Report - 0419hl.com/jd/zs/7361.html

Report Overview

Submitted URL
0419hl.com/jd/zs/7361.html
IP
67.21.93.232
ASN
#46844 SHARKTECH
Submitted
2024-04-18 12:25:10
Access
public
Website Title
www.0419hl.com-官网首页
Final URL
0419hl.com/jd/zs/7361.html
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
libs.baidu.com	103017	1999-10-11	2013-04-23	2024-04-14	324 B	82 kB	39.156.66.111
www.4.cn	unknown	2003-03-17	2013-04-23	2024-04-18	3.4 kB	144 kB	69.234.239.50
ia.51.la	59607	2005-01-17	2017-10-31	2024-04-18	1.2 kB	302 B	203.107.86.226
0419hl.com	unknown	2014-01-07	2016-07-21	2024-04-18	887 B	2.7 kB	67.21.93.232
js.users.51.la	53024	2005-01-17	2012-05-30	2024-04-18	312 B	5.8 kB	47.246.44.239

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-18	medium	0419hl.com	Sinkholed
2024-04-18	medium	0419hl.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (4)

	URL	Size	First Seen	Last Seen
	libs.baidu.com/jquery/1.9.0/jquery.js	277 kB	2023-03-07	2024-05-01
Pretty URL libs.baidu.com/jquery/1.9.0/jquery.js IP 39.156.66.111 ASN #9808 China Mobile Communications Group Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:06:55 Last Seen2024-05-01 08:37:29 Times Seen501 Hash 5543952568a64f79db992b6ece4af18d aa6ccf721c4e76921abda46c120772d364e5b285 5d513c05fa221491a386ebed47744f266dc278703b45389167cb010bb8681d03 Loading...

	0419hl.com/jd/zs/7361.html	255 B	2023-04-05	2024-05-01
Pretty URL 0419hl.com/jd/zs/7361.html IP 67.21.93.232 ASN #46844 SHARKTECH Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-05 03:17:32 Last Seen2024-05-01 08:37:28 Times Seen190 Hash 4bb4d8f2af105561d3ddc397cbf0e48a f63b4523c81cfc18d86b6b8e3ba9902ee7bc6e85 169edbd82fc46c727778ea1d60f421b1ebbbce1cf7d8355b43a6f5a380e26f86 Loading...

	js.users.51.la/2882802.js	5.2 kB	2023-05-11	2024-05-01
Pretty URL js.users.51.la/2882802.js IP 47.246.44.239 ASN #24429 Zhejiang Taobao Network Co.,Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-11 13:45:50 Last Seen2024-05-01 08:37:28 Times Seen224 Hash fadce00b428c7f56ec167e5c0847f3a9 50fe0e7fbccd321aa177ad48a679e0e6c5b6cbfa 164d0fade9f41971660c6633de87962ad5e703de304ed490a8e145f147a390d6 Loading...

		Size	First Seen	Last Seen
	#1 Write - 566f72c76b1baa243efbb2f566ab48e1	257 B	2023-03-07	2024-05-01
Pretty Observations First Seen2023-03-07 12:11:06 Last Seen2024-05-01 08:37:28 Times Seen162 Hash 566f72c76b1baa243efbb2f566ab48e1 35d1f8938cddd4273b2f4bcbaacc127a818610ce 37a2f4d070dc06736311f306af75e1200b7f6dd5e9c3792ce7874462bb2fc042 Loading...

HTTP Transactions (13)

URL IP Response Size

0419hl.com/jd/zs/7361.html

67.21.93.232

200 OK

2.2 kB

URL User Request GET HTTP/1.1
0419hl.com/jd/zs/7361.html
IP
67.21.93.232:80
ASN
#46844 SHARKTECH

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (544), with CRLF line terminators
Size
2.2 kB (2192 bytes)
Hash
d686abeaad4f655270c15ff0a2a3e6c4
7ec20d4ba9a4f48ffffe226cdfe80d3ade044d0e
e3b2379af4852ef96cc1001a1edf8cb1aaee0deec1b54af5e855cb2ac4cc0da7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /jd/zs/7361.html HTTP/1.1
Host: 0419hl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 18 Apr 2024 12:24:48 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
X-Powered-By: PHP/7.3.33
Content-Encoding: gzip

js.users.51.la/2882802.js

47.246.44.239

200 OK

5.2 kB

URL GET HTTP/1.1
js.users.51.la/2882802.js
IP
47.246.44.239:80
ASN
#24429 Zhejiang Taobao Network Co.,Ltd

Requested by
http://0419hl.com/jd/zs/7361.html

File type
JavaScript source, ASCII text, with very long lines (5205), with no line terminators
Size
5.2 kB (5205 bytes)
Hash
fadce00b428c7f56ec167e5c0847f3a9
50fe0e7fbccd321aa177ad48a679e0e6c5b6cbfa
164d0fade9f41971660c6633de87962ad5e703de304ed490a8e145f147a390d6

HTTP Headers

GET /2882802.js HTTP/1.1
Host: js.users.51.la
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://0419hl.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Thu, 18 Apr 2024 12:24:48 GMT
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Origin: *
Cache-Control: no-store
Access-Control-Allow-Credentials: true
Ali-Swift-Global-Savetime: 1713443088
Via: cache6.l2fr1[386,385,200-0,M], cache2.l2fr1[387,0], ens-cache8.se2[429,428,200-0,M], ens-cache18.se2[430,0]
X-Cache: MISS TCP_MISS dirn:-2:-2
X-Swift-SaveTime: Thu, 18 Apr 2024 12:24:48 GMT
X-Swift-CacheTime: 0
Timing-Allow-Origin: *
EagleId: 2ff62ca617134430884037224e

libs.baidu.com/jquery/1.9.0/jquery.js

39.156.66.111

200 OK

82 kB

URL GET HTTP/1.1
libs.baidu.com/jquery/1.9.0/jquery.js
IP
39.156.66.111:80
ASN
#9808 China Mobile Communications Group Co., Ltd.

Requested by
http://0419hl.com/jd/zs/7361.html

File type
JavaScript source, ASCII text, with CRLF line terminators
Size
82 kB (81543 bytes)
Hash
5543952568a64f79db992b6ece4af18d
aa6ccf721c4e76921abda46c120772d364e5b285
5d513c05fa221491a386ebed47744f266dc278703b45389167cb010bb8681d03

HTTP Headers

GET /jquery/1.9.0/jquery.js HTTP/1.1
Host: libs.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://0419hl.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: max-age=2592000
Connection: keep-alive
Content-Encoding: gzip
Content-Type: application/x-javascript
Date: Thu, 18 Apr 2024 12:24:49 GMT
Expires: Sat, 18 May 2024 12:24:49 GMT
Last-Modified: Wed, 07 Jan 2015 09:16:30 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Server: Apache
Set-Cookie: BAIDUID=8E5A2E843CC10EBD8E0F5B1EEF079098:FG=1; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2145916555; path=/; domain=.baidu.com; version=1
Vary: Accept-Encoding
Transfer-Encoding: chunked

www.4.cn/template/images/a-pic.jpg

69.234.239.50

200 OK

169 B

URL GET HTTP/2
www.4.cn/template/images/a-pic.jpg
IP
69.234.239.50:443
ASN
#135629 Ningxia West Cloud Data Technology Co.Ltd.

Requested by
http://0419hl.com/jd/zs/7361.html
Certificate
IssuerLet's Encrypt
Subject4.cn
FingerprintFE:07:1A:88:4C:C8:CE:F2:E5:49:A2:68:D5:69:5A:2C:79:65:4C:E1
ValidityMon, 19 Feb 2024 02:03:15 GMT - Sun, 19 May 2024 02:03:14 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
169 B (169 bytes)
Hash
bd6987d71fad7058a993a9028dc40454
3ed872fa3a00837bb008ad9d201850e2ea57a79f
f0e759f444eb3a324b621f0548919424455e81441d42ea6bc6bcd2b24fce1b92

HTTP Headers

GET /template/images/a-pic.jpg HTTP/1.1
Host: www.4.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://0419hl.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: nginx/1.16.1
Date: Thu, 18 Apr 2024 12:24:51 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Location: https://www.4.cn/template/images/a-pic.jpg

www.4.cn/img/style.css

69.234.239.50

200 OK

15 kB

URL GET HTTP/2
www.4.cn/img/style.css
IP
69.234.239.50:443
ASN
#135629 Ningxia West Cloud Data Technology Co.Ltd.

Requested by
http://0419hl.com/jd/zs/7361.html
Certificate
IssuerLet's Encrypt
Subject4.cn
FingerprintFE:07:1A:88:4C:C8:CE:F2:E5:49:A2:68:D5:69:5A:2C:79:65:4C:E1
ValidityMon, 19 Feb 2024 02:03:15 GMT - Sun, 19 May 2024 02:03:14 GMT

File type
gzip compressed data, from Unix
Size
15 kB (15245 bytes)
Hash
f2b5c7babd7baf685493ef8b2c0a6c2d
0d3ac3eecc48b29b837dd02e9ce05a71b11105ef
bcdcdd9172aae382bc949b3cd33e217120d42d32e68341d7b7e2eda73b9ac7a9

HTTP Headers

GET /img/style.css HTTP/1.1
Host: www.4.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://0419hl.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.16.1
date: Thu, 18 Apr 2024 12:24:49 GMT
content-type: text/css
last-modified: Thu, 15 Aug 2019 08:40:51 GMT
vary: Accept-Encoding
etag: W/"5d551a93-cfbc"
expires: Fri, 19 Apr 2024 12:24:49 GMT
cache-control: max-age=86400
content-encoding: gzip
X-Firefox-Spdy: h2

www.4.cn/template/images/a-banner.jpg

69.234.239.50

200 OK

54 kB

URL GET HTTP/2
www.4.cn/template/images/a-banner.jpg
IP
69.234.239.50:443
ASN
#135629 Ningxia West Cloud Data Technology Co.Ltd.

Requested by
http://0419hl.com/jd/zs/7361.html
Certificate
IssuerLet's Encrypt
Subject4.cn
FingerprintFE:07:1A:88:4C:C8:CE:F2:E5:49:A2:68:D5:69:5A:2C:79:65:4C:E1
ValidityMon, 19 Feb 2024 02:03:15 GMT - Sun, 19 May 2024 02:03:14 GMT

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 960x265, components 3
Size
54 kB (53811 bytes)
Hash
59ff722889cd28079bc037248367fd24
5db3e09e95d47d5fbd7163dc931b0226714c4583
2c0466823de77ea3dc1774b34665c23040cdffaeb2033c9337cca0cc854b6429

HTTP Headers

GET /template/images/a-banner.jpg HTTP/1.1
Host: www.4.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.4.cn/template/stencil.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.16.1
date: Thu, 18 Apr 2024 12:24:51 GMT
content-type: image/jpeg
content-length: 53811
last-modified: Thu, 15 Aug 2019 08:40:47 GMT
etag: "5d551a8f-d233"
expires: Fri, 19 Apr 2024 12:24:51 GMT
cache-control: max-age=86400
accept-ranges: bytes
X-Firefox-Spdy: h2

www.4.cn/template/images/icon.png

69.234.239.50

200 OK

9.7 kB

URL GET HTTP/2
www.4.cn/template/images/icon.png
IP
69.234.239.50:443
ASN
#135629 Ningxia West Cloud Data Technology Co.Ltd.

Requested by
http://0419hl.com/jd/zs/7361.html
Certificate
IssuerLet's Encrypt
Subject4.cn
FingerprintFE:07:1A:88:4C:C8:CE:F2:E5:49:A2:68:D5:69:5A:2C:79:65:4C:E1
ValidityMon, 19 Feb 2024 02:03:15 GMT - Sun, 19 May 2024 02:03:14 GMT

File type
PNG image data, 400 x 800, 8-bit/color RGBA, non-interlaced
Size
9.7 kB (9699 bytes)
Hash
9b4af9803579d99a06c4ed48d3e07c49
de4c9b346c7ef69dffa3d32a13af00f116998dc2
4a70f4bbc38b6a1c6de04520b689e88058e3a62107953af8e210bfd110bee5c9

HTTP Headers

GET /template/images/icon.png HTTP/1.1
Host: www.4.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.4.cn/template/stencil.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.16.1
date: Thu, 18 Apr 2024 12:24:51 GMT
content-type: image/png
content-length: 9699
last-modified: Thu, 15 Aug 2019 08:40:47 GMT
etag: "5d551a8f-25e3"
expires: Fri, 19 Apr 2024 12:24:51 GMT
cache-control: max-age=86400
accept-ranges: bytes
X-Firefox-Spdy: h2

www.4.cn/template/images/a-content-bg.jpg

69.234.239.50

200 OK

410 B

URL GET HTTP/2
www.4.cn/template/images/a-content-bg.jpg
IP
69.234.239.50:443
ASN
#135629 Ningxia West Cloud Data Technology Co.Ltd.

Requested by
http://0419hl.com/jd/zs/7361.html
Certificate
IssuerLet's Encrypt
Subject4.cn
FingerprintFE:07:1A:88:4C:C8:CE:F2:E5:49:A2:68:D5:69:5A:2C:79:65:4C:E1
ValidityMon, 19 Feb 2024 02:03:15 GMT - Sun, 19 May 2024 02:03:14 GMT

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x299, components 3
Size
410 B (410 bytes)
Hash
b7a7743fabeb4425df77f384f49d151f
97e0eb70feaa0c85b99da3ce430de08927db2932
ac74bdee581d6773ad60ef75804a472670d7f46a975139452b82f43978be3b2d

HTTP Headers

GET /template/images/a-content-bg.jpg HTTP/1.1
Host: www.4.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.4.cn/template/stencil.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.16.1
date: Thu, 18 Apr 2024 12:24:51 GMT
content-type: image/jpeg
content-length: 410
last-modified: Thu, 15 Aug 2019 08:40:47 GMT
etag: "5d551a8f-19a"
expires: Fri, 19 Apr 2024 12:24:51 GMT
cache-control: max-age=86400
accept-ranges: bytes
X-Firefox-Spdy: h2

ia.51.la/go1?id=2882802&rt=1713443091322&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=%25E7%2599%25BE%25E5%25BA%25A6%25E7%2586%258A%25E6%258E%258C%25E6%2594%25B6%25E5%25BD%2595-%25E5%258D%258E%25E6%2597%2585%25E8%25B4%25A2%25E7%25BB%258F%25E7%25BD%2591-20-22%25E5%25B9%25B4%25E8%25AE%25B0%25E5%25BD%2595-%25E5%258E%2586%25E5%258F%25B2%25E7%2599%25BE%25E5%25BA%25A6%25E6%259D%2583%25E9%2587%258D3&ing=1&ekc=&sid=1713443091322&tt=www.0419hl.com-%25E5%25AE%2598%25E7%25BD%2591%25E9%25A6%2596%25E9%25A1%25B5&kw=%25E7%2599%25BE%25E5%25BA%25A6%25E7%2586%258A%25E6%258E%258C%25E6%2594%25B6%25E5%25BD%2595-%25E5%258D%258E%25E6%2597%2585%25E8%25B4%25A2%25E7%25BB%258F%25E7%25BD%2591-20-22%25E5%25B9%25B4%25E8%25AE%25B0%25E5%25BD%2595-%25E5%258E%2586%25E5%258F%25B2%25E7%2599%25BE%25E5%25BA%25A6%25E6%259D%2583%25E9%2587%258D3&cu=http%253A%252F%252F0419hl.com%252Fjd%252Fzs%252F7361.html&pu=

203.107.86.226

200

0 B

URL GET HTTP/1.1
ia.51.la/go1?id=2882802&rt=1713443091322&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=%25E7%2599%25BE%25E5%25BA%25A6%25E7%2586%258A%25E6%258E%258C%25E6%2594%25B6%25E5%25BD%2595-%25E5%258D%258E%25E6%2597%2585%25E8%25B4%25A2%25E7%25BB%258F%25E7%25BD%2591-20-22%25E5%25B9%25B4%25E8%25AE%25B0%25E5%25BD%2595-%25E5%258E%2586%25E5%258F%25B2%25E7%2599%25BE%25E5%25BA%25A6%25E6%259D%2583%25E9%2587%258D3&ing=1&ekc=&sid=1713443091322&tt=www.0419hl.com-%25E5%25AE%2598%25E7%25BD%2591%25E9%25A6%2596%25E9%25A1%25B5&kw=%25E7%2599%25BE%25E5%25BA%25A6%25E7%2586%258A%25E6%258E%258C%25E6%2594%25B6%25E5%25BD%2595-%25E5%258D%258E%25E6%2597%2585%25E8%25B4%25A2%25E7%25BB%258F%25E7%25BD%2591-20-22%25E5%25B9%25B4%25E8%25AE%25B0%25E5%25BD%2595-%25E5%258E%2586%25E5%258F%25B2%25E7%2599%25BE%25E5%25BA%25A6%25E6%259D%2583%25E9%2587%258D3&cu=http%253A%252F%252F0419hl.com%252Fjd%252Fzs%252F7361.html&pu=
IP
203.107.86.226:80
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
http://0419hl.com/jd/zs/7361.html

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /go1?id=2882802&rt=1713443091322&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=%25E7%2599%25BE%25E5%25BA%25A6%25E7%2586%258A%25E6%258E%258C%25E6%2594%25B6%25E5%25BD%2595-%25E5%258D%258E%25E6%2597%2585%25E8%25B4%25A2%25E7%25BB%258F%25E7%25BD%2591-20-22%25E5%25B9%25B4%25E8%25AE%25B0%25E5%25BD%2595-%25E5%258E%2586%25E5%258F%25B2%25E7%2599%25BE%25E5%25BA%25A6%25E6%259D%2583%25E9%2587%258D3&ing=1&ekc=&sid=1713443091322&tt=www.0419hl.com-%25E5%25AE%2598%25E7%25BD%2591%25E9%25A6%2596%25E9%25A1%25B5&kw=%25E7%2599%25BE%25E5%25BA%25A6%25E7%2586%258A%25E6%258E%258C%25E6%2594%25B6%25E5%25BD%2595-%25E5%258D%258E%25E6%2597%2585%25E8%25B4%25A2%25E7%25BB%258F%25E7%25BD%2591-20-22%25E5%25B9%25B4%25E8%25AE%25B0%25E5%25BD%2595-%25E5%258E%2586%25E5%258F%25B2%25E7%2599%25BE%25E5%25BA%25A6%25E6%259D%2583%25E9%2587%258D3&cu=http%253A%252F%252F0419hl.com%252Fjd%252Fzs%252F7361.html&pu= HTTP/1.1
Host: ia.51.la
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://0419hl.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Date: Thu, 18 Apr 2024 12:24:51 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: aliyungf_tc=06f80201512dc0a42ab47561397c0850efd535351079f3e6dd7a22b0ef62e86d; Path=/; HttpOnly
acw_tc=ac11000117134430918131883edde85448dec1872c4a36c6bb800a693abef5;path=/;HttpOnly;Max-Age=1800

www.4.cn/template/images/a-pic.jpg

69.234.239.50

200 OK

44 kB

URL GET HTTP/2
www.4.cn/template/images/a-pic.jpg
IP
69.234.239.50:443
ASN
#135629 Ningxia West Cloud Data Technology Co.Ltd.

Requested by
http://0419hl.com/jd/zs/7361.html
Certificate
IssuerLet's Encrypt
Subject4.cn
FingerprintFE:07:1A:88:4C:C8:CE:F2:E5:49:A2:68:D5:69:5A:2C:79:65:4C:E1
ValidityMon, 19 Feb 2024 02:03:15 GMT - Sun, 19 May 2024 02:03:14 GMT

File type
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS4 Windows, datetime=2013:11:14 12:45:12], baseline, precision 8, 170x160, components 3
Size
44 kB (43730 bytes)
Hash
a281798942eb961057ca3b35fdbb7fb7
3a8f4fc15f3de0173311fe3ddc14496b238a7bfb
c2f767090ba92cb09b136d10df8083a3384d13948123404fcf509c5d17a0c500

HTTP Headers

GET /template/images/a-pic.jpg HTTP/1.1
Host: www.4.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://0419hl.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.16.1
date: Thu, 18 Apr 2024 12:24:51 GMT
content-type: image/jpeg
content-length: 43730
last-modified: Thu, 15 Aug 2019 08:40:47 GMT
etag: "5d551a8f-aad2"
expires: Fri, 19 Apr 2024 12:24:51 GMT
cache-control: max-age=86400
accept-ranges: bytes
X-Firefox-Spdy: h2

0419hl.com/favicon.ico

67.21.93.232

502 Bad Gateway

150 B

URL GET HTTP/1.1
0419hl.com/favicon.ico
IP
67.21.93.232:80
ASN
#46844 SHARKTECH

Requested by
http://0419hl.com/jd/zs/7361.html

File type
HTML document, ASCII text, with CRLF line terminators
Size
150 B (150 bytes)
Hash
2b027182dd680c922c2045072dad573c
56174f4e4b971b7b25f06b65f6c299d028ec3f14
61b30d408583991fd69f3dec694e154cb652471e663328ad9c8482c9021ab5db

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 0419hl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://0419hl.com/jd/zs/7361.html
Cookie: __tins__2882802=%7B%22sid%22%3A%201713443091322%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201713444891322%7D; __51cke__=; __51laig__=1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 502 Bad Gateway
Server: nginx
Date: Thu, 18 Apr 2024 12:24:55 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 150
Connection: close

www.4.cn/template/stencil.css

69.234.239.50

200 OK

18 kB

URL GET HTTP/2
www.4.cn/template/stencil.css
IP
69.234.239.50:443
ASN
#135629 Ningxia West Cloud Data Technology Co.Ltd.

Requested by
http://0419hl.com/jd/zs/7361.html
Certificate
IssuerLet's Encrypt
Subject4.cn
FingerprintFE:07:1A:88:4C:C8:CE:F2:E5:49:A2:68:D5:69:5A:2C:79:65:4C:E1
ValidityMon, 19 Feb 2024 02:03:15 GMT - Sun, 19 May 2024 02:03:14 GMT

File type

Size
18 kB (18464 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /template/stencil.css HTTP/1.1
Host: www.4.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://0419hl.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.16.1
date: Thu, 18 Apr 2024 12:24:49 GMT
content-type: text/css
last-modified: Thu, 14 Nov 2019 06:55:42 GMT
vary: Accept-Encoding
etag: W/"5dccfa6e-4820"
expires: Fri, 19 Apr 2024 12:24:49 GMT
cache-control: max-age=86400
content-encoding: gzip
X-Firefox-Spdy: h2

www.4.cn/template/images/a-header-bg.jpg

69.234.239.50

200 OK

565 B

URL GET HTTP/2
www.4.cn/template/images/a-header-bg.jpg
IP
69.234.239.50:443
ASN
#135629 Ningxia West Cloud Data Technology Co.Ltd.

Requested by
http://0419hl.com/jd/zs/7361.html
Certificate
IssuerLet's Encrypt
Subject4.cn
FingerprintFE:07:1A:88:4C:C8:CE:F2:E5:49:A2:68:D5:69:5A:2C:79:65:4C:E1
ValidityMon, 19 Feb 2024 02:03:15 GMT - Sun, 19 May 2024 02:03:14 GMT

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 2x265, components 3
Size
565 B (565 bytes)
Hash
4ede6284c84b381be8850c2fd79a850d
4380e2912d944b222f723a178b07900e7cd91ef8
869074a582028aebcedfb449d0b19ec4118ddd361319c61c118467c44c44654d

HTTP Headers

GET /template/images/a-header-bg.jpg HTTP/1.1
Host: www.4.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.4.cn/template/stencil.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.16.1
date: Thu, 18 Apr 2024 12:24:51 GMT
content-type: image/jpeg
content-length: 565
last-modified: Thu, 15 Aug 2019 08:40:47 GMT
etag: "5d551a8f-235"
expires: Fri, 19 Apr 2024 12:24:51 GMT
cache-control: max-age=86400
accept-ranges: bytes
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (13)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type