| knywescfhs.5555963com-dh.top/images/search.jpg |  154.40.48.249 | 404 Not Found | 146 B |
URL GET knywescfhs.5555963com-dh.top/images/search.jpg IP154.40.48.249:443
Requested byhttps://knywescfhs.5555963com-dh.top/demo/ CertificateIssuerLet's Encrypt Subjectwww.5555963.com FingerprintC2:10:24:76:1B:18:B0:36:59:DB:98:2F:06:BD:87:89:1D:F9:C1:BE ValiditySun, 09 Feb 2025 20:30:52 GMT - Sat, 10 May 2025 20:30:51 GMT
File typeHTML document, ASCII text, with no line terminators Hash40b3fc14254227ec5012d996bf90c4e1 b0dd06eb5a779151151101337889ff09953f8ac0 740816c1b61e4a8443c26d30d3eecfea04815fca8cd605a142f9d8a35f86ceca
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /images/search.jpg HTTP/1.1
Host: knywescfhs.5555963com-dh.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://knywescfhs.5555963com-dh.top/demo/zz/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 404 Not Found
server: nginx
date: Fri, 04 Apr 2025 02:49:30 GMT
content-type: text/html
content-length: 146
X-Firefox-Spdy: h2
|
|
| knywescfhs.5555963com-dh.top/favicon.ico | 154.40.48.249 | 404 Not Found | 146 B |
URL GET knywescfhs.5555963com-dh.top/favicon.ico IP154.40.48.249:443
Requested byhttps://knywescfhs.5555963com-dh.top/demo/ CertificateIssuerLet's Encrypt Subjectwww.5555963.com FingerprintC2:10:24:76:1B:18:B0:36:59:DB:98:2F:06:BD:87:89:1D:F9:C1:BE ValiditySun, 09 Feb 2025 20:30:52 GMT - Sat, 10 May 2025 20:30:51 GMT
File typeHTML document, ASCII text, with no line terminators Hash40b3fc14254227ec5012d996bf90c4e1 b0dd06eb5a779151151101337889ff09953f8ac0 740816c1b61e4a8443c26d30d3eecfea04815fca8cd605a142f9d8a35f86ceca
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: knywescfhs.5555963com-dh.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://knywescfhs.5555963com-dh.top/demo/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 404 Not Found
server: nginx
date: Fri, 04 Apr 2025 02:49:30 GMT
content-type: text/html
content-length: 146
X-Firefox-Spdy: h2
|
|
| knywescfhs.5555963com-dh.top/style.css | 154.40.48.249 | 404 Not Found | 146 B |
URL GET knywescfhs.5555963com-dh.top/style.css IP154.40.48.249:443
Requested byhttps://knywescfhs.5555963com-dh.top/demo/tz2.php CertificateIssuerLet's Encrypt Subjectwww.5555963.com FingerprintC2:10:24:76:1B:18:B0:36:59:DB:98:2F:06:BD:87:89:1D:F9:C1:BE ValiditySun, 09 Feb 2025 20:30:52 GMT - Sat, 10 May 2025 20:30:51 GMT
File typeHTML document, ASCII text, with no line terminators Hash40b3fc14254227ec5012d996bf90c4e1 b0dd06eb5a779151151101337889ff09953f8ac0 740816c1b61e4a8443c26d30d3eecfea04815fca8cd605a142f9d8a35f86ceca
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /style.css HTTP/1.1
Host: knywescfhs.5555963com-dh.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://knywescfhs.5555963com-dh.top/demo/tz2.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 404 Not Found
server: nginx
date: Fri, 04 Apr 2025 02:49:30 GMT
content-type: text/html
content-length: 146
X-Firefox-Spdy: h2
|
|
| pefrrfgayp.5555963com-dh.top/ | 154.40.48.249 | 302 Found | 23 kB |
URL User Request GET pefrrfgayp.5555963com-dh.top/ IP154.40.48.249:443
CertificateIssuerLet's Encrypt Subjectwww.5555963.com FingerprintC2:10:24:76:1B:18:B0:36:59:DB:98:2F:06:BD:87:89:1D:F9:C1:BE ValiditySun, 09 Feb 2025 20:30:52 GMT - Sat, 10 May 2025 20:30:51 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET / HTTP/1.1
Host: pefrrfgayp.5555963com-dh.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx
date: Fri, 04 Apr 2025 02:49:28 GMT
content-type: text/html; charset=UTF-8
location: https://KNYWeSCFhS.5555963com-dh.top/demo/
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
|
|
| knywescfhs.5555963com-dh.top/demo/ | 154.40.48.249 | 200 OK | 23 kB |
URL User Request GET knywescfhs.5555963com-dh.top/demo/ IP154.40.48.249:443
CertificateIssuerLet's Encrypt Subjectwww.5555963.com FingerprintC2:10:24:76:1B:18:B0:36:59:DB:98:2F:06:BD:87:89:1D:F9:C1:BE ValiditySun, 09 Feb 2025 20:30:52 GMT - Sat, 10 May 2025 20:30:51 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /demo/ HTTP/1.1
Host: knywescfhs.5555963com-dh.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 04 Apr 2025 02:49:28 GMT
content-type: text/html
last-modified: Tue, 15 Oct 2024 11:02:57 GMT
vary: Accept-Encoding
etag: W/"670e4be1-59a0"
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| knywescfhs.5555963com-dh.top/demo/zz/style.css | 154.40.48.249 | 200 OK | 30 kB |
URL GET knywescfhs.5555963com-dh.top/demo/zz/style.css IP154.40.48.249:443
Requested byhttps://knywescfhs.5555963com-dh.top/demo/ CertificateIssuerLet's Encrypt Subjectwww.5555963.com FingerprintC2:10:24:76:1B:18:B0:36:59:DB:98:2F:06:BD:87:89:1D:F9:C1:BE ValiditySun, 09 Feb 2025 20:30:52 GMT - Sat, 10 May 2025 20:30:51 GMT
File typeUnicode text, UTF-8 text, with CRLF line terminators Hash5581f62c6abce9111cae182b183876b0 c1725c079dff681b709c78aadd64e47e3fa070f8 9c0219446014bd754f79fa89779ef3c55231802a2c007f19bb2e5a65f4a8b843
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /demo/zz/style.css HTTP/1.1
Host: knywescfhs.5555963com-dh.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://knywescfhs.5555963com-dh.top/demo/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 04 Apr 2025 02:49:29 GMT
content-type: text/css
last-modified: Fri, 03 Nov 2023 06:44:03 GMT
vary: Accept-Encoding
etag: W/"654496b3-7620"
expires: Fri, 04 Apr 2025 14:49:29 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| knywescfhs.5555963com-dh.top/demo/zz/zy.js | 154.40.48.249 | 200 OK | 1.1 kB |
URL GET knywescfhs.5555963com-dh.top/demo/zz/zy.js IP154.40.48.249:443
Requested byhttps://knywescfhs.5555963com-dh.top/demo/ CertificateIssuerLet's Encrypt Subjectwww.5555963.com FingerprintC2:10:24:76:1B:18:B0:36:59:DB:98:2F:06:BD:87:89:1D:F9:C1:BE ValiditySun, 09 Feb 2025 20:30:52 GMT - Sat, 10 May 2025 20:30:51 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (878), with no line terminators Hashe0313bdadc62bf5960314dee968c3584 6a4aafec9acc11fc79c8f795e01a059f128ea724 91c6fc42d039ec62b1c7317ccfabd51a5edb85e565a4bdde6d476a2e6d2b19ec
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /demo/zz/zy.js HTTP/1.1
Host: knywescfhs.5555963com-dh.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://knywescfhs.5555963com-dh.top/demo/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 04 Apr 2025 02:49:29 GMT
content-type: application/javascript
last-modified: Tue, 15 Oct 2024 11:07:18 GMT
vary: Accept-Encoding
etag: W/"670e4ce6-479"
expires: Fri, 04 Apr 2025 14:49:29 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| knywescfhs.5555963com-dh.top/demo/tz2.php | 154.40.48.249 | 200 OK | 7.7 kB |
URL GET knywescfhs.5555963com-dh.top/demo/tz2.php IP154.40.48.249:443
Requested byhttps://knywescfhs.5555963com-dh.top/demo/ CertificateIssuerLet's Encrypt Subjectwww.5555963.com FingerprintC2:10:24:76:1B:18:B0:36:59:DB:98:2F:06:BD:87:89:1D:F9:C1:BE ValiditySun, 09 Feb 2025 20:30:52 GMT - Sat, 10 May 2025 20:30:51 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (7828), with no line terminators Hash844a33a1076b471a72cc3a2f803d87d2 0348e2acf1ad6fb49e5b7cdbb9ef84370cf5421e cf8f1e782945636027ec16f183f16cb97ca2e6cbb4a863fca66c5ed05b0760c8
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /demo/tz2.php HTTP/1.1
Host: knywescfhs.5555963com-dh.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://knywescfhs.5555963com-dh.top/demo/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 04 Apr 2025 02:49:30 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|