| sxbjky6enx.3355799com-dh.top/ |  154.40.48.249 | 302 Found | 23 kB |
URL User Request GET sxbjky6enx.3355799com-dh.top/ IP154.40.48.249:443
CertificateIssuerLet's Encrypt Subjectwww.3355799.com Fingerprint4E:6A:0A:7A:BD:E5:B8:26:40:3F:15:A8:C2:74:12:6F:03:0F:8F:16 ValidityTue, 11 Mar 2025 04:04:09 GMT - Mon, 09 Jun 2025 04:04:08 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
| NIDS | Severity | Alert |
|---|
| suricata | medium | ET INFO HTTP Request to a *.top domain |
GET / HTTP/1.1
Host: sxbjky6enx.3355799com-dh.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx
date: Thu, 17 Apr 2025 18:19:50 GMT
content-type: text/html; charset=UTF-8
location: https://4DDYTPJB6J.3355799com-dh.top/demo/
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
|
|
| 4ddytpjb6j.3355799com-dh.top/demo/ | 154.40.48.249 | 200 OK | 23 kB |
URL User Request GET 4ddytpjb6j.3355799com-dh.top/demo/ IP154.40.48.249:443
CertificateIssuerLet's Encrypt Subjectwww.3355799.com Fingerprint4E:6A:0A:7A:BD:E5:B8:26:40:3F:15:A8:C2:74:12:6F:03:0F:8F:16 ValidityTue, 11 Mar 2025 04:04:09 GMT - Mon, 09 Jun 2025 04:04:08 GMT
File typeHTML document, Unicode text, UTF-8 text Hashc74a98b299ef7734f3da18c288be6d0a da7c472dd59be484cec314f89eaf40729b032cd7 f158a5294613aa5ec87d747dbf0e699eaffffdc7c770767f734fc6bc88661161
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /demo/ HTTP/1.1
Host: 4ddytpjb6j.3355799com-dh.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 17 Apr 2025 18:19:52 GMT
content-type: text/html
last-modified: Tue, 15 Oct 2024 11:02:57 GMT
vary: Accept-Encoding
etag: W/"670e4be1-59a0"
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 4ddytpjb6j.3355799com-dh.top/demo/zz/zy.js | 154.40.48.249 | 200 OK | 1.1 kB |
URL GET 4ddytpjb6j.3355799com-dh.top/demo/zz/zy.js IP154.40.48.249:443
Requested byhttps://4ddytpjb6j.3355799com-dh.top/demo/ CertificateIssuerLet's Encrypt Subjectwww.3355799.com Fingerprint4E:6A:0A:7A:BD:E5:B8:26:40:3F:15:A8:C2:74:12:6F:03:0F:8F:16 ValidityTue, 11 Mar 2025 04:04:09 GMT - Mon, 09 Jun 2025 04:04:08 GMT
File typeHTML document, Unicode text, UTF-8 text Hashe93a26fc5dd543d3f99d89617ddf471e 5e1b536ae9206ded03a419b1f2758acd6d3a8214 72c9ee4df98b391cb0134dfc94b51a002b13a3371494c31d82bbcc1625eeff8f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /demo/zz/zy.js HTTP/1.1
Host: 4ddytpjb6j.3355799com-dh.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://4ddytpjb6j.3355799com-dh.top/demo/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 17 Apr 2025 18:19:52 GMT
content-type: application/javascript
last-modified: Tue, 15 Oct 2024 11:07:18 GMT
vary: Accept-Encoding
etag: W/"670e4ce6-479"
expires: Fri, 18 Apr 2025 06:19:52 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 4ddytpjb6j.3355799com-dh.top/demo/zz/style.css | 154.40.48.249 | 200 OK | 30 kB |
URL GET 4ddytpjb6j.3355799com-dh.top/demo/zz/style.css IP154.40.48.249:443
Requested byhttps://4ddytpjb6j.3355799com-dh.top/demo/ CertificateIssuerLet's Encrypt Subjectwww.3355799.com Fingerprint4E:6A:0A:7A:BD:E5:B8:26:40:3F:15:A8:C2:74:12:6F:03:0F:8F:16 ValidityTue, 11 Mar 2025 04:04:09 GMT - Mon, 09 Jun 2025 04:04:08 GMT
File typeUnicode text, UTF-8 text, with CRLF line terminators Hash5581f62c6abce9111cae182b183876b0 c1725c079dff681b709c78aadd64e47e3fa070f8 9c0219446014bd754f79fa89779ef3c55231802a2c007f19bb2e5a65f4a8b843
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /demo/zz/style.css HTTP/1.1
Host: 4ddytpjb6j.3355799com-dh.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://4ddytpjb6j.3355799com-dh.top/demo/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 17 Apr 2025 18:19:52 GMT
content-type: text/css
last-modified: Fri, 03 Nov 2023 06:44:03 GMT
vary: Accept-Encoding
etag: W/"654496b3-7620"
expires: Fri, 18 Apr 2025 06:19:52 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 4ddytpjb6j.3355799com-dh.top/demo/tz2.php | 154.40.48.249 | 200 OK | 7.7 kB |
URL GET 4ddytpjb6j.3355799com-dh.top/demo/tz2.php IP154.40.48.249:443
Requested byhttps://4ddytpjb6j.3355799com-dh.top/demo/ CertificateIssuerLet's Encrypt Subjectwww.3355799.com Fingerprint4E:6A:0A:7A:BD:E5:B8:26:40:3F:15:A8:C2:74:12:6F:03:0F:8F:16 ValidityTue, 11 Mar 2025 04:04:09 GMT - Mon, 09 Jun 2025 04:04:08 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (343) Hash4f153bd429719bef8eabf52afffa4e6b 34d5366ec43513561b37e0e35134073084f140c6 31b55b33ebec5ac0455811db3f1ee5237c93bce8128655fe91236c22ce6a85c8
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /demo/tz2.php HTTP/1.1
Host: 4ddytpjb6j.3355799com-dh.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://4ddytpjb6j.3355799com-dh.top/demo/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 17 Apr 2025 18:19:53 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 4ddytpjb6j.3355799com-dh.top/images/search.jpg | 154.40.48.249 | 404 Not Found | 146 B |
URL GET 4ddytpjb6j.3355799com-dh.top/images/search.jpg IP154.40.48.249:443
Requested byhttps://4ddytpjb6j.3355799com-dh.top/demo/ CertificateIssuerLet's Encrypt Subjectwww.3355799.com Fingerprint4E:6A:0A:7A:BD:E5:B8:26:40:3F:15:A8:C2:74:12:6F:03:0F:8F:16 ValidityTue, 11 Mar 2025 04:04:09 GMT - Mon, 09 Jun 2025 04:04:08 GMT
File typeHTML document, ASCII text, with CRLF line terminators Hash8eec510e57f5f732fd2cce73df7b73ef 3c0af39ecb3753c5fee3b53d063c7286019eac3b 55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /images/search.jpg HTTP/1.1
Host: 4ddytpjb6j.3355799com-dh.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://4ddytpjb6j.3355799com-dh.top/demo/zz/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 404 Not Found
server: nginx
date: Thu, 17 Apr 2025 18:19:53 GMT
content-type: text/html
content-length: 146
X-Firefox-Spdy: h2
|
|
| 4ddytpjb6j.3355799com-dh.top/favicon.ico | 154.40.48.249 | 404 Not Found | 146 B |
URL GET 4ddytpjb6j.3355799com-dh.top/favicon.ico IP154.40.48.249:443
Requested byhttps://4ddytpjb6j.3355799com-dh.top/demo/ CertificateIssuerLet's Encrypt Subjectwww.3355799.com Fingerprint4E:6A:0A:7A:BD:E5:B8:26:40:3F:15:A8:C2:74:12:6F:03:0F:8F:16 ValidityTue, 11 Mar 2025 04:04:09 GMT - Mon, 09 Jun 2025 04:04:08 GMT
File typeHTML document, ASCII text, with CRLF line terminators Hash8eec510e57f5f732fd2cce73df7b73ef 3c0af39ecb3753c5fee3b53d063c7286019eac3b 55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: 4ddytpjb6j.3355799com-dh.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://4ddytpjb6j.3355799com-dh.top/demo/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 404 Not Found
server: nginx
date: Thu, 17 Apr 2025 18:19:53 GMT
content-type: text/html
content-length: 146
X-Firefox-Spdy: h2
|
|
| 4ddytpjb6j.3355799com-dh.top/style.css | 154.40.48.249 | 404 Not Found | 146 B |
URL GET 4ddytpjb6j.3355799com-dh.top/style.css IP154.40.48.249:443
Requested byhttps://4ddytpjb6j.3355799com-dh.top/demo/tz2.php CertificateIssuerLet's Encrypt Subjectwww.3355799.com Fingerprint4E:6A:0A:7A:BD:E5:B8:26:40:3F:15:A8:C2:74:12:6F:03:0F:8F:16 ValidityTue, 11 Mar 2025 04:04:09 GMT - Mon, 09 Jun 2025 04:04:08 GMT
File typeHTML document, ASCII text, with CRLF line terminators Hash8eec510e57f5f732fd2cce73df7b73ef 3c0af39ecb3753c5fee3b53d063c7286019eac3b 55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /style.css HTTP/1.1
Host: 4ddytpjb6j.3355799com-dh.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://4ddytpjb6j.3355799com-dh.top/demo/tz2.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 404 Not Found
server: nginx
date: Thu, 17 Apr 2025 18:19:53 GMT
content-type: text/html
content-length: 146
X-Firefox-Spdy: h2
|
|