Report - 42878.com/

Report Overview

Submitted URL
42878.com/
IP
115.126.37.28
ASN
#38186 Forewin Telecom Group Limited, ISP at
Submitted
2024-04-30 12:15:48
Access
public
Website Title
欢迎光临【六.合.神.算.】精准计算，伴您永久！
Final URL
dz-lh64958.jiujiutuku.com/#2
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
6

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
dz-lh64958.jiujiutuku.com	unknown	unknown	No data	No data	6.6 kB	941 kB	104.234.34.103
hfhw-222141.zhejiangwenzhou.com	unknown	unknown	No data	No data	1.5 kB	30 kB	199.119.203.114
hm.baidu.com	8254	1999-10-11	2012-05-26	2024-04-29	1.7 kB	12 kB	111.45.3.198
https.ackj.cc	unknown	unknown	2021-05-10	2023-03-12	444 B	301 kB	104.21.82.199
libs.baidu.com	103017	1999-10-11	2013-04-23	2024-04-11	424 B	34 kB	39.156.66.111
ehcf-914949.wddamovies.com	unknown	unknown	No data	No data	365 B	1.1 kB	108.181.0.183
chkss-64958.jiujiutuku.com	unknown	unknown	No data	No data	723 B	355 kB	104.234.34.103
cq.tpsy9999.cc	unknown	2023-08-02	2023-10-13	2024-01-27	432 B	545 kB	154.217.143.82
xgkj-644222.lookcame.com	unknown	unknown	No data	No data	4.7 kB	11 kB	23.26.192.131
gggppp666.com	unknown	2023-01-06	2023-01-06	2024-02-10	430 B	0 B	0.0.0.0
42878.com	unknown	unknown	No data	No data	640 B	1.1 kB	115.126.37.28
110.40.36.203:3601	unknown	unknown	No data	No data	441 B	231 B	110.40.36.203
563322.com	unknown	2014-06-16	2021-01-31	2023-07-23	344 B	123 kB	142.0.141.52

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2024-04-30	medium	dz-lh64958.jiujiutuku.com/	Detects hex encoded code that has been base64 encoded
2024-04-30	medium	dz-lh64958.jiujiutuku.com/	Detects hex encoded code that has been base64 encoded

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-30	medium	110.40.36.203	Sinkholed

ThreatFox

No alerts detected

JavaScript (10)

	URL	Size	First Seen	Last Seen
	libs.baidu.com/jquery/1.9.1/jquery.min.js	93 kB	2023-03-07	2024-05-17
Pretty URL libs.baidu.com/jquery/1.9.1/jquery.min.js IP 39.156.66.111 ASN #9808 China Mobile Communications Group Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:44 Last Seen2024-05-17 12:05:38 Times Seen4873 Hash 383771ef1692bfcc3f2b6917ca985778 a1ce0bfa507f23cc414a9a7634bd73b994bb3b35 20638e363fcc5152155f24b281303e17da62da62d24ef5dcf863b184d9a25734 Loading...

	xgkj-644222.lookcame.com/chajian/bm.js	14 kB	2024-04-30	2024-04-30
Pretty URL xgkj-644222.lookcame.com/chajian/bm.js IP 23.26.192.131 ASN #40676 AS40676 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-30 14:15:56 Last Seen2024-04-30 14:15:56 Times Seen1 Hash dbf8ffe2d2fb55ab3882067d008eb759 70534869fd300a92486cb70e283da7c697aa2a27 80c33c322d06e35c4da1e6b75bf74473ac23b339f58c39daf805021855d73576 Loading...

	unknown	1.5 kB	2024-04-30	2024-04-30
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-30 14:15:56 Last Seen2024-04-30 14:15:56 Times Seen1 Hash f8ff1954a725d7755ab0e98dde176843 e6182809d555a8bfd7b3022408a3611ef80d6825 a24eb85cf22283de2401b901ef3cd2a6a93177a87c9f2a5629f551b862f7340f Loading...

	unknown	37 B	2023-04-11	2024-05-17
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:49:14 Last Seen2024-05-17 20:14:39 Times Seen22593 Hash 1c5c9160600df2d96d69a4ea16cec7ed 3cf678c9135cc952ba6970ef545035bb757a443f a3520fe88e248d2b6c9c6db93309a037ef969fe297208e5bd7e49a55bb32c808 Loading...

	unknown	472 B	2024-04-30	2024-04-30
Pretty Introduced by Function Embedded in HTML false Observations First Seen2024-04-30 14:15:56 Last Seen2024-04-30 14:15:56 Times Seen1 Hash 9a17e70cdc7fe0ff85a2ececce331be3 f2344803a7e44ff70f6ec23490ef61df1f0c8679 9658ef64daf7fd1c06217912dd58d61b8084b4d23fe316938d21952edd893dd3 Loading...

	hm.baidu.com/hm.js?8ad181435b98628e18f7017f8b573829	0 B	2023-03-07	2024-05-17
Pretty URL hm.baidu.com/hm.js?8ad181435b98628e18f7017f8b573829 IP 111.45.3.198 ASN #56040 China Mobile communications corporation Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-17 21:44:23 Times Seen37756640 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	dz-lh64958.jiujiutuku.com/#2	2.4 kB	2024-04-30	2024-04-30
Pretty URL dz-lh64958.jiujiutuku.com/#2 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-30 14:15:56 Last Seen2024-04-30 14:15:56 Times Seen1 Hash 6c787eb46579a79626c05960d22e28d0 399b6b6e9d75485974d29098c94fae7fe6c50161 922c6af81d94094ea98530e1d55018449219465431fa4a3ba63941aaedfc42c8 Loading...

	hm.baidu.com/hm.js?d5c1b27da4a454bd33d3bcbebbdc3da7	30 kB	2024-04-30	2024-04-30
Pretty URL hm.baidu.com/hm.js?d5c1b27da4a454bd33d3bcbebbdc3da7 IP 111.45.3.198 ASN #56040 China Mobile communications corporation Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-30 14:15:56 Last Seen2024-04-30 14:15:56 Times Seen2 Hash 9f0b8c6dc1dcc6c4080c10b96b09ef94 e23cff27005e416e36843380c513917e0a1d21d7 751e073731801a96675fbc098dddc9d880b55f60ce3c8acef7e8ce5d65e0bfc0 Loading...

	xgkj-644222.lookcame.com/chajian/H.html	0 B	2023-03-07	2024-05-17
Pretty URL xgkj-644222.lookcame.com/chajian/H.html IP 23.26.192.131 ASN #40676 AS40676 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-17 21:44:23 Times Seen37756640 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 23a30a3ee7e35105d568363c6e3044eb	762 B	2023-03-10	2024-04-30
Pretty Observations First Seen2023-03-10 14:35:16 Last Seen2024-04-30 14:15:56 Times Seen32 Hash 23a30a3ee7e35105d568363c6e3044eb 5a08341b32a70b472547306a974809f014a996cd 2d74b93eb5fa0c0faf11818c07a133b512f01034ee51a8c93d19571a8f6f995a Loading...

HTTP Transactions (44)

URL IP Response Size

42878.com/

115.126.37.28

425 B

URL
42878.com/
IP
115.126.37.28:0
ASN
#38186 Forewin Telecom Group Limited, ISP at

File type
HTML document, ASCII text, with very long lines (425), with no line terminators
Size
425 B (425 bytes)
Hash
d1009327dc780bfe07e11ea1a85cd139
b1e526fa12703f6536cf76c9daa19a9fe7de352f
b239a482ee9aae4e743a9246be6ea368bd0c709645a10e5479c138cd4a890acd

HTTP Headers

GET / HTTP/1.1
Host: 42878.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 200 OK
Connection: close
Cache-Control: max-age=259200
Content-Type: text/html;charset=utf-8
Content-Length: 425

42878.com/

115.126.37.28

425 B

URL
42878.com/
IP
115.126.37.28:0
ASN
#38186 Forewin Telecom Group Limited, ISP at

File type
HTML document, ASCII text, with very long lines (425), with no line terminators
Size
425 B (425 bytes)
Hash
d1009327dc780bfe07e11ea1a85cd139
b1e526fa12703f6536cf76c9daa19a9fe7de352f
b239a482ee9aae4e743a9246be6ea368bd0c709645a10e5479c138cd4a890acd

HTTP Headers

GET / HTTP/1.1
Host: 42878.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 200 OK
Connection: close
Cache-Control: max-age=259200
Content-Type: text/html;charset=utf-8
Content-Length: 425

110.40.36.203:3601/?u=http://42878.com/&p=/

110.40.36.203

302 Found

0 B

URL User Request GET HTTP/1.1
110.40.36.203:3601/?u=http://42878.com/&p=/
IP
110.40.36.203:3601
ASN
#38283 CHINANET SiChuan Telecom Internet Data Center

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?u=http://42878.com/&p=/ HTTP/1.1
Host: 110.40.36.203:3601
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://42878.com/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Tue, 30 Apr 2024 12:14:42 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Location: http://dz-lh64958.jiujiutuku.com/#2
X-Frame-Options: SAMEORIGIN

dz-lh64958.jiujiutuku.com/

104.234.34.103

52 kB

URL
dz-lh64958.jiujiutuku.com/
IP
104.234.34.103:0
ASN
#40676 AS40676

File type
HTML document, ISO-8859 text, with very long lines (918)
Size
52 kB (52329 bytes)
Hash
8b6466cce5f5b274210de73a9e162cca
d1a1a6b3eded4a922ec1399da806aee436930775
de27c0c27cd47ccaa92f730124aa6bda7b4b2ff1a8ac2a9a8743d80792106867

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects hex encoded code that has been base64 encoded

HTTP Headers

GET / HTTP/1.1
Host: dz-lh64958.jiujiutuku.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://42878.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 30 Apr 2024 12:15:29 GMT
Content-Type: text/html
Last-Modified: Tue, 30 Apr 2024 08:27:50 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6630ab86-c47a8"
Content-Encoding: gzip

dz-lh64958.jiujiutuku.com/images/jt.gif

104.234.34.103

200 OK

2.1 kB

URL GET HTTP/1.1
dz-lh64958.jiujiutuku.com/images/jt.gif
IP
104.234.34.103:80
ASN
#40676 AS40676

Requested by
http://dz-lh64958.jiujiutuku.com/#2

File type
GIF image data, version 89a, 32 x 21
Size
2.1 kB (2109 bytes)
Hash
52749bca18fbee499325cefb1a63ffc8
630b2645f80b9e0bbf4df484437203c7fef66abc
9be846c18af51a3afe4ae5926237234faa293785eac585f4122eb8c8e1ddebac

HTTP Headers

GET /images/jt.gif HTTP/1.1
Host: dz-lh64958.jiujiutuku.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://dz-lh64958.jiujiutuku.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 30 Apr 2024 12:15:29 GMT
Content-Type: image/gif
Content-Length: 2109
Last-Modified: Wed, 15 Mar 2023 13:52:13 GMT
Connection: keep-alive
ETag: "6411cd8d-83d"
Expires: Thu, 30 May 2024 12:15:29 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

dz-lh64958.jiujiutuku.com/images/yjmf.png

104.234.34.103

200 OK

5.5 kB

URL GET HTTP/1.1
dz-lh64958.jiujiutuku.com/images/yjmf.png
IP
104.234.34.103:80
ASN
#40676 AS40676

Requested by
http://dz-lh64958.jiujiutuku.com/#2

File type
PNG image data, 166 x 50, 8-bit/color RGBA, non-interlaced
Size
5.5 kB (5454 bytes)
Hash
99280cec15c94f4dbe993d1d6ff4705d
0625bf4ca1f7d8c22c9c4bc966be3ffd46255c86
8c26de8ff461ed696e1e48c031778a3dfca926f3a1049c780f525160ba83e00a

HTTP Headers

GET /images/yjmf.png HTTP/1.1
Host: dz-lh64958.jiujiutuku.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://dz-lh64958.jiujiutuku.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 30 Apr 2024 12:15:29 GMT
Content-Type: image/png
Content-Length: 5454
Last-Modified: Wed, 15 Mar 2023 13:52:13 GMT
Connection: keep-alive
ETag: "6411cd8d-154e"
Expires: Thu, 30 May 2024 12:15:29 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

dz-lh64958.jiujiutuku.com/images/index_103.jpg

104.234.34.103

200 OK

4.0 kB

URL GET HTTP/1.1
dz-lh64958.jiujiutuku.com/images/index_103.jpg
IP
104.234.34.103:80
ASN
#40676 AS40676

Requested by
http://dz-lh64958.jiujiutuku.com/#2

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 960x19, components 3
Size
4.0 kB (3989 bytes)
Hash
3086f2495f4af45872d4eea33f884688
070c0210c8c62151dd8ebe5502a9896ab2cdd79a
5829e20ee195b2571701e6dfcec8af24255ec5319f40a2d3f8fa3be6422cf0d4

HTTP Headers

GET /images/index_103.jpg HTTP/1.1
Host: dz-lh64958.jiujiutuku.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://dz-lh64958.jiujiutuku.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 30 Apr 2024 12:15:29 GMT
Content-Type: image/jpeg
Content-Length: 3989
Last-Modified: Wed, 15 Mar 2023 13:52:13 GMT
Connection: keep-alive
ETag: "6411cd8d-f95"
Expires: Thu, 30 May 2024 12:15:29 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

dz-lh64958.jiujiutuku.com/images/huo.gif

104.234.34.103

200 OK

2.7 kB

URL GET HTTP/1.1
dz-lh64958.jiujiutuku.com/images/huo.gif
IP
104.234.34.103:80
ASN
#40676 AS40676

Requested by
http://dz-lh64958.jiujiutuku.com/#2

File type
GIF image data, version 89a, 22 x 14
Size
2.7 kB (2735 bytes)
Hash
035cae65acfa4a08603419971cc78676
9cb1046b7db371f52b45a6bf9d01404a88d2cef1
77b06d5810e2b76ca8b01b3c0ac84ce398cfb38a037cea9f509985ceaaadee97

HTTP Headers

GET /images/huo.gif HTTP/1.1
Host: dz-lh64958.jiujiutuku.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://dz-lh64958.jiujiutuku.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 30 Apr 2024 12:15:29 GMT
Content-Type: image/gif
Content-Length: 2735
Last-Modified: Wed, 15 Mar 2023 13:52:13 GMT
Connection: keep-alive
ETag: "6411cd8d-aaf"
Expires: Thu, 30 May 2024 12:15:29 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

dz-lh64958.jiujiutuku.com/images/11.jpg

104.234.34.103

200 OK

15 kB

URL GET HTTP/1.1
dz-lh64958.jiujiutuku.com/images/11.jpg
IP
104.234.34.103:80
ASN
#40676 AS40676

Requested by
http://dz-lh64958.jiujiutuku.com/#2

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 960x19, components 3
Size
15 kB (15232 bytes)
Hash
d96dc09ce4c8b3827541898ebc6fbef5
e133948365f9687cb0dce337f1d2309e33bc1a08
67053b52ba307d62a73065e04d6ff387894f9282bb610de77d4d5afbbe717ffc

HTTP Headers

GET /images/11.jpg HTTP/1.1
Host: dz-lh64958.jiujiutuku.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://dz-lh64958.jiujiutuku.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 30 Apr 2024 12:15:29 GMT
Content-Type: image/jpeg
Content-Length: 15232
Last-Modified: Wed, 15 Mar 2023 13:52:13 GMT
Connection: keep-alive
ETag: "6411cd8d-3b80"
Expires: Thu, 30 May 2024 12:15:29 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

dz-lh64958.jiujiutuku.com/images/index_155.jpg

104.234.34.103

200 OK

1.4 kB

URL GET HTTP/1.1
dz-lh64958.jiujiutuku.com/images/index_155.jpg
IP
104.234.34.103:80
ASN
#40676 AS40676

Requested by
http://dz-lh64958.jiujiutuku.com/#2

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 960x7, components 3
Size
1.4 kB (1425 bytes)
Hash
add6c8d97c1c4dd768a726e68e77495b
b108ae68351cf7c1bb72f8212a88945c1590f578
fe3c770173edb00381510dba1eb57ca840092dcf8c44c172975a506f16de8ad0

HTTP Headers

GET /images/index_155.jpg HTTP/1.1
Host: dz-lh64958.jiujiutuku.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://dz-lh64958.jiujiutuku.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 30 Apr 2024 12:15:29 GMT
Content-Type: image/jpeg
Content-Length: 1425
Last-Modified: Wed, 15 Mar 2023 13:52:13 GMT
Connection: keep-alive
ETag: "6411cd8d-591"
Expires: Thu, 30 May 2024 12:15:29 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

dz-lh64958.jiujiutuku.com/images/index_101.jpg

104.234.34.103

200 OK

12 kB

URL GET HTTP/1.1
dz-lh64958.jiujiutuku.com/images/index_101.jpg
IP
104.234.34.103:80
ASN
#40676 AS40676

Requested by
http://dz-lh64958.jiujiutuku.com/#2

File type
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2011:02:13 19:50:04], baseline, precision 8, 960x54, components 3
Size
12 kB (11628 bytes)
Hash
0e7982a7cbf2724a8d7517cd6992208f
b9fd83c02a953b652ea49c6d8f8a17400daea5c9
47f6316c6e5c4572ac5ca952f7178145009aa0dd03d0f0be3a474fc001c8b788

HTTP Headers

GET /images/index_101.jpg HTTP/1.1
Host: dz-lh64958.jiujiutuku.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://dz-lh64958.jiujiutuku.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 30 Apr 2024 12:15:29 GMT
Content-Type: image/jpeg
Content-Length: 11628
Last-Modified: Wed, 15 Mar 2023 13:52:13 GMT
Connection: keep-alive
ETag: "6411cd8d-2d6c"
Expires: Thu, 30 May 2024 12:15:29 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

dz-lh64958.jiujiutuku.com/images/gsb_tj.gif

104.234.34.103

200 OK

2.1 kB

URL GET HTTP/1.1
dz-lh64958.jiujiutuku.com/images/gsb_tj.gif
IP
104.234.34.103:80
ASN
#40676 AS40676

Requested by
http://dz-lh64958.jiujiutuku.com/#2

File type
GIF image data, version 89a, 84 x 17
Size
2.1 kB (2094 bytes)
Hash
3478c264c2c41a27b3529567bcd65106
b55363a98554e303b37330f52640b6828ff829dc
a66c4243038211716ea06b6385874af9018eb77da4f4f7c445d47a9e1826245e

HTTP Headers

GET /images/gsb_tj.gif HTTP/1.1
Host: dz-lh64958.jiujiutuku.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://dz-lh64958.jiujiutuku.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 30 Apr 2024 12:15:29 GMT
Content-Type: image/gif
Content-Length: 2094
Last-Modified: Wed, 15 Mar 2023 13:52:13 GMT
Connection: keep-alive
ETag: "6411cd8d-82e"
Expires: Thu, 30 May 2024 12:15:29 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

dz-lh64958.jiujiutuku.com/images/foot_ad.gif

104.234.34.103

200 OK

2.8 kB

URL GET HTTP/1.1
dz-lh64958.jiujiutuku.com/images/foot_ad.gif
IP
104.234.34.103:80
ASN
#40676 AS40676

Requested by
http://dz-lh64958.jiujiutuku.com/#2

File type
GIF image data, version 89a, 440 x 22
Size
2.8 kB (2756 bytes)
Hash
38b9ec978242ea47f61fa122c2c2a839
266a6681b8d1ef2ad235909bf8a92a90d80b82e5
2ed382df88171c2b2f6f64503338318f5362022de04aa1ce906d7b21835287b4

HTTP Headers

GET /images/foot_ad.gif HTTP/1.1
Host: dz-lh64958.jiujiutuku.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://dz-lh64958.jiujiutuku.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 30 Apr 2024 12:15:29 GMT
Content-Type: image/gif
Content-Length: 2756
Last-Modified: Wed, 15 Mar 2023 13:52:13 GMT
Connection: keep-alive
ETag: "6411cd8d-ac4"
Expires: Thu, 30 May 2024 12:15:29 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

dz-lh64958.jiujiutuku.com/images/bg.gif

104.234.34.103

200 OK

22 kB

URL GET HTTP/1.1
dz-lh64958.jiujiutuku.com/images/bg.gif
IP
104.234.34.103:80
ASN
#40676 AS40676

Requested by
http://dz-lh64958.jiujiutuku.com/#2

File type
GIF image data, version 89a, 198 x 198
Size
22 kB (22445 bytes)
Hash
5475f340eaa8a7e069826c8c172562ed
43e3e6d1d8391854584ade24df4a2a40d121f689
e41d2163cd518827834b20c5c9bc6246a4ab60f03791c4c35f0f5b8ec5324d29

HTTP Headers

GET /images/bg.gif HTTP/1.1
Host: dz-lh64958.jiujiutuku.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://dz-lh64958.jiujiutuku.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 30 Apr 2024 12:15:29 GMT
Content-Type: image/gif
Content-Length: 22445
Last-Modified: Wed, 15 Mar 2023 13:52:13 GMT
Connection: keep-alive
ETag: "6411cd8d-57ad"
Expires: Thu, 30 May 2024 12:15:29 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

dz-lh64958.jiujiutuku.com/123

104.234.34.103

404 Not Found

146 B

URL GET HTTP/1.1
dz-lh64958.jiujiutuku.com/123
IP
104.234.34.103:80
ASN
#40676 AS40676

Requested by
http://dz-lh64958.jiujiutuku.com/#2

File type
HTML document, ASCII text, with CRLF line terminators
Size
146 B (146 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

HTTP Headers

GET /123 HTTP/1.1
Host: dz-lh64958.jiujiutuku.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://dz-lh64958.jiujiutuku.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx
Date: Tue, 30 Apr 2024 12:15:29 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive

dz-lh64958.jiujiutuku.com/images/index_151.jpg

104.234.34.103

200 OK

2.4 kB

URL GET HTTP/1.1
dz-lh64958.jiujiutuku.com/images/index_151.jpg
IP
104.234.34.103:80
ASN
#40676 AS40676

Requested by
http://dz-lh64958.jiujiutuku.com/#2

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 960x15, components 3
Size
2.4 kB (2384 bytes)
Hash
1836b5e11ccd87e0d27e3393d37230e4
fcfd65d154733a418d8122cfea517e3d04936e2d
9dbef7acfb123a9a2e47a7223ca6b8e8432215024d96bf0417e544fff9554faa

HTTP Headers

GET /images/index_151.jpg HTTP/1.1
Host: dz-lh64958.jiujiutuku.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://dz-lh64958.jiujiutuku.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 30 Apr 2024 12:15:29 GMT
Content-Type: image/jpeg
Content-Length: 2384
Last-Modified: Wed, 15 Mar 2023 13:52:13 GMT
Connection: keep-alive
ETag: "6411cd8d-950"
Expires: Thu, 30 May 2024 12:15:29 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

dz-lh64958.jiujiutuku.com/images/index_144.jpg

104.234.34.103

200 OK

7.0 kB

URL GET HTTP/1.1
dz-lh64958.jiujiutuku.com/images/index_144.jpg
IP
104.234.34.103:80
ASN
#40676 AS40676

Requested by
http://dz-lh64958.jiujiutuku.com/#2

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 960x19, components 3
Size
7.0 kB (7016 bytes)
Hash
12dfc8745947cf46cd01f799f21cd2c1
3309cba1d8d39527debb3029e81c737847b8b30c
f7fe2ce67cbf7fa16e7b2d8f88eba6dcfe7b088e85b242857a6996a4c4b2189e

HTTP Headers

GET /images/index_144.jpg HTTP/1.1
Host: dz-lh64958.jiujiutuku.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://dz-lh64958.jiujiutuku.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 30 Apr 2024 12:15:29 GMT
Content-Type: image/jpeg
Content-Length: 7016
Last-Modified: Wed, 15 Mar 2023 13:52:13 GMT
Connection: keep-alive
ETag: "6411cd8d-1b68"
Expires: Thu, 30 May 2024 12:15:29 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

hfhw-222141.zhejiangwenzhou.com/images/shou.gif

199.119.203.114

200 OK

1.6 kB

URL GET HTTP/1.1
hfhw-222141.zhejiangwenzhou.com/images/shou.gif
IP
199.119.203.114:80
ASN
#40676 AS40676

Requested by
http://dz-lh64958.jiujiutuku.com/#2

File type
GIF image data, version 89a, 44 x 23
Size
1.6 kB (1615 bytes)
Hash
b485ff1ac9616b5aae0c75ad27ff89c0
7c10f7a53cbf257f572af92462b2bd2510fdfe36
59923a21658b2203ca72290a65f3b6a474591cccc9604ae1999e57bc537a6a2a

HTTP Headers

GET /images/shou.gif HTTP/1.1
Host: hfhw-222141.zhejiangwenzhou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://dz-lh64958.jiujiutuku.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 30 Apr 2024 12:15:30 GMT
Content-Type: image/gif
Content-Length: 1615
Last-Modified: Sun, 19 Dec 2021 14:52:21 GMT
Connection: keep-alive
ETag: "61bf4725-64f"
Expires: Thu, 30 May 2024 12:15:30 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

hfhw-222141.zhejiangwenzhou.com/images/cbt.gif

199.119.203.114

200 OK

3.9 kB

URL GET HTTP/1.1
hfhw-222141.zhejiangwenzhou.com/images/cbt.gif
IP
199.119.203.114:80
ASN
#40676 AS40676

Requested by
http://dz-lh64958.jiujiutuku.com/#2

File type
GIF image data, version 89a, 84 x 17
Size
3.9 kB (3878 bytes)
Hash
5432e6772bf5f898217842b0ab789899
1ed4ebefa16fa526a0987d903db572b053231158
c423016492877dff3f77788168896472b76ac7b770c7b24430f21d62de55eeb8

HTTP Headers

GET /images/cbt.gif HTTP/1.1
Host: hfhw-222141.zhejiangwenzhou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://dz-lh64958.jiujiutuku.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 30 Apr 2024 12:15:30 GMT
Content-Type: image/gif
Content-Length: 3878
Last-Modified: Sun, 19 Dec 2021 14:51:49 GMT
Connection: keep-alive
ETag: "61bf4705-f26"
Expires: Thu, 30 May 2024 12:15:30 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

hfhw-222141.zhejiangwenzhou.com/images/digest_2.gif

199.119.203.114

200 OK

568 B

URL GET HTTP/1.1
hfhw-222141.zhejiangwenzhou.com/images/digest_2.gif
IP
199.119.203.114:80
ASN
#40676 AS40676

Requested by
http://dz-lh64958.jiujiutuku.com/#2

File type
GIF image data, version 89a, 21 x 13
Size
568 B (568 bytes)
Hash
40d5cbd8bbc79e64332bdd6b85b34716
53d7f7b90f96f9c8e85d4c4b3475331567bd7e7c
1d20747a070d547c3c302ae776ac8dbccfe7a7343978952ce11a23fa1f8c1e19

HTTP Headers

GET /images/digest_2.gif HTTP/1.1
Host: hfhw-222141.zhejiangwenzhou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://dz-lh64958.jiujiutuku.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 30 Apr 2024 12:15:30 GMT
Content-Type: image/gif
Content-Length: 568
Last-Modified: Sat, 18 Dec 2021 17:35:52 GMT
Connection: keep-alive
ETag: "61be1bf8-238"
Expires: Thu, 30 May 2024 12:15:30 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

ehcf-914949.wddamovies.com/images/zu2.gif

108.181.0.183

200 OK

967 B

URL GET HTTP/1.1
ehcf-914949.wddamovies.com/images/zu2.gif
IP
108.181.0.183:80
ASN
#40676 AS40676

Requested by
http://dz-lh64958.jiujiutuku.com/#2

File type
HTML document, ASCII text, with very long lines (967), with no line terminators
Size
967 B (967 bytes)
Hash
fe8969c32da87f4266499dcf08237888
55ab73f9b8c932e92423af5e2f84a95aa7e81ba6
9980fd03e0f252855033545519afdbaf83ca629a6ec848f0669b44fa7c9cccb1

HTTP Headers

GET /images/zu2.gif HTTP/1.1
Host: ehcf-914949.wddamovies.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://dz-lh64958.jiujiutuku.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 967
Pragma: no-cache
Cache-control: no-store

chkss-64958.jiujiutuku.com/TP/xggp.jpg

104.234.34.103

200 OK

109 kB

URL GET HTTP/1.1
chkss-64958.jiujiutuku.com/TP/xggp.jpg
IP
104.234.34.103:80
ASN
#40676 AS40676

Requested by
http://dz-lh64958.jiujiutuku.com/#2

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2024:04:30 02:14:16], baseline, precision 8, 500x500, components 3
Size
109 kB (109279 bytes)
Hash
45e95dbf1b4a155a21bd4e4bbce4d7df
fb9ad0c5e86053ec96de2f1d78c8191915e580d1
06731c7e9d7a3fc4c34d9716cb708123214ecfcfe06e4e2d796c3518b8ab2a8b

HTTP Headers

GET /TP/xggp.jpg HTTP/1.1
Host: chkss-64958.jiujiutuku.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://dz-lh64958.jiujiutuku.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 30 Apr 2024 12:15:29 GMT
Content-Type: image/jpeg
Content-Length: 109279
Last-Modified: Tue, 30 Apr 2024 06:55:54 GMT
Connection: keep-alive
ETag: "663095fa-1aadf"
Expires: Thu, 30 May 2024 12:15:29 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

chkss-64958.jiujiutuku.com/TP/lpg.jpg

104.234.34.103

200 OK

246 kB

URL GET HTTP/1.1
chkss-64958.jiujiutuku.com/TP/lpg.jpg
IP
104.234.34.103:80
ASN
#40676 AS40676

Requested by
http://dz-lh64958.jiujiutuku.com/#2

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 999x1399, components 3
Size
246 kB (245481 bytes)
Hash
9c224fa0c6c6fbe1b1ef6008dbbce102
e73e304cfec48ba80274f8c8c808b295fa3645b0
9b30e2cf174da35a4365b5c38c5421923399a080bb2a39915ad88f7fd8b1da7f

HTTP Headers

GET /TP/lpg.jpg HTTP/1.1
Host: chkss-64958.jiujiutuku.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://dz-lh64958.jiujiutuku.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 30 Apr 2024 12:15:29 GMT
Content-Type: image/jpeg
Content-Length: 245481
Last-Modified: Tue, 30 Apr 2024 06:54:51 GMT
Connection: keep-alive
ETag: "663095bb-3bee9"
Expires: Thu, 30 May 2024 12:15:29 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

hm.baidu.com/hm.js?d5c1b27da4a454bd33d3bcbebbdc3da7

111.45.3.198

200 OK

11 kB

URL GET HTTP/1.1
hm.baidu.com/hm.js?d5c1b27da4a454bd33d3bcbebbdc3da7
IP
111.45.3.198:443
ASN
#56040 China Mobile communications corporation

Requested by
http://dz-lh64958.jiujiutuku.com/#2
Certificate
IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT

File type
JavaScript source, ASCII text, with very long lines (619)
Size
11 kB (11257 bytes)
Hash
9f0b8c6dc1dcc6c4080c10b96b09ef94
e23cff27005e416e36843380c513917e0a1d21d7
751e073731801a96675fbc098dddc9d880b55f60ce3c8acef7e8ce5d65e0bfc0

HTTP Headers

GET /hm.js?d5c1b27da4a454bd33d3bcbebbdc3da7 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://dz-lh64958.jiujiutuku.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11257
Content-Type: application/javascript
Date: Tue, 30 Apr 2024 12:15:31 GMT
Etag: f2060d59e21434adc0bc7d88fea2a05c
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=8B2C5F2CFC3F23CD; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800

563322.com/tu/n1.jpg

142.0.141.52

200 OK

123 kB

URL GET HTTP/1.1
563322.com/tu/n1.jpg
IP
142.0.141.52:80
ASN
#54600 PEG-SV

Requested by
http://dz-lh64958.jiujiutuku.com/#2

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1000x710, components 3
Size
123 kB (123192 bytes)
Hash
845e20c4d2236d70792a1eaf37c88f57
4d7f73a73af4eae0c614c8ffdbf7618b0a503868
23ffdbbf1942cb8d69d6e9ffc9c91ab032a4f655abe5ee520d4a750cc978ef83

HTTP Headers

GET /tu/n1.jpg HTTP/1.1
Host: 563322.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://dz-lh64958.jiujiutuku.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Mon, 29 Nov 2010 00:17:06 GMT
Accept-Ranges: bytes
ETag: "6cd89cc15a8fcb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Wed, 01 Dec 2010 09:54:32 GMT
Content-Length: 123192

https.ackj.cc/UploadFiles/pic/2/3155.jpg

104.21.82.199

200 OK

301 kB

URL GET HTTP/2
https.ackj.cc/UploadFiles/pic/2/3155.jpg
IP
104.21.82.199:443
ASN
#13335 CLOUDFLARENET

Requested by
http://dz-lh64958.jiujiutuku.com/#2
Certificate
IssuerGoogle Trust Services LLC
Subjectackj.cc
Fingerprint47:E2:EC:F5:49:6A:99:4C:32:A1:8C:E0:84:F7:DC:FE:E1:E2:A2:C5
ValiditySun, 10 Mar 2024 08:08:18 GMT - Sat, 08 Jun 2024 08:08:17 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 1024x777, components 3
Size
301 kB (300623 bytes)
Hash
87cc5ef252facd88cc85cf9576b4e3ba
5793d0ea37cbced47763eff7ca1de7da1f6e88be
3357cd44f4040437068f9cc66d9cfe77ee4d5352f86c41834d2e28b94d873323

HTTP Headers

GET /UploadFiles/pic/2/3155.jpg HTTP/1.1
Host: https.ackj.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://dz-lh64958.jiujiutuku.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 30 Apr 2024 12:15:31 GMT
content-type: image/jpeg
content-length: 300623
last-modified: Sat, 27 Apr 2024 15:15:22 GMT
etag: "94ed16b9b598da1:0"
x-powered-by: ASP.NET
cache-control: max-age=300
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zw6dVi%2Blza8HGbfR%2B4prKtfJhackbRaJday5J%2B8OlvmgGzBuruodNuWn1LxXGQonQOplxQMn4KS7r9cggCAi4Mj1Qe1ZC8u%2BkfolTY5w5E73apAHW76c169dlqQkrTfl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87c775258deeb51e-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

xgkj-644222.lookcame.com/chajian/H.html

23.26.192.131

200 OK

1.8 kB

URL GET HTTP/1.1
xgkj-644222.lookcame.com/chajian/H.html
IP
23.26.192.131:443
ASN
#40676 AS40676

Requested by
http://dz-lh64958.jiujiutuku.com/#2
Certificate
IssuerSectigo Limited
Subjectxgkj-644222.lookcame.com
FingerprintDA:76:38:AD:7C:5E:F7:60:A5:01:A5:9B:0F:D9:A2:C9:7C:35:0F:61
ValidityWed, 24 Apr 2024 00:00:00 GMT - Wed, 27 Nov 2024 23:59:59 GMT

File type
HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.8 kB (1758 bytes)
Hash
a605121ecf714487c58fa0ab26d023ab
699b011b58b7b60b67621afa9275832c81165d4f
ec9d7009959554b096e945048a4138fd8f1cecf7b84d82b25eb7a89be1311664

HTTP Headers

GET /chajian/H.html HTTP/1.1
Host: xgkj-644222.lookcame.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://dz-lh64958.jiujiutuku.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/html
Content-Encoding: gzip
Last-Modified: Sat, 10 Feb 2024 09:18:02 GMT
Accept-Ranges: bytes
ETag: "081e3b25cda1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Tue, 30 Apr 2024 12:15:30 GMT
Content-Length: 1758

hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=531355148&si=d5c1b27da4a454bd33d3bcbebbdc3da7&su=http%3A%2F%2F42878.com%2F&v=1.3.0&lv=1&sn=18196&r=0&ww=1280&u=http%3A%2F%2Fdz-lh64958.jiujiutuku.com%2F%232&tt=%E6%AC%A2%E8%BF%8E%E5%85%89%E4%B8%B4%E3%80%90%E5%85%AD.%E5%90%88.%E7%A5%9E.%E7%AE%97.%E3%80%91%E7%B2%BE%E5%87%86%E8%AE%A1%E7%AE%97%EF%BC%8C%E4%BC%B4%E6%82%A8%E6%B0%B8%E4%B9%85%EF%BC%81

111.45.3.198

200 OK

43 B

URL GET HTTP/1.1
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=531355148&si=d5c1b27da4a454bd33d3bcbebbdc3da7&su=http%3A%2F%2F42878.com%2F&v=1.3.0&lv=1&sn=18196&r=0&ww=1280&u=http%3A%2F%2Fdz-lh64958.jiujiutuku.com%2F%232&tt=%E6%AC%A2%E8%BF%8E%E5%85%89%E4%B8%B4%E3%80%90%E5%85%AD.%E5%90%88.%E7%A5%9E.%E7%AE%97.%E3%80%91%E7%B2%BE%E5%87%86%E8%AE%A1%E7%AE%97%EF%BC%8C%E4%BC%B4%E6%82%A8%E6%B0%B8%E4%B9%85%EF%BC%81
IP
111.45.3.198:443
ASN
#56040 China Mobile communications corporation

Requested by
http://dz-lh64958.jiujiutuku.com/#2
Certificate
IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=531355148&si=d5c1b27da4a454bd33d3bcbebbdc3da7&su=http%3A%2F%2F42878.com%2F&v=1.3.0&lv=1&sn=18196&r=0&ww=1280&u=http%3A%2F%2Fdz-lh64958.jiujiutuku.com%2F%232&tt=%E6%AC%A2%E8%BF%8E%E5%85%89%E4%B8%B4%E3%80%90%E5%85%AD.%E5%90%88.%E7%A5%9E.%E7%AE%97.%E3%80%91%E7%B2%BE%E5%87%86%E8%AE%A1%E7%AE%97%EF%BC%8C%E4%BC%B4%E6%82%A8%E6%B0%B8%E4%B9%85%EF%BC%81 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://dz-lh64958.jiujiutuku.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Tue, 30 Apr 2024 12:15:31 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=D02068A1104067FC; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff

cq.tpsy9999.cc/mt2023/cq.gif

154.217.143.82

200 OK

545 kB

URL GET HTTP/2
cq.tpsy9999.cc/mt2023/cq.gif
IP
154.217.143.82:443
ASN
#18978 ENZUINC

Requested by
http://dz-lh64958.jiujiutuku.com/#2
Certificate
IssuerLet's Encrypt
Subjectcq.tpsy9999.cc
Fingerprint06:EA:9F:E0:89:F7:CE:35:5E:17:06:A5:2D:48:10:7D:A5:94:5A:3C
ValiditySun, 03 Mar 2024 01:36:32 GMT - Sat, 01 Jun 2024 01:36:31 GMT

File type
GIF image data, version 89a, 960 x 100
Size
545 kB (544866 bytes)
Hash
0300f77afbd598a329dacc7ee514ed89
0e4ba2c66d128027438f5475e9c768e0e0e5d7f2
68e5fe2b75355cb369ff9ff8d6fed71d4dca58f7d1f7720695be58afd90a183b

HTTP Headers

GET /mt2023/cq.gif HTTP/1.1
Host: cq.tpsy9999.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://dz-lh64958.jiujiutuku.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 30 Apr 2024 12:15:30 GMT
content-type: image/gif
content-length: 544866
last-modified: Thu, 21 Dec 2023 13:16:21 GMT
etag: "65843aa5-85062"
expires: Wed, 29 May 2024 15:15:20 GMT
cache-control: max-age=2592000
server: cdn
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

xgkj-644222.lookcame.com/chajian/bm.js

23.26.192.131

200 OK

5.0 kB

URL GET HTTP/1.1
xgkj-644222.lookcame.com/chajian/bm.js
IP
23.26.192.131:443
ASN
#40676 AS40676

Requested by
https://xgkj-644222.lookcame.com/chajian/H.html
Certificate
IssuerSectigo Limited
Subjectxgkj-644222.lookcame.com
FingerprintDA:76:38:AD:7C:5E:F7:60:A5:01:A5:9B:0F:D9:A2:C9:7C:35:0F:61
ValidityWed, 24 Apr 2024 00:00:00 GMT - Wed, 27 Nov 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 (with BOM) text, with very long lines (12205), with CRLF line terminators
Size
5.0 kB (4969 bytes)
Hash
85ecdf607988b70b9052d4f7f8c96de4
c8f77cebfa8f81e5c7580728e9dbb62739344211
2430e259261f594d7429ad51e30ee4c0fed466bd2f5ea8c249091b75b39ce03f

HTTP Headers

GET /chajian/bm.js HTTP/1.1
Host: xgkj-644222.lookcame.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xgkj-644222.lookcame.com/chajian/H.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Wed, 14 Feb 2024 05:33:02 GMT
Accept-Ranges: bytes
ETag: "0fbe94675fda1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Tue, 30 Apr 2024 12:15:30 GMT
Content-Length: 4969

dz-lh64958.jiujiutuku.com/favicon.ico

104.234.34.103

404 Not Found

146 B

URL GET HTTP/1.1
dz-lh64958.jiujiutuku.com/favicon.ico
IP
104.234.34.103:80
ASN
#40676 AS40676

Requested by
http://dz-lh64958.jiujiutuku.com/#2

File type
HTML document, ASCII text, with CRLF line terminators
Size
146 B (146 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: dz-lh64958.jiujiutuku.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://dz-lh64958.jiujiutuku.com/
Cookie: Hm_lvt_d5c1b27da4a454bd33d3bcbebbdc3da7=1714479331; Hm_lpvt_d5c1b27da4a454bd33d3bcbebbdc3da7=1714479331
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx
Date: Tue, 30 Apr 2024 12:15:31 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive

hm.baidu.com/hm.js?8ad181435b98628e18f7017f8b573829

111.45.3.198

200 OK

0 B

URL GET HTTP/1.1
hm.baidu.com/hm.js?8ad181435b98628e18f7017f8b573829
IP
111.45.3.198:443
ASN
#56040 China Mobile communications corporation

Requested by
https://xgkj-644222.lookcame.com/chajian/H.html
Certificate
IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /hm.js?8ad181435b98628e18f7017f8b573829 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xgkj-644222.lookcame.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 0
Date: Tue, 30 Apr 2024 12:15:32 GMT
Server: apache
Strict-Transport-Security: max-age=172800
Content-Type: text/plain; charset=utf-8

libs.baidu.com/jquery/1.9.1/jquery.min.js

39.156.66.111

200 OK

33 kB

URL GET HTTP/1.1
libs.baidu.com/jquery/1.9.1/jquery.min.js
IP
39.156.66.111:443
ASN
#9808 China Mobile Communications Group Co., Ltd.

Requested by
https://xgkj-644222.lookcame.com/chajian/H.html
Certificate
IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT

File type
JavaScript source, ASCII text, with very long lines (32089), with CRLF line terminators
Size
33 kB (33001 bytes)
Hash
383771ef1692bfcc3f2b6917ca985778
a1ce0bfa507f23cc414a9a7634bd73b994bb3b35
20638e363fcc5152155f24b281303e17da62da62d24ef5dcf863b184d9a25734

HTTP Headers

GET /jquery/1.9.1/jquery.min.js HTTP/1.1
Host: libs.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xgkj-644222.lookcame.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: max-age=2592000
Connection: keep-alive
Content-Encoding: gzip
Content-Type: application/x-javascript
Date: Tue, 30 Apr 2024 12:15:33 GMT
Expires: Thu, 30 May 2024 12:15:33 GMT
Last-Modified: Wed, 07 Jan 2015 09:16:30 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Server: Apache
Set-Cookie: BAIDUID=FAEAB67FE1049D6A7148084336B1C0B6:FG=1; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2145916555; path=/; domain=.baidu.com; version=1
Strict-Transport-Security: max-age=87600
Vary: Accept-Encoding
Transfer-Encoding: chunked

xgkj-644222.lookcame.com/chajian/bmjg.js?_=1714479334235

23.26.192.131

200 OK

222 B

URL GET HTTP/1.1
xgkj-644222.lookcame.com/chajian/bmjg.js?_=1714479334235
IP
23.26.192.131:443
ASN
#40676 AS40676

Requested by
https://xgkj-644222.lookcame.com/chajian/H.html
Certificate
IssuerSectigo Limited
Subjectxgkj-644222.lookcame.com
FingerprintDA:76:38:AD:7C:5E:F7:60:A5:01:A5:9B:0F:D9:A2:C9:7C:35:0F:61
ValidityWed, 24 Apr 2024 00:00:00 GMT - Wed, 27 Nov 2024 23:59:59 GMT

File type
Unicode text, UTF-8 (with BOM) text, with no line terminators
Size
222 B (222 bytes)
Hash
3a3faf1c43167051483f7f9e748add9f
e15bd89bc368f46b589459ff96c8c17255dd72dc
7791ae5d6343970d6e9d5d0b46bd20aa39f16466b10e1c0d89167bc57d575716

HTTP Headers

GET /chajian/bmjg.js?_=1714479334235 HTTP/1.1
Host: xgkj-644222.lookcame.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://xgkj-644222.lookcame.com/chajian/H.html
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 27 Apr 2024 05:34:35 GMT
Accept-Ranges: bytes
ETag: "c52f1966498da1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Tue, 30 Apr 2024 12:15:33 GMT
Content-Length: 222

xgkj-644222.lookcame.com/chajian/bmjg.js?_=1714479334236

23.26.192.131

200 OK

222 B

URL GET HTTP/1.1
xgkj-644222.lookcame.com/chajian/bmjg.js?_=1714479334236
IP
23.26.192.131:443
ASN
#40676 AS40676

Requested by
https://xgkj-644222.lookcame.com/chajian/H.html
Certificate
IssuerSectigo Limited
Subjectxgkj-644222.lookcame.com
FingerprintDA:76:38:AD:7C:5E:F7:60:A5:01:A5:9B:0F:D9:A2:C9:7C:35:0F:61
ValidityWed, 24 Apr 2024 00:00:00 GMT - Wed, 27 Nov 2024 23:59:59 GMT

File type
Unicode text, UTF-8 (with BOM) text, with no line terminators
Size
222 B (222 bytes)
Hash
3a3faf1c43167051483f7f9e748add9f
e15bd89bc368f46b589459ff96c8c17255dd72dc
7791ae5d6343970d6e9d5d0b46bd20aa39f16466b10e1c0d89167bc57d575716

HTTP Headers

GET /chajian/bmjg.js?_=1714479334236 HTTP/1.1
Host: xgkj-644222.lookcame.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://xgkj-644222.lookcame.com/chajian/H.html
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 27 Apr 2024 05:34:35 GMT
Accept-Ranges: bytes
ETag: "c52f1966498da1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Tue, 30 Apr 2024 12:15:34 GMT
Content-Length: 222

xgkj-644222.lookcame.com/chajian/bmjg.js?_=1714479334237

23.26.192.131

200 OK

222 B

URL GET HTTP/1.1
xgkj-644222.lookcame.com/chajian/bmjg.js?_=1714479334237
IP
23.26.192.131:443
ASN
#40676 AS40676

Requested by
https://xgkj-644222.lookcame.com/chajian/H.html
Certificate
IssuerSectigo Limited
Subjectxgkj-644222.lookcame.com
FingerprintDA:76:38:AD:7C:5E:F7:60:A5:01:A5:9B:0F:D9:A2:C9:7C:35:0F:61
ValidityWed, 24 Apr 2024 00:00:00 GMT - Wed, 27 Nov 2024 23:59:59 GMT

File type
Unicode text, UTF-8 (with BOM) text, with no line terminators
Size
222 B (222 bytes)
Hash
3a3faf1c43167051483f7f9e748add9f
e15bd89bc368f46b589459ff96c8c17255dd72dc
7791ae5d6343970d6e9d5d0b46bd20aa39f16466b10e1c0d89167bc57d575716

HTTP Headers

GET /chajian/bmjg.js?_=1714479334237 HTTP/1.1
Host: xgkj-644222.lookcame.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://xgkj-644222.lookcame.com/chajian/H.html
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 27 Apr 2024 05:34:35 GMT
Accept-Ranges: bytes
ETag: "c52f1966498da1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Tue, 30 Apr 2024 12:15:36 GMT
Content-Length: 222

xgkj-644222.lookcame.com/chajian/bmjg.js?_=1714479334238

23.26.192.131

503 Service Unavailable

326 B

URL GET HTTP/1.1
xgkj-644222.lookcame.com/chajian/bmjg.js?_=1714479334238
IP
23.26.192.131:443
ASN
#40676 AS40676

Requested by
https://xgkj-644222.lookcame.com/chajian/H.html
Certificate
IssuerSectigo Limited
Subjectxgkj-644222.lookcame.com
FingerprintDA:76:38:AD:7C:5E:F7:60:A5:01:A5:9B:0F:D9:A2:C9:7C:35:0F:61
ValidityWed, 24 Apr 2024 00:00:00 GMT - Wed, 27 Nov 2024 23:59:59 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
326 B (326 bytes)
Hash
bf3231d7fad0292d818aac7d6d669f00
c29683b3788d729a5fc4504279d10e31da60745c
fb2d9f058c2010c57f86a05ae33d282f33e3825290c66b8b120cd177416c6bdf

HTTP Headers

GET /chajian/bmjg.js?_=1714479334238 HTTP/1.1
Host: xgkj-644222.lookcame.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://xgkj-644222.lookcame.com/chajian/H.html
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 503 Service Unavailable
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Tue, 30 Apr 2024 12:15:37 GMT
Connection: close
Content-Length: 326

hfhw-222141.zhejiangwenzhou.com/images/bg.gif

199.119.203.114

200 OK

22 kB

URL GET HTTP/1.1
hfhw-222141.zhejiangwenzhou.com/images/bg.gif
IP
199.119.203.114:80
ASN
#40676 AS40676

Requested by
http://dz-lh64958.jiujiutuku.com/#2

File type
GIF image data, version 89a, 198 x 198
Size
22 kB (22445 bytes)
Hash
5475f340eaa8a7e069826c8c172562ed
43e3e6d1d8391854584ade24df4a2a40d121f689
e41d2163cd518827834b20c5c9bc6246a4ab60f03791c4c35f0f5b8ec5324d29

HTTP Headers

GET /images/bg.gif HTTP/1.1
Host: hfhw-222141.zhejiangwenzhou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://dz-lh64958.jiujiutuku.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 30 Apr 2024 12:15:30 GMT
Content-Type: image/gif
Content-Length: 22445
Last-Modified: Sun, 19 Dec 2021 14:51:45 GMT
Connection: keep-alive
ETag: "61bf4701-57ad"
Expires: Thu, 30 May 2024 12:15:30 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

xgkj-644222.lookcame.com/chajian/bmjg.js?_=1714479334239

23.26.192.131

200 OK

222 B

URL GET HTTP/1.1
xgkj-644222.lookcame.com/chajian/bmjg.js?_=1714479334239
IP
23.26.192.131:443
ASN
#40676 AS40676

Requested by
https://xgkj-644222.lookcame.com/chajian/H.html
Certificate
IssuerSectigo Limited
Subjectxgkj-644222.lookcame.com
FingerprintDA:76:38:AD:7C:5E:F7:60:A5:01:A5:9B:0F:D9:A2:C9:7C:35:0F:61
ValidityWed, 24 Apr 2024 00:00:00 GMT - Wed, 27 Nov 2024 23:59:59 GMT

File type
Unicode text, UTF-8 (with BOM) text, with no line terminators
Size
222 B (222 bytes)
Hash
3a3faf1c43167051483f7f9e748add9f
e15bd89bc368f46b589459ff96c8c17255dd72dc
7791ae5d6343970d6e9d5d0b46bd20aa39f16466b10e1c0d89167bc57d575716

HTTP Headers

GET /chajian/bmjg.js?_=1714479334239 HTTP/1.1
Host: xgkj-644222.lookcame.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://xgkj-644222.lookcame.com/chajian/H.html
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 27 Apr 2024 05:34:35 GMT
Accept-Ranges: bytes
ETag: "c52f1966498da1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Tue, 30 Apr 2024 12:15:40 GMT
Content-Length: 222

xgkj-644222.lookcame.com/chajian/bmjg.js?_=1714479334240

23.26.192.131

200 OK

222 B

URL GET HTTP/1.1
xgkj-644222.lookcame.com/chajian/bmjg.js?_=1714479334240
IP
23.26.192.131:443
ASN
#40676 AS40676

Requested by
https://xgkj-644222.lookcame.com/chajian/H.html
Certificate
IssuerSectigo Limited
Subjectxgkj-644222.lookcame.com
FingerprintDA:76:38:AD:7C:5E:F7:60:A5:01:A5:9B:0F:D9:A2:C9:7C:35:0F:61
ValidityWed, 24 Apr 2024 00:00:00 GMT - Wed, 27 Nov 2024 23:59:59 GMT

File type
Unicode text, UTF-8 (with BOM) text, with no line terminators
Size
222 B (222 bytes)
Hash
3a3faf1c43167051483f7f9e748add9f
e15bd89bc368f46b589459ff96c8c17255dd72dc
7791ae5d6343970d6e9d5d0b46bd20aa39f16466b10e1c0d89167bc57d575716

HTTP Headers

GET /chajian/bmjg.js?_=1714479334240 HTTP/1.1
Host: xgkj-644222.lookcame.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://xgkj-644222.lookcame.com/chajian/H.html
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 27 Apr 2024 05:34:35 GMT
Accept-Ranges: bytes
ETag: "c52f1966498da1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Tue, 30 Apr 2024 12:15:41 GMT
Content-Length: 222

xgkj-644222.lookcame.com/chajian/bmjg.js?_=1714479334241

23.26.192.131

326 B

URL GET
xgkj-644222.lookcame.com/chajian/bmjg.js?_=1714479334241
IP
23.26.192.131:0
ASN
#40676 AS40676

Requested by
https://xgkj-644222.lookcame.com/chajian/H.html
Certificate
IssuerSectigo Limited
Subjectxgkj-644222.lookcame.com
FingerprintDA:76:38:AD:7C:5E:F7:60:A5:01:A5:9B:0F:D9:A2:C9:7C:35:0F:61
ValidityWed, 24 Apr 2024 00:00:00 GMT - Wed, 27 Nov 2024 23:59:59 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
326 B (326 bytes)
Hash
bf3231d7fad0292d818aac7d6d669f00
c29683b3788d729a5fc4504279d10e31da60745c
fb2d9f058c2010c57f86a05ae33d282f33e3825290c66b8b120cd177416c6bdf

HTTP Headers

GET /chajian/bmjg.js?_=1714479334241 HTTP/1.1
Host: xgkj-644222.lookcame.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://xgkj-644222.lookcame.com/chajian/H.html
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 503 Service Unavailable
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Tue, 30 Apr 2024 12:15:43 GMT
Connection: close
Content-Length: 326

dz-lh64958.jiujiutuku.com/

0.0.0.0

0 B

URL User Request GET
dz-lh64958.jiujiutuku.com/
IP
0.0.0.0:0
ASN
#0

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: dz-lh64958.jiujiutuku.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://42878.com/
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

dz-lh64958.jiujiutuku.com/

104.234.34.103

200 OK

805 kB

URL User Request GET HTTP/1.1
dz-lh64958.jiujiutuku.com/
IP
104.234.34.103:80
ASN
#40676 AS40676

File type
HTML document, Unicode text, UTF-8 text, with very long lines (918)
Size
805 kB (804776 bytes)
Hash
7296ec451168a5a86821abf0bf24ccf8
48f36d6b92828490bce4abbd849e41f0edb28190
a709e68f7f093a8c89cd1f8052cd78c0ddc5ae4ede0b3f8ef3f46184ee0b125d

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects hex encoded code that has been base64 encoded

HTTP Headers

GET / HTTP/1.1
Host: dz-lh64958.jiujiutuku.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://42878.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 30 Apr 2024 12:15:29 GMT
Content-Type: text/html
Last-Modified: Tue, 30 Apr 2024 08:27:50 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6630ab86-c47a8"
Content-Encoding: gzip

gggppp666.com/965960.gif

0.0.0.0

0 B

URL GET
gggppp666.com/965960.gif
IP
0.0.0.0:0
ASN
#0

Requested by
http://dz-lh64958.jiujiutuku.com/#2

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /965960.gif HTTP/1.1
Host: gggppp666.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://dz-lh64958.jiujiutuku.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (10)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash