Report - www.46ddd.vip/

Report Overview

Visitedpublic

2023-10-21 18:14:19

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
dvcasha2.ocsp-certum.com	71753	2013-12-19	2014-11-27 09:04:42	2023-10-20 20:04:28	338 B	1.9 kB	23.36.79.10
302mba.com	unknown	2018-04-19	2023-10-13 15:46:19	2023-10-15 09:36:51	530 B	412 B	193.221.95.164
ocsp.digicert.cn	37572	2006-01-24	2020-03-20 18:45:56	2023-10-20 18:32:44	660 B	1.9 kB	47.246.48.205
service-p1la69z8-1318476454.sg.apigw.tencentcs.com	unknown	2018-01-03	2023-09-27 20:17:09	2023-09-27 20:17:09	1.6 kB	12 kB	129.226.10.126
20.2.82.242:8443	unknown	unknown	No data	No data	570 B	0 B	0.0.0.0
www.46ddd.vip	unknown	2023-03-11	2023-03-26 13:13:00	2023-06-24 13:10:06	386 B	525 B	172.247.21.51

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-10-21	medium	20.2.82.242	Sinkholed

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (9)

URL IP Response Size

www.46ddd.vip/

172.247.21.51

413 B

URL HTTP

www.46ddd.vip/

IP / ASN

172.247.21.51

#40065 CNSERVERS

Requested byN/A

Resource Info

File typeHTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (407), with CRLF, LF line terminators

First Seen2023-10-21

Last Seen2023-11-01

Times Seen6

Size413 B (413 bytes)

MD527cd002795e9052045c7c4da57ee7dc6

SHA11078349e4085eeb53ab128e83a2bd3bb82277655

SHA256f1f1c03da07f2d7592a1b0ec69a4fc90b17df3e47a6f94bb3c7c52b7181f06dd

HTTP Headers

GET / HTTP/1.1
Host: www.46ddd.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/html
Cache-Control: max-age=86400
Content-Length: 413
Connection: close

dvcasha2.ocsp-certum.com/

23.36.79.10

1.6 kB

URL HTTP

dvcasha2.ocsp-certum.com/

IP / ASN

23.36.79.10

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2023-10-21

Last Seen2023-10-21

Times Seen1

Size1.6 kB (1599 bytes)

MD577e32f00590a15f22f9fd712f2c7aa1a

SHA1ffdda8a4226a8b234e94e80e81c8fbfd90179602

SHA2565f19ae5a434a466ae86d80540b14483ddf301e1923759b494cd183a636a23354

HTTP Headers

POST / HTTP/1.1
Host: dvcasha2.ocsp-certum.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 1599
X-Cached: STALE
Strict-Transport-Security: max-age=63072000,includeSubDomains,preload
Cache-Control: max-age=900
Date: Sat, 21 Oct 2023 18:14:08 GMT
Connection: keep-alive
X-N: S

GET 302mba.com/?r=aHR0cDovL3d3dy40NmRkZC52aXAv

193.221.95.164

301 Moved Permanently

0 B

URL User Request GET HTTPS

302mba.com/?r=aHR0cDovL3d3dy40NmRkZC52aXAv

IP / ASN

193.221.95.164

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-04

Times Seen5648344

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerUnizeto Technologies S.A.

Subject302mba.com

Fingerprint89:D4:01:47:18:C3:DE:E3:EE:06:39:A8:C2:A5:BD:0E:FC:02:19:F4

ValidityFri, 29 Sep 2023 09:30:14 GMT - Mon, 28 Oct 2024 09:30:13 GMT

HTTP Headers

GET /?r=aHR0cDovL3d3dy40NmRkZC52aXAv HTTP/1.1
Host: 302mba.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.46ddd.vip/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
server: nginx
date: Sat, 21 Oct 2023 18:14:08 GMT
content-length: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
location: https://service-p1la69z8-1318476454.sg.apigw.tencentcs.com/release/APIGWHtmlDemo-1694333354
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

ocsp.digicert.cn/

47.246.48.205

471 B

URL HTTP

ocsp.digicert.cn/

IP / ASN

47.246.48.205

#24429 Zhejiang Taobao Network Co.,Ltd

Requested byN/A

Resource Info

File typedata

First Seen2023-10-21

Last Seen2023-10-21

Times Seen1

Size471 B (471 bytes)

MD56c97e53ef8413d605921ae858cf49128

SHA19ddcf74104b51e1f8a36808324457bd9c9f1aaf2

SHA25675d46b8bc3893630ea6e043a4009edb5c4243a793b72d4da0280383a1e3ff323

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: max-age=7200
Date: Sat, 21 Oct 2023 18:14:10 GMT
Ali-Swift-Global-Savetime: 1697912051
Via: cache6.l2de2[370,370,200-0,M], cache6.l2de2[371,0], cache7.nl2[424,424,200-0,M], cache7.nl2[426,0]
X-Cache: MISS TCP_MISS dirn:-2:-2
X-Swift-SaveTime: Sat, 21 Oct 2023 18:14:11 GMT
X-Swift-CacheTime: 0
Timing-Allow-Origin: *
EagleId: 2ff6309b16979120506468105e

ocsp.digicert.cn/

47.246.48.205

471 B

URL HTTP

ocsp.digicert.cn/

IP / ASN

47.246.48.205

#24429 Zhejiang Taobao Network Co.,Ltd

Requested byN/A

Resource Info

File typedata

First Seen2023-10-21

Last Seen2023-10-21

Times Seen1

Size471 B (471 bytes)

MD56c97e53ef8413d605921ae858cf49128

SHA19ddcf74104b51e1f8a36808324457bd9c9f1aaf2

SHA25675d46b8bc3893630ea6e043a4009edb5c4243a793b72d4da0280383a1e3ff323

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: max-age=7200
Date: Sat, 21 Oct 2023 18:14:10 GMT
Ali-Swift-Global-Savetime: 1697912051
Via: cache10.l2de2[525,524,200-0,M], cache10.l2de2[525,0], cache8.nl2[533,533,200-0,M], cache8.nl2[541,0]
X-Cache: MISS TCP_MISS dirn:-2:-2
X-Swift-SaveTime: Sat, 21 Oct 2023 18:14:11 GMT
X-Swift-CacheTime: 0
Timing-Allow-Origin: *
EagleId: 2ff6309c16979120505818140e

GET service-p1la69z8-1318476454.sg.apigw.tencentcs.com/release/APIGWHtmlDemo-1694333354

129.226.10.126

200 OK

11 kB

URL User Request GET HTTPS

service-p1la69z8-1318476454.sg.apigw.tencentcs.com/release/APIGWHtmlDemo-1694333354

IP / ASN

129.226.10.126

#132203 Tencent Building, Kejizhongyi Avenue

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-04

Times Seen5648344

Size11 kB (11019 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerDigiCert Inc

Subjectbj.apigw.tencentcs.com

Fingerprint98:64:57:37:6E:91:3F:34:24:24:75:DE:01:94:BC:E7:33:68:3A:96

ValidityTue, 13 Jun 2023 00:00:00 GMT - Sat, 13 Jul 2024 23:59:59 GMT

HTTP Headers

GET /release/APIGWHtmlDemo-1694333354 HTTP/1.1
Host: service-p1la69z8-1318476454.sg.apigw.tencentcs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.46ddd.vip/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html
vary: Accept-Encoding
x-api-requestid: d5b58c89d765f5c9ee0ab565973d88cd
x-api-id: api-bv6eztu2
x-request-id: 0599877c-8ff3-47ff-b4e5-720acb7005be
date: Sat, 21 Oct 2023 18:14:11 GMT
x-api-funcname: APIGWHtmlDemo-1694333354
x-api-appid: 1318476454
x-api-serviceid: service-p1la69z8
x-api-httphost: service-p1la69z8-1318476454.sg.apigw.tencentcs.com
x-api-status: 200
x-api-upstreamstatus: 200
content-encoding: gzip
X-Firefox-Spdy: h2

GET service-p1la69z8-1318476454.sg.apigw.tencentcs.com/release/jquery-1.11.1.min.js

129.226.10.126

404 Not Found

0 B

URL GET HTTPS

service-p1la69z8-1318476454.sg.apigw.tencentcs.com/release/jquery-1.11.1.min.js

IP / ASN

129.226.10.126

#132203 Tencent Building, Kejizhongyi Avenue

Requested byhttps://service-p1la69z8-1318476454.sg.apigw.tencentcs.com/release/APIGWHtmlDemo-1694333354

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-04

Times Seen5648344

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerDigiCert Inc

Subjectbj.apigw.tencentcs.com

Fingerprint98:64:57:37:6E:91:3F:34:24:24:75:DE:01:94:BC:E7:33:68:3A:96

ValidityTue, 13 Jun 2023 00:00:00 GMT - Sat, 13 Jul 2024 23:59:59 GMT

HTTP Headers

GET /release/jquery-1.11.1.min.js HTTP/1.1
Host: service-p1la69z8-1318476454.sg.apigw.tencentcs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://service-p1la69z8-1318476454.sg.apigw.tencentcs.com/release/APIGWHtmlDemo-1694333354
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
date: Sat, 21 Oct 2023 18:14:12 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
x-api-requestid: eb035dc6113006e1504cc02196998a96
server: apigw/1.0.15
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

GET service-p1la69z8-1318476454.sg.apigw.tencentcs.com/favicon.ico

129.226.10.126

404 Not Found

114 B

URL GET HTTPS

service-p1la69z8-1318476454.sg.apigw.tencentcs.com/favicon.ico

IP / ASN

129.226.10.126

#132203 Tencent Building, Kejizhongyi Avenue

Requested byhttps://service-p1la69z8-1318476454.sg.apigw.tencentcs.com/release/APIGWHtmlDemo-1694333354

Resource Info

File typetroff or preprocessor input, ASCII text, with no line terminators

First Seen2023-10-21

Last Seen2023-10-21

Times Seen1

Size114 B (114 bytes)

MD53a8fb2d0599ec05c8576743b5a06d11e

SHA187a69253ebc690b4b6a39b797dfc231ef7ca532f

SHA256a7cefc60da5c1753a324aeb73aea25be4085ee3a119cff26364d67e835ec75af

Certificate Info

IssuerDigiCert Inc

Subjectbj.apigw.tencentcs.com

Fingerprint98:64:57:37:6E:91:3F:34:24:24:75:DE:01:94:BC:E7:33:68:3A:96

ValidityTue, 13 Jun 2023 00:00:00 GMT - Sat, 13 Jul 2024 23:59:59 GMT

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: service-p1la69z8-1318476454.sg.apigw.tencentcs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://service-p1la69z8-1318476454.sg.apigw.tencentcs.com/release/APIGWHtmlDemo-1694333354
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
date: Sat, 21 Oct 2023 18:14:12 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
x-api-requestid: 96b7fbf4b545cdaa415284b1340981ae
server: apigw/1.0.15
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

GET 20.2.82.242:8443/46.html?shareName=046.vip

0.0.0.0

0 B

URL User Request GET HTTP

20.2.82.242:8443/46.html?shareName=046.vip

IP / ASN

0.0.0.0

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-04

Times Seen5648344

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /46.html?shareName=046.vip HTTP/1.1
Host: 20.2.82.242:8443
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://service-p1la69z8-1318476454.sg.apigw.tencentcs.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache