Report - ns2.topnx.net/

Report Overview

Visited public
2024-06-03 07:44:57
Tags
URL
ns2.topnx.net/
Finishing URL
1.94.123.67:5002/?ns2.topnx.net
IP / ASN
172.67.159.161
#13335 CLOUDFLARENET
Title
输入密码访问

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ns2.topnx.net	unknown	unknown	No data	No data	470 B	3.4 kB	172.67.159.161
1.94.123.67:8002	unknown	unknown	No data	No data	401 B	271 B	1.94.123.67
1.94.123.67:5002	unknown	unknown	No data	No data	1.1 kB	4.8 kB	1.94.123.67
sdk.51.la	88367	2005-01-17	2021-03-08 17:03:51	2024-05-31 14:15:36	320 B	14 kB	47.246.44.237
images.urldance.com	unknown	unknown	No data	No data	1.7 kB	47 kB	128.1.77.227
www.urldance.com	unknown	unknown	No data	No data	347 B	7.7 kB	125.64.35.121
collect-v6.51.la	91421	2005-01-17	2021-03-08 17:03:54	2024-05-28 08:27:06	380 B	691 B	47.246.44.204
hm.baidu.com	8254	1999-10-11	2012-05-26 10:38:45	2024-06-02 23:37:30	1.1 kB	12 kB	183.240.98.228

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-06-03	medium	1.94.123.67	Sinkholed
2024-06-03	medium	1.94.123.67	Sinkholed
2024-06-03	medium	1.94.123.67	Sinkholed

ThreatFox

No alerts detected

JavaScript (9)

	URL	From	Size	First Seen	Last Seen
	unknown	Function	37 B	2023-04-11	2025-05-08
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:49 Last Seen2025-05-08 03:06 Times Seen34445 Hash 1c5c9160600df2d96d69a4ea16cec7ed 3cf678c9135cc952ba6970ef545035bb757a443f a3520fe88e248d2b6c9c6db93309a037ef969fe297208e5bd7e49a55bb32c808 Loading...

	images.urldance.com/jquery.min.js	ScriptElement	88 kB	2023-03-07	2025-04-28
Pretty URL images.urldance.com/jquery.min.js IP 128.1.77.227 ASN #21859 ZEN-ECN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 22:11 Last Seen2025-04-28 02:30 Times Seen247 Hash 567eec7717cb514434c657d90e88afd2 8c235957586ac868bff7a0b4827cf163cf82d9de 3e2a2e48864b44198261695e5e93ffa4cb2395f6836db0e920974718d11f24d4 Loading...

	images.urldance.com/layer.js	ScriptElement	23 kB	2023-08-02	2024-08-21
Pretty URL images.urldance.com/layer.js IP 128.1.77.227 ASN #21859 ZEN-ECN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-02 19:43 Last Seen2024-08-21 09:36 Times Seen227 Hash e0924a6839c606097bbba38e8609a2b5 54d518a6e945cb9d91ea69045fe56e0468f8d2f8 62366d0bef636ebb4ca97eec4bd3fd73f75f3a57579a4218d7630bb145f0142a Loading...

	1.94.123.67:5002/?ns2.topnx.net	ScriptElement	0 B	0001-01-01	2025-05-08
Pretty URL 1.94.123.67:5002/?ns2.topnx.net IP 1.94.123.67 ASN #55990 Huawei Cloud Service data center Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-08 04:08 Times Seen4629297 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	1.94.123.67:5002/?ns2.topnx.net	ScriptElement	0 B	0001-01-01	2025-05-08
Pretty URL 1.94.123.67:5002/?ns2.topnx.net IP 1.94.123.67 ASN #55990 Huawei Cloud Service data center Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-08 04:08 Times Seen4629297 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	sdk.51.la/js-sdk-pro.min.js	ScriptElement	34 kB	2023-04-05	2025-04-28
Pretty URL sdk.51.la/js-sdk-pro.min.js IP 47.246.44.237 ASN #24429 Zhejiang Taobao Network Co.,Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 07:31 Last Seen2025-04-28 04:49 Times Seen8539 Hash 8fc0b01d35300e8398d6e957987c01e7 f1eb32c75b8d8e4b0555ebc2a5f5d1d60296f41e b164aafa0bb83dfe511912ca2ca475880bfffac8d8f098c947fd3d4af440d3a4 Loading...

	hm.baidu.com/hm.js?45ba4dc1b55a5ee4efd99d409c3caff1	ScriptElement	30 kB	2024-08-19	2024-08-19
Pretty URL hm.baidu.com/hm.js?45ba4dc1b55a5ee4efd99d409c3caff1 IP 183.240.98.228 ASN #56040 China Mobile communications corporation Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-19 20:56 Last Seen2024-08-19 20:56 Times Seen1 Hash eaae5e0349f80822ccd5a9b6c4b6b41e 95d96a04c54efc36223188575848d53eced065a2 40add1dc4a26efa0a517298e2499eaccb984c447276cef97c2706ad14f4792df Loading...

	1.94.123.67:5002/?ns2.topnx.net	ScriptElement	58 B	2023-08-02	2025-01-03
Pretty URL 1.94.123.67:5002/?ns2.topnx.net IP 1.94.123.67 ASN #55990 Huawei Cloud Service data center Introduced by scriptElement Embedded in HTML true Observations First Seen2023-08-02 19:43 Last Seen2025-01-03 02:44 Times Seen232 Hash 959a97197ba26fba400adafd52794a90 55166ffb0f9b893a33f1e67af46ca0459fdc239c 52de5ff23eb19ccd583196807b1b16063dcdeca57a3485a30a530921244a2260 Loading...

	unknown	Function	319 B	2024-08-19	2024-08-19
Pretty Introduced by Function Embedded in HTML false Observations First Seen2024-08-19 20:56 Last Seen2024-08-19 20:56 Times Seen1 Hash 5193a0ea7c9ea0fd0cf5d6882218992b 4cc600c60575db878f1f7bdc321b2f4a4ba75cd0 46b1a049b99bf3397387d7c92a7820293573868e77ae37091b1a6a2f31d38bb6 Loading...

HTTP Transactions (14)

URL IP Response Size

1.94.123.67:8002/?ns2.topnx.net

1.94.123.67

302 Found

24 B

URL User Request GET HTTP/1.1
1.94.123.67:8002/?ns2.topnx.net
IP
1.94.123.67:8002
ASN
#55990 Huawei Cloud Service data center

File type
HTML document, ASCII text, with CRLF line terminators
Size
24 B (24 bytes)
Hash
02f64fc77e8ef44c488221ff85ceec42
8d9c2b43ecdd5766a951db6a21b5f4f9dd1cc6f9
c6c206b28533e3bdc3e73754da71d7119640d85cb48448d039efece8fd05986d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?ns2.topnx.net HTTP/1.1
Host: 1.94.123.67:8002
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.15.11
Date: Mon, 03 Jun 2024 07:44:31 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.3.4
Location: http://1.94.123.67:5002/?ns2.topnx.net

1.94.123.67:5002/?ns2.topnx.net

1.94.123.67

200 OK

2.8 kB

URL User Request GET HTTP/1.1
1.94.123.67:5002/?ns2.topnx.net
IP
1.94.123.67:5002
ASN
#55990 Huawei Cloud Service data center

File type
HTML document, Unicode text, UTF-8 text, with very long lines (378), with CRLF line terminators
Size
2.8 kB (2812 bytes)
Hash
80a52031c81ec54f29a569f97c9a1059
92b5aa0838941f7b2e5735b2bbdb488305573e42
b33b4fe6f91f5859d4933912b23297e05d969248dca09f80a313072c06fbe6f0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?ns2.topnx.net HTTP/1.1
Host: 1.94.123.67:5002
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.15.11
Date: Mon, 03 Jun 2024 07:44:31 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.3.4

sdk.51.la/js-sdk-pro.min.js

47.246.44.237

200 OK

13 kB

URL GET HTTP/1.1
sdk.51.la/js-sdk-pro.min.js
IP
47.246.44.237:80
ASN
#24429 Zhejiang Taobao Network Co.,Ltd

Requested by
http://1.94.123.67:5002/?ns2.topnx.net

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (34110)
Size
13 kB (12846 bytes)
Hash
24bb520e9517f2ed3ed987b46aeaf723
846723563d7dd2bff3954f93633b11af0103adc8
d1f1bfe698f2ffb7b3e7a885a301d58f9554d45df0a31c3e8b53c84b33c80d27

HTTP Headers

GET /js-sdk-pro.min.js HTTP/1.1
Host: sdk.51.la
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://1.94.123.67:5002/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/javascript
Content-Length: 12846
Connection: keep-alive
Date: Fri, 24 May 2024 18:57:19 GMT
x-oss-request-id: 6650E30FCC8CEC34334BD5EF
x-oss-cdn-auth: success
Accept-Ranges: bytes
x-oss-object-type: Normal
x-oss-storage-class: Standard
Content-MD5: JLtSDpUX8u0+2Ye0aur3Iw==
x-oss-server-time: 3
Ali-Swift-Global-Savetime: 1716577040
Via: cache15.l2de2[0,0,304-0,H], cache20.l2de2[1,0], ens-cache18.se2[0,0,200-0,H], ens-cache9.se2[0,0]
Vary: Accept-Encoding
Last-Modified: Thu, 08 Jun 2023 02:24:34 GMT
x-oss-hash-crc64ecma: 5143829838470429443
Content-Encoding: gzip
Age: 823632
X-Cache: HIT TCP_MEM_HIT dirn:-2:-2
X-Swift-SaveTime: Fri, 24 May 2024 18:57:33 GMT
X-Swift-CacheTime: 1295987
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
EagleId: 2ff62c9d17174006720271687e

images.urldance.com/layer.css

128.1.77.227

200 OK

2.8 kB

URL GET HTTP/1.1
images.urldance.com/layer.css
IP
128.1.77.227:80
ASN
#21859 ZEN-ECN

Requested by
http://1.94.123.67:5002/?ns2.topnx.net

File type
ASCII text, with very long lines (14271), with no line terminators
Size
2.8 kB (2804 bytes)
Hash
c234eb06d5f32055092294e78957f17d
f15ee0bcb9694f32f5e1d524f2653aa0dd043402
5cdf3edb27b0c9f8e48918c486e9ae65a9e5beab806b64c4a7bc5bac53c0f540

HTTP Headers

GET /layer.css HTTP/1.1
Host: images.urldance.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://1.94.123.67:5002/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 03 Jun 2024 07:44:32 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Server: openresty
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Log, X-Reqid
Access-Control-Max-Age: 2592000
Cache-Control: public, max-age=31536000
Content-Disposition: inline; filename="layer.css"; filename*=utf-8''layer.css
Content-Encoding: gzip
Content-MD5: wjTrBtXzIFUJIpTniVfxfQ==
Content-Transfer-Encoding: binary
ETag: "FvFe4Ly5aU8y9eHVJPJlOqDdBDQC.gz"
Last-Modified: Sun, 02 Jun 2024 13:52:17 GMT
Vary: Accept-Encoding
X-Log: X-Log
X-M-Log: QNM:yzh155;SRCPROXY:yzh175;SRC:16;SRCPROXY:19;QNM3:20
X-M-Reqid: OG4AAPeQBS8qNdUX
X-Qiniu-Zone: 0
X-Qnm-Cache: Miss
X-Reqid: nGAAAACUHy8qNdUX
X-Svr: IO
X-Ser: BC143_dx-lt-yd-jiangsu-yancheng-8-cache-16, BC226_FR-Paris-Paris-3-cache-1
X-Cache: HIT from BC226_FR-Paris-Paris-3-cache-1(baishan)

images.urldance.com/layer.js

128.1.77.227

200 OK

7.9 kB

URL GET HTTP/1.1
images.urldance.com/layer.js
IP
128.1.77.227:80
ASN
#21859 ZEN-ECN

Requested by
http://1.94.123.67:5002/?ns2.topnx.net

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (22680), with CRLF line terminators
Size
7.9 kB (7897 bytes)
Hash
b4a07ebd1e78576d03052a287de2a939
83e7183990e32ec734e330d5ddba9bcb3278d31c
439a7f54e8c4ab2d9d9e5d85d4d3b16b73f7d50f456cb791ae8440b1946cc84f

HTTP Headers

GET /layer.js HTTP/1.1
Host: images.urldance.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://1.94.123.67:5002/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 03 Jun 2024 07:44:32 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Server: openresty
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Log, X-Reqid
Access-Control-Max-Age: 2592000
Cache-Control: public, max-age=31536000
Content-Disposition: inline; filename="layer.js"; filename*=utf-8''layer.js
Content-Encoding: gzip
Content-MD5: tKB+vR54V20DBSoofeKpOQ==
Content-Transfer-Encoding: binary
ETag: "FoPnGDmQ4y7HNOMw1d26m8syeNMc.gz"
Last-Modified: Sun, 02 Jun 2024 13:52:17 GMT
Vary: Accept-Encoding
X-Log: X-Log
X-M-Log: QNM:yzh161;SRCPROXY:yzh149;SRC:17;SRCPROXY:17;QNM3:18
X-M-Reqid: 9YQAAHxftVwqNdUX
X-Qiniu-Zone: 0
X-Qnm-Cache: Miss
X-Reqid: i8AAAACv5lwqNdUX
X-Svr: IO
X-Ser: BC177_dx-lt-yd-jiangsu-lianyungang-14-cache-9, BC232_FR-Paris-Paris-3-cache-1
X-Cache: HIT from BC232_FR-Paris-Paris-3-cache-1(baishan)

images.urldance.com/style_mini.css

128.1.77.227

200 OK

1.1 kB

URL GET HTTP/1.1
images.urldance.com/style_mini.css
IP
128.1.77.227:80
ASN
#21859 ZEN-ECN

Requested by
http://1.94.123.67:5002/?ns2.topnx.net

File type
ASCII text, with very long lines (4015), with no line terminators
Size
1.1 kB (1094 bytes)
Hash
c786435568e3d8cf8814056cf2a084fc
e21ba6c23313b3752f5d978398a0cfbd3b7f1c19
762e8458878c9a9123a677c0ba9b4351ae82fff44324463ed5d434984919e51c

HTTP Headers

GET /style_mini.css HTTP/1.1
Host: images.urldance.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://1.94.123.67:5002/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 03 Jun 2024 07:44:32 GMT
Content-Type: text/css
Content-Length: 1094
Connection: keep-alive
Server: openresty
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Log, X-Reqid
Access-Control-Max-Age: 2592000
Cache-Control: public, max-age=31536000
Content-Disposition: inline; filename="style_mini.css"; filename*=utf-8''style_mini.css
Content-Encoding: gzip
Content-MD5: x4ZDVWjj2M+IFAVs8qCE/A==
Content-Transfer-Encoding: binary
ETag: "FuIbpsIzE7N1L12Xg5igz707fxwZ.gz"
Last-Modified: Sun, 02 Jun 2024 13:52:18 GMT
Vary: Accept-Encoding
X-Log: X-Log
X-M-Log: QNM:yzh159;SRCPROXY:yzh173;SRC:13;SRCPROXY:13;QNM3:14
X-M-Reqid: qzgAAJ_eHlEqNdUX
X-Qiniu-Zone: 0
X-Qnm-Cache: Miss
X-Reqid: 8roAAADF1lEqNdUX
X-Svr: IO
X-Ser: BC131_dx-lt-yd-zhejiang-jinhua-12-cache-8, BC232_FR-Paris-Paris-3-cache-1
X-Cache: HIT from BC232_FR-Paris-Paris-3-cache-1(baishan)

images.urldance.com/jquery.min.js

128.1.77.227

200 OK

31 kB

URL GET HTTP/1.1
images.urldance.com/jquery.min.js
IP
128.1.77.227:80
ASN
#21859 ZEN-ECN

Requested by
http://1.94.123.67:5002/?ns2.topnx.net

File type
JavaScript source, ASCII text, with very long lines (65450), with CRLF line terminators
Size
31 kB (30841 bytes)
Hash
567eec7717cb514434c657d90e88afd2
8c235957586ac868bff7a0b4827cf163cf82d9de
3e2a2e48864b44198261695e5e93ffa4cb2395f6836db0e920974718d11f24d4

HTTP Headers

GET /jquery.min.js HTTP/1.1
Host: images.urldance.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://1.94.123.67:5002/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 03 Jun 2024 07:44:32 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Server: openresty
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Log, X-Reqid
Access-Control-Max-Age: 2592000
Cache-Control: public, max-age=31536000
Content-Disposition: inline; filename="jquery.min.js"; filename*=utf-8''jquery.min.js
Content-Encoding: gzip
Content-MD5: Vn7sdxfLUUQ0xlfZDoiv0g==
Content-Transfer-Encoding: binary
ETag: "FowjWVdYashov_egtIJ88WPPgtne.gz"
Last-Modified: Sun, 02 Jun 2024 13:52:17 GMT
Vary: Accept-Encoding
X-Log: X-Log
X-M-Log: QNM:xs1166;SRCPROXY:xs484;SRC:18;SRCPROXY:18;QNM3:22
X-M-Reqid: FhoAAEkb5EgqNdUX
X-Qiniu-Zone: 0
X-Qnm-Cache: Miss
X-Reqid: YnkAAABl8kgqNdUX
X-Svr: IO
X-Ser: BC147_dx-lt-yd-zhejiang-jinhua-5-cache-18, BC226_FR-Paris-Paris-3-cache-1
X-Cache: HIT from BC226_FR-Paris-Paris-3-cache-1(baishan)

images.urldance.com/theme/default/layer.css?v=3.5.1

128.1.77.227

404 Not Found

30 B

URL GET HTTP/1.1
images.urldance.com/theme/default/layer.css?v=3.5.1
IP
128.1.77.227:80
ASN
#21859 ZEN-ECN

Requested by
http://1.94.123.67:5002/?ns2.topnx.net

File type
JSON text data
Size
30 B (30 bytes)
Hash
dae2f3dd9baf239b45dd8bc1408e67de
5e415fd3ee90548957bb73ce748eca52a65a01b3
63f167d2adce5d2b33fc90c8a437615e605ac1ab3dd8b6e028dbc502da3b663e

HTTP Headers

GET /theme/default/layer.css?v=3.5.1 HTTP/1.1
Host: images.urldance.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://1.94.123.67:5002/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Mon, 03 Jun 2024 07:44:33 GMT
Content-Type: application/json
Content-Length: 30
Connection: keep-alive
Server: openresty
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Log, X-Reqid
Access-Control-Max-Age: 2592000
X-Log: X-Log
X-M-Log: QNM:xs1187;QNM3/404
X-M-Reqid: d1YAAAhOJxbQbtUX
X-Qnm-Cache: Hit
X-Reqid: S_AAAABGEqPMbtUX
X-Svr: IO
X-Ser: BC21_dx-lt-yd-jiangsu-yancheng-8-cache-2, BC231_FR-Paris-Paris-3-cache-1
X-Cache: MISS from BC231_FR-Paris-Paris-3-cache-1(baishan)

www.urldance.com/upload/baba.png

125.64.35.121

200 OK

7.1 kB

URL GET HTTP/1.1
www.urldance.com/upload/baba.png
IP
125.64.35.121:80
ASN
#38283 CHINANET SiChuan Telecom Internet Data Center

Requested by
http://1.94.123.67:5002/?ns2.topnx.net

File type
PNG image data, 350 x 350, 8-bit/color RGB, non-interlaced
Size
7.1 kB (7108 bytes)
Hash
e3923c23a6bda0f4c3ffccab41060fbc
35e633cba504016ec16ff9b3ede37460776c095c
0b8f9efe5333bbc88ac76fd36663d981ccc813eb9cbc81a725ddb19ff63d938e

HTTP Headers

GET /upload/baba.png HTTP/1.1
Host: www.urldance.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://1.94.123.67:5002/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: volc-dcdn
Content-Type: image/png
Content-Length: 7108
Connection: keep-alive
Date: Mon, 03 Jun 2024 07:44:33 GMT
Last-Modified: Sun, 02 Jun 2024 12:49:28 GMT
ETag: "665c6a58-1bc4"
Expires: Wed, 03 Jul 2024 07:44:33 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
via: n125-064-035-081.bdcdn-cdct05.ToB
x-request-ip: 91.90.42.154
x-tt-trace-tag: id=5
x-dsa-trace-id: 1717400673994fcf1c3945e040a791082042cf9c5d
X-Dsa-Origin-Status: 200
server-timing: cdn-cache;desc=MISS, origin;dur=25, edge;dur=0

collect-v6.51.la/v6/collect?dt=4

47.246.44.204

403 Forbidden

0 B

URL POST HTTP/1.1
collect-v6.51.la/v6/collect?dt=4
IP
47.246.44.204:80
ASN
#24429 Zhejiang Taobao Network Co.,Ltd

Requested by
http://1.94.123.67:5002/?ns2.topnx.net

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /v6/collect?dt=4 HTTP/1.1
Host: collect-v6.51.la
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Length: 287
Origin: http://1.94.123.67:5002
DNT: 1
Connection: keep-alive
Referer: http://1.94.123.67:5002/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Server: Tengine
Content-Length: 0
Connection: keep-alive
Date: Mon, 03 Jun 2024 07:44:33 GMT
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Origin: http://1.94.123.67:5002
Access-Control-Allow-Credentials: true
Ali-Swift-Global-Savetime: 1717400673
Via: cache21.l2de2[376,376,403-0,M], cache21.l2de2[377,0], ens-cache15.se2[399,400,403-1280,M], ens-cache15.se2[401,0]
Cache-Control: no-cache
Age: 0
X-Cache: MISS TCP_MISS dirn:-2:-2
X-Swift-Error: orig response 4XX error
X-Swift-SaveTime: Mon, 03 Jun 2024 07:44:33 GMT
X-Swift-CacheTime: 0
Timing-Allow-Origin: *
EagleId: 2ff62ca317174006730443952e

1.94.123.67:5002/favicon.ico

1.94.123.67

200 OK

1.6 kB

URL GET HTTP/1.1
1.94.123.67:5002/favicon.ico
IP
1.94.123.67:5002
ASN
#55990 Huawei Cloud Service data center

Requested by
http://1.94.123.67:5002/?ns2.topnx.net

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Size
1.6 kB (1572 bytes)
Hash
985e992614e48c9b6a7120d4c5363ffb
16d52f10f93c423749f8fa4fb58d7c3d5cf89444
673b32775e4009e8e48b394f81fd1241ffbf27202805ff036225bfa006a65a9e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 1.94.123.67:5002
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://1.94.123.67:5002/?ns2.topnx.net
Cookie: __vtins__JLEnGBtgpV2uB763=%7B%22sid%22%3A%20%22b9629330-a495-56c4-b07d-4423b0f77902%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201717402472808%2C%20%22ct%22%3A%201717400672808%7D; __51uvsct__JLEnGBtgpV2uB763=1; __51vcke__JLEnGBtgpV2uB763=aac47588-9aaf-550c-990c-7c3709518172; __51vuft__JLEnGBtgpV2uB763=1717400672812
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.15.11
Date: Mon, 03 Jun 2024 07:44:33 GMT
Content-Type: image/x-icon
Content-Length: 1572
Last-Modified: Tue, 08 Aug 2023 02:33:08 GMT
Connection: keep-alive
ETag: "64d1a964-624"
Accept-Ranges: bytes

hm.baidu.com/hm.js?45ba4dc1b55a5ee4efd99d409c3caff1

183.240.98.228

200 OK

11 kB

URL GET HTTP/1.1
hm.baidu.com/hm.js?45ba4dc1b55a5ee4efd99d409c3caff1
IP
183.240.98.228:443
ASN
#56040 China Mobile communications corporation

Requested by
http://1.94.123.67:5002/?ns2.topnx.net
Certificate
IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT

File type
JavaScript source, ASCII text, with very long lines (628)
Size
11 kB (11266 bytes)
Hash
eaae5e0349f80822ccd5a9b6c4b6b41e
95d96a04c54efc36223188575848d53eced065a2
40add1dc4a26efa0a517298e2499eaccb984c447276cef97c2706ad14f4792df

HTTP Headers

GET /hm.js?45ba4dc1b55a5ee4efd99d409c3caff1 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://1.94.123.67:5002/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11266
Content-Type: application/javascript
Date: Mon, 03 Jun 2024 07:44:33 GMT
Etag: c14ed5fbd31c66892d1932ce4833ebdd
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=772519B3DF064C2E; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800

hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=2064961170&si=45ba4dc1b55a5ee4efd99d409c3caff1&v=1.3.0&lv=1&sn=55999&r=0&ww=1280&u=http%3A%2F%2F1.94.123.67%3A5002%2F%3Fns2.topnx.net&tt=%E8%BE%93%E5%85%A5%E5%AF%86%E7%A0%81%E8%AE%BF%E9%97%AE

183.240.98.228

200 OK

43 B

URL GET HTTP/1.1
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=2064961170&si=45ba4dc1b55a5ee4efd99d409c3caff1&v=1.3.0&lv=1&sn=55999&r=0&ww=1280&u=http%3A%2F%2F1.94.123.67%3A5002%2F%3Fns2.topnx.net&tt=%E8%BE%93%E5%85%A5%E5%AF%86%E7%A0%81%E8%AE%BF%E9%97%AE
IP
183.240.98.228:443
ASN
#56040 China Mobile communications corporation

Requested by
http://1.94.123.67:5002/?ns2.topnx.net
Certificate
IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=2064961170&si=45ba4dc1b55a5ee4efd99d409c3caff1&v=1.3.0&lv=1&sn=55999&r=0&ww=1280&u=http%3A%2F%2F1.94.123.67%3A5002%2F%3Fns2.topnx.net&tt=%E8%BE%93%E5%85%A5%E5%AF%86%E7%A0%81%E8%AE%BF%E9%97%AE HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://1.94.123.67:5002/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Mon, 03 Jun 2024 07:44:34 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=DCDB8DD13E1B081A; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff

ns2.topnx.net/

172.67.159.161

302 Found

2.8 kB

URL User Request GET HTTP/2
ns2.topnx.net/
IP
172.67.159.161:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjecttopnx.net
Fingerprint5F:57:CB:AF:EA:C2:70:44:B3:FD:AC:FC:19:95:1E:DC:7B:22:15:3E
ValidityTue, 21 May 2024 04:46:58 GMT - Mon, 19 Aug 2024 04:46:57 GMT

File type

Size
2.8 kB (2812 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: ns2.topnx.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Mon, 03 Jun 2024 07:44:30 GMT
content-type: text/html; charset=UTF-8
location: http://1.94.123.67:8002/?ns2.topnx.net
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IF%2FAVtxZuEtrUnZW7Osf6xqSJHKfA9OU43kEpYT0OxG5eM66kz2qdXvapcpf45yjAe%2BoWFzV0uMjXpwbSS2fl9CIi%2BSj9x%2BG12I5l0lxO6Wwa%2FSSyUQNjc8CLvBL%2FMZd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88de0eed2b93569f-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (9)

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (14)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/1.1