Report - o1760.tjs72.buzz/

Report Overview

Visitedpublic

2025-02-08 04:44:43

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
anada8.xyz	unknown	2023-05-30	2023-05-30	2024-12-22	3.9 kB	1.4 MB	172.67.217.229
5g0kp.flyd28.buzz	unknown	2024-02-29	2024-05-16	2024-12-22	477 B	1.1 kB	172.67.172.152
www.deeptheen.cc	unknown	2022-10-23	2022-12-19	2024-12-22	436 B	672 B	103.224.182.251
xn--zlz31p.jokerlu.today	unknown	2023-12-04	2024-10-22	2024-10-22	892 B	0 B	0.0.0.0
sld9.buzz	unknown	2023-11-14	2022-09-06	2024-12-22	862 B	0 B	0.0.0.0
smdh13.xyz	unknown	2024-04-24	2023-01-14	2024-12-22	448 B	0 B	0.0.0.0
zuiqiang.beiqiguaitan.cc	unknown	2024-08-13	2024-12-22	2024-12-22	446 B	1.2 kB	154.17.11.53
www.pinkdh.xyz	unknown	2023-09-22	2022-11-20	2024-12-22	453 B	76 B	103.224.212.212
www.jp9.xyz	unknown	2023-06-04	2017-01-19	2024-12-22	433 B	76 B	103.224.212.210
gogogo.falbycd.xyz	unknown	unknown	No data	No data	434 B	899 B	0.0.0.0
www.posdd.pw	unknown	2021-04-22	2022-09-20	2024-12-22	444 B	332 B	192.157.56.139
i6m0k8.kcqsysame.buzz	unknown	2024-08-06	2025-02-08	2025-02-08	488 B	9.7 kB	172.67.152.96
www.googletagmanager.com	75	2011-11-11	2012-10-04	2025-02-05	435 B	111 kB	142.250.74.168
www.shenyebjs.cc	unknown	unknown	2023-11-30	2024-12-22	908 B	0 B	0.0.0.0
www.36huo126che.xyz	unknown	2023-12-05	2024-05-29	2024-12-22	926 B	0 B	0.0.0.0
stringgame2.gozfpup.buzz	unknown	2023-10-14	2023-11-29	2025-01-05	1.5 kB	599 B	103.224.182.208
dbdh1.xyz	unknown	2023-07-03	2022-04-14	2024-12-22	431 B	76 B	103.224.212.213
sexinbook.net	unknown	2021-07-29	2021-07-29	2024-12-22	435 B	996 B	0.0.0.0
www.mmcku.click	unknown	2023-04-10	2023-04-15	2025-01-05	451 B	76 B	103.224.212.215
www.xinaicy.top	unknown	2023-10-24	2022-09-20	2024-12-22	904 B	0 B	0.0.0.0
www.supxxx.me	unknown	2024-05-12	2022-11-20	2024-12-22	435 B	76 B	103.224.212.214
kb17.xxxooav8cd345.xyz	unknown	2024-03-20	2024-03-21	2024-12-22	492 B	835 B	172.67.170.209
www.yaoli17.cc	unknown	2022-11-07	2022-12-05	2024-12-22	434 B	334 B	162.210.196.166
btrxq10.xyz	unknown	2023-10-29	2022-08-18	2024-12-22	894 B	0 B	0.0.0.0
hxzdh13.top	unknown	2023-03-15	2023-05-22	2024-12-22	866 B	0 B	0.0.0.0
www.18jms.com	unknown	2021-08-18	2022-11-20	2024-12-22	455 B	128 kB	104.21.80.1
2ikmk.flyd56.buzz	unknown	unknown	No data	No data	426 B	24 kB	104.21.0.237
gqzmnactv.one	unknown	2023-07-07	2023-08-17	2024-12-22	482 B	0 B	0.0.0.0
yuenuge178.xyz	unknown	2022-05-29	2022-05-29	2024-12-22	436 B	0 B	0.0.0.0
www.ywtv.top	unknown	2023-04-07	2022-11-20	2024-12-22	904 B	0 B	0.0.0.0
95c824xiuxiu275.kaiche2.com	unknown	2023-03-16	2023-05-21	2024-12-22	472 B	840 B	104.21.19.126
www.avjzy30.xyz	unknown	2024-01-14	2023-01-05	2024-12-22	437 B	76 B	103.224.212.216
www.1111mod.net	unknown	2021-01-28	2022-11-20	2024-12-22	457 B	335 B	69.162.95.5
dingmancn.com	unknown	2024-03-25	2022-06-30	2024-12-22	443 B	337 B	212.32.237.90
honglou.one	unknown	2021-09-01	2021-09-01	2024-12-22	431 B	2.1 kB	172.67.140.110
xn--05-4k6c74cf51n.pdm-0x1five.top	unknown	2024-09-24	2024-09-24	2024-12-22	454 B	1.6 kB	134.122.135.200
www.juzihot.top	unknown	2023-08-18	2022-11-20	2024-12-22	451 B	76 B	103.224.182.248
9cha22.cc	unknown	2023-11-04	2023-11-04	2024-12-22	447 B	0 B	0.0.0.0
yn18jpo.buzz	unknown	2024-07-10	2024-07-24	2024-12-22	460 B	921 B	0.0.0.0
static.zafbpzafbp.xyz	unknown	2024-11-08	2024-12-22	2024-12-22	1.5 kB	1.6 MB	104.21.34.175
3wf.52crs178.xyz	unknown	2024-03-20	2024-05-29	2024-09-22	460 B	825 B	0.0.0.0
7788.vywaax.com	unknown	2023-12-20	2024-05-29	2024-12-22	437 B	0 B	0.0.0.0
17sjx.net	unknown	2024-11-05	2024-12-22	2025-02-05	454 B	892 B	0.0.0.0
ni240.zfp79.buzz	unknown	2025-01-23	2025-02-08	2025-02-08	5.9 kB	3.9 MB	104.21.48.1
xn--yds422hm4f.nupuu-up.sbs	unknown	2023-12-08	2024-04-28	2024-12-22	462 B	0 B	0.0.0.0
3036.efmuyibcu.tips	unknown	2024-03-18	2024-03-22	2024-12-22	452 B	9.0 kB	104.21.112.1
vd008-universe-portal-wap.chuanyuwenhua.com	unknown	2021-09-28	2023-06-21	2024-12-22	469 B	0 B	0.0.0.0
np49.vip	unknown	unknown	2023-01-16	2024-12-22	874 B	0 B	0.0.0.0
o1760.tjs72.buzz	unknown	unknown	No data	No data	9.6 kB	1.2 MB	172.67.146.29
www.saonidh.live	unknown	2024-06-03	2023-04-01	2024-12-22	447 B	1.8 kB	199.59.243.228
p20.336t.com	unknown	2015-10-04	2021-05-07	2025-01-20	909 B	6.2 kB	142.4.121.198
abc.zafbp.xyz	unknown	2024-10-09	2024-10-22	2024-12-22	485 B	5.6 kB	104.21.11.95
hello.38shunv11.buzz	unknown	2024-08-04	2024-08-04	2024-12-22	458 B	16 kB	172.67.152.149
www.csmen38.cc	unknown	2024-03-19	2024-05-29	2024-12-22	455 B	938 B	0.0.0.0
tt.lltt105.top	unknown	2024-09-12	2024-10-22	2024-12-22	461 B	0 B	0.0.0.0
yn18j100.buzz	unknown	2024-02-28	2024-02-28	2024-12-22	461 B	875 B	0.0.0.0

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-02-08	medium	zafbpzafbp.xyz	Sinkholed
2025-02-08	medium	efmuyibcu.tips	Sinkholed
2025-02-08	medium	zafbpzafbp.xyz	Sinkholed
2025-02-08	medium	zafbpzafbp.xyz	Sinkholed
2025-02-08	medium	9cha22.cc	Sinkholed
2025-02-08	medium	shenyebjs.cc	Sinkholed
2025-02-08	medium	jokerlu.today	Sinkholed
2025-02-08	medium	btrxq10.xyz	Sinkholed
2025-02-08	medium	36huo126che.xyz	Sinkholed
2025-02-08	medium	shenyebjs.cc	Sinkholed
2025-02-08	medium	hxzdh13.top	Sinkholed
2025-02-08	medium	gqzmnactv.one	Sinkholed
2025-02-08	medium	xinaicy.top	Sinkholed
2025-02-08	medium	xinaicy.top	Sinkholed
2025-02-08	medium	sld9.buzz	Sinkholed
2025-02-08	medium	np49.vip	Sinkholed
2025-02-08	medium	yuenuge178.xyz	Sinkholed
2025-02-08	medium	ywtv.top	Sinkholed
2025-02-08	medium	ywtv.top	Sinkholed
2025-02-08	medium	jokerlu.today	Sinkholed
2025-02-08	medium	hxzdh13.top	Sinkholed
2025-02-08	medium	36huo126che.xyz	Sinkholed
2025-02-08	medium	nupuu-up.sbs	Sinkholed
2025-02-08	medium	np49.vip	Sinkholed
2025-02-08	medium	sld9.buzz	Sinkholed
2025-02-08	medium	btrxq10.xyz	Sinkholed

ThreatFox

No alerts detected

JavaScript (5)

	URL	From	Size	First Seen	Last Seen
	o1760.tjs72.buzz/skin/bld/jquery.min.js	ScriptElement	83 kB	2023-03-07	2025-08-08
URL o1760.tjs72.buzz/skin/bld/jquery.min.js IP / ASN 172.67.146.29 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-07 Last Seen 2025-08-08 Times Seen 1068 Size 83 kB (83095 bytes) MD5 2edc942c0bd2476be8967a9f788d9e26 SHA1 0be05c714a7e6cf28fe692629ece5b3769901dca SHA256 d482871a5e948cb4884fa0972ea98a81abca057b6bd3f8c995a18c12487e761c Format Code Loading...

	o1760.tjs72.buzz/skin/bld/layer.min.js	ScriptElement	22 kB	2023-03-07	2025-08-09
URL o1760.tjs72.buzz/skin/bld/layer.min.js IP / ASN 172.67.146.29 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-07 Last Seen 2025-08-09 Times Seen 166 Size 22 kB (21713 bytes) MD5 060444af631570264c5b3f957e26f5e3 SHA1 8278c4d47ac985481da0e5efb922457eaaf1dc0c SHA256 7ed41c1149adf244bf700213886bfe8648d164942eb68527a7476bb7955c5af9 Format Code Loading...

	o1760.tjs72.buzz/	ScriptElement	153 B	2023-03-11	2025-03-15
URL o1760.tjs72.buzz/ IP / ASN 172.67.146.29 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Info First Seen 2023-03-11 Last Seen 2025-03-15 Times Seen 8 Size 153 B (153 bytes) MD5 11bbb4e4c20c72b8573c77680fbb26af SHA1 354b69b66ac3955e6be0c35e175626fc89952d77 SHA256 568aa89569c6b4d52f16d3e44c4edf78eef560b0b0d96f5cfef2da39c850e54a Format Code Loading...

	o1760.tjs72.buzz/	ScriptElement	192 B	2023-03-11	2025-03-15
URL o1760.tjs72.buzz/ IP / ASN 172.67.146.29 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Info First Seen 2023-03-11 Last Seen 2025-03-15 Times Seen 8 Size 192 B (192 bytes) MD5 98ce866e9776088a035bcc33fbc59861 SHA1 9c0a6ef62c0a30b0298afcacb7cb0a4898d97673 SHA256 876c6053e670aeefd313dc79514b7cc6433b1c64f3e56397d384b1cbe90ff763 Format Code Loading...

	www.googletagmanager.com/gtag/js?id=G-CT5BTP05M6	ScriptElement	326 kB	2025-02-08	2025-02-08
URL www.googletagmanager.com/gtag/js?id=G-CT5BTP05M6 IP / ASN 142.250.74.168 #15169 GOOGLE Introduced by ScriptElement Embedded false Resource Info First Seen 2025-02-08 Last Seen 2025-02-08 Times Seen 1 Size 326 kB (325793 bytes) MD5 6c9f548e51c2ece029ca2787a6a75fbe SHA1 066f4ce4e340799926da79084e4a9c45a9063a5e SHA256 cc4b04b5d473605f521a832c30bc14c087228d21cff84ac5c763618db43d5d4c Format Code Loading...

HTTP Transactions (107)

URL IP Response Size

GET o1760.tjs72.buzz/skin/bld/logo.png

172.67.146.29

200 OK

14 kB

URL GET HTTPS

o1760.tjs72.buzz/skin/bld/logo.png

IP / ASN

172.67.146.29

#13335 CLOUDFLARENET

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typePNG image data, 200 x 64, 8-bit/color RGBA, non-interlaced

First Seen2024-05-30

Last Seen2025-06-13

Times Seen10

Size14 kB (13943 bytes)

MD57b2e2d16ef2037b813533a140860e89e

SHA1fa25fe4926be28954425f666ca76867318e95a8c

SHA256aa3611e7a4a0fa121b15f2e65d4f748602bf878438528aa657fe22d74f54a9fa

Certificate Info

IssuerGoogle Trust Services

Subjecttjs72.buzz

Fingerprint79:A5:CA:60:18:FB:9E:89:FC:89:87:2A:69:82:72:99:03:13:A6:0F

ValidityThu, 23 Jan 2025 10:19:19 GMT - Wed, 23 Apr 2025 11:18:07 GMT

HTTP Headers

GET /skin/bld/logo.png HTTP/1.1
Host: o1760.tjs72.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://o1760.tjs72.buzz/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 08 Feb 2025 04:44:12 GMT
content-type: image/png
content-length: 13943
last-modified: Tue, 31 Oct 2023 17:40:31 GMT
etag: "3677-60906a6b42ef0"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AZvLjVH2EWmWjdjgv%2Fd3OFbXtnLYT193pAFG66nfQUR2zxgBJuQfkTxav30Nithgli%2BUSYxcvCTNlaFyntFtuVfgAZfL3YNp6LzoSzgAChZH34emMF4fZh6guq7DRn3jIEty"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90e8f69128ad0b45-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4256&min_rtt=2420&rtt_var=2218&sent=26&recv=21&lost=0&retrans=0&sent_bytes=4492&recv_bytes=5376&delivery_rate=245420&cwnd=12000&unsent_bytes=0&cid=a66135766530ee96&ts=707&x=1", cfExtPri, cfHdrFlush;dur=0

GET o1760.tjs72.buzz/e/data/tmp/titlepic/56f7c4abda3c5622ea9abcaedd18f2e4.gif

172.67.146.29

200 OK

254 B

URL GET HTTPS

o1760.tjs72.buzz/e/data/tmp/titlepic/56f7c4abda3c5622ea9abcaedd18f2e4.gif

IP / ASN

172.67.146.29

#13335 CLOUDFLARENET

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeGIF image data, version 89a, 16 x 17

First Seen2023-04-08

Last Seen2025-08-03

Times Seen2199

Size254 B (254 bytes)

MD5b013f8fa3ec997fe20dc80b82af0ad0a

SHA1e02ce6c30d5c0abfaa3e008d1a3ce7d11f299ed9

SHA256119bff063d1d402fdf6e48bc7e681d48aabfb9bc65378dfcf64a8845ec3fceef

Certificate Info

IssuerGoogle Trust Services

Subjecttjs72.buzz

Fingerprint79:A5:CA:60:18:FB:9E:89:FC:89:87:2A:69:82:72:99:03:13:A6:0F

ValidityThu, 23 Jan 2025 10:19:19 GMT - Wed, 23 Apr 2025 11:18:07 GMT

HTTP Headers

GET /e/data/tmp/titlepic/56f7c4abda3c5622ea9abcaedd18f2e4.gif HTTP/1.1
Host: o1760.tjs72.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://o1760.tjs72.buzz/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 08 Feb 2025 04:44:12 GMT
content-type: image/gif
content-length: 254
last-modified: Tue, 31 Oct 2023 17:40:31 GMT
etag: "fe-60906a6b0db60"
accept-ranges: bytes
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uEZ1sgWHoH8qiUWjOkDA5I1udzHeP8xb3HwqeqoR1S3GdwIakBzW5GltNSG2I%2FewiJ5Vk40eGQ4RKGaOPNsp1Tm2kLc70X5AuBnRg04AZjmsSJ9Hm3gIidEYFq9Q%2BJio5rwj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 90e8f69178bc0b45-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=6116&min_rtt=2420&rtt_var=4318&sent=43&recv=24&lost=0&retrans=0&sent_bytes=23407&recv_bytes=5508&delivery_rate=371882&cwnd=24000&unsent_bytes=0&cid=a66135766530ee96&ts=764&x=1", cfExtPri, cfHdrFlush;dur=0

GET o1760.tjs72.buzz/e/data/tmp/titlepic/7f5a024ef19e26c38dba43940272ef3f.png

172.67.146.29

200 OK

419 B

URL GET HTTPS

o1760.tjs72.buzz/e/data/tmp/titlepic/7f5a024ef19e26c38dba43940272ef3f.png

IP / ASN

172.67.146.29

#13335 CLOUDFLARENET

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typePNG image data, 30 x 30, 8-bit colormap, non-interlaced

First Seen2024-05-30

Last Seen2025-06-13

Times Seen10

Size419 B (419 bytes)

MD5590112d27ea804bba0e712b6f2d6a6f2

SHA12a76fdb33682067124d7f3a691951d60621b39b8

SHA2563524e10ef18333cbf7e745db156860cb24c89031d1b4b42292788802b1a31850

Certificate Info

IssuerGoogle Trust Services

Subjecttjs72.buzz

Fingerprint79:A5:CA:60:18:FB:9E:89:FC:89:87:2A:69:82:72:99:03:13:A6:0F

ValidityThu, 23 Jan 2025 10:19:19 GMT - Wed, 23 Apr 2025 11:18:07 GMT

HTTP Headers

GET /e/data/tmp/titlepic/7f5a024ef19e26c38dba43940272ef3f.png HTTP/1.1
Host: o1760.tjs72.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://o1760.tjs72.buzz/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 08 Feb 2025 04:44:12 GMT
content-type: image/png
content-length: 419
last-modified: Sat, 08 Feb 2025 00:42:46 GMT
etag: "1a3-62d96c104d80a"
accept-ranges: bytes
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P3iW2nK6hX7VRr5V%2BjxghHopRVppmtdrYZFZ0Y%2FRPxmIBLdBL4hJN3ocIcQUvpp4foz4Hg9F0ac6JMfSSddTwucJd7noRL8uyM%2FrB7P1c%2FX1cDHbSAJqtyOezI9AM2L%2F7tx%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 90e8f69208e30b45-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=5954&min_rtt=2420&rtt_var=2924&sent=70&recv=26&lost=0&retrans=0&sent_bytes=54691&recv_bytes=5597&delivery_rate=1466699&cwnd=24000&unsent_bytes=0&cid=a66135766530ee96&ts=820&x=1", cfExtPri, cfHdrFlush;dur=0

GET o1760.tjs72.buzz/e/data/tmp/titlepic/867d9ab62d12200cf9abc7af1b1971d2.jpg

172.67.146.29

200 OK

5.1 kB

URL GET HTTPS

o1760.tjs72.buzz/e/data/tmp/titlepic/867d9ab62d12200cf9abc7af1b1971d2.jpg

IP / ASN

172.67.146.29

#13335 CLOUDFLARENET

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 148x148, components 3

First Seen2024-05-30

Last Seen2025-06-13

Times Seen10

Size5.1 kB (5090 bytes)

MD53b87e50e1450f3f966b320b781504ad9

SHA1cd2cf8a873d227b1ef968e0fbf5f48a113737d5d

SHA2564d19654e2b7766f5fceb3e8b685927d5b439eac4a5cf03f1d758afa65b4fb011

Certificate Info

IssuerGoogle Trust Services

Subjecttjs72.buzz

Fingerprint79:A5:CA:60:18:FB:9E:89:FC:89:87:2A:69:82:72:99:03:13:A6:0F

ValidityThu, 23 Jan 2025 10:19:19 GMT - Wed, 23 Apr 2025 11:18:07 GMT

HTTP Headers

GET /e/data/tmp/titlepic/867d9ab62d12200cf9abc7af1b1971d2.jpg HTTP/1.1
Host: o1760.tjs72.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://o1760.tjs72.buzz/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 08 Feb 2025 04:44:12 GMT
content-type: image/jpeg
content-length: 5090
last-modified: Tue, 31 Oct 2023 17:40:31 GMT
etag: "13e2-60906a6b0f6b8"
accept-ranges: bytes
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o5IF%2FU29%2BU%2Fu8fXz3v271GQupNAVfxrkDKGILLzpo%2B1fg%2FG%2FLM2Z%2BkgcuvEGIpVYT8ouUwKcBpkuXBOWgQLncq0vnfd9FBxZcpbyM7ssepEwxPVSDIJf10xAOK%2B0a4yLb9ib"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 90e8f69278f70b45-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4869&min_rtt=2080&rtt_var=2925&sent=91&recv=29&lost=0&retrans=0&sent_bytes=78065&recv_bytes=5734&delivery_rate=3462280&cwnd=24000&unsent_bytes=0&cid=a66135766530ee96&ts=933&x=1", cfExtPri, cfHdrFlush;dur=0

GET o1760.tjs72.buzz/e/data/tmp/titlepic/7272cc0eecf515ef83fafd9516d1223f.jpg

172.67.146.29

200 OK

15 kB

URL GET HTTPS

o1760.tjs72.buzz/e/data/tmp/titlepic/7272cc0eecf515ef83fafd9516d1223f.jpg

IP / ASN

172.67.146.29

#13335 CLOUDFLARENET

Requested byhttps://o1760.tjs72.buzz/

Resource Info

First Seen2023-08-17

Last Seen2025-06-13

Times Seen15

Size15 kB (14763 bytes)

MD559508b06518c117a7098c6b9366cfe89

SHA12cd7a11d7c9ff79e104f9aa6a90ca5d729361e20

SHA2564644afe4fad6f75c571f1bf36e01491dbd961e5bf9c082184c4497e0211bc020

Certificate Info

IssuerGoogle Trust Services

Subjecttjs72.buzz

Fingerprint79:A5:CA:60:18:FB:9E:89:FC:89:87:2A:69:82:72:99:03:13:A6:0F

ValidityThu, 23 Jan 2025 10:19:19 GMT - Wed, 23 Apr 2025 11:18:07 GMT

HTTP Headers

GET /e/data/tmp/titlepic/7272cc0eecf515ef83fafd9516d1223f.jpg HTTP/1.1
Host: o1760.tjs72.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://o1760.tjs72.buzz/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 08 Feb 2025 04:44:12 GMT
content-type: image/jpeg
content-length: 14763
last-modified: Tue, 31 Oct 2023 17:40:31 GMT
etag: "39ab-60906a6b0db60"
accept-ranges: bytes
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ke8Jc8FeuR2CzMws4aN8lnyRJn7Wlmc9lhwLke0CZk2neSmmc9e%2B%2Fm1IHolsj0BkBH0cTHdsCgOuNvG6qvml08NroG%2BWfBue06PIwC5KtaAJedITvA%2F2eKMwFqcrjtTakyku"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 90e8f691a8ce0b45-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=5882&min_rtt=2420&rtt_var=3707&sent=57&recv=25&lost=0&retrans=0&sent_bytes=39513&recv_bytes=5552&delivery_rate=3213396&cwnd=24000&unsent_bytes=0&cid=a66135766530ee96&ts=774&x=1", cfExtPri, cfHdrFlush;dur=0

GET o1760.tjs72.buzz/e/data/tmp/titlepic/3e8354363713a1df49da6628c79c4c24.png

172.67.146.29

200 OK

31 kB

URL GET HTTPS

o1760.tjs72.buzz/e/data/tmp/titlepic/3e8354363713a1df49da6628c79c4c24.png

IP / ASN

172.67.146.29

#13335 CLOUDFLARENET

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typePNG image data, 192 x 187, 8-bit/color RGB, non-interlaced

First Seen2023-05-21

Last Seen2025-06-13

Times Seen15

Size31 kB (30732 bytes)

MD59d15adabef0732434f3f352bbeed8e69

SHA113f75518ffb055a6fcd0988ad7b8b277da8b2218

SHA2562930d3312d77153943b6dc5a12074738999a1adeb695f5852ab0504f95ad093c

Certificate Info

IssuerGoogle Trust Services

Subjecttjs72.buzz

Fingerprint79:A5:CA:60:18:FB:9E:89:FC:89:87:2A:69:82:72:99:03:13:A6:0F

ValidityThu, 23 Jan 2025 10:19:19 GMT - Wed, 23 Apr 2025 11:18:07 GMT

HTTP Headers

GET /e/data/tmp/titlepic/3e8354363713a1df49da6628c79c4c24.png HTTP/1.1
Host: o1760.tjs72.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://o1760.tjs72.buzz/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 08 Feb 2025 04:44:12 GMT
content-type: image/png
content-length: 30732
last-modified: Sat, 08 Feb 2025 00:42:46 GMT
etag: "780c-62d96c104c86a"
accept-ranges: bytes
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WRGT4i5%2B07NaNpLKyjtRaGi4D26XaeMwF3c%2BpjOybpHakZEUePgTVoRmka%2FWZunlBxt94eI%2FZbSmCI1Jltp95ITWx5GEZHfLf8TkDoT0jDwtSoJcDGlvXFtyS%2BMczpBoumNG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 90e8f69178be0b45-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=6116&min_rtt=2420&rtt_var=4318&sent=44&recv=24&lost=0&retrans=0&sent_bytes=24331&recv_bytes=5508&delivery_rate=371882&cwnd=24000&unsent_bytes=0&cid=a66135766530ee96&ts=766&x=1", cfExtPri, cfHdrFlush;dur=0

GET o1760.tjs72.buzz/skin/bld/default_icon.jpg

172.67.146.29

200 OK

34 kB

URL GET HTTPS

o1760.tjs72.buzz/skin/bld/default_icon.jpg

IP / ASN

172.67.146.29

#13335 CLOUDFLARENET

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeJPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 23.5 (Macintosh), datetime=2022:12:04 23:17:30], baseline, precision 8, 604x421, components 3

First Seen2024-05-30

Last Seen2025-06-13

Times Seen10

Size34 kB (34098 bytes)

MD5aa89c7cee5050693bdac59a0f94eabc8

SHA1ed854b4ca3f960e61b7cca1054fbaad43fdfb30c

SHA2565dce9d7a8118027dc4fea1cef2701eacbdf956987ec2783b00a2b28a9810f054

Certificate Info

IssuerGoogle Trust Services

Subjecttjs72.buzz

Fingerprint79:A5:CA:60:18:FB:9E:89:FC:89:87:2A:69:82:72:99:03:13:A6:0F

ValidityThu, 23 Jan 2025 10:19:19 GMT - Wed, 23 Apr 2025 11:18:07 GMT

HTTP Headers

GET /skin/bld/default_icon.jpg HTTP/1.1
Host: o1760.tjs72.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://o1760.tjs72.buzz/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 08 Feb 2025 04:44:13 GMT
content-type: image/jpeg
content-length: 34098
last-modified: Tue, 31 Oct 2023 17:40:31 GMT
etag: "8532-60906a6b43e90"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TGPQ3t5SQ4jqUUj1gtD7aPbm9t6HebqVTN5I3xFOnbjP6ZvIR12n3h7HfuewK0crjQoNq6rFDrR5oDuUN8UNzc1w%2FAlq7S1RbgTmlvvUG2ij0ZM1c0SGe0MIT6KzuvOXKFrk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90e8f69188c10b45-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2996&min_rtt=1004&rtt_var=2211&sent=114&recv=36&lost=0&retrans=0&sent_bytes=101619&recv_bytes=6049&delivery_rate=2517356&cwnd=24000&unsent_bytes=0&cid=a66135766530ee96&ts=1011&x=1", cfExtPri, cfHdrFlush;dur=0

GET o1760.tjs72.buzz/d/file/tjimg/2022-12-05/8cdf50d73b7e63e86a5958b12817cf88.png

172.67.146.29

200 OK

47 kB

URL GET HTTPS

o1760.tjs72.buzz/d/file/tjimg/2022-12-05/8cdf50d73b7e63e86a5958b12817cf88.png

IP / ASN

172.67.146.29

#13335 CLOUDFLARENET

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typePNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced

First Seen2023-05-14

Last Seen2025-06-13

Times Seen20

Size47 kB (47257 bytes)

MD5ed8b78a84dd4881bd0ded5bb68adb5f2

SHA1ae7701799d1358c995eaa47b77635787afd1b939

SHA25618c611616fc95a7c9db154bd36f01b7c98f867611c58884b52327842354726c1

Certificate Info

IssuerGoogle Trust Services

Subjecttjs72.buzz

Fingerprint79:A5:CA:60:18:FB:9E:89:FC:89:87:2A:69:82:72:99:03:13:A6:0F

ValidityThu, 23 Jan 2025 10:19:19 GMT - Wed, 23 Apr 2025 11:18:07 GMT

HTTP Headers

GET /d/file/tjimg/2022-12-05/8cdf50d73b7e63e86a5958b12817cf88.png HTTP/1.1
Host: o1760.tjs72.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://o1760.tjs72.buzz/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 08 Feb 2025 04:44:13 GMT
content-type: image/png
content-length: 47257
last-modified: Tue, 31 Oct 2023 17:40:31 GMT
etag: "b899-60906a6b9a948"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LepTpcxVVdHsgX9xoli67yrrj5CBMsXAdnU0Q4E82XkjIVMm5oZXsaao%2F%2Bm%2BOSleCZLUvw4KpOXEwazX%2FEtNyenrZBhRTcZPeil9U8w0EpuoRLdONnxi7tkpgPWgJajX6v1G"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90e8f69178b90b45-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2723&min_rtt=1004&rtt_var=1280&sent=145&recv=39&lost=0&retrans=0&sent_bytes=137276&recv_bytes=6187&delivery_rate=459408&cwnd=50400&unsent_bytes=0&cid=a66135766530ee96&ts=1106&x=1", cfExtPri, cfHdrFlush;dur=0

GET www.saonidh.live/template/dxy/saoni.png

199.59.243.228

200 OK

1.1 kB

URL GET HTTPS

www.saonidh.live/template/dxy/saoni.png

IP / ASN

199.59.243.228

#16509 AMAZON-02

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeHTML document, ASCII text, with very long lines (398)

First Seen2025-02-08

Last Seen2025-02-08

Times Seen1

Size1.1 kB (1130 bytes)

MD55726f7d8ebf05968f67e3eee411ff13f

SHA1e2ca5aee0070085382532c9e53559e1db2a44b67

SHA25640a60fd8758a9b9f9f04b9a7a1a80c11abf6cabca76d3c3d4fd7ecd68b42e4d1

Certificate Info

IssuerLet's Encrypt

Subjectsaonidh.live

Fingerprint23:12:D0:65:27:2C:32:ED:FA:BD:90:E0:B1:DB:0D:19:04:DE:85:7C

ValiditySun, 01 Dec 2024 02:08:05 GMT - Sat, 01 Mar 2025 02:08:04 GMT

HTTP Headers

GET /template/dxy/saoni.png HTTP/1.1
Host: www.saonidh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 08 Feb 2025 04:44:13 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1130
X-Request-Id: aa3fee1f-01d7-44e2-bdc1-092fb96547a8
Cache-Control: no-store, max-age=0
Accept-Ch: sec-ch-prefers-color-scheme
Critical-Ch: sec-ch-prefers-color-scheme
Vary: sec-ch-prefers-color-scheme
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_Tq0tKVJ1cdr6H6T94RbmvOi87QATrEDBgYp2YZsnqFryHs0U9LA77i/izFaTeOC8Y11+p1KNMjz8VDZIrScLnA==
Set-Cookie: parking_session=aa3fee1f-01d7-44e2-bdc1-092fb96547a8; expires=Sat, 08 Feb 2025 04:59:13 GMT; path=/
Connection: close

GET www.1111mod.net/template/1111mod/html/favicon.ico

69.162.95.5

404 Not Found

9 B

URL GET HTTPS

www.1111mod.net/template/1111mod/html/favicon.ico

IP / ASN

69.162.95.5

#46475 LIMESTONENETWORKS

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeASCII text, with no line terminators

First Seen2023-03-08

Last Seen2025-08-09

Times Seen11176

Size9 B (9 bytes)

MD5d8f4a1993546cc4b850cde3599e27aec

SHA1094b763b4cfcc0b05e5d040581cd513c3ca08067

SHA256907ba78b4545338d3539683e63ecb51cf51c10adc9dabd86e92bd52339f298b9

Certificate Info

IssuerLet's Encrypt

Subject1111mod.net

Fingerprint38:8C:BA:0C:EC:4E:BB:69:5E:4C:1F:BE:C0:34:01:B2:63:BA:39:9B

ValidityWed, 27 Nov 2024 19:33:39 GMT - Tue, 25 Feb 2025 19:33:38 GMT

HTTP Headers

GET /template/1111mod/html/favicon.ico HTTP/1.1
Host: www.1111mod.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
cache-control: max-age=0, private, must-revalidate
content-length: 9
date: Sat, 08 Feb 2025 04:44:13 GMT
server: Cowboy
set-cookie: sid=589f2945-e5d7-11ef-9cad-246ab5786827; path=/; domain=.1111mod.net; expires=Thu, 26 Feb 2093 07:58:20 GMT; max-age=2147483647; secure; HttpOnly
X-Firefox-Spdy: h2

GET p20.336t.com/f/4/skin/ecms813/img/favicon.ico

142.4.121.198

200 OK

4.3 kB

URL GET HTTPS

p20.336t.com/f/4/skin/ecms813/img/favicon.ico

IP / ASN

142.4.121.198

#54600 PEG-SV

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeMS Windows icon resource - 1 icon, 32x32, 32 bits/pixel

First Seen2023-05-21

Last Seen2025-03-15

Times Seen13

Size4.3 kB (4286 bytes)

MD563a8093bf5c983b51d817b38e62a895b

SHA19d36f0bd585496ea97514ad126bbf9f3e0338777

SHA2568805e590ac03d3f0056af481e0ed87682b8afe447b007db6cf7360d8ecb58f98

Certificate Info

IssuerLet's Encrypt

Subject*.336t.com

FingerprintB4:6D:77:22:EF:8A:49:B9:69:B5:E3:B0:D2:53:08:08:CC:47:50:A2

ValiditySun, 24 Nov 2024 09:15:20 GMT - Sat, 22 Feb 2025 09:15:19 GMT

HTTP Headers

GET /f/4/skin/ecms813/img/favicon.ico HTTP/1.1
Host: p20.336t.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Sat, 08 Feb 2025 04:35:41 GMT
Content-Type: image/vnd.microsoft.icon
Content-Length: 4286
Connection: keep-alive
Last-Modified: Sun, 15 Oct 2017 00:00:00 GMT
ETag: "10be-55b8a92334000"
Access-Control-Allow-Origin: *
Expires: Sun, 09 Feb 2025 04:35:41 GMT
Cache-Control: max-age=86400
x-cache: HIT
Accept-Ranges: bytes

GET www.yaoli17.cc/favicon.ico

162.210.196.166

404 Not Found

9 B

URL GET HTTPS

www.yaoli17.cc/favicon.ico

IP / ASN

162.210.196.166

#30633 LEASEWEB-USA-WDC

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeASCII text, with no line terminators

First Seen2023-03-08

Last Seen2025-08-09

Times Seen11176

Size9 B (9 bytes)

MD5d8f4a1993546cc4b850cde3599e27aec

SHA1094b763b4cfcc0b05e5d040581cd513c3ca08067

SHA256907ba78b4545338d3539683e63ecb51cf51c10adc9dabd86e92bd52339f298b9

Certificate Info

IssuerLet's Encrypt

Subjectyaoli17.cc

Fingerprint8C:86:D2:81:2E:8B:EA:3B:CB:B3:6C:1C:08:A7:56:78:7B:BC:E8:71

ValidityFri, 06 Dec 2024 09:04:40 GMT - Thu, 06 Mar 2025 09:04:39 GMT

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.yaoli17.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
cache-control: max-age=0, private, must-revalidate
content-length: 9
date: Sat, 08 Feb 2025 04:44:13 GMT
server: Cowboy
set-cookie: sid=58a238c3-e5d7-11ef-bb68-282229cf2963; path=/; domain=.yaoli17.cc; expires=Thu, 26 Feb 2093 07:58:20 GMT; max-age=2147483647; secure; HttpOnly
X-Firefox-Spdy: h2

GET p20.336t.com/f/5/skin/ecms082/images/favicon.ico

142.4.121.198

200 OK

1.2 kB

URL GET HTTPS

p20.336t.com/f/5/skin/ecms082/images/favicon.ico

IP / ASN

142.4.121.198

#54600 PEG-SV

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeMS Windows icon resource - 1 icon, 16x16, 32 bits/pixel

First Seen2023-05-21

Last Seen2025-03-15

Times Seen14

Size1.2 kB (1150 bytes)

MD57b55640e6c04a399568b40dd55aa4fc8

SHA1f804afe138ce09808af996a6f6723f007a9b436f

SHA25632acf4361d291710f7c8b9e6d5369b3bcebe32250d8474e08787e56e6bd5dbaf

Certificate Info

IssuerLet's Encrypt

Subject*.336t.com

FingerprintB4:6D:77:22:EF:8A:49:B9:69:B5:E3:B0:D2:53:08:08:CC:47:50:A2

ValiditySun, 24 Nov 2024 09:15:20 GMT - Sat, 22 Feb 2025 09:15:19 GMT

HTTP Headers

GET /f/5/skin/ecms082/images/favicon.ico HTTP/1.1
Host: p20.336t.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Sat, 08 Feb 2025 04:35:41 GMT
Content-Type: image/vnd.microsoft.icon
Content-Length: 1150
Connection: keep-alive
Last-Modified: Tue, 21 Jan 2020 23:36:28 GMT
ETag: "47e-59caee07bb700"
Access-Control-Allow-Origin: *
Expires: Sun, 09 Feb 2025 04:35:41 GMT
Cache-Control: max-age=86400
x-cache: HIT
Accept-Ranges: bytes

GET anada8.xyz/go/d/file/tjimg/2024-05-25/58fb51e0ae7a8ab27cdc4fcd77cb023a.jpg

172.67.217.229

301 Moved Permanently

504 B

URL GET HTTPS

anada8.xyz/go/d/file/tjimg/2024-05-25/58fb51e0ae7a8ab27cdc4fcd77cb023a.jpg

IP / ASN

172.67.217.229

#13335 CLOUDFLARENET

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typedata

First Seen2025-02-08

Last Seen2025-02-08

Times Seen1

Size504 B (504 bytes)

MD56abcd1c9a8fce891e7e9d4d8ae7e5956

SHA1b89a9305ed3f8a39bd7d1252a82b7693961ca998

SHA25660985120348a052361beb69d11b3a20cc8a3b98e0e42abfa4ee8184f4580b991

Certificate Info

IssuerGoogle Trust Services

Subjectanada8.xyz

FingerprintDB:01:5E:98:35:77:4E:CD:A4:62:52:17:F9:D4:C4:55:EE:E9:4C:B4

ValidityThu, 09 Jan 2025 18:20:53 GMT - Wed, 09 Apr 2025 19:19:13 GMT

HTTP Headers

GET /go/d/file/tjimg/2024-05-25/58fb51e0ae7a8ab27cdc4fcd77cb023a.jpg HTTP/1.1
Host: anada8.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Sat, 08 Feb 2025 04:44:13 GMT
content-type: text/html; charset=UTF-8
location: https://ni240.zfp79.buzz/d/file/tjimg/2024-05-25/58fb51e0ae7a8ab27cdc4fcd77cb023a.jpg
x-powered-by: PHP/5.4.16
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B6ZyvqVDqS04sYHEuJQ7Alk6LSHfWtRsz%2FVIotVSjKUNDK04uPD28sCpM2ob8qeirf18pXqaLGK%2F5HhHpCr1xqAfG7PTJExZ14weDwju1BGeqF2UMN%2Bch4o58rq3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90e8f6934b7f0b55-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1012&min_rtt=405&rtt_var=995&sent=21&recv=27&lost=0&retrans=1&sent_bytes=5989&recv_bytes=1897&delivery_rate=6542168&cwnd=252&unsent_bytes=0&cid=b14a8449ab06f216&ts=1381&x=0"
X-Firefox-Spdy: h2

GET dingmancn.com/assets/v1/favicon.ico

212.32.237.90

404 Not Found

9 B

URL GET HTTPS

dingmancn.com/assets/v1/favicon.ico

IP / ASN

212.32.237.90

#60781 LeaseWeb Netherlands B.V.

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeASCII text, with no line terminators

First Seen2023-03-08

Last Seen2025-08-09

Times Seen11176

Size9 B (9 bytes)

MD5d8f4a1993546cc4b850cde3599e27aec

SHA1094b763b4cfcc0b05e5d040581cd513c3ca08067

SHA256907ba78b4545338d3539683e63ecb51cf51c10adc9dabd86e92bd52339f298b9

Certificate Info

IssuerLet's Encrypt

Subjectdingmancn.com

FingerprintAB:78:74:0E:FA:CE:44:5B:2D:32:52:5E:F9:2A:8F:91:E3:23:B2:9B

ValidityThu, 28 Nov 2024 01:02:51 GMT - Wed, 26 Feb 2025 01:02:50 GMT

HTTP Headers

GET /assets/v1/favicon.ico HTTP/1.1
Host: dingmancn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
cache-control: max-age=0, private, must-revalidate
content-length: 9
date: Sat, 08 Feb 2025 04:44:13 GMT
server: Cowboy
set-cookie: sid=58ca45b7-e5d7-11ef-8223-6c633ae84250; path=/; domain=.dingmancn.com; expires=Thu, 26 Feb 2093 07:58:21 GMT; max-age=2147483647; secure; HttpOnly
X-Firefox-Spdy: h2

GET 5g0kp.flyd28.buzz/%E5%A4%A7%E5%90%89%E5%A4%A7%E5%88%A9/data/85-85.ico

172.67.172.152

301 Moved Permanently

167 B

URL GET HTTPS

5g0kp.flyd28.buzz/%E5%A4%A7%E5%90%89%E5%A4%A7%E5%88%A9/data/85-85.ico

IP / ASN

172.67.172.152

#13335 CLOUDFLARENET

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeHTML document, ASCII text, with CRLF line terminators

First Seen2023-04-05

Last Seen2025-03-02

Times Seen190492

Size167 B (167 bytes)

MD50104c301c5e02bd6148b8703d19b3a73

SHA17436e0b4b1f8c222c38069890b75fa2baf9ca620

SHA256446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f

Certificate Info

IssuerGoogle Trust Services

Subjectflyd28.buzz

Fingerprint6D:96:76:BF:6B:63:0E:C8:13:61:00:EE:21:9B:E0:11:EA:B8:F3:8D

ValidityFri, 20 Dec 2024 23:11:50 GMT - Fri, 21 Mar 2025 00:10:29 GMT

HTTP Headers

GET /%E5%A4%A7%E5%90%89%E5%A4%A7%E5%88%A9/data/85-85.ico HTTP/1.1
Host: 5g0kp.flyd28.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Sat, 08 Feb 2025 04:44:14 GMT
content-type: text/html
content-length: 167
location: https://gogogo.falbycd.xyz/flyd/
cache-control: max-age=3600
expires: Sat, 08 Feb 2025 05:44:14 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cOdP5SQ1s4TUJjtjfhDld0sLhv55USeNRbXxOetloXuoLS%2Bp1OlAgrMeGOQiqFcsru%2BescD0pfm7fvLMSbThndhKUA465cryBWlKXj5V9m3a67FachoDFxq%2Ffqo38tPJVb%2Bp5Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90e8f69d0d835696-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=817&min_rtt=417&rtt_var=788&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3201&recv_bytes=1116&delivery_rate=7252086&cwnd=254&unsent_bytes=0&cid=7a12fe82e0ee2eba&ts=583&x=0"
X-Firefox-Spdy: h2

GET www.posdd.pw/template/hn/favicon.ico

192.157.56.139

404 Not Found

9 B

URL GET HTTPS

www.posdd.pw/template/hn/favicon.ico

IP / ASN

192.157.56.139

#55286 SERVER-MANIA

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeASCII text, with no line terminators

First Seen2023-03-08

Last Seen2025-08-09

Times Seen11176

Size9 B (9 bytes)

MD5d8f4a1993546cc4b850cde3599e27aec

SHA1094b763b4cfcc0b05e5d040581cd513c3ca08067

SHA256907ba78b4545338d3539683e63ecb51cf51c10adc9dabd86e92bd52339f298b9

Certificate Info

IssuerLet's Encrypt

Subjectposdd.pw

Fingerprint5C:44:CE:DF:53:C2:D4:C1:EF:D1:E0:6A:F3:B0:92:C0:65:22:AF:D7

ValidityWed, 27 Nov 2024 19:48:12 GMT - Tue, 25 Feb 2025 19:48:11 GMT

HTTP Headers

GET /template/hn/favicon.ico HTTP/1.1
Host: www.posdd.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
cache-control: max-age=0, private, must-revalidate
content-length: 9
date: Sat, 08 Feb 2025 04:44:14 GMT
server: Cowboy
set-cookie: sid=58cd8182-e5d7-11ef-8fc5-5af7393f1902; path=/; domain=.posdd.pw; expires=Thu, 26 Feb 2093 07:58:21 GMT; max-age=2147483647; secure; HttpOnly
X-Firefox-Spdy: h2

GET i6m0k8.kcqsysame.buzz/upload/vod/20241122-1/7cfd6d16c4ef6d909866161f0e1cb324.gif

172.67.152.96

403 Forbidden

8.8 kB

URL GET HTTPS

i6m0k8.kcqsysame.buzz/upload/vod/20241122-1/7cfd6d16c4ef6d909866161f0e1cb324.gif

IP / ASN

172.67.152.96

#13335 CLOUDFLARENET

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeHTML document, ASCII text, with very long lines (394)

First Seen2025-02-08

Last Seen2025-02-08

Times Seen1

Size8.8 kB (8787 bytes)

MD5c581747792ec972c4a4c2598f3128f9d

SHA1cd5d72e49eef0bf8ebea0c15e599ece1930735a1

SHA256e326ffa2a07d00ccf0c3e1baea903934140eabca8e108ea8a98365e8431a0708

Certificate Info

IssuerGoogle Trust Services

Subjectkcqsysame.buzz

FingerprintEA:AD:E8:2B:69:33:2E:88:49:3A:19:D9:46:C3:86:A4:0C:D9:90:66

ValidityThu, 30 Jan 2025 22:34:39 GMT - Wed, 30 Apr 2025 23:33:02 GMT

HTTP Headers

GET /upload/vod/20241122-1/7cfd6d16c4ef6d909866161f0e1cb324.gif HTTP/1.1
Host: i6m0k8.kcqsysame.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
date: Sat, 08 Feb 2025 04:44:12 GMT
content-type: text/html; charset=UTF-8
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: max-age=15
expires: Sat, 08 Feb 2025 04:44:27 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wjIdsAzNp3v6ok12oKLCUSvTAg5mUk5hgOZIuqYcW7W%2BJPyai2ZGP21eossH8n9p5MwJVOnyPBllKqh1FnletFeIrKP85zK1pLbzk3fSv2opm%2B4oDPS2ZaXm90VRWhP2DiIE35EM%2FDY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90e8f693bae3b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=521&min_rtt=437&rtt_var=152&sent=6&recv=10&lost=0&retrans=0&sent_bytes=3204&recv_bytes=1091&delivery_rate=6840944&cwnd=253&unsent_bytes=0&cid=e255a8ef63283115&ts=219&x=0"
X-Firefox-Spdy: h2

GET www.googletagmanager.com/gtag/js?id=G-CT5BTP05M6

142.250.74.168

200 OK

110 kB

URL GET HTTPS

www.googletagmanager.com/gtag/js?id=G-CT5BTP05M6

IP / ASN

142.250.74.168

#15169 GOOGLE

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeJavaScript source, ASCII text, with very long lines (5960)

First Seen2025-02-08

Last Seen2025-02-08

Times Seen1

Size110 kB (110186 bytes)

MD56c9f548e51c2ece029ca2787a6a75fbe

SHA1066f4ce4e340799926da79084e4a9c45a9063a5e

SHA256cc4b04b5d473605f521a832c30bc14c087228d21cff84ac5c763618db43d5d4c

Certificate Info

IssuerGoogle Trust Services

Subject*.google-analytics.com

Fingerprint18:BB:CC:69:33:72:62:2E:E5:B6:28:51:17:5B:BD:CE:CD:85:8D:B3

ValidityMon, 20 Jan 2025 08:36:04 GMT - Mon, 14 Apr 2025 08:36:03 GMT

HTTP Headers

GET /gtag/js?id=G-CT5BTP05M6 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 08 Feb 2025 04:44:14 GMT
expires: Sat, 08 Feb 2025 04:44:14 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1003:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1003:0
report-to: {"group":"ascgcycc:1003:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1003:0"}],}
server: Google Tag Manager
content-length: 110186
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET abc.zafbp.xyz/go/d/file/tjimg/2021-09-01/ba1e39f5b9595a68dc2afa1e3d1b8366.gif

104.21.11.95

301 Moved Permanently

4.7 kB

URL GET HTTPS

abc.zafbp.xyz/go/d/file/tjimg/2021-09-01/ba1e39f5b9595a68dc2afa1e3d1b8366.gif

IP / ASN

104.21.11.95

#13335 CLOUDFLARENET

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3

First Seen2025-02-08

Last Seen2025-02-08

Times Seen1

Size4.7 kB (4679 bytes)

MD58a083f8d98f9388be6dd45cff519655c

SHA1a4f7f444b26951407ebea44e5cf8d2d1740655a9

SHA2567be47118753e59232e5e74dc6dd3baf306a72c086392cfe1ff9186d67eca5031

Certificate Info

IssuerGoogle Trust Services

Subjectzafbp.xyz

Fingerprint55:65:CA:84:7B:A6:8F:47:31:19:BB:55:19:C9:0D:23:85:9D:1C:07

ValidityTue, 04 Feb 2025 06:28:53 GMT - Mon, 05 May 2025 07:27:37 GMT

HTTP Headers

GET /go/d/file/tjimg/2021-09-01/ba1e39f5b9595a68dc2afa1e3d1b8366.gif HTTP/1.1
Host: abc.zafbp.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Sat, 08 Feb 2025 04:44:13 GMT
content-type: text/html; charset=UTF-8
location: https://ni240.zfp79.buzz/d/file/tjimg/2021-09-01/ba1e39f5b9595a68dc2afa1e3d1b8366.gif
x-powered-by: PHP/5.4.16
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cw6FGKLT8bIAcE1Q7GE1LU7XQlLBrMlqwsy2RKnVwEYtn6IvGMf5SEc7CTko6Uzgdb9XThViMSI2jBvitL0LqrKpSUEcW0NoYhur9NazLitTM5jQmrLNDTCyFdV6KiSZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90e8f692e9a5b505-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1897&min_rtt=445&rtt_var=2912&sent=8&recv=11&lost=0&retrans=0&sent_bytes=3264&recv_bytes=1246&delivery_rate=6950400&cwnd=254&unsent_bytes=0&cid=2aa2f0b786c66904&ts=562&x=0"
X-Firefox-Spdy: h2

GET anada8.xyz/go/d/file/tjimg/2024-05-20/81dbac973f20abf02cbbbd8903d13198.gif

172.67.217.229

301 Moved Permanently

6.0 kB

URL GET HTTPS

anada8.xyz/go/d/file/tjimg/2024-05-20/81dbac973f20abf02cbbbd8903d13198.gif

IP / ASN

172.67.217.229

#13335 CLOUDFLARENET

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3

First Seen2025-02-08

Last Seen2025-02-08

Times Seen2

Size6.0 kB (5967 bytes)

MD559011bad3a0eeef7651520368e89b306

SHA17b9d7b07a8ff6f07804e616333e59cdbdbad21c9

SHA256551cf80aa61728cb15398313d1d4995e46137d59deb82cd65dada4a66c0bde88

Certificate Info

IssuerGoogle Trust Services

Subjectanada8.xyz

FingerprintDB:01:5E:98:35:77:4E:CD:A4:62:52:17:F9:D4:C4:55:EE:E9:4C:B4

ValidityThu, 09 Jan 2025 18:20:53 GMT - Wed, 09 Apr 2025 19:19:13 GMT

HTTP Headers

GET /go/d/file/tjimg/2024-05-20/81dbac973f20abf02cbbbd8903d13198.gif HTTP/1.1
Host: anada8.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Sat, 08 Feb 2025 04:44:13 GMT
content-type: text/html; charset=UTF-8
location: https://ni240.zfp79.buzz/d/file/tjimg/2024-05-20/81dbac973f20abf02cbbbd8903d13198.gif
x-powered-by: PHP/5.4.16
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BdpyxLkap01Fbwz2baLo6fppWJlDIjXjr91Cm5fZ8hVTkfZ6wTJiiCy1CDDRjOph7Y3bEtXvZU81MqffQJPjnDIBWyZQrfkyUeRWbY1Z6ZWKOBlcHhM5KbSsnOqu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90e8f6932b750b55-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1166&min_rtt=405&rtt_var=1295&sent=19&recv=25&lost=0&retrans=1&sent_bytes=5484&recv_bytes=1897&delivery_rate=6542168&cwnd=252&unsent_bytes=0&cid=b14a8449ab06f216&ts=684&x=0"
X-Firefox-Spdy: h2

GET hello.38shunv11.buzz/static/template/38shu/ico.png

172.67.152.149

200 OK

15 kB

URL GET HTTPS

hello.38shunv11.buzz/static/template/38shu/ico.png

IP / ASN

172.67.152.149

#13335 CLOUDFLARENET

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typePNG image data, 140 x 126, 8-bit/color RGBA, non-interlaced

First Seen2024-07-27

Last Seen2025-06-01

Times Seen15

Size15 kB (14916 bytes)

MD55960950129d818e780aec19cf993ded4

SHA1f709a34679fe03d3beea82767719abf3aaac95c3

SHA256a6a635abeb59f7da914416b8e61c0b36a5bf4a5f18a4bd41ff005a8d5f8732c1

Certificate Info

IssuerGoogle Trust Services

Subject38shunv11.buzz

FingerprintAA:11:B2:17:6D:00:20:68:55:D6:5E:DE:F1:FD:D9:AD:E2:35:23:1F

ValidityTue, 28 Jan 2025 15:22:07 GMT - Mon, 28 Apr 2025 16:20:43 GMT

HTTP Headers

GET /static/template/38shu/ico.png HTTP/1.1
Host: hello.38shunv11.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 08 Feb 2025 04:44:14 GMT
content-type: image/png
content-length: 14916
last-modified: Sun, 31 Dec 2023 05:42:26 GMT
etag: "6590ff42-3a44"
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PNPwhvJPMwjTWsKJeLPhFZ0ZzZTxIwC162ZHq4iY%2FfHdSVQqM7DDcP35D1JKL%2Fog76XEmgiiRAjeNZx5%2F2dsnIhGsWUxYhytTI38kKpNTrfWKord4B3n9kBhx%2BAuR6xfNm7TmDadZg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90e8f69acb75712d-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1000&min_rtt=486&rtt_var=986&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3281&recv_bytes=1233&delivery_rate=6591805&cwnd=254&unsent_bytes=0&cid=44f076f1d5d1eebf&ts=1422&x=0"
X-Firefox-Spdy: h2

GET o1760.tjs72.buzz/d/file/mz/2022-04-02/cabd61c272badf1dd813df59b590a1ae.ico

172.67.146.29

200 OK

6.7 kB

URL GET HTTPS

o1760.tjs72.buzz/d/file/mz/2022-04-02/cabd61c272badf1dd813df59b590a1ae.ico

IP / ASN

172.67.146.29

#13335 CLOUDFLARENET

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeMS Windows icon resource - 1 icon, 32x32, 32 bits/pixel

First Seen2023-06-14

Last Seen2025-06-06

Times Seen11

Size6.7 kB (6690 bytes)

MD598fd42952f2d10f0668805c81b1a93d7

SHA1cbff9e3d084d895b4685ac2fd75e25bcb6663bc6

SHA256e4670954d69c49e8388efccafbe0e2efa3beb1d693a56519c1953aab3adf34d8

Certificate Info

IssuerGoogle Trust Services

Subjecttjs72.buzz

Fingerprint79:A5:CA:60:18:FB:9E:89:FC:89:87:2A:69:82:72:99:03:13:A6:0F

ValidityThu, 23 Jan 2025 10:19:19 GMT - Wed, 23 Apr 2025 11:18:07 GMT

HTTP Headers

GET /d/file/mz/2022-04-02/cabd61c272badf1dd813df59b590a1ae.ico HTTP/1.1
Host: o1760.tjs72.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://o1760.tjs72.buzz/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 08 Feb 2025 04:44:12 GMT
content-type: image/vnd.microsoft.icon
last-modified: Tue, 31 Oct 2023 17:40:31 GMT
etag: W/"10be-60906a6b5f7f8"
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6ip3Ad0UXhzLwykQp63w1LBcNM2uBLJ2r6Y%2F1zhTu1lov758SxGnxnGqjP4mZvOLdeQ%2BjW3g4GUXMMLKxzpoP60G9r1mJsgnR5ry4xB6FblKZmS9XEoDOIYqllqbhQyKI5Aw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90e8f691e8de0b45-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=5954&min_rtt=2420&rtt_var=2924&sent=71&recv=26&lost=0&retrans=0&sent_bytes=55788&recv_bytes=5597&delivery_rate=1466699&cwnd=24000&unsent_bytes=0&cid=a66135766530ee96&ts=826&x=1", cfExtPri, cfHdrFlush;dur=0

GET anada8.xyz/go/d/file/tjimg/2024-07-27/b9602b3c5483a88bbfb5c318add99b35.gif

172.67.217.229

301 Moved Permanently

5.8 kB

URL GET HTTPS

anada8.xyz/go/d/file/tjimg/2024-07-27/b9602b3c5483a88bbfb5c318add99b35.gif

IP / ASN

172.67.217.229

#13335 CLOUDFLARENET

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3

First Seen2025-02-08

Last Seen2025-02-08

Times Seen3

Size5.8 kB (5827 bytes)

MD5c94d7118a94f6f8bb22f149b6c8ab422

SHA1e7e20d1c93d46d77f2ee7cb9d46b47ead9854d2e

SHA25665fde55bb541f3edec0c95b4d764983f85dfa62451670f01fa589ded8a9ad9a7

Certificate Info

IssuerGoogle Trust Services

Subjectanada8.xyz

FingerprintDB:01:5E:98:35:77:4E:CD:A4:62:52:17:F9:D4:C4:55:EE:E9:4C:B4

ValidityThu, 09 Jan 2025 18:20:53 GMT - Wed, 09 Apr 2025 19:19:13 GMT

HTTP Headers

GET /go/d/file/tjimg/2024-07-27/b9602b3c5483a88bbfb5c318add99b35.gif HTTP/1.1
Host: anada8.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 301 Moved Permanently
date: Sat, 08 Feb 2025 04:44:13 GMT
content-type: text/html; charset=UTF-8
location: https://ni240.zfp79.buzz/d/file/tjimg/2024-07-27/b9602b3c5483a88bbfb5c318add99b35.gif
x-powered-by: PHP/5.4.16
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QYuOgDLIRtRlbwlNnMhlYFdr0Nuc8dCYO5p5Q4zji1n%2FvWx1d5RYsDw6tvqxid9vpR2vG%2B6gnliJE%2FCSAT1H4n7Tp9yLy8qihW2z1FaQyXiB7pexx%2B%2FdnZE%2FV7PL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90e8f6932b770b55-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1645&min_rtt=405&rtt_var=2102&sent=15&recv=21&lost=0&retrans=1&sent_bytes=4461&recv_bytes=1897&delivery_rate=6542168&cwnd=252&unsent_bytes=0&cid=b14a8449ab06f216&ts=664&x=0"
X-Firefox-Spdy: h2

GET static.zafbpzafbp.xyz/go/d/file/tjimg/2024-12-23/ece594a96a1b03935f4a61d360acc405.jpg

104.21.34.175

301 Moved Permanently

77 kB

URL GET HTTPS

static.zafbpzafbp.xyz/go/d/file/tjimg/2024-12-23/ece594a96a1b03935f4a61d360acc405.jpg

IP / ASN

104.21.34.175

#13335 CLOUDFLARENET

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeWeb Open Font Format (Version 2), TrueType, length 77160, version 4.459

First Seen2023-04-05

Last Seen2025-08-09

Times Seen173608

Size77 kB (77160 bytes)

MD5af7ae505a9eed503f8b8e6982036873e

SHA1d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c

SHA2562adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Certificate Info

IssuerGoogle Trust Services

Subjectzafbpzafbp.xyz

Fingerprint72:FD:DF:10:22:E9:4D:C2:08:62:96:B6:B2:78:BE:2E:08:51:36:AE

ValidityTue, 07 Jan 2025 00:06:41 GMT - Mon, 07 Apr 2025 01:05:06 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /go/d/file/tjimg/2024-12-23/ece594a96a1b03935f4a61d360acc405.jpg HTTP/1.1
Host: static.zafbpzafbp.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Sat, 08 Feb 2025 04:44:12 GMT
content-type: text/html; charset=UTF-8
location: https://ni240.zfp79.buzz/d/file/tjimg/2024-12-23/ece594a96a1b03935f4a61d360acc405.jpg
x-powered-by: PHP/5.4.16
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y4Xr%2BbieqM47BV95sKfMD9WILCOvYN6XZ1go3B8C5%2BFs0rc7dXbY5liwTpcnec9gHx3IJG5PscvpdNro9ivMx%2FHT1S5%2F3BRRqkZEyUTRtn6wzRM1EUMAhruDdS%2F5tOwSrr3IUIUIfpI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90e8f692df4cb503-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1542&min_rtt=454&rtt_var=1776&sent=10&recv=14&lost=0&retrans=0&sent_bytes=3948&recv_bytes=1349&delivery_rate=7156507&cwnd=256&unsent_bytes=0&cid=4b6a1539e4bec996&ts=550&x=0"
X-Firefox-Spdy: h2

GET 3036.efmuyibcu.tips/2024/v2/images/logoo.png

104.21.112.1

200 OK

8.1 kB

URL GET HTTPS

3036.efmuyibcu.tips/2024/v2/images/logoo.png

IP / ASN

104.21.112.1

#13335 CLOUDFLARENET

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typePNG image data, 192 x 192, 8-bit colormap, non-interlaced

First Seen2024-05-30

Last Seen2025-05-20

Times Seen9

Size8.1 kB (8083 bytes)

MD5f1cae693bf1ef45ded584fcce1081802

SHA1c9b1421e2b327d2de31aa925612d225cbb144a5f

SHA2565c47cf7dc7df3fafd1ff925fb3bff1056f6f6d6c7c5572d2301e5f24740ec89b

Certificate Info

IssuerGoogle Trust Services

Subjectefmuyibcu.tips

FingerprintF3:07:68:63:F8:36:7E:C5:71:D7:2A:A0:23:EC:F4:AC:FE:3B:00:67

ValidityWed, 08 Jan 2025 06:55:27 GMT - Tue, 08 Apr 2025 07:54:10 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /2024/v2/images/logoo.png HTTP/1.1
Host: 3036.efmuyibcu.tips
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 08 Feb 2025 04:44:14 GMT
content-type: image/png
content-length: 8083
last-modified: Thu, 08 Feb 2024 08:18:00 GMT
etag: "65c48e38-1f93"
cache-control: max-age=14400
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EyDYqCVZLFZTcvXuHEvMyzNDN6SP%2FhQeM5QbBrNdAvAEmjybKqpu0GyFApwJji5I8Plt%2BoVrhjObqywVcNDr2qaANJwJOW2nLlhiF0ypHAzWL41ZnsPBSlrbSNxwpQres7XChNpO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90e8f69cec320afa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=739&min_rtt=375&rtt_var=695&sent=8&recv=11&lost=0&retrans=0&sent_bytes=3280&recv_bytes=1228&delivery_rate=8180790&cwnd=254&unsent_bytes=0&cid=baeeb747715d1b77&ts=1127&x=0"
X-Firefox-Spdy: h2

GET ni240.zfp79.buzz/d/file/tjimg/2024-07-27/b9602b3c5483a88bbfb5c318add99b35.gif

104.21.48.1

200 OK

7.4 kB

URL GET HTTPS

ni240.zfp79.buzz/d/file/tjimg/2024-07-27/b9602b3c5483a88bbfb5c318add99b35.gif

IP / ASN

104.21.48.1

#13335 CLOUDFLARENET

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeGIF image data, version 89a, 500 x 500

First Seen2023-06-20

Last Seen2025-08-01

Times Seen48

Size7.4 kB (7421 bytes)

MD50e9b9de0d9d5189929324ebd902c7fa5

SHA11139bacb30016acc306dfd9132a698d0c8571600

SHA2563516f0bdb8abcbf0890c75d2dea38db662cde4b3b5725e03a456c6f7f87a82bf

Certificate Info

IssuerGoogle Trust Services

Subjectzfp79.buzz

Fingerprint30:3A:0D:DB:98:CB:EF:46:7A:1A:77:36:EC:0D:96:EF:7B:81:0B:66

ValidityThu, 23 Jan 2025 10:21:33 GMT - Wed, 23 Apr 2025 11:17:19 GMT

HTTP Headers

GET /d/file/tjimg/2024-07-27/b9602b3c5483a88bbfb5c318add99b35.gif HTTP/1.1
Host: ni240.zfp79.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 08 Feb 2025 04:44:14 GMT
content-type: image/gif
content-length: 7421
last-modified: Sat, 27 Jul 2024 03:21:22 GMT
etag: "1cfd-61e321f510f0f"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SNw2pNm%2B1RgieH1tBmWeA4jNPfzkZVpPmsPFTZzQJ8If8Q7nzo7SebhC9vZ9neyUqEsyAnMCv6O%2BgBohbLXmWmv8de8jqLVqF1ML%2FlLgNBF4W4fDaPD5xHie21wQjwXGwI8y"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90e8f69f4c7156a2-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=434&min_rtt=383&rtt_var=104&sent=11&recv=23&lost=0&retrans=0&sent_bytes=3198&recv_bytes=2320&delivery_rate=7841155&cwnd=251&unsent_bytes=0&cid=505110b8474018e8&ts=1242&x=0"
X-Firefox-Spdy: h2

GET www.deeptheen.cc/favicon.ico

103.224.182.251

403 Forbidden

598 B

URL GET HTTPS

www.deeptheen.cc/favicon.ico

IP / ASN

103.224.182.251

#133618 Trellian Pty. Limited

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typedata

First Seen2025-02-08

Last Seen2025-02-08

Times Seen1

Size598 B (598 bytes)

MD50e94b684854cae0992621e8de5d147fc

SHA1e548eb6a36d5d6a5658dd62c1c04343c6290bf87

SHA256838af0ad2d7b3a90bb2fbf75beb7062cdc7911994e128639ad7a7f0ac767cfe9

Certificate Info

IssuerLet's Encrypt

Subjectmyfantastic.eu

FingerprintBD:74:91:BF:24:D5:56:68:A7:FC:86:10:19:99:3A:92:1E:33:DE:F8

ValidityThu, 02 Jan 2025 08:35:52 GMT - Wed, 02 Apr 2025 08:35:51 GMT

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.deeptheen.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 403 Forbidden
cache-control: no-cache
content-type: text/html

GET anada8.xyz/go/d/file/tjimg/2024-01-17/905be146036ae20aa797d32778ae31e3.png

172.67.217.229

301 Moved Permanently

16 kB

URL GET HTTPS

anada8.xyz/go/d/file/tjimg/2024-01-17/905be146036ae20aa797d32778ae31e3.png

IP / ASN

172.67.217.229

#13335 CLOUDFLARENET

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typePNG image data, 400 x 400, 8-bit/color RGBA, non-interlaced

First Seen2024-04-24

Last Seen2025-06-11

Times Seen27

Size16 kB (16309 bytes)

MD5ead1099b1bf7e95a226637c5d59ab524

SHA12cc47efcd89c218d9bf87a5b7611c8b0aba2b94f

SHA256ad084f71461ed881eaa4cc41f9dc80b47b3aa9e4cfd793d6e2d04712e2e302bc

Certificate Info

IssuerGoogle Trust Services

Subjectanada8.xyz

FingerprintDB:01:5E:98:35:77:4E:CD:A4:62:52:17:F9:D4:C4:55:EE:E9:4C:B4

ValidityThu, 09 Jan 2025 18:20:53 GMT - Wed, 09 Apr 2025 19:19:13 GMT

HTTP Headers

GET /go/d/file/tjimg/2024-01-17/905be146036ae20aa797d32778ae31e3.png HTTP/1.1
Host: anada8.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Sat, 08 Feb 2025 04:44:14 GMT
content-type: text/html; charset=UTF-8
location: https://ni240.zfp79.buzz/d/file/tjimg/2024-01-17/905be146036ae20aa797d32778ae31e3.png
x-powered-by: PHP/5.4.16
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LJ6%2BZTKHbqUmYkk12C9wevMP3TnTAyQiusplU4PeDeaPyK3MJ79CjOt8yA10EsfBOpqMhsG1H7SAyMQtowSlFOpLuZo%2FN0EQyu4QBRIT6PXhmXIfxoezuyvdM9%2FY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90e8f693ab920b55-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=808&min_rtt=405&rtt_var=586&sent=25&recv=31&lost=0&retrans=1&sent_bytes=7216&recv_bytes=1897&delivery_rate=6542168&cwnd=252&unsent_bytes=0&cid=b14a8449ab06f216&ts=1638&x=0"
X-Firefox-Spdy: h2

GET ni240.zfp79.buzz/d/file/tjimg/2024-12-03/54f63aab7e03e4622f68cc5fa969770e.png

104.21.48.1

200 OK

9.4 kB

URL GET HTTPS

ni240.zfp79.buzz/d/file/tjimg/2024-12-03/54f63aab7e03e4622f68cc5fa969770e.png

IP / ASN

104.21.48.1

#13335 CLOUDFLARENET

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typePNG image data, 196 x 196, 8-bit/color RGBA, non-interlaced

First Seen2023-06-14

Last Seen2025-06-30

Times Seen13

Size9.4 kB (9423 bytes)

MD5f7a2b75e94276ff8422eddbd58e4be3c

SHA1101588f662fbe5564f0caccf2198f3526ca9d562

SHA2562518a5335b7941f40c4e3e4a7fd46bb93f8ea1dd85cd3fa810d3dc059add74cd

Certificate Info

IssuerGoogle Trust Services

Subjectzfp79.buzz

Fingerprint30:3A:0D:DB:98:CB:EF:46:7A:1A:77:36:EC:0D:96:EF:7B:81:0B:66

ValidityThu, 23 Jan 2025 10:21:33 GMT - Wed, 23 Apr 2025 11:17:19 GMT

HTTP Headers

GET /d/file/tjimg/2024-12-03/54f63aab7e03e4622f68cc5fa969770e.png HTTP/1.1
Host: ni240.zfp79.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 08 Feb 2025 04:44:15 GMT
content-type: image/png
content-length: 9423
last-modified: Tue, 03 Dec 2024 09:51:07 GMT
etag: "24cf-6285a9aa7077c"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gXPIk3sB%2FMyiH3TwJbWtR1ksqz77j3zHbocDnfeeJO5Zb3WEx2bJ6eRPcyvliZMZWWUDQVrZewip2AS3l5yKY0HnFBfoZBtNT0qjq3hMQUJ4azEGYAgqZghJfEmNmZs2j5e8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90e8f69f7c8d56a2-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=724&min_rtt=383&rtt_var=500&sent=32&recv=26&lost=0&retrans=0&sent_bytes=28568&recv_bytes=2320&delivery_rate=12887476&cwnd=251&unsent_bytes=0&cid=505110b8474018e8&ts=1482&x=0"
X-Firefox-Spdy: h2

GET ni240.zfp79.buzz/d/file/tjimg/2024-05-25/58fb51e0ae7a8ab27cdc4fcd77cb023a.jpg

104.21.48.1

200 OK

38 kB

URL GET HTTPS

ni240.zfp79.buzz/d/file/tjimg/2024-05-25/58fb51e0ae7a8ab27cdc4fcd77cb023a.jpg

IP / ASN

104.21.48.1

#13335 CLOUDFLARENET

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 512x512, components 3

First Seen2024-05-26

Last Seen2025-07-26

Times Seen39

Size38 kB (37741 bytes)

MD57faf370adeb02c9331800784a4248732

SHA19b827efc0d8fa985a5fc83b17e1e4ce7a82e94e1

SHA256b5151a4974be39fb2981df976c5464b94ea0811c258c5f822ec0cb92537ffe85

Certificate Info

IssuerGoogle Trust Services

Subjectzfp79.buzz

Fingerprint30:3A:0D:DB:98:CB:EF:46:7A:1A:77:36:EC:0D:96:EF:7B:81:0B:66

ValidityThu, 23 Jan 2025 10:21:33 GMT - Wed, 23 Apr 2025 11:17:19 GMT

HTTP Headers

GET /d/file/tjimg/2024-05-25/58fb51e0ae7a8ab27cdc4fcd77cb023a.jpg HTTP/1.1
Host: ni240.zfp79.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 08 Feb 2025 04:44:15 GMT
content-type: image/jpeg
content-length: 37741
last-modified: Sat, 25 May 2024 12:15:21 GMT
etag: "936d-619463cf710df"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1iFZZMx8Y4a6qoL0bnXJQuv0CPG%2FNrTIl2%2Bb4b1UZkhW7MGAKVi%2BnVtAVbT%2F6ETYLULFKyvEX22FYGJ%2FooH3AThV2nIVP6yyN10DHTAybv5vGwYdGEep74Q4hZWkWU4iIz4y"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90e8f69f4c7456a2-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1136&min_rtt=383&rtt_var=1213&sent=40&recv=28&lost=0&retrans=0&sent_bytes=38658&recv_bytes=2320&delivery_rate=12887476&cwnd=251&unsent_bytes=0&cid=505110b8474018e8&ts=1502&x=0"
X-Firefox-Spdy: h2

GET static.zafbpzafbp.xyz/go/d/file/tjimg/2025-02-03/1af26c4979981cad4ec79996151b01d9.gif

104.21.34.175

301 Moved Permanently

631 kB

URL GET HTTPS

static.zafbpzafbp.xyz/go/d/file/tjimg/2025-02-03/1af26c4979981cad4ec79996151b01d9.gif

IP / ASN

104.21.34.175

#13335 CLOUDFLARENET

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typePNG image data, 700 x 700, 8-bit/color RGB, non-interlaced

First Seen2024-05-30

Last Seen2025-06-13

Times Seen10

Size631 kB (631320 bytes)

MD5b9964203f3d78a0e6f29eba5ca38be70

SHA1e55d5bdf19c41598cc9bcd825b63d1a9f6079bb1

SHA256512e98cfae3f101a947c9236ac94e327b8b7d8ca041a9ab61f7efe4acd4d6e24

Certificate Info

IssuerGoogle Trust Services

Subjectzafbpzafbp.xyz

Fingerprint72:FD:DF:10:22:E9:4D:C2:08:62:96:B6:B2:78:BE:2E:08:51:36:AE

ValidityTue, 07 Jan 2025 00:06:41 GMT - Mon, 07 Apr 2025 01:05:06 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /go/d/file/tjimg/2025-02-03/1af26c4979981cad4ec79996151b01d9.gif HTTP/1.1
Host: static.zafbpzafbp.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Sat, 08 Feb 2025 04:44:12 GMT
content-type: text/html; charset=UTF-8
location: https://ni240.zfp79.buzz/d/file/tjimg/2025-02-03/1af26c4979981cad4ec79996151b01d9.gif
x-powered-by: PHP/5.4.16
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OYX5Kygqqp96uscheeagQLs7KEhSWdIN0JOIDcrMJjVUKtcdXbB3K%2FyOg7TYugR9fkvXo%2FQwRBGD19QvZcxOMvAquAWQVPri5Wiq5yVGEx%2B4UNfzjeSqKuxHFmp4VwXUXBd%2F2KQvsvU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90e8f692ff53b503-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1477&min_rtt=454&rtt_var=1462&sent=12&recv=15&lost=0&retrans=0&sent_bytes=4474&recv_bytes=1349&delivery_rate=7156507&cwnd=256&unsent_bytes=0&cid=4b6a1539e4bec996&ts=553&x=0"
X-Firefox-Spdy: h2

GET ni240.zfp79.buzz/d/file/tjimg/2024-09-04/71d0df1afbc2295bd39517c02ae589c7.jpg

104.21.48.1

200 OK

49 kB

URL GET HTTPS

ni240.zfp79.buzz/d/file/tjimg/2024-09-04/71d0df1afbc2295bd39517c02ae589c7.jpg

IP / ASN

104.21.48.1

#13335 CLOUDFLARENET

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, baseline, precision 8, 640x640, components 3

First Seen2024-09-22

Last Seen2025-03-15

Times Seen7

Size49 kB (49136 bytes)

MD572e82559fad87199ce175a79108b134f

SHA17d903b414a35ebebd004e359a12ff13a963864a8

SHA256fffc34a9af911ef5fb4787c41ed02a98f33c7e1b5ec30713078e5daac557f17a

Certificate Info

IssuerGoogle Trust Services

Subjectzfp79.buzz

Fingerprint30:3A:0D:DB:98:CB:EF:46:7A:1A:77:36:EC:0D:96:EF:7B:81:0B:66

ValidityThu, 23 Jan 2025 10:21:33 GMT - Wed, 23 Apr 2025 11:17:19 GMT

HTTP Headers

GET /d/file/tjimg/2024-09-04/71d0df1afbc2295bd39517c02ae589c7.jpg HTTP/1.1
Host: ni240.zfp79.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 08 Feb 2025 04:44:15 GMT
content-type: image/jpeg
content-length: 49136
last-modified: Wed, 04 Sep 2024 05:03:46 GMT
etag: "bff0-621441957a11e"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8Bm%2F7Iph%2BNuaJY1n3nIotR0%2FVkvhI9Tp%2FAI9Fo%2BR3dDesYUNUzujRj%2FiWt3uaDHUrQdgsptlYMI8mGuUBHVu1ydbt3%2BagSLTSNQqqFARUVS17AmtMkY%2BShtzI3bcEY7Ad3Q0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90e8f69f4c7856a2-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1126&min_rtt=365&rtt_var=986&sent=68&recv=30&lost=0&retrans=0&sent_bytes=77288&recv_bytes=2320&delivery_rate=23154768&cwnd=251&unsent_bytes=0&cid=505110b8474018e8&ts=1549&x=0"
X-Firefox-Spdy: h2

GET ni240.zfp79.buzz/d/file/tjimg/2024-12-23/ece594a96a1b03935f4a61d360acc405.jpg

104.21.48.1

200 OK

38 kB

URL GET HTTPS

ni240.zfp79.buzz/d/file/tjimg/2024-12-23/ece594a96a1b03935f4a61d360acc405.jpg

IP / ASN

104.21.48.1

#13335 CLOUDFLARENET

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 512x512, components 3

First Seen2025-02-08

Last Seen2025-03-15

Times Seen2

Size38 kB (37646 bytes)

MD5357718b116b4e54887b72fd07cb468f7

SHA1ec43b38b9401d57ada63592109c80a61d13d8f99

SHA256a35ba611452a2971661522d3eedfffcde22bba087d2b764d3463dfe6c72ab1b9

Certificate Info

IssuerGoogle Trust Services

Subjectzfp79.buzz

Fingerprint30:3A:0D:DB:98:CB:EF:46:7A:1A:77:36:EC:0D:96:EF:7B:81:0B:66

ValidityThu, 23 Jan 2025 10:21:33 GMT - Wed, 23 Apr 2025 11:17:19 GMT

HTTP Headers

GET /d/file/tjimg/2024-12-23/ece594a96a1b03935f4a61d360acc405.jpg HTTP/1.1
Host: ni240.zfp79.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 08 Feb 2025 04:44:15 GMT
content-type: image/jpeg
content-length: 37646
last-modified: Mon, 23 Dec 2024 12:05:49 GMT
etag: "930e-629eed1414ec4"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L4i7SZwWwipDwRE0mbhv05PbkllvF4pmYZMJ7u0o4V7rRm9p63ndwnPQi6US7lqQZC5nenst8NcIj3lB9AQse%2BMYU%2FqOQGh7Y1e1%2FOhNYG6uueu1tJYiy%2BhwrfSFZ9U%2FNf%2Fq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90e8f69f7c8b56a2-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=756&min_rtt=365&rtt_var=69&sent=105&recv=48&lost=0&retrans=0&sent_bytes=127279&recv_bytes=2320&delivery_rate=55573560&cwnd=251&unsent_bytes=0&cid=505110b8474018e8&ts=1565&x=0"
X-Firefox-Spdy: h2

GET ni240.zfp79.buzz/d/file/tjimg/2024-06-09/63e4da58ba98cf497367417165ea21c6.gif

104.21.48.1

200 OK

141 kB

URL GET HTTPS

ni240.zfp79.buzz/d/file/tjimg/2024-06-09/63e4da58ba98cf497367417165ea21c6.gif

IP / ASN

104.21.48.1

#13335 CLOUDFLARENET

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeGIF image data, version 89a, 150 x 150

First Seen2023-05-02

Last Seen2025-08-01

Times Seen113

Size141 kB (140695 bytes)

MD5fe7300fc3c8f5e961eba92613e70958b

SHA152efb7f5b617e22abf6edb905d24c6e42aa52ea7

SHA256ea0e9ab74f69182bb0eb28335c51f787528deae2fcd69e456af359bbec801b33

Certificate Info

IssuerGoogle Trust Services

Subjectzfp79.buzz

Fingerprint30:3A:0D:DB:98:CB:EF:46:7A:1A:77:36:EC:0D:96:EF:7B:81:0B:66

ValidityThu, 23 Jan 2025 10:21:33 GMT - Wed, 23 Apr 2025 11:17:19 GMT

HTTP Headers

GET /d/file/tjimg/2024-06-09/63e4da58ba98cf497367417165ea21c6.gif HTTP/1.1
Host: ni240.zfp79.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 08 Feb 2025 04:44:15 GMT
content-type: image/gif
content-length: 140695
last-modified: Sun, 09 Jun 2024 01:46:57 GMT
etag: "22597-61a6b35460580"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O3CQX4z1V8PkgW4r%2FaNLVU10nb1f8EzTmg7T%2BwR03Lcfz770iLxRTqRQZrOL0DYMW1y35fHEdtRlJvC%2BibA%2Fb%2BdiNkrRnd61LoZveYvCV1U4CDkvOuAmTg3catWguFMEqFLr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90e8f69f4c7c56a2-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=6665&min_rtt=365&rtt_var=11869&sent=134&recv=63&lost=0&retrans=0&sent_bytes=165822&recv_bytes=2320&delivery_rate=55573560&cwnd=251&unsent_bytes=0&cid=505110b8474018e8&ts=1664&x=0"
X-Firefox-Spdy: h2

GET ni240.zfp79.buzz/d/file/tjimg/2024-07-11/0528827e984eec388e4f57ce13c5556c.gif

104.21.48.1

200 OK

214 kB

URL GET HTTPS

ni240.zfp79.buzz/d/file/tjimg/2024-07-11/0528827e984eec388e4f57ce13c5556c.gif

IP / ASN

104.21.48.1

#13335 CLOUDFLARENET

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeGIF image data, version 89a, 200 x 200

First Seen2024-07-21

Last Seen2025-06-13

Times Seen14

Size214 kB (213615 bytes)

MD5a3b96cd48cdce25b4ec4e630d2eb43e4

SHA122f77b86deb58ee46eec9530321d96c09108938d

SHA256ba04bb8a4d606769d1edbfbe70fa8b2dac4e995e77fffb26c5587c0bb0ab6ba6

Certificate Info

IssuerGoogle Trust Services

Subjectzfp79.buzz

Fingerprint30:3A:0D:DB:98:CB:EF:46:7A:1A:77:36:EC:0D:96:EF:7B:81:0B:66

ValidityThu, 23 Jan 2025 10:21:33 GMT - Wed, 23 Apr 2025 11:17:19 GMT

HTTP Headers

GET /d/file/tjimg/2024-07-11/0528827e984eec388e4f57ce13c5556c.gif HTTP/1.1
Host: ni240.zfp79.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 08 Feb 2025 04:44:15 GMT
content-type: image/gif
content-length: 213615
last-modified: Thu, 11 Jul 2024 09:48:54 GMT
etag: "3426f-61cf5abc40ce5"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yUcQEN5ZwSexVQkjt4hJj8xu964aVt6Y6rph0%2FJFe3u604pIidqBFvAyuEOYTn%2B4yTw7MsWACZfa2xQmIglkusEv5%2BlRyMIIOWe4PpHhJ111og2rM%2Fso6422Xtr7CNDsJMD1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90e8f69f4c6b56a2-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=899&min_rtt=365&rtt_var=61&sent=181&recv=110&lost=0&retrans=0&sent_bytes=228624&recv_bytes=2320&delivery_rate=55573560&cwnd=251&unsent_bytes=0&cid=505110b8474018e8&ts=1727&x=0"
X-Firefox-Spdy: h2

GET ni240.zfp79.buzz/d/file/tjimg/2024-05-20/81dbac973f20abf02cbbbd8903d13198.gif

104.21.48.1

200 OK

204 kB

URL GET HTTPS

ni240.zfp79.buzz/d/file/tjimg/2024-05-20/81dbac973f20abf02cbbbd8903d13198.gif

IP / ASN

104.21.48.1

#13335 CLOUDFLARENET

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeGIF image data, version 89a, 120 x 120

First Seen2023-12-14

Last Seen2025-07-04

Times Seen24

Size204 kB (203457 bytes)

MD5118fd12a8a38be6d5bd9ca3516cada69

SHA1d048ab6c31b642c8c63838aac8d2047d9ab6a116

SHA25682d55ab8cc894f67573cac0d70f76e975454f639d2d4e95dcf4f0686008a8662

Certificate Info

IssuerGoogle Trust Services

Subjectzfp79.buzz

Fingerprint30:3A:0D:DB:98:CB:EF:46:7A:1A:77:36:EC:0D:96:EF:7B:81:0B:66

ValidityThu, 23 Jan 2025 10:21:33 GMT - Wed, 23 Apr 2025 11:17:19 GMT

HTTP Headers

GET /d/file/tjimg/2024-05-20/81dbac973f20abf02cbbbd8903d13198.gif HTTP/1.1
Host: ni240.zfp79.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 08 Feb 2025 04:44:15 GMT
content-type: image/gif
content-length: 203457
last-modified: Mon, 20 May 2024 13:48:45 GMT
etag: "31ac1-618e2f5cffb3f"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ixf1jXtMMO9q%2FNdzEv1d33Z5ci%2BKIgJjqqT9wcYac0CEum6Pvd6lsTDRJmyYrX%2FlLMmW0cgk4SrfxZves%2BfEJsbCErGftndCZgVFG0zYlz9p7gnlaZPGhNBIf2R2Fpe9hCkq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90e8f69f4c6e56a2-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=834&min_rtt=365&rtt_var=104&sent=228&recv=157&lost=0&retrans=0&sent_bytes=292845&recv_bytes=2320&delivery_rate=55573560&cwnd=251&unsent_bytes=0&cid=505110b8474018e8&ts=1794&x=0"
X-Firefox-Spdy: h2

GET honglou.one/favicon.ico

172.67.140.110

200 OK

1.1 kB

URL GET HTTPS

honglou.one/favicon.ico

IP / ASN

172.67.140.110

#13335 CLOUDFLARENET

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeMS Windows icon resource - 1 icon, 16x16, 32 bits/pixel

First Seen2023-12-02

Last Seen2025-02-08

Times Seen4

Size1.1 kB (1138 bytes)

MD5372078d91f50b8e9eca1425134fcadf1

SHA1039bd982d728ee2ad4c896b0bd99962e804b2523

SHA256bc5f3103173b62830f616e9b61db684dace860e67aebb443ac1f3c98d2913f55

Certificate Info

IssuerGoogle Trust Services

Subjecthonglou.one

Fingerprint63:78:43:F7:DC:A5:C0:4F:BA:72:A3:98:06:8D:D4:14:AC:75:B4:E8

ValiditySat, 14 Dec 2024 12:12:38 GMT - Fri, 14 Mar 2025 13:10:00 GMT

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: honglou.one
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 08 Feb 2025 04:44:15 GMT
content-type: image/x-icon
last-modified: Sat, 17 Aug 2019 08:53:31 GMT
etag: W/"5d57c08b-47e"
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: max-age=14400
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JpYU4zTY9Gs66CdjHZ39NuLf37QheaAElbI1isfFh2hl2Hsd5qdo89A1FvWdF3BuO5HDSRex99JpDGJvJtQKMu10DPnUgOm1QALi2zk0KiNAnfwgbGLRcVgjDtYzdw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 90e8f69eae7cb523-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1578&min_rtt=456&rtt_var=2130&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3200&recv_bytes=1081&delivery_rate=7985294&cwnd=254&unsent_bytes=0&cid=4fd8f8c94e4e7bc2&ts=1344&x=0"
X-Firefox-Spdy: h2

GET ni240.zfp79.buzz/d/file/tjimg/2021-09-01/ba1e39f5b9595a68dc2afa1e3d1b8366.gif

104.21.48.1

200 OK

801 kB

URL GET HTTPS

ni240.zfp79.buzz/d/file/tjimg/2021-09-01/ba1e39f5b9595a68dc2afa1e3d1b8366.gif

IP / ASN

104.21.48.1

#13335 CLOUDFLARENET

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeGIF image data, version 89a, 200 x 200

First Seen2023-05-03

Last Seen2025-07-28

Times Seen152

Size801 kB (800906 bytes)

MD5b67d8e3b2e6a17ef65cca5924479bcaf

SHA1170f0e54f86d9fe303bca99f7524cee878289a3f

SHA2562b6a9b53114e36c800d36b460001279b5b27d86ad0b0f79d71bd5157d7d2ba8c

Certificate Info

IssuerGoogle Trust Services

Subjectzfp79.buzz

Fingerprint30:3A:0D:DB:98:CB:EF:46:7A:1A:77:36:EC:0D:96:EF:7B:81:0B:66

ValidityThu, 23 Jan 2025 10:21:33 GMT - Wed, 23 Apr 2025 11:17:19 GMT

HTTP Headers

GET /d/file/tjimg/2021-09-01/ba1e39f5b9595a68dc2afa1e3d1b8366.gif HTTP/1.1
Host: ni240.zfp79.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 08 Feb 2025 04:44:15 GMT
content-type: image/gif
content-length: 800906
last-modified: Sat, 14 Oct 2023 13:36:03 GMT
etag: "c388a-607ad41259506"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LCuRBnvd6uDOv%2FP37Z9z2U%2BDP35%2BVZWoBgS7XyGraZNdNovmTPCDEF4sMEBrdr%2B1Hz7cfF52AXfAuxAj09JX31pgcdAgUOIHGuoTMQic%2BqrPkE3YnH9btTVxB4MpnPQdbYdH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90e8f69f7c8956a2-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=977&min_rtt=365&rtt_var=394&sent=158&recv=87&lost=0&retrans=0&sent_bytes=197271&recv_bytes=2320&delivery_rate=55573560&cwnd=251&unsent_bytes=0&cid=505110b8474018e8&ts=1710&x=0"
X-Firefox-Spdy: h2

GET stringgame2.gozfpup.buzz/d/file/lt/2023-08-22/f7689c8e41bff84a366eee45f03889ac.jpg

103.224.182.208

403 Forbidden

373 B

URL GET HTTPS

stringgame2.gozfpup.buzz/d/file/lt/2023-08-22/f7689c8e41bff84a366eee45f03889ac.jpg

IP / ASN

103.224.182.208

#133618 Trellian Pty. Limited

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typedata

First Seen2025-02-08

Last Seen2025-02-08

Times Seen1

Size373 B (373 bytes)

MD5133cdeeea2aa19f4b0f9b47c4751d694

SHA12cd0e6a48212de5bb0a1e8a2b0a4e1c7a563e03e

SHA25642b3cc20aef51900b11ae21c3d106ead394eb88589967534c5d2517b77ff0e3b

Certificate Info

IssuerLet's Encrypt

Subjectbyrondesignercollective.com.au

Fingerprint7F:15:63:9F:68:6C:CD:C1:E4:B4:13:D5:06:E3:74:F4:4F:6F:C4:1C

ValiditySun, 22 Dec 2024 23:22:21 GMT - Sat, 22 Mar 2025 23:22:20 GMT

HTTP Headers

GET /d/file/lt/2023-08-22/f7689c8e41bff84a366eee45f03889ac.jpg HTTP/1.1
Host: stringgame2.gozfpup.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 403 Forbidden
cache-control: no-cache
content-type: text/html

GET static.zafbpzafbp.xyz/go/d/file/tjimg/2024-12-03/54f63aab7e03e4622f68cc5fa969770e.png

104.21.34.175

301 Moved Permanently

916 kB

URL GET HTTPS

static.zafbpzafbp.xyz/go/d/file/tjimg/2024-12-03/54f63aab7e03e4622f68cc5fa969770e.png

IP / ASN

104.21.34.175

#13335 CLOUDFLARENET

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeGIF image data, version 89a, 950 x 120

First Seen2024-09-22

Last Seen2025-06-13

Times Seen9

Size916 kB (915513 bytes)

MD5843547cc5c76b40e3192d59c812b14db

SHA1e828a29e3c92718b512033163340ad261c584a75

SHA256adb007f5e191cb60edc010f6281e9dffd660be3b361f4da22a27bf36a9b268d7

Certificate Info

IssuerGoogle Trust Services

Subjectzafbpzafbp.xyz

Fingerprint72:FD:DF:10:22:E9:4D:C2:08:62:96:B6:B2:78:BE:2E:08:51:36:AE

ValidityTue, 07 Jan 2025 00:06:41 GMT - Mon, 07 Apr 2025 01:05:06 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /go/d/file/tjimg/2024-12-03/54f63aab7e03e4622f68cc5fa969770e.png HTTP/1.1
Host: static.zafbpzafbp.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Sat, 08 Feb 2025 04:44:12 GMT
content-type: text/html; charset=UTF-8
location: https://ni240.zfp79.buzz/d/file/tjimg/2024-12-03/54f63aab7e03e4622f68cc5fa969770e.png
x-powered-by: PHP/5.4.16
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hkrN2toOe%2FlweHCmwQTY8sYZn6VIIchvuoyBC6%2Bg5lW%2BHnajzBnJek4gmRt8a5hQG7ECWJUmHXlnAxM9ias5UEsWhXKdi39QOkoL1r28XUTBsdu6ZdeuSNyvhknhjwrjrSpvxJ14FBw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90e8f692cf46b503-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1263&min_rtt=454&rtt_var=1624&sent=8&recv=13&lost=0&retrans=0&sent_bytes=3211&recv_bytes=1349&delivery_rate=7156507&cwnd=254&unsent_bytes=0&cid=4b6a1539e4bec996&ts=545&x=0"
X-Firefox-Spdy: h2

GET xn--05-4k6c74cf51n.pdm-0x1five.top/favicon.ico

134.122.135.200

200 OK

1.2 kB

URL GET HTTPS

xn--05-4k6c74cf51n.pdm-0x1five.top/favicon.ico

IP / ASN

134.122.135.200

#152194 CTG Server Limited

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeMS Windows icon resource - 1 icon, 16x16, 32 bits/pixel

First Seen2023-05-02

Last Seen2025-07-24

Times Seen306

Size1.2 kB (1150 bytes)

MD5f49c4a4bde1eec6c0b80c2277c76e3db

SHA1df34f60a4001bdcb8c2ab15cd50c92feb6288a31

SHA25650ee6523a4cba10377554c53f88bcd8b53cb5d11a03439f04f73aff55e982e86

Certificate Info

IssuerLet's Encrypt

Subjectxn--05-4k6c74cf51n.pdm-0x1five.top

Fingerprint8D:AE:5E:C1:66:90:71:EF:16:CA:4C:B8:5D:26:38:E5:62:5A:C0:09

ValidityTue, 21 Jan 2025 01:11:56 GMT - Mon, 21 Apr 2025 01:11:55 GMT

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: xn--05-4k6c74cf51n.pdm-0x1five.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-method: GET,POST,PUT,OPTIONS
access-control-allow-origin: *
content-type: image/x-icon
date: Fri, 07 Feb 2025 10:21:54 GMT
etag: "1738923714"
last-modified: Fri, 07 Feb 2025 10:21:54 GMT
server: nginx
x-cache: HIT, policy, disk
content-length: 1150
X-Firefox-Spdy: h2

GET ni240.zfp79.buzz/d/file/tjimg/2025-02-03/1af26c4979981cad4ec79996151b01d9.gif

104.21.48.1

200 OK

1.4 MB

URL GET HTTPS

ni240.zfp79.buzz/d/file/tjimg/2025-02-03/1af26c4979981cad4ec79996151b01d9.gif

IP / ASN

104.21.48.1

#13335 CLOUDFLARENET

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeGIF image data, version 89a, 180 x 180

First Seen2025-02-08

Last Seen2025-02-08

Times Seen1

Size1.4 MB (1432455 bytes)

MD5a2b46ceb7643d861fc7d6080238b2359

SHA16ba56c7a627dafcd9385eb537b6dc299943a36e2

SHA256e4135278409f1f688c125510b9b0be9acb7585e0f98ad7a91a0bfb149e85c72c

Certificate Info

IssuerGoogle Trust Services

Subjectzfp79.buzz

Fingerprint30:3A:0D:DB:98:CB:EF:46:7A:1A:77:36:EC:0D:96:EF:7B:81:0B:66

ValidityThu, 23 Jan 2025 10:21:33 GMT - Wed, 23 Apr 2025 11:17:19 GMT

HTTP Headers

GET /d/file/tjimg/2025-02-03/1af26c4979981cad4ec79996151b01d9.gif HTTP/1.1
Host: ni240.zfp79.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 08 Feb 2025 04:44:15 GMT
content-type: image/gif
content-length: 1432455
last-modified: Mon, 03 Feb 2025 07:00:36 GMT
etag: "15db87-62d377307c115"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pcsVNEETXiobkfjpEz8ovDtDtimU9wd9EXAf%2FUmJ5tF4KeKloXU%2FQuaEeUPL9Rg0LAtOhCJ%2BaGmG%2FA0%2Flp6IX2H%2BiBF%2B57jXCErLAtlqMSRZct0OaE4Cj4kr5h4VruTlDkH8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90e8f69f8c9956a2-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=836&min_rtt=365&rtt_var=61&sent=490&recv=383&lost=0&retrans=1&sent_bytes=646772&recv_bytes=2320&delivery_rate=40409302&cwnd=251&unsent_bytes=0&cid=505110b8474018e8&ts=1947&x=0"
X-Firefox-Spdy: h2

GET zuiqiang.beiqiguaitan.cc/shu/22ye.html

154.17.11.53

200 OK

880 B

URL GET HTTPS

zuiqiang.beiqiguaitan.cc/shu/22ye.html

IP / ASN

154.17.11.53

#906 DMIT

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeHTML document, Unicode text, UTF-8 text

First Seen2024-12-22

Last Seen2025-02-08

Times Seen2

Size880 B (880 bytes)

MD516a10bf499db1f3adf80620cfe42fead

SHA1632aae33107fdc92468188cad06e4197329f68e2

SHA25666414ff6bf1f775ec43409c3646e2e84926d3902e654311c5f89285e6568326b

Certificate Info

IssuerLet's Encrypt

Subjectbeiqiguaitan.cc

Fingerprint70:46:2B:95:B2:09:51:24:92:0E:D9:3B:76:DF:E7:9D:DE:54:93:6B

ValidityWed, 11 Dec 2024 03:06:12 GMT - Tue, 11 Mar 2025 03:06:11 GMT

HTTP Headers

GET /shu/22ye.html HTTP/1.1
Host: zuiqiang.beiqiguaitan.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-encoding: gzip
content-type: text/html
date: Sat, 08 Feb 2025 03:46:55 GMT
etag: W/"66bb2e1f-60e"
last-modified: Sat, 08 Feb 2025 03:46:55 GMT
server: nginx
vary: Accept-Encoding
x-cache: HIT, policy, disk
content-length: 880
X-Firefox-Spdy: h2

GET www.18jms.com/template/xigua/images/favicon.ico

104.21.80.1

200 OK

127 kB

URL GET HTTPS

www.18jms.com/template/xigua/images/favicon.ico

IP / ASN

104.21.80.1

#13335 CLOUDFLARENET

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeMS Windows icon resource - 1 icon, 32x32, 32 bits/pixel

First Seen2023-12-02

Last Seen2025-02-08

Times Seen3

Size127 kB (126975 bytes)

MD528c58de10438360983c5c74d47a9a613

SHA1560732bd77f1e13e5aa4c0b11eb00e99d8664cdd

SHA25619a0a894da829746bcd2ad40d71720456e75512e67e26b17893db02e70cf4710

Certificate Info

IssuerGoogle Trust Services

Subject18jms.com

Fingerprint4F:25:40:73:8F:DA:87:2C:C1:22:48:5B:59:C5:53:89:5A:0E:70:FF

ValidityMon, 03 Feb 2025 11:32:15 GMT - Sun, 04 May 2025 12:30:35 GMT

HTTP Headers

GET /template/xigua/images/favicon.ico HTTP/1.1
Host: www.18jms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 08 Feb 2025 04:44:14 GMT
content-type: image/x-icon
last-modified: Wed, 18 Aug 2021 13:28:16 GMT
etag: W/"611d0af0-10be"
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4bHkP6%2FxvxhzNg9RwqUwTo2yj0kIgPXxAaSTlFhOpewQHQlmqsKzJn3fDl%2BkCrK5XPTtFyMFSRt0Ku6Npi83XFSVRtmmOm7HJQXsOAzCXIW89cPrxQFssQzkOWOxy3lE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 90e8f69b29d65684-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1281&min_rtt=429&rtt_var=1626&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3190&recv_bytes=1098&delivery_rate=8059369&cwnd=254&unsent_bytes=0&cid=745669bb4d7ccac6&ts=1036&x=0"
X-Firefox-Spdy: h2

GET o1760.tjs72.buzz/favicon.png

172.67.146.29

200 OK

126 kB

URL GET HTTPS

o1760.tjs72.buzz/favicon.png

IP / ASN

172.67.146.29

#13335 CLOUDFLARENET

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typePNG image data, 601 x 618, 8-bit/color RGBA, non-interlaced

First Seen2024-05-30

Last Seen2025-06-13

Times Seen10

Size126 kB (125983 bytes)

MD554d1c07f20d43a901562f7070af3a350

SHA11fd32126726a07a813de76b54db6dc2fd7993f8a

SHA25687cbac5856482654d7f721f3b29f17391e0816742ec08fe794f38cf34e2129e7

Certificate Info

IssuerGoogle Trust Services

Subjecttjs72.buzz

Fingerprint79:A5:CA:60:18:FB:9E:89:FC:89:87:2A:69:82:72:99:03:13:A6:0F

ValidityThu, 23 Jan 2025 10:19:19 GMT - Wed, 23 Apr 2025 11:18:07 GMT

HTTP Headers

GET /favicon.png HTTP/1.1
Host: o1760.tjs72.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://o1760.tjs72.buzz/
DNT: 1
Connection: keep-alive
Cookie: _ga_CT5BTP05M6=GS1.1.1738989854.1.0.1738989854.0.0.0; _ga=GA1.1.1904863564.1738989855
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 08 Feb 2025 04:44:17 GMT
content-type: image/png
content-length: 125983
last-modified: Tue, 31 Oct 2023 17:40:32 GMT
etag: "1ec1f-60906a6bbe398"
cache-control: max-age=14400
cf-cache-status: HIT
age: 0
accept-ranges: bytes
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UJhcm9suiyVnutdFVf0vhUOVJ9LAzbwHJt1ShNI9sWq4ziz2gCwxHbOZgAHOZiim7VDNEduPFqaXuRcx2y3kDWXfk38TURpGzak8DGccTGOJ2RRc8%2FCu5deRGtYFUejOoLwG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90e8f6adcf120b45-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=5041&min_rtt=1004&rtt_var=2742&sent=859&recv=70&lost=0&retrans=1&sent_bytes=960294&recv_bytes=9024&delivery_rate=57137733&cwnd=70200&unsent_bytes=0&cid=a66135766530ee96&ts=5543&x=1", cfExtPri, cfHdrFlush;dur=0

GET 2ikmk.flyd56.buzz/

104.21.0.237

200 OK

24 kB

URL GET HTTPS

2ikmk.flyd56.buzz/

IP / ASN

104.21.0.237

#13335 CLOUDFLARENET

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeHTML document, Unicode text, UTF-8 text, with very long lines (484), with CRLF line terminators

First Seen2025-02-08

Last Seen2025-02-08

Times Seen1

Size24 kB (23585 bytes)

MD556cd4b7bc5ab24dde806ab6a83d13d4d

SHA1aa7dd665e0edb4a8ef81bac349b4f9e1726ba734

SHA256e7475e0d28ba5cbbbba39d7f1a0c145a0d77991fe9edd3e53a2c50a90fa90c5c

Certificate Info

IssuerGoogle Trust Services

Subjectflyd56.buzz

Fingerprint13:ED:EA:7D:BA:9B:3B:D5:79:10:97:E9:8D:AF:7E:82:8B:AF:F9:91

ValidityThu, 23 Jan 2025 10:20:31 GMT - Wed, 23 Apr 2025 11:17:36 GMT

HTTP Headers

GET / HTTP/1.1
Host: 2ikmk.flyd56.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 08 Feb 2025 04:44:17 GMT
content-type: text/html; charset=UTF-8
last-modified: Sat, 08 Feb 2025 04:02:55 GMT
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zget7W9Ah4pYEf7HI5pAFSs%2FrFJJ7UVhC1Xosy3ZtU7WNdZvJAQpB5K03xskSmzsrr0hAsU86V%2BMAvJnrG5%2BHbcNfGbDLELuhVxVReUIowmqvClUEKOQYapcKqbbZBImFW4oRQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90e8f6ab5932b512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1661&min_rtt=449&rtt_var=2444&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3198&recv_bytes=1079&delivery_rate=8165413&cwnd=254&unsent_bytes=0&cid=d4b75197b65cd55b&ts=1080&x=0"
X-Firefox-Spdy: h2

GET 9cha22.cc/MDassets/images/favicon.ico

0.0.0.0

0 B

URL GET HTTP

9cha22.cc/MDassets/images/favicon.ico

IP / ASN

0.0.0.0

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-09

Times Seen5738442

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /MDassets/images/favicon.ico HTTP/1.1
Host: 9cha22.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET www.shenyebjs.cc/template/video/favicon1.ico

0.0.0.0

0 B

URL GET HTTP

www.shenyebjs.cc/template/video/favicon1.ico

IP / ASN

0.0.0.0

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-09

Times Seen5738442

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /template/video/favicon1.ico HTTP/1.1
Host: www.shenyebjs.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET 3wf.52crs178.xyz/template/crsdh/images/favicon.png

0.0.0.0

302 Found

0 B

URL GET HTTPS

3wf.52crs178.xyz/template/crsdh/images/favicon.png

IP / ASN

0.0.0.0

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-09

Times Seen5738442

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerGoogle Trust Services

Subject52crs178.xyz

Fingerprint94:90:DD:5F:ED:37:89:14:85:5C:8B:64:EF:CD:9B:BA:84:AE:F4:EE

ValidityThu, 09 Jan 2025 12:09:10 GMT - Wed, 09 Apr 2025 13:06:15 GMT

HTTP Headers

GET /template/crsdh/images/favicon.png HTTP/1.1
Host: 3wf.52crs178.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Sat, 08 Feb 2025 04:44:14 GMT
content-type: text/html
location: https://zuiqiang.beiqiguaitan.cc/shu/22ye.html
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W%2FX5026zBc%2FAK2pRjBbkgtc8P6cN%2FvyrcOmNh26CbUdEFXm4npKymwqdD9zYiGmrgWvZqE6CijHfNN7ag1F2GYUxVKJNeLyBtkls5cjgJwohkzHcjeXzW8mnoslwF4xg9PQZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90e8f69cfaad56bd-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=826&min_rtt=408&rtt_var=811&sent=8&recv=11&lost=0&retrans=0&sent_bytes=3200&recv_bytes=1100&delivery_rate=7594405&cwnd=254&unsent_bytes=0&cid=ee75e9af6b0f4bc1&ts=1019&x=0"
X-Firefox-Spdy: h2

GET o1760.tjs72.buzz/skin/bld/index.css

172.67.146.29

200 OK

10 kB

URL GET HTTPS

o1760.tjs72.buzz/skin/bld/index.css

IP / ASN

172.67.146.29

#13335 CLOUDFLARENET

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeUnicode text, UTF-8 text, with very long lines (10088), with no line terminators

First Seen2024-09-28

Last Seen2025-03-15

Times Seen5

Size10 kB (10075 bytes)

MD5e0b3b9b895e35ff141dee887b1cdf894

SHA1c72511ea97c5bd00b9cce21f21e7392981f99f57

SHA2568acee55d765b1ef0bb87ebb5b4fae2646a857525b8212c12e7d81201551feaa5

Certificate Info

IssuerGoogle Trust Services

Subjecttjs72.buzz

Fingerprint79:A5:CA:60:18:FB:9E:89:FC:89:87:2A:69:82:72:99:03:13:A6:0F

ValidityThu, 23 Jan 2025 10:19:19 GMT - Wed, 23 Apr 2025 11:18:07 GMT

HTTP Headers

GET /skin/bld/index.css HTTP/1.1
Host: o1760.tjs72.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://o1760.tjs72.buzz/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 08 Feb 2025 04:44:12 GMT
content-type: text/css
last-modified: Tue, 31 Oct 2023 17:40:31 GMT
etag: W/"275b-60906a6b42b08"
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TtWOrXpfi6ogBZAkTocxeWP%2B9OsOLwc2CKNxC3vmjmmdjdz%2BVzIMgTZ3GZAT7y9kHQ4DttTfuBmgZpydpD0GW4MnqrCeRvEDt7rlnvzftRsy58qlU5BjDkDMOeey2KJB90z5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90e8f69108a10b45-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4312&min_rtt=2420&rtt_var=1777&sent=39&recv=22&lost=0&retrans=0&sent_bytes=19497&recv_bytes=5420&delivery_rate=17304&cwnd=24000&unsent_bytes=0&cid=a66135766530ee96&ts=726&x=1", cfExtPri, cfHdrFlush;dur=0

GET xn--zlz31p.jokerlu.today/favicon.ico

0.0.0.0

0 B

URL GET HTTP

xn--zlz31p.jokerlu.today/favicon.ico

IP / ASN

0.0.0.0

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-09

Times Seen5738442

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: xn--zlz31p.jokerlu.today
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET vd008-universe-portal-wap.chuanyuwenhua.com/favicon.ico?v=3

0.0.0.0

0 B

URL GET HTTP

vd008-universe-portal-wap.chuanyuwenhua.com/favicon.ico?v=3

IP / ASN

0.0.0.0

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-09

Times Seen5738442

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico?v=3 HTTP/1.1
Host: vd008-universe-portal-wap.chuanyuwenhua.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET anada8.xyz/go/d/file/tjimg/2024-09-04/71d0df1afbc2295bd39517c02ae589c7.jpg

172.67.217.229

301 Moved Permanently

49 kB

URL GET HTTPS

anada8.xyz/go/d/file/tjimg/2024-09-04/71d0df1afbc2295bd39517c02ae589c7.jpg

IP / ASN

172.67.217.229

#13335 CLOUDFLARENET

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-09

Times Seen5738442

Size49 kB (49136 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerGoogle Trust Services

Subjectanada8.xyz

FingerprintDB:01:5E:98:35:77:4E:CD:A4:62:52:17:F9:D4:C4:55:EE:E9:4C:B4

ValidityThu, 09 Jan 2025 18:20:53 GMT - Wed, 09 Apr 2025 19:19:13 GMT

HTTP Headers

GET /go/d/file/tjimg/2024-09-04/71d0df1afbc2295bd39517c02ae589c7.jpg HTTP/1.1
Host: anada8.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Sat, 08 Feb 2025 04:44:14 GMT
content-type: text/html; charset=UTF-8
location: https://ni240.zfp79.buzz/d/file/tjimg/2024-09-04/71d0df1afbc2295bd39517c02ae589c7.jpg
x-powered-by: PHP/5.4.16
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RLDpm0E9nN2WBzfzJHKkddhMLrJqU0mlknLjX77p93q4prOejCaPk%2FOitjZLcZ4WyLnxpQVHSxklIBs9pNys7tP67cDjSY9vVN0JUkZsLXmtUWACYvbaKnsxAiQD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90e8f6937b850b55-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=903&min_rtt=405&rtt_var=747&sent=23&recv=29&lost=0&retrans=1&sent_bytes=6687&recv_bytes=1897&delivery_rate=6542168&cwnd=252&unsent_bytes=0&cid=b14a8449ab06f216&ts=1515&x=0"
X-Firefox-Spdy: h2

GET o1760.tjs72.buzz/skin/fonts/fontawesome-webfont.woff2?v=4.7.0

172.67.146.29

200 OK

77 kB

URL GET HTTPS

o1760.tjs72.buzz/skin/fonts/fontawesome-webfont.woff2?v=4.7.0

IP / ASN

172.67.146.29

#13335 CLOUDFLARENET

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeWeb Open Font Format (Version 2), TrueType, length 77160, version 4.459

First Seen2023-04-05

Last Seen2025-08-09

Times Seen173608

Size77 kB (77160 bytes)

MD5af7ae505a9eed503f8b8e6982036873e

SHA1d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c

SHA2562adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Certificate Info

IssuerGoogle Trust Services

Subjecttjs72.buzz

Fingerprint79:A5:CA:60:18:FB:9E:89:FC:89:87:2A:69:82:72:99:03:13:A6:0F

ValidityThu, 23 Jan 2025 10:19:19 GMT - Wed, 23 Apr 2025 11:18:07 GMT

HTTP Headers

GET /skin/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: o1760.tjs72.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/skin/bld/font-awesome.min.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 08 Feb 2025 04:44:14 GMT
content-length: 77160
last-modified: Tue, 31 Oct 2023 17:40:31 GMT
etag: "12d68-60906a6b49098"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GVv2747%2FeSUfq3r6y8n1YIdPL%2Bk1lKvKA1PVOg6a%2B7PUDGaU2dI5rFAsowL7C6rOaRHuJnPxdz6CK2vhmIfjSBS7Z5y0hv7%2BOjUwvgtURPAFXiz0LM36vfgcADr2cd79GTzj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90e8f698da8b0b45-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2891&min_rtt=1004&rtt_var=1645&sent=228&recv=47&lost=0&retrans=1&sent_bytes=231433&recv_bytes=7375&delivery_rate=3007&cwnd=50400&unsent_bytes=0&cid=a66135766530ee96&ts=2550&x=1", cfExtPri, cfHdrFlush;dur=0

GET kb17.xxxooav8cd345.xyz/upload/site/20240112-1/3b0754ec3a7e645bbe635cd9d8a3bd99.png

172.67.170.209

404 Not Found

0 B

URL GET HTTPS

kb17.xxxooav8cd345.xyz/upload/site/20240112-1/3b0754ec3a7e645bbe635cd9d8a3bd99.png

IP / ASN

172.67.170.209

#13335 CLOUDFLARENET

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-09

Times Seen5738442

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerGoogle Trust Services

Subjectxxxooav8cd345.xyz

FingerprintEA:AF:BF:FC:11:AB:48:B0:B9:2B:A2:81:B7:8A:40:08:35:4F:9E:BC

ValidityFri, 10 Jan 2025 03:41:16 GMT - Thu, 10 Apr 2025 04:38:52 GMT

HTTP Headers

GET /upload/site/20240112-1/3b0754ec3a7e645bbe635cd9d8a3bd99.png HTTP/1.1
Host: kb17.xxxooav8cd345.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
date: Sat, 08 Feb 2025 04:44:13 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bzpYUrOg%2BWAxn%2FatRF2TsIu4EpyVBGGljtf4S8ZbxukwycUCMVZD0kLAcXt32vm0Cd5I5HRFiN6b9Etf9q1%2BOG8IPYFZ3Rd%2FYfweErWMS7l%2Boa0mh47RD%2B3YjQXIdCHPyG1aKejaxtwh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 90e8f693cc3356ae-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=2039&min_rtt=419&rtt_var=3249&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3290&recv_bytes=1259&delivery_rate=7240000&cwnd=254&unsent_bytes=0&cid=57a6820d43f6d8bc&ts=780&x=0"
X-Firefox-Spdy: h2

GET 7788.vywaax.com/favicon.ico

0.0.0.0

0 B

URL GET HTTP

7788.vywaax.com/favicon.ico

IP / ASN

0.0.0.0

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-09

Times Seen5738442

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 7788.vywaax.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET o1760.tjs72.buzz/skin/bld/layer.css

172.67.146.29

200 OK

14 kB

URL GET HTTPS

o1760.tjs72.buzz/skin/bld/layer.css

IP / ASN

172.67.146.29

#13335 CLOUDFLARENET

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeASCII text, with very long lines (14367), with no line terminators

First Seen2023-04-05

Last Seen2025-08-09

Times Seen2390

Size14 kB (14367 bytes)

MD53d2e0d91c5c0b96abb8dbdc2234aba77

SHA19d55e153b30fd7414fada5718e20918e9c7f65e7

SHA256e3144d018a6a24f733c6fc2a2ee603fb583f0030585e9d4b71bec471b78e31fc

Certificate Info

IssuerGoogle Trust Services

Subjecttjs72.buzz

Fingerprint79:A5:CA:60:18:FB:9E:89:FC:89:87:2A:69:82:72:99:03:13:A6:0F

ValidityThu, 23 Jan 2025 10:19:19 GMT - Wed, 23 Apr 2025 11:18:07 GMT

HTTP Headers

GET /skin/bld/layer.css HTTP/1.1
Host: o1760.tjs72.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://o1760.tjs72.buzz/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 08 Feb 2025 04:44:12 GMT
content-type: text/css
last-modified: Tue, 31 Oct 2023 17:40:31 GMT
etag: W/"381f-60906a6b44e30"
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Pr5v%2BWY4ZgMOf2HY%2FGMDhl40Pu1jnXDUwdGkfjIzQMuxxgQ0tMUGjsyvztdVZ5LSmO9tPbOES9VUKcxFL7MS0j%2BAxNib0ZaQNT2mzQcydH6j2Aq68pRtwJgCMM%2FJCI%2BOE3d%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90e8f69128aa0b45-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=5663&min_rtt=2420&rtt_var=2775&sent=73&recv=27&lost=0&retrans=0&sent_bytes=58177&recv_bytes=5642&delivery_rate=344826&cwnd=24000&unsent_bytes=0&cid=a66135766530ee96&ts=900&x=1", cfExtPri, cfHdrFlush;dur=0

GET btrxq10.xyz/static/images/favicon.png

0.0.0.0

0 B

URL GET HTTP

btrxq10.xyz/static/images/favicon.png

IP / ASN

0.0.0.0

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-09

Times Seen5738442

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/images/favicon.png HTTP/1.1
Host: btrxq10.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET www.36huo126che.xyz/template/36huoche/images/logo.png

0.0.0.0

0 B

URL GET HTTP

www.36huo126che.xyz/template/36huoche/images/logo.png

IP / ASN

0.0.0.0

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-09

Times Seen5738442

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /template/36huoche/images/logo.png HTTP/1.1
Host: www.36huo126che.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET www.shenyebjs.cc/template/video/favicon1.ico

0.0.0.0

0 B

URL GET HTTP

www.shenyebjs.cc/template/video/favicon1.ico

IP / ASN

0.0.0.0

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-09

Times Seen5738442

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /template/video/favicon1.ico HTTP/1.1
Host: www.shenyebjs.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET tt.lltt105.top/template/conch/asset/img/ios_fav.png

0.0.0.0

0 B

URL GET HTTP

tt.lltt105.top/template/conch/asset/img/ios_fav.png

IP / ASN

0.0.0.0

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-09

Times Seen5738442

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /template/conch/asset/img/ios_fav.png HTTP/1.1
Host: tt.lltt105.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET www.mmcku.click/template/mmck/favicon.ico

103.224.212.215

403 Forbidden

0 B

URL GET HTTPS

www.mmcku.click/template/mmck/favicon.ico

IP / ASN

103.224.212.215

#133618 Trellian Pty. Limited

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-09

Times Seen5738442

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subjectpornoakt.click

Fingerprint58:9D:DA:9D:18:EF:58:A7:0A:D5:A8:B2:FB:17:E2:84:CD:D0:20:BF

ValiditySat, 28 Dec 2024 07:59:56 GMT - Fri, 28 Mar 2025 07:59:55 GMT

HTTP Headers

GET /template/mmck/favicon.ico HTTP/1.1
Host: www.mmcku.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 403 Forbidden
cache-control: no-cache
content-type: text/html

GET hxzdh13.top/favicon.png

0.0.0.0

0 B

URL GET HTTP

hxzdh13.top/favicon.png

IP / ASN

0.0.0.0

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-09

Times Seen5738442

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.png HTTP/1.1
Host: hxzdh13.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET o1760.tjs72.buzz/skin/bld/layer.min.js

172.67.146.29

200 OK

22 kB

URL GET HTTPS

o1760.tjs72.buzz/skin/bld/layer.min.js

IP / ASN

172.67.146.29

#13335 CLOUDFLARENET

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeJavaScript source, ASCII text, with very long lines (21713), with no line terminators

First Seen2023-03-07

Last Seen2025-08-09

Times Seen166

Size22 kB (21713 bytes)

MD5060444af631570264c5b3f957e26f5e3

SHA18278c4d47ac985481da0e5efb922457eaaf1dc0c

SHA2567ed41c1149adf244bf700213886bfe8648d164942eb68527a7476bb7955c5af9

Certificate Info

IssuerGoogle Trust Services

Subjecttjs72.buzz

Fingerprint79:A5:CA:60:18:FB:9E:89:FC:89:87:2A:69:82:72:99:03:13:A6:0F

ValidityThu, 23 Jan 2025 10:19:19 GMT - Wed, 23 Apr 2025 11:18:07 GMT

HTTP Headers

GET /skin/bld/layer.min.js HTTP/1.1
Host: o1760.tjs72.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://o1760.tjs72.buzz/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 08 Feb 2025 04:44:12 GMT
content-type: application/javascript
last-modified: Tue, 31 Oct 2023 17:40:31 GMT
etag: W/"54d1-60906a6b42b08"
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=liHQSK%2BHeLsY2yyA6hagYq1as2CqbeDAw5hT6svtywp%2BVsgRVqF90Rkh4dGMKv7Pb8E492JlKo8SxdJzrFEDqTSzN3rIpxzoIIoZ%2F5gF5n47BdjJ74mqw5b876ktmgZ0JiHE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90e8f69118a70b45-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=5215&min_rtt=2080&rtt_var=2977&sent=76&recv=28&lost=0&retrans=0&sent_bytes=61754&recv_bytes=5688&delivery_rate=1718930&cwnd=24000&unsent_bytes=0&cid=a66135766530ee96&ts=919&x=1", cfExtPri, cfHdrFlush;dur=0

GET anada8.xyz/go/d/file/tjimg/2024-07-11/0528827e984eec388e4f57ce13c5556c.gif

172.67.217.229

301 Moved Permanently

214 kB

URL GET HTTPS

anada8.xyz/go/d/file/tjimg/2024-07-11/0528827e984eec388e4f57ce13c5556c.gif

IP / ASN

172.67.217.229

#13335 CLOUDFLARENET

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-09

Times Seen5738442

Size214 kB (213615 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerGoogle Trust Services

Subjectanada8.xyz

FingerprintDB:01:5E:98:35:77:4E:CD:A4:62:52:17:F9:D4:C4:55:EE:E9:4C:B4

ValidityThu, 09 Jan 2025 18:20:53 GMT - Wed, 09 Apr 2025 19:19:13 GMT

HTTP Headers

GET /go/d/file/tjimg/2024-07-11/0528827e984eec388e4f57ce13c5556c.gif HTTP/1.1
Host: anada8.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Sat, 08 Feb 2025 04:44:13 GMT
content-type: text/html; charset=UTF-8
location: https://ni240.zfp79.buzz/d/file/tjimg/2024-07-11/0528827e984eec388e4f57ce13c5556c.gif
x-powered-by: PHP/5.4.16
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n%2BlmBneptze%2Bv39gdNKE6z2x4fYwLTuMYya39wKfGRlRm4kmjtnX0fXBABAsZTcpjwyl6ZrRpQ8cxte45kHpdga2WXNqYN5v%2BIbkNHfmVy1VtTCdO9x0ILZf%2F4eD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90e8f6932b760b55-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1424&min_rtt=405&rtt_var=2016&sent=10&recv=18&lost=0&retrans=0&sent_bytes=3197&recv_bytes=1897&delivery_rate=6542168&cwnd=249&unsent_bytes=0&cid=b14a8449ab06f216&ts=545&x=0"
X-Firefox-Spdy: h2

GET dbdh1.xyz/favicon.ico

103.224.212.213

403 Forbidden

0 B

URL GET HTTPS

dbdh1.xyz/favicon.ico

IP / ASN

103.224.212.213

#133618 Trellian Pty. Limited

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-09

Times Seen5738442

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subject365ccc.xyz

Fingerprint54:CE:13:4F:FF:4D:0C:30:B0:08:11:5D:26:A9:D8:DF:B6:17:73:7B

ValiditySat, 28 Dec 2024 17:40:35 GMT - Fri, 28 Mar 2025 17:40:34 GMT

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: dbdh1.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 403 Forbidden
cache-control: no-cache
content-type: text/html

GET gqzmnactv.one/upload/vod/20230720-1/fb96dcc23413bd62f816ee229124749e.png

0.0.0.0

0 B

URL GET HTTP

gqzmnactv.one/upload/vod/20230720-1/fb96dcc23413bd62f816ee229124749e.png

IP / ASN

0.0.0.0

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-09

Times Seen5738442

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /upload/vod/20230720-1/fb96dcc23413bd62f816ee229124749e.png HTTP/1.1
Host: gqzmnactv.one
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET www.xinaicy.top/template/video/favicon.ico

0.0.0.0

0 B

URL GET HTTP

www.xinaicy.top/template/video/favicon.ico

IP / ASN

0.0.0.0

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-09

Times Seen5738442

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /template/video/favicon.ico HTTP/1.1
Host: www.xinaicy.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET www.pinkdh.xyz/template/pinkbao/favicon.png

103.224.212.212

403 Forbidden

0 B

URL GET HTTPS

www.pinkdh.xyz/template/pinkbao/favicon.png

IP / ASN

103.224.212.212

#133618 Trellian Pty. Limited

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-09

Times Seen5738442

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subjectdeadendcomic.xyz

Fingerprint7E:0C:40:05:FE:78:98:9E:BC:A7:A8:C5:EE:20:1C:BB:01:70:B0:1D

ValiditySat, 28 Dec 2024 17:42:00 GMT - Fri, 28 Mar 2025 17:41:59 GMT

HTTP Headers

GET /template/pinkbao/favicon.png HTTP/1.1
Host: www.pinkdh.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 403 Forbidden
cache-control: no-cache
content-type: text/html

GET anada8.xyz/go/d/file/tjimg/2024-06-09/63e4da58ba98cf497367417165ea21c6.gif

172.67.217.229

301 Moved Permanently

141 kB

URL GET HTTPS

anada8.xyz/go/d/file/tjimg/2024-06-09/63e4da58ba98cf497367417165ea21c6.gif

IP / ASN

172.67.217.229

#13335 CLOUDFLARENET

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-09

Times Seen5738442

Size141 kB (140695 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerGoogle Trust Services

Subjectanada8.xyz

FingerprintDB:01:5E:98:35:77:4E:CD:A4:62:52:17:F9:D4:C4:55:EE:E9:4C:B4

ValidityThu, 09 Jan 2025 18:20:53 GMT - Wed, 09 Apr 2025 19:19:13 GMT

HTTP Headers

GET /go/d/file/tjimg/2024-06-09/63e4da58ba98cf497367417165ea21c6.gif HTTP/1.1
Host: anada8.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Sat, 08 Feb 2025 04:44:13 GMT
content-type: text/html; charset=UTF-8
location: https://ni240.zfp79.buzz/d/file/tjimg/2024-06-09/63e4da58ba98cf497367417165ea21c6.gif
x-powered-by: PHP/5.4.16
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OwJxFeezlAU4j3YHMo50Or3yOd4dmE6gNCWiOoB8yuULePJz0wj%2BDO1ICeuOk2kCuS6ezY8w2ePzf9umjL6s4iz0OZJQ6Xb%2BP2CDbuiSgg9%2FM2v5hvY2SVzKw74s"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90e8f6934b7d0b55-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1996&min_rtt=405&rtt_var=2656&sent=13&recv=19&lost=0&retrans=1&sent_bytes=3953&recv_bytes=1897&delivery_rate=6542168&cwnd=252&unsent_bytes=0&cid=b14a8449ab06f216&ts=565&x=0"
X-Firefox-Spdy: h2

GET www.xinaicy.top/template/video/favicon.ico

0.0.0.0

0 B

URL GET HTTP

www.xinaicy.top/template/video/favicon.ico

IP / ASN

0.0.0.0

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-09

Times Seen5738442

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /template/video/favicon.ico HTTP/1.1
Host: www.xinaicy.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET stringgame2.gozfpup.buzz/d/file/mz/2023-01-29/8299edb25e008a2cf2cf542449ad3c49.ico

103.224.182.208

403 Forbidden

0 B

URL GET HTTPS

stringgame2.gozfpup.buzz/d/file/mz/2023-01-29/8299edb25e008a2cf2cf542449ad3c49.ico

IP / ASN

103.224.182.208

#133618 Trellian Pty. Limited

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-09

Times Seen5738442

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subjectbyrondesignercollective.com.au

Fingerprint7F:15:63:9F:68:6C:CD:C1:E4:B4:13:D5:06:E3:74:F4:4F:6F:C4:1C

ValiditySun, 22 Dec 2024 23:22:21 GMT - Sat, 22 Mar 2025 23:22:20 GMT

HTTP Headers

GET /d/file/mz/2023-01-29/8299edb25e008a2cf2cf542449ad3c49.ico HTTP/1.1
Host: stringgame2.gozfpup.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 403 Forbidden
cache-control: no-cache
content-type: text/html

GET sld9.buzz/favicon.ico

0.0.0.0

0 B

URL GET HTTP

sld9.buzz/favicon.ico

IP / ASN

0.0.0.0

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-09

Times Seen5738442

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: sld9.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET www.supxxx.me/favicon.ico

103.224.212.214

403 Forbidden

0 B

URL GET HTTPS

www.supxxx.me/favicon.ico

IP / ASN

103.224.212.214

#133618 Trellian Pty. Limited

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-09

Times Seen5738442

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subjectoralitystrategies.org

Fingerprint60:FD:70:78:FF:FE:C0:8D:15:8A:31:BD:C3:C4:CC:A7:1E:32:7B:89

ValidityMon, 23 Dec 2024 12:38:12 GMT - Sun, 23 Mar 2025 12:38:11 GMT

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.supxxx.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 403 Forbidden
cache-control: no-cache
content-type: text/html

GET o1760.tjs72.buzz/

172.67.146.29

200 OK

26 kB

URL User Request GET HTTPS

o1760.tjs72.buzz/

IP / ASN

172.67.146.29

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-09

Times Seen5738442

Size26 kB (25643 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerGoogle Trust Services

Subjecttjs72.buzz

Fingerprint79:A5:CA:60:18:FB:9E:89:FC:89:87:2A:69:82:72:99:03:13:A6:0F

ValidityThu, 23 Jan 2025 10:19:19 GMT - Wed, 23 Apr 2025 11:18:07 GMT

HTTP Headers

GET / HTTP/1.1
Host: o1760.tjs72.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 08 Feb 2025 04:44:12 GMT
content-type: text/html; charset=UTF-8
last-modified: Sat, 08 Feb 2025 00:42:46 GMT
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DHQRrripDQkbDbY6kkjozz5%2B0YQsco%2FKfsYjHIYljJb5%2BdVEMSkcW1tupNmVrbFKKSm5uP3cGMlCBaAq1JXTyRgy%2F%2FtYMr7SNE1BZSY2dFGH8tm5G%2FSfI5L2P%2F2Tz1pAQXBF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90e8f68b4e1356a4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=5647&min_rtt=448&rtt_var=10427&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3270&recv_bytes=1255&delivery_rate=7841155&cwnd=254&unsent_bytes=0&cid=e34919ec55dc54c4&ts=625&x=0"
X-Firefox-Spdy: h2

GET 17sjx.net/static/frontend/images/favicon.ico

0.0.0.0

200 OK

0 B

URL GET HTTPS

17sjx.net/static/frontend/images/favicon.ico

IP / ASN

0.0.0.0

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-09

Times Seen5738442

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerGoogle Trust Services

Subject17sjx.net

Fingerprint3F:96:CE:37:BD:1D:8C:C4:35:65:4C:BA:F1:56:97:36:2C:31:42:BB

ValidityFri, 03 Jan 2025 14:02:04 GMT - Thu, 03 Apr 2025 15:00:11 GMT

HTTP Headers

GET /static/frontend/images/favicon.ico HTTP/1.1
Host: 17sjx.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 08 Feb 2025 04:44:12 GMT
content-type: image/x-icon
last-modified: Wed, 06 Nov 2024 03:28:59 GMT
etag: W/"672ae27b-423e"
cache-control: max-age=14400
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KqKCx5RmjcwtvBrKl6kjySMXtN%2BVnqh%2BH%2FFaRL3h0zIvUjcbmeCjSZwogk1xOYzt2TEVbnZV%2FcziQdegoF%2FJhDSxFecKMQ%2BAHgXx2ALIVU1oeZdNsBJG%2FUV%2FgtU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90e8f693baa3b523-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=2730&min_rtt=443&rtt_var=4533&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3269&recv_bytes=1217&delivery_rate=6561933&cwnd=254&unsent_bytes=0&cid=d379efd8acd7713a&ts=402&x=0"
X-Firefox-Spdy: h2

GET www.juzihot.top/template/juzi/favicon.ico

103.224.182.248

403 Forbidden

0 B

URL GET HTTPS

www.juzihot.top/template/juzi/favicon.ico

IP / ASN

103.224.182.248

#133618 Trellian Pty. Limited

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-09

Times Seen5738442

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subjectplayonhunt.com

FingerprintAC:13:BC:92:98:C7:67:CD:6C:48:84:39:7C:9C:61:47:E1:96:5A:5D

ValidityWed, 15 Jan 2025 05:22:10 GMT - Tue, 15 Apr 2025 05:22:09 GMT

HTTP Headers

GET /template/juzi/favicon.ico HTTP/1.1
Host: www.juzihot.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 403 Forbidden
cache-control: no-cache
content-type: text/html

GET ni240.zfp79.buzz/d/file/fl/2024-09-06/c8b90b293737c4c9c4ae0c44bfea6030.gif

104.21.48.1

200 OK

916 kB

URL GET HTTPS

ni240.zfp79.buzz/d/file/fl/2024-09-06/c8b90b293737c4c9c4ae0c44bfea6030.gif

IP / ASN

104.21.48.1

#13335 CLOUDFLARENET

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeGIF image data, version 89a, 950 x 120

First Seen2024-09-22

Last Seen2025-06-13

Times Seen9

Size916 kB (915513 bytes)

MD5843547cc5c76b40e3192d59c812b14db

SHA1e828a29e3c92718b512033163340ad261c584a75

SHA256adb007f5e191cb60edc010f6281e9dffd660be3b361f4da22a27bf36a9b268d7

Certificate Info

IssuerGoogle Trust Services

Subjectzfp79.buzz

Fingerprint30:3A:0D:DB:98:CB:EF:46:7A:1A:77:36:EC:0D:96:EF:7B:81:0B:66

ValidityThu, 23 Jan 2025 10:21:33 GMT - Wed, 23 Apr 2025 11:17:19 GMT

HTTP Headers

GET /d/file/fl/2024-09-06/c8b90b293737c4c9c4ae0c44bfea6030.gif HTTP/1.1
Host: ni240.zfp79.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 08 Feb 2025 04:44:15 GMT
content-type: image/gif
content-length: 915513
last-modified: Fri, 06 Sep 2024 08:21:54 GMT
etag: "df839-6216f198f746c"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lvWRUCkbo3P61%2FIBXO5Skv5x81Pjbrk3Ea7Dam942Yrv9fcajbG0mIiJTp0DUhrQ1HvvNshZ5V7SFiTO0mtKCkqHH0CVlXIkACy%2BOHUokBuipxi9ol2xNrReYlf%2B8eT3agl4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90e8f69f4c7b56a2-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=911&min_rtt=365&rtt_var=120&sent=263&recv=192&lost=0&retrans=0&sent_bytes=340617&recv_bytes=2320&delivery_rate=55573560&cwnd=251&unsent_bytes=0&cid=505110b8474018e8&ts=1805&x=0"
X-Firefox-Spdy: h2

GET o1760.tjs72.buzz/skin/bld/jquery.min.js

172.67.146.29

200 OK

83 kB

URL GET HTTPS

o1760.tjs72.buzz/skin/bld/jquery.min.js

IP / ASN

172.67.146.29

#13335 CLOUDFLARENET

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeJavaScript source, ASCII text, with very long lines (32110)

First Seen2023-03-07

Last Seen2025-08-08

Times Seen1068

Size83 kB (83095 bytes)

MD52edc942c0bd2476be8967a9f788d9e26

SHA10be05c714a7e6cf28fe692629ece5b3769901dca

SHA256d482871a5e948cb4884fa0972ea98a81abca057b6bd3f8c995a18c12487e761c

Certificate Info

IssuerGoogle Trust Services

Subjecttjs72.buzz

Fingerprint79:A5:CA:60:18:FB:9E:89:FC:89:87:2A:69:82:72:99:03:13:A6:0F

ValidityThu, 23 Jan 2025 10:19:19 GMT - Wed, 23 Apr 2025 11:18:07 GMT

HTTP Headers

GET /skin/bld/jquery.min.js HTTP/1.1
Host: o1760.tjs72.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://o1760.tjs72.buzz/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 08 Feb 2025 04:44:13 GMT
content-type: application/javascript
last-modified: Tue, 31 Oct 2023 17:40:31 GMT
etag: W/"14497-60906a6b432d8"
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ib3BOp9w48i5qqVnCvoh%2BIl5weXqi1fKbbRLdXkwgXOalSaKN2TLVDObew42HnfHHE7BN%2FtHdYgpM6ZfCZhWoN0c996pTEOKBiTsbX4MBHnGj4CHU101xQZyDNI7ONFOGcJu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90e8f69118a60b45-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2562&min_rtt=1004&rtt_var=1012&sent=196&recv=41&lost=0&retrans=0&sent_bytes=198143&recv_bytes=6279&delivery_rate=2508833&cwnd=50400&unsent_bytes=0&cid=a66135766530ee96&ts=1249&x=1", cfExtPri, cfHdrFlush;dur=0

GET np49.vip/static/favicon.ico

0.0.0.0

0 B

URL GET HTTP

np49.vip/static/favicon.ico

IP / ASN

0.0.0.0

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-09

Times Seen5738442

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/favicon.ico HTTP/1.1
Host: np49.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET stringgame2.gozfpup.buzz/skin/1jia0/more/images/favicon.ico

103.224.182.208

403 Forbidden

0 B

URL GET HTTPS

stringgame2.gozfpup.buzz/skin/1jia0/more/images/favicon.ico

IP / ASN

103.224.182.208

#133618 Trellian Pty. Limited

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-09

Times Seen5738442

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subjectbyrondesignercollective.com.au

Fingerprint7F:15:63:9F:68:6C:CD:C1:E4:B4:13:D5:06:E3:74:F4:4F:6F:C4:1C

ValiditySun, 22 Dec 2024 23:22:21 GMT - Sat, 22 Mar 2025 23:22:20 GMT

HTTP Headers

GET /skin/1jia0/more/images/favicon.ico HTTP/1.1
Host: stringgame2.gozfpup.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 403 Forbidden
cache-control: no-cache
content-type: text/html

GET smdh13.xyz/template/smdh/img/logo2.png

0.0.0.0

0 B

URL GET HTTP

smdh13.xyz/template/smdh/img/logo2.png

IP / ASN

0.0.0.0

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-09

Times Seen5738442

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /template/smdh/img/logo2.png HTTP/1.1
Host: smdh13.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET www.jp9.xyz/favicon.ico

103.224.212.210

403 Forbidden

0 B

URL GET HTTPS

www.jp9.xyz/favicon.ico

IP / ASN

103.224.212.210

#133618 Trellian Pty. Limited

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-09

Times Seen5738442

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subjectsystem55.g.vbrplsbx.io

Fingerprint9E:80:5B:73:F3:91:CC:07:FE:C0:32:A0:47:28:F0:C8:84:B5:07:72

ValidityWed, 01 Jan 2025 01:40:41 GMT - Tue, 01 Apr 2025 01:40:40 GMT

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.jp9.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 403 Forbidden
cache-control: no-cache
content-type: text/html

GET yn18jpo.buzz/static/template/yn18j/img/favicon.ico

0.0.0.0

200 OK

0 B

URL GET HTTPS

yn18jpo.buzz/static/template/yn18j/img/favicon.ico

IP / ASN

0.0.0.0

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-09

Times Seen5738442

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerGoogle Trust Services

Subjectyn18jpo.buzz

FingerprintDC:08:B9:84:59:27:87:05:03:37:46:37:22:9E:9C:7F:4B:5D:E7:D2

ValidityFri, 03 Jan 2025 08:58:14 GMT - Thu, 03 Apr 2025 09:55:22 GMT

HTTP Headers

GET /static/template/yn18j/img/favicon.ico HTTP/1.1
Host: yn18jpo.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 08 Feb 2025 04:44:15 GMT
content-type: image/x-icon
last-modified: Wed, 28 Feb 2024 08:23:13 GMT
etag: W/"65deed71-9ad"
access-control-allow-origin: *
cache-control: max-age=1200
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nDSMJt2Blpx1gPdkn5dZTH5NZPyBnRd01GbLnz8lVUV5jjsNCUC6rZSk%2B00Zm3EzuKcUncfSI9sXczalHuvKj1PqeMbjMjfIfY4tNc3cNtegaqVUYH6nc6isa%2BENbpg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90e8f69f0c4b5699-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=481&min_rtt=389&rtt_var=135&sent=8&recv=12&lost=0&retrans=0&sent_bytes=3277&recv_bytes=1226&delivery_rate=6884310&cwnd=251&unsent_bytes=0&cid=87473798200dc734&ts=1445&x=0"
X-Firefox-Spdy: h2

GET ni240.zfp79.buzz/d/file/tjimg/2024-01-17/905be146036ae20aa797d32778ae31e3.png

104.21.48.1

200 OK

16 kB

URL GET HTTPS

ni240.zfp79.buzz/d/file/tjimg/2024-01-17/905be146036ae20aa797d32778ae31e3.png

IP / ASN

104.21.48.1

#13335 CLOUDFLARENET

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typePNG image data, 400 x 400, 8-bit/color RGBA, non-interlaced

First Seen2024-04-24

Last Seen2025-06-11

Times Seen27

Size16 kB (16309 bytes)

MD5ead1099b1bf7e95a226637c5d59ab524

SHA12cc47efcd89c218d9bf87a5b7611c8b0aba2b94f

SHA256ad084f71461ed881eaa4cc41f9dc80b47b3aa9e4cfd793d6e2d04712e2e302bc

Certificate Info

IssuerGoogle Trust Services

Subjectzfp79.buzz

Fingerprint30:3A:0D:DB:98:CB:EF:46:7A:1A:77:36:EC:0D:96:EF:7B:81:0B:66

ValidityThu, 23 Jan 2025 10:21:33 GMT - Wed, 23 Apr 2025 11:17:19 GMT

HTTP Headers

GET /d/file/tjimg/2024-01-17/905be146036ae20aa797d32778ae31e3.png HTTP/1.1
Host: ni240.zfp79.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 08 Feb 2025 04:44:15 GMT
content-type: image/png
content-length: 16309
last-modified: Wed, 17 Jan 2024 12:17:40 GMT
etag: "3fb5-60f233bb1f0c2"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6%2BKA3Mm8dtU9ieRJ5by2Ujmxm6%2FS8zWm%2FkPySPLHTSOwm%2FRyBKxSpWnMXrlXf3hhkbfqe%2BBM9sk%2FSxs12zTwda31toj%2BoeiIM%2FJRjTCqic3eg3UeNHowKwaM6Z1oGOiYmrTL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90e8f69f4c7656a2-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=621&min_rtt=383&rtt_var=450&sent=18&recv=24&lost=0&retrans=0&sent_bytes=11441&recv_bytes=2320&delivery_rate=7841155&cwnd=251&unsent_bytes=0&cid=505110b8474018e8&ts=1393&x=0"
X-Firefox-Spdy: h2

GET yuenuge178.xyz/favicon.ico

0.0.0.0

0 B

URL GET HTTP

yuenuge178.xyz/favicon.ico

IP / ASN

0.0.0.0

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-09

Times Seen5738442

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: yuenuge178.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET www.ywtv.top/template/yuwangcs/favicon.ico

0.0.0.0

0 B

URL GET HTTP

www.ywtv.top/template/yuwangcs/favicon.ico

IP / ASN

0.0.0.0

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-09

Times Seen5738442

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /template/yuwangcs/favicon.ico HTTP/1.1
Host: www.ywtv.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET gogogo.falbycd.xyz/flyd/

0.0.0.0

301 Moved Permanently

0 B

URL GET HTTPS

gogogo.falbycd.xyz/flyd/

IP / ASN

0.0.0.0

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-09

Times Seen5738442

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerGoogle Trust Services

Subjectfalbycd.xyz

Fingerprint89:EA:88:DB:37:EB:D3:2D:26:98:5D:5A:1D:2A:70:07:37:45:C3:2A

ValidityFri, 03 Jan 2025 06:47:08 GMT - Thu, 03 Apr 2025 07:44:16 GMT

HTTP Headers

GET /flyd/ HTTP/1.1
Host: gogogo.falbycd.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Sat, 08 Feb 2025 04:44:15 GMT
content-type: text/html; charset=UTF-8
location: https://2ikmk.flyd56.buzz/
x-powered-by: PHP/5.4.16
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0UERwdMwVnKFEs%2Blpqv1o%2F3H0z0g0l4ZUc7Cxjt9Nz6VxbyU%2F2uVxrMCBSlqD2b6hSynfLUBk5NXXMqXj9xoay5j4D%2BMwpbcPcnJW4lVIsxOZQ6PknFg81tG6lLGfbAEF9K5r24%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90e8f6a478a3b51e-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1064&min_rtt=411&rtt_var=1273&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3272&recv_bytes=1214&delivery_rate=8653386&cwnd=254&unsent_bytes=0&cid=670b813e702a627e&ts=1264&x=0"
X-Firefox-Spdy: h2

GET www.ywtv.top/template/yuwangcs/favicon.ico

0.0.0.0

0 B

URL GET HTTP

www.ywtv.top/template/yuwangcs/favicon.ico

IP / ASN

0.0.0.0

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-09

Times Seen5738442

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /template/yuwangcs/favicon.ico HTTP/1.1
Host: www.ywtv.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET xn--zlz31p.jokerlu.today/favicon.ico

0.0.0.0

0 B

URL GET HTTP

xn--zlz31p.jokerlu.today/favicon.ico

IP / ASN

0.0.0.0

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-09

Times Seen5738442

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: xn--zlz31p.jokerlu.today
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET hxzdh13.top/favicon.png

0.0.0.0

0 B

URL GET HTTP

hxzdh13.top/favicon.png

IP / ASN

0.0.0.0

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-09

Times Seen5738442

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.png HTTP/1.1
Host: hxzdh13.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET 95c824xiuxiu275.kaiche2.com/template/kaiche/images/favicon.png

104.21.19.126

404 Not Found

0 B

URL GET HTTPS

95c824xiuxiu275.kaiche2.com/template/kaiche/images/favicon.png

IP / ASN

104.21.19.126

#13335 CLOUDFLARENET

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-09

Times Seen5738442

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerGoogle Trust Services

Subjectkaiche2.com

Fingerprint9E:A7:3C:B6:D4:18:4C:8E:9C:00:20:DD:E6:7B:CD:14:E8:EC:1D:51

ValidityWed, 25 Dec 2024 04:23:10 GMT - Tue, 25 Mar 2025 05:20:55 GMT

HTTP Headers

GET /template/kaiche/images/favicon.png HTTP/1.1
Host: 95c824xiuxiu275.kaiche2.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
date: Sat, 08 Feb 2025 04:44:13 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bjpN%2BYxbvIzTkxTgJpOlIUkWHODVBBIbM0xdshJw6CAHbrK5W5cnNABJwVKhJS11K1wc09GVzYEVgLB1GITKQi9CaKL0spQBnHTPGTICJMH%2B7xnrhSt%2B1FHkMsAuhWa2It3I2tPUvQ7Ph6iXMV8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 90e8f6946f32569a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1569&min_rtt=442&rtt_var=2273&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3199&recv_bytes=1109&delivery_rate=7192052&cwnd=250&unsent_bytes=0&cid=b3a09dadf8c77e82&ts=544&x=0"
X-Firefox-Spdy: h2

GET www.avjzy30.xyz/favicon.ico

103.224.212.216

403 Forbidden

0 B

URL GET HTTPS

www.avjzy30.xyz/favicon.ico

IP / ASN

103.224.212.216

#133618 Trellian Pty. Limited

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-09

Times Seen5738442

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subjectproject-one.life

FingerprintDD:0E:E7:BC:B4:75:CB:DE:F0:7C:EA:C0:1D:05:7A:40:04:A4:08:96

ValidityMon, 23 Dec 2024 12:43:27 GMT - Sun, 23 Mar 2025 12:43:26 GMT

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.avjzy30.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 403 Forbidden
cache-control: no-cache
content-type: text/html

GET anada8.xyz/go/d/file/fl/2024-09-06/c8b90b293737c4c9c4ae0c44bfea6030.gif

172.67.217.229

301 Moved Permanently

916 kB

URL GET HTTPS

anada8.xyz/go/d/file/fl/2024-09-06/c8b90b293737c4c9c4ae0c44bfea6030.gif

IP / ASN

172.67.217.229

#13335 CLOUDFLARENET

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-09

Times Seen5738442

Size916 kB (915513 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerGoogle Trust Services

Subjectanada8.xyz

FingerprintDB:01:5E:98:35:77:4E:CD:A4:62:52:17:F9:D4:C4:55:EE:E9:4C:B4

ValidityThu, 09 Jan 2025 18:20:53 GMT - Wed, 09 Apr 2025 19:19:13 GMT

HTTP Headers

GET /go/d/file/fl/2024-09-06/c8b90b293737c4c9c4ae0c44bfea6030.gif HTTP/1.1
Host: anada8.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Sat, 08 Feb 2025 04:44:13 GMT
content-type: text/html; charset=UTF-8
location: https://ni240.zfp79.buzz/d/file/fl/2024-09-06/c8b90b293737c4c9c4ae0c44bfea6030.gif
x-powered-by: PHP/5.4.16
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lnysgUwf6xNQb09S3bdMt5PfA7KeqX1LTsVbYuX80OqVT4ZkoviO6Lz9%2FnO4%2BhIbYyVPdv05GFueDAEYJJe%2BuqCtUZkP%2F6z6P74%2F%2Fw66Fera2VMUuoFWU3V62BQK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90e8f6936b840b55-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1378&min_rtt=405&rtt_var=1644&sent=17&recv=23&lost=0&retrans=1&sent_bytes=4973&recv_bytes=1897&delivery_rate=6542168&cwnd=252&unsent_bytes=0&cid=b14a8449ab06f216&ts=668&x=0"
X-Firefox-Spdy: h2

GET sexinbook.net/favicon.ico

0.0.0.0

200 OK

0 B

URL GET HTTPS

sexinbook.net/favicon.ico

IP / ASN

0.0.0.0

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-09

Times Seen5738442

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerGoogle Trust Services

Subjectsexinbook.net

Fingerprint38:AC:D8:22:8B:BE:05:4E:77:41:68:54:FD:28:61:B6:23:33:83:EC

ValidityWed, 08 Jan 2025 15:33:40 GMT - Tue, 08 Apr 2025 16:31:50 GMT

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: sexinbook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 08 Feb 2025 04:44:14 GMT
content-type: image/x-icon
last-modified: Sat, 15 Jan 2022 11:28:50 GMT
etag: W/"61e2aff2-47e"
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZZkeh8dKaEYv4GXFPnTivc4psxZQK%2BcNBtS5luy5JupuwN6X5TajwLeMxB9hoQsYwtC9FWTlYsvj28QF4ZSxIbddsW6qxSCsCqDY8oBiwNHy8GeADAMFLomFqntLO%2Fwv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 90e8f69b2a7556bf-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1274&min_rtt=429&rtt_var=1693&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3280&recv_bytes=1209&delivery_rate=6961538&cwnd=254&unsent_bytes=0&cid=a8c57be079eb8414&ts=1101&x=0"
X-Firefox-Spdy: h2

GET www.36huo126che.xyz/template/36huoche/images/logo.png

0.0.0.0

0 B

URL GET HTTP

www.36huo126che.xyz/template/36huoche/images/logo.png

IP / ASN

0.0.0.0

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-09

Times Seen5738442

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /template/36huoche/images/logo.png HTTP/1.1
Host: www.36huo126che.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET o1760.tjs72.buzz/skin/bld/theme/default/layer.css?v=3.1.1

172.67.146.29

404 Not Found

349 B

URL GET HTTPS

o1760.tjs72.buzz/skin/bld/theme/default/layer.css?v=3.1.1

IP / ASN

172.67.146.29

#13335 CLOUDFLARENET

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeHTML document, ASCII text, with very long lines (360), with no line terminators

First Seen2024-06-01

Last Seen2025-03-15

Times Seen6

Size349 B (349 bytes)

MD5eb673058ff78e0ab2f0626fd9eb32d7d

SHA1fd76d4906675a8ac151e92073361c849053e3345

SHA256c7e574cbc8873086e2d95b5b6bb285377fd5d0c016abdb7d345610a9b771f116

Certificate Info

IssuerGoogle Trust Services

Subjecttjs72.buzz

Fingerprint79:A5:CA:60:18:FB:9E:89:FC:89:87:2A:69:82:72:99:03:13:A6:0F

ValidityThu, 23 Jan 2025 10:19:19 GMT - Wed, 23 Apr 2025 11:18:07 GMT

HTTP Headers

GET /skin/bld/theme/default/layer.css?v=3.1.1 HTTP/1.1
Host: o1760.tjs72.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://o1760.tjs72.buzz/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Sat, 08 Feb 2025 04:44:14 GMT
content-type: text/html; charset=iso-8859-1
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZCeCSrDJWExWCImcVtWWTOL9NH2P06Ermr5u%2BE%2Bmpav%2Fwp%2Bd0eofBOAgibcdALAgiL5ZS2bq3rKjeaOg0Lx51KtQ3chQqcttUXyUk9gId7vI9TCkDBgeCAa%2FYulha6lG6rT%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90e8f698ba7c0b45-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2471&min_rtt=1004&rtt_var=939&sent=226&recv=45&lost=0&retrans=0&sent_bytes=229591&recv_bytes=7283&delivery_rate=9678892&cwnd=50400&unsent_bytes=0&cid=a66135766530ee96&ts=2127&x=1", cfExtPri, cfHdrFlush;dur=0

GET o1760.tjs72.buzz/d/file/fl/2022-04-03/87729ac8244316e9a139e58dffd8ff60.ico

172.67.146.29

200 OK

38 kB

URL GET HTTPS

o1760.tjs72.buzz/d/file/fl/2022-04-03/87729ac8244316e9a139e58dffd8ff60.ico

IP / ASN

172.67.146.29

#13335 CLOUDFLARENET

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeMS Windows icon resource - 1 icon, 96x96, 32 bits/pixel

First Seen2023-08-17

Last Seen2025-06-13

Times Seen16

Size38 kB (38078 bytes)

MD5c2c5e25bd0d3df08ce13e0dfe8983dbc

SHA188557b3003833c36523ffdc1046ae08513ca0ad9

SHA256ea48539b57dfc8b90a25baf684071bfb966f4d005e0637dec06772a46ec507b0

Certificate Info

IssuerGoogle Trust Services

Subjecttjs72.buzz

Fingerprint79:A5:CA:60:18:FB:9E:89:FC:89:87:2A:69:82:72:99:03:13:A6:0F

ValidityThu, 23 Jan 2025 10:19:19 GMT - Wed, 23 Apr 2025 11:18:07 GMT

HTTP Headers

GET /d/file/fl/2022-04-03/87729ac8244316e9a139e58dffd8ff60.ico HTTP/1.1
Host: o1760.tjs72.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://o1760.tjs72.buzz/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 08 Feb 2025 04:44:13 GMT
content-type: image/vnd.microsoft.icon
last-modified: Tue, 31 Oct 2023 17:40:31 GMT
etag: W/"94be-60906a6b5cd00"
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UjSwYDQQhX28BFXFYaHoAJ12jYJ4%2BJ1cAnM%2FUXSuLtoDoeRqeo%2F081PprvH5ScfHdBKw1SlJofz2N%2Ffp22tV6dodt1WxE%2B4Fnug63lAwwIX1FrHceZ46U0OkPnSiMD08woY4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90e8f69208e20b45-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2661&min_rtt=1004&rtt_var=1085&sent=186&recv=40&lost=0&retrans=0&sent_bytes=186376&recv_bytes=6233&delivery_rate=9089603&cwnd=50400&unsent_bytes=0&cid=a66135766530ee96&ts=1166&x=1", cfExtPri, cfHdrFlush;dur=0

GET xn--yds422hm4f.nupuu-up.sbs/template/mb4/favicon.ico

0.0.0.0

0 B

URL GET HTTP

xn--yds422hm4f.nupuu-up.sbs/template/mb4/favicon.ico

IP / ASN

0.0.0.0

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-09

Times Seen5738442

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /template/mb4/favicon.ico HTTP/1.1
Host: xn--yds422hm4f.nupuu-up.sbs
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET np49.vip/static/favicon.ico

0.0.0.0

0 B

URL GET HTTP

np49.vip/static/favicon.ico

IP / ASN

0.0.0.0

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-09

Times Seen5738442

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/favicon.ico HTTP/1.1
Host: np49.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET sld9.buzz/favicon.ico

0.0.0.0

0 B

URL GET HTTP

sld9.buzz/favicon.ico

IP / ASN

0.0.0.0

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-09

Times Seen5738442

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: sld9.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET o1760.tjs72.buzz/skin/bld/bg.png

172.67.146.29

200 OK

631 kB

URL GET HTTPS

o1760.tjs72.buzz/skin/bld/bg.png

IP / ASN

172.67.146.29

#13335 CLOUDFLARENET

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typePNG image data, 700 x 700, 8-bit/color RGB, non-interlaced

First Seen2024-05-30

Last Seen2025-06-13

Times Seen10

Size631 kB (631320 bytes)

MD5b9964203f3d78a0e6f29eba5ca38be70

SHA1e55d5bdf19c41598cc9bcd825b63d1a9f6079bb1

SHA256512e98cfae3f101a947c9236ac94e327b8b7d8ca041a9ab61f7efe4acd4d6e24

Certificate Info

IssuerGoogle Trust Services

Subjecttjs72.buzz

Fingerprint79:A5:CA:60:18:FB:9E:89:FC:89:87:2A:69:82:72:99:03:13:A6:0F

ValidityThu, 23 Jan 2025 10:19:19 GMT - Wed, 23 Apr 2025 11:18:07 GMT

HTTP Headers

GET /skin/bld/bg.png HTTP/1.1
Host: o1760.tjs72.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/skin/bld/index.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 08 Feb 2025 04:44:14 GMT
content-type: image/png
content-length: 631320
last-modified: Tue, 31 Oct 2023 17:40:31 GMT
etag: "9a218-60906a6b42338"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4IiaJVb5LZPyXRE3M0HxYGIkF0Nq6Dz4u%2BC59EIQFEY8rn12JVV1%2FmImnPmRO6dNjWSO1y55qLQtsFTXiw%2BXxHQSqGwM3YjjBxVgeuyEdVjTep8yug4L3Ep%2FC5eaJ1BSXztb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90e8f698da890b45-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=7781&min_rtt=1004&rtt_var=9531&sent=296&recv=49&lost=0&retrans=1&sent_bytes=311293&recv_bytes=7467&delivery_rate=1041807&cwnd=70200&unsent_bytes=0&cid=a66135766530ee96&ts=2665&x=1", cfExtPri, cfHdrFlush;dur=0

GET o1760.tjs72.buzz/skin/bld/font-awesome.min.css

172.67.146.29

200 OK

31 kB

URL GET HTTPS

o1760.tjs72.buzz/skin/bld/font-awesome.min.css

IP / ASN

172.67.146.29

#13335 CLOUDFLARENET

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeASCII text, with very long lines (30837)

First Seen2023-04-05

Last Seen2025-08-09

Times Seen115390

Size31 kB (31000 bytes)

MD5269550530cc127b6aa5a35925a7de6ce

SHA1512c7d79033e3028a9be61b540cf1a6870c896f8

SHA256799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Certificate Info

IssuerGoogle Trust Services

Subjecttjs72.buzz

Fingerprint79:A5:CA:60:18:FB:9E:89:FC:89:87:2A:69:82:72:99:03:13:A6:0F

ValidityThu, 23 Jan 2025 10:19:19 GMT - Wed, 23 Apr 2025 11:18:07 GMT

HTTP Headers

GET /skin/bld/font-awesome.min.css HTTP/1.1
Host: o1760.tjs72.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://o1760.tjs72.buzz/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 08 Feb 2025 04:44:12 GMT
content-type: text/css
last-modified: Tue, 31 Oct 2023 17:40:31 GMT
etag: W/"7918-60906a6b41398"
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EQewapiFuN4D3dw4f8S9LuSbeVCnNGtnhFqIT8N7ZoEpcrpUBJvIK5h7Cnl%2BEbtSHRDs8pPXQdzQtnCPbqnIXMZeNzgXHZ6h3dMkl9fEu%2BVPaQl6wAqfBUDlUeLapqmIDKEH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90e8f69118a50b45-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4869&min_rtt=2080&rtt_var=2925&sent=84&recv=29&lost=0&retrans=0&sent_bytes=70228&recv_bytes=5734&delivery_rate=3462280&cwnd=24000&unsent_bytes=0&cid=a66135766530ee96&ts=931&x=1", cfExtPri, cfHdrFlush;dur=0

GET yn18j100.buzz/static/template/yn18j/img/favicon.ico

0.0.0.0

301 Moved Permanently

0 B

URL GET HTTPS

yn18j100.buzz/static/template/yn18j/img/favicon.ico

IP / ASN

0.0.0.0

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-09

Times Seen5738442

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerGoogle Trust Services

Subjectyn18j100.buzz

FingerprintF1:83:D3:3A:C6:24:58:08:F3:01:D7:1B:AD:5E:EA:BC:67:C0:B6:4E

ValidityThu, 19 Dec 2024 05:01:53 GMT - Wed, 19 Mar 2025 06:00:27 GMT

HTTP Headers

GET /static/template/yn18j/img/favicon.ico HTTP/1.1
Host: yn18j100.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Sat, 08 Feb 2025 04:44:13 GMT
content-type: text/html
location: https://yn18jpo.buzz/static/template/yn18j/img/favicon.ico
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bwdqd38ewDgXoywR2GbMp9M3jms8TXx6Bliqbd9LITAphvEZ0k8vWNeQXLsSm2UBWT75USuRREtM1E4qJUhGBbkPpfK%2B3Dje3w80nHAH1LTMHs6eaQdSYw3zdCP225%2Fe"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90e8f693ea7b1bfe-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1524&min_rtt=515&rtt_var=2006&sent=8&recv=11&lost=0&retrans=0&sent_bytes=3277&recv_bytes=1227&delivery_rate=6652373&cwnd=254&unsent_bytes=0&cid=046c74da106b31df&ts=798&x=0"
X-Firefox-Spdy: h2

GET www.csmen38.cc/template/csmen/img/favicon.png

0.0.0.0

200 OK

0 B

URL GET HTTPS

www.csmen38.cc/template/csmen/img/favicon.png

IP / ASN

0.0.0.0

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-09

Times Seen5738442

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerGoogle Trust Services

Subjectcsmen38.cc

FingerprintAB:16:3C:88:CE:2B:5B:4A:68:4F:B2:4D:D2:1C:21:F2:94:F2:76:B0

ValidityWed, 08 Jan 2025 05:44:20 GMT - Tue, 08 Apr 2025 06:41:50 GMT

HTTP Headers

GET /template/csmen/img/favicon.png HTTP/1.1
Host: www.csmen38.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 08 Feb 2025 04:44:13 GMT
content-type: image/png
last-modified: Wed, 09 Mar 2022 10:51:30 GMT
vary: Accept-Encoding
etag: W/"622886b2-3d49"
expires: Mon, 10 Mar 2025 04:44:13 GMT
cache-control: max-age=2592000
content-encoding: gzip
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DJSIOMR%2FnRBoLrTUjW8JGsPD0979DPU8DpigBK2%2F98eVmJvD%2BsjS%2BAuOlvB4WbO0etQ9F3hutJTzmnX6AF0p28IdwjqTEuCyjm9KYP%2BCEJec6CeeXrgJIm4kc2uaT%2FLhOw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 90e8f6943b04b51d-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=787&min_rtt=401&rtt_var=746&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3193&recv_bytes=1097&delivery_rate=7941499&cwnd=254&unsent_bytes=0&cid=739f0ea8d0f90262&ts=555&x=0"
X-Firefox-Spdy: h2

GET btrxq10.xyz/static/images/favicon.png

0.0.0.0

0 B

URL GET HTTP

btrxq10.xyz/static/images/favicon.png

IP / ASN

0.0.0.0

Requested byhttps://o1760.tjs72.buzz/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-09

Times Seen5738442

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/images/favicon.png HTTP/1.1
Host: btrxq10.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://o1760.tjs72.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache