bb6105240462081690c1cb016ad86fdde659c16c8a3
GET /template/2917/images/floor.jpg HTTP/1.1
Host: m.biding234.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://m.biding234.top/template/2917/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 09:55:51 GMT
content-type: image/jpeg
content-length: 35660
last-modified: Wed, 16 Oct 2019 05:58:50 GMT
etag: "5da6b19a-8b4c"
expires: Sat, 18 May 2024 09:55:50 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ouhQXe87rLD2BUb9mksmNluUen%2BHCnrAtm%2BaJR3GqA09TVGvNQZKRr6fnxgJK4BsDmBgLuFcb35zkj74fRdmbqxKdMEamkLiqyOkS59AuZ6bYivOHwXVzLuVf4wUheeDzb0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763c80e4b980b49-OSL
alt-svc: h3=":443"; ma=86400
|
|
| m.biding234.top/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js | 172.67.220.71 | 200 OK | 12 kB |
URL GET HTTP/3m.biding234.top/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js IP172.67.220.71:443
CertificateIssuerGoogle Trust Services LLC Subjectbiding234.top Fingerprint9D:89:88:B1:47:ED:14:73:49:AE:54:66:08:30:91:89:7C:9E:72:41 ValidityMon, 25 Mar 2024 07:54:36 GMT - Sun, 23 Jun 2024 07:54:35 GMT
File typeJavaScript source, ASCII text, with very long lines (12331) Hash88a769d2fe35899fd45a332a0a032cc0 514c6c1d8475d17e412849a4c90159517d0fa10a ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
GET /cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js HTTP/1.1
Host: m.biding234.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://m.biding234.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 09:55:49 GMT
content-type: application/javascript
last-modified: Mon, 15 Apr 2024 08:31:34 GMT
etag: W/"661ce5e6-302c"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0tq9CONAunPr7pWMmHsS4b%2Fzaj24KkQfRNnIS9OWQftTOFu9HVOoP34NMWUAwREJduyUAj%2B3AsVJq9K8YDkm29EwtYW5MccuKVqZTwI6rJDsIHwa8%2BLMRCPKxRmhI%2FuvZ2U%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763c80a8fd60b49-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Sat, 20 Apr 2024 09:55:49 GMT
cache-control: max-age=172800, public
content-encoding: gzip
|
|
| m.biding234.top/Baidu.js | 172.67.220.71 | 200 OK | 100 B |
IP172.67.220.71:443
CertificateIssuerGoogle Trust Services LLC Subjectbiding234.top Fingerprint9D:89:88:B1:47:ED:14:73:49:AE:54:66:08:30:91:89:7C:9E:72:41 ValidityMon, 25 Mar 2024 07:54:36 GMT - Sun, 23 Jun 2024 07:54:35 GMT
File typeASCII text, with no line terminators Hash745138fdac34f259797f25c38464c61c d6189e5e03dee8d70d1280110389b2ead43c2cac f50ed991b0516f0e21e7b8b2352024d10d1d37609bcd2b17d8ca2c21a0cdde6e
GET /Baidu.js HTTP/1.1
Host: m.biding234.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://m.biding234.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 09:55:50 GMT
content-type: application/javascript
last-modified: Mon, 25 Mar 2024 05:16:26 GMT
etag: W/"660108aa-64"
expires: Thu, 18 Apr 2024 21:55:50 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=woxUOl0ZCO5EzibP%2BjMz4yzZyPV80OxxOf8P5kjA8iGujzcBhefY2ul5M5xcxOdc847HcL7kKxyYl3DpowOhwamCmhlK%2FYsuTxT5LlzQaEICjbi1onxOiWG48BQ9mqi4jLA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763c80e7bae0b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| m.biding234.top/favicon.ico | 172.67.220.71 | 200 OK | 1.2 kB |
URL GET HTTP/3m.biding234.top/favicon.ico IP172.67.220.71:443
CertificateIssuerGoogle Trust Services LLC Subjectbiding234.top Fingerprint9D:89:88:B1:47:ED:14:73:49:AE:54:66:08:30:91:89:7C:9E:72:41 ValidityMon, 25 Mar 2024 07:54:36 GMT - Sun, 23 Jun 2024 07:54:35 GMT
File typeMS Windows icon resource - 1 icon, 16x16, 32 bits/pixel Hash591676289e8a2b06c3fc31137810d2c0 f53c4f56f983f6b96198806a60624ba16741a156 2cab8e512dc07af44384a4e2c0e7020b04e03331affaa96aa54d489d6274e4de
GET /favicon.ico HTTP/1.1
Host: m.biding234.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://m.biding234.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 09:55:50 GMT
content-type: image/x-icon
last-modified: Tue, 10 Oct 2023 02:40:54 GMT
etag: W/"6524b9b6-47e"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tPxY4OPlHBWgHemtpHgtieKvOu3OxHsfyN10a0lMhHEMyRoJc2DFOI8Vib%2BgozU18hA2QcYDxjPZPE0fCiq5DjReIS8CpcevuVQZgTjtSEXDjX5ihUG0vx%2B8Pf83L5SgDWw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763c810eee60b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| api.share.baidu.com/s.gif?l=http://m.biding234.top/ | 0.0.0.0 | | 0 B |
URL GET api.share.baidu.com/s.gif?l=http://m.biding234.top/ IP0.0.0.0:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s.gif?l=http://m.biding234.top/ HTTP/1.1
Host: api.share.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://m.biding234.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| m.biding234.top/template/2917/ | 0.0.0.0 | | 0 B |
URL GET m.biding234.top/template/2917/ IP0.0.0.0:0
CertificateIssuerGoogle Trust Services LLC Subjectbiding234.top Fingerprint9D:89:88:B1:47:ED:14:73:49:AE:54:66:08:30:91:89:7C:9E:72:41 ValidityMon, 25 Mar 2024 07:54:36 GMT - Sun, 23 Jun 2024 07:54:35 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /template/2917/ HTTP/1.1
Host: m.biding234.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://m.biding234.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 302 Found
date: Thu, 18 Apr 2024 09:55:50 GMT
content-type: text/html
location: http://google.com/
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rIpdRM7DY4ZJhhawpU6sk2cy9nqa6dTjt5zXz%2BLY0coBbM%2FASfeQ9AkHHy5945o0kHiu6BIOymm%2BLtnYbCcWwqG7vl9fLg6PzvuFH73fu3DTAfoGtyk7d%2BdfqcsFmzK0vmM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763c80a8fd50b49-OSL
alt-svc: h3=":443"; ma=86400
|
|
| m.biding234.top/template/2917/apple-touch-icon-precomposed.png | 172.67.220.71 | 404 Not Found | 1.3 kB |
URL GET HTTP/3m.biding234.top/template/2917/apple-touch-icon-precomposed.png IP172.67.220.71:443
CertificateIssuerGoogle Trust Services LLC Subjectbiding234.top Fingerprint9D:89:88:B1:47:ED:14:73:49:AE:54:66:08:30:91:89:7C:9E:72:41 ValidityMon, 25 Mar 2024 07:54:36 GMT - Sun, 23 Jun 2024 07:54:35 GMT
File typeHTML document, ASCII text, with very long lines (1324), with no line terminators Hash3e7b96ec7ff410f1533c5cb240f5d066 6cccde542cfd33c39adb3165d377ff2d3e34828b fcc63e8878841b83883e2265e9cfeff28a4cf5582ec78938556e14073262c554
GET /template/2917/apple-touch-icon-precomposed.png HTTP/1.1
Host: m.biding234.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://m.biding234.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 404 Not Found
date: Thu, 18 Apr 2024 09:55:51 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FqdSU5t4ZLS8YY%2FyvGNdberclRxkndiqgEY%2BHj8%2BYGKhM1rgpEE7KJ0R8Wvqi05pWQpjavCXRH1QceKw8Jo9QcjZrXpe1PlVHB%2B%2BQU5O0w%2FPAG7qgznPAmD1DXOL2hgKRc0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8763c810eee10b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| m.biding234.top/template/2917/css/normalize.min.css | 172.67.220.71 | 200 OK | 2.5 kB |
URL GET HTTP/3m.biding234.top/template/2917/css/normalize.min.css IP172.67.220.71:443
CertificateIssuerGoogle Trust Services LLC Subjectbiding234.top Fingerprint9D:89:88:B1:47:ED:14:73:49:AE:54:66:08:30:91:89:7C:9E:72:41 ValidityMon, 25 Mar 2024 07:54:36 GMT - Sun, 23 Jun 2024 07:54:35 GMT
File typeASCII text, with very long lines (2518), with no line terminators Hashabb76592dd5063899a52575961b2553f daa050ce0e44a1229ece6b54dcf78de913d56e9c ccd6aa32af6bdac59d1041124ea345528d89b5ed54447d04d466ce7d23e7bea6
GET /template/2917/css/normalize.min.css HTTP/1.1
Host: m.biding234.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://m.biding234.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 09:55:50 GMT
content-type: text/css
last-modified: Tue, 15 Oct 2019 06:44:56 GMT
vary: Accept-Encoding
etag: W/"5da56ae8-9c6"
expires: Thu, 18 Apr 2024 21:55:49 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z58lHrx4lJf1wXKcydgOKw6U5N2Cqjx%2BmqR6ak23W7ImXabqADdcKpqfw8T%2Bi3wN%2Fnb8Z01lF40TRyLf3nhRlRu8zZR%2BMw3VRHlWHGvEnULagFCio9It0a%2BP%2Bt63nLxTCnM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8763c80a8fcb0b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| m.biding234.top/Aquery.js | 172.67.220.71 | 200 OK | 540 B |
URL GET HTTP/3m.biding234.top/Aquery.js IP172.67.220.71:443
CertificateIssuerGoogle Trust Services LLC Subjectbiding234.top Fingerprint9D:89:88:B1:47:ED:14:73:49:AE:54:66:08:30:91:89:7C:9E:72:41 ValidityMon, 25 Mar 2024 07:54:36 GMT - Sun, 23 Jun 2024 07:54:35 GMT
File typeJavaScript source, ASCII text, with very long lines (556), with no line terminators Hash9988d60d2af7295734e3bd6d7acd296e 3e98c7ac2dde441b5fe9ab4666c2f206a15aebf1 553ac2cc49df373a2e138fb5d962a306250472c5785d33ec91de2957d188c976
GET /Aquery.js HTTP/1.1
Host: m.biding234.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://m.biding234.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 09:55:50 GMT
content-type: application/javascript
last-modified: Tue, 10 Oct 2023 02:40:54 GMT
etag: W/"6524b9b6-21c"
expires: Thu, 18 Apr 2024 21:55:50 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K9%2BjWHTvwDDv8VfNyjEBl75kSQ3oEZlGOChFGDaNRWZvwqb5B4EF4%2Bm33fwiAieP%2BEqmk4BglLG%2BJ71jJ%2BEXlcmbi5eSnDtZJWGja3QnUg8Z%2BziMHb4A%2BLOBnSMEhz9J7CU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763c80e7bb00b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| www.lelifi.com/app/app.js?t=shang&c=google&mb=1 | 104.21.46.15 | 200 OK | 4.0 kB |
URL GET HTTP/2www.lelifi.com/app/app.js?t=shang&c=google&mb=1 IP104.21.46.15:443
CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com FingerprintA7:86:67:95:65:3F:9F:95:2C:EB:56:1E:31:DA:D9:C2:31:58:79:9F ValidityWed, 24 May 2023 00:00:00 GMT - Thu, 23 May 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (4206), with no line terminators Hash46af1d8cf3d73f56cf6f6fbb87c33ea3 617094c4b5ab23cf3afa59194e3d6881e79b40f1 c2aee5c8d0f92da4667b82f4ba15ca0c74f7101e0477354a3d7807ea677954f3
GET /app/app.js?t=shang&c=google&mb=1 HTTP/1.1
Host: www.lelifi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://m.biding234.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 09:55:51 GMT
content-type: application/javascript
last-modified: Thu, 04 Apr 2024 11:15:30 GMT
vary: Accept-Encoding
etag: W/"660e8bd2-fc6"
expires: Thu, 18 Apr 2024 20:03:18 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 6753
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9EFT%2BuOaLnogqjXlW0M4tmWED9OJuZcecY9nRBWcA7Pe4WGgkvuWe4%2BkEaWRl7yXOkO%2B4IvdfTymKkjperUmEpG%2FHNlMvbYlwusRQ%2BHrQpoqReYNfMJkGfTQFNQV%2FrCPkQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8763c814fb3b7128-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|