| freindindioaie.serveuser.com/dom/bb5f6ee28dcf69bfa910a2c432d5. |  91.219.150.116 | 200 OK | 4.1 kB |
URL User Request GET HTTP/2freindindioaie.serveuser.com/dom/bb5f6ee28dcf69bfa910a2c432d5. IP91.219.150.116:443
CertificateIssuerLet's Encrypt Subjectfreindindioaie.serveuser.com Fingerprint89:AE:0D:25:61:2E:93:1C:57:B5:30:BA:94:D2:76:EE:17:69:3A:90 ValidityFri, 19 Apr 2024 12:30:57 GMT - Thu, 18 Jul 2024 12:30:56 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (6468), with CRLF line terminators Hash365ba012357c3a97a549dc81046d5999 6334ff931eec2dfff8a9002ae29b6424f29ece21 fd4b14d54cd94fcc62ac48648efa5688e7cf5b0e564edb0a5576c8dc6fa11cdd
| Analyzer | Verdict | Alert |
|---|
| urlquery | suspicious | Suspicious - DynDNS domain | | OpenPhish | phishing | NetEase |
GET /dom/bb5f6ee28dcf69bfa910a2c432d5. HTTP/1.1
Host: freindindioaie.serveuser.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-length: 4142
content-type: text/html; charset=UTF-8
date: Sat, 20 Apr 2024 16:38:12 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| freindindioaie.serveuser.com/dom/files/base_v3.js | 91.219.150.116 | 200 OK | 7.4 kB |
URL GET HTTP/2freindindioaie.serveuser.com/dom/files/base_v3.js IP91.219.150.116:443
Requested byhttps://freindindioaie.serveuser.com/dom/bb5f6ee28dcf69bfa910a2c432d5. CertificateIssuerLet's Encrypt Subjectfreindindioaie.serveuser.com Fingerprint89:AE:0D:25:61:2E:93:1C:57:B5:30:BA:94:D2:76:EE:17:69:3A:90 ValidityFri, 19 Apr 2024 12:30:57 GMT - Thu, 18 Jul 2024 12:30:56 GMT
File typeJavaScript source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators Hash3e791d47b5afd289e73673644143da80 4c768e58ee52fc3ad6b5c848d38e74753d0e0fd3 d3879a4ec7a884d7a76d1fcc4f94b214cade3c66d604ceeb15a77d1c1f2783b5
| Analyzer | Verdict | Alert |
|---|
| urlquery | suspicious | Suspicious - DynDNS domain |
GET /dom/files/base_v3.js HTTP/1.1
Host: freindindioaie.serveuser.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://freindindioaie.serveuser.com/dom/bb5f6ee28dcf69bfa910a2c432d5.
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 08 Aug 2023 20:22:02 GMT
etag: "5d69-6026f1da14e80-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 7389
content-type: text/javascript
date: Sat, 20 Apr 2024 16:38:12 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| freindindioaie.serveuser.com/dom/files/qiye_algorithm.js | 91.219.150.116 | 200 OK | 9.1 kB |
URL GET HTTP/2freindindioaie.serveuser.com/dom/files/qiye_algorithm.js IP91.219.150.116:443
Requested byhttps://freindindioaie.serveuser.com/dom/bb5f6ee28dcf69bfa910a2c432d5. CertificateIssuerLet's Encrypt Subjectfreindindioaie.serveuser.com Fingerprint89:AE:0D:25:61:2E:93:1C:57:B5:30:BA:94:D2:76:EE:17:69:3A:90 ValidityFri, 19 Apr 2024 12:30:57 GMT - Thu, 18 Jul 2024 12:30:56 GMT
File typeUnicode text, UTF-8 (with BOM) text Hash717ccd9ceb3f52f49559e318ad05f61a 8a98afb34d4b465b8a640e866e0f675d472db440 9c7bb6e063b4b8db8798c4739a9d3f7e4e90d90c9608aaab1f50266981722f29
| Analyzer | Verdict | Alert |
|---|
| urlquery | suspicious | Suspicious - DynDNS domain |
GET /dom/files/qiye_algorithm.js HTTP/1.1
Host: freindindioaie.serveuser.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://freindindioaie.serveuser.com/dom/bb5f6ee28dcf69bfa910a2c432d5.
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 08 Aug 2023 20:22:02 GMT
etag: "6bf5-6026f1da14e80-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 9061
content-type: text/javascript
date: Sat, 20 Apr 2024 16:38:12 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| freindindioaie.serveuser.com/dom/files/raven-3.js | 91.219.150.116 | 200 OK | 14 kB |
URL GET HTTP/2freindindioaie.serveuser.com/dom/files/raven-3.js IP91.219.150.116:443
Requested byhttps://freindindioaie.serveuser.com/dom/bb5f6ee28dcf69bfa910a2c432d5. CertificateIssuerLet's Encrypt Subjectfreindindioaie.serveuser.com Fingerprint89:AE:0D:25:61:2E:93:1C:57:B5:30:BA:94:D2:76:EE:17:69:3A:90 ValidityFri, 19 Apr 2024 12:30:57 GMT - Thu, 18 Jul 2024 12:30:56 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (32021), with CRLF line terminators Hash9b02c20b8192917271d66a4db6966592 ad1f7029d37cef3a908d6a04e545ea5c6e6a6897 8b6d98b0cf87dc28a33bbd54f6e64114b0b8417e654b82111fd0579e7efdbdbf
| Analyzer | Verdict | Alert |
|---|
| urlquery | suspicious | Suspicious - DynDNS domain |
GET /dom/files/raven-3.js HTTP/1.1
Host: freindindioaie.serveuser.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://freindindioaie.serveuser.com/dom/bb5f6ee28dcf69bfa910a2c432d5.
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 08 Aug 2023 20:22:02 GMT
etag: "92d6-6026f1da14e80-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 13754
content-type: text/javascript
date: Sat, 20 Apr 2024 16:38:12 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| freindindioaie.serveuser.com/dom/files/getqrcode.jpg | 91.219.150.116 | 200 OK | 8.0 kB |
URL GET HTTP/2freindindioaie.serveuser.com/dom/files/getqrcode.jpg IP91.219.150.116:443
Requested byhttps://freindindioaie.serveuser.com/dom/bb5f6ee28dcf69bfa910a2c432d5. CertificateIssuerLet's Encrypt Subjectfreindindioaie.serveuser.com Fingerprint89:AE:0D:25:61:2E:93:1C:57:B5:30:BA:94:D2:76:EE:17:69:3A:90 ValidityFri, 19 Apr 2024 12:30:57 GMT - Thu, 18 Jul 2024 12:30:56 GMT
File typeJPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 130x130, components 3 Hash1993497d4aba08f625391613139b456e c97fdea14e94e857ea41b64aa2c006fe7d6a5951 b73e828651d5ed0a58649ea6f85c7369eb5c2eca01550aec05d7d76a81646c0e
| Analyzer | Verdict | Alert |
|---|
| urlquery | suspicious | Suspicious - DynDNS domain |
GET /dom/files/getqrcode.jpg HTTP/1.1
Host: freindindioaie.serveuser.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://freindindioaie.serveuser.com/dom/bb5f6ee28dcf69bfa910a2c432d5.
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 08 Aug 2023 20:22:02 GMT
etag: "1f33-6026f1da14e80"
accept-ranges: bytes
content-length: 7987
content-type: image/jpeg
date: Sat, 20 Apr 2024 16:38:12 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| freindindioaie.serveuser.com/dom/files/style.css | 91.219.150.116 | 200 OK | 24 kB |
URL GET HTTP/2freindindioaie.serveuser.com/dom/files/style.css IP91.219.150.116:443
Requested byhttps://freindindioaie.serveuser.com/dom/bb5f6ee28dcf69bfa910a2c432d5. CertificateIssuerLet's Encrypt Subjectfreindindioaie.serveuser.com Fingerprint89:AE:0D:25:61:2E:93:1C:57:B5:30:BA:94:D2:76:EE:17:69:3A:90 ValidityFri, 19 Apr 2024 12:30:57 GMT - Thu, 18 Jul 2024 12:30:56 GMT
File typeUnicode text, UTF-8 text, with very long lines (41795), with no line terminators Hash4f188b8fd63c20f0c56adf519f735a1a 7a2f95cc10654a736597b34c140b371ab0778b0a bc07362137bbc06fa722c31a1105ae10400a8750e343e144ce55aadeca9d1b32
| Analyzer | Verdict | Alert |
|---|
| urlquery | suspicious | Suspicious - DynDNS domain |
GET /dom/files/style.css HTTP/1.1
Host: freindindioaie.serveuser.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://freindindioaie.serveuser.com/dom/bb5f6ee28dcf69bfa910a2c432d5.
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 08 Aug 2023 20:22:02 GMT
etag: "a34f-6026f1da14e80-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 24336
content-type: text/css
date: Sat, 20 Apr 2024 16:38:12 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| freindindioaie.serveuser.com/dom/files/year.js | 91.219.150.116 | 200 OK | 23 B |
URL GET HTTP/2freindindioaie.serveuser.com/dom/files/year.js IP91.219.150.116:443
Requested byhttps://freindindioaie.serveuser.com/dom/bb5f6ee28dcf69bfa910a2c432d5. CertificateIssuerLet's Encrypt Subjectfreindindioaie.serveuser.com Fingerprint89:AE:0D:25:61:2E:93:1C:57:B5:30:BA:94:D2:76:EE:17:69:3A:90 ValidityFri, 19 Apr 2024 12:30:57 GMT - Thu, 18 Jul 2024 12:30:56 GMT
File typeASCII text, with no line terminators Hasha3d4c021e7b652321fe48ff19bdec7d8 d9c9cbfd65cb668b51b7b5e5be0f6eb406b373ff 098ec9249cb3e97872e1862b4400b9db4c6622a4d089b64b752ffc73b3ef7a30
| Analyzer | Verdict | Alert |
|---|
| urlquery | suspicious | Suspicious - DynDNS domain |
GET /dom/files/year.js HTTP/1.1
Host: freindindioaie.serveuser.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://freindindioaie.serveuser.com/dom/bb5f6ee28dcf69bfa910a2c432d5.
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 08 Aug 2023 20:22:02 GMT
etag: "17-6026f1da14e80"
accept-ranges: bytes
content-length: 23
content-type: text/javascript
date: Sat, 20 Apr 2024 16:38:12 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| freindindioaie.serveuser.com/dom/files/knet.png | 91.219.150.116 | 200 OK | 4.6 kB |
URL GET HTTP/2freindindioaie.serveuser.com/dom/files/knet.png IP91.219.150.116:443
Requested byhttps://freindindioaie.serveuser.com/dom/bb5f6ee28dcf69bfa910a2c432d5. CertificateIssuerLet's Encrypt Subjectfreindindioaie.serveuser.com Fingerprint89:AE:0D:25:61:2E:93:1C:57:B5:30:BA:94:D2:76:EE:17:69:3A:90 ValidityFri, 19 Apr 2024 12:30:57 GMT - Thu, 18 Jul 2024 12:30:56 GMT
File typePNG image data, 57 x 19, 8-bit/color RGBA, non-interlaced Hashdca9fb1809c54c9b1d3d4b9087372b8c 9fcdf3273f6a82ff9b1f203c20fb9fc64e6994d0 17add961a686edb5b25996bcc4e08a14e5e36b6a1796ffbbb9cc751e7ca97ac8
| Analyzer | Verdict | Alert |
|---|
| urlquery | suspicious | Suspicious - DynDNS domain |
GET /dom/files/knet.png HTTP/1.1
Host: freindindioaie.serveuser.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://freindindioaie.serveuser.com/dom/bb5f6ee28dcf69bfa910a2c432d5.
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 08 Aug 2023 20:22:02 GMT
etag: "1203-6026f1da14e80"
accept-ranges: bytes
content-length: 4611
content-type: image/png
date: Sat, 20 Apr 2024 16:38:12 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| freindindioaie.serveuser.com/dom/files/httpsEnable.gif | 91.219.150.116 | 200 OK | 43 B |
URL GET HTTP/2freindindioaie.serveuser.com/dom/files/httpsEnable.gif IP91.219.150.116:443
Requested byhttps://freindindioaie.serveuser.com/dom/bb5f6ee28dcf69bfa910a2c432d5. CertificateIssuerLet's Encrypt Subjectfreindindioaie.serveuser.com Fingerprint89:AE:0D:25:61:2E:93:1C:57:B5:30:BA:94:D2:76:EE:17:69:3A:90 ValidityFri, 19 Apr 2024 12:30:57 GMT - Thu, 18 Jul 2024 12:30:56 GMT
File typeGIF image data, version 89a, 1 x 1 Hashb4491705564909da7f9eaf749dbbfbb1 279315d507855c6a4351e1e2c2f39dd9cd2fccd8 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
| Analyzer | Verdict | Alert |
|---|
| urlquery | suspicious | Suspicious - DynDNS domain |
GET /dom/files/httpsEnable.gif HTTP/1.1
Host: freindindioaie.serveuser.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://freindindioaie.serveuser.com/dom/bb5f6ee28dcf69bfa910a2c432d5.
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 08 Aug 2023 20:22:02 GMT
etag: "2b-6026f1da14e80"
accept-ranges: bytes
content-length: 43
content-type: image/gif
date: Sat, 20 Apr 2024 16:38:12 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| freindindioaie.serveuser.com/dom/files/es5-polyfill.js | 91.219.150.116 | 200 OK | 708 B |
URL GET HTTP/2freindindioaie.serveuser.com/dom/files/es5-polyfill.js IP91.219.150.116:443
Requested byhttps://freindindioaie.serveuser.com/dom/bb5f6ee28dcf69bfa910a2c432d5. CertificateIssuerLet's Encrypt Subjectfreindindioaie.serveuser.com Fingerprint89:AE:0D:25:61:2E:93:1C:57:B5:30:BA:94:D2:76:EE:17:69:3A:90 ValidityFri, 19 Apr 2024 12:30:57 GMT - Thu, 18 Jul 2024 12:30:56 GMT
File typeJavaScript source, ASCII text, with very long lines (1753), with CRLF line terminators Hashd133ba5360b418e05aade702b8407167 d1ed68bbaf11929cca7b0103d951d0bcb48ea52c d5292586cfe2230f1c91cae1f71ad9156c23fb60f7cd9d2bce428647b2cad47c
| Analyzer | Verdict | Alert |
|---|
| urlquery | suspicious | Suspicious - DynDNS domain |
GET /dom/files/es5-polyfill.js HTTP/1.1
Host: freindindioaie.serveuser.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://freindindioaie.serveuser.com/dom/bb5f6ee28dcf69bfa910a2c432d5.
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 08 Aug 2023 20:22:02 GMT
etag: "6e6-6026f1da14e80-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 708
content-type: text/javascript
date: Sat, 20 Apr 2024 16:38:12 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| freindindioaie.serveuser.com/dom/files/index.js | 91.219.150.116 | 200 OK | 4.2 kB |
URL GET HTTP/2freindindioaie.serveuser.com/dom/files/index.js IP91.219.150.116:443
Requested byhttps://freindindioaie.serveuser.com/dom/bb5f6ee28dcf69bfa910a2c432d5. CertificateIssuerLet's Encrypt Subjectfreindindioaie.serveuser.com Fingerprint89:AE:0D:25:61:2E:93:1C:57:B5:30:BA:94:D2:76:EE:17:69:3A:90 ValidityFri, 19 Apr 2024 12:30:57 GMT - Thu, 18 Jul 2024 12:30:56 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (11776), with no line terminators Hash842e6580b7aaebdfc37ebbc12e3fdb4b d13111e957a31fa27c793fe2d2c3577594174d86 58d160da1c3c3a8fdc93ce59449ae45ba28948ff5024b1ea2d609eb06fe91ad0
| Analyzer | Verdict | Alert |
|---|
| urlquery | suspicious | Suspicious - DynDNS domain |
GET /dom/files/index.js HTTP/1.1
Host: freindindioaie.serveuser.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://freindindioaie.serveuser.com/dom/bb5f6ee28dcf69bfa910a2c432d5.
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 08 Aug 2023 20:22:02 GMT
etag: "2e0c-6026f1da14e80-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 4248
content-type: text/javascript
date: Sat, 20 Apr 2024 16:38:12 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| freindindioaie.serveuser.com/dom/files/vendorsindex.js | 91.219.150.116 | 200 OK | 16 kB |
URL GET HTTP/2freindindioaie.serveuser.com/dom/files/vendorsindex.js IP91.219.150.116:443
Requested byhttps://freindindioaie.serveuser.com/dom/bb5f6ee28dcf69bfa910a2c432d5. CertificateIssuerLet's Encrypt Subjectfreindindioaie.serveuser.com Fingerprint89:AE:0D:25:61:2E:93:1C:57:B5:30:BA:94:D2:76:EE:17:69:3A:90 ValidityFri, 19 Apr 2024 12:30:57 GMT - Thu, 18 Jul 2024 12:30:56 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (42122) Hash1925fbe0ee1a8efe26109c6b51e05c58 619540147e969343d5789de68f0e2ddf35f2a630 f7e948917b71479588f940c86a2e5ea0658bd4cce75dea6c960db040a3c7d161
| Analyzer | Verdict | Alert |
|---|
| urlquery | suspicious | Suspicious - DynDNS domain |
GET /dom/files/vendorsindex.js HTTP/1.1
Host: freindindioaie.serveuser.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://freindindioaie.serveuser.com/dom/bb5f6ee28dcf69bfa910a2c432d5.
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 08 Aug 2023 20:22:02 GMT
etag: "ba27-6026f1da14e80-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 16459
content-type: text/javascript
date: Sat, 20 Apr 2024 16:38:12 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| qiye.163.com/favicon.ico |  103.129.255.182 | 200 OK | 318 B |
IP103.129.255.182:443 ASN#137263 NETEASE HONG KONG LIMITED
Requested byhttps://freindindioaie.serveuser.com/dom/bb5f6ee28dcf69bfa910a2c432d5. CertificateIssuerDigiCert Inc Subject*.qiye.163.com FingerprintE7:75:BA:2E:71:FB:A5:64:3B:D7:1B:09:24:C1:8A:11:7E:E7:80:0A ValidityFri, 26 Jan 2024 00:00:00 GMT - Sun, 23 Feb 2025 23:59:59 GMT
File typeMS Windows icon resource - 1 icon, 16x16, 16 colors Hasha14e5365cc2b27ec57e1ab7866c6a228 37fc3645c16a1cbd74d8a6b7ef8756bbf0a3e857 43c6594eb74940c6e0fb38d55c634425860093660f4eb0cb89334608dd9947eb
GET /favicon.ico HTTP/1.1
Host: qiye.163.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://freindindioaie.serveuser.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 20 Apr 2024 16:38:14 GMT
content-type: image/x-icon
content-length: 318
last-modified: Tue, 16 Apr 2024 09:57:49 GMT
expires: Sun, 20 Apr 2025 16:38:14 GMT
cache-control: max-age=31536000
accept-ranges: bytes
lingxi-traceid: 6d543c6cc91c334dcc28c5bb74b515dc_n^750873600000^0
strict-transport-security: max-age=31536000; preload
X-Firefox-Spdy: h2
|
|
| mimg.127.net/m/lc/img/qiye/45/95/1/promPic.png | 103.129.252.61 | 200 OK | 137 kB |
URL GET HTTP/2mimg.127.net/m/lc/img/qiye/45/95/1/promPic.png IP103.129.252.61:443 ASN#137263 NETEASE HONG KONG LIMITED
Requested byhttps://freindindioaie.serveuser.com/dom/bb5f6ee28dcf69bfa910a2c432d5. CertificateIssuerDigiCert Inc Subjectmimg.127.net Fingerprint1F:9E:92:7A:42:53:FA:B9:89:36:E3:D7:D7:58:DB:5B:96:84:EF:06 ValidityTue, 29 Aug 2023 00:00:00 GMT - Sat, 14 Sep 2024 23:59:59 GMT
File typeJPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 3840x1640, components 3 Size137 kB (137291 bytes) Hash2013688e3eaecf9314037c4a3674c338 f05b9cf0e35a258bd2cceb8e03df7b49a60d9ab0 62ffd6d19dd46a8c3260d322c39ef4bf8d6219a6adfb6f0f3a049cfb7a68c554
GET /m/lc/img/qiye/45/95/1/promPic.png HTTP/1.1
Host: mimg.127.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://freindindioaie.serveuser.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 20 Apr 2024 16:38:14 GMT
content-type: image/png
content-length: 137291
last-modified: Mon, 25 Nov 2019 08:41:47 GMT
etag: "5ddb93cb-2184b"
expires: Tue, 18 Apr 2034 13:55:24 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| freindindioaie.serveuser.com/dom/files/raven-3.js | 91.219.150.116 | 200 OK | 14 kB |
URL GET HTTP/2freindindioaie.serveuser.com/dom/files/raven-3.js IP91.219.150.116:443
Requested byhttps://freindindioaie.serveuser.com/dom/bb5f6ee28dcf69bfa910a2c432d5. CertificateIssuerLet's Encrypt Subjectfreindindioaie.serveuser.com Fingerprint89:AE:0D:25:61:2E:93:1C:57:B5:30:BA:94:D2:76:EE:17:69:3A:90 ValidityFri, 19 Apr 2024 12:30:57 GMT - Thu, 18 Jul 2024 12:30:56 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (32021), with CRLF line terminators Hash9b02c20b8192917271d66a4db6966592 ad1f7029d37cef3a908d6a04e545ea5c6e6a6897 8b6d98b0cf87dc28a33bbd54f6e64114b0b8417e654b82111fd0579e7efdbdbf
| Analyzer | Verdict | Alert |
|---|
| urlquery | suspicious | Suspicious - DynDNS domain |
GET /dom/files/raven-3.js HTTP/1.1
Host: freindindioaie.serveuser.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Referer: https://freindindioaie.serveuser.com/dom/bb5f6ee28dcf69bfa910a2c432d5.
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 08 Aug 2023 20:22:02 GMT
etag: "92d6-6026f1da14e80-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 13754
content-type: text/javascript
date: Sat, 20 Apr 2024 16:38:15 GMT
server: Apache
X-Firefox-Spdy: h2
|
|