Report - jztmas.srootsrg.top/

Report Overview

Submitted URL
jztmas.srootsrg.top/
IP
173.208.141.94
ASN
#32097 WII
Submitted
2023-02-06 21:53:57
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
2
Threat Detection Systems
46

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	52.43.88.238
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.8 kB	68 kB	34.120.237.76
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	2.7 kB	7.1 kB	23.36.76.226
jztmas.srootsrg.top	unknown	2022-12-06T08:34:02Z	2023-01-20T19:57:43Z	28 kB	2.1 MB	173.208.141.94
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-02-06 21:54:33	medium	Client IP	Internal IP	ET DNS Query to a *.top domain - Likely Hostile
2023-02-06 21:54:33	medium	Client IP	173.208.141.94	ET INFO HTTP Request to a *.top domain

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-02-06	medium	jztmas.srootsrg.top/	Malware
2023-02-06	medium	jztmas.srootsrg.top/	Malware
2023-02-06	medium	jztmas.srootsrg.top/includes/templates/linglong-viu02/jscript/jquery.meanmenu.js	Malware
2023-02-06	medium	jztmas.srootsrg.top/includes/templates/linglong-viu02//jscript/jquery1.9.1.js	Malware
2023-02-06	medium	jztmas.srootsrg.top/imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tNzgxNTUwMzkwNjdfMS5qcGc=	Malware
2023-02-06	medium	jztmas.srootsrg.top/includes/templates/linglong-viu02/jscript/jquery-1.11.1.min.js	Malware
2023-02-06	medium	jztmas.srootsrg.top/imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tOTU3ODU1NjIwMTJfMS5qcGc=	Malware
2023-02-06	medium	jztmas.srootsrg.top/imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tMzMwOTgwNTI3MTZfMS5qcGc=	Malware
2023-02-06	medium	jztmas.srootsrg.top/imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tMTI5MDcyMTkwNjhfMS5qcGc=	Malware
2023-02-06	medium	jztmas.srootsrg.top/imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tMzYxNDE5NjM1MTBfMS5qcGc=	Malware
2023-02-06	medium	jztmas.srootsrg.top/imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tNzE2NzYzNzkyMDVfMS5qcGc=	Malware
2023-02-06	medium	jztmas.srootsrg.top/imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tNTUxNTk3MzYxMzBfMS5qcGc=	Malware
2023-02-06	medium	jztmas.srootsrg.top/imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tNjQ0MjQxNzQwMjJfMS5qcGc=	Malware
2023-02-06	medium	jztmas.srootsrg.top/imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tODMzNzI0MTM5NzdfMS5qcGc=	Malware
2023-02-06	medium	jztmas.srootsrg.top/imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tMjYwNjQ2NDMyOThfMS5qcGc=	Malware
2023-02-06	medium	jztmas.srootsrg.top/imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tMjE4MjUxNDUyMzJfMS5qcGc=	Malware
2023-02-06	medium	jztmas.srootsrg.top/imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tNDUxNjc0Njg1OThfMS5qcGc=	Malware
2023-02-06	medium	jztmas.srootsrg.top/imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tNDE3MzMzMTk3MTZfMS5qcGc=	Malware
2023-02-06	medium	jztmas.srootsrg.top/imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tNTY1OTgwMDg4NDBfMS5qcGc=	Malware
2023-02-06	medium	jztmas.srootsrg.top/imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tNzY1MjI1NTA2MjdfMS5qcGc=	Malware
2023-02-06	medium	jztmas.srootsrg.top/imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tOTQwNTgyMjM1NTlfMS5qcGc=	Malware
2023-02-06	medium	jztmas.srootsrg.top/imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tNDc1ODE4NjIwMDRfMS5qcGc=	Malware
2023-02-06	medium	jztmas.srootsrg.top/imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tNDE4Mzk0MzA1NzBfMS5qcGc=	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (5)

	URL	Size	First Seen	Last Seen
	jztmas.srootsrg.top/	864 B	2023-03-07	2023-04-05
Pretty URL jztmas.srootsrg.top/ IP 173.208.141.94 ASN #32097 WII Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:11:32 Last Seen2023-04-05 02:02:57 Times Seen196 Hash e56015af60837fe70c7698860f2794e0 9d87da8d707f9e2f361a84f260085cb2409a0077 e2459ae503af0e5f36b6d61c92796f2a1cedeaed0a6fe00169855afc9e938c17 Loading...

	jztmas.srootsrg.top/includes/templates/linglong-viu02/jscript/jquery.meanmenu.js	12 kB	2023-03-09	2024-02-01
Pretty URL jztmas.srootsrg.top/includes/templates/linglong-viu02/jscript/jquery.meanmenu.js IP 173.208.141.94 ASN #32097 WII Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 21:03:35 Last Seen2024-02-01 00:55:53 Times Seen130 Hash 30a538a901bf28c1865244d551f707ef eea12d7b14cbe34b7c1030a7b5b0ab3fe3da718d 84305b7a4064e3f5d68a31b497aa18bbe2ce949b5b41d5f506aa810d30794653 Loading...

	jztmas.srootsrg.top/includes/templates/linglong-viu02//jscript/jquery1.9.1.js	93 kB	2023-03-07	2024-04-26
Pretty URL jztmas.srootsrg.top/includes/templates/linglong-viu02//jscript/jquery1.9.1.js IP 173.208.141.94 ASN #32097 WII Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:44 Last Seen2024-04-26 19:54:41 Times Seen4832 Hash 383771ef1692bfcc3f2b6917ca985778 a1ce0bfa507f23cc414a9a7634bd73b994bb3b35 20638e363fcc5152155f24b281303e17da62da62d24ef5dcf863b184d9a25734 Loading...

	jztmas.srootsrg.top/includes/templates/linglong-viu02/jscript/jquery-1.11.1.min.js	96 kB	2023-03-07	2024-04-25
Pretty URL jztmas.srootsrg.top/includes/templates/linglong-viu02/jscript/jquery-1.11.1.min.js IP 173.208.141.94 ASN #32097 WII Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:37:44 Last Seen2024-04-25 05:46:19 Times Seen867 Hash ee092541bc79668e3e0a7b76d2faf00c 464511ce4755e3c6acda7c719f27265805142c47 87981e8062814ca279922ee55276ad14bbdc29649f98e34b2d83c3afb5052a51 Loading...

	jztmas.srootsrg.top/	82 B	2023-03-09	2024-02-01
Pretty URL jztmas.srootsrg.top/ IP 173.208.141.94 ASN #32097 WII Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 21:03:35 Last Seen2024-02-01 00:55:53 Times Seen70 Hash 9300789d7abbf8129fcd26c141261f16 e8c72259b1e6c501d6e3eb2efcf254716a289f24 d6fcbc9dcd8fa81344588274a3f04a12839551378dbf5f2c2816488dbf816d20 Loading...

HTTP Transactions (77)

URL IP Response Size

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1cdc095521e9ee2606059be447d1fdd5
02b5d0a5b5823e2338daf7e144700babe2a213af
8bda3aabcf331c2bfcc4c7023cd797c760fd301dc353641bb95048e072f66c66

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8BDA3AABCF331C2BFCC4C7023CD797C760FD301DC353641BB95048E072F66C66"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2297
Expires: Mon, 06 Feb 2023 22:32:03 GMT
Date: Mon, 06 Feb 2023 21:53:46 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c21ba65e44ac95470c314e068e49a9eb
17a13b13738993d889d4afa3d848dc63bf6eba64
9bd0795b30e84ce63b6e2a365ca91bbffc395dd955e112152066c31e63a4ab66

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9BD0795B30E84CE63B6E2A365CA91BBFFC395DD955E112152066C31E63A4AB66"
Last-Modified: Sat, 04 Feb 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4754
Expires: Mon, 06 Feb 2023 23:13:00 GMT
Date: Mon, 06 Feb 2023 21:53:46 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fb7b6b46e708ad73eaaa3c21e74569ae
950663c025acad81556af5aa3022ecc9d55097fe
763f58b9fb838378c92033b59907b036f4c33081f5103d9bcc2ca2a8de500d64

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "763F58B9FB838378C92033B59907B036F4C33081F5103D9BCC2CA2A8DE500D64"
Last-Modified: Sat, 04 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12979
Expires: Tue, 07 Feb 2023 01:30:05 GMT
Date: Mon, 06 Feb 2023 21:53:46 GMT
Connection: keep-alive

jztmas.srootsrg.top/

173.208.141.94

301 Moved Permanently

236 B

URL HTTP/1.1
jztmas.srootsrg.top/
IP
173.208.141.94:0
ASN
#32097 WII

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
236 B (236 bytes)
Hash
9084cc007fad19a868d279d30cd1db95
680a91cec7e2d233a787aa760d3e96e0dd2eaaf4
c4b3fdd31f384bd03b90d42052fa25ac98e33ec93566e727e019b60f60ce847d

Detections

Analyzer	Verdict	Alert
fortinet	Malware

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.top domain

HTTP Headers

GET / HTTP/1.1
Host: jztmas.srootsrg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Mon, 06 Feb 2023 21:53:46 GMT
Server: Apache
Location: https://jztmas.srootsrg.top/
Content-Length: 236
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Content-Type, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 06 Feb 2023 21:36:29 GMT
content-type: application/json
age: 1037
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
e76071a28ee566dababb3834f46d68ed
aebb4e68c1ba2de0f90025283e8ed8470944fde0
78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: s8nJEEPYtirnF7zG5TSfTttsebbCJbXG9XmH4zcmGHqq4X96d7t277Tl+T7WoSlvP31xGH1sseg=
x-amz-request-id: W6M05YPXCY423H27
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 06 Feb 2023 21:45:19 GMT
age: 507
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 21:53:46 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Retry-After, Content-Length, Content-Type, ETag, Cache-Control, Alert, Pragma, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 06 Feb 2023 21:51:19 GMT
age: 148
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
12955467ad2ee77ad5c9dbbe7a75de8e
1d7770e7b9929a4427151794e6109883b94a6f4e
4634c4b8d6dfde4e08ecd0517de9d17510532e3fc52ca49e365f8fa93f566839

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4634C4B8D6DFDE4E08ECD0517DE9D17510532E3FC52CA49E365F8FA93F566839"
Last-Modified: Mon, 06 Feb 2023 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Tue, 07 Feb 2023 03:53:47 GMT
Date: Mon, 06 Feb 2023 21:53:47 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
9b88bae61bca33aba8aa99f6128db8d9
a07b61fb2458917699613fcae68710941b595416
54915c2f79822732e06a592d027da421ad1e7a6458c545f98333db25612b3dea

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "54915C2F79822732E06A592D027DA421AD1E7A6458C545F98333DB25612B3DEA"
Last-Modified: Mon, 06 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15423
Expires: Tue, 07 Feb 2023 02:10:50 GMT
Date: Mon, 06 Feb 2023 21:53:47 GMT
Connection: keep-alive

jztmas.srootsrg.top/

173.208.141.94

200 OK

7.8 kB

URL HTTP/1.1
jztmas.srootsrg.top/
IP
173.208.141.94:0
ASN
#32097 WII

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Non-ISO extended-ASCII text, with very long lines (912), with CRLF, LF, NEL line terminators
Size
7.8 kB (7844 bytes)
Hash
f7cc7fcfdb077d96ee4370e2665ebe2d
6ef8f9d025c310b7a7a3769fc7a273c73d89fffc
6f4f8f8a58b2728862973f71de2b9dc16b622c4ab640c103027c95661f4d4202

Detections

Analyzer	Verdict	Alert
fortinet	Malware

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.top domain

HTTP Headers

GET / HTTP/1.1
Host: jztmas.srootsrg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 21:53:47 GMT
Server: Apache
X-Powered-By: PHP/5.4.16
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip
Vary: Accept-Encoding
Set-Cookie: zenid=o5m3arfe02hbqrlt4fup1hvdv2; path=/; domain=.jztmas.srootsrg.top; secure; HttpOnly
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8

push.services.mozilla.com/

52.43.88.238

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.43.88.238:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: wpheq5j5VIkcHWDSSx18Og==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ELFQBx7HyZGhSKRZG6QWlkE4YhE=

jztmas.srootsrg.top/includes/templates/linglong-viu02/css/style_categories.css

173.208.141.94

200 OK

1.7 kB

URL HTTP/1.1
jztmas.srootsrg.top/includes/templates/linglong-viu02/css/style_categories.css
IP
173.208.141.94:0
ASN
#32097 WII

File type
ASCII text, with CRLF line terminators
Size
1.7 kB (1723 bytes)
Hash
ac3b08ef2fecda9253b804fde652549f
988634370ba127e448b725fa62ee779f7780f4e3
a8674ce80f325c8ae78f40e70e0cc1b10fcfb329796cd4e17a38dba15efb7077

HTTP Headers

GET /includes/templates/linglong-viu02/css/style_categories.css HTTP/1.1
Host: jztmas.srootsrg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jztmas.srootsrg.top/
Cookie: zenid=o5m3arfe02hbqrlt4fup1hvdv2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 21:53:47 GMT
Server: Apache
Last-Modified: Mon, 05 Jul 2021 07:52:10 GMT
ETag: "6bb-5c65b95235e80"
Accept-Ranges: bytes
Content-Length: 1723
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

jztmas.srootsrg.top/includes/templates/linglong-viu02/css/stylesheet_related.css

173.208.141.94

200 OK

2.0 kB

URL HTTP/1.1
jztmas.srootsrg.top/includes/templates/linglong-viu02/css/stylesheet_related.css
IP
173.208.141.94:0
ASN
#32097 WII

File type
ASCII text, with CRLF line terminators
Size
2.0 kB (2024 bytes)
Hash
dc591fd3a418d5a7ed6ce7db2c2d77c8
43fa33ef83192cd9d21f7776a861a4ef93a14661
cb0338f3270d8b883e85d87e1cb47cc4845ef972c6d57c765929cf5527a501cd

HTTP Headers

GET /includes/templates/linglong-viu02/css/stylesheet_related.css HTTP/1.1
Host: jztmas.srootsrg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jztmas.srootsrg.top/
Cookie: zenid=o5m3arfe02hbqrlt4fup1hvdv2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 21:53:47 GMT
Server: Apache
Last-Modified: Wed, 21 Aug 2019 09:03:28 GMT
ETag: "7e8-5909cd8abf800"
Accept-Ranges: bytes
Content-Length: 2024
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css

jztmas.srootsrg.top/includes/templates/linglong-viu02/css/stylesheet_cart.css

173.208.141.94

200 OK

8.5 kB

URL HTTP/1.1
jztmas.srootsrg.top/includes/templates/linglong-viu02/css/stylesheet_cart.css
IP
173.208.141.94:0
ASN
#32097 WII

File type
ASCII text, with very long lines (794), with CRLF line terminators
Size
8.5 kB (8522 bytes)
Hash
77bb26ebb453bb24899bec79c1946680
cd2c46e8d329b1dc2ed3e9d6e5906708f7896ef2
35d5f96c4a62f60647b8768dc77f58c22509066451cf10ff9bd43fd4a05488cc

HTTP Headers

GET /includes/templates/linglong-viu02/css/stylesheet_cart.css HTTP/1.1
Host: jztmas.srootsrg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jztmas.srootsrg.top/
Cookie: zenid=o5m3arfe02hbqrlt4fup1hvdv2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 21:53:48 GMT
Server: Apache
Last-Modified: Thu, 28 Oct 2021 06:26:34 GMT
ETag: "214a-5cf63cac25a80"
Accept-Ranges: bytes
Content-Length: 8522
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

jztmas.srootsrg.top/includes/templates/linglong-viu02/css/stylesheet_index_home.css

173.208.141.94

200 OK

3.6 kB

URL HTTP/1.1
jztmas.srootsrg.top/includes/templates/linglong-viu02/css/stylesheet_index_home.css
IP
173.208.141.94:0
ASN
#32097 WII

File type
ASCII text, with very long lines (337), with CRLF line terminators
Size
3.6 kB (3568 bytes)
Hash
469bf09c3467ff15c7dd1a9dde46f0c8
7884f4de7b921a03bc7174d2b4894d05753c9975
f48055c8b9a9c9ed40382af06dca135f2b4aef69e40bf32dafb4839a8a723ef9

HTTP Headers

GET /includes/templates/linglong-viu02/css/stylesheet_index_home.css HTTP/1.1
Host: jztmas.srootsrg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jztmas.srootsrg.top/
Cookie: zenid=o5m3arfe02hbqrlt4fup1hvdv2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 21:53:48 GMT
Server: Apache
Last-Modified: Sat, 10 Aug 2019 08:39:50 GMT
ETag: "df0-58fbf3be5e180"
Accept-Ranges: bytes
Content-Length: 3568
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

jztmas.srootsrg.top/includes/templates/linglong-viu02/css/stylesheet_css_buttons.css

173.208.141.94

200 OK

1.4 kB

URL HTTP/1.1
jztmas.srootsrg.top/includes/templates/linglong-viu02/css/stylesheet_css_buttons.css
IP
173.208.141.94:0
ASN
#32097 WII

File type
ASCII text, with very long lines (1363), with no line terminators
Size
1.4 kB (1363 bytes)
Hash
0c5efb37572e2d4d08b855b5dc356712
62b6e5c5453f461cbaf63c8532d43c74b277b89e
958f1ee4983ea228efa576a5c3af81046c0e7b553486a89d9f3dcd09d237acc1

HTTP Headers

GET /includes/templates/linglong-viu02/css/stylesheet_css_buttons.css HTTP/1.1
Host: jztmas.srootsrg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jztmas.srootsrg.top/
Cookie: zenid=o5m3arfe02hbqrlt4fup1hvdv2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 21:53:48 GMT
Server: Apache
Last-Modified: Mon, 10 Apr 2017 03:44:50 GMT
ETag: "553-54cc7cc19d080"
Accept-Ranges: bytes
Content-Length: 1363
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

jztmas.srootsrg.top/includes/templates/linglong-viu02/css/stylesheet_l_cat.css

173.208.141.94

200 OK

221 B

URL HTTP/1.1
jztmas.srootsrg.top/includes/templates/linglong-viu02/css/stylesheet_l_cat.css
IP
173.208.141.94:0
ASN
#32097 WII

File type
ASCII text
Size
221 B (221 bytes)
Hash
bd046a4e84a978c63d13d789fddbf3f1
6f27c9363231ea52723e3fb33c2792d2913465e0
8d6a8f6214cc2cd009d1afda866cccc6774e12ad9fb38579f1ac20ebb32cdce7

HTTP Headers

GET /includes/templates/linglong-viu02/css/stylesheet_l_cat.css HTTP/1.1
Host: jztmas.srootsrg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jztmas.srootsrg.top/
Cookie: zenid=o5m3arfe02hbqrlt4fup1hvdv2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 21:53:48 GMT
Server: Apache
Last-Modified: Fri, 25 Feb 2022 03:56:48 GMT
ETag: "dd-5d8cfb01be000"
Accept-Ranges: bytes
Content-Length: 221
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

jztmas.srootsrg.top/includes/templates/linglong-viu02/css/stylesheet_rep.css

173.208.141.94

200 OK

14 kB

URL HTTP/1.1
jztmas.srootsrg.top/includes/templates/linglong-viu02/css/stylesheet_rep.css
IP
173.208.141.94:0
ASN
#32097 WII

File type
ASCII text, with very long lines (366), with CRLF line terminators
Size
14 kB (14174 bytes)
Hash
b36c48dac77d4c4593f7e643691dcbf5
8772b09bd9c91f97fe4ab24348e51b853458da3c
36b9b342be81fd57884e55c7f4adae52aa5a6874a96624f63ef3a4eefc2c0ee1

HTTP Headers

GET /includes/templates/linglong-viu02/css/stylesheet_rep.css HTTP/1.1
Host: jztmas.srootsrg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jztmas.srootsrg.top/
Cookie: zenid=o5m3arfe02hbqrlt4fup1hvdv2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 21:53:48 GMT
Server: Apache
Last-Modified: Fri, 14 Apr 2017 03:31:00 GMT
ETag: "375e-54d1811fe8500"
Accept-Ranges: bytes
Content-Length: 14174
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/css

jztmas.srootsrg.top/includes/templates/linglong-viu02/css/stylesheet.css

173.208.141.94

200 OK

14 kB

URL HTTP/1.1
jztmas.srootsrg.top/includes/templates/linglong-viu02/css/stylesheet.css
IP
173.208.141.94:0
ASN
#32097 WII

File type
Unicode text, UTF-8 text, with very long lines (839), with CRLF line terminators
Size
14 kB (14175 bytes)
Hash
d4b6db931bd7bc19210e83db525c5c65
7c3d654d92db3540b4d1bda218c9a37e6155d16c
4b789c4de3dc7e3145e34256a8a90a8d8cdceb1ea51db2c205ae3e5730480d53

HTTP Headers

GET /includes/templates/linglong-viu02/css/stylesheet.css HTTP/1.1
Host: jztmas.srootsrg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jztmas.srootsrg.top/
Cookie: zenid=o5m3arfe02hbqrlt4fup1hvdv2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 21:53:47 GMT
Server: Apache
Last-Modified: Fri, 01 Nov 2019 05:46:06 GMT
ETag: "375f-596427b686380"
Accept-Ranges: bytes
Content-Length: 14175
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

jztmas.srootsrg.top/includes/templates/linglong-viu02/css/stylesheet_xt.css

173.208.141.94

200 OK

118 B

URL HTTP/1.1
jztmas.srootsrg.top/includes/templates/linglong-viu02/css/stylesheet_xt.css
IP
173.208.141.94:0
ASN
#32097 WII

File type
ASCII text, with CRLF line terminators
Size
118 B (118 bytes)
Hash
bdb30231f4343c4e592aff36f9dab50f
f71c56bbb1e950642c362783621b84809a447d98
16da8a97403e93fbf96bb9ab31c93948bac10c7520766cdacc63044f7b57f657

HTTP Headers

GET /includes/templates/linglong-viu02/css/stylesheet_xt.css HTTP/1.1
Host: jztmas.srootsrg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jztmas.srootsrg.top/
Cookie: zenid=o5m3arfe02hbqrlt4fup1hvdv2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 21:53:48 GMT
Server: Apache
Last-Modified: Mon, 26 Jul 2021 09:58:14 GMT
ETag: "76-5c803caa7b980"
Accept-Ranges: bytes
Content-Length: 118
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

jztmas.srootsrg.top/includes/templates/linglong-viu02/css/meanmenu.css

173.208.141.94

200 OK

3.5 kB

URL HTTP/1.1
jztmas.srootsrg.top/includes/templates/linglong-viu02/css/meanmenu.css
IP
173.208.141.94:0
ASN
#32097 WII

File type
ASCII text, with CRLF line terminators
Size
3.5 kB (3520 bytes)
Hash
59f82b05f6aa3110de98ab2de4cedf0c
0dc59499f72763e1259b673213830aa2317be717
19c832ad859a30c5e673ebf4aad76189c4b828d9c26c309e67e553ed3ea0478b

HTTP Headers

GET /includes/templates/linglong-viu02/css/meanmenu.css HTTP/1.1
Host: jztmas.srootsrg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jztmas.srootsrg.top/
Cookie: zenid=o5m3arfe02hbqrlt4fup1hvdv2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 21:53:48 GMT
Server: Apache
Last-Modified: Wed, 12 Apr 2017 08:13:10 GMT
ETag: "dc0-54cf3c76b1180"
Accept-Ranges: bytes
Content-Length: 3520
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

jztmas.srootsrg.top/includes/templates/linglong-viu02/jscript/jquery.meanmenu.js

173.208.141.94

200 OK

12 kB

URL HTTP/1.1
jztmas.srootsrg.top/includes/templates/linglong-viu02/jscript/jquery.meanmenu.js
IP
173.208.141.94:0
ASN
#32097 WII

File type
ASCII text, with CRLF line terminators
Size
12 kB (11728 bytes)
Hash
30a538a901bf28c1865244d551f707ef
eea12d7b14cbe34b7c1030a7b5b0ab3fe3da718d
84305b7a4064e3f5d68a31b497aa18bbe2ce949b5b41d5f506aa810d30794653

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /includes/templates/linglong-viu02/jscript/jquery.meanmenu.js HTTP/1.1
Host: jztmas.srootsrg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jztmas.srootsrg.top/
Cookie: zenid=o5m3arfe02hbqrlt4fup1hvdv2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 21:53:48 GMT
Server: Apache
Last-Modified: Wed, 12 Apr 2017 03:39:00 GMT
ETag: "2dd0-54ceff2ebfd00"
Accept-Ranges: bytes
Content-Length: 11728
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript

jztmas.srootsrg.top/includes/templates/linglong-viu02/css/stylesheet_tm.css

173.208.141.94

200 OK

29 kB

URL HTTP/1.1
jztmas.srootsrg.top/includes/templates/linglong-viu02/css/stylesheet_tm.css
IP
173.208.141.94:0
ASN
#32097 WII

File type
Unicode text, UTF-8 text, with very long lines (680), with CRLF line terminators
Size
29 kB (29051 bytes)
Hash
93502dc1aa58bb1d2c5d88412aefc2d3
0c8bd141f470c1d98291611b4d084cbcc6a55acb
7ced6a67d7f7f5af63cfa5705d5b654a2a188aaabba6abd181aecf7b1b2d0e54

HTTP Headers

GET /includes/templates/linglong-viu02/css/stylesheet_tm.css HTTP/1.1
Host: jztmas.srootsrg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jztmas.srootsrg.top/
Cookie: zenid=o5m3arfe02hbqrlt4fup1hvdv2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 21:53:48 GMT
Server: Apache
Last-Modified: Wed, 07 Jul 2021 07:22:26 GMT
ETag: "717b-5c683667c7080"
Accept-Ranges: bytes
Content-Length: 29051
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

jztmas.srootsrg.top/includes/templates/linglong-viu02/images/rank_2.gif

173.208.141.94

200 OK

605 B

URL HTTP/1.1
jztmas.srootsrg.top/includes/templates/linglong-viu02/images/rank_2.gif
IP
173.208.141.94:0
ASN
#32097 WII

File type
GIF image data, version 89a, 100 x 39\012- data
Size
605 B (605 bytes)
Hash
8192f534aa798503e77cbf8e2eb15d57
24e72796481cfd7395cd43cdeb09edad3cf8446b
3616bc7d39ef97ce96d225530cc04796a283dabf239d3be97a21437f120832b9

HTTP Headers

GET /includes/templates/linglong-viu02/images/rank_2.gif HTTP/1.1
Host: jztmas.srootsrg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jztmas.srootsrg.top/
Cookie: zenid=o5m3arfe02hbqrlt4fup1hvdv2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 21:53:48 GMT
Server: Apache
Last-Modified: Wed, 27 Mar 2013 01:39:46 GMT
ETag: "25d-4d8de1ce5bc80"
Accept-Ranges: bytes
Content-Length: 605
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/gif

jztmas.srootsrg.top/includes/templates/linglong-viu02/images/rank_1.gif

173.208.141.94

200 OK

2.0 kB

URL HTTP/1.1
jztmas.srootsrg.top/includes/templates/linglong-viu02/images/rank_1.gif
IP
173.208.141.94:0
ASN
#32097 WII

File type
GIF image data, version 89a, 100 x 39\012- data
Size
2.0 kB (2024 bytes)
Hash
c9c1a377b2465fa88eb90f7f21fc4943
c329224a6ff30a92cb75e8d055d12185c30b54c6
0362db86a76badda7ca8dec6954d760c2bfe7b5c3e438682ff3213926d5a5c08

HTTP Headers

GET /includes/templates/linglong-viu02/images/rank_1.gif HTTP/1.1
Host: jztmas.srootsrg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jztmas.srootsrg.top/
Cookie: zenid=o5m3arfe02hbqrlt4fup1hvdv2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 21:53:48 GMT
Server: Apache
Last-Modified: Wed, 27 Mar 2013 01:40:02 GMT
ETag: "7e8-4d8de1dd9e080"
Accept-Ranges: bytes
Content-Length: 2024
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/gif

jztmas.srootsrg.top/includes/templates/linglong-viu02//jscript/jquery1.9.1.js

173.208.141.94

200 OK

93 kB

URL HTTP/1.1
jztmas.srootsrg.top/includes/templates/linglong-viu02//jscript/jquery1.9.1.js
IP
173.208.141.94:0
ASN
#32097 WII

File type
ASCII text, with very long lines (32089), with CRLF line terminators
Size
93 kB (92633 bytes)
Hash
383771ef1692bfcc3f2b6917ca985778
a1ce0bfa507f23cc414a9a7634bd73b994bb3b35
20638e363fcc5152155f24b281303e17da62da62d24ef5dcf863b184d9a25734

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /includes/templates/linglong-viu02//jscript/jquery1.9.1.js HTTP/1.1
Host: jztmas.srootsrg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jztmas.srootsrg.top/
Cookie: zenid=o5m3arfe02hbqrlt4fup1hvdv2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 21:53:48 GMT
Server: Apache
Last-Modified: Thu, 04 Aug 2016 07:18:10 GMT
ETag: "169d9-53939c08df080"
Accept-Ranges: bytes
Content-Length: 92633
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript

jztmas.srootsrg.top/includes/templates/linglong-viu02/images/rank_3.gif

173.208.141.94

200 OK

2.0 kB

URL HTTP/1.1
jztmas.srootsrg.top/includes/templates/linglong-viu02/images/rank_3.gif
IP
173.208.141.94:0
ASN
#32097 WII

File type
GIF image data, version 89a, 100 x 39\012- data
Size
2.0 kB (1990 bytes)
Hash
a8a0cf82adfcc5990b7dba0d5156379f
c9ec96160b488a5a1d1a317443926c7bb54563bd
eb9a0139afb41bc80e768ff61a5a3bf3956da00bea0bb6fe6fcde50589b79065

HTTP Headers

GET /includes/templates/linglong-viu02/images/rank_3.gif HTTP/1.1
Host: jztmas.srootsrg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jztmas.srootsrg.top/
Cookie: zenid=o5m3arfe02hbqrlt4fup1hvdv2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 21:53:48 GMT
Server: Apache
Last-Modified: Wed, 27 Mar 2013 01:39:30 GMT
ETag: "7c6-4d8de1bf19880"
Accept-Ranges: bytes
Content-Length: 1990
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/gif

jztmas.srootsrg.top/imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tNzgxNTUwMzkwNjdfMS5qcGc=

173.208.141.94

200 OK

30 kB

URL HTTP/1.1
jztmas.srootsrg.top/imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tNzgxNTUwMzkwNjdfMS5qcGc=
IP
173.208.141.94:0
ASN
#32097 WII

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 600x800, components 3\012- data
Size
30 kB (30073 bytes)
Hash
a06095f0d8ff48406570f16633df49fc
3846826a34efa3d8c491c05059f61cbb36f3a6b4
bd5e98dfd12877f313ed8e2fdc1d0821ea567e0dbdfd690602b021063ac536f4

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tNzgxNTUwMzkwNjdfMS5qcGc= HTTP/1.1
Host: jztmas.srootsrg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jztmas.srootsrg.top/
Cookie: zenid=o5m3arfe02hbqrlt4fup1hvdv2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 21:53:48 GMT
Server: Apache
X-Powered-By: PHP/5.4.16
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: image/jpg

jztmas.srootsrg.top/includes/templates/linglong-viu02/jscript/jquery-1.11.1.min.js

173.208.141.94

200 OK

96 kB

URL HTTP/1.1
jztmas.srootsrg.top/includes/templates/linglong-viu02/jscript/jquery-1.11.1.min.js
IP
173.208.141.94:0
ASN
#32097 WII

File type
ASCII text, with very long lines (32086), with CRLF line terminators
Size
96 kB (95788 bytes)
Hash
ee092541bc79668e3e0a7b76d2faf00c
464511ce4755e3c6acda7c719f27265805142c47
87981e8062814ca279922ee55276ad14bbdc29649f98e34b2d83c3afb5052a51

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /includes/templates/linglong-viu02/jscript/jquery-1.11.1.min.js HTTP/1.1
Host: jztmas.srootsrg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jztmas.srootsrg.top/
Cookie: zenid=o5m3arfe02hbqrlt4fup1hvdv2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 21:53:48 GMT
Server: Apache
Last-Modified: Tue, 11 Apr 2017 02:22:08 GMT
ETag: "1762c-54cdac22f1400"
Accept-Ranges: bytes
Content-Length: 95788
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8682
Expires: Tue, 07 Feb 2023 00:18:30 GMT
Date: Mon, 06 Feb 2023 21:53:48 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8682
Expires: Tue, 07 Feb 2023 00:18:30 GMT
Date: Mon, 06 Feb 2023 21:53:48 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8682
Expires: Tue, 07 Feb 2023 00:18:30 GMT
Date: Mon, 06 Feb 2023 21:53:48 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd3694634-2f5a-47ff-b75c-9cb394881acc.jpeg

34.120.237.76

200 OK

9.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd3694634-2f5a-47ff-b75c-9cb394881acc.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.8 kB (9808 bytes)
Hash
ccc8078cc937b7de0b299bcee1496f1b
395f04af71767acc9516387c8b07bde08968fdfe
cf959fc4a72d80dcab20c235bec6d21eadaab87efa7a8969744cd228628ba050

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd3694634-2f5a-47ff-b75c-9cb394881acc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9808
x-amzn-requestid: 75cc8041-19f5-4994-96b6-b14d3c90ec6e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4oiSFZAIAMF65g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e02141-355d272c345c8c37595b4bb2;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:36:01 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: T7YlRZ936VEDkBvo2YKrS3GbyEh1xzC8W-50KiODzFjTnQb-hvkKpw==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Mon, 06 Feb 2023 21:50:05 GMT
age: 223
etag: "395f04af71767acc9516387c8b07bde08968fdfe"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8827daad-7b04-4c60-a6f6-c1b923025413.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.9 kB (7851 bytes)
Hash
13572f84ad268caedcc897f2ad7b9baf
afb91ab43953e8915a2169618d2ab5e330cde0a1
0fb8b09608dc293b2084953b948cc7d8a7aa7bcb525090a7e44d5cb2a725fab3

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8827daad-7b04-4c60-a6f6-c1b923025413.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7851
x-amzn-requestid: 11d3fe95-844b-4e5d-b31c-f99e96e2b608
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4oiRHeEIAMFjjA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e02141-602b91422dff88a750b8e3e9;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:36:01 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 7LXNdWi5iKCUI61c2z3spsg5_DGu1jnZ4cIACc3MCmqWP57RveBMGw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Mon, 06 Feb 2023 21:50:04 GMT
age: 224
etag: "afb91ab43953e8915a2169618d2ab5e330cde0a1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fda427d37-8d0b-44cf-ae98-f96ceaf21b52.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.9 kB (8929 bytes)
Hash
d0c62c5956f36c9f1c5d2f17bc372d98
fca4d7140e4c391b02d734425ccc92acec568a70
eb1b743ede5ed223536358bd92a322ca5231267f4434be1eced98a0fe93b790d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fda427d37-8d0b-44cf-ae98-f96ceaf21b52.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8929
x-amzn-requestid: ea29dd36-d05b-4824-ba18-78f868259f76
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4oiQEeTIAMFqGA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e02141-7a6ade1c4501a81c0823ce10;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:36:01 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: O-QHP886Cczm6dsVDQVMR7SMSxgIhUSuEPAKJvzQTQtkj59Pg-z9QA==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Mon, 06 Feb 2023 21:50:04 GMT
age: 224
etag: "fca4d7140e4c391b02d734425ccc92acec568a70"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f78f981-25b3-46b1-a96b-baa8e001cc8e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.6 kB (8649 bytes)
Hash
ad2298793399bf73c51c7d60952065c1
816bd4c36ceea2c46489ae72fde0b4a94c7c4bef
dc540d64e5e0835c7007e89ca3b5dd620b43a87e13309f323f3843a5f908a199

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f78f981-25b3-46b1-a96b-baa8e001cc8e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8649
x-amzn-requestid: f85f3c9d-95c1-4db6-af5f-595070fe46c3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4oiRHzboAMFQCA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e02141-6eed72bf20887cac6dc1a56a;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:36:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: tNp3KhwtaSjchn-VAo1VellQ63I1W9uIbkQ_84Y7z_4z--vGfz8PGA==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 21:53:56 GMT
age: 86392
etag: "816bd4c36ceea2c46489ae72fde0b4a94c7c4bef"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ad60ff0-69ec-4be2-9334-41be71ca4b7f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10905 bytes)
Hash
1a4eed23b240d04a3cd6b085cfa93375
f29b9dc3f6bbd2ba76a5a4570ce044d5f240fd00
93e8371f80c12d3753842e36001dbb8d3dc2223b10a594639752cd816c492d4e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ad60ff0-69ec-4be2-9334-41be71ca4b7f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10905
x-amzn-requestid: 093778fc-231c-452f-a6fc-15f4eb41ade0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fmNJCEDzIAMFmxA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d8c239-7f56d6e56392f373541db219;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 07:24:41 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: WVfpilnwhnRXBhJkHBWjxxoP09f7SqlRk8CdWRWOubIIwe0CX89bUA==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 22:13:39 GMT
age: 85209
etag: "f29b9dc3f6bbd2ba76a5a4570ce044d5f240fd00"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F731dc7de-ce12-4639-9ceb-3218584c3d56.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10514 bytes)
Hash
9046d887fd45a0940e31a74173d17798
1ff698b9cf660165e846dfc4770f29852aedce45
0c7b0e1250aa7718b7b35b80a1442f62e94ace1fb578fb781ec8204ee96386d0

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F731dc7de-ce12-4639-9ceb-3218584c3d56.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10514
x-amzn-requestid: ac2a383b-833d-4dae-9bd9-43dc3d9e373d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4oiPEIyoAMFqUw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e02141-436bb6816b269ce45b9f8600;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:36:01 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: RYNzle5-l5dOMPWb2Bmu_T5aIJw9NX2FKuJsej8hzpYZcgD6coH9SA==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Mon, 06 Feb 2023 21:50:11 GMT
age: 217
etag: "1ff698b9cf660165e846dfc4770f29852aedce45"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

jztmas.srootsrg.top/includes/templates/linglong-viu02/images/rank_4.gif

173.208.141.94

200 OK

726 B

URL HTTP/1.1
jztmas.srootsrg.top/includes/templates/linglong-viu02/images/rank_4.gif
IP
173.208.141.94:0
ASN
#32097 WII

File type
GIF image data, version 89a, 100 x 39\012- data
Size
726 B (726 bytes)
Hash
9e975ea97719e1ad72951890eab538b2
cb425216738dbc4b98ed7f86d2ad939d17922cc0
e5a91abf348d298145f1f237505150cc1f60673b0a21b459cdf4029ba188bcd4

HTTP Headers

GET /includes/templates/linglong-viu02/images/rank_4.gif HTTP/1.1
Host: jztmas.srootsrg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jztmas.srootsrg.top/
Cookie: zenid=o5m3arfe02hbqrlt4fup1hvdv2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 21:53:48 GMT
Server: Apache
Last-Modified: Wed, 27 Mar 2013 01:39:02 GMT
ETag: "2d6-4d8de1a465980"
Accept-Ranges: bytes
Content-Length: 726
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/gif

jztmas.srootsrg.top/imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tOTU3ODU1NjIwMTJfMS5qcGc=

173.208.141.94

200 OK

227 kB

URL HTTP/1.1
jztmas.srootsrg.top/imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tOTU3ODU1NjIwMTJfMS5qcGc=
IP
173.208.141.94:0
ASN
#32097 WII

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1080x1080, components 3\012- data
Size
227 kB (227327 bytes)
Hash
b783965df25f240541214e96f385669f
09520090e26e3f37e272f378cbbb688e7282718e
67637722cd9dc29308b273fb7f64fd57b784d9d06cf9d82c8fe8bc47655b1b64

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tOTU3ODU1NjIwMTJfMS5qcGc= HTTP/1.1
Host: jztmas.srootsrg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jztmas.srootsrg.top/
Cookie: zenid=o5m3arfe02hbqrlt4fup1hvdv2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 21:53:48 GMT
Server: Apache
X-Powered-By: PHP/5.4.16
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: image/jpg

jztmas.srootsrg.top/includes/templates/linglong-viu02/images/rank_5.gif

173.208.141.94

200 OK

883 B

URL HTTP/1.1
jztmas.srootsrg.top/includes/templates/linglong-viu02/images/rank_5.gif
IP
173.208.141.94:0
ASN
#32097 WII

File type
GIF image data, version 89a, 100 x 39\012- data
Size
883 B (883 bytes)
Hash
02ab4d95ec4727b873675dedf23fcbd6
73fb8ee0b0b7d4e12e2f90812ba109865bd55936
95e544e3858c250b62e09e90ea9b20d4a522b96f3d4658a908182c76cac0ebcc

HTTP Headers

GET /includes/templates/linglong-viu02/images/rank_5.gif HTTP/1.1
Host: jztmas.srootsrg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jztmas.srootsrg.top/
Cookie: zenid=o5m3arfe02hbqrlt4fup1hvdv2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 21:53:48 GMT
Server: Apache
Last-Modified: Wed, 27 Mar 2013 01:38:40 GMT
ETag: "373-4d8de18f6a800"
Accept-Ranges: bytes
Content-Length: 883
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: image/gif

jztmas.srootsrg.top/imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tMzMwOTgwNTI3MTZfMS5qcGc=

173.208.141.94

200 OK

33 kB

URL HTTP/1.1
jztmas.srootsrg.top/imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tMzMwOTgwNTI3MTZfMS5qcGc=
IP
173.208.141.94:0
ASN
#32097 WII

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 600x800, components 3\012- data
Size
33 kB (32859 bytes)
Hash
b8655cd50b4540fb6cfa1026fbd7b3e5
dc89daee9377d0f7d649f80476ae26deea90bbd5
b331e2de1d06717767ad4c7e21c89cb50186ff07c7819f27411cdae67d8f4b8f

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tMzMwOTgwNTI3MTZfMS5qcGc= HTTP/1.1
Host: jztmas.srootsrg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jztmas.srootsrg.top/
Cookie: zenid=o5m3arfe02hbqrlt4fup1hvdv2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 21:53:48 GMT
Server: Apache
X-Powered-By: PHP/5.4.16
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: image/jpg

jztmas.srootsrg.top/includes/templates/linglong-viu02/images/logo.png

173.208.141.94

200 OK

4.5 kB

URL HTTP/1.1
jztmas.srootsrg.top/includes/templates/linglong-viu02/images/logo.png
IP
173.208.141.94:0
ASN
#32097 WII

File type
PNG image data, 154 x 45, 8-bit/color RGBA, non-interlaced\012- data
Size
4.5 kB (4484 bytes)
Hash
4538a28742e2647079f59259b4f88259
6c1a88d5312f427a1249effb11a6d3a5695e1aa4
11a85677189f44b7bc108120226601e6252d27d6cabc6575b5366c7138936ad7

HTTP Headers

GET /includes/templates/linglong-viu02/images/logo.png HTTP/1.1
Host: jztmas.srootsrg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jztmas.srootsrg.top/
Cookie: zenid=o5m3arfe02hbqrlt4fup1hvdv2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 21:53:48 GMT
Server: Apache
Last-Modified: Sat, 10 Aug 2019 02:19:04 GMT
ETag: "1184-58fb9ea2b9600"
Accept-Ranges: bytes
Content-Length: 4484
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png

jztmas.srootsrg.top/includes/templates/linglong-viu02/images/cat.png

173.208.141.94

200 OK

23 kB

URL HTTP/1.1
jztmas.srootsrg.top/includes/templates/linglong-viu02/images/cat.png
IP
173.208.141.94:0
ASN
#32097 WII

File type
PNG image data, 6 x 8, 8-bit/color RGBA, non-interlaced\012- data
Size
23 kB (22709 bytes)
Hash
16119072d89a07da5e75a3ee606f8494
e23fd7ea65c0a3007c52795386e75e04a1215100
d3e8c37ebed216a58837ca2affeda31c34a07586c733bb04c14fb83bfc445bfa

HTTP Headers

GET /includes/templates/linglong-viu02/images/cat.png HTTP/1.1
Host: jztmas.srootsrg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jztmas.srootsrg.top/includes/templates/linglong-viu02/css/style_categories.css
Cookie: zenid=o5m3arfe02hbqrlt4fup1hvdv2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 21:53:48 GMT
Server: Apache
Last-Modified: Tue, 28 Feb 2017 07:10:20 GMT
ETag: "58b5-54991e3884f00"
Accept-Ranges: bytes
Content-Length: 22709
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png

jztmas.srootsrg.top/imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tMTI5MDcyMTkwNjhfMS5qcGc=

173.208.141.94

200 OK

77 kB

URL HTTP/1.1
jztmas.srootsrg.top/imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tMTI5MDcyMTkwNjhfMS5qcGc=
IP
173.208.141.94:0
ASN
#32097 WII

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 540x720, components 3\012- data
Size
77 kB (77366 bytes)
Hash
9a5f0882d81297c953e57cc8ec5a3d8a
b2ec8c00ce1e1399bb79460e60f42e977d873f4e
1b4cc98f3734869ee9900d54f778a726358a6095f94d65f799bc7f3b90de71ef

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tMTI5MDcyMTkwNjhfMS5qcGc= HTTP/1.1
Host: jztmas.srootsrg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jztmas.srootsrg.top/
Cookie: zenid=o5m3arfe02hbqrlt4fup1hvdv2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 21:53:48 GMT
Server: Apache
X-Powered-By: PHP/5.4.16
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: image/jpg

jztmas.srootsrg.top/imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tMzYxNDE5NjM1MTBfMS5qcGc=

173.208.141.94

200 OK

50 kB

URL HTTP/1.1
jztmas.srootsrg.top/imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tMzYxNDE5NjM1MTBfMS5qcGc=
IP
173.208.141.94:0
ASN
#32097 WII

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 720x720, components 3\012- data
Size
50 kB (50398 bytes)
Hash
44d478307a654ca43f146ca41fa67a11
fb5349ece5d768e0cfbfc7244aca11e230696cce
e076f7fac12e92f9aa7ffeb04af611675c5bb07eb712cee296b58d0d09c79922

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tMzYxNDE5NjM1MTBfMS5qcGc= HTTP/1.1
Host: jztmas.srootsrg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jztmas.srootsrg.top/
Cookie: zenid=o5m3arfe02hbqrlt4fup1hvdv2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 21:53:48 GMT
Server: Apache
X-Powered-By: PHP/5.4.16
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: image/jpg

jztmas.srootsrg.top/imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tNzE2NzYzNzkyMDVfMS5qcGc=

173.208.141.94

200 OK

41 kB

URL HTTP/1.1
jztmas.srootsrg.top/imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tNzE2NzYzNzkyMDVfMS5qcGc=
IP
173.208.141.94:0
ASN
#32097 WII

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 720x657, components 3\012- data
Size
41 kB (41043 bytes)
Hash
0d4286e5769787e8702ba847e879e68d
996c8753279b50f4c5d2b9b58a058418e7fc4f4a
d40d07033b82d239fdbffa1dff01e49dcaec30b628222af568c604ccb0f2cdc1

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tNzE2NzYzNzkyMDVfMS5qcGc= HTTP/1.1
Host: jztmas.srootsrg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jztmas.srootsrg.top/
Cookie: zenid=o5m3arfe02hbqrlt4fup1hvdv2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 21:53:48 GMT
Server: Apache
X-Powered-By: PHP/5.4.16
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: image/jpg

jztmas.srootsrg.top/imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tNTUxNTk3MzYxMzBfMS5qcGc=

173.208.141.94

200 OK

85 kB

URL HTTP/1.1
jztmas.srootsrg.top/imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tNTUxNTk3MzYxMzBfMS5qcGc=
IP
173.208.141.94:0
ASN
#32097 WII

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1080x1080, components 3\012- data
Size
85 kB (85203 bytes)
Hash
64089a1cf814e90f4cbac39ada352014
9352b0e8a3901ce64962f3c8eea06a4a6f953007
c89217fa478ba32a328398c715f83bed83360b796aac67f672b314ce55d23448

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tNTUxNTk3MzYxMzBfMS5qcGc= HTTP/1.1
Host: jztmas.srootsrg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jztmas.srootsrg.top/
Cookie: zenid=o5m3arfe02hbqrlt4fup1hvdv2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 21:53:48 GMT
Server: Apache
X-Powered-By: PHP/5.4.16
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: image/jpg

jztmas.srootsrg.top/imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tNjQ0MjQxNzQwMjJfMS5qcGc=

173.208.141.94

200 OK

33 kB

URL HTTP/1.1
jztmas.srootsrg.top/imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tNjQ0MjQxNzQwMjJfMS5qcGc=
IP
173.208.141.94:0
ASN
#32097 WII

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 720x655, components 3\012- data
Size
33 kB (33350 bytes)
Hash
e452136e756f77a8bbc42989fe4feaee
b1b7bff7c1c9fd989936447eedabb3a6368ab411
0455545419c5643c9062a16acd972571cd1104390629c519f5e41ef2a7ab80cf

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tNjQ0MjQxNzQwMjJfMS5qcGc= HTTP/1.1
Host: jztmas.srootsrg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jztmas.srootsrg.top/
Cookie: zenid=o5m3arfe02hbqrlt4fup1hvdv2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 21:53:48 GMT
Server: Apache
X-Powered-By: PHP/5.4.16
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: image/jpg

jztmas.srootsrg.top/includes/templates/linglong-viu02/images/head_search.png

173.208.141.94

200 OK

4.8 kB

URL HTTP/1.1
jztmas.srootsrg.top/includes/templates/linglong-viu02/images/head_search.png
IP
173.208.141.94:0
ASN
#32097 WII

File type
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced\012- data
Size
4.8 kB (4836 bytes)
Hash
72757ef7a61a49a22d82706af34889c5
9455da0b8192dadcaca798e9127b1efda59dd82b
6d64b9e47637df68daea62aac9e7b5a921b2f234219267967ec8738546a0aeae

HTTP Headers

GET /includes/templates/linglong-viu02/images/head_search.png HTTP/1.1
Host: jztmas.srootsrg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jztmas.srootsrg.top/
Cookie: zenid=o5m3arfe02hbqrlt4fup1hvdv2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 21:53:48 GMT
Server: Apache
Last-Modified: Sat, 10 Aug 2019 02:13:28 GMT
ETag: "12e4-58fb9d624a200"
Accept-Ranges: bytes
Content-Length: 4836
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png

jztmas.srootsrg.top/imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tODMzNzI0MTM5NzdfMS5qcGc=

173.208.141.94

200 OK

53 kB

URL HTTP/1.1
jztmas.srootsrg.top/imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tODMzNzI0MTM5NzdfMS5qcGc=
IP
173.208.141.94:0
ASN
#32097 WII

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 720x661, components 3\012- data
Size
53 kB (53147 bytes)
Hash
d7e1298a6e74287a5d5ae503ca8974b4
9fa1912c4a5f3f2c805e7aa8bfd14cb464f417ca
d9bedc43dc2696f1eafd04314a130c082dd77d5fd0b83997d959d6bc0b000795

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tODMzNzI0MTM5NzdfMS5qcGc= HTTP/1.1
Host: jztmas.srootsrg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jztmas.srootsrg.top/
Cookie: zenid=o5m3arfe02hbqrlt4fup1hvdv2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 21:53:48 GMT
Server: Apache
X-Powered-By: PHP/5.4.16
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: image/jpg

jztmas.srootsrg.top/includes/templates/linglong-viu02/images/head_company.png

173.208.141.94

200 OK

4.0 kB

URL HTTP/1.1
jztmas.srootsrg.top/includes/templates/linglong-viu02/images/head_company.png
IP
173.208.141.94:0
ASN
#32097 WII

File type
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced\012- data
Size
4.0 kB (4004 bytes)
Hash
d9649982ad0cd8cff16d73093e1922e6
a1b55979a5a08b86b028fc59764d77174ef969b4
c253e9a43778e83b39e7163e614b61a453de6c69ddb3b3cfd7e98901eb0e64b7

HTTP Headers

GET /includes/templates/linglong-viu02/images/head_company.png HTTP/1.1
Host: jztmas.srootsrg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jztmas.srootsrg.top/
Cookie: zenid=o5m3arfe02hbqrlt4fup1hvdv2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 21:53:48 GMT
Server: Apache
Last-Modified: Sat, 10 Aug 2019 02:16:02 GMT
ETag: "fa4-58fb9df527c80"
Accept-Ranges: bytes
Content-Length: 4004
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/png

jztmas.srootsrg.top/imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tMjYwNjQ2NDMyOThfMS5qcGc=

173.208.141.94

200 OK

87 kB

URL HTTP/1.1
jztmas.srootsrg.top/imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tMjYwNjQ2NDMyOThfMS5qcGc=
IP
173.208.141.94:0
ASN
#32097 WII

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 600x800, components 3\012- data
Size
87 kB (87370 bytes)
Hash
d49ccf4bc50ea8ee93ba1651a8326f02
2f005ef0350ff72d8a3363b9feaafb38380c0ca1
152fd5cc42293fd59b1e2c18a16501706af31e5ed35e62e6002c9a203565ebc1

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tMjYwNjQ2NDMyOThfMS5qcGc= HTTP/1.1
Host: jztmas.srootsrg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jztmas.srootsrg.top/
Cookie: zenid=o5m3arfe02hbqrlt4fup1hvdv2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 21:53:48 GMT
Server: Apache
X-Powered-By: PHP/5.4.16
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: image/jpg

jztmas.srootsrg.top/includes/templates/linglong-viu02/images/head_favorite.png

173.208.141.94

200 OK

3.2 kB

URL HTTP/1.1
jztmas.srootsrg.top/includes/templates/linglong-viu02/images/head_favorite.png
IP
173.208.141.94:0
ASN
#32097 WII

File type
PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced\012- data
Size
3.2 kB (3230 bytes)
Hash
68a014042de09005fb670bdc2b586244
38ec519f7c8c5f9945ea02a2bbeb274dabfd5743
ccf8b36181391bf7c2a70a6a37a9bfdd36b47ad5d19894f6c3caeb57915b6b92

HTTP Headers

GET /includes/templates/linglong-viu02/images/head_favorite.png HTTP/1.1
Host: jztmas.srootsrg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jztmas.srootsrg.top/
Cookie: zenid=o5m3arfe02hbqrlt4fup1hvdv2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 21:53:49 GMT
Server: Apache
Last-Modified: Sat, 10 Aug 2019 02:15:54 GMT
ETag: "c9e-58fb9ded86a80"
Accept-Ranges: bytes
Content-Length: 3230
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/png

jztmas.srootsrg.top/includes/templates/linglong-viu02/images/head_review.png

173.208.141.94

200 OK

3.2 kB

URL HTTP/1.1
jztmas.srootsrg.top/includes/templates/linglong-viu02/images/head_review.png
IP
173.208.141.94:0
ASN
#32097 WII

File type
PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced\012- data
Size
3.2 kB (3194 bytes)
Hash
5cc5ea0104b78187bb7001fbe9df55d9
e99212bcedcf3c088104281f06097df31cd4ef51
4c51dc526b320c083c6a1f76ba811bd1dd65612067584476eaa57ad7126a6e2f

HTTP Headers

GET /includes/templates/linglong-viu02/images/head_review.png HTTP/1.1
Host: jztmas.srootsrg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jztmas.srootsrg.top/
Cookie: zenid=o5m3arfe02hbqrlt4fup1hvdv2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 21:53:49 GMT
Server: Apache
Last-Modified: Sat, 10 Aug 2019 02:15:48 GMT
ETag: "c7a-58fb9de7cdd00"
Accept-Ranges: bytes
Content-Length: 3194
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: image/png

jztmas.srootsrg.top/includes/templates/linglong-viu02/images/sp.png

173.208.141.94

200 OK

8.7 kB

URL HTTP/1.1
jztmas.srootsrg.top/includes/templates/linglong-viu02/images/sp.png
IP
173.208.141.94:0
ASN
#32097 WII

File type
PNG image data, 292 x 258, 8-bit/color RGBA, non-interlaced\012- data
Size
8.7 kB (8652 bytes)
Hash
22950ac649d504b419675bc020b84bdf
00858113e8c2c2b954dcb4908d0a51058cffda35
2202370c7f544db4cc2a121e500efb3b3535ec412a0607b8510ad582817e48f1

HTTP Headers

GET /includes/templates/linglong-viu02/images/sp.png HTTP/1.1
Host: jztmas.srootsrg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jztmas.srootsrg.top/
Cookie: zenid=o5m3arfe02hbqrlt4fup1hvdv2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 21:53:49 GMT
Server: Apache
Last-Modified: Sat, 10 Aug 2019 02:16:14 GMT
ETag: "21cc-58fb9e0099780"
Accept-Ranges: bytes
Content-Length: 8652
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/png

jztmas.srootsrg.top/includes/templates/linglong-viu02/images/py.png

173.208.141.94

200 OK

6.5 kB

URL HTTP/1.1
jztmas.srootsrg.top/includes/templates/linglong-viu02/images/py.png
IP
173.208.141.94:0
ASN
#32097 WII

File type
PNG image data, 371 x 255, 8-bit/color RGBA, non-interlaced\012- data
Size
6.5 kB (6524 bytes)
Hash
8b83b018044e476deb4baa329576bd5b
bdcb9d25b2d7d90d990d770c86ac33933fdc0f93
4ed8e066649f640d104f2f04eba2afdf3af8c25508485dfcd50f0803ea9daea0

HTTP Headers

GET /includes/templates/linglong-viu02/images/py.png HTTP/1.1
Host: jztmas.srootsrg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jztmas.srootsrg.top/
Cookie: zenid=o5m3arfe02hbqrlt4fup1hvdv2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 21:53:49 GMT
Server: Apache
Last-Modified: Sat, 10 Aug 2019 02:15:40 GMT
ETag: "197c-58fb9de02cb00"
Accept-Ranges: bytes
Content-Length: 6524
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png

jztmas.srootsrg.top/includes/templates/linglong-viu02/images/head_cart.png

173.208.141.94

200 OK

7.0 kB

URL HTTP/1.1
jztmas.srootsrg.top/includes/templates/linglong-viu02/images/head_cart.png
IP
173.208.141.94:0
ASN
#32097 WII

File type
PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced\012- data
Size
7.0 kB (7003 bytes)
Hash
c056aee4f27f53644b0ce92fded138f0
25ef4ed0e336d296544aacd447e19199a6aa9bd0
5e5e5cb6a21f3ed220e480e0682cb26d48ab455d3d21ef1c0e1bc81998bcef6d

HTTP Headers

GET /includes/templates/linglong-viu02/images/head_cart.png HTTP/1.1
Host: jztmas.srootsrg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jztmas.srootsrg.top/
Cookie: zenid=o5m3arfe02hbqrlt4fup1hvdv2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 21:53:49 GMT
Server: Apache
Last-Modified: Sat, 10 Aug 2019 02:16:08 GMT
ETag: "1b5b-58fb9dfae0a00"
Accept-Ranges: bytes
Content-Length: 7003
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: image/png

jztmas.srootsrg.top/includes/templates/linglong-viu02/images/rank_7.gif

173.208.141.94

200 OK

737 B

URL HTTP/1.1
jztmas.srootsrg.top/includes/templates/linglong-viu02/images/rank_7.gif
IP
173.208.141.94:0
ASN
#32097 WII

File type
GIF image data, version 89a, 100 x 39\012- data
Size
737 B (737 bytes)
Hash
5ae938d4c59d6c52efdc9dfa7940037b
a243882381f3e103312242b5ca2eb9b8a295a2b7
4e569edfefd853caf0af7c24d06e242ba6b4a49ddc4775186098688ea8211030

HTTP Headers

GET /includes/templates/linglong-viu02/images/rank_7.gif HTTP/1.1
Host: jztmas.srootsrg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jztmas.srootsrg.top/
Cookie: zenid=o5m3arfe02hbqrlt4fup1hvdv2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 21:53:49 GMT
Server: Apache
Last-Modified: Wed, 27 Mar 2013 01:53:42 GMT
ETag: "2e1-4d8de4eba1580"
Accept-Ranges: bytes
Content-Length: 737
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: image/gif

jztmas.srootsrg.top/includes/templates/linglong-viu02/images/rank_6.gif

173.208.141.94

200 OK

766 B

URL HTTP/1.1
jztmas.srootsrg.top/includes/templates/linglong-viu02/images/rank_6.gif
IP
173.208.141.94:0
ASN
#32097 WII

File type
GIF image data, version 89a, 100 x 39\012- data
Size
766 B (766 bytes)
Hash
da350cd90766a340c96b20ff03d127d5
30147fd19b58279252e361375df1d0c8f6d9a568
c865fc772bf6a50a3e408263080ccb0f091da74849c9d3557c17ae17514d3b1a

HTTP Headers

GET /includes/templates/linglong-viu02/images/rank_6.gif HTTP/1.1
Host: jztmas.srootsrg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jztmas.srootsrg.top/
Cookie: zenid=o5m3arfe02hbqrlt4fup1hvdv2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 21:53:49 GMT
Server: Apache
Last-Modified: Wed, 27 Mar 2013 01:38:18 GMT
ETag: "2fe-4d8de17a6f680"
Accept-Ranges: bytes
Content-Length: 766
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/gif

jztmas.srootsrg.top/includes/templates/linglong-viu02/images/rank_8.gif

173.208.141.94

200 OK

773 B

URL HTTP/1.1
jztmas.srootsrg.top/includes/templates/linglong-viu02/images/rank_8.gif
IP
173.208.141.94:0
ASN
#32097 WII

File type
GIF image data, version 89a, 100 x 39\012- data
Size
773 B (773 bytes)
Hash
255ef97d3abcea681cd2e8acd77ad0b1
0ca7ae48c40d965bdf794f5c41b5138d335e4e7a
cdcb9869aff9da1a51eb4b97016e57dc9420a4a292d8a88596abd29c94db8e5b

HTTP Headers

GET /includes/templates/linglong-viu02/images/rank_8.gif HTTP/1.1
Host: jztmas.srootsrg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jztmas.srootsrg.top/
Cookie: zenid=o5m3arfe02hbqrlt4fup1hvdv2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 21:53:49 GMT
Server: Apache
Last-Modified: Wed, 27 Mar 2013 01:54:12 GMT
ETag: "305-4d8de5083d900"
Accept-Ranges: bytes
Content-Length: 773
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: image/gif

jztmas.srootsrg.top/includes/templates/linglong-viu02/images/rank_10.gif

173.208.141.94

200 OK

789 B

URL HTTP/1.1
jztmas.srootsrg.top/includes/templates/linglong-viu02/images/rank_10.gif
IP
173.208.141.94:0
ASN
#32097 WII

File type
GIF image data, version 89a, 100 x 39\012- data
Size
789 B (789 bytes)
Hash
ba5aa31792e757343133e787184723d2
7f695ddf8ee3a36e3e8dd7b0d98e5108e9afb4dd
e4b75d485b047de1fd5cf388db63672353db7c5e6c6d27324480feb53cd0e948

HTTP Headers

GET /includes/templates/linglong-viu02/images/rank_10.gif HTTP/1.1
Host: jztmas.srootsrg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jztmas.srootsrg.top/
Cookie: zenid=o5m3arfe02hbqrlt4fup1hvdv2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 21:53:49 GMT
Server: Apache
Last-Modified: Wed, 27 Mar 2013 01:55:10 GMT
ETag: "315-4d8de53f8db80"
Accept-Ranges: bytes
Content-Length: 789
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/gif

jztmas.srootsrg.top/includes/templates/linglong-viu02/images/rank_9.gif

173.208.141.94

200 OK

763 B

URL HTTP/1.1
jztmas.srootsrg.top/includes/templates/linglong-viu02/images/rank_9.gif
IP
173.208.141.94:0
ASN
#32097 WII

File type
GIF image data, version 89a, 100 x 39\012- data
Size
763 B (763 bytes)
Hash
a34576572e69e8448656b2fef0a85091
e36cb983bf59a33b4f2df30a42eea33af7e367a2
4bd758972868ca67bf4c88a6ac29fed015fa9b539a03e09e3540bfc77c992667

HTTP Headers

GET /includes/templates/linglong-viu02/images/rank_9.gif HTTP/1.1
Host: jztmas.srootsrg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jztmas.srootsrg.top/
Cookie: zenid=o5m3arfe02hbqrlt4fup1hvdv2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 21:53:49 GMT
Server: Apache
Last-Modified: Wed, 27 Mar 2013 01:54:28 GMT
ETag: "2fb-4d8de5177fd00"
Accept-Ranges: bytes
Content-Length: 763
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: image/gif

jztmas.srootsrg.top/includes/templates/linglong-viu02/images/0225-2.jpg

173.208.141.94

200 OK

36 kB

URL HTTP/1.1
jztmas.srootsrg.top/includes/templates/linglong-viu02/images/0225-2.jpg
IP
173.208.141.94:0
ASN
#32097 WII

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1000x150, components 3\012- data
Size
36 kB (35837 bytes)
Hash
98a37362eefc18208b1ba0565bec4d31
fb79d3be9b420b14183da3583d98fb044f01c694
b1cd763c7ca80c814f42d59ed9a0657f8eac5c2728ca48eb5e19dfa456b62179

HTTP Headers

GET /includes/templates/linglong-viu02/images/0225-2.jpg HTTP/1.1
Host: jztmas.srootsrg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jztmas.srootsrg.top/
Cookie: zenid=o5m3arfe02hbqrlt4fup1hvdv2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 21:53:49 GMT
Server: Apache
Last-Modified: Wed, 07 Aug 2019 08:52:22 GMT
ETag: "8bfd-58f830f325d80"
Accept-Ranges: bytes
Content-Length: 35837
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: image/jpeg

jztmas.srootsrg.top/includes/templates/linglong-viu02/images/0804time_1050x493.gif

173.208.141.94

200 OK

142 kB

URL HTTP/1.1
jztmas.srootsrg.top/includes/templates/linglong-viu02/images/0804time_1050x493.gif
IP
173.208.141.94:0
ASN
#32097 WII

File type
GIF image data, version 89a, 1050 x 493\012- data
Size
142 kB (142313 bytes)
Hash
de7616148826e4a261712b385d61b3f9
52ac8b82303c3e03af3ba8d65a63191da422cc3f
22e8906991299a8dfab89844d551885b68f6f918f4ae2ef7dc90715cd8dc6752

HTTP Headers

GET /includes/templates/linglong-viu02/images/0804time_1050x493.gif HTTP/1.1
Host: jztmas.srootsrg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jztmas.srootsrg.top/
Cookie: zenid=o5m3arfe02hbqrlt4fup1hvdv2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 21:53:49 GMT
Server: Apache
Last-Modified: Sat, 10 Aug 2019 06:48:02 GMT
ETag: "22be9-58fbdac11ec80"
Accept-Ranges: bytes
Content-Length: 142313
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: image/gif

jztmas.srootsrg.top/imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tMjE4MjUxNDUyMzJfMS5qcGc=

173.208.141.94

200 OK

180 kB

URL HTTP/1.1
jztmas.srootsrg.top/imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tMjE4MjUxNDUyMzJfMS5qcGc=
IP
173.208.141.94:0
ASN
#32097 WII

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1080x1080, components 3\012- data
Size
180 kB (180441 bytes)
Hash
37c8c72a03ce24717a1b50de1390b4c2
cd11b363ddb52f9dcf3338a2bdc88d0c0eb0e537
b829b8d37ad7dcd9bad3d2a120ffdb8e381edbcc370f5fef9b5626f7ec1a27ec

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tMjE4MjUxNDUyMzJfMS5qcGc= HTTP/1.1
Host: jztmas.srootsrg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jztmas.srootsrg.top/
Cookie: zenid=o5m3arfe02hbqrlt4fup1hvdv2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 21:53:49 GMT
Server: Apache
X-Powered-By: PHP/5.4.16
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: image/jpg

jztmas.srootsrg.top/imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tNDUxNjc0Njg1OThfMS5qcGc=

173.208.141.94

200 OK

64 kB

URL HTTP/1.1
jztmas.srootsrg.top/imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tNDUxNjc0Njg1OThfMS5qcGc=
IP
173.208.141.94:0
ASN
#32097 WII

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1080x540, components 3\012- data
Size
64 kB (64477 bytes)
Hash
f293b01e95113a4aefc8f988a35393af
2e25c01b0bb3b98aa22a1fe6621bef5295084e26
497ac892d3b04d91ecf5adc67c4c861147f8c419d99e5b75bd40b536b76c2e14

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tNDUxNjc0Njg1OThfMS5qcGc= HTTP/1.1
Host: jztmas.srootsrg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jztmas.srootsrg.top/
Cookie: zenid=o5m3arfe02hbqrlt4fup1hvdv2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 21:53:49 GMT
Server: Apache
X-Powered-By: PHP/5.4.16
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: image/jpg

jztmas.srootsrg.top/imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tNDE3MzMzMTk3MTZfMS5qcGc=

173.208.141.94

200 OK

31 kB

URL HTTP/1.1
jztmas.srootsrg.top/imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tNDE3MzMzMTk3MTZfMS5qcGc=
IP
173.208.141.94:0
ASN
#32097 WII

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 500x667, components 3\012- data
Size
31 kB (31331 bytes)
Hash
25a813884e5a7d04492f88bdaa03e895
8077176184207327ef20aebdcd7d2a8586cfa0ce
97032d2f15703d56d3b592f9233d37fa91e7b2bae213a79abc2b24158374e82e

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tNDE3MzMzMTk3MTZfMS5qcGc= HTTP/1.1
Host: jztmas.srootsrg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jztmas.srootsrg.top/
Cookie: zenid=o5m3arfe02hbqrlt4fup1hvdv2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 21:53:49 GMT
Server: Apache
X-Powered-By: PHP/5.4.16
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: image/jpg

jztmas.srootsrg.top/imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tNTY1OTgwMDg4NDBfMS5qcGc=

173.208.141.94

200 OK

60 kB

URL HTTP/1.1
jztmas.srootsrg.top/imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tNTY1OTgwMDg4NDBfMS5qcGc=
IP
173.208.141.94:0
ASN
#32097 WII

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 540x720, components 3\012- data
Size
60 kB (59812 bytes)
Hash
9dcd44da8bc64208d0283edbd6d58a65
3a087d6baf2b37929bf70071c47feb965a4a2512
a1bf183fa5faddaa57e3fc4659e00137306d7bc3c713524f6154d642cf12f8d3

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tNTY1OTgwMDg4NDBfMS5qcGc= HTTP/1.1
Host: jztmas.srootsrg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jztmas.srootsrg.top/
Cookie: zenid=o5m3arfe02hbqrlt4fup1hvdv2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 21:53:49 GMT
Server: Apache
X-Powered-By: PHP/5.4.16
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: image/jpg

jztmas.srootsrg.top/imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tNzY1MjI1NTA2MjdfMS5qcGc=

173.208.141.94

200 OK

131 kB

URL HTTP/1.1
jztmas.srootsrg.top/imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tNzY1MjI1NTA2MjdfMS5qcGc=
IP
173.208.141.94:0
ASN
#32097 WII

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 720x720, components 3\012- data
Size
131 kB (130688 bytes)
Hash
f0a2fd25659bac615907ca2135a5a5bf
d0b41a01c5e6aea5448be11e268ef9201a8e0520
1404668f3eb7c318ced7af9d028787ff3016ca45810f672264f23262a1938dc5

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tNzY1MjI1NTA2MjdfMS5qcGc= HTTP/1.1
Host: jztmas.srootsrg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jztmas.srootsrg.top/
Cookie: zenid=o5m3arfe02hbqrlt4fup1hvdv2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 21:53:49 GMT
Server: Apache
X-Powered-By: PHP/5.4.16
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: image/jpg

jztmas.srootsrg.top/imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tOTQwNTgyMjM1NTlfMS5qcGc=

173.208.141.94

200 OK

182 kB

URL HTTP/1.1
jztmas.srootsrg.top/imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tOTQwNTgyMjM1NTlfMS5qcGc=
IP
173.208.141.94:0
ASN
#32097 WII

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1080x1080, components 3\012- data
Size
182 kB (182430 bytes)
Hash
0c7b8de6c44839512ff9ae2ec71ac52b
903383cb796ee4963b345f59aa50fa60df1ea774
202f9b06ea96c05d866b797c405a561876be25028fc83d37bf41bde185901b9e

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tOTQwNTgyMjM1NTlfMS5qcGc= HTTP/1.1
Host: jztmas.srootsrg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jztmas.srootsrg.top/
Cookie: zenid=o5m3arfe02hbqrlt4fup1hvdv2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 21:53:49 GMT
Server: Apache
X-Powered-By: PHP/5.4.16
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: image/jpg

jztmas.srootsrg.top/imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tNDc1ODE4NjIwMDRfMS5qcGc=

173.208.141.94

200 OK

52 kB

URL HTTP/1.1
jztmas.srootsrg.top/imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tNDc1ODE4NjIwMDRfMS5qcGc=
IP
173.208.141.94:0
ASN
#32097 WII

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 720x720, components 3\012- data
Size
52 kB (52161 bytes)
Hash
1637ce5bce7649cdbf000e963b23175f
67eff4332433a5daee67c641413b49fe86243a7a
97e9bb1075f145bfacd4da06c39ae721f262ce5b60ab29dc0da900bf6191889a

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tNDc1ODE4NjIwMDRfMS5qcGc= HTTP/1.1
Host: jztmas.srootsrg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jztmas.srootsrg.top/
Cookie: zenid=o5m3arfe02hbqrlt4fup1hvdv2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 21:53:49 GMT
Server: Apache
X-Powered-By: PHP/5.4.16
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: image/jpg

jztmas.srootsrg.top/includes/templates/linglong-viu02/images/head_menu.png

173.208.141.94

200 OK

6.4 kB

URL HTTP/1.1
jztmas.srootsrg.top/includes/templates/linglong-viu02/images/head_menu.png
IP
173.208.141.94:0
ASN
#32097 WII

File type
PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced\012- data
Size
6.4 kB (6413 bytes)
Hash
788a6a594debb15a4d1a6c17e0d3ab6d
89b866508f424fa08e9029f65555db9ecabed855
2f4ec22ea1e83387681989fa28a59d9e83d8d7b6646991f78563f11ed99d933b

HTTP Headers

GET /includes/templates/linglong-viu02/images/head_menu.png HTTP/1.1
Host: jztmas.srootsrg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jztmas.srootsrg.top/
Cookie: zenid=o5m3arfe02hbqrlt4fup1hvdv2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 21:53:49 GMT
Server: Apache
Last-Modified: Thu, 01 Dec 2016 03:23:48 GMT
ETag: "190d-5429059827900"
Accept-Ranges: bytes
Content-Length: 6413
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: image/png

jztmas.srootsrg.top/imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tNDE4Mzk0MzA1NzBfMS5qcGc=

173.208.141.94

200 OK

71 kB

URL HTTP/1.1
jztmas.srootsrg.top/imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tNDE4Mzk0MzA1NzBfMS5qcGc=
IP
173.208.141.94:0
ASN
#32097 WII

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1080x1080, components 3\012- data
Size
71 kB (70597 bytes)
Hash
f273ca293ef6e95b701b27a2da182ab1
d6fb454e689f0c6e757fa9ce11513d532eba9a49
e2b3dca44bc647343ae3b0d7031d280fd339f095c1bd514eea7c7911d4b52b14

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /imgcdn.php?pic=aHR0cHM6Ly9zdGF0aWMubWVyY2RuLm5ldC9pdGVtL2RldGFpbC9vcmlnL3Bob3Rvcy9tNDE4Mzk0MzA1NzBfMS5qcGc= HTTP/1.1
Host: jztmas.srootsrg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jztmas.srootsrg.top/
Cookie: zenid=o5m3arfe02hbqrlt4fup1hvdv2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 21:53:49 GMT
Server: Apache
X-Powered-By: PHP/5.4.16
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: image/jpg

jztmas.srootsrg.top/favicon.ico

173.208.141.94

200 OK

5.4 kB

URL HTTP/1.1
jztmas.srootsrg.top/favicon.ico
IP
173.208.141.94:0
ASN
#32097 WII

File type
MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Size
5.4 kB (5430 bytes)
Hash
e3d999162d3300c9a0ccc5ad15f1c178
1a2819cd98932ff9f5fdb9e4db4b6706b7474353
5433b42817d81ae9ffdb614e37e90e757bce6959340c47a3d22ebe99c83c74af

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: jztmas.srootsrg.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jztmas.srootsrg.top/
Cookie: zenid=o5m3arfe02hbqrlt4fup1hvdv2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 21:53:49 GMT
Server: Apache
Last-Modified: Thu, 28 Dec 2017 23:11:02 GMT
ETag: "1536-5616ea12e0d80"
Accept-Ranges: bytes
Content-Length: 5430
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: image/vnd.microsoft.icon

34.120.237.76

200 OK

3.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5aedadb2-31f3-4d54-b851-5dd3a166179d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
3.9 kB (3943 bytes)
Hash
d6107217bc206ebf204dfcf832cffc04
4f370e81106ef09ce9294eaa074ff6922197ded0
2cc25b8ddf56ceb274bd147d4e54f3fc386a97f984aa3a7bcc19f083fe68b94f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5aedadb2-31f3-4d54-b851-5dd3a166179d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 3943
x-amzn-requestid: 918fd8d6-0118-4548-9380-e3078577a876
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fzWBtEdKoAMFwnw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63de03a4-6d8ffde860d89fbc513a20f9;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 07:05:08 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ZRVPNp0hKlSBXYjgbVfF8MGqNMHCKF2T4fAqflvZz8z-Uy9bKR9HhA==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Mon, 06 Feb 2023 07:18:54 GMT
age: 52501
etag: "4f370e81106ef09ce9294eaa074ff6922197ded0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (77)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type