| r3735bb7p3.299931dhxl.top/ | 46.3.115.16 | 302 Found | 949 B |
URL User Request GET r3735bb7p3.299931dhxl.top/ IP 46.3.115.16:443
CertificateIssuerLet's Encrypt Subjectwww.299931.com FingerprintE8:13:84:FD:8D:88:71:B5:DD:CE:85:51:92:D2:5B:E2:97:E1:13:42 ValiditySat, 25 Jan 2025 13:51:18 GMT - Fri, 25 Apr 2025 13:51:17 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET / HTTP/1.1
Host: r3735bb7p3.299931dhxl.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx
date: Wed, 02 Apr 2025 07:51:53 GMT
content-type: text/html; charset=UTF-8
location: https://jbd8pSDGEm.299931dhxl.top/demo/
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
|
|
| jbd8psdgem.299931dhxl.top/demo/ | 46.3.115.16 | 200 OK | 949 B |
URL User Request GET jbd8psdgem.299931dhxl.top/demo/ IP 46.3.115.16:443
CertificateIssuerLet's Encrypt Subjectwww.299931.com FingerprintE8:13:84:FD:8D:88:71:B5:DD:CE:85:51:92:D2:5B:E2:97:E1:13:42 ValiditySat, 25 Jan 2025 13:51:18 GMT - Fri, 25 Apr 2025 13:51:17 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (1032), with no line terminators Hash2c7bd4fd6489f6f6d0c69fc30e8808a1 da2c3211e28f37795aea75378b35660b273ff385 25612cedb63e9d57399bb1e0563499ef94e70d80b02c3417fcf273fdeab09c40
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /demo/ HTTP/1.1
Host: jbd8psdgem.299931dhxl.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 02 Apr 2025 07:51:54 GMT
content-type: text/html
content-length: 949
last-modified: Sun, 14 Jul 2024 12:24:31 GMT
etag: "6693c37f-3b5"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| jbd8psdgem.299931dhxl.top/demo/zz/style.css | 46.3.115.16 | 200 OK | 30 kB |
URL GET jbd8psdgem.299931dhxl.top/demo/zz/style.css IP 46.3.115.16:443
Requested byhttps://jbd8psdgem.299931dhxl.top/demo/ CertificateIssuerLet's Encrypt Subjectwww.299931.com FingerprintE8:13:84:FD:8D:88:71:B5:DD:CE:85:51:92:D2:5B:E2:97:E1:13:42 ValiditySat, 25 Jan 2025 13:51:18 GMT - Fri, 25 Apr 2025 13:51:17 GMT
File typeUnicode text, UTF-8 text, with CRLF line terminators Hash5581f62c6abce9111cae182b183876b0 c1725c079dff681b709c78aadd64e47e3fa070f8 9c0219446014bd754f79fa89779ef3c55231802a2c007f19bb2e5a65f4a8b843
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /demo/zz/style.css HTTP/1.1
Host: jbd8psdgem.299931dhxl.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jbd8psdgem.299931dhxl.top/demo/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 02 Apr 2025 07:51:55 GMT
content-type: text/css
last-modified: Fri, 03 Nov 2023 06:44:03 GMT
vary: Accept-Encoding
etag: W/"654496b3-7620"
expires: Wed, 02 Apr 2025 19:51:55 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| jbd8psdgem.299931dhxl.top/demo/tz.php | 46.3.115.16 | 200 OK | 4.7 kB |
URL GET jbd8psdgem.299931dhxl.top/demo/tz.php IP 46.3.115.16:443
Requested byhttps://jbd8psdgem.299931dhxl.top/demo/ CertificateIssuerLet's Encrypt Subjectwww.299931.com FingerprintE8:13:84:FD:8D:88:71:B5:DD:CE:85:51:92:D2:5B:E2:97:E1:13:42 ValiditySat, 25 Jan 2025 13:51:18 GMT - Fri, 25 Apr 2025 13:51:17 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (4882), with no line terminators Hash138f50771fc538d7778da0eda639cfd5 e949da4947eda91095238297c60a86b594a9f366 0161d008f3728c324b245c470b23c7e1370b8eb9099573871bd53dc5df51035a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /demo/tz.php HTTP/1.1
Host: jbd8psdgem.299931dhxl.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jbd8psdgem.299931dhxl.top/demo/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 02 Apr 2025 07:51:55 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| jbd8psdgem.299931dhxl.top/favicon.ico | 46.3.115.16 | 404 Not Found | 146 B |
URL GET jbd8psdgem.299931dhxl.top/favicon.ico IP 46.3.115.16:443
Requested byhttps://jbd8psdgem.299931dhxl.top/demo/ CertificateIssuerLet's Encrypt Subjectwww.299931.com FingerprintE8:13:84:FD:8D:88:71:B5:DD:CE:85:51:92:D2:5B:E2:97:E1:13:42 ValiditySat, 25 Jan 2025 13:51:18 GMT - Fri, 25 Apr 2025 13:51:17 GMT
File typeHTML document, ASCII text, with no line terminators Hash40b3fc14254227ec5012d996bf90c4e1 b0dd06eb5a779151151101337889ff09953f8ac0 740816c1b61e4a8443c26d30d3eecfea04815fca8cd605a142f9d8a35f86ceca
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: jbd8psdgem.299931dhxl.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jbd8psdgem.299931dhxl.top/demo/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 404 Not Found
server: nginx
date: Wed, 02 Apr 2025 07:51:55 GMT
content-type: text/html
content-length: 146
X-Firefox-Spdy: h2
|
|