Report - www.dacherng.com.tw/boksmgs/what-is-25-percent-of-5000

Report Overview

Visited public
2024-12-27 22:29:45
Tags
Submit Tags
URL
www.dacherng.com.tw/boksmgs/what-is-25-percent-of-5000
Finishing URL
www.dacherng.com.tw/boksmgs/what-is-25-percent-of-5000
IP / ASN
104.21.53.85
#13335 CLOUDFLARENET
Title
what is 25 percent of 5000

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
proftrafficcounter.com	unknown	2023-11-16	2023-11-21	2024-12-22	950 B	728 B	18.194.172.37
recordedthereby.com	unknown	2024-05-08	2024-05-08	2024-12-22	404 B	86 kB	185.196.197.71
capaciousdrewreligion.com	unknown	2023-11-07	2023-11-27	2024-12-22	418 B	375 B	185.196.197.72
www.dacherng.com.tw	unknown	unknown	2020-06-13	2023-06-08	3.5 kB	453 kB	104.21.53.85
cdn.storageimagedisplay.com	unknown	2024-09-13	2024-09-13	2024-12-24	910 B	198 kB	45.133.44.1
unseenreport.com	unknown	2022-03-30	2022-03-30	2024-12-27	739 B	495 B	192.243.59.13
degeneratesevere.com	unknown	2024-06-04	2024-10-15	2024-12-24	882 B	24 kB	192.243.59.12
lazy.agczn.my.id	unknown	2023-10-22	2024-05-12	2024-12-23	913 B	2.3 kB	104.21.112.1
stereospoutfireextinguisher.com	unknown	2024-08-19	2024-12-23	2024-12-23	3.0 kB	40 kB	192.243.59.12
yummyadvertiseexploded.com	unknown	2024-08-19	2024-10-07	2024-10-10	3.5 kB	41 kB	172.240.127.234

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-12-27	medium	degeneratesevere.com	Sinkholed
2024-12-27	medium	degeneratesevere.com	Sinkholed
2024-12-27	medium	stereospoutfireextinguisher.com	Sinkholed
2024-12-27	medium	stereospoutfireextinguisher.com	Sinkholed
2024-12-27	medium	stereospoutfireextinguisher.com	Sinkholed
2024-12-27	medium	unseenreport.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (17)

	URL	From	Size	First Seen	Last Seen
	www.dacherng.com.tw/boksmgs/what-is-25-percent-of-5000	ScriptElement	140 B	2024-08-12	2025-04-12
Pretty URL www.dacherng.com.tw/boksmgs/what-is-25-percent-of-5000 IP 104.21.53.85 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-12 23:40 Last Seen2025-04-12 04:44 Times Seen81 Hash 007007e8011e776d0bda59afe96b760b 484e3ebf64458a0190029b3c89c19464e1be6c30 36dd7b85aa904d058bec5f229e5e70f1c8daad32e0c2092491b602a110cf9cac Loading...

	lazy.agczn.my.id/tag.js	ScriptElement	904 B	2024-10-11	2025-05-18
Pretty URL lazy.agczn.my.id/tag.js IP 104.21.112.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-10-11 05:13 Last Seen2025-05-18 14:52 Times Seen275 Hash f613be6d1cb212afb7ae84007056445d 2fb9979f24cd6cfd3b959630aeb5c3e7b784d9cb a240184536984e9c3a0c758f14a57cbda4fefd001cb3a0379c52b5f1b2e498a9 Loading...

	capaciousdrewreligion.com/advertisers.js	ScriptElement	0 B	0001-01-01	2025-07-16
Pretty URL capaciousdrewreligion.com/advertisers.js IP 185.196.197.72 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen0001-01-01 00:00 Last Seen2025-07-16 08:33 Times Seen5434313 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	unknown	ScriptElement	145 B	2024-08-12	2025-01-09
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-12 23:40 Last Seen2025-01-09 18:35 Times Seen74 Hash 62649fd59fce608732d45d40fc143106 6be59b524fc70dfeef3f682bbd2f8808431357f5 c8c47460f9bc91bf63e50b0e5875f8d80d6a9f0965689670f7e962df69b2b289 Loading...

	www.dacherng.com.tw/boksmgs/what-is-25-percent-of-5000	ScriptElement	98 B	2024-04-10	2025-05-18
Pretty URL www.dacherng.com.tw/boksmgs/what-is-25-percent-of-5000 IP 104.21.53.85 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-10 17:35 Last Seen2025-05-18 14:52 Times Seen659 Hash 943d0828305b7fffcee63720ab297353 0af67ef5eeb188730502b4885f171e4c343fb22e ac5930440fe8be9005bae09ce1c2e9458c90f7428bcd7c7eb0191df1e90c71d6 Loading...

	degeneratesevere.com/4ebc5c5268f114d8d4e2aad31b3a7099/invoke.js	ScriptElement	25 kB	2024-12-25	2025-01-07
Pretty URL degeneratesevere.com/4ebc5c5268f114d8d4e2aad31b3a7099/invoke.js IP 192.243.59.12 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-25 23:55 Last Seen2025-01-07 17:50 Times Seen11 Hash fc6039a71895a9fcf620e905ca78df31 4fc9be0b834f0031a080431a48c0a81fe51a2147 9e4347287196cf797909159ec9bf7bfbc29cee81609e890e07e7e3f5c7781036 Loading...

	www.dacherng.com.tw/boksmgs/what-is-25-percent-of-5000	ScriptElement	424 B	2024-12-14	2024-12-27
Pretty URL www.dacherng.com.tw/boksmgs/what-is-25-percent-of-5000 IP 104.21.53.85 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-12-14 12:01 Last Seen2024-12-27 22:29 Times Seen3 Hash 146f3a31182eb8fa5acd5187df906201 adc233f7153393da7f3a99762595227df6af2d0e 8363103f95543dfcf63d4e20fb2ef70fdc56b5c67a38f79a2335dd4f8957a706 Loading...

	stereospoutfireextinguisher.com/e6/3e/cf/e63ecf111180228a9e27d84976d262cc.js	ScriptElement	95 kB	2024-12-25	2025-01-07
Pretty URL stereospoutfireextinguisher.com/e6/3e/cf/e63ecf111180228a9e27d84976d262cc.js IP 192.243.59.12 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-25 23:55 Last Seen2025-01-07 17:50 Times Seen4 Hash c62deae4d0ba5a4ac2adae621dfb829c c095348720fc405b235ec16a42bad0e8a9a5cd7a f2f8129cf4072b1e122fbc00e910dba963e86010efd44fff9caff2b77bbb1ab8 Loading...

	yummyadvertiseexploded.com/e6/3e/cf/e63ecf111180228a9e27d84976d262cc.js	ScriptElement	95 kB	2024-12-27	2024-12-27
Pretty URL yummyadvertiseexploded.com/e6/3e/cf/e63ecf111180228a9e27d84976d262cc.js IP 172.240.127.234 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-27 22:29 Last Seen2024-12-27 22:29 Times Seen1 Hash ef98634eff583273c4f563f0c9ec5916 5ab6bcd09f8aad8349ff8badfae041d9ea06d644 4a38b873e045779332e98b7f85e9e8e78a86b0f96845c0c26d5a0771149a9829 Loading...

	recordedthereby.com/sfp.js	ScriptElement	85 kB	2024-05-17	2025-01-21
Pretty URL recordedthereby.com/sfp.js IP 185.196.197.71 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-17 16:43 Last Seen2025-01-21 11:22 Times Seen13574 Hash 7e3e44049654b6e244c1777e68ffb8e7 8f2a8298666d607afd92a0baa362ef4dc9ccd039 4acac8b8ff23671d365150818f3c39bbbfa08b1a1842d73de5933e0fea26454b Loading...

	www.dacherng.com.tw/boksmgs/what-is-25-percent-of-5000	ScriptElement	358 B	2024-08-28	2025-05-18
Pretty URL www.dacherng.com.tw/boksmgs/what-is-25-percent-of-5000 IP 104.21.53.85 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-28 15:34 Last Seen2025-05-18 14:52 Times Seen290 Hash 307edac2bd62b6f19385c5536829d90b 6f9190c70649d6e3ba068981d500e0b002e44a95 9fa7264cd962450aea00f182bf47d25821832bf69b4b7df75a049abfb510efc0 Loading...

	degeneratesevere.com/4ebc5c5268f114d8d4e2aad31b3a7099/invoke.js	ScriptElement	25 kB	2024-12-25	2025-01-09
Pretty URL degeneratesevere.com/4ebc5c5268f114d8d4e2aad31b3a7099/invoke.js IP 192.243.59.12 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-25 09:45 Last Seen2025-01-09 18:35 Times Seen4 Hash 486255087f4146f2de5a1244ca5b7dde ed38cc2435ff55b5c15761775ced7827bad0a30a f6b4993f453fc6d3e667b613823173d016251e1fb1ac680887a6d9bd6d05b699 Loading...

	unknown	ScriptElement	3.4 kB	2024-12-27	2024-12-27
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-27 22:29 Last Seen2024-12-27 22:29 Times Seen1 Hash 0eb9326d0e7c027f43538c078dfb5fdc b7ac4c566f7fafac011a7ebfee9793e5c9176f4e 05ca8465ce4b02038fe06af582c5fde1aa0f412c6c6783838cfa3e9ce0d100a8 Loading...

	unknown	ScriptElement	3.3 kB	2024-12-27	2024-12-27
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-27 22:29 Last Seen2024-12-27 22:29 Times Seen1 Hash 4dd24ae49c9373798d975e8350e7f921 44c0b67d9eaa6eb35379b14ec5e73d0cb03bf22e 3d9077c02f843d40f7211d3590deb3f77c4efd28b89b8af201c4d6fd9b39261b Loading...

	www.dacherng.com.tw/js/highlight.min.js	ScriptElement	123 kB	2024-08-28	2025-05-18
Pretty URL www.dacherng.com.tw/js/highlight.min.js IP 104.21.53.85 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-28 15:34 Last Seen2025-05-18 14:52 Times Seen292 Hash ce552ffc8630869b9d3a215fca292098 6324f32bee04e9925adde9522dfe78eeae4858d5 30ecef6c6f78426a75fa5f60f92780501a3619ec11367e3b67331576f3370812 Loading...

		Size	First Seen	Last Seen
	#1 Eval - db6c10cf4d03295b0500d3ebd3369565	2.1 kB	2024-12-27 22:29	2024-12-27 22:29
Pretty Observations First Seen2024-12-27 22:29 Last Seen2024-12-27 22:29 Times Seen1 Hash db6c10cf4d03295b0500d3ebd3369565 8f9b73143ae2864638743d0d75b99b61c0068b7b 561ad5a6ecb8c70698d6b412e75430e0aedc386525c3cb5b052357e467f5e66b Loading...

	#2 Eval - 03df90e23012534f83f8d56837131608	2.1 kB	2024-12-27 22:29	2024-12-27 22:29
Pretty Observations First Seen2024-12-27 22:29 Last Seen2024-12-27 22:29 Times Seen1 Hash 03df90e23012534f83f8d56837131608 50033806047fac43e125bd10877557009444bc56 89adf200f32579c1ca0412beee4ff76560c6b2c09f753ca82f6450de57f82ec1 Loading...

HTTP Transactions (24)

URL IP Response Size

GET degeneratesevere.com/4ebc5c5268f114d8d4e2aad31b3a7099/invoke.js

192.243.59.12

200 OK

11 kB

URL GET HTTP/1.1
degeneratesevere.com/4ebc5c5268f114d8d4e2aad31b3a7099/invoke.js
IP
192.243.59.12:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.dacherng.com.tw/boksmgs/what-is-25-percent-of-5000
Certificate
IssuerLet's Encrypt
Subjectdegeneratesevere.com
Fingerprint78:E0:86:5B:9F:8A:52:19:5A:26:41:95:F7:70:0F:3C:10:C1:15:82
ValidityTue, 03 Dec 2024 21:35:24 GMT - Mon, 03 Mar 2025 21:35:23 GMT

File type
JavaScript source, ASCII text, with very long lines (25168), with no line terminators
Size
11 kB (11320 bytes)
Hash
fc6039a71895a9fcf620e905ca78df31
4fc9be0b834f0031a080431a48c0a81fe51a2147
9e4347287196cf797909159ec9bf7bfbc29cee81609e890e07e7e3f5c7781036

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /4ebc5c5268f114d8d4e2aad31b3a7099/invoke.js HTTP/1.1
Host: degeneratesevere.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dacherng.com.tw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 27 Dec 2024 22:29:20 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Host: degeneratesevere.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: fef7fcc6dd2e7f0614cd110f331174d7
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

GET lazy.agczn.my.id/tag.js

104.21.112.1

200 OK

774 B

URL GET HTTP/2
lazy.agczn.my.id/tag.js
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.dacherng.com.tw/boksmgs/what-is-25-percent-of-5000
Certificate
IssuerGoogle Trust Services
Subjectagczn.my.id
Fingerprint15:37:71:50:43:B8:56:49:C3:9C:10:6B:95:FA:98:27:AA:92:1A:79
ValiditySun, 08 Dec 2024 15:30:45 GMT - Sat, 08 Mar 2025 15:30:44 GMT

File type
ASCII text, with very long lines (377), with CRLF line terminators
Size
774 B (774 bytes)
Hash
f613be6d1cb212afb7ae84007056445d
2fb9979f24cd6cfd3b959630aeb5c3e7b784d9cb
a240184536984e9c3a0c758f14a57cbda4fefd001cb3a0379c52b5f1b2e498a9

HTTP Headers

GET /tag.js HTTP/1.1
Host: lazy.agczn.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dacherng.com.tw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 27 Dec 2024 22:29:20 GMT
content-type: application/javascript; charset=UTF-8
x-powered-by: Express
cache-control: public, max-age=120
last-modified: Thu, 10 Oct 2024 17:00:10 GMT
etag: W/"388-192775fa590"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sAX14UDCKdcU9ykVUabHA%2BvJ8tbxNyY7jCk9rQPTSC5LK2%2FN935YeXunqtM%2FLFgqDrkP1exV%2BGH21FHxcIgIbmmNMkXH3Xu7DHFDKYpxBtpayUXbImj7sJtWaROA8XX3GChs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8f8cbfad9c5d1c12-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=6008&min_rtt=417&rtt_var=11117&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3202&recv_bytes=1059&delivery_rate=7325463&cwnd=254&unsent_bytes=0&cid=69458f52bc71fb52&ts=417&x=0"
X-Firefox-Spdy: h2

GET degeneratesevere.com/4ebc5c5268f114d8d4e2aad31b3a7099/invoke.js

192.243.59.12

200 OK

11 kB

URL GET HTTP/1.1
degeneratesevere.com/4ebc5c5268f114d8d4e2aad31b3a7099/invoke.js
IP
192.243.59.12:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.dacherng.com.tw/boksmgs/what-is-25-percent-of-5000
Certificate
IssuerLet's Encrypt
Subjectdegeneratesevere.com
Fingerprint78:E0:86:5B:9F:8A:52:19:5A:26:41:95:F7:70:0F:3C:10:C1:15:82
ValidityTue, 03 Dec 2024 21:35:24 GMT - Mon, 03 Mar 2025 21:35:23 GMT

File type
JavaScript source, ASCII text, with very long lines (25148), with no line terminators
Size
11 kB (11311 bytes)
Hash
486255087f4146f2de5a1244ca5b7dde
ed38cc2435ff55b5c15761775ced7827bad0a30a
f6b4993f453fc6d3e667b613823173d016251e1fb1ac680887a6d9bd6d05b699

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /4ebc5c5268f114d8d4e2aad31b3a7099/invoke.js HTTP/1.1
Host: degeneratesevere.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dacherng.com.tw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 27 Dec 2024 22:29:20 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Host: degeneratesevere.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 63d6c412c870e9107cd95c51a2432757
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

GET proftrafficcounter.com/stats

18.194.172.37

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
18.194.172.37:443
ASN
#16509 AMAZON-02

Requested by
https://www.dacherng.com.tw/boksmgs/what-is-25-percent-of-5000
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
Fingerprint40:FD:DA:57:15:28:B1:29:02:3E:E6:2F:38:E5:11:E5:7F:DB:6B:40
ValidityMon, 21 Oct 2024 00:00:00 GMT - Thu, 20 Nov 2025 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
6403223a0cb2bc8f7940bb785f73cf14
5f7126b6c55b873bcc34bce844ff13334eb5afe3
8d8278d351f2117af807e086b4b30f4ff3e582df650c90eaf90d4c142514f0e7

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.dacherng.com.tw
DNT: 1
Connection: keep-alive
Referer: https://www.dacherng.com.tw/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 27 Dec 2024 22:29:20 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://www.dacherng.com.tw
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=d99baaef-8fec-433d-a740-89545d152640:1:1; expires=Mon, 25 Dec 2034 22:29:20 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

GET proftrafficcounter.com/stats

18.194.172.37

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
18.194.172.37:443
ASN
#16509 AMAZON-02

Requested by
https://www.dacherng.com.tw/boksmgs/what-is-25-percent-of-5000
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
Fingerprint40:FD:DA:57:15:28:B1:29:02:3E:E6:2F:38:E5:11:E5:7F:DB:6B:40
ValidityMon, 21 Oct 2024 00:00:00 GMT - Thu, 20 Nov 2025 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
6403223a0cb2bc8f7940bb785f73cf14
5f7126b6c55b873bcc34bce844ff13334eb5afe3
8d8278d351f2117af807e086b4b30f4ff3e582df650c90eaf90d4c142514f0e7

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.dacherng.com.tw
DNT: 1
Connection: keep-alive
Referer: https://www.dacherng.com.tw/
Cookie: uid_id2=d99baaef-8fec-433d-a740-89545d152640:1:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 27 Dec 2024 22:29:20 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://www.dacherng.com.tw
vary: Origin
access-control-allow-credentials: true
X-Firefox-Spdy: h2

GET stereospoutfireextinguisher.com/e6/3e/cf/e63ecf111180228a9e27d84976d262cc.js

192.243.59.12

200 OK

34 kB

URL GET HTTP/1.1
stereospoutfireextinguisher.com/e6/3e/cf/e63ecf111180228a9e27d84976d262cc.js
IP
192.243.59.12:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.dacherng.com.tw/boksmgs/what-is-25-percent-of-5000
Certificate
IssuerLet's Encrypt
Subjectstereospoutfireextinguisher.com
FingerprintC5:2E:10:49:A7:54:62:C2:76:32:76:44:BB:73:B5:4E:C2:01:2C:0F
ValidityWed, 18 Dec 2024 21:16:38 GMT - Tue, 18 Mar 2025 21:16:37 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
34 kB (33707 bytes)
Hash
c62deae4d0ba5a4ac2adae621dfb829c
c095348720fc405b235ec16a42bad0e8a9a5cd7a
f2f8129cf4072b1e122fbc00e910dba963e86010efd44fff9caff2b77bbb1ab8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /e6/3e/cf/e63ecf111180228a9e27d84976d262cc.js HTTP/1.1
Host: stereospoutfireextinguisher.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dacherng.com.tw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 27 Dec 2024 22:29:20 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Host: stereospoutfireextinguisher.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: ce103e0e4f88f4cd218e05529886a7be
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

GET lazy.agczn.my.id/js15_as.js?hash=da21YFGCLpPK&host=www.dacherng.com.tw&path=%2Fboksmgs%2Fwhat-is-25-percent-of-5000&ref=

104.21.112.1

200 OK

0 B

URL GET HTTP/3
lazy.agczn.my.id/js15_as.js?hash=da21YFGCLpPK&host=www.dacherng.com.tw&path=%2Fboksmgs%2Fwhat-is-25-percent-of-5000&ref=
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.dacherng.com.tw/boksmgs/what-is-25-percent-of-5000
Certificate
IssuerGoogle Trust Services
Subjectagczn.my.id
Fingerprint15:37:71:50:43:B8:56:49:C3:9C:10:6B:95:FA:98:27:AA:92:1A:79
ValiditySun, 08 Dec 2024 15:30:45 GMT - Sat, 08 Mar 2025 15:30:44 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /js15_as.js?hash=da21YFGCLpPK&host=www.dacherng.com.tw&path=%2Fboksmgs%2Fwhat-is-25-percent-of-5000&ref= HTTP/1.1
Host: lazy.agczn.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dacherng.com.tw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 27 Dec 2024 22:29:20 GMT
content-length: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NWTMUoMOpbX%2FT5cxnB9HA1JjpwUCfKc5pOVntKMrhyoDPdBANb3n6BpoMb%2F8um5y%2Bjyols9t2XftHPdgQFDdEGAvgcewuqd7QhnUbzM1eJuGqEuoEU%2BhOzitcJ27AcmtO3%2Fx"}],"group":"cf-nel","max_age":604800}
x-powered-by: Express
cf-cache-status: DYNAMIC
cf-ray: 8f8cbfb23eaa569f-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400

GET yummyadvertiseexploded.com/e6/3e/cf/e63ecf111180228a9e27d84976d262cc.js

172.240.127.234

200 OK

34 kB

URL GET HTTP/1.1
yummyadvertiseexploded.com/e6/3e/cf/e63ecf111180228a9e27d84976d262cc.js
IP
172.240.127.234:443
ASN
#7979 SERVERS-COM

Requested by
https://www.dacherng.com.tw/boksmgs/what-is-25-percent-of-5000
Certificate
IssuerLet's Encrypt
Subjectyummyadvertiseexploded.com
Fingerprint3D:4F:15:D7:2D:87:5D:A8:62:F5:7D:9A:F0:D8:21:2F:E5:D3:CC:DE
ValidityWed, 18 Dec 2024 21:23:41 GMT - Tue, 18 Mar 2025 21:23:40 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
34 kB (33710 bytes)
Hash
ef98634eff583273c4f563f0c9ec5916
5ab6bcd09f8aad8349ff8badfae041d9ea06d644
4a38b873e045779332e98b7f85e9e8e78a86b0f96845c0c26d5a0771149a9829

HTTP Headers

GET /e6/3e/cf/e63ecf111180228a9e27d84976d262cc.js HTTP/1.1
Host: yummyadvertiseexploded.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dacherng.com.tw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 27 Dec 2024 22:29:20 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Host: yummyadvertiseexploded.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 145e30d5fbde0953a78e630ee726adca
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

GET yummyadvertiseexploded.com/watch.1409886729300.js?key=4ebc5c5268f114d8d4e2aad31b3a7099&kw=%5B%5D&refer=https%3A%2F%2Fwww.dacherng.com.tw%2Fboksmgs%2Fwhat-is-25-percent-of-5000&tz=0&dev=e&res=14.2071&rb=&uuid=d99baaef-8fec-433d-a740-89545d152640%3A1%3A1

172.240.108.76

307 Temporary Redirect

0 B

URL GET HTTP/1.1
yummyadvertiseexploded.com/watch.1409886729300.js?key=4ebc5c5268f114d8d4e2aad31b3a7099&kw=%5B%5D&refer=https%3A%2F%2Fwww.dacherng.com.tw%2Fboksmgs%2Fwhat-is-25-percent-of-5000&tz=0&dev=e&res=14.2071&rb=&uuid=d99baaef-8fec-433d-a740-89545d152640%3A1%3A1
IP
172.240.108.76:443
ASN
#7979 SERVERS-COM

Requested by
https://www.dacherng.com.tw/boksmgs/what-is-25-percent-of-5000
Certificate
IssuerLet's Encrypt
Subjectyummyadvertiseexploded.com
Fingerprint3D:4F:15:D7:2D:87:5D:A8:62:F5:7D:9A:F0:D8:21:2F:E5:D3:CC:DE
ValidityWed, 18 Dec 2024 21:23:41 GMT - Tue, 18 Mar 2025 21:23:40 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /watch.1409886729300.js?key=4ebc5c5268f114d8d4e2aad31b3a7099&kw=%5B%5D&refer=https%3A%2F%2Fwww.dacherng.com.tw%2Fboksmgs%2Fwhat-is-25-percent-of-5000&tz=0&dev=e&res=14.2071&rb=&uuid=d99baaef-8fec-433d-a740-89545d152640%3A1%3A1 HTTP/1.1
Host: yummyadvertiseexploded.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.dacherng.com.tw
DNT: 1
Connection: keep-alive
Referer: https://www.dacherng.com.tw/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Fri, 27 Dec 2024 22:29:20 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.dacherng.com.tw
Access-Control-Allow-Origin: https://www.dacherng.com.tw
Access-Control-Allow-Credentials: true
Location: https://yummyadvertiseexploded.com/watch.1409886729300.js?dev=e&key=4ebc5c5268f114d8d4e2aad31b3a7099&kw=%5B%5D&pst=1735338620&rb=&refer=https%3A%2F%2Fwww.dacherng.com.tw%2Fboksmgs%2Fwhat-is-25-percent-of-5000&res=14.2071&rmtc=t&shu=d7670eb709d83b44dbc9045d504e90bfba8a23ca321197cc667c3e76ad4e376eed64e47ad2d24483958d1470910a91b79a4a7e4bec31172af1c3cbb56beb70984fc132d4befa532e7e806bed9013405500f4f162187f7cd6253435&tz=0&uuid=d99baaef-8fec-433d-a740-89545d152640%3A1%3A1
Set-Cookie: u_pl23748403=1; expires=Sat, 28 Dec 2024 22:29:20 GMT; path=/; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMzc0ODQwMywiayI6IjRlYmM1YzUyNjhmMTE0ZDhkNGUyYWFkMzFiM2E3MDk5Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNjgxODg4LCJwaWQiOjE1NDYxMiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjUsInB0Ijo0LCJwayI6ImtxNmQxM2syNDciLCJjcGtzIjp7IjI4IjoiZTYzZWNmMTExMTgwMjI4YTllMjdkODQ5NzZkMjYyY2MifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vd3d3LmRhY2hlcm5nLmNvbS50dy9ib2tzbWdzL3doYXQtaXMtMjUtcGVyY2VudC1vZi01MDAwIiwiYXIiOltdfX0.gfMb1fuk8wiEzHerLuqpGbK63RXlaqD4l5FbmqSuXL4; expires=Fri, 27 Dec 2024 22:30:20 GMT; path=/; secure; SameSite=None
Host: yummyadvertiseexploded.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 25bdfa184f098d2dc5eee1809c41aef4
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

GET stereospoutfireextinguisher.com/watch.1015807832130.js?key=4ebc5c5268f114d8d4e2aad31b3a7099&kw=%5B%5D&refer=https%3A%2F%2Fwww.dacherng.com.tw%2Fboksmgs%2Fwhat-is-25-percent-of-5000&tz=0&dev=e&res=14.2071&rb=&uuid=d99baaef-8fec-433d-a740-89545d152640%3A1%3A1

192.243.61.225

307 Temporary Redirect

0 B

URL GET HTTP/1.1
stereospoutfireextinguisher.com/watch.1015807832130.js?key=4ebc5c5268f114d8d4e2aad31b3a7099&kw=%5B%5D&refer=https%3A%2F%2Fwww.dacherng.com.tw%2Fboksmgs%2Fwhat-is-25-percent-of-5000&tz=0&dev=e&res=14.2071&rb=&uuid=d99baaef-8fec-433d-a740-89545d152640%3A1%3A1
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.dacherng.com.tw/boksmgs/what-is-25-percent-of-5000
Certificate
IssuerLet's Encrypt
Subjectstereospoutfireextinguisher.com
FingerprintC5:2E:10:49:A7:54:62:C2:76:32:76:44:BB:73:B5:4E:C2:01:2C:0F
ValidityWed, 18 Dec 2024 21:16:38 GMT - Tue, 18 Mar 2025 21:16:37 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1015807832130.js?key=4ebc5c5268f114d8d4e2aad31b3a7099&kw=%5B%5D&refer=https%3A%2F%2Fwww.dacherng.com.tw%2Fboksmgs%2Fwhat-is-25-percent-of-5000&tz=0&dev=e&res=14.2071&rb=&uuid=d99baaef-8fec-433d-a740-89545d152640%3A1%3A1 HTTP/1.1
Host: stereospoutfireextinguisher.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.dacherng.com.tw
DNT: 1
Connection: keep-alive
Referer: https://www.dacherng.com.tw/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Fri, 27 Dec 2024 22:29:20 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.dacherng.com.tw
Access-Control-Allow-Origin: https://www.dacherng.com.tw
Access-Control-Allow-Credentials: true
Location: https://stereospoutfireextinguisher.com/watch.1015807832130.js?dev=e&key=4ebc5c5268f114d8d4e2aad31b3a7099&kw=%5B%5D&pst=1735338620&rb=&refer=https%3A%2F%2Fwww.dacherng.com.tw%2Fboksmgs%2Fwhat-is-25-percent-of-5000&res=14.2071&rmtc=t&shu=920dcbc7ca4a1daee5d90cd19705211604f0c38bf55b90c6106afc06e68a6c05b76e9fdc4d4a7ceb0136d70b2fdb0ec1de4c03384ca0b919acbb1242cb43e48431b7983169108d69752db1da2ec22c6e1d44d04bbf13c841613704&tz=0&uuid=d99baaef-8fec-433d-a740-89545d152640%3A1%3A1
Set-Cookie: u_pl23748403=1; expires=Sat, 28 Dec 2024 22:29:20 GMT; path=/; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMzc0ODQwMywiayI6IjRlYmM1YzUyNjhmMTE0ZDhkNGUyYWFkMzFiM2E3MDk5Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNjgxODg4LCJwaWQiOjE1NDYxMiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjUsInB0Ijo0LCJwayI6ImtxNmQxM2syNDciLCJjcGtzIjp7IjI4IjoiZTYzZWNmMTExMTgwMjI4YTllMjdkODQ5NzZkMjYyY2MifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vd3d3LmRhY2hlcm5nLmNvbS50dy9ib2tzbWdzL3doYXQtaXMtMjUtcGVyY2VudC1vZi01MDAwIiwiYXIiOltdfX0.gfMb1fuk8wiEzHerLuqpGbK63RXlaqD4l5FbmqSuXL4; expires=Fri, 27 Dec 2024 22:30:20 GMT; path=/; secure; SameSite=None
Host: stereospoutfireextinguisher.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 25bbe1f77d71e4741cf1b2393ee9b732
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

GET recordedthereby.com/sfp.js

185.196.197.71

200 OK

85 kB

URL GET HTTP/1.1
recordedthereby.com/sfp.js
IP
185.196.197.71:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.dacherng.com.tw/boksmgs/what-is-25-percent-of-5000
Certificate
IssuerLet's Encrypt
Subjectrecordedthereby.com
FingerprintE0:09:99:E3:0E:A5:83:8D:96:1B:26:8A:2E:AC:12:98:C6:D3:E1:76
ValidityWed, 06 Nov 2024 14:09:18 GMT - Tue, 04 Feb 2025 14:09:17 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
85 kB (85378 bytes)
Hash
7e3e44049654b6e244c1777e68ffb8e7
8f2a8298666d607afd92a0baa362ef4dc9ccd039
4acac8b8ff23671d365150818f3c39bbbfa08b1a1842d73de5933e0fea26454b

HTTP Headers

GET /sfp.js HTTP/1.1
Host: recordedthereby.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dacherng.com.tw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 27 Dec 2024 22:29:20 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 85378
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Host: recordedthereby.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: a98db0d5fd3719fc52a7cb68bb5f2712
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

GET yummyadvertiseexploded.com/pixel/purst?dl=0&th=0&sc=0&rs=1940&rd=1940&fd=572&bv=24.12.6652&tmpl=136

172.240.127.234

200 OK

0 B

URL GET HTTP/1.1
yummyadvertiseexploded.com/pixel/purst?dl=0&th=0&sc=0&rs=1940&rd=1940&fd=572&bv=24.12.6652&tmpl=136
IP
172.240.127.234:443
ASN
#7979 SERVERS-COM

Requested by
https://www.dacherng.com.tw/boksmgs/what-is-25-percent-of-5000
Certificate
IssuerLet's Encrypt
Subjectyummyadvertiseexploded.com
Fingerprint3D:4F:15:D7:2D:87:5D:A8:62:F5:7D:9A:F0:D8:21:2F:E5:D3:CC:DE
ValidityWed, 18 Dec 2024 21:23:41 GMT - Tue, 18 Mar 2025 21:23:40 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /pixel/purst?dl=0&th=0&sc=0&rs=1940&rd=1940&fd=572&bv=24.12.6652&tmpl=136 HTTP/1.1
Host: yummyadvertiseexploded.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dacherng.com.tw/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 27 Dec 2024 22:29:20 GMT
Content-Length: 0
Connection: keep-alive
Host: yummyadvertiseexploded.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

GET capaciousdrewreligion.com/advertisers.js

185.196.197.72

200 OK

0 B

URL GET HTTP/1.1
capaciousdrewreligion.com/advertisers.js
IP
185.196.197.72:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.dacherng.com.tw/boksmgs/what-is-25-percent-of-5000
Certificate
IssuerLet's Encrypt
Subjectcapaciousdrewreligion.com
FingerprintD9:49:50:C3:1F:23:A3:E8:75:32:16:6A:76:DE:28:2B:93:73:31:80
ValiditySun, 03 Nov 2024 04:28:34 GMT - Sat, 01 Feb 2025 04:28:33 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /advertisers.js HTTP/1.1
Host: capaciousdrewreligion.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dacherng.com.tw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 27 Dec 2024 22:29:21 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: bf7f54773d6ef769e4532d17b751a693
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

GET stereospoutfireextinguisher.com/watch.1015807832130.js?dev=e&key=4ebc5c5268f114d8d4e2aad31b3a7099&kw=%5B%5D&pst=1735338620&rb=&refer=https%3A%2F%2Fwww.dacherng.com.tw%2Fboksmgs%2Fwhat-is-25-percent-of-5000&res=14.2071&rmtc=t&shu=920dcbc7ca4a1daee5d90cd19705211604f0c38bf55b90c6106afc06e68a6c05b76e9fdc4d4a7ceb0136d70b2fdb0ec1de4c03384ca0b919acbb1242cb43e48431b7983169108d69752db1da2ec22c6e1d44d04bbf13c841613704&tz=0&uuid=d99baaef-8fec-433d-a740-89545d152640%3A1%3A1

192.243.59.12

200 OK

2.1 kB

URL GET HTTP/1.1
stereospoutfireextinguisher.com/watch.1015807832130.js?dev=e&key=4ebc5c5268f114d8d4e2aad31b3a7099&kw=%5B%5D&pst=1735338620&rb=&refer=https%3A%2F%2Fwww.dacherng.com.tw%2Fboksmgs%2Fwhat-is-25-percent-of-5000&res=14.2071&rmtc=t&shu=920dcbc7ca4a1daee5d90cd19705211604f0c38bf55b90c6106afc06e68a6c05b76e9fdc4d4a7ceb0136d70b2fdb0ec1de4c03384ca0b919acbb1242cb43e48431b7983169108d69752db1da2ec22c6e1d44d04bbf13c841613704&tz=0&uuid=d99baaef-8fec-433d-a740-89545d152640%3A1%3A1
IP
192.243.59.12:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.dacherng.com.tw/boksmgs/what-is-25-percent-of-5000
Certificate
IssuerLet's Encrypt
Subjectstereospoutfireextinguisher.com
FingerprintC5:2E:10:49:A7:54:62:C2:76:32:76:44:BB:73:B5:4E:C2:01:2C:0F
ValidityWed, 18 Dec 2024 21:16:38 GMT - Tue, 18 Mar 2025 21:16:37 GMT

File type
JavaScript source, ASCII text, with very long lines (2522)
Size
2.1 kB (2060 bytes)
Hash
4fdf874b07251781d495bc8c8746dc68
58d72833984ad3dda3961897a61cac987c5e853c
b592b3e56e99ad4f86ca95f59a75487ebf7081b7ca950fd656744579cdbbcad1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1015807832130.js?dev=e&key=4ebc5c5268f114d8d4e2aad31b3a7099&kw=%5B%5D&pst=1735338620&rb=&refer=https%3A%2F%2Fwww.dacherng.com.tw%2Fboksmgs%2Fwhat-is-25-percent-of-5000&res=14.2071&rmtc=t&shu=920dcbc7ca4a1daee5d90cd19705211604f0c38bf55b90c6106afc06e68a6c05b76e9fdc4d4a7ceb0136d70b2fdb0ec1de4c03384ca0b919acbb1242cb43e48431b7983169108d69752db1da2ec22c6e1d44d04bbf13c841613704&tz=0&uuid=d99baaef-8fec-433d-a740-89545d152640%3A1%3A1 HTTP/1.1
Host: stereospoutfireextinguisher.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.dacherng.com.tw
Referer: https://www.dacherng.com.tw/
DNT: 1
Connection: keep-alive
Cookie: u_pl23748403=1; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMzc0ODQwMywiayI6IjRlYmM1YzUyNjhmMTE0ZDhkNGUyYWFkMzFiM2E3MDk5Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNjgxODg4LCJwaWQiOjE1NDYxMiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjUsInB0Ijo0LCJwayI6ImtxNmQxM2syNDciLCJjcGtzIjp7IjI4IjoiZTYzZWNmMTExMTgwMjI4YTllMjdkODQ5NzZkMjYyY2MifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vd3d3LmRhY2hlcm5nLmNvbS50dy9ib2tzbWdzL3doYXQtaXMtMjUtcGVyY2VudC1vZi01MDAwIiwiYXIiOltdfX0.gfMb1fuk8wiEzHerLuqpGbK63RXlaqD4l5FbmqSuXL4
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 27 Dec 2024 22:29:20 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.dacherng.com.tw
Access-Control-Allow-Origin: https://www.dacherng.com.tw
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=d99baaef-8fec-433d-a740-89545d152640:1:1; expires=Fri, 03 Jan 2025 22:29:20 GMT; path=/; secure; SameSite=None
pdhtkv=true; expires=Sat, 28 Dec 2024 22:29:20 GMT; path=/; secure; SameSite=None
uncs=1; expires=Sat, 28 Dec 2024 22:29:20 GMT; path=/; secure; SameSite=None
pdhtkv5=true; expires=Sat, 28 Dec 2024 22:29:20 GMT; path=/; secure; SameSite=None
uncs5=1; expires=Sat, 28 Dec 2024 22:29:20 GMT; path=/; secure; SameSite=None
Host: stereospoutfireextinguisher.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: a181cd177557f617d8c5ca24f3751f16
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

GET yummyadvertiseexploded.com/watch.1409886729300.js?dev=e&key=4ebc5c5268f114d8d4e2aad31b3a7099&kw=%5B%5D&pst=1735338620&rb=&refer=https%3A%2F%2Fwww.dacherng.com.tw%2Fboksmgs%2Fwhat-is-25-percent-of-5000&res=14.2071&rmtc=t&shu=d7670eb709d83b44dbc9045d504e90bfba8a23ca321197cc667c3e76ad4e376eed64e47ad2d24483958d1470910a91b79a4a7e4bec31172af1c3cbb56beb70984fc132d4befa532e7e806bed9013405500f4f162187f7cd6253435&tz=0&uuid=d99baaef-8fec-433d-a740-89545d152640%3A1%3A1

172.240.108.76

200 OK

2.0 kB

URL GET HTTP/1.1
yummyadvertiseexploded.com/watch.1409886729300.js?dev=e&key=4ebc5c5268f114d8d4e2aad31b3a7099&kw=%5B%5D&pst=1735338620&rb=&refer=https%3A%2F%2Fwww.dacherng.com.tw%2Fboksmgs%2Fwhat-is-25-percent-of-5000&res=14.2071&rmtc=t&shu=d7670eb709d83b44dbc9045d504e90bfba8a23ca321197cc667c3e76ad4e376eed64e47ad2d24483958d1470910a91b79a4a7e4bec31172af1c3cbb56beb70984fc132d4befa532e7e806bed9013405500f4f162187f7cd6253435&tz=0&uuid=d99baaef-8fec-433d-a740-89545d152640%3A1%3A1
IP
172.240.108.76:443
ASN
#7979 SERVERS-COM

Requested by
https://www.dacherng.com.tw/boksmgs/what-is-25-percent-of-5000
Certificate
IssuerLet's Encrypt
Subjectyummyadvertiseexploded.com
Fingerprint3D:4F:15:D7:2D:87:5D:A8:62:F5:7D:9A:F0:D8:21:2F:E5:D3:CC:DE
ValidityWed, 18 Dec 2024 21:23:41 GMT - Tue, 18 Mar 2025 21:23:40 GMT

File type
JavaScript source, ASCII text, with very long lines (2488)
Size
2.0 kB (2018 bytes)
Hash
0bbc8d9a14ee04ae93bf604af3e88e9a
cff056109786e9a1b4cb5182d1105db12bc600db
649364f45cb3662eb017e0e60489ce866276965d898c696424ff8be0ae0f81ea

HTTP Headers

GET /watch.1409886729300.js?dev=e&key=4ebc5c5268f114d8d4e2aad31b3a7099&kw=%5B%5D&pst=1735338620&rb=&refer=https%3A%2F%2Fwww.dacherng.com.tw%2Fboksmgs%2Fwhat-is-25-percent-of-5000&res=14.2071&rmtc=t&shu=d7670eb709d83b44dbc9045d504e90bfba8a23ca321197cc667c3e76ad4e376eed64e47ad2d24483958d1470910a91b79a4a7e4bec31172af1c3cbb56beb70984fc132d4befa532e7e806bed9013405500f4f162187f7cd6253435&tz=0&uuid=d99baaef-8fec-433d-a740-89545d152640%3A1%3A1 HTTP/1.1
Host: yummyadvertiseexploded.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.dacherng.com.tw
Referer: https://www.dacherng.com.tw/
DNT: 1
Connection: keep-alive
Cookie: u_pl23748403=1; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMzc0ODQwMywiayI6IjRlYmM1YzUyNjhmMTE0ZDhkNGUyYWFkMzFiM2E3MDk5Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNjgxODg4LCJwaWQiOjE1NDYxMiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjUsInB0Ijo0LCJwayI6ImtxNmQxM2syNDciLCJjcGtzIjp7IjI4IjoiZTYzZWNmMTExMTgwMjI4YTllMjdkODQ5NzZkMjYyY2MifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vd3d3LmRhY2hlcm5nLmNvbS50dy9ib2tzbWdzL3doYXQtaXMtMjUtcGVyY2VudC1vZi01MDAwIiwiYXIiOltdfX0.gfMb1fuk8wiEzHerLuqpGbK63RXlaqD4l5FbmqSuXL4
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 27 Dec 2024 22:29:21 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.dacherng.com.tw
Access-Control-Allow-Origin: https://www.dacherng.com.tw
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=d99baaef-8fec-433d-a740-89545d152640:1:1; expires=Fri, 03 Jan 2025 22:29:20 GMT; path=/; secure; SameSite=None
pdhtkv=true; expires=Sat, 28 Dec 2024 22:29:21 GMT; path=/; secure; SameSite=None
uncs=1; expires=Sat, 28 Dec 2024 22:29:21 GMT; path=/; secure; SameSite=None
pdhtkv5=true; expires=Sat, 28 Dec 2024 22:29:21 GMT; path=/; secure; SameSite=None
uncs5=1; expires=Sat, 28 Dec 2024 22:29:21 GMT; path=/; secure; SameSite=None
Host: yummyadvertiseexploded.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: c78275d42dfc133ce7f8c4d3223dfc75
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

GET www.dacherng.com.tw/image/what-is-25-percent-of-5000.jpeg

104.21.53.85

200 OK

13 kB

URL GET HTTP/3
www.dacherng.com.tw/image/what-is-25-percent-of-5000.jpeg
IP
104.21.53.85:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.dacherng.com.tw/boksmgs/what-is-25-percent-of-5000
Certificate
IssuerGoogle Trust Services
Subjectdacherng.com.tw
Fingerprint45:17:75:B3:08:43:37:B8:E2:89:AF:25:D3:13:9B:0F:A5:AA:30:08
ValidityFri, 20 Dec 2024 14:40:22 GMT - Thu, 20 Mar 2025 15:27:38 GMT

File type
gzip compressed data, from Unix
Size
13 kB (13210 bytes)
Hash
1edcc733e4a64aaf6cc0afbe34cc7a64
1f258d366c82482a0ee4417637753ed742aca429
43c90a9661deea9e0b1032d3f5010e719536f6c5aabaa47be7a20f2f411ce036

HTTP Headers

GET /image/what-is-25-percent-of-5000.jpeg HTTP/1.1
Host: www.dacherng.com.tw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dacherng.com.tw/boksmgs/what-is-25-percent-of-5000
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=d99baaef-8fec-433d-a740-89545d152640%3A1%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 27 Dec 2024 22:29:20 GMT
content-type: image/jpeg
x-powered-by: Express
content-encoding: gzip
cache-control: max-age=31536000
cf-cache-status: MISS
last-modified: Fri, 27 Dec 2024 22:29:20 GMT
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZlAM%2FpFhcNQ%2FhZzK%2BlYOJurIsgrMVPQG3Ni35o7gnSGGNJqiB6A6sAa%2FbFPIunwCborK1zCVUmrabKEywxYFYX%2BtegUio54ge%2BL0nSUDspHyMrPJ6RxD7ICLBgMjfeuaniRkm%2Bwh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8f8cbfb2e94456a2-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2795&min_rtt=1360&rtt_var=1535&sent=14&recv=10&lost=0&retrans=0&sent_bytes=4165&recv_bytes=1943&delivery_rate=436585&cwnd=12000&unsent_bytes=0&cid=85017bad140b834d&ts=1400&x=1", cfExtPri, cfHdrFlush;dur=0

GET cdn.storageimagedisplay.com/cti/0c/64/c9/0c64c955cb1d51da0e58e57419b66631/1708270232.jpg

45.133.44.1

200 OK

79 kB

URL GET HTTP/2
cdn.storageimagedisplay.com/cti/0c/64/c9/0c64c955cb1d51da0e58e57419b66631/1708270232.jpg
IP
45.133.44.1:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.dacherng.com.tw/boksmgs/what-is-25-percent-of-5000
Certificate
IssuerLet's Encrypt
Subjectcdn.storageimagedisplay.com
FingerprintF9:20:E7:90:5F:37:8A:CE:B4:58:90:7D:E5:7E:FD:5E:B8:11:6E:FE
ValidityTue, 12 Nov 2024 03:04:34 GMT - Mon, 10 Feb 2025 03:04:33 GMT

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 24.5 (Windows), datetime=2024:02:16 15:04:57], progressive, precision 8, 300x250, components 3
Size
79 kB (79010 bytes)
Hash
325d5a8fd98bd4abebe19e1ea0bfa6b5
724b06f3b7fd7b0e958b59c4c4afb2813a5f5c17
710e54e782c441ef1ce60c52642dae8084dbbaa413343ff13f86c1e53c981318

HTTP Headers

GET /cti/0c/64/c9/0c64c955cb1d51da0e58e57419b66631/1708270232.jpg HTTP/1.1
Host: cdn.storageimagedisplay.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 27 Dec 2024 22:29:21 GMT
content-type: image/jpeg
content-length: 79010
server: nginx/1.21.6
last-modified: Sun, 18 Feb 2024 15:30:40 GMT
etag: "65d222a0-134a2"
expires: Sun, 29 Dec 2024 22:29:21 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
x-cdn-host-id: ah0543
accept-ranges: bytes
X-Firefox-Spdy: h2

GET cdn.storageimagedisplay.com/cti/bf/84/2e/bf842e9bfc0a67b3160025c9ef8373c8/1707813634.png

45.133.44.1

200 OK

119 kB

URL GET HTTP/2
cdn.storageimagedisplay.com/cti/bf/84/2e/bf842e9bfc0a67b3160025c9ef8373c8/1707813634.png
IP
45.133.44.1:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.dacherng.com.tw/boksmgs/what-is-25-percent-of-5000
Certificate
IssuerLet's Encrypt
Subjectcdn.storageimagedisplay.com
FingerprintF9:20:E7:90:5F:37:8A:CE:B4:58:90:7D:E5:7E:FD:5E:B8:11:6E:FE
ValidityTue, 12 Nov 2024 03:04:34 GMT - Mon, 10 Feb 2025 03:04:33 GMT

File type
PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced
Size
119 kB (118759 bytes)
Hash
72fe477091722c9a5ab9b26117663f22
edf375c273be0ee032792a29121c435678c303a5
7b2a8ad947f5c5ec0e0e4aaabc63cd445b1346e6f03ad5cfc604f1f274bd89a2

HTTP Headers

GET /cti/bf/84/2e/bf842e9bfc0a67b3160025c9ef8373c8/1707813634.png HTTP/1.1
Host: cdn.storageimagedisplay.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 27 Dec 2024 22:29:21 GMT
content-type: image/png
content-length: 118759
server: nginx/1.21.6
last-modified: Tue, 13 Feb 2024 08:40:43 GMT
etag: "65cb2b0b-1cfe7"
expires: Sun, 29 Dec 2024 22:29:21 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
x-cdn-host-id: ah0543
accept-ranges: bytes
X-Firefox-Spdy: h2

GET www.dacherng.com.tw/profil.png

104.21.53.85

200 OK

194 kB

URL GET HTTP/3
www.dacherng.com.tw/profil.png
IP
104.21.53.85:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.dacherng.com.tw/boksmgs/what-is-25-percent-of-5000
Certificate
IssuerGoogle Trust Services
Subjectdacherng.com.tw
Fingerprint45:17:75:B3:08:43:37:B8:E2:89:AF:25:D3:13:9B:0F:A5:AA:30:08
ValidityFri, 20 Dec 2024 14:40:22 GMT - Thu, 20 Mar 2025 15:27:38 GMT

File type
PNG image data, 923 x 740, 8-bit/color RGBA, non-interlaced
Size
194 kB (194148 bytes)
Hash
0ecb16fcde3387b3713c23171a893d09
cfe3c161fb283b1edaad6d93d60b538dfb4fd26e
4a82536fd7a10df27764bc1d956a7423736b4e2c09332d7fabfe25c15f7119c6

HTTP Headers

GET /profil.png HTTP/1.1
Host: www.dacherng.com.tw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dacherng.com.tw/boksmgs/what-is-25-percent-of-5000
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=d99baaef-8fec-433d-a740-89545d152640%3A1%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 27 Dec 2024 22:29:21 GMT
content-type: image/png
content-length: 194148
x-powered-by: Express
cache-control: public, max-age=0
last-modified: Sat, 17 Aug 2024 14:47:12 GMT
etag: W/"2f664-19160ce8180"
cf-cache-status: EXPIRED
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yNzIvPvOC%2FxuOHa5AX%2F%2BqsnXeWONnSZfaLtY6Bs7suudMMIgSyEoXNBSjaPMyFHOh2kz0o5Ypj%2FWgc9owuZ%2Bip4cE1QosSASgQUIh6%2F8BrsuZZRp1mIY4NhgaS89BUbCUQYKjN%2Bg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8f8cbfb2d93d56a2-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=5213&min_rtt=1360&rtt_var=6405&sent=26&recv=12&lost=0&retrans=0&sent_bytes=17913&recv_bytes=2029&delivery_rate=1263034&cwnd=24000&unsent_bytes=0&cid=85017bad140b834d&ts=1751&x=1", cfExtPri, cfHdrFlush;dur=0

GET unseenreport.com/pxf.gif?uuid=d99baaef-8fec-433d-a740-89545d152640&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=e63ecf111180228a9e27d84976d262cc&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=22

192.243.59.13

200 OK

1 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=d99baaef-8fec-433d-a740-89545d152640&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=e63ecf111180228a9e27d84976d262cc&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=22
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www.dacherng.com.tw/boksmgs/what-is-25-percent-of-5000
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
FingerprintB3:C3:D3:00:AB:EE:F9:2F:2C:9A:5D:74:A9:E1:4E:36:06:3F:B6:74
ValidityMon, 18 Nov 2024 22:38:22 GMT - Sun, 16 Feb 2025 22:38:21 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=d99baaef-8fec-433d-a740-89545d152640&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=e63ecf111180228a9e27d84976d262cc&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=22 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dacherng.com.tw/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 27 Dec 2024 22:29:21 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Host: unseenreport.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 16dc94c46ddd4ac17905e55d8fab054b
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

GET www.dacherng.com.tw/favicon.ico

104.21.53.85

200 OK

8.1 kB

URL GET HTTP/3
www.dacherng.com.tw/favicon.ico
IP
104.21.53.85:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.dacherng.com.tw/boksmgs/what-is-25-percent-of-5000
Certificate
IssuerGoogle Trust Services
Subjectdacherng.com.tw
Fingerprint45:17:75:B3:08:43:37:B8:E2:89:AF:25:D3:13:9B:0F:A5:AA:30:08
ValidityFri, 20 Dec 2024 14:40:22 GMT - Thu, 20 Mar 2025 15:27:38 GMT

File type
gzip compressed data, from Unix
Size
8.1 kB (8126 bytes)
Hash
89e7b335b59de2d4cdf76ed62242d63c
3fa17415dc227266ad605094aa9834c243d1fbd5
cee050225a068cb307a5dfe938dcfba3e0cff70227e7864d2ae9ab37b5dbba11

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.dacherng.com.tw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dacherng.com.tw/boksmgs/what-is-25-percent-of-5000
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=d99baaef-8fec-433d-a740-89545d152640%3A1%3A1; pp_show_on_e63ecf111180228a9e27d84976d262cc=1; pp_main_e63ecf111180228a9e27d84976d262cc=1; pp_exp_e63ecf111180228a9e27d84976d262cc=1735339461248
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 27 Dec 2024 22:29:21 GMT
content-type: image/jpeg
x-powered-by: Express
content-encoding: gzip
cache-control: max-age=31536000
cf-cache-status: HIT
age: 575934
last-modified: Sat, 21 Dec 2024 06:30:27 GMT
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=buiXlECgByc20pCTKAYfPlzUT%2FYGv70YyM4AYtm3iDAJXZWg8OrCbDAx8NOMHZo6lm8s5P7uv%2BIc0lcIYNE3rp3x8qrKycDG%2FvZWUZ%2BUIiwlUzbOgw5Zr4arLSySW4rhfes4bvFE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8f8cbfb8887956a2-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3354&min_rtt=1360&rtt_var=3067&sent=232&recv=20&lost=0&retrans=0&sent_bytes=261660&recv_bytes=3231&delivery_rate=13267206&cwnd=96000&unsent_bytes=0&cid=85017bad140b834d&ts=1955&x=1", cfExtPri, cfHdrFlush;dur=0

GET www.dacherng.com.tw/apple-touch-icon.png

104.21.53.85

404 Not Found

32 kB

URL GET HTTP/3
www.dacherng.com.tw/apple-touch-icon.png
IP
104.21.53.85:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.dacherng.com.tw/boksmgs/what-is-25-percent-of-5000
Certificate
IssuerGoogle Trust Services
Subjectdacherng.com.tw
Fingerprint45:17:75:B3:08:43:37:B8:E2:89:AF:25:D3:13:9B:0F:A5:AA:30:08
ValidityFri, 20 Dec 2024 14:40:22 GMT - Thu, 20 Mar 2025 15:27:38 GMT

File type

Size
32 kB (32236 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /apple-touch-icon.png HTTP/1.1
Host: www.dacherng.com.tw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dacherng.com.tw/boksmgs/what-is-25-percent-of-5000
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=d99baaef-8fec-433d-a740-89545d152640%3A1%3A1; pp_show_on_e63ecf111180228a9e27d84976d262cc=1; pp_main_e63ecf111180228a9e27d84976d262cc=1; pp_exp_e63ecf111180228a9e27d84976d262cc=1735339461248
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Fri, 27 Dec 2024 22:29:21 GMT
content-type: text/html; charset=UTF-8
x-powered-by: Express
cf-cache-status: MISS
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J5%2FqhabrMSlKfTMyilD%2BBqPyZmpHeOXNW6QUI9hrZESKLdR5Xv%2Fyspqu5KxS2RYWdYoY82aCgfDo%2BC%2FVZhmrc4Vd72G6S3AYtditVzeov%2FwcneSR%2F5ydhS2N4lctrpySbHH%2FDv9a"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8f8cbfb8887856a2-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3104&min_rtt=1352&rtt_var=2801&sent=234&recv=21&lost=0&retrans=0&sent_bytes=263826&recv_bytes=3276&delivery_rate=154947&cwnd=96000&unsent_bytes=0&cid=85017bad140b834d&ts=2385&x=1", cfExtPri, cfHdrFlush;dur=0

GET www.dacherng.com.tw/js/highlight.min.js

104.21.53.85

200 OK

123 kB

URL GET HTTP/3
www.dacherng.com.tw/js/highlight.min.js
IP
104.21.53.85:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.dacherng.com.tw/boksmgs/what-is-25-percent-of-5000
Certificate
IssuerGoogle Trust Services
Subjectdacherng.com.tw
Fingerprint45:17:75:B3:08:43:37:B8:E2:89:AF:25:D3:13:9B:0F:A5:AA:30:08
ValidityFri, 20 Dec 2024 14:40:22 GMT - Thu, 20 Mar 2025 15:27:38 GMT

File type
JavaScript source, ASCII text, with very long lines (7910), with CRLF line terminators
Size
123 kB (122939 bytes)
Hash
ce552ffc8630869b9d3a215fca292098
6324f32bee04e9925adde9522dfe78eeae4858d5
30ecef6c6f78426a75fa5f60f92780501a3619ec11367e3b67331576f3370812

HTTP Headers

GET /js/highlight.min.js HTTP/1.1
Host: www.dacherng.com.tw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.dacherng.com.tw/boksmgs/what-is-25-percent-of-5000
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 27 Dec 2024 22:29:21 GMT
content-type: application/javascript; charset=UTF-8
x-powered-by: Express
cache-control: public, max-age=0
last-modified: Sat, 17 Aug 2024 14:47:12 GMT
etag: W/"1e03b-19160ce8180"
cf-cache-status: EXPIRED
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aq%2B1CWSig%2Fz4LvBg%2FblKGG3atTgkrRn6bkWGKlmmGzr334W%2Fl0MWJVNBymR0XTgQ0v9eSbjbuG4jPzkv4vPOgdQMbiiUN8%2F8ZxiKSCaEenZSI6pkPNF7%2BVTwvMODx93eiq0%2F4yn0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8f8cbfb2c92156a2-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4583&min_rtt=1360&rtt_var=4645&sent=53&recv=14&lost=0&retrans=0&sent_bytes=50181&recv_bytes=2116&delivery_rate=2564654&cwnd=48000&unsent_bytes=0&cid=85017bad140b834d&ts=1897&x=1", cfExtPri, cfHdrFlush;dur=0

GET www.dacherng.com.tw/boksmgs/what-is-25-percent-of-5000

104.21.53.85

200 OK

77 kB

URL User Request GET HTTP/2
www.dacherng.com.tw/boksmgs/what-is-25-percent-of-5000
IP
104.21.53.85:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectdacherng.com.tw
Fingerprint45:17:75:B3:08:43:37:B8:E2:89:AF:25:D3:13:9B:0F:A5:AA:30:08
ValidityFri, 20 Dec 2024 14:40:22 GMT - Thu, 20 Mar 2025 15:27:38 GMT

File type

Size
77 kB (76872 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /boksmgs/what-is-25-percent-of-5000 HTTP/1.1
Host: www.dacherng.com.tw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 27 Dec 2024 22:29:19 GMT
content-type: text/html; charset=UTF-8
x-powered-by: Express
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=10ErtanZujgBYOf84cGW%2BExSvx1js9Mao6Csym5LWIo9t3Yxq5SQ5JD0QYAohuOTxV6E2kpVq3Xy3brAQO%2FUM6J1up9E%2FsDGMzOmHWV%2FtJn8pZIuMNyYhnxJbv8y7eolX1NG42xy"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8f8cbfa8b86a569b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=5828&min_rtt=458&rtt_var=10753&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3284&recv_bytes=1276&delivery_rate=7215946&cwnd=236&unsent_bytes=0&cid=637c02cc2db4458c&ts=602&x=0"
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (17)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL