Report - s339ey.gk9tr2.4ir8yy.76452.exea41.dfahyp.edu.cn.lchongfu.com/

Report Overview

URL

s339ey.gk9tr2.4ir8yy.76452.exea41.dfahyp.edu.cn.lchongfu.com/
IP

35.205.61.67

ASN

#15169 GOOGLE
Submitted

2023-04-04T23:27:53Z

Access

public
Tags

None
urlquery detections

No alerts detected

Detections

urlquery

0
Network Intrusion Detection

0
Threat Detection Systems

9

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
content-signature-2.cdn.mozilla.net (1)	1152	2020-11-03T13:26:46Z	2023-04-04T18:20:05Z	413	5882	34.160.144.191
contile.services.mozilla.com (1)	1114	2021-05-27T20:32:35Z	2023-04-04T18:13:50Z	333	391	34.117.237.239
s339ey.gk9tr2.4ir8yy.76452.exea41.dfahyp.edu.cn.lchongfu.com (9)	unknown	2023-04-04T22:16:39Z	2023-04-04T22:16:39Z	4242	2852	35.205.61.67
push.services.mozilla.com (1)	2140	2014-10-24T10:27:06Z	2023-04-04T18:19:16Z	606	127	52.89.63.231
img-getpocket.cdn.mozilla.net (6)	1631	2018-06-22T01:36:00Z	2023-04-04T13:13:40Z	3246	53049	34.120.237.76
r3.o.lencr.org (7)	344	2020-12-02T09:52:13Z	2023-04-04T18:12:09Z	2366	6205	23.33.119.27
firefox.settings.services.mozilla.com (1)	867	2020-06-04T22:08:41Z	2023-04-04T18:13:55Z	337	1431	35.241.9.150

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-04-04	medium	s339ey.gk9tr2.4ir8yy.76452.exea41.dfahyp.edu.cn.lchongfu.com/	Malware
2023-04-04	medium	s339ey.gk9tr2.4ir8yy.76452.exea41.dfahyp.edu.cn.lchongfu.com/1	Malware
2023-04-04	medium	s339ey.gk9tr2.4ir8yy.76452.exea41.dfahyp.edu.cn.lchongfu.com/1	Malware
2023-04-04	medium	s339ey.gk9tr2.4ir8yy.76452.exea41.dfahyp.edu.cn.lchongfu.com/1	Malware
2023-04-04	medium	s339ey.gk9tr2.4ir8yy.76452.exea41.dfahyp.edu.cn.lchongfu.com/1	Malware
2023-04-04	medium	s339ey.gk9tr2.4ir8yy.76452.exea41.dfahyp.edu.cn.lchongfu.com/1	Malware
2023-04-04	medium	s339ey.gk9tr2.4ir8yy.76452.exea41.dfahyp.edu.cn.lchongfu.com/1	Malware
2023-04-04	medium	s339ey.gk9tr2.4ir8yy.76452.exea41.dfahyp.edu.cn.lchongfu.com/1	Malware
2023-04-04	medium	s339ey.gk9tr2.4ir8yy.76452.exea41.dfahyp.edu.cn.lchongfu.com/1	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (26)

URL IP Response Size

r3.o.lencr.org/

23.33.119.27

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.33.119.27:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

a4074549843769a3da3f055bcb5a78ff

f99062d34cf71bda6a9c64061fb9e61008f94021

895e3801806f031611a25bec5652cc1a46dfa76ea6784f5064d859c1a5b9ddf7

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "895E3801806F031611A25BEC5652CC1A46DFA76EA6784F5064D859C1A5B9DDF7"
Last-Modified: Tue, 04 Apr 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15857
Expires: Wed, 05 Apr 2023 03:51:59 GMT
Date: Tue, 04 Apr 2023 23:27:42 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.33.119.27:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

e50dac5108a698d61ca49516033d1a20

53d243b89fc00deb9bfae07351bbe36ddb7c1df3

e9e0ad98c485b56fe65ea0a8bc4974fff3f804fcf2d8f6266ada9acd27c7b7cc

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E9E0AD98C485B56FE65EA0A8BC4974FFF3F804FCF2D8F6266ADA9ACD27C7B7CC"
Last-Modified: Tue, 04 Apr 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10571
Expires: Wed, 05 Apr 2023 02:23:53 GMT
Date: Tue, 04 Apr 2023 23:27:42 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.33.119.27:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

903ed2d58f1f33d069b70c4b53f1cb1f

0ef89cd6eb79a2ddd74434f9233cf486fffc1142

d8c984b50f04fcdb1ebc99d982502d85193302c85239ee7497666247edfc0061

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D8C984B50F04FCDB1EBC99D982502D85193302C85239EE7497666247EDFC0061"
Last-Modified: Sun, 02 Apr 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19498
Expires: Wed, 05 Apr 2023 04:52:40 GMT
Date: Tue, 04 Apr 2023 23:27:42 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939

URL HTTP/2

firefox.settings.services.mozilla.com/v1/
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (939), with no line terminators

Size

939
Hash

84db75194692d4afe13196bda6f22da8

4c1f49bc973a4917f146d93c8d598344edc021f6

a3bec66f95b3bdf1d310c726e8ed05f7b06c1901c62381a94582d581844d2c23

HTTP Headers

                                        GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Length, Retry-After, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 04 Apr 2023 22:28:46 GMT
content-type: application/json
age: 3536
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain

34.160.144.191

200 OK

5348

URL HTTP/2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain
IP

34.160.144.191:0
ASN

#15169 GOOGLE

Magic

PEM certificate\012- , ASCII text

Size

5348
Hash

95f61d351f5fc9533cc78e255ce9bc06

fba284117f347782ac23c51d141d7e3ec15a867e

7fcc5f9e52e389d8d7c6df7f1f2a1291ae0aaae8e554f3022239ab092b2ef3c3

HTTP Headers

                                        GET /chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
x-amz-id-2: hWCbFEBo+nsul1hvqJfUtukBQTQcdmH5h3NxpH56lX4IfT1TM1aB3M8yt+wyVhoivtJA4bzBAKo=
x-amz-request-id: 62S18JHYFPPG26HJ
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 04 Apr 2023 22:53:23 GMT
age: 2059
last-modified: Fri, 31 Mar 2023 17:04:39 GMT
etag: "95f61d351f5fc9533cc78e255ce9bc06"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

URL HTTP/2

contile.services.mozilla.com/v1/tiles
IP

34.117.237.239:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with no line terminators

Size

12
Hash

23e88fb7b99543fb33315b29b1fad9d6

a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce

7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

                                        GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
date: Tue, 04 Apr 2023 23:27:42 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

s339ey.gk9tr2.4ir8yy.76452.exea41.dfahyp.edu.cn.lchongfu.com/

35.205.61.67

302 Moved Temporarily

329

URL HTTP/1.1

s339ey.gk9tr2.4ir8yy.76452.exea41.dfahyp.edu.cn.lchongfu.com/
IP

35.205.61.67:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (329), with no line terminators

Size

329
Hash

0333b0655111aa68de771adfcc4db243

63f295a144ac87a7c8e23417626724eeca68a7eb

60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

                                        GET / HTTP/1.1
Host: s339ey.gk9tr2.4ir8yy.76452.exea41.dfahyp.edu.cn.lchongfu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                        HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Tue, 04 Apr 2023 23:27:43 GMT
Content-Type: text/html
Connection: close
Set-Cookie: btst=0a9e1d25bba8a1a0751df105e0c05684|91.90.42.154|1680650863|1680650863|0|1|0; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
Location: 1

r3.o.lencr.org/

23.33.119.27

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.33.119.27:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

2820ca2dae3aed6a76736f236502749b

d2e4995fdd0fbb64d9051f50be93023a752ef449

0ac73659b8f464575a3596da96a94fc6dbc26a4d5a90bec1331a5df5ad796006

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0AC73659B8F464575A3596DA96A94FC6DBC26A4D5A90BEC1331A5DF5AD796006"
Last-Modified: Mon, 03 Apr 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9361
Expires: Wed, 05 Apr 2023 02:03:44 GMT
Date: Tue, 04 Apr 2023 23:27:43 GMT
Connection: keep-alive

push.services.mozilla.com/

52.89.63.231

101 Switching Protocols

URL HTTP/1.1

push.services.mozilla.com/
IP

52.89.63.231:0
ASN

#16509 AMAZON-02

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: zmYRZuMDIGeuHDWl4wsNAg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                        HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 1cOZVsbtjZtZCy+Zpxli5vOFsbY=

r3.o.lencr.org/

23.33.119.27

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.33.119.27:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

869fe4a8dc549ffa1023d3adc184e4f2

37b95d88dd3f6f251bb651b130e09b202850033f

9387d0291fa66cc98248bae7724ec34f884c766302d2a99e734585cc591ad304

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9387D0291FA66CC98248BAE7724EC34F884C766302D2A99E734585CC591AD304"
Last-Modified: Mon, 03 Apr 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6496
Expires: Wed, 05 Apr 2023 01:16:00 GMT
Date: Tue, 04 Apr 2023 23:27:44 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.33.119.27:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

869fe4a8dc549ffa1023d3adc184e4f2

37b95d88dd3f6f251bb651b130e09b202850033f

9387d0291fa66cc98248bae7724ec34f884c766302d2a99e734585cc591ad304

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9387D0291FA66CC98248BAE7724EC34F884C766302D2A99E734585CC591AD304"
Last-Modified: Mon, 03 Apr 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6496
Expires: Wed, 05 Apr 2023 01:16:00 GMT
Date: Tue, 04 Apr 2023 23:27:44 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.33.119.27:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

869fe4a8dc549ffa1023d3adc184e4f2

37b95d88dd3f6f251bb651b130e09b202850033f

9387d0291fa66cc98248bae7724ec34f884c766302d2a99e734585cc591ad304

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9387D0291FA66CC98248BAE7724EC34F884C766302D2A99E734585CC591AD304"
Last-Modified: Mon, 03 Apr 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6496
Expires: Wed, 05 Apr 2023 01:16:00 GMT
Date: Tue, 04 Apr 2023 23:27:44 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3b68391b-cdda-4a95-83ea-6e91fc7fd975.jpeg

34.120.237.76

200 OK

11335

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3b68391b-cdda-4a95-83ea-6e91fc7fd975.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

11335
Hash

7192737e0718d2b093fd4f4365d51a66

728ce44f7ba8a21e158e474899fcbec9e6894a95

4177a474202cc2679c4bf5050d6d23d65e64f1d07bfa3e8fc573f00789cc445f

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3b68391b-cdda-4a95-83ea-6e91fc7fd975.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 11335
x-amzn-requestid: fcd7ec3b-2d7a-49f7-a764-a2cdff135f55
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Cyg_2GY-IAMFZRA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642a7b98-19103e85416d52897e5ea091;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Mon, 03 Apr 2023 07:09:12 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: LxKfMGGfe3R6VM8HoTKVhbAlQk8KyyI1OpKgJqhksD_MYJKW-0IvNg==
via: 1.1 e92cc925fc8895560cd0628c67f58828.cloudfront.net (CloudFront), 1.1 7545e37b10b5fcf5e3df98185c85194a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Apr 2023 07:16:32 GMT
age: 58272
etag: "728ce44f7ba8a21e158e474899fcbec9e6894a95"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

13772

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb94db052-75b3-4eb0-8fba-da79a6186b48.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

13772
Hash

b20d6fa5063d7f97cabeae5c3b90a666

d4f5e356e47b3f7bd00349c0c60811fe9913ad09

98e16371931d033b94ac530ae94fda71730d001c55aeb331e0340e95bc97d0c9

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb94db052-75b3-4eb0-8fba-da79a6186b48.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 13772
x-amzn-requestid: 744963e6-853b-4036-8fe4-0d02b41ce7ee
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Cyf-QEtdoAMFo2g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642a79f4-1788e80d58756ef0027924bd;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Mon, 03 Apr 2023 07:02:12 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: ulWZwLggT-eqZA2cK4x1QcasdvtItDZdEZ77IBQtLQrpBvDEA1ElJA==
via: 1.1 773bf3616e85ce2b187fa78710a6beb2.cloudfront.net (CloudFront), 1.1 a9e73292d0b92053c3e38dcec15fd0e2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Apr 2023 22:35:57 GMT
age: 3107
etag: "d4f5e356e47b3f7bd00349c0c60811fe9913ad09"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4424

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06d31622-0a13-44c5-af26-f54d7858062c.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

4424
Hash

a1f459480dc0b55ae4825d3a1c329c65

993e5077165cf389c986c7c73d39384bf21b24ec

360931163e5d707215d9a273661d364e6ae6a71b1821cb39a2e52619812312ed

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06d31622-0a13-44c5-af26-f54d7858062c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 4424
x-amzn-requestid: cfcba3e0-1e91-44de-883d-b059229834ee
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Cyg_1H2roAMFU7A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642a7b98-022b97ae47933289670cd3ad;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Mon, 03 Apr 2023 07:09:12 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: Ada8Njbblc2wwzi4MwWRPIGQTRIBDuH27tw_SdQUoCggrebO58j11Q==
via: 1.1 02f1a759e4ec9fab6fc17c080dd851dc.cloudfront.net (CloudFront), 1.1 ae06b19943a6bad1c1b12b79f7339498.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Apr 2023 07:23:35 GMT
age: 57849
etag: "993e5077165cf389c986c7c73d39384bf21b24ec"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6606

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79da5da9-3d26-4695-ae7f-58d008a2530b.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

6606
Hash

20ff30ea98e9f9086ee28d4ac369e938

40aee6f21d4958a8e36bb9e9359a1784bb4e059d

1fa8c56d96a34e8971f580a83ef30b460b622d43ed7486ccb2c317366cb2179c

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79da5da9-3d26-4695-ae7f-58d008a2530b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 6606
x-amzn-requestid: 2e52472d-4c31-46af-b2e7-4ffc169c2222
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: C34yhEGhIAMF1sA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642ca1a9-4f0faa13315fe1e76cbb09a3;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Tue, 04 Apr 2023 22:16:09 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: -3eyeauXxMTnrWCD5BX_WX2pakIj6fexjGzeXiTotEkJi7tkQBFFjA==
via: 1.1 b6cdb2111444305bd4957a473b711ad6.cloudfront.net (CloudFront), 1.1 a9e73292d0b92053c3e38dcec15fd0e2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Apr 2023 22:49:16 GMT
age: 2308
etag: "40aee6f21d4958a8e36bb9e9359a1784bb4e059d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5686

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F74ab7a15-f867-4797-989f-7adeb80e9c1e.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

5686
Hash

9132183080e6510ff7309e59efa59e75

9ce62f7aee64552638ff948e89b2ddf4f20bdff7

b888ab47550e87b46ed8377a0a6e8679fda7b2751473827bcba328aa4ce207ab

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F74ab7a15-f867-4797-989f-7adeb80e9c1e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 5686
x-amzn-requestid: 3900b1cb-78c9-43d6-9c98-6f00d8635e3b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CooSOHAaoAMF6RA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64268741-002861655352e48c6a833c80;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Fri, 31 Mar 2023 07:09:53 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: XPqgiYowyfmy22TeKddE1Q7KybhFQNNaBi6XE7HRoCW9gWWIb-kVHA==
via: 1.1 50cc3f0b039433daebdf343a3f4489ae.cloudfront.net (CloudFront), 1.1 8cb7de37a1655236518810d0aabb8656.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Apr 2023 22:21:24 GMT
age: 3980
etag: "9ce62f7aee64552638ff948e89b2ddf4f20bdff7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4774

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59d6989a-36a1-4ed7-9694-00dfbfc9b386.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

4774
Hash

6d504943bc15b039b6813b2d1a8a8783

865a647f277bf9234adce200cb6c3e0735f2c9e7

5906ddbaf547fcc998dc1121a1e345b34f575ffe867e32453121354f91df7d53

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59d6989a-36a1-4ed7-9694-00dfbfc9b386.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 4774
x-amzn-requestid: fa477761-b787-44f1-916d-c3c645324c85
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CvNnlG0ioAMF2Ew=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64292963-687098861c456f89593e2ff7;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Sun, 02 Apr 2023 07:06:11 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: v7SlWpId5gDQNec9lHlCcirQOQS0gyyVbhimXiirEbHVwCXQk83oyA==
via: 1.1 59456abf79b201034ab5c9cfef7355e2.cloudfront.net (CloudFront), 1.1 536063cb28bfc05fcb7a78183dd89b72.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Apr 2023 13:25:41 GMT
etag: "865a647f277bf9234adce200cb6c3e0735f2c9e7"
content-type: image/jpeg
age: 36123
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

s339ey.gk9tr2.4ir8yy.76452.exea41.dfahyp.edu.cn.lchongfu.com/1

35.205.61.67

302 Moved Temporarily

URL HTTP/1.1

s339ey.gk9tr2.4ir8yy.76452.exea41.dfahyp.edu.cn.lchongfu.com/1
IP

35.205.61.67:0
ASN

#15169 GOOGLE

Magic

Size

0
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

                                        GET /1 HTTP/1.1
Host: s339ey.gk9tr2.4ir8yy.76452.exea41.dfahyp.edu.cn.lchongfu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: btst=0a9e1d25bba8a1a0751df105e0c05684|91.90.42.154|1680650867|1680650863|0|9|0
Upgrade-Insecure-Requests: 1

                                        HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Tue, 04 Apr 2023 23:27:47 GMT
Content-Type: text/html
Connection: close
Set-Cookie: btst=0a9e1d25bba8a1a0751df105e0c05684|91.90.42.154|1680650867|1680650863|0|10|0; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
Location: 1

s339ey.gk9tr2.4ir8yy.76452.exea41.dfahyp.edu.cn.lchongfu.com/1

35.205.61.67

302 Moved Temporarily

URL HTTP/1.1

s339ey.gk9tr2.4ir8yy.76452.exea41.dfahyp.edu.cn.lchongfu.com/1
IP

35.205.61.67:0
ASN

#15169 GOOGLE

Magic

Size

0
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

                                        GET /1 HTTP/1.1
Host: s339ey.gk9tr2.4ir8yy.76452.exea41.dfahyp.edu.cn.lchongfu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: btst=0a9e1d25bba8a1a0751df105e0c05684|91.90.42.154|1680650867|1680650863|0|10|0
Upgrade-Insecure-Requests: 1

                                        HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Tue, 04 Apr 2023 23:27:48 GMT
Content-Type: text/html
Connection: close
Set-Cookie: btst=0a9e1d25bba8a1a0751df105e0c05684|91.90.42.154|1680650868|1680650863|0|11|0; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
Location: 1

s339ey.gk9tr2.4ir8yy.76452.exea41.dfahyp.edu.cn.lchongfu.com/1

35.205.61.67

302 Moved Temporarily

URL HTTP/1.1

s339ey.gk9tr2.4ir8yy.76452.exea41.dfahyp.edu.cn.lchongfu.com/1
IP

35.205.61.67:0
ASN

#15169 GOOGLE

Magic

Size

0
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

                                        GET /1 HTTP/1.1
Host: s339ey.gk9tr2.4ir8yy.76452.exea41.dfahyp.edu.cn.lchongfu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: btst=0a9e1d25bba8a1a0751df105e0c05684|91.90.42.154|1680650868|1680650863|0|11|0
Upgrade-Insecure-Requests: 1

                                        HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Tue, 04 Apr 2023 23:27:48 GMT
Content-Type: text/html
Connection: close
Set-Cookie: btst=0a9e1d25bba8a1a0751df105e0c05684|91.90.42.154|1680650868|1680650863|0|12|0; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
Location: 1

s339ey.gk9tr2.4ir8yy.76452.exea41.dfahyp.edu.cn.lchongfu.com/1

35.205.61.67

302 Moved Temporarily

URL HTTP/1.1

s339ey.gk9tr2.4ir8yy.76452.exea41.dfahyp.edu.cn.lchongfu.com/1
IP

35.205.61.67:0
ASN

#15169 GOOGLE

Magic

Size

0
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

                                        GET /1 HTTP/1.1
Host: s339ey.gk9tr2.4ir8yy.76452.exea41.dfahyp.edu.cn.lchongfu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: btst=0a9e1d25bba8a1a0751df105e0c05684|91.90.42.154|1680650863|1680650863|0|2|0
Upgrade-Insecure-Requests: 1

                                        HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Tue, 04 Apr 2023 23:27:44 GMT
Content-Type: text/html
Connection: close
Set-Cookie: btst=0a9e1d25bba8a1a0751df105e0c05684|91.90.42.154|1680650864|1680650863|0|3|0; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
Location: 1

s339ey.gk9tr2.4ir8yy.76452.exea41.dfahyp.edu.cn.lchongfu.com/1

35.205.61.67

302 Moved Temporarily

URL HTTP/1.1

s339ey.gk9tr2.4ir8yy.76452.exea41.dfahyp.edu.cn.lchongfu.com/1
IP

35.205.61.67:0
ASN

#15169 GOOGLE

Magic

Size

0
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

                                        GET /1 HTTP/1.1
Host: s339ey.gk9tr2.4ir8yy.76452.exea41.dfahyp.edu.cn.lchongfu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: btst=0a9e1d25bba8a1a0751df105e0c05684|91.90.42.154|1680650863|1680650863|0|1|0
Upgrade-Insecure-Requests: 1

                                        HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Tue, 04 Apr 2023 23:27:43 GMT
Content-Type: text/html
Connection: close
Set-Cookie: btst=0a9e1d25bba8a1a0751df105e0c05684|91.90.42.154|1680650863|1680650863|0|2|0; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
Location: 1

s339ey.gk9tr2.4ir8yy.76452.exea41.dfahyp.edu.cn.lchongfu.com/1

35.205.61.67

302 Moved Temporarily

URL HTTP/1.1

s339ey.gk9tr2.4ir8yy.76452.exea41.dfahyp.edu.cn.lchongfu.com/1
IP

35.205.61.67:0
ASN

#15169 GOOGLE

Magic

Size

0
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

                                        GET /1 HTTP/1.1
Host: s339ey.gk9tr2.4ir8yy.76452.exea41.dfahyp.edu.cn.lchongfu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: btst=0a9e1d25bba8a1a0751df105e0c05684|91.90.42.154|1680650864|1680650863|0|3|0
Upgrade-Insecure-Requests: 1

                                        HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Tue, 04 Apr 2023 23:27:44 GMT
Content-Type: text/html
Connection: close
Set-Cookie: btst=0a9e1d25bba8a1a0751df105e0c05684|91.90.42.154|1680650864|1680650863|0|4|0; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
Location: 1

s339ey.gk9tr2.4ir8yy.76452.exea41.dfahyp.edu.cn.lchongfu.com/1

35.205.61.67

302 Moved Temporarily

URL HTTP/1.1

s339ey.gk9tr2.4ir8yy.76452.exea41.dfahyp.edu.cn.lchongfu.com/1
IP

35.205.61.67:0
ASN

#15169 GOOGLE

Magic

Size

0
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

                                        GET /1 HTTP/1.1
Host: s339ey.gk9tr2.4ir8yy.76452.exea41.dfahyp.edu.cn.lchongfu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: btst=0a9e1d25bba8a1a0751df105e0c05684|91.90.42.154|1680650865|1680650863|0|6|0
Upgrade-Insecure-Requests: 1

                                        HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Tue, 04 Apr 2023 23:27:46 GMT
Content-Type: text/html
Connection: close
Set-Cookie: btst=0a9e1d25bba8a1a0751df105e0c05684|91.90.42.154|1680650866|1680650863|0|7|0; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
Location: 1

s339ey.gk9tr2.4ir8yy.76452.exea41.dfahyp.edu.cn.lchongfu.com/1

35.205.61.67

302 Moved Temporarily

URL HTTP/1.1

s339ey.gk9tr2.4ir8yy.76452.exea41.dfahyp.edu.cn.lchongfu.com/1
IP

35.205.61.67:0
ASN

#15169 GOOGLE

Magic

Size

0
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

                                        GET /1 HTTP/1.1
Host: s339ey.gk9tr2.4ir8yy.76452.exea41.dfahyp.edu.cn.lchongfu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: btst=0a9e1d25bba8a1a0751df105e0c05684|91.90.42.154|1680650866|1680650863|0|7|0
Upgrade-Insecure-Requests: 1

                                        HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Tue, 04 Apr 2023 23:27:46 GMT
Content-Type: text/html
Connection: close
Set-Cookie: btst=0a9e1d25bba8a1a0751df105e0c05684|91.90.42.154|1680650866|1680650863|0|8|0; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
Location: 1

Report Overview

URL

IP

ASN

Submitted

Access

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (26)

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

Detections

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size