112.213.126.140200 OK 2.4 kB URL User Request GET HTTP/1.1 IP 112.213.126.140:443
ASN #64050 BGPNET Global ASN
Certificate IssuerLet's Encrypt
Subject8h9b.live
Fingerprint22:F1:28:C6:68:AE:77:37:20:DE:8B:52:70:02:36:58:92:7A:91:D0
ValidityThu, 18 Apr 2024 12:00:15 GMT - Wed, 17 Jul 2024 12:00:14 GMT
File type HTML document, ASCII text, with very long lines (1056)
Hash 0a09fd404d45f849b4b736760796632b
7711699d391391fba546f8849763acb67962a089
1c85da67e5154adc161db11987062d9f851bad38f8fcbcde1776bd8294d8176c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET / HTTP/1.1
Host: 8h9b.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 23 Apr 2024 23:25:07 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 23 Apr 2024 17:49:28 GMT
Vary: Accept-Encoding
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 6196
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h6cd3OC3HVA1Lb2kxEX6dilBCE%2B0qH9U9U0N1CUE%2Bj6iy2aTwNg1dlei%2FEGrowCy%2FFfGg3K%2FZrtYioEYUetQLjqZA7lnpfH642ev9GoRnCiL%2FdEim3R3VPFOm44oOM6ObQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 87919c67de2a85e3-HKG
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
Server: nbcdn2023
8h9b.live/static/font/iconfont.css?v=1713884098
112.213.126.140200 OK 1.1 kB URL GET HTTP/1.1 8h9b.live/static/font/iconfont.css?v=1713884098
IP 112.213.126.140:443
ASN #64050 BGPNET Global ASN
Certificate IssuerLet's Encrypt
Subject8h9b.live
Fingerprint22:F1:28:C6:68:AE:77:37:20:DE:8B:52:70:02:36:58:92:7A:91:D0
ValidityThu, 18 Apr 2024 12:00:15 GMT - Wed, 17 Jul 2024 12:00:14 GMT
Hash a17f871478685b92195842a4db8bd22e
b11bde93bb87b2498459eef1a8b8971c3b1ae6f2
1d5a19546b47227cac00ccca55e6b6282f4ae223e7dc084414371ccb6fbf0393
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /static/font/iconfont.css?v=1713884098 HTTP/1.1
Host: 8h9b.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8h9b.live/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 23 Apr 2024 23:25:07 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 17 Apr 2024 15:20:16 GMT
Vary: Accept-Encoding
ETag: W/"661fe8b0-11b1"
Content-Encoding: gzip
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 929
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=spnVJex%2FcMrqqbBLOh0CO%2Bgh1%2Bit5MH5xTIcHTtZ%2FUWNR9RJRTTJF%2BgtSiKKcW8byALdMRfuIZeLWqI4hiuUx4zCwPk%2FP2D4QbzvTNEDQ%2Ffyb%2BcJhkbqrI8ttpK5mhtapQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 878ee350da3b6e40-HKG
alt-svc: h3=":443"; ma=86400
Server: nbcdn2023
X-Cache-Status: HIT
8h9b.live/plugin/qrcode.js
112.213.126.140200 OK 11 kB URL GET HTTP/1.1 8h9b.live/plugin/qrcode.js
IP 112.213.126.140:443
ASN #64050 BGPNET Global ASN
Certificate IssuerLet's Encrypt
Subject8h9b.live
Fingerprint22:F1:28:C6:68:AE:77:37:20:DE:8B:52:70:02:36:58:92:7A:91:D0
ValidityThu, 18 Apr 2024 12:00:15 GMT - Wed, 17 Jul 2024 12:00:14 GMT
File type JavaScript source, Unicode text, UTF-8 text, with very long lines (3129)
Hash 663ef62276512200b83bd4076a4a039d
9caa0d9a9ba4409a3f77540a1b15a7617aeb28e8
3ee72de9f69c668f9567363a9358df955960bae9000d9ebd66414670f88e8735
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /plugin/qrcode.js HTTP/1.1
Host: 8h9b.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8h9b.live/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 23 Apr 2024 23:25:08 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 11 Jan 2024 06:42:29 GMT
Vary: Accept-Encoding
ETag: W/"659f8dd5-8190"
Content-Encoding: gzip
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 3448
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TfZb2TbUq9LB7t%2BGRIK1T%2FWLAsd9h8JUgf0XVKc5TD1lzDEBrM%2B5sE63stC8pAQjpyTdJ6208umEW%2F9T35eAyAXrvq2RKokEsteEq6L1ZeN5KJfABx%2BzgNl9YRuzRgh84g%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 878f42418c05099c-HKG
alt-svc: h3=":443"; ma=86400
Server: nbcdn2023
X-Cache-Status: HIT
8h9b.live/static/css/main.css?id=e9fed206503782bdc7035c0b3b9bbcb4
112.213.126.140200 OK 41 kB URL GET HTTP/1.1 8h9b.live/static/css/main.css?id=e9fed206503782bdc7035c0b3b9bbcb4
IP 112.213.126.140:443
ASN #64050 BGPNET Global ASN
Certificate IssuerLet's Encrypt
Subject8h9b.live
Fingerprint22:F1:28:C6:68:AE:77:37:20:DE:8B:52:70:02:36:58:92:7A:91:D0
ValidityThu, 18 Apr 2024 12:00:15 GMT - Wed, 17 Jul 2024 12:00:14 GMT
File type Unicode text, UTF-8 text, with very long lines (65244), with no line terminators
Hash f5566ef94cbe43ca898099f0e315f29f
b6857c33a9b29787ed3d7d89b3cddb68ad025139
58dc71c1f94c73112989e59cf42edd8082e77bf7e75ae3ce4fa1ed3de726c540
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /static/css/main.css?id=e9fed206503782bdc7035c0b3b9bbcb4 HTTP/1.1
Host: 8h9b.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8h9b.live/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 23 Apr 2024 23:25:07 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 17 Apr 2024 15:20:20 GMT
Vary: Accept-Encoding
ETag: W/"661fe8b4-342a4"
Content-Encoding: gzip
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 845
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tsSwClqAlM0tsMKiKYRBWGDLn%2BjRdK2qm4fDYcnuczyjPF6xAt04SdRR5MANrVQr%2BC3w37owtmy9lbhUtT8IpvxI081AfJRBA1X61ODD3NpQ6ahYAg%2BvEVYTXoNv5ioHPA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 878ee3520bea6e40-HKG
alt-svc: h3=":443"; ma=86400
Server: nbcdn2023
X-Cache-Status: HIT
8h9b.live/siteConfig/notBack.js?v=1713884098
112.213.126.140200 OK 1.7 kB URL GET HTTP/1.1 8h9b.live/siteConfig/notBack.js?v=1713884098
IP 112.213.126.140:443
ASN #64050 BGPNET Global ASN
Certificate IssuerLet's Encrypt
Subject8h9b.live
Fingerprint22:F1:28:C6:68:AE:77:37:20:DE:8B:52:70:02:36:58:92:7A:91:D0
ValidityThu, 18 Apr 2024 12:00:15 GMT - Wed, 17 Jul 2024 12:00:14 GMT
File type JavaScript source, Unicode text, UTF-8 text, with very long lines (3802), with no line terminators
Hash facdd806a3708bef3184bf2fc2bf1adb
6654b2a0c4709124a781d23137914238a426d129
734abc3a7d9c6d7f0c9c08b6c15f6b11832c1cbe0cbe1679f8d36d3861e6900c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /siteConfig/notBack.js?v=1713884098 HTTP/1.1
Host: 8h9b.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8h9b.live/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 23 Apr 2024 23:25:08 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 17 Apr 2024 15:19:41 GMT
Vary: Accept-Encoding
ETag: W/"661fe88d-efe"
Content-Encoding: gzip
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 793
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Rga%2BTsHgPbDAzlyHzp5TqbAPT1tLReS9peLQieBwtL3alUHyNIkt2VOhW6MM4vt88KEDjxuaqUo64aNG0lsKDUj0rhIgOUKjcs%2F%2BJ%2BDjb5ms0TcqxJ4C%2F13ssD8JrvZcBw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 878ee35cdbe784fd-HKG
alt-svc: h3=":443"; ma=86400
Server: nbcdn2023
X-Cache-Status: HIT
html2canvas.hertzen.com/dist/html2canvas.min.js
172.67.140.170200 OK 57 kB URL GET HTTP/2 html2canvas.hertzen.com/dist/html2canvas.min.js
IP 172.67.140.170:443
Certificate IssuerLet's Encrypt
Subjecthertzen.com
Fingerprint3D:B5:12:BA:11:21:5A:34:99:30:8B:A8:E8:1A:2D:11:EC:BB:88:B2
ValiditySun, 14 Apr 2024 00:07:56 GMT - Sat, 13 Jul 2024 00:07:55 GMT
File type JavaScript source, Unicode text, UTF-8 text, with very long lines (64372)
Hash d7530aa0b7587e627484c49fdf8f13f2
b987dc0cc6cfcdc2e34499375f505470c5adb891
e87e550794322e574a1fda0c1549a3c70dae5a93d9113417a429016838eab8cb
GET /dist/html2canvas.min.js HTTP/1.1
Host: html2canvas.hertzen.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8h9b.live/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 23 Apr 2024 23:25:07 GMT
content-type: application/javascript; charset=utf-8
x-origin-cache: HIT
last-modified: Sat, 22 Jan 2022 16:56:04 GMT
access-control-allow-origin: *
etag: W/"61ec3724-30821"
expires: Tue, 23 Apr 2024 01:46:34 GMT
cache-control: max-age=14400
x-proxy-cache: MISS
x-github-request-id: 4314:E620:27C1F9D:285B3E4:655402C2
via: 1.1 varnish
x-served-by: cache-bma1647-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1701591762.916946,VS0,VE532
vary: Accept-Encoding
x-fastly-request-id: 3f9ff5466ea285503e8b6879c9b9459e091b4838
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A35YmAeyFnM2N3v0Pdl%2FYOtKPNe4gISAnkCSB95t31LaFZrq%2Fg6GRRNJBerlVjMXtFfGNuDrWyMvPB6AcKtGXT3NOAuaVl7eDeUj%2BRIpp1NcMdjlN06nyYM%2F5gtwrMlLQ26SLlLbVTIIfQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87919c6abbaf5693-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
hm.baidu.com/hm.js?cfba88a3dada33f119f6c95f95a4d5dd
14.215.182.140200 OK 11 kB URL GET HTTP/1.1 hm.baidu.com/hm.js?cfba88a3dada33f119f6c95f95a4d5dd
IP 14.215.182.140:443
Certificate IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT
File type JavaScript source, ASCII text, with very long lines (618)
Hash 6bbfcf257e9e3d148d4b92ea270da3d9
5118ef89fbca644b7af8a7082e4bacf6649de3cc
0c093cca6d8bb5a195aaf9580ab2e34cc13e67509332e665c5fe8cce3257c575
GET /hm.js?cfba88a3dada33f119f6c95f95a4d5dd HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8h9b.live/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11256
Content-Type: application/javascript
Date: Tue, 23 Apr 2024 23:25:09 GMT
Etag: 00c19dced1d7a884d758b3bb3469c49d
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=57EFF2CBB13D1A5B; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
8h9b.live/plugin/layer/layer.js
112.213.126.140200 OK 1.5 kB URL GET HTTP/1.1 8h9b.live/plugin/layer/layer.js
IP 112.213.126.140:443
ASN #64050 BGPNET Global ASN
Certificate IssuerLet's Encrypt
Subject8h9b.live
Fingerprint22:F1:28:C6:68:AE:77:37:20:DE:8B:52:70:02:36:58:92:7A:91:D0
ValidityThu, 18 Apr 2024 12:00:15 GMT - Wed, 17 Jul 2024 12:00:14 GMT
File type JavaScript source, Unicode text, UTF-8 text, with very long lines (2939)
Hash 5cd64e8e03e79afc04604b269b7ac135
b3127f426cf505c87eebcdb12aa22a77a89ae86d
6d52c70a965318389996695f6a597a1052197d3528eb3c8c06367bf440d16804
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /plugin/layer/layer.js HTTP/1.1
Host: 8h9b.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8h9b.live/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 23 Apr 2024 23:25:09 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 11 Jan 2024 06:42:29 GMT
Vary: Accept-Encoding
ETag: W/"659f8dd5-be0"
Content-Encoding: gzip
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 651
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XHcI%2BIsyM71q8kB%2BGqNRuH3MYAI1H2Sko4r18E8Mi5bnN%2FB9raMviUxfRNdJUnJ%2BfkiWTuXwU05Lj7V8akMIMwRZKPiNnYwZoAbVdzOa0dAxCabDxP7AMziT1XJihp3IKw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 878ee35d8c840454-HKG
alt-svc: h3=":443"; ma=86400
Server: nbcdn2023
X-Cache-Status: HIT
8h9b.live/plugin/base64.min.js
112.213.126.140200 OK 2.1 kB URL GET HTTP/1.1 8h9b.live/plugin/base64.min.js
IP 112.213.126.140:443
ASN #64050 BGPNET Global ASN
Certificate IssuerLet's Encrypt
Subject8h9b.live
Fingerprint22:F1:28:C6:68:AE:77:37:20:DE:8B:52:70:02:36:58:92:7A:91:D0
ValidityThu, 18 Apr 2024 12:00:15 GMT - Wed, 17 Jul 2024 12:00:14 GMT
File type JavaScript source, ASCII text, with very long lines (4802)
Hash d39810f112e1854b48eccf617b13ce42
b4002830ff104a839428168cb968833867fcc22f
8596adfd068f2ae2f74eb18cb94097a62ba423b75f5074555b820eb4619ec610
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /plugin/base64.min.js HTTP/1.1
Host: 8h9b.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8h9b.live/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 23 Apr 2024 23:25:09 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 11 Jan 2024 06:42:29 GMT
Vary: Accept-Encoding
ETag: W/"659f8dd5-13a8"
Content-Encoding: gzip
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 741
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CiL08D1lVOXcEJTyd6FKY%2F3Cf9VuXbl8tLDSE5cRDVRlqT8I4M81UIX913Dpx%2BRhZxshafxiEMvIFipt13CaRHenb6SSQ2Fe9%2FfXU4sWjqLeNE3K0X%2BOtl5YROFXsUIBEw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 878ee35dcc526e40-HKG
alt-svc: h3=":443"; ma=86400
Server: nbcdn2023
X-Cache-Status: HIT
cdn.staticfile.org/Swiper/8.0.5/swiper-bundle.min.js
104.18.52.201200 OK 56 kB URL GET HTTP/2 cdn.staticfile.org/Swiper/8.0.5/swiper-bundle.min.js
IP 104.18.52.201:443
Certificate IssuerGoogle Trust Services LLC
Subjectcdn.staticfile.org
Fingerprint13:7C:E5:1B:86:D1:10:4A:B0:8D:70:4A:75:D6:29:72:5A:12:CC:80
ValidityFri, 12 Apr 2024 08:18:39 GMT - Thu, 11 Jul 2024 08:18:38 GMT
File type JavaScript source, ASCII text, with very long lines (65279)
Hash ab96a16cb2881fada6ffc76d85e848b4
eb96b4873eb4224fd116e104e05b8f1ec6652703
646875f99614dfaa64bf6be1fbe57f60111629ce0323dff8b3628f009f29bbeb
GET /Swiper/8.0.5/swiper-bundle.min.js HTTP/1.1
Host: cdn.staticfile.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8h9b.live/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 23 Apr 2024 23:25:07 GMT
content-type: text/javascript; charset=utf-8
access-control-allow-methods: GET, POST, PATCH, PUT, DELETE, OPTIONS
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Authorization, Content-Type, If-Match, If-Modified-Since, If-None-Match, If-Unmodifed-Since, X-CSRF-TOKEN, X-Requested-With,token
cache-control: public, max-age=14400
x-cloud-cdn: true
content-encoding: gzip
last-modified: Fri, 12 Apr 2024 12:31:32 GMT
cf-cache-status: HIT
age: 967697
expires: Wed, 24 Apr 2024 03:25:07 GMT
vary: Accept-Encoding
server: cloudflare
cf-ray: 87919c6af87a56c6-OSL
X-Firefox-Spdy: h2
cscccache.fangchengbao.com/fbprod/oss/file/8e4944cc28bd4.txt
120.232.206.78200 OK 1.6 kB URL GET HTTP/1.1 cscccache.fangchengbao.com/fbprod/oss/file/8e4944cc28bd4.txt
IP 120.232.206.78:443
ASN #56040 China Mobile communications corporation
Certificate IssuerDigiCert Inc
Subject*.fangchengbao.com
Fingerprint02:40:CD:2D:2A:3F:B5:22:AF:14:FB:D3:0E:5E:53:9A:D7:94:AC:2F
ValidityWed, 28 Jun 2023 00:00:00 GMT - Sun, 28 Jul 2024 23:59:59 GMT
File type ASCII text, with very long lines (1571), with no line terminators
Hash b9ce7392253bda2602b967fd5f938f72
5e9fbf3cd1dc45dc8ea22fea90c4bf3bcf7b0d9d
80e9bd147bcf9b444295645964497ca6228dad3ddeff2706c60ca4fb28395282
GET /fbprod/oss/file/8e4944cc28bd4.txt HTTP/1.1
Host: cscccache.fangchengbao.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8h9b.live/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 23 Apr 2024 23:25:10 GMT
Content-Type: text/plain
Content-Length: 1571
Connection: keep-alive
Server: openresty
CloudServiceDiscount: CDN
x-obs-request-id: 0000018E32CBB973498661795D1CE351
ETag: "b9ce7392253bda2602b967fd5f938f72"
Last-Modified: Tue, 12 Mar 2024 13:13:08 GMT
x-obs-version-id: G001118E32CB9B90FFFF9C89064443A7
x-obs-tagging-count: 0
x-obs-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSmToUGwA1jBU588QTAP9E+LRhar3+0u
via: CHN-GDguangzhou-CMCC10-CACHE18[6],CHN-GDguangzhou-CMCC10-CACHE31[0,TCP_HIT,0],CHN-GDdongguan-GLOBAL1-CACHE24[138],CHN-GDdongguan-GLOBAL1-CACHE50[133,TCP_MISS,135]
x-hcs-proxy-type: 1
X-CCDN-CacheTTL: 2592000
X-CCDN-REQ-ID-46B1: d5f5097ee51d6924c9b444a4b8a95e6d
nginx-hit: 1
Age: 3665515
X-CCDN-Expires: 1637063
Accept-Ranges: bytes
Content-Disposition: inline
8h9b.live/static/js/page/transit.js?id=4b39262b01f46cb9a6712a03c16b47a1
112.213.126.140200 OK 13 kB URL GET HTTP/1.1 8h9b.live/static/js/page/transit.js?id=4b39262b01f46cb9a6712a03c16b47a1
IP 112.213.126.140:443
ASN #64050 BGPNET Global ASN
Certificate IssuerLet's Encrypt
Subject8h9b.live
Fingerprint22:F1:28:C6:68:AE:77:37:20:DE:8B:52:70:02:36:58:92:7A:91:D0
ValidityThu, 18 Apr 2024 12:00:15 GMT - Wed, 17 Jul 2024 12:00:14 GMT
File type JavaScript source, Unicode text, UTF-8 text, with very long lines (39189), with no line terminators
Hash 4b39262b01f46cb9a6712a03c16b47a1
4c49cfc9f35010f6ea0180df38faa4b63fafd20f
bdf9680acddad3c11345aa9b65dda4d5220095cff97647c079114d8d3da728c5
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /static/js/page/transit.js?id=4b39262b01f46cb9a6712a03c16b47a1 HTTP/1.1
Host: 8h9b.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8h9b.live/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 23 Apr 2024 23:25:10 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 17 Apr 2024 15:20:00 GMT
Vary: Accept-Encoding
ETag: W/"661fe8a0-9efc"
Content-Encoding: gzip
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 3432
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7RmHm6fg%2B3J2AAxah6V75DP6b58iSc6lXSFiDMP9PiUjwS5HyuoMpygye3u6%2BXe7SdYXZ9aON%2FDveRjG946u1huojlXhepiIU%2FztYw7FvOC7z7HVyU9w2B%2Bag8dmLDDe%2Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 878f42428daf099c-HKG
alt-svc: h3=":443"; ma=86400
Server: nbcdn2023
X-Cache-Status: HIT
8h9b.live/plugin/crypto-js/crypto-js.min.js
112.213.126.140200 OK 18 kB URL GET HTTP/1.1 8h9b.live/plugin/crypto-js/crypto-js.min.js
IP 112.213.126.140:443
ASN #64050 BGPNET Global ASN
Certificate IssuerLet's Encrypt
Subject8h9b.live
Fingerprint22:F1:28:C6:68:AE:77:37:20:DE:8B:52:70:02:36:58:92:7A:91:D0
ValidityThu, 18 Apr 2024 12:00:15 GMT - Wed, 17 Jul 2024 12:00:14 GMT
File type JavaScript source, ASCII text, with very long lines (48292), with no line terminators
Hash 6a3da2523348261400a9b139c0c666f9
acc8c5736dee9de52b90fc98c1796778214c3077
6d0cf30d6a88e413af90d6e8cebd8ae37fa125bd2f04d39126019dc3174ab820
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /plugin/crypto-js/crypto-js.min.js HTTP/1.1
Host: 8h9b.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8h9b.live/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 23 Apr 2024 23:25:09 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 11 Jan 2024 06:42:29 GMT
Vary: Accept-Encoding
ETag: W/"659f8dd5-bca4"
Content-Encoding: gzip
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 909
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=t6WSJm6qlJKc4Xf8oAkHf5fGKdl%2Buged0iCbYYpBate5jWbJNMBgYsTxdCWocow33WozqVZIBaCJfLNLTuTqEsM%2FS7YJXd%2B0CefQ%2FfVJHXENxaM%2BCvgoFubwxzVVwNws0A%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 878ee35e6e6d84fd-HKG
alt-svc: h3=":443"; ma=86400
Server: nbcdn2023
X-Cache-Status: HIT
8h9b.live/siteConfig/configuration.js?v=1713884098
112.213.126.140200 OK 34 kB URL GET HTTP/1.1 8h9b.live/siteConfig/configuration.js?v=1713884098
IP 112.213.126.140:443
ASN #64050 BGPNET Global ASN
Certificate IssuerLet's Encrypt
Subject8h9b.live
Fingerprint22:F1:28:C6:68:AE:77:37:20:DE:8B:52:70:02:36:58:92:7A:91:D0
ValidityThu, 18 Apr 2024 12:00:15 GMT - Wed, 17 Jul 2024 12:00:14 GMT
File type ASCII text, with very long lines (44021)
Hash e673803e61bdb47b092625f6bff83a3d
8abe32d5eeeabddd54352e806dd34a9d22e87cdb
d0489e06e5649ee45527f5bd212a68269c60ce63480d09f81d4d9962516ad2ba
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /siteConfig/configuration.js?v=1713884098 HTTP/1.1
Host: 8h9b.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8h9b.live/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 23 Apr 2024 23:25:09 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 17 Apr 2024 15:19:41 GMT
Vary: Accept-Encoding
ETag: W/"661fe88d-ac38"
Content-Encoding: gzip
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 937
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mT3n0hYwhZYTp2ospdSq6L83HpnZ6EMxCVdWavLkT%2B0wNSpHmW2ubngymf064s4QKMz8s1wzjUYDqHaBBIEtPCAl7QevZswuSmDITCJIutXYa28moM6UQvyIFOtc7H8S8A%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 878ee35e8a9085e9-HKG
alt-svc: h3=":443"; ma=86400
Server: nbcdn2023
X-Cache-Status: HIT
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1589552616&si=cfba88a3dada33f119f6c95f95a4d5dd&v=1.3.0&lv=1&sn=43390&r=0&ww=1280&u=https%3A%2F%2F8h9b.live%2F%23&tt=8X%E8%A7%86%E9%A2%91%E6%8B%94%E6%8F%92%E6%8B%94%E6%8F%92%E5%BD%B1%E5%BA%93%E6%B0%B8%E4%B9%85%E5%85%8D%E8%B4%B9_8X%E8%A7%86%E9%A2%91%E6%8B%94%E6%8F%92%E6%8B%94%E6%8F%92%E5%BD%B1%E5%BA%93%E6%B0%B8%E4%B9%85%E5%85%8D%E8%B4%B9%E5%85%8D%E8%B4%B9%E8%A7%86%E9%A2%91-8X%E8%A7%86%E9%A2%91%E6%8B%94%E6%8F%92%E6%8B%94%E6%8F%92%E5%BD%B1%E5%BA%93%E6%B0%B8%E4%B9%85%E5%85%8D%E8%B4%B9%E5%BD%B1%E9%99%A2
14.215.182.140200 OK 43 B URL GET HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1589552616&si=cfba88a3dada33f119f6c95f95a4d5dd&v=1.3.0&lv=1&sn=43390&r=0&ww=1280&u=https%3A%2F%2F8h9b.live%2F%23&tt=8X%E8%A7%86%E9%A2%91%E6%8B%94%E6%8F%92%E6%8B%94%E6%8F%92%E5%BD%B1%E5%BA%93%E6%B0%B8%E4%B9%85%E5%85%8D%E8%B4%B9_8X%E8%A7%86%E9%A2%91%E6%8B%94%E6%8F%92%E6%8B%94%E6%8F%92%E5%BD%B1%E5%BA%93%E6%B0%B8%E4%B9%85%E5%85%8D%E8%B4%B9%E5%85%8D%E8%B4%B9%E8%A7%86%E9%A2%91-8X%E8%A7%86%E9%A2%91%E6%8B%94%E6%8F%92%E6%8B%94%E6%8F%92%E5%BD%B1%E5%BA%93%E6%B0%B8%E4%B9%85%E5%85%8D%E8%B4%B9%E5%BD%B1%E9%99%A2
IP 14.215.182.140:443
Certificate IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT
File type GIF image data, version 89a, 1 x 1
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1589552616&si=cfba88a3dada33f119f6c95f95a4d5dd&v=1.3.0&lv=1&sn=43390&r=0&ww=1280&u=https%3A%2F%2F8h9b.live%2F%23&tt=8X%E8%A7%86%E9%A2%91%E6%8B%94%E6%8F%92%E6%8B%94%E6%8F%92%E5%BD%B1%E5%BA%93%E6%B0%B8%E4%B9%85%E5%85%8D%E8%B4%B9_8X%E8%A7%86%E9%A2%91%E6%8B%94%E6%8F%92%E6%8B%94%E6%8F%92%E5%BD%B1%E5%BA%93%E6%B0%B8%E4%B9%85%E5%85%8D%E8%B4%B9%E5%85%8D%E8%B4%B9%E8%A7%86%E9%A2%91-8X%E8%A7%86%E9%A2%91%E6%8B%94%E6%8F%92%E6%8B%94%E6%8F%92%E5%BD%B1%E5%BA%93%E6%B0%B8%E4%B9%85%E5%85%8D%E8%B4%B9%E5%BD%B1%E9%99%A2 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8h9b.live/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Tue, 23 Apr 2024 23:25:10 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=FA316E1EC7A9F73F; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1688889775&si=a67a23d2de6184144da898ec9854285e&v=1.3.0&lv=1&sn=43390&r=0&ww=1280&u=https%3A%2F%2F8h9b.live%2F%23&tt=8X%E8%A7%86%E9%A2%91%E6%8B%94%E6%8F%92%E6%8B%94%E6%8F%92%E5%BD%B1%E5%BA%93%E6%B0%B8%E4%B9%85%E5%85%8D%E8%B4%B9_8X%E8%A7%86%E9%A2%91%E6%8B%94%E6%8F%92%E6%8B%94%E6%8F%92%E5%BD%B1%E5%BA%93%E6%B0%B8%E4%B9%85%E5%85%8D%E8%B4%B9%E5%85%8D%E8%B4%B9%E8%A7%86%E9%A2%91-8X%E8%A7%86%E9%A2%91%E6%8B%94%E6%8F%92%E6%8B%94%E6%8F%92%E5%BD%B1%E5%BA%93%E6%B0%B8%E4%B9%85%E5%85%8D%E8%B4%B9%E5%BD%B1%E9%99%A2
14.215.182.140200 OK 43 B URL GET HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1688889775&si=a67a23d2de6184144da898ec9854285e&v=1.3.0&lv=1&sn=43390&r=0&ww=1280&u=https%3A%2F%2F8h9b.live%2F%23&tt=8X%E8%A7%86%E9%A2%91%E6%8B%94%E6%8F%92%E6%8B%94%E6%8F%92%E5%BD%B1%E5%BA%93%E6%B0%B8%E4%B9%85%E5%85%8D%E8%B4%B9_8X%E8%A7%86%E9%A2%91%E6%8B%94%E6%8F%92%E6%8B%94%E6%8F%92%E5%BD%B1%E5%BA%93%E6%B0%B8%E4%B9%85%E5%85%8D%E8%B4%B9%E5%85%8D%E8%B4%B9%E8%A7%86%E9%A2%91-8X%E8%A7%86%E9%A2%91%E6%8B%94%E6%8F%92%E6%8B%94%E6%8F%92%E5%BD%B1%E5%BA%93%E6%B0%B8%E4%B9%85%E5%85%8D%E8%B4%B9%E5%BD%B1%E9%99%A2
IP 14.215.182.140:443
Certificate IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT
File type GIF image data, version 89a, 1 x 1
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1688889775&si=a67a23d2de6184144da898ec9854285e&v=1.3.0&lv=1&sn=43390&r=0&ww=1280&u=https%3A%2F%2F8h9b.live%2F%23&tt=8X%E8%A7%86%E9%A2%91%E6%8B%94%E6%8F%92%E6%8B%94%E6%8F%92%E5%BD%B1%E5%BA%93%E6%B0%B8%E4%B9%85%E5%85%8D%E8%B4%B9_8X%E8%A7%86%E9%A2%91%E6%8B%94%E6%8F%92%E6%8B%94%E6%8F%92%E5%BD%B1%E5%BA%93%E6%B0%B8%E4%B9%85%E5%85%8D%E8%B4%B9%E5%85%8D%E8%B4%B9%E8%A7%86%E9%A2%91-8X%E8%A7%86%E9%A2%91%E6%8B%94%E6%8F%92%E6%8B%94%E6%8F%92%E5%BD%B1%E5%BA%93%E6%B0%B8%E4%B9%85%E5%85%8D%E8%B4%B9%E5%BD%B1%E9%99%A2 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8h9b.live/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Tue, 23 Apr 2024 23:25:10 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=82501D05C182A39F; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1307961786&si=a2ca8adbcbaa6fa707f99dee9a46ce52&v=1.3.0&lv=1&sn=43390&r=0&ww=1280&u=https%3A%2F%2F8h9b.live%2F%23&tt=8X%E8%A7%86%E9%A2%91%E6%8B%94%E6%8F%92%E6%8B%94%E6%8F%92%E5%BD%B1%E5%BA%93%E6%B0%B8%E4%B9%85%E5%85%8D%E8%B4%B9_8X%E8%A7%86%E9%A2%91%E6%8B%94%E6%8F%92%E6%8B%94%E6%8F%92%E5%BD%B1%E5%BA%93%E6%B0%B8%E4%B9%85%E5%85%8D%E8%B4%B9%E5%85%8D%E8%B4%B9%E8%A7%86%E9%A2%91-8X%E8%A7%86%E9%A2%91%E6%8B%94%E6%8F%92%E6%8B%94%E6%8F%92%E5%BD%B1%E5%BA%93%E6%B0%B8%E4%B9%85%E5%85%8D%E8%B4%B9%E5%BD%B1%E9%99%A2
14.215.182.140200 OK 43 B URL GET HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1307961786&si=a2ca8adbcbaa6fa707f99dee9a46ce52&v=1.3.0&lv=1&sn=43390&r=0&ww=1280&u=https%3A%2F%2F8h9b.live%2F%23&tt=8X%E8%A7%86%E9%A2%91%E6%8B%94%E6%8F%92%E6%8B%94%E6%8F%92%E5%BD%B1%E5%BA%93%E6%B0%B8%E4%B9%85%E5%85%8D%E8%B4%B9_8X%E8%A7%86%E9%A2%91%E6%8B%94%E6%8F%92%E6%8B%94%E6%8F%92%E5%BD%B1%E5%BA%93%E6%B0%B8%E4%B9%85%E5%85%8D%E8%B4%B9%E5%85%8D%E8%B4%B9%E8%A7%86%E9%A2%91-8X%E8%A7%86%E9%A2%91%E6%8B%94%E6%8F%92%E6%8B%94%E6%8F%92%E5%BD%B1%E5%BA%93%E6%B0%B8%E4%B9%85%E5%85%8D%E8%B4%B9%E5%BD%B1%E9%99%A2
IP 14.215.182.140:443
Certificate IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT
File type GIF image data, version 89a, 1 x 1
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1307961786&si=a2ca8adbcbaa6fa707f99dee9a46ce52&v=1.3.0&lv=1&sn=43390&r=0&ww=1280&u=https%3A%2F%2F8h9b.live%2F%23&tt=8X%E8%A7%86%E9%A2%91%E6%8B%94%E6%8F%92%E6%8B%94%E6%8F%92%E5%BD%B1%E5%BA%93%E6%B0%B8%E4%B9%85%E5%85%8D%E8%B4%B9_8X%E8%A7%86%E9%A2%91%E6%8B%94%E6%8F%92%E6%8B%94%E6%8F%92%E5%BD%B1%E5%BA%93%E6%B0%B8%E4%B9%85%E5%85%8D%E8%B4%B9%E5%85%8D%E8%B4%B9%E8%A7%86%E9%A2%91-8X%E8%A7%86%E9%A2%91%E6%8B%94%E6%8F%92%E6%8B%94%E6%8F%92%E5%BD%B1%E5%BA%93%E6%B0%B8%E4%B9%85%E5%85%8D%E8%B4%B9%E5%BD%B1%E9%99%A2 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8h9b.live/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Tue, 23 Apr 2024 23:25:10 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=8C2D05CDF39DDA7A; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
8h9b.live/siteConfig/free.js?v=1713884098
112.213.126.140200 OK 271 kB URL GET HTTP/1.1 8h9b.live/siteConfig/free.js?v=1713884098
IP 112.213.126.140:443
ASN #64050 BGPNET Global ASN
Certificate IssuerLet's Encrypt
Subject8h9b.live
Fingerprint22:F1:28:C6:68:AE:77:37:20:DE:8B:52:70:02:36:58:92:7A:91:D0
ValidityThu, 18 Apr 2024 12:00:15 GMT - Wed, 17 Jul 2024 12:00:14 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 271 kB (270620 bytes)
Hash 63333f7bfdbf22d038ffcf2e448b392a
0992e4bae387814217f7e652e679573da8ca97da
50bffff1c2151763f76b8020f7a9a5d2bc8b6f1f83ce33f12b2eadebcdfcdc50
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /siteConfig/free.js?v=1713884098 HTTP/1.1
Host: 8h9b.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8h9b.live/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 23 Apr 2024 23:25:10 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 23 Apr 2024 14:20:01 GMT
Vary: Accept-Encoding
ETag: W/"6627c391-556da"
Content-Encoding: gzip
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 933
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dKGAMSo5coaFu84RqJoh0aDeCAgB5KvGtmu6WAdbYM41pG8J%2Bt9TFfj99Me2z7Ictv4w0uy6vm%2F%2FCrXjyPjzU%2BY%2FNypRE37beZ7BmS9zYWM0vvfTNI%2B5RZLxKcy3iwFHZw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 878ee35eef9d1fc2-HKG
alt-svc: h3=":443"; ma=86400
Server: nbcdn2023
X-Cache-Status: HIT
8h9b.live/favicon.ico
112.213.126.140200 OK 4.3 kB IP 112.213.126.140:443
ASN #64050 BGPNET Global ASN
Certificate IssuerLet's Encrypt
Subject8h9b.live
Fingerprint22:F1:28:C6:68:AE:77:37:20:DE:8B:52:70:02:36:58:92:7A:91:D0
ValidityThu, 18 Apr 2024 12:00:15 GMT - Wed, 17 Jul 2024 12:00:14 GMT
File type MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
Hash 03919bfc0a91e05103a12c4015cea96c
b9e1c9c4d6c52b0389fd202015223155e88ee98a
fd75a60f71792746ff343e3f0da2e5b3e58879be39d9a6e6b83ac82d0ce1ab37
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /favicon.ico HTTP/1.1
Host: 8h9b.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8h9b.live/
Cookie: Hm_lvt_a67a23d2de6184144da898ec9854285e=1713914710; Hm_lpvt_a67a23d2de6184144da898ec9854285e=1713914710; Hm_lvt_cfba88a3dada33f119f6c95f95a4d5dd=1713914710; Hm_lpvt_cfba88a3dada33f119f6c95f95a4d5dd=1713914710; Hm_lvt_a2ca8adbcbaa6fa707f99dee9a46ce52=1713914710; Hm_lpvt_a2ca8adbcbaa6fa707f99dee9a46ce52=1713914710
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 23 Apr 2024 23:25:11 GMT
Content-Type: image/x-icon
Content-Length: 4286
Connection: keep-alive
Last-Modified: Wed, 17 Apr 2024 15:19:41 GMT
ETag: "661fe88d-10be"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 448
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iZDOZyXjU5eQJuU9AjiwRTTV3BWqDtMprE%2F9A9t1NEDxui2EpA54URx5RJzxwWA9kYekkQLjJ0M9BcWYFWL815solqfS5uqIyrIbq40ruB4hsPuaW50T6NP11vxOkm%2Blpg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
CF-RAY: 878ee7d719cfb453-HKG
alt-svc: h3=":443"; ma=86400
Server: nbcdn2023
X-Cache-Status: HIT
Accept-Ranges: bytes
8h9b.live/siteConfig/img/video.webp
112.213.126.140200 OK 8.5 kB URL GET HTTP/1.1 8h9b.live/siteConfig/img/video.webp
IP 112.213.126.140:443
ASN #64050 BGPNET Global ASN
Certificate IssuerLet's Encrypt
Subject8h9b.live
Fingerprint22:F1:28:C6:68:AE:77:37:20:DE:8B:52:70:02:36:58:92:7A:91:D0
ValidityThu, 18 Apr 2024 12:00:15 GMT - Wed, 17 Jul 2024 12:00:14 GMT
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 230x150, components 3
Hash 79820ef072a6cf75d1cbe3e532be756f
28d2ab28e44b839054dd89dfd0edf87b1edf5e75
26af9355748c373d50098d231726e3ed5bff5b070963751038977b00c01ab888
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /siteConfig/img/video.webp HTTP/1.1
Host: 8h9b.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8h9b.live/
Cookie: Hm_lvt_a67a23d2de6184144da898ec9854285e=1713914710; Hm_lpvt_a67a23d2de6184144da898ec9854285e=1713914710; Hm_lvt_cfba88a3dada33f119f6c95f95a4d5dd=1713914710; Hm_lpvt_cfba88a3dada33f119f6c95f95a4d5dd=1713914710; Hm_lvt_a2ca8adbcbaa6fa707f99dee9a46ce52=1713914710; Hm_lpvt_a2ca8adbcbaa6fa707f99dee9a46ce52=1713914710
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 23 Apr 2024 23:25:11 GMT
Content-Type: image/webp
Content-Length: 8462
Connection: keep-alive
Last-Modified: Wed, 17 Apr 2024 15:19:41 GMT
ETag: "661fe88d-210e"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 1101
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X9h15UHcg5dx5y1VqPUCIl9nocImCDA4VnuQmDfhJY%2BO%2FggZDtlUq6Pln8KNBvUCaNHr4%2B2v1uz6vzeRCOs24Pk4Z2F9mNJh5tkxE%2Fdtlmh1rz7I9UR%2FV4pQA%2BIn1NDEkw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
CF-RAY: 878ee8450bbfe686-HKG
alt-svc: h3=":443"; ma=86400
Server: nbcdn2023
X-Cache-Status: HIT
Accept-Ranges: bytes
static.tigerbbs.com/0bc27625704536d19a62d9a0e16fa944
47.246.44.243200 OK 9.6 kB URL GET HTTP/2 static.tigerbbs.com/0bc27625704536d19a62d9a0e16fa944
IP 47.246.44.243:443
ASN #24429 Zhejiang Taobao Network Co.,Ltd
Certificate IssuerDigiCert Inc
Subject*.tigerbbs.com
Fingerprint30:7A:26:1C:98:DA:10:19:50:7E:FE:45:00:00:24:0C:9B:1F:14:41
ValidityMon, 07 Aug 2023 00:00:00 GMT - Fri, 23 Aug 2024 23:59:59 GMT
File type GIF image data, version 89a, 258 x 258
Hash 0bc27625704536d19a62d9a0e16fa944
c11fd9b4780af19cdea4ad1916997db26030d5ec
caa46c07c689e9add4db714d3e73a8c16b199feba24d0096f8078e6809511ca0
GET /0bc27625704536d19a62d9a0e16fa944 HTTP/1.1
Host: static.tigerbbs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8h9b.live/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 9628
date: Mon, 22 Apr 2024 16:04:02 GMT
x-oss-request-id: 66268A7232B1A6343530A6AB
x-oss-cdn-auth: success
accept-ranges: bytes
x-oss-object-type: Normal
x-oss-storage-class: Standard
content-md5: C8J2JXBFNtGaYtmg4W+pRA==
x-oss-server-time: 33
ali-swift-global-savetime: 1713801842
via: cache16.l2de2[0,0,304-0,H], cache19.l2de2[1,0], ens-cache9.se2[0,16,200-0,H], ens-cache11.se2[17,0]
etag: "0BC27625704536D19A62D9A0E16FA944"
last-modified: Mon, 04 Dec 2023 11:31:08 GMT
x-oss-hash-crc64ecma: 3564895974497029198
age: 112870
x-cache: HIT TCP_HIT dirn:4:846619690
x-swift-savetime: Tue, 23 Apr 2024 11:37:03 GMT
x-swift-cachetime: 793619
cache-control: 864000
access-control-allow-methods: GET
access-control-allow-origin: *
timing-allow-origin: *
eagleid: 2ff62c9f17139147122192028e
X-Firefox-Spdy: h2
8h9b.live/static/font/iconfont.woff2?t=1691161820291
112.213.126.140200 OK 14 kB URL GET HTTP/1.1 8h9b.live/static/font/iconfont.woff2?t=1691161820291
IP 112.213.126.140:443
ASN #64050 BGPNET Global ASN
Certificate IssuerLet's Encrypt
Subject8h9b.live
Fingerprint22:F1:28:C6:68:AE:77:37:20:DE:8B:52:70:02:36:58:92:7A:91:D0
ValidityThu, 18 Apr 2024 12:00:15 GMT - Wed, 17 Jul 2024 12:00:14 GMT
File type Web Open Font Format (Version 2), TrueType, length 14252, version 1.0
Hash bac7086648d56e73bcf7aab3122f0e0a
fc78ed11a3e49c9a7a348a2f10ed5e2910f3fb18
e7d3fbba3cb54f0a212fb93f4c0ad8d1eddb8080aa1a97300f39b5e3f3e5b8c0
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /static/font/iconfont.woff2?t=1691161820291 HTTP/1.1
Host: 8h9b.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://8h9b.live/static/font/iconfont.css?v=1713884098
Cookie: Hm_lvt_a67a23d2de6184144da898ec9854285e=1713914710; Hm_lpvt_a67a23d2de6184144da898ec9854285e=1713914710; Hm_lvt_cfba88a3dada33f119f6c95f95a4d5dd=1713914710; Hm_lpvt_cfba88a3dada33f119f6c95f95a4d5dd=1713914710; Hm_lvt_a2ca8adbcbaa6fa707f99dee9a46ce52=1713914710; Hm_lpvt_a2ca8adbcbaa6fa707f99dee9a46ce52=1713914710
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 23 Apr 2024 23:25:11 GMT
Content-Type: font/woff2
Content-Length: 14252
Connection: keep-alive
Last-Modified: Wed, 17 Apr 2024 15:20:16 GMT
ETag: "661fe8b0-37ac"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 6035
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Qsw8CBkzSrYzS%2Bk2sq30pEFR%2BXVe21kAufHCsL%2BlgpaMEc3Fcp4hCJVtK0yIOsTp%2F876BME35O3Nmqo9HnaHVx550W2BrEk2ma93yDT%2F9vOODlaz1cDE06L1YJRNC3M6kA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
CF-RAY: 87919c85bc9685e3-HKG
alt-svc: h2=":443"; ma=60
Server: nbcdn2023
X-Cache-Status: MISS
Accept-Ranges: bytes
8h9b.live/static/img/safety/other.png
112.213.126.140200 OK 102 kB URL GET HTTP/1.1 8h9b.live/static/img/safety/other.png
IP 112.213.126.140:443
ASN #64050 BGPNET Global ASN
Certificate IssuerLet's Encrypt
Subject8h9b.live
Fingerprint22:F1:28:C6:68:AE:77:37:20:DE:8B:52:70:02:36:58:92:7A:91:D0
ValidityThu, 18 Apr 2024 12:00:15 GMT - Wed, 17 Jul 2024 12:00:14 GMT
File type PNG image data, 631 x 455, 8-bit/color RGBA, non-interlaced
Size 102 kB (101545 bytes)
Hash 3c965e25aaf1596c00afa981bd747a14
2b76bb1ad83b676d81a3023b0ceb5011fd2397db
f60c8689cb172faea1e5e246d1415755a3b8f6f7b5f2ce0e00fe3f9c790e6162
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /static/img/safety/other.png HTTP/1.1
Host: 8h9b.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8h9b.live/
Cookie: Hm_lvt_a67a23d2de6184144da898ec9854285e=1713914710; Hm_lpvt_a67a23d2de6184144da898ec9854285e=1713914710; Hm_lvt_cfba88a3dada33f119f6c95f95a4d5dd=1713914710; Hm_lpvt_cfba88a3dada33f119f6c95f95a4d5dd=1713914710; Hm_lvt_a2ca8adbcbaa6fa707f99dee9a46ce52=1713914710; Hm_lpvt_a2ca8adbcbaa6fa707f99dee9a46ce52=1713914710
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 23 Apr 2024 23:25:11 GMT
Content-Type: image/png
Content-Length: 101545
Connection: keep-alive
Last-Modified: Wed, 17 Apr 2024 15:20:16 GMT
ETag: "661fe8b0-18ca9"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 373
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GiWWI89EPFGPL8H0tJJsa8dmPFr2wJDW%2BY0McbDWcJ2za8TYAj2O3zL0FwnrjOYhpC6alMS20UnRJYLq25qchEy88XrZe301YK06xPctMFmlpzgSq9wLzF4Ka%2BWOkh4hgg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
CF-RAY: 87919c856d9684be-HKG
alt-svc: h2=":443"; ma=60
Server: nbcdn2023
X-Cache-Status: MISS
Accept-Ranges: bytes
137.220.146.247200 OK 2.4 kB URL User Request GET HTTP/1.1 IP 137.220.146.247:443
ASN #64050 BGPNET Global ASN
Certificate IssuerLet's Encrypt
Subject8h9b.live
Fingerprint22:F1:28:C6:68:AE:77:37:20:DE:8B:52:70:02:36:58:92:7A:91:D0
ValidityThu, 18 Apr 2024 12:00:15 GMT - Wed, 17 Jul 2024 12:00:14 GMT
File type HTML document, ASCII text, with very long lines (1056)
Hash 0a09fd404d45f849b4b736760796632b
7711699d391391fba546f8849763acb67962a089
1c85da67e5154adc161db11987062d9f851bad38f8fcbcde1776bd8294d8176c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET / HTTP/1.1
Host: 8h9b.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 23 Apr 2024 23:25:30 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 23 Apr 2024 17:49:28 GMT
Vary: Accept-Encoding
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 5140
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0d9kki%2F300zdIlZm5M7NgwA3dUH0498PzDHRUAu7vrGwCyOsTBgntn8aG4M5533Htd2iohWRs8QnTPlvrgnwbAUkpi5kIdLZAeijcsz3b3ZLr8RcMz9GGzZxHjcWVDlYaA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 87919cf8b9be6874-NRT
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
Server: nbcdn2023
137.220.146.247200 OK 2.4 kB URL User Request GET HTTP/1.1 IP 137.220.146.247:443
ASN #64050 BGPNET Global ASN
Certificate IssuerLet's Encrypt
Subject8h9b.live
Fingerprint22:F1:28:C6:68:AE:77:37:20:DE:8B:52:70:02:36:58:92:7A:91:D0
ValidityThu, 18 Apr 2024 12:00:15 GMT - Wed, 17 Jul 2024 12:00:14 GMT
File type HTML document, ASCII text, with very long lines (1056)
Hash 0a09fd404d45f849b4b736760796632b
7711699d391391fba546f8849763acb67962a089
1c85da67e5154adc161db11987062d9f851bad38f8fcbcde1776bd8294d8176c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET / HTTP/1.1
Host: 8h9b.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 23 Apr 2024 23:25:30 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 23 Apr 2024 17:49:28 GMT
Vary: Accept-Encoding
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 4978
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WF2b7QHPHrp9wqt6ZOBZezXVwFB09d2mXXp2BlIx%2FMgnySAnO209UiYSMlLaJ03j5pSO1r3aMWi%2FyQDyL3ywwIn5TceUIcCcTLM4TYYznIu0PmorpOb3IJwPKf5RCjxPJA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 87919cf9bc47f702-NRT
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
Server: nbcdn2023
137.220.146.247200 OK 2.4 kB URL User Request GET HTTP/1.1 IP 137.220.146.247:443
ASN #64050 BGPNET Global ASN
Certificate IssuerLet's Encrypt
Subject8h9b.live
Fingerprint22:F1:28:C6:68:AE:77:37:20:DE:8B:52:70:02:36:58:92:7A:91:D0
ValidityThu, 18 Apr 2024 12:00:15 GMT - Wed, 17 Jul 2024 12:00:14 GMT
File type HTML document, ASCII text, with very long lines (1056)
Hash 0a09fd404d45f849b4b736760796632b
7711699d391391fba546f8849763acb67962a089
1c85da67e5154adc161db11987062d9f851bad38f8fcbcde1776bd8294d8176c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET / HTTP/1.1
Host: 8h9b.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 23 Apr 2024 23:25:31 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 23 Apr 2024 17:49:28 GMT
Vary: Accept-Encoding
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 4489
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SQiqJqrhfjmrvUeyazDwBvFpCFYXUxAQesOwfxmEvn2Cn4Rd9gQHJVkR5IrWfeR%2BnueN7nx3%2Bo4BUQ5rD4tFCzR8r7umZDzJAARU0L8j14IfS1v2kBNxWoA2f9VoSwX%2Bsw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 87919cfdbe48b009-NRT
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
Server: nbcdn2023
cdn.staticfile.org/jquery/3.6.0/jquery.min.js
104.18.52.201200 OK 90 kB URL GET HTTP/2 cdn.staticfile.org/jquery/3.6.0/jquery.min.js
IP 104.18.52.201:443
Certificate IssuerGoogle Trust Services LLC
Subjectcdn.staticfile.org
Fingerprint13:7C:E5:1B:86:D1:10:4A:B0:8D:70:4A:75:D6:29:72:5A:12:CC:80
ValidityFri, 12 Apr 2024 08:18:39 GMT - Thu, 11 Jul 2024 08:18:38 GMT
File type JavaScript source, ASCII text, with very long lines (65447)
Hash 8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
GET /jquery/3.6.0/jquery.min.js HTTP/1.1
Host: cdn.staticfile.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8h9b.live/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 23 Apr 2024 23:25:07 GMT
content-type: text/javascript; charset=utf-8
access-control-allow-methods: GET, POST, PATCH, PUT, DELETE, OPTIONS
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Authorization, Content-Type, If-Match, If-Modified-Since, If-None-Match, If-Unmodifed-Since, X-CSRF-TOKEN, X-Requested-With,token
cache-control: public, max-age=14400
x-cloud-cdn: true
content-encoding: gzip
last-modified: Fri, 12 Apr 2024 12:29:27 GMT
cf-cache-status: HIT
age: 988097
expires: Wed, 24 Apr 2024 03:25:07 GMT
vary: Accept-Encoding
server: cloudflare
cf-ray: 87919c6af87b56c6-OSL
X-Firefox-Spdy: h2
hm.baidu.com/hm.js?a2ca8adbcbaa6fa707f99dee9a46ce52
14.215.182.140200 OK 30 kB URL GET HTTP/1.1 hm.baidu.com/hm.js?a2ca8adbcbaa6fa707f99dee9a46ce52
IP 14.215.182.140:443
Certificate IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT
File type JavaScript source, ASCII text, with very long lines (618)
Hash d7806b38db8a5ceed1de1745f4e91a29
ad63aeeb2bf26776cb1ae9345732a64e7d7f024a
d317978099e3a77f9a23a968fc22723ba9a5b1d2d989090a57851bd1d1c4dca8
GET /hm.js?a2ca8adbcbaa6fa707f99dee9a46ce52 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8h9b.live/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11256
Content-Type: application/javascript
Date: Tue, 23 Apr 2024 23:25:09 GMT
Etag: 5d1c6d086215e5c9515b86494aad9b41
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=67F4CCF1AEC7066A; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.js?a67a23d2de6184144da898ec9854285e
14.215.182.140200 OK 30 kB URL GET HTTP/1.1 hm.baidu.com/hm.js?a67a23d2de6184144da898ec9854285e
IP 14.215.182.140:443
Certificate IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT
File type JavaScript source, ASCII text, with very long lines (620)
Hash 379e321d64a6ec68a396a2d8d602982b
75f916d0fbd1bca4922b5be633e3bb26c976828a
9821ff895ea79de5ef19f43193be89613ed8c7dd583930601722a4b8bbc9cf02
GET /hm.js?a67a23d2de6184144da898ec9854285e HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8h9b.live/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11258
Content-Type: application/javascript
Date: Tue, 23 Apr 2024 23:25:09 GMT
Etag: c9d9e8fcbeefb910253587bfbd94937f
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=2CBA032EE20443DF; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
cdn.staticfile.org/Swiper/6.7.0/swiper-bundle.min.css
104.18.52.201200 OK 14 kB URL GET HTTP/2 cdn.staticfile.org/Swiper/6.7.0/swiper-bundle.min.css
IP 104.18.52.201:443
Certificate IssuerGoogle Trust Services LLC
Subjectcdn.staticfile.org
Fingerprint13:7C:E5:1B:86:D1:10:4A:B0:8D:70:4A:75:D6:29:72:5A:12:CC:80
ValidityFri, 12 Apr 2024 08:18:39 GMT - Thu, 11 Jul 2024 08:18:38 GMT
File type ASCII text, with very long lines (13619)
Hash b2b598cf96cd7c1726beb376544630cc
6fae9580f60ba0918b902059b4820471e4a2faba
1ff9a639b823d90c071161497de9bf22c507e778384b8a70a3e35a7f6d76c572
GET /Swiper/6.7.0/swiper-bundle.min.css HTTP/1.1
Host: cdn.staticfile.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8h9b.live/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 23 Apr 2024 23:25:07 GMT
content-type: text/css
last-modified: Fri, 08 Dec 2023 23:07:52 GMT
etag: W/"6573a1c8-362f"
expires: Wed, 23 Apr 2025 23:25:07 GMT
cache-control: public, max-age=31536000
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PATCH, PUT, DELETE, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1800
access-control-allow-headers: Authorization, Content-Type, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, X-CSRF-TOKEN, X-Requested-With, Token
x-cloud-fetchl: true
content-encoding: gzip
cf-cache-status: HIT
age: 967325
vary: Accept-Encoding
server: cloudflare
cf-ray: 87919c6af87956c6-OSL
X-Firefox-Spdy: h2