Report - www.ku2h.com/~vip/signin.php/

Report Overview

Submitted URL
www.ku2h.com/~vip/signin.php/
IP
23.247.68.3
ASN
#46573 LAYER-HOST
Submitted
2023-06-02 09:24:43
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
1
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.ufvjgwufvjgwufotsgfjoshbed.com	unknown	unknown	No data	No data	337 B	0 B	0.0.0.0
www.ku2h.com	unknown	2023-04-19	2015-01-19	2021-11-17	1.8 kB	7.0 kB	23.247.68.3
api.share.baidu.com	44629	1999-10-11	2013-04-25	2023-06-01	377 B	114 B	180.101.212.103
js.users.51.la	53024	2005-01-17	2012-05-30	2023-06-01	317 B	2.7 kB	42.236.73.40
ocsp.crlocsp.cn	175388	2019-11-13	2020-04-10	2023-06-02	658 B	1.7 kB	101.198.193.5
s.360.cn	19814	2003-03-17	2012-07-10	2023-06-02	540 B	238 B	180.163.251.230
sp0.baidu.com	18423	1999-10-11	2014-12-06	2023-06-01	958 B	230 B	104.193.88.77
push.zhanzhang.baidu.com	57139	1999-10-11	2015-07-22	2023-06-01	323 B	750 B	182.61.201.93
ocsp.globalsign.com	2075	1999-04-19	2012-07-20	2023-06-02	349 B	1.9 kB	104.18.21.226
ia.51.la	59607	2005-01-17	2017-10-31	2023-06-01	974 B	71 B	42.236.73.39

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-06-02 09:24:40	high	23.247.68.3	Client IP	ET HUNTING Possible Obfuscator io JavaScript Obfuscation

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-06-02	medium	ufvjgwufvjgwufotsgfjoshbed.com

ThreatFox

No alerts detected

JavaScript (8)

	URL	Size	First Seen	Last Seen
	push.zhanzhang.baidu.com/push.js	281 B	2023-03-07	2024-05-07
Pretty URL push.zhanzhang.baidu.com/push.js IP 182.61.201.93 ASN #38365 Beijing Baidu Netcom Science and Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:09 Last Seen2024-05-07 16:31:47 Times Seen19367 Hash 1bb5a3267c9865ad4abe8d937734b62b b5478dd2edb3e64242eced1db2dbd945ef81f592 674bc0c70f98d627b8a7e1d278a1f21ffe33815565f7d5371bf0275da57571b2 Loading...

	js.users.51.la/21653847.js	4.9 kB	2023-06-02	2023-10-27
Pretty URL js.users.51.la/21653847.js IP 42.236.73.40 ASN #4837 CHINA UNICOM China169 Backbone Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-02 11:23:18 Last Seen2023-10-27 09:04:29 Times Seen20 Hash 8050e3fb5003aaa5cdd6fb8f92c18d0e 1783b951bf8f7390ffa2f8184166a5e41c4e76cc 1c83ce165a9a982c6b8b61b3ce41ffd9991c4101ccde0f3ffc45fa0cf3a3677c Loading...

	www.ku2h.com/common.js	4.8 kB	2023-06-02	2023-06-03
Pretty URL www.ku2h.com/common.js IP 23.247.68.3 ASN #46573 LAYER-HOST Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-02 11:23:18 Last Seen2023-06-03 10:09:55 Times Seen6 Hash 368573bfe65c70b4b19090435e1aae69 db1f8bb1dc7e9f4a6d41c37ffa82635b562a5f0e 2bf2c6c55a928b5cb710d72be52cca3cf28619624be0e70cbeeb67e426462052 Loading...

	www.ku2h.com/~vip/signin.php/	0 B	2023-03-07	2024-05-08
Pretty URL www.ku2h.com/~vip/signin.php/ IP 23.247.68.3 ASN #46573 LAYER-HOST Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-08 05:37:04 Times Seen37427970 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.ku2h.com/~vip/signin.php/	0 B	2023-03-07	2024-05-08
Pretty URL www.ku2h.com/~vip/signin.php/ IP 23.247.68.3 ASN #46573 LAYER-HOST Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-08 05:37:04 Times Seen37427970 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.ku2h.com/tj.js	100 B	2023-06-02	2023-10-27
Pretty URL www.ku2h.com/tj.js IP 23.247.68.3 ASN #46573 LAYER-HOST Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-02 11:23:18 Last Seen2023-10-27 09:04:29 Times Seen22 Hash 29dbba98f8aa49d814a55299f44f3552 f9c69726560cf430b4c51a9a40029c10671d3dd4 991f23bde5aff608311d6af5f5ebad83d30366f3ea01db4e1577d84169383778 Loading...

		Size	First Seen	Last Seen
	#1 Write - 93c8bfe16d97cd1070feca5cc6ecb4b6	75 B	2023-06-02	2023-10-27
Pretty Observations First Seen2023-06-02 11:23:18 Last Seen2023-10-27 09:04:29 Times Seen11 Hash 93c8bfe16d97cd1070feca5cc6ecb4b6 fd59ef9f026955c640b1cb7ed9c4c5302df14866 23b8fd342f7c9ba58bf0945b2acdd9d30907873a226b50d6725ae75a597f25ab Loading...

	#2 Write - 8e12ffb2546cb3341975dba922cb748d	75 B	2023-06-02	2023-06-03
Pretty Observations First Seen2023-06-02 11:23:18 Last Seen2023-06-03 10:09:55 Times Seen3 Hash 8e12ffb2546cb3341975dba922cb748d e1eeeb648862a2f1f5632ead39bb32102734ba9a 9ba6ff3aca0fe0c5fdd7973c467264c0cea3c1b94e4df468a8d1b6267582a838 Loading...

HTTP Transactions (16)

URL IP Response Size

www.ku2h.com/

23.247.68.3

1.3 kB

URL
www.ku2h.com/
IP
23.247.68.3:0
ASN
#46573 LAYER-HOST

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ISO-8859 text, with very long lines (388), with CRLF line terminators
Size
1.3 kB (1280 bytes)
Hash
e77091b0db6a565a6643b750013d6f6e
57063412943e881b4adfbd1ae96806344714b7d8
b8b935b992bdbdc78fb284ca48861a1329262c6e6f55003b489215b106575aff

HTTP Headers

GET / HTTP/1.1
Host: www.ku2h.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Jun 2023 09:27:00 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip

www.ku2h.com/~vip/signin.php/

23.247.68.3

200 OK

1.3 kB

URL User Request GET HTTP/1.1
www.ku2h.com/~vip/signin.php/
IP
23.247.68.3:80
ASN
#46573 LAYER-HOST

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ISO-8859 text, with very long lines (388), with CRLF line terminators
Size
1.3 kB (1280 bytes)
Hash
e77091b0db6a565a6643b750013d6f6e
57063412943e881b4adfbd1ae96806344714b7d8
b8b935b992bdbdc78fb284ca48861a1329262c6e6f55003b489215b106575aff

HTTP Headers

GET /~vip/signin.php/ HTTP/1.1
Host: www.ku2h.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Jun 2023 09:27:01 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip

www.ku2h.com/tj.js

23.247.68.3

200 OK

100 B

URL GET HTTP/1.1
www.ku2h.com/tj.js
IP
23.247.68.3:80
ASN
#46573 LAYER-HOST

Requested by
http://www.ku2h.com/~vip/signin.php/

File type
HTML document, ASCII text, with no line terminators
Size
100 B (100 bytes)
Hash
29dbba98f8aa49d814a55299f44f3552
f9c69726560cf430b4c51a9a40029c10671d3dd4
991f23bde5aff608311d6af5f5ebad83d30366f3ea01db4e1577d84169383778

HTTP Headers

GET /tj.js HTTP/1.1
Host: www.ku2h.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.ku2h.com/~vip/signin.php/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Jun 2023 09:27:01 GMT
Content-Type: application/x-javascript
Content-Length: 100
Connection: keep-alive

www.ku2h.com/common.js

23.247.68.3

200 OK

2.1 kB

URL GET HTTP/1.1
www.ku2h.com/common.js
IP
23.247.68.3:80
ASN
#46573 LAYER-HOST

Requested by
http://www.ku2h.com/~vip/signin.php/

File type
ASCII text, with very long lines (4822), with no line terminators
Size
2.1 kB (2106 bytes)
Hash
368573bfe65c70b4b19090435e1aae69
db1f8bb1dc7e9f4a6d41c37ffa82635b562a5f0e
2bf2c6c55a928b5cb710d72be52cca3cf28619624be0e70cbeeb67e426462052

Detections

NIDS	Severity	Alert
suricata	high	ET HUNTING Possible Obfuscator io JavaScript Obfuscation

HTTP Headers

GET /common.js HTTP/1.1
Host: www.ku2h.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.ku2h.com/~vip/signin.php/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Jun 2023 09:27:01 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip

push.zhanzhang.baidu.com/push.js

182.61.201.93

200 OK

227 B

URL GET HTTP/1.1
push.zhanzhang.baidu.com/push.js
IP
182.61.201.93:80
ASN
#38365 Beijing Baidu Netcom Science and Technology Co., Ltd.

Requested by
http://www.ku2h.com/~vip/signin.php/

File type
ASCII text, with no line terminators
Size
227 B (227 bytes)
Hash
1bb5a3267c9865ad4abe8d937734b62b
b5478dd2edb3e64242eced1db2dbd945ef81f592
674bc0c70f98d627b8a7e1d278a1f21ffe33815565f7d5371bf0275da57571b2

HTTP Headers

GET /push.js HTTP/1.1
Host: push.zhanzhang.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.ku2h.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Length: 227
Content-Type: text/javascript
Date: Fri, 02 Jun 2023 09:24:30 GMT
Etag: "4078521116"
Expires: Sat, 01 Jun 2024 09:24:30 GMT
Last-Modified: Wed, 25 Nov 2015 07:47:55 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Server: apache
Set-Cookie: BAIDUID=9B914EA1F5862E4C84DCE67952B712A1:FG=1; max-age=31536000; expires=Sat, 01-Jun-24 09:24:30 GMT; domain=.baidu.com; path=/; version=1
Vary: Accept-Encoding

api.share.baidu.com/s.gif?l=http://www.ku2h.com/~vip/signin.php/

180.101.212.103

200 OK

0 B

URL GET HTTP/1.1
api.share.baidu.com/s.gif?l=http://www.ku2h.com/~vip/signin.php/
IP
180.101.212.103:80
ASN
#134770 CHINANET Jiangsu province Suzhou taihu IDC network

Requested by
http://www.ku2h.com/~vip/signin.php/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /s.gif?l=http://www.ku2h.com/~vip/signin.php/ HTTP/1.1
Host: api.share.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.ku2h.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/plain; charset=utf-8
Date: Fri, 02 Jun 2023 09:24:31 GMT

js.users.51.la/21653847.js

42.236.73.40

200 OK

2.3 kB

URL GET HTTP/1.1
js.users.51.la/21653847.js
IP
42.236.73.40:80
ASN
#4837 CHINA UNICOM China169 Backbone

Requested by
http://www.ku2h.com/~vip/signin.php/

File type
ASCII text, with very long lines (4898), with no line terminators
Size
2.3 kB (2307 bytes)
Hash
8050e3fb5003aaa5cdd6fb8f92c18d0e
1783b951bf8f7390ffa2f8184166a5e41c4e76cc
1c83ce165a9a982c6b8b61b3ce41ffd9991c4101ccde0f3ffc45fa0cf3a3677c

HTTP Headers

GET /21653847.js HTTP/1.1
Host: js.users.51.la
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.ku2h.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 02 Jun 2023 09:24:31 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Headers: Content-Type
Cache-Control: no-store
Access-Control-Allow-Origin: *, *
Access-Control-Allow-Credentials: true
Content-Encoding: gzip

ocsp.globalsign.com/gsrsaovsslca2018

104.18.21.226

1.4 kB

URL
ocsp.globalsign.com/gsrsaovsslca2018
IP
104.18.21.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.4 kB (1432 bytes)
Hash
a1c3b8b1177805cc982a4048d4ee01f8
a58e885167726f8c28143197f5d0180574fde1f0
4032e3796b0134ff0f80155b6278471b7dab60514c308e9802ba364e777f7057

HTTP Headers

POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 09:24:31 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Tue, 06 Jun 2023 07:36:43 GMT
ETag: "a58e885167726f8c28143197f5d0180574fde1f0"
Last-Modified: Fri, 02 Jun 2023 07:36:44 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1853
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7d0ea4cfd884b4ee-OSL

ocsp.crlocsp.cn/

101.198.193.5

472 B

URL
ocsp.crlocsp.cn/
IP
101.198.193.5:0
ASN
#55992 Beijing Qihu Technology Company Limited

File type
data
Size
472 B (472 bytes)
Hash
4ec5e4b6a2194bd934992171a84caf2f
f7f9e2063eb65fa68a94e1a3efadcd5d4efd530e
c3b69c980240dbd9b2da1339159ea6a850ef11299f5093c1c330533ad58ad84e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.crlocsp.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.9.14
Date: Fri, 02 Jun 2023 09:20:39 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Content-Transfer-Encoding: Binary
Last-modified: Mon, 29 May 2023 18:14:51 GMT
Expires: Mon, 05 Jun 2023 18:14:50 GMT
ETag: "F7F9E2063EB65FA68A94E1A3EFADCD5D4EFD530E"
cache-control: max-age=172800,public,no-transform,must-revalidate

ocsp.crlocsp.cn/

101.198.193.5

472 B

URL
ocsp.crlocsp.cn/
IP
101.198.193.5:0
ASN
#55992 Beijing Qihu Technology Company Limited

File type
data
Size
472 B (472 bytes)
Hash
4ec5e4b6a2194bd934992171a84caf2f
f7f9e2063eb65fa68a94e1a3efadcd5d4efd530e
c3b69c980240dbd9b2da1339159ea6a850ef11299f5093c1c330533ad58ad84e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.crlocsp.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.9.14
Date: Fri, 02 Jun 2023 09:20:39 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Content-Transfer-Encoding: Binary
Last-modified: Mon, 29 May 2023 18:14:51 GMT
Expires: Mon, 05 Jun 2023 18:14:50 GMT
ETag: "F7F9E2063EB65FA68A94E1A3EFADCD5D4EFD530E"
cache-control: max-age=172800,public,no-transform,must-revalidate

ia.51.la/go1?id=21653847&rt=1685697870909&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=%25E4%25B8%258A%25E9%25A5%25B6%25E5%258C%25A3%25E7%25B0%25BF%25E5%25BB%25BA%25E6%259D%2590%25E6%259C%2589%25E9%2599%2590%25E5%2585%25AC%25E5%258F%25B8&ing=1&ekc=&sid=1685697870909&tt=%25E4%25B8%258A%25E9%25A5%25B6%25E5%258C%25A3%25E7%25B0%25BF%25E5%25BB%25BA%25E6%259D%2590%25E6%259C%2589%25E9%2599%2590%25E5%2585%25AC%25E5%258F%25B8&kw=%25E4%25B8%258A%25E9%25A5%25B6%25E5%258C%25A3%25E7%25B0%25BF%25E5%25BB%25BA%25E6%259D%2590%25E6%259C%2589%25E9%2599%2590%25E5%2585%25AC%25E5%258F%25B8&cu=http%253A%252F%252Fwww.ku2h.com%252F~vip%252Fsignin.php%252F&pu=

42.236.73.39

200

0 B

URL GET HTTP/1.1
ia.51.la/go1?id=21653847&rt=1685697870909&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=%25E4%25B8%258A%25E9%25A5%25B6%25E5%258C%25A3%25E7%25B0%25BF%25E5%25BB%25BA%25E6%259D%2590%25E6%259C%2589%25E9%2599%2590%25E5%2585%25AC%25E5%258F%25B8&ing=1&ekc=&sid=1685697870909&tt=%25E4%25B8%258A%25E9%25A5%25B6%25E5%258C%25A3%25E7%25B0%25BF%25E5%25BB%25BA%25E6%259D%2590%25E6%259C%2589%25E9%2599%2590%25E5%2585%25AC%25E5%258F%25B8&kw=%25E4%25B8%258A%25E9%25A5%25B6%25E5%258C%25A3%25E7%25B0%25BF%25E5%25BB%25BA%25E6%259D%2590%25E6%259C%2589%25E9%2599%2590%25E5%2585%25AC%25E5%258F%25B8&cu=http%253A%252F%252Fwww.ku2h.com%252F~vip%252Fsignin.php%252F&pu=
IP
42.236.73.39:80
ASN
#4837 CHINA UNICOM China169 Backbone

Requested by
http://www.ku2h.com/~vip/signin.php/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /go1?id=21653847&rt=1685697870909&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=%25E4%25B8%258A%25E9%25A5%25B6%25E5%258C%25A3%25E7%25B0%25BF%25E5%25BB%25BA%25E6%259D%2590%25E6%259C%2589%25E9%2599%2590%25E5%2585%25AC%25E5%258F%25B8&ing=1&ekc=&sid=1685697870909&tt=%25E4%25B8%258A%25E9%25A5%25B6%25E5%258C%25A3%25E7%25B0%25BF%25E5%25BB%25BA%25E6%259D%2590%25E6%259C%2589%25E9%2599%2590%25E5%2585%25AC%25E5%258F%25B8&kw=%25E4%25B8%258A%25E9%25A5%25B6%25E5%258C%25A3%25E7%25B0%25BF%25E5%25BB%25BA%25E6%259D%2590%25E6%259C%2589%25E9%2599%2590%25E5%2585%25AC%25E5%258F%25B8&cu=http%253A%252F%252Fwww.ku2h.com%252F~vip%252Fsignin.php%252F&pu= HTTP/1.1
Host: ia.51.la
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.ku2h.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Content-Length: 0
Date: Fri, 02 Jun 2023 09:24:16 GMT

s.360.cn/so/zz.gif?url=http%3A%2F%2Fwww.ku2h.com%2F~vip%2Fsignin.php%2F&sid=d182b3f28525f2db83acfaaf6e696dba&token=d/1p8h2pb.3nfi2n8g5i2s5/fp2idvb~

180.163.251.230

200 OK

0 B

URL GET HTTP/1.1
s.360.cn/so/zz.gif?url=http%3A%2F%2Fwww.ku2h.com%2F~vip%2Fsignin.php%2F&sid=d182b3f28525f2db83acfaaf6e696dba&token=d/1p8h2pb.3nfi2n8g5i2s5/fp2idvb~
IP
180.163.251.230:443
ASN
#4812 China Telecom Group

Requested by
http://www.ku2h.com/~vip/signin.php/
Certificate
IssuerWoTrus CA Limited
Subject*.s.360.cn
FingerprintB1:6A:FB:C0:EE:71:49:97:E7:72:0C:E3:DF:52:E8:6B:1D:5E:41:0E
ValidityFri, 16 Dec 2022 00:00:00 GMT - Sat, 16 Dec 2023 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /so/zz.gif?url=http%3A%2F%2Fwww.ku2h.com%2F~vip%2Fsignin.php%2F&sid=d182b3f28525f2db83acfaaf6e696dba&token=d/1p8h2pb.3nfi2n8g5i2s5/fp2idvb~ HTTP/1.1
Host: s.360.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.ku2h.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty/1.15.8.2
Date: Fri, 02 Jun 2023 09:24:31 GMT
Content-Type: image/gif
Content-Length: 0
Last-Modified: Fri, 27 Jul 2018 07:11:22 GMT
Connection: keep-alive
ETag: "5b5ac59a-0"
Accept-Ranges: bytes

sp0.baidu.com/9_Q4simg2RQJ8t7jm9iCKT-xh_/s.gif?l=http://www.ku2h.com/~vip/signin.php/

104.193.88.77

0 B

URL
sp0.baidu.com/9_Q4simg2RQJ8t7jm9iCKT-xh_/s.gif?l=http://www.ku2h.com/~vip/signin.php/
IP
104.193.88.77:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /9_Q4simg2RQJ8t7jm9iCKT-xh_/s.gif?l=http://www.ku2h.com/~vip/signin.php/ HTTP/1.1
Host: sp0.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.ku2h.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/plain; charset=utf-8
Date: Fri, 02 Jun 2023 09:24:31 GMT

www.ku2h.com/favicon.ico

23.247.68.3

200 OK

1.2 kB

URL GET HTTP/1.1
www.ku2h.com/favicon.ico
IP
23.247.68.3:80
ASN
#46573 LAYER-HOST

Requested by
http://www.ku2h.com/~vip/signin.php/

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Size
1.2 kB (1150 bytes)
Hash
7ef1f0a0093460fe46bb691578c07c95
2da3ffbbf4737ce4dae9488359de34034d1ebfbd
4c62eef22174220b8655590a77b27957f3518b4c3b7352d0b64263b80e728f2c

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.ku2h.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.ku2h.com/~vip/signin.php/
Cookie: __tins__21653847=%7B%22sid%22%3A%201685697870909%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201685699670909%7D; __51cke__=; __51laig__=1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Jun 2023 09:27:04 GMT
Content-Type: image/x-icon
Content-Length: 1150
Last-Modified: Fri, 01 Jul 2011 08:14:23 GMT
Connection: keep-alive
ETag: "4e0d81df-47e"
Expires: Wed, 07 Jun 2023 09:27:04 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes

www.ufvjgwufvjgwufotsgfjoshbed.com/js/hyt.js

0.0.0.0

0 B

URL GET
www.ufvjgwufvjgwufotsgfjoshbed.com/js/hyt.js
IP
0.0.0.0:0
ASN
#0

Requested by
http://www.ku2h.com/~vip/signin.php/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /js/hyt.js HTTP/1.1
Host: www.ufvjgwufvjgwufotsgfjoshbed.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.ku2h.com/
Pragma: no-cache
Cache-Control: no-cache

sp0.baidu.com/9_Q4simg2RQJ8t7jm9iCKT-xh_/s.gif?l=http://www.ku2h.com/~vip/signin.php/

104.193.88.77

200 OK

0 B

URL GET HTTP/1.1
sp0.baidu.com/9_Q4simg2RQJ8t7jm9iCKT-xh_/s.gif?l=http://www.ku2h.com/~vip/signin.php/
IP
104.193.88.77:443
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

Requested by
http://www.ku2h.com/~vip/signin.php/
Certificate
IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint48:6A:ED:D1:68:52:E5:97:4F:A0:92:46:B3:3C:56:46:3D:D9:9C:D5
ValidityTue, 05 Jul 2022 05:16:02 GMT - Sun, 06 Aug 2023 05:16:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /9_Q4simg2RQJ8t7jm9iCKT-xh_/s.gif?l=http://www.ku2h.com/~vip/signin.php/ HTTP/1.1
Host: sp0.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.ku2h.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/plain; charset=utf-8
Date: Fri, 02 Jun 2023 09:24:31 GMT

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (8)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

HTTP Transactions (16)

URL

IP

ASN

File type

Size

Hash

HTTP Headers