| | 139.196.95.112 | 200 OK | 1.5 kB |
URL User Request GET HTTP/1.1IP139.196.95.112:80 ASN#37963 Hangzhou Alibaba Advertising Co.,Ltd.
File typeHTML document, Unicode text, UTF-8 text, with very long lines (545) Hash5466089a9cc6dc427cebcd84f69a7da4 b93f33e61f7807c26131ec7027e5971b221c87dd ed3068c0ed87637c3fa6e18b50d32a78059f3ec857c6aaabb6606d4bf0ecad61
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET / HTTP/1.1
Host: 139.196.95.112
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 22:12:19 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade, Keep-Alive
Last-Modified: Sat, 22 Apr 2017 07:23:30 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
ETag: "c06-54dbc4035a080"
Content-Length: 1470
Keep-Alive: timeout=5, max=100
Content-Type: text/html
|
|
| img.shields.io/badge/%E5%BE%AE%E4%BF%A1-%E5%90%91TA%E6%8D%90%E5%8A%A9-green.svg | 104.21.80.27 | 200 OK | 8.8 kB |
URL GET HTTP/2img.shields.io/badge/%E5%BE%AE%E4%BF%A1-%E5%90%91TA%E6%8D%90%E5%8A%A9-green.svg IP104.21.80.27:443
CertificateIssuerGoogle Trust Services LLC Subjectshields.io Fingerprint06:9A:CE:FC:A5:A8:6F:3B:1C:E0:C1:CE:31:01:2E:29:9B:83:8B:A5 ValidityWed, 28 Feb 2024 01:25:50 GMT - Tue, 28 May 2024 01:25:49 GMT
File typeSVG Scalable Vector Graphics image Hasha9f13978b9d18c245bb4a426c5c2a278 82a350f42b6ff9088750516d58aba55cb99f4200 b2bdfcebb08f589965cf48f959c9bac00de449bde43863c35f29bf19e8ac3b91
GET /badge/%E5%BE%AE%E4%BF%A1-%E5%90%91TA%E6%8D%90%E5%8A%A9-green.svg HTTP/1.1
Host: img.shields.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://139.196.95.112/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 22:12:20 GMT
content-type: image/svg+xml;charset=utf-8
access-control-allow-origin: *
cache-control: max-age=86400, s-maxage=86400
last-modified: Fri, 26 Apr 2024 18:55:12 GMT
via: 2 fly.io
fly-request-id: 01HWE7EVGDX5HZTQBSGB52763F-arn
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BbYb8QRUMY%2BEQJ2FQTApWu%2FdALfAetEiXwhPIbE3kcQ4q8HsSo1%2BBzvAmxdAArlcdK2YuNrL2wSPX3iPMyorUXaYtG70toEHiUUNeb3EuCfX0SawsPxU6EFLPMFCCNAv4Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a9e9e97cba56ca-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| img.shields.io/badge/Paypal-donate-green.svg | 104.21.80.27 | 200 OK | 678 B |
URL GET HTTP/2img.shields.io/badge/Paypal-donate-green.svg IP104.21.80.27:443
CertificateIssuerGoogle Trust Services LLC Subjectshields.io Fingerprint06:9A:CE:FC:A5:A8:6F:3B:1C:E0:C1:CE:31:01:2E:29:9B:83:8B:A5 ValidityWed, 28 Feb 2024 01:25:50 GMT - Tue, 28 May 2024 01:25:49 GMT
File typeSVG Scalable Vector Graphics image Hash604cc04892bf1486407ac628100bd00c 2ff1d1070d41b19f3962ee1674382dc34c79dc7e f8ee909e2d4c114b0b251ad90903b8b68ec6c1d28b2b731e30b507b399e872f2
GET /badge/Paypal-donate-green.svg HTTP/1.1
Host: img.shields.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://139.196.95.112/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 22:12:20 GMT
content-type: image/svg+xml;charset=utf-8
access-control-allow-origin: *
cache-control: max-age=86400, s-maxage=86400
last-modified: Fri, 26 Apr 2024 18:55:06 GMT
via: 2 fly.io
fly-request-id: 01HWE7EVG78KQAMNBWSMS3282E-arn
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S2wwjdEfblvariXf8OVpbkGurtXoRYjxBb137FGI6A1AHMp29P03D%2B8MUJsafxkbcVbaM7CJKQqX%2Fn831N8B0rbWOmPctSqlNdxifdiKcvFV4aX05sTSraX%2Fh0MouG96YQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a9e9e97cb856ca-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| static.oneinstack.com/ad_buttom.html | 43.152.140.143 | 200 OK | 403 B |
URL GET HTTP/1.1static.oneinstack.com/ad_buttom.html IP43.152.140.143:443
CertificateIssuerSectigo Limited Subjectstatic.oneinstack.com Fingerprint91:5A:14:49:D5:F8:CD:60:AE:CD:8C:A5:D9:50:E0:5C:51:A5:E4:86 ValidityFri, 19 Apr 2024 00:00:00 GMT - Sat, 19 Apr 2025 23:59:59 GMT
File typeHTML document, ASCII text Hash816171e30ff32058597ff2a2af45f357 f7ebb28a39e91131654028a7a7867673f62d5dda 7b84db6e0735e9b836055467384362fe3e963e979e2904d08663be513dca7eea
GET /ad_buttom.html HTTP/1.1
Host: static.oneinstack.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://139.196.95.112/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 26 Apr 2024 22:12:22 GMT
Content-Type: text/html
Vary: Accept-Encoding
ETag: W/"64dd97eb-275"
Strict-Transport-Security: max-age=15768000
Content-Encoding: gzip
Last-Modified: Thu, 17 Aug 2023 03:45:47 GMT
Transfer-Encoding: chunked
X-NWS-LOG-UUID: 3139683507858256502
Connection: keep-alive
X-Cache-Lookup: Cache Miss
|
|
| normandy.cdn.mozilla.net/api/v1/ | 35.201.103.21 | | 598 B |
URL normandy.cdn.mozilla.net/api/v1/ IP35.201.103.21:0 ASN#396982 GOOGLE-CLOUD-PLATFORM
Hash3076f9a5cb273105528b893ff7111e41 b8990c145fe71b9a2410eea41a60a712b43b82bf 69c578fb0c03a28141a975833f660f4571e7991dc28ae7f9cead37672ee2c9b3
GET /api/v1/ HTTP/1.1
Host: normandy.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 598
allow: GET, HEAD, OPTIONS
content-security-policy: block-all-mixed-content; worker-src 'none'; frame-src 'none'; base-uri 'none'; form-action 'self'; object-src 'none'; default-src 'self' https://normandy.cdn.mozilla.net/; report-uri /__cspreport__
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000
via: 1.1 google
date: Thu, 25 Apr 2024 23:46:24 GMT
cache-control: public, max-age=86400
content-type: application/json
vary: Accept, Origin
age: 80762
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| classify-client.services.mozilla.com/api/v1/classify_client/ | 34.98.75.36 | | 64 B |
URL classify-client.services.mozilla.com/api/v1/classify_client/ IP34.98.75.36:0 ASN#396982 GOOGLE-CLOUD-PLATFORM
Hashbad684bb6ece4d6d9a44ba37db1fd088 add90656267c345f9fc23c241845f3986ad9dda8 e0a18509fd088b064085fe96aeaf9c1bfa85aa0b68e7c85dc75b54df8e94177d
GET /api/v1/classify_client/ HTTP/1.1
Host: classify-client.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 22:12:26 GMT
content-type: application/json
content-length: 64
cache-control: max-age=0, no-cache, no-store, must-revalidate
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml | 35.244.181.201 | | 444 B |
URL aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml IP35.244.181.201:0 ASN#396982 GOOGLE-CLOUD-PLATFORM
File typeXML 1.0 document, ASCII text, with very long lines (332) Hash3b324dec137a87ef7e24a30a65b13dd0 c0faa95b2f1018e264b3a14aaf50d1003e6c27b3 6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463
GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-06-09-11-51-10.chain; p384ecdsa=WaLE-3k3fWF2MJFH4hZeMrToVNQFnyV4mGrmlRoTN7uPBbKXobd1DvfMz4SRmn5s2apwxplsKaFV1caUBr2D3YAqen7zx0GafCdwvYCMVcpE211_hgim0X_Zicw57Uu2
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: EXPIRED
content-encoding: gzip
via: 1.1 google
date: Fri, 26 Apr 2024 22:11:17 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
content-length: 444
age: 80
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| 139.196.95.112/favicon.ico | 139.196.95.112 | 404 Not Found | 209 B |
URL GET HTTP/1.1139.196.95.112/favicon.ico IP139.196.95.112:80 ASN#37963 Hangzhou Alibaba Advertising Co.,Ltd.
File typeHTML document, ASCII text, with no line terminators Hash8ace35f18ab1832bacfde13597767517 22e4ee51bbdba11b19a2d6879bc60126dc89eecd f87134d32dc903f27ed9c905bfd824f31192dac9e05887b2dedbb1ca416d1280
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: 139.196.95.112
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://139.196.95.112/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Fri, 26 Apr 2024 22:12:20 GMT
Server: Apache
Content-Length: 209
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
|
|
| img.shields.io/badge/%E6%94%AF%E4%BB%98%E5%AE%9D-%E5%90%91TA%E6%8D%90%E5%8A%A9-green.svg | 104.21.80.27 | 200 OK | 1.2 kB |
URL GET HTTP/2img.shields.io/badge/%E6%94%AF%E4%BB%98%E5%AE%9D-%E5%90%91TA%E6%8D%90%E5%8A%A9-green.svg IP104.21.80.27:443
CertificateIssuerGoogle Trust Services LLC Subjectshields.io Fingerprint06:9A:CE:FC:A5:A8:6F:3B:1C:E0:C1:CE:31:01:2E:29:9B:83:8B:A5 ValidityWed, 28 Feb 2024 01:25:50 GMT - Tue, 28 May 2024 01:25:49 GMT
File typeSVG Scalable Vector Graphics image Hasha3ded5c2011035606a92e74fe0e74e20 6ce3a2d7f74fb45f8a82d7d3e8b945f5755727aa 5dd31b7e217ae3f86347efde32934a626905a34f482c2f7ed994b2c18fb3ccc3
GET /badge/%E6%94%AF%E4%BB%98%E5%AE%9D-%E5%90%91TA%E6%8D%90%E5%8A%A9-green.svg HTTP/1.1
Host: img.shields.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://139.196.95.112/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 22:12:20 GMT
content-type: image/svg+xml;charset=utf-8
access-control-allow-origin: *
cache-control: max-age=86400, s-maxage=86400
last-modified: Fri, 26 Apr 2024 18:55:06 GMT
via: 2 fly.io
fly-request-id: 01HWE7EVFYXXQ7F0145A6VG1PE-arn
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ff9AqkP5ZVUrqnC4P9BDX1Qtui8llO4%2Bee8jR%2FBLssUTfRuNljvQAk3YLW95TH5Ub6FtnEn6kasFacycAIYWuxO73NglWlv7V8Vywp0qlfoA3SbBQpUChcP%2B%2FxBJYsVRGg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a9e9e98cc056ca-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|