Report - xer0x.top/

Report Overview

Submitted URL
xer0x.top/
IP
8.210.119.33
ASN
#45102 Alibaba US Technology Co., Ltd.
Submitted
2023-04-04 23:27:35
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
2
Threat Detection Systems
12

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-04-04T18:13:55Z	782 B	2.4 kB	35.241.9.150
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-04-04T18:20:05Z	413 B	5.9 kB	34.160.144.191
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-04-04T18:13:50Z	333 B	391 B	34.117.237.239
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-04-04T18:19:16Z	606 B	238 B	34.117.65.55
hm.baidu.com	8254	2012-05-26T10:38:45Z	2023-04-04T05:11:49Z	1.0 kB	12 kB	103.235.46.191
ocsp.sectigo.com	487	2019-11-29T12:50:24Z	2023-04-04T23:41:09Z	1.7 kB	4.8 kB	104.18.32.68
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-04-04T18:12:09Z	2.7 kB	7.1 kB	23.36.77.32
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-04-04T13:13:40Z	3.2 kB	48 kB	34.120.237.76
ocsp.digicert.cn	37572	2020-03-20T18:45:56Z	2023-04-04T13:45:40Z	340 B	1.1 kB	47.246.44.205
pv.sohu.com	19261	2012-06-20T09:29:39Z	2023-04-03T19:53:16Z	357 B	306 B	211.152.137.25
ocsp.globalsign.com	2075	2012-07-20T19:46:16Z	2023-04-04T18:18:30Z	359 B	1.9 kB	104.18.20.226
s.now.cn	unknown	2019-05-01T09:09:12Z	2023-01-19T08:05:37Z	1.9 kB	174 kB	47.246.44.205
xer0x.top	unknown	2019-08-14T20:04:19Z	2023-04-04T15:00:26Z	2.8 kB	95 kB	8.210.119.33

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-04-04 23:27:23	medium	Client IP	Internal IP	ET DNS Query to a *.top domain - Likely Hostile
2023-04-04 23:27:24	medium	Client IP	8.210.119.33	ET INFO HTTP Request to a *.top domain

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-04-04	medium	xer0x.top/	Phishing
2023-04-04	medium	xer0x.top/static/js/manifest.cdaa69a4fc45b228fde9.js	Phishing
2023-04-04	medium	xer0x.top/static/js/app.185242459a87e0d0f776.js	Phishing
2023-04-04	medium	xer0x.top/static/js/vendor.87bad4449cc6218b28b3.js	Phishing
2023-04-04	medium	xer0x.top/static/js/1.5afa5a672213dd654f01.js	Phishing
2023-04-04	medium	xer0x.top/domainInfoAjax.php?domain=xer0x.top	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (7)

	URL	Size	First Seen	Last Seen
	xer0x.top/	288 B	2023-03-08	2023-04-05
Pretty URL xer0x.top/ IP 8.210.119.33 ASN #45102 Alibaba US Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 19:36:17 Last Seen2023-04-05 02:12:11 Times Seen11 Hash 389cdf9f6621d40a18c0e5fa0703d3a1 6271dffa606b755c6aad727481ac624946a5de0c dac89133b8744a9e9e7a9e532df5642aeba0b27d2cadae149c76094246d018f9 Loading...

	xer0x.top/static/js/manifest.cdaa69a4fc45b228fde9.js	1.4 kB	2023-03-08	2023-04-09
Pretty URL xer0x.top/static/js/manifest.cdaa69a4fc45b228fde9.js IP 8.210.119.33 ASN #45102 Alibaba US Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 19:36:17 Last Seen2023-04-09 16:47:35 Times Seen14 Hash 9a1592d60b81cbe18f8eafc744ab2d66 48d2cd049686c9e70dc1f97cef831ac2e995f09b ccd7530dff2473373e8fe8c57899e13222190b15629ec881b344254e3a7e3382 Loading...

	xer0x.top/static/js/vendor.87bad4449cc6218b28b3.js	140 kB	2023-03-08	2023-04-09
Pretty URL xer0x.top/static/js/vendor.87bad4449cc6218b28b3.js IP 8.210.119.33 ASN #45102 Alibaba US Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 19:36:17 Last Seen2023-04-09 15:13:45 Times Seen14 Hash 4e38b73ae6abc1af50d3340cd786d129 b44337fedb787fb1a8baef54d696732da2dffeed 6fdafdfd837e40795c3efed3d11ed4b6eb9c98caaefd7a76f022f040311475ba Loading...

	xer0x.top/static/js/1.5afa5a672213dd654f01.js	1.4 kB	2023-03-08	2023-04-09
Pretty URL xer0x.top/static/js/1.5afa5a672213dd654f01.js IP 8.210.119.33 ASN #45102 Alibaba US Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 19:36:17 Last Seen2023-04-09 15:13:45 Times Seen12 Hash a9d29a5e347f4eec6448152f7795f349 788df8d13cff3668b293734826c5ff012aa031aa 01f4f068e9c640f6ba32186ae81c7c35c3067ea62b203563901f2e582d2e9954 Loading...

	hm.baidu.com/hm.js?bd3e7cf142c59905cd30abcec611f180	30 kB	2023-04-05	2023-04-05
Pretty URL hm.baidu.com/hm.js?bd3e7cf142c59905cd30abcec611f180 IP 103.235.46.191 ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 02:12:11 Last Seen2023-04-05 02:12:11 Times Seen1 Hash d1130634c45fa0ab3d7156f516514059 1e718deec51068f7386fd903dde2224e4001cea3 3cd9e32e119e2091bf08e9ae038260176746161cde16361217b5b74724a6c16a Loading...

	xer0x.top/static/js/app.185242459a87e0d0f776.js	37 kB	2023-03-08	2023-04-09
Pretty URL xer0x.top/static/js/app.185242459a87e0d0f776.js IP 8.210.119.33 ASN #45102 Alibaba US Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 19:36:17 Last Seen2023-04-09 16:47:35 Times Seen14 Hash cea30e804937ba0f3dcbc1a0e8406700 77582ad96ab28bac0138c58878f1dbdf5c3b2fda e6cbc31c0c820e96a6c675ab6cd98947f22002a466a1263a6e14bc0d06cbcd21 Loading...

	pv.sohu.com/cityjson?ie=utf-8	72 B	2023-03-09	2024-04-19
Pretty URL pv.sohu.com/cityjson?ie=utf-8 IP 211.152.137.25 ASN #139341 ACE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 08:48:02 Last Seen2024-04-19 12:44:35 Times Seen976 Hash a602ac9d03cffedc03fa841c9a12df5a e42f39093e29f5c6c7aad8a973d69035e860659e f5d09365810dd11ef1204b35bfede3158a07d5592a9c9cfa449dd534f9964aa9 Loading...

HTTP Transactions (43)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a4074549843769a3da3f055bcb5a78ff
f99062d34cf71bda6a9c64061fb9e61008f94021
895e3801806f031611a25bec5652cc1a46dfa76ea6784f5064d859c1a5b9ddf7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "895E3801806F031611A25BEC5652CC1A46DFA76EA6784F5064D859C1A5B9DDF7"
Last-Modified: Tue, 04 Apr 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15868
Expires: Wed, 05 Apr 2023 03:51:51 GMT
Date: Tue, 04 Apr 2023 23:27:23 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e50dac5108a698d61ca49516033d1a20
53d243b89fc00deb9bfae07351bbe36ddb7c1df3
e9e0ad98c485b56fe65ea0a8bc4974fff3f804fcf2d8f6266ada9acd27c7b7cc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E9E0AD98C485B56FE65EA0A8BC4974FFF3F804FCF2D8F6266ADA9ACD27C7B7CC"
Last-Modified: Tue, 04 Apr 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10529
Expires: Wed, 05 Apr 2023 02:22:52 GMT
Date: Tue, 04 Apr 2023 23:27:23 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
903ed2d58f1f33d069b70c4b53f1cb1f
0ef89cd6eb79a2ddd74434f9233cf486fffc1142
d8c984b50f04fcdb1ebc99d982502d85193302c85239ee7497666247edfc0061

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D8C984B50F04FCDB1EBC99D982502D85193302C85239EE7497666247EDFC0061"
Last-Modified: Sun, 02 Apr 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19492
Expires: Wed, 05 Apr 2023 04:52:16 GMT
Date: Tue, 04 Apr 2023 23:27:24 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
84db75194692d4afe13196bda6f22da8
4c1f49bc973a4917f146d93c8d598344edc021f6
a3bec66f95b3bdf1d310c726e8ed05f7b06c1901c62381a94582d581844d2c23

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Length, Retry-After, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 04 Apr 2023 22:28:46 GMT
content-type: application/json
age: 3518
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
95f61d351f5fc9533cc78e255ce9bc06
fba284117f347782ac23c51d141d7e3ec15a867e
7fcc5f9e52e389d8d7c6df7f1f2a1291ae0aaae8e554f3022239ab092b2ef3c3

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: hWCbFEBo+nsul1hvqJfUtukBQTQcdmH5h3NxpH56lX4IfT1TM1aB3M8yt+wyVhoivtJA4bzBAKo=
x-amz-request-id: 62S18JHYFPPG26HJ
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 04 Apr 2023 22:53:23 GMT
age: 2041
last-modified: Fri, 31 Mar 2023 17:04:39 GMT
etag: "95f61d351f5fc9533cc78e255ce9bc06"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 04 Apr 2023 23:27:24 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
27326a64990c6f698a83600491674790
a6bdb4743ace6be80673f6899605bf9177a75b69
e4a8d3c3016130e47580098183bcea5ae369697b7907eafd65ac3450dc2eb265

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E4A8D3C3016130E47580098183BCEA5AE369697B7907EAFD65AC3450DC2EB265"
Last-Modified: Mon, 03 Apr 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3985
Expires: Wed, 05 Apr 2023 00:33:49 GMT
Date: Tue, 04 Apr 2023 23:27:24 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Last-Modified, Expires, Retry-After, Cache-Control, Alert, Backoff, Pragma, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 04 Apr 2023 23:14:45 GMT
age: 759
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

push.services.mozilla.com/

34.117.65.55

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
34.117.65.55:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: nzDdAcKVvvVJvUyz0bF8HA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 8S/KVM9RJeonAYo0OHRIW6Jsp4Q=
Date: Tue, 04 Apr 2023 23:27:24 GMT
Via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

xer0x.top/

8.210.119.33

200 OK

906 B

URL HTTP/1.1
xer0x.top/
IP
8.210.119.33:0
ASN
#45102 Alibaba US Technology Co., Ltd.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (341)
Size
906 B (906 bytes)
Hash
0a52230fe78669c960af21cbc3cef144
0d7b66d1dfa19f4f3ebddf0a12d28de2e97297c3
b7b85e96512c04b6c07f7b61e24907cb957347b3bf0ad5291a8a23aab631dee9

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.top domain

HTTP Headers

GET / HTTP/1.1
Host: xer0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Server: openresty/1.19.3.2
Date: Tue, 04 Apr 2023 23:27:24 GMT
Content-Type: text/html
Content-Length: 906
Last-Modified: Thu, 31 Mar 2022 03:38:40 GMT
Connection: keep-alive
ETag: "62452240-38a"
Accept-Ranges: bytes

xer0x.top/static/css/app.50020d70a1b4fb5a2c7edf16070604b6.css

8.210.119.33

200 OK

1.7 kB

URL HTTP/1.1
xer0x.top/static/css/app.50020d70a1b4fb5a2c7edf16070604b6.css
IP
8.210.119.33:0
ASN
#45102 Alibaba US Technology Co., Ltd.

File type
ASCII text, with very long lines (8077), with no line terminators
Size
1.7 kB (1697 bytes)
Hash
90a10151412a2374f8c84d6030ba6b45
ae4d40da8f76f3837cc43523f5764af5a4e5293c
b8544997cf4a93687892a86a6a77eb71c1f850f41ede5c639dbe5b8d2010bad9

HTTP Headers

GET /static/css/app.50020d70a1b4fb5a2c7edf16070604b6.css HTTP/1.1
Host: xer0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xer0x.top/

HTTP/1.1 200 OK
Server: openresty/1.19.3.2
Date: Tue, 04 Apr 2023 23:27:25 GMT
Content-Type: text/css
Last-Modified: Thu, 31 Mar 2022 03:38:40 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62452240-1f8d"
Expires: Wed, 05 Apr 2023 11:27:25 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

xer0x.top/static/js/manifest.cdaa69a4fc45b228fde9.js

8.210.119.33

200 OK

808 B

URL HTTP/1.1
xer0x.top/static/js/manifest.cdaa69a4fc45b228fde9.js
IP
8.210.119.33:0
ASN
#45102 Alibaba US Technology Co., Ltd.

File type
ASCII text, with very long lines (1428), with no line terminators
Size
808 B (808 bytes)
Hash
a39fceb9726f163d0d49c4de2105d487
054e9a85cd388f96b7e5ef2703a3fb832d586ae8
d34947913ecc9e474d62af1346033d54dc89d3e51b095be4c246922bb373e29c

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /static/js/manifest.cdaa69a4fc45b228fde9.js HTTP/1.1
Host: xer0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xer0x.top/

HTTP/1.1 200 OK
Server: openresty/1.19.3.2
Date: Tue, 04 Apr 2023 23:27:25 GMT
Content-Type: application/javascript
Last-Modified: Thu, 31 Mar 2022 03:38:40 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62452240-594"
Expires: Wed, 05 Apr 2023 11:27:25 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

xer0x.top/static/js/app.185242459a87e0d0f776.js

8.210.119.33

200 OK

6.1 kB

URL HTTP/1.1
xer0x.top/static/js/app.185242459a87e0d0f776.js
IP
8.210.119.33:0
ASN
#45102 Alibaba US Technology Co., Ltd.

File type
Unicode text, UTF-8 text, with very long lines (35430), with no line terminators
Size
6.1 kB (6114 bytes)
Hash
8c208ef18ac6c9ce66837547bdef6c91
32afa9b7a8365154197c3caa8af6c2fd64dc0711
419e4f22817a7b80124c2d85cbf82070e63b7e36f6b6677805fd174fb0c8bcd3

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /static/js/app.185242459a87e0d0f776.js HTTP/1.1
Host: xer0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xer0x.top/

HTTP/1.1 200 OK
Server: openresty/1.19.3.2
Date: Tue, 04 Apr 2023 23:27:25 GMT
Content-Type: application/javascript
Last-Modified: Thu, 31 Mar 2022 03:38:40 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62452240-9246"
Expires: Wed, 05 Apr 2023 11:27:25 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
869fe4a8dc549ffa1023d3adc184e4f2
37b95d88dd3f6f251bb651b130e09b202850033f
9387d0291fa66cc98248bae7724ec34f884c766302d2a99e734585cc591ad304

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9387D0291FA66CC98248BAE7724EC34F884C766302D2A99E734585CC591AD304"
Last-Modified: Mon, 03 Apr 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7997
Expires: Wed, 05 Apr 2023 01:40:43 GMT
Date: Tue, 04 Apr 2023 23:27:26 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
869fe4a8dc549ffa1023d3adc184e4f2
37b95d88dd3f6f251bb651b130e09b202850033f
9387d0291fa66cc98248bae7724ec34f884c766302d2a99e734585cc591ad304

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9387D0291FA66CC98248BAE7724EC34F884C766302D2A99E734585CC591AD304"
Last-Modified: Mon, 03 Apr 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7997
Expires: Wed, 05 Apr 2023 01:40:43 GMT
Date: Tue, 04 Apr 2023 23:27:26 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
869fe4a8dc549ffa1023d3adc184e4f2
37b95d88dd3f6f251bb651b130e09b202850033f
9387d0291fa66cc98248bae7724ec34f884c766302d2a99e734585cc591ad304

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9387D0291FA66CC98248BAE7724EC34F884C766302D2A99E734585CC591AD304"
Last-Modified: Mon, 03 Apr 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7997
Expires: Wed, 05 Apr 2023 01:40:43 GMT
Date: Tue, 04 Apr 2023 23:27:26 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
869fe4a8dc549ffa1023d3adc184e4f2
37b95d88dd3f6f251bb651b130e09b202850033f
9387d0291fa66cc98248bae7724ec34f884c766302d2a99e734585cc591ad304

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9387D0291FA66CC98248BAE7724EC34F884C766302D2A99E734585CC591AD304"
Last-Modified: Mon, 03 Apr 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7997
Expires: Wed, 05 Apr 2023 01:40:43 GMT
Date: Tue, 04 Apr 2023 23:27:26 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F77527c77-7214-4edc-ac50-c610366aefd6.jpeg

34.120.237.76

200 OK

3.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F77527c77-7214-4edc-ac50-c610366aefd6.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
3.5 kB (3500 bytes)
Hash
0c14dd9bfa7f1f37c711973900dbb5af
c8dea8f9cafcf7d108c93156f40537e78f7da88f
b99050909eb528f9c22201ed2f0f185edbb1f0b1e16631ef21dca72433e1e05d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F77527c77-7214-4edc-ac50-c610366aefd6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 3500
x-amzn-requestid: 5626e00a-90a4-42c5-bcbd-1ec24decfa47
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: C3yqqG0_oAMFTcQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642c97dd-16eb602d2ac30b2521cc8165;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Tue, 04 Apr 2023 21:34:21 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: Q-yoSHYZcCHlnNSX3Gyzw6wLmH6Mr2z9WR39wfa8lgEVJhh5rPE6_A==
via: 1.1 773bf3616e85ce2b187fa78710a6beb2.cloudfront.net (CloudFront), 1.1 ef8f66c83aecd87910ce2e1153544a20.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Apr 2023 21:35:57 GMT
age: 6689
etag: "c8dea8f9cafcf7d108c93156f40537e78f7da88f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe0ce9423-d786-4295-8902-98540e77018c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.7 kB (9749 bytes)
Hash
b4a430149d3ba353b328b8579050c540
07b8cc3c5a10e784d5555a3e0a973855d2351a1f
e68870543dbb89ce7c975267a940ed9c10becfd60553a68b422dff747d0b2067

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe0ce9423-d786-4295-8902-98540e77018c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9749
x-amzn-requestid: d2f80674-ea6f-4a39-87be-32b39c746576
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Cyg_UFwYIAMFmyA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642a7b94-3c4e4e625878f3027c1280ed;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Mon, 03 Apr 2023 07:09:09 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: BR_WjUQ5sDkXO62MHoqh7XiCsr6dNdBR75LTUuaBAZj13dSjxwkPOw==
via: 1.1 f3802d173009698413044360f84de06c.cloudfront.net (CloudFront), 1.1 a9e73292d0b92053c3e38dcec15fd0e2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Apr 2023 07:15:49 GMT
age: 58297
etag: "07b8cc3c5a10e784d5555a3e0a973855d2351a1f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

13 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F73999c40-7b3d-4374-b77c-c7085176f842.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
13 kB (12649 bytes)
Hash
07170d7044036eff2cb56f60cb46d2b9
f5f7e97f471fac1921d6af5bc85f23f5ea8cdf0e
074e4f53d398c0ff61c5cffbd88e32bfc9815a8f3a7ab5f53778cebe3569bb27

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F73999c40-7b3d-4374-b77c-c7085176f842.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12649
x-amzn-requestid: 58335899-023c-431a-b01c-2262a94c3603
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Cr7_AEZDoAMFyYA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6427d9f9-5827c50f699109da69803818;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Sat, 01 Apr 2023 07:15:05 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: MCINCDrZ94cW4sJcsJ0AFSxlglas_XR2KR1jmsvGllswoPKXK3O4Og==
via: 1.1 185f4b03b711932fc7e735c08fdc5abe.cloudfront.net (CloudFront), 1.1 85ee490c179dc0af42b771f11421073e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Apr 2023 21:48:39 GMT
age: 5927
etag: "f5f7e97f471fac1921d6af5bc85f23f5ea8cdf0e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79da5da9-3d26-4695-ae7f-58d008a2530b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.6 kB (6606 bytes)
Hash
20ff30ea98e9f9086ee28d4ac369e938
40aee6f21d4958a8e36bb9e9359a1784bb4e059d
1fa8c56d96a34e8971f580a83ef30b460b622d43ed7486ccb2c317366cb2179c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79da5da9-3d26-4695-ae7f-58d008a2530b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6606
x-amzn-requestid: 2e52472d-4c31-46af-b2e7-4ffc169c2222
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: C34yhEGhIAMF1sA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642ca1a9-4f0faa13315fe1e76cbb09a3;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Tue, 04 Apr 2023 22:16:09 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: -3eyeauXxMTnrWCD5BX_WX2pakIj6fexjGzeXiTotEkJi7tkQBFFjA==
via: 1.1 b6cdb2111444305bd4957a473b711ad6.cloudfront.net (CloudFront), 1.1 a9e73292d0b92053c3e38dcec15fd0e2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Apr 2023 22:47:01 GMT
age: 2425
etag: "40aee6f21d4958a8e36bb9e9359a1784bb4e059d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59d6989a-36a1-4ed7-9694-00dfbfc9b386.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.8 kB (4774 bytes)
Hash
6d504943bc15b039b6813b2d1a8a8783
865a647f277bf9234adce200cb6c3e0735f2c9e7
5906ddbaf547fcc998dc1121a1e345b34f575ffe867e32453121354f91df7d53

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59d6989a-36a1-4ed7-9694-00dfbfc9b386.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4774
x-amzn-requestid: 8c43d597-5000-48a3-be58-7157558d119e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CvNtSGTqoAMF-Aw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64292987-66a228e347e1fd032c920287;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Sun, 02 Apr 2023 07:06:47 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: eMj9Fv9kO_r5yNKqjA2px4vX6UgpDNgP0GmtAz-g5dBikHR2dhikEA==
via: 1.1 6af36c6902a46beec743522a9bbb3ab0.cloudfront.net (CloudFront), 1.1 c9b161639a9353c2354b895548ea9fca.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Apr 2023 07:50:08 GMT
age: 56238
etag: "865a647f277bf9234adce200cb6c3e0735f2c9e7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06d31622-0a13-44c5-af26-f54d7858062c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.4 kB (4424 bytes)
Hash
a1f459480dc0b55ae4825d3a1c329c65
993e5077165cf389c986c7c73d39384bf21b24ec
360931163e5d707215d9a273661d364e6ae6a71b1821cb39a2e52619812312ed

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06d31622-0a13-44c5-af26-f54d7858062c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4424
x-amzn-requestid: cfcba3e0-1e91-44de-883d-b059229834ee
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Cyg_1H2roAMFU7A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642a7b98-022b97ae47933289670cd3ad;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Mon, 03 Apr 2023 07:09:12 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: nMYIqxb9lOzP01Tcs4KbNkYgMQukQ0aU-K1-zVerItMe5g8S_s2s6A==
via: 1.1 02f1a759e4ec9fab6fc17c080dd851dc.cloudfront.net (CloudFront), 1.1 1f41b5f27f3ec2e93db2155dbc56900c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Apr 2023 07:14:31 GMT
age: 58375
etag: "993e5077165cf389c986c7c73d39384bf21b24ec"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.cn/

47.246.44.205

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.cn/
IP
47.246.44.205:0
ASN
#24429 Zhejiang Taobao Network Co.,Ltd

File type
data
Size
471 B (471 bytes)
Hash
2c76c3fe2f3a6bc058783241228f5173
bda06b85f16e9b311e008e2878326eeb7088037c
095932ea12cdf6c577e8e507b713e94d240c73548269ee2a6a1591f0be0d7369

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Date: Tue, 04 Apr 2023 23:27:26 GMT
Last-Modified: Tue, 04 Apr 2023 02:30:53 GMT
ETag: "642b8bdd-1d7"
Expires: Thu, 06 Apr 2023 02:30:53 GMT
Cache-Control: max-age=97407
Accept-Ranges: bytes
Ali-Swift-Global-Savetime: 1680650846
Via: cache2.l2de2[273,272,200-0,M], cache2.l2de2[273,0], cache2.se1[294,294,200-0,M], cache2.se1[295,0]
X-Cache: MISS TCP_MISS dirn:-2:-2
X-Swift-SaveTime: Tue, 04 Apr 2023 23:27:26 GMT
X-Swift-CacheTime: 0
Timing-Allow-Origin: *
EagleId: 2ff62c9616806508459172608e

pv.sohu.com/cityjson?ie=utf-8

211.152.137.25

200 OK

72 B

URL HTTP/1.1
pv.sohu.com/cityjson?ie=utf-8
IP
211.152.137.25:0
ASN
#139341 ACE

File type
Unicode text, UTF-8 text, with no line terminators
Size
72 B (72 bytes)
Hash
a602ac9d03cffedc03fa841c9a12df5a
e42f39093e29f5c6c7aad8a973d69035e860659e
f5d09365810dd11ef1204b35bfede3158a07d5592a9c9cfa449dd534f9964aa9

HTTP Headers

GET /cityjson?ie=utf-8 HTTP/1.1
Host: pv.sohu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://xer0x.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Length: 72
X-NWS-LOG-UUID: 9325206987804004797
Connection: keep-alive
Server: OverSea_E0
Date: Tue, 04 Apr 2023 23:27:26 GMT
X-Cache-Lookup: Return Directly
Content-Type: application/json;charset=utf-8

xer0x.top/static/js/vendor.87bad4449cc6218b28b3.js

8.210.119.33

200 OK

55 kB

URL HTTP/1.1
xer0x.top/static/js/vendor.87bad4449cc6218b28b3.js
IP
8.210.119.33:0
ASN
#45102 Alibaba US Technology Co., Ltd.

File type
ASCII text, with very long lines (31674)
Size
55 kB (54822 bytes)
Hash
ea006dffa910017ebd78b4ad74b3a515
c56550349e8e43c3d13791d03b8499fe52c7b33f
861a406685ebf34d46be74ba442aac23a1a96105cd0c1d3a96a94fd6f231c75c

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /static/js/vendor.87bad4449cc6218b28b3.js HTTP/1.1
Host: xer0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xer0x.top/

HTTP/1.1 200 OK
Server: openresty/1.19.3.2
Date: Tue, 04 Apr 2023 23:27:25 GMT
Content-Type: application/javascript
Last-Modified: Thu, 31 Mar 2022 03:38:40 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62452240-222e0"
Expires: Wed, 05 Apr 2023 11:27:25 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

ocsp.globalsign.com/gsrsaovsslca2018

104.18.20.226

200 OK

1.4 kB

URL HTTP/1.1
ocsp.globalsign.com/gsrsaovsslca2018
IP
104.18.20.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.4 kB (1432 bytes)
Hash
e6bb2469ed4f4bca745200fbebe7b459
1e40469a32d23113345e4ada0d03ddbc9d43f98b
b39ac1bc6780fa6f8b2f25f97f48c545b7e5583e41e9322f852b85b055f3f297

HTTP Headers

POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 23:27:26 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Sat, 08 Apr 2023 22:09:17 GMT
ETag: "1e40469a32d23113345e4ada0d03ddbc9d43f98b"
Last-Modified: Tue, 04 Apr 2023 22:09:18 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 765
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7b2d5270ab8bb527-OSL

xer0x.top/static/js/1.5afa5a672213dd654f01.js

8.210.119.33

200 OK

695 B

URL HTTP/1.1
xer0x.top/static/js/1.5afa5a672213dd654f01.js
IP
8.210.119.33:0
ASN
#45102 Alibaba US Technology Co., Ltd.

File type
Unicode text, UTF-8 text, with very long lines (1349), with no line terminators
Size
695 B (695 bytes)
Hash
fa8ea491d654011fe6e4b33534b30a9d
50fbe5dc7e0c63a78ef448b61a131da5c8feb4ac
91e2e5db4ecb289c889a8639b7bbe472ea515e4552ec7bb83bf87d844bfd556d

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /static/js/1.5afa5a672213dd654f01.js HTTP/1.1
Host: xer0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xer0x.top/

HTTP/1.1 200 OK
Server: openresty/1.19.3.2
Date: Tue, 04 Apr 2023 23:27:26 GMT
Content-Type: application/javascript
Last-Modified: Thu, 31 Mar 2022 03:38:40 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62452240-555"
Expires: Wed, 05 Apr 2023 11:27:26 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

xer0x.top/favicon.ico

8.210.119.33

404 Not Found

159 B

URL HTTP/1.1
xer0x.top/favicon.ico
IP
8.210.119.33:0
ASN
#45102 Alibaba US Technology Co., Ltd.

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
159 B (159 bytes)
Hash
fe13f4e0473fc4824ae6339272dffe64
25d29dc2782bc5c2986024b777c4b9bb886670b1
f5d4fbecaa1cc2d837e2a1db2018c03c9da2deee67c87f3f58adec4f3ff94420

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: xer0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xer0x.top/

HTTP/1.1 404 Not Found
Server: openresty/1.19.3.2
Date: Tue, 04 Apr 2023 23:27:27 GMT
Content-Type: text/html
Content-Length: 159
Connection: keep-alive

xer0x.top/domainInfoAjax.php?domain=xer0x.top

8.210.119.33

200 OK

127 B

URL HTTP/1.1
xer0x.top/domainInfoAjax.php?domain=xer0x.top
IP
8.210.119.33:0
ASN
#45102 Alibaba US Technology Co., Ltd.

File type
JSON data\012- , ASCII text, with no line terminators
Size
127 B (127 bytes)
Hash
0d69134386721b04935388803d5d9c7d
40854c47b8bb4af365188a4b8b13591dbeb34d54
e9b19c72f1d3ad83f999e96be72edf6a676c9630030810dc42888ea1648ff5ea

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /domainInfoAjax.php?domain=xer0x.top HTTP/1.1
Host: xer0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xer0x.top/

HTTP/1.1 200 OK
Server: openresty/1.19.3.2
Date: Tue, 04 Apr 2023 23:27:27 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/7.2.24
Content-Encoding: gzip

hm.baidu.com/hm.js?bd3e7cf142c59905cd30abcec611f180

103.235.46.191

200 OK

11 kB

URL HTTP/1.1
hm.baidu.com/hm.js?bd3e7cf142c59905cd30abcec611f180
IP
103.235.46.191:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
ASCII text, with very long lines (616)
Size
11 kB (11254 bytes)
Hash
2a5ab1b54f96fe91f2bfbc9ee1962d4f
45cc0c67a2718672ce9350c9de4a5c90820649eb
1d975092092d1865543d9121f520f758e50225247f0c8ee53c06d583a88a4d9f

HTTP Headers

GET /hm.js?bd3e7cf142c59905cd30abcec611f180 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://xer0x.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11254
Content-Type: application/javascript
Date: Tue, 04 Apr 2023 23:27:27 GMT
Etag: c5495774f46605586d85d4446ec61c49
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=283482E0B4AC8F35; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800

ocsp.sectigo.com/

104.18.32.68

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
8456fcb467b439e5b4214c875804de4e
4af66cd2244c10ce057111b4628a25c5fe314e81
29292335216be07b75de9f24e7c105d2a18d40bda77f63350edf7c0402cd916e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 23:27:28 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 04 Apr 2023 03:07:39 GMT
Expires: Tue, 11 Apr 2023 03:07:38 GMT
Etag: "4af66cd2244c10ce057111b4628a25c5fe314e81"
Cache-Control: max-age=531010,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7b2d5277c93ab4fd-OSL

s.now.cn/assets/expires/22.png

47.246.44.205

200 OK

23 kB

URL HTTP/2
s.now.cn/assets/expires/22.png
IP
47.246.44.205:0
ASN
#24429 Zhejiang Taobao Network Co.,Ltd

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1200x140, components 3\012- data
Size
23 kB (23165 bytes)
Hash
3b3d69905904a006a38a946e480f62aa
4f5330224257b27f2c51c2a77f864684f1bc5c21
02a70933d0d83bbad11b5bdb69286e605ae666324ad6d20152096ac9a45a0bd5

HTTP Headers

GET /assets/expires/22.png HTTP/1.1
Host: s.now.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://xer0x.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: Tengine
content-type: image/png
content-length: 23165
date: Tue, 04 Apr 2023 22:56:04 GMT
last-modified: Mon, 09 May 2022 02:33:07 GMT
etag: "5a7d-5de8b07466bd6"
accept-ranges: bytes
access-control-allow-origin: *
ali-swift-global-savetime: 1680648964
via: cache3.l2de2[2233,2233,304-0,M], cache10.l2de2[2234,0], cache10.l2de2[2235,0], cache3.se1[0,0,200-0,H], cache3.se1[1,0]
age: 1883
x-cache: HIT TCP_MEM_HIT dirn:1:46438483
x-swift-savetime: Tue, 04 Apr 2023 22:56:04 GMT
x-swift-cachetime: 3600
access-control-allow-headers: *
access-control-allow-methods: *
timing-allow-origin: *
eagleid: 2ff62c9716806508479983847e
X-Firefox-Spdy: h2

ocsp.sectigo.com/

104.18.32.68

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
8456fcb467b439e5b4214c875804de4e
4af66cd2244c10ce057111b4628a25c5fe314e81
29292335216be07b75de9f24e7c105d2a18d40bda77f63350edf7c0402cd916e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 23:27:28 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 04 Apr 2023 03:07:39 GMT
Expires: Tue, 11 Apr 2023 03:07:38 GMT
Etag: "4af66cd2244c10ce057111b4628a25c5fe314e81"
Cache-Control: max-age=531009,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7b2d5277ce850b02-OSL

ocsp.sectigo.com/

104.18.32.68

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
8456fcb467b439e5b4214c875804de4e
4af66cd2244c10ce057111b4628a25c5fe314e81
29292335216be07b75de9f24e7c105d2a18d40bda77f63350edf7c0402cd916e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 23:27:28 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 04 Apr 2023 03:07:39 GMT
Expires: Tue, 11 Apr 2023 03:07:38 GMT
Etag: "4af66cd2244c10ce057111b4628a25c5fe314e81"
Cache-Control: max-age=531009,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7b2d5277ca4c0b3d-OSL

ocsp.sectigo.com/

104.18.32.68

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
8456fcb467b439e5b4214c875804de4e
4af66cd2244c10ce057111b4628a25c5fe314e81
29292335216be07b75de9f24e7c105d2a18d40bda77f63350edf7c0402cd916e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 23:27:28 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 04 Apr 2023 03:07:39 GMT
Expires: Tue, 11 Apr 2023 03:07:38 GMT
Etag: "4af66cd2244c10ce057111b4628a25c5fe314e81"
Cache-Control: max-age=531009,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7b2d5277cb39b512-OSL

ocsp.sectigo.com/

104.18.32.68

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
8456fcb467b439e5b4214c875804de4e
4af66cd2244c10ce057111b4628a25c5fe314e81
29292335216be07b75de9f24e7c105d2a18d40bda77f63350edf7c0402cd916e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 23:27:28 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 04 Apr 2023 03:07:39 GMT
Expires: Tue, 11 Apr 2023 03:07:38 GMT
Etag: "4af66cd2244c10ce057111b4628a25c5fe314e81"
Cache-Control: max-age=531009,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7b2d5277cc5ab51e-OSL

s.now.cn/assets/expires/15.png

47.246.44.205

200 OK

55 kB

URL HTTP/2
s.now.cn/assets/expires/15.png
IP
47.246.44.205:0
ASN
#24429 Zhejiang Taobao Network Co.,Ltd

File type
PNG image data, 1200 x 140, 8-bit colormap, non-interlaced\012- data
Size
55 kB (54756 bytes)
Hash
55e49e56bf7edae9432d8ae26fd38bda
d834e342454da0cd498a3bc744ceeed3134a9423
2f8882fa03f46b0aff8df944f1a1bd92ad025164496900e7ca8c83e15dff9a8c

HTTP Headers

GET /assets/expires/15.png HTTP/1.1
Host: s.now.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://xer0x.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: Tengine
content-type: image/png
content-length: 54756
date: Tue, 04 Apr 2023 23:16:14 GMT
last-modified: Tue, 21 Dec 2021 03:43:41 GMT
etag: "d5e4-5d39fcfb412f4"
accept-ranges: bytes
access-control-allow-origin: *
ali-swift-global-savetime: 1680650174
via: cache12.l2de2[867,866,304-0,M], cache19.l2de2[868,0], cache19.l2de2[869,0], cache1.se1[0,0,200-0,H], cache3.se1[1,0]
age: 674
x-cache: HIT TCP_MEM_HIT dirn:2:97201507
x-swift-savetime: Tue, 04 Apr 2023 23:16:14 GMT
x-swift-cachetime: 3600
access-control-allow-headers: *
access-control-allow-methods: *
timing-allow-origin: *
eagleid: 2ff62c9716806508481413917e
X-Firefox-Spdy: h2

s.now.cn/assets/expires/6.png

47.246.44.205

200 OK

25 kB

URL HTTP/2
s.now.cn/assets/expires/6.png
IP
47.246.44.205:0
ASN
#24429 Zhejiang Taobao Network Co.,Ltd

File type
PNG image data, 1200 x 140, 8-bit colormap, non-interlaced\012- data
Size
25 kB (25182 bytes)
Hash
fe7d7554d0096dd47b7bd601d7eb6aee
570eb598ccc25ce2cb411a37114aec301c49dd1f
16bcc4f43903e38a4fb493ed3b08ff4ebf6eb35418029e740fe4d69841566c7b

HTTP Headers

GET /assets/expires/6.png HTTP/1.1
Host: s.now.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://xer0x.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: Tengine
content-type: image/png
content-length: 25182
date: Tue, 04 Apr 2023 23:05:20 GMT
last-modified: Tue, 21 Dec 2021 03:43:41 GMT
etag: "625e-5d39fcfb41eac"
accept-ranges: bytes
access-control-allow-origin: *
ali-swift-global-savetime: 1680649520
via: cache9.l2de2[2191,2191,304-0,M], cache20.l2de2[2193,0], cache20.l2de2[2193,0], cache1.se1[0,0,200-0,H], cache3.se1[1,0]
age: 1328
x-cache: HIT TCP_MEM_HIT dirn:11:113977505
x-swift-savetime: Tue, 04 Apr 2023 23:05:20 GMT
x-swift-cachetime: 3600
access-control-allow-headers: *
access-control-allow-methods: *
timing-allow-origin: *
eagleid: 2ff62c9716806508481413918e
X-Firefox-Spdy: h2

s.now.cn/assets/expires/8.png

47.246.44.205

200 OK

41 kB

URL HTTP/2
s.now.cn/assets/expires/8.png
IP
47.246.44.205:0
ASN
#24429 Zhejiang Taobao Network Co.,Ltd

File type
PNG image data, 1200 x 140, 8-bit colormap, non-interlaced\012- data
Size
41 kB (40960 bytes)
Hash
24dc1b24638711ae01ec90d7c83c5d94
d7ab9e9130fde16b5b683fb05dae591901c193d0
bb607a05ad695b90c22fde1d33a2e79e1c991f50ff836c041eff7b2b6976fdc9

HTTP Headers

GET /assets/expires/8.png HTTP/1.1
Host: s.now.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://xer0x.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: Tengine
content-type: image/png
content-length: 40960
date: Tue, 04 Apr 2023 23:05:20 GMT
last-modified: Tue, 21 Dec 2021 03:43:41 GMT
etag: "a000-5d39fcfb42294"
accept-ranges: bytes
access-control-allow-origin: *
ali-swift-global-savetime: 1680649520
via: cache5.l2de2[2246,2247,304-0,M], cache12.l2de2[2248,0], cache12.l2de2[2248,0], cache7.se1[0,0,200-0,H], cache3.se1[1,0]
age: 1328
x-cache: HIT TCP_MEM_HIT dirn:11:85315965
x-swift-savetime: Tue, 04 Apr 2023 23:05:20 GMT
x-swift-cachetime: 3600
access-control-allow-headers: *
access-control-allow-methods: *
timing-allow-origin: *
eagleid: 2ff62c9716806508481463920e
X-Firefox-Spdy: h2

s.now.cn/assets/expires/25.png

47.246.44.205

200 OK

26 kB

URL HTTP/2
s.now.cn/assets/expires/25.png
IP
47.246.44.205:0
ASN
#24429 Zhejiang Taobao Network Co.,Ltd

File type
PNG image data, 1200 x 140, 8-bit colormap, non-interlaced\012- data
Size
26 kB (26274 bytes)
Hash
9de34f0505c13b7c97300cd4e3988b03
f72d7e172794e52713c7b7b76faee53bb8e823eb
6c452442e99d12c3c1267f84164b52a7d61a08c9fc3afaaa1cf982f457937750

HTTP Headers

GET /assets/expires/25.png HTTP/1.1
Host: s.now.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://xer0x.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: Tengine
content-type: image/png
content-length: 26274
date: Tue, 04 Apr 2023 22:56:04 GMT
last-modified: Tue, 21 Dec 2021 03:43:41 GMT
etag: "66a2-5d39fcfb41ac4"
accept-ranges: bytes
access-control-allow-origin: *
ali-swift-global-savetime: 1680648964
via: cache2.l2de2[2238,2238,304-0,M], cache10.l2de2[2239,0], cache10.l2de2[2240,0], cache5.se1[0,0,200-0,H], cache3.se1[1,0]
age: 1884
x-cache: HIT TCP_MEM_HIT dirn:4:449301483
x-swift-savetime: Tue, 04 Apr 2023 22:56:04 GMT
x-swift-cachetime: 3600
access-control-allow-headers: *
access-control-allow-methods: *
timing-allow-origin: *
eagleid: 2ff62c9716806508481463921e
X-Firefox-Spdy: h2

hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1062379818&si=bd3e7cf142c59905cd30abcec611f180&v=1.3.0&lv=1&sn=5773&r=0&ww=1280&u=http%3A%2F%2Fxer0x.top%2F%23%2Fcn&tt=xer0x.top%E5%9F%9F%E5%90%8D%E5%B7%B2%E8%BF%87%E6%9C%9F%2C%E6%97%A0%E6%B3%95%E6%AD%A3%E5%B8%B8%E4%BD%BF%E7%94%A8

103.235.46.191

200 OK

43 B

URL HTTP/1.1
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1062379818&si=bd3e7cf142c59905cd30abcec611f180&v=1.3.0&lv=1&sn=5773&r=0&ww=1280&u=http%3A%2F%2Fxer0x.top%2F%23%2Fcn&tt=xer0x.top%E5%9F%9F%E5%90%8D%E5%B7%B2%E8%BF%87%E6%9C%9F%2C%E6%97%A0%E6%B3%95%E6%AD%A3%E5%B8%B8%E4%BD%BF%E7%94%A8
IP
103.235.46.191:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1062379818&si=bd3e7cf142c59905cd30abcec611f180&v=1.3.0&lv=1&sn=5773&r=0&ww=1280&u=http%3A%2F%2Fxer0x.top%2F%23%2Fcn&tt=xer0x.top%E5%9F%9F%E5%90%8D%E5%B7%B2%E8%BF%87%E6%9C%9F%2C%E6%97%A0%E6%B3%95%E6%AD%A3%E5%B8%B8%E4%BD%BF%E7%94%A8 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://xer0x.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Tue, 04 Apr 2023 23:27:28 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=7421510CE8748B8A; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff

xer0x.top/static/img/wechat.f8677dc.png

8.210.119.33

200 OK

27 kB

URL HTTP/1.1
xer0x.top/static/img/wechat.f8677dc.png
IP
8.210.119.33:0
ASN
#45102 Alibaba US Technology Co., Ltd.

File type
PNG image data, 124 x 124, 8-bit/color RGBA, non-interlaced\012- data
Size
27 kB (26597 bytes)
Hash
f9fc94933f0271bc7788a4190d82832e
2f6405ae7c97f35d0c18e31fe592df55f22a3046
b96ab0735c1da17371891eb9e2ac8d73690fb1ffe62f84bfff6186412542bc40

HTTP Headers

GET /static/img/wechat.f8677dc.png HTTP/1.1
Host: xer0x.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xer0x.top/

HTTP/1.1 200 OK
Server: openresty/1.19.3.2
Date: Tue, 04 Apr 2023 23:27:28 GMT
Content-Type: image/png
Last-Modified: Thu, 31 Mar 2022 03:38:40 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62452240-67cf"
Expires: Thu, 04 May 2023 23:27:28 GMT
Cache-Control: max-age=2592000
Content-Encoding: gzip

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (7)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (43)

URL HTTP/1.1

IP

ASN

File type