Report - hikarikaisen.conohawing.com/not-connect/

Report Overview

Visited public
2025-03-10 23:56:12
Tags
URL
hikarikaisen.conohawing.com/not-connect/
Finishing URL
hikarikaisen.conohawing.com/not-connect/
IP / ASN
160.251.148.85
#58791 GMO Internet,Inc
Title
光回線が繋がらないトラブルの原因とその対処法 | 光回線の手引き

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
use.fontawesome.com	942	2012-10-18	2017-01-30	2025-03-05	2.1 kB	519 kB	104.21.27.152
fonts.googleapis.com	8877	2005-01-25	2012-05-23	2025-03-05	480 B	3.2 kB	142.250.178.42
hikarikaisen.conohawing.com	unknown	unknown	No data	No data	11 kB	1.2 MB	160.251.148.85
fonts.gstatic.com	unknown	2008-02-11	2014-04-02	2025-03-05	1.1 kB	58 kB	142.250.178.99
2gwk17pq6.xyz	unknown	2015-07-06	2025-03-10	2025-03-10	1.3 kB	1.2 kB	157.112.152.9

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-03-10	medium	conohawing.com	Sinkholed
2025-03-10	medium	conohawing.com	Sinkholed
2025-03-10	medium	conohawing.com	Sinkholed
2025-03-10	medium	conohawing.com	Sinkholed
2025-03-10	medium	conohawing.com	Sinkholed
2025-03-10	medium	conohawing.com	Sinkholed
2025-03-10	medium	conohawing.com	Sinkholed
2025-03-10	medium	conohawing.com	Sinkholed
2025-03-10	medium	conohawing.com	Sinkholed
2025-03-10	medium	conohawing.com	Sinkholed
2025-03-10	medium	conohawing.com	Sinkholed
2025-03-10	medium	conohawing.com	Sinkholed
2025-03-10	medium	conohawing.com	Sinkholed
2025-03-10	medium	conohawing.com	Sinkholed
2025-03-10	medium	conohawing.com	Sinkholed
2025-03-10	medium	conohawing.com	Sinkholed
2025-03-10	medium	conohawing.com	Sinkholed
2025-03-10	medium	conohawing.com	Sinkholed
2025-03-10	medium	conohawing.com	Sinkholed
2025-03-10	medium	conohawing.com	Sinkholed
2025-03-10	medium	conohawing.com	Sinkholed
2025-03-10	medium	conohawing.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (16)

	URL	From	Size	First Seen	Last Seen
	hikarikaisen.conohawing.com/not-connect/	ScriptElement	3.3 kB	2025-03-10	2025-03-10
Pretty URL hikarikaisen.conohawing.com/not-connect/ IP 160.251.148.85 ASN #58791 GMO Internet,Inc Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-10 23:56 Last Seen2025-03-10 23:56 Times Seen1 Hash 3c713c5bc019e5fbcf9c8b9ecca14486 8d3c913270de91578d02399222e66b798ec14d76 44f6a690f5e5ffddc85d1acfce1b75eeb12bafe2630b50f5575677f1ac4049e8 Loading...

	hikarikaisen.conohawing.com/wp-content/plugins/ewww-image-optimizer/includes/lazysizes.min.js	ScriptElement	16 kB	2024-04-26	2025-06-02
Pretty URL hikarikaisen.conohawing.com/wp-content/plugins/ewww-image-optimizer/includes/lazysizes.min.js IP 160.251.148.85 ASN #58791 GMO Internet,Inc Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 21:41 Last Seen2025-06-02 06:04 Times Seen327 Hash ad9164444bb93dfe78e72d5b6d407edc 519d2296f30001084f4883b495789c1909579979 88d976ec9c0fc488231f8152d80fb875965ce0d3143428f79d74796541c33464 Loading...

	2gwk17pq6.xyz/kaiseki70/analysis.php?NUM=UK9Zl&URL=https%3A%2F%2Fhikarikaisen.conohawing.com%2Fnot-connect%2F&REF=&TIT=%E5%85%89%E5%9B%9E%E7%B7%9A%E3%81%8C%E7%B9%8B%E3%81%8C%E3%82%89%E3%81%AA%E3%81%84%E3%83%88%E3%83%A9%E3%83%96%E3%83%AB%E3%81%AE%E5%8E%9F%E5%9B%A0%E3%81%A8%E3%81%9D%E3%81%AE%E5%AF%BE%E5%87%A6%E6%B3%95%20%7C%20%E5%85%89%E5%9B%9E%E7%B7%9A%E3%81%AE%E6%89%8B%E5%BC%95%E3%81%8D	ScriptElement	2 B	2023-03-09	2025-06-09
Pretty URL 2gwk17pq6.xyz/kaiseki70/analysis.php?NUM=UK9Zl&URL=https%3A%2F%2Fhikarikaisen.conohawing.com%2Fnot-connect%2F&REF=&TIT=%E5%85%89%E5%9B%9E%E7%B7%9A%E3%81%8C%E7%B9%8B%E3%81%8C%E3%82%89%E3%81%AA%E3%81%84%E3%83%88%E3%83%A9%E3%83%96%E3%83%AB%E3%81%AE%E5%8E%9F%E5%9B%A0%E3%81%A8%E3%81%9D%E3%81%AE%E5%AF%BE%E5%87%A6%E6%B3%95%20%7C%20%E5%85%89%E5%9B%9E%E7%B7%9A%E3%81%AE%E6%89%8B%E5%BC%95%E3%81%8D IP 157.112.152.9 ASN #131965 Xserver Inc. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 09:04 Last Seen2025-06-09 03:13 Times Seen79197 Hash e0aa021e21dddbd6d8cecec71e9cf564 9ce3bd4224c8c1780db56b4125ecf3f24bf748b7 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3 Loading...

	hikarikaisen.conohawing.com/not-connect/	ScriptElement	185 B	2025-03-10	2025-03-10
Pretty URL hikarikaisen.conohawing.com/not-connect/ IP 160.251.148.85 ASN #58791 GMO Internet,Inc Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-10 23:56 Last Seen2025-03-10 23:56 Times Seen1 Hash ad44571deaeef4efa8773382f8dfbb92 9cad0557c0f64e5833f441569fe878f7800ee2f5 4e42c14528c6ef90d2bbe8800dda961045158db5620d4ca68557e8cedf2d125e Loading...

	hikarikaisen.conohawing.com/wp-includes/js/wp-emoji-release.min.js?ver=6.7.2	ScriptElement	19 kB	2024-03-13	2025-06-09
Pretty URL hikarikaisen.conohawing.com/wp-includes/js/wp-emoji-release.min.js?ver=6.7.2 IP 160.251.148.85 ASN #58791 GMO Internet,Inc Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-13 16:02 Last Seen2025-06-09 00:21 Times Seen47422 Hash b976b651932bfd25b9ddb5b7693d88a7 7fcb7cb5c11227f9213b1e08a07d0212209e1432 4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3 Loading...

	hikarikaisen.conohawing.com/not-connect/	ScriptElement	103 B	2023-11-08	2025-06-03
Pretty URL hikarikaisen.conohawing.com/not-connect/ IP 160.251.148.85 ASN #58791 GMO Internet,Inc Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-08 03:00 Last Seen2025-06-03 11:56 Times Seen406 Hash c2fdb9b284146948284a426ad3c2a37c 9ced133ce18a70cc41a6e110d8af58751c43e152 7c5fc5fded5d6747d5cffe0c807c260250ed1ae7dccbea886233ca79e1985d71 Loading...

	hikarikaisen.conohawing.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1	ScriptElement	14 kB	2023-05-09	2025-06-09
Pretty URL hikarikaisen.conohawing.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1 IP 160.251.148.85 ASN #58791 GMO Internet,Inc Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-09 19:21 Last Seen2025-06-09 03:11 Times Seen111412 Hash 9ffeb32e2d9efbf8f70caabded242267 3ad0c10e501ac2a9bfa18f9cd7e700219b378738 5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89 Loading...

	hikarikaisen.conohawing.com/wp-content/themes/sango-theme/library/gutenberg/dist/client.build.js?version=3.9.6	ScriptElement	8.6 kB	2023-11-11	2025-05-08
Pretty URL hikarikaisen.conohawing.com/wp-content/themes/sango-theme/library/gutenberg/dist/client.build.js?version=3.9.6 IP 160.251.148.85 ASN #58791 GMO Internet,Inc Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-11 13:20 Last Seen2025-05-08 08:52 Times Seen9 Hash 23a69328167d60dfc90b4edaaaa6bc1c 26f8d2afcc2f951218da415d1096e2b3db87383b 49496bc4e7757b9e72dfbb24aa533a53d2072be8974f270bcf0f5459276a6531 Loading...

	2gwk17pq6.xyz/kaiseki70/?d=hikarikaisen.conohawing.com&p=https://	ScriptElement	900 B	2025-03-10	2025-03-10
Pretty URL 2gwk17pq6.xyz/kaiseki70/?d=hikarikaisen.conohawing.com&p=https:// IP 157.112.152.9 ASN #131965 Xserver Inc. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-10 23:56 Last Seen2025-03-10 23:56 Times Seen1 Hash 190d6c0927c794f5e513ed52fe53cc7c 76ccc67c98d6d96e6d8c6f683ed74ff0937aae4c 65848bd2b554c3b62e0969d25b4dd315040bd9ca339fc0d39ca3f341c5485677 Loading...

	hikarikaisen.conohawing.com/not-connect/	ScriptElement	2.1 kB	2025-03-10	2025-03-10
Pretty URL hikarikaisen.conohawing.com/not-connect/ IP 160.251.148.85 ASN #58791 GMO Internet,Inc Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-10 23:56 Last Seen2025-03-10 23:56 Times Seen1 Hash 1dc2c14adeb21a728c115c0b687b89e2 ba6046e28f23619f4c1cce1e7def5d9a9ea2d3b7 47bab828e2fc94e981cec460d92c096fcae8fffb902888234aede3a3926a4ffb Loading...

	hikarikaisen.conohawing.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1	ScriptElement	88 kB	2023-11-03	2025-06-09
Pretty URL hikarikaisen.conohawing.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1 IP 160.251.148.85 ASN #58791 GMO Internet,Inc Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-03 09:26 Last Seen2025-06-09 03:11 Times Seen98541 Hash 826eb77e86b02ab7724fe3d0141ff87c 79cd3587d565afe290076a8d36c31c305a573d18 cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf Loading...

	hikarikaisen.conohawing.com/not-connect/	ScriptElement	231 B	2025-03-10	2025-03-10
Pretty URL hikarikaisen.conohawing.com/not-connect/ IP 160.251.148.85 ASN #58791 GMO Internet,Inc Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-10 23:56 Last Seen2025-03-10 23:56 Times Seen1 Hash 9abb42fa122b069e7d95ede30fe15f91 10acd391027e8102baab4883de3db1625925d998 e9ce76b33eb24539f65d0fc963de5e4a1fbbe52d69718c0088ab6f2bd42d6439 Loading...

	hikarikaisen.conohawing.com/not-connect/	ScriptElement	1.3 kB	2025-03-10	2025-03-10
Pretty URL hikarikaisen.conohawing.com/not-connect/ IP 160.251.148.85 ASN #58791 GMO Internet,Inc Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-10 23:56 Last Seen2025-03-10 23:56 Times Seen1 Hash e9b5e63c3bae62fec6baa100f1232e4f 16a6c0a8a91d58bc3718c165dbff6bcf314da83a c5707208fbf77cd25ca51a51ddfb3db031567f5cb8adbd59a933eecd6b640b44 Loading...

		Size	First Seen	Last Seen
	#1 Write - f63076d979d0961adfa4bf7541b06994	120 B	2025-03-10 23:56	2025-03-10 23:56
Pretty Observations First Seen2025-03-10 23:56 Last Seen2025-03-10 23:56 Times Seen1 Hash f63076d979d0961adfa4bf7541b06994 8e23498da9d813403a01fc48a5531fdca630ff7c 55ccaca405debc89cc3d481f015abc674da6a4402ae3423808c33cec3827ebbe Loading...

	#2 Write - bf96d1be11f715c48c3b30d328d35d44	444 B	2025-03-10 23:56	2025-03-10 23:56
Pretty Observations First Seen2025-03-10 23:56 Last Seen2025-03-10 23:56 Times Seen1 Hash bf96d1be11f715c48c3b30d328d35d44 30c13fa6495a5a5679b1f7fcb4c31ebfb7a3d0b5 932fad24e428239a2deda1e00dacf8ed883563fa0e83e73c51857705bd788abe Loading...

	#3 Write - 4627f497dd32f43ca780a771b7d22910	615 B	2025-03-10 23:56	2025-03-10 23:56
Pretty Observations First Seen2025-03-10 23:56 Last Seen2025-03-10 23:56 Times Seen1 Hash 4627f497dd32f43ca780a771b7d22910 9c7e2c4fb6ae1fb54dab4c84399b86d44499987a 514d721fc7143ea9bfe48cca0f3530e0c0960dbc66bb39e452a7d3931b9c8162 Loading...

HTTP Transactions (31)

URL IP Response Size

hikarikaisen.conohawing.com/wp-content/uploads/2024/08/hikarikaisen-not-connect4-1024x585.webp

160.251.148.85

200 OK

91 kB

URL GET
hikarikaisen.conohawing.com/wp-content/uploads/2024/08/hikarikaisen-not-connect4-1024x585.webp
IP
160.251.148.85:443
ASN
#58791 GMO Internet,Inc

Requested by
https://hikarikaisen.conohawing.com/not-connect/
Certificate
IssuerGlobalSign nv-sa
Subject*.conohawing.com
Fingerprint9E:A5:EB:D3:7C:3C:15:CB:1C:F4:8B:26:44:CC:7A:62:46:A9:DF:F0
ValidityFri, 11 Oct 2024 06:08:50 GMT - Wed, 12 Nov 2025 06:08:49 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1024x585, Scaling: [none]x[none], YUV color, decoders should clamp
Size
91 kB (90658 bytes)
Hash
3eb24143c4a46b8b92271e2dbcd67da4
0c78b78c90583e0ecb5948d37a971bc921c7849a
433c87aa3da9358f791639cb115731a3f234a25c41893b4009953643e93e888e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2024/08/hikarikaisen-not-connect4-1024x585.webp HTTP/1.1
Host: hikarikaisen.conohawing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hikarikaisen.conohawing.com/not-connect/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 10 Mar 2025 23:55:53 GMT
content-type: image/webp
content-length: 90658
last-modified: Tue, 06 Aug 2024 13:26:50 GMT
etag: "16222-61f03bf02c105"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

fonts.gstatic.com/s/quicksand/v31/6xKtdSZaM9iE8KbpRA_hK1QN.woff2

142.250.178.99

200 OK

28 kB

URL GET
fonts.gstatic.com/s/quicksand/v31/6xKtdSZaM9iE8KbpRA_hK1QN.woff2
IP
142.250.178.99:443
ASN
#15169 GOOGLE

Requested by
https://hikarikaisen.conohawing.com/not-connect/
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
FingerprintA4:5F:89:8D:68:B4:5F:99:BE:F5:66:6F:C1:5E:A5:8C:72:BF:1E:D5
ValidityWed, 26 Feb 2025 15:33:59 GMT - Wed, 21 May 2025 15:33:58 GMT

File type
Web Open Font Format (Version 2), TrueType, length 28064, version 1.0
Size
28 kB (28064 bytes)
Hash
314d6364bbee6681d0b2364ee3555e2e
c5aab803abe36bf664d7b7e2a3731cd849337006
5a42c91e1ecc9b09346a1520d9a6f98074c13eebfb1cc87c4e82e5992beb685b

HTTP Headers

GET /s/quicksand/v31/6xKtdSZaM9iE8KbpRA_hK1QN.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://hikarikaisen.conohawing.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 28064
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 10 Mar 2025 13:04:35 GMT
expires: Tue, 10 Mar 2026 13:04:35 GMT
cache-control: public, max-age=31536000
age: 39079
last-modified: Wed, 13 Sep 2023 23:22:14 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

2gwk17pq6.xyz/kaiseki70/analysis.php?NUM=UK9Zl&URL=https%3A%2F%2Fhikarikaisen.conohawing.com%2Fnot-connect%2F&REF=&TIT=%E5%85%89%E5%9B%9E%E7%B7%9A%E3%81%8C%E7%B9%8B%E3%81%8C%E3%82%89%E3%81%AA%E3%81%84%E3%83%88%E3%83%A9%E3%83%96%E3%83%AB%E3%81%AE%E5%8E%9F%E5%9B%A0%E3%81%A8%E3%81%9D%E3%81%AE%E5%AF%BE%E5%87%A6%E6%B3%95%20%7C%20%E5%85%89%E5%9B%9E%E7%B7%9A%E3%81%AE%E6%89%8B%E5%BC%95%E3%81%8D

157.112.152.9

200 OK

0 B

URL GET
2gwk17pq6.xyz/kaiseki70/analysis.php?NUM=UK9Zl&URL=https%3A%2F%2Fhikarikaisen.conohawing.com%2Fnot-connect%2F&REF=&TIT=%E5%85%89%E5%9B%9E%E7%B7%9A%E3%81%8C%E7%B9%8B%E3%81%8C%E3%82%89%E3%81%AA%E3%81%84%E3%83%88%E3%83%A9%E3%83%96%E3%83%AB%E3%81%AE%E5%8E%9F%E5%9B%A0%E3%81%A8%E3%81%9D%E3%81%AE%E5%AF%BE%E5%87%A6%E6%B3%95%20%7C%20%E5%85%89%E5%9B%9E%E7%B7%9A%E3%81%AE%E6%89%8B%E5%BC%95%E3%81%8D
IP
157.112.152.9:443
ASN
#131965 Xserver Inc.

Requested by
https://hikarikaisen.conohawing.com/not-connect/
Certificate
IssuerLet's Encrypt
Subjectwww.2gwk17pq6.xyz
Fingerprint9F:81:9E:C2:28:26:D6:64:41:F2:F8:42:7E:84:7E:CA:8A:55:97:4C
ValidityTue, 04 Feb 2025 09:14:15 GMT - Mon, 05 May 2025 09:14:14 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /kaiseki70/analysis.php?NUM=UK9Zl&URL=https%3A%2F%2Fhikarikaisen.conohawing.com%2Fnot-connect%2F&REF=&TIT=%E5%85%89%E5%9B%9E%E7%B7%9A%E3%81%8C%E7%B9%8B%E3%81%8C%E3%82%89%E3%81%AA%E3%81%84%E3%83%88%E3%83%A9%E3%83%96%E3%83%AB%E3%81%AE%E5%8E%9F%E5%9B%A0%E3%81%A8%E3%81%9D%E3%81%AE%E5%AF%BE%E5%87%A6%E6%B3%95%20%7C%20%E5%85%89%E5%9B%9E%E7%B7%9A%E3%81%AE%E6%89%8B%E5%BC%95%E3%81%8D HTTP/1.1
Host: 2gwk17pq6.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hikarikaisen.conohawing.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 10 Mar 2025 23:55:58 GMT
content-type: text/html
vary: Accept-Encoding
content-encoding: br
X-Firefox-Spdy: h2

hikarikaisen.conohawing.com/wp-content/themes/sango-theme/entry-option.css?version=3.9.6

160.251.148.85

200 OK

12 kB

URL GET
hikarikaisen.conohawing.com/wp-content/themes/sango-theme/entry-option.css?version=3.9.6
IP
160.251.148.85:443
ASN
#58791 GMO Internet,Inc

Requested by
https://hikarikaisen.conohawing.com/not-connect/
Certificate
IssuerGlobalSign nv-sa
Subject*.conohawing.com
Fingerprint9E:A5:EB:D3:7C:3C:15:CB:1C:F4:8B:26:44:CC:7A:62:46:A9:DF:F0
ValidityFri, 11 Oct 2024 06:08:50 GMT - Wed, 12 Nov 2025 06:08:49 GMT

File type

Size
12 kB (12012 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/sango-theme/entry-option.css?version=3.9.6 HTTP/1.1
Host: hikarikaisen.conohawing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hikarikaisen.conohawing.com/not-connect/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 10 Mar 2025 23:55:53 GMT
content-type: text/css
last-modified: Sat, 12 Oct 2024 16:08:22 GMT
etag: W/"2eec-62449d018f4f0"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2

hikarikaisen.conohawing.com/wp-content/themes/sango-theme/style-old.css?version=3.9.6

160.251.148.85

200 OK

51 kB

URL GET
hikarikaisen.conohawing.com/wp-content/themes/sango-theme/style-old.css?version=3.9.6
IP
160.251.148.85:443
ASN
#58791 GMO Internet,Inc

Requested by
https://hikarikaisen.conohawing.com/not-connect/
Certificate
IssuerGlobalSign nv-sa
Subject*.conohawing.com
Fingerprint9E:A5:EB:D3:7C:3C:15:CB:1C:F4:8B:26:44:CC:7A:62:46:A9:DF:F0
ValidityFri, 11 Oct 2024 06:08:50 GMT - Wed, 12 Nov 2025 06:08:49 GMT

File type

Size
51 kB (50566 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/sango-theme/style-old.css?version=3.9.6 HTTP/1.1
Host: hikarikaisen.conohawing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hikarikaisen.conohawing.com/not-connect/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 10 Mar 2025 23:55:53 GMT
content-type: text/css
last-modified: Sat, 12 Oct 2024 16:08:22 GMT
etag: W/"c586-62449d018fcc0"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2

hikarikaisen.conohawing.com/wp-content/themes/sango-theme/library/gutenberg/dist/build/style-blocks.css?version=3.9.6

160.251.148.85

200 OK

94 kB

URL GET
hikarikaisen.conohawing.com/wp-content/themes/sango-theme/library/gutenberg/dist/build/style-blocks.css?version=3.9.6
IP
160.251.148.85:443
ASN
#58791 GMO Internet,Inc

Requested by
https://hikarikaisen.conohawing.com/not-connect/
Certificate
IssuerGlobalSign nv-sa
Subject*.conohawing.com
Fingerprint9E:A5:EB:D3:7C:3C:15:CB:1C:F4:8B:26:44:CC:7A:62:46:A9:DF:F0
ValidityFri, 11 Oct 2024 06:08:50 GMT - Wed, 12 Nov 2025 06:08:49 GMT

File type

Size
94 kB (94388 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/sango-theme/library/gutenberg/dist/build/style-blocks.css?version=3.9.6 HTTP/1.1
Host: hikarikaisen.conohawing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hikarikaisen.conohawing.com/not-connect/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 10 Mar 2025 23:55:53 GMT
content-type: text/css
last-modified: Sat, 12 Oct 2024 16:08:22 GMT
etag: W/"170b4-62449d0198190"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2

hikarikaisen.conohawing.com/wp-content/plugins/ewww-image-optimizer/includes/lazysizes.min.js

160.251.148.85

200 OK

16 kB

URL GET
hikarikaisen.conohawing.com/wp-content/plugins/ewww-image-optimizer/includes/lazysizes.min.js
IP
160.251.148.85:443
ASN
#58791 GMO Internet,Inc

Requested by
https://hikarikaisen.conohawing.com/not-connect/
Certificate
IssuerGlobalSign nv-sa
Subject*.conohawing.com
Fingerprint9E:A5:EB:D3:7C:3C:15:CB:1C:F4:8B:26:44:CC:7A:62:46:A9:DF:F0
ValidityFri, 11 Oct 2024 06:08:50 GMT - Wed, 12 Nov 2025 06:08:49 GMT

File type
JavaScript source, ASCII text, with very long lines (15853), with no line terminators
Size
16 kB (15853 bytes)
Hash
ad9164444bb93dfe78e72d5b6d407edc
519d2296f30001084f4883b495789c1909579979
88d976ec9c0fc488231f8152d80fb875965ce0d3143428f79d74796541c33464

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/ewww-image-optimizer/includes/lazysizes.min.js HTTP/1.1
Host: hikarikaisen.conohawing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hikarikaisen.conohawing.com/not-connect/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 10 Mar 2025 23:55:53 GMT
content-type: application/javascript
last-modified: Mon, 16 Sep 2024 12:04:35 GMT
etag: W/"3ded-6223b6064ded5"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2

2gwk17pq6.xyz/kaiseki70/?d=hikarikaisen.conohawing.com&p=https://

157.112.152.9

200 OK

900 B

URL GET
2gwk17pq6.xyz/kaiseki70/?d=hikarikaisen.conohawing.com&p=https://
IP
157.112.152.9:443
ASN
#131965 Xserver Inc.

Requested by
https://hikarikaisen.conohawing.com/not-connect/
Certificate
IssuerLet's Encrypt
Subjectwww.2gwk17pq6.xyz
Fingerprint9F:81:9E:C2:28:26:D6:64:41:F2:F8:42:7E:84:7E:CA:8A:55:97:4C
ValidityTue, 04 Feb 2025 09:14:15 GMT - Mon, 05 May 2025 09:14:14 GMT

File type
HTML document, ASCII text, with very long lines (928), with no line terminators
Size
900 B (900 bytes)
Hash
6bd5bd3de84a7f0d339ba0b5fff4dc25
566aa90161049680e6889a3920287e8c20485c7e
f028f00b470c17268ac95e03dbb0070160ab46bcc896e2e250dc80542d43576f

HTTP Headers

GET /kaiseki70/?d=hikarikaisen.conohawing.com&p=https:// HTTP/1.1
Host: 2gwk17pq6.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hikarikaisen.conohawing.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 10 Mar 2025 23:55:56 GMT
content-type: application/x-javascript
vary: Accept-Encoding
content-encoding: br
X-Firefox-Spdy: h2

hikarikaisen.conohawing.com/wp-includes/images/w-logo-blue-white-bg.png

160.251.148.85

200 OK

4.1 kB

URL GET
hikarikaisen.conohawing.com/wp-includes/images/w-logo-blue-white-bg.png
IP
160.251.148.85:443
ASN
#58791 GMO Internet,Inc

Requested by
https://hikarikaisen.conohawing.com/not-connect/
Certificate
IssuerGlobalSign nv-sa
Subject*.conohawing.com
Fingerprint9E:A5:EB:D3:7C:3C:15:CB:1C:F4:8B:26:44:CC:7A:62:46:A9:DF:F0
ValidityFri, 11 Oct 2024 06:08:50 GMT - Wed, 12 Nov 2025 06:08:49 GMT

File type
PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced
Size
4.1 kB (4119 bytes)
Hash
000bf649cc8f6bf27cfb04d1bcdcd3c7
d73d2f6d74ec6cdcbae07955592962e77d8ae814
6bdb369337ac2496761c6f063bffea0aa6a91d4662279c399071a468251f51f0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-includes/images/w-logo-blue-white-bg.png HTTP/1.1
Host: hikarikaisen.conohawing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hikarikaisen.conohawing.com/not-connect/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 10 Mar 2025 23:55:56 GMT
content-type: image/png
content-length: 4119
last-modified: Tue, 30 Jul 2024 03:40:19 GMT
etag: "1017-61e6ebc9900a4"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
vary: Accept
x-nginx-cache: MISS
accept-ranges: bytes
X-Firefox-Spdy: h2

hikarikaisen.conohawing.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1

160.251.148.85

200 OK

88 kB

URL GET
hikarikaisen.conohawing.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1
IP
160.251.148.85:443
ASN
#58791 GMO Internet,Inc

Requested by
https://hikarikaisen.conohawing.com/not-connect/
Certificate
IssuerGlobalSign nv-sa
Subject*.conohawing.com
Fingerprint9E:A5:EB:D3:7C:3C:15:CB:1C:F4:8B:26:44:CC:7A:62:46:A9:DF:F0
ValidityFri, 11 Oct 2024 06:08:50 GMT - Wed, 12 Nov 2025 06:08:49 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
88 kB (87553 bytes)
Hash
826eb77e86b02ab7724fe3d0141ff87c
79cd3587d565afe290076a8d36c31c305a573d18
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-includes/js/jquery/jquery.min.js?ver=3.7.1 HTTP/1.1
Host: hikarikaisen.conohawing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hikarikaisen.conohawing.com/not-connect/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 10 Mar 2025 23:55:53 GMT
content-type: application/javascript
last-modified: Tue, 30 Jul 2024 03:40:19 GMT
etag: W/"15601-61e6ebc9a1dcc"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2

hikarikaisen.conohawing.com/wp-content/themes/sango-theme/library/images/x.svg

160.251.148.85

200 OK

524 B

URL GET
hikarikaisen.conohawing.com/wp-content/themes/sango-theme/library/images/x.svg
IP
160.251.148.85:443
ASN
#58791 GMO Internet,Inc

Requested by
https://hikarikaisen.conohawing.com/not-connect/
Certificate
IssuerGlobalSign nv-sa
Subject*.conohawing.com
Fingerprint9E:A5:EB:D3:7C:3C:15:CB:1C:F4:8B:26:44:CC:7A:62:46:A9:DF:F0
ValidityFri, 11 Oct 2024 06:08:50 GMT - Wed, 12 Nov 2025 06:08:49 GMT

File type
SVG Scalable Vector Graphics image
Size
524 B (524 bytes)
Hash
d8b4c739ef0135e67274a40de935a101
08f998bbbb832043188a7fef878da4cb8c8bbdf4
4cd9107268849b4fc02b82ad1d83130b8d6362e4b44c86c225d4cfbe32859e6e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/sango-theme/library/images/x.svg HTTP/1.1
Host: hikarikaisen.conohawing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hikarikaisen.conohawing.com/not-connect/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 10 Mar 2025 23:55:53 GMT
content-type: image/svg+xml
content-length: 524
last-modified: Sat, 12 Oct 2024 16:08:22 GMT
etag: "20c-62449d0192f88"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

hikarikaisen.conohawing.com/wp-content/uploads/2024/08/unable-to-construct-160x160.webp

160.251.148.85

200 OK

7.9 kB

URL GET
hikarikaisen.conohawing.com/wp-content/uploads/2024/08/unable-to-construct-160x160.webp
IP
160.251.148.85:443
ASN
#58791 GMO Internet,Inc

Requested by
https://hikarikaisen.conohawing.com/not-connect/
Certificate
IssuerGlobalSign nv-sa
Subject*.conohawing.com
Fingerprint9E:A5:EB:D3:7C:3C:15:CB:1C:F4:8B:26:44:CC:7A:62:46:A9:DF:F0
ValidityFri, 11 Oct 2024 06:08:50 GMT - Wed, 12 Nov 2025 06:08:49 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 160x160, Scaling: [none]x[none], YUV color, decoders should clamp
Size
7.9 kB (7850 bytes)
Hash
ccf94610c945ea6e58d03615179deced
865d762b627e324457eca4346b681f1c176ee4c4
2590bf8b0773a076d89ed17d71c8e2841c64d796d91c62a5ad5f6f24a69b470d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2024/08/unable-to-construct-160x160.webp HTTP/1.1
Host: hikarikaisen.conohawing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hikarikaisen.conohawing.com/not-connect/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 10 Mar 2025 23:55:53 GMT
content-type: image/webp
content-length: 7850
last-modified: Thu, 08 Aug 2024 15:07:26 GMT
etag: "1eaa-61f2d627cb284"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

hikarikaisen.conohawing.com/wp-content/themes/sango-theme/library/gutenberg/dist/client.build.js?version=3.9.6

160.251.148.85

200 OK

8.6 kB

URL GET
hikarikaisen.conohawing.com/wp-content/themes/sango-theme/library/gutenberg/dist/client.build.js?version=3.9.6
IP
160.251.148.85:443
ASN
#58791 GMO Internet,Inc

Requested by
https://hikarikaisen.conohawing.com/not-connect/
Certificate
IssuerGlobalSign nv-sa
Subject*.conohawing.com
Fingerprint9E:A5:EB:D3:7C:3C:15:CB:1C:F4:8B:26:44:CC:7A:62:46:A9:DF:F0
ValidityFri, 11 Oct 2024 06:08:50 GMT - Wed, 12 Nov 2025 06:08:49 GMT

File type
JavaScript source, ASCII text, with very long lines (8919), with no line terminators
Size
8.6 kB (8608 bytes)
Hash
c3452bf9f4faeade1cd236ea130aebb2
27e3a404bb2180bf4736690e79fa461a3aa3f1b9
4400bbcf1b407f9551daeab29703cd48c8f9175aaee10b0c12c5521c279fae49

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/sango-theme/library/gutenberg/dist/client.build.js?version=3.9.6 HTTP/1.1
Host: hikarikaisen.conohawing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hikarikaisen.conohawing.com/not-connect/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 10 Mar 2025 23:55:53 GMT
content-type: application/javascript
last-modified: Sat, 12 Oct 2024 16:08:22 GMT
etag: W/"21a0-62449d0195a80"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2

hikarikaisen.conohawing.com/favicon.ico

160.251.148.85

302 Found

4.1 kB

URL GET
hikarikaisen.conohawing.com/favicon.ico
IP
160.251.148.85:443
ASN
#58791 GMO Internet,Inc

Requested by
https://hikarikaisen.conohawing.com/not-connect/
Certificate
IssuerGlobalSign nv-sa
Subject*.conohawing.com
Fingerprint9E:A5:EB:D3:7C:3C:15:CB:1C:F4:8B:26:44:CC:7A:62:46:A9:DF:F0
ValidityFri, 11 Oct 2024 06:08:50 GMT - Wed, 12 Nov 2025 06:08:49 GMT

File type

Size
4.1 kB (4119 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: hikarikaisen.conohawing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hikarikaisen.conohawing.com/not-connect/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx
date: Mon, 10 Mar 2025 23:55:55 GMT
content-type: text/html; charset=UTF-8
content-length: 0
link: <https://hikarikaisen.conohawing.com/wp-json/>; rel="https://api.w.org/"
x-redirect-by: WordPress
location: https://hikarikaisen.conohawing.com/wp-includes/images/w-logo-blue-white-bg.png
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-cache: HIT
X-Firefox-Spdy: h2

hikarikaisen.conohawing.com/?rest_route=/sng/v1/page-count

160.251.148.85

200 OK

11 B

URL POST
hikarikaisen.conohawing.com/?rest_route=/sng/v1/page-count
IP
160.251.148.85:443
ASN
#58791 GMO Internet,Inc

Requested by
https://hikarikaisen.conohawing.com/not-connect/
Certificate
IssuerGlobalSign nv-sa
Subject*.conohawing.com
Fingerprint9E:A5:EB:D3:7C:3C:15:CB:1C:F4:8B:26:44:CC:7A:62:46:A9:DF:F0
ValidityFri, 11 Oct 2024 06:08:50 GMT - Wed, 12 Nov 2025 06:08:49 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
11 B (11 bytes)
Hash
334a425fd846ac1d9aa247a64db858e2
f4f7035ee4d689c52cbe1cff5fe73fdb32276a48
b6ae57829d02732d7b1d5a58867c1540c37e526ec8290f71e2b2c04f3a67aa3c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /?rest_route=/sng/v1/page-count HTTP/1.1
Host: hikarikaisen.conohawing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hikarikaisen.conohawing.com/not-connect/
Content-Type: text/plain;charset=UTF-8
Content-Length: 14
Origin: https://hikarikaisen.conohawing.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 10 Mar 2025 23:55:59 GMT
content-type: application/json; charset=UTF-8
x-robots-tag: noindex
link: <https://hikarikaisen.conohawing.com/wp-json/>; rel="https://api.w.org/"
access-control-expose-headers: X-WP-Total, X-WP-TotalPages, Link
access-control-allow-headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
allow: POST
access-control-allow-origin: https://hikarikaisen.conohawing.com
access-control-allow-methods: OPTIONS, GET, POST, PUT, PATCH, DELETE
access-control-allow-credentials: true
vary: Origin
x-xss-protection: 1; mode=block
x-content-type-options: nosniff, nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

hikarikaisen.conohawing.com/not-connect/

160.251.148.85

200 OK

96 kB

URL User Request GET
hikarikaisen.conohawing.com/not-connect/
IP
160.251.148.85:443
ASN
#58791 GMO Internet,Inc

Certificate
IssuerGlobalSign nv-sa
Subject*.conohawing.com
Fingerprint9E:A5:EB:D3:7C:3C:15:CB:1C:F4:8B:26:44:CC:7A:62:46:A9:DF:F0
ValidityFri, 11 Oct 2024 06:08:50 GMT - Wed, 12 Nov 2025 06:08:49 GMT

File type

Size
96 kB (96291 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /not-connect/ HTTP/1.1
Host: hikarikaisen.conohawing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 10 Mar 2025 23:55:52 GMT
content-type: text/html; charset=UTF-8
x-pingback: https://hikarikaisen.conohawing.com/xmlrpc.php
link: <https://hikarikaisen.conohawing.com/wp-json/>; rel="https://api.w.org/", <https://hikarikaisen.conohawing.com/wp-json/wp/v2/posts/64>; rel="alternate"; title="JSON"; type="application/json", <https://hikarikaisen.conohawing.com/?p=64>; rel=shortlink
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2

use.fontawesome.com/releases/v6.1.1/css/all.css

104.21.27.152

200 OK

101 kB

URL GET
use.fontawesome.com/releases/v6.1.1/css/all.css
IP
104.21.27.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hikarikaisen.conohawing.com/not-connect/
Certificate
IssuerGoogle Trust Services
Subjectuse.fontawesome.com
Fingerprint35:EC:02:D7:73:13:A8:D4:94:28:42:85:E4:B3:7F:06:4F:C4:1B:CE
ValidityThu, 06 Mar 2025 00:21:22 GMT - Wed, 04 Jun 2025 01:21:21 GMT

File type
ASCII text, with very long lines (65317)
Size
101 kB (100782 bytes)
Hash
6386fb409d4a2abc96eee7be8f6d4cc4
09102cfc60efb430a25ee97cee9a6a35df6dfc59
0df5a33710e433de1f5415b1d47e4130ca7466aee5b81955f1045c4844bbb3ed

HTTP Headers

GET /releases/v6.1.1/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hikarikaisen.conohawing.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 10 Mar 2025 23:55:53 GMT
content-type: text/css
cache-control: max-age=31556926
etag: W/"6386fb409d4a2abc96eee7be8f6d4cc4"
last-modified: Fri, 22 Sep 2023 01:46:14 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 1622882
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PFBmkQdUhHn32EDG3UlTQghm%2BX0I45gFusUwsGiQyOMcPjVZVsgFissN%2B1H8S8v9HBxfxV1i15ewXINC67hWNxussAqqv78KwtGkj2uvxSiV1ueHb%2BQOSWuj1spLJHBhdJtHpASn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 91e6bed9680cb500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=496&min_rtt=443&rtt_var=151&sent=6&recv=10&lost=0&retrans=0&sent_bytes=3200&recv_bytes=1099&delivery_rate=7594405&cwnd=253&unsent_bytes=0&cid=47530702ccf2421d&ts=49&x=0"
X-Firefox-Spdy: h2

hikarikaisen.conohawing.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1

160.251.148.85

200 OK

14 kB

URL GET
hikarikaisen.conohawing.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1
IP
160.251.148.85:443
ASN
#58791 GMO Internet,Inc

Requested by
https://hikarikaisen.conohawing.com/not-connect/
Certificate
IssuerGlobalSign nv-sa
Subject*.conohawing.com
Fingerprint9E:A5:EB:D3:7C:3C:15:CB:1C:F4:8B:26:44:CC:7A:62:46:A9:DF:F0
ValidityFri, 11 Oct 2024 06:08:50 GMT - Wed, 12 Nov 2025 06:08:49 GMT

File type
JavaScript source, ASCII text, with very long lines (13479)
Size
14 kB (13577 bytes)
Hash
9ffeb32e2d9efbf8f70caabded242267
3ad0c10e501ac2a9bfa18f9cd7e700219b378738
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1 HTTP/1.1
Host: hikarikaisen.conohawing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hikarikaisen.conohawing.com/not-connect/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 10 Mar 2025 23:55:53 GMT
content-type: application/javascript
last-modified: Tue, 30 Jul 2024 03:40:19 GMT
etag: W/"3509-61e6ebc9a19e4"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2

hikarikaisen.conohawing.com/wp-content/uploads/2024/08/hikarikaisen-not-connect1-1024x585.webp

160.251.148.85

200 OK

102 kB

URL GET
hikarikaisen.conohawing.com/wp-content/uploads/2024/08/hikarikaisen-not-connect1-1024x585.webp
IP
160.251.148.85:443
ASN
#58791 GMO Internet,Inc

Requested by
https://hikarikaisen.conohawing.com/not-connect/
Certificate
IssuerGlobalSign nv-sa
Subject*.conohawing.com
Fingerprint9E:A5:EB:D3:7C:3C:15:CB:1C:F4:8B:26:44:CC:7A:62:46:A9:DF:F0
ValidityFri, 11 Oct 2024 06:08:50 GMT - Wed, 12 Nov 2025 06:08:49 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1024x585, Scaling: [none]x[none], YUV color, decoders should clamp
Size
102 kB (102138 bytes)
Hash
53ec0bb5e83e50b4cf2fb5219690b431
529f4db031e333c8c86743020ca48df8b69452c2
e31033e2d2923ab6b0fe39544a9711430303693203edce0b4d9efb1de02ae5e0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2024/08/hikarikaisen-not-connect1-1024x585.webp HTTP/1.1
Host: hikarikaisen.conohawing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hikarikaisen.conohawing.com/not-connect/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 10 Mar 2025 23:55:53 GMT
content-type: image/webp
content-length: 102138
last-modified: Tue, 06 Aug 2024 13:26:52 GMT
etag: "18efa-61f03bf252d8e"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

hikarikaisen.conohawing.com/wp-content/uploads/2024/08/hikarikaisen-mansion-160x160.webp

160.251.148.85

200 OK

9.7 kB

URL GET
hikarikaisen.conohawing.com/wp-content/uploads/2024/08/hikarikaisen-mansion-160x160.webp
IP
160.251.148.85:443
ASN
#58791 GMO Internet,Inc

Requested by
https://hikarikaisen.conohawing.com/not-connect/
Certificate
IssuerGlobalSign nv-sa
Subject*.conohawing.com
Fingerprint9E:A5:EB:D3:7C:3C:15:CB:1C:F4:8B:26:44:CC:7A:62:46:A9:DF:F0
ValidityFri, 11 Oct 2024 06:08:50 GMT - Wed, 12 Nov 2025 06:08:49 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 160x160, Scaling: [none]x[none], YUV color, decoders should clamp
Size
9.7 kB (9742 bytes)
Hash
98c67fa28b2fe3807a450198877cf73c
6c8f47246a90f0032d708c3faa0f87d8e8f52d10
0d6b6b6efd237901762c81d9f24115f058c55c25f0fdd50edd5cab07acbbecfd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2024/08/hikarikaisen-mansion-160x160.webp HTTP/1.1
Host: hikarikaisen.conohawing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hikarikaisen.conohawing.com/not-connect/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 10 Mar 2025 23:55:53 GMT
content-type: image/webp
content-length: 9742
last-modified: Mon, 05 Aug 2024 03:57:34 GMT
etag: "260e-61ee7ad50ff34"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

hikarikaisen.conohawing.com/wp-content/uploads/2024/08/hikarikaisen-not-connect2-1024x585.webp

160.251.148.85

200 OK

122 kB

URL GET
hikarikaisen.conohawing.com/wp-content/uploads/2024/08/hikarikaisen-not-connect2-1024x585.webp
IP
160.251.148.85:443
ASN
#58791 GMO Internet,Inc

Requested by
https://hikarikaisen.conohawing.com/not-connect/
Certificate
IssuerGlobalSign nv-sa
Subject*.conohawing.com
Fingerprint9E:A5:EB:D3:7C:3C:15:CB:1C:F4:8B:26:44:CC:7A:62:46:A9:DF:F0
ValidityFri, 11 Oct 2024 06:08:50 GMT - Wed, 12 Nov 2025 06:08:49 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1024x585, Scaling: [none]x[none], YUV color, decoders should clamp
Size
122 kB (122362 bytes)
Hash
3c44b423849bd6053286c0ff1fae3187
8929e76e6ef5b34aa893a76d6272e484a1ab3d2e
9898f42d6c9a45cfad4cdbf85bf265b5f9f845be63bc55817fc3f8c26a2c98e0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2024/08/hikarikaisen-not-connect2-1024x585.webp HTTP/1.1
Host: hikarikaisen.conohawing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hikarikaisen.conohawing.com/not-connect/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 10 Mar 2025 23:55:53 GMT
content-type: image/webp
content-length: 122362
last-modified: Tue, 06 Aug 2024 13:26:58 GMT
etag: "1ddfa-61f03bf7d2146"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

use.fontawesome.com/releases/v6.1.1/webfonts/fa-solid-900.woff2

104.21.27.152

200 OK

154 kB

URL GET
use.fontawesome.com/releases/v6.1.1/webfonts/fa-solid-900.woff2
IP
104.21.27.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hikarikaisen.conohawing.com/not-connect/
Certificate
IssuerGoogle Trust Services
Subjectuse.fontawesome.com
Fingerprint35:EC:02:D7:73:13:A8:D4:94:28:42:85:E4:B3:7F:06:4F:C4:1B:CE
ValidityThu, 06 Mar 2025 00:21:22 GMT - Wed, 04 Jun 2025 01:21:21 GMT

File type
Web Open Font Format (Version 2), TrueType, length 154228, version 769.768
Size
154 kB (154228 bytes)
Hash
55b416a8df21f9f987aa352f10d1343b
2717f3f58271f2f2e6120d9937c7227002656d34
d76fb4e841748a3f6bc63efa23156e02631c283bf41f84efcbdaf339ea3e1b73

HTTP Headers

GET /releases/v6.1.1/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://hikarikaisen.conohawing.com
DNT: 1
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 10 Mar 2025 23:55:54 GMT
content-type: font/woff2
content-length: 154228
access-control-allow-origin: *
cache-control: max-age=31556926
etag: "55b416a8df21f9f987aa352f10d1343b"
last-modified: Fri, 22 Sep 2023 01:46:18 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 0
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XnYIyd3ffxui0C8szLDMq1pd9jds12Bq8qxAh3Kw0pHS4OkZYc%2FfMoffVxLDZKsnqo0loBO9tfAC24QhU8p8uiVs2ksne6VdFnFFLesMDerWl7Cm24U8rWE5d7h%2Ba3lNG1HqBx1l"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 91e6bedf8b5356cc-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=589&min_rtt=441&rtt_var=61&sent=87&recv=37&lost=0&retrans=0&sent_bytes=110784&recv_bytes=1491&delivery_rate=63976435&cwnd=256&unsent_bytes=0&cid=c0e7511820fac59d&ts=286&x=0"
X-Firefox-Spdy: h2

hikarikaisen.conohawing.com/wp-content/themes/sango-theme/style.css?version=3.9.6

160.251.148.85

200 OK

82 kB

URL GET
hikarikaisen.conohawing.com/wp-content/themes/sango-theme/style.css?version=3.9.6
IP
160.251.148.85:443
ASN
#58791 GMO Internet,Inc

Requested by
https://hikarikaisen.conohawing.com/not-connect/
Certificate
IssuerGlobalSign nv-sa
Subject*.conohawing.com
Fingerprint9E:A5:EB:D3:7C:3C:15:CB:1C:F4:8B:26:44:CC:7A:62:46:A9:DF:F0
ValidityFri, 11 Oct 2024 06:08:50 GMT - Wed, 12 Nov 2025 06:08:49 GMT

File type

Size
82 kB (81862 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/sango-theme/style.css?version=3.9.6 HTTP/1.1
Host: hikarikaisen.conohawing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hikarikaisen.conohawing.com/not-connect/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 10 Mar 2025 23:55:53 GMT
content-type: text/css
last-modified: Sat, 12 Oct 2024 16:08:22 GMT
etag: W/"13fc6-62449d018fcc0"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2

hikarikaisen.conohawing.com/wp-content/uploads/2024/08/hikarikaisen-not-connect-940x537.webp

160.251.148.85

200 OK

95 kB

URL GET
hikarikaisen.conohawing.com/wp-content/uploads/2024/08/hikarikaisen-not-connect-940x537.webp
IP
160.251.148.85:443
ASN
#58791 GMO Internet,Inc

Requested by
https://hikarikaisen.conohawing.com/not-connect/
Certificate
IssuerGlobalSign nv-sa
Subject*.conohawing.com
Fingerprint9E:A5:EB:D3:7C:3C:15:CB:1C:F4:8B:26:44:CC:7A:62:46:A9:DF:F0
ValidityFri, 11 Oct 2024 06:08:50 GMT - Wed, 12 Nov 2025 06:08:49 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 940x537, Scaling: [none]x[none], YUV color, decoders should clamp
Size
95 kB (94718 bytes)
Hash
59f3ea206bbc09dd273dc68a938a7228
fbf386b82879cceec60fd1d7308dc24332cc627d
42d97ad386b5d1fe8086508789a3f1cd9f953a2b10ea3b0d1d88607ea0da17ca

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2024/08/hikarikaisen-not-connect-940x537.webp HTTP/1.1
Host: hikarikaisen.conohawing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hikarikaisen.conohawing.com/not-connect/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 10 Mar 2025 23:55:53 GMT
content-type: image/webp
content-length: 94718
last-modified: Tue, 06 Aug 2024 13:28:58 GMT
etag: "171fe-61f03c6ae56de"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

use.fontawesome.com/releases/v6.1.1/webfonts/fa-brands-400.woff2

104.21.27.152

200 OK

106 kB

URL GET
use.fontawesome.com/releases/v6.1.1/webfonts/fa-brands-400.woff2
IP
104.21.27.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hikarikaisen.conohawing.com/not-connect/
Certificate
IssuerGoogle Trust Services
Subjectuse.fontawesome.com
Fingerprint35:EC:02:D7:73:13:A8:D4:94:28:42:85:E4:B3:7F:06:4F:C4:1B:CE
ValidityThu, 06 Mar 2025 00:21:22 GMT - Wed, 04 Jun 2025 01:21:21 GMT

File type
Web Open Font Format (Version 2), TrueType, length 105536, version 769.768
Size
106 kB (105536 bytes)
Hash
cd2b4095e9ce66cde642c3502a4022d9
a280ecdddd14695fad22599301ab03adfe5224c0
404c746c8f7e3f9b7611a8f23d908c1a32a5c972236b9d89bb68b05d9bf4b905

HTTP Headers

GET /releases/v6.1.1/webfonts/fa-brands-400.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://hikarikaisen.conohawing.com
DNT: 1
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 10 Mar 2025 23:55:54 GMT
content-type: font/woff2
content-length: 105536
access-control-allow-origin: *
cache-control: max-age=31556926
etag: "cd2b4095e9ce66cde642c3502a4022d9"
last-modified: Fri, 22 Sep 2023 01:46:17 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R8YECZWx8qnBMs5fGWNmhtF41VtqzeOLMqabDBGa0L2lxxp0V2Opio1d%2FssquMTuPesKKyLaACr68hO6yA4M8RFFbU65uA3fzluG7npU4h6nVLhY835CNYzNhVJRj36sXGLAR6Zt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 91e6bedf7b4e56cc-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=722&min_rtt=458&rtt_var=496&sent=8&recv=12&lost=0&retrans=0&sent_bytes=3276&recv_bytes=1491&delivery_rate=7337837&cwnd=254&unsent_bytes=0&cid=c0e7511820fac59d&ts=210&x=0"
X-Firefox-Spdy: h2

hikarikaisen.conohawing.com/wp-includes/js/wp-emoji-release.min.js?ver=6.7.2

160.251.148.85

200 OK

19 kB

URL GET
hikarikaisen.conohawing.com/wp-includes/js/wp-emoji-release.min.js?ver=6.7.2
IP
160.251.148.85:443
ASN
#58791 GMO Internet,Inc

Requested by
https://hikarikaisen.conohawing.com/not-connect/
Certificate
IssuerGlobalSign nv-sa
Subject*.conohawing.com
Fingerprint9E:A5:EB:D3:7C:3C:15:CB:1C:F4:8B:26:44:CC:7A:62:46:A9:DF:F0
ValidityFri, 11 Oct 2024 06:08:50 GMT - Wed, 12 Nov 2025 06:08:49 GMT

File type
JavaScript source, ASCII text, with very long lines (15752)
Size
19 kB (18726 bytes)
Hash
b976b651932bfd25b9ddb5b7693d88a7
7fcb7cb5c11227f9213b1e08a07d0212209e1432
4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-includes/js/wp-emoji-release.min.js?ver=6.7.2 HTTP/1.1
Host: hikarikaisen.conohawing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hikarikaisen.conohawing.com/not-connect/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 10 Mar 2025 23:55:59 GMT
content-type: application/javascript
last-modified: Tue, 30 Jul 2024 03:40:19 GMT
etag: W/"4926-61e6ebc9a7b8c"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2

use.fontawesome.com/releases/v6.1.1/webfonts/fa-solid-900.woff2

104.21.27.152

200 OK

154 kB

URL GET
use.fontawesome.com/releases/v6.1.1/webfonts/fa-solid-900.woff2
IP
104.21.27.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hikarikaisen.conohawing.com/not-connect/
Certificate
IssuerGoogle Trust Services
Subjectuse.fontawesome.com
Fingerprint35:EC:02:D7:73:13:A8:D4:94:28:42:85:E4:B3:7F:06:4F:C4:1B:CE
ValidityThu, 06 Mar 2025 00:21:22 GMT - Wed, 04 Jun 2025 01:21:21 GMT

File type
Web Open Font Format (Version 2), TrueType, length 154228, version 769.768
Size
154 kB (154228 bytes)
Hash
55b416a8df21f9f987aa352f10d1343b
2717f3f58271f2f2e6120d9937c7227002656d34
d76fb4e841748a3f6bc63efa23156e02631c283bf41f84efcbdaf339ea3e1b73

HTTP Headers

GET /releases/v6.1.1/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://hikarikaisen.conohawing.com
DNT: 1
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 10 Mar 2025 23:55:54 GMT
content-type: font/woff2
content-length: 154228
access-control-allow-origin: *
cache-control: max-age=31556926
etag: "55b416a8df21f9f987aa352f10d1343b"
last-modified: Fri, 22 Sep 2023 01:46:18 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ySGDWDgoqtLPtoh%2Fz47Oaqcg7MX62ND%2FvlERZWJlWeVUVkKK%2BxjDRF6fPliTDcCLHdcwqJCafSPsDEJfFJtCRoxb7i2vMkP4OG%2BmXoqEsdhZvCpcSHP40mpMk1%2FQnQLLNxlk%2B3xX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 91e6bedf2b0656cc-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=685&min_rtt=441&rtt_var=95&sent=111&recv=49&lost=0&retrans=0&sent_bytes=142697&recv_bytes=1491&delivery_rate=63976435&cwnd=256&unsent_bytes=0&cid=c0e7511820fac59d&ts=306&x=0"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/quicksand/v31/6xKtdSZaM9iE8KbpRA_hK1QN.woff2

142.250.178.99

200 OK

28 kB

URL GET
fonts.gstatic.com/s/quicksand/v31/6xKtdSZaM9iE8KbpRA_hK1QN.woff2
IP
142.250.178.99:443
ASN
#15169 GOOGLE

Requested by
https://hikarikaisen.conohawing.com/not-connect/
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
FingerprintA4:5F:89:8D:68:B4:5F:99:BE:F5:66:6F:C1:5E:A5:8C:72:BF:1E:D5
ValidityWed, 26 Feb 2025 15:33:59 GMT - Wed, 21 May 2025 15:33:58 GMT

File type
Web Open Font Format (Version 2), TrueType, length 28064, version 1.0
Size
28 kB (28064 bytes)
Hash
314d6364bbee6681d0b2364ee3555e2e
c5aab803abe36bf664d7b7e2a3731cd849337006
5a42c91e1ecc9b09346a1520d9a6f98074c13eebfb1cc87c4e82e5992beb685b

HTTP Headers

GET /s/quicksand/v31/6xKtdSZaM9iE8KbpRA_hK1QN.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://hikarikaisen.conohawing.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 28064
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 10 Mar 2025 13:04:35 GMT
expires: Tue, 10 Mar 2026 13:04:35 GMT
cache-control: public, max-age=31536000
age: 39079
last-modified: Wed, 13 Sep 2023 23:22:14 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Quicksand%3A500%2C700&display=swap

142.250.178.42

200 OK

2.5 kB

URL GET
fonts.googleapis.com/css?family=Quicksand%3A500%2C700&display=swap
IP
142.250.178.42:443
ASN
#15169 GOOGLE

Requested by
https://hikarikaisen.conohawing.com/not-connect/
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
FingerprintF1:11:17:AF:9C:89:34:EE:D5:CB:84:40:84:EA:01:19:A9:F6:ED:C2
ValidityWed, 26 Feb 2025 15:33:59 GMT - Wed, 21 May 2025 15:33:58 GMT

File type
ASCII text, with very long lines (2556), with no line terminators
Size
2.5 kB (2502 bytes)
Hash
de38e80d43ddc4524e460e6bfc29ca89
bf228d0ba692552466a3411d043d4db3900e6a6d
3112671e7f4da36186940500cec3c058fbb0572a7d9fcf82d74c9aafcaf4d642

HTTP Headers

GET /css?family=Quicksand%3A500%2C700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hikarikaisen.conohawing.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 10 Mar 2025 23:55:53 GMT
date: Mon, 10 Mar 2025 23:55:53 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

hikarikaisen.conohawing.com/wp-includes/css/dist/block-library/style.min.css?ver=6.7.2

160.251.148.85

200 OK

115 kB

URL GET
hikarikaisen.conohawing.com/wp-includes/css/dist/block-library/style.min.css?ver=6.7.2
IP
160.251.148.85:443
ASN
#58791 GMO Internet,Inc

Requested by
https://hikarikaisen.conohawing.com/not-connect/
Certificate
IssuerGlobalSign nv-sa
Subject*.conohawing.com
Fingerprint9E:A5:EB:D3:7C:3C:15:CB:1C:F4:8B:26:44:CC:7A:62:46:A9:DF:F0
ValidityFri, 11 Oct 2024 06:08:50 GMT - Wed, 12 Nov 2025 06:08:49 GMT

File type

Size
115 kB (114706 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-includes/css/dist/block-library/style.min.css?ver=6.7.2 HTTP/1.1
Host: hikarikaisen.conohawing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hikarikaisen.conohawing.com/not-connect/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 10 Mar 2025 23:55:53 GMT
content-type: text/css
last-modified: Wed, 13 Nov 2024 22:12:04 GMT
etag: W/"1c012-626d29fb544ea"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2

hikarikaisen.conohawing.com/wp-content/uploads/2024/08/hikarikaisen-not-connect3-1024x585.webp

160.251.148.85

200 OK

116 kB

URL GET
hikarikaisen.conohawing.com/wp-content/uploads/2024/08/hikarikaisen-not-connect3-1024x585.webp
IP
160.251.148.85:443
ASN
#58791 GMO Internet,Inc

Requested by
https://hikarikaisen.conohawing.com/not-connect/
Certificate
IssuerGlobalSign nv-sa
Subject*.conohawing.com
Fingerprint9E:A5:EB:D3:7C:3C:15:CB:1C:F4:8B:26:44:CC:7A:62:46:A9:DF:F0
ValidityFri, 11 Oct 2024 06:08:50 GMT - Wed, 12 Nov 2025 06:08:49 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1024x585, Scaling: [none]x[none], YUV color, decoders should clamp
Size
116 kB (116060 bytes)
Hash
2882f08a42eddc1e54761da61ff45352
2f7a64c6f85fcd4c873e35135c821da3dbab7b91
79056a04eebe4a7c151de3bd3835dc10fa7cb35684325f810e80ec574be6d4d9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2024/08/hikarikaisen-not-connect3-1024x585.webp HTTP/1.1
Host: hikarikaisen.conohawing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hikarikaisen.conohawing.com/not-connect/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 10 Mar 2025 23:55:53 GMT
content-type: image/webp
content-length: 116060
last-modified: Tue, 06 Aug 2024 13:26:55 GMT
etag: "1c55c-61f03bf4c0eb9"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (16)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML