Report - pcdl.dh978.com/proxy_117125.rar?key=cd65fc6a96af5753715e0793cd0e62c8&uskey=29eabb918a54d162b8fb22bc6444ead4

Report Overview

Submitted URL
pcdl.dh978.com/proxy_117125.rar?key=cd65fc6a96af5753715e0793cd0e62c8&uskey=29eabb918a54d162b8fb22bc6444ead4
IP
113.219.238.116
ASN
#63835 No.293,Wanbao Avenue
Submitted
2023-01-10 22:41:16
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
www.ddooo.com	317017	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.0 kB	8.0 kB	185.23.181.24
ocsp.globalsign.com	2075	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	359 B	1.9 kB	104.18.21.226
c.cnzz.com	19950	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	387 B	1.3 kB	150.138.98.224
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	5.3 kB	23.36.77.32
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	35.241.9.150
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	50 kB	34.120.237.76
hm.baidu.com	8254	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.1 kB	12 kB	103.235.46.191
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	391 B	34.117.237.239
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	341 B	797 B	93.184.220.29
statuse.digitalcertvalidation.com	16484	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	357 B	644 B	93.184.220.29
v1.cnzz.com	41694	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	386 B	4.7 kB	150.138.98.224
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	35.155.76.146
ocsp2.globalsign.com	1544	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	734 B	3.9 kB	104.18.20.226
cnzz.mmstat.com	18851	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	394 B	603 B	59.82.33.226

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-01-10	medium	www.ddooo.com/error.html?zj	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (6)

	URL	Size	First Seen	Last Seen
	www.ddooo.com/error.html?zj	254 B	2023-03-07	2023-03-26
Pretty URL www.ddooo.com/error.html?zj IP 185.23.181.24 ASN #138915 Kaopu Cloud HK Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:38 Last Seen2023-03-26 10:46:54 Times Seen2 Hash 934369cf903c38c56d3caaa1be7fcb24 19eb4298d3f067b677f0fb0178ddd6a0d07575cd 807156bcbbdb77cfd8bda606b8118487be52abd0d32622c7e031133521067c7e Loading...

	www.ddooo.com/tongji/ddooo-count.js	176 B	2023-03-07	2023-03-14
Pretty URL www.ddooo.com/tongji/ddooo-count.js IP 185.23.181.24 ASN #138915 Kaopu Cloud HK Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:38 Last Seen2023-03-14 11:55:08 Times Seen1 Hash 9c4bdf25de185b9e1a212c94cbde0d90 8efdc39519b62c7b25a3b3d8accebaed48606f37 92e26c4e47427014006470c9528c87bbd37bc3d9d77ef4a399c2ae5dab3d1401 Loading...

	v1.cnzz.com/z_stat.php?id=1281127966&web_id=1281127966	12 kB	2023-03-12	2023-03-12
Pretty URL v1.cnzz.com/z_stat.php?id=1281127966&web_id=1281127966 IP 150.138.98.224 ASN #58541 Qingdao,266000 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 19:57:59 Last Seen2023-03-12 19:57:59 Times Seen1 Hash d1d7a4a453b0e5ad7458135857a25358 f5aa8f8cadc119e9ef407bba86c48cae95ab6216 0c6781527e3967c374d2016e6adf27ec24d633aa71ce917a0184f9314c47d789 Loading...

	c.cnzz.com/core.php?web_id=1281127966&t=z	969 B	2023-03-07	2023-03-14
Pretty URL c.cnzz.com/core.php?web_id=1281127966&t=z IP 150.138.98.224 ASN #58541 Qingdao,266000 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:21:06 Last Seen2023-03-14 17:21:41 Times Seen1 Hash da970ccb3f2e9feb8c72fd847835f6e5 0a8bb8540bb3cd7a6e09d3c6904c13e536d32d47 9d3ac4cf180c28044d626b807f7a5c9fda93c577eae2edd69af53fe1bf92d1e8 Loading...

	hm.baidu.com/hm.js?f911446e37dd5c74a6fe3e838cbf32cc	30 kB	2023-03-12	2023-03-12
Pretty URL hm.baidu.com/hm.js?f911446e37dd5c74a6fe3e838cbf32cc IP 103.235.46.191 ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 19:57:59 Last Seen2023-03-12 19:57:59 Times Seen1 Hash 7608284a3540924d8ffbe24683e3140c 70d1740451106db8d8876f3f05907c39b7cd0c41 6ec98f54d9ea0f96733110355b22f7670d89b72bc34c52fe025855e76353dd87 Loading...

		Size	First Seen	Last Seen
	#1 Write - bdc16657db0d297fd37844291cd8752b	138 B	2023-03-07	2023-03-14
Pretty Observations First Seen2023-03-07 01:02:38 Last Seen2023-03-14 11:55:08 Times Seen1 Hash bdc16657db0d297fd37844291cd8752b f637347af5a408d6c1a7fc756ccbba64ec0d7b1d 7e38cbd73136c083ae84b17f1df074db7ce55d2579236f3f1996d6f30fce9848 Loading...

HTTP Transactions (30)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e6b7a72139d0ef7688330456e9be9a4c
e130a94e7d531768300071764dd1e81fee5bbbcb
d3818afd1493030105341b4cfb91037acbf27085c96068b3ef91c5071277c8e5

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D3818AFD1493030105341B4CFB91037ACBF27085C96068B3EF91C5071277C8E5"
Last-Modified: Mon, 09 Jan 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15547
Expires: Wed, 11 Jan 2023 03:00:12 GMT
Date: Tue, 10 Jan 2023 22:41:05 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
eecebe0566883e33558e8e67beaccb29
acdd8fd09e2066ed5ecfbc3f11c4a2d61218ecc7
65e21170242bf41eb529fa422385dbe5af65a61e374e6dd5669e7e5f927948af

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "65E21170242BF41EB529FA422385DBE5AF65A61E374E6DD5669E7E5F927948AF"
Last-Modified: Mon, 09 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6256
Expires: Wed, 11 Jan 2023 00:25:21 GMT
Date: Tue, 10 Jan 2023 22:41:05 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d8ccb7b2b89aec333fabc04d37337892
c2a13a42c1bd0cf7ce68d9c13b3d6ba1044b5283
75fcc3ea090454e3489a131b70ab50798fec6a08664745027d7a1cf62c6aba28

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "75FCC3EA090454E3489A131B70AB50798FEC6A08664745027D7A1CF62C6ABA28"
Last-Modified: Mon, 09 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10019
Expires: Wed, 11 Jan 2023 01:28:04 GMT
Date: Tue, 10 Jan 2023 22:41:05 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Content-Type, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 10 Jan 2023 21:48:31 GMT
content-type: application/json
age: 3154
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
b1fcd419a4245617397846e8d17233f6
2a037ce244587640b27ead9a0ec2af4f862d91b2
e059b6d834c06e58494c43fb2ff42acbc27c1a1d8f7f30e2f32ca0e167599e2f

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: HBkg6WtGpnW4x8sFD0luocPpNI5PTxGttMghWWOmErcpfFXPXv0aRKHWazDuvIqQPWxnSL9VUWg=
x-amz-request-id: PJ448C0MYDMYBTRZ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 10 Jan 2023 22:01:49 GMT
age: 2356
last-modified: Tue, 20 Dec 2022 14:47:58 GMT
etag: "b1fcd419a4245617397846e8d17233f6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 10 Jan 2023 22:41:05 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Expires, Pragma, Content-Type, Backoff, Last-Modified, Cache-Control, ETag
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 10 Jan 2023 22:33:45 GMT
age: 440
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
a831a999b5e598b4e9f4e31e8054ca7c
9971a4a806f48777ae6d9525085d16d0c6314c51
cdffa8dd48e75baa98670f82dfac2b3948667ca32dd93f469d2cd49d3a58581c

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4614
Cache-Control: max-age=128558
Content-Type: application/ocsp-response
Date: Tue, 10 Jan 2023 22:41:06 GMT
Etag: "63bd2aaa-1d7"
Expires: Thu, 12 Jan 2023 10:23:44 GMT
Last-Modified: Tue, 10 Jan 2023 09:06:50 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

35.155.76.146

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.155.76.146:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Crc1jXXclUsAe9DFtO1MqA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ZZ5ECTHd9pSZ6mAsdNv8hHnPt2s=

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
385fbe651dc747111b979f40f9583702
a69fa58ffc6e2b15222f17ad6345b2bec9d75106
c82b794c471d79568f5eee05529ceddbefc383ac0d035578da7bc3866062e5cc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C82B794C471D79568F5EEE05529CEDDBEFC383AC0D035578DA7BC3866062E5CC"
Last-Modified: Tue, 10 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3241
Expires: Tue, 10 Jan 2023 23:35:08 GMT
Date: Tue, 10 Jan 2023 22:41:07 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
385fbe651dc747111b979f40f9583702
a69fa58ffc6e2b15222f17ad6345b2bec9d75106
c82b794c471d79568f5eee05529ceddbefc383ac0d035578da7bc3866062e5cc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C82B794C471D79568F5EEE05529CEDDBEFC383AC0D035578DA7BC3866062E5CC"
Last-Modified: Tue, 10 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3241
Expires: Tue, 10 Jan 2023 23:35:08 GMT
Date: Tue, 10 Jan 2023 22:41:07 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
385fbe651dc747111b979f40f9583702
a69fa58ffc6e2b15222f17ad6345b2bec9d75106
c82b794c471d79568f5eee05529ceddbefc383ac0d035578da7bc3866062e5cc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C82B794C471D79568F5EEE05529CEDDBEFC383AC0D035578DA7BC3866062E5CC"
Last-Modified: Tue, 10 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3241
Expires: Tue, 10 Jan 2023 23:35:08 GMT
Date: Tue, 10 Jan 2023 22:41:07 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Febe61553-0d3d-4c00-8e9b-da1405590a9b.jpeg

34.120.237.76

200 OK

7.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Febe61553-0d3d-4c00-8e9b-da1405590a9b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.1 kB (7140 bytes)
Hash
a708649e0d6b128eb599b221445a8e06
59f9b06ee8e4c9608e29e7b19832fb925789f373
b4e17cfdee53b56ac33cb5a86253e4839ed7bd9bb1604209834bb22d881472f1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Febe61553-0d3d-4c00-8e9b-da1405590a9b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7140
x-amzn-requestid: 96450c55-6068-4946-9e5f-650c19d2772a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ei739GoJIAMF0lA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63bdd9cc-2bf965d47a10fd61619d945f;Sampled=0
x-amzn-remapped-date: Tue, 10 Jan 2023 21:34:04 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: t5mK-tl3WskwkQLUXPKR2ljEW32-Yo6_BHwqP2dNVUr09WoMyxYeZw==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Tue, 10 Jan 2023 21:42:06 GMT
age: 3541
etag: "59f9b06ee8e4c9608e29e7b19832fb925789f373"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff5465525-52bf-4e0d-8cb9-586996680af0.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.6 kB (4610 bytes)
Hash
88ecbdd13d6c1843b252f8199c80de05
a0e7e2983bf12644a0b10b44a1b1b6da59f1f7b5
e5d16fe0d61f7a65297b74d05f9eeb8a5110d4bd554ceaa072ad1ea9cef0c2d2

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff5465525-52bf-4e0d-8cb9-586996680af0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4610
x-amzn-requestid: 64423985-70ee-4beb-bba5-9f5ce91d04c4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ei75tHZuIAMFizg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63bdd9d7-73867d087fea768a234731cd;Sampled=0
x-amzn-remapped-date: Tue, 10 Jan 2023 21:34:15 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: SpNQ6meFBHf4b2N59XHBeNs26rCCEDBUl4kNne-DNKLUFjhQ9meRrg==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 10 Jan 2023 21:42:06 GMT
age: 3541
etag: "a0e7e2983bf12644a0b10b44a1b1b6da59f1f7b5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29a4e5f8-90d2-4932-b687-e827f7b75a6b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.4 kB (8395 bytes)
Hash
82b10434cd29773d0f2f05a9904bd8d7
254f8d0a30d61afe871b7d603d4f0669bfb59808
5955b48e68572fd477fbb1bf172c3d590320b7408668a7fc586022362dd7447d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29a4e5f8-90d2-4932-b687-e827f7b75a6b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8395
x-amzn-requestid: 13f52de6-c624-4005-8c98-b8299ce3d156
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ei75DGBwIAMFU3g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63bdd9d3-278ee7ad4b30336e2ada7970;Sampled=0
x-amzn-remapped-date: Tue, 10 Jan 2023 21:34:11 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: GgE9t2dma-Vdolh6eOwjqtNz-rLzDCflksYIj1mcogunBV8dxgCIkQ==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Tue, 10 Jan 2023 21:51:12 GMT
age: 2995
etag: "254f8d0a30d61afe871b7d603d4f0669bfb59808"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe834a7de-1ed4-4b8b-a3be-fce3151bd1b1.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10640 bytes)
Hash
68af9d9acdc08345ac38ae59f83a9a24
d3c0b7fa6ab4f421835acd595a75b5035d1ff9ee
1ae2e194f6bb20166d326002b39a4e3f44a9a97046e77ffd2a186eae384b7ce1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe834a7de-1ed4-4b8b-a3be-fce3151bd1b1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10640
x-amzn-requestid: 0b0b6732-7692-4b35-9625-154dc39386dd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ei745GEooAMFafA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63bdd9d2-314dad90600e9d8c737adf05;Sampled=0
x-amzn-remapped-date: Tue, 10 Jan 2023 21:34:10 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: rr9hTjSynlIWtcOCn7hv3-rRhhGEl0A0_uV1jC2ljrpr8ybnZP72Zw==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 10 Jan 2023 21:42:10 GMT
age: 3537
etag: "d3c0b7fa6ab4f421835acd595a75b5035d1ff9ee"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46d84cd2-721b-40d7-b8e1-1fe161bdedfb.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.9 kB (7879 bytes)
Hash
6e211ec68c630d34f800b499ebed9f34
891dd8fe9abfd1c356a9ff1deb419d93f70327a2
2912aad74cada0118787bc0b90c418ab52275ba593a0c55194056f7f4b902360

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46d84cd2-721b-40d7-b8e1-1fe161bdedfb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7879
x-amzn-requestid: e49e38c2-5530-4b41-97b4-621fafc9f60c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ei8PaGcloAMFXpA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63bdda62-430781673e3b84dd0cd04a5c;Sampled=0
x-amzn-remapped-date: Tue, 10 Jan 2023 21:36:34 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: fb7YVn_AVvax_7PRkPCXlV_r-9o8gf8oPbgy0wzukFjUVWqUvcRFeA==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Tue, 10 Jan 2023 21:44:14 GMT
age: 3413
etag: "891dd8fe9abfd1c356a9ff1deb419d93f70327a2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdd5f61ce-b8b1-47e5-8bc7-0df341e73cee.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.2 kB (5221 bytes)
Hash
1b60260339a4512e033fa61c5851b6bb
d244d0ee8437857018f7e23538be3666324c5534
43687123abc7bacc61fcb8fc1affd8a24a2b174d35ae5278ba44342cf1893a57

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdd5f61ce-b8b1-47e5-8bc7-0df341e73cee.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5221
x-amzn-requestid: ac750172-a9fc-4f24-a3ea-b3206774af62
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ei739H65oAMFYlA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63bdd9cc-76d45e695aa8e7e310660736;Sampled=0
x-amzn-remapped-date: Tue, 10 Jan 2023 21:34:04 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: HcZnQqny2h97lTYveuNyItw58sM_CRCZ_DBKjV5yWUHbJ-n_a3VWaQ==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Tue, 10 Jan 2023 21:44:14 GMT
age: 3413
etag: "d244d0ee8437857018f7e23538be3666324c5534"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

www.ddooo.com/error.html?zj

185.23.181.24

200 OK

1.4 kB

URL HTTP/1.1
www.ddooo.com/error.html?zj
IP
185.23.181.24:0
ASN
#138915 Kaopu Cloud HK Limited

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ISO-8859 text, with CRLF line terminators
Size
1.4 kB (1388 bytes)
Hash
fea6190f72d24f89aca111b6cec05b7d
7d403386ffe2fe8a54caa7e340292d68585e3df9
9f7756f09d12d36839ba934e08d2456267f9ca7c46a5fad90ec59605d1743ea8

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /error.html?zj HTTP/1.1
Host: www.ddooo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1388
Connection: keep-alive
Date: Tue, 10 Jan 2023 22:41:07 GMT
Last-Modified: Wed, 22 Jun 2022 02:15:59 GMT
Accept-Ranges: bytes
ETag: "80d92d3de85d81:0"
Server: Microsoft-IIS/8.5
X-Ser: BC110_US-Colorado-Denver-1-cache-2, BC25_DE-Frankfurt-Frankfurt-7-cache-1

statuse.digitalcertvalidation.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
statuse.digitalcertvalidation.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
047590f102ab123d6c6ed514fec98688
e6c19eed0f8f8b644d9fcca0591fd47a0aed6112
6a2fea59fcb0ac59c6dc3f342b1760d3a52e927d61468d75601e85fd4709617e

HTTP Headers

POST / HTTP/1.1
Host: statuse.digitalcertvalidation.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 10 Jan 2023 22:41:08 GMT
Server: ECS (amb/6BAB)
Content-Length: 471

www.ddooo.com/tongji/ddooo-count.js

185.23.181.24

200 OK

173 B

URL HTTP/1.1
www.ddooo.com/tongji/ddooo-count.js
IP
185.23.181.24:0
ASN
#138915 Kaopu Cloud HK Limited

File type
HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
173 B (173 bytes)
Hash
46cbded99e222f291abdea26e03f1efc
47ad48e501a4f4f65167d4f6c6ec662ac957889a
33e0ed5b80d561d36fbd5e927f3630134d3ccf273a7e35d3092e5e91ea20ee4f

HTTP Headers

GET /tongji/ddooo-count.js HTTP/1.1
Host: www.ddooo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.ddooo.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 173
Connection: keep-alive
Date: Tue, 10 Jan 2023 22:27:58 GMT
Last-Modified: Mon, 27 Jun 2022 07:20:08 GMT
Accept-Ranges: bytes
ETag: "9e20e854f689d81:0"
Server: Microsoft-IIS/8.5
X-Ser: BC115_US-Washington-seattle-1-cache-3, BC20_DE-Frankfurt-Frankfurt-7-cache-1

www.ddooo.com/favicon.ico

185.23.181.24

200 OK

5.4 kB

URL HTTP/1.1
www.ddooo.com/favicon.ico
IP
185.23.181.24:0
ASN
#138915 Kaopu Cloud HK Limited

File type
MS Windows icon resource - 2 icons, 32x32, 32 bits/pixel, 16x16, 32 bits/pixel\012- data
Size
5.4 kB (5430 bytes)
Hash
32da0623ee4cc6ec0fee716973dc81a7
3b1260e6a50b01a11b3bd1585fc320749f9ef4fd
dbe91a942966b2170729bc672c277322a5550bd65ccc3dc98e0b07ce904a10de

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.ddooo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.ddooo.com/error.html?zj

HTTP/1.1 200 OK
Content-Type: image/x-icon
Content-Length: 5430
Connection: keep-alive
Date: Tue, 10 Jan 2023 22:41:08 GMT
Last-Modified: Thu, 17 Dec 2015 10:31:18 GMT
Accept-Ranges: bytes
ETag: "6d4bd410b638d11:0"
Server: Microsoft-IIS/8.5
X-Ser: BC33_US-Michigan-chieago-1-cache-1, BC110_US-Colorado-Denver-1-cache-2, BC24_DE-Frankfurt-Frankfurt-7-cache-1

ocsp.globalsign.com/gsrsaovsslca2018

104.18.21.226

200 OK

1.4 kB

URL HTTP/1.1
ocsp.globalsign.com/gsrsaovsslca2018
IP
104.18.21.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.4 kB (1432 bytes)
Hash
8aa8955afea8c92271fdf85834be2ac3
2b420013f80998c4f07221d3cd31053772323b3f
7eb88fa5843ec85ed0343c9d8d68c9f9e70d2547ad26cde4419961bbe6046f97

HTTP Headers

POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 10 Jan 2023 22:41:09 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Sat, 14 Jan 2023 19:27:12 GMT
ETag: "2b420013f80998c4f07221d3cd31053772323b3f"
Last-Modified: Tue, 10 Jan 2023 19:27:13 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2161
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7878eb211e0eb51d-OSL

ocsp2.globalsign.com/gsorganizationvalsha2g2

104.18.20.226

200 OK

1.5 kB

URL HTTP/1.1
ocsp2.globalsign.com/gsorganizationvalsha2g2
IP
104.18.20.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.5 kB (1459 bytes)
Hash
efcbdd7f920e2efa4e3969e8eb959316
75c6c0b896fc9938e34088e11fe5b50dc4832d95
df8a5983cc51fcce3a8936c9bf3387de76b3d3d55f70a96c8b31831234db6661

HTTP Headers

POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 10 Jan 2023 22:41:09 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Sat, 14 Jan 2023 19:21:22 GMT
ETag: "75c6c0b896fc9938e34088e11fe5b50dc4832d95"
Last-Modified: Tue, 10 Jan 2023 19:21:23 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 799
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7878eb21a80b0af6-OSL

v1.cnzz.com/z_stat.php?id=1281127966&web_id=1281127966

150.138.98.224

200 OK

4.0 kB

URL HTTP/2
v1.cnzz.com/z_stat.php?id=1281127966&web_id=1281127966
IP
150.138.98.224:0
ASN
#58541 Qingdao,266000

File type
ASCII text, with very long lines (11743), with no line terminators
Size
4.0 kB (4049 bytes)
Hash
205c4bfb78af4c7768772c5c600fc11e
e986239eec1a9e6db7399e15a6dfe60aef3f85ae
cfc2d94a92d2f0337201df03dc60d1bb1c2f419730aefb573271d801ad2be9f2

HTTP Headers

GET /z_stat.php?id=1281127966&web_id=1281127966 HTTP/1.1
Host: v1.cnzz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.ddooo.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: Tengine
content-type: application/javascript
content-length: 4049
date: Tue, 10 Jan 2023 21:45:58 GMT
vary: Accept-Encoding
x-powered-by: PHP/5.5.25
last-modified: Tue, 10 Jan 2023 21:45:58 GMT
cache-control: max-age=1800,s-maxage=3600
content-encoding: gzip
ali-swift-global-savetime: 1673387158
via: cache6.l2cn3032[0,0,200-0,H], cache48.l2cn3032[0,0], ens-cache34.cn4461[0,0,200-0,H], ens-cache50.cn4461[0,0]
age: 3311
x-cache: HIT TCP_MEM_HIT dirn:11:13749545
x-swift-savetime: Tue, 10 Jan 2023 21:46:50 GMT
x-swift-cachetime: 3548
timing-allow-origin: *
eagleid: 968a62c616733904697836506e
X-Firefox-Spdy: h2

c.cnzz.com/core.php?web_id=1281127966&t=z

150.138.98.224

200 OK

620 B

URL HTTP/2
c.cnzz.com/core.php?web_id=1281127966&t=z
IP
150.138.98.224:0
ASN
#58541 Qingdao,266000

File type
HTML document, ASCII text, with very long lines (969), with no line terminators
Size
620 B (620 bytes)
Hash
0741c25b762eaf2ffa5bb6c91cd12106
60f1d999a6ac3f9d1805af452ce882d952dcf729
c472f857b411f343f2df91ca0e513aeecc4c009daed1ba603c50ae7366956796

HTTP Headers

GET /core.php?web_id=1281127966&t=z HTTP/1.1
Host: c.cnzz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.ddooo.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: Tengine
content-type: application/javascript
content-length: 620
date: Tue, 10 Jan 2023 22:29:11 GMT
vary: Accept-Encoding
x-powered-by: PHP/5.5.25
last-modified: Tue, 10 Jan 2023 22:29:11 GMT
expires: Tue, 10 Jan 2023 22:44:11 GMT
content-encoding: gzip
ali-swift-global-savetime: 1673389751
via: cache59.l2cn3032[0,0,200-0,H], cache15.l2cn3032[0,0], ens-cache4.cn4461[0,0,200-0,H], ens-cache50.cn4461[0,0]
age: 719
x-cache: HIT TCP_MEM_HIT dirn:9:355123462
x-swift-savetime: Tue, 10 Jan 2023 22:29:14 GMT
x-swift-cachetime: 897
timing-allow-origin: *
eagleid: 968a62c616733904701766885e
X-Firefox-Spdy: h2

hm.baidu.com/hm.js?f911446e37dd5c74a6fe3e838cbf32cc

103.235.46.191

200 OK

11 kB

URL HTTP/1.1
hm.baidu.com/hm.js?f911446e37dd5c74a6fe3e838cbf32cc
IP
103.235.46.191:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
ASCII text, with very long lines (619)
Size
11 kB (11257 bytes)
Hash
eaf41151609493c8c5e613b73b0de763
e48e51791635eb811313a275343b97e9064612ab
5ddc96aba5d18138b48d7e3ad94ffa737dfefdde90981effaf33fd98e209f721

HTTP Headers

GET /hm.js?f911446e37dd5c74a6fe3e838cbf32cc HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.ddooo.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11257
Content-Type: application/javascript
Date: Tue, 10 Jan 2023 22:41:09 GMT
Etag: f80378fbe98af46da18478b7fa719404
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=F9129B8D56F855A0; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800

hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=163511273&si=f911446e37dd5c74a6fe3e838cbf32cc&v=1.3.0&lv=1&sn=19766&r=0&ww=1280&u=http%3A%2F%2Fwww.ddooo.com%2Ferror.html%3Fzj&tt=%E9%98%B2%E7%9B%97%E9%93%BE%E9%BB%98%E8%AE%A4%E6%96%87%E4%BB%B6_%E5%A4%9A%E5%A4%9A%E8%BD%AF%E4%BB%B6%E7%AB%99

103.235.46.191

200 OK

43 B

URL HTTP/1.1
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=163511273&si=f911446e37dd5c74a6fe3e838cbf32cc&v=1.3.0&lv=1&sn=19766&r=0&ww=1280&u=http%3A%2F%2Fwww.ddooo.com%2Ferror.html%3Fzj&tt=%E9%98%B2%E7%9B%97%E9%93%BE%E9%BB%98%E8%AE%A4%E6%96%87%E4%BB%B6_%E5%A4%9A%E5%A4%9A%E8%BD%AF%E4%BB%B6%E7%AB%99
IP
103.235.46.191:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=163511273&si=f911446e37dd5c74a6fe3e838cbf32cc&v=1.3.0&lv=1&sn=19766&r=0&ww=1280&u=http%3A%2F%2Fwww.ddooo.com%2Ferror.html%3Fzj&tt=%E9%98%B2%E7%9B%97%E9%93%BE%E9%BB%98%E8%AE%A4%E6%96%87%E4%BB%B6_%E5%A4%9A%E5%A4%9A%E8%BD%AF%E4%BB%B6%E7%AB%99 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.ddooo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Tue, 10 Jan 2023 22:41:10 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=4374390E1E2D7FA6; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff

ocsp2.globalsign.com/gsorganizationvalsha2g2

104.18.20.226

200 OK

1.5 kB

URL HTTP/1.1
ocsp2.globalsign.com/gsorganizationvalsha2g2
IP
104.18.20.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.5 kB (1459 bytes)
Hash
932446a2450a882afb8b21be400265e6
e35b898171f37413cbfe74e99a1e819709330208
ac1fe62d8e60a010a97c7ae3e9c681f77b5e43c121dc842443b51b3c7b8438ba

HTTP Headers

POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 10 Jan 2023 22:41:11 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Sat, 14 Jan 2023 19:54:42 GMT
ETag: "e35b898171f37413cbfe74e99a1e819709330208"
Last-Modified: Tue, 10 Jan 2023 19:54:43 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3107
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7878eb2ed9fc0af6-OSL

cnzz.mmstat.com/9.gif?abc=1&rnd=964792223

59.82.33.226

200 OK

43 B

URL HTTP/2
cnzz.mmstat.com/9.gif?abc=1&rnd=964792223
IP
59.82.33.226:0
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /9.gif?abc=1&rnd=964792223 HTTP/1.1
Host: cnzz.mmstat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.ddooo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 10 Jan 2023 22:41:11 GMT
content-type: image/gif
content-length: 43
p3p: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"
cross-origin-resource-policy: cross-origin
set-cookie: cna=h9dEHFF2OWwCAVtaKpr4LSLd; expires=Fri, 07-Jan-33 22:41:11 GMT; path=/; domain=.mmstat.com;
sca=f7fe84b1; path=/; domain=.cnzz.mmstat.com
atpsida=2fa124ef8485b3b5f237415c_1673390471_1; path=/; domain=.cnzz.mmstat.com
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache
pragma: no-cache
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (30)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN