103.63.6.148301 Moved Permanently 0 B URL User Request GET HTTP/1.1 IP 103.63.6.148:80
ASN #132742 Guochao Group limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET / HTTP/1.1
Host: secarbon.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Transfer-Encoding: chunked
Location: http://www.secarbon.cn/
Server: Nginx Microsoft-HTTPAPI/2.0
X-Powered-By: Nginx
Date: Thu, 18 Apr 2024 06:44:36 GMT
103.63.6.148200 OK 947 B URL User Request GET HTTP/1.1 IP 103.63.6.148:80
ASN #132742 Guochao Group limited
File type JavaScript source, Unicode text, UTF-8 (with BOM) text, with very long lines (448)
Hash db3ed87dbdfddd715cbb54fcfe069b0b
10ccc20d684ae3f139e9612e09c1dc7ac845c788
7ca3b84bf6ce48106bc2d4d0d6e975bdde6ed9b9f5e5d4c7ad0b552ec02d420a
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET / HTTP/1.1
Host: www.secarbon.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Server: Nginx Microsoft-HTTPAPI/2.0
X-Powered-By: Nginx
Date: Thu, 18 Apr 2024 06:44:38 GMT
www.secarbon.cn/favicon.ico
103.63.6.148404 Not Found 0 B URL GET HTTP/1.1 www.secarbon.cn/favicon.ico
IP 103.63.6.148:80
ASN #132742 Guochao Group limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /favicon.ico HTTP/1.1
Host: www.secarbon.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.secarbon.cn/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Transfer-Encoding: chunked
Server: Nginx Microsoft-HTTPAPI/2.0
X-Powered-By: Nginx
Date: Thu, 18 Apr 2024 06:44:39 GMT
hm.baidu.com/hm.js?e70c7e5f441812bc057f46f9679777de
14.215.183.79200 OK 11 kB URL GET HTTP/1.1 hm.baidu.com/hm.js?e70c7e5f441812bc057f46f9679777de
IP 14.215.183.79:443
Certificate IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT
File type JavaScript source, ASCII text, with very long lines (619)
Hash 94678b8d23e1e639cd7b303f14b66759
07a35c7f93107884d75a65a9ca205568b1d15c65
4ea1658fa02863b77acd952ea71a569729dee390c65beee075480cacd00290b8
GET /hm.js?e70c7e5f441812bc057f46f9679777de HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.secarbon.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11257
Content-Type: application/javascript
Date: Thu, 18 Apr 2024 06:44:39 GMT
Etag: 67baa5a182fed670f35412723fe2d744
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=78755539254C741D; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.js?efac78125a55000aa7d51464428a0e15
14.215.183.79200 OK 11 kB URL GET HTTP/1.1 hm.baidu.com/hm.js?efac78125a55000aa7d51464428a0e15
IP 14.215.183.79:443
Certificate IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT
File type JavaScript source, ASCII text, with very long lines (619)
Hash ba48a0b94ec4df1fc7ccd7df0f52a2b3
d1815b5cae6f0f0f65aaf7f172958b38d97e91a9
2aaeefdadd593ef816f55d1e3d462853638bc5a114c18b0428b21ebfce8c1de7
GET /hm.js?efac78125a55000aa7d51464428a0e15 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.secarbon.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11257
Content-Type: application/javascript
Date: Thu, 18 Apr 2024 06:44:39 GMT
Etag: 6ea650ff834dd780d8fd854977c5672b
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=31D44F1EF33F894A; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=801158883&si=e70c7e5f441812bc057f46f9679777de&v=1.3.0&lv=1&sn=10105&r=0&ww=1280&u=http%3A%2F%2Fwww.secarbon.cn%2F
14.215.183.79200 OK 43 B URL GET HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=801158883&si=e70c7e5f441812bc057f46f9679777de&v=1.3.0&lv=1&sn=10105&r=0&ww=1280&u=http%3A%2F%2Fwww.secarbon.cn%2F
IP 14.215.183.79:443
Certificate IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT
File type GIF image data, version 89a, 1 x 1
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=801158883&si=e70c7e5f441812bc057f46f9679777de&v=1.3.0&lv=1&sn=10105&r=0&ww=1280&u=http%3A%2F%2Fwww.secarbon.cn%2F HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.secarbon.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Thu, 18 Apr 2024 06:44:39 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=F3A463697EE60C05; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1273687106&si=efac78125a55000aa7d51464428a0e15&v=1.3.0&lv=1&sn=10105&r=0&ww=1280&u=http%3A%2F%2Fwww.secarbon.cn%2F
14.215.183.79200 OK 43 B URL GET HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1273687106&si=efac78125a55000aa7d51464428a0e15&v=1.3.0&lv=1&sn=10105&r=0&ww=1280&u=http%3A%2F%2Fwww.secarbon.cn%2F
IP 14.215.183.79:443
Certificate IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT
File type GIF image data, version 89a, 1 x 1
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1273687106&si=efac78125a55000aa7d51464428a0e15&v=1.3.0&lv=1&sn=10105&r=0&ww=1280&u=http%3A%2F%2Fwww.secarbon.cn%2F HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.secarbon.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Thu, 18 Apr 2024 06:44:39 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=FB7CE1E4FE3B57D8; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff