172.67.137.43200 OK 0 B URL User Request GET HTTP/2 IP 172.67.137.43:443
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint6D:A6:CC:83:13:9F:95:C3:7F:A9:B6:D0:EF:91:9B:70:44:9F:2A:70
ValiditySat, 21 May 2022 00:00:00 GMT - Sat, 20 May 2023 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Generic/Spear Phishing
fortinet Phishing
GET / HTTP/1.1
Host: al30.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Date: Mon, 10 Apr 2023 09:38:47 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 10 Apr 2023 10:38:47 GMT
Location: https://al30.xyz/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QVKWmIvi4yqUFVFqClgXoMhVXbQ%2BZIcbYWerEsnaoAp6m33fRm0QgsA5OWUFtrZvyG%2FS0qGKftIbRQ7kGbqgeaqfjrhe26yR%2FUqVM586r9LvLikn6KODAMKhJg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7b5a04d4b9f8b512-OSL
alt-svc: h2=":443"; ma=60
ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js
142.250.74.42200 OK 33 kB URL GET HTTP/2 ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js
IP 142.250.74.42:443
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint77:43:87:91:D0:0A:64:BD:84:1C:9A:F5:10:86:8E:8E:04:F1:F9:A3
ValidityMon, 20 Mar 2023 08:25:51 GMT - Mon, 12 Jun 2023 08:25:50 GMT
File type ASCII text, with very long lines (32086)
Hash 430e927c980ad4079de727fa59dd93f2
891aaada9a55a91292999f6d50fd300439905982
e8728df8617340bd8c10bc8d27d3a725a48871a269c850e8598689938ec6e2ed
GET /ajax/libs/jquery/1.11.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al30.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33434
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 07 Apr 2023 18:05:12 GMT
expires: Sat, 06 Apr 2024 18:05:12 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 228815
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
i.imgur.com/NGwTAiV.png
151.101.84.193200 OK 91 kB IP 151.101.84.193:443
Certificate IssuerSectigo Limited
Subject*.imgur.com
FingerprintD6:4D:45:03:6D:38:F8:FD:EA:AF:E5:92:B3:4D:85:A5:6B:AF:5C:EC
ValidityMon, 13 Mar 2023 00:00:00 GMT - Tue, 12 Mar 2024 23:59:59 GMT
File type PNG image data, 199 x 172, 8-bit/color RGBA, non-interlaced\012- data
Hash 47e4fcdf01d55744b95e366e1e764ed8
2b3b2e8521de4a0ded84ede86188c7cc83146608
831881b53108e2d7cb65a39adfa8a29e7d81b35e732c7fee8fadc056c316b3e5
GET /NGwTAiV.png HTTP/1.1
Host: i.imgur.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al30.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
last-modified: Mon, 13 Mar 2023 09:48:07 GMT
etag: "47e4fcdf01d55744b95e366e1e764ed8"
x-amz-server-side-encryption: AES256
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Mon, 10 Apr 2023 09:38:47 GMT
age: 2418639
x-served-by: cache-iad-kiad7000164-IAD, cache-bma1647-BMA
x-cache: HIT, HIT
x-cache-hits: 63596, 1
x-timer: S1681119528.577217,VS0,VE1
strict-transport-security: max-age=300
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
server: cat factory 1.0
x-content-type-options: nosniff
content-length: 90596
X-Firefox-Spdy: h2
i.imgur.com/xp1ER6K.jpg
151.101.84.193200 OK 704 B IP 151.101.84.193:443
Certificate IssuerSectigo Limited
Subject*.imgur.com
FingerprintD6:4D:45:03:6D:38:F8:FD:EA:AF:E5:92:B3:4D:85:A5:6B:AF:5C:EC
ValidityMon, 13 Mar 2023 00:00:00 GMT - Tue, 12 Mar 2024 23:59:59 GMT
File type JPEG image data, baseline, precision 8, 32x32, components 3\012- data
Hash 4ea681c0204fc3156ff7b73272ee4aa7
44a67657661345aa6d939cb1836413c0704e0a4d
2ab23488bfa39196452aab12c8d6e73ddf3f028523f55d63e25a23739d8a5362
GET /xp1ER6K.jpg HTTP/1.1
Host: i.imgur.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al30.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
last-modified: Sun, 24 Apr 2022 02:31:32 GMT
etag: "4ea681c0204fc3156ff7b73272ee4aa7"
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Mon, 10 Apr 2023 09:38:47 GMT
age: 2940833
x-served-by: cache-iad-kcgs7200088-IAD, cache-bma1647-BMA
x-cache: HIT, HIT
x-cache-hits: 5002, 42
x-timer: S1681119528.585174,VS0,VE0
strict-transport-security: max-age=300
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
server: cat factory 1.0
x-content-type-options: nosniff
content-length: 704
X-Firefox-Spdy: h2
i.imgur.com/IuSEdFN.jpeg
151.101.84.193200 OK 39 kB IP 151.101.84.193:443
Certificate IssuerSectigo Limited
Subject*.imgur.com
FingerprintD6:4D:45:03:6D:38:F8:FD:EA:AF:E5:92:B3:4D:85:A5:6B:AF:5C:EC
ValidityMon, 13 Mar 2023 00:00:00 GMT - Tue, 12 Mar 2024 23:59:59 GMT
File type JPEG image data, progressive, precision 8, 480x640, components 3\012- data
Hash 13d2281ab470977a2974a4b61e9a6b1c
eb45343ed7da5ee2b5a10ea4c75230db00f543cc
c3efe6d0acbe6eb1b931117a3ff09a3b43d0827d552ba95320fe01f3fca86d5f
GET /IuSEdFN.jpeg HTTP/1.1
Host: i.imgur.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al30.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
last-modified: Fri, 01 Nov 2013 03:25:26 GMT
etag: "13d2281ab470977a2974a4b61e9a6b1c"
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Mon, 10 Apr 2023 09:38:47 GMT
age: 2233128
x-served-by: cache-iad-kjyo7100053-IAD, cache-bma1647-BMA
x-cache: HIT, HIT
x-cache-hits: 15, 7
x-timer: S1681119528.579891,VS0,VE0
strict-transport-security: max-age=300
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
server: cat factory 1.0
x-content-type-options: nosniff
content-length: 39276
X-Firefox-Spdy: h2
i.imgur.com/NNDIcLM.jpg
151.101.84.193200 OK 174 kB IP 151.101.84.193:443
Certificate IssuerSectigo Limited
Subject*.imgur.com
FingerprintD6:4D:45:03:6D:38:F8:FD:EA:AF:E5:92:B3:4D:85:A5:6B:AF:5C:EC
ValidityMon, 13 Mar 2023 00:00:00 GMT - Tue, 12 Mar 2024 23:59:59 GMT
File type JPEG image data, baseline, precision 8, 1116x658, components 3\012- data
Size 174 kB (173761 bytes)
Hash 1399966484ddba7712071e11dc0831aa
573be7d641cc9747dee8c8645b0892da7dd23fa5
7a283e42128db3841b2d94304e2c0d72b3d3a2830d849ff45dcee8c320a41f7e
GET /NNDIcLM.jpg HTTP/1.1
Host: i.imgur.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al30.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
last-modified: Thu, 16 Mar 2023 09:07:56 GMT
etag: "1399966484ddba7712071e11dc0831aa"
x-amz-server-side-encryption: AES256
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Mon, 10 Apr 2023 09:38:47 GMT
age: 2161850
x-served-by: cache-iad-kjyo7100121-IAD, cache-bma1647-BMA
x-cache: HIT, HIT
x-cache-hits: 44, 2
x-timer: S1681119528.578261,VS0,VE0
strict-transport-security: max-age=300
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
server: cat factory 1.0
x-content-type-options: nosniff
content-length: 173761
X-Firefox-Spdy: h2
i.imgur.com/hdowCP7.png
151.101.84.193200 OK 87 kB IP 151.101.84.193:443
Certificate IssuerSectigo Limited
Subject*.imgur.com
FingerprintD6:4D:45:03:6D:38:F8:FD:EA:AF:E5:92:B3:4D:85:A5:6B:AF:5C:EC
ValidityMon, 13 Mar 2023 00:00:00 GMT - Tue, 12 Mar 2024 23:59:59 GMT
File type PNG image data, 181 x 175, 8-bit/color RGBA, non-interlaced\012- data
Hash df599ec50bf8e5390e0bdbd46d6e410b
f264492b42e510930923cabcc01a2344b97ddc65
800026cf07499d867678b7266bbf4e8290ef8e5fbffda70d411c783e62faf26b
GET /hdowCP7.png HTTP/1.1
Host: i.imgur.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al30.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
last-modified: Mon, 13 Mar 2023 09:49:25 GMT
etag: "df599ec50bf8e5390e0bdbd46d6e410b"
x-amz-server-side-encryption: AES256
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Mon, 10 Apr 2023 09:38:47 GMT
age: 2418562
x-served-by: cache-iad-kcgs7200067-IAD, cache-bma1647-BMA
x-cache: HIT, HIT
x-cache-hits: 1771, 7
x-timer: S1681119528.585805,VS0,VE0
strict-transport-security: max-age=300
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
server: cat factory 1.0
x-content-type-options: nosniff
content-length: 87124
X-Firefox-Spdy: h2
i.imgur.com/KVSxPlB.png
151.101.84.193200 OK 100 kB IP 151.101.84.193:443
Certificate IssuerSectigo Limited
Subject*.imgur.com
FingerprintD6:4D:45:03:6D:38:F8:FD:EA:AF:E5:92:B3:4D:85:A5:6B:AF:5C:EC
ValidityMon, 13 Mar 2023 00:00:00 GMT - Tue, 12 Mar 2024 23:59:59 GMT
File type PNG image data, 154 x 243, 8-bit/color RGBA, non-interlaced\012- data
Size 100 kB (100200 bytes)
Hash b6b79b21819de0e1bacfd881b2f6fa5c
a14817024648f5b4f74422aee74b57c091589743
515fad34dd3614b1e333d2ac791a7d99568e4c71972750650c8ae0f9a40e60ec
GET /KVSxPlB.png HTTP/1.1
Host: i.imgur.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al30.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
last-modified: Mon, 13 Mar 2023 09:34:32 GMT
etag: "b6b79b21819de0e1bacfd881b2f6fa5c"
x-amz-server-side-encryption: AES256
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Mon, 10 Apr 2023 09:38:47 GMT
age: 1045360
x-served-by: cache-iad-kiad7000099-IAD, cache-bma1647-BMA
x-cache: HIT, HIT
x-cache-hits: 16009, 1
x-timer: S1681119528.583984,VS0,VE2
strict-transport-security: max-age=300
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
server: cat factory 1.0
x-content-type-options: nosniff
content-length: 100200
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=G-DJL7JFN301
142.250.74.40200 OK 84 kB URL GET HTTP/2 www.googletagmanager.com/gtag/js?id=G-DJL7JFN301
IP 142.250.74.40:443
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint3C:0B:85:94:2A:86:0A:B3:D0:9E:43:A9:87:6A:FB:56:49:9F:F6:B8
ValidityMon, 20 Mar 2023 08:17:43 GMT - Mon, 12 Jun 2023 08:17:42 GMT
File type ASCII text, with very long lines (30260)
Hash 12c8dea231d11c9a30aa6f8469981b5e
7e10fcbe6e1b7568cd821e34b9094cc97a0f6130
05699f715f59b5d33b26945d03f31bb8ee52496167542a6b755565ce22293b15
GET /gtag/js?id=G-DJL7JFN301 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al30.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 10 Apr 2023 09:38:47 GMT
expires: Mon, 10 Apr 2023 09:38:47 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 84100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
i.imgur.com/FLUfH79.png
151.101.84.193200 OK 234 kB IP 151.101.84.193:443
Certificate IssuerSectigo Limited
Subject*.imgur.com
FingerprintD6:4D:45:03:6D:38:F8:FD:EA:AF:E5:92:B3:4D:85:A5:6B:AF:5C:EC
ValidityMon, 13 Mar 2023 00:00:00 GMT - Tue, 12 Mar 2024 23:59:59 GMT
File type PNG image data, 581 x 513, 8-bit/color RGBA, non-interlaced\012- data
Size 234 kB (233927 bytes)
Hash dd5fc86043dc7f902a8d3882e1031afc
6b8d4d07eb3454111be16f913a4213a3fd662c71
7f6925a246ac59b1fdffc6853f41932e94b0ae01f2d911f338f04a3398265bc6
GET /FLUfH79.png HTTP/1.1
Host: i.imgur.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al30.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 21 Mar 2023 07:20:08 GMT
etag: "dd5fc86043dc7f902a8d3882e1031afc"
x-amz-server-side-encryption: AES256
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Mon, 10 Apr 2023 09:38:48 GMT
age: 1099794
x-served-by: cache-iad-kjyo7100030-IAD, cache-bma1647-BMA
x-cache: HIT, HIT
x-cache-hits: 8582, 1
x-timer: S1681119528.412380,VS0,VE1
strict-transport-security: max-age=300
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
server: cat factory 1.0
x-content-type-options: nosniff
content-length: 233927
X-Firefox-Spdy: h2
hm.baidu.com/hm.js?22e489d9750288b2b14a563a05a1d794
103.235.46.191200 OK 11 kB URL GET HTTP/1.1 hm.baidu.com/hm.js?22e489d9750288b2b14a563a05a1d794
IP 103.235.46.191:443
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
Certificate IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint48:6A:ED:D1:68:52:E5:97:4F:A0:92:46:B3:3C:56:46:3D:D9:9C:D5
ValidityTue, 05 Jul 2022 05:16:02 GMT - Sun, 06 Aug 2023 05:16:01 GMT
File type ASCII text, with very long lines (618)
Hash 053156837d2aefe54b5f6da259e37726
366c6b1a710c508ffcb3568843959c5df225ae4e
4bedcb81ea461813fdc7e430b6d6a47dce22114ce1a0080407d246d7cb5cf107
GET /hm.js?22e489d9750288b2b14a563a05a1d794 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al30.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11256
Content-Type: application/javascript
Date: Mon, 10 Apr 2023 09:38:50 GMT
Etag: 738aba808f2885bd28a7781dcd15409f
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=F390D5A02D833FBD; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=901&et=0&ja=0&ln=en-us&lo=0&rnd=1111845290&si=22e489d9750288b2b14a563a05a1d794&v=1.3.0&lv=1&sn=15711&r=0&ww=1152&u=https%3A%2F%2Fal30.xyz%2F%231681119528001&tt=Ramadan%20Offers%2050GB%20Free%20Internet!
103.235.46.191200 OK 43 B URL GET HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=901&et=0&ja=0&ln=en-us&lo=0&rnd=1111845290&si=22e489d9750288b2b14a563a05a1d794&v=1.3.0&lv=1&sn=15711&r=0&ww=1152&u=https%3A%2F%2Fal30.xyz%2F%231681119528001&tt=Ramadan%20Offers%2050GB%20Free%20Internet!
IP 103.235.46.191:443
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
Certificate IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint48:6A:ED:D1:68:52:E5:97:4F:A0:92:46:B3:3C:56:46:3D:D9:9C:D5
ValidityTue, 05 Jul 2022 05:16:02 GMT - Sun, 06 Aug 2023 05:16:01 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=901&et=0&ja=0&ln=en-us&lo=0&rnd=1111845290&si=22e489d9750288b2b14a563a05a1d794&v=1.3.0&lv=1&sn=15711&r=0&ww=1152&u=https%3A%2F%2Fal30.xyz%2F%231681119528001&tt=Ramadan%20Offers%2050GB%20Free%20Internet! HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al30.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Mon, 10 Apr 2023 09:38:51 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=C1F00E539002E854; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
qc99.xyz/js/jquery.min.js?t=1681119527&_=1681119527465
104.21.48.118200 OK 87 kB URL GET HTTP/2 qc99.xyz/js/jquery.min.js?t=1681119527&_=1681119527465
IP 104.21.48.118:443
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintE8:51:9E:21:F1:1E:3E:4F:2B:68:C8:61:21:12:E7:26:CF:8F:56:3C
ValidityWed, 18 May 2022 00:00:00 GMT - Wed, 17 May 2023 23:59:59 GMT
File type ASCII text, with very long lines (65450), with CRLF line terminators
Hash a46fb81762396b7bf2020774a2fb4d9e
fb5edd7a663dc8dda7ec10815a7cd82a30fc98a7
d30b6114fb9496ae46b2a8cdf59379c8ffdb957534bd1dd73e626c7c61c7e67d
Analyzer Verdict Alert openphish Generic/Spear Phishing
GET /js/jquery.min.js?t=1681119527&_=1681119527465 HTTP/1.1
Host: qc99.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al30.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 10 Apr 2023 09:38:48 GMT
content-type: application/javascript
last-modified: Mon, 21 Mar 2022 20:35:22 GMT
vary: Accept-Encoding
etag: W/"6238e18a-1538f"
expires: Mon, 10 Apr 2023 21:38:47 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bU16Ey3DuoIazOk2zumg2hN%2Bn2oEbev3HdlEET6AEqL7sxHw1fJq4jQO4MU3pBTQfvjThrrd4f3kFLcArzlKptkH4YQoB50AwV%2BlhEBtxxcC1SGc8JsLLb%2FpMA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b5a04d97bdf1c06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
social19.xyz/js/jquery.min.js?t=1681119527&_=1681119527468
104.21.19.44200 OK 87 kB URL GET HTTP/2 social19.xyz/js/jquery.min.js?t=1681119527&_=1681119527468
IP 104.21.19.44:443
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint4E:74:82:58:8E:86:1A:2C:A3:78:5D:C3:B5:47:E0:63:3D:4F:B3:BA
ValidityMon, 20 Jun 2022 00:00:00 GMT - Mon, 19 Jun 2023 23:59:59 GMT
File type ASCII text, with very long lines (65450), with CRLF line terminators
Hash a46fb81762396b7bf2020774a2fb4d9e
fb5edd7a663dc8dda7ec10815a7cd82a30fc98a7
d30b6114fb9496ae46b2a8cdf59379c8ffdb957534bd1dd73e626c7c61c7e67d
GET /js/jquery.min.js?t=1681119527&_=1681119527468 HTTP/1.1
Host: social19.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al30.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 10 Apr 2023 09:38:48 GMT
content-type: application/javascript
last-modified: Mon, 21 Mar 2022 20:35:22 GMT
vary: Accept-Encoding
etag: W/"6238e18a-1538f"
expires: Mon, 10 Apr 2023 21:38:48 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pFTJ4k%2B8CqZn2ocMGHpahHiWFXbP%2Bbfrn5gizGX5c%2BrxATt%2FUVHYUm4YF%2BaE3Nb9D3y%2FfkMvZW8oY49KMc5PLPM6lv4cXhJbKoYaKJvJj7fU8KpEinvffe%2FxaDHtS8M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b5a04d97b28b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
al30.xyz/
172.67.137.43200 OK 64 kB IP 172.67.137.43:443
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint6D:A6:CC:83:13:9F:95:C3:7F:A9:B6:D0:EF:91:9B:70:44:9F:2A:70
ValiditySat, 21 May 2022 00:00:00 GMT - Sat, 20 May 2023 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (1321), with CRLF, LF line terminators
Hash d6546aea78d1aca9c4ee428395ecd3c9
85b1b11b318c89468105495397f76911655f3390
19f43ff52a852ca3371921dcdf6cdcdac4b446c7c188d10495a8e4efa4047c6b
Analyzer Verdict Alert openphish Generic/Spear Phishing
fortinet Phishing
GET / HTTP/1.1
Host: al30.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: al30.xyz
Connection: keep-alive
Referer: https://al30.xyz/
Cookie: loclang=en; reg=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 10 Apr 2023 09:38:47 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: reg=1; expires=Wed, 10-May-2023 09:38:47 GMT; Max-Age=2592000
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=11uoAr7owWxFa6%2FINrf5HXpn4sJoyU52F6yTjJ%2BRJ6pJxT%2FTEW%2FzYf9rCv1gLwJ6eSgjoXNsE8rf56Yo3ooUKQCWhuR%2BDI1aUCSpgwbrhx987mhpmtufu5V3rA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b5a04d70aa7b4fd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
hi16.xyz/js/jquery.min.js?t=1681119527&_=1681119527466
172.67.163.196200 OK 87 kB URL GET HTTP/2 hi16.xyz/js/jquery.min.js?t=1681119527&_=1681119527466
IP 172.67.163.196:443
Certificate IssuerLet's Encrypt
Subject*.hi16.xyz
FingerprintD3:62:07:25:A8:8D:FB:EB:A8:D8:05:79:42:E1:B2:B0:C7:F2:F7:28
ValiditySun, 05 Mar 2023 18:43:41 GMT - Sat, 03 Jun 2023 18:43:40 GMT
File type ASCII text, with very long lines (65450), with CRLF line terminators
Hash a46fb81762396b7bf2020774a2fb4d9e
fb5edd7a663dc8dda7ec10815a7cd82a30fc98a7
d30b6114fb9496ae46b2a8cdf59379c8ffdb957534bd1dd73e626c7c61c7e67d
GET /js/jquery.min.js?t=1681119527&_=1681119527466 HTTP/1.1
Host: hi16.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al30.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 10 Apr 2023 09:38:48 GMT
content-type: application/javascript
last-modified: Mon, 21 Mar 2022 20:35:22 GMT
vary: Accept-Encoding
etag: W/"6238e18a-1538f"
expires: Mon, 10 Apr 2023 21:38:47 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hyBUmU3Dczcpb77a8JDvU%2BqsiXx%2Bz%2FstcB9SNRiuAcI7ZE9h4oKnM4N0r3tzUd7ipduZ5eDan9IFbCB1YfZuhPyi4ks4yVUaxQLI5RnHs3khWXbVff2hpDgL4A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b5a04d98a15b4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
sfbx4.xyz/js/jquery.min.js?t=1681119527&_=1681119527467
0.0.0.0 0 B URL GET sfbx4.xyz/js/jquery.min.js?t=1681119527&_=1681119527467
IP 0.0.0.0:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /js/jquery.min.js?t=1681119527&_=1681119527467 HTTP/1.1
Host: sfbx4.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al30.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache