Report - admin.shein.help/

Report Overview

Submitted URL
admin.shein.help/
IP
188.114.96.1
ASN
#13335 CLOUDFLARENET
Submitted
2023-01-26 10:49:39
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
1
Threat Detection Systems
60

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
admin.shein.help	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.8 kB	622 kB	188.114.97.1
vipdiskon.oss-us-west-1.aliyuncs.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	946 B	108 kB	47.254.114.97
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	682 B	1.6 kB	93.184.220.29
dvcasha2.ocsp-certum.com	71753	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	348 B	1.9 kB	23.36.79.10
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	391 B	34.117.237.239
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	35.162.50.16
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	65 kB	34.120.237.76
ocsp2.globalsign.com	1544	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	734 B	3.9 kB	104.18.21.226
www.facebook.com	99	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	585 B	349 B	31.13.72.36
cdn.dcloud.net.cn	116868	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	393 B	577 B	120.26.61.10
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.4 kB	8.9 kB	23.36.76.226
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	35.241.9.150
connect.facebook.net	139	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	373 B	29 kB	31.13.72.12
www.sheinpro.top	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.0 kB	117 kB	47.254.81.244

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-01-26 10:49:27	medium	Client IP	Internal IP	ET DNS Query to a *.top domain - Likely Hostile

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-01-26	medium	admin.shein.help/	Phishing
2023-01-26	medium	admin.shein.help/static/common/js/touch-emulator.js	Phishing
2023-01-26	medium	admin.shein.help/static/js/index.033ae7b4.js	Phishing
2023-01-26	medium	admin.shein.help/static/js/chunk-vendors.c6f25882.js	Phishing
2023-01-26	medium	admin.shein.help/static/js/pages-activity-discounts-list~pages-activity-groupon-detail~pages-activity-groupon-list~pages-activi~56919858.a9ecebd4.js	Phishing
2023-01-26	medium	admin.shein.help/static/js/pages-app-commission-ad-ad~pages-app-commission-ad-buy-ad-package~pages-app-commission-apply~pages-a~dc5519bd.d528da07.js	Phishing
2023-01-26	medium	admin.shein.help/static/js/pages-activity-discounts-list~pages-activity-groupon-detail~pages-activity-groupon-list~pages-activi~e35d8edc.214666b3.js	Phishing
2023-01-26	medium	admin.shein.help/static/js/pages-activity-discounts-list~pages-activity-groupon-detail~pages-activity-groupon-list~pages-activi~0cf8c530.78970660.js	Phishing
2023-01-26	medium	admin.shein.help/static/fonts/OPPOSANS-M-subfont.6d4230b2.ttf	Phishing
2023-01-26	medium	www.sheinpro.top/addons/shopro/index/template	Phishing
2023-01-26	medium	www.sheinpro.top/addons/shopro/category/categoryTree	Phishing
2023-01-26	medium	www.sheinpro.top/addons/shopro/index/template	Phishing
2023-01-26	medium	admin.shein.help/static/js/pages-index-index.b6ee575a.js	Phishing
2023-01-26	medium	www.sheinpro.top/addons/shopro/index/init	Phishing
2023-01-26	medium	www.sheinpro.top/addons/shopro/category/categoryTree	Phishing
2023-01-26	medium	www.sheinpro.top/addons/shopro/index/init	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-01-26	medium	shein.help	Sinkholed
2023-01-26	medium	shein.help	Sinkholed
2023-01-26	medium	shein.help	Sinkholed
2023-01-26	medium	shein.help	Sinkholed
2023-01-26	medium	shein.help	Sinkholed
2023-01-26	medium	shein.help	Sinkholed
2023-01-26	medium	shein.help	Sinkholed
2023-01-26	medium	shein.help	Sinkholed
2023-01-26	medium	shein.help	Sinkholed
2023-01-26	medium	shein.help	Sinkholed
2023-01-26	medium	shein.help	Sinkholed
2023-01-26	medium	shein.help	Sinkholed
2023-01-26	medium	shein.help	Sinkholed
2023-01-26	medium	shein.help	Sinkholed

ThreatFox

No alerts detected

JavaScript (14)

	URL	Size	First Seen	Last Seen
	admin.shein.help/static/common/js/touch-emulator.js	12 kB	2023-03-13	2023-05-23
Pretty URL admin.shein.help/static/common/js/touch-emulator.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 07:29:11 Last Seen2023-05-23 14:47:38 Times Seen2 Hash 09846d32baf349eaae44c9d191361034 84d324e192e6beda75b3bddac7ee475fec6a33b9 d1eb64aabc1812c9d5ba57b7f4fbdec4775502d6cadc0bd80eeba1c5b13a8c26 Loading...

	admin.shein.help/static/js/pages-index-index.b6ee575a.js	41 kB	2023-03-13	2023-03-13
Pretty URL admin.shein.help/static/js/pages-index-index.b6ee575a.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 07:29:11 Last Seen2023-03-13 07:29:11 Times Seen1 Hash ca95df7898515453978e60b39613c9bc 414a4535a4e717a99172d4802ef63f4bdae28d32 a097dde9cd6352e9c10fbcc651acd7e1d8fb29ab9904138bf2ddf4aee55ac295 Loading...

	connect.facebook.net/en_US/fbevents.js	109 kB	2023-03-13	2023-03-13
Pretty URL connect.facebook.net/en_US/fbevents.js IP 31.13.72.12 ASN #32934 FACEBOOK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 03:30:49 Last Seen2023-03-13 08:53:57 Times Seen1 Hash ab83678e33d91a4c05df6e3d3f200bce 499efc34dc56dbc5e8a6fdb3a7dc4cfda2a3848d ef8f067f829af7c95936a36f38e54c98ab090f937f5557e4c78829ed8fcf5ffd Loading...

	connect.facebook.net/signals/config/745921683264747?v=2.9.94&r=stable	386 kB	2023-03-13	2023-03-13
Pretty URL connect.facebook.net/signals/config/745921683264747?v=2.9.94&r=stable IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 07:29:11 Last Seen2023-03-13 07:29:11 Times Seen1 Hash cc25b35d03270bca895a2fc501a3c82f fa17a7bc3ae0e1738c0a9c8582777baa75856688 2250317d70a81847b4306e93203bcce55e6baa0ef801ab3f3878d0c4e645cdbf Loading...

	admin.shein.help/	587 B	2023-03-13	2023-03-13
Pretty URL admin.shein.help/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 07:29:11 Last Seen2023-03-13 07:29:11 Times Seen1 Hash 660f2f49aaedc2a5a14d4427de5f4882 83bd35e601bdf4d4035ae3f6a218e8dd65a34ac9 9251c976867967d11147df5f55b159d018495bc9bd59f2a9f3ddc4377fa74261 Loading...

	admin.shein.help/	14 B	2023-03-07	2024-04-19
Pretty URL admin.shein.help/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:41:52 Last Seen2024-04-19 07:09:42 Times Seen174 Hash d9e35f3565e98641c0174d284e8ddd26 967e8443ce108fe2742f3ec46237a40560c67c35 6fc1c4ed09be48bc1d695bba608ad0c9ff9a525edd88b1819bdf413e88960e82 Loading...

	admin.shein.help/static/js/pages-activity-discounts-list~pages-activity-groupon-detail~pages-activity-groupon-list~pages-activi~0cf8c530.78970660.js	54 kB	2023-03-13	2023-05-23
Pretty URL admin.shein.help/static/js/pages-activity-discounts-list~pages-activity-groupon-detail~pages-activity-groupon-list~pages-activi~0cf8c530.78970660.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 07:29:11 Last Seen2023-05-23 14:47:37 Times Seen2 Hash 10ffd9ddaba1685d98e13900f2a14faf 8e9f7a45c5fea88447264576b912b6bbdd3413b9 cb7d9aab54c77650758337ce927546ac4ae431c00b799c4b8232c0798012fdba Loading...

	unknown	0 B	2023-03-07	2024-04-24
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-24 02:52:13 Times Seen37029678 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	admin.shein.help/	282 B	2023-03-13	2023-03-13
Pretty URL admin.shein.help/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 01:28:16 Last Seen2023-03-13 07:29:11 Times Seen1 Hash 747f96f9da8f681f574610d348782194 80f4a9cc5d0e0636bb854e97cddf76827a9b105d 807e6222fa34acfc300e7fbfd125193a4d25e5b0be17eafe194f4b5844d3ae2f Loading...

	admin.shein.help/static/js/index.033ae7b4.js	502 kB	2023-03-13	2023-03-13
Pretty URL admin.shein.help/static/js/index.033ae7b4.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 07:29:11 Last Seen2023-03-13 07:29:11 Times Seen1 Hash 642d63444fa49ddd82ae21a8506a11ee 461943341c53b9ee898de78734ccb79c1cc80de4 1dff4caa97b07b2dd625e854e3e47e7888bbebf242db6c68e7c12c63855faeb6 Loading...

	admin.shein.help/static/js/chunk-vendors.c6f25882.js	1.0 MB	2023-03-13	2023-03-13
Pretty URL admin.shein.help/static/js/chunk-vendors.c6f25882.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 07:29:11 Last Seen2023-03-13 07:29:11 Times Seen1 Hash f94dd8824a25fed189587b757310b785 f2d310913967d307c473a887bc8b919bfc793ad1 664df2e5816e44767e04ff5143132fabf622b0666668fcd650f8d509b3fc26de Loading...

	admin.shein.help/static/js/pages-activity-discounts-list~pages-activity-groupon-detail~pages-activity-groupon-list~pages-activi~56919858.a9ecebd4.js	50 kB	2023-03-13	2023-03-13
Pretty URL admin.shein.help/static/js/pages-activity-discounts-list~pages-activity-groupon-detail~pages-activity-groupon-list~pages-activi~56919858.a9ecebd4.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 07:29:11 Last Seen2023-03-13 07:29:11 Times Seen1 Hash 619e1969e51bc3c7861f1f36d691f35a afb18a50c5474a54a5273db7bbcde54184df5451 e76e521004ebe8d33946db277e42d48c73235f8cac02f7635015c4907eb020eb Loading...

	admin.shein.help/	16 B	2023-03-07	2024-04-19
Pretty URL admin.shein.help/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:41:52 Last Seen2024-04-19 07:09:42 Times Seen127 Hash 3d6b954dc2d01b7f947ffbdbc08419c4 91b4d1da374271f3f7a26ace5bb5d9a18cc7833d 33452930b33391ee5b905f55ea3d83da98c22f96e001002468f1230369567e4e Loading...

	admin.shein.help/static/js/pages-activity-discounts-list~pages-activity-groupon-detail~pages-activity-groupon-list~pages-activi~e35d8edc.214666b3.js	17 kB	2023-03-13	2023-03-13
Pretty URL admin.shein.help/static/js/pages-activity-discounts-list~pages-activity-groupon-detail~pages-activity-groupon-list~pages-activi~e35d8edc.214666b3.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 07:29:11 Last Seen2023-03-13 07:29:11 Times Seen1 Hash 5da23a244f73ec2f46be8d64b9bb4e65 d1e91324d734256ed4c6388e288e2ea7597ee68d 1240326ec0ecb08dbabaa9691829c99b335aa354e9f1449d04ab6b0077c25457 Loading...

HTTP Transactions (51)

URL IP Response Size

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f5e46725831d8d722872bf68d752f4c5
cf37793a1b73e3f84fe6c37fb27382c83b49dbc0
0582b6180687dd95c7fd728f1b9db4495b807151e309b608ad203d69708f9da6

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0582B6180687DD95C7FD728F1B9DB4495B807151E309B608AD203D69708F9DA6"
Last-Modified: Tue, 24 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11147
Expires: Thu, 26 Jan 2023 13:55:14 GMT
Date: Thu, 26 Jan 2023 10:49:27 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
2405562765b49b2782ebd2e2994851d5
be7ac8e558f7875bb1fb86ab5ec674424a5ff269
422cfa907461cb7b93b9089d600052f9e94951e5e0c93d97651905002e48ad3e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "422CFA907461CB7B93B9089D600052F9E94951E5E0C93D97651905002E48AD3E"
Last-Modified: Thu, 26 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7272
Expires: Thu, 26 Jan 2023 12:50:39 GMT
Date: Thu, 26 Jan 2023 10:49:27 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Backoff, Content-Length, Alert, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 26 Jan 2023 10:42:53 GMT
content-type: application/json
age: 394
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
69f73ac59327cd9ad7d99816ccfcc03e
c54844f82dbee0d5ee4c8ce344eb0139373e6c6b
e81c685b2d8f0e31b89e5cfc911a2c5a99a556646830ac5a8468d991b5e871a3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E81C685B2D8F0E31B89E5CFC911A2C5A99A556646830AC5A8468D991B5E871A3"
Last-Modified: Thu, 26 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8708
Expires: Thu, 26 Jan 2023 13:14:35 GMT
Date: Thu, 26 Jan 2023 10:49:27 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: YRMRceThH7l6pHcYlfeN0lRaPEqiWGpVCjPmEjmTkrOwB3QMNPtzQchCSY1c2v2D8cnfwGzICDQ=
x-amz-request-id: 8J1FCMNR9B02T10E
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 26 Jan 2023 10:20:03 GMT
age: 1764
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

admin.shein.help/

188.114.97.1

200 OK

1.1 kB

URL HTTP/1.1
admin.shein.help/
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (406), with CRLF line terminators
Size
1.1 kB (1057 bytes)
Hash
5a86c571525e53bd8466570e22293faa
acf9bd97233f21348f944f018104477ef68be94e
c00c9b9f435b82f77474bfc90673557897aa19574905424ab0d18f44964795d5

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: admin.shein.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 10:49:27 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 10 Jan 2023 14:21:43 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oHM2Qopyxemq3pSQwIGrWfdQw1%2BtpbgLKgg%2BceHsT6r90xo6Rdj%2BMNnTYNZqqD0faCxJtdR%2BoforqzMM3kZKk%2F6yFDueXGSX9igykdh2r%2FJQ%2FdJmCKgRhV6xocAvl0PzIVjo"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 78f8ae98bbfc1c0e-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 10:49:27 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

admin.shein.help/static/common/js/touch-emulator.js

188.114.97.1

200 OK

3.4 kB

URL HTTP/1.1
admin.shein.help/static/common/js/touch-emulator.js
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with CRLF line terminators
Size
3.4 kB (3398 bytes)
Hash
190dbeb48f1bc2e4198f687e40db7c75
3d574ba12b6ad69133924e5578959637eb15b05a
cf011f26cb36fa8d093d4a4b0565a49dceaa903857d62094f2436c72f10b2bad

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /static/common/js/touch-emulator.js HTTP/1.1
Host: admin.shein.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://admin.shein.help/

HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 10:49:28 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 10 Jan 2023 14:21:43 GMT
Vary: Accept-Encoding
ETag: W/"63bd7477-2d95"
Expires: Thu, 26 Jan 2023 22:49:28 GMT
Cache-Control: max-age=43200
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jyucTnCBwivNE%2FKxGYE0fgyKaNk%2FBsELVRv766pYRxBByznc66ToKXsBfIESpsIMB2um6SMEtfP%2FMJy8aP7GKapbu2ATo9ZAWd6%2F8nuXVIIHSJYfOHnamEm%2By%2Bi%2B77ML6Mlp"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 78f8ae9c4fa21c0e-OSL
alt-svc: h2=":443"; ma=60

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Last-Modified, ETag, Expires, Backoff, Content-Length, Cache-Control, Alert, Retry-After, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 26 Jan 2023 10:49:01 GMT
age: 27
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

admin.shein.help/static/index.css

188.114.97.1

200 OK

30 kB

URL HTTP/1.1
admin.shein.help/static/index.css
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
30 kB (29671 bytes)
Hash
6174e84efd71bfd1c859865be3ac9d11
cb9f395cbfc1dc67d26abe9bf3d1c2c5a2afb421
206d5e2bf6d309a081dc00f9be70d2df773ad1c6fcbf222090222d5aee8881e2

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /static/index.css HTTP/1.1
Host: admin.shein.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://admin.shein.help/

HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 10:49:28 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 10 Jan 2023 14:21:43 GMT
Vary: Accept-Encoding
ETag: W/"63bd7477-1789d"
Expires: Thu, 26 Jan 2023 22:49:28 GMT
Cache-Control: max-age=43200
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eZgki%2BHCoBeNjJRHdIU5EHsXTiOn7OZvt%2BU9wpgonaNNPjKsP%2B5HL8Hc9dOCpbAklDqF138RQntjAVJ6f7qrgwTBOmoT4sIV4%2F4QNruMz9Os44zEY%2Fa%2BJvNuVusmu%2BUBlBXL"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 78f8ae9c4ad3b52d-OSL
alt-svc: h2=":443"; ma=60

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1e2970e1480a4759282d63bb213051e4
ed5194d4d25dfc199821129be5d74be0ce49197d
18e19ea4c9c262cb9a94f89172eef2604222e779346589d470bf2e95ea295563

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "18E19EA4C9C262CB9A94F89172EEF2604222E779346589D470BF2E95EA295563"
Last-Modified: Tue, 24 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20453
Expires: Thu, 26 Jan 2023 16:30:21 GMT
Date: Thu, 26 Jan 2023 10:49:28 GMT
Connection: keep-alive

admin.shein.help/static/js/index.033ae7b4.js

188.114.97.1

200 OK

143 kB

URL HTTP/1.1
admin.shein.help/static/js/index.033ae7b4.js
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (65522), with no line terminators
Size
143 kB (142865 bytes)
Hash
f98bedcc2e79bcbcd633c53abb1cfa0e
98dc908f658479e0c64a1cee14bb48d2cef2a798
7e34c6988ea206ad7f71db0c74db73b74743fb0a50742c45310fca55d28bc9c2

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /static/js/index.033ae7b4.js HTTP/1.1
Host: admin.shein.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://admin.shein.help/

HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 10:49:28 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 10 Jan 2023 14:21:43 GMT
Vary: Accept-Encoding
ETag: W/"63bd7477-7aa1b"
Expires: Thu, 26 Jan 2023 22:49:28 GMT
Cache-Control: max-age=43200
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9GTbku8mmIp7RqzE0IYPMoHI0cWAQESyRT%2ByV%2FFXy4VlGIlbilifkgv9%2FVP8F3DNSXebD2OpkaToBshRqtOTC5I%2Fu7v%2BbiAhacvOCKs7BS72U16Mul2BLkhwlGcH49J7Oeo2"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 78f8ae9c4857b4f4-OSL
alt-svc: h2=":443"; ma=60

push.services.mozilla.com/

35.162.50.16

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.162.50.16:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Qzfni6dRZVHnhgyaRYZAAQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: /xC8/i7H5cCnfCx7yihaf1yVzM0=

admin.shein.help/static/js/chunk-vendors.c6f25882.js

188.114.97.1

200 OK

350 kB

URL HTTP/1.1
admin.shein.help/static/js/chunk-vendors.c6f25882.js
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (65468), with no line terminators
Size
350 kB (350161 bytes)
Hash
6bbf4ba783b79f9f75347f5bc6a93569
a2deca7f3c200bb5c78b2cbf32760c65fda2d2cd
e75adde5df1fec49bf87d137a867965260c88185caab5e5f5c0eb754ec8d292a

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /static/js/chunk-vendors.c6f25882.js HTTP/1.1
Host: admin.shein.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://admin.shein.help/

HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 10:49:28 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 10 Jan 2023 14:21:43 GMT
Vary: Accept-Encoding
ETag: W/"63bd7477-f7ef2"
Expires: Thu, 26 Jan 2023 22:49:27 GMT
Cache-Control: max-age=43200
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nr7QcqoY7R2LjvDH6bnUWCZP74k786pmwgSLrd35ng7SLugqAd3AyXBkuXiC2D33MOheD6qw3UlbkQ%2FzJbr3Qsj%2F08ABbEz9tJjIkVdAcUde%2BkKsvVL3Y7N3gk2yQxWGKoAl"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 78f8ae9c4da21c06-OSL
alt-svc: h2=":443"; ma=60

admin.shein.help/static/images/tabbar/tabbar_icon_home.png

188.114.97.1

200 OK

8.9 kB

URL HTTP/1.1
admin.shein.help/static/images/tabbar/tabbar_icon_home.png
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 370 x 370, 8-bit/color RGBA, non-interlaced\012- data
Size
8.9 kB (8894 bytes)
Hash
564dd3291a6dcd24b6d076efb06c76fd
8af45d3a64c8498ff90fabb7bfc338fdfab711ff
cb6bb4583c5a3622e72bde68d046061e1a6d3bad89c645f6cc754a93f55c3ce4

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /static/images/tabbar/tabbar_icon_home.png HTTP/1.1
Host: admin.shein.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://admin.shein.help/

HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 10:49:29 GMT
Content-Type: image/png
Content-Length: 8894
Connection: keep-alive
Last-Modified: Tue, 10 Jan 2023 14:21:43 GMT
ETag: "63bd7477-22be"
Expires: Sat, 25 Feb 2023 10:49:29 GMT
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eHCmQ%2BPIf97fW49AlDA2UvpkN8pN3LAGcQCqAbHyrS75dPKLlcILs27YIdc8Rv5ACixZv4%2Ffl17H3S3a3deUIuaQzEWm5BDBhcE3i5XTnture4jAMdW6ncEQwuY0VtUl0Zib"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78f8aea66e0eb500-OSL
alt-svc: h2=":443"; ma=60

admin.shein.help/static/js/pages-activity-discounts-list~pages-activity-groupon-detail~pages-activity-groupon-list~pages-activi~56919858.a9ecebd4.js

188.114.97.1

200 OK

11 kB

URL HTTP/1.1
admin.shein.help/static/js/pages-activity-discounts-list~pages-activity-groupon-detail~pages-activity-groupon-list~pages-activi~56919858.a9ecebd4.js
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (49655), with no line terminators
Size
11 kB (10832 bytes)
Hash
0769341d1e42be401d0e7907775737f8
c15fa3dec890efe8b212aac61995c796fd292e3c
279489942fe75c30edaa7e64519404ad0b46916cab165f74a440aafdce874f69

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /static/js/pages-activity-discounts-list~pages-activity-groupon-detail~pages-activity-groupon-list~pages-activi~56919858.a9ecebd4.js HTTP/1.1
Host: admin.shein.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://admin.shein.help/

HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 10:49:29 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 10 Jan 2023 14:21:43 GMT
Vary: Accept-Encoding
ETag: W/"63bd7477-c43f"
Expires: Thu, 26 Jan 2023 22:49:29 GMT
Cache-Control: max-age=43200
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cq3lEwetdYMyxponi0xc9TbzHFOr491yieYC2PtslSEAgVrPk3sNtkHIQNbt%2BIYWyAOnor5%2FcorAgpvzs7r2CZUN2rsykplPbqdzhBNhP%2FeH3J6uvZjrKr%2FScR3kQ3KEk03E"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 78f8aea65a221c0e-OSL
alt-svc: h2=":443"; ma=60

admin.shein.help/static/js/pages-app-commission-ad-ad~pages-app-commission-ad-buy-ad-package~pages-app-commission-apply~pages-a~dc5519bd.d528da07.js

188.114.97.1

200 OK

3.6 kB

URL HTTP/1.1
admin.shein.help/static/js/pages-app-commission-ad-ad~pages-app-commission-ad-buy-ad-package~pages-app-commission-apply~pages-a~dc5519bd.d528da07.js
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (11349), with no line terminators
Size
3.6 kB (3622 bytes)
Hash
90900de324816edc2246fe9a95b7c68e
6e83a52f979d63e73a563d3d6a7c15c4c27cccaa
1e6c00a6d872e3a7d78d36ef8f4766b1efad2bc803df1971122e95a8ecaaaf61

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /static/js/pages-app-commission-ad-ad~pages-app-commission-ad-buy-ad-package~pages-app-commission-apply~pages-a~dc5519bd.d528da07.js HTTP/1.1
Host: admin.shein.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://admin.shein.help/

HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 10:49:29 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 10 Jan 2023 14:21:43 GMT
Vary: Accept-Encoding
ETag: W/"63bd7477-2db9"
Expires: Thu, 26 Jan 2023 22:49:29 GMT
Cache-Control: max-age=43200
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XlWnUIMLvfKv%2FowZtXCEGtU6H4S9OpzoQsqnVtN%2BYiJgXAfxUWcHY879djaEFPevj05MST%2Fj%2BTWBe7kRPbnm7uOZ7txSIzYpSgu%2Bnacg8Iyin%2BXV%2F7q%2FeG7u9B0dtp2HtS8l"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 78f8aea65c30b52d-OSL
alt-svc: h2=":443"; ma=60

admin.shein.help/static/js/pages-activity-discounts-list~pages-activity-groupon-detail~pages-activity-groupon-list~pages-activi~e35d8edc.214666b3.js

188.114.97.1

200 OK

6.2 kB

URL HTTP/1.1
admin.shein.help/static/js/pages-activity-discounts-list~pages-activity-groupon-detail~pages-activity-groupon-list~pages-activi~e35d8edc.214666b3.js
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (17410), with no line terminators
Size
6.2 kB (6233 bytes)
Hash
96113e26a45d4af56d203323715f5318
ad6988cfda055d88af911199119c8eac15546a88
d435f9d2184e117cd8c7af97be8b9ce04ed76a80cdcee394f4d819b0e13ee2f7

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /static/js/pages-activity-discounts-list~pages-activity-groupon-detail~pages-activity-groupon-list~pages-activi~e35d8edc.214666b3.js HTTP/1.1
Host: admin.shein.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://admin.shein.help/

HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 10:49:29 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 10 Jan 2023 14:21:43 GMT
Vary: Accept-Encoding
ETag: W/"63bd7477-4402"
Expires: Thu, 26 Jan 2023 22:49:29 GMT
Cache-Control: max-age=43200
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B1CO6WNSCdDQDCDxDZj8Y4DA9yazGQyi8YugAjw1bitHwO7wwjwJ%2B9TdH%2FDAS3mZ6%2BP40Bjjqqq%2BMbeuLDKFFmMSn8RvsnecyZa1oIcaubqHUVdki5B6n%2BpNkKngzEqIMf0d"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 78f8aea65dfdb4f4-OSL
alt-svc: h2=":443"; ma=60

admin.shein.help/static/js/pages-activity-discounts-list~pages-activity-groupon-detail~pages-activity-groupon-list~pages-activi~0cf8c530.78970660.js

188.114.97.1

200 OK

32 kB

URL HTTP/1.1
admin.shein.help/static/js/pages-activity-discounts-list~pages-activity-groupon-detail~pages-activity-groupon-list~pages-activi~0cf8c530.78970660.js
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (53748), with no line terminators
Size
32 kB (31476 bytes)
Hash
5880660006298f99ca7c8bccc0003eb2
8c2078d5b82da250f4fba6467c561fdf6ed7d6c4
91f8edc9e5c12fc92dd44b4bc44a832db6e1e3fd0633b33876e901be975d6a5a

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /static/js/pages-activity-discounts-list~pages-activity-groupon-detail~pages-activity-groupon-list~pages-activi~0cf8c530.78970660.js HTTP/1.1
Host: admin.shein.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://admin.shein.help/

HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 10:49:29 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 10 Jan 2023 14:21:43 GMT
Vary: Accept-Encoding
ETag: W/"63bd7477-d2a6"
Expires: Thu, 26 Jan 2023 22:49:29 GMT
Cache-Control: max-age=43200
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JfAHc%2FzZz%2Ff8pRWKvk67LxKpM8ZMOyBRX76X74RAU0p8JCc9ZFsSU7fpPcXDYI3y9jlGnLfQLfAoFfY9E1LCbY0nc5mh4UY%2F0Cjggm89vBxEuni979B27%2BEV7LNksKxWJPyG"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 78f8aea6590e1c06-OSL
alt-svc: h2=":443"; ma=60

admin.shein.help/static/fonts/OPPOSANS-M-subfont.6d4230b2.ttf

188.114.97.1

200 OK

9.8 kB

URL HTTP/1.1
admin.shein.help/static/fonts/OPPOSANS-M-subfont.6d4230b2.ttf
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
TrueType Font data, 12 tables, 1st "OS/2", 22 names, Macintosh, copyright \357\274\210c\357\274\211 2019 by OPPO. All rights reserved.OPPOSans MRegularOPPOSans-\012- data
Size
9.8 kB (9832 bytes)
Hash
6d4230b26978ef101d4560ee9e295f37
aeb676694fc814b6a9b093ea2d1a859cf48b1bf4
b8cdc8b884ad7564b015712cc0ace0bf626cce34a6940777607af045a271b998

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /static/fonts/OPPOSANS-M-subfont.6d4230b2.ttf HTTP/1.1
Host: admin.shein.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://admin.shein.help/

HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 10:49:29 GMT
Content-Type: application/octet-stream
Content-Length: 9832
Connection: keep-alive
Last-Modified: Tue, 10 Jan 2023 14:21:43 GMT
ETag: "63bd7477-2668"
Strict-Transport-Security: max-age=31536000
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HiIWlSAdW8%2BhE3thQVIzsZc2Sz%2Forxyrnw938%2FgSJ6mpnqHehE5h%2FPjsRLSOuvt%2BFpPdwEJWf0Gf1eIeykQVB%2FQJ3DIZUuWUIEPbO2SP2gRJmsLfsesEGgmsWTADmVrQe9SX"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78f8aea79f98b500-OSL
alt-svc: h2=":443"; ma=60

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
bd56ce22720c6e6072efdabae64669fd
29194390d12177fe0d88e1bd2fb4436509366a1c
c41996d83d942ca58a13e2d1adfd171cf26a84bc9b7fdbd1ca941eb0269b5404

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C41996D83D942CA58A13E2D1ADFD171CF26A84BC9B7FDBD1CA941EB0269B5404"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9907
Expires: Thu, 26 Jan 2023 13:34:36 GMT
Date: Thu, 26 Jan 2023 10:49:29 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
bd56ce22720c6e6072efdabae64669fd
29194390d12177fe0d88e1bd2fb4436509366a1c
c41996d83d942ca58a13e2d1adfd171cf26a84bc9b7fdbd1ca941eb0269b5404

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C41996D83D942CA58A13E2D1ADFD171CF26A84BC9B7FDBD1CA941EB0269B5404"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9907
Expires: Thu, 26 Jan 2023 13:34:36 GMT
Date: Thu, 26 Jan 2023 10:49:29 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
bd56ce22720c6e6072efdabae64669fd
29194390d12177fe0d88e1bd2fb4436509366a1c
c41996d83d942ca58a13e2d1adfd171cf26a84bc9b7fdbd1ca941eb0269b5404

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C41996D83D942CA58A13E2D1ADFD171CF26A84BC9B7FDBD1CA941EB0269B5404"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9907
Expires: Thu, 26 Jan 2023 13:34:36 GMT
Date: Thu, 26 Jan 2023 10:49:29 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
bd56ce22720c6e6072efdabae64669fd
29194390d12177fe0d88e1bd2fb4436509366a1c
c41996d83d942ca58a13e2d1adfd171cf26a84bc9b7fdbd1ca941eb0269b5404

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C41996D83D942CA58A13E2D1ADFD171CF26A84BC9B7FDBD1CA941EB0269B5404"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9907
Expires: Thu, 26 Jan 2023 13:34:36 GMT
Date: Thu, 26 Jan 2023 10:49:29 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ffb1709-216c-4bf0-9b98-e3a355f000bb.jpeg

34.120.237.76

200 OK

8.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ffb1709-216c-4bf0-9b98-e3a355f000bb.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.8 kB (8822 bytes)
Hash
13cd008fb3e2739ec7caadadbd427655
c4802b06b87ab97f3ccd80d1c9bbdb4fab9886c1
a300a4fde1863c8b806d0557d9f0adaed19e1c612989d7e3f79a7bb45e6e74dd

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ffb1709-216c-4bf0-9b98-e3a355f000bb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8822
x-amzn-requestid: e16ae781-25f3-4b7d-b62b-85b35d6571c6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fUYRwF2KIAMFjDA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d1a0d7-377f24bd18dea32564b148bd;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 21:36:23 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: n2ULSpeRMRZ9CDjmrwd56ti_gPYh9ApC521naXURI2Bh1eiKwjyHZw==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 25 Jan 2023 21:51:26 GMT
age: 46683
etag: "c4802b06b87ab97f3ccd80d1c9bbdb4fab9886c1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6418a71b-f89d-45d1-bc77-36d6312f560b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.9 kB (5943 bytes)
Hash
ba0a42dadf6a976df148f652e9cc1844
4d825b74865effa4a858ddcad1d0969671facc07
7276a38c9ba6b13a06f24ab8b802f210f98c5541df53fbcd8e879a14d2957d95

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6418a71b-f89d-45d1-bc77-36d6312f560b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5943
x-amzn-requestid: 6774f4a4-ed83-49df-868f-4517c2af914b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fUXxNF2UIAMFlYw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d1a007-75b1e8975c3f4b503e0a1c5b;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 21:32:55 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: VATQ0SjZfM_btXwR4M5keLmd-EE6717EHEiXrF2zpHNrli93EhN6Rw==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 25 Jan 2023 21:48:42 GMT
age: 46847
etag: "4d825b74865effa4a858ddcad1d0969671facc07"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

15 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c7f25e5-06eb-4d3f-99e2-edacd0739efb.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
15 kB (14856 bytes)
Hash
cfe699b31f96add9f1439af1ff1191eb
f77a833a69b69eef4a39e404c102f624e96b52c0
44312979ac13221e5c3328ad590f0f3dc7da00380c07c433382cd81c47b717f8

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c7f25e5-06eb-4d3f-99e2-edacd0739efb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 14856
x-amzn-requestid: e7d931f7-d086-42b9-a1f3-c8253b82eba6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fSY_OHw7IAMFj6Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d0d52e-4fd95c5f5a64861720a1ee60;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 07:07:26 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 2yzeIjHl8sUO9s5n2sZfN6DSWOVDVQl-xdSrNmHu-yWXj_7VJJk5qA==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 07:39:30 GMT
age: 11399
etag: "f77a833a69b69eef4a39e404c102f624e96b52c0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F409361f2-a546-44d7-82d6-d496f6ee134d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11918 bytes)
Hash
4cb7be12333fa7ea3353901b4b3215af
4b758cc432874384f330568177eef5a328d7e69a
d6f86c0ddbabd5c4fd7cee72ce4da62ccddd9d29139c9ab033bb1ab8425bae22

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F409361f2-a546-44d7-82d6-d496f6ee134d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11918
x-amzn-requestid: df7df0ae-d70e-4b80-9483-2ecd5c8ee4a7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fEqvPEXMoAMF5Aw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cb57fa-04193e0514c1c1e85d9d023b;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 03:11:55 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: fznabMNG3n9Uo4L1jrrewtL_hJnQv8oR2qggeZtruvOLVzpUpcs7Tw==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 25 Jan 2023 17:10:40 GMT
etag: "4b758cc432874384f330568177eef5a328d7e69a"
content-type: image/jpeg
age: 63529
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46a5d7d6-d259-4246-b28c-8e4355fbc747.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.6 kB (6609 bytes)
Hash
b242645f0cc22e3b12c132e6d03722ac
dec70f83182de58e03bfcb95fc240b7c33f20674
59a2d8c972d27598dfe38637197f90053186c4f68b80a5a90283cb11ddaf8a31

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46a5d7d6-d259-4246-b28c-8e4355fbc747.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6609
x-amzn-requestid: 129067f4-c79b-493d-8863-2eb6c1565ee6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fSZABF4IIAMFsig=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d0d533-4908ab6e5c751213084de3c6;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 07:07:31 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: hUp-Y119Uly8FlGe1Wr8b-_pNoyg_iV-KaNaC7Fo44iN_sDU3BnCbA==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 07:35:29 GMT
age: 11641
etag: "dec70f83182de58e03bfcb95fc240b7c33f20674"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa3e6d9a5-dd7d-4337-a00f-a145350a1a29.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10379 bytes)
Hash
653bf5a34e9f99c9eef73a21d98d792f
c70d46aa2210c4f7c397fa20e1225b7d0734ac35
9f928ec6f194340e5543a4bf757aac31d545def67a56ae804a2039a3effd3fe0

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa3e6d9a5-dd7d-4337-a00f-a145350a1a29.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10379
x-amzn-requestid: 419e5a80-cb6d-4904-9545-a0f815149701
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fUYMREwmIAMFhQQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d1a0b4-64c49f7d49687d9e5324ec64;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 21:35:48 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: rZHSgPIPZyea2griEvL-3semlrUDichGSL8Rin4YeYKN909f9e0lyQ==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 25 Jan 2023 21:41:09 GMT
age: 47301
etag: "c70d46aa2210c4f7c397fa20e1225b7d0734ac35"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

admin.shein.help/static/images/tabbar/tabbar_icon_category_line.png

188.114.97.1

200 OK

12 kB

URL HTTP/1.1
admin.shein.help/static/images/tabbar/tabbar_icon_category_line.png
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 370 x 370, 8-bit/color RGBA, non-interlaced\012- data
Size
12 kB (12269 bytes)
Hash
b6e5c9ea5fc3dbcd3ad23f030e4cc158
c9f0807e80ffe9baa33d2f402a7dc3113c4b699d
9090ee214a651bd1e700448a455868a6a009bf20b98c34c22984200b260f9a5a

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /static/images/tabbar/tabbar_icon_category_line.png HTTP/1.1
Host: admin.shein.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://admin.shein.help/

HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 10:49:30 GMT
Content-Type: image/png
Content-Length: 12269
Connection: keep-alive
Last-Modified: Tue, 10 Jan 2023 14:21:43 GMT
ETag: "63bd7477-2fed"
Expires: Sat, 25 Feb 2023 10:49:29 GMT
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7X1J%2F6dZcjrSYYUdNSX4Iieenl%2FcZJoq3xVZZc2E4x9DApt9rim1SjlTRmHQP1Fhe59YEonqeRdi95KVjnI8k7rWjv74VxouneXzDa%2FnDw2h3UCcdMP3%2BiZ6x10%2BX6j9rHj3"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78f8aea88bf01c0e-OSL
alt-svc: h2=":443"; ma=60

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
43ef4a39efe7db3e9f5e7935a63936a7
69157acb7249e88bb59f7c238bb32041af726f05
f1952f16a786985a0e70d012704077623a904e3d9bdee415505f68fe415b4db4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F1952F16A786985A0E70D012704077623A904E3D9BDEE415505F68FE415B4DB4"
Last-Modified: Tue, 24 Jan 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21574
Expires: Thu, 26 Jan 2023 16:49:04 GMT
Date: Thu, 26 Jan 2023 10:49:30 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
43ef4a39efe7db3e9f5e7935a63936a7
69157acb7249e88bb59f7c238bb32041af726f05
f1952f16a786985a0e70d012704077623a904e3d9bdee415505f68fe415b4db4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F1952F16A786985A0E70D012704077623A904E3D9BDEE415505F68FE415B4DB4"
Last-Modified: Tue, 24 Jan 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21564
Expires: Thu, 26 Jan 2023 16:48:54 GMT
Date: Thu, 26 Jan 2023 10:49:30 GMT
Connection: keep-alive

ocsp2.globalsign.com/gsorganizationvalsha2g2

104.18.21.226

200 OK

1.5 kB

URL HTTP/1.1
ocsp2.globalsign.com/gsorganizationvalsha2g2
IP
104.18.21.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.5 kB (1459 bytes)
Hash
d38db45f792aaae049585569fbad1b36
9e192e8899a653b124bcbb065c5f0e851297e3e3
fa22308eccccb8e67157eecdcdcf8eb548dbbdfc8113541945fb612027475528

HTTP Headers

POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 10:49:30 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Mon, 30 Jan 2023 08:22:38 GMT
ETag: "9e192e8899a653b124bcbb065c5f0e851297e3e3"
Last-Modified: Thu, 26 Jan 2023 08:22:39 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3157
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78f8aeac9ac90b02-OSL

ocsp2.globalsign.com/gsorganizationvalsha2g2

104.18.21.226

200 OK

1.5 kB

URL HTTP/1.1
ocsp2.globalsign.com/gsorganizationvalsha2g2
IP
104.18.21.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.5 kB (1459 bytes)
Hash
d38db45f792aaae049585569fbad1b36
9e192e8899a653b124bcbb065c5f0e851297e3e3
fa22308eccccb8e67157eecdcdcf8eb548dbbdfc8113541945fb612027475528

HTTP Headers

POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 10:49:30 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Mon, 30 Jan 2023 08:22:38 GMT
ETag: "9e192e8899a653b124bcbb065c5f0e851297e3e3"
Last-Modified: Thu, 26 Jan 2023 08:22:39 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3157
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78f8aeac9d6eb511-OSL

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
8127133a6d1c10ce4e3cbf6028b3e555
ce62fc282eee1a28e8bff5bd677cb0a63edea598
a411d44ecbe5c57bc81fca6c3c80a8de98cf82594bdb84dbef6e541e4df8d347

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5126
Cache-Control: max-age=133995
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 10:49:30 GMT
Etag: "63d1af1f-1d7"
Expires: Sat, 28 Jan 2023 00:02:45 GMT
Last-Modified: Wed, 25 Jan 2023 22:37:19 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471

connect.facebook.net/en_US/fbevents.js

31.13.72.12

200 OK

28 kB

URL HTTP/2
connect.facebook.net/en_US/fbevents.js
IP
31.13.72.12:0
ASN
#32934 FACEBOOK

File type
ASCII text, with very long lines (64348)
Size
28 kB (27859 bytes)
Hash
9ba458c0d3060a442f3094daf58ec05d
fc35d487d0dd81e6855f1b02367b755609d9608d
17087257ea25c2232c025f338b9f3153d35c3d953cb382b7b6e01728a643bc0b

HTTP Headers

GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://admin.shein.help/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: kU+FBU5SigIPmLjTh7gmUZ8pfSu+x10F7S+Xzaq3edN36uvC7Fr1KBPPx/t1a2f4wQT6YnjTl1cAHc1yDqFCiA==
content-length: 27859
x-fb-trip-id: 1904183273
date: Thu, 26 Jan 2023 10:49:30 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
8127133a6d1c10ce4e3cbf6028b3e555
ce62fc282eee1a28e8bff5bd677cb0a63edea598
a411d44ecbe5c57bc81fca6c3c80a8de98cf82594bdb84dbef6e541e4df8d347

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5126
Cache-Control: max-age=133995
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 10:49:30 GMT
Etag: "63d1af1f-1d7"
Expires: Sat, 28 Jan 2023 00:02:45 GMT
Last-Modified: Wed, 25 Jan 2023 22:37:19 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471

vipdiskon.oss-us-west-1.aliyuncs.com/uploads/20220928/9634dae42d862731d8e75d6d7c476100.png?x-oss-process=image/resize,m_fill,h_100,w_100,limit_0

47.254.114.97

200 OK

3.3 kB

URL HTTP/1.1
vipdiskon.oss-us-west-1.aliyuncs.com/uploads/20220928/9634dae42d862731d8e75d6d7c476100.png?x-oss-process=image/resize,m_fill,h_100,w_100,limit_0
IP
47.254.114.97:0
ASN
#45102 Alibaba US Technology Co., Ltd.

File type
PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced\012- data
Size
3.3 kB (3255 bytes)
Hash
411b633e91d52f911ef87694ba5889e5
32f9b1cf85e09c423b775bca2268fd6ec3f88ff1
eb9493b37fb2581632a21f380a42c8e2b3b74fd3e0e82a59d3559bbd3c614dfc

HTTP Headers

GET /uploads/20220928/9634dae42d862731d8e75d6d7c476100.png?x-oss-process=image/resize,m_fill,h_100,w_100,limit_0 HTTP/1.1
Host: vipdiskon.oss-us-west-1.aliyuncs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://admin.shein.help/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: AliyunOSS
Date: Thu, 26 Jan 2023 10:49:30 GMT
Content-Type: image/png
Content-Length: 3255
Connection: keep-alive
x-oss-request-id: 63D25ABAD31A233433FA5854
ETag: "9634DAE42D862731D8E75D6D7C476100"
Last-Modified: Tue, 27 Sep 2022 18:02:46 GMT
x-oss-object-type: Normal
x-oss-storage-class: Standard
x-oss-hash-crc64ecma: 10598924918495359484
x-oss-server-time: 27

admin.shein.help/favicon.ico

188.114.97.1

200 OK

1.1 kB

URL HTTP/1.1
admin.shein.help/favicon.ico
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (406), with CRLF line terminators
Size
1.1 kB (1057 bytes)
Hash
5a86c571525e53bd8466570e22293faa
acf9bd97233f21348f944f018104477ef68be94e
c00c9b9f435b82f77474bfc90673557897aa19574905424ab0d18f44964795d5

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: admin.shein.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://admin.shein.help/

HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 10:49:30 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 10 Jan 2023 14:21:43 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s6xlPrDCoLpzmZKXbfFvNhTFAFzc8wKNFJW4%2FTPIMq%2FU4zPjTP1QxN7XcP0ULEmEiPmbPwXTXNypcaLlzvXB3aP8DNwpP4YebBeB6NctKEL%2BBrupZcvwCZIVx8jHxKKuY4rl"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 78f8aeaccfd91c06-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

vipdiskon.oss-us-west-1.aliyuncs.com/uploads/20221112/91770775ef078db3b27fc0658f2738cf.jpg

47.254.114.97

200 OK

104 kB

URL HTTP/1.1
vipdiskon.oss-us-west-1.aliyuncs.com/uploads/20221112/91770775ef078db3b27fc0658f2738cf.jpg
IP
47.254.114.97:0
ASN
#45102 Alibaba US Technology Co., Ltd.

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 24.0 (Windows), datetime=2022:11:12 16:59:22], baseline, precision 8, 1125x450, components 3\012- data
Size
104 kB (104188 bytes)
Hash
91770775ef078db3b27fc0658f2738cf
722437623320927af542904dbf15c33efb3e2a4c
19a0c30c23a184a723619bd7058c349bde25452975d8fc46c7cf9a8eb2cd5938

HTTP Headers

GET /uploads/20221112/91770775ef078db3b27fc0658f2738cf.jpg HTTP/1.1
Host: vipdiskon.oss-us-west-1.aliyuncs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://admin.shein.help/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: AliyunOSS
Date: Thu, 26 Jan 2023 10:49:30 GMT
Content-Type: image/jpeg
Content-Length: 104188
Connection: keep-alive
x-oss-request-id: 63D25ABA91795F3236E2D087
Accept-Ranges: bytes
ETag: "91770775EF078DB3B27FC0658F2738CF"
Last-Modified: Sat, 12 Nov 2022 09:00:05 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 477156759671468306
x-oss-storage-class: Standard
Content-MD5: kXcHde8HjbOyf8Bljyc4zw==
x-oss-server-time: 37

www.facebook.com/tr/?id=745921683264747&ev=PageView&dl=http%3A%2F%2Fadmin.shein.help%2F&rl=&if=false&ts=1674730169037&sw=1280&sh=1024&v=2.9.94&r=stable&ec=0&o=30&fbp=fb.1.1674730169036.284772402&it=1674730168339&coo=false&rqm=GET

31.13.72.36

200 OK

0 B

URL HTTP/2
www.facebook.com/tr/?id=745921683264747&ev=PageView&dl=http%3A%2F%2Fadmin.shein.help%2F&rl=&if=false&ts=1674730169037&sw=1280&sh=1024&v=2.9.94&r=stable&ec=0&o=30&fbp=fb.1.1674730169036.284772402&it=1674730168339&coo=false&rqm=GET
IP
31.13.72.36:0
ASN
#32934 FACEBOOK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /tr/?id=745921683264747&ev=PageView&dl=http%3A%2F%2Fadmin.shein.help%2F&rl=&if=false&ts=1674730169037&sw=1280&sh=1024&v=2.9.94&r=stable&ec=0&o=30&fbp=fb.1.1674730169036.284772402&it=1674730168339&coo=false&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://admin.shein.help/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin: 
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Thu, 26 Jan 2023 10:49:31 GMT
X-Firefox-Spdy: h2

www.sheinpro.top/addons/shopro/index/template

47.254.81.244

200 OK

115 kB

URL HTTP/2
www.sheinpro.top/addons/shopro/index/template
IP
47.254.81.244:0
ASN
#45102 Alibaba US Technology Co., Ltd.

File type
data
Size
115 kB (114759 bytes)
Hash
b73f3154380b610e2573bcd136c4e503
8eb5cac18c3e0e30093c9a5cbe9dc05f2617133c
c0fc3b66c6d4a6bef3df7880f7724225a8264fe39e23e04b7f73a2f8e15a7e56

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

OPTIONS /addons/shopro/index/template HTTP/1.1
Host: www.sheinpro.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type,platform
Referer: http://admin.shein.help/
Origin: http://admin.shein.help
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 10:49:30 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
access-control-allow-origin: http://admin.shein.help
access-control-allow-credentials: true
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-headers: content-type,platform
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

dvcasha2.ocsp-certum.com/

23.36.79.10

200 OK

1.6 kB

URL HTTP/1.1
dvcasha2.ocsp-certum.com/
IP
23.36.79.10:0
ASN
#20940 Akamai International B.V.

File type
data
Size
1.6 kB (1599 bytes)
Hash
f67047a5a0d49020f15c999e64748c81
4e126849f86cc67a107ae4e373ffb72e84a7703a
f1f7f2ab22d9e4aaac1825e1279d11346212ca61ac508f70d40df0ac0f2bf406

HTTP Headers

POST / HTTP/1.1
Host: dvcasha2.ocsp-certum.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 1599
X-Cached: HIT
Strict-Transport-Security: max-age=63072000,includeSubDomains,preload
Cache-Control: max-age=537
Date: Thu, 26 Jan 2023 10:49:31 GMT
Connection: keep-alive
X-N: S

cdn.dcloud.net.cn/img/shadow-grey.png

120.26.61.10

200 OK

136 B

URL HTTP/1.1
cdn.dcloud.net.cn/img/shadow-grey.png
IP
120.26.61.10:0
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

File type
PNG image data, 1 x 6, 4-bit colormap, non-interlaced\012- data
Size
136 B (136 bytes)
Hash
5a962adf74d92ae702467b3f47976547
36f74049375584e3fa69b5ef87e9572336ff9e7a
ad4ebea1c3496dd2924789ee009174a2c6289d1200e9811f458fd46f172d1d6f

HTTP Headers

GET /img/shadow-grey.png HTTP/1.1
Host: cdn.dcloud.net.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://admin.shein.help/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 26 Jan 2023 10:49:32 GMT
Content-Type: image/png
Content-Length: 136
Last-Modified: Thu, 06 Jun 2019 06:42:07 GMT
Connection: close
ETag: "5cf8b5bf-88"
Expires: Thu, 26 Jan 2023 12:49:32 GMT
Cache-Control: max-age=7200
Set-Cookie: __uni__uid=CgIBXWPSWrwZ+QSPGqcQAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=dcloud.net.cn; path=/; secure; httponly; samesite=none
Accept-Ranges: bytes

www.sheinpro.top/addons/shopro/category/categoryTree

47.254.81.244

200 OK

0 B

URL HTTP/2
www.sheinpro.top/addons/shopro/category/categoryTree
IP
47.254.81.244:0
ASN
#45102 Alibaba US Technology Co., Ltd.

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /addons/shopro/category/categoryTree HTTP/1.1
Host: www.sheinpro.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/json
platform: H5
Origin: http://admin.shein.help
Connection: keep-alive
Referer: http://admin.shein.help/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 10:49:31 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: http://admin.shein.help
access-control-allow-credentials: true
access-control-max-age: 86400
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

www.sheinpro.top/addons/shopro/index/template

47.254.81.244

200 OK

0 B

URL HTTP/2
www.sheinpro.top/addons/shopro/index/template
IP
47.254.81.244:0
ASN
#45102 Alibaba US Technology Co., Ltd.

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /addons/shopro/index/template HTTP/1.1
Host: www.sheinpro.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/json
platform: H5
Origin: http://admin.shein.help
Connection: keep-alive
Referer: http://admin.shein.help/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 10:49:31 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: http://admin.shein.help
access-control-allow-credentials: true
access-control-max-age: 86400
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

admin.shein.help/static/js/pages-index-index.b6ee575a.js

188.114.97.1

200 OK

0 B

URL HTTP/1.1
admin.shein.help/static/js/pages-index-index.b6ee575a.js
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /static/js/pages-index-index.b6ee575a.js HTTP/1.1
Host: admin.shein.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://admin.shein.help/

HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 10:49:29 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 10 Jan 2023 14:21:43 GMT
Vary: Accept-Encoding
ETag: W/"63bd7477-a091"
Expires: Thu, 26 Jan 2023 22:49:29 GMT
Cache-Control: max-age=43200
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L0Cqra%2B%2FkuJzdX2KuZeAb8MZyAqD6uAEHvNsA1ZFxWHp5vPx2Wh4RUTt%2FPYluJlQNPNOc8kT4b7oQ4arL8KBGhQ1xmFOvl8bCACh8YeDjUnwHCELM9FE%2FU%2F1Y4LpuJXAdIp%2B"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 78f8aea65a271c0e-OSL
alt-svc: h2=":443"; ma=60

www.sheinpro.top/addons/shopro/index/init

47.254.81.244

200 OK

0 B

URL HTTP/2
www.sheinpro.top/addons/shopro/index/init
IP
47.254.81.244:0
ASN
#45102 Alibaba US Technology Co., Ltd.

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

OPTIONS /addons/shopro/index/init HTTP/1.1
Host: www.sheinpro.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type,platform
Referer: http://admin.shein.help/
Origin: http://admin.shein.help
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 10:49:30 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
access-control-allow-origin: http://admin.shein.help
access-control-allow-credentials: true
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-headers: content-type,platform
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

www.sheinpro.top/addons/shopro/category/categoryTree

47.254.81.244

200 OK

0 B

URL HTTP/2
www.sheinpro.top/addons/shopro/category/categoryTree
IP
47.254.81.244:0
ASN
#45102 Alibaba US Technology Co., Ltd.

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

OPTIONS /addons/shopro/category/categoryTree HTTP/1.1
Host: www.sheinpro.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type,platform
Referer: http://admin.shein.help/
Origin: http://admin.shein.help
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 10:49:31 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
access-control-allow-origin: http://admin.shein.help
access-control-allow-credentials: true
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-headers: content-type,platform
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

www.sheinpro.top/addons/shopro/index/init

47.254.81.244

200 OK

0 B

URL HTTP/2
www.sheinpro.top/addons/shopro/index/init
IP
47.254.81.244:0
ASN
#45102 Alibaba US Technology Co., Ltd.

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /addons/shopro/index/init HTTP/1.1
Host: www.sheinpro.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/json
platform: H5
Origin: http://admin.shein.help
Connection: keep-alive
Referer: http://admin.shein.help/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 10:49:30 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: http://admin.shein.help
access-control-allow-credentials: true
access-control-max-age: 86400
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (14)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL