Report - winflytech.com/

Report Overview

Submitted URL
winflytech.com/
IP
101.32.246.165
ASN
#132203 Tencent Building, Kejizhongyi Avenue
Submitted
2024-04-18 20:50:39
Access
public
Website Title
Shenzhen Winfly New Material Co.,LTD.
Final URL
www.winflytech.com/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
68

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
winflytech.com	unknown	unknown	No data	No data	854 B	790 B	101.32.246.165
at.alicdn.com	11137	2008-06-25	2013-11-28	2024-04-18	508 B	18 kB	47.246.44.251
www.winflytech.com	unknown	2020-09-29	2022-08-28	2024-03-08	16 kB	1.5 MB	101.32.246.165
1.staticec.com	204851	2015-08-04	2017-10-09	2024-01-23	410 B	75 kB	119.167.147.251
kf.ecqun.com	202558	2007-04-21	2017-10-09	2024-02-22	627 B	0 B	0.0.0.0

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-18	medium	winflytech.com	Sinkholed
2024-04-18	medium	winflytech.com	Sinkholed
2024-04-18	medium	winflytech.com	Sinkholed
2024-04-18	medium	winflytech.com	Sinkholed
2024-04-18	medium	winflytech.com	Sinkholed
2024-04-18	medium	winflytech.com	Sinkholed
2024-04-18	medium	winflytech.com	Sinkholed
2024-04-18	medium	winflytech.com	Sinkholed
2024-04-18	medium	winflytech.com	Sinkholed
2024-04-18	medium	winflytech.com	Sinkholed
2024-04-18	medium	winflytech.com	Sinkholed
2024-04-18	medium	winflytech.com	Sinkholed
2024-04-18	medium	winflytech.com	Sinkholed
2024-04-18	medium	winflytech.com	Sinkholed
2024-04-18	medium	winflytech.com	Sinkholed
2024-04-18	medium	winflytech.com	Sinkholed
2024-04-18	medium	winflytech.com	Sinkholed
2024-04-18	medium	winflytech.com	Sinkholed
2024-04-18	medium	winflytech.com	Sinkholed
2024-04-18	medium	winflytech.com	Sinkholed
2024-04-18	medium	winflytech.com	Sinkholed
2024-04-18	medium	winflytech.com	Sinkholed
2024-04-18	medium	winflytech.com	Sinkholed
2024-04-18	medium	winflytech.com	Sinkholed
2024-04-18	medium	winflytech.com	Sinkholed
2024-04-18	medium	winflytech.com	Sinkholed
2024-04-18	medium	winflytech.com	Sinkholed
2024-04-18	medium	winflytech.com	Sinkholed
2024-04-18	medium	winflytech.com	Sinkholed
2024-04-18	medium	winflytech.com	Sinkholed
2024-04-18	medium	winflytech.com	Sinkholed
2024-04-18	medium	winflytech.com	Sinkholed
2024-04-18	medium	winflytech.com	Sinkholed
2024-04-18	medium	winflytech.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (7)

	URL	Size	First Seen	Last Seen
	www.winflytech.com/wp-content/themes/pmjs/Scripts/jquery.min.js	93 kB	2023-03-07	2024-05-02
Pretty URL www.winflytech.com/wp-content/themes/pmjs/Scripts/jquery.min.js IP 101.32.246.165 ASN #132203 Tencent Building, Kejizhongyi Avenue Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:08 Last Seen2024-05-02 11:53:24 Times Seen23636 Hash 397754ba49e9e0cf4e7c190da78dda05 ae49e56999d82802727455f0ba83b63acd90a22b c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4 Loading...

	www.winflytech.com/wp-content/themes/pmjs/Scripts/swiper.min.js	96 kB	2023-03-07	2024-05-01
Pretty URL www.winflytech.com/wp-content/themes/pmjs/Scripts/swiper.min.js IP 101.32.246.165 ASN #132203 Tencent Building, Kejizhongyi Avenue Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:17:19 Last Seen2024-05-01 16:53:09 Times Seen1589 Hash fb13ef3e875ca3497ede35d3774be9d3 ab0743a89d522438c17ae7eaf5943fd4590ee3d0 4a10219bee747aadeeda78f166d787adf32583f361f88d44b472f6f3da798083 Loading...

	www.winflytech.com/	340 B	2024-04-18	2024-04-18
Pretty URL www.winflytech.com/ IP 101.32.246.165 ASN #132203 Tencent Building, Kejizhongyi Avenue Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-18 22:50:48 Last Seen2024-04-18 22:50:48 Times Seen1 Hash 2f450992541e8bd837595918efd8ea4c 7df52b5f77f92e66d908e37de57df007ba7edff2 8bba72e6d1a03557d598393867388bdefb55208af3da753fdc01231f2be44860 Loading...

	1.staticec.com/kf/sdk/js/ec_cs.js	190 kB	2024-04-18	2024-04-18
Pretty URL 1.staticec.com/kf/sdk/js/ec_cs.js IP 119.167.147.251 ASN #4837 CHINA UNICOM China169 Backbone Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 22:50:48 Last Seen2024-04-18 22:50:48 Times Seen2 Hash 5c8c60113d862487d7b5eebe5df4a57e 1d817c55ac09e4bab55551694db088efa9435763 81371ae0a275094a970b9e1b65229e9b55c1d5c96cf5780f38dd16d1387ba6f4 Loading...

	www.winflytech.com/wp-content/themes/pmjs/Scripts/wow.min.js	7.1 kB	2023-03-07	2024-05-01
Pretty URL www.winflytech.com/wp-content/themes/pmjs/Scripts/wow.min.js IP 101.32.246.165 ASN #132203 Tencent Building, Kejizhongyi Avenue Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:05:24 Last Seen2024-05-01 19:12:10 Times Seen539 Hash 4b253cabaafa86647183695c4c4365e7 d653b2ed6a5d94f718b4ddcbef28d57bd8668cef 027931e5177abc3f452dd92ffea8867a18381bcce1779bfe3843d4d7a582f97a Loading...

	www.winflytech.com/wp-content/themes/pmjs/Scripts/index.js	6.9 kB	2024-04-18	2024-04-18
Pretty URL www.winflytech.com/wp-content/themes/pmjs/Scripts/index.js IP 101.32.246.165 ASN #132203 Tencent Building, Kejizhongyi Avenue Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 22:50:48 Last Seen2024-04-18 22:50:48 Times Seen1 Hash 4dcbcdc2598b589664e855da7ff2c2a4 95d1d6af3c77708a714358f7ba0b46f8befcfe5c 5311e4df2c669c334d80588edac8fbee8ac69b76df980ac371c806717b0bb4d0 Loading...

	www.winflytech.com/wp-content/themes/pmjs/Scripts/selectivizr.js	4.5 kB	2023-03-08	2024-04-18
Pretty URL www.winflytech.com/wp-content/themes/pmjs/Scripts/selectivizr.js IP 101.32.246.165 ASN #132203 Tencent Building, Kejizhongyi Avenue Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 01:39:57 Last Seen2024-04-18 22:50:48 Times Seen6 Hash 82e3d0294495d23b1bd7bc34ddbb0b48 bf29db579d11a6f76ca7a49a53998338c4f56a30 0d6f40f01f475d33ee295b0978dfa5cbbb5bc14b4687ff8480ab70ee9b2e18c0 Loading...

HTTP Transactions (37)

URL IP Response Size

winflytech.com/

101.32.246.165

301 Moved Permanently

162 B

URL User Request GET HTTP/2
winflytech.com/
IP
101.32.246.165:443
ASN
#132203 Tencent Building, Kejizhongyi Avenue

Certificate
IssuerLet's Encrypt
Subjectwww.winflytech.com
FingerprintD7:7B:4D:00:D1:85:03:37:CE:DD:F7:C3:A0:26:3E:B4:B9:C1:95:4E
ValidityFri, 08 Mar 2024 15:10:18 GMT - Thu, 06 Jun 2024 15:10:17 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: winflytech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 18 Apr 2024 20:50:14 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://winflytech.com/
Strict-Transport-Security: max-age=31536000

winflytech.com/

101.32.246.165

301 Moved Permanently

162 B

URL User Request GET HTTP/2
winflytech.com/
IP
101.32.246.165:443
ASN
#132203 Tencent Building, Kejizhongyi Avenue

Certificate
IssuerLet's Encrypt
Subjectwww.winflytech.com
FingerprintD7:7B:4D:00:D1:85:03:37:CE:DD:F7:C3:A0:26:3E:B4:B9:C1:95:4E
ValidityFri, 08 Mar 2024 15:10:18 GMT - Thu, 06 Jun 2024 15:10:17 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: winflytech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
server: nginx
date: Thu, 18 Apr 2024 20:50:17 GMT
content-type: text/html
content-length: 162
location: https://www.winflytech.com/
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

at.alicdn.com/t/font_1152918_xmklah1ag7f.woff2

47.246.44.251

200 OK

17 kB

URL GET HTTP/2
at.alicdn.com/t/font_1152918_xmklah1ag7f.woff2
IP
47.246.44.251:443
ASN
#24429 Zhejiang Taobao Network Co.,Ltd

Requested by
https://www.winflytech.com/
Certificate
IssuerGlobalSign nv-sa
Subject*.tbcdn.cn
Fingerprint29:04:BE:E6:49:30:F7:DC:C0:BE:56:8F:B4:AC:24:9B:50:1A:F7:E2
ValidityTue, 26 Dec 2023 03:36:04 GMT - Tue, 30 Jul 2024 02:26:11 GMT

File type
Web Open Font Format (Version 2), TrueType, length 17396, version 1.0
Size
17 kB (17396 bytes)
Hash
11df889f4a1519bf849de365266871c9
4eab6fb1e294098171e06eb236f4141098ccece9
26895caa3817cd419dcf40cda1e67dc0e1ed8ed3ddedbf22d327ed70f0fe09a3

HTTP Headers

GET /t/font_1152918_xmklah1ag7f.woff2 HTTP/1.1
Host: at.alicdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.winflytech.com
DNT: 1
Connection: keep-alive
Referer: https://www.winflytech.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: Tengine
content-type: font/woff2
content-length: 17396
date: Thu, 18 Apr 2024 20:50:28 GMT
x-oss-request-id: 66218794FC091B323326CE4B
vary: Origin
accept-ranges: bytes
etag: "11DF889F4A1519BF849DE365266871C9"
last-modified: Fri, 24 Dec 2021 10:56:59 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 13112471381034549150
x-oss-storage-class: Standard
cache-control: max-age=63072000
content-md5: Ed+In0oVGb+EneNlJmhxyQ==
x-oss-server-time: 3
ali-swift-global-savetime: 1713473428
via: cache27.l2fr1[510,510,200-0,M], cache30.l2fr1[511,0], ens-cache12.se2[547,547,200-0,M], ens-cache15.se2[547,0]
age: 0
x-cache: MISS TCP_MISS dirn:-2:-2
x-swift-savetime: Thu, 18 Apr 2024 20:50:28 GMT
x-swift-cachetime: 31104000
access-control-allow-origin: *
timing-allow-origin: *
eagleid: 2ff62ca317134734276948355e
X-Firefox-Spdy: h2

www.winflytech.com/wp-content/themes/pmjs/Scripts/jquery.SuperSlide.2.1.1.js

101.32.246.165

404 Not Found

146 B

URL GET HTTP/2
www.winflytech.com/wp-content/themes/pmjs/Scripts/jquery.SuperSlide.2.1.1.js
IP
101.32.246.165:443
ASN
#132203 Tencent Building, Kejizhongyi Avenue

Requested by
https://www.winflytech.com/
Certificate
IssuerLet's Encrypt
Subjectwww.winflytech.com
FingerprintD7:7B:4D:00:D1:85:03:37:CE:DD:F7:C3:A0:26:3E:B4:B9:C1:95:4E
ValidityFri, 08 Mar 2024 15:10:18 GMT - Thu, 06 Jun 2024 15:10:17 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
146 B (146 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/pmjs/Scripts/jquery.SuperSlide.2.1.1.js HTTP/1.1
Host: www.winflytech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.winflytech.com/
Cookie: pll_language=de
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Thu, 18 Apr 2024 20:50:21 GMT
content-type: text/html
content-length: 146
X-Firefox-Spdy: h2

www.winflytech.com/wp-content/themes/pmjs/Images/head_line.jpg

101.32.246.165

200 OK

1.4 kB

URL GET HTTP/2
www.winflytech.com/wp-content/themes/pmjs/Images/head_line.jpg
IP
101.32.246.165:443
ASN
#132203 Tencent Building, Kejizhongyi Avenue

Requested by
https://www.winflytech.com/
Certificate
IssuerLet's Encrypt
Subjectwww.winflytech.com
FingerprintD7:7B:4D:00:D1:85:03:37:CE:DD:F7:C3:A0:26:3E:B4:B9:C1:95:4E
ValidityFri, 08 Mar 2024 15:10:18 GMT - Thu, 06 Jun 2024 15:10:17 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 1x68, components 3
Size
1.4 kB (1444 bytes)
Hash
076b6a4877e87f6007257a9b1ac11037
bc557ee527fb67482eb87082742860681369fd15
ec2e6fe29cd43b6935b902c31b80272c925cbcace1b9777b5f500d0be938333e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/pmjs/Images/head_line.jpg HTTP/1.1
Host: www.winflytech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.winflytech.com/wp-content/themes/pmjs/Css/style.css
Cookie: pll_language=de
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 20:50:27 GMT
content-type: image/jpeg
content-length: 1444
last-modified: Mon, 15 Aug 2022 08:39:23 GMT
etag: "62fa063b-5a4"
expires: Sat, 18 May 2024 20:50:27 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

www.winflytech.com/wp-content/themes/pmjs/Images/nav_line.png

101.32.246.165

200 OK

927 B

URL GET HTTP/2
www.winflytech.com/wp-content/themes/pmjs/Images/nav_line.png
IP
101.32.246.165:443
ASN
#132203 Tencent Building, Kejizhongyi Avenue

Requested by
https://www.winflytech.com/
Certificate
IssuerLet's Encrypt
Subjectwww.winflytech.com
FingerprintD7:7B:4D:00:D1:85:03:37:CE:DD:F7:C3:A0:26:3E:B4:B9:C1:95:4E
ValidityFri, 08 Mar 2024 15:10:18 GMT - Thu, 06 Jun 2024 15:10:17 GMT

File type
PNG image data, 1 x 15, 8-bit/color RGBA, non-interlaced
Size
927 B (927 bytes)
Hash
e7cacb43fd04403d5a1260e53d603ae0
eac8047a9ed740d93cf1b11a7329812ba7c0302a
90154209bb31c60f9e161a922800754700da61798680fadd2ad50392bffbbda5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/pmjs/Images/nav_line.png HTTP/1.1
Host: www.winflytech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.winflytech.com/wp-content/themes/pmjs/Css/style.css
Cookie: pll_language=de
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 20:50:27 GMT
content-type: image/png
content-length: 927
last-modified: Mon, 15 Aug 2022 08:39:26 GMT
etag: "62fa063e-39f"
expires: Sat, 18 May 2024 20:50:27 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

www.winflytech.com/wp-content/themes/pmjs/Scripts/jquery.SuperSlide.2.1.1.js

101.32.246.165

404 Not Found

146 B

URL GET HTTP/2
www.winflytech.com/wp-content/themes/pmjs/Scripts/jquery.SuperSlide.2.1.1.js
IP
101.32.246.165:443
ASN
#132203 Tencent Building, Kejizhongyi Avenue

Requested by
https://www.winflytech.com/
Certificate
IssuerLet's Encrypt
Subjectwww.winflytech.com
FingerprintD7:7B:4D:00:D1:85:03:37:CE:DD:F7:C3:A0:26:3E:B4:B9:C1:95:4E
ValidityFri, 08 Mar 2024 15:10:18 GMT - Thu, 06 Jun 2024 15:10:17 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
146 B (146 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/pmjs/Scripts/jquery.SuperSlide.2.1.1.js HTTP/1.1
Host: www.winflytech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.winflytech.com/
Cookie: pll_language=de
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Thu, 18 Apr 2024 20:50:29 GMT
content-type: text/html
content-length: 146
X-Firefox-Spdy: h2

www.winflytech.com/wp-content/themes/pmjs/Images/pageadv_bg.jpg

101.32.246.165

200 OK

56 kB

URL GET HTTP/2
www.winflytech.com/wp-content/themes/pmjs/Images/pageadv_bg.jpg
IP
101.32.246.165:443
ASN
#132203 Tencent Building, Kejizhongyi Avenue

Requested by
https://www.winflytech.com/
Certificate
IssuerLet's Encrypt
Subjectwww.winflytech.com
FingerprintD7:7B:4D:00:D1:85:03:37:CE:DD:F7:C3:A0:26:3E:B4:B9:C1:95:4E
ValidityFri, 08 Mar 2024 15:10:18 GMT - Thu, 06 Jun 2024 15:10:17 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 1920x250, components 3
Size
56 kB (56398 bytes)
Hash
48b34e8e538b605c9e721e2298cb4a5d
d9e568778ae6dab4be71b53c6793db260926a64a
2352501c41fddb7b35fc4672a8fe91395c136f458760032ef02102f208fdd952

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/pmjs/Images/pageadv_bg.jpg HTTP/1.1
Host: www.winflytech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.winflytech.com/wp-content/themes/pmjs/Css/style.css
Cookie: pll_language=de
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 20:50:27 GMT
content-type: image/jpeg
content-length: 56398
last-modified: Mon, 15 Aug 2022 08:39:27 GMT
etag: "62fa063f-dc4e"
expires: Sat, 18 May 2024 20:50:27 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

www.winflytech.com/wp-content/themes/pmjs/Images/tel2.png

101.32.246.165

200 OK

1.9 kB

URL GET HTTP/2
www.winflytech.com/wp-content/themes/pmjs/Images/tel2.png
IP
101.32.246.165:443
ASN
#132203 Tencent Building, Kejizhongyi Avenue

Requested by
https://www.winflytech.com/
Certificate
IssuerLet's Encrypt
Subjectwww.winflytech.com
FingerprintD7:7B:4D:00:D1:85:03:37:CE:DD:F7:C3:A0:26:3E:B4:B9:C1:95:4E
ValidityFri, 08 Mar 2024 15:10:18 GMT - Thu, 06 Jun 2024 15:10:17 GMT

File type
PNG image data, 42 x 42, 8-bit/color RGBA, non-interlaced
Size
1.9 kB (1946 bytes)
Hash
9a9a35941d0b410d871725115420aa66
f2e63872f367b5e248ab15ce230ee4acfd5ee208
74e82091243f1c78d11d01252412a318ca4bf8cfb080f202e189583c5f579a08

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/pmjs/Images/tel2.png HTTP/1.1
Host: www.winflytech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.winflytech.com/wp-content/themes/pmjs/Css/style.css
Cookie: pll_language=de
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 20:50:27 GMT
content-type: image/png
content-length: 1946
last-modified: Mon, 15 Aug 2022 08:39:30 GMT
etag: "62fa0642-79a"
expires: Sat, 18 May 2024 20:50:27 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

www.winflytech.com/wp-content/themes/pmjs/Images/news_bg.jpg

101.32.246.165

200 OK

1.5 kB

URL GET HTTP/2
www.winflytech.com/wp-content/themes/pmjs/Images/news_bg.jpg
IP
101.32.246.165:443
ASN
#132203 Tencent Building, Kejizhongyi Avenue

Requested by
https://www.winflytech.com/
Certificate
IssuerLet's Encrypt
Subjectwww.winflytech.com
FingerprintD7:7B:4D:00:D1:85:03:37:CE:DD:F7:C3:A0:26:3E:B4:B9:C1:95:4E
ValidityFri, 08 Mar 2024 15:10:18 GMT - Thu, 06 Jun 2024 15:10:17 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 50x50, components 3
Size
1.5 kB (1530 bytes)
Hash
9118fd6185df1812d85d473a90ddd9b3
2b9707ea87dfd3292f33bf2ce8ffea493e723871
e42ca47f2ff259a596bd147f95c49d276862458837cc028e0a4743ad0004bc0f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/pmjs/Images/news_bg.jpg HTTP/1.1
Host: www.winflytech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.winflytech.com/wp-content/themes/pmjs/Css/style.css
Cookie: pll_language=de
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 20:50:27 GMT
content-type: image/jpeg
content-length: 1530
last-modified: Mon, 15 Aug 2022 08:39:26 GMT
etag: "62fa063e-5fa"
expires: Sat, 18 May 2024 20:50:27 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

www.winflytech.com/wp-content/themes/pmjs/Images/about_bg.jpg

101.32.246.165

200 OK

230 kB

URL GET HTTP/2
www.winflytech.com/wp-content/themes/pmjs/Images/about_bg.jpg
IP
101.32.246.165:443
ASN
#132203 Tencent Building, Kejizhongyi Avenue

Requested by
https://www.winflytech.com/
Certificate
IssuerLet's Encrypt
Subjectwww.winflytech.com
FingerprintD7:7B:4D:00:D1:85:03:37:CE:DD:F7:C3:A0:26:3E:B4:B9:C1:95:4E
ValidityFri, 08 Mar 2024 15:10:18 GMT - Thu, 06 Jun 2024 15:10:17 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 1919x900, components 3
Size
230 kB (229557 bytes)
Hash
091dcdbea85dd5819de0c140cccdcbc1
1fb60afd7eed762158f12d90cd1dfdf4fab06fd5
5c67dd9a9706f3a4ffa7eaa9a004f7e7ec9856238ede6dd0ea8333d7990adac2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/pmjs/Images/about_bg.jpg HTTP/1.1
Host: www.winflytech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.winflytech.com/wp-content/themes/pmjs/Css/style.css
Cookie: pll_language=de
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 20:50:27 GMT
content-type: image/jpeg
content-length: 229557
last-modified: Mon, 15 Aug 2022 08:39:20 GMT
etag: "62fa0638-380b5"
expires: Sat, 18 May 2024 20:50:27 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

www.winflytech.com/wp-content/themes/pmjs/Picture/logo.png

101.32.246.165

200 OK

100 kB

URL GET HTTP/2
www.winflytech.com/wp-content/themes/pmjs/Picture/logo.png
IP
101.32.246.165:443
ASN
#132203 Tencent Building, Kejizhongyi Avenue

Requested by
https://www.winflytech.com/
Certificate
IssuerLet's Encrypt
Subjectwww.winflytech.com
FingerprintD7:7B:4D:00:D1:85:03:37:CE:DD:F7:C3:A0:26:3E:B4:B9:C1:95:4E
ValidityFri, 08 Mar 2024 15:10:18 GMT - Thu, 06 Jun 2024 15:10:17 GMT

File type
PNG image data, 696 x 397, 8-bit/color RGBA, non-interlaced
Size
100 kB (100495 bytes)
Hash
5d8cd46f06951d17a4b23c62126b34f3
63f73bea873c6f1a2118ad406f72cc809d6dda26
b016772037e8dc68f0e330200f58fc0a9d4a84cfb177ed9b8c384ee2e8dccc59

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/pmjs/Picture/logo.png HTTP/1.1
Host: www.winflytech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.winflytech.com/
Cookie: pll_language=de
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 20:50:21 GMT
content-type: image/png
content-length: 100495
last-modified: Mon, 15 Aug 2022 08:39:46 GMT
etag: "62fa0652-1888f"
expires: Sat, 18 May 2024 20:50:21 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

1.staticec.com/kf/sdk/js/ec_cs.js

119.167.147.251

200 OK

74 kB

URL GET HTTP/2
1.staticec.com/kf/sdk/js/ec_cs.js
IP
119.167.147.251:443
ASN
#4837 CHINA UNICOM China169 Backbone

Requested by
https://www.winflytech.com/
Certificate
IssuerTrustAsia Technologies, Inc.
Subject*.staticec.com
Fingerprint89:94:52:F6:4D:35:DF:E6:0D:1C:93:E3:21:52:2F:FD:71:D1:14:E1
ValidityThu, 10 Aug 2023 00:00:00 GMT - Fri, 09 Aug 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (62251), with no line terminators
Size
74 kB (74121 bytes)
Hash
5c8c60113d862487d7b5eebe5df4a57e
1d817c55ac09e4bab55551694db088efa9435763
81371ae0a275094a970b9e1b65229e9b55c1d5c96cf5780f38dd16d1387ba6f4

HTTP Headers

GET /kf/sdk/js/ec_cs.js HTTP/1.1
Host: 1.staticec.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.winflytech.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Wed, 10 Jan 2024 11:04:28 GMT
content-encoding: gzip
etag: W/"659e79bc-2e606"
date: Mon, 15 Apr 2024 11:09:38 GMT
content-type: application/javascript
expires: Mon, 15 Apr 2024 11:19:38 GMT
x-powered-by: qcloudlnmp-4
access-control-allow-methods: GET
access-control-allow-origin: *
x-request-id: ea9de7de79a5b5ff9a59e543ecf5eae5
server: Lego Server
cache-control: max-age=600
age: 508
content-length: 74121
accept-ranges: bytes
x-nws-log-uuid: 188825113973279451
x-cache-lookup: Cache Hit
X-Firefox-Spdy: h2

www.winflytech.com/wp-content/themes/pmjs/Images/favicon.ico

101.32.246.165

200 OK

1.2 kB

URL GET HTTP/2
www.winflytech.com/wp-content/themes/pmjs/Images/favicon.ico
IP
101.32.246.165:443
ASN
#132203 Tencent Building, Kejizhongyi Avenue

Requested by
https://www.winflytech.com/
Certificate
IssuerLet's Encrypt
Subjectwww.winflytech.com
FingerprintD7:7B:4D:00:D1:85:03:37:CE:DD:F7:C3:A0:26:3E:B4:B9:C1:95:4E
ValidityFri, 08 Mar 2024 15:10:18 GMT - Thu, 06 Jun 2024 15:10:17 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Size
1.2 kB (1150 bytes)
Hash
b7a2090824c6ee911f2e6cc985fd26b8
becb680de04704a37fa66b9488f40a1ba77624ae
c459d926bcd2b36d10d74943ac4fc3c6966caf9c15465a1f3ab028d0d1e63476

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/pmjs/Images/favicon.ico HTTP/1.1
Host: www.winflytech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.winflytech.com/
Cookie: pll_language=de
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 20:50:33 GMT
content-type: image/x-icon
content-length: 1150
last-modified: Mon, 15 Aug 2022 08:39:23 GMT
etag: "62fa063b-47e"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

www.winflytech.com/wp-content/themes/pmjs/Images/fqcj.png

101.32.246.165

200 OK

124 kB

URL GET HTTP/2
www.winflytech.com/wp-content/themes/pmjs/Images/fqcj.png
IP
101.32.246.165:443
ASN
#132203 Tencent Building, Kejizhongyi Avenue

Requested by
https://www.winflytech.com/
Certificate
IssuerLet's Encrypt
Subjectwww.winflytech.com
FingerprintD7:7B:4D:00:D1:85:03:37:CE:DD:F7:C3:A0:26:3E:B4:B9:C1:95:4E
ValidityFri, 08 Mar 2024 15:10:18 GMT - Thu, 06 Jun 2024 15:10:17 GMT

File type
PNG image data, 301 x 202, 8-bit/color RGBA, non-interlaced
Size
124 kB (124046 bytes)
Hash
ef4bae6928a36e540aa9540f80e32eb8
33595453ead6af32b17f83e39f536649144fc142
a76f32e7e98027d8fcaf564eeabecb5097f15ecd7d312660a4a0fe6beb74619b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/pmjs/Images/fqcj.png HTTP/1.1
Host: www.winflytech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.winflytech.com/
Cookie: pll_language=de
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 20:50:21 GMT
content-type: image/png
content-length: 124046
last-modified: Mon, 15 Aug 2022 08:39:23 GMT
etag: "62fa063b-1e48e"
expires: Sat, 18 May 2024 20:50:21 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

www.winflytech.com/wp-content/themes/pmjs/Images/about.jpg

101.32.246.165

131 kB

URL GET
www.winflytech.com/wp-content/themes/pmjs/Images/about.jpg
IP
101.32.246.165:0
ASN
#132203 Tencent Building, Kejizhongyi Avenue

Requested by
https://www.winflytech.com/
Certificate
IssuerLet's Encrypt
Subjectwww.winflytech.com
FingerprintD7:7B:4D:00:D1:85:03:37:CE:DD:F7:C3:A0:26:3E:B4:B9:C1:95:4E
ValidityFri, 08 Mar 2024 15:10:18 GMT - Thu, 06 Jun 2024 15:10:17 GMT

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=700, bps=0, PhotometricInterpretation=RGB, orientation=upper-left, width=1000], progressive, precision 8, 420x273, components 3
Size
131 kB (131239 bytes)
Hash
806a7b5a13866c11e8d427ddfe735aeb
9ac2716b1fc07cebf6179cd127ef6615634795bf
35d99b86d8c8254f03ff9f2497898c960df39cbef1e9e6a2ade248cad8640fe0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/pmjs/Images/about.jpg HTTP/1.1
Host: www.winflytech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.winflytech.com/
Cookie: pll_language=de
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 20:50:21 GMT
content-type: image/jpeg
content-length: 131239
last-modified: Mon, 15 Aug 2022 08:39:20 GMT
etag: "62fa0638-200a7"
expires: Sat, 18 May 2024 20:50:21 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

www.winflytech.com/wp-content/themes/pmjs/Images/tfsccj.png

101.32.246.165

160 kB

URL GET
www.winflytech.com/wp-content/themes/pmjs/Images/tfsccj.png
IP
101.32.246.165:0
ASN
#132203 Tencent Building, Kejizhongyi Avenue

Requested by
https://www.winflytech.com/
Certificate
IssuerLet's Encrypt
Subjectwww.winflytech.com
FingerprintD7:7B:4D:00:D1:85:03:37:CE:DD:F7:C3:A0:26:3E:B4:B9:C1:95:4E
ValidityFri, 08 Mar 2024 15:10:18 GMT - Thu, 06 Jun 2024 15:10:17 GMT

File type
PNG image data, 301 x 201, 8-bit/color RGBA, non-interlaced
Size
160 kB (159812 bytes)
Hash
9ca72b50486f003ed295cff63897ca9f
03e43febfcf5e42ceaf32dcbf5500d2c73795f81
c7da6d9edcc88eefa8a40688ea57f19b9fd857d0f371e5aa1e565a8a8dd0b127

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/pmjs/Images/tfsccj.png HTTP/1.1
Host: www.winflytech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.winflytech.com/
Cookie: pll_language=de
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 20:50:21 GMT
content-type: image/png
content-length: 159812
last-modified: Mon, 15 Aug 2022 08:39:31 GMT
etag: "62fa0643-27044"
expires: Sat, 18 May 2024 20:50:21 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

www.winflytech.com/wp-content/themes/pmjs/Images/thcj.png

101.32.246.165

155 kB

URL GET
www.winflytech.com/wp-content/themes/pmjs/Images/thcj.png
IP
101.32.246.165:0
ASN
#132203 Tencent Building, Kejizhongyi Avenue

Requested by
https://www.winflytech.com/
Certificate
IssuerLet's Encrypt
Subjectwww.winflytech.com
FingerprintD7:7B:4D:00:D1:85:03:37:CE:DD:F7:C3:A0:26:3E:B4:B9:C1:95:4E
ValidityFri, 08 Mar 2024 15:10:18 GMT - Thu, 06 Jun 2024 15:10:17 GMT

File type
PNG image data, 301 x 201, 8-bit/color RGBA, non-interlaced
Size
155 kB (154709 bytes)
Hash
6198c6dbff836309dc5809c8c47c4407
bb73ccf16f383d312eee40988d4d0ae878a90730
beb243b88ee4e8328c2a835b2c36c80f8f646230d70ec20a2a1efa262ab85257

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/pmjs/Images/thcj.png HTTP/1.1
Host: www.winflytech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.winflytech.com/
Cookie: pll_language=de
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 20:50:21 GMT
content-type: image/png
content-length: 154709
last-modified: Mon, 15 Aug 2022 08:39:31 GMT
etag: "62fa0643-25c55"
expires: Sat, 18 May 2024 20:50:21 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

www.winflytech.com/wp-content/themes/pmjs/Picture/wx.png

101.32.246.165

135 kB

URL GET
www.winflytech.com/wp-content/themes/pmjs/Picture/wx.png
IP
101.32.246.165:0
ASN
#132203 Tencent Building, Kejizhongyi Avenue

Requested by
https://www.winflytech.com/
Certificate
IssuerLet's Encrypt
Subjectwww.winflytech.com
FingerprintD7:7B:4D:00:D1:85:03:37:CE:DD:F7:C3:A0:26:3E:B4:B9:C1:95:4E
ValidityFri, 08 Mar 2024 15:10:18 GMT - Thu, 06 Jun 2024 15:10:17 GMT

File type
PNG image data, 300 x 300, 8-bit/color RGB, non-interlaced
Size
135 kB (135128 bytes)
Hash
42ebd4e8f6b01bbf914ee414d5a9822a
8dd40bbc76e4b89ee702f9b6a33eb7effcb1ddb1
8e1b680767f9cdb09f8756dc07389f4feb415e7245fd6a4406cc08f425ce1b1a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/pmjs/Picture/wx.png HTTP/1.1
Host: www.winflytech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.winflytech.com/
Cookie: pll_language=de
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 20:50:21 GMT
content-type: image/png
content-length: 135128
last-modified: Mon, 15 Aug 2022 08:39:46 GMT
etag: "62fa0652-20fd8"
expires: Sat, 18 May 2024 20:50:21 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

www.winflytech.com/

101.32.246.165

200 OK

12 kB

URL User Request GET HTTP/2
www.winflytech.com/
IP
101.32.246.165:443
ASN
#132203 Tencent Building, Kejizhongyi Avenue

Certificate
IssuerLet's Encrypt
Subjectwww.winflytech.com
FingerprintD7:7B:4D:00:D1:85:03:37:CE:DD:F7:C3:A0:26:3E:B4:B9:C1:95:4E
ValidityFri, 08 Mar 2024 15:10:18 GMT - Thu, 06 Jun 2024 15:10:17 GMT

File type

Size
12 kB (12210 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: www.winflytech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 20:50:18 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: pll_language=de; expires=Fri, 18-Apr-2025 20:50:18 GMT; Max-Age=31536000; path=/; secure; SameSite=Lax
link: <https://www.winflytech.com/wp-json/>; rel="https://api.w.org/"
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

www.winflytech.com/wp-content/themes/pmjs/Css/responsive.css

101.32.246.165

200 OK

16 kB

URL GET HTTP/2
www.winflytech.com/wp-content/themes/pmjs/Css/responsive.css
IP
101.32.246.165:443
ASN
#132203 Tencent Building, Kejizhongyi Avenue

Requested by
https://www.winflytech.com/
Certificate
IssuerLet's Encrypt
Subjectwww.winflytech.com
FingerprintD7:7B:4D:00:D1:85:03:37:CE:DD:F7:C3:A0:26:3E:B4:B9:C1:95:4E
ValidityFri, 08 Mar 2024 15:10:18 GMT - Thu, 06 Jun 2024 15:10:17 GMT

File type

Size
16 kB (16525 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/pmjs/Css/responsive.css HTTP/1.1
Host: www.winflytech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.winflytech.com/
Cookie: pll_language=de
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 20:50:21 GMT
content-type: text/css
last-modified: Mon, 15 Aug 2022 08:39:15 GMT
vary: Accept-Encoding
etag: W/"62fa0633-408d"
expires: Fri, 19 Apr 2024 08:50:21 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

www.winflytech.com/wp-content/themes/pmjs/Css/swiper.min.css

101.32.246.165

200 OK

18 kB

URL GET HTTP/2
www.winflytech.com/wp-content/themes/pmjs/Css/swiper.min.css
IP
101.32.246.165:443
ASN
#132203 Tencent Building, Kejizhongyi Avenue

Requested by
https://www.winflytech.com/
Certificate
IssuerLet's Encrypt
Subjectwww.winflytech.com
FingerprintD7:7B:4D:00:D1:85:03:37:CE:DD:F7:C3:A0:26:3E:B4:B9:C1:95:4E
ValidityFri, 08 Mar 2024 15:10:18 GMT - Thu, 06 Jun 2024 15:10:17 GMT

File type

Size
18 kB (17762 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/pmjs/Css/swiper.min.css HTTP/1.1
Host: www.winflytech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.winflytech.com/
Cookie: pll_language=de
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 20:50:21 GMT
content-type: text/css
last-modified: Mon, 15 Aug 2022 08:39:15 GMT
vary: Accept-Encoding
etag: W/"62fa0633-4562"
expires: Fri, 19 Apr 2024 08:50:21 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

www.winflytech.com/wp-content/themes/pmjs/Scripts/wow.min.js

101.32.246.165

200 OK

7.1 kB

URL GET HTTP/2
www.winflytech.com/wp-content/themes/pmjs/Scripts/wow.min.js
IP
101.32.246.165:443
ASN
#132203 Tencent Building, Kejizhongyi Avenue

Requested by
https://www.winflytech.com/
Certificate
IssuerLet's Encrypt
Subjectwww.winflytech.com
FingerprintD7:7B:4D:00:D1:85:03:37:CE:DD:F7:C3:A0:26:3E:B4:B9:C1:95:4E
ValidityFri, 08 Mar 2024 15:10:18 GMT - Thu, 06 Jun 2024 15:10:17 GMT

File type
JavaScript source, ASCII text, with very long lines (7143), with no line terminators
Size
7.1 kB (7057 bytes)
Hash
96e14f6860402f721008d73e300c8355
94dc5edef13b46cf944b1a403d63275f3e15c0e0
db6f1ca31f355000b07144bf621f2381d7befba024acb9a2a7a58597c9e62b15

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/pmjs/Scripts/wow.min.js HTTP/1.1
Host: www.winflytech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.winflytech.com/
Cookie: pll_language=de
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 20:50:21 GMT
content-type: application/javascript
last-modified: Mon, 15 Aug 2022 08:39:48 GMT
vary: Accept-Encoding
etag: W/"62fa0654-1b91"
expires: Fri, 19 Apr 2024 08:50:21 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

www.winflytech.com/wp-content/themes/pmjs/Scripts/jquery.min.js

101.32.246.165

200 OK

93 kB

URL GET HTTP/2
www.winflytech.com/wp-content/themes/pmjs/Scripts/jquery.min.js
IP
101.32.246.165:443
ASN
#132203 Tencent Building, Kejizhongyi Avenue

Requested by
https://www.winflytech.com/
Certificate
IssuerLet's Encrypt
Subjectwww.winflytech.com
FingerprintD7:7B:4D:00:D1:85:03:37:CE:DD:F7:C3:A0:26:3E:B4:B9:C1:95:4E
ValidityFri, 08 Mar 2024 15:10:18 GMT - Thu, 06 Jun 2024 15:10:17 GMT

File type
JavaScript source, ASCII text, with very long lines (32089)
Size
93 kB (92629 bytes)
Hash
397754ba49e9e0cf4e7c190da78dda05
ae49e56999d82802727455f0ba83b63acd90a22b
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/pmjs/Scripts/jquery.min.js HTTP/1.1
Host: www.winflytech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.winflytech.com/
Cookie: pll_language=de
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 20:50:21 GMT
content-type: application/javascript
last-modified: Mon, 15 Aug 2022 08:39:48 GMT
vary: Accept-Encoding
etag: W/"62fa0654-169d5"
expires: Fri, 19 Apr 2024 08:50:21 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

www.winflytech.com/wp-content/themes/pmjs/Images/banner1.jpg

0.0.0.0

0 B

URL GET
www.winflytech.com/wp-content/themes/pmjs/Images/banner1.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://www.winflytech.com/
Certificate
IssuerLet's Encrypt
Subjectwww.winflytech.com
FingerprintD7:7B:4D:00:D1:85:03:37:CE:DD:F7:C3:A0:26:3E:B4:B9:C1:95:4E
ValidityFri, 08 Mar 2024 15:10:18 GMT - Thu, 06 Jun 2024 15:10:17 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/pmjs/Images/banner1.jpg HTTP/1.1
Host: www.winflytech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.winflytech.com/
Cookie: pll_language=de
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 20:50:21 GMT
content-type: image/jpeg
content-length: 498289
last-modified: Mon, 22 Aug 2022 02:19:50 GMT
etag: "6302e7c6-79a71"
expires: Sat, 18 May 2024 20:50:21 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

www.winflytech.com/wp-content/themes/pmjs/Scripts/swiper.min.js

101.32.246.165

200 OK

96 kB

URL GET HTTP/2
www.winflytech.com/wp-content/themes/pmjs/Scripts/swiper.min.js
IP
101.32.246.165:443
ASN
#132203 Tencent Building, Kejizhongyi Avenue

Requested by
https://www.winflytech.com/
Certificate
IssuerLet's Encrypt
Subjectwww.winflytech.com
FingerprintD7:7B:4D:00:D1:85:03:37:CE:DD:F7:C3:A0:26:3E:B4:B9:C1:95:4E
ValidityFri, 08 Mar 2024 15:10:18 GMT - Thu, 06 Jun 2024 15:10:17 GMT

File type
JavaScript source, ASCII text, with very long lines (31999)
Size
96 kB (96419 bytes)
Hash
fb13ef3e875ca3497ede35d3774be9d3
ab0743a89d522438c17ae7eaf5943fd4590ee3d0
4a10219bee747aadeeda78f166d787adf32583f361f88d44b472f6f3da798083

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/pmjs/Scripts/swiper.min.js HTTP/1.1
Host: www.winflytech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.winflytech.com/
Cookie: pll_language=de
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 20:50:21 GMT
content-type: application/javascript
last-modified: Mon, 15 Aug 2022 08:39:48 GMT
vary: Accept-Encoding
etag: W/"62fa0654-178a3"
expires: Fri, 19 Apr 2024 08:50:21 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

www.winflytech.com/wp-content/themes/pmjs/Scripts/index.js

101.32.246.165

200 OK

6.9 kB

URL GET HTTP/2
www.winflytech.com/wp-content/themes/pmjs/Scripts/index.js
IP
101.32.246.165:443
ASN
#132203 Tencent Building, Kejizhongyi Avenue

Requested by
https://www.winflytech.com/
Certificate
IssuerLet's Encrypt
Subjectwww.winflytech.com
FingerprintD7:7B:4D:00:D1:85:03:37:CE:DD:F7:C3:A0:26:3E:B4:B9:C1:95:4E
ValidityFri, 08 Mar 2024 15:10:18 GMT - Thu, 06 Jun 2024 15:10:17 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (7150), with no line terminators
Size
6.9 kB (6859 bytes)
Hash
dafc3d57bfd3a4550303ab8c1d79a412
a19579691ab84e91be7543210800bc8be8c424a6
f8564068739f14b35737ea2717c6baae362d0f5341d5e5c99e59d4abd6d8b8ce

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/pmjs/Scripts/index.js HTTP/1.1
Host: www.winflytech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.winflytech.com/
Cookie: pll_language=de
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 20:50:21 GMT
content-type: application/javascript
last-modified: Mon, 15 Aug 2022 08:39:47 GMT
vary: Accept-Encoding
etag: W/"62fa0653-1acb"
expires: Fri, 19 Apr 2024 08:50:21 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

www.winflytech.com/wp-content/themes/pmjs/Images/banner5.jpg

0.0.0.0

0 B

URL GET
www.winflytech.com/wp-content/themes/pmjs/Images/banner5.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://www.winflytech.com/
Certificate
IssuerLet's Encrypt
Subjectwww.winflytech.com
FingerprintD7:7B:4D:00:D1:85:03:37:CE:DD:F7:C3:A0:26:3E:B4:B9:C1:95:4E
ValidityFri, 08 Mar 2024 15:10:18 GMT - Thu, 06 Jun 2024 15:10:17 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/pmjs/Images/banner5.jpg HTTP/1.1
Host: www.winflytech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.winflytech.com/
Cookie: pll_language=de
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 20:50:21 GMT
content-type: image/jpeg
content-length: 394503
last-modified: Mon, 22 Aug 2022 02:06:17 GMT
etag: "6302e499-60507"
expires: Sat, 18 May 2024 20:50:21 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

www.winflytech.com/wp-content/themes/pmjs/Images/hys.png

0.0.0.0

0 B

URL GET
www.winflytech.com/wp-content/themes/pmjs/Images/hys.png
IP
0.0.0.0:0
ASN
#0

Requested by
https://www.winflytech.com/
Certificate
IssuerLet's Encrypt
Subjectwww.winflytech.com
FingerprintD7:7B:4D:00:D1:85:03:37:CE:DD:F7:C3:A0:26:3E:B4:B9:C1:95:4E
ValidityFri, 08 Mar 2024 15:10:18 GMT - Thu, 06 Jun 2024 15:10:17 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/pmjs/Images/hys.png HTTP/1.1
Host: www.winflytech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.winflytech.com/
Cookie: pll_language=de
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 20:50:21 GMT
content-type: image/png
content-length: 288563
last-modified: Mon, 15 Aug 2022 08:39:24 GMT
etag: "62fa063c-46733"
expires: Sat, 18 May 2024 20:50:21 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

www.winflytech.com/wp-content/themes/pmjs/Images/bgq.jpg

0.0.0.0

0 B

URL GET
www.winflytech.com/wp-content/themes/pmjs/Images/bgq.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://www.winflytech.com/
Certificate
IssuerLet's Encrypt
Subjectwww.winflytech.com
FingerprintD7:7B:4D:00:D1:85:03:37:CE:DD:F7:C3:A0:26:3E:B4:B9:C1:95:4E
ValidityFri, 08 Mar 2024 15:10:18 GMT - Thu, 06 Jun 2024 15:10:17 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/pmjs/Images/bgq.jpg HTTP/1.1
Host: www.winflytech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.winflytech.com/
Cookie: pll_language=de
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 20:50:21 GMT
content-type: image/jpeg
content-length: 380729
last-modified: Mon, 15 Aug 2022 08:39:22 GMT
etag: "62fa063a-5cf39"
expires: Sat, 18 May 2024 20:50:21 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

www.winflytech.com/wp-content/themes/pmjs/Css/common.css

101.32.246.165

200 OK

5.7 kB

URL GET HTTP/2
www.winflytech.com/wp-content/themes/pmjs/Css/common.css
IP
101.32.246.165:443
ASN
#132203 Tencent Building, Kejizhongyi Avenue

Requested by
https://www.winflytech.com/
Certificate
IssuerLet's Encrypt
Subjectwww.winflytech.com
FingerprintD7:7B:4D:00:D1:85:03:37:CE:DD:F7:C3:A0:26:3E:B4:B9:C1:95:4E
ValidityFri, 08 Mar 2024 15:10:18 GMT - Thu, 06 Jun 2024 15:10:17 GMT

File type
Unicode text, UTF-8 text, with very long lines (5715), with no line terminators
Size
5.7 kB (5747 bytes)
Hash
45d0ea451ec21170de1fe5255d145843
00aa9dcfcda5b849d4b704947738ae489fb3ae56
43901c664a2dc5a5fada886d69cc8540d844bd176dba8ce43c43c612247c0c5e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/pmjs/Css/common.css HTTP/1.1
Host: www.winflytech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.winflytech.com/
Cookie: pll_language=de
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 20:50:21 GMT
content-type: text/css
last-modified: Mon, 15 Aug 2022 08:39:15 GMT
vary: Accept-Encoding
etag: W/"62fa0633-1673"
expires: Fri, 19 Apr 2024 08:50:21 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

www.winflytech.com/wp-content/themes/pmjs/Images/banner2.jpg

0.0.0.0

0 B

URL GET
www.winflytech.com/wp-content/themes/pmjs/Images/banner2.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://www.winflytech.com/
Certificate
IssuerLet's Encrypt
Subjectwww.winflytech.com
FingerprintD7:7B:4D:00:D1:85:03:37:CE:DD:F7:C3:A0:26:3E:B4:B9:C1:95:4E
ValidityFri, 08 Mar 2024 15:10:18 GMT - Thu, 06 Jun 2024 15:10:17 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/pmjs/Images/banner2.jpg HTTP/1.1
Host: www.winflytech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.winflytech.com/
Cookie: pll_language=de
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 20:50:21 GMT
content-type: image/jpeg
content-length: 551940
last-modified: Mon, 15 Aug 2022 08:39:21 GMT
etag: "62fa0639-86c04"
expires: Sat, 18 May 2024 20:50:21 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

kf.ecqun.com/index/index/init?CorpID=16875309&corpid=16875309&referUrl=&visitUrl=https%3A%2F%2Fwww.winflytech.com%2F&title=Shenzhen%20Winfly%20New%20&type=0&cskey=dWPAY1p1xxaZNe4inv&scheme=0&storage=&callback=getJSON_17134734342800_9417689568650941

0.0.0.0

0 B

URL GET
kf.ecqun.com/index/index/init?CorpID=16875309&corpid=16875309&referUrl=&visitUrl=https%3A%2F%2Fwww.winflytech.com%2F&title=Shenzhen%20Winfly%20New%20&type=0&cskey=dWPAY1p1xxaZNe4inv&scheme=0&storage=&callback=getJSON_17134734342800_9417689568650941
IP
0.0.0.0:0
ASN
#0

Requested by
https://www.winflytech.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /index/index/init?CorpID=16875309&corpid=16875309&referUrl=&visitUrl=https%3A%2F%2Fwww.winflytech.com%2F&title=Shenzhen%20Winfly%20New%20&type=0&cskey=dWPAY1p1xxaZNe4inv&scheme=0&storage=&callback=getJSON_17134734342800_9417689568650941 HTTP/1.1
Host: kf.ecqun.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.winflytech.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

www.winflytech.com/wp-content/themes/pmjs/Css/animate.css

101.32.246.165

200 OK

73 kB

URL GET HTTP/2
www.winflytech.com/wp-content/themes/pmjs/Css/animate.css
IP
101.32.246.165:443
ASN
#132203 Tencent Building, Kejizhongyi Avenue

Requested by
https://www.winflytech.com/
Certificate
IssuerLet's Encrypt
Subjectwww.winflytech.com
FingerprintD7:7B:4D:00:D1:85:03:37:CE:DD:F7:C3:A0:26:3E:B4:B9:C1:95:4E
ValidityFri, 08 Mar 2024 15:10:18 GMT - Thu, 06 Jun 2024 15:10:17 GMT

File type

Size
73 kB (72556 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/pmjs/Css/animate.css HTTP/1.1
Host: www.winflytech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.winflytech.com/
Cookie: pll_language=de
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 20:50:21 GMT
content-type: text/css
last-modified: Mon, 15 Aug 2022 08:39:14 GMT
vary: Accept-Encoding
etag: W/"62fa0632-11b6c"
expires: Fri, 19 Apr 2024 08:50:21 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

www.winflytech.com/wp-content/themes/pmjs/Css/style.css

101.32.246.165

200 OK

44 kB

URL GET HTTP/2
www.winflytech.com/wp-content/themes/pmjs/Css/style.css
IP
101.32.246.165:443
ASN
#132203 Tencent Building, Kejizhongyi Avenue

Requested by
https://www.winflytech.com/
Certificate
IssuerLet's Encrypt
Subjectwww.winflytech.com
FingerprintD7:7B:4D:00:D1:85:03:37:CE:DD:F7:C3:A0:26:3E:B4:B9:C1:95:4E
ValidityFri, 08 Mar 2024 15:10:18 GMT - Thu, 06 Jun 2024 15:10:17 GMT

File type

Size
44 kB (44271 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/pmjs/Css/style.css HTTP/1.1
Host: www.winflytech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.winflytech.com/
Cookie: pll_language=de
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 20:50:21 GMT
content-type: text/css
last-modified: Fri, 19 Aug 2022 07:09:40 GMT
vary: Accept-Encoding
etag: W/"62ff3734-acef"
expires: Fri, 19 Apr 2024 08:50:21 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

www.winflytech.com/wp-content/themes/pmjs/Images/banner3.jpg

0.0.0.0

0 B

URL GET
www.winflytech.com/wp-content/themes/pmjs/Images/banner3.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://www.winflytech.com/
Certificate
IssuerLet's Encrypt
Subjectwww.winflytech.com
FingerprintD7:7B:4D:00:D1:85:03:37:CE:DD:F7:C3:A0:26:3E:B4:B9:C1:95:4E
ValidityFri, 08 Mar 2024 15:10:18 GMT - Thu, 06 Jun 2024 15:10:17 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/pmjs/Images/banner3.jpg HTTP/1.1
Host: www.winflytech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.winflytech.com/
Cookie: pll_language=de
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 20:50:21 GMT
content-type: image/jpeg
content-length: 472675
last-modified: Mon, 22 Aug 2022 08:05:04 GMT
etag: "630338b0-73663"
expires: Sat, 18 May 2024 20:50:21 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

www.winflytech.com/wp-content/themes/pmjs/Scripts/selectivizr.js

101.32.246.165

200 OK

4.5 kB

URL GET HTTP/2
www.winflytech.com/wp-content/themes/pmjs/Scripts/selectivizr.js
IP
101.32.246.165:443
ASN
#132203 Tencent Building, Kejizhongyi Avenue

Requested by
https://www.winflytech.com/
Certificate
IssuerLet's Encrypt
Subjectwww.winflytech.com
FingerprintD7:7B:4D:00:D1:85:03:37:CE:DD:F7:C3:A0:26:3E:B4:B9:C1:95:4E
ValidityFri, 08 Mar 2024 15:10:18 GMT - Thu, 06 Jun 2024 15:10:17 GMT

File type
JavaScript source, ASCII text, with very long lines (4679), with no line terminators
Size
4.5 kB (4495 bytes)
Hash
a4fe7d59fce4ab1cc21a29a75d06c635
bc0c43054dbfb3da3c477bb0f0c4bfa4008e40c0
8b97590612a819e3ee5550ee8a1771d84de0417e3d5054c1ec8e6958d3f1921a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/pmjs/Scripts/selectivizr.js HTTP/1.1
Host: www.winflytech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.winflytech.com/
Cookie: pll_language=de
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 20:50:21 GMT
content-type: application/javascript
last-modified: Mon, 15 Aug 2022 08:39:48 GMT
vary: Accept-Encoding
etag: W/"62fa0654-118f"
expires: Fri, 19 Apr 2024 08:50:21 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (7)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (37)

URL User Request GET HTTP/2

IP

ASN

Certificate