| ocsp.r2m03.amazontrust.com/ |  143.204.53.97 | | 471 B |
URL ocsp.r2m03.amazontrust.com/ IP143.204.53.97:0
Hasha39656e3b154bf331db50a7b79599fe1 cb4ecd311d93d677fee1e63f1b8583b84dceb1b2 21fda9112c40b5ca3ecdbd00abd7b7e7c4438b93a9492e33ac967e574d8d65f5
POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: max-age=7200
Date: Tue, 07 May 2024 04:48:45 GMT
Server: ECAcc (amb/6B0A)
X-Cache: Miss from cloudfront
Via: 1.1 b9f0050ca4d212d7c855e005be54b1ac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: d0L-QA53Ih6OpDJJCtczoyIWQuLhaR5B9crSmBPa23bx6XRJyowJiA==
|
|
| nmhgyt-dfd.com/b_c/nzpj1E_FzS/top.html | 143.204.55.100 | 302 Found | 4 B |
URL User Request GET HTTP/2nmhgyt-dfd.com/b_c/nzpj1E_FzS/top.html IP143.204.55.100:443
CertificateIssuerAmazon Subjectnmhgyt-dfd.com Fingerprint95:49:A4:C9:93:E1:2B:23:7B:5A:47:5E:13:8C:70:0D:46:60:49:CC ValidityThu, 29 Feb 2024 00:00:00 GMT - Sat, 29 Mar 2025 23:59:59 GMT
Hashff4c8ff01d544500ea4bfea43e6108c1 3f3d2d8955322f325af6db2238355fa07007ebd9 545c38b0922de19734fbffde62792c37c2aef6a3216cfa472449173165220f7d
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /b_c/nzpj1E_FzS/top.html HTTP/1.1
Host: nmhgyt-dfd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
content-length: 4
location: https://5jv-qxp31.com/pHK/rKS/sIRqKOe3PyMRsKTrPNeILxHLtMSusWsVNH
x-powered-by: PHP/7.4.33
date: Tue, 07 May 2024 04:48:47 GMT
server: lighttpd/1.4.54
x-cache: Miss from cloudfront
via: 1.1 a6d89f7e2d55548b941f1ff5d5b3c8d4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: eRjsF_KHcoWPZ6M-goNDSmZlpBzpRww-kjaN-I1q6kKbAsWMesRVcg==
X-Firefox-Spdy: h2
|
|
| 5jv-qxp31.com/pHK/rKS/sIRqKOe3PyMRsKTrPNeILxHLtMSusWsVNH |  103.30.254.195 | 302 Found | 232 B |
URL User Request GET HTTP/1.15jv-qxp31.com/pHK/rKS/sIRqKOe3PyMRsKTrPNeILxHLtMSusWsVNH IP103.30.254.195:443 ASN#9919 New Century InfoComm Tech Co., Ltd.
CertificateIssuerLet's Encrypt Subjectgi.gi-f-t.com Fingerprint4A:E0:C5:BC:B8:15:DE:97:0F:AC:F2:94:2E:B3:2C:39:0C:60:A0:31 ValidityMon, 01 Apr 2024 00:32:17 GMT - Sun, 30 Jun 2024 00:32:16 GMT
File typeHTML document, ASCII text Hash8b583be730e53070d699232d6b5d1ec1 5ebebd356aff2efd8b16a27f718fca4b6abf7ad3 c35b767d653d3cdbb1796e0b3783cd7dbe6d5a836ff9c49763afd68f86cb49b4
GET /pHK/rKS/sIRqKOe3PyMRsKTrPNeILxHLtMSusWsVNH HTTP/1.1
Host: 5jv-qxp31.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Date: Tue, 07 May 2024 04:48:49 GMT
Location: https://5jv-qxp31.com/jump/?code=pHK/rKS/sIRqKOe3PyMRsKTrPNeILxHLtMSusWsVNH
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 232
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
|
|
| 5jv-qxp31.com/jump/?code=pHK/rKS/sIRqKOe3PyMRsKTrPNeILxHLtMSusWsVNH | 103.30.254.195 | 302 Moved Temporarily | 20 B |
URL User Request GET HTTP/1.15jv-qxp31.com/jump/?code=pHK/rKS/sIRqKOe3PyMRsKTrPNeILxHLtMSusWsVNH IP103.30.254.195:443 ASN#9919 New Century InfoComm Tech Co., Ltd.
CertificateIssuerLet's Encrypt Subjectgi.gi-f-t.com Fingerprint4A:E0:C5:BC:B8:15:DE:97:0F:AC:F2:94:2E:B3:2C:39:0C:60:A0:31 ValidityMon, 01 Apr 2024 00:32:17 GMT - Sun, 30 Jun 2024 00:32:16 GMT
File typegzip compressed data, from Unix Hash7029066c27ac6f5ef18d660d5741979a 46c6643f07aa7f6bfe7118de926b86defc5087c4 59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
GET /jump/?code=pHK/rKS/sIRqKOe3PyMRsKTrPNeILxHLtMSusWsVNH HTTP/1.1
Host: 5jv-qxp31.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Date: Tue, 07 May 2024 04:48:49 GMT
Server: Apache
Location: https://5jv-qxp31.com/confirm/?url=%2Fjump%2F%3Fcode%3DpHK%2FrKS%2FsIRqKOe3PyMRsKTrPNeILxHLtMSusWsVNH
Content-Type: text/html;charset=ISO-8859-1
Set-Cookie: JSESSIONID=6D875ED4DFFC734C14E9D559910D8A18; Path=/
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 20
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
|
|
| nmhgyt-dfd.com/ | 143.204.55.100 | | 0 B |
IP143.204.55.100:0
CertificateIssuerAmazon Subjectnmhgyt-dfd.com Fingerprint95:49:A4:C9:93:E1:2B:23:7B:5A:47:5E:13:8C:70:0D:46:60:49:CC ValidityThu, 29 Feb 2024 00:00:00 GMT - Sat, 29 Mar 2025 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET / HTTP/1.1
Host: nmhgyt-dfd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
X-Powered-By: PHP/7.4.33
Location: http://www.yahoo.co.jp/
Date: Tue, 07 May 2024 04:48:49 GMT
Server: lighttpd/1.4.54
X-Cache: Miss from cloudfront
Via: 1.1 501ad2910f631f0520a6d389d6f053e8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: lEOV94TYPY1FGH6Vcnic1-1JVnU_4CA7VUX_uvbKeyNN7GYeWaA9Pg==
|
|
| 5jv-qxp31.com/confirm/?url=%2Fjump%2F%3Fcode%3DpHK%2FrKS%2FsIRqKOe3PyMRsKTrPNeILxHLtMSusWsVNH | 103.30.254.195 | 200 OK | 478 B |
URL User Request GET HTTP/1.15jv-qxp31.com/confirm/?url=%2Fjump%2F%3Fcode%3DpHK%2FrKS%2FsIRqKOe3PyMRsKTrPNeILxHLtMSusWsVNH IP103.30.254.195:443 ASN#9919 New Century InfoComm Tech Co., Ltd.
CertificateIssuerLet's Encrypt Subjectgi.gi-f-t.com Fingerprint4A:E0:C5:BC:B8:15:DE:97:0F:AC:F2:94:2E:B3:2C:39:0C:60:A0:31 ValidityMon, 01 Apr 2024 00:32:17 GMT - Sun, 30 Jun 2024 00:32:16 GMT
File typeHTML document, Unicode text, UTF-8 text Hash7efefff7950c7314a3a4ca8e32879d3d a81b98e3dd1a282585be9f6c1b3f0aa1c65dfaeb a122092c02e128949f9ee7af1450413cea3cf159558f97d67e68f6e296625fb2
GET /confirm/?url=%2Fjump%2F%3Fcode%3DpHK%2FrKS%2FsIRqKOe3PyMRsKTrPNeILxHLtMSusWsVNH HTTP/1.1
Host: 5jv-qxp31.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: JSESSIONID=6D875ED4DFFC734C14E9D559910D8A18
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 07 May 2024 04:48:49 GMT
Server: Apache
Content-Type: text/html;charset=UTF-8
Content-Language: ja-JP
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
|
|
| www.yahoo.co.jp/ |  182.22.31.252 | | 1 B |
IP182.22.31.252:0 ASN#23816 Yahoo Japan Corporation
File typevery short file (no magic) Hash7215ee9c7d9dc229d2921a40e899ec5f b858cb282617fb0956d960215c8e84d1ccf909c6 36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068
GET / HTTP/1.1
Host: www.yahoo.co.jp
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Redirect
Date: Tue, 07 May 2024 04:48:50 GMT
Connection: keep-alive
Cache-Control: no-store
Location: https://www.yahoo.co.jp:443/
Content-Type: text/html
Content-Language: en
X-Z-Chihaya: r=1
Accept-CH: Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch
Permissions-Policy: ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform-version=*, ch-ua-arch=*, unload=()
Content-Length: 1
|
|
| 5jv-qxp31.com/favicon.ico | 103.30.254.195 | 404 Not Found | 22 B |
URL GET HTTP/1.15jv-qxp31.com/favicon.ico IP103.30.254.195:443 ASN#9919 New Century InfoComm Tech Co., Ltd.
Requested byhttps://5jv-qxp31.com/confirm/?url=%2Fjump%2F%3Fcode%3DpHK%2FrKS%2FsIRqKOe3PyMRsKTrPNeILxHLtMSusWsVNH CertificateIssuerLet's Encrypt Subjectgi.gi-f-t.com Fingerprint4A:E0:C5:BC:B8:15:DE:97:0F:AC:F2:94:2E:B3:2C:39:0C:60:A0:31 ValidityMon, 01 Apr 2024 00:32:17 GMT - Sun, 30 Jun 2024 00:32:16 GMT
File typeASCII text, with no line terminators Hash23b58def11b45727d3351702515f86af 099600a10a944114aac406d136b625fb416dd779 6c179f21e6f62b629055d8ab40f454ed02e48b68563913473b857d3638e23b28
GET /favicon.ico HTTP/1.1
Host: 5jv-qxp31.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5jv-qxp31.com/confirm/?url=%2Fjump%2F%3Fcode%3DpHK%2FrKS%2FsIRqKOe3PyMRsKTrPNeILxHLtMSusWsVNH
Cookie: JSESSIONID=6D875ED4DFFC734C14E9D559910D8A18
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Tue, 07 May 2024 04:48:50 GMT
Server: Apache
Content-Type: text/html;charset=ISO-8859-1
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 22
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
|
|
| www.yahoo.co.jp/ | 182.22.31.252 | | 10 kB |
IP182.22.31.252:0 ASN#23816 Yahoo Japan Corporation
File typeHTML document, Unicode text, UTF-8 text, with very long lines (486) Hashbf7ebe1cc45db5a11337e505248ca4f8 ca46580e39a792218e8a0adc5a3e6e25dc11ee1f ae97b45362096c079f51de99d60833ee729b9daca0d414bf20dd797395b4717b
GET / HTTP/1.1
Host: www.yahoo.co.jp
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 403 Forbidden
date: Tue, 07 May 2024 04:48:51 GMT
x-z-chihaya: r=1
x-frame-options: SAMEORIGIN
content-length: 10051
content-type: text/html
X-Firefox-Spdy: h2
|
|