Report - h4wcz8.dfdjjvef.cc/

Report Overview

Visited public
2025-05-22 18:49:10
Tags
URL
h4wcz8.dfdjjvef.cc/
Finishing URL
h4wcz8.dfdjjvef.cc/
IP / ASN
154.207.77.29
#63888 DATAWING LIMITED
Title
51黑料-专注吃瓜看AV的黑料网 51hl.vip

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
h4wcz8.dfdjjvef.cc	unknown	unknown	No data	No data	10 kB	2.1 MB	154.207.77.29
pic.szmpe.cn	unknown	2024-06-17	2025-05-19	2025-05-19	17 kB	8.4 MB	43.152.140.79
stats.kwvprfcr.xyz	unknown	2025-05-05	2025-05-09	2025-05-19	882 B	4.2 kB	156.255.123.29
www.googletagmanager.com	75	2011-11-11	2012-10-04	2025-05-21	926 B	772 kB	142.250.74.168

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-05-22	medium	dfdjjvef.cc	Sinkholed
2025-05-22	medium	dfdjjvef.cc	Sinkholed
2025-05-22	medium	dfdjjvef.cc	Sinkholed
2025-05-22	medium	dfdjjvef.cc	Sinkholed
2025-05-22	medium	dfdjjvef.cc	Sinkholed
2025-05-22	medium	dfdjjvef.cc	Sinkholed
2025-05-22	medium	dfdjjvef.cc	Sinkholed
2025-05-22	medium	dfdjjvef.cc	Sinkholed
2025-05-22	medium	dfdjjvef.cc	Sinkholed
2025-05-22	medium	dfdjjvef.cc	Sinkholed
2025-05-22	medium	dfdjjvef.cc	Sinkholed
2025-05-22	medium	dfdjjvef.cc	Sinkholed
2025-05-22	medium	dfdjjvef.cc	Sinkholed
2025-05-22	medium	dfdjjvef.cc	Sinkholed
2025-05-22	medium	dfdjjvef.cc	Sinkholed
2025-05-22	medium	dfdjjvef.cc	Sinkholed
2025-05-22	medium	dfdjjvef.cc	Sinkholed
2025-05-22	medium	dfdjjvef.cc	Sinkholed
2025-05-22	medium	dfdjjvef.cc	Sinkholed
2025-05-22	medium	dfdjjvef.cc	Sinkholed
2025-05-22	medium	dfdjjvef.cc	Sinkholed
2025-05-22	medium	dfdjjvef.cc	Sinkholed

ThreatFox

No alerts detected

JavaScript (14)

	URL	From	Size	First Seen	Last Seen
	h4wcz8.dfdjjvef.cc/	ScriptElement	146 B	2023-03-13	2025-06-23
Pretty URL h4wcz8.dfdjjvef.cc/ IP 154.207.77.29 ASN #63888 DATAWING LIMITED Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-13 16:33 Last Seen2025-06-23 23:54 Times Seen412 Hash 75cabaa694772e45b2ee3d32608818ba 5b7147b6b284896fdfd65020075e439ae00c4b02 cdf91797af06c3d3ac64af3fbd511a25069729174cb1bf72a7fdc44fae38a20f Loading...

	h4wcz8.dfdjjvef.cc/	ScriptElement	368 B	2025-05-22	2025-05-22
Pretty URL h4wcz8.dfdjjvef.cc/ IP 154.207.77.29 ASN #63888 DATAWING LIMITED Introduced by scriptElement Embedded in HTML true Observations First Seen2025-05-22 18:49 Last Seen2025-05-22 18:49 Times Seen1 Hash 13cc1b0a723b9529995ef7a594b6e8ef e35e78eb1e10ce9f478d133bc5257c1db858f467 9ab5419816f8724d289121b5bc9ea42e9975a6ae00a7aabafa3cec27dd468876 Loading...

	www.googletagmanager.com/gtag/js?id=G-10JG7H60P0&l=dataLayer&cx=c&gtm=45je54p1v9218846652za204&tag_exp=102887800~103051953~103077950~103106314~103106316~103116026~103200004	ScriptElement	385 kB	2025-05-22	2025-05-22
Pretty URL www.googletagmanager.com/gtag/js?id=G-10JG7H60P0&l=dataLayer&cx=c&gtm=45je54p1v9218846652za204&tag_exp=102887800~103051953~103077950~103106314~103106316~103116026~103200004 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-22 18:49 Last Seen2025-05-22 18:49 Times Seen1 Hash 3e203ea5eeb05a078cd89a245c2fd706 dba4a8490386837a1184bbd044dec7042b13e9aa 86dccf6bf23367aeee155e99882471753a6196eb361505d25ce8f7e026c056b9 Loading...

	h4wcz8.dfdjjvef.cc/	ScriptElement	683 B	2023-03-13	2025-06-23
Pretty URL h4wcz8.dfdjjvef.cc/ IP 154.207.77.29 ASN #63888 DATAWING LIMITED Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-13 16:33 Last Seen2025-06-23 23:54 Times Seen409 Hash d1a7f8805bfaf711f28437f8ab936ca9 6f6d4f865195ee84d2cb4349f785ac3e2529decb 1c47e66880af5210a71b11dae6f3b7fd15259b6ca025b933604e17850d06d774 Loading...

	h4wcz8.dfdjjvef.cc/	ScriptElement	2.0 kB	2025-05-22	2025-05-22
Pretty URL h4wcz8.dfdjjvef.cc/ IP 154.207.77.29 ASN #63888 DATAWING LIMITED Introduced by scriptElement Embedded in HTML true Observations First Seen2025-05-22 18:49 Last Seen2025-05-22 18:49 Times Seen1 Hash 3f062d965b9bf8470ad709ccd60d36ec 804521baea31ae84a8ae07c85b9b0ea39722067f 7dc10ee1796db57f97cc7225877894baeb17442498d5b76823358f4bb1c7b7c5 Loading...

	h4wcz8.dfdjjvef.cc/	ScriptElement	144 B	2023-03-08	2025-06-23
Pretty URL h4wcz8.dfdjjvef.cc/ IP 154.207.77.29 ASN #63888 DATAWING LIMITED Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 09:43 Last Seen2025-06-23 23:54 Times Seen421 Hash e50ebfcefd6cb362885dc70437b0b101 e6e5d4b64aac6e38387e236b4b02315fe29fab79 f1f9bf4ad7f37b1525d117e49369dc6d7116efca1c61f2de3c9b2b837bad2d2b Loading...

	h4wcz8.dfdjjvef.cc/	ScriptElement	10 kB	2024-07-03	2025-06-23
Pretty URL h4wcz8.dfdjjvef.cc/ IP 154.207.77.29 ASN #63888 DATAWING LIMITED Introduced by scriptElement Embedded in HTML true Observations First Seen2024-07-03 01:46 Last Seen2025-06-23 23:54 Times Seen232 Hash cc811a5cd93bcc9113024c1ebfd4a693 0f10a82bac587f26d74332186c541b0eadfaed6e b366a6154c6f920b6f1fdb28a55683931fb7f4b750a9f9da341d08012ce30e58 Loading...

	h4wcz8.dfdjjvef.cc/	ScriptElement	55 B	2023-03-08	2025-06-23
Pretty URL h4wcz8.dfdjjvef.cc/ IP 154.207.77.29 ASN #63888 DATAWING LIMITED Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 09:43 Last Seen2025-06-23 23:54 Times Seen503 Hash bc102016899b24c77e9c95a22f063c13 8c020ef51e507f0af8d6fd4bcad8c9457a4dfc6c 3913329daf0872fefe111917f6584d602e95744e75d57208243f4698ec1f93c0 Loading...

	h4wcz8.dfdjjvef.cc/usr/plugins/tbxw/js/zzz.js	ScriptElement	51 kB	2023-03-13	2025-06-23
Pretty URL h4wcz8.dfdjjvef.cc/usr/plugins/tbxw/js/zzz.js IP 154.207.77.29 ASN #63888 DATAWING LIMITED Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 16:33 Last Seen2025-06-23 23:54 Times Seen439 Hash 78dab9fcf576de8cba46edd716dd2309 7113abe41f95159f9bfccf70d01bdda1055af2ad 7c66d6c8e2c470780513a282b66e2b5b7429ed863d6a0ecd6054b38dcda004b5 Loading...

	h4wcz8.dfdjjvef.cc/	ScriptElement	607 B	2023-03-08	2025-06-23
Pretty URL h4wcz8.dfdjjvef.cc/ IP 154.207.77.29 ASN #63888 DATAWING LIMITED Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 09:43 Last Seen2025-06-23 23:54 Times Seen405 Hash 0f644ded6bfc5d620f0c03a6978e7921 3b83566660b779a041666866b7c81a28959ff40a 003ca60c4cf5c0c65a3a2349a9ec7031584bbfb841829c5802b07bce41bcda61 Loading...

	h4wcz8.dfdjjvef.cc/	ScriptElement	964 B	2023-03-13	2025-06-23
Pretty URL h4wcz8.dfdjjvef.cc/ IP 154.207.77.29 ASN #63888 DATAWING LIMITED Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-13 14:43 Last Seen2025-06-23 17:44 Times Seen362 Hash b70b0e89651333305982c300fd02587e 49eec9898e49b95bfc440d0526952387af1cd14b 7e07fd1054291d235d0d1c4edd80cd78517a651789845cab76739943feab3461 Loading...

	h4wcz8.dfdjjvef.cc/	ScriptElement	555 B	2025-05-22	2025-05-22
Pretty URL h4wcz8.dfdjjvef.cc/ IP 154.207.77.29 ASN #63888 DATAWING LIMITED Introduced by scriptElement Embedded in HTML true Observations First Seen2025-05-22 18:49 Last Seen2025-05-22 18:49 Times Seen1 Hash 21784ca27ddd4505ea2b0ef02382b6d8 e890cdb71f6cd7f5d034de08641e662b92dc34f3 263217c1a874389a2c90d5af6130023a025263b6341d0b5fb962ff7ec64c4ef4 Loading...

	h4wcz8.dfdjjvef.cc/usr/themes/Mirages/static/jquery/2.2.4/jquery.min.js	ScriptElement	86 kB	2023-03-07	2025-06-24
Pretty URL h4wcz8.dfdjjvef.cc/usr/themes/Mirages/static/jquery/2.2.4/jquery.min.js IP 154.207.77.29 ASN #63888 DATAWING LIMITED Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-06-24 04:39 Times Seen182437 Hash 2f6b11a7e914718e0290410e85366fe9 69bb69e25ca7d5ef0935317584e6153f3fd9a88c 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e Loading...

	h4wcz8.dfdjjvef.cc/	ScriptElement	555 B	2025-05-22	2025-05-22
Pretty URL h4wcz8.dfdjjvef.cc/ IP 154.207.77.29 ASN #63888 DATAWING LIMITED Introduced by scriptElement Embedded in HTML true Observations First Seen2025-05-22 18:49 Last Seen2025-05-22 18:49 Times Seen1 Hash 18c692c65df0b7c3c875fecc22f95af8 fb8943ab2ef831dbd09617f2226d6d799a0590bc af4308d36307b3fd5b134d0ad67f274dd9641c0faf76346ca0cfdfb8f113102a Loading...

HTTP Transactions (65)

URL IP Response Size

GET h4wcz8.dfdjjvef.cc/usr/plugins/tbxw/js/zzz.js

154.207.77.29

200 OK

51 kB

URL GET
h4wcz8.dfdjjvef.cc/usr/plugins/tbxw/js/zzz.js
IP
154.207.77.29:443
ASN
#63888 DATAWING LIMITED

Requested by
https://h4wcz8.dfdjjvef.cc/
Certificate
IssuerCLOUDFLARE, INC.
Subjectdfdjjvef.cc
Fingerprint58:A9:EB:5F:81:E3:C9:C8:1B:A7:0C:A9:BB:17:85:27:06:6D:64:EB
ValidityTue, 08 Apr 2025 06:59:58 GMT - Mon, 07 Jul 2025 07:07:25 GMT

File type
JavaScript source, ASCII text, with very long lines (48316)
Size
51 kB (50811 bytes)
Hash
78dab9fcf576de8cba46edd716dd2309
7113abe41f95159f9bfccf70d01bdda1055af2ad
7c66d6c8e2c470780513a282b66e2b5b7429ed863d6a0ecd6054b38dcda004b5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /usr/plugins/tbxw/js/zzz.js HTTP/1.1
Host: h4wcz8.dfdjjvef.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://h4wcz8.dfdjjvef.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 22 May 2025 18:48:47 GMT
content-type: application/javascript
server: cloudflare
last-modified: Thu, 20 Jul 2023 08:30:09 GMT
vary: Accept-Encoding
etag: W/"64b8f091-c67b"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=2,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=yf6jVoYGmIq9H1i1yrEMMJBoLbWGscsoUaW%2FdS5HYRk6watJujCKgv6exUC5A9UKtwKAJ1bfEGFaDR3V4doD2O7rrRkQA63uYJJfSfcKm84%3D"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 943e7d5e4e5592f7-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET h4wcz8.dfdjjvef.cc/usr/plugins/ArtPlayer/assets/ads.js

154.207.77.29

200 OK

14 kB

URL GET
h4wcz8.dfdjjvef.cc/usr/plugins/ArtPlayer/assets/ads.js
IP
154.207.77.29:443
ASN
#63888 DATAWING LIMITED

Requested by
https://h4wcz8.dfdjjvef.cc/
Certificate
IssuerCLOUDFLARE, INC.
Subjectdfdjjvef.cc
Fingerprint58:A9:EB:5F:81:E3:C9:C8:1B:A7:0C:A9:BB:17:85:27:06:6D:64:EB
ValidityTue, 08 Apr 2025 06:59:58 GMT - Mon, 07 Jul 2025 07:07:25 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (1245)
Size
14 kB (13793 bytes)
Hash
f3028d03f85cbd4e647eea126066dcfa
92819e469a0d69b0de91a2d5604b865656013fef
e5c49a3f854bec72b9ae79e60969e57c955633dd8a55cd23063c27ea790a1a37

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /usr/plugins/ArtPlayer/assets/ads.js HTTP/1.1
Host: h4wcz8.dfdjjvef.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://h4wcz8.dfdjjvef.cc/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 22 May 2025 18:48:47 GMT
content-type: application/javascript
server: cloudflare
last-modified: Wed, 28 Feb 2024 06:47:04 GMT
vary: Accept-Encoding
etag: W/"65ded6e8-35e1"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=3,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Of5Wn9DGGbvom8gtf2fNwiEIr19UTsxyIzLzsT%2BhZDeHJ1ifgh2BjmGcCz6NGWZ70CVWg3kjPRgQU9mRUYGHMaoCjJRTYBuIsn%2FdssBjPdI%3D"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 943e7d5edeca92f7-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET pic.szmpe.cn/upload_01/xiao/20250522/2025052219545118174.jpeg

43.152.140.79

200 OK

256 kB

URL GET
pic.szmpe.cn/upload_01/xiao/20250522/2025052219545118174.jpeg
IP
43.152.140.79:443
ASN
#139341 ACE

Requested by
https://h4wcz8.dfdjjvef.cc/
Certificate
IssuerZeroSSL
Subject*.szmpe.cn
FingerprintE3:F1:93:B0:DA:A3:D8:9D:1B:BD:86:6C:1A:29:1C:92:88:9D:5E:E7
ValidityThu, 15 May 2025 00:00:00 GMT - Wed, 13 Aug 2025 23:59:59 GMT

File type
data
Size
256 kB (255872 bytes)
Hash
5b5dfba1ddb21aa703d1248f39d7d3c3
f781eef8a31c9d3d6c29ac8fa75f1a0f4194f54d
262b2e6d4bddc3520b87aca570391e2ef1f4e6b82e4e58a764c9589246cb0cab

HTTP Headers

GET /upload_01/xiao/20250522/2025052219545118174.jpeg HTTP/1.1
Host: pic.szmpe.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://h4wcz8.dfdjjvef.cc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Last-Modified: Thu, 22 May 2025 11:54:56 GMT
Etag: "5b5dfba1ddb21aa703d1248f39d7d3c3"
Content-Type: binary/octet-stream
Date: Thu, 22 May 2025 18:04:51 GMT
x-amz-server-side-encryption: AES256
Server: nginx
X-Cache: Hit from cloudfront
X-Amz-Cf-Pop: ARN53-P2
Age: 916
Content-Length: 255872
Accept-Ranges: bytes
X-NWS-LOG-UUID: 2479322815866709708
Connection: keep-alive
X-Cache-Lookup: Cache Hit
Access-Control-Allow-Origin: *

GET pic.szmpe.cn/upload_01/xiao/20250522/2025052213120969155.jpeg

43.152.140.79

200 OK

284 kB

URL GET
pic.szmpe.cn/upload_01/xiao/20250522/2025052213120969155.jpeg
IP
43.152.140.79:443
ASN
#139341 ACE

Requested by
https://h4wcz8.dfdjjvef.cc/
Certificate
IssuerZeroSSL
Subject*.szmpe.cn
FingerprintE3:F1:93:B0:DA:A3:D8:9D:1B:BD:86:6C:1A:29:1C:92:88:9D:5E:E7
ValidityThu, 15 May 2025 00:00:00 GMT - Wed, 13 Aug 2025 23:59:59 GMT

File type
data
Size
284 kB (284288 bytes)
Hash
65bba7987527ee26630b8f6e24548757
abcadd3f53863f014fbdcac2afdc8580342244b2
094e7a90db36332ee847ddd40497ca67256801002ad3b1bdb20115e28391cd5e

HTTP Headers

GET /upload_01/xiao/20250522/2025052213120969155.jpeg HTTP/1.1
Host: pic.szmpe.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://h4wcz8.dfdjjvef.cc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Last-Modified: Thu, 22 May 2025 05:12:13 GMT
Etag: "65bba7987527ee26630b8f6e24548757"
Content-Type: binary/octet-stream
Date: Thu, 22 May 2025 18:04:51 GMT
x-amz-server-side-encryption: AES256
Server: nginx
X-Cache: Hit from cloudfront
X-Amz-Cf-Pop: ARN53-P2
Age: 917
Content-Length: 284288
Accept-Ranges: bytes
X-NWS-LOG-UUID: 18143724452021473749
Connection: keep-alive
X-Cache-Lookup: Cache Hit
Access-Control-Allow-Origin: *

GET stats.kwvprfcr.xyz/js/script.js

156.255.123.29

200 OK

2.6 kB

URL GET
stats.kwvprfcr.xyz/js/script.js
IP
156.255.123.29:443
ASN
#63888 DATAWING LIMITED

Requested by
https://h4wcz8.dfdjjvef.cc/
Certificate
IssuerGoogle Trust Services
Subjectkwvprfcr.xyz
FingerprintA2:D1:48:93:98:C3:BE:C1:F9:23:5A:80:44:C9:8E:83:27:3E:DF:44
ValidityMon, 05 May 2025 06:32:43 GMT - Sun, 03 Aug 2025 07:31:10 GMT

File type
JavaScript source, ASCII text, with very long lines (2618), with no line terminators
Size
2.6 kB (2618 bytes)
Hash
b7b61c8ea52fe5ad1c778b6423c9b1e6
96395022474cce70ed2c8c6c0376c36d26040d13
91bda7309b059f33f21531717082b701d20fafbd5493c838029e942952018dd2

HTTP Headers

GET /js/script.js HTTP/1.1
Host: stats.kwvprfcr.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://h4wcz8.dfdjjvef.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 22 May 2025 18:48:47 GMT
content-type: application/javascript
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
access-control-allow-origin: *
cache-control: public, max-age=86400, must-revalidate
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cf-cache-status: HIT
age: 40004
last-modified: Thu, 22 May 2025 07:42:03 GMT
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=KqHC88z5sQgfHDah5NKS726qPh1udUHUaPmqJGQzVcjLid0qzySwwD3gYeSQZ2wo9%2B%2F19nGijENx%2BW7k%2BFRU%2FDYcMD8HgKAIXBurSu0qpV8%3D"}]}
vary: accept-encoding
content-encoding: br
cf-ray: 943e7d5edd40eb4a-CPH
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET h4wcz8.dfdjjvef.cc/usr/themes/Mirages/js/7.10.0/mirages.main.min.js?v=2

154.207.77.29

200 OK

314 kB

URL GET
h4wcz8.dfdjjvef.cc/usr/themes/Mirages/js/7.10.0/mirages.main.min.js?v=2
IP
154.207.77.29:443
ASN
#63888 DATAWING LIMITED

Requested by
https://h4wcz8.dfdjjvef.cc/
Certificate
IssuerCLOUDFLARE, INC.
Subjectdfdjjvef.cc
Fingerprint58:A9:EB:5F:81:E3:C9:C8:1B:A7:0C:A9:BB:17:85:27:06:6D:64:EB
ValidityTue, 08 Apr 2025 06:59:58 GMT - Mon, 07 Jul 2025 07:07:25 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (942)
Size
314 kB (314224 bytes)
Hash
b906574e5d3d8101059df22fbca5fec9
8dfa1aa037059ccde77ebb6054b5c9192871bd3f
fd6ce2962245bfe57988bc207147f5fb08bf20951c469bdd6d25789bb10c25e4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /usr/themes/Mirages/js/7.10.0/mirages.main.min.js?v=2 HTTP/1.1
Host: h4wcz8.dfdjjvef.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://h4wcz8.dfdjjvef.cc/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 22 May 2025 18:48:47 GMT
content-type: application/javascript
server: cloudflare
last-modified: Tue, 15 Oct 2024 06:43:14 GMT
vary: Accept-Encoding
etag: W/"670e0f02-4cb70"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=3,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=4aH0vMNwa%2F8uffhlLXcVMS%2FAUpzD%2FvwoVVNCD7K13%2FsMb5hHUdbJpwkmaiKTi%2BtCEwfwrZH6ayP5eAcvrnbhIdeTS5EbXCErpzpnY6Da2sw%3D"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 943e7d5e6e6192f7-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET www.googletagmanager.com/gtag/js?id=G-9VNFJ61R7R

142.250.74.168

200 OK

385 kB

URL GET
www.googletagmanager.com/gtag/js?id=G-9VNFJ61R7R
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://h4wcz8.dfdjjvef.cc/
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint02:7D:56:C0:B9:20:0C:27:A4:AC:B9:8F:9D:45:1D:85:2A:30:50:AD
ValidityMon, 21 Apr 2025 08:40:41 GMT - Mon, 14 Jul 2025 08:40:40 GMT

File type
JavaScript source, ASCII text, with very long lines (6125)
Size
385 kB (385156 bytes)
Hash
8002f049b5a2f2f36d36d99b49167c34
f57e980ad67fd1de2b72c52f2143b6cc8806d101
d7a6acdbfa1a34ed70e56926c93d5df16be2661050740ba5938996d3087a3f30

HTTP Headers

GET /gtag/js?id=G-9VNFJ61R7R HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 22 May 2025 18:48:47 GMT
expires: Thu, 22 May 2025 18:48:47 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1075:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1075:0
report-to: {"group":"ascgcycc:1075:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1075:0"}],}
server: Google Tag Manager
content-length: 128841
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET pic.szmpe.cn/upload_01/xiao/20250522/2025052218532220469.jpeg

43.152.140.79

200 OK

176 kB

URL GET
pic.szmpe.cn/upload_01/xiao/20250522/2025052218532220469.jpeg
IP
43.152.140.79:443
ASN
#139341 ACE

Requested by
https://h4wcz8.dfdjjvef.cc/
Certificate
IssuerZeroSSL
Subject*.szmpe.cn
FingerprintE3:F1:93:B0:DA:A3:D8:9D:1B:BD:86:6C:1A:29:1C:92:88:9D:5E:E7
ValidityThu, 15 May 2025 00:00:00 GMT - Wed, 13 Aug 2025 23:59:59 GMT

File type
data
Size
176 kB (176480 bytes)
Hash
226abbd5d5599842ef9dd6979d5d55eb
760ae83bcb165e0759d15384de0c8dcb8fd2b100
2803c86606eecaa723baf1c0f31c4c2861df7032e6d4e7817468bb3c64b30612

HTTP Headers

GET /upload_01/xiao/20250522/2025052218532220469.jpeg HTTP/1.1
Host: pic.szmpe.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://h4wcz8.dfdjjvef.cc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Last-Modified: Thu, 22 May 2025 11:34:33 GMT
Etag: "226abbd5d5599842ef9dd6979d5d55eb"
Content-Type: binary/octet-stream
Date: Thu, 22 May 2025 12:14:52 GMT
x-amz-server-side-encryption: AES256
Server: nginx
X-Cache: Hit from cloudfront
X-Amz-Cf-Pop: ARN53-P2
Age: 8058
Content-Length: 176480
Accept-Ranges: bytes
X-NWS-LOG-UUID: 9900263754367918821
Connection: keep-alive
X-Cache-Lookup: Cache Hit
Access-Control-Allow-Origin: *

GET pic.szmpe.cn/upload_01/xiao/20250522/2025052220390869031.jpeg

43.152.140.79

200 OK

243 kB

URL GET
pic.szmpe.cn/upload_01/xiao/20250522/2025052220390869031.jpeg
IP
43.152.140.79:443
ASN
#139341 ACE

Requested by
https://h4wcz8.dfdjjvef.cc/
Certificate
IssuerZeroSSL
Subject*.szmpe.cn
FingerprintE3:F1:93:B0:DA:A3:D8:9D:1B:BD:86:6C:1A:29:1C:92:88:9D:5E:E7
ValidityThu, 15 May 2025 00:00:00 GMT - Wed, 13 Aug 2025 23:59:59 GMT

File type
data
Size
243 kB (243216 bytes)
Hash
ec1447fbde0343ae772f78b6366e967a
8a6ceb240527a4363f0f8a97c506556a548f30a2
06d89812d2c210b720aa0d9b426591b3fa56e3e1e40b5eea0a6a506465dc98e2

HTTP Headers

GET /upload_01/xiao/20250522/2025052220390869031.jpeg HTTP/1.1
Host: pic.szmpe.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://h4wcz8.dfdjjvef.cc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Last-Modified: Thu, 22 May 2025 12:39:13 GMT
Etag: "ec1447fbde0343ae772f78b6366e967a"
Content-Type: binary/octet-stream
Date: Thu, 22 May 2025 14:05:56 GMT
x-amz-server-side-encryption: AES256
Server: nginx
X-Cache: Hit from cloudfront
X-Amz-Cf-Pop: ARN53-P2
Age: 1403
Content-Length: 243216
Accept-Ranges: bytes
X-NWS-LOG-UUID: 12995138918255797286
Connection: keep-alive
X-Cache-Lookup: Cache Hit
Access-Control-Allow-Origin: *

GET pic.szmpe.cn/upload_01/xiao/20250216/2025021616434335431.gif

43.152.140.79

200 OK

425 kB

URL GET
pic.szmpe.cn/upload_01/xiao/20250216/2025021616434335431.gif
IP
43.152.140.79:443
ASN
#139341 ACE

Requested by
https://h4wcz8.dfdjjvef.cc/
Certificate
IssuerZeroSSL
Subject*.szmpe.cn
FingerprintE3:F1:93:B0:DA:A3:D8:9D:1B:BD:86:6C:1A:29:1C:92:88:9D:5E:E7
ValidityThu, 15 May 2025 00:00:00 GMT - Wed, 13 Aug 2025 23:59:59 GMT

File type
data
Size
425 kB (424704 bytes)
Hash
e7ca196bd5e00642bbf2fe1867069b8e
b4b243c716e796e8b864e6d71910ed2fa11dffc8
f661a778de3b94aa1bf70a9ec176bd2e8ed1d471ad271901cff21042b8500422

HTTP Headers

GET /upload_01/xiao/20250216/2025021616434335431.gif HTTP/1.1
Host: pic.szmpe.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://h4wcz8.dfdjjvef.cc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Last-Modified: Sun, 16 Feb 2025 08:43:58 GMT
Etag: "e7ca196bd5e00642bbf2fe1867069b8e"
Content-Type: binary/octet-stream
Date: Sat, 03 May 2025 07:25:11 GMT
x-amz-server-side-encryption: AES256
Server: nginx
X-Cache: Hit from cloudfront
X-Amz-Cf-Pop: ARN53-P2
Age: 1029
Content-Length: 424704
Accept-Ranges: bytes
X-NWS-LOG-UUID: 12480582574511085824
Connection: keep-alive
X-Cache-Lookup: Cache Hit
Access-Control-Allow-Origin: *
Cache-Control: max-age=864000

GET pic.szmpe.cn/upload_01/xiao/20250522/2025052218211680018.jpeg

43.152.140.79

200 OK

179 kB

URL GET
pic.szmpe.cn/upload_01/xiao/20250522/2025052218211680018.jpeg
IP
43.152.140.79:443
ASN
#139341 ACE

Requested by
https://h4wcz8.dfdjjvef.cc/
Certificate
IssuerZeroSSL
Subject*.szmpe.cn
FingerprintE3:F1:93:B0:DA:A3:D8:9D:1B:BD:86:6C:1A:29:1C:92:88:9D:5E:E7
ValidityThu, 15 May 2025 00:00:00 GMT - Wed, 13 Aug 2025 23:59:59 GMT

File type
data
Size
179 kB (178864 bytes)
Hash
733ece9be5131feba89fd77f07d727be
a1000d15f79a3bdd3131ce358ad44f6b0428edc8
432dc99e7e69b97bebbb025356c08e5018b96ac0350724ddf45789b610d7414b

HTTP Headers

GET /upload_01/xiao/20250522/2025052218211680018.jpeg HTTP/1.1
Host: pic.szmpe.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://h4wcz8.dfdjjvef.cc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Last-Modified: Thu, 22 May 2025 13:30:58 GMT
Etag: "733ece9be5131feba89fd77f07d727be"
Content-Type: binary/octet-stream
Date: Thu, 22 May 2025 13:44:00 GMT
x-amz-server-side-encryption: AES256
Server: nginx
X-Cache: Hit from cloudfront
X-Amz-Cf-Pop: ARN53-P2
Age: 4225
Content-Length: 178864
Accept-Ranges: bytes
X-NWS-LOG-UUID: 755004442989928376
Connection: keep-alive
X-Cache-Lookup: Cache Hit
Access-Control-Allow-Origin: *

GET h4wcz8.dfdjjvef.cc/usr/themes/Mirages/images/banner.png

154.207.77.29

200 OK

3.5 kB

URL GET
h4wcz8.dfdjjvef.cc/usr/themes/Mirages/images/banner.png
IP
154.207.77.29:443
ASN
#63888 DATAWING LIMITED

Requested by
https://h4wcz8.dfdjjvef.cc/
Certificate
IssuerCLOUDFLARE, INC.
Subjectdfdjjvef.cc
Fingerprint58:A9:EB:5F:81:E3:C9:C8:1B:A7:0C:A9:BB:17:85:27:06:6D:64:EB
ValidityTue, 08 Apr 2025 06:59:58 GMT - Mon, 07 Jul 2025 07:07:25 GMT

File type
PNG image data, 950 x 110, 8-bit colormap, non-interlaced
Size
3.5 kB (3493 bytes)
Hash
14bda441dec91decadbc016b97d00251
fa008d640599597773d71b1bf7c05e73b2d3de2b
609d1f576aaf9840f82f187125deb52905ea8fcbaba64089167e73c4e60791cc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /usr/themes/Mirages/images/banner.png HTTP/1.1
Host: h4wcz8.dfdjjvef.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://h4wcz8.dfdjjvef.cc/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 22 May 2025 18:48:47 GMT
content-type: image/png
content-length: 3493
server: cloudflare
last-modified: Thu, 16 May 2024 09:28:41 GMT
etag: "6645d1c9-da5"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
accept-ranges: bytes
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=4,i=?0
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=%2FlY2fKeaVsoqf9Qc5kLrXGPTI%2BOyDg8EaeBNWsimmNuJyUtxmOCQpg0zmoecn5lrLC80CnoCR8AH%2Bv0Bvs8zBRMJ2mxz%2FUtA3KP8PXwlMxY%3D"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 943e7d5e5e6092f7-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET h4wcz8.dfdjjvef.cc/usr/plugins/ArtPlayer/assets/player.js?v=1

154.207.77.29

200 OK

7.9 kB

URL GET
h4wcz8.dfdjjvef.cc/usr/plugins/ArtPlayer/assets/player.js?v=1
IP
154.207.77.29:443
ASN
#63888 DATAWING LIMITED

Requested by
https://h4wcz8.dfdjjvef.cc/
Certificate
IssuerCLOUDFLARE, INC.
Subjectdfdjjvef.cc
Fingerprint58:A9:EB:5F:81:E3:C9:C8:1B:A7:0C:A9:BB:17:85:27:06:6D:64:EB
ValidityTue, 08 Apr 2025 06:59:58 GMT - Mon, 07 Jul 2025 07:07:25 GMT

File type
JavaScript source, Unicode text, UTF-8 text
Size
7.9 kB (7874 bytes)
Hash
63897165caae01d73a3ef7ea67bc8156
4f5163194b8a6cb85b439eea1d280157f9a43b69
50e8323b644bf912fff1d323fef17e9062967ddb27da7fb3fbdb2e46f91f0465

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /usr/plugins/ArtPlayer/assets/player.js?v=1 HTTP/1.1
Host: h4wcz8.dfdjjvef.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://h4wcz8.dfdjjvef.cc/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 22 May 2025 18:48:47 GMT
content-type: application/javascript
server: cloudflare
last-modified: Wed, 28 Feb 2024 06:47:04 GMT
vary: Accept-Encoding
etag: W/"65ded6e8-1ec2"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=3,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=brmQEEIvHO0TQ%2BJwOgBalkENgadf2KA3hgQLXKzKazuaR%2FObkYQKaqLDYo0wQoNyZCX8P%2FAsl5ciQy8jNYYgoTU9%2FMlDvLFweKS5tLcn4So%3D"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 943e7d5ebeb692f7-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET pic.szmpe.cn/upload_01/xiao/20250324/2025032416590669853.jpeg

43.152.140.79

200 OK

103 kB

URL GET
pic.szmpe.cn/upload_01/xiao/20250324/2025032416590669853.jpeg
IP
43.152.140.79:443
ASN
#139341 ACE

Requested by
https://h4wcz8.dfdjjvef.cc/
Certificate
IssuerZeroSSL
Subject*.szmpe.cn
FingerprintE3:F1:93:B0:DA:A3:D8:9D:1B:BD:86:6C:1A:29:1C:92:88:9D:5E:E7
ValidityThu, 15 May 2025 00:00:00 GMT - Wed, 13 Aug 2025 23:59:59 GMT

File type
data
Size
103 kB (103056 bytes)
Hash
00681354ab4e485815b7dd4ba543372e
0d195ef594badcd88229b5c612acadc3a1ca6e03
c044501dfda1601c4172bbd3d13c5065a7d7fcc21304fc6b8b788e2bec7537fc

HTTP Headers

GET /upload_01/xiao/20250324/2025032416590669853.jpeg HTTP/1.1
Host: pic.szmpe.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://h4wcz8.dfdjjvef.cc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Last-Modified: Mon, 24 Mar 2025 09:04:57 GMT
Etag: "00681354ab4e485815b7dd4ba543372e"
Content-Type: binary/octet-stream
Date: Sat, 03 May 2025 07:51:37 GMT
x-amz-server-side-encryption: AES256
Server: nginx
X-Cache: Hit from cloudfront
X-Amz-Cf-Pop: ARN53-P2
Age: 533
Content-Length: 103056
Accept-Ranges: bytes
X-NWS-LOG-UUID: 9530311448476957048
Connection: keep-alive
X-Cache-Lookup: Cache Hit
Access-Control-Allow-Origin: *

GET pic.szmpe.cn/upload_01/xiao/20250304/2025030421040832398.gif

43.152.140.79

200 OK

93 kB

URL GET
pic.szmpe.cn/upload_01/xiao/20250304/2025030421040832398.gif
IP
43.152.140.79:443
ASN
#139341 ACE

Requested by
https://h4wcz8.dfdjjvef.cc/
Certificate
IssuerZeroSSL
Subject*.szmpe.cn
FingerprintE3:F1:93:B0:DA:A3:D8:9D:1B:BD:86:6C:1A:29:1C:92:88:9D:5E:E7
ValidityThu, 15 May 2025 00:00:00 GMT - Wed, 13 Aug 2025 23:59:59 GMT

File type
data
Size
93 kB (93312 bytes)
Hash
f8010b62f727cdf32a0858a816eea970
c036347aa6410b070211fa96ce77f3304e6e980e
2ffeb58898686b4e33d8b368edc06147808a03b7430299187ba177d0b77065fa

HTTP Headers

GET /upload_01/xiao/20250304/2025030421040832398.gif HTTP/1.1
Host: pic.szmpe.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://h4wcz8.dfdjjvef.cc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Last-Modified: Tue, 04 Mar 2025 13:05:36 GMT
Etag: "f8010b62f727cdf32a0858a816eea970"
Content-Type: binary/octet-stream
Date: Sat, 03 May 2025 07:25:12 GMT
x-amz-server-side-encryption: AES256
Server: nginx
X-Cache: Hit from cloudfront
X-Amz-Cf-Pop: ARN53-P2
Age: 1027
Content-Length: 93312
Accept-Ranges: bytes
X-NWS-LOG-UUID: 8915488714480341858
Connection: keep-alive
X-Cache-Lookup: Cache Hit
Access-Control-Allow-Origin: *
Cache-Control: max-age=864000

GET h4wcz8.dfdjjvef.cc/usr/themes/Mirages/js/layui/css/modules/layer/default/layer.css?v=3.5.1

154.207.77.29

200 OK

14 kB

URL GET
h4wcz8.dfdjjvef.cc/usr/themes/Mirages/js/layui/css/modules/layer/default/layer.css?v=3.5.1
IP
154.207.77.29:443
ASN
#63888 DATAWING LIMITED

Requested by
https://h4wcz8.dfdjjvef.cc/
Certificate
IssuerCLOUDFLARE, INC.
Subjectdfdjjvef.cc
Fingerprint58:A9:EB:5F:81:E3:C9:C8:1B:A7:0C:A9:BB:17:85:27:06:6D:64:EB
ValidityTue, 08 Apr 2025 06:59:58 GMT - Mon, 07 Jul 2025 07:07:25 GMT

File type
ASCII text, with very long lines (14271), with no line terminators
Size
14 kB (14271 bytes)
Hash
c234eb06d5f32055092294e78957f17d
f15ee0bcb9694f32f5e1d524f2653aa0dd043402
5cdf3edb27b0c9f8e48918c486e9ae65a9e5beab806b64c4a7bc5bac53c0f540

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /usr/themes/Mirages/js/layui/css/modules/layer/default/layer.css?v=3.5.1 HTTP/1.1
Host: h4wcz8.dfdjjvef.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://h4wcz8.dfdjjvef.cc/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 22 May 2025 18:48:48 GMT
content-type: text/css
server: cloudflare
last-modified: Thu, 20 Jul 2023 08:30:09 GMT
vary: Accept-Encoding
etag: W/"64b8f091-37bf"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=2,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=tPTsM6ZTl9rNeyaB2z9%2BaKN0edCNrowCO3cl5xwnddfcqUKNtKpH4wzywJ42bUqRRM3CNPN%2F3IVS5LQdGSxE0VrzXw0d14DATtIEwtw5WPM%3D"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 943e7d65ac2992f7-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET pic.szmpe.cn/upload/xiao/20240517/2024051700044639302.gif

43.152.140.79

200 OK

151 kB

URL GET
pic.szmpe.cn/upload/xiao/20240517/2024051700044639302.gif
IP
43.152.140.79:443
ASN
#139341 ACE

Requested by
https://h4wcz8.dfdjjvef.cc/
Certificate
IssuerZeroSSL
Subject*.szmpe.cn
FingerprintE3:F1:93:B0:DA:A3:D8:9D:1B:BD:86:6C:1A:29:1C:92:88:9D:5E:E7
ValidityThu, 15 May 2025 00:00:00 GMT - Wed, 13 Aug 2025 23:59:59 GMT

File type
data
Size
151 kB (151104 bytes)
Hash
ab5dc10ed0cfe7789fea3b8a618780a9
e2dfd4ee3a3d8aac7eced3878501458864fcc2de
12df99d2d272232148e78e461a3896bb60108ffa44a54e836fb52cf0ccfe153e

HTTP Headers

GET /upload/xiao/20240517/2024051700044639302.gif HTTP/1.1
Host: pic.szmpe.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://h4wcz8.dfdjjvef.cc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Last-Modified: Thu, 16 May 2024 16:05:09 GMT
Etag: "ab5dc10ed0cfe7789fea3b8a618780a9"
Content-Type: binary/octet-stream
Date: Sat, 03 May 2025 07:25:10 GMT
x-amz-server-side-encryption: AES256
Server: nginx
X-Cache: Hit from cloudfront
X-Amz-Cf-Pop: ARN53-P2
Age: 1030
Content-Length: 151104
Accept-Ranges: bytes
X-NWS-LOG-UUID: 5003363962156409340
Connection: keep-alive
X-Cache-Lookup: Cache Hit
Access-Control-Allow-Origin: *
Cache-Control: max-age=864000

GET h4wcz8.dfdjjvef.cc/usr/themes/Mirages/css/7.10.0/mirages.min.css?v=14

154.207.77.29

200 OK

196 kB

URL GET
h4wcz8.dfdjjvef.cc/usr/themes/Mirages/css/7.10.0/mirages.min.css?v=14
IP
154.207.77.29:443
ASN
#63888 DATAWING LIMITED

Requested by
https://h4wcz8.dfdjjvef.cc/
Certificate
IssuerCLOUDFLARE, INC.
Subjectdfdjjvef.cc
Fingerprint58:A9:EB:5F:81:E3:C9:C8:1B:A7:0C:A9:BB:17:85:27:06:6D:64:EB
ValidityTue, 08 Apr 2025 06:59:58 GMT - Mon, 07 Jul 2025 07:07:25 GMT

File type
ASCII text, with very long lines (1228)
Size
196 kB (195736 bytes)
Hash
f5e9fd180691a327567959d3d77c59e0
0fd76d1aa6fb16eae41e6e40be178728ca8f7bb6
f998c996a89f2fcfb194ff32b1e97e2b2c9992047a8b4e50b7e1d50ccb5f4110

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /usr/themes/Mirages/css/7.10.0/mirages.min.css?v=14 HTTP/1.1
Host: h4wcz8.dfdjjvef.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://h4wcz8.dfdjjvef.cc/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 22 May 2025 18:48:47 GMT
content-type: text/css
server: cloudflare
last-modified: Mon, 02 Dec 2024 10:45:31 GMT
vary: Accept-Encoding
etag: W/"674d8fcb-2fc98"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=2,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=djzaNF3em2XRbMo%2FGC47jixdx0Jhzk6EguLv50fckA5CW5CDDlx6x4NyS%2Fn5ibGd3xqTqJuIoFJzngXFxmPUJJnHjdx1Spvk2YBaqQE3pD0%3D"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 943e7d5e4e5292f7-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET h4wcz8.dfdjjvef.cc/usr/themes/clipboard-2.0.js

154.207.77.29

200 OK

9.0 kB

URL GET
h4wcz8.dfdjjvef.cc/usr/themes/clipboard-2.0.js
IP
154.207.77.29:443
ASN
#63888 DATAWING LIMITED

Requested by
https://h4wcz8.dfdjjvef.cc/
Certificate
IssuerCLOUDFLARE, INC.
Subjectdfdjjvef.cc
Fingerprint58:A9:EB:5F:81:E3:C9:C8:1B:A7:0C:A9:BB:17:85:27:06:6D:64:EB
ValidityTue, 08 Apr 2025 06:59:58 GMT - Mon, 07 Jul 2025 07:07:25 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (8941)
Size
9.0 kB (9034 bytes)
Hash
ad98572d415d2f2452845a6068a913c0
6674f81dd01c76be986cf0a8172d1073e56d7ef4
baff7541be9c20f7f977f6993ce39cfa937a7bde69db6e7beebb8f68372682a1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /usr/themes/clipboard-2.0.js HTTP/1.1
Host: h4wcz8.dfdjjvef.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://h4wcz8.dfdjjvef.cc/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 22 May 2025 18:48:47 GMT
content-type: application/javascript
server: cloudflare
last-modified: Thu, 20 Jul 2023 08:30:09 GMT
vary: Accept-Encoding
etag: W/"64b8f091-234a"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=3,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=oEF1J6MJgqcOf6rpmp5lqkpi1EftSUA5iKH7dp1Lmb4%2BKfnB9F%2FvyShOCePkTouXMBRHQMEHwffA0fOxDHwEPoJzs8a4QwKEmzbQaWKOo%2BY%3D"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 943e7d5eeed392f7-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET pic.szmpe.cn/upload_01/xiao/20250521/2025052116250749501.jpeg

43.152.140.79

200 OK

141 kB

URL GET
pic.szmpe.cn/upload_01/xiao/20250521/2025052116250749501.jpeg
IP
43.152.140.79:443
ASN
#139341 ACE

Requested by
https://h4wcz8.dfdjjvef.cc/
Certificate
IssuerZeroSSL
Subject*.szmpe.cn
FingerprintE3:F1:93:B0:DA:A3:D8:9D:1B:BD:86:6C:1A:29:1C:92:88:9D:5E:E7
ValidityThu, 15 May 2025 00:00:00 GMT - Wed, 13 Aug 2025 23:59:59 GMT

File type
data
Size
141 kB (140704 bytes)
Hash
e767f91b99a999da0d76e2f7d267e0cf
701d6632942acf15cf371a287e21cf2512cf778d
1fc7a6ed42b3d4d16cf8e0542af799565aa78c5bdbe953c531165738e1f1ca49

HTTP Headers

GET /upload_01/xiao/20250521/2025052116250749501.jpeg HTTP/1.1
Host: pic.szmpe.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://h4wcz8.dfdjjvef.cc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Last-Modified: Wed, 21 May 2025 12:03:18 GMT
Etag: "e767f91b99a999da0d76e2f7d267e0cf"
Content-Type: binary/octet-stream
Date: Wed, 21 May 2025 12:20:35 GMT
x-amz-server-side-encryption: AES256
Server: nginx
X-Cache: Hit from cloudfront
X-Amz-Cf-Pop: ARN53-P2
Age: 3404
Content-Length: 140704
Accept-Ranges: bytes
X-NWS-LOG-UUID: 13441125982886102584
Connection: keep-alive
X-Cache-Lookup: Cache Hit
Access-Control-Allow-Origin: *

GET pic.szmpe.cn/upload/xiao/20240511/2024051118162066974.gif

43.152.140.79

200 OK

277 kB

URL GET
pic.szmpe.cn/upload/xiao/20240511/2024051118162066974.gif
IP
43.152.140.79:443
ASN
#139341 ACE

Requested by
https://h4wcz8.dfdjjvef.cc/
Certificate
IssuerZeroSSL
Subject*.szmpe.cn
FingerprintE3:F1:93:B0:DA:A3:D8:9D:1B:BD:86:6C:1A:29:1C:92:88:9D:5E:E7
ValidityThu, 15 May 2025 00:00:00 GMT - Wed, 13 Aug 2025 23:59:59 GMT

File type
data
Size
277 kB (277296 bytes)
Hash
ea9ec9579247e3acb4a62625bea98ccf
1ffe27260598927885b74299084feb7e41851447
f97ee8e1700f29485a12a37576a24aa6f4ef59e28ec6d8dc89d2e2bf9b938518

HTTP Headers

GET /upload/xiao/20240511/2024051118162066974.gif HTTP/1.1
Host: pic.szmpe.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://h4wcz8.dfdjjvef.cc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Last-Modified: Sat, 11 May 2024 10:16:56 GMT
Etag: "ea9ec9579247e3acb4a62625bea98ccf"
Content-Type: binary/octet-stream
Date: Sat, 03 May 2025 07:51:38 GMT
x-amz-server-side-encryption: AES256
Server: nginx
X-Cache: Hit from cloudfront
X-Amz-Cf-Pop: ARN53-P2
Age: 521
Content-Length: 277296
Accept-Ranges: bytes
X-NWS-LOG-UUID: 6440288756618893056
Connection: keep-alive
X-Cache-Lookup: Cache Hit
Access-Control-Allow-Origin: *
Cache-Control: max-age=864000

GET pic.szmpe.cn/upload_01/xiao/20250520/2025052017483198890.jpeg

43.152.140.79

200 OK

232 kB

URL GET
pic.szmpe.cn/upload_01/xiao/20250520/2025052017483198890.jpeg
IP
43.152.140.79:443
ASN
#139341 ACE

Requested by
https://h4wcz8.dfdjjvef.cc/
Certificate
IssuerZeroSSL
Subject*.szmpe.cn
FingerprintE3:F1:93:B0:DA:A3:D8:9D:1B:BD:86:6C:1A:29:1C:92:88:9D:5E:E7
ValidityThu, 15 May 2025 00:00:00 GMT - Wed, 13 Aug 2025 23:59:59 GMT

File type
data
Size
232 kB (231808 bytes)
Hash
8e5664fafbc6d0aa878935ec2fee5e5d
80561ebcb1b1c0d076034125ca6d930f5893b4f2
affadc786aac8b61c3a9174717ff8f483f9cf23234ad4e4d02556147ace8bea5

HTTP Headers

GET /upload_01/xiao/20250520/2025052017483198890.jpeg HTTP/1.1
Host: pic.szmpe.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://h4wcz8.dfdjjvef.cc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Last-Modified: Tue, 20 May 2025 12:00:18 GMT
Etag: "8e5664fafbc6d0aa878935ec2fee5e5d"
Content-Type: binary/octet-stream
Date: Tue, 20 May 2025 12:16:05 GMT
x-amz-server-side-encryption: AES256
Server: nginx
X-Cache: Miss from cloudfront
X-Amz-Cf-Pop: ARN53-P2
Content-Length: 231808
Accept-Ranges: bytes
X-NWS-LOG-UUID: 7409839814361936168
Connection: keep-alive
X-Cache-Lookup: Cache Hit
Access-Control-Allow-Origin: *

GET pic.szmpe.cn/upload_01/xiao/20241227/2024122711313452266.gif

43.152.140.79

200 OK

657 kB

URL GET
pic.szmpe.cn/upload_01/xiao/20241227/2024122711313452266.gif
IP
43.152.140.79:443
ASN
#139341 ACE

Requested by
https://h4wcz8.dfdjjvef.cc/
Certificate
IssuerZeroSSL
Subject*.szmpe.cn
FingerprintE3:F1:93:B0:DA:A3:D8:9D:1B:BD:86:6C:1A:29:1C:92:88:9D:5E:E7
ValidityThu, 15 May 2025 00:00:00 GMT - Wed, 13 Aug 2025 23:59:59 GMT

File type
data
Size
657 kB (656880 bytes)
Hash
dfff977fc91ea59bde845194575f0bdc
0b2dd3d9b49a6a0dfd0cbb4dbece32cb0dd3d685
b7251c1d116dff2aa582644014ccfb4f4ed1ba4d5dddcc5c7b1c8d6127d96efb

HTTP Headers

GET /upload_01/xiao/20241227/2024122711313452266.gif HTTP/1.1
Host: pic.szmpe.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://h4wcz8.dfdjjvef.cc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Last-Modified: Fri, 27 Dec 2024 03:36:53 GMT
Etag: "dfff977fc91ea59bde845194575f0bdc"
Content-Type: binary/octet-stream
Date: Sat, 03 May 2025 07:52:48 GMT
x-amz-server-side-encryption: AES256
Server: nginx
X-Cache: Hit from cloudfront
X-Amz-Cf-Pop: ARN53-P2
Age: 465
Content-Length: 656880
Accept-Ranges: bytes
X-NWS-LOG-UUID: 8962399301367073239
Connection: keep-alive
X-Cache-Lookup: Cache Hit
Access-Control-Allow-Origin: *
Cache-Control: max-age=864000

GET pic.szmpe.cn/upload_01/xiao/20250218/2025021822460783990.gif

43.152.140.79

200 OK

236 kB

URL GET
pic.szmpe.cn/upload_01/xiao/20250218/2025021822460783990.gif
IP
43.152.140.79:443
ASN
#139341 ACE

Requested by
https://h4wcz8.dfdjjvef.cc/
Certificate
IssuerZeroSSL
Subject*.szmpe.cn
FingerprintE3:F1:93:B0:DA:A3:D8:9D:1B:BD:86:6C:1A:29:1C:92:88:9D:5E:E7
ValidityThu, 15 May 2025 00:00:00 GMT - Wed, 13 Aug 2025 23:59:59 GMT

File type
data
Size
236 kB (235680 bytes)
Hash
9a420607aa7a75e84771cb9bec550ba5
b3991567323bbd845ddd8bb4e69a85a763fc0547
325bd0c1db61b168cd072d9ae345d8cdc315de481c8598403f0a868793d4a0fa

HTTP Headers

GET /upload_01/xiao/20250218/2025021822460783990.gif HTTP/1.1
Host: pic.szmpe.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://h4wcz8.dfdjjvef.cc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Last-Modified: Tue, 18 Feb 2025 14:47:40 GMT
Etag: "9a420607aa7a75e84771cb9bec550ba5"
Content-Type: binary/octet-stream
Date: Sat, 03 May 2025 07:52:48 GMT
x-amz-server-side-encryption: AES256
Server: nginx
X-Cache: Hit from cloudfront
X-Amz-Cf-Pop: ARN53-P2
Age: 470
Content-Length: 235680
Accept-Ranges: bytes
X-NWS-LOG-UUID: 10185068658620191598
Connection: keep-alive
X-Cache-Lookup: Cache Hit
Access-Control-Allow-Origin: *
Cache-Control: max-age=864000

GET pic.szmpe.cn/upload_01/xiao/20250121/2025012116034514816.gif

43.152.140.79

200 OK

120 kB

URL GET
pic.szmpe.cn/upload_01/xiao/20250121/2025012116034514816.gif
IP
43.152.140.79:443
ASN
#139341 ACE

Requested by
https://h4wcz8.dfdjjvef.cc/
Certificate
IssuerZeroSSL
Subject*.szmpe.cn
FingerprintE3:F1:93:B0:DA:A3:D8:9D:1B:BD:86:6C:1A:29:1C:92:88:9D:5E:E7
ValidityThu, 15 May 2025 00:00:00 GMT - Wed, 13 Aug 2025 23:59:59 GMT

File type
data
Size
120 kB (119616 bytes)
Hash
8f2d97e9d0e53c572a2a9f0148e93ce0
c3d7ba256f315331e51fe88d2f4e3e69a1a5cd5d
1d530ccb6da4d615b71fdddeb07bfb3ee34d2f30f6722c4de488b60bcc7f0589

HTTP Headers

GET /upload_01/xiao/20250121/2025012116034514816.gif HTTP/1.1
Host: pic.szmpe.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://h4wcz8.dfdjjvef.cc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Last-Modified: Tue, 21 Jan 2025 08:04:34 GMT
Etag: "8f2d97e9d0e53c572a2a9f0148e93ce0"
Content-Type: binary/octet-stream
Date: Sat, 03 May 2025 07:25:14 GMT
x-amz-server-side-encryption: AES256
Server: nginx
X-Cache: Hit from cloudfront
X-Amz-Cf-Pop: ARN53-P2
Age: 1026
Content-Length: 119616
Accept-Ranges: bytes
X-NWS-LOG-UUID: 11838814612450284422
Connection: keep-alive
X-Cache-Lookup: Cache Hit
Access-Control-Allow-Origin: *
Cache-Control: max-age=864000

GET h4wcz8.dfdjjvef.cc/usr/themes/Mirages/js/layui/css/modules/laydate/default/laydate.css?v=5.3.1

154.207.77.29

200 OK

7.4 kB

URL GET
h4wcz8.dfdjjvef.cc/usr/themes/Mirages/js/layui/css/modules/laydate/default/laydate.css?v=5.3.1
IP
154.207.77.29:443
ASN
#63888 DATAWING LIMITED

Requested by
https://h4wcz8.dfdjjvef.cc/
Certificate
IssuerCLOUDFLARE, INC.
Subjectdfdjjvef.cc
Fingerprint58:A9:EB:5F:81:E3:C9:C8:1B:A7:0C:A9:BB:17:85:27:06:6D:64:EB
ValidityTue, 08 Apr 2025 06:59:58 GMT - Mon, 07 Jul 2025 07:07:25 GMT

File type
ASCII text, with very long lines (7365), with no line terminators
Size
7.4 kB (7365 bytes)
Hash
e9078eef34fe9a44e44bdd55b48fdc55
73ef00229810ee179915661786d9b66b7fc2d568
ab9dbdf922a26509951347fcfa83704d86afd2df855c827740c23df72fd8ab3f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /usr/themes/Mirages/js/layui/css/modules/laydate/default/laydate.css?v=5.3.1 HTTP/1.1
Host: h4wcz8.dfdjjvef.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://h4wcz8.dfdjjvef.cc/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 22 May 2025 18:48:48 GMT
content-type: text/css
server: cloudflare
last-modified: Thu, 20 Jul 2023 08:30:09 GMT
vary: Accept-Encoding
etag: W/"64b8f091-1cc5"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=2,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=%2BtCrlUu7CSyOxcoWtFglM0aNn%2FsJPCuSpzcaNZuBDdDLua0VtDrMuDziPt%2BMK1p5G5RaIgWipfki%2BVPW4o7U2adrhhSkDHzRoQmazFDUkjc%3D"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 943e7d65ac2592f7-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET pic.szmpe.cn/upload_01/xiao/20250522/2025052218084264738.jpeg

43.152.140.79

200 OK

126 kB

URL GET
pic.szmpe.cn/upload_01/xiao/20250522/2025052218084264738.jpeg
IP
43.152.140.79:443
ASN
#139341 ACE

Requested by
https://h4wcz8.dfdjjvef.cc/
Certificate
IssuerZeroSSL
Subject*.szmpe.cn
FingerprintE3:F1:93:B0:DA:A3:D8:9D:1B:BD:86:6C:1A:29:1C:92:88:9D:5E:E7
ValidityThu, 15 May 2025 00:00:00 GMT - Wed, 13 Aug 2025 23:59:59 GMT

File type
data
Size
126 kB (126304 bytes)
Hash
257b65ede12239110cff566abbe83eee
1f220997dd30a43be95b57db27d933fe9ad90b03
c382c71f5f09f47b152f6df5cef99a5c0a74dec830c8644fbe9fb136aa1a6a1e

HTTP Headers

GET /upload_01/xiao/20250522/2025052218084264738.jpeg HTTP/1.1
Host: pic.szmpe.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://h4wcz8.dfdjjvef.cc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Last-Modified: Thu, 22 May 2025 12:03:16 GMT
Etag: "257b65ede12239110cff566abbe83eee"
Content-Type: binary/octet-stream
Date: Thu, 22 May 2025 12:03:34 GMT
x-amz-server-side-encryption: AES256
Server: nginx
X-Cache: Hit from cloudfront
X-Amz-Cf-Pop: ARN53-P2
Age: 1402
Content-Length: 126304
Accept-Ranges: bytes
X-NWS-LOG-UUID: 11886050991885077117
Connection: keep-alive
X-Cache-Lookup: Cache Hit
Access-Control-Allow-Origin: *

GET pic.szmpe.cn/upload_01/xiao/20241120/2024112011520066688.jpeg

43.152.140.79

200 OK

78 kB

URL GET
pic.szmpe.cn/upload_01/xiao/20241120/2024112011520066688.jpeg
IP
43.152.140.79:443
ASN
#139341 ACE

Requested by
https://h4wcz8.dfdjjvef.cc/
Certificate
IssuerZeroSSL
Subject*.szmpe.cn
FingerprintE3:F1:93:B0:DA:A3:D8:9D:1B:BD:86:6C:1A:29:1C:92:88:9D:5E:E7
ValidityThu, 15 May 2025 00:00:00 GMT - Wed, 13 Aug 2025 23:59:59 GMT

File type
data
Size
78 kB (78048 bytes)
Hash
7d6bcbe64b533effdd8fbeab77fb966d
85afb5370005b60b8c4cd36099b8f60fb66658db
a3593020a4d1b6b9e4f63662fe98a8772701393fb81770c2eca6d8319e838d42

HTTP Headers

GET /upload_01/xiao/20241120/2024112011520066688.jpeg HTTP/1.1
Host: pic.szmpe.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://h4wcz8.dfdjjvef.cc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Last-Modified: Wed, 20 Nov 2024 04:00:26 GMT
Etag: "7d6bcbe64b533effdd8fbeab77fb966d"
Content-Type: binary/octet-stream
Date: Sat, 03 May 2025 07:51:39 GMT
x-amz-server-side-encryption: AES256
Server: nginx
X-Cache: Hit from cloudfront
X-Amz-Cf-Pop: ARN53-P2
Age: 540
Content-Length: 78048
Accept-Ranges: bytes
X-NWS-LOG-UUID: 635089058589938939
Connection: keep-alive
X-Cache-Lookup: Cache Hit
Access-Control-Allow-Origin: *

GET pic.szmpe.cn/upload_01/xiao/20240904/2024090418000836571.gif

43.152.140.79

200 OK

319 kB

URL GET
pic.szmpe.cn/upload_01/xiao/20240904/2024090418000836571.gif
IP
43.152.140.79:443
ASN
#139341 ACE

Requested by
https://h4wcz8.dfdjjvef.cc/
Certificate
IssuerZeroSSL
Subject*.szmpe.cn
FingerprintE3:F1:93:B0:DA:A3:D8:9D:1B:BD:86:6C:1A:29:1C:92:88:9D:5E:E7
ValidityThu, 15 May 2025 00:00:00 GMT - Wed, 13 Aug 2025 23:59:59 GMT

File type
data
Size
319 kB (318912 bytes)
Hash
817c3b39d36dd64fafdadc6cabd73bdf
18ba1bb732c05d80cf20de83ba61ab3bd48109b4
b885979e5b5b2bd43a572b168bdb0354b8ad9f599b984b9ce95b4ebad7223265

HTTP Headers

GET /upload_01/xiao/20240904/2024090418000836571.gif HTTP/1.1
Host: pic.szmpe.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://h4wcz8.dfdjjvef.cc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Last-Modified: Wed, 04 Sep 2024 10:02:37 GMT
Etag: "817c3b39d36dd64fafdadc6cabd73bdf"
Content-Type: binary/octet-stream
Date: Sat, 03 May 2025 08:00:41 GMT
x-amz-server-side-encryption: AES256
Server: nginx
X-Cache: Miss from cloudfront
X-Amz-Cf-Pop: ARN53-P2
Content-Length: 318912
Accept-Ranges: bytes
X-NWS-LOG-UUID: 2719656077771489737
Connection: keep-alive
X-Cache-Lookup: Cache Hit
Access-Control-Allow-Origin: *
Cache-Control: max-age=864000

GET pic.szmpe.cn/upload_01/xiao/20250522/2025052215115780709.jpeg

43.152.140.79

200 OK

272 kB

URL GET
pic.szmpe.cn/upload_01/xiao/20250522/2025052215115780709.jpeg
IP
43.152.140.79:443
ASN
#139341 ACE

Requested by
https://h4wcz8.dfdjjvef.cc/
Certificate
IssuerZeroSSL
Subject*.szmpe.cn
FingerprintE3:F1:93:B0:DA:A3:D8:9D:1B:BD:86:6C:1A:29:1C:92:88:9D:5E:E7
ValidityThu, 15 May 2025 00:00:00 GMT - Wed, 13 Aug 2025 23:59:59 GMT

File type
OpenPGP Secret Key
Size
272 kB (271888 bytes)
Hash
cbc4c81dd68194b6ac7ca518728be1d8
bb9907c53c25db970fc4c3520a6a5a17384175ad
9c70a146f0e7f7ec9a0f6babb1f7c0d9ddd172d9336227b4e71a1bbf30735cf5

HTTP Headers

GET /upload_01/xiao/20250522/2025052215115780709.jpeg HTTP/1.1
Host: pic.szmpe.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://h4wcz8.dfdjjvef.cc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Last-Modified: Thu, 22 May 2025 07:12:03 GMT
Etag: "cbc4c81dd68194b6ac7ca518728be1d8"
Content-Type: binary/octet-stream
Date: Thu, 22 May 2025 09:40:40 GMT
x-amz-server-side-encryption: AES256
Server: nginx
X-Cache: Miss from cloudfront
X-Amz-Cf-Pop: ARN53-P2
Content-Length: 271888
Accept-Ranges: bytes
X-NWS-LOG-UUID: 8765254007170378220
Connection: keep-alive
X-Cache-Lookup: Cache Hit
Access-Control-Allow-Origin: *

GET pic.szmpe.cn/upload_01/xiao/20250522/2025052216263033930.jpeg

43.152.140.79

200 OK

108 kB

URL GET
pic.szmpe.cn/upload_01/xiao/20250522/2025052216263033930.jpeg
IP
43.152.140.79:443
ASN
#139341 ACE

Requested by
https://h4wcz8.dfdjjvef.cc/
Certificate
IssuerZeroSSL
Subject*.szmpe.cn
FingerprintE3:F1:93:B0:DA:A3:D8:9D:1B:BD:86:6C:1A:29:1C:92:88:9D:5E:E7
ValidityThu, 15 May 2025 00:00:00 GMT - Wed, 13 Aug 2025 23:59:59 GMT

File type
data
Size
108 kB (107856 bytes)
Hash
edc19a9184c1954ba80236d2956efcc5
b96681c0d6c7eda5fa5ed5097ac4424411bf4eda
afd2fa5dfbf4fd9c0bf539a2fe76beaac6b1f194da58f8e9757417b3f77f7eeb

HTTP Headers

GET /upload_01/xiao/20250522/2025052216263033930.jpeg HTTP/1.1
Host: pic.szmpe.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://h4wcz8.dfdjjvef.cc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Last-Modified: Thu, 22 May 2025 09:03:09 GMT
Etag: "edc19a9184c1954ba80236d2956efcc5"
Content-Type: binary/octet-stream
Date: Thu, 22 May 2025 09:15:16 GMT
x-amz-server-side-encryption: AES256
Server: nginx
X-Cache: Miss from cloudfront
X-Amz-Cf-Pop: ARN53-P2
Content-Length: 107856
Accept-Ranges: bytes
X-NWS-LOG-UUID: 2047574839431068250
Connection: keep-alive
X-Cache-Lookup: Cache Hit
Access-Control-Allow-Origin: *

GET h4wcz8.dfdjjvef.cc/usr/themes/Mirages/images/logo.png

154.207.77.29

200 OK

27 kB

URL GET
h4wcz8.dfdjjvef.cc/usr/themes/Mirages/images/logo.png
IP
154.207.77.29:443
ASN
#63888 DATAWING LIMITED

Requested by
https://h4wcz8.dfdjjvef.cc/
Certificate
IssuerCLOUDFLARE, INC.
Subjectdfdjjvef.cc
Fingerprint58:A9:EB:5F:81:E3:C9:C8:1B:A7:0C:A9:BB:17:85:27:06:6D:64:EB
ValidityTue, 08 Apr 2025 06:59:58 GMT - Mon, 07 Jul 2025 07:07:25 GMT

File type
PNG image data, 512 x 512, 8-bit colormap, non-interlaced
Size
27 kB (27422 bytes)
Hash
2248a540cf7801035550656c32a804e8
cd5918cd6bfca8688123d432de3aa1abc078279b
f0389548146799fccd44d76e7d254889b58eb6be669f58b5e04de95660c34167

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /usr/themes/Mirages/images/logo.png HTTP/1.1
Host: h4wcz8.dfdjjvef.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://h4wcz8.dfdjjvef.cc/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 22 May 2025 18:48:47 GMT
content-type: image/png
content-length: 27422
server: cloudflare
last-modified: Sat, 01 Jun 2024 07:08:50 GMT
etag: "665ac902-6b1e"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
accept-ranges: bytes
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=4,i=?0
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Z3xMYzux888qaL6zU5%2FN%2FeMmSLtG0HPwGct6Pa6BTjiSw2sP4PxNB46RN3bUKOrOBKL2ilXiiTbrRwspokyxSEUx%2FuZcorNUu2pbJeYJiSw%3D"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 943e7d5e5e5e92f7-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET h4wcz8.dfdjjvef.cc/usr/themes/Mirages/css/7.10.0/fonts/fontawesome-webfont.woff2?v=4.7.0

154.207.77.29

200 OK

77 kB

URL GET
h4wcz8.dfdjjvef.cc/usr/themes/Mirages/css/7.10.0/fonts/fontawesome-webfont.woff2?v=4.7.0
IP
154.207.77.29:443
ASN
#63888 DATAWING LIMITED

Requested by
https://h4wcz8.dfdjjvef.cc/
Certificate
IssuerCLOUDFLARE, INC.
Subjectdfdjjvef.cc
Fingerprint58:A9:EB:5F:81:E3:C9:C8:1B:A7:0C:A9:BB:17:85:27:06:6D:64:EB
ValidityTue, 08 Apr 2025 06:59:58 GMT - Mon, 07 Jul 2025 07:07:25 GMT

File type
Web Open Font Format (Version 2), TrueType, length 77160, version 4.459
Size
77 kB (77160 bytes)
Hash
af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /usr/themes/Mirages/css/7.10.0/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: h4wcz8.dfdjjvef.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://h4wcz8.dfdjjvef.cc/usr/themes/Mirages/css/7.10.0/mirages.min.css?v=14
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 22 May 2025 18:48:48 GMT
content-type: font/woff2
content-length: 77160
server: cloudflare
last-modified: Thu, 20 Jul 2023 08:30:09 GMT
etag: "64b8f091-12d68"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=4,i=?0
accept-ranges: bytes
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=wfSK9jiOTlTF%2F0dFfKVxQ%2B%2Bt%2Fod3T%2FsvQydSlD7vhjfFnSfeVpf%2BetUMHeDUBBYWuvxoNXqmh7Wc1dMh3037yF9557XCyxCGUhsV%2BuMAmuI%3D"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 943e7d62e9ed92f7-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET pic.szmpe.cn/upload_01/xiao/20250519/2025051922503286401.jpeg

43.152.140.79

200 OK

109 kB

URL GET
pic.szmpe.cn/upload_01/xiao/20250519/2025051922503286401.jpeg
IP
43.152.140.79:443
ASN
#139341 ACE

Requested by
https://h4wcz8.dfdjjvef.cc/
Certificate
IssuerZeroSSL
Subject*.szmpe.cn
FingerprintE3:F1:93:B0:DA:A3:D8:9D:1B:BD:86:6C:1A:29:1C:92:88:9D:5E:E7
ValidityThu, 15 May 2025 00:00:00 GMT - Wed, 13 Aug 2025 23:59:59 GMT

File type
data
Size
109 kB (109200 bytes)
Hash
9be559d46c22fd13050f171e784ad1b3
91f6ba6e0b799c5f7d21872ae44fa82f11bc9907
eb2f1bca2ccab36bf731cb440a37d7400629cc53e63aff3a0c8868ad81f0132d

HTTP Headers

GET /upload_01/xiao/20250519/2025051922503286401.jpeg HTTP/1.1
Host: pic.szmpe.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://h4wcz8.dfdjjvef.cc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Last-Modified: Tue, 20 May 2025 03:01:44 GMT
Etag: "9be559d46c22fd13050f171e784ad1b3"
Content-Type: binary/octet-stream
Date: Tue, 20 May 2025 03:06:58 GMT
x-amz-server-side-encryption: AES256
Server: nginx
X-Cache: Hit from cloudfront
X-Amz-Cf-Pop: ARN53-P2
Age: 600
Content-Length: 109200
Accept-Ranges: bytes
X-NWS-LOG-UUID: 4075644795764566306
Connection: keep-alive
X-Cache-Lookup: Cache Hit
Access-Control-Allow-Origin: *

GET pic.szmpe.cn/upload_01/xiao/20250522/2025052215062997503.jpeg

43.152.140.79

200 OK

281 kB

URL GET
pic.szmpe.cn/upload_01/xiao/20250522/2025052215062997503.jpeg
IP
43.152.140.79:443
ASN
#139341 ACE

Requested by
https://h4wcz8.dfdjjvef.cc/
Certificate
IssuerZeroSSL
Subject*.szmpe.cn
FingerprintE3:F1:93:B0:DA:A3:D8:9D:1B:BD:86:6C:1A:29:1C:92:88:9D:5E:E7
ValidityThu, 15 May 2025 00:00:00 GMT - Wed, 13 Aug 2025 23:59:59 GMT

File type
data
Size
281 kB (280752 bytes)
Hash
e90203252cddbed44cd562ffb82655e7
dc5b8c02253c844025c2593537d44f8af859f2b7
912033a1ad556b19982c35756477fd988dc0c5d917b4cc6649632aef75282277

HTTP Headers

GET /upload_01/xiao/20250522/2025052215062997503.jpeg HTTP/1.1
Host: pic.szmpe.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://h4wcz8.dfdjjvef.cc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Last-Modified: Thu, 22 May 2025 07:06:33 GMT
Etag: "e90203252cddbed44cd562ffb82655e7"
Content-Type: binary/octet-stream
Date: Thu, 22 May 2025 11:12:02 GMT
x-amz-server-side-encryption: AES256
Server: nginx
X-Cache: Hit from cloudfront
X-Amz-Cf-Pop: ARN53-P2
Age: 6
Content-Length: 280752
Accept-Ranges: bytes
X-NWS-LOG-UUID: 11289458435417407548
Connection: keep-alive
X-Cache-Lookup: Cache Hit
Access-Control-Allow-Origin: *

GET pic.szmpe.cn/upload_01/xiao/20250522/2025052212510227105.jpeg

43.152.140.79

200 OK

126 kB

URL GET
pic.szmpe.cn/upload_01/xiao/20250522/2025052212510227105.jpeg
IP
43.152.140.79:443
ASN
#139341 ACE

Requested by
https://h4wcz8.dfdjjvef.cc/
Certificate
IssuerZeroSSL
Subject*.szmpe.cn
FingerprintE3:F1:93:B0:DA:A3:D8:9D:1B:BD:86:6C:1A:29:1C:92:88:9D:5E:E7
ValidityThu, 15 May 2025 00:00:00 GMT - Wed, 13 Aug 2025 23:59:59 GMT

File type
data
Size
126 kB (125968 bytes)
Hash
6678d13f929c324f21372058b5de2f30
f5b65ff35b499afdde17a4341106a180aecd45e5
5d1cf40494410ee9dcf86e4adf33a11805db918ffbfc4398d7a504a13b9a6ad6

HTTP Headers

GET /upload_01/xiao/20250522/2025052212510227105.jpeg HTTP/1.1
Host: pic.szmpe.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://h4wcz8.dfdjjvef.cc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Last-Modified: Thu, 22 May 2025 14:00:10 GMT
Etag: "6678d13f929c324f21372058b5de2f30"
Content-Type: binary/octet-stream
Date: Thu, 22 May 2025 14:29:10 GMT
x-amz-server-side-encryption: AES256
Server: nginx
X-Cache: Miss from cloudfront
X-Amz-Cf-Pop: ARN53-P2
Content-Length: 125968
Accept-Ranges: bytes
X-NWS-LOG-UUID: 3466779016359644893
Connection: keep-alive
X-Cache-Lookup: Cache Hit
Access-Control-Allow-Origin: *

GET pic.szmpe.cn/upload/xiao/20240329/2024032922285615483.gif

43.152.140.79

200 OK

278 kB

URL GET
pic.szmpe.cn/upload/xiao/20240329/2024032922285615483.gif
IP
43.152.140.79:443
ASN
#139341 ACE

Requested by
https://h4wcz8.dfdjjvef.cc/
Certificate
IssuerZeroSSL
Subject*.szmpe.cn
FingerprintE3:F1:93:B0:DA:A3:D8:9D:1B:BD:86:6C:1A:29:1C:92:88:9D:5E:E7
ValidityThu, 15 May 2025 00:00:00 GMT - Wed, 13 Aug 2025 23:59:59 GMT

File type
OpenPGP Public Key
Size
278 kB (277712 bytes)
Hash
17bd525bcea23353e7dfd91487c88332
b9fb71b0b7b90e4afdb6c64c6f82ba97d090aed1
bb48383b7ae1e50e65d24d4bd2e7f811d0d577085008f7e8697dd31016771c44

HTTP Headers

GET /upload/xiao/20240329/2024032922285615483.gif HTTP/1.1
Host: pic.szmpe.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://h4wcz8.dfdjjvef.cc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Last-Modified: Fri, 29 Mar 2024 14:29:39 GMT
Etag: "17bd525bcea23353e7dfd91487c88332"
Content-Type: binary/octet-stream
Date: Sat, 03 May 2025 07:52:47 GMT
x-amz-server-side-encryption: AES256
Server: nginx
X-Cache: Hit from cloudfront
X-Amz-Cf-Pop: ARN53-P2
Age: 451
Content-Length: 277712
Accept-Ranges: bytes
X-NWS-LOG-UUID: 13442665334816021545
Connection: keep-alive
X-Cache-Lookup: Cache Hit
Access-Control-Allow-Origin: *
Cache-Control: max-age=864000

GET pic.szmpe.cn/upload_01/xiao/20241227/2024122711455819577.gif

43.152.140.79

200 OK

380 kB

URL GET
pic.szmpe.cn/upload_01/xiao/20241227/2024122711455819577.gif
IP
43.152.140.79:443
ASN
#139341 ACE

Requested by
https://h4wcz8.dfdjjvef.cc/
Certificate
IssuerZeroSSL
Subject*.szmpe.cn
FingerprintE3:F1:93:B0:DA:A3:D8:9D:1B:BD:86:6C:1A:29:1C:92:88:9D:5E:E7
ValidityThu, 15 May 2025 00:00:00 GMT - Wed, 13 Aug 2025 23:59:59 GMT

File type
data
Size
380 kB (380016 bytes)
Hash
6b4b4b53ed1dc36f0828c5b4d920ee19
d7ac16a4efcd68500b24311fb2a4ae50a771f67c
0bbece00aaf3c05a03d6d2d7f7f36ce76afc4914431d62852f16665f569d8653

HTTP Headers

GET /upload_01/xiao/20241227/2024122711455819577.gif HTTP/1.1
Host: pic.szmpe.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://h4wcz8.dfdjjvef.cc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Last-Modified: Fri, 27 Dec 2024 03:46:24 GMT
Etag: "6b4b4b53ed1dc36f0828c5b4d920ee19"
Content-Type: binary/octet-stream
Date: Sat, 03 May 2025 07:25:10 GMT
x-amz-server-side-encryption: AES256
Server: nginx
X-Cache: Hit from cloudfront
X-Amz-Cf-Pop: ARN53-P2
Age: 1029
Content-Length: 380016
Accept-Ranges: bytes
X-NWS-LOG-UUID: 7774706192039072929
Connection: keep-alive
X-Cache-Lookup: Cache Hit
Access-Control-Allow-Origin: *
Cache-Control: max-age=864000

GET pic.szmpe.cn/upload/xiao/20240111/2024011121241193345.gif

43.152.140.79

200 OK

359 kB

URL GET
pic.szmpe.cn/upload/xiao/20240111/2024011121241193345.gif
IP
43.152.140.79:443
ASN
#139341 ACE

Requested by
https://h4wcz8.dfdjjvef.cc/
Certificate
IssuerZeroSSL
Subject*.szmpe.cn
FingerprintE3:F1:93:B0:DA:A3:D8:9D:1B:BD:86:6C:1A:29:1C:92:88:9D:5E:E7
ValidityThu, 15 May 2025 00:00:00 GMT - Wed, 13 Aug 2025 23:59:59 GMT

File type
data
Size
359 kB (358832 bytes)
Hash
ca9fcac5a4e77a9ad47f653a70142fa3
79bb0d1a8795ac4ed783df97b75cea97c964c2d9
e0f9bc261530c5c9ca91769d60106bd54c9d6285aef851806cec19d58f9f1ae6

HTTP Headers

GET /upload/xiao/20240111/2024011121241193345.gif HTTP/1.1
Host: pic.szmpe.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://h4wcz8.dfdjjvef.cc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Last-Modified: Thu, 11 Jan 2024 13:36:29 GMT
Etag: "ca9fcac5a4e77a9ad47f653a70142fa3"
Content-Type: binary/octet-stream
Date: Sat, 03 May 2025 07:49:00 GMT
x-amz-server-side-encryption: AES256
Server: nginx
X-Cache: Hit from cloudfront
X-Amz-Cf-Pop: ARN53-P2
Age: 711
Content-Length: 358832
Accept-Ranges: bytes
X-NWS-LOG-UUID: 3539676236258485655
Connection: keep-alive
X-Cache-Lookup: Cache Hit
Access-Control-Allow-Origin: *
Cache-Control: max-age=864000

GET h4wcz8.dfdjjvef.cc/usr/themes/Mirages/css/7.10.0/common.css?v=1

154.207.77.29

200 OK

1.6 kB

URL GET
h4wcz8.dfdjjvef.cc/usr/themes/Mirages/css/7.10.0/common.css?v=1
IP
154.207.77.29:443
ASN
#63888 DATAWING LIMITED

Requested by
https://h4wcz8.dfdjjvef.cc/
Certificate
IssuerCLOUDFLARE, INC.
Subjectdfdjjvef.cc
Fingerprint58:A9:EB:5F:81:E3:C9:C8:1B:A7:0C:A9:BB:17:85:27:06:6D:64:EB
ValidityTue, 08 Apr 2025 06:59:58 GMT - Mon, 07 Jul 2025 07:07:25 GMT

File type
ASCII text
Size
1.6 kB (1640 bytes)
Hash
00be8e039743f2e36cb30959527c2f8f
782567bb282f5f9bce969988a1d2c5bd91fd1c29
c7052e95915c5a29b19cf31853919863627bd65eb2b92e165d1fee8bfb0136ae

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /usr/themes/Mirages/css/7.10.0/common.css?v=1 HTTP/1.1
Host: h4wcz8.dfdjjvef.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://h4wcz8.dfdjjvef.cc/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 22 May 2025 18:48:47 GMT
content-type: text/css
server: cloudflare
last-modified: Mon, 13 May 2024 14:46:52 GMT
vary: Accept-Encoding
etag: W/"664227dc-668"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=2,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=s5JfH72Zlu8C4wWEHtKbj9zFSU2bVqLhIdirw14N8y%2Bm99vRoeWR0VnyzlK8Nd1YUjz%2B20yQy89AVxOle7OMfE%2FPK%2F63La8yv0M47cJeDp8%3D"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 943e7d5e4e5392f7-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET h4wcz8.dfdjjvef.cc/usr/plugins/ArtPlayer/assets/hls.min.js

154.207.77.29

200 OK

214 kB

URL GET
h4wcz8.dfdjjvef.cc/usr/plugins/ArtPlayer/assets/hls.min.js
IP
154.207.77.29:443
ASN
#63888 DATAWING LIMITED

Requested by
https://h4wcz8.dfdjjvef.cc/
Certificate
IssuerCLOUDFLARE, INC.
Subjectdfdjjvef.cc
Fingerprint58:A9:EB:5F:81:E3:C9:C8:1B:A7:0C:A9:BB:17:85:27:06:6D:64:EB
ValidityTue, 08 Apr 2025 06:59:58 GMT - Mon, 07 Jul 2025 07:07:25 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
214 kB (213559 bytes)
Hash
e1983d10d9d03c12e99550b2bceef13a
286c1382b0805e3bc08fae96d27737f8ac45e1bf
8df32db012dbcdb5c730495789f026e3eb2f331376eecde77c7eb692708ddc0b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /usr/plugins/ArtPlayer/assets/hls.min.js HTTP/1.1
Host: h4wcz8.dfdjjvef.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://h4wcz8.dfdjjvef.cc/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 22 May 2025 18:48:47 GMT
content-type: application/javascript
server: cloudflare
last-modified: Wed, 28 Feb 2024 06:47:04 GMT
vary: Accept-Encoding
etag: W/"65ded6e8-34237"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=3,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=yyKxIuDGHsPiOvm2ekaajc%2FpULL2Rlos9H5LAfg8V5XC5cLPFdCREXjPRbu0FJJ7d0fz4rHvMov7skeRHz9IVkc3p6%2F48IgRdrbiO%2BUMr1w%3D"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 943e7d5e6e6592f7-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET pic.szmpe.cn/upload_01/xiao/20250522/2025052214592287013.jpeg

43.152.140.79

200 OK

163 kB

URL GET
pic.szmpe.cn/upload_01/xiao/20250522/2025052214592287013.jpeg
IP
43.152.140.79:443
ASN
#139341 ACE

Requested by
https://h4wcz8.dfdjjvef.cc/
Certificate
IssuerZeroSSL
Subject*.szmpe.cn
FingerprintE3:F1:93:B0:DA:A3:D8:9D:1B:BD:86:6C:1A:29:1C:92:88:9D:5E:E7
ValidityThu, 15 May 2025 00:00:00 GMT - Wed, 13 Aug 2025 23:59:59 GMT

File type
data
Size
163 kB (162928 bytes)
Hash
c968a0f466408f66e05b1def5246725d
d88ca9398bd88e40fc2c48f376d1497276416335
fce97e1eb74adbb1ffae26880a6582868a5e427736432fe62eaa8eec12d745bd

HTTP Headers

GET /upload_01/xiao/20250522/2025052214592287013.jpeg HTTP/1.1
Host: pic.szmpe.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://h4wcz8.dfdjjvef.cc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Last-Modified: Thu, 22 May 2025 08:00:09 GMT
Etag: "c968a0f466408f66e05b1def5246725d"
Content-Type: binary/octet-stream
Date: Thu, 22 May 2025 08:10:59 GMT
x-amz-server-side-encryption: AES256
Server: nginx
X-Cache: Hit from cloudfront
X-Amz-Cf-Pop: ARN53-P2
Age: 305
Content-Length: 162928
Accept-Ranges: bytes
X-NWS-LOG-UUID: 10857726086836772154
Connection: keep-alive
X-Cache-Lookup: Cache Hit
Access-Control-Allow-Origin: *

GET pic.szmpe.cn/upload/xiao/20240525/2024052517153084188.gif

43.152.140.79

200 OK

184 kB

URL GET
pic.szmpe.cn/upload/xiao/20240525/2024052517153084188.gif
IP
43.152.140.79:443
ASN
#139341 ACE

Requested by
https://h4wcz8.dfdjjvef.cc/
Certificate
IssuerZeroSSL
Subject*.szmpe.cn
FingerprintE3:F1:93:B0:DA:A3:D8:9D:1B:BD:86:6C:1A:29:1C:92:88:9D:5E:E7
ValidityThu, 15 May 2025 00:00:00 GMT - Wed, 13 Aug 2025 23:59:59 GMT

File type
data
Size
184 kB (183808 bytes)
Hash
38d4d066deb53d20ddf5d2cce80114b2
3968c00d4419d1ded76d6ddc9c456e94b44bd3b8
ee0f0f4e52d06261a4916ccb3783014fb88a57ecd2f6ae75996ca0014c24bb78

HTTP Headers

GET /upload/xiao/20240525/2024052517153084188.gif HTTP/1.1
Host: pic.szmpe.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://h4wcz8.dfdjjvef.cc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Last-Modified: Sat, 25 May 2024 09:16:00 GMT
Etag: "38d4d066deb53d20ddf5d2cce80114b2"
Content-Type: binary/octet-stream
Date: Sat, 03 May 2025 07:25:10 GMT
x-amz-server-side-encryption: AES256
Server: nginx
X-Cache: Hit from cloudfront
X-Amz-Cf-Pop: ARN53-P2
Age: 1030
Content-Length: 183808
Accept-Ranges: bytes
X-NWS-LOG-UUID: 5385176317042595492
Connection: keep-alive
X-Cache-Lookup: Cache Hit
Access-Control-Allow-Origin: *
Cache-Control: max-age=864000

GET h4wcz8.dfdjjvef.cc/usr/themes/Mirages/js/layui/css/modules/code.css?v=2

154.207.77.29

200 OK

1.3 kB

URL GET
h4wcz8.dfdjjvef.cc/usr/themes/Mirages/js/layui/css/modules/code.css?v=2
IP
154.207.77.29:443
ASN
#63888 DATAWING LIMITED

Requested by
https://h4wcz8.dfdjjvef.cc/
Certificate
IssuerCLOUDFLARE, INC.
Subjectdfdjjvef.cc
Fingerprint58:A9:EB:5F:81:E3:C9:C8:1B:A7:0C:A9:BB:17:85:27:06:6D:64:EB
ValidityTue, 08 Apr 2025 06:59:58 GMT - Mon, 07 Jul 2025 07:07:25 GMT

File type
ASCII text, with very long lines (1319), with no line terminators
Size
1.3 kB (1319 bytes)
Hash
986d0d70b033a195fc1bd1527b06993b
69ea79bb09bddd3b988db70ef8b10be9ed0f0065
3f27194c2e479212781a76f993b778d724ac9838e780b19472c0357cd3081431

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /usr/themes/Mirages/js/layui/css/modules/code.css?v=2 HTTP/1.1
Host: h4wcz8.dfdjjvef.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://h4wcz8.dfdjjvef.cc/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 22 May 2025 18:48:48 GMT
content-type: text/css
server: cloudflare
last-modified: Thu, 20 Jul 2023 08:30:09 GMT
vary: Accept-Encoding
etag: W/"64b8f091-527"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=2,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=rIPDhjr1rbfKImBkQeDPhHYlzhUlK%2F4iU6nQHnFR7dk4lzOucUH7%2FrzYZwTB7jlh5bboDfyl9rXwny3JpC8QkBptB%2BjcmDe1kF5hDXcrVy8%3D"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 943e7d65ac2a92f7-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET h4wcz8.dfdjjvef.cc/usr/plugins/ArtPlayer/assets/artplayer-plugin-danmuku.js

154.207.77.29

200 OK

38 kB

URL GET
h4wcz8.dfdjjvef.cc/usr/plugins/ArtPlayer/assets/artplayer-plugin-danmuku.js
IP
154.207.77.29:443
ASN
#63888 DATAWING LIMITED

Requested by
https://h4wcz8.dfdjjvef.cc/
Certificate
IssuerCLOUDFLARE, INC.
Subjectdfdjjvef.cc
Fingerprint58:A9:EB:5F:81:E3:C9:C8:1B:A7:0C:A9:BB:17:85:27:06:6D:64:EB
ValidityTue, 08 Apr 2025 06:59:58 GMT - Mon, 07 Jul 2025 07:07:25 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (38061)
Size
38 kB (38472 bytes)
Hash
af6ebefd72beaf5df997dcfa1617f500
cfe60f8d100c4b2d9fed7d389d312e19f3bbbd66
601e4b7c791843c856be875a5c43eb12bef5b8b4462aacb480cee8c4b1bdd120

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /usr/plugins/ArtPlayer/assets/artplayer-plugin-danmuku.js HTTP/1.1
Host: h4wcz8.dfdjjvef.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://h4wcz8.dfdjjvef.cc/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 22 May 2025 18:48:47 GMT
content-type: application/javascript
server: cloudflare
last-modified: Wed, 28 Feb 2024 06:47:04 GMT
vary: Accept-Encoding
etag: W/"65ded6e8-9648"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=3,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=axilV3xZ5cxC6VzHKBz7kgWQy47%2BaWmlFWsAaLVopmVG9FGag4aPuLuQ9XhVBteEN8pJbzH%2Bt2PcQ58JiGI9GQIroIYq0tztWUkRTR59mO0%3D"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 943e7d5edece92f7-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET pic.szmpe.cn/upload_01/xiao/20250522/2025052222384949619.gif

43.152.140.79

200 OK

28 kB

URL GET
pic.szmpe.cn/upload_01/xiao/20250522/2025052222384949619.gif
IP
43.152.140.79:443
ASN
#139341 ACE

Requested by
https://h4wcz8.dfdjjvef.cc/
Certificate
IssuerZeroSSL
Subject*.szmpe.cn
FingerprintE3:F1:93:B0:DA:A3:D8:9D:1B:BD:86:6C:1A:29:1C:92:88:9D:5E:E7
ValidityThu, 15 May 2025 00:00:00 GMT - Wed, 13 Aug 2025 23:59:59 GMT

File type
data
Size
28 kB (28224 bytes)
Hash
afc3b9b69e769541d34534d30d37a6ef
33b8aae6b838cb8df7110c2debb00fdd8d766341
b422a629b10923bc29db5cf1a6488a50e046617a51c9cecfb58ab89848f332f2

HTTP Headers

GET /upload_01/xiao/20250522/2025052222384949619.gif HTTP/1.1
Host: pic.szmpe.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://h4wcz8.dfdjjvef.cc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Last-Modified: Thu, 22 May 2025 14:39:26 GMT
Etag: "afc3b9b69e769541d34534d30d37a6ef"
Content-Type: binary/octet-stream
Date: Thu, 22 May 2025 14:45:37 GMT
x-amz-server-side-encryption: AES256
Server: nginx
X-Cache: Miss from cloudfront
X-Amz-Cf-Pop: ARN53-P2
Content-Length: 28224
Accept-Ranges: bytes
X-NWS-LOG-UUID: 7567726041445849400
Connection: keep-alive
X-Cache-Lookup: Cache Hit
Access-Control-Allow-Origin: *
Cache-Control: max-age=864000

GET h4wcz8.dfdjjvef.cc/usr/themes/ads-close.png

154.207.77.29

200 OK

1.4 kB

URL GET
h4wcz8.dfdjjvef.cc/usr/themes/ads-close.png
IP
154.207.77.29:443
ASN
#63888 DATAWING LIMITED

Requested by
https://h4wcz8.dfdjjvef.cc/
Certificate
IssuerCLOUDFLARE, INC.
Subjectdfdjjvef.cc
Fingerprint58:A9:EB:5F:81:E3:C9:C8:1B:A7:0C:A9:BB:17:85:27:06:6D:64:EB
ValidityTue, 08 Apr 2025 06:59:58 GMT - Mon, 07 Jul 2025 07:07:25 GMT

File type
PNG image data, 129 x 129, 8-bit colormap, non-interlaced
Size
1.4 kB (1443 bytes)
Hash
1840e82f933a7c08af8408edfc255011
97006c40ff1f99238f8c3df3c98826ab2ca8eea2
ca85e50e73e0552ea9467c120d2221c68cb29d5c30a4ab54b8ef6ea7330afc19

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /usr/themes/ads-close.png HTTP/1.1
Host: h4wcz8.dfdjjvef.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://h4wcz8.dfdjjvef.cc/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 22 May 2025 18:48:48 GMT
content-type: image/png
content-length: 1443
server: cloudflare
last-modified: Thu, 20 Jul 2023 08:30:09 GMT
etag: "64b8f091-5a3"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=4,i=?0
accept-ranges: bytes
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=g5Ju%2BDIA%2Fn%2F6H7w3HYw%2F3ipKs61CaOKx8B0NCeweg%2BCGBM2qjs6Ib%2B%2Fj46rpX0dDtuOUUvLAOQ9YJoWa3Giz24Qsexd7wcsVB4sWINJWD9Q%3D"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 943e7d665cc892f7-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET www.googletagmanager.com/gtag/js?id=G-10JG7H60P0&l=dataLayer&cx=c&gtm=45je54p1v9218846652za204&tag_exp=102887800~103051953~103077950~103106314~103106316~103116026~103200004

142.250.74.168

200 OK

385 kB

URL GET
www.googletagmanager.com/gtag/js?id=G-10JG7H60P0&l=dataLayer&cx=c&gtm=45je54p1v9218846652za204&tag_exp=102887800~103051953~103077950~103106314~103106316~103116026~103200004
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://h4wcz8.dfdjjvef.cc/
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint02:7D:56:C0:B9:20:0C:27:A4:AC:B9:8F:9D:45:1D:85:2A:30:50:AD
ValidityMon, 21 Apr 2025 08:40:41 GMT - Mon, 14 Jul 2025 08:40:40 GMT

File type
JavaScript source, ASCII text, with very long lines (6125)
Size
385 kB (384898 bytes)
Hash
3e203ea5eeb05a078cd89a245c2fd706
dba4a8490386837a1184bbd044dec7042b13e9aa
86dccf6bf23367aeee155e99882471753a6196eb361505d25ce8f7e026c056b9

HTTP Headers

GET /gtag/js?id=G-10JG7H60P0&l=dataLayer&cx=c&gtm=45je54p1v9218846652za204&tag_exp=102887800~103051953~103077950~103106314~103106316~103116026~103200004 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 22 May 2025 18:48:49 GMT
expires: Thu, 22 May 2025 18:48:49 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1075:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1075:0
report-to: {"group":"ascgcycc:1075:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1075:0"}],}
server: Google Tag Manager
content-length: 128698
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET h4wcz8.dfdjjvef.cc/usr/themes/Mirages/js/layui/layui.js

154.207.77.29

200 OK

291 kB

URL GET
h4wcz8.dfdjjvef.cc/usr/themes/Mirages/js/layui/layui.js
IP
154.207.77.29:443
ASN
#63888 DATAWING LIMITED

Requested by
https://h4wcz8.dfdjjvef.cc/
Certificate
IssuerCLOUDFLARE, INC.
Subjectdfdjjvef.cc
Fingerprint58:A9:EB:5F:81:E3:C9:C8:1B:A7:0C:A9:BB:17:85:27:06:6D:64:EB
ValidityTue, 08 Apr 2025 06:59:58 GMT - Mon, 07 Jul 2025 07:07:25 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
291 kB (291286 bytes)
Hash
70ed0e8151d23de969de514bfd802a56
569e6c1b0ac0b8efaa7dc0015b691334947a9665
92c7997b3dce6ab2368b1bdb34ff4b67ac77957898a126c7eba452a8080bec95

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /usr/themes/Mirages/js/layui/layui.js HTTP/1.1
Host: h4wcz8.dfdjjvef.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://h4wcz8.dfdjjvef.cc/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 22 May 2025 18:48:47 GMT
content-type: application/javascript
server: cloudflare
last-modified: Thu, 20 Jul 2023 08:30:09 GMT
vary: Accept-Encoding
etag: W/"64b8f091-471d6"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=3,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=FiDYL8NBzJE9ce3trraXx74CHqrJJfU7bFR%2FGVCLt7yiFzO3vSUGmzFT%2FcqRVLO52P0XfjbRUEe7Tf7emjA6TWh7dRvX3qURxqfJGcRDGlA%3D"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 943e7d5eded192f7-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET h4wcz8.dfdjjvef.cc/

154.207.77.29

200 OK

151 kB

URL User Request GET
h4wcz8.dfdjjvef.cc/
IP
154.207.77.29:443
ASN
#63888 DATAWING LIMITED

Certificate
IssuerCLOUDFLARE, INC.
Subjectdfdjjvef.cc
Fingerprint58:A9:EB:5F:81:E3:C9:C8:1B:A7:0C:A9:BB:17:85:27:06:6D:64:EB
ValidityTue, 08 Apr 2025 06:59:58 GMT - Mon, 07 Jul 2025 07:07:25 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (1599)
Size
151 kB (150997 bytes)
Hash
468a56f4a330813b570964d8912871a3
c55266ad9a48d9dfb800fd6f05f5a42dd8bca61e
ff67ad03a6d4bb0cdbe65c22f646c09a02708ed238595a64a28bf9e8f990e7cd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: h4wcz8.dfdjjvef.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 22 May 2025 18:48:46 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
vary: Accept-Encoding
ya-status: hit
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=MVfZyLqySrZi%2BepNT3ies0D%2FJAxpeJK0570RQ60JqyMkEwnh9LjkGGkVFv5NB612LeSqKhDHQy%2FKqDNQhxlfHBzH4XJO48lIO7tfnW5Ki5s%3D"}]}
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-encoding: br
cf-ray: 943e7d593d438f57-CPH
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET pic.szmpe.cn/upload_01/xiao/20250208/2025020817404076240.gif

43.152.140.79

200 OK

232 kB

URL GET
pic.szmpe.cn/upload_01/xiao/20250208/2025020817404076240.gif
IP
43.152.140.79:443
ASN
#139341 ACE

Requested by
https://h4wcz8.dfdjjvef.cc/
Certificate
IssuerZeroSSL
Subject*.szmpe.cn
FingerprintE3:F1:93:B0:DA:A3:D8:9D:1B:BD:86:6C:1A:29:1C:92:88:9D:5E:E7
ValidityThu, 15 May 2025 00:00:00 GMT - Wed, 13 Aug 2025 23:59:59 GMT

File type
data
Size
232 kB (232416 bytes)
Hash
1413214b9f057912cae4790eb52077bc
d6b1ede68433cb5f94883d76f94cfed06c54f0d4
90278268b0b6ef60ce29fa1dd68ccd9f0f06fcf93ca0da384886d427a96fde2c

HTTP Headers

GET /upload_01/xiao/20250208/2025020817404076240.gif HTTP/1.1
Host: pic.szmpe.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://h4wcz8.dfdjjvef.cc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Last-Modified: Sat, 08 Feb 2025 09:44:18 GMT
Etag: "1413214b9f057912cae4790eb52077bc"
Content-Type: binary/octet-stream
Date: Sat, 03 May 2025 07:52:48 GMT
x-amz-server-side-encryption: AES256
Server: nginx
X-Cache: Hit from cloudfront
X-Amz-Cf-Pop: ARN53-P2
Age: 452
Content-Length: 232416
Accept-Ranges: bytes
X-NWS-LOG-UUID: 13798608955247061517
Connection: keep-alive
X-Cache-Lookup: Cache Hit
Access-Control-Allow-Origin: *
Cache-Control: max-age=864000

GET pic.szmpe.cn/upload_01/xiao/20250228/2025022817522059581.jpeg

43.152.140.79

200 OK

79 kB

URL GET
pic.szmpe.cn/upload_01/xiao/20250228/2025022817522059581.jpeg
IP
43.152.140.79:443
ASN
#139341 ACE

Requested by
https://h4wcz8.dfdjjvef.cc/
Certificate
IssuerZeroSSL
Subject*.szmpe.cn
FingerprintE3:F1:93:B0:DA:A3:D8:9D:1B:BD:86:6C:1A:29:1C:92:88:9D:5E:E7
ValidityThu, 15 May 2025 00:00:00 GMT - Wed, 13 Aug 2025 23:59:59 GMT

File type
data
Size
79 kB (78704 bytes)
Hash
0dcb43d6da902309a3bf57bdbc63c8ec
7e29673af8ad835f7c69327c91e5e698b6f140cf
7ddc704d9e446aa312bf2be16083efe2970d9d91c6b053c9e29dfb2a6cd62547

HTTP Headers

GET /upload_01/xiao/20250228/2025022817522059581.jpeg HTTP/1.1
Host: pic.szmpe.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://h4wcz8.dfdjjvef.cc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Last-Modified: Fri, 28 Feb 2025 10:02:52 GMT
Etag: "0dcb43d6da902309a3bf57bdbc63c8ec"
Content-Type: binary/octet-stream
Date: Sat, 03 May 2025 07:42:18 GMT
x-amz-server-side-encryption: AES256
Server: nginx
X-Cache: Miss from cloudfront
X-Amz-Cf-Pop: ARN53-P2
Content-Length: 78704
Accept-Ranges: bytes
X-NWS-LOG-UUID: 1683367350382254717
Connection: keep-alive
X-Cache-Lookup: Cache Hit
Access-Control-Allow-Origin: *

GET h4wcz8.dfdjjvef.cc/usr/themes/Mirages//images/nav.png

154.207.77.29

200 OK

140 B

URL GET
h4wcz8.dfdjjvef.cc/usr/themes/Mirages//images/nav.png
IP
154.207.77.29:443
ASN
#63888 DATAWING LIMITED

Requested by
https://h4wcz8.dfdjjvef.cc/
Certificate
IssuerCLOUDFLARE, INC.
Subjectdfdjjvef.cc
Fingerprint58:A9:EB:5F:81:E3:C9:C8:1B:A7:0C:A9:BB:17:85:27:06:6D:64:EB
ValidityTue, 08 Apr 2025 06:59:58 GMT - Mon, 07 Jul 2025 07:07:25 GMT

File type
PNG image data, 52 x 46, 1-bit colormap, non-interlaced
Size
140 B (140 bytes)
Hash
ee992afad40318e8a12dcb4d8df62e7a
39f5062870126424b00d9cc7d239d1cd822204e9
166ec5c5a339b08de7b2c6208350d7ba96ab4d07ef001b31daa624ed5505ecda

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /usr/themes/Mirages//images/nav.png HTTP/1.1
Host: h4wcz8.dfdjjvef.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://h4wcz8.dfdjjvef.cc/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 22 May 2025 18:48:47 GMT
content-type: image/png
content-length: 140
server: cloudflare
last-modified: Wed, 12 Jun 2024 08:28:15 GMT
etag: "66695c1f-8c"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
accept-ranges: bytes
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=4,i=?0
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=CmuzUcnLNInW28oobd9k36ZspFY3bGXY1viqDpdxKmsKDYK2IXEivKXrDuSMmx9kNTngoAlKqRUDciiltu1Ycv%2BLcnX7%2FDRvUTAjrNSwKH4%3D"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 943e7d5e5e5992f7-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET h4wcz8.dfdjjvef.cc/usr/plugins/ArtPlayer/assets/artplayer.min.js

154.207.77.29

200 OK

154 kB

URL GET
h4wcz8.dfdjjvef.cc/usr/plugins/ArtPlayer/assets/artplayer.min.js
IP
154.207.77.29:443
ASN
#63888 DATAWING LIMITED

Requested by
https://h4wcz8.dfdjjvef.cc/
Certificate
IssuerCLOUDFLARE, INC.
Subjectdfdjjvef.cc
Fingerprint58:A9:EB:5F:81:E3:C9:C8:1B:A7:0C:A9:BB:17:85:27:06:6D:64:EB
ValidityTue, 08 Apr 2025 06:59:58 GMT - Mon, 07 Jul 2025 07:07:25 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65136)
Size
154 kB (154222 bytes)
Hash
bf6184a42c1e097cfbcc90b3bd9eb93a
0553922c5dcd5c5271efea9890056be502d7bcaf
14b48845f4a9ec6f295ae579648a8404674b273833019560ae2f369682f56121

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /usr/plugins/ArtPlayer/assets/artplayer.min.js HTTP/1.1
Host: h4wcz8.dfdjjvef.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://h4wcz8.dfdjjvef.cc/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 22 May 2025 18:48:47 GMT
content-type: application/javascript
server: cloudflare
last-modified: Mon, 04 Mar 2024 08:11:52 GMT
vary: Accept-Encoding
etag: W/"65e58248-25a6e"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=3,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=4JoKqHAYFSLbma0Hcx4269iJcs4bOL951PVr59UgDDZWyUewVPM%2Bz%2FK%2BAuVMLCmW%2FDsuFOIhCbK58bW2IV4GFoSg97ElBH9na%2BgP88wVcMk%3D"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 943e7d5e6e6f92f7-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET pic.szmpe.cn/upload_01/xiao/20250522/2025052222322556412.gif

43.152.140.79

200 OK

55 kB

URL GET
pic.szmpe.cn/upload_01/xiao/20250522/2025052222322556412.gif
IP
43.152.140.79:443
ASN
#139341 ACE

Requested by
https://h4wcz8.dfdjjvef.cc/
Certificate
IssuerZeroSSL
Subject*.szmpe.cn
FingerprintE3:F1:93:B0:DA:A3:D8:9D:1B:BD:86:6C:1A:29:1C:92:88:9D:5E:E7
ValidityThu, 15 May 2025 00:00:00 GMT - Wed, 13 Aug 2025 23:59:59 GMT

File type
data
Size
55 kB (55152 bytes)
Hash
ab7a2c55919de26e89abbbc9b71dbcb2
d0acc0e94de9436682edb3d85cdcb81bcd10eae5
1b0ff657733820cb0b6251f6d2442ee184feb57098306f1a4dec82f13288260d

HTTP Headers

GET /upload_01/xiao/20250522/2025052222322556412.gif HTTP/1.1
Host: pic.szmpe.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://h4wcz8.dfdjjvef.cc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Last-Modified: Thu, 22 May 2025 14:33:43 GMT
Etag: "ab7a2c55919de26e89abbbc9b71dbcb2"
Content-Type: binary/octet-stream
Date: Thu, 22 May 2025 14:35:52 GMT
x-amz-server-side-encryption: AES256
Server: nginx
X-Cache: Hit from cloudfront
X-Amz-Cf-Pop: ARN53-P2
Age: 1112
Content-Length: 55152
Accept-Ranges: bytes
X-NWS-LOG-UUID: 8620941398476429087
Connection: keep-alive
X-Cache-Lookup: Cache Hit
Access-Control-Allow-Origin: *
Cache-Control: max-age=864000

GET pic.szmpe.cn/upload_01/xiao/20250516/2025051621230892958.jpeg

43.152.140.79

200 OK

136 kB

URL GET
pic.szmpe.cn/upload_01/xiao/20250516/2025051621230892958.jpeg
IP
43.152.140.79:443
ASN
#139341 ACE

Requested by
https://h4wcz8.dfdjjvef.cc/
Certificate
IssuerZeroSSL
Subject*.szmpe.cn
FingerprintE3:F1:93:B0:DA:A3:D8:9D:1B:BD:86:6C:1A:29:1C:92:88:9D:5E:E7
ValidityThu, 15 May 2025 00:00:00 GMT - Wed, 13 Aug 2025 23:59:59 GMT

File type
data
Size
136 kB (135808 bytes)
Hash
9039aad3747a9ba09ff4abb8d04b87a6
277c9e91bec54347f9d49233ee4d9b710ca76105
3615e869e62cd2df6775408e6a8692e2628b9fba582df3dfef67aefdde1ce7fc

HTTP Headers

GET /upload_01/xiao/20250516/2025051621230892958.jpeg HTTP/1.1
Host: pic.szmpe.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://h4wcz8.dfdjjvef.cc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Last-Modified: Sat, 17 May 2025 07:03:31 GMT
Etag: "9039aad3747a9ba09ff4abb8d04b87a6"
Content-Type: binary/octet-stream
Date: Sat, 17 May 2025 07:06:30 GMT
x-amz-server-side-encryption: AES256
Server: nginx
X-Cache: Hit from cloudfront
X-Amz-Cf-Pop: ARN53-P2
Age: 2460
Content-Length: 135808
Accept-Ranges: bytes
X-NWS-LOG-UUID: 1891515993117121500
Connection: keep-alive
X-Cache-Lookup: Cache Hit
Access-Control-Allow-Origin: *

GET pic.szmpe.cn/upload_01/xiao/20250522/2025052220290566108.jpeg

43.152.140.79

200 OK

259 kB

URL GET
pic.szmpe.cn/upload_01/xiao/20250522/2025052220290566108.jpeg
IP
43.152.140.79:443
ASN
#139341 ACE

Requested by
https://h4wcz8.dfdjjvef.cc/
Certificate
IssuerZeroSSL
Subject*.szmpe.cn
FingerprintE3:F1:93:B0:DA:A3:D8:9D:1B:BD:86:6C:1A:29:1C:92:88:9D:5E:E7
ValidityThu, 15 May 2025 00:00:00 GMT - Wed, 13 Aug 2025 23:59:59 GMT

File type
data
Size
259 kB (259424 bytes)
Hash
4cdd310a3ccc93190202c7d69eb8dc98
a660957b5438d16dae9e60eda988e0ea0f529861
432120aff77e2aab8c911ddf8452a5194689aef42fa448fad7d72e460945c508

HTTP Headers

GET /upload_01/xiao/20250522/2025052220290566108.jpeg HTTP/1.1
Host: pic.szmpe.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://h4wcz8.dfdjjvef.cc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Last-Modified: Thu, 22 May 2025 12:29:09 GMT
Etag: "4cdd310a3ccc93190202c7d69eb8dc98"
Content-Type: binary/octet-stream
Date: Thu, 22 May 2025 13:05:38 GMT
x-amz-server-side-encryption: AES256
Server: nginx
X-Cache: Hit from cloudfront
X-Amz-Cf-Pop: ARN53-P2
Age: 1127
Content-Length: 259424
Accept-Ranges: bytes
X-NWS-LOG-UUID: 2936201942114214826
Connection: keep-alive
X-Cache-Lookup: Cache Hit
Access-Control-Allow-Origin: *

POST stats.kwvprfcr.xyz/api/event

156.255.123.29

202 Accepted

2 B

URL POST
stats.kwvprfcr.xyz/api/event
IP
156.255.123.29:443
ASN
#63888 DATAWING LIMITED

Requested by
https://h4wcz8.dfdjjvef.cc/
Certificate
IssuerGoogle Trust Services
Subjectkwvprfcr.xyz
FingerprintA2:D1:48:93:98:C3:BE:C1:F9:23:5A:80:44:C9:8E:83:27:3E:DF:44
ValidityMon, 05 May 2025 06:32:43 GMT - Sun, 03 Aug 2025 07:31:10 GMT

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

HTTP Headers

POST /api/event HTTP/1.1
Host: stats.kwvprfcr.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 82
Origin: https://h4wcz8.dfdjjvef.cc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 202 Accepted
date: Thu, 22 May 2025 18:48:48 GMT
content-type: text/plain; charset=utf-8
content-length: 2
server: cloudflare
access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers: 
cache-control: max-age=0, private, must-revalidate
x-request-id: GEHt7A7TCN6Eon8YOXAC
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=xeQ9DnsCILccHnZ9hCqQveohwoaRgmYTi2TUbJ5urWZFJU6kRRgpRyOYxcLo1Of4NBEBeDcEN8WaFrl8A%2BLobhdQvRQA2tmHqZHLReyZGHI%3D"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 943e7d66993f92b0-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET pic.szmpe.cn/upload_01/xiao/20250516/2025051623222413851.jpeg

43.152.140.79

200 OK

177 kB

URL GET
pic.szmpe.cn/upload_01/xiao/20250516/2025051623222413851.jpeg
IP
43.152.140.79:443
ASN
#139341 ACE

Requested by
https://h4wcz8.dfdjjvef.cc/
Certificate
IssuerZeroSSL
Subject*.szmpe.cn
FingerprintE3:F1:93:B0:DA:A3:D8:9D:1B:BD:86:6C:1A:29:1C:92:88:9D:5E:E7
ValidityThu, 15 May 2025 00:00:00 GMT - Wed, 13 Aug 2025 23:59:59 GMT

File type
data
Size
177 kB (176752 bytes)
Hash
f02b9a31f9a1857641d7ec951881a89c
19aba78df3f14f76a49722b7cff7a578536a4878
6d1f7819f6d64e7bb35c5dd87f32ac19dd6b43c72952874e4e6ba1e9a79b8836

HTTP Headers

GET /upload_01/xiao/20250516/2025051623222413851.jpeg HTTP/1.1
Host: pic.szmpe.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://h4wcz8.dfdjjvef.cc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Last-Modified: Sat, 17 May 2025 12:00:36 GMT
Etag: "f02b9a31f9a1857641d7ec951881a89c"
Content-Type: binary/octet-stream
Date: Sat, 17 May 2025 12:06:39 GMT
x-amz-server-side-encryption: AES256
Server: nginx
X-Cache: Miss from cloudfront
X-Amz-Cf-Pop: ARN53-P2
Content-Length: 176752
Accept-Ranges: bytes
X-NWS-LOG-UUID: 15033101234561333102
Connection: keep-alive
X-Cache-Lookup: Cache Hit
Access-Control-Allow-Origin: *

GET pic.szmpe.cn/upload_01/xiao/20250522/2025052213180290945.jpeg

43.152.140.79

200 OK

224 kB

URL GET
pic.szmpe.cn/upload_01/xiao/20250522/2025052213180290945.jpeg
IP
43.152.140.79:443
ASN
#139341 ACE

Requested by
https://h4wcz8.dfdjjvef.cc/
Certificate
IssuerZeroSSL
Subject*.szmpe.cn
FingerprintE3:F1:93:B0:DA:A3:D8:9D:1B:BD:86:6C:1A:29:1C:92:88:9D:5E:E7
ValidityThu, 15 May 2025 00:00:00 GMT - Wed, 13 Aug 2025 23:59:59 GMT

File type
data
Size
224 kB (223952 bytes)
Hash
57f8c2eb507e205e99bb7b04161bbc24
028904cd747fcd32c7975abd3321bb971f650586
014528bf0b0447e8030f9faf61c174086b63a659643ab249a8cbab7ee5af9aa9

HTTP Headers

GET /upload_01/xiao/20250522/2025052213180290945.jpeg HTTP/1.1
Host: pic.szmpe.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://h4wcz8.dfdjjvef.cc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Last-Modified: Thu, 22 May 2025 05:18:06 GMT
Etag: "57f8c2eb507e205e99bb7b04161bbc24"
Content-Type: binary/octet-stream
Date: Thu, 22 May 2025 17:04:26 GMT
x-amz-server-side-encryption: AES256
Server: nginx
X-Cache: Hit from cloudfront
X-Amz-Cf-Pop: ARN53-P2
Age: 606
Content-Length: 223952
Accept-Ranges: bytes
X-NWS-LOG-UUID: 17485280388826247923
Connection: keep-alive
X-Cache-Lookup: Cache Hit
Access-Control-Allow-Origin: *

GET pic.szmpe.cn/upload_01/xiao/20250522/2025052213160013134.jpeg

43.152.140.79

200 OK

230 kB

URL GET
pic.szmpe.cn/upload_01/xiao/20250522/2025052213160013134.jpeg
IP
43.152.140.79:443
ASN
#139341 ACE

Requested by
https://h4wcz8.dfdjjvef.cc/
Certificate
IssuerZeroSSL
Subject*.szmpe.cn
FingerprintE3:F1:93:B0:DA:A3:D8:9D:1B:BD:86:6C:1A:29:1C:92:88:9D:5E:E7
ValidityThu, 15 May 2025 00:00:00 GMT - Wed, 13 Aug 2025 23:59:59 GMT

File type
data
Size
230 kB (229872 bytes)
Hash
48469912bdc1a3977f12a1926763455c
d30cbfb1061a16fb2b0adade9845e77da19f0137
0b3228efb1ac1a913dd42c9c2e20f987961f9cbb63014d16f3c0a35d6b2076e2

HTTP Headers

GET /upload_01/xiao/20250522/2025052213160013134.jpeg HTTP/1.1
Host: pic.szmpe.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://h4wcz8.dfdjjvef.cc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Last-Modified: Thu, 22 May 2025 05:16:04 GMT
Etag: "48469912bdc1a3977f12a1926763455c"
Content-Type: binary/octet-stream
Date: Thu, 22 May 2025 16:49:09 GMT
x-amz-server-side-encryption: AES256
Server: nginx
X-Cache: Hit from cloudfront
X-Amz-Cf-Pop: ARN53-P2
Age: 207
Content-Length: 229872
Accept-Ranges: bytes
X-NWS-LOG-UUID: 1604087623954999411
Connection: keep-alive
X-Cache-Lookup: Cache Hit
Access-Control-Allow-Origin: *

GET pic.szmpe.cn/upload_01/xiao/20250522/2025052217450963562.jpeg

43.152.140.79

200 OK

153 kB

URL GET
pic.szmpe.cn/upload_01/xiao/20250522/2025052217450963562.jpeg
IP
43.152.140.79:443
ASN
#139341 ACE

Requested by
https://h4wcz8.dfdjjvef.cc/
Certificate
IssuerZeroSSL
Subject*.szmpe.cn
FingerprintE3:F1:93:B0:DA:A3:D8:9D:1B:BD:86:6C:1A:29:1C:92:88:9D:5E:E7
ValidityThu, 15 May 2025 00:00:00 GMT - Wed, 13 Aug 2025 23:59:59 GMT

File type
data
Size
153 kB (152576 bytes)
Hash
f95ad400c68a50a3251724e416992d8d
4dcace2066b0755402446be7fcd1397f5c88a2bb
4da2b48a01dd1c78ade2c5b98ca082cc1e9b85e864d3573480cdee1e54d4fc18

HTTP Headers

GET /upload_01/xiao/20250522/2025052217450963562.jpeg HTTP/1.1
Host: pic.szmpe.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://h4wcz8.dfdjjvef.cc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Last-Modified: Thu, 22 May 2025 10:00:27 GMT
Etag: "f95ad400c68a50a3251724e416992d8d"
Content-Type: binary/octet-stream
Date: Thu, 22 May 2025 10:09:20 GMT
x-amz-server-side-encryption: AES256
Server: nginx
X-Cache: Miss from cloudfront
X-Amz-Cf-Pop: ARN53-P2
Content-Length: 152576
Accept-Ranges: bytes
X-NWS-LOG-UUID: 10188300140294724555
Connection: keep-alive
X-Cache-Lookup: Cache Hit
Access-Control-Allow-Origin: *

GET pic.szmpe.cn/upload_01/xiao/20240813/2024081318433594776.gif

43.152.140.79

200 OK

426 kB

URL GET
pic.szmpe.cn/upload_01/xiao/20240813/2024081318433594776.gif
IP
43.152.140.79:443
ASN
#139341 ACE

Requested by
https://h4wcz8.dfdjjvef.cc/
Certificate
IssuerZeroSSL
Subject*.szmpe.cn
FingerprintE3:F1:93:B0:DA:A3:D8:9D:1B:BD:86:6C:1A:29:1C:92:88:9D:5E:E7
ValidityThu, 15 May 2025 00:00:00 GMT - Wed, 13 Aug 2025 23:59:59 GMT

File type
data
Size
426 kB (426400 bytes)
Hash
40e08f4bb672078e81e474715dbb34b9
071355f9372e6de7ebf9495e9911467e5bbdb8d0
d143100d3209ff86892c6659c4206eeb13701ea65244e5f3cb76146c8dc5fc55

HTTP Headers

GET /upload_01/xiao/20240813/2024081318433594776.gif HTTP/1.1
Host: pic.szmpe.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://h4wcz8.dfdjjvef.cc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Last-Modified: Tue, 13 Aug 2024 10:44:06 GMT
Etag: "40e08f4bb672078e81e474715dbb34b9"
Content-Type: binary/octet-stream
Date: Sat, 03 May 2025 07:25:10 GMT
x-amz-server-side-encryption: AES256
Server: nginx
X-Cache: Hit from cloudfront
X-Amz-Cf-Pop: ARN53-P2
Age: 1030
Content-Length: 426400
Accept-Ranges: bytes
X-NWS-LOG-UUID: 569639610625039062
Connection: keep-alive
X-Cache-Lookup: Cache Hit
Access-Control-Allow-Origin: *
Cache-Control: max-age=864000

GET h4wcz8.dfdjjvef.cc/usr/themes/Mirages/static/jquery/2.2.4/jquery.min.js

154.207.77.29

200 OK

86 kB

URL GET
h4wcz8.dfdjjvef.cc/usr/themes/Mirages/static/jquery/2.2.4/jquery.min.js
IP
154.207.77.29:443
ASN
#63888 DATAWING LIMITED

Requested by
https://h4wcz8.dfdjjvef.cc/
Certificate
IssuerCLOUDFLARE, INC.
Subjectdfdjjvef.cc
Fingerprint58:A9:EB:5F:81:E3:C9:C8:1B:A7:0C:A9:BB:17:85:27:06:6D:64:EB
ValidityTue, 08 Apr 2025 06:59:58 GMT - Mon, 07 Jul 2025 07:07:25 GMT

File type
JavaScript source, ASCII text, with very long lines (32065)
Size
86 kB (85578 bytes)
Hash
2f6b11a7e914718e0290410e85366fe9
69bb69e25ca7d5ef0935317584e6153f3fd9a88c
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /usr/themes/Mirages/static/jquery/2.2.4/jquery.min.js HTTP/1.1
Host: h4wcz8.dfdjjvef.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://h4wcz8.dfdjjvef.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 22 May 2025 18:48:47 GMT
content-type: application/javascript
server: cloudflare
last-modified: Thu, 20 Jul 2023 08:30:09 GMT
vary: Accept-Encoding
etag: W/"64b8f091-14e4a"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=2,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=hyv7GyZrK56BreFYdIYfOr6QzfYBPEEL7hjKxVCwRQqGI4UkUi64LreFEZCxVzYIib1Qhfn1bopGGwXn8zRbofmGSM8RaaEUfHNubgy8r9g%3D"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 943e7d5e4e5492f7-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET h4wcz8.dfdjjvef.cc/gtag.js?id=G-10JG7H60P0

154.207.77.29

200 OK

382 kB

URL GET
h4wcz8.dfdjjvef.cc/gtag.js?id=G-10JG7H60P0
IP
154.207.77.29:443
ASN
#63888 DATAWING LIMITED

Requested by
https://h4wcz8.dfdjjvef.cc/
Certificate
IssuerCLOUDFLARE, INC.
Subjectdfdjjvef.cc
Fingerprint58:A9:EB:5F:81:E3:C9:C8:1B:A7:0C:A9:BB:17:85:27:06:6D:64:EB
ValidityTue, 08 Apr 2025 06:59:58 GMT - Mon, 07 Jul 2025 07:07:25 GMT

File type
JavaScript source, ASCII text, with very long lines (6129)
Size
382 kB (381505 bytes)
Hash
ce85fe97bed0ee4889798428fea0d1cb
18fdff0c17c66d867d511e1a2d69449079e45ff3
cd6e77ca28298573a4f7c273a888523358403576c02622d758d7feb733f42fb8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /gtag.js?id=G-10JG7H60P0 HTTP/1.1
Host: h4wcz8.dfdjjvef.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://h4wcz8.dfdjjvef.cc/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 22 May 2025 18:48:47 GMT
content-type: application/javascript
server: cloudflare
last-modified: Tue, 29 Apr 2025 12:21:53 GMT
vary: Accept-Encoding
etag: W/"6810c461-5d241"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=3,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Z4TrKQT0uMSO0l6Y%2BhRDWy%2FK3x3qD8cr6EOoEnrOvlimtKWzaR5JKLU%2F0Np%2F54PCQTsNknWoWBKjGjGTNEXDjY6fE57bAW1aWPd%2BHbudqDk%3D"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 943e7d5eeed292f7-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (14)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML