Report - zeetechbusiness.com/loki/temp/css/html/me.exe

Report Overview

Submitted URL
zeetechbusiness.com/loki/temp/css/html/me.exe
IP
38.174.173.81
ASN
#54600 PEG-SV
Submitted
2024-03-28 08:58:46
Access
public
Website Title
喀什死晾健身俱乐部
Final URL
www.zeetechbusiness.com/loki/temp/css/html/me.exe
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
hm.baidu.com	8254	1999-10-11	2012-05-26	2024-03-28	1.6 kB	12 kB	103.235.46.191
api.share.baidu.com	44629	1999-10-11	2013-04-25	2024-03-26	406 B	114 B	112.34.113.148
107.148.150.133:28479	unknown	unknown	No data	No data	518 B	0 B	0.0.0.0
zeetechbusiness.com	unknown	2023-08-12	2019-04-23	2024-02-27	415 B	159 B	38.174.173.81
www.zeetechbusiness.com	unknown	2023-08-12	2019-04-23	2024-02-27	1.5 kB	5.2 kB	38.174.173.81
push.zhanzhang.baidu.com	57139	1999-10-11	2015-07-22	2024-03-26	664 B	1.5 kB	163.177.17.97

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-03-28	medium	107.148.150.133	Sinkholed

ThreatFox

No alerts detected

JavaScript (25)

	URL	Size	First Seen	Last Seen
	www.zeetechbusiness.com/loki/temp/css/html/me.exe	0 B	2023-03-07	2024-04-27
Pretty URL www.zeetechbusiness.com/loki/temp/css/html/me.exe IP 38.174.173.81 ASN #54600 PEG-SV Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-27 08:18:09 Times Seen37114735 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.zeetechbusiness.com/tj.js	520 B	2024-03-28	2024-03-30
Pretty URL www.zeetechbusiness.com/tj.js IP 38.174.173.81 ASN #54600 PEG-SV Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-28 04:55:27 Last Seen2024-03-30 05:49:34 Times Seen14 Hash f1a86ee14a64486402724d0e593a6939 54eb5c3fff3315f730dc66b98fd6b817323a10cd 69f2bc2e4a57d01885719f8bea64ccc7cbefd321c04c9acbf711cf1904b07f92 Loading...

	push.zhanzhang.baidu.com/push.js	281 B	2023-03-07	2024-04-26
Pretty URL push.zhanzhang.baidu.com/push.js IP 163.177.17.97 ASN #136958 China Unicom Guangdong IP network Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:09 Last Seen2024-04-26 16:09:47 Times Seen19027 Hash 1bb5a3267c9865ad4abe8d937734b62b b5478dd2edb3e64242eced1db2dbd945ef81f592 674bc0c70f98d627b8a7e1d278a1f21ffe33815565f7d5371bf0275da57571b2 Loading...

	hm.baidu.com/hm.js?b529d75266717a302c4b097e82979e51	0 B	2023-03-07	2024-04-27
Pretty URL hm.baidu.com/hm.js?b529d75266717a302c4b097e82979e51 IP 103.235.46.191 ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-27 08:18:09 Times Seen37114735 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	unknown	368 B	2024-03-28	2024-03-28
Pretty Introduced by Function Embedded in HTML false Observations First Seen2024-03-28 09:58:52 Last Seen2024-03-28 09:58:52 Times Seen1 Hash 41d5f2840f75f9621ab9110a0394a21c 80d59a6b2e719b147742201ea1aeb2915d8d4910 6754b2f7068bd1e1da912273737076cd0e20b125041afa1850e6ce4c47747c7e Loading...

	www.zeetechbusiness.com/common.js	2.7 kB	2024-03-16	2024-03-30
Pretty URL www.zeetechbusiness.com/common.js IP 38.174.173.81 ASN #54600 PEG-SV Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-16 05:01:15 Last Seen2024-03-30 10:13:56 Times Seen24 Hash 0fc9e5afc18dc81e0cf7df09a1e29458 83c410fcebf13244da82c5df29ed60a8f57ed818 75086cc2407aa9ff4b4562915994bfbbe8e1f9eda2970e16db7b602af2e63609 Loading...

	hm.baidu.com/hm.js?03075e4d54314777e06711e98aff6497	30 kB	2024-03-28	2024-03-28
Pretty URL hm.baidu.com/hm.js?03075e4d54314777e06711e98aff6497 IP 103.235.46.191 ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-28 09:58:52 Last Seen2024-03-28 09:58:52 Times Seen2 Hash dc0e86b9c3150ca1017568f9f5a6cae5 bb6eb5fda1ead3238e61a11687ae82da03dd8759 749c1cc35e8d9306ddc7d48e1aa4b0cd723432311d192444a5c42a31ca595dac Loading...

	unknown	37 B	2023-04-11	2024-04-27
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:49:14 Last Seen2024-04-27 07:51:20 Times Seen21903 Hash 1c5c9160600df2d96d69a4ea16cec7ed 3cf678c9135cc952ba6970ef545035bb757a443f a3520fe88e248d2b6c9c6db93309a037ef969fe297208e5bd7e49a55bb32c808 Loading...

		Size	First Seen	Last Seen
	#1 Write - 80161c34e716ee0324a705896b2483c6	15 B	2023-03-07	2024-04-26
Pretty Observations First Seen2023-03-07 12:05:42 Last Seen2024-04-26 16:09:43 Times Seen1248 Hash 80161c34e716ee0324a705896b2483c6 98876ca7002e2a1a80b190a72e1c0bbc5bb61acb 24464f46e7f9ba25eb53bcca6337b1eaa31a6abe3a4b3d25efd0389a738ac59f Loading...

	#2 Write - 1bd419580aae80c592165eebc56f4ddc	8 B	2023-03-07	2024-04-26
Pretty Observations First Seen2023-03-07 12:05:42 Last Seen2024-04-26 16:09:47 Times Seen1253 Hash 1bd419580aae80c592165eebc56f4ddc 4386a418a5a0a485bfc37c3625fdaf6e27c7a02f 15b9a5e2ebf3c6254671e8cd086bcae15c45acd5a142a0635e67b71423af041d Loading...

	#3 Write - a83b2d157c402fb8af63a7b05036c116	55 B	2023-03-07	2024-04-26
Pretty Observations First Seen2023-03-07 12:05:42 Last Seen2024-04-26 16:09:47 Times Seen1247 Hash a83b2d157c402fb8af63a7b05036c116 e25a8fb72e28cc68095b23f2110b4184fa92439a 86a0bec6d2774d3e66148531c280b7e56c9b74bb21b8f630e7dbf478d7eadd3f Loading...

	#4 Write - cbb184dd8e05c9709e5dcaedaa0495cf	1 B	2023-03-07	2024-04-27
Pretty Observations First Seen2023-03-07 01:02:09 Last Seen2024-04-27 01:54:13 Times Seen3497 Hash cbb184dd8e05c9709e5dcaedaa0495cf c2b7df6201fdd3362399091f0a29550df3505b6a d10b36aa74a59bcf4a88185837f658afaf3646eff2bb16c3928d0e9335e945d2 Loading...

	#5 Write - d41d8cd98f00b204e9800998ecf8427e	0 B	2023-03-07	2024-04-27
Pretty Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-27 08:18:09 Times Seen37114735 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	#6 Write - 78490b99914b10f282753ec35bcc0537	22 B	2023-03-07	2024-04-26
Pretty Observations First Seen2023-03-07 12:05:42 Last Seen2024-04-26 16:09:43 Times Seen1247 Hash 78490b99914b10f282753ec35bcc0537 555109dd30dc1177008be131b5245ecbf112bc92 a2c7caea1a253dcdf61b38371721c59887f0f252e2efc4f241d49ea0ab4c82db Loading...

	#7 Write - 878da30bd3816a375cd08511cddfa4f6	34 B	2023-03-07	2024-04-26
Pretty Observations First Seen2023-03-07 12:05:42 Last Seen2024-04-26 16:09:44 Times Seen1247 Hash 878da30bd3816a375cd08511cddfa4f6 4f82bf819a0877c18af599aadf967833b119d8ff 8b2adf22917933a31bece2e10699f2c4e35b5e7241684b838996eeedd7307d8b Loading...

	#8 Write - da3d3844e105b72effb4345201b5e5ef	18 B	2023-03-07	2024-04-26
Pretty Observations First Seen2023-03-07 12:05:42 Last Seen2024-04-26 16:09:44 Times Seen1248 Hash da3d3844e105b72effb4345201b5e5ef 274704f931fa665170d893f33fa49721c5c71a08 922f1e4166c395e610f8b3351a9e878b66840f869d091c8a1ec212934f23af90 Loading...

	#9 Write - 1ef0bca0c8fe511a919ad12472e6c67f	8 B	2023-03-07	2024-04-26
Pretty Observations First Seen2023-03-07 01:02:09 Last Seen2024-04-26 16:09:47 Times Seen5047 Hash 1ef0bca0c8fe511a919ad12472e6c67f 1911560857da79f62a8b26817eeda52fa07cefc7 5e4117ea8905b4866062cf8ae840cc520d1cd0403399e0b7342ea8485ef9a37d Loading...

	#10 Write - 918db83bc66ec56ae114ffccca935ca7	104 B	2023-03-07	2024-04-26
Pretty Observations First Seen2023-03-07 12:05:42 Last Seen2024-04-26 16:09:46 Times Seen1271 Hash 918db83bc66ec56ae114ffccca935ca7 69e229c1db246ca2c1f311da0aaf58b33815a373 ac2bb70e79fa7d5a712851a0f096a78411ca9616e9da1bdc3eb65fe337200ab5 Loading...

	#11 Write - fff3155a32d6a79bf2672b8514442e08	16 B	2023-03-07	2024-04-26
Pretty Observations First Seen2023-03-07 12:05:42 Last Seen2024-04-26 16:09:45 Times Seen1247 Hash fff3155a32d6a79bf2672b8514442e08 181aa0bf914cb3fefbac62e2c7d0ff8b3bf2991f 684d122b0e96378e9fb2d65622caf3614d79742c03e558a5b26205c5260186b8 Loading...

	#12 Write - 199b6f0e589f557711343c2ea42c860c	12 B	2023-03-07	2024-04-26
Pretty Observations First Seen2023-03-07 12:05:42 Last Seen2024-04-26 16:09:44 Times Seen1259 Hash 199b6f0e589f557711343c2ea42c860c 69d66e5b2ee461def2d86070503b180ad1c3d972 37ab52c9d67ae001c268e59fc0a6d48715f1d9f4450f11ce68bddedc23bb18f2 Loading...

	#13 Write - 587c60d4354f54b0c137f22159b8a51f	13 B	2023-03-07	2024-04-26
Pretty Observations First Seen2023-03-07 12:05:42 Last Seen2024-04-26 16:09:41 Times Seen1258 Hash 587c60d4354f54b0c137f22159b8a51f 5e11b481ea0290f25539357b80d2cb2964eb2160 6131336b8080daa3c23462df07a98a6b916363c92390efcaee7431789c5577d1 Loading...

	#14 Write - aea70eed95896953e77791c997a52433	2 B	2023-03-07	2024-04-26
Pretty Observations First Seen2023-03-07 01:27:49 Last Seen2024-04-26 16:09:46 Times Seen1483 Hash aea70eed95896953e77791c997a52433 f7368006d9eb8da53e381fd4c46a859390d39e4e 15715d5ca91fe9c1de7947083abca074bb304712ebf119996712abf31472579f Loading...

	#15 Write - d366a945f0f516bbfff17b331ff2e163	352 B	2024-03-17	2024-03-30
Pretty Observations First Seen2024-03-17 13:57:16 Last Seen2024-03-30 10:13:54 Times Seen6 Hash d366a945f0f516bbfff17b331ff2e163 4d6d49f3cbdac1761e1476c91e5894e4c9535468 cc3eeb59e14e767268e3c341c91d97cba8386aed97ce2d298ce3a5f8e7ff6100 Loading...

	#16 Write - 0facf1853f7521620655144829e4ac6b	7 B	2023-03-07	2024-04-26
Pretty Observations First Seen2023-03-07 12:05:42 Last Seen2024-04-26 16:09:46 Times Seen1248 Hash 0facf1853f7521620655144829e4ac6b 2e368d3dbd9c53ddd9a7a66ec7657fdeb5266727 4680f102d5c7cefdf58e1dbc29e3913225f9b172d90885e2e2938e8b9f0a49f4 Loading...

	#17 Write - 7a23e4d0e79d5c374c1dd5cb9235df3e	8 B	2023-03-07	2024-04-26
Pretty Observations First Seen2023-03-07 12:05:42 Last Seen2024-04-26 16:09:44 Times Seen1249 Hash 7a23e4d0e79d5c374c1dd5cb9235df3e 51b0339fa127b3ba00730d8caf982343d5a129c9 54a3b85646190532634f9d7f6f2cf60d03107b0c58eca3ce510a0ab0cb9ce462 Loading...

HTTP Transactions (12)

URL IP Response Size

zeetechbusiness.com/loki/temp/css/html/me.exe

38.174.173.81

301 Moved Permanently

0 B

URL User Request GET HTTP/1.1
zeetechbusiness.com/loki/temp/css/html/me.exe
IP
38.174.173.81:80
ASN
#54600 PEG-SV

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /loki/temp/css/html/me.exe HTTP/1.1
Host: zeetechbusiness.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Content-Length: 0
Server: nginx
Location: http://www.zeetechbusiness.com/loki/temp/css/html/me.exe
Content-Type: text/html

www.zeetechbusiness.com/loki/temp/css/html/me.exe

38.174.173.81

779 B

URL User Request GET
www.zeetechbusiness.com/loki/temp/css/html/me.exe
IP
38.174.173.81:0
ASN
#54600 PEG-SV

File type
JavaScript source, ISO-8859 text, with CRLF line terminators
Size
779 B (779 bytes)
Hash
f8ec94b0b09462dfb5f99be30b012407
963c0d183f19a27de5c943aecee0f6740d5aa05e
4acf3fc74f666cc0e5f93d0acccd277baa26618b5980699603cd286b5ea2a1ef

HTTP Headers

GET /loki/temp/css/html/me.exe HTTP/1.1
Host: www.zeetechbusiness.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 28 Mar 2024 08:58:21 GMT
Content-Length: 779
Content-Type: text/html
Server: nginx

www.zeetechbusiness.com/common.js

38.174.173.81

200 OK

2.7 kB

URL GET HTTP/1.1
www.zeetechbusiness.com/common.js
IP
38.174.173.81:80
ASN
#54600 PEG-SV

Requested by
http://www.zeetechbusiness.com/loki/temp/css/html/me.exe

File type
JavaScript source, ASCII text, with very long lines (523), with CRLF line terminators
Size
2.7 kB (2670 bytes)
Hash
0fc9e5afc18dc81e0cf7df09a1e29458
83c410fcebf13244da82c5df29ed60a8f57ed818
75086cc2407aa9ff4b4562915994bfbbe8e1f9eda2970e16db7b602af2e63609

HTTP Headers

GET /common.js HTTP/1.1
Host: www.zeetechbusiness.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.zeetechbusiness.com/loki/temp/css/html/me.exe
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 28 Mar 2024 08:58:21 GMT
Content-Length: 2670
Content-Type: application/x-javascript
Server: nginx

www.zeetechbusiness.com/tj.js

38.174.173.81

200 OK

520 B

URL GET HTTP/1.1
www.zeetechbusiness.com/tj.js
IP
38.174.173.81:80
ASN
#54600 PEG-SV

Requested by
http://www.zeetechbusiness.com/loki/temp/css/html/me.exe

File type
JavaScript source, ASCII text, with CRLF line terminators
Size
520 B (520 bytes)
Hash
f1a86ee14a64486402724d0e593a6939
54eb5c3fff3315f730dc66b98fd6b817323a10cd
69f2bc2e4a57d01885719f8bea64ccc7cbefd321c04c9acbf711cf1904b07f92

HTTP Headers

GET /tj.js HTTP/1.1
Host: www.zeetechbusiness.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.zeetechbusiness.com/loki/temp/css/html/me.exe
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 28 Mar 2024 08:58:21 GMT
Content-Length: 520
Content-Type: application/x-javascript
Server: nginx

www.zeetechbusiness.com/favicon.ico

38.174.173.81

200 OK

779 B

URL GET HTTP/1.1
www.zeetechbusiness.com/favicon.ico
IP
38.174.173.81:80
ASN
#54600 PEG-SV

Requested by
http://www.zeetechbusiness.com/loki/temp/css/html/me.exe

File type
JavaScript source, ISO-8859 text, with CRLF line terminators
Size
779 B (779 bytes)
Hash
f8ec94b0b09462dfb5f99be30b012407
963c0d183f19a27de5c943aecee0f6740d5aa05e
4acf3fc74f666cc0e5f93d0acccd277baa26618b5980699603cd286b5ea2a1ef

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.zeetechbusiness.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.zeetechbusiness.com/loki/temp/css/html/me.exe
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 28 Mar 2024 08:58:22 GMT
Content-Length: 779
Content-Type: text/html
Server: nginx

push.zhanzhang.baidu.com/push.js

163.177.17.97

200 OK

227 B

URL GET HTTP/1.1
push.zhanzhang.baidu.com/push.js
IP
163.177.17.97:80
ASN
#136958 China Unicom Guangdong IP network

Requested by
http://www.zeetechbusiness.com/loki/temp/css/html/me.exe

File type
ASCII text, with no line terminators
Size
227 B (227 bytes)
Hash
1bb5a3267c9865ad4abe8d937734b62b
b5478dd2edb3e64242eced1db2dbd945ef81f592
674bc0c70f98d627b8a7e1d278a1f21ffe33815565f7d5371bf0275da57571b2

HTTP Headers

GET /push.js HTTP/1.1
Host: push.zhanzhang.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.zeetechbusiness.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Length: 227
Content-Type: text/javascript
Date: Thu, 28 Mar 2024 08:58:24 GMT
Etag: "4078521116"
Expires: Fri, 28 Mar 2025 08:58:24 GMT
Last-Modified: Wed, 25 Nov 2015 07:47:55 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Server: apache
Set-Cookie: BAIDUID=D0AD63C25C2AD5EECC555F924E4937F9:FG=1; max-age=31536000; expires=Fri, 28-Mar-25 08:58:24 GMT; domain=.baidu.com; path=/; version=1
Vary: Accept-Encoding

push.zhanzhang.baidu.com/push.js

163.177.17.97

200 OK

227 B

URL GET HTTP/1.1
push.zhanzhang.baidu.com/push.js
IP
163.177.17.97:80
ASN
#136958 China Unicom Guangdong IP network

Requested by
http://www.zeetechbusiness.com/loki/temp/css/html/me.exe

File type
ASCII text, with no line terminators
Size
227 B (227 bytes)
Hash
1bb5a3267c9865ad4abe8d937734b62b
b5478dd2edb3e64242eced1db2dbd945ef81f592
674bc0c70f98d627b8a7e1d278a1f21ffe33815565f7d5371bf0275da57571b2

HTTP Headers

GET /push.js HTTP/1.1
Host: push.zhanzhang.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.zeetechbusiness.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Length: 227
Content-Type: text/javascript
Date: Thu, 28 Mar 2024 08:58:24 GMT
Etag: "4078521116"
Expires: Fri, 28 Mar 2025 08:58:24 GMT
Last-Modified: Wed, 25 Nov 2015 07:47:55 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Server: apache
Set-Cookie: BAIDUID=C3D799EBD738B497F6AB643C1E334383:FG=1; max-age=31536000; expires=Fri, 28-Mar-25 08:58:24 GMT; domain=.baidu.com; path=/; version=1
Vary: Accept-Encoding

hm.baidu.com/hm.js?03075e4d54314777e06711e98aff6497

103.235.46.191

200 OK

11 kB

URL GET HTTP/1.1
hm.baidu.com/hm.js?03075e4d54314777e06711e98aff6497
IP
103.235.46.191:443
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

Requested by
http://www.zeetechbusiness.com/loki/temp/css/html/me.exe
Certificate
IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT

File type
JavaScript source, ASCII text, with very long lines (615)
Size
11 kB (11253 bytes)
Hash
dc0e86b9c3150ca1017568f9f5a6cae5
bb6eb5fda1ead3238e61a11687ae82da03dd8759
749c1cc35e8d9306ddc7d48e1aa4b0cd723432311d192444a5c42a31ca595dac

HTTP Headers

GET /hm.js?03075e4d54314777e06711e98aff6497 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.zeetechbusiness.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11253
Content-Type: application/javascript
Date: Thu, 28 Mar 2024 08:58:24 GMT
Etag: 4bd6f7694391bd95e9c33030ce86037a
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=D07A267A1B294F87; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800

hm.baidu.com/hm.js?b529d75266717a302c4b097e82979e51

103.235.46.191

200 OK

0 B

URL GET HTTP/1.1
hm.baidu.com/hm.js?b529d75266717a302c4b097e82979e51
IP
103.235.46.191:443
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

Requested by
http://www.zeetechbusiness.com/loki/temp/css/html/me.exe
Certificate
IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /hm.js?b529d75266717a302c4b097e82979e51 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.zeetechbusiness.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 0
Date: Thu, 28 Mar 2024 08:58:24 GMT
Server: apache
Strict-Transport-Security: max-age=172800
Content-Type: text/plain; charset=utf-8

api.share.baidu.com/s.gif?l=http://www.zeetechbusiness.com/loki/temp/css/html/me.exe

112.34.113.148

200 OK

0 B

URL GET HTTP/1.1
api.share.baidu.com/s.gif?l=http://www.zeetechbusiness.com/loki/temp/css/html/me.exe
IP
112.34.113.148:80
ASN
#9808 China Mobile Communications Group Co., Ltd.

Requested by
http://www.zeetechbusiness.com/loki/temp/css/html/me.exe

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /s.gif?l=http://www.zeetechbusiness.com/loki/temp/css/html/me.exe HTTP/1.1
Host: api.share.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.zeetechbusiness.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/plain; charset=utf-8
Date: Thu, 28 Mar 2024 08:58:24 GMT

hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1304141522&si=03075e4d54314777e06711e98aff6497&v=1.3.0&lv=1&sn=38710&r=0&ww=1280&u=http%3A%2F%2Fwww.zeetechbusiness.com%2Floki%2Ftemp%2Fcss%2Fhtml%2Fme.exe&tt=%E5%96%80%E4%BB%80%E6%AD%BB%E6%99%BE%E5%81%A5%E8%BA%AB%E4%BF%B1%E4%B9%90%E9%83%A8

103.235.46.191

200 OK

43 B

URL GET HTTP/1.1
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1304141522&si=03075e4d54314777e06711e98aff6497&v=1.3.0&lv=1&sn=38710&r=0&ww=1280&u=http%3A%2F%2Fwww.zeetechbusiness.com%2Floki%2Ftemp%2Fcss%2Fhtml%2Fme.exe&tt=%E5%96%80%E4%BB%80%E6%AD%BB%E6%99%BE%E5%81%A5%E8%BA%AB%E4%BF%B1%E4%B9%90%E9%83%A8
IP
103.235.46.191:443
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

Requested by
http://www.zeetechbusiness.com/loki/temp/css/html/me.exe
Certificate
IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1304141522&si=03075e4d54314777e06711e98aff6497&v=1.3.0&lv=1&sn=38710&r=0&ww=1280&u=http%3A%2F%2Fwww.zeetechbusiness.com%2Floki%2Ftemp%2Fcss%2Fhtml%2Fme.exe&tt=%E5%96%80%E4%BB%80%E6%AD%BB%E6%99%BE%E5%81%A5%E8%BA%AB%E4%BF%B1%E4%B9%90%E9%83%A8 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.zeetechbusiness.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Thu, 28 Mar 2024 08:58:25 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=15652FFB8A7105E2; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff

107.148.150.133:28479/

0.0.0.0

0 B

URL GET
107.148.150.133:28479/
IP
0.0.0.0:0
ASN
#0

Requested by
http://www.zeetechbusiness.com/loki/temp/css/html/me.exe

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 107.148.150.133:28479
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.zeetechbusiness.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (25)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash