Report - bthdfrtb.top/

Report Overview

Visited public
2024-12-16 06:38:10
Tags
URL
bthdfrtb.top/
Finishing URL
bthdfrtb.top/
IP / ASN
188.114.96.1
#13335 CLOUDFLARENET
Title
WWW.953.COMHU,WWW,XHGZX3,COM,成人首頁

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
bthdfrtb.top	unknown	2024-09-12	2020-08-27	2024-03-04	9.0 kB	536 kB	188.114.96.1
www.lelifi.com	unknown	2015-11-26	2020-05-02	2024-12-15	840 B	10 kB	172.67.222.63
sp0.baidu.com	18423	1999-10-11	2014-12-05	2024-12-12	464 B	116 B	103.235.47.188

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-12-16	medium	bthdfrtb.top	Sinkholed
2024-12-16	medium	bthdfrtb.top	Sinkholed
2024-12-16	medium	bthdfrtb.top	Sinkholed
2024-12-16	medium	bthdfrtb.top	Sinkholed
2024-12-16	medium	bthdfrtb.top	Sinkholed
2024-12-16	medium	bthdfrtb.top	Sinkholed
2024-12-16	medium	bthdfrtb.top	Sinkholed
2024-12-16	medium	bthdfrtb.top	Sinkholed
2024-12-16	medium	bthdfrtb.top	Sinkholed
2024-12-16	medium	bthdfrtb.top	Sinkholed
2024-12-16	medium	bthdfrtb.top	Sinkholed
2024-12-16	medium	bthdfrtb.top	Sinkholed
2024-12-16	medium	bthdfrtb.top	Sinkholed
2024-12-16	medium	bthdfrtb.top	Sinkholed
2024-12-16	medium	bthdfrtb.top	Sinkholed
2024-12-16	medium	bthdfrtb.top	Sinkholed
2024-12-16	medium	bthdfrtb.top	Sinkholed
2024-12-16	medium	bthdfrtb.top	Sinkholed
2024-12-16	medium	bthdfrtb.top	Sinkholed
2024-12-16	medium	bthdfrtb.top	Sinkholed

ThreatFox

No alerts detected

JavaScript (8)

	URL	From	Size	First Seen	Last Seen
	www.lelifi.com/app/app.js?t=xia&c=googleee&mb=1	ScriptElement	4.0 kB	2024-11-29	2025-01-07
Pretty URL www.lelifi.com/app/app.js?t=xia&c=googleee&mb=1 IP 172.67.222.63 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-11-29 23:22 Last Seen2025-01-07 09:54 Times Seen26 Hash 9bdf5bc6b8a71f1665c1fb1355f12667 b628d8cbb40d0ed41e6bb3e1afabdad54ecb0ab3 ced283a9a945c3af4f457a51fee394c129138e7f9380c11c3e2c61033f9e6e32 Loading...

	bthdfrtb.top/	ScriptElement	856 B	2023-03-07	2025-04-21
Pretty URL bthdfrtb.top/ IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 13:50 Last Seen2025-04-21 04:41 Times Seen247 Hash 813d5eee2d857d7bea86c632ba03a904 ceb7a51474c47805318da22a1c955e84f833c344 4c642a5a127c0cef85f75c4bdcaae5649b7536990656809c74a32040418d9426 Loading...

	bthdfrtb.top/Baidu.js	ScriptElement	147 B	2024-09-28	2024-12-16
Pretty URL bthdfrtb.top/Baidu.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-09-28 08:19 Last Seen2024-12-16 06:38 Times Seen3 Hash 0060d7aed6002fc8a77924564e2f42c7 f094661bb4b08fe42edd1b9025a1235065b67a85 178867a01c68a05a7fa911a0afe7abdb25e58cbe0090a77825ab9b92cde46ac7 Loading...

	bthdfrtb.top/Aquery.js	ScriptElement	540 B	2023-04-19	2025-04-21
Pretty URL bthdfrtb.top/Aquery.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-19 08:29 Last Seen2025-04-21 04:41 Times Seen371 Hash f6b7afcc4a01363d039ba7138ac342f2 13d5b83bef56227c24f19d38a57a6849bec94945 e6d112f55c1cb75702e1b5abd7634c6e1a97ce467f6cf51e8946d54f4d9bde81 Loading...

		Size	First Seen	Last Seen
	#1 Eval - dc3a1051aa2ba934cd62b5d757a7c6e5	196 B	2023-03-07 13:50	2025-04-21 04:41
Pretty Observations First Seen2023-03-07 13:50 Last Seen2025-04-21 04:41 Times Seen368 Hash dc3a1051aa2ba934cd62b5d757a7c6e5 a464c2307e5e740dad89fdc9fa3400adc498efad bd5aeb37068d06e56b6d1cf0fe66f8e8d22456fdc32fe65c767c200c456e4322 Loading...

		Size	First Seen	Last Seen
	#1 Write - 51772793ebecc704e9e0e86e6e2ce9be	79 B	2023-03-07 13:50	2025-04-21 04:41
Pretty Observations First Seen2023-03-07 13:50 Last Seen2025-04-21 04:41 Times Seen334 Hash 51772793ebecc704e9e0e86e6e2ce9be 3da0e353c7ad33e25ff3748452a6c0595bc3eaf5 b4830d355ac6ef649ad71c2e4c55dbb5ed68f89d348b337f65471b48360a75fd Loading...

	#2 Write - a3019cd92bd80a5f16a3dfba4cafe210	79 B	2023-03-07 13:50	2025-04-21 04:41
Pretty Observations First Seen2023-03-07 13:50 Last Seen2025-04-21 04:41 Times Seen336 Hash a3019cd92bd80a5f16a3dfba4cafe210 b5134581876849ce1285db5bd03abc7b9df22366 dfdc1ca42f286d643fedd269f3d04bbcbf9338937003f4071c6c9a3652f28f22 Loading...

	#3 Write - b7cd9a4133363b6a03ddfbbb5231953a	127 B	2024-09-28 08:19	2024-12-16 06:38
Pretty Observations First Seen2024-09-28 08:19 Last Seen2024-12-16 06:38 Times Seen3 Hash b7cd9a4133363b6a03ddfbbb5231953a 0e0700a36d46c269336de5289d3314e640c2a74b 730dbc4c01c67de27b2d8e6291d658ad5dd751c75171595ae4076e5445266188 Loading...

HTTP Transactions (23)

URL IP Response Size

bthdfrtb.top/template/2946/images/slide-1.jpg

188.114.96.1

200 OK

25 kB

URL GET HTTP/3
bthdfrtb.top/template/2946/images/slide-1.jpg
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bthdfrtb.top/
Certificate
IssuerGoogle Trust Services
Subjectbthdfrtb.top
FingerprintFE:50:1D:16:39:72:F9:C1:9F:FD:49:15:66:9D:39:19:C9:98:27:48
ValiditySun, 10 Nov 2024 02:54:25 GMT - Sat, 08 Feb 2025 02:54:24 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 940x392, components 3
Size
25 kB (25008 bytes)
Hash
95e4352cb60e2522783c7734392568a0
18034e59a23f425b859cab203643a458a06aa7af
aaf5485e9b5c005297aca3fa65bf3301c21f54e856a72b3481aa6cffe1b2758e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /template/2946/images/slide-1.jpg HTTP/1.1
Host: bthdfrtb.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bthdfrtb.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 16 Dec 2024 06:37:44 GMT
content-type: image/jpeg
content-length: 25008
last-modified: Wed, 16 Oct 2019 05:58:52 GMT
etag: "5da6b19c-61b0"
expires: Wed, 15 Jan 2025 06:37:36 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FcufATEZE7gu%2BXO8Um4M5M2%2FrHsMsAQBSZ1NWN16A4sdOZYhcu5Cvjcorn41YfRjX3iz%2F9KRyj5zk8twb8LNB%2FglVAX9LSgv5%2B4DWvdIxRd40G%2BG26fBCoPzaYTNg5c%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8f2caaa34c3956ab-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=13187&min_rtt=1906&rtt_var=10563&sent=55&recv=19&lost=0&retrans=0&sent_bytes=40353&recv_bytes=4446&delivery_rate=41474&cwnd=24000&unsent_bytes=0&cid=5358532ce9f736da&ts=320&x=1", cfExtPri, cfHdrFlush;dur=2

bthdfrtb.top/template/2946/images/slide-2.jpg

188.114.96.1

200 OK

20 kB

URL GET HTTP/3
bthdfrtb.top/template/2946/images/slide-2.jpg
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bthdfrtb.top/
Certificate
IssuerGoogle Trust Services
Subjectbthdfrtb.top
FingerprintFE:50:1D:16:39:72:F9:C1:9F:FD:49:15:66:9D:39:19:C9:98:27:48
ValiditySun, 10 Nov 2024 02:54:25 GMT - Sat, 08 Feb 2025 02:54:24 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 940x392, components 3
Size
20 kB (20015 bytes)
Hash
4e932c5eb082cb7cfd5e45a5faed2947
435af4f37fd7eab8c49c6511b8d03a22e128de48
5567e63bddf0ed2b00ffda6e48e92edf75c8eb6347d3742d9776f6cf066c79b8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /template/2946/images/slide-2.jpg HTTP/1.1
Host: bthdfrtb.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bthdfrtb.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 16 Dec 2024 06:37:44 GMT
content-type: image/jpeg
content-length: 20015
last-modified: Wed, 16 Oct 2019 05:58:52 GMT
etag: "5da6b19c-4e2f"
expires: Wed, 15 Jan 2025 06:37:36 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=apP16vFH9hc2QL1tapWsVzjZMP1z2xmJDbU6wKW%2F3jPd99PJERTML4e%2FgIIxkhkMlp7lDlTrcnz48xpAocFBsvjY%2BqilmHnwhCGa%2BuLFKwx517Nf6vMkWQC3ISoYXms%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8f2caaa34c3c56ab-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=13187&min_rtt=1906&rtt_var=10563&sent=55&recv=19&lost=0&retrans=0&sent_bytes=40353&recv_bytes=4446&delivery_rate=41474&cwnd=24000&unsent_bytes=0&cid=5358532ce9f736da&ts=320&x=1", cfExtPri, cfHdrFlush;dur=2

bthdfrtb.top/template/2946/images/slide-3.jpg

188.114.96.1

200 OK

23 kB

URL GET HTTP/3
bthdfrtb.top/template/2946/images/slide-3.jpg
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bthdfrtb.top/
Certificate
IssuerGoogle Trust Services
Subjectbthdfrtb.top
FingerprintFE:50:1D:16:39:72:F9:C1:9F:FD:49:15:66:9D:39:19:C9:98:27:48
ValiditySun, 10 Nov 2024 02:54:25 GMT - Sat, 08 Feb 2025 02:54:24 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 940x392, components 3
Size
23 kB (22909 bytes)
Hash
8bb404f342e8619e473ad58ad17174ce
f230162cdc6fdfd0e932496e2c2001b8c11ad730
b982751678605b5951e9b341d631a297357d6ed53674af5c462d81c989c6841c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /template/2946/images/slide-3.jpg HTTP/1.1
Host: bthdfrtb.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bthdfrtb.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 16 Dec 2024 06:37:44 GMT
content-type: image/jpeg
content-length: 22909
last-modified: Wed, 16 Oct 2019 05:58:52 GMT
etag: "5da6b19c-597d"
expires: Wed, 15 Jan 2025 06:37:36 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dRRN1cJT%2FhDiBvvlhwv8z0E2tbmDJNRUtrQ9QKgqE0jV5Nef9t0O%2BLeoxznOVbwgjky5okrvQdo%2BeTZFz95KdbT50a%2FKOBxKUDAvCII6Hx8KObIvzruzJUDKgT%2BRlPo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8f2caaa34c3d56ab-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=12003&min_rtt=1906&rtt_var=10289&sent=96&recv=20&lost=0&retrans=0&sent_bytes=88353&recv_bytes=4490&delivery_rate=5028080&cwnd=48000&unsent_bytes=0&cid=5358532ce9f736da&ts=325&x=1", cfExtPri, cfHdrFlush;dur=5

bthdfrtb.top/template/2946/images/page1-img2.jpg

188.114.96.1

200 OK

3.3 kB

URL GET HTTP/3
bthdfrtb.top/template/2946/images/page1-img2.jpg
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bthdfrtb.top/
Certificate
IssuerGoogle Trust Services
Subjectbthdfrtb.top
FingerprintFE:50:1D:16:39:72:F9:C1:9F:FD:49:15:66:9D:39:19:C9:98:27:48
ValiditySun, 10 Nov 2024 02:54:25 GMT - Sat, 08 Feb 2025 02:54:24 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 260x120, components 3
Size
3.3 kB (3280 bytes)
Hash
4a5826f4cf656177d80d5054ec543023
2f04d943147d639dadd1781fe40efee530b84a51
b4036a05e4694e16b53ea6fd8ea5c2448931b31b837357a9051850e6955a9a63

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /template/2946/images/page1-img2.jpg HTTP/1.1
Host: bthdfrtb.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bthdfrtb.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 16 Dec 2024 06:37:44 GMT
content-type: image/jpeg
content-length: 3280
last-modified: Wed, 16 Oct 2019 05:58:52 GMT
etag: "5da6b19c-cd0"
expires: Wed, 15 Jan 2025 06:37:36 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FJgB6ukLtrY07vco6lLK2WmYPhwrBhgSLpZJ7opBGGiFFRGaVKokRpB1ycERJt5ZQDMDNmTqiO7BTd9XGp7ud4eSXUDhglJkce28tAmqvtCvQ5xcnjrFhItzYd4zQuE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8f2caaa34c4056ab-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=14799&min_rtt=2311&rtt_var=9786&sent=33&recv=18&lost=0&retrans=0&sent_bytes=16353&recv_bytes=4403&delivery_rate=257013&cwnd=12000&unsent_bytes=0&cid=5358532ce9f736da&ts=318&x=1", cfExtPri, cfHdrFlush;dur=1

bthdfrtb.top/template/2946/images/page1-img3.jpg

188.114.96.1

200 OK

4.2 kB

URL GET HTTP/3
bthdfrtb.top/template/2946/images/page1-img3.jpg
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bthdfrtb.top/
Certificate
IssuerGoogle Trust Services
Subjectbthdfrtb.top
FingerprintFE:50:1D:16:39:72:F9:C1:9F:FD:49:15:66:9D:39:19:C9:98:27:48
ValiditySun, 10 Nov 2024 02:54:25 GMT - Sat, 08 Feb 2025 02:54:24 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 260x120, components 3
Size
4.2 kB (4224 bytes)
Hash
76ad376d9fc1bc4ddcf3a87265343eb6
75603fcd046602be16d63b99e2b9b1f03cce5879
78b15ce4d481204b877dc043a37bbeb4c8a67a65f325bf073aeea6acd181f13f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /template/2946/images/page1-img3.jpg HTTP/1.1
Host: bthdfrtb.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bthdfrtb.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 16 Dec 2024 06:37:44 GMT
content-type: image/jpeg
content-length: 4224
last-modified: Wed, 16 Oct 2019 05:58:52 GMT
etag: "5da6b19c-1080"
expires: Wed, 15 Jan 2025 06:37:37 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=maMcp0lH25h04ZTMKOtaYi0ACCJZcPMVMbUF15x%2FRhYIgBFH6giI0Q4ffmiCkdTCsozuFYbiQcl5rgMeATZUMiBC4DRymlm44V1dEV%2FsCy%2BEQ4wIvrs%2B3li%2F9cMe2oE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8f2caaa34c4256ab-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=12003&min_rtt=1906&rtt_var=10289&sent=96&recv=20&lost=0&retrans=0&sent_bytes=88353&recv_bytes=4490&delivery_rate=5028080&cwnd=48000&unsent_bytes=0&cid=5358532ce9f736da&ts=324&x=1", cfExtPri, cfHdrFlush;dur=6

bthdfrtb.top/template/2946/images/page1-img4.jpg

188.114.96.1

200 OK

5.9 kB

URL GET HTTP/3
bthdfrtb.top/template/2946/images/page1-img4.jpg
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bthdfrtb.top/
Certificate
IssuerGoogle Trust Services
Subjectbthdfrtb.top
FingerprintFE:50:1D:16:39:72:F9:C1:9F:FD:49:15:66:9D:39:19:C9:98:27:48
ValiditySun, 10 Nov 2024 02:54:25 GMT - Sat, 08 Feb 2025 02:54:24 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 260x120, components 3
Size
5.9 kB (5918 bytes)
Hash
57651395fcbdab9edad9bdb3c53880c7
a5d92a90754dc0520181c4266abe3d2bc9f07760
7860162214f3d7a40d1f3a419e4afe5f10fd38fbf3cde67f0c81c99cbea03b7f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /template/2946/images/page1-img4.jpg HTTP/1.1
Host: bthdfrtb.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bthdfrtb.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 16 Dec 2024 06:37:44 GMT
content-type: image/jpeg
content-length: 5918
last-modified: Wed, 16 Oct 2019 05:58:52 GMT
etag: "5da6b19c-171e"
expires: Wed, 15 Jan 2025 06:37:37 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8KzVY9B%2Fdlf56wPDnkQDThjX9jQhUDhvVG5W0R3lzIOsCNnxRgzYhOZXIda%2Fq5I8sNY6yST9q9pZ%2BZ9qLMI4lu2jUAiTFSXXHWobVkPW%2BsqIA0Ci%2BLOQrhc4Kpw3OPk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8f2caaa34c4556ab-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=12003&min_rtt=1906&rtt_var=10289&sent=96&recv=20&lost=0&retrans=0&sent_bytes=88353&recv_bytes=4490&delivery_rate=5028080&cwnd=48000&unsent_bytes=0&cid=5358532ce9f736da&ts=323&x=1", cfExtPri, cfHdrFlush;dur=7

bthdfrtb.top/template/2946/images/page1-img1.png

188.114.96.1

200 OK

109 kB

URL GET HTTP/3
bthdfrtb.top/template/2946/images/page1-img1.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bthdfrtb.top/
Certificate
IssuerGoogle Trust Services
Subjectbthdfrtb.top
FingerprintFE:50:1D:16:39:72:F9:C1:9F:FD:49:15:66:9D:39:19:C9:98:27:48
ValiditySun, 10 Nov 2024 02:54:25 GMT - Sat, 08 Feb 2025 02:54:24 GMT

File type
PNG image data, 320 x 202, 8-bit/color RGBA, non-interlaced
Size
109 kB (108553 bytes)
Hash
c4f88c16b2413b544a39b2877cedd158
98993feda3ad91fe683148edc4979509abe137ad
8bf015b4ff34ed8324b9bedc4f9ee6db87d1bcccd4f89ae1a8a5d4583747ee05

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /template/2946/images/page1-img1.png HTTP/1.1
Host: bthdfrtb.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bthdfrtb.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 16 Dec 2024 06:37:44 GMT
content-type: image/png
content-length: 108553
last-modified: Tue, 15 Oct 2019 06:45:58 GMT
etag: "5da56b26-1a809"
expires: Wed, 15 Jan 2025 06:37:36 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i4nbLRNDlrb9WLgwHkIqigmp6sLcU7Iu3qsNApqHrUs3jAlnQm9GbSD5vSVh9VzAR%2FhCftPZPT8nFCLIyjH%2BQT7Ftl0KN6qRYL%2BIAQCoVPxjD5P0%2B3RHNn0ADMbe8ko%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8f2caaa34c3e56ab-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=14799&min_rtt=2311&rtt_var=9786&sent=23&recv=18&lost=0&retrans=0&sent_bytes=4353&recv_bytes=4403&delivery_rate=257013&cwnd=12000&unsent_bytes=0&cid=5358532ce9f736da&ts=317&x=1", cfExtPri, cfHdrFlush;dur=0

bthdfrtb.top/template/2946/images/soc-icon-1.png

188.114.96.1

200 OK

1.2 kB

URL GET HTTP/3
bthdfrtb.top/template/2946/images/soc-icon-1.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bthdfrtb.top/
Certificate
IssuerGoogle Trust Services
Subjectbthdfrtb.top
FingerprintFE:50:1D:16:39:72:F9:C1:9F:FD:49:15:66:9D:39:19:C9:98:27:48
ValiditySun, 10 Nov 2024 02:54:25 GMT - Sat, 08 Feb 2025 02:54:24 GMT

File type
PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
Size
1.2 kB (1214 bytes)
Hash
f70c33429c75091a2d545a12fbdbbe65
02327e30db6d8e224f1a5c83284a3fbcfeb2d51f
0ef8feabf37f2c734358d64f63ff756f0eb95d69511a57f23a1e277155c5f6d1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /template/2946/images/soc-icon-1.png HTTP/1.1
Host: bthdfrtb.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bthdfrtb.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 16 Dec 2024 06:37:44 GMT
content-type: image/png
content-length: 1214
last-modified: Tue, 15 Oct 2019 06:45:58 GMT
etag: "5da56b26-4be"
expires: Wed, 15 Jan 2025 06:37:37 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ECX%2BTj5QveDlXmRmIlPDNGkO7oGjhRkXuQSUi2g0fB8uNd1oj3457AacDNQuZP%2F1CHfZM8sHFqwVtCRTncCqGwdP%2FYMPT9I8S3WcrFuM%2B90cIpMcnTFak6ksS8PHffU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8f2caaa35c4656ab-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=13187&min_rtt=1906&rtt_var=10563&sent=55&recv=19&lost=0&retrans=0&sent_bytes=40353&recv_bytes=4446&delivery_rate=41474&cwnd=24000&unsent_bytes=0&cid=5358532ce9f736da&ts=320&x=1", cfExtPri, cfHdrFlush;dur=2

bthdfrtb.top/template/2946/images/soc-icon-2.png

188.114.96.1

200 OK

1.2 kB

URL GET HTTP/3
bthdfrtb.top/template/2946/images/soc-icon-2.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bthdfrtb.top/
Certificate
IssuerGoogle Trust Services
Subjectbthdfrtb.top
FingerprintFE:50:1D:16:39:72:F9:C1:9F:FD:49:15:66:9D:39:19:C9:98:27:48
ValiditySun, 10 Nov 2024 02:54:25 GMT - Sat, 08 Feb 2025 02:54:24 GMT

File type
PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
Size
1.2 kB (1214 bytes)
Hash
6f65dd4076688f517f57c3d919445b29
42c8a27c8afb541510818adc0b7ee4aa3d3edc7f
b5bbeebd5672dcff16587652d5380c9ce294d0111eb6f82368da1f5dd113792c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /template/2946/images/soc-icon-2.png HTTP/1.1
Host: bthdfrtb.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bthdfrtb.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 16 Dec 2024 06:37:44 GMT
content-type: image/png
content-length: 1214
last-modified: Tue, 15 Oct 2019 06:45:58 GMT
etag: "5da56b26-4be"
expires: Wed, 15 Jan 2025 06:37:37 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H6w4bt3BD44wjehkgmjzltk4hyR0GyqjIXgc1KSCjEAZMPPPFBbpIxkewD%2FqctfOep4OAX5WekQgOX7SXeMA4oiwGU%2FMkmi881FkmPvtOLWLgJS4gtxDYfRm%2BVm3hMM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8f2caaa35c4856ab-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=12003&min_rtt=1906&rtt_var=10289&sent=96&recv=20&lost=0&retrans=0&sent_bytes=88353&recv_bytes=4490&delivery_rate=5028080&cwnd=48000&unsent_bytes=0&cid=5358532ce9f736da&ts=326&x=1", cfExtPri, cfHdrFlush;dur=4

bthdfrtb.top/template/2946/images/soc-icon-3.png

188.114.96.1

200 OK

1.4 kB

URL GET HTTP/3
bthdfrtb.top/template/2946/images/soc-icon-3.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bthdfrtb.top/
Certificate
IssuerGoogle Trust Services
Subjectbthdfrtb.top
FingerprintFE:50:1D:16:39:72:F9:C1:9F:FD:49:15:66:9D:39:19:C9:98:27:48
ValiditySun, 10 Nov 2024 02:54:25 GMT - Sat, 08 Feb 2025 02:54:24 GMT

File type
PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
Size
1.4 kB (1386 bytes)
Hash
9ab22c3155911f2e5d36439b5425ffce
d8c734500145beb548cfcf0f5301d0f636b20eb2
80ec22ea0bdf314ce01a8d6211e1fcf2b6c8ca048c6d3e08483b2c8fefbc95ef

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /template/2946/images/soc-icon-3.png HTTP/1.1
Host: bthdfrtb.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bthdfrtb.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 16 Dec 2024 06:37:44 GMT
content-type: image/png
content-length: 1386
last-modified: Tue, 15 Oct 2019 06:45:58 GMT
etag: "5da56b26-56a"
expires: Wed, 15 Jan 2025 06:37:37 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nckw96LQ%2Bseu%2Bz0cenh3ziT5BVtIIlEBoa1%2F2CbXr%2B%2BlwIzQc%2F5PiXuKYKvrjMVCoAsUqVu5WsRyKvQpu1FrRIeI5HKWzDXLbvXf6%2FQxJLkfFwKrauiGXFBQKhMUzdU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8f2caaa35c4b56ab-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=12003&min_rtt=1906&rtt_var=10289&sent=96&recv=20&lost=0&retrans=0&sent_bytes=88353&recv_bytes=4490&delivery_rate=5028080&cwnd=48000&unsent_bytes=0&cid=5358532ce9f736da&ts=323&x=1", cfExtPri, cfHdrFlush;dur=7

bthdfrtb.top/Aquery.js

188.114.96.1

200 OK

67 kB

URL GET HTTP/3
bthdfrtb.top/Aquery.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bthdfrtb.top/
Certificate
IssuerGoogle Trust Services
Subjectbthdfrtb.top
FingerprintFE:50:1D:16:39:72:F9:C1:9F:FD:49:15:66:9D:39:19:C9:98:27:48
ValiditySun, 10 Nov 2024 02:54:25 GMT - Sat, 08 Feb 2025 02:54:24 GMT

File type
JavaScript source, ASCII text, with very long lines (540), with no line terminators
Size
67 kB (66898 bytes)
Hash
f6b7afcc4a01363d039ba7138ac342f2
13d5b83bef56227c24f19d38a57a6849bec94945
e6d112f55c1cb75702e1b5abd7634c6e1a97ce467f6cf51e8946d54f4d9bde81

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Aquery.js HTTP/1.1
Host: bthdfrtb.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bthdfrtb.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 16 Dec 2024 06:37:44 GMT
content-type: application/javascript
last-modified: Tue, 10 Oct 2023 02:40:54 GMT
etag: W/"6524b9b6-21c"
expires: Mon, 16 Dec 2024 18:37:36 GMT
cache-control: max-age=43200
cf-cache-status: HIT
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MZzlXUE0iuDaxD4uhOaDR%2FUXda%2Bdtqxl%2FUppdaqQcMlsOvlSsrdhKOhT%2FjFP6FNXgDVfj4XeVw4skXOrAW6ie%2B9%2FVSW9oFRRIgxNWW%2FSq1dgZtSb1v9efhf8claSTRE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8f2caaa34c3856ab-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=14799&min_rtt=2311&rtt_var=9786&sent=33&recv=18&lost=0&retrans=0&sent_bytes=16353&recv_bytes=4403&delivery_rate=257013&cwnd=12000&unsent_bytes=0&cid=5358532ce9f736da&ts=318&x=1", cfExtPri, cfHdrFlush;dur=1

bthdfrtb.top/template/2946/css/reset.css

188.114.96.1

200 OK

567 B

URL GET HTTP/3
bthdfrtb.top/template/2946/css/reset.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bthdfrtb.top/
Certificate
IssuerGoogle Trust Services
Subjectbthdfrtb.top
FingerprintFE:50:1D:16:39:72:F9:C1:9F:FD:49:15:66:9D:39:19:C9:98:27:48
ValiditySun, 10 Nov 2024 02:54:25 GMT - Sat, 08 Feb 2025 02:54:24 GMT

File type
ASCII text, with very long lines (905), with no line terminators
Size
567 B (567 bytes)
Hash
8b7ff971926d0f1a1e54e4b5149bf0ad
64e0f06a00b573278e84676888a8fd8a27e9167f
4aa7443cd2c0a6e7e85f4ccabb4a2af5270c2d318132deb44c0d0ef64fc6e8fe

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /template/2946/css/reset.css HTTP/1.1
Host: bthdfrtb.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bthdfrtb.top/template/2946/css/style.css
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 16 Dec 2024 06:37:45 GMT
content-type: text/css
last-modified: Tue, 15 Oct 2019 06:45:58 GMT
etag: W/"5da56b26-389"
expires: Mon, 16 Dec 2024 18:37:36 GMT
cache-control: max-age=43200
cf-cache-status: HIT
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=utTR15PEtBjhToMazUvD9g2POGmzRSZYHc1m9hYJkVtiuAEGwEC8x2TpoNf0L7C9U%2FyPwcnu%2Ftf%2BwM%2BSVuFwIg7ZmpG9w2XKOoAp1QwZCYwAf0CFQet6fsPwl8VhlBg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8f2caaa42cc456ab-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=8699&min_rtt=1651&rtt_var=8041&sent=215&recv=27&lost=0&retrans=0&sent_bytes=219800&recv_bytes=5548&delivery_rate=35534&cwnd=126300&unsent_bytes=0&cid=5358532ce9f736da&ts=462&x=1", cfExtPri, cfHdrFlush;dur=0

bthdfrtb.top/Baidu.js

188.114.96.1

200 OK

103 B

URL GET HTTP/3
bthdfrtb.top/Baidu.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bthdfrtb.top/
Certificate
IssuerGoogle Trust Services
Subjectbthdfrtb.top
FingerprintFE:50:1D:16:39:72:F9:C1:9F:FD:49:15:66:9D:39:19:C9:98:27:48
ValiditySun, 10 Nov 2024 02:54:25 GMT - Sat, 08 Feb 2025 02:54:24 GMT

File type
HTML document, ASCII text, with no line terminators
Size
103 B (103 bytes)
Hash
0060d7aed6002fc8a77924564e2f42c7
f094661bb4b08fe42edd1b9025a1235065b67a85
178867a01c68a05a7fa911a0afe7abdb25e58cbe0090a77825ab9b92cde46ac7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Baidu.js HTTP/1.1
Host: bthdfrtb.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bthdfrtb.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 16 Dec 2024 06:37:44 GMT
content-type: application/javascript
last-modified: Thu, 12 Sep 2024 01:53:06 GMT
etag: W/"66e24982-93"
expires: Mon, 16 Dec 2024 18:37:36 GMT
cache-control: max-age=43200
cf-cache-status: HIT
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Qa1USjtfp5dAeFCXveNZhHTwARCiyWSNuzuZ0NrWmQzydG5uGOWENIK4O5SCYutrnbkknhL5mjQ7eXCNPgI2VGUZlIDH%2BJ96uJOFMSvPSGIKElEFZsTSsz1D7EC1J2w%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8f2caaa35c4c56ab-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=12003&min_rtt=1906&rtt_var=10289&sent=96&recv=20&lost=0&retrans=0&sent_bytes=88353&recv_bytes=4490&delivery_rate=5028080&cwnd=48000&unsent_bytes=0&cid=5358532ce9f736da&ts=328&x=1", cfExtPri, cfHdrFlush;dur=2

bthdfrtb.top/template/2946/css/grid.css

188.114.96.1

200 OK

2.5 kB

URL GET HTTP/3
bthdfrtb.top/template/2946/css/grid.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bthdfrtb.top/
Certificate
IssuerGoogle Trust Services
Subjectbthdfrtb.top
FingerprintFE:50:1D:16:39:72:F9:C1:9F:FD:49:15:66:9D:39:19:C9:98:27:48
ValiditySun, 10 Nov 2024 02:54:25 GMT - Sat, 08 Feb 2025 02:54:24 GMT

File type
ASCII text, with very long lines (2468), with no line terminators
Size
2.5 kB (2466 bytes)
Hash
3cb2f1a0836deae2b4039ab1bcca2a6a
ac032252791c237cc3c8c6e690c59abb4f151107
c9015d8a927b9884cceda39f0bcc7979e0353828497eaea6f1935b118bfdeb18

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /template/2946/css/grid.css HTTP/1.1
Host: bthdfrtb.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bthdfrtb.top/template/2946/css/style.css
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 16 Dec 2024 06:37:45 GMT
content-type: text/css
last-modified: Tue, 15 Oct 2019 06:45:58 GMT
vary: Accept-Encoding
etag: W/"5da56b26-9a2"
expires: Mon, 16 Dec 2024 18:37:36 GMT
cache-control: max-age=43200
content-encoding: gzip
cf-cache-status: HIT
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iYNLV8Jx3SkzsM1Y1%2B17iHwJzX3iMTTbe35dvo5Vw7qYsnB4fZX%2FWM8LTSJ02KDtq%2Byo8PpOscZwjbQ%2BJf7x%2Bx8WFlOGYfuJmwOW3rwJpyK4llQMfqYJndmkfjewNRM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8f2caaa42cc656ab-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=8699&min_rtt=1651&rtt_var=8041&sent=216&recv=27&lost=0&retrans=0&sent_bytes=220970&recv_bytes=5548&delivery_rate=35534&cwnd=126300&unsent_bytes=0&cid=5358532ce9f736da&ts=465&x=1", cfExtPri, cfHdrFlush;dur=0

bthdfrtb.top/favicon.ico

188.114.96.1

200 OK

1.2 kB

URL GET HTTP/3
bthdfrtb.top/favicon.ico
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bthdfrtb.top/
Certificate
IssuerGoogle Trust Services
Subjectbthdfrtb.top
FingerprintFE:50:1D:16:39:72:F9:C1:9F:FD:49:15:66:9D:39:19:C9:98:27:48
ValiditySun, 10 Nov 2024 02:54:25 GMT - Sat, 08 Feb 2025 02:54:24 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Size
1.2 kB (1150 bytes)
Hash
591676289e8a2b06c3fc31137810d2c0
f53c4f56f983f6b96198806a60624ba16741a156
2cab8e512dc07af44384a4e2c0e7020b04e03331affaa96aa54d489d6274e4de

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: bthdfrtb.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bthdfrtb.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 16 Dec 2024 06:37:45 GMT
content-type: image/x-icon
last-modified: Tue, 10 Oct 2023 02:40:54 GMT
etag: W/"6524b9b6-47e"
cache-control: max-age=14400
cf-cache-status: HIT
age: 6880
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6kJ4%2BbCL9rcvfAfZa7P4CB14ZAddFBPp1G5PE7oVbYew352SUAkm%2FTUqujktCFfzS0YrhD33zG2aVevYzP57oe0zaOxbbZMqm%2FLYxUwSIuNL8HSuVtLrZ8LxwFg7eDs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8f2caaa75ebb56ab-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=6346&min_rtt=1324&rtt_var=6913&sent=278&recv=33&lost=0&retrans=0&sent_bytes=290415&recv_bytes=6557&delivery_rate=38453&cwnd=126300&unsent_bytes=0&cid=5358532ce9f736da&ts=946&x=1", cfExtPri, cfHdrFlush;dur=0

www.lelifi.com/app/app.js?t=xia&c=googleee&mb=1

172.67.222.63

200 OK

4.0 kB

URL GET HTTP/2
www.lelifi.com/app/app.js?t=xia&c=googleee&mb=1
IP
172.67.222.63:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bthdfrtb.top/
Certificate
IssuerGoogle Trust Services
Subjectlelifi.com
Fingerprint9C:0D:A2:EE:F2:10:B0:A3:B5:77:4D:CC:BD:1D:6B:39:73:92:1D:48
ValiditySun, 17 Nov 2024 03:49:15 GMT - Sat, 15 Feb 2025 03:49:14 GMT

File type
JavaScript source, ASCII text, with very long lines (4194), with no line terminators
Size
4.0 kB (4026 bytes)
Hash
f0ddeb83b7f8ab09dcfccd057463b58d
81a92c7cee6bfa08887bd1c3dd8fbae2e81555fb
6f389f3bfbe90f79f52131632e7b071953c88f76e7878c0a997341fc0430dda4

HTTP Headers

GET /app/app.js?t=xia&c=googleee&mb=1 HTTP/1.1
Host: www.lelifi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bthdfrtb.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 16 Dec 2024 06:37:45 GMT
content-type: application/javascript
last-modified: Thu, 14 Nov 2024 01:56:58 GMT
vary: Accept-Encoding
etag: W/"673558ea-fba"
expires: Mon, 16 Dec 2024 17:21:52 GMT
cache-control: max-age=43200
content-encoding: gzip
cf-cache-status: HIT
age: 4312
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zir%2BhTwx52RCLNyZyb4KfR79T8%2B6VDd0%2FbCYXCbtZNTNOortwdGXxQ3dgnDClUprwtSx5Qq529NDtz1bVYJKK2nb%2FyDt87wdRlC9e2pd6qRPqTd8xVJ0kUZG91nIIenOSg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8f2caaa54a10b4ff-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=869&min_rtt=409&rtt_var=838&sent=10&recv=13&lost=0&retrans=0&sent_bytes=5052&recv_bytes=1163&delivery_rate=8418604&cwnd=257&unsent_bytes=0&cid=8484901e6ae755f4&ts=59&x=0"
X-Firefox-Spdy: h2

sp0.baidu.com/9_Q4simg2RQJ8t7jm9iCKT-xh_/s.gif?l=https://bthdfrtb.top/

103.235.47.188

200 OK

0 B

URL GET HTTP/1.1
sp0.baidu.com/9_Q4simg2RQJ8t7jm9iCKT-xh_/s.gif?l=https://bthdfrtb.top/
IP
103.235.47.188:443
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

Requested by
https://bthdfrtb.top/
Certificate
IssuerGlobalSign nv-sa
Subjectbaidu.com
FingerprintEF:0F:BE:13:02:E2:C4:D4:89:BA:8F:BA:88:EF:6F:95:DC:CF:7B:E0
ValidityMon, 08 Jul 2024 01:41:02 GMT - Sat, 09 Aug 2025 01:41:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /9_Q4simg2RQJ8t7jm9iCKT-xh_/s.gif?l=https://bthdfrtb.top/ HTTP/1.1
Host: sp0.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bthdfrtb.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/plain; charset=utf-8
Date: Mon, 16 Dec 2024 06:37:46 GMT

bthdfrtb.top/template/2946/css/forms.css

188.114.96.1

200 OK

1.5 kB

URL GET HTTP/3
bthdfrtb.top/template/2946/css/forms.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bthdfrtb.top/
Certificate
IssuerGoogle Trust Services
Subjectbthdfrtb.top
FingerprintFE:50:1D:16:39:72:F9:C1:9F:FD:49:15:66:9D:39:19:C9:98:27:48
ValiditySun, 10 Nov 2024 02:54:25 GMT - Sat, 08 Feb 2025 02:54:24 GMT

File type
ASCII text, with very long lines (1726), with no line terminators
Size
1.5 kB (1494 bytes)
Hash
961fad35b9ed336958d3450530cbd0ec
30949192eedc29ef79c4f6425817d2bf8058ade1
c69c022732474d4d5430ee636ca8ba246a6885aacd674cc1a77091d6e287a196

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /template/2946/css/forms.css HTTP/1.1
Host: bthdfrtb.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bthdfrtb.top/template/2946/css/style.css
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 16 Dec 2024 06:37:45 GMT
content-type: text/css
last-modified: Tue, 15 Oct 2019 06:45:58 GMT
vary: Accept-Encoding
etag: W/"5da56b26-5d6"
expires: Mon, 16 Dec 2024 18:37:36 GMT
cache-control: max-age=43200
content-encoding: gzip
cf-cache-status: HIT
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FeFs2V9MsawCRK1OQAR47JA61Vf1WcBtRiqjcXVvW8BUV%2BRMmUD%2BL8mK4V9VLO%2FWml3TqCeWVrtVpKR%2BunJeiQqy7f%2BQUK0SU9lsXjJ3EPBv5u5mGZddR7L1h5xbLtk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8f2caaa42cc856ab-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=9706&min_rtt=1906&rtt_var=8037&sent=213&recv=26&lost=0&retrans=0&sent_bytes=218519&recv_bytes=5502&delivery_rate=1453384&cwnd=126300&unsent_bytes=0&cid=5358532ce9f736da&ts=460&x=1", cfExtPri, cfHdrFlush;dur=0

www.lelifi.com/app/app.js?t=shang&c=google&mb=1

172.67.222.63

200 OK

4.0 kB

URL GET HTTP/2
www.lelifi.com/app/app.js?t=shang&c=google&mb=1
IP
172.67.222.63:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bthdfrtb.top/
Certificate
IssuerGoogle Trust Services
Subjectlelifi.com
Fingerprint9C:0D:A2:EE:F2:10:B0:A3:B5:77:4D:CC:BD:1D:6B:39:73:92:1D:48
ValiditySun, 17 Nov 2024 03:49:15 GMT - Sat, 15 Feb 2025 03:49:14 GMT

File type
JavaScript source, ASCII text, with very long lines (4194), with no line terminators
Size
4.0 kB (4026 bytes)
Hash
f0ddeb83b7f8ab09dcfccd057463b58d
81a92c7cee6bfa08887bd1c3dd8fbae2e81555fb
6f389f3bfbe90f79f52131632e7b071953c88f76e7878c0a997341fc0430dda4

HTTP Headers

GET /app/app.js?t=shang&c=google&mb=1 HTTP/1.1
Host: www.lelifi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bthdfrtb.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 16 Dec 2024 06:37:45 GMT
content-type: application/javascript
last-modified: Thu, 14 Nov 2024 01:56:58 GMT
vary: Accept-Encoding
etag: W/"673558ea-fba"
expires: Mon, 16 Dec 2024 15:45:09 GMT
cache-control: max-age=43200
content-encoding: gzip
cf-cache-status: HIT
age: 4312
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=27ZJGV2FmuFPw0rKnDsSw3PqA3l1vTu809pm0iNjMJIAfEEWbp1DSCCLA7y4gow9PdyQPRil2zp2VxP079nyAI%2F3A72xXp1EevtbMeP9yogFn6q3zrHVWBy6eWlPgK8U3g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8f2caaa54a09b4ff-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=908&min_rtt=409&rtt_var=1014&sent=7&recv=12&lost=0&retrans=0&sent_bytes=3194&recv_bytes=1163&delivery_rate=8418604&cwnd=254&unsent_bytes=0&cid=8484901e6ae755f4&ts=56&x=0"
X-Firefox-Spdy: h2

bthdfrtb.top/template/2946/images/main-bg.png

188.114.96.1

200 OK

118 B

URL GET HTTP/3
bthdfrtb.top/template/2946/images/main-bg.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bthdfrtb.top/
Certificate
IssuerGoogle Trust Services
Subjectbthdfrtb.top
FingerprintFE:50:1D:16:39:72:F9:C1:9F:FD:49:15:66:9D:39:19:C9:98:27:48
ValiditySun, 10 Nov 2024 02:54:25 GMT - Sat, 08 Feb 2025 02:54:24 GMT

File type
PNG image data, 5 x 6, 8-bit/color RGBA, non-interlaced
Size
118 B (118 bytes)
Hash
a7959f79ea5063485e7e15653c063949
5c53d08e882fa3a7a293138797a9db29c7dc5caa
69007e08ad20ab430bdfaa7e34a3b250154c491076efb9c40c2002e82eb94bd0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /template/2946/images/main-bg.png HTTP/1.1
Host: bthdfrtb.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bthdfrtb.top/template/2946/css/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 16 Dec 2024 06:37:45 GMT
content-type: image/png
content-length: 118
last-modified: Tue, 15 Oct 2019 06:45:58 GMT
etag: "5da56b26-76"
expires: Wed, 15 Jan 2025 06:37:37 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wDCEgOYrwQLDodWAbmy5AZ8VskAvmXqAllr9f4KIVXZaeDn8seZ1uB%2BBsMLSpZMkRTCuMR8fQNe%2BpDr%2B78UG8mvN9GLKm9PsjzYAzz2D2YvGcPgAflaXCg%2F8d9aruxM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8f2caaa62dfb56ab-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=7019&min_rtt=1324&rtt_var=7423&sent=276&recv=31&lost=0&retrans=0&sent_bytes=289556&recv_bytes=6243&delivery_rate=1512228&cwnd=126300&unsent_bytes=0&cid=5358532ce9f736da&ts=774&x=1", cfExtPri, cfHdrFlush;dur=0

bthdfrtb.top/template/2946/css/style.css

188.114.96.1

200 OK

20 kB

URL GET HTTP/3
bthdfrtb.top/template/2946/css/style.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bthdfrtb.top/
Certificate
IssuerGoogle Trust Services
Subjectbthdfrtb.top
FingerprintFE:50:1D:16:39:72:F9:C1:9F:FD:49:15:66:9D:39:19:C9:98:27:48
ValiditySun, 10 Nov 2024 02:54:25 GMT - Sat, 08 Feb 2025 02:54:24 GMT

File type
data
Size
20 kB (20518 bytes)
Hash
bfe8c7231634b1554a01e26c9517d503
7d938da7b95949253c6bbd777c9ed8c10f1b8691
7c123925c25b12532975d49f457fdc3be4fea9ce4b095ccf54c6382203952eae

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /template/2946/css/style.css HTTP/1.1
Host: bthdfrtb.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bthdfrtb.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 16 Dec 2024 06:37:44 GMT
content-type: text/css
last-modified: Wed, 06 Nov 2019 13:47:34 GMT
vary: Accept-Encoding
etag: W/"5dc2cef6-5026"
expires: Mon, 16 Dec 2024 18:37:36 GMT
cache-control: max-age=43200
content-encoding: gzip
cf-cache-status: HIT
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FWiCdQD1tPB2oRkbIsdgWozBeIJj43hAHJs8VHdtGsTwyLUJjazQ9cQPPG7Y6xxsbWRiT3%2FkhqEJRnWm6OYFC71zuRmo%2BFdgaW428ZMvfKSlyT8zBmeUafBPXU9RDbU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8f2caaa34c3756ab-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=14799&min_rtt=2311&rtt_var=9786&sent=33&recv=18&lost=0&retrans=0&sent_bytes=16353&recv_bytes=4403&delivery_rate=257013&cwnd=12000&unsent_bytes=0&cid=5358532ce9f736da&ts=318&x=1", cfExtPri, cfHdrFlush;dur=1

bthdfrtb.top/template/2946/images/body-bg.jpg

188.114.96.1

200 OK

65 kB

URL GET HTTP/3
bthdfrtb.top/template/2946/images/body-bg.jpg
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bthdfrtb.top/
Certificate
IssuerGoogle Trust Services
Subjectbthdfrtb.top
FingerprintFE:50:1D:16:39:72:F9:C1:9F:FD:49:15:66:9D:39:19:C9:98:27:48
ValiditySun, 10 Nov 2024 02:54:25 GMT - Sat, 08 Feb 2025 02:54:24 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1904x1301, components 3
Size
65 kB (64852 bytes)
Hash
47e9bb378e25e3743e74226a235e8312
6dbfff91902d3476551e6bc88e8a9a89da6822d2
3b15198b26734d666344b061959140ebde8d7434f05ce27c82282fae586b322d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /template/2946/images/body-bg.jpg HTTP/1.1
Host: bthdfrtb.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bthdfrtb.top/template/2946/css/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 16 Dec 2024 06:37:45 GMT
content-type: image/jpeg
content-length: 64852
last-modified: Wed, 16 Oct 2019 06:27:30 GMT
etag: "5da6b852-fd54"
expires: Wed, 15 Jan 2025 06:37:37 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LYTW6fKQSFBCMwZ%2BIcMO81hh1HbEBaXmZZQoi8QPOcnE6FOz7hvm8mIx8ZicZF1a9P2fXtM3rM6VbG%2Bwf%2BsWvgULc23s8IXwdufhKRDKd59hjcwz1YUG9beFz7UqEec%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8f2caaa5edde56ab-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=7777&min_rtt=1324&rtt_var=7875&sent=220&recv=30&lost=0&retrans=0&sent_bytes=222356&recv_bytes=6197&delivery_rate=620683&cwnd=126300&unsent_bytes=0&cid=5358532ce9f736da&ts=743&x=1", cfExtPri, cfHdrFlush;dur=0

bthdfrtb.top/

188.114.96.1

200 OK

164 kB

URL User Request GET HTTP/2
bthdfrtb.top/
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectbthdfrtb.top
FingerprintFE:50:1D:16:39:72:F9:C1:9F:FD:49:15:66:9D:39:19:C9:98:27:48
ValiditySun, 10 Nov 2024 02:54:25 GMT - Sat, 08 Feb 2025 02:54:24 GMT

File type

Size
164 kB (164402 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: bthdfrtb.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 16 Dec 2024 06:37:44 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vwMlXnMEopi%2BK2aDn%2BawbADxO1Qn5Q7rcAwqcENkznMXptmRid5JB4RSAn16%2FPXWeurpbgg8CxZRr5uC1f2tZ%2FpiS7fJHLJNy9zq5Vv3Ku1WyC0o713wzjkdm5uqky4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8f2caaa12ef9b4ff-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=5922&min_rtt=419&rtt_var=10974&sent=8&recv=11&lost=0&retrans=0&sent_bytes=3198&recv_bytes=1115&delivery_rate=7040518&cwnd=254&unsent_bytes=0&cid=52dd69292418df64&ts=69&x=0"
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (8)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

HTTP Transactions (23)

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3