Report - akhwbjyshezaxck.buzz/

Report Overview

Visited public
2024-07-29 05:55:38
Tags
URL
akhwbjyshezaxck.buzz/
Finishing URL
njwcjyshepnz.buzz/
IP / ASN
104.21.64.60
#13335 CLOUDFLARENET
Title
热门独家资源-jy射视频就要射

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
	unknown				3.6 kB	482 kB	45.117.11.97
555bbb666www.com	unknown	unknown	No data	No data	450 B	276 kB	104.160.179.250
akhwbjyshezaxck.buzz	unknown	unknown	No data	No data	475 B	14 kB	104.21.64.60
ljcdn.kd-pic6669.com	unknown	2024-03-20	2024-03-22 17:17:09	2024-07-25 09:47:58	8.5 kB	4.3 MB	104.26.10.242
img.huangguaimg.com	unknown	2024-06-17	2024-07-25 09:46:26	2024-07-25 09:55:00	475 B	67 kB	208.64.218.23
bjqug.xyz	unknown	2022-07-25	2022-07-25 09:38:14	2024-03-15 07:00:12	2.2 kB	1.7 MB	104.21.74.179
drda.xyz	unknown	2021-09-04	2021-09-05 04:52:17	2024-03-16 04:16:01	425 B	84 kB	188.114.97.1
img.lytuchuang88.com	unknown	2024-01-12	2024-07-25 09:48:08	2024-07-25 09:48:08	952 B	152 kB	23.226.71.86
alxqq.xyz	unknown	2022-07-25	2022-07-25 09:28:27	2024-03-15 01:04:52	398 B	17 kB	104.21.87.141
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-07-28 18:17:42	3.6 kB	9.8 kB	23.36.77.32
njwcjyshepnz.buzz	unknown	unknown	No data	No data	6.7 kB	1.5 MB	172.67.207.189
fmtu.slinpic.com	unknown	2024-07-11	2024-07-25 09:47:44	2024-07-25 09:47:44	472 B	152 kB	104.26.10.58

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-07-29	medium	akhwbjyshezaxck.buzz	Sinkholed
2024-07-29	medium	njwcjyshepnz.buzz	Sinkholed
2024-07-29	medium	njwcjyshepnz.buzz	Sinkholed
2024-07-29	medium	njwcjyshepnz.buzz	Sinkholed
2024-07-29	medium	njwcjyshepnz.buzz	Sinkholed
2024-07-29	medium	njwcjyshepnz.buzz	Sinkholed
2024-07-29	medium	njwcjyshepnz.buzz	Sinkholed
2024-07-29	medium	njwcjyshepnz.buzz	Sinkholed
2024-07-29	medium	njwcjyshepnz.buzz	Sinkholed
2024-07-29	medium	njwcjyshepnz.buzz	Sinkholed
2024-07-29	medium	njwcjyshepnz.buzz	Sinkholed
2024-07-29	medium	njwcjyshepnz.buzz	Sinkholed
2024-07-29	medium	njwcjyshepnz.buzz	Sinkholed
2024-07-29	medium	njwcjyshepnz.buzz	Sinkholed
2024-07-29	medium	njwcjyshepnz.buzz	Sinkholed
2024-07-29	medium	njwcjyshepnz.buzz	Sinkholed

ThreatFox

No alerts detected

JavaScript (17)

	URL	From	Size	First Seen	Last Seen
	unknown	Function	1.4 kB	2024-08-19	2024-08-19
Pretty Introduced by Function Embedded in HTML false Observations First Seen2024-08-19 15:24 Last Seen2024-08-19 15:24 Times Seen1 Hash 89ec98c39d8f693d8f5d9a715a8c4f15 01a64c6b614f47e77bb0bf3084868ccab56ce625 82ee32c9cf5b68784bba9171d7e024e0c37d973b1699cf95035eb766c6b660cf Loading...

	njwcjyshepnz.buzz/	ScriptElement	370 B	2024-07-12	2025-02-05
Pretty URL njwcjyshepnz.buzz/ IP 172.67.207.189 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-07-12 17:40 Last Seen2025-02-05 17:38 Times Seen9 Hash 06973a97c0f002a0087427088128c965 3dc82550e8750e17bcca2e64e8ca15824ce5f59f 3f6b51f53db368062cf9275dc47bd1fcb4386f1dc04e4aa47ac1da15971c7d42 Loading...

	njwcjyshepnz.buzz/	ScriptElement	444 B	2024-05-14	2025-06-04
Pretty URL njwcjyshepnz.buzz/ IP 172.67.207.189 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-14 21:34 Last Seen2025-06-04 18:31 Times Seen19 Hash f4d24b2c453a2cc3f4d8d96175f31443 f075b106daf8f07483b4034dc9ed1510357d940d e0362147241ddc13dbcf3b3647c62c05760085d443926feaa4066c8f9276966a Loading...

	bjqug.xyz/js/ad_jyshea.js	ScriptElement	3.4 kB	2024-07-11	2024-08-19
Pretty URL bjqug.xyz/js/ad_jyshea.js IP 104.21.74.179 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-07-11 16:15 Last Seen2024-08-19 17:15 Times Seen3 Hash 1582aca3119ae51ec2874823c93c908c 2197b59efe7c11612748b66f54e30edac8cc4d02 146938850da5c6f352795c980c5cebbf9619ceff44f5e84a51af09645afdd333 Loading...

	unknown	DomTimer	9 B	2023-05-10	2025-04-13
Pretty Introduced by domTimer Embedded in HTML false Observations First Seen2023-05-10 10:52 Last Seen2025-04-13 04:35 Times Seen92 Hash fda433cf1b62848c0205b57eceda52e4 dc66a4301c58398a01b76c2307515ee74bd6e87c e686612515f372304827f3dec578bbc6519a01b9c18ab73750cbadba50c8d7df Loading...

	njwcjyshepnz.buzz/static/js/foundation-1.5.3.min.js	ScriptElement	2.0 kB	2023-03-26	2025-04-13
Pretty URL njwcjyshepnz.buzz/static/js/foundation-1.5.3.min.js IP 172.67.207.189 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 04:59 Last Seen2025-04-13 04:35 Times Seen84 Hash 9490f490a06bd4bf6792ce37983eaff6 fa8ee3487a8439f716c84a108814369ca9cd5a65 6a4d30e96ef6e9eefaeea3b24e7a596ca561d0d3ba6ed7ba006d661196f9083e Loading...

	njwcjyshepnz.buzz/static/js/foundation-1.5.5.min.js?v=2	ScriptElement	437 B	2024-05-14	2025-05-11
Pretty URL njwcjyshepnz.buzz/static/js/foundation-1.5.5.min.js?v=2 IP 172.67.207.189 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-14 21:34 Last Seen2025-05-11 09:10 Times Seen22 Hash 5d8400d1a4a26853569b20ede20d63ac 2d63c9de39a24843e9c007359ae2bf9cb302d221 474f7135e67890fe3f1947345a0aff58a55b27e628fe51c1d9cc59e8b20cf281 Loading...

	njwcjyshepnz.buzz/	ScriptElement	317 B	2024-08-19	2024-12-24
Pretty URL njwcjyshepnz.buzz/ IP 172.67.207.189 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-19 15:24 Last Seen2024-12-24 10:39 Times Seen5 Hash cc4c5b8f0ad7f7d4f72e5f70ea26c392 01251bc42c159f00d9f6a2b68e61a550d1dff715 5bc0f2cdb6332d8417d0a5d332d6f74b2ebe1b50e367614da5821603b640bab5 Loading...

	unknown	Function	1.4 kB	2024-08-19	2024-08-19
Pretty Introduced by Function Embedded in HTML false Observations First Seen2024-08-19 15:24 Last Seen2024-08-19 15:24 Times Seen1 Hash 8515c22a833aa985c6d656a1bffe875c 825c7c0c0123a9ab60a13b9b976622498397bd44 4421bb91d34b2aeca500eaf81e1512da013e5469c63e1135472a889521ec0db2 Loading...

	oiu.xuys1.cn:8891/vj3/5944	ScriptElement	16 kB	2024-08-19	2024-08-19
Pretty URL oiu.xuys1.cn:8891/vj3/5944 IP 45.117.11.97 ASN #137697 CHINATELECOM JiangSu YangZhou IDC networkdescr: YangZhouJiangsu Province, P.R.China. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-19 15:24 Last Seen2024-08-19 15:24 Times Seen1 Hash c800d89cc66fec4f4f128917f661d81b 81aa193a12531ffdd3bbe5ebe6c3f02945ef5982 311debc80c6c24de33da262d929c762a12e0f4ea55d0dcafaec8e66f001abce0 Loading...

	njwcjyshepnz.buzz/	ScriptElement	514 B	2024-06-03	2025-02-05
Pretty URL njwcjyshepnz.buzz/ IP 172.67.207.189 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-06-03 19:05 Last Seen2025-02-05 17:38 Times Seen13 Hash be38acbd3119fd0f38dd289475fb81d8 34de7f441d7e479fbbf9d71472d98dcf05b95307 2db58a75ef26a9c8f8b9bf8bc0ccfe91d3fd299e82262c6cd2a51dbb03a06cbd Loading...

	unknown	Function	31 B	2023-04-13	2025-06-07
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-13 01:26 Last Seen2025-06-07 21:48 Times Seen566 Hash 6fec23fbedccec20c673f35ed1fbe640 acaeb77fe0ad039f68deb3d4ad58b494e824d64d b22c44bbddb885e610f7e23f75bb71bd652b2df26a7d5af9ef6385bc67b3aefc Loading...

	oiu.xuys1.cn:8891/vj3/5942	ScriptElement	16 kB	2024-08-19	2024-08-19
Pretty URL oiu.xuys1.cn:8891/vj3/5942 IP 45.117.11.97 ASN #137697 CHINATELECOM JiangSu YangZhou IDC networkdescr: YangZhouJiangsu Province, P.R.China. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-19 15:24 Last Seen2024-08-19 15:24 Times Seen1 Hash fe8cff7cc188d08097f543aee7f63b65 d9d8743d3a20e943886257cf5486ae4e6a812028 d9ef0060f29063f4546cf623735ea63184c27fa56921e2f6304d61e80945c0bd Loading...

	njwcjyshepnz.buzz/	ScriptElement	424 B	2023-06-10	2025-02-05
Pretty URL njwcjyshepnz.buzz/ IP 172.67.207.189 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-10 20:05 Last Seen2025-02-05 17:38 Times Seen14 Hash e3c987fd03649922ae3ca4034cc0983e 4316743440ac38cc2a10d7eec6cbefd14a991cfb cba191b7c86fcc65c69cc8744331f0fc4ae1ff173843e818e4743f9656559efd Loading...

	njwcjyshepnz.buzz/	ScriptElement	424 B	2023-06-10	2025-02-05
Pretty URL njwcjyshepnz.buzz/ IP 172.67.207.189 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-10 20:05 Last Seen2025-02-05 17:38 Times Seen22 Hash 38d0f05e4891aa0dd33616e6bc9132d8 4ebe7f98a9e9ece1515d250e44b99e8f6fe7e117 ba9bdfd88c1c0b85eeb2a9ef75595de795d0a0bee1dd34735e6a5b14aa59030e Loading...

	alxqq.xyz/js/adlm.js	ScriptElement	16 kB	2024-08-19	2024-08-19
Pretty URL alxqq.xyz/js/adlm.js IP 104.21.87.141 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-19 15:24 Last Seen2024-08-19 15:24 Times Seen1 Hash 669039b93efd60223200133664c7ebd9 f36202655d57310d196cf70f9d8a041ded7c80df d9cf52ef313f529a596db74f522cbe9a7263ab677be6ebb552c23f244025b48c Loading...

	njwcjyshepnz.buzz/static/js/jquery-2.2.4.min.js	ScriptElement	86 kB	2023-03-07	2025-06-08
Pretty URL njwcjyshepnz.buzz/static/js/jquery-2.2.4.min.js IP 172.67.207.189 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-06-08 03:25 Times Seen178292 Hash 2f6b11a7e914718e0290410e85366fe9 69bb69e25ca7d5ef0935317584e6153f3fd9a88c 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e Loading...

HTTP Transactions (66)

URL IP Response Size

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
1923cde36555abe065c52a358521a6f5
1cfff065ff7d9706aa7142cc99855769a50f642e
9bdc1a9c47d76dc96134b04996050573491d15a2d8b6be4157791b9d6f0766c9

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "9BDC1A9C47D76DC96134B04996050573491D15A2D8B6BE4157791B9D6F0766C9"
Last-Modified: Sat, 27 Jul 2024 06:56:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20246
Expires: Mon, 29 Jul 2024 11:32:32 GMT
Date: Mon, 29 Jul 2024 05:55:06 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
2d61bb5b56bc4df48e399a14ebeea8ca
60814ad62b84875481a3fc851280f608dbc0b4f6
504effa12a1ca53eac798bf38ea5a9edde08ec398b53c8de2885a94f133ea845

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "504EFFA12A1CA53EAC798BF38EA5A9EDDE08EC398B53C8DE2885A94F133EA845"
Last-Modified: Sat, 27 Jul 2024 06:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20185
Expires: Mon, 29 Jul 2024 11:31:31 GMT
Date: Mon, 29 Jul 2024 05:55:06 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
182b9c01b864c7d116c3fc28cbb58d6e
644efdd1cd6ee4e5d5ec976387b3dbf47ed51dc1
5d2cc1a96f886c04483d570f2fba83b9b430796d2faf9d6d115cca98bc6b713f

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "5D2CC1A96F886C04483D570F2FBA83B9B430796D2FAF9D6D115CCA98BC6B713F"
Last-Modified: Sat, 27 Jul 2024 06:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15938
Expires: Mon, 29 Jul 2024 10:20:45 GMT
Date: Mon, 29 Jul 2024 05:55:07 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
0b1ec2ddc6f2bdcb53c4a68f0dadfffa
6e2cca0a8a8c68f778c60628583b1c944c3cc2fc
7d7df3345b5736ccce59d0996a373c2ccc915b51d725a47131936cb170207467

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "7D7DF3345B5736CCCE59D0996A373C2CCC915B51D725A47131936CB170207467"
Last-Modified: Sat, 27 Jul 2024 06:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10813
Expires: Mon, 29 Jul 2024 08:55:20 GMT
Date: Mon, 29 Jul 2024 05:55:07 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
9a7aa74598eea5bc84f07fc2318a2e3c
5de3cab9a17f1d5becc592a7e890fdf7270f6f68
b91855e23d5499619d9f797b60209740f0c9b5c3514d0939124ac1afa6b577bf

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "B91855E23D5499619D9F797B60209740F0C9B5C3514D0939124AC1AFA6B577BF"
Last-Modified: Sat, 27 Jul 2024 06:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15345
Expires: Mon, 29 Jul 2024 10:10:54 GMT
Date: Mon, 29 Jul 2024 05:55:09 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
9a7aa74598eea5bc84f07fc2318a2e3c
5de3cab9a17f1d5becc592a7e890fdf7270f6f68
b91855e23d5499619d9f797b60209740f0c9b5c3514d0939124ac1afa6b577bf

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "B91855E23D5499619D9F797B60209740F0C9B5C3514D0939124AC1AFA6B577BF"
Last-Modified: Sat, 27 Jul 2024 06:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15345
Expires: Mon, 29 Jul 2024 10:10:54 GMT
Date: Mon, 29 Jul 2024 05:55:09 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
9a7aa74598eea5bc84f07fc2318a2e3c
5de3cab9a17f1d5becc592a7e890fdf7270f6f68
b91855e23d5499619d9f797b60209740f0c9b5c3514d0939124ac1afa6b577bf

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "B91855E23D5499619D9F797B60209740F0C9B5C3514D0939124AC1AFA6B577BF"
Last-Modified: Sat, 27 Jul 2024 06:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15345
Expires: Mon, 29 Jul 2024 10:10:54 GMT
Date: Mon, 29 Jul 2024 05:55:09 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
9a7aa74598eea5bc84f07fc2318a2e3c
5de3cab9a17f1d5becc592a7e890fdf7270f6f68
b91855e23d5499619d9f797b60209740f0c9b5c3514d0939124ac1afa6b577bf

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "B91855E23D5499619D9F797B60209740F0C9B5C3514D0939124AC1AFA6B577BF"
Last-Modified: Sat, 27 Jul 2024 06:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15345
Expires: Mon, 29 Jul 2024 10:10:54 GMT
Date: Mon, 29 Jul 2024 05:55:09 GMT
Connection: keep-alive

akhwbjyshezaxck.buzz/

104.21.64.60

301 Moved Permanently

13 kB

URL User Request GET HTTP/2
akhwbjyshezaxck.buzz/
IP
104.21.64.60:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectakhwbjyshezaxck.buzz
Fingerprint52:16:57:90:50:8F:90:F7:CD:53:99:17:07:42:94:96:97:A8:F9:69
ValiditySun, 14 Jul 2024 14:07:55 GMT - Sat, 12 Oct 2024 14:07:54 GMT

File type
data
Size
13 kB (13327 bytes)
Hash
ca237cb3e3a02d14bd11c467ec95a49e
39a019545f5d5e10251cc14ece8a3ccf467a57e7
569fc1f4e667b29bf198298bb55d1ac8e5b25cded54623ecf51dc21540698479

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: akhwbjyshezaxck.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Mon, 29 Jul 2024 05:55:07 GMT
content-type: text/html
location: https://njwcjyshepnz.buzz/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yiEVfCFYLZ9p%2FX0TyrVS%2Bb9EjG%2Bv5AGFRZkC62PKEp4SFwNFRKaUeyZ8mhhHRDX4gaIvpqWkqAIRVKlncw4eENZj3GQaiQ0ogkVDik%2F2cxfVBiXcMqB73W%2BwrVJNKuD49KvCVpXi0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8aaadbb2082c56ba-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

njwcjyshepnz.buzz/static/template/011/css/iconfont.css

172.67.207.189

200 OK

260 kB

URL GET HTTP/3
njwcjyshepnz.buzz/static/template/011/css/iconfont.css
IP
172.67.207.189:443
ASN
#13335 CLOUDFLARENET

Requested by
https://njwcjyshepnz.buzz/
Certificate
IssuerGoogle Trust Services
Subjectnjwcjyshepnz.buzz
Fingerprint87:1C:26:84:F7:2D:2A:08:B7:D3:E8:44:72:1E:13:C1:8C:83:FD:E6
ValidityMon, 08 Jul 2024 01:11:27 GMT - Sun, 06 Oct 2024 01:11:26 GMT

File type
gzip compressed data, from Unix
Size
260 kB (259770 bytes)
Hash
85dc626db813b209c3860433b8a46a4a
99427599215b9cdb41bc75f91159dab9a8c6a486
2a65c7b9b1b73c5d9cd9835fb678f111e41620f66c7bb6ff3c0d99a25f18a6ba

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/template/011/css/iconfont.css HTTP/1.1
Host: njwcjyshepnz.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://njwcjyshepnz.buzz/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 29 Jul 2024 05:55:09 GMT
content-type: text/css
last-modified: Fri, 02 Sep 2022 08:55:11 GMT
vary: Accept-Encoding
etag: W/"6311c4ef-cfe"
access-control-allow-origin: *
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y%2FpArtLquAaS8eMKO%2F27%2BukIZzRuLiyRzLuOfcztNgVN361tcVFHAqqS4lCcFA8U47WQXFg3LSGqUNO8yRHte0U3JXQ0kH9727NXrtxkUgP8ygzd0w9lwLjvPB%2FUdzXte5LzVA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8aaadbbcca0c1bfe-OSL
alt-svc: h3=":443"; ma=86400

ljcdn.kd-pic6669.com/20240707/P9iuMFuy/1.jpg

104.26.10.242

200 OK

136 kB

URL GET HTTP/2
ljcdn.kd-pic6669.com/20240707/P9iuMFuy/1.jpg
IP
104.26.10.242:443
ASN
#13335 CLOUDFLARENET

Requested by
https://njwcjyshepnz.buzz/
Certificate
IssuerGoogle Trust Services
Subjectkd-pic6669.com
FingerprintA4:23:1B:6B:5B:55:D5:42:81:F2:C3:6D:0A:C1:1F:9B:9C:BA:A8:AA
ValidityTue, 16 Jul 2024 13:05:32 GMT - Mon, 14 Oct 2024 13:05:31 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 718x404, components 3
Size
136 kB (136411 bytes)
Hash
97b60eb68bf29842bcfb7d816e0338ce
538016378fc386256f44b0ecc0d34333aec589fd
7e07c269e25b1b4b048f8c49077ccaca535a7081a4ab5637dade75db018d65c9

HTTP Headers

GET /20240707/P9iuMFuy/1.jpg HTTP/1.1
Host: ljcdn.kd-pic6669.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://njwcjyshepnz.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 29 Jul 2024 05:55:09 GMT
content-type: image/jpeg
content-length: 136411
access-control-allow-origin: *
cache-control: max-age=2592000
cf-bgj: h2pri
etag: "6689f0dc-214db"
expires: Wed, 28 Aug 2024 00:09:42 GMT
last-modified: Sun, 07 Jul 2024 01:35:24 GMT
access-control-allow-credentials: : true
cf-cache-status: HIT
age: 20727
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IOtSsBlGg%2FPO4qim12MIjGOOXaZ76H6TR7Gvpi292zZ%2BHXSto36fapAtoer%2Bql8VPJHF9zcSscxA9JPkXbh0%2FuPnj0DuHM3otYHYtLQCW9VxFWPWvmbDUTtOm8V%2FXc8xGKJcxIte"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8aaadbc2681e0afe-OSL
X-Firefox-Spdy: h2

ljcdn.kd-pic6669.com/20240728/A0ghmWV3/1.jpg

104.26.10.242

200 OK

67 kB

URL GET HTTP/2
ljcdn.kd-pic6669.com/20240728/A0ghmWV3/1.jpg
IP
104.26.10.242:443
ASN
#13335 CLOUDFLARENET

Requested by
https://njwcjyshepnz.buzz/
Certificate
IssuerGoogle Trust Services
Subjectkd-pic6669.com
FingerprintA4:23:1B:6B:5B:55:D5:42:81:F2:C3:6D:0A:C1:1F:9B:9C:BA:A8:AA
ValidityTue, 16 Jul 2024 13:05:32 GMT - Mon, 14 Oct 2024 13:05:31 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1080x607, components 3
Size
67 kB (67326 bytes)
Hash
dbbcf150fb170c32e9411c064b23c188
3f131ff69cccf4017c9a4a0f9ac71b4a254dc5a5
8b566c9476f2f8dbdc22218ae883e7e56ff7891234bd9bbaec7d46ff3ba858af

HTTP Headers

GET /20240728/A0ghmWV3/1.jpg HTTP/1.1
Host: ljcdn.kd-pic6669.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://njwcjyshepnz.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 29 Jul 2024 05:55:09 GMT
content-type: image/jpeg
content-length: 67326
access-control-allow-origin: *
cache-control: max-age=2592000
cf-bgj: h2pri
etag: "66a57ae7-106fe"
expires: Tue, 27 Aug 2024 03:23:02 GMT
last-modified: Sat, 27 Jul 2024 22:55:35 GMT
access-control-allow-credentials: : true
cf-cache-status: HIT
age: 95527
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nXdvgBNQFKci1a7TX8zCs4dopDb3OOog9C0MgzhNNCDz0XqvIPDjm5G0os2IbmO8pnAMJdPQWAkP5ggiRnjFMGPR2oKTTvnAIhCrPqBk31Mh6HF5gy5iLpT2a7GrsSNcQRHVRlal"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8aaadbc3288c0afe-OSL
X-Firefox-Spdy: h2

ljcdn.kd-pic6669.com/20240729/jDOeMObb/1.jpg

104.26.10.242

200 OK

140 kB

URL GET HTTP/2
ljcdn.kd-pic6669.com/20240729/jDOeMObb/1.jpg
IP
104.26.10.242:443
ASN
#13335 CLOUDFLARENET

Requested by
https://njwcjyshepnz.buzz/
Certificate
IssuerGoogle Trust Services
Subjectkd-pic6669.com
FingerprintA4:23:1B:6B:5B:55:D5:42:81:F2:C3:6D:0A:C1:1F:9B:9C:BA:A8:AA
ValidityTue, 16 Jul 2024 13:05:32 GMT - Mon, 14 Oct 2024 13:05:31 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 718x404, components 3
Size
140 kB (140166 bytes)
Hash
9a2df88f866369b1b03a6bf4c41ce7f7
d33698437d25b0224bce9eb04df4cb0f2945b678
6317bb7adcfbaeacb029965b24801433ba6729b7fe507629de4fa78ce992c4f8

HTTP Headers

GET /20240729/jDOeMObb/1.jpg HTTP/1.1
Host: ljcdn.kd-pic6669.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://njwcjyshepnz.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 29 Jul 2024 05:55:09 GMT
content-type: image/jpeg
content-length: 140166
access-control-allow-origin: *
cache-control: max-age=2592000
cf-bgj: h2pri
etag: "66a6fde0-22386"
expires: Wed, 28 Aug 2024 05:07:30 GMT
last-modified: Mon, 29 Jul 2024 02:26:40 GMT
access-control-allow-credentials: : true
cf-cache-status: HIT
age: 2859
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=21oVlUMQKFKh8R34zDVY7%2FAS6IzjluRX007VYfvNDs2msZwvcuvMFJjSdSPRlgjY6O8mc9Mk%2BjuIznXYXO1yiDleOT5f9u1lsglv5kncvGmki29lEUd8sgbIMVj9eMYYhQxfD6yZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8aaadbc3288f0afe-OSL
X-Firefox-Spdy: h2

fmtu.slinpic.com/upload/vod/20240728-1/5861b3061f172f6ba59b892f1bcb2fb1.jpg

104.26.10.58

200 OK

151 kB

URL GET HTTP/2
fmtu.slinpic.com/upload/vod/20240728-1/5861b3061f172f6ba59b892f1bcb2fb1.jpg
IP
104.26.10.58:443
ASN
#13335 CLOUDFLARENET

Requested by
https://njwcjyshepnz.buzz/
Certificate
IssuerGoogle Trust Services
Subjectslinpic.com
FingerprintBC:17:C6:D9:77:CA:79:12:A4:C7:11:18:A1:FA:94:60:AB:37:0E:50
ValidityThu, 11 Jul 2024 08:25:53 GMT - Wed, 09 Oct 2024 08:25:52 GMT

File type
JPEG image data, baseline, precision 8, 800x538, components 3
Size
151 kB (150810 bytes)
Hash
a764ca497ac09c84536759665f2739c0
5d291c6fcfcac3edc9ea9bc8afa1867795b4f161
0b056bcd569aa0f1b9c4afa42921d736b652dedf2e4b4077d9395d88cc9f4f07

HTTP Headers

GET /upload/vod/20240728-1/5861b3061f172f6ba59b892f1bcb2fb1.jpg HTTP/1.1
Host: fmtu.slinpic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://njwcjyshepnz.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 29 Jul 2024 05:55:10 GMT
content-type: image/jpeg
content-length: 150810
access-control-allow-origin: *
cf-bgj: h2pri
etag: "66a5d564-24d1a"
last-modified: Sun, 28 Jul 2024 05:21:40 GMT
access-control-allow-credentials: true
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bef969j6JVqBi4GCrOqHYWdVztAaDxKS%2BAbslBK6pUmJYF4yHtq4T%2FIOawPUWfcUYhHp5iJ3pLWvcWHNIXwYQrVu3WESKiiMVXkL3itbsfyTor%2FGzQIWE4c9Sb%2BV5xtK0%2BM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8aaadbc278ac0b06-OSL
X-Firefox-Spdy: h2

bjqug.xyz/img/wnsr960x803.gif

104.21.74.179

200 OK

369 kB

URL GET HTTP/3
bjqug.xyz/img/wnsr960x803.gif
IP
104.21.74.179:443
ASN
#13335 CLOUDFLARENET

Requested by
https://njwcjyshepnz.buzz/
Certificate
IssuerCloudflare, Inc.
Subjectbjqug.xyz
Fingerprint07:6D:66:4C:E1:35:70:F0:99:9B:37:6F:66:14:B7:47:3C:8C:BA:AD
ValidityWed, 21 Feb 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
GIF image data, version 89a, 960 x 80
Size
369 kB (369414 bytes)
Hash
e9e75ef3578e3d129ecc03992504f6ea
9ab1c878e3d73621f3e8930deede26c722320437
c0e911b492e5b9cef6787ea62d91f60072cf6db0ed84b246e1821dbf6fe3238d

HTTP Headers

GET /img/wnsr960x803.gif HTTP/1.1
Host: bjqug.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://njwcjyshepnz.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 29 Jul 2024 05:55:10 GMT
content-type: image/gif
content-length: 369414
last-modified: Wed, 28 Dec 2022 12:09:17 GMT
etag: "63ac31ed-5a306"
expires: Mon, 12 Aug 2024 15:30:05 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 1347905
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cmZKwH6gSTOGBl5hSab4PpzuVnF8Dw5Gi3Ff7ZMIOvC46xbMevGr2D6gasTsK4ug01b1T1nSErWhlfwCC9b7kJJ2XvU%2By7kDMBqqHki%2BYv3XkhSsrve5bdEJa5Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8aaadbc49f8956a9-OSL
alt-svc: h3=":443"; ma=86400

bjqug.xyz/img/xpj3960x80.gif

104.21.74.179

200 OK

64 kB

URL GET HTTP/3
bjqug.xyz/img/xpj3960x80.gif
IP
104.21.74.179:443
ASN
#13335 CLOUDFLARENET

Requested by
https://njwcjyshepnz.buzz/
Certificate
IssuerCloudflare, Inc.
Subjectbjqug.xyz
Fingerprint07:6D:66:4C:E1:35:70:F0:99:9B:37:6F:66:14:B7:47:3C:8C:BA:AD
ValidityWed, 21 Feb 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
GIF image data, version 89a, 960 x 80
Size
64 kB (63698 bytes)
Hash
e7a5980477484771337359108a7d58f2
d8a81935ae7fc70b38175ac7b84412d6ccab03c1
f32bc469670e00531379916baa0dbab9f261456132e0d93607e18c4ec65f0590

HTTP Headers

GET /img/xpj3960x80.gif HTTP/1.1
Host: bjqug.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://njwcjyshepnz.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 29 Jul 2024 05:55:10 GMT
content-type: image/gif
content-length: 63698
last-modified: Wed, 28 Dec 2022 12:09:18 GMT
etag: "63ac31ee-f8d2"
expires: Sun, 11 Aug 2024 06:53:19 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 1465311
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WWnqwtQkEWcsHYNHShcjNZU44coQYDPnSC6Uob0Mb%2Fo8H0mNK5TVW%2BJQlrA4pFqnFjaOU68x16F5hC8hHZqt0pSaZOUbi6Nln8Nqhe3NqWHrj34ZWePAYNtknkY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8aaadbc49f8b56a9-OSL
alt-svc: h3=":443"; ma=86400

bjqug.xyz/img/tyc960x803.gif

104.21.74.179

200 OK

460 kB

URL GET HTTP/3
bjqug.xyz/img/tyc960x803.gif
IP
104.21.74.179:443
ASN
#13335 CLOUDFLARENET

Requested by
https://njwcjyshepnz.buzz/
Certificate
IssuerCloudflare, Inc.
Subjectbjqug.xyz
Fingerprint07:6D:66:4C:E1:35:70:F0:99:9B:37:6F:66:14:B7:47:3C:8C:BA:AD
ValidityWed, 21 Feb 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
GIF image data, version 89a, 960 x 80
Size
460 kB (459926 bytes)
Hash
6d6d9238a84b0e7b97fc17dfe8a8649e
21f3576af89a5f782f9e7d0831c8565aa1037884
edb4f57856d11d24a08338bb8c37b6a164c0268d71f547e2050af0f7a45352d0

HTTP Headers

GET /img/tyc960x803.gif HTTP/1.1
Host: bjqug.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://njwcjyshepnz.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 29 Jul 2024 05:55:10 GMT
content-type: image/gif
content-length: 459926
last-modified: Wed, 28 Dec 2022 12:09:16 GMT
etag: "63ac31ec-70496"
expires: Sun, 04 Aug 2024 08:48:19 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 2063211
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H%2BEjEDFu3g8ynziZ2Gq64e6s3vsjjB0jXJG9psv5LRg%2FGAQfiscnZwIFpClA4DLP9%2Bgs34IVt35mBBqJ%2BLLOsYXgGWdb%2FX48ZqzioAto00gtAZUDXQdKADj4Xno%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8aaadbc4af9656a9-OSL
alt-svc: h3=":443"; ma=86400

bjqug.xyz/img/js3960x80.gif

104.21.74.179

200 OK

791 kB

URL GET HTTP/3
bjqug.xyz/img/js3960x80.gif
IP
104.21.74.179:443
ASN
#13335 CLOUDFLARENET

Requested by
https://njwcjyshepnz.buzz/
Certificate
IssuerCloudflare, Inc.
Subjectbjqug.xyz
Fingerprint07:6D:66:4C:E1:35:70:F0:99:9B:37:6F:66:14:B7:47:3C:8C:BA:AD
ValidityWed, 21 Feb 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
GIF image data, version 89a, 960 x 80
Size
791 kB (790871 bytes)
Hash
b633258f260703d31a52c872a0d6c761
c69390420e7e29b27dcd779e9fe024ef68749beb
9f7fb2bcc8a152506965588375928b62179887b45fd3dc4aad53f10d9ed88918

HTTP Headers

GET /img/js3960x80.gif HTTP/1.1
Host: bjqug.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://njwcjyshepnz.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 29 Jul 2024 05:55:10 GMT
content-type: image/gif
content-length: 790871
last-modified: Wed, 28 Dec 2022 12:09:20 GMT
etag: "63ac31f0-c1157"
expires: Sat, 10 Aug 2024 20:02:44 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 1504346
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7JlvyvDEZULUxjYbsinbdbR%2Fvkkt2D1gKigIfgPu8SXxfLyTwTkPqjonkY%2F8WuF%2Bg2q0lsjqpOiGHBMp%2Fhtcm8syrodZD4rrhk0mSnEYrYXsKenSefwVrh5quWU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8aaadbc49f8756a9-OSL
alt-svc: h3=":443"; ma=86400

ljcdn.kd-pic6669.com/20240706/AB0vWcjJ/1.jpg

104.26.10.242

200 OK

26 kB

URL GET HTTP/2
ljcdn.kd-pic6669.com/20240706/AB0vWcjJ/1.jpg
IP
104.26.10.242:443
ASN
#13335 CLOUDFLARENET

Requested by
https://njwcjyshepnz.buzz/
Certificate
IssuerGoogle Trust Services
Subjectkd-pic6669.com
FingerprintA4:23:1B:6B:5B:55:D5:42:81:F2:C3:6D:0A:C1:1F:9B:9C:BA:A8:AA
ValidityTue, 16 Jul 2024 13:05:32 GMT - Mon, 14 Oct 2024 13:05:31 GMT

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 718x404, components 3
Size
26 kB (26192 bytes)
Hash
763d6e1e3d334b6e3c90578b251a40f8
dfff3dc00aaefed14353705de2a37f80c2165c97
26ace8bf79a8be187a1cce409fdbdaea9dc7f1066b6ec9c4ce0eceb12016744b

HTTP Headers

GET /20240706/AB0vWcjJ/1.jpg HTTP/1.1
Host: ljcdn.kd-pic6669.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://njwcjyshepnz.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 29 Jul 2024 05:55:10 GMT
content-type: image/jpeg
content-length: 26192
last-modified: Sat, 06 Jul 2024 04:47:24 GMT
etag: "6688cc5c-6650"
expires: Wed, 28 Aug 2024 05:55:10 GMT
cache-control: max-age=2592000
access-control-allow-credentials: : true
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yT8db%2FA09C4%2FobyURFhDdYvmrM6qN2drBvPBTlPsoZ9kJgAwCgSkZnXzviN%2FNkxjx%2BrCOMe28USL%2BPpn1YbxpMcPp%2F%2Ffcs5p8%2FALdJhdAFo8Qrjg%2B7q1NQqbedZFzeQ1s9A6DbP2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8aaadbc3188b0afe-OSL
X-Firefox-Spdy: h2

njwcjyshepnz.buzz/static/template/011/css/stui_block.css

172.67.207.189

200 OK

87 kB

URL GET HTTP/3
njwcjyshepnz.buzz/static/template/011/css/stui_block.css
IP
172.67.207.189:443
ASN
#13335 CLOUDFLARENET

Requested by
https://njwcjyshepnz.buzz/
Certificate
IssuerGoogle Trust Services
Subjectnjwcjyshepnz.buzz
Fingerprint87:1C:26:84:F7:2D:2A:08:B7:D3:E8:44:72:1E:13:C1:8C:83:FD:E6
ValidityMon, 08 Jul 2024 01:11:27 GMT - Sun, 06 Oct 2024 01:11:26 GMT

File type
gzip compressed data, from Unix
Size
87 kB (86753 bytes)
Hash
18cf2d3a85f9179bf17dbb741fe280c5
413ffa11b589111be594313f773b664e14c43a80
2a5f21f73690516938ad527eeac9df7fe0f397fc75d5a7a407e0719f81e4cdcd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/template/011/css/stui_block.css HTTP/1.1
Host: njwcjyshepnz.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://njwcjyshepnz.buzz/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 29 Jul 2024 05:55:09 GMT
content-type: text/css
last-modified: Fri, 02 Sep 2022 08:55:11 GMT
vary: Accept-Encoding
etag: W/"6311c4ef-8293"
access-control-allow-origin: *
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uK%2F7LvVFFBNv%2BbtFtriVZWLtmbasZ%2FajgTX2s3x73ZQ5hafRs05Qlq%2BlhfrC3qQX%2Fpt%2FzzSjG7Cx14tz%2FrA386FAa8rMkRxJctcO%2FZItbQKoMtZqRmyrbFFNoIEMbvonyIsHuw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8aaadbbcca0d1bfe-OSL
alt-svc: h3=":443"; ma=86400

ljcdn.kd-pic6669.com/20240729/cP8pdEO4/1.jpg

104.26.10.242

200 OK

122 kB

URL GET HTTP/2
ljcdn.kd-pic6669.com/20240729/cP8pdEO4/1.jpg
IP
104.26.10.242:443
ASN
#13335 CLOUDFLARENET

Requested by
https://njwcjyshepnz.buzz/
Certificate
IssuerGoogle Trust Services
Subjectkd-pic6669.com
FingerprintA4:23:1B:6B:5B:55:D5:42:81:F2:C3:6D:0A:C1:1F:9B:9C:BA:A8:AA
ValidityTue, 16 Jul 2024 13:05:32 GMT - Mon, 14 Oct 2024 13:05:31 GMT

File type
PNG image data, 718 x 404, 8-bit colormap, non-interlaced
Size
122 kB (122533 bytes)
Hash
a72869e9bbdeb4bac5ecde22cbf90964
5612cf8b77df38982f7834561f0a59ea09156fcb
51aee534e454938a7dfd6d5eb5840c99e9b8347f5847c1bad25cc27122fa2491

HTTP Headers

GET /20240729/cP8pdEO4/1.jpg HTTP/1.1
Host: ljcdn.kd-pic6669.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://njwcjyshepnz.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 29 Jul 2024 05:55:10 GMT
content-type: image/jpeg
content-length: 122533
last-modified: Mon, 29 Jul 2024 02:15:11 GMT
etag: "66a6fb2f-1dea5"
expires: Wed, 28 Aug 2024 05:55:10 GMT
cache-control: max-age=2592000
access-control-allow-credentials: : true
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8Dee45x4hCP2LJTtsEh1timFeGcajCcIFQzA2E394%2BXt7gbQlTLW1pWao0xSYsGt42iYoJAOIAJ%2F8STUUPu2KaUw6brLfQAV3nDx7EZWpte7ddP2OSIya4P2tUpFMr3TyHfL9U1s"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8aaadbc318860afe-OSL
X-Firefox-Spdy: h2

njwcjyshepnz.buzz/static/template/011/css/stui_block_color.css

172.67.207.189

200 OK

218 kB

URL GET HTTP/3
njwcjyshepnz.buzz/static/template/011/css/stui_block_color.css
IP
172.67.207.189:443
ASN
#13335 CLOUDFLARENET

Requested by
https://njwcjyshepnz.buzz/
Certificate
IssuerGoogle Trust Services
Subjectnjwcjyshepnz.buzz
Fingerprint87:1C:26:84:F7:2D:2A:08:B7:D3:E8:44:72:1E:13:C1:8C:83:FD:E6
ValidityMon, 08 Jul 2024 01:11:27 GMT - Sun, 06 Oct 2024 01:11:26 GMT

File type
gzip compressed data, from Unix
Size
218 kB (218096 bytes)
Hash
59040cf61d52aaaad7ae27d11bf0ac2a
90ec369627c48f8a6af147c2242101c0a76f2e0b
e17a0cfde2cadb27d11d2063f27e378c595d1e35e4c6bec7dd437212b3ebbb6a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/template/011/css/stui_block_color.css HTTP/1.1
Host: njwcjyshepnz.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://njwcjyshepnz.buzz/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 29 Jul 2024 05:55:09 GMT
content-type: text/css
last-modified: Fri, 02 Sep 2022 08:55:11 GMT
vary: Accept-Encoding
etag: W/"6311c4ef-176c"
access-control-allow-origin: *
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bauBca8TynbYOhAxdZ%2FHbmAnYqiHrpq%2F3RGJ0A%2Bnt423rBEPdDhxWXx21w8FkZxf8V74993Cefqk2sJJdzTwBnYWnCjqNGB1YtQgx8iOr47pFrcYllXNmI1icvZ%2Bw1t2oMm7FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8aaadbbcca101bfe-OSL
alt-svc: h3=":443"; ma=86400

njwcjyshepnz.buzz/static/js/foundation-1.5.5.min.js?v=2

172.67.207.189

200 OK

203 kB

URL GET HTTP/3
njwcjyshepnz.buzz/static/js/foundation-1.5.5.min.js?v=2
IP
172.67.207.189:443
ASN
#13335 CLOUDFLARENET

Requested by
https://njwcjyshepnz.buzz/
Certificate
IssuerGoogle Trust Services
Subjectnjwcjyshepnz.buzz
Fingerprint87:1C:26:84:F7:2D:2A:08:B7:D3:E8:44:72:1E:13:C1:8C:83:FD:E6
ValidityMon, 08 Jul 2024 01:11:27 GMT - Sun, 06 Oct 2024 01:11:26 GMT

File type
ASCII text, with CRLF line terminators
Size
203 kB (203316 bytes)
Hash
5d8400d1a4a26853569b20ede20d63ac
2d63c9de39a24843e9c007359ae2bf9cb302d221
474f7135e67890fe3f1947345a0aff58a55b27e628fe51c1d9cc59e8b20cf281

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/js/foundation-1.5.5.min.js?v=2 HTTP/1.1
Host: njwcjyshepnz.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://njwcjyshepnz.buzz/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 29 Jul 2024 05:55:09 GMT
content-type: application/javascript
last-modified: Fri, 15 Mar 2024 02:30:21 GMT
etag: W/"65f3b2bd-1b5"
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GKJytL7jFUhvrQK46%2FxwNIxNdpaxZuDqXi%2FP5kawe7lSl%2FwGket03CI6LsufpAcS%2BZfgeVdgx4qDLqLpbie%2Fb%2F%2BA0j%2Bf88nmbfKgXqHwN6DT5%2B%2FQevAAQ87zCq%2B3suz12nlndg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8aaadbbd2a3c1bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

njwcjyshepnz.buzz/static/js/foundation-1.5.3.min.js

172.67.207.189

200 OK

185 kB

URL GET HTTP/3
njwcjyshepnz.buzz/static/js/foundation-1.5.3.min.js
IP
172.67.207.189:443
ASN
#13335 CLOUDFLARENET

Requested by
https://njwcjyshepnz.buzz/
Certificate
IssuerGoogle Trust Services
Subjectnjwcjyshepnz.buzz
Fingerprint87:1C:26:84:F7:2D:2A:08:B7:D3:E8:44:72:1E:13:C1:8C:83:FD:E6
ValidityMon, 08 Jul 2024 01:11:27 GMT - Sun, 06 Oct 2024 01:11:26 GMT

File type
gzip compressed data, from Unix
Size
185 kB (185238 bytes)
Hash
050b6d9e8047c76ba78daa792dcfa81c
d3ac6015dc3c8f7bcf11a55292bc8d1440c2f18a
637bf0b338bfe4024a667796f0cbb88d5f6ce6114bf81bc27bd9ae13c6cca39a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/js/foundation-1.5.3.min.js HTTP/1.1
Host: njwcjyshepnz.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://njwcjyshepnz.buzz/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 29 Jul 2024 05:55:09 GMT
content-type: application/javascript
last-modified: Thu, 14 Mar 2024 10:18:26 GMT
vary: Accept-Encoding
etag: W/"65f2cef2-7bb"
access-control-allow-origin: *
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iWSKtrgJxmT6wOQAdhy2axTInkm1HdZqezjtclMuW2pnNNNPugGfeZpSo5pIKn%2Beh%2Bn%2B9mxcQgMB31xYn5xLuXiUd1e%2FjyozHxTMrDSpglMwDaX4SsxeSPCswSwlDuZMVaRF5Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8aaadbbd2a3d1bfe-OSL
alt-svc: h3=":443"; ma=86400

njwcjyshepnz.buzz/static/js/jquery-2.2.4.min.js

172.67.207.189

200 OK

205 kB

URL GET HTTP/3
njwcjyshepnz.buzz/static/js/jquery-2.2.4.min.js
IP
172.67.207.189:443
ASN
#13335 CLOUDFLARENET

Requested by
https://njwcjyshepnz.buzz/
Certificate
IssuerGoogle Trust Services
Subjectnjwcjyshepnz.buzz
Fingerprint87:1C:26:84:F7:2D:2A:08:B7:D3:E8:44:72:1E:13:C1:8C:83:FD:E6
ValidityMon, 08 Jul 2024 01:11:27 GMT - Sun, 06 Oct 2024 01:11:26 GMT

File type
gzip compressed data, from Unix
Size
205 kB (205233 bytes)
Hash
918c90c81115016f7c554f5b468fc4c5
0ebb62b19c912f6388745d765ce2a2ee88cf82a5
619a3be82c90ac84d4a71237ca6067cc4a10e7a26d3a1b34ca02e3f46652bbca

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/js/jquery-2.2.4.min.js HTTP/1.1
Host: njwcjyshepnz.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://njwcjyshepnz.buzz/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 29 Jul 2024 05:55:09 GMT
content-type: application/javascript
last-modified: Tue, 15 Nov 2022 10:20:06 GMT
vary: Accept-Encoding
etag: W/"637367d6-14e4a"
access-control-allow-origin: *
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oVI1Jl5sK8QYZpWXZlHTcDazqXxRs%2FhjmODXXOQomQbuZ3G5MKkvqDG%2FUv0ZN8QIfyqxYqI1WzorgCahgaXn6qtBRATPgY98AqNvAGQrmZlyLMKhfYd0ZraXb3dz6vjJcm9kcw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8aaadbbd2a3b1bfe-OSL
alt-svc: h3=":443"; ma=86400

ljcdn.kd-pic6669.com/20240709/S9NPKJ5F/1.jpg

104.26.10.242

200 OK

123 kB

URL GET HTTP/2
ljcdn.kd-pic6669.com/20240709/S9NPKJ5F/1.jpg
IP
104.26.10.242:443
ASN
#13335 CLOUDFLARENET

Requested by
https://njwcjyshepnz.buzz/
Certificate
IssuerGoogle Trust Services
Subjectkd-pic6669.com
FingerprintA4:23:1B:6B:5B:55:D5:42:81:F2:C3:6D:0A:C1:1F:9B:9C:BA:A8:AA
ValidityTue, 16 Jul 2024 13:05:32 GMT - Mon, 14 Oct 2024 13:05:31 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 718x334, components 3
Size
123 kB (123368 bytes)
Hash
6879ee28f43f55c778ad899e51c2b801
3ab259022c0309f82ec642f892b522f0f4cd5425
dcf78345905f8459dae1f01a956e2eb9367102cad0d4123c2960e7d1d9bee467

HTTP Headers

GET /20240709/S9NPKJ5F/1.jpg HTTP/1.1
Host: ljcdn.kd-pic6669.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://njwcjyshepnz.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 29 Jul 2024 05:55:10 GMT
content-type: image/jpeg
content-length: 123368
last-modified: Mon, 08 Jul 2024 23:31:09 GMT
etag: "668c76bd-1e1e8"
expires: Wed, 28 Aug 2024 05:55:10 GMT
cache-control: max-age=2592000
access-control-allow-credentials: : true
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O1hJMWRSCKNpTbeyUQ6PnZTQU8s93MccY14RDo7Za8o5GNBc8wlhOzEEcnXdwq%2Fu6BuocPf1PbZtK8w7yANi7sxADHCgwKBgdqU%2FYmZB4u3%2F%2B1gXB0ZH5yvzNp0Wros%2Fs7X%2Bf8B5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8aaadbc3288e0afe-OSL
X-Firefox-Spdy: h2

ljcdn.kd-pic6669.com/20240729/aSrAs8Cp/1.jpg

104.26.10.242

200 OK

244 kB

URL GET HTTP/2
ljcdn.kd-pic6669.com/20240729/aSrAs8Cp/1.jpg
IP
104.26.10.242:443
ASN
#13335 CLOUDFLARENET

Requested by
https://njwcjyshepnz.buzz/
Certificate
IssuerGoogle Trust Services
Subjectkd-pic6669.com
FingerprintA4:23:1B:6B:5B:55:D5:42:81:F2:C3:6D:0A:C1:1F:9B:9C:BA:A8:AA
ValidityTue, 16 Jul 2024 13:05:32 GMT - Mon, 14 Oct 2024 13:05:31 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 718x404, components 3
Size
244 kB (243904 bytes)
Hash
02fddcfdb9e8a9b1b761af849d796de7
c9e0ce5e4b877589acd536ec39dfad1016f69101
2320610fe6ae21060b12e32c466516e7ba6082b5a1eff4374eafb5903fdaf674

HTTP Headers

GET /20240729/aSrAs8Cp/1.jpg HTTP/1.1
Host: ljcdn.kd-pic6669.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://njwcjyshepnz.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 29 Jul 2024 05:55:10 GMT
content-type: image/jpeg
content-length: 243904
last-modified: Mon, 29 Jul 2024 02:14:06 GMT
etag: "66a6faee-3b8c0"
expires: Wed, 28 Aug 2024 05:55:10 GMT
cache-control: max-age=2592000
access-control-allow-credentials: : true
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RIXvWbyttjRT0YL1RxjfeZ%2BV7Mha0enzNkjI78YDy8xFR4IfVitk6JQTnmtGNrKDyF7J2vJ141FCZ8JGoX%2B%2BqFeUcvTK%2BMLLcs6s%2B8lytcgUtrVTtqabHPpm7ZbZKDmXvmcBXhQM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8aaadbc288330afe-OSL
X-Firefox-Spdy: h2

ljcdn.kd-pic6669.com/20240729/4wHnOYU9/1.jpg

104.26.10.242

200 OK

259 kB

URL GET HTTP/2
ljcdn.kd-pic6669.com/20240729/4wHnOYU9/1.jpg
IP
104.26.10.242:443
ASN
#13335 CLOUDFLARENET

Requested by
https://njwcjyshepnz.buzz/
Certificate
IssuerGoogle Trust Services
Subjectkd-pic6669.com
FingerprintA4:23:1B:6B:5B:55:D5:42:81:F2:C3:6D:0A:C1:1F:9B:9C:BA:A8:AA
ValidityTue, 16 Jul 2024 13:05:32 GMT - Mon, 14 Oct 2024 13:05:31 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 718x404, components 3
Size
259 kB (258772 bytes)
Hash
3a1ae3838ff10a90a0a9fdfc2758b4c9
cb0003eceae99471f953640e423b7e0bfc8fcb22
ff3f381dda2ca4555e720d413c86cba711b4bf42c162e075c0081a92d077c131

HTTP Headers

GET /20240729/4wHnOYU9/1.jpg HTTP/1.1
Host: ljcdn.kd-pic6669.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://njwcjyshepnz.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 29 Jul 2024 05:55:10 GMT
content-type: image/jpeg
content-length: 258772
last-modified: Mon, 29 Jul 2024 02:32:59 GMT
etag: "66a6ff5b-3f2d4"
expires: Wed, 28 Aug 2024 05:55:10 GMT
cache-control: max-age=2592000
access-control-allow-credentials: : true
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l7lZ2hAFXjTRKjCRK7MJKLFNDRnoSs52rFFeyToWtsF%2B6a4elLCoh%2B09WUoMI5CiQdJYTff1X1THr9t8VCB0M0Evz%2FD2lY9oiHU7EF9XHffok1BiyGMd1scBKugQllPPalBUtRkD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8aaadbc268190afe-OSL
X-Firefox-Spdy: h2

njwcjyshepnz.buzz/static/template/011/css/stui_default.css

172.67.207.189

200 OK

256 kB

URL GET HTTP/3
njwcjyshepnz.buzz/static/template/011/css/stui_default.css
IP
172.67.207.189:443
ASN
#13335 CLOUDFLARENET

Requested by
https://njwcjyshepnz.buzz/
Certificate
IssuerGoogle Trust Services
Subjectnjwcjyshepnz.buzz
Fingerprint87:1C:26:84:F7:2D:2A:08:B7:D3:E8:44:72:1E:13:C1:8C:83:FD:E6
ValidityMon, 08 Jul 2024 01:11:27 GMT - Sun, 06 Oct 2024 01:11:26 GMT

File type
gzip compressed data, from Unix
Size
256 kB (255473 bytes)
Hash
2e7411445422bfd19475d0c3548db2ef
ca796e5b8e99f8cc3cef4a7d5448bd677ba408c7
c45096a0e472a17159401f75277aa8c3846a160d1881a905d8af671acbe3aa05

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/template/011/css/stui_default.css HTTP/1.1
Host: njwcjyshepnz.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://njwcjyshepnz.buzz/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 29 Jul 2024 05:55:09 GMT
content-type: text/css
last-modified: Fri, 02 Sep 2022 08:55:11 GMT
vary: Accept-Encoding
etag: W/"6311c4ef-21df"
access-control-allow-origin: *
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1xdyONfIzi0IKlJe09Y2wda2O84P3T8cBM20bDi22uTYpOC98QlOgylo3ugM0tNiWB1fSx%2BWDrQIk0CgBlV%2BIu8ik3%2BPNoHGzxFX8pwa6XocL6DClFSMcMCbZocfuSWObbW7zw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8aaadbbd1a341bfe-OSL
alt-svc: h3=":443"; ma=86400

ljcdn.kd-pic6669.com/20240729/swKZHRN7/1.jpg

104.26.10.242

200 OK

189 kB

URL GET HTTP/2
ljcdn.kd-pic6669.com/20240729/swKZHRN7/1.jpg
IP
104.26.10.242:443
ASN
#13335 CLOUDFLARENET

Requested by
https://njwcjyshepnz.buzz/
Certificate
IssuerGoogle Trust Services
Subjectkd-pic6669.com
FingerprintA4:23:1B:6B:5B:55:D5:42:81:F2:C3:6D:0A:C1:1F:9B:9C:BA:A8:AA
ValidityTue, 16 Jul 2024 13:05:32 GMT - Mon, 14 Oct 2024 13:05:31 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 718x404, components 3
Size
189 kB (189024 bytes)
Hash
423e2c86bdd3b15b0b226f17427c88d7
a89cfe034fff8782ef2a179b3772707450e21977
c285ff34e3e4b160869196e00b0d911fbede355bebbfe6f2b702c08244efbaad

HTTP Headers

GET /20240729/swKZHRN7/1.jpg HTTP/1.1
Host: ljcdn.kd-pic6669.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://njwcjyshepnz.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 29 Jul 2024 05:55:10 GMT
content-type: image/jpeg
content-length: 189024
last-modified: Mon, 29 Jul 2024 02:26:11 GMT
etag: "66a6fdc3-2e260"
expires: Wed, 28 Aug 2024 05:55:10 GMT
cache-control: max-age=2592000
access-control-allow-credentials: : true
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wzMz%2FHTozrbsyMs%2BTHm1snYz2T9F76IrR%2Fe1Vnv1HQ18Euu5kgc%2FoFrNC7D1n6oGBq7NB2aXo2Y61yypgw4hxsf6CZ2fsrCfvgToHIOI1OXQNVMBMt8n3455z4i5h8rodKqtDOQl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8aaadbc3087f0afe-OSL
X-Firefox-Spdy: h2

ljcdn.kd-pic6669.com/20240729/lcYIfGl1/1.jpg

104.26.10.242

200 OK

349 kB

URL GET HTTP/2
ljcdn.kd-pic6669.com/20240729/lcYIfGl1/1.jpg
IP
104.26.10.242:443
ASN
#13335 CLOUDFLARENET

Requested by
https://njwcjyshepnz.buzz/
Certificate
IssuerGoogle Trust Services
Subjectkd-pic6669.com
FingerprintA4:23:1B:6B:5B:55:D5:42:81:F2:C3:6D:0A:C1:1F:9B:9C:BA:A8:AA
ValidityTue, 16 Jul 2024 13:05:32 GMT - Mon, 14 Oct 2024 13:05:31 GMT

File type
PNG image data, 700 x 394, 8-bit/color RGBA, non-interlaced
Size
349 kB (348579 bytes)
Hash
bb18c22710815160bbe8bf2081ac03ae
993da6a0de66c98cb940c5d3e80e1e4044ce0f0a
5786d96c677f6fb1b8cafdee1f6d41414532d5849b855e1901066b7bc6335d25

HTTP Headers

GET /20240729/lcYIfGl1/1.jpg HTTP/1.1
Host: ljcdn.kd-pic6669.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://njwcjyshepnz.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 29 Jul 2024 05:55:10 GMT
content-type: image/jpeg
content-length: 348579
last-modified: Mon, 29 Jul 2024 02:22:55 GMT
etag: "66a6fcff-551a3"
expires: Wed, 28 Aug 2024 05:55:10 GMT
cache-control: max-age=2592000
access-control-allow-credentials: : true
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BGqG1DcbgEMFuV0TsT%2FPym6IsBC8oBseaY6Bm1BgeODfOUOlQwH0msRn%2FSmAwVzlP4CITvdKVTZOZo1NRvoyGOcJ2uSI4iGnrZJFvJUSdv3FS49ZnK2WC3EcE1O2ftjU2DQlNFY4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8aaadbc318890afe-OSL
X-Firefox-Spdy: h2

drda.xyz/forward/gg/mlty.gif

188.114.97.1

200 OK

83 kB

URL GET HTTP/2
drda.xyz/forward/gg/mlty.gif
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://njwcjyshepnz.buzz/
Certificate
IssuerGoogle Trust Services LLC
Subjectdrda.xyz
Fingerprint1A:F6:8A:A0:2F:1D:52:A0:46:E5:E9:81:68:34:3A:FD:46:1E:11:BC
ValidityTue, 04 Jun 2024 17:19:37 GMT - Mon, 02 Sep 2024 17:19:36 GMT

File type
GIF image data, version 89a, 960 x 80
Size
83 kB (82978 bytes)
Hash
b720a7bf9609445ceb76b4feaa651651
b820ec400b878eb32470ad385e1a99cc5f7a4cf1
aab24f9b329fd736b2086812f42f7bc15cc33855c4650be21ec171361da89616

HTTP Headers

GET /forward/gg/mlty.gif HTTP/1.1
Host: drda.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://njwcjyshepnz.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 29 Jul 2024 05:55:11 GMT
content-type: image/gif
content-length: 82978
last-modified: Thu, 20 Jun 2024 12:22:26 GMT
etag: "66741f02-14422"
expires: Sun, 04 Aug 2024 09:26:50 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
access-control-allow-methods: *
access-control-allow-headers: *
cf-cache-status: HIT
age: 2060901
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IFrAnfIPQdtVK%2FmQGfwKUW%2B4CNMEBbLpdKZnDKRu0VqkOeNTwo%2F28xZXwlehI8wrU9ANyKbP4dayGRfdRm6%2B28v7i6XZj0Ujuq92ZNWIbOF1xz6kEtvEx9BXKg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8aaadbc9c80db51e-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ljcdn.kd-pic6669.com/20240729/cnsiBMLj/1.jpg

104.26.10.242

200 OK

764 kB

URL GET HTTP/2
ljcdn.kd-pic6669.com/20240729/cnsiBMLj/1.jpg
IP
104.26.10.242:443
ASN
#13335 CLOUDFLARENET

Requested by
https://njwcjyshepnz.buzz/
Certificate
IssuerGoogle Trust Services
Subjectkd-pic6669.com
FingerprintA4:23:1B:6B:5B:55:D5:42:81:F2:C3:6D:0A:C1:1F:9B:9C:BA:A8:AA
ValidityTue, 16 Jul 2024 13:05:32 GMT - Mon, 14 Oct 2024 13:05:31 GMT

File type
PNG image data, 857 x 530, 8-bit/color RGBA, non-interlaced
Size
764 kB (763850 bytes)
Hash
d9fdf7d6665986147a387ec0c47031b7
ffea1aca35e835e5b8f4a31e143003728c481b4c
8f0c581cfea668e4058b2536ee8430f8bb89607cc4a71ab5f8d693dea6d60142

HTTP Headers

GET /20240729/cnsiBMLj/1.jpg HTTP/1.1
Host: ljcdn.kd-pic6669.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://njwcjyshepnz.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 29 Jul 2024 05:55:10 GMT
content-type: image/jpeg
content-length: 763850
last-modified: Mon, 29 Jul 2024 02:11:19 GMT
etag: "66a6fa47-ba7ca"
expires: Wed, 28 Aug 2024 05:55:10 GMT
cache-control: max-age=2592000
access-control-allow-credentials: : true
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T7cFU5X34hZrWYN24Eu3idyCcQenjHaFfl9tw91BeVg7eZHKf7hls46cbcDyTB8exZZI9urLLa%2BRZ7qkTy0SIMr2%2F850i%2BfGlp5wmeR2SYINvylwK0Ve5QtWM6UeX%2FYoeXg7zo7t"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8aaadbc268250afe-OSL
X-Firefox-Spdy: h2

ljcdn.kd-pic6669.com/20240729/OcCiPG6E/1.jpg

104.26.10.242

200 OK

541 kB

URL GET HTTP/2
ljcdn.kd-pic6669.com/20240729/OcCiPG6E/1.jpg
IP
104.26.10.242:443
ASN
#13335 CLOUDFLARENET

Requested by
https://njwcjyshepnz.buzz/
Certificate
IssuerGoogle Trust Services
Subjectkd-pic6669.com
FingerprintA4:23:1B:6B:5B:55:D5:42:81:F2:C3:6D:0A:C1:1F:9B:9C:BA:A8:AA
ValidityTue, 16 Jul 2024 13:05:32 GMT - Mon, 14 Oct 2024 13:05:31 GMT

File type
PNG image data, 1015 x 426, 8-bit/color RGBA, non-interlaced
Size
541 kB (540672 bytes)
Hash
4eea844122f571733258058fff668edc
fa8a085ebb70fbde12f1e2b2fe9f6317c40207aa
36e71d94e6b6ea203ac55ab9ae281c5c2c103d63ff1f32a8f852bded076e2fa1

HTTP Headers

GET /20240729/OcCiPG6E/1.jpg HTTP/1.1
Host: ljcdn.kd-pic6669.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://njwcjyshepnz.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 29 Jul 2024 05:55:10 GMT
content-type: image/jpeg
content-length: 540672
last-modified: Mon, 29 Jul 2024 02:29:59 GMT
etag: "66a6fea7-84000"
expires: Wed, 28 Aug 2024 05:55:10 GMT
cache-control: max-age=2592000
access-control-allow-credentials: : true
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2iFHUE0TsGQ2dE00qnAMLV2Eb01nfX7l9e1kPnw4XcG8RLQLL%2B5DFKoPZf4GY0K4ITZsLkuGPa7udcNXyqplZQLhkXf%2Fq5rl5wCDkaGXtxmHdbWA0fQllKZWz6asiABz%2Fs%2FSpEeF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8aaadbc318880afe-OSL
X-Firefox-Spdy: h2

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
d39b7723adb5649a130a55d0d719c6a6
8629821697f9e63759849b44a51325cb5589f64b
ea002a13e065b69812b16714f005777d8d6c6062ee55b2690e7fed5ba238b2d7

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "EA002A13E065B69812B16714F005777D8D6C6062EE55B2690E7FED5BA238B2D7"
Last-Modified: Sat, 27 Jul 2024 07:20:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11287
Expires: Mon, 29 Jul 2024 09:03:18 GMT
Date: Mon, 29 Jul 2024 05:55:11 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
d39b7723adb5649a130a55d0d719c6a6
8629821697f9e63759849b44a51325cb5589f64b
ea002a13e065b69812b16714f005777d8d6c6062ee55b2690e7fed5ba238b2d7

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "EA002A13E065B69812B16714F005777D8D6C6062EE55B2690E7FED5BA238B2D7"
Last-Modified: Sat, 27 Jul 2024 07:20:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11287
Expires: Mon, 29 Jul 2024 09:03:18 GMT
Date: Mon, 29 Jul 2024 05:55:11 GMT
Connection: keep-alive

img.lytuchuang88.com/upload/vod/20240728-1/ed07f9887c420e4057591768c40cab2a.jpg

23.226.71.86

200 OK

7.1 kB

URL GET HTTP/1.1
img.lytuchuang88.com/upload/vod/20240728-1/ed07f9887c420e4057591768c40cab2a.jpg
IP
23.226.71.86:443
ASN
#53755 IOFLOOD

Requested by
https://njwcjyshepnz.buzz/
Certificate
IssuerLet's Encrypt
Subjectimg.lytuchuang88.com
Fingerprint4E:EE:1F:C7:69:51:0C:F7:73:D3:3E:33:1D:86:A8:7D:4C:D5:2F:45
ValidityMon, 17 Jun 2024 21:53:53 GMT - Sun, 15 Sep 2024 21:53:52 GMT

File type
JPEG image data, baseline, precision 8, 240x320, components 3
Size
7.1 kB (7069 bytes)
Hash
347b4ad8dea696498a0f6c826c057233
55db99b7a9474f61fc730d8af31e942b2acf7019
f2e000e3234b2852f66c7d3db5c7e5dd618a33f2cf8cccf542f99ddb1caf89ad

HTTP Headers

GET /upload/vod/20240728-1/ed07f9887c420e4057591768c40cab2a.jpg HTTP/1.1
Host: img.lytuchuang88.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://njwcjyshepnz.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Tengine
Date: Mon, 29 Jul 2024 05:55:11 GMT
Content-Type: image/jpeg
Content-Length: 7069
Last-Modified: Sun, 28 Jul 2024 07:01:32 GMT
Connection: keep-alive
ETag: "66a5eccc-1b9d"
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: POST, GET, OPTIONS
X-Cache: hit
Accept-Ranges: bytes

img.huangguaimg.com/upload/vod/20240729-1/bc9ca92caa7af4ca81361392d64c0ac0.jpg

208.64.218.23

200 OK

66 kB

URL GET HTTP/2
img.huangguaimg.com/upload/vod/20240729-1/bc9ca92caa7af4ca81361392d64c0ac0.jpg
IP
208.64.218.23:443
ASN
#6939 HURRICANE

Requested by
https://njwcjyshepnz.buzz/
Certificate
IssuerSectigo Limited
Subjectimg.huangguaimg.com
Fingerprint9A:E1:95:C1:1C:9A:F0:0B:71:7B:C2:99:77:9B:AF:CC:2C:63:A7:F3
ValidityMon, 17 Jun 2024 00:00:00 GMT - Tue, 17 Jun 2025 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 700x394, components 3
Size
66 kB (66180 bytes)
Hash
9e7a0cd69352c67b6a572343140cb41b
97474c0e20979d06c4b6642effe9ee6c0734c11d
e8ee169a22214a9cc2e71dd232c5d37149a1bcba1dcc8f7129e425bef9cda79c

HTTP Headers

GET /upload/vod/20240729-1/bc9ca92caa7af4ca81361392d64c0ac0.jpg HTTP/1.1
Host: img.huangguaimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://njwcjyshepnz.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 29 Jul 2024 05:55:11 GMT
content-type: image/jpeg
content-length: 66180
last-modified: Mon, 29 Jul 2024 02:35:40 GMT
etag: "66a6fffc-10284"
expires: Wed, 28 Aug 2024 02:37:32 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
cache-control: max-age=2592000, public, max-age=15768000
accept-ranges: bytes
X-Firefox-Spdy: h2

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
731770387662be146919535d0874d6c4
a9815bed9d562d793f77b09d7ae2c0ac7ca2bda6
6a1eaa40b11ab814e15c5db494de638f20bf2569e8a57ba3fb6232fa81722709

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "6A1EAA40B11AB814E15C5DB494DE638F20BF2569E8A57BA3FB6232FA81722709"
Last-Modified: Sat, 27 Jul 2024 07:06:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13816
Expires: Mon, 29 Jul 2024 09:45:27 GMT
Date: Mon, 29 Jul 2024 05:55:11 GMT
Connection: keep-alive

ko.abdf1.cn:7891/stats/8043/5942?ukey=1f01abe2300da1e4e8b6f2efccbba852&host=njwcjyshepnz.buzz

45.117.11.97

200 OK

0 B

URL POST HTTP/1.1
ko.abdf1.cn:7891/stats/8043/5942?ukey=1f01abe2300da1e4e8b6f2efccbba852&host=njwcjyshepnz.buzz
IP
45.117.11.97:7891
ASN
#137697 CHINATELECOM JiangSu YangZhou IDC networkdescr: YangZhouJiangsu Province, P.R.China.

Requested by
https://njwcjyshepnz.buzz/
Certificate
IssuerSectigo Limited
Subjectko.abdf1.cn
Fingerprint1E:1A:2D:77:7B:2C:65:A6:45:ED:54:1E:B2:F0:9B:65:C6:92:93:C5
ValidityTue, 09 Jul 2024 00:00:00 GMT - Sat, 09 Aug 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /stats/8043/5942?ukey=1f01abe2300da1e4e8b6f2efccbba852&host=njwcjyshepnz.buzz HTTP/1.1
Host: ko.abdf1.cn:7891
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://njwcjyshepnz.buzz
DNT: 1
Connection: keep-alive
Referer: https://njwcjyshepnz.buzz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 29 Jul 2024 05:55:10 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=0, no-cache
Pragma: no-cache
Set-Cookie: ukey=1f01abe2300da1e4e8b6f2efccbba852; Path=/; Domain=ko.abdf1.cn; Max-Age=5184000; HttpOnly; Secure; SameSite=None

ko.abdf1.cn:7891/stats/8043/5944?ukey=1f01abe2300da1e4e8b6f2efccbba852&host=njwcjyshepnz.buzz

45.117.11.97

200 OK

0 B

URL POST HTTP/1.1
ko.abdf1.cn:7891/stats/8043/5944?ukey=1f01abe2300da1e4e8b6f2efccbba852&host=njwcjyshepnz.buzz
IP
45.117.11.97:7891
ASN
#137697 CHINATELECOM JiangSu YangZhou IDC networkdescr: YangZhouJiangsu Province, P.R.China.

Requested by
https://njwcjyshepnz.buzz/
Certificate
IssuerSectigo Limited
Subjectko.abdf1.cn
Fingerprint1E:1A:2D:77:7B:2C:65:A6:45:ED:54:1E:B2:F0:9B:65:C6:92:93:C5
ValidityTue, 09 Jul 2024 00:00:00 GMT - Sat, 09 Aug 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /stats/8043/5944?ukey=1f01abe2300da1e4e8b6f2efccbba852&host=njwcjyshepnz.buzz HTTP/1.1
Host: ko.abdf1.cn:7891
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://njwcjyshepnz.buzz
DNT: 1
Connection: keep-alive
Referer: https://njwcjyshepnz.buzz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 29 Jul 2024 05:55:11 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=0, no-cache
Pragma: no-cache
Set-Cookie: ukey=1f01abe2300da1e4e8b6f2efccbba852; Path=/; Domain=ko.abdf1.cn; Max-Age=5184000; HttpOnly; Secure; SameSite=None

oiu.xuys1.cn:8891/vj3/5942

45.117.11.97

200 OK

5.5 kB

URL GET HTTP/1.1
oiu.xuys1.cn:8891/vj3/5942
IP
45.117.11.97:8891
ASN
#137697 CHINATELECOM JiangSu YangZhou IDC networkdescr: YangZhouJiangsu Province, P.R.China.

Requested by
https://njwcjyshepnz.buzz/
Certificate
IssuerSectigo Limited
Subjectoiu.xuys1.cn
Fingerprint2D:FC:D3:D6:9D:97:55:93:30:99:74:17:A8:A3:85:49:06:67:1A:FC
ValidityWed, 17 Jul 2024 00:00:00 GMT - Sun, 17 Aug 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (768)
Size
5.5 kB (5524 bytes)
Hash
fe8cff7cc188d08097f543aee7f63b65
d9d8743d3a20e943886257cf5486ae4e6a812028
d9ef0060f29063f4546cf623735ea63184c27fa56921e2f6304d61e80945c0bd

HTTP Headers

GET /vj3/5942 HTTP/1.1
Host: oiu.xuys1.cn:8891
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://njwcjyshepnz.buzz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 29 Jul 2024 05:55:11 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Alt-Svc: h3=":8891"; ma=2592000, h3-29=":8891"; ma=2592000, h3-27=":8891"; ma=2592000, h3-Q050=":8891"; ma=2592000, h3-Q046=":8891"; ma=2592000, h3-Q043=":8891"; ma=2592000, h3-Q039=":8891"; ma=2592000, quic=":8891"; ma=2592000; v="39,43,46"
Vary: Accept-Encoding, Accept-Encoding
Cache-Control: no-cache
Pragma: no-cache
Expires: 0
Content-Encoding: gzip

img.lytuchuang88.com/upload/vod/20240728-1/f49f9ede0f9738d964956364c56d7f31.jpg

23.226.71.86

200 OK

144 kB

URL GET HTTP/1.1
img.lytuchuang88.com/upload/vod/20240728-1/f49f9ede0f9738d964956364c56d7f31.jpg
IP
23.226.71.86:443
ASN
#53755 IOFLOOD

Requested by
https://njwcjyshepnz.buzz/
Certificate
IssuerLet's Encrypt
Subjectimg.lytuchuang88.com
Fingerprint4E:EE:1F:C7:69:51:0C:F7:73:D3:3E:33:1D:86:A8:7D:4C:D5:2F:45
ValidityMon, 17 Jun 2024 21:53:53 GMT - Sun, 15 Sep 2024 21:53:52 GMT

File type
JPEG image data, baseline, precision 8, 800x538, components 3
Size
144 kB (144040 bytes)
Hash
e9a2423b7c8bed666bff46999e6a1a8a
866a309dc0314da7220f26566e8388352f946dfd
470ed7e149df224c5a01b35f965274affb537e51a55e35f77959dd00bb55e2bc

HTTP Headers

GET /upload/vod/20240728-1/f49f9ede0f9738d964956364c56d7f31.jpg HTTP/1.1
Host: img.lytuchuang88.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://njwcjyshepnz.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Tengine
Date: Mon, 29 Jul 2024 05:55:11 GMT
Content-Type: image/jpeg
Content-Length: 144040
Last-Modified: Sun, 28 Jul 2024 07:09:54 GMT
Connection: keep-alive
ETag: "66a5eec2-232a8"
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: POST, GET, OPTIONS
X-Cache: hit
Accept-Ranges: bytes

oiu.xuys1.cn:8891/vj3/5944

45.117.11.97

200 OK

5.6 kB

URL GET HTTP/1.1
oiu.xuys1.cn:8891/vj3/5944
IP
45.117.11.97:8891
ASN
#137697 CHINATELECOM JiangSu YangZhou IDC networkdescr: YangZhouJiangsu Province, P.R.China.

Requested by
https://njwcjyshepnz.buzz/
Certificate
IssuerSectigo Limited
Subjectoiu.xuys1.cn
Fingerprint2D:FC:D3:D6:9D:97:55:93:30:99:74:17:A8:A3:85:49:06:67:1A:FC
ValidityWed, 17 Jul 2024 00:00:00 GMT - Sun, 17 Aug 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (817)
Size
5.6 kB (5571 bytes)
Hash
c800d89cc66fec4f4f128917f661d81b
81aa193a12531ffdd3bbe5ebe6c3f02945ef5982
311debc80c6c24de33da262d929c762a12e0f4ea55d0dcafaec8e66f001abce0

HTTP Headers

GET /vj3/5944 HTTP/1.1
Host: oiu.xuys1.cn:8891
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://njwcjyshepnz.buzz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 29 Jul 2024 05:55:11 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Alt-Svc: h3=":8891"; ma=2592000, h3-29=":8891"; ma=2592000, h3-27=":8891"; ma=2592000, h3-Q050=":8891"; ma=2592000, h3-Q046=":8891"; ma=2592000, h3-Q043=":8891"; ma=2592000, h3-Q039=":8891"; ma=2592000, quic=":8891"; ma=2592000; v="39,43,46"
Vary: Accept-Encoding, Accept-Encoding
Cache-Control: no-cache
Pragma: no-cache
Expires: 0
Content-Encoding: gzip

555bbb666www.com/e0a0b73242f44dbf80d69876cd199de9.gif

104.160.179.250

200 OK

276 kB

URL GET HTTP/2
555bbb666www.com/e0a0b73242f44dbf80d69876cd199de9.gif
IP
104.160.179.250:443
ASN
#46844 SHARKTECH

Requested by
https://njwcjyshepnz.buzz/
Certificate
IssuerLet's Encrypt
Subject555bbb666www.com
Fingerprint5A:7E:0A:36:A6:75:5C:40:91:35:43:22:22:61:45:BD:DE:DB:B3:D2
ValiditySat, 22 Jun 2024 01:48:00 GMT - Fri, 20 Sep 2024 01:47:59 GMT

File type
GIF image data, version 89a, 960 x 120
Size
276 kB (275557 bytes)
Hash
11860f404faba7f60bb234c85667399a
4fe02c13af45dd4cabbb1a382ad822b0552cbf02
da719a94a6242190011b6b84f65cb5ddd9a7c378a3769a0fa1579816f806656d

HTTP Headers

GET /e0a0b73242f44dbf80d69876cd199de9.gif HTTP/1.1
Host: 555bbb666www.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://njwcjyshepnz.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 29 Jul 2024 05:55:11 GMT
content-type: image/gif
content-length: 275557
last-modified: Tue, 30 Apr 2024 08:55:04 GMT
etag: "6630b1e8-43465"
platform: polestarcloud.com
cl-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ranges: bytes
X-Firefox-Spdy: h2

njwcjyshepnz.buzz/ping?p=0.9824930846314707

172.67.207.189

200 OK

0 B

URL GET HTTP/3
njwcjyshepnz.buzz/ping?p=0.9824930846314707
IP
172.67.207.189:443
ASN
#13335 CLOUDFLARENET

Requested by
https://njwcjyshepnz.buzz/
Certificate
IssuerGoogle Trust Services
Subjectnjwcjyshepnz.buzz
Fingerprint87:1C:26:84:F7:2D:2A:08:B7:D3:E8:44:72:1E:13:C1:8C:83:FD:E6
ValidityMon, 08 Jul 2024 01:11:27 GMT - Sun, 06 Oct 2024 01:11:26 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ping?p=0.9824930846314707 HTTP/1.1
Host: njwcjyshepnz.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://njwcjyshepnz.buzz/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 29 Jul 2024 05:55:13 GMT
content-type: text/plain;charset=UTF-8
content-length: 0
accept-charset: big5, big5-hkscs, cesu-8, euc-jp, euc-kr, gb18030, gb2312, gbk, ibm-thai, ibm00858, ibm01140, ibm01141, ibm01142, ibm01143, ibm01144, ibm01145, ibm01146, ibm01147, ibm01148, ibm01149, ibm037, ibm1026, ibm1047, ibm273, ibm277, ibm278, ibm280, ibm284, ibm285, ibm290, ibm297, ibm420, ibm424, ibm437, ibm500, ibm775, ibm850, ibm852, ibm855, ibm857, ibm860, ibm861, ibm862, ibm863, ibm864, ibm865, ibm866, ibm868, ibm869, ibm870, ibm871, ibm918, iso-2022-cn, iso-2022-jp, iso-2022-jp-2, iso-2022-kr, iso-8859-1, iso-8859-13, iso-8859-15, iso-8859-2, iso-8859-3, iso-8859-4, iso-8859-5, iso-8859-6, iso-8859-7, iso-8859-8, iso-8859-9, jis_x0201, jis_x0212-1990, koi8-r, koi8-u, shift_jis, tis-620, us-ascii, utf-16, utf-16be, utf-16le, utf-32, utf-32be, utf-32le, utf-8, windows-1250, windows-1251, windows-1252, windows-1253, windows-1254, windows-1255, windows-1256, windows-1257, windows-1258, windows-31j, x-big5-hkscs-2001, x-big5-solaris, x-compound_text, x-euc-jp-linux, x-euc-tw, x-eucjp-open, x-ibm1006, x-ibm1025, x-ibm1046, x-ibm1097, x-ibm1098, x-ibm1112, x-ibm1122, x-ibm1123, x-ibm1124, x-ibm1166, x-ibm1364, x-ibm1381, x-ibm1383, x-ibm300, x-ibm33722, x-ibm737, x-ibm833, x-ibm834, x-ibm856, x-ibm874, x-ibm875, x-ibm921, x-ibm922, x-ibm930, x-ibm933, x-ibm935, x-ibm937, x-ibm939, x-ibm942, x-ibm942c, x-ibm943, x-ibm943c, x-ibm948, x-ibm949, x-ibm949c, x-ibm950, x-ibm964, x-ibm970, x-iscii91, x-iso-2022-cn-cns, x-iso-2022-cn-gb, x-iso-8859-11, x-jis0208, x-jisautodetect, x-johab, x-macarabic, x-maccentraleurope, x-maccroatian, x-maccyrillic, x-macdingbat, x-macgreek, x-machebrew, x-maciceland, x-macroman, x-macromania, x-macsymbol, x-macthai, x-macturkish, x-macukraine, x-ms932_0213, x-ms950-hkscs, x-ms950-hkscs-xp, x-mswin-936, x-pck, x-sjis_0213, x-utf-16le-bom, x-utf-32be-bom, x-utf-32le-bom, x-windows-50220, x-windows-50221, x-windows-874, x-windows-949, x-windows-950, x-windows-iso2022jp
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oga7DfaGGyVZQd7im2xdtXw2czr9GgvD%2FBelvasj0D98HNLqzTgruRPoRdiVAGQsIxHfhvw5s%2BUmclh%2FqW%2FU6NEfOIlo2NsZVJ3337rQRZ82fXdIL5lB1Apl0glysogr5XXJoA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8aaadbd37e831bfe-OSL
alt-svc: h3=":443"; ma=86400

ujy.lixuanlei15.cn:26579/mnrt/nowx4.json

112.5.37.7

200 OK

3.4 kB

URL GET HTTP/1.1
ujy.lixuanlei15.cn:26579/mnrt/nowx4.json
IP
112.5.37.7:26579
ASN
#9808 China Mobile Communications Group Co., Ltd.

Requested by
https://njwcjyshepnz.buzz/
Certificate
IssuerSectigo Limited
Subjectujy.lixuanlei15.cn
Fingerprint9B:B7:E6:A2:D7:08:7A:C2:25:D7:C8:D5:BE:3B:52:53:7C:4F:54:42
ValidityTue, 09 Jul 2024 00:00:00 GMT - Sat, 09 Aug 2025 23:59:59 GMT

File type
ASCII text
Size
3.4 kB (3358 bytes)
Hash
ce174bc2f2659d1c7bd771ba419abb58
9a6da8d4aaf3cfe52a9b3741ff93cc316d39a3ce
a4dfd5204c687ab46ad8a7b86bc8b6c65d385b75a077f9438f846fc5b02a831b

HTTP Headers

GET /mnrt/nowx4.json HTTP/1.1
Host: ujy.lixuanlei15.cn:26579
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://njwcjyshepnz.buzz
DNT: 1
Connection: keep-alive
Referer: https://njwcjyshepnz.buzz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 29 Jul 2024 05:55:13 GMT
Content-Type: application/json
Content-Length: 3358
Last-Modified: Thu, 04 Jan 2024 09:36:07 GMT
Connection: keep-alive
ETag: "65967c07-d1e"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST,PUT,GET,DELETE
Access-Control-Allow-Headers: version, access-token, user-token, Accept, apiAuth, User-Agent, Keep-Alive, Origin, No-Cache, X-Requested-With, If-Modified-Since, Pragma, Last-Modified, Cache-Control, Expires, Content-Type, X-E4M-With
Strict-Transport-Security: max-age=31536000
Accept-Ranges: bytes

ujy.lixuanlei15.cn:26579/mnrt/nowx4.json

112.5.37.7

200 OK

3.4 kB

URL GET HTTP/1.1
ujy.lixuanlei15.cn:26579/mnrt/nowx4.json
IP
112.5.37.7:26579
ASN
#9808 China Mobile Communications Group Co., Ltd.

Requested by
https://njwcjyshepnz.buzz/
Certificate
IssuerSectigo Limited
Subjectujy.lixuanlei15.cn
Fingerprint9B:B7:E6:A2:D7:08:7A:C2:25:D7:C8:D5:BE:3B:52:53:7C:4F:54:42
ValidityTue, 09 Jul 2024 00:00:00 GMT - Sat, 09 Aug 2025 23:59:59 GMT

File type
ASCII text
Size
3.4 kB (3358 bytes)
Hash
ce174bc2f2659d1c7bd771ba419abb58
9a6da8d4aaf3cfe52a9b3741ff93cc316d39a3ce
a4dfd5204c687ab46ad8a7b86bc8b6c65d385b75a077f9438f846fc5b02a831b

HTTP Headers

GET /mnrt/nowx4.json HTTP/1.1
Host: ujy.lixuanlei15.cn:26579
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://njwcjyshepnz.buzz
DNT: 1
Connection: keep-alive
Referer: https://njwcjyshepnz.buzz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 29 Jul 2024 05:55:14 GMT
Content-Type: application/json
Content-Length: 3358
Last-Modified: Thu, 04 Jan 2024 09:36:07 GMT
Connection: keep-alive
ETag: "65967c07-d1e"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST,PUT,GET,DELETE
Access-Control-Allow-Headers: version, access-token, user-token, Accept, apiAuth, User-Agent, Keep-Alive, Origin, No-Cache, X-Requested-With, If-Modified-Since, Pragma, Last-Modified, Cache-Control, Expires, Content-Type, X-E4M-With
Strict-Transport-Security: max-age=31536000
Accept-Ranges: bytes

ujy.lixuanlei15.cn:26579/maiyao416/4.json

112.5.37.7

200 OK

130 kB

URL GET HTTP/1.1
ujy.lixuanlei15.cn:26579/maiyao416/4.json
IP
112.5.37.7:26579
ASN
#9808 China Mobile Communications Group Co., Ltd.

Requested by
https://njwcjyshepnz.buzz/
Certificate
IssuerSectigo Limited
Subjectujy.lixuanlei15.cn
Fingerprint9B:B7:E6:A2:D7:08:7A:C2:25:D7:C8:D5:BE:3B:52:53:7C:4F:54:42
ValidityTue, 09 Jul 2024 00:00:00 GMT - Sat, 09 Aug 2025 23:59:59 GMT

File type
ASCII text
Size
130 kB (130468 bytes)
Hash
7439e6cb03123d4875c70d016410c746
d1810b394714c9738b616805cdc57c6d1b8dbe4e
173c437ef5c9460f3e77a681c9ef5437f92e4eb5cbe0da406e30e8c7614ae2d5

HTTP Headers

GET /maiyao416/4.json HTTP/1.1
Host: ujy.lixuanlei15.cn:26579
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://njwcjyshepnz.buzz
DNT: 1
Connection: keep-alive
Referer: https://njwcjyshepnz.buzz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 29 Jul 2024 05:55:13 GMT
Content-Type: application/json
Content-Length: 130468
Last-Modified: Mon, 15 Apr 2024 16:06:21 GMT
Connection: keep-alive
ETag: "661d507d-1fda4"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST,PUT,GET,DELETE
Access-Control-Allow-Headers: version, access-token, user-token, Accept, apiAuth, User-Agent, Keep-Alive, Origin, No-Cache, X-Requested-With, If-Modified-Since, Pragma, Last-Modified, Cache-Control, Expires, Content-Type, X-E4M-With
Strict-Transport-Security: max-age=31536000
Accept-Ranges: bytes

ujy.lixuanlei15.cn:26579/shipin412/4.json

112.5.37.7

200 OK

329 kB

URL GET HTTP/1.1
ujy.lixuanlei15.cn:26579/shipin412/4.json
IP
112.5.37.7:26579
ASN
#9808 China Mobile Communications Group Co., Ltd.

Requested by
https://njwcjyshepnz.buzz/
Certificate
IssuerSectigo Limited
Subjectujy.lixuanlei15.cn
Fingerprint9B:B7:E6:A2:D7:08:7A:C2:25:D7:C8:D5:BE:3B:52:53:7C:4F:54:42
ValidityTue, 09 Jul 2024 00:00:00 GMT - Sat, 09 Aug 2025 23:59:59 GMT

File type
ASCII text
Size
329 kB (329197 bytes)
Hash
bba9c79294a5dc7c4d1970bccd5604d4
0f1775fa1b7a7e98cab3c607036f893a5ec1d70c
b83b496660aec9455c7410fa485a3a7a65105bf033485f1408b85ec1e2d4f889

HTTP Headers

GET /shipin412/4.json HTTP/1.1
Host: ujy.lixuanlei15.cn:26579
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://njwcjyshepnz.buzz
DNT: 1
Connection: keep-alive
Referer: https://njwcjyshepnz.buzz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 29 Jul 2024 05:55:13 GMT
Content-Type: application/json
Content-Length: 329197
Last-Modified: Fri, 12 Apr 2024 05:05:32 GMT
Connection: keep-alive
ETag: "6618c11c-505ed"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST,PUT,GET,DELETE
Access-Control-Allow-Headers: version, access-token, user-token, Accept, apiAuth, User-Agent, Keep-Alive, Origin, No-Cache, X-Requested-With, If-Modified-Since, Pragma, Last-Modified, Cache-Control, Expires, Content-Type, X-E4M-With
Strict-Transport-Security: max-age=31536000
Accept-Ranges: bytes

njwcjyshepnz.buzz/ping?p=0.7880976122597668

172.67.207.189

200 OK

0 B

URL GET HTTP/3
njwcjyshepnz.buzz/ping?p=0.7880976122597668
IP
172.67.207.189:443
ASN
#13335 CLOUDFLARENET

Requested by
https://njwcjyshepnz.buzz/
Certificate
IssuerGoogle Trust Services
Subjectnjwcjyshepnz.buzz
Fingerprint87:1C:26:84:F7:2D:2A:08:B7:D3:E8:44:72:1E:13:C1:8C:83:FD:E6
ValidityMon, 08 Jul 2024 01:11:27 GMT - Sun, 06 Oct 2024 01:11:26 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ping?p=0.7880976122597668 HTTP/1.1
Host: njwcjyshepnz.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://njwcjyshepnz.buzz/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 29 Jul 2024 05:55:15 GMT
content-type: text/plain;charset=UTF-8
content-length: 0
accept-charset: big5, big5-hkscs, cesu-8, euc-jp, euc-kr, gb18030, gb2312, gbk, ibm-thai, ibm00858, ibm01140, ibm01141, ibm01142, ibm01143, ibm01144, ibm01145, ibm01146, ibm01147, ibm01148, ibm01149, ibm037, ibm1026, ibm1047, ibm273, ibm277, ibm278, ibm280, ibm284, ibm285, ibm290, ibm297, ibm420, ibm424, ibm437, ibm500, ibm775, ibm850, ibm852, ibm855, ibm857, ibm860, ibm861, ibm862, ibm863, ibm864, ibm865, ibm866, ibm868, ibm869, ibm870, ibm871, ibm918, iso-2022-cn, iso-2022-jp, iso-2022-jp-2, iso-2022-kr, iso-8859-1, iso-8859-13, iso-8859-15, iso-8859-2, iso-8859-3, iso-8859-4, iso-8859-5, iso-8859-6, iso-8859-7, iso-8859-8, iso-8859-9, jis_x0201, jis_x0212-1990, koi8-r, koi8-u, shift_jis, tis-620, us-ascii, utf-16, utf-16be, utf-16le, utf-32, utf-32be, utf-32le, utf-8, windows-1250, windows-1251, windows-1252, windows-1253, windows-1254, windows-1255, windows-1256, windows-1257, windows-1258, windows-31j, x-big5-hkscs-2001, x-big5-solaris, x-compound_text, x-euc-jp-linux, x-euc-tw, x-eucjp-open, x-ibm1006, x-ibm1025, x-ibm1046, x-ibm1097, x-ibm1098, x-ibm1112, x-ibm1122, x-ibm1123, x-ibm1124, x-ibm1166, x-ibm1364, x-ibm1381, x-ibm1383, x-ibm300, x-ibm33722, x-ibm737, x-ibm833, x-ibm834, x-ibm856, x-ibm874, x-ibm875, x-ibm921, x-ibm922, x-ibm930, x-ibm933, x-ibm935, x-ibm937, x-ibm939, x-ibm942, x-ibm942c, x-ibm943, x-ibm943c, x-ibm948, x-ibm949, x-ibm949c, x-ibm950, x-ibm964, x-ibm970, x-iscii91, x-iso-2022-cn-cns, x-iso-2022-cn-gb, x-iso-8859-11, x-jis0208, x-jisautodetect, x-johab, x-macarabic, x-maccentraleurope, x-maccroatian, x-maccyrillic, x-macdingbat, x-macgreek, x-machebrew, x-maciceland, x-macroman, x-macromania, x-macsymbol, x-macthai, x-macturkish, x-macukraine, x-ms932_0213, x-ms950-hkscs, x-ms950-hkscs-xp, x-mswin-936, x-pck, x-sjis_0213, x-utf-16le-bom, x-utf-32be-bom, x-utf-32le-bom, x-windows-50220, x-windows-50221, x-windows-874, x-windows-949, x-windows-950, x-windows-iso2022jp
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dcWX1wxed%2FJOqZN%2F1c7xq2Nqutn7F2rrq2GjMI%2FhCM9aU4GJPbmyOgAPN6d9OggpwlPAJM8vNKflFIQZtnuAoCqPrW7JewOQ%2FaZ0WR1SOoCUQmPSI8YDmqKqOlXNfDhnLcEh0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8aaadbe2dd891bfe-OSL
alt-svc: h3=":443"; ma=86400

njwcjyshepnz.buzz/static/template/011/favicon.ico

172.67.207.189

404 Not Found

6.2 kB

URL GET HTTP/3
njwcjyshepnz.buzz/static/template/011/favicon.ico
IP
172.67.207.189:443
ASN
#13335 CLOUDFLARENET

Requested by
https://njwcjyshepnz.buzz/
Certificate
IssuerGoogle Trust Services
Subjectnjwcjyshepnz.buzz
Fingerprint87:1C:26:84:F7:2D:2A:08:B7:D3:E8:44:72:1E:13:C1:8C:83:FD:E6
ValidityMon, 08 Jul 2024 01:11:27 GMT - Sun, 06 Oct 2024 01:11:26 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
6.2 kB (6212 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/template/011/favicon.ico HTTP/1.1
Host: njwcjyshepnz.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://njwcjyshepnz.buzz/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 404 Not Found
date: Mon, 29 Jul 2024 05:55:12 GMT
content-type: text/html
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gezrAEuvO1eFBqWsNLx992TZlL7b8wB2SHjDbQHBge0qflHI8LgaXB1jmbwvJTb71D%2FzBV2S8xWu2TG%2Bx1g%2FfhuZx%2B%2BRkbGrRt7oXRkTaRzXKHpQ76FhoxAhkP6Q%2B9V2MWgFSA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8aaadbcffc771bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

njwcjyshepnz.buzz/ping?p=0.45405131711905633

172.67.207.189

200 OK

0 B

URL GET HTTP/3
njwcjyshepnz.buzz/ping?p=0.45405131711905633
IP
172.67.207.189:443
ASN
#13335 CLOUDFLARENET

Requested by
https://njwcjyshepnz.buzz/
Certificate
IssuerGoogle Trust Services
Subjectnjwcjyshepnz.buzz
Fingerprint87:1C:26:84:F7:2D:2A:08:B7:D3:E8:44:72:1E:13:C1:8C:83:FD:E6
ValidityMon, 08 Jul 2024 01:11:27 GMT - Sun, 06 Oct 2024 01:11:26 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ping?p=0.45405131711905633 HTTP/1.1
Host: njwcjyshepnz.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://njwcjyshepnz.buzz/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 29 Jul 2024 05:55:18 GMT
content-type: text/plain;charset=UTF-8
content-length: 0
accept-charset: big5, big5-hkscs, cesu-8, euc-jp, euc-kr, gb18030, gb2312, gbk, ibm-thai, ibm00858, ibm01140, ibm01141, ibm01142, ibm01143, ibm01144, ibm01145, ibm01146, ibm01147, ibm01148, ibm01149, ibm037, ibm1026, ibm1047, ibm273, ibm277, ibm278, ibm280, ibm284, ibm285, ibm290, ibm297, ibm420, ibm424, ibm437, ibm500, ibm775, ibm850, ibm852, ibm855, ibm857, ibm860, ibm861, ibm862, ibm863, ibm864, ibm865, ibm866, ibm868, ibm869, ibm870, ibm871, ibm918, iso-2022-cn, iso-2022-jp, iso-2022-jp-2, iso-2022-kr, iso-8859-1, iso-8859-13, iso-8859-15, iso-8859-2, iso-8859-3, iso-8859-4, iso-8859-5, iso-8859-6, iso-8859-7, iso-8859-8, iso-8859-9, jis_x0201, jis_x0212-1990, koi8-r, koi8-u, shift_jis, tis-620, us-ascii, utf-16, utf-16be, utf-16le, utf-32, utf-32be, utf-32le, utf-8, windows-1250, windows-1251, windows-1252, windows-1253, windows-1254, windows-1255, windows-1256, windows-1257, windows-1258, windows-31j, x-big5-hkscs-2001, x-big5-solaris, x-compound_text, x-euc-jp-linux, x-euc-tw, x-eucjp-open, x-ibm1006, x-ibm1025, x-ibm1046, x-ibm1097, x-ibm1098, x-ibm1112, x-ibm1122, x-ibm1123, x-ibm1124, x-ibm1166, x-ibm1364, x-ibm1381, x-ibm1383, x-ibm300, x-ibm33722, x-ibm737, x-ibm833, x-ibm834, x-ibm856, x-ibm874, x-ibm875, x-ibm921, x-ibm922, x-ibm930, x-ibm933, x-ibm935, x-ibm937, x-ibm939, x-ibm942, x-ibm942c, x-ibm943, x-ibm943c, x-ibm948, x-ibm949, x-ibm949c, x-ibm950, x-ibm964, x-ibm970, x-iscii91, x-iso-2022-cn-cns, x-iso-2022-cn-gb, x-iso-8859-11, x-jis0208, x-jisautodetect, x-johab, x-macarabic, x-maccentraleurope, x-maccroatian, x-maccyrillic, x-macdingbat, x-macgreek, x-machebrew, x-maciceland, x-macroman, x-macromania, x-macsymbol, x-macthai, x-macturkish, x-macukraine, x-ms932_0213, x-ms950-hkscs, x-ms950-hkscs-xp, x-mswin-936, x-pck, x-sjis_0213, x-utf-16le-bom, x-utf-32be-bom, x-utf-32le-bom, x-windows-50220, x-windows-50221, x-windows-874, x-windows-949, x-windows-950, x-windows-iso2022jp
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l0StaYYtYe1yIeGN6gVIV0V5AGZwpxNM4MuHCCdJimw2jibHAJysTo2hJSMB6LDlA0%2F3k00GUgySsqu%2FI1lJHticm9tF7ITucKKci07bLL1RHFB8DOsKU3595t0FQWgLq2djZg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8aaadbf44e151bfe-OSL
alt-svc: h3=":443"; ma=86400

njwcjyshepnz.buzz/ping?p=0.16143675485902664

172.67.207.189

200 OK

0 B

URL GET HTTP/3
njwcjyshepnz.buzz/ping?p=0.16143675485902664
IP
172.67.207.189:443
ASN
#13335 CLOUDFLARENET

Requested by
https://njwcjyshepnz.buzz/
Certificate
IssuerGoogle Trust Services
Subjectnjwcjyshepnz.buzz
Fingerprint87:1C:26:84:F7:2D:2A:08:B7:D3:E8:44:72:1E:13:C1:8C:83:FD:E6
ValidityMon, 08 Jul 2024 01:11:27 GMT - Sun, 06 Oct 2024 01:11:26 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ping?p=0.16143675485902664 HTTP/1.1
Host: njwcjyshepnz.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://njwcjyshepnz.buzz/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 29 Jul 2024 05:55:20 GMT
content-type: text/plain;charset=UTF-8
content-length: 0
accept-charset: big5, big5-hkscs, cesu-8, euc-jp, euc-kr, gb18030, gb2312, gbk, ibm-thai, ibm00858, ibm01140, ibm01141, ibm01142, ibm01143, ibm01144, ibm01145, ibm01146, ibm01147, ibm01148, ibm01149, ibm037, ibm1026, ibm1047, ibm273, ibm277, ibm278, ibm280, ibm284, ibm285, ibm290, ibm297, ibm420, ibm424, ibm437, ibm500, ibm775, ibm850, ibm852, ibm855, ibm857, ibm860, ibm861, ibm862, ibm863, ibm864, ibm865, ibm866, ibm868, ibm869, ibm870, ibm871, ibm918, iso-2022-cn, iso-2022-jp, iso-2022-jp-2, iso-2022-kr, iso-8859-1, iso-8859-13, iso-8859-15, iso-8859-2, iso-8859-3, iso-8859-4, iso-8859-5, iso-8859-6, iso-8859-7, iso-8859-8, iso-8859-9, jis_x0201, jis_x0212-1990, koi8-r, koi8-u, shift_jis, tis-620, us-ascii, utf-16, utf-16be, utf-16le, utf-32, utf-32be, utf-32le, utf-8, windows-1250, windows-1251, windows-1252, windows-1253, windows-1254, windows-1255, windows-1256, windows-1257, windows-1258, windows-31j, x-big5-hkscs-2001, x-big5-solaris, x-compound_text, x-euc-jp-linux, x-euc-tw, x-eucjp-open, x-ibm1006, x-ibm1025, x-ibm1046, x-ibm1097, x-ibm1098, x-ibm1112, x-ibm1122, x-ibm1123, x-ibm1124, x-ibm1166, x-ibm1364, x-ibm1381, x-ibm1383, x-ibm300, x-ibm33722, x-ibm737, x-ibm833, x-ibm834, x-ibm856, x-ibm874, x-ibm875, x-ibm921, x-ibm922, x-ibm930, x-ibm933, x-ibm935, x-ibm937, x-ibm939, x-ibm942, x-ibm942c, x-ibm943, x-ibm943c, x-ibm948, x-ibm949, x-ibm949c, x-ibm950, x-ibm964, x-ibm970, x-iscii91, x-iso-2022-cn-cns, x-iso-2022-cn-gb, x-iso-8859-11, x-jis0208, x-jisautodetect, x-johab, x-macarabic, x-maccentraleurope, x-maccroatian, x-maccyrillic, x-macdingbat, x-macgreek, x-machebrew, x-maciceland, x-macroman, x-macromania, x-macsymbol, x-macthai, x-macturkish, x-macukraine, x-ms932_0213, x-ms950-hkscs, x-ms950-hkscs-xp, x-mswin-936, x-pck, x-sjis_0213, x-utf-16le-bom, x-utf-32be-bom, x-utf-32le-bom, x-windows-50220, x-windows-50221, x-windows-874, x-windows-949, x-windows-950, x-windows-iso2022jp
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fVUyrbctaqQsPRO324y3JUo6Zua99Mv14tmU7F9a8t7indqXWrQPLZX10JDV4ITmSxC3jcHNwn1dCdvJt4PwJkCeeY%2FOFu4QvbtCQtEifEMIPUqOyTdPIVDR7JJQfYtJppmqjQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8aaadc027d8a1bfe-OSL
alt-svc: h3=":443"; ma=86400

njwcjyshepnz.buzz/ping?p=0.4941511385038958

172.67.207.189

200 OK

0 B

URL GET HTTP/3
njwcjyshepnz.buzz/ping?p=0.4941511385038958
IP
172.67.207.189:443
ASN
#13335 CLOUDFLARENET

Requested by
https://njwcjyshepnz.buzz/
Certificate
IssuerGoogle Trust Services
Subjectnjwcjyshepnz.buzz
Fingerprint87:1C:26:84:F7:2D:2A:08:B7:D3:E8:44:72:1E:13:C1:8C:83:FD:E6
ValidityMon, 08 Jul 2024 01:11:27 GMT - Sun, 06 Oct 2024 01:11:26 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ping?p=0.4941511385038958 HTTP/1.1
Host: njwcjyshepnz.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://njwcjyshepnz.buzz/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 29 Jul 2024 05:55:24 GMT
content-type: text/plain;charset=UTF-8
content-length: 0
accept-charset: big5, big5-hkscs, cesu-8, euc-jp, euc-kr, gb18030, gb2312, gbk, ibm-thai, ibm00858, ibm01140, ibm01141, ibm01142, ibm01143, ibm01144, ibm01145, ibm01146, ibm01147, ibm01148, ibm01149, ibm037, ibm1026, ibm1047, ibm273, ibm277, ibm278, ibm280, ibm284, ibm285, ibm290, ibm297, ibm420, ibm424, ibm437, ibm500, ibm775, ibm850, ibm852, ibm855, ibm857, ibm860, ibm861, ibm862, ibm863, ibm864, ibm865, ibm866, ibm868, ibm869, ibm870, ibm871, ibm918, iso-2022-cn, iso-2022-jp, iso-2022-jp-2, iso-2022-kr, iso-8859-1, iso-8859-13, iso-8859-15, iso-8859-2, iso-8859-3, iso-8859-4, iso-8859-5, iso-8859-6, iso-8859-7, iso-8859-8, iso-8859-9, jis_x0201, jis_x0212-1990, koi8-r, koi8-u, shift_jis, tis-620, us-ascii, utf-16, utf-16be, utf-16le, utf-32, utf-32be, utf-32le, utf-8, windows-1250, windows-1251, windows-1252, windows-1253, windows-1254, windows-1255, windows-1256, windows-1257, windows-1258, windows-31j, x-big5-hkscs-2001, x-big5-solaris, x-compound_text, x-euc-jp-linux, x-euc-tw, x-eucjp-open, x-ibm1006, x-ibm1025, x-ibm1046, x-ibm1097, x-ibm1098, x-ibm1112, x-ibm1122, x-ibm1123, x-ibm1124, x-ibm1166, x-ibm1364, x-ibm1381, x-ibm1383, x-ibm300, x-ibm33722, x-ibm737, x-ibm833, x-ibm834, x-ibm856, x-ibm874, x-ibm875, x-ibm921, x-ibm922, x-ibm930, x-ibm933, x-ibm935, x-ibm937, x-ibm939, x-ibm942, x-ibm942c, x-ibm943, x-ibm943c, x-ibm948, x-ibm949, x-ibm949c, x-ibm950, x-ibm964, x-ibm970, x-iscii91, x-iso-2022-cn-cns, x-iso-2022-cn-gb, x-iso-8859-11, x-jis0208, x-jisautodetect, x-johab, x-macarabic, x-maccentraleurope, x-maccroatian, x-maccyrillic, x-macdingbat, x-macgreek, x-machebrew, x-maciceland, x-macroman, x-macromania, x-macsymbol, x-macthai, x-macturkish, x-macukraine, x-ms932_0213, x-ms950-hkscs, x-ms950-hkscs-xp, x-mswin-936, x-pck, x-sjis_0213, x-utf-16le-bom, x-utf-32be-bom, x-utf-32le-bom, x-windows-50220, x-windows-50221, x-windows-874, x-windows-949, x-windows-950, x-windows-iso2022jp
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CSehzuASV%2FjusatRe0xQ7UiG99P4BSufysWDIvMk2ZV7ew%2FaBbPX0%2BQSzHI6HAAMJ%2BDsLov44ImjbNoPMMcykFwG0RQh0%2FC%2BOX0dnfXZXYBbcpTmvGpgsHd8qjtKZadNIydYWw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8aaadc1b2aaf1bfe-OSL
alt-svc: h3=":443"; ma=86400

njwcjyshepnz.buzz/ping?p=0.3138465085869503

172.67.207.189

200 OK

0 B

URL GET HTTP/3
njwcjyshepnz.buzz/ping?p=0.3138465085869503
IP
172.67.207.189:443
ASN
#13335 CLOUDFLARENET

Requested by
https://njwcjyshepnz.buzz/
Certificate
IssuerGoogle Trust Services
Subjectnjwcjyshepnz.buzz
Fingerprint87:1C:26:84:F7:2D:2A:08:B7:D3:E8:44:72:1E:13:C1:8C:83:FD:E6
ValidityMon, 08 Jul 2024 01:11:27 GMT - Sun, 06 Oct 2024 01:11:26 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ping?p=0.3138465085869503 HTTP/1.1
Host: njwcjyshepnz.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://njwcjyshepnz.buzz/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 29 Jul 2024 05:55:27 GMT
content-type: text/plain;charset=UTF-8
content-length: 0
accept-charset: big5, big5-hkscs, cesu-8, euc-jp, euc-kr, gb18030, gb2312, gbk, ibm-thai, ibm00858, ibm01140, ibm01141, ibm01142, ibm01143, ibm01144, ibm01145, ibm01146, ibm01147, ibm01148, ibm01149, ibm037, ibm1026, ibm1047, ibm273, ibm277, ibm278, ibm280, ibm284, ibm285, ibm290, ibm297, ibm420, ibm424, ibm437, ibm500, ibm775, ibm850, ibm852, ibm855, ibm857, ibm860, ibm861, ibm862, ibm863, ibm864, ibm865, ibm866, ibm868, ibm869, ibm870, ibm871, ibm918, iso-2022-cn, iso-2022-jp, iso-2022-jp-2, iso-2022-kr, iso-8859-1, iso-8859-13, iso-8859-15, iso-8859-2, iso-8859-3, iso-8859-4, iso-8859-5, iso-8859-6, iso-8859-7, iso-8859-8, iso-8859-9, jis_x0201, jis_x0212-1990, koi8-r, koi8-u, shift_jis, tis-620, us-ascii, utf-16, utf-16be, utf-16le, utf-32, utf-32be, utf-32le, utf-8, windows-1250, windows-1251, windows-1252, windows-1253, windows-1254, windows-1255, windows-1256, windows-1257, windows-1258, windows-31j, x-big5-hkscs-2001, x-big5-solaris, x-compound_text, x-euc-jp-linux, x-euc-tw, x-eucjp-open, x-ibm1006, x-ibm1025, x-ibm1046, x-ibm1097, x-ibm1098, x-ibm1112, x-ibm1122, x-ibm1123, x-ibm1124, x-ibm1166, x-ibm1364, x-ibm1381, x-ibm1383, x-ibm300, x-ibm33722, x-ibm737, x-ibm833, x-ibm834, x-ibm856, x-ibm874, x-ibm875, x-ibm921, x-ibm922, x-ibm930, x-ibm933, x-ibm935, x-ibm937, x-ibm939, x-ibm942, x-ibm942c, x-ibm943, x-ibm943c, x-ibm948, x-ibm949, x-ibm949c, x-ibm950, x-ibm964, x-ibm970, x-iscii91, x-iso-2022-cn-cns, x-iso-2022-cn-gb, x-iso-8859-11, x-jis0208, x-jisautodetect, x-johab, x-macarabic, x-maccentraleurope, x-maccroatian, x-maccyrillic, x-macdingbat, x-macgreek, x-machebrew, x-maciceland, x-macroman, x-macromania, x-macsymbol, x-macthai, x-macturkish, x-macukraine, x-ms932_0213, x-ms950-hkscs, x-ms950-hkscs-xp, x-mswin-936, x-pck, x-sjis_0213, x-utf-16le-bom, x-utf-32be-bom, x-utf-32le-bom, x-windows-50220, x-windows-50221, x-windows-874, x-windows-949, x-windows-950, x-windows-iso2022jp
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zd7cuytGjkAeOtzD2Fr2vIpUcBI1IEmEK4z%2BcYtF5naEAh%2FheEvqqNxf4m5XdHGGFP6ZX1n89J7SVMXBEJigtaQ%2BNBDI6ijhisEEg%2BsWikOjp7WUHzzdBX0F04qvr3JKh667FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8aaadc2c3beb1bfe-OSL
alt-svc: h3=":443"; ma=86400

ljcdn.kd-pic6669.com/20240729/NkZ5v5Je/1.jpg

104.26.10.242

200 OK

203 kB

URL GET HTTP/2
ljcdn.kd-pic6669.com/20240729/NkZ5v5Je/1.jpg
IP
104.26.10.242:443
ASN
#13335 CLOUDFLARENET

Requested by
https://njwcjyshepnz.buzz/
Certificate
IssuerGoogle Trust Services
Subjectkd-pic6669.com
FingerprintA4:23:1B:6B:5B:55:D5:42:81:F2:C3:6D:0A:C1:1F:9B:9C:BA:A8:AA
ValidityTue, 16 Jul 2024 13:05:32 GMT - Mon, 14 Oct 2024 13:05:31 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 718x404, components 3
Size
203 kB (203160 bytes)
Hash
e6749d8cf9645946aa8f5c5238527ad7
c5833f3ff13ba32c518f61c045f8485ceb137ebb
716eb569ac706ddf79842538051d076d8665f4bc2b46da3898641892646b067a

HTTP Headers

GET /20240729/NkZ5v5Je/1.jpg HTTP/1.1
Host: ljcdn.kd-pic6669.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://njwcjyshepnz.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 29 Jul 2024 05:55:10 GMT
content-type: image/jpeg
content-length: 203160
last-modified: Mon, 29 Jul 2024 02:10:45 GMT
etag: "66a6fa25-31998"
expires: Wed, 28 Aug 2024 05:55:10 GMT
cache-control: max-age=2592000
access-control-allow-credentials: : true
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iQ8bVW047T4k6APNi%2F6O0lJ9IkQTcDcFz0rbgJxhD1b3bRda4FcI7wWan3Vh5r%2FohwSfIvem3burEHVYtIYQbQaWSjPdKxWbMi%2BVLOylhNAiOwW%2Bi3vwm4mAeiSkWZMMbMQYLWVl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8aaadbc268280afe-OSL
X-Firefox-Spdy: h2

ljcdn.kd-pic6669.com/20240729/Q1BMtWvQ/1.jpg

104.26.10.242

200 OK

175 kB

URL GET HTTP/2
ljcdn.kd-pic6669.com/20240729/Q1BMtWvQ/1.jpg
IP
104.26.10.242:443
ASN
#13335 CLOUDFLARENET

Requested by
https://njwcjyshepnz.buzz/
Certificate
IssuerGoogle Trust Services
Subjectkd-pic6669.com
FingerprintA4:23:1B:6B:5B:55:D5:42:81:F2:C3:6D:0A:C1:1F:9B:9C:BA:A8:AA
ValidityTue, 16 Jul 2024 13:05:32 GMT - Mon, 14 Oct 2024 13:05:31 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 718x404, components 3
Size
175 kB (175168 bytes)
Hash
821fc9782352f136e7ca2e3ea48f24e2
fb633ed962f67ef915d3d5c3d3f23fffaa026e2b
932eff56240e8ff737442ec69831fe8a21d4ce886c4ac4eec17dcb807ebbd363

HTTP Headers

GET /20240729/Q1BMtWvQ/1.jpg HTTP/1.1
Host: ljcdn.kd-pic6669.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://njwcjyshepnz.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 29 Jul 2024 05:55:10 GMT
content-type: image/jpeg
content-length: 175168
last-modified: Mon, 29 Jul 2024 02:11:48 GMT
etag: "66a6fa64-2ac40"
expires: Wed, 28 Aug 2024 05:55:10 GMT
cache-control: max-age=2592000
access-control-allow-credentials: : true
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2%2BF0rRxfvEoaU34B31rtdtQ6kqlkcXdHBwWJNgn5sm93X%2Bqv6e8ut0MLdx%2Fg40tesZBoSpJs7FkX0qB1LMHJqvygNyUVxZNq1SOsoUG9StJems%2FHb7Vsm3EucjWVS%2BtXnj2eHuNj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8aaadbc268270afe-OSL
X-Firefox-Spdy: h2

ljcdn.kd-pic6669.com/20240729/wyJGvxdo/1.jpg

104.26.10.242

200 OK

184 kB

URL GET HTTP/2
ljcdn.kd-pic6669.com/20240729/wyJGvxdo/1.jpg
IP
104.26.10.242:443
ASN
#13335 CLOUDFLARENET

Requested by
https://njwcjyshepnz.buzz/
Certificate
IssuerGoogle Trust Services
Subjectkd-pic6669.com
FingerprintA4:23:1B:6B:5B:55:D5:42:81:F2:C3:6D:0A:C1:1F:9B:9C:BA:A8:AA
ValidityTue, 16 Jul 2024 13:05:32 GMT - Mon, 14 Oct 2024 13:05:31 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 718x404, components 3
Size
184 kB (184366 bytes)
Hash
2faa038de35b708f9095774e186f2f61
ef1849a9ed2de66576184fcc5f0a26cba9a00122
2f770b2433ed7350502639615c23a00e8acbf7a8d9dabccbb506874ffbf323bd

HTTP Headers

GET /20240729/wyJGvxdo/1.jpg HTTP/1.1
Host: ljcdn.kd-pic6669.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://njwcjyshepnz.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 29 Jul 2024 05:55:10 GMT
content-type: image/jpeg
content-length: 184366
last-modified: Mon, 29 Jul 2024 02:22:16 GMT
etag: "66a6fcd8-2d02e"
expires: Wed, 28 Aug 2024 05:55:10 GMT
cache-control: max-age=2592000
access-control-allow-credentials: : true
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9x6Gt8cnrp24o8tzgREKs8BWRl7M9cSgPDpeouWpNHf2hLCYUubSEpUSrMjkzkSnxKk%2B5j03DsZd2cjBPm%2FjJuR2TJpUE6by2p45yTxq8DQ50IX89YXU%2BsHZxf%2FquhlNyEJcK%2Beu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8aaadbc2782e0afe-OSL
X-Firefox-Spdy: h2

ljcdn.kd-pic6669.com/20240728/j7nQFFIi/1.jpg

104.26.10.242

200 OK

259 kB

URL GET HTTP/2
ljcdn.kd-pic6669.com/20240728/j7nQFFIi/1.jpg
IP
104.26.10.242:443
ASN
#13335 CLOUDFLARENET

Requested by
https://njwcjyshepnz.buzz/
Certificate
IssuerGoogle Trust Services
Subjectkd-pic6669.com
FingerprintA4:23:1B:6B:5B:55:D5:42:81:F2:C3:6D:0A:C1:1F:9B:9C:BA:A8:AA
ValidityTue, 16 Jul 2024 13:05:32 GMT - Mon, 14 Oct 2024 13:05:31 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 718x404, components 3
Size
259 kB (258951 bytes)
Hash
e2813111c3afbad3011cfb60fe58366f
fad036625bdcf613d46be65ec64c910c9fb119ea
91f28ef028c31b6a2301c407a6af38bb62a3ad3b7a8cb0963aa9665b48bf93a4

HTTP Headers

GET /20240728/j7nQFFIi/1.jpg HTTP/1.1
Host: ljcdn.kd-pic6669.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://njwcjyshepnz.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 29 Jul 2024 05:55:09 GMT
content-type: image/jpeg
content-length: 258951
access-control-allow-origin: *
cache-control: max-age=2592000
cf-bgj: h2pri
etag: "66a58614-3f387"
expires: Tue, 27 Aug 2024 04:05:42 GMT
last-modified: Sat, 27 Jul 2024 23:43:16 GMT
access-control-allow-credentials: : true
cf-cache-status: HIT
age: 92967
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tXkDdOrNTPaTCGjhXBRhvsIGlA1kTgLlOtFUrHfIBSFIysQujhfWaDswh8wWMKIHik2YDwixG4FOtd%2BoJkMoVc2gqg8VZvpA0dLAGDM1YVsVGhCCQh2Lz1b2TU%2BhfbUI8ADiurMb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8aaadbc268210afe-OSL
X-Firefox-Spdy: h2

bjqug.xyz/js/ad_jyshea.js

104.21.74.179

200 OK

3.4 kB

URL GET HTTP/2
bjqug.xyz/js/ad_jyshea.js
IP
104.21.74.179:443
ASN
#13335 CLOUDFLARENET

Requested by
https://njwcjyshepnz.buzz/
Certificate
IssuerCloudflare, Inc.
Subjectbjqug.xyz
Fingerprint07:6D:66:4C:E1:35:70:F0:99:9B:37:6F:66:14:B7:47:3C:8C:BA:AD
ValidityWed, 21 Feb 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (3752), with no line terminators
Size
3.4 kB (3413 bytes)
Hash
fb5251832f4113789b3ea6f5226030bb
94ab6467bc134da7f1e1d859ad2770ac46846823
da9112887957975c0330e68571df345e58d086a6fc9bab180470b8b6ae73408a

HTTP Headers

GET /js/ad_jyshea.js HTTP/1.1
Host: bjqug.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://njwcjyshepnz.buzz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 29 Jul 2024 05:55:09 GMT
content-type: application/javascript
last-modified: Thu, 04 Jul 2024 03:27:35 GMT
vary: Accept-Encoding
etag: W/"668616a7-d55"
expires: Mon, 29 Jul 2024 06:08:15 GMT
cache-control: max-age=43200
content-encoding: gzip
cf-cache-status: HIT
age: 42413
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y0oA57KDyMXtOkU86xv83gzzaWCA9bNaz14eOyqYCGUGngkHO%2F%2BYiiGuETYzm58U4XhtKjhWZ5sr%2BBr8eicanWhrpRjMFayYNLcXJNnW5Qa3Jn9FnV8A3LJ9zEQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8aaadbc31cf90b45-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ljcdn.kd-pic6669.com/20240729/zfFvO1ga/1.jpg

104.26.10.242

200 OK

80 kB

URL GET HTTP/2
ljcdn.kd-pic6669.com/20240729/zfFvO1ga/1.jpg
IP
104.26.10.242:443
ASN
#13335 CLOUDFLARENET

Requested by
https://njwcjyshepnz.buzz/
Certificate
IssuerGoogle Trust Services
Subjectkd-pic6669.com
FingerprintA4:23:1B:6B:5B:55:D5:42:81:F2:C3:6D:0A:C1:1F:9B:9C:BA:A8:AA
ValidityTue, 16 Jul 2024 13:05:32 GMT - Mon, 14 Oct 2024 13:05:31 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 718x404, components 3
Size
80 kB (79810 bytes)
Hash
f06c216676a9fd8c506765f3a17aef7d
247f005ae358248aabb22c9548b29c50fe6d6709
450c44c74d727eeea211276df6f3b7ce9d6a4a92d432e6ea9710ecadeea9d2ee

HTTP Headers

GET /20240729/zfFvO1ga/1.jpg HTTP/1.1
Host: ljcdn.kd-pic6669.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://njwcjyshepnz.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 29 Jul 2024 05:55:10 GMT
content-type: image/jpeg
content-length: 79810
last-modified: Mon, 29 Jul 2024 02:12:20 GMT
etag: "66a6fa84-137c2"
expires: Wed, 28 Aug 2024 05:55:10 GMT
cache-control: max-age=2592000
access-control-allow-credentials: : true
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ktXN6z4NsyMCZqJ8Ui3Dz1DQiN6k7krBvwkKQ2P6eo0lHF4txDz2c%2FENgydHJjXmajBV%2FKm6LvBELB4XT18MLjWMDAoch3L0CqUePVuj8dtq2OUlbODU98PRNDPj3O6okCdeyrHG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8aaadbc268220afe-OSL
X-Firefox-Spdy: h2

alxqq.xyz/js/adlm.js

104.21.87.141

200 OK

16 kB

URL GET HTTP/2
alxqq.xyz/js/adlm.js
IP
104.21.87.141:443
ASN
#13335 CLOUDFLARENET

Requested by
https://njwcjyshepnz.buzz/
Certificate
IssuerGoogle Trust Services
Subjectalxqq.xyz
FingerprintDA:94:BF:8A:5D:2E:B7:6C:4E:20:75:AE:29:47:26:FE:8F:84:D9:96
ValidityTue, 09 Jul 2024 15:18:17 GMT - Mon, 07 Oct 2024 15:18:16 GMT

File type
JavaScript source, ASCII text, with very long lines (1940)
Size
16 kB (16167 bytes)
Hash
669039b93efd60223200133664c7ebd9
f36202655d57310d196cf70f9d8a041ded7c80df
d9cf52ef313f529a596db74f522cbe9a7263ab677be6ebb552c23f244025b48c

HTTP Headers

GET /js/adlm.js HTTP/1.1
Host: alxqq.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://njwcjyshepnz.buzz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 29 Jul 2024 05:55:09 GMT
content-type: application/javascript
last-modified: Fri, 19 Jul 2024 13:20:00 GMT
vary: Accept-Encoding
etag: W/"669a6800-3f27"
expires: Mon, 29 Jul 2024 09:14:02 GMT
cache-control: max-age=43200
content-encoding: gzip
cf-cache-status: HIT
age: 31267
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CARJz54jbhT3AcYKdW0chR8VPyuWr8K0fkb1%2Fv9NSMkncRnNgbQxwWxWdgUig8wrofbZI8iaJAia17DDz5Ku1%2Fc9DN3VSP6UcSwkc03Us1Nvy6xdLNgKSbTKBY4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8aaadbbdbb23569d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ljcdn.kd-pic6669.com/20240729/lF6QxsmP/1.jpg

104.26.10.242

200 OK

253 kB

URL GET HTTP/2
ljcdn.kd-pic6669.com/20240729/lF6QxsmP/1.jpg
IP
104.26.10.242:443
ASN
#13335 CLOUDFLARENET

Requested by
https://njwcjyshepnz.buzz/
Certificate
IssuerGoogle Trust Services
Subjectkd-pic6669.com
FingerprintA4:23:1B:6B:5B:55:D5:42:81:F2:C3:6D:0A:C1:1F:9B:9C:BA:A8:AA
ValidityTue, 16 Jul 2024 13:05:32 GMT - Mon, 14 Oct 2024 13:05:31 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 718x404, components 3
Size
253 kB (253219 bytes)
Hash
5161ca6f59b1f1de18efc61154166103
69b18ab1002c3856f4608da20b084f4a387fa3e0
cdd156cc10c82039cea85202b38bfe5df072ebff0ae91ffa08cbf71de8ef65ec

HTTP Headers

GET /20240729/lF6QxsmP/1.jpg HTTP/1.1
Host: ljcdn.kd-pic6669.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://njwcjyshepnz.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 29 Jul 2024 05:55:10 GMT
content-type: image/jpeg
content-length: 253219
last-modified: Mon, 29 Jul 2024 02:12:21 GMT
etag: "66a6fa85-3dd23"
expires: Wed, 28 Aug 2024 05:55:10 GMT
cache-control: max-age=2592000
access-control-allow-credentials: : true
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y83%2BEuCsEx5vFs93hlK2GZ70wK2lBZP3aUfmzhk4Meedk0y5x1AuyB5TGTJBGULVg0qe3gfFnwpbWayDDn3oYA4pCgA2gyfuBO5DpjA1cT1yu%2Fh%2F4FleH2mN%2FKJi8LwyU3frbkDg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8aaadbc268260afe-OSL
X-Firefox-Spdy: h2

njwcjyshepnz.buzz/

172.67.207.189

200 OK

100 kB

URL User Request GET HTTP/2
njwcjyshepnz.buzz/
IP
172.67.207.189:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectnjwcjyshepnz.buzz
Fingerprint87:1C:26:84:F7:2D:2A:08:B7:D3:E8:44:72:1E:13:C1:8C:83:FD:E6
ValidityMon, 08 Jul 2024 01:11:27 GMT - Sun, 06 Oct 2024 01:11:26 GMT

File type

Size
100 kB (99617 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: njwcjyshepnz.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 29 Jul 2024 05:55:08 GMT
content-type: text/html;charset=UTF-8
vary: Accept-Encoding
accept-charset: big5, big5-hkscs, cesu-8, euc-jp, euc-kr, gb18030, gb2312, gbk, ibm-thai, ibm00858, ibm01140, ibm01141, ibm01142, ibm01143, ibm01144, ibm01145, ibm01146, ibm01147, ibm01148, ibm01149, ibm037, ibm1026, ibm1047, ibm273, ibm277, ibm278, ibm280, ibm284, ibm285, ibm290, ibm297, ibm420, ibm424, ibm437, ibm500, ibm775, ibm850, ibm852, ibm855, ibm857, ibm860, ibm861, ibm862, ibm863, ibm864, ibm865, ibm866, ibm868, ibm869, ibm870, ibm871, ibm918, iso-2022-cn, iso-2022-jp, iso-2022-jp-2, iso-2022-kr, iso-8859-1, iso-8859-13, iso-8859-15, iso-8859-2, iso-8859-3, iso-8859-4, iso-8859-5, iso-8859-6, iso-8859-7, iso-8859-8, iso-8859-9, jis_x0201, jis_x0212-1990, koi8-r, koi8-u, shift_jis, tis-620, us-ascii, utf-16, utf-16be, utf-16le, utf-32, utf-32be, utf-32le, utf-8, windows-1250, windows-1251, windows-1252, windows-1253, windows-1254, windows-1255, windows-1256, windows-1257, windows-1258, windows-31j, x-big5-hkscs-2001, x-big5-solaris, x-compound_text, x-euc-jp-linux, x-euc-tw, x-eucjp-open, x-ibm1006, x-ibm1025, x-ibm1046, x-ibm1097, x-ibm1098, x-ibm1112, x-ibm1122, x-ibm1123, x-ibm1124, x-ibm1166, x-ibm1364, x-ibm1381, x-ibm1383, x-ibm300, x-ibm33722, x-ibm737, x-ibm833, x-ibm834, x-ibm856, x-ibm874, x-ibm875, x-ibm921, x-ibm922, x-ibm930, x-ibm933, x-ibm935, x-ibm937, x-ibm939, x-ibm942, x-ibm942c, x-ibm943, x-ibm943c, x-ibm948, x-ibm949, x-ibm949c, x-ibm950, x-ibm964, x-ibm970, x-iscii91, x-iso-2022-cn-cns, x-iso-2022-cn-gb, x-iso-8859-11, x-jis0208, x-jisautodetect, x-johab, x-macarabic, x-maccentraleurope, x-maccroatian, x-maccyrillic, x-macdingbat, x-macgreek, x-machebrew, x-maciceland, x-macroman, x-macromania, x-macsymbol, x-macthai, x-macturkish, x-macukraine, x-ms932_0213, x-ms950-hkscs, x-ms950-hkscs-xp, x-mswin-936, x-pck, x-sjis_0213, x-utf-16le-bom, x-utf-32be-bom, x-utf-32le-bom, x-windows-50220, x-windows-50221, x-windows-874, x-windows-949, x-windows-950, x-windows-iso2022jp
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VLGo7HxUMlrGO4oIv4kDm1BfVPuUiV5xtORjTFYc%2F%2FwcYP58ujn7USm2dEiFrqEm6rqzztoha60WQYNnEJT0Pnmg2HhLUT3SWM2AAyMME4AzKdHAr3baImf2V5W7UMFYXqIJkg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8aaadbb6884856bb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ljcdn.kd-pic6669.com/20240729/rfNs0mIj/1.jpg

104.26.10.242

200 OK

217 kB

URL GET HTTP/2
ljcdn.kd-pic6669.com/20240729/rfNs0mIj/1.jpg
IP
104.26.10.242:443
ASN
#13335 CLOUDFLARENET

Requested by
https://njwcjyshepnz.buzz/
Certificate
IssuerGoogle Trust Services
Subjectkd-pic6669.com
FingerprintA4:23:1B:6B:5B:55:D5:42:81:F2:C3:6D:0A:C1:1F:9B:9C:BA:A8:AA
ValidityTue, 16 Jul 2024 13:05:32 GMT - Mon, 14 Oct 2024 13:05:31 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 718x404, components 3
Size
217 kB (216622 bytes)
Hash
3f953eec28378f3e019ce4a0da94db40
92a262811e913e24b3fdb4b2e848dc4bf3979735
b3f56ea3351886e9cd10e99f87e428ffd2bb9f6b422ee0d1284c5d5264baa534

HTTP Headers

GET /20240729/rfNs0mIj/1.jpg HTTP/1.1
Host: ljcdn.kd-pic6669.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://njwcjyshepnz.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 29 Jul 2024 05:55:10 GMT
content-type: image/jpeg
content-length: 216622
last-modified: Mon, 29 Jul 2024 02:11:50 GMT
etag: "66a6fa66-34e2e"
expires: Wed, 28 Aug 2024 05:55:10 GMT
cache-control: max-age=2592000
access-control-allow-credentials: : true
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HkXgNkTO2HJeFRh339Pd0hypLTBpWEHtS7HGh22F2jczNl4jzUq%2BKfyioK%2B5hxZq6R0Ur0BB68CQhkQJ6FqNbEH2zeaVr7NJC97d3s2LxIhgumVSG%2F04I19Pl3uUoaCnp%2BO1ZhY%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8aaadbc268240afe-OSL
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (17)

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations