urlscan.io logo urlscan.io
SecurityTrails logo

nfopic.com Open in urlscan Pro
188.114.96.9  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://nfopic.com/nmjhisc/145592.html
Effective URL: https://nfopic.com/nmjhisc/145592.html
Submission: On November 10 via api from US — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 6 countries across 9 domains to perform 18 HTTP transactions. The main IP is 188.114.96.9, located in Amsterdam, Netherlands and belongs to CLOUDFLARENET, US. The main domain is nfopic.com.
TLS certificate: Issued by WE1 on October 17th 2024. Valid for: 3 months.
This is the only time nfopic.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
8 188.114.96.9 13335 (CLOUDFLAR...)
1 23.224.59.150 40065 (CNSERVERS)
2 172.67.175.174 13335 (CLOUDFLAR...)
1 104.21.68.215 13335 (CLOUDFLAR...)
2 111.45.11.83 56040 (CMNET-GUA...)
3 119.8.102.162 136907 (HWCLOUDS-...)
1 154.91.91.17 399077 (TERAEXCH)
18 8
8    188.114.96.9 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)
nfopic.com
1    23.224.59.150 (United States)

ASN40065 (CNSERVERS, US)
www.imgdouban.com
2    172.67.175.174 (United States)

ASN13335 (CLOUDFLARENET, US)
www.doubaniz.top
1    104.21.68.215 (None, )

ASN13335 (CLOUDFLARENET, US)
www.doubanit.top
2    111.45.11.83 (China)

ASN56040 (CMNET-GUANGDONG-AP China Mobile communications corporation, CN)
hm.baidu.com
3    119.8.102.162 (Hong Kong, Hong Kong)

ASN136907 (HWCLOUDS-AS-AP HUAWEI CLOUDS, HK)
PTR: ecs-119-8-102-162.compute.hwclouds-dns.com
106919tg.fwqur86.com
1012.ifmzjt7.com
106919tcc.8kzjuqu.com
1    154.91.91.17 (Seychelles)

ASN399077 (TERAEXCH, US)
tt.xn--swt207gl1hzc.net
Domain Requested by
8 nfopic.com nfopic.com
2 hm.baidu.com nfopic.com
2 www.doubaniz.top nfopic.com
1 106919tcc.8kzjuqu.com nfopic.com
1 tt.xn--swt207gl1hzc.net 106919tg.fwqur86.com
1 1012.ifmzjt7.com 106919tg.fwqur86.com
1 106919tg.fwqur86.com nfopic.com
1 www.doubanit.top nfopic.com
1 www.imgdouban.com nfopic.com
18 9

This site contains links to these domains. Also see Links.

Domain
ldy.blbqywm.com
aa38055282.xn--ehqtmg6j43yj5pkhhsirlhp.com
nykpaz.liangxinqi.top
Subject Issuer Validity Valid
nfopic.com
WE1		 2024-10-17 -
2025-01-15		 3 months crt.sh
www.imgdouban.com
TrustAsia RSA DV TLS CA G2		 2024-02-04 -
2025-02-03		 a year crt.sh
doubaniz.top
WE1		 2024-10-19 -
2025-01-17		 3 months crt.sh
doubanit.top
WE1		 2024-10-19 -
2025-01-17		 3 months crt.sh
baidu.com
GlobalSign RSA OV SSL CA 2018		 2024-07-08 -
2025-08-09		 a year crt.sh
*.ju3x3so.com
R11		 2024-10-22 -
2025-01-20		 3 months crt.sh
tt.xn--swt207gl1hzc.net
R11		 2024-08-18 -
2024-11-16		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://nfopic.com/nmjhisc/145592.html
Frame ID: 4119455B2D627DB7958AD08F57F34820
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

银行攻防战第一季手机在线观看-免费福利影视

Page URL History Show full URLs

  1. http://nfopic.com/nmjhisc/145592.html HTTP 307
    https://nfopic.com/nmjhisc/145592.html Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • hm\.baidu\.com/hm\.js

Page Statistics

18
Requests

100 %
HTTPS

0 %
IPv6

9
Domains

9
Subdomains

8
IPs

6
Countries

152 kB
Transfer

297 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://nfopic.com/nmjhisc/145592.html HTTP 307
    https://nfopic.com/nmjhisc/145592.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request 145592.html
nfopic.com/nmjhisc/
Redirect Chain
  • http://nfopic.com/nmjhisc/145592.html
  • https://nfopic.com/nmjhisc/145592.html
7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://nfopic.com/nmjhisc/145592.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.9 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/5.6.40 ASP.NET
Resource Hash
0d111876a75f1de0697ec334b6f9f8399280fd46485db1ecfecb5c8d6e38300c

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-cache-status
DYNAMIC
cf-ray
8e0379734c69d593-AMS
content-encoding
zstd
content-type
text/html; charset=utf-8
date
Sun, 10 Nov 2024 04:59:39 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
priority
u=0,i
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZGSm%2BMvrF2VhCJ8YvP4D2hHeZAAnozxyJgQFNzVJgI%2Fb5%2F8wDoi72946BGJpkkzd2c1cQZkLKNgghDgumwoEhZ3qoxiDR3%2BXXzyLaTg%2BTDM16iwTHldakdknIjE7"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfL4;desc="?proto=QUIC&rtt=12462&sent=13&recv=11&lost=0&retrans=0&sent_bytes=4220&recv_bytes=4550&delivery_rate=712&cwnd=12000&unsent_bytes=0&cid=4329f87b619ca0a8&ts=482&x=1" cfExtPri cfHdrFlush;dur=0
vary
Accept-Encoding
x-powered-by
PHP/5.6.40 ASP.NET

Redirect headers

Location
https://nfopic.com/nmjhisc/145592.html
Non-Authoritative-Reason
HttpsUpgrades
phone.css
nfopic.com/templets/Xjianjie/images/ 		7 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://nfopic.com/templets/Xjianjie/images/phone.css
Requested by
Host: nfopic.com
URL: https://nfopic.com/nmjhisc/145592.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.9 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
59546ba2bcc0ae15c8bab41cdfd70b40de3aeb7015fd97e588b8a67799136c6f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://nfopic.com/nmjhisc/145592.html

Response headers

content-encoding
gzip
cf-cache-status
REVALIDATED
etag
"048481a6f4ed71:0"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ORPTaidDzV6MZexBK6hXBGvGj6Z7I2rPogBLbrCHRVZ7tc08Pa5LDuTspiD4TBqA2SZkp3g7Jxlnby2t2GkVrQjW9Clw1tzu4w2t%2BJeGqMu2uvSl2Tjxl1NBb82N"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=12871&sent=20&recv=18&lost=0&retrans=0&sent_bytes=9986&recv_bytes=6079&delivery_rate=6898&cwnd=12000&unsent_bytes=0&cid=4329f87b619ca0a8&ts=898&x=1", cfExtPri, cfHdrFlush;dur=0
date
Sun, 10 Nov 2024 04:59:40 GMT
content-type
text/css
last-modified
Fri, 21 May 2021 18:28:32 GMT
vary
Accept-Encoding
priority
u=0,i=?0
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8e03797668dbd593-AMS
accept-ranges
bytes
content-length
2471
x-powered-by
ASP.NET
server
cloudflare
404.js
nfopic.com/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nfopic.com/404.js
Requested by
Host: nfopic.com
URL: https://nfopic.com/nmjhisc/145592.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.9 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
be5e365f59e705c052b53ae5dc2760f3c471c95824bbae96d4ee4cdcdd24bd5c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://nfopic.com/nmjhisc/145592.html

Response headers

content-encoding
gzip
cf-cache-status
REVALIDATED
etag
"5fe4744a1d1adb1:0"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gG%2BrjMDnFLHhoTNTxhMh5IdV7r5N1AIySHycA%2FE56650fuXR7UguItLOXA6maH2i20aAdkdHQeSmgh79wr9ZyvofVgxjtGWBYFoN3%2F4K0VZSmBDHsHhYBdvr1Atr"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=12624&sent=18&recv=17&lost=0&retrans=0&sent_bytes=8382&recv_bytes=6036&delivery_rate=251043&cwnd=12000&unsent_bytes=0&cid=4329f87b619ca0a8&ts=875&x=1", cfExtPri, cfHdrFlush;dur=0
date
Sun, 10 Nov 2024 04:59:40 GMT
content-type
application/javascript
last-modified
Wed, 09 Oct 2024 07:31:44 GMT
vary
Accept-Encoding
priority
u=1,i=?0
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8e03797668dcd593-AMS
accept-ranges
bytes
content-length
885
x-powered-by
ASP.NET
server
cloudflare
logo.png
nfopic.com/templets/Xjianjie/images/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://nfopic.com/templets/Xjianjie/images/logo.png
Requested by
Host: nfopic.com
URL: https://nfopic.com/nmjhisc/145592.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.9 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
dc5290369bb4ad03f01a79b04ea1e1b0c039bdfc84e7c741cd3da2fdfa977077

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://nfopic.com/nmjhisc/145592.html

Response headers

cf-cache-status
REVALIDATED
etag
"048481a6f4ed71:0"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nJXjV5prHqDV90oI3JFlFPcV81%2BUQn%2F8hJOXjv5i79gApAxYnYHnA031jw7mj%2BDYqcihnamwCUJm7SqfRRzhLbrRhYRW49yw%2BG6n7UdPGotKXF%2B9O1ykHwVYgxWy"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=12871&sent=23&recv=18&lost=0&retrans=0&sent_bytes=13195&recv_bytes=6079&delivery_rate=6898&cwnd=12000&unsent_bytes=0&cid=4329f87b619ca0a8&ts=898&x=1", cfExtPri, cfHdrFlush;dur=0
date
Sun, 10 Nov 2024 04:59:40 GMT
content-type
image/png
last-modified
Fri, 21 May 2021 18:28:32 GMT
vary
Accept-Encoding
priority
u=2,i
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8e03797668ded593-AMS
accept-ranges
bytes
content-length
2188
x-powered-by
ASP.NET
server
cloudflare
commont.js
nfopic.com/ 		225 B
899 B 		Script
General
Check archive.org
Download Go to
Full URL
https://nfopic.com/commont.js
Requested by
Host: nfopic.com
URL: https://nfopic.com/nmjhisc/145592.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.9 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
ce11aed93aa5f5da8d2dba9f2785785c444aff3f1ce69cbb13403091cef5425f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://nfopic.com/nmjhisc/145592.html

Response headers

content-encoding
gzip
cf-cache-status
MISS
etag
"c5651b654422db1:0"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qJdqgaYF2qAJQ5Y3Drj5kcBV8juWV1cMdDYt9xhh9F8wzfdlblwJslBRWhzY2NjqGAYVcVSuEFFHS7FzJgrpOF%2F9khWUZcZPCGsjPFSB5HekQqfalutibLo5LT%2Fl"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=12624&sent=17&recv=17&lost=0&retrans=0&sent_bytes=7460&recv_bytes=6036&delivery_rate=251043&cwnd=12000&unsent_bytes=0&cid=4329f87b619ca0a8&ts=873&x=1", cfExtPri, cfHdrFlush;dur=0
date
Sun, 10 Nov 2024 04:59:40 GMT
content-type
application/javascript
last-modified
Sat, 19 Oct 2024 16:31:48 GMT
vary
Accept-Encoding
priority
u=2,i=?0
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8e03797668e0d593-AMS
accept-ranges
bytes
content-length
233
x-powered-by
ASP.NET
server
cloudflare
f34bb525d322a665.jpg
www.imgdouban.com/tuchuang/uploads/allimg/202411/ 		16 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.imgdouban.com/tuchuang/uploads/allimg/202411/f34bb525d322a665.jpg
Requested by
Host: nfopic.com
URL: https://nfopic.com/nmjhisc/145592.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
23.224.59.150 , United States, ASN40065 (CNSERVERS, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
3a649a80a635df29deb93259cb472998535c9a5617fa468bc620b7a40fc2a048

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://nfopic.com/

Response headers

Cache-Control
max-age=8553600
ETag
"896edb77d131db1:0"
Connection
close
Accept-Ranges
bytes
Content-Length
16043
Date
Sun, 10 Nov 2024 05:26:06 GMT
Content-Type
image/jpeg
Last-Modified
Fri, 08 Nov 2024 11:29:26 GMT
Server
Microsoft-IIS/8.5
com0mon.js
nfopic.com/ 		111 B
888 B 		Script
General
Check archive.org
Download Go to
Full URL
https://nfopic.com/com0mon.js
Requested by
Host: nfopic.com
URL: https://nfopic.com/nmjhisc/145592.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.9 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
3d078c575da56f74541fa14e098bb39a71785ea7a78f82b5daa45ca299da2125

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://nfopic.com/nmjhisc/145592.html

Response headers

content-encoding
gzip
cf-cache-status
REVALIDATED
etag
"37a6d56d3722db1:0"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=naYCy2CejKPHqwh8NIdK4OFMUAsoyaVIZoCm%2F6l32GaQQLzt0OTKECy%2B9dfmzE7Pi7tpd7Yce6LnrnDGVeV8rbdZBYDtFDLId07gX4jB6m96V7MFsXm7TnhqUp1N"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=13052&sent=28&recv=23&lost=0&retrans=0&sent_bytes=16171&recv_bytes=6938&delivery_rate=20596&cwnd=12000&unsent_bytes=0&cid=4329f87b619ca0a8&ts=1254&x=1", cfExtPri, cfHdrFlush;dur=0
date
Sun, 10 Nov 2024 04:59:40 GMT
content-type
application/javascript
last-modified
Sat, 19 Oct 2024 14:58:59 GMT
vary
Accept-Encoding
priority
u=2,i=?0
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8e0379789c09d593-AMS
accept-ranges
bytes
content-length
218
x-powered-by
ASP.NET
server
cloudflare
commont.js
www.doubaniz.top/ 		7 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.doubaniz.top/commont.js
Requested by
Host: nfopic.com
URL: https://nfopic.com/commont.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.175.174 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
1348a8cec75a23fd931093f40c1e03e29200d53533370f5bbc5761b6f38b9bea

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"
Referer
https://nfopic.com/

Response headers

content-encoding
gzip
cf-cache-status
REVALIDATED
etag
"c5aafe3e8a32db1:0"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WSey7B6wt9ODUo%2FzsBl1uragdRh8S39aP5n83%2By6THngMF%2FBTITigcRxCfjt4XcBp2yjD%2FSYEGWwmsKUPnsPJWl2JLTszCmYCb49u2dOEvQnOLzXA1TzicKbb70D%2BVkNA6ac"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=13630&sent=14&recv=13&lost=0&retrans=0&sent_bytes=5629&recv_bytes=4900&delivery_rate=109129&cwnd=12000&unsent_bytes=0&cid=db40b96c6e332d0e&ts=353&x=1", cfHdrFlush;dur=0
date
Sun, 10 Nov 2024 04:59:40 GMT
content-type
application/javascript
last-modified
Sat, 09 Nov 2024 09:32:08 GMT
vary
Accept-Encoding
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8e0379793e6a9f7e-AMS
accept-ranges
bytes
content-length
1428
x-powered-by
ASP.NET
server
cloudflare
lalajiji.js
www.doubaniz.top/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.doubaniz.top/lalajiji.js
Requested by
Host: nfopic.com
URL: https://nfopic.com/commont.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.175.174 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
804efecbdccb978408d660d48a422dabcdd3c329e139f9f1c97169f5e4693585

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"
Referer
https://nfopic.com/

Response headers

content-encoding
gzip
cf-cache-status
REVALIDATED
etag
"8a4d13488a32db1:0"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DnhbHmt%2B08uW8l%2F3rMG3GOZrbIhqA0WxHlUir7QsEFXioGfNQ%2F3fqd6SK4pOJeoUP%2Boy5Aa5TdctEXyh1fPC3EcKg4LR4BNmXDuvcPyZhABocimyqPgtDkCvUlwwaYpZSXmi"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=13706&sent=12&recv=12&lost=0&retrans=0&sent_bytes=4199&recv_bytes=4857&delivery_rate=696&cwnd=12000&unsent_bytes=0&cid=db40b96c6e332d0e&ts=337&x=1", cfHdrFlush;dur=0
date
Sun, 10 Nov 2024 04:59:40 GMT
content-type
application/javascript
last-modified
Sat, 09 Nov 2024 09:32:23 GMT
vary
Accept-Encoding
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8e0379793e699f7e-AMS
accept-ranges
bytes
content-length
703
x-powered-by
ASP.NET
server
cloudflare
search.png
nfopic.com/templets/Xjianjie/images/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://nfopic.com/templets/Xjianjie/images/search.png
Requested by
Host: nfopic.com
URL: https://nfopic.com/templets/Xjianjie/images/phone.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.9 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
aea51ae7a120cba44427e929ddf301659a079e3d4a057191e23f8c767ac5c817

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://nfopic.com/templets/Xjianjie/images/phone.css

Response headers

cf-cache-status
REVALIDATED
etag
"048481a6f4ed71:0"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WnExZDEqnO77osGNEkK%2Bs3JhnHyj6DrrwQc%2FLxntH%2BC6n7r8y2ffrzvfRVmZGV4cLdOKqGn6liX92VkWka2jMfmSNOhy8ibmszZnCCFVBnsp%2FVJMucjOKiu3dmSx"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=13152&sent=29&recv=24&lost=0&retrans=0&sent_bytes=17082&recv_bytes=6982&delivery_rate=2513&cwnd=12000&unsent_bytes=0&cid=4329f87b619ca0a8&ts=1299&x=1", cfExtPri, cfHdrFlush;dur=0
date
Sun, 10 Nov 2024 04:59:40 GMT
content-type
image/png
last-modified
Fri, 21 May 2021 18:28:32 GMT
vary
Accept-Encoding
priority
u=3,i
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8e037978dc57d593-AMS
accept-ranges
bytes
content-length
1720
x-powered-by
ASP.NET
server
cloudflare
com0mon.js
www.doubanit.top/ 		6 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.doubanit.top/com0mon.js
Requested by
Host: nfopic.com
URL: https://nfopic.com/com0mon.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.68.215 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
053bdecc7529e4efd9b73cba8d269a6d032870230dc08537890a556dae7ca2c9

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"
Referer
https://nfopic.com/

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
"d9d4a886df31db1:0"
age
6515
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=60YFqpPtreDPbeKHIHM0Guwustiq3Y%2BZlX4iS6tePAU3VCSKLOOm4r6EMXU8%2BvtCxV27ta4dwlrF4LWqjZoFr8m1wat1PMCcaeinjhAIzPla8U8H%2BRJIz%2Fv2vwJdFKY5z7Hi"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=12777&sent=12&recv=7&lost=0&retrans=0&sent_bytes=4161&recv_bytes=4324&delivery_rate=200057&cwnd=12000&unsent_bytes=0&cid=f84bde9e4771a872&ts=35&x=1", cfExtPri, cfHdrFlush;dur=0
date
Sun, 10 Nov 2024 04:59:40 GMT
content-type
application/javascript
last-modified
Fri, 08 Nov 2024 13:10:04 GMT
vary
Accept-Encoding
priority
u=1,i=?0
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8e03797b9b5366e8-AMS
accept-ranges
bytes
content-length
3903
x-powered-by
ASP.NET
server
cloudflare
hm.js
hm.baidu.com/ 		29 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hm.baidu.com/hm.js?a7079128e2921b4acfc7e566a6876640
Requested by
Host: nfopic.com
URL: https://nfopic.com/nmjhisc/145592.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
111.45.11.83 , China, ASN56040 (CMNET-GUANGDONG-AP China Mobile communications corporation, CN),
Reverse DNS
Software
apache /
Resource Hash
3359fb7563d7d66f368a575daeba6f0fd7d0320bce89b8a9d58fffa960c000e1
Security Headers
Name Value
Strict-Transport-Security max-age=172800

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://nfopic.com/

Response headers

Strict-Transport-Security
max-age=172800
Cache-Control
max-age=0, must-revalidate
Content-Encoding
gzip
Etag
3e9e20ec9aac1212a794b73a81231eb0
Content-Length
11287
P3p
CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date
Sun, 10 Nov 2024 04:59:42 GMT
Content-Type
application/javascript
Server
apache
6919
106919tg.fwqur86.com/sc/ 		11 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://106919tg.fwqur86.com:8004/sc/6919?n=avomgnql
Requested by
Host: nfopic.com
URL: https://nfopic.com/nmjhisc/145592.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
119.8.102.162 Hong Kong, Hong Kong, ASN136907 (HWCLOUDS-AS-AP HUAWEI CLOUDS, HK),
Reverse DNS
ecs-119-8-102-162.compute.hwclouds-dns.com
Software
nginx/1.18.0 / PHP/5.6.31
Resource Hash
dc5ddf2cd168082cb13f8b19017f9c8bc2e758875f71d1ababe96563da5be3b2

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://nfopic.com/

Response headers

Transfer-Encoding
chunked
Cache-Control
max-age=1800
Pragma
max-age=1800
Connection
keep-alive
Access-Control-Allow-Origin
*
P3P
CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date
Sun, 10 Nov 2024 04:59:42 GMT
Content-Type
text/javascript; charset=utf-8
X-Powered-By
PHP/5.6.31
Server
nginx/1.18.0
6919
1012.ifmzjt7.com/d/ 		1 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://1012.ifmzjt7.com:8004/d/6919?t=0.14865649828672778
Requested by
Host: 106919tg.fwqur86.com
URL: https://106919tg.fwqur86.com:8004/sc/6919?n=avomgnql
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
119.8.102.162 Hong Kong, Hong Kong, ASN136907 (HWCLOUDS-AS-AP HUAWEI CLOUDS, HK),
Reverse DNS
ecs-119-8-102-162.compute.hwclouds-dns.com
Software
nginx/1.18.0 / PHP/5.6.31
Resource Hash
44a5b35995bb10108abdfa023a80ee40bf86c49c5504b9702ad66866c2c0b540

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded
Referer
https://nfopic.com/

Response headers

Transfer-Encoding
chunked
Cache-Control
no-cache, must-revalidate
Pragma
no-cache
Connection
keep-alive
Access-Control-Allow-Origin
*
P3P
CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date
Sun, 10 Nov 2024 04:59:42 GMT
Content-Type
text/html; charset=UTF-8
X-Powered-By
PHP/5.6.31
Server
nginx/1.18.0
hm.gif
hm.baidu.com/ 		43 B
299 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://hm.baidu.com/hm.gif?hca=67FBAA0EE9CD3FDA&cc=1&ck=1&cl=24-bit&ds=1600x1200&vl=1200&et=0&ja=0&ln=nl-nl&lo=0&rnd=142575993&si=a7079128e2921b4acfc7e566a6876640&v=1.3.2&lv=1&sn=42223&r=0&ww=1600&u=https%3A%2F%2Fnfopic.com%2Fnmjhisc%2F145592.html&tt=%E9%93%B6%E8%A1%8C%E6%94%BB%E9%98%B2%E6%88%98%E7%AC%AC%E4%B8%80%E5%AD%A3%E6%89%8B%E6%9C%BA%E5%9C%A8%E7%BA%BF%E8%A7%82%E7%9C%8B-%E5%85%8D%E8%B4%B9%E7%A6%8F%E5%88%A9%E5%BD%B1%E8%A7%86
Requested by
Host: nfopic.com
URL: https://nfopic.com/nmjhisc/145592.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
111.45.11.83 , China, ASN56040 (CMNET-GUANGDONG-AP China Mobile communications corporation, CN),
Reverse DNS
Software
apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
Strict-Transport-Security max-age=172800
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://nfopic.com/

Response headers

Strict-Transport-Security
max-age=172800
Cache-Control
private, max-age=0, no-cache
Pragma
no-cache
X-Content-Type-Options
nosniff
Content-Length
43
Date
Sun, 10 Nov 2024 04:59:42 GMT
Content-Type
image/gif
Server
apache
29191119455.txt
tt.xn--swt207gl1hzc.net/2023/05/ 		117 KB
88 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://tt.xn--swt207gl1hzc.net/2023/05/29191119455.txt
Requested by
Host: 106919tg.fwqur86.com
URL: https://106919tg.fwqur86.com:8004/sc/6919?n=avomgnql
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
154.91.91.17 , Seychelles, ASN399077 (TERAEXCH, US),
Reverse DNS
Software
NgxFence /
Resource Hash
be4c0414c9a48611a72e9d8ee1c73c1563f62be94897963cd393fd88672b34f4

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://nfopic.com/

Response headers

cache-control
max-age=2592000
content-encoding
br
etag
W/"64748857-1d2cc"
access-control-allow-methods
GET, POST, OPTIONS
expires
Wed, 27 Nov 2024 13:59:27 GMT
access-control-allow-origin
*
x-cache
HIT
date
Sun, 10 Nov 2024 04:59:44 GMT
content-type
text/plain
last-modified
Mon, 29 May 2023 11:11:19 GMT
server
NgxFence
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
favicon.ico
nfopic.com/ 		197 B
795 B 		Other
General
Check archive.org
Download Go to
Full URL
https://nfopic.com/favicon.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.9 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
33c92c8fb54ccc6f129c65fa05965a29a4d4b6476abeeeb2fd119c519e87c91d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://nfopic.com/nmjhisc/145592.html

Response headers

server
cloudflare
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
zstd
cf-cache-status
EXPIRED
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IfKzz%2FVnEp0gaFPtUL2j8mrvrvxsYTKYqbJijSX555luxreGBLN6SF13LPVhOTudd333GsO0NwbawSdHaV%2BE0XZUvv0vhszgtMiQOx7qobxWEkfsaI8cJ3D%2BQDVd"}],"group":"cf-nel","max_age":604800}
cf-ray
8e03798ab80bd593-AMS
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=13294&sent=33&recv=27&lost=0&retrans=0&sent_bytes=19564&recv_bytes=7551&delivery_rate=178670&cwnd=12000&unsent_bytes=0&cid=4329f87b619ca0a8&ts=4107&x=1", cfExtPri, cfHdrFlush;dur=0
date
Sun, 10 Nov 2024 04:59:43 GMT
content-type
text/html
last-modified
Wed, 09 Oct 2024 14:42:10 GMT
vary
Accept-Encoding
priority
u=1,i
x-powered-by
ASP.NET
6919
106919tcc.8kzjuqu.com/d/ 		24 B
406 B 		Script
General
Check archive.org
Download Go to
Full URL
https://106919tcc.8kzjuqu.com:8004/d/6919?c=1&n=avomgnql
Requested by
Host: nfopic.com
URL: https://nfopic.com/nmjhisc/145592.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
119.8.102.162 Hong Kong, Hong Kong, ASN136907 (HWCLOUDS-AS-AP HUAWEI CLOUDS, HK),
Reverse DNS
ecs-119-8-102-162.compute.hwclouds-dns.com
Software
nginx/1.18.0 / PHP/5.6.31
Resource Hash
92c7e798218a40d5770f1d311b2c548f47d3dc930dc2b90e840f2f73f6b56a7b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://nfopic.com/

Response headers

Transfer-Encoding
chunked
Cache-Control
max-age=0
Pragma
max-age=0
Connection
keep-alive
Access-Control-Allow-Origin
*
P3P
CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date
Sun, 10 Nov 2024 04:59:44 GMT
Content-Type
text/javascript; charset=utf-8
X-Powered-By
PHP/5.6.31
Server
nginx/1.18.0
truncated
/ 		88 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4cceabe8ef0e6250142abc6c945de24b183fd4c0f1305804160f4b795a11bdd7

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png

Verdicts & Comments Add Verdict or Comment

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| isDesktop object| iframeDoc number| n object| _hmt number| j string| style object| a number| avomgnql_is_kk number| avomgnql_is_ws object| k7jvhizkhn boolean| _bdhm_loaded_a7079128e2921b4acfc7e566a6876640

6 Cookies

Domain/Path Name / Value
nfopic.com/nmjhisc Name: lt_iscookie
Value: 1
nfopic.com/ Name: PHPSESSID
Value: iubufkauupktpsh01ea74emva0
.hm.baidu.com/ Name: HMACCOUNT_BFESS
Value: 67FBAA0EE9CD3FDA
.nfopic.com/ Name: Hm_lvt_a7079128e2921b4acfc7e566a6876640
Value: 1731214783
.nfopic.com/ Name: Hm_lpvt_a7079128e2921b4acfc7e566a6876640
Value: 1731214783
.nfopic.com/ Name: HMACCOUNT
Value: 67FBAA0EE9CD3FDA

5 Console Messages

Source Level URL
Text
javascript warning URL: https://nfopic.com/commont.js
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.doubaniz.top/commont.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://nfopic.com/commont.js
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.doubaniz.top/commont.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://nfopic.com/commont.js(Line 1)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.doubaniz.top/lalajiji.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://nfopic.com/com0mon.js
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.doubanit.top/com0mon.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://nfopic.com/com0mon.js
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.doubanit.top/com0mon.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1012.ifmzjt7.com
106919tcc.8kzjuqu.com
106919tg.fwqur86.com
hm.baidu.com
nfopic.com
tt.xn--swt207gl1hzc.net
www.doubanit.top
www.doubaniz.top
www.imgdouban.com
104.21.68.215
111.45.11.83
119.8.102.162
154.91.91.17
172.67.175.174
188.114.96.9
23.224.59.150
053bdecc7529e4efd9b73cba8d269a6d032870230dc08537890a556dae7ca2c9
0d111876a75f1de0697ec334b6f9f8399280fd46485db1ecfecb5c8d6e38300c
1348a8cec75a23fd931093f40c1e03e29200d53533370f5bbc5761b6f38b9bea
3359fb7563d7d66f368a575daeba6f0fd7d0320bce89b8a9d58fffa960c000e1
33c92c8fb54ccc6f129c65fa05965a29a4d4b6476abeeeb2fd119c519e87c91d
3a649a80a635df29deb93259cb472998535c9a5617fa468bc620b7a40fc2a048
3d078c575da56f74541fa14e098bb39a71785ea7a78f82b5daa45ca299da2125
44a5b35995bb10108abdfa023a80ee40bf86c49c5504b9702ad66866c2c0b540
4cceabe8ef0e6250142abc6c945de24b183fd4c0f1305804160f4b795a11bdd7
59546ba2bcc0ae15c8bab41cdfd70b40de3aeb7015fd97e588b8a67799136c6f
804efecbdccb978408d660d48a422dabcdd3c329e139f9f1c97169f5e4693585
92c7e798218a40d5770f1d311b2c548f47d3dc930dc2b90e840f2f73f6b56a7b
aea51ae7a120cba44427e929ddf301659a079e3d4a057191e23f8c767ac5c817
be4c0414c9a48611a72e9d8ee1c73c1563f62be94897963cd393fd88672b34f4
be5e365f59e705c052b53ae5dc2760f3c471c95824bbae96d4ee4cdcdd24bd5c
ce11aed93aa5f5da8d2dba9f2785785c444aff3f1ce69cbb13403091cef5425f
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
dc5290369bb4ad03f01a79b04ea1e1b0c039bdfc84e7c741cd3da2fdfa977077
dc5ddf2cd168082cb13f8b19017f9c8bc2e758875f71d1ababe96563da5be3b2