42878.com/
115.126.37.28 425 B IP 115.126.37.28:0
ASN #38186 Forewin Telecom Group Limited, ISP at
File type HTML document, ASCII text, with very long lines (425), with no line terminators
Hash d1009327dc780bfe07e11ea1a85cd139
b1e526fa12703f6536cf76c9daa19a9fe7de352f
b239a482ee9aae4e743a9246be6ea368bd0c709645a10e5479c138cd4a890acd
GET / HTTP/1.1
Host: 42878.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.0 200 OK
Connection: close
Cache-Control: max-age=259200
Content-Type: text/html;charset=utf-8
Content-Length: 425
42878.com/
115.126.37.28 425 B IP 115.126.37.28:0
ASN #38186 Forewin Telecom Group Limited, ISP at
File type HTML document, ASCII text, with very long lines (425), with no line terminators
Hash d1009327dc780bfe07e11ea1a85cd139
b1e526fa12703f6536cf76c9daa19a9fe7de352f
b239a482ee9aae4e743a9246be6ea368bd0c709645a10e5479c138cd4a890acd
GET / HTTP/1.1
Host: 42878.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.0 200 OK
Connection: close
Cache-Control: max-age=259200
Content-Type: text/html;charset=utf-8
Content-Length: 425
110.40.36.203:3601/?u=http://42878.com/&p=/
110.40.36.203302 Found 0 B URL User Request GET HTTP/1.1 110.40.36.203:3601/?u=http://42878.com/&p=/
IP 110.40.36.203:3601
ASN #38283 CHINANET SiChuan Telecom Internet Data Center
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /?u=http://42878.com/&p=/ HTTP/1.1
Host: 110.40.36.203:3601
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://42878.com/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Tue, 30 Apr 2024 12:14:42 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Location: http://dz-lh64958.jiujiutuku.com/#2
X-Frame-Options: SAMEORIGIN
dz-lh64958.jiujiutuku.com/
104.234.34.103 52 kB URL dz-lh64958.jiujiutuku.com/
IP 104.234.34.103:0
File type HTML document, ISO-8859 text, with very long lines (918)
Hash 8b6466cce5f5b274210de73a9e162cca
d1a1a6b3eded4a922ec1399da806aee436930775
de27c0c27cd47ccaa92f730124aa6bda7b4b2ff1a8ac2a9a8743d80792106867
Analyzer Verdict Alert Public Nextron YARA rules malware Detects hex encoded code that has been base64 encoded
GET / HTTP/1.1
Host: dz-lh64958.jiujiutuku.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://42878.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 30 Apr 2024 12:15:29 GMT
Content-Type: text/html
Last-Modified: Tue, 30 Apr 2024 08:27:50 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6630ab86-c47a8"
Content-Encoding: gzip
dz-lh64958.jiujiutuku.com/images/jt.gif
104.234.34.103200 OK 2.1 kB URL GET HTTP/1.1 dz-lh64958.jiujiutuku.com/images/jt.gif
IP 104.234.34.103:80
Requested by http://dz-lh64958.jiujiutuku.com/#2
File type GIF image data, version 89a, 32 x 21
Hash 52749bca18fbee499325cefb1a63ffc8
630b2645f80b9e0bbf4df484437203c7fef66abc
9be846c18af51a3afe4ae5926237234faa293785eac585f4122eb8c8e1ddebac
GET /images/jt.gif HTTP/1.1
Host: dz-lh64958.jiujiutuku.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://dz-lh64958.jiujiutuku.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 30 Apr 2024 12:15:29 GMT
Content-Type: image/gif
Content-Length: 2109
Last-Modified: Wed, 15 Mar 2023 13:52:13 GMT
Connection: keep-alive
ETag: "6411cd8d-83d"
Expires: Thu, 30 May 2024 12:15:29 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
dz-lh64958.jiujiutuku.com/images/yjmf.png
104.234.34.103200 OK 5.5 kB URL GET HTTP/1.1 dz-lh64958.jiujiutuku.com/images/yjmf.png
IP 104.234.34.103:80
Requested by http://dz-lh64958.jiujiutuku.com/#2
File type PNG image data, 166 x 50, 8-bit/color RGBA, non-interlaced
Hash 99280cec15c94f4dbe993d1d6ff4705d
0625bf4ca1f7d8c22c9c4bc966be3ffd46255c86
8c26de8ff461ed696e1e48c031778a3dfca926f3a1049c780f525160ba83e00a
GET /images/yjmf.png HTTP/1.1
Host: dz-lh64958.jiujiutuku.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://dz-lh64958.jiujiutuku.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 30 Apr 2024 12:15:29 GMT
Content-Type: image/png
Content-Length: 5454
Last-Modified: Wed, 15 Mar 2023 13:52:13 GMT
Connection: keep-alive
ETag: "6411cd8d-154e"
Expires: Thu, 30 May 2024 12:15:29 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
dz-lh64958.jiujiutuku.com/images/index_103.jpg
104.234.34.103200 OK 4.0 kB URL GET HTTP/1.1 dz-lh64958.jiujiutuku.com/images/index_103.jpg
IP 104.234.34.103:80
Requested by http://dz-lh64958.jiujiutuku.com/#2
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 960x19, components 3
Hash 3086f2495f4af45872d4eea33f884688
070c0210c8c62151dd8ebe5502a9896ab2cdd79a
5829e20ee195b2571701e6dfcec8af24255ec5319f40a2d3f8fa3be6422cf0d4
GET /images/index_103.jpg HTTP/1.1
Host: dz-lh64958.jiujiutuku.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://dz-lh64958.jiujiutuku.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 30 Apr 2024 12:15:29 GMT
Content-Type: image/jpeg
Content-Length: 3989
Last-Modified: Wed, 15 Mar 2023 13:52:13 GMT
Connection: keep-alive
ETag: "6411cd8d-f95"
Expires: Thu, 30 May 2024 12:15:29 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
dz-lh64958.jiujiutuku.com/images/huo.gif
104.234.34.103200 OK 2.7 kB URL GET HTTP/1.1 dz-lh64958.jiujiutuku.com/images/huo.gif
IP 104.234.34.103:80
Requested by http://dz-lh64958.jiujiutuku.com/#2
File type GIF image data, version 89a, 22 x 14
Hash 035cae65acfa4a08603419971cc78676
9cb1046b7db371f52b45a6bf9d01404a88d2cef1
77b06d5810e2b76ca8b01b3c0ac84ce398cfb38a037cea9f509985ceaaadee97
GET /images/huo.gif HTTP/1.1
Host: dz-lh64958.jiujiutuku.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://dz-lh64958.jiujiutuku.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 30 Apr 2024 12:15:29 GMT
Content-Type: image/gif
Content-Length: 2735
Last-Modified: Wed, 15 Mar 2023 13:52:13 GMT
Connection: keep-alive
ETag: "6411cd8d-aaf"
Expires: Thu, 30 May 2024 12:15:29 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
dz-lh64958.jiujiutuku.com/images/11.jpg
104.234.34.103200 OK 15 kB URL GET HTTP/1.1 dz-lh64958.jiujiutuku.com/images/11.jpg
IP 104.234.34.103:80
Requested by http://dz-lh64958.jiujiutuku.com/#2
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 960x19, components 3
Hash d96dc09ce4c8b3827541898ebc6fbef5
e133948365f9687cb0dce337f1d2309e33bc1a08
67053b52ba307d62a73065e04d6ff387894f9282bb610de77d4d5afbbe717ffc
GET /images/11.jpg HTTP/1.1
Host: dz-lh64958.jiujiutuku.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://dz-lh64958.jiujiutuku.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 30 Apr 2024 12:15:29 GMT
Content-Type: image/jpeg
Content-Length: 15232
Last-Modified: Wed, 15 Mar 2023 13:52:13 GMT
Connection: keep-alive
ETag: "6411cd8d-3b80"
Expires: Thu, 30 May 2024 12:15:29 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
dz-lh64958.jiujiutuku.com/images/index_155.jpg
104.234.34.103200 OK 1.4 kB URL GET HTTP/1.1 dz-lh64958.jiujiutuku.com/images/index_155.jpg
IP 104.234.34.103:80
Requested by http://dz-lh64958.jiujiutuku.com/#2
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 960x7, components 3
Hash add6c8d97c1c4dd768a726e68e77495b
b108ae68351cf7c1bb72f8212a88945c1590f578
fe3c770173edb00381510dba1eb57ca840092dcf8c44c172975a506f16de8ad0
GET /images/index_155.jpg HTTP/1.1
Host: dz-lh64958.jiujiutuku.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://dz-lh64958.jiujiutuku.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 30 Apr 2024 12:15:29 GMT
Content-Type: image/jpeg
Content-Length: 1425
Last-Modified: Wed, 15 Mar 2023 13:52:13 GMT
Connection: keep-alive
ETag: "6411cd8d-591"
Expires: Thu, 30 May 2024 12:15:29 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
dz-lh64958.jiujiutuku.com/images/index_101.jpg
104.234.34.103200 OK 12 kB URL GET HTTP/1.1 dz-lh64958.jiujiutuku.com/images/index_101.jpg
IP 104.234.34.103:80
Requested by http://dz-lh64958.jiujiutuku.com/#2
File type JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2011:02:13 19:50:04], baseline, precision 8, 960x54, components 3
Hash 0e7982a7cbf2724a8d7517cd6992208f
b9fd83c02a953b652ea49c6d8f8a17400daea5c9
47f6316c6e5c4572ac5ca952f7178145009aa0dd03d0f0be3a474fc001c8b788
GET /images/index_101.jpg HTTP/1.1
Host: dz-lh64958.jiujiutuku.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://dz-lh64958.jiujiutuku.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 30 Apr 2024 12:15:29 GMT
Content-Type: image/jpeg
Content-Length: 11628
Last-Modified: Wed, 15 Mar 2023 13:52:13 GMT
Connection: keep-alive
ETag: "6411cd8d-2d6c"
Expires: Thu, 30 May 2024 12:15:29 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
dz-lh64958.jiujiutuku.com/images/gsb_tj.gif
104.234.34.103200 OK 2.1 kB URL GET HTTP/1.1 dz-lh64958.jiujiutuku.com/images/gsb_tj.gif
IP 104.234.34.103:80
Requested by http://dz-lh64958.jiujiutuku.com/#2
File type GIF image data, version 89a, 84 x 17
Hash 3478c264c2c41a27b3529567bcd65106
b55363a98554e303b37330f52640b6828ff829dc
a66c4243038211716ea06b6385874af9018eb77da4f4f7c445d47a9e1826245e
GET /images/gsb_tj.gif HTTP/1.1
Host: dz-lh64958.jiujiutuku.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://dz-lh64958.jiujiutuku.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 30 Apr 2024 12:15:29 GMT
Content-Type: image/gif
Content-Length: 2094
Last-Modified: Wed, 15 Mar 2023 13:52:13 GMT
Connection: keep-alive
ETag: "6411cd8d-82e"
Expires: Thu, 30 May 2024 12:15:29 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
dz-lh64958.jiujiutuku.com/images/foot_ad.gif
104.234.34.103200 OK 2.8 kB URL GET HTTP/1.1 dz-lh64958.jiujiutuku.com/images/foot_ad.gif
IP 104.234.34.103:80
Requested by http://dz-lh64958.jiujiutuku.com/#2
File type GIF image data, version 89a, 440 x 22
Hash 38b9ec978242ea47f61fa122c2c2a839
266a6681b8d1ef2ad235909bf8a92a90d80b82e5
2ed382df88171c2b2f6f64503338318f5362022de04aa1ce906d7b21835287b4
GET /images/foot_ad.gif HTTP/1.1
Host: dz-lh64958.jiujiutuku.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://dz-lh64958.jiujiutuku.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 30 Apr 2024 12:15:29 GMT
Content-Type: image/gif
Content-Length: 2756
Last-Modified: Wed, 15 Mar 2023 13:52:13 GMT
Connection: keep-alive
ETag: "6411cd8d-ac4"
Expires: Thu, 30 May 2024 12:15:29 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
dz-lh64958.jiujiutuku.com/images/bg.gif
104.234.34.103200 OK 22 kB URL GET HTTP/1.1 dz-lh64958.jiujiutuku.com/images/bg.gif
IP 104.234.34.103:80
Requested by http://dz-lh64958.jiujiutuku.com/#2
File type GIF image data, version 89a, 198 x 198
Hash 5475f340eaa8a7e069826c8c172562ed
43e3e6d1d8391854584ade24df4a2a40d121f689
e41d2163cd518827834b20c5c9bc6246a4ab60f03791c4c35f0f5b8ec5324d29
GET /images/bg.gif HTTP/1.1
Host: dz-lh64958.jiujiutuku.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://dz-lh64958.jiujiutuku.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 30 Apr 2024 12:15:29 GMT
Content-Type: image/gif
Content-Length: 22445
Last-Modified: Wed, 15 Mar 2023 13:52:13 GMT
Connection: keep-alive
ETag: "6411cd8d-57ad"
Expires: Thu, 30 May 2024 12:15:29 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
dz-lh64958.jiujiutuku.com/123
104.234.34.103404 Not Found 146 B URL GET HTTP/1.1 dz-lh64958.jiujiutuku.com/123
IP 104.234.34.103:80
Requested by http://dz-lh64958.jiujiutuku.com/#2
File type HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
GET /123 HTTP/1.1
Host: dz-lh64958.jiujiutuku.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://dz-lh64958.jiujiutuku.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Server: nginx
Date: Tue, 30 Apr 2024 12:15:29 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive
dz-lh64958.jiujiutuku.com/images/index_151.jpg
104.234.34.103200 OK 2.4 kB URL GET HTTP/1.1 dz-lh64958.jiujiutuku.com/images/index_151.jpg
IP 104.234.34.103:80
Requested by http://dz-lh64958.jiujiutuku.com/#2
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 960x15, components 3
Hash 1836b5e11ccd87e0d27e3393d37230e4
fcfd65d154733a418d8122cfea517e3d04936e2d
9dbef7acfb123a9a2e47a7223ca6b8e8432215024d96bf0417e544fff9554faa
GET /images/index_151.jpg HTTP/1.1
Host: dz-lh64958.jiujiutuku.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://dz-lh64958.jiujiutuku.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 30 Apr 2024 12:15:29 GMT
Content-Type: image/jpeg
Content-Length: 2384
Last-Modified: Wed, 15 Mar 2023 13:52:13 GMT
Connection: keep-alive
ETag: "6411cd8d-950"
Expires: Thu, 30 May 2024 12:15:29 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
dz-lh64958.jiujiutuku.com/images/index_144.jpg
104.234.34.103200 OK 7.0 kB URL GET HTTP/1.1 dz-lh64958.jiujiutuku.com/images/index_144.jpg
IP 104.234.34.103:80
Requested by http://dz-lh64958.jiujiutuku.com/#2
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 960x19, components 3
Hash 12dfc8745947cf46cd01f799f21cd2c1
3309cba1d8d39527debb3029e81c737847b8b30c
f7fe2ce67cbf7fa16e7b2d8f88eba6dcfe7b088e85b242857a6996a4c4b2189e
GET /images/index_144.jpg HTTP/1.1
Host: dz-lh64958.jiujiutuku.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://dz-lh64958.jiujiutuku.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 30 Apr 2024 12:15:29 GMT
Content-Type: image/jpeg
Content-Length: 7016
Last-Modified: Wed, 15 Mar 2023 13:52:13 GMT
Connection: keep-alive
ETag: "6411cd8d-1b68"
Expires: Thu, 30 May 2024 12:15:29 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
hfhw-222141.zhejiangwenzhou.com/images/shou.gif
199.119.203.114200 OK 1.6 kB URL GET HTTP/1.1 hfhw-222141.zhejiangwenzhou.com/images/shou.gif
IP 199.119.203.114:80
Requested by http://dz-lh64958.jiujiutuku.com/#2
File type GIF image data, version 89a, 44 x 23
Hash b485ff1ac9616b5aae0c75ad27ff89c0
7c10f7a53cbf257f572af92462b2bd2510fdfe36
59923a21658b2203ca72290a65f3b6a474591cccc9604ae1999e57bc537a6a2a
GET /images/shou.gif HTTP/1.1
Host: hfhw-222141.zhejiangwenzhou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://dz-lh64958.jiujiutuku.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 30 Apr 2024 12:15:30 GMT
Content-Type: image/gif
Content-Length: 1615
Last-Modified: Sun, 19 Dec 2021 14:52:21 GMT
Connection: keep-alive
ETag: "61bf4725-64f"
Expires: Thu, 30 May 2024 12:15:30 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
hfhw-222141.zhejiangwenzhou.com/images/cbt.gif
199.119.203.114200 OK 3.9 kB URL GET HTTP/1.1 hfhw-222141.zhejiangwenzhou.com/images/cbt.gif
IP 199.119.203.114:80
Requested by http://dz-lh64958.jiujiutuku.com/#2
File type GIF image data, version 89a, 84 x 17
Hash 5432e6772bf5f898217842b0ab789899
1ed4ebefa16fa526a0987d903db572b053231158
c423016492877dff3f77788168896472b76ac7b770c7b24430f21d62de55eeb8
GET /images/cbt.gif HTTP/1.1
Host: hfhw-222141.zhejiangwenzhou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://dz-lh64958.jiujiutuku.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 30 Apr 2024 12:15:30 GMT
Content-Type: image/gif
Content-Length: 3878
Last-Modified: Sun, 19 Dec 2021 14:51:49 GMT
Connection: keep-alive
ETag: "61bf4705-f26"
Expires: Thu, 30 May 2024 12:15:30 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
hfhw-222141.zhejiangwenzhou.com/images/digest_2.gif
199.119.203.114200 OK 568 B URL GET HTTP/1.1 hfhw-222141.zhejiangwenzhou.com/images/digest_2.gif
IP 199.119.203.114:80
Requested by http://dz-lh64958.jiujiutuku.com/#2
File type GIF image data, version 89a, 21 x 13
Hash 40d5cbd8bbc79e64332bdd6b85b34716
53d7f7b90f96f9c8e85d4c4b3475331567bd7e7c
1d20747a070d547c3c302ae776ac8dbccfe7a7343978952ce11a23fa1f8c1e19
GET /images/digest_2.gif HTTP/1.1
Host: hfhw-222141.zhejiangwenzhou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://dz-lh64958.jiujiutuku.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 30 Apr 2024 12:15:30 GMT
Content-Type: image/gif
Content-Length: 568
Last-Modified: Sat, 18 Dec 2021 17:35:52 GMT
Connection: keep-alive
ETag: "61be1bf8-238"
Expires: Thu, 30 May 2024 12:15:30 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
ehcf-914949.wddamovies.com/images/zu2.gif
108.181.0.183200 OK 967 B URL GET HTTP/1.1 ehcf-914949.wddamovies.com/images/zu2.gif
IP 108.181.0.183:80
Requested by http://dz-lh64958.jiujiutuku.com/#2
File type HTML document, ASCII text, with very long lines (967), with no line terminators
Hash fe8969c32da87f4266499dcf08237888
55ab73f9b8c932e92423af5e2f84a95aa7e81ba6
9980fd03e0f252855033545519afdbaf83ca629a6ec848f0669b44fa7c9cccb1
GET /images/zu2.gif HTTP/1.1
Host: ehcf-914949.wddamovies.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://dz-lh64958.jiujiutuku.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 967
Pragma: no-cache
Cache-control: no-store
chkss-64958.jiujiutuku.com/TP/xggp.jpg
104.234.34.103200 OK 109 kB URL GET HTTP/1.1 chkss-64958.jiujiutuku.com/TP/xggp.jpg
IP 104.234.34.103:80
Requested by http://dz-lh64958.jiujiutuku.com/#2
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2024:04:30 02:14:16], baseline, precision 8, 500x500, components 3
Size 109 kB (109279 bytes)
Hash 45e95dbf1b4a155a21bd4e4bbce4d7df
fb9ad0c5e86053ec96de2f1d78c8191915e580d1
06731c7e9d7a3fc4c34d9716cb708123214ecfcfe06e4e2d796c3518b8ab2a8b
GET /TP/xggp.jpg HTTP/1.1
Host: chkss-64958.jiujiutuku.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://dz-lh64958.jiujiutuku.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 30 Apr 2024 12:15:29 GMT
Content-Type: image/jpeg
Content-Length: 109279
Last-Modified: Tue, 30 Apr 2024 06:55:54 GMT
Connection: keep-alive
ETag: "663095fa-1aadf"
Expires: Thu, 30 May 2024 12:15:29 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
chkss-64958.jiujiutuku.com/TP/lpg.jpg
104.234.34.103200 OK 246 kB URL GET HTTP/1.1 chkss-64958.jiujiutuku.com/TP/lpg.jpg
IP 104.234.34.103:80
Requested by http://dz-lh64958.jiujiutuku.com/#2
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 999x1399, components 3
Size 246 kB (245481 bytes)
Hash 9c224fa0c6c6fbe1b1ef6008dbbce102
e73e304cfec48ba80274f8c8c808b295fa3645b0
9b30e2cf174da35a4365b5c38c5421923399a080bb2a39915ad88f7fd8b1da7f
GET /TP/lpg.jpg HTTP/1.1
Host: chkss-64958.jiujiutuku.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://dz-lh64958.jiujiutuku.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 30 Apr 2024 12:15:29 GMT
Content-Type: image/jpeg
Content-Length: 245481
Last-Modified: Tue, 30 Apr 2024 06:54:51 GMT
Connection: keep-alive
ETag: "663095bb-3bee9"
Expires: Thu, 30 May 2024 12:15:29 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
hm.baidu.com/hm.js?d5c1b27da4a454bd33d3bcbebbdc3da7
111.45.3.198200 OK 11 kB URL GET HTTP/1.1 hm.baidu.com/hm.js?d5c1b27da4a454bd33d3bcbebbdc3da7
IP 111.45.3.198:443
ASN #56040 China Mobile communications corporation
Requested by http://dz-lh64958.jiujiutuku.com/#2
Certificate IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT
File type JavaScript source, ASCII text, with very long lines (619)
Hash 9f0b8c6dc1dcc6c4080c10b96b09ef94
e23cff27005e416e36843380c513917e0a1d21d7
751e073731801a96675fbc098dddc9d880b55f60ce3c8acef7e8ce5d65e0bfc0
GET /hm.js?d5c1b27da4a454bd33d3bcbebbdc3da7 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://dz-lh64958.jiujiutuku.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11257
Content-Type: application/javascript
Date: Tue, 30 Apr 2024 12:15:31 GMT
Etag: f2060d59e21434adc0bc7d88fea2a05c
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=8B2C5F2CFC3F23CD; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
563322.com/tu/n1.jpg
142.0.141.52200 OK 123 kB IP 142.0.141.52:80
Requested by http://dz-lh64958.jiujiutuku.com/#2
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1000x710, components 3
Size 123 kB (123192 bytes)
Hash 845e20c4d2236d70792a1eaf37c88f57
4d7f73a73af4eae0c614c8ffdbf7618b0a503868
23ffdbbf1942cb8d69d6e9ffc9c91ab032a4f655abe5ee520d4a750cc978ef83
GET /tu/n1.jpg HTTP/1.1
Host: 563322.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://dz-lh64958.jiujiutuku.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Mon, 29 Nov 2010 00:17:06 GMT
Accept-Ranges: bytes
ETag: "6cd89cc15a8fcb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Wed, 01 Dec 2010 09:54:32 GMT
Content-Length: 123192
https.ackj.cc/UploadFiles/pic/2/3155.jpg
104.21.82.199200 OK 301 kB URL GET HTTP/2 https.ackj.cc/UploadFiles/pic/2/3155.jpg
IP 104.21.82.199:443
Requested by http://dz-lh64958.jiujiutuku.com/#2
Certificate IssuerGoogle Trust Services LLC
Subjectackj.cc
Fingerprint47:E2:EC:F5:49:6A:99:4C:32:A1:8C:E0:84:F7:DC:FE:E1:E2:A2:C5
ValiditySun, 10 Mar 2024 08:08:18 GMT - Sat, 08 Jun 2024 08:08:17 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 1024x777, components 3
Size 301 kB (300623 bytes)
Hash 87cc5ef252facd88cc85cf9576b4e3ba
5793d0ea37cbced47763eff7ca1de7da1f6e88be
3357cd44f4040437068f9cc66d9cfe77ee4d5352f86c41834d2e28b94d873323
GET /UploadFiles/pic/2/3155.jpg HTTP/1.1
Host: https.ackj.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://dz-lh64958.jiujiutuku.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 30 Apr 2024 12:15:31 GMT
content-type: image/jpeg
content-length: 300623
last-modified: Sat, 27 Apr 2024 15:15:22 GMT
etag: "94ed16b9b598da1:0"
x-powered-by: ASP.NET
cache-control: max-age=300
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zw6dVi%2Blza8HGbfR%2B4prKtfJhackbRaJday5J%2B8OlvmgGzBuruodNuWn1LxXGQonQOplxQMn4KS7r9cggCAi4Mj1Qe1ZC8u%2BkfolTY5w5E73apAHW76c169dlqQkrTfl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87c775258deeb51e-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
xgkj-644222.lookcame.com/chajian/H.html
23.26.192.131200 OK 1.8 kB URL GET HTTP/1.1 xgkj-644222.lookcame.com/chajian/H.html
IP 23.26.192.131:443
Requested by http://dz-lh64958.jiujiutuku.com/#2
Certificate IssuerSectigo Limited
Subjectxgkj-644222.lookcame.com
FingerprintDA:76:38:AD:7C:5E:F7:60:A5:01:A5:9B:0F:D9:A2:C9:7C:35:0F:61
ValidityWed, 24 Apr 2024 00:00:00 GMT - Wed, 27 Nov 2024 23:59:59 GMT
File type HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash a605121ecf714487c58fa0ab26d023ab
699b011b58b7b60b67621afa9275832c81165d4f
ec9d7009959554b096e945048a4138fd8f1cecf7b84d82b25eb7a89be1311664
GET /chajian/H.html HTTP/1.1
Host: xgkj-644222.lookcame.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://dz-lh64958.jiujiutuku.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/html
Content-Encoding: gzip
Last-Modified: Sat, 10 Feb 2024 09:18:02 GMT
Accept-Ranges: bytes
ETag: "081e3b25cda1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Tue, 30 Apr 2024 12:15:30 GMT
Content-Length: 1758
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=531355148&si=d5c1b27da4a454bd33d3bcbebbdc3da7&su=http%3A%2F%2F42878.com%2F&v=1.3.0&lv=1&sn=18196&r=0&ww=1280&u=http%3A%2F%2Fdz-lh64958.jiujiutuku.com%2F%232&tt=%E6%AC%A2%E8%BF%8E%E5%85%89%E4%B8%B4%E3%80%90%E5%85%AD.%E5%90%88.%E7%A5%9E.%E7%AE%97.%E3%80%91%E7%B2%BE%E5%87%86%E8%AE%A1%E7%AE%97%EF%BC%8C%E4%BC%B4%E6%82%A8%E6%B0%B8%E4%B9%85%EF%BC%81
111.45.3.198200 OK 43 B URL GET HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=531355148&si=d5c1b27da4a454bd33d3bcbebbdc3da7&su=http%3A%2F%2F42878.com%2F&v=1.3.0&lv=1&sn=18196&r=0&ww=1280&u=http%3A%2F%2Fdz-lh64958.jiujiutuku.com%2F%232&tt=%E6%AC%A2%E8%BF%8E%E5%85%89%E4%B8%B4%E3%80%90%E5%85%AD.%E5%90%88.%E7%A5%9E.%E7%AE%97.%E3%80%91%E7%B2%BE%E5%87%86%E8%AE%A1%E7%AE%97%EF%BC%8C%E4%BC%B4%E6%82%A8%E6%B0%B8%E4%B9%85%EF%BC%81
IP 111.45.3.198:443
ASN #56040 China Mobile communications corporation
Requested by http://dz-lh64958.jiujiutuku.com/#2
Certificate IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT
File type GIF image data, version 89a, 1 x 1
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=531355148&si=d5c1b27da4a454bd33d3bcbebbdc3da7&su=http%3A%2F%2F42878.com%2F&v=1.3.0&lv=1&sn=18196&r=0&ww=1280&u=http%3A%2F%2Fdz-lh64958.jiujiutuku.com%2F%232&tt=%E6%AC%A2%E8%BF%8E%E5%85%89%E4%B8%B4%E3%80%90%E5%85%AD.%E5%90%88.%E7%A5%9E.%E7%AE%97.%E3%80%91%E7%B2%BE%E5%87%86%E8%AE%A1%E7%AE%97%EF%BC%8C%E4%BC%B4%E6%82%A8%E6%B0%B8%E4%B9%85%EF%BC%81 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://dz-lh64958.jiujiutuku.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Tue, 30 Apr 2024 12:15:31 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=D02068A1104067FC; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
cq.tpsy9999.cc/mt2023/cq.gif
154.217.143.82200 OK 545 kB URL GET HTTP/2 cq.tpsy9999.cc/mt2023/cq.gif
IP 154.217.143.82:443
Requested by http://dz-lh64958.jiujiutuku.com/#2
Certificate IssuerLet's Encrypt
Subjectcq.tpsy9999.cc
Fingerprint06:EA:9F:E0:89:F7:CE:35:5E:17:06:A5:2D:48:10:7D:A5:94:5A:3C
ValiditySun, 03 Mar 2024 01:36:32 GMT - Sat, 01 Jun 2024 01:36:31 GMT
File type GIF image data, version 89a, 960 x 100
Size 545 kB (544866 bytes)
Hash 0300f77afbd598a329dacc7ee514ed89
0e4ba2c66d128027438f5475e9c768e0e0e5d7f2
68e5fe2b75355cb369ff9ff8d6fed71d4dca58f7d1f7720695be58afd90a183b
GET /mt2023/cq.gif HTTP/1.1
Host: cq.tpsy9999.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://dz-lh64958.jiujiutuku.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 30 Apr 2024 12:15:30 GMT
content-type: image/gif
content-length: 544866
last-modified: Thu, 21 Dec 2023 13:16:21 GMT
etag: "65843aa5-85062"
expires: Wed, 29 May 2024 15:15:20 GMT
cache-control: max-age=2592000
server: cdn
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
xgkj-644222.lookcame.com/chajian/bm.js
23.26.192.131200 OK 5.0 kB URL GET HTTP/1.1 xgkj-644222.lookcame.com/chajian/bm.js
IP 23.26.192.131:443
Requested by https://xgkj-644222.lookcame.com/chajian/H.html
Certificate IssuerSectigo Limited
Subjectxgkj-644222.lookcame.com
FingerprintDA:76:38:AD:7C:5E:F7:60:A5:01:A5:9B:0F:D9:A2:C9:7C:35:0F:61
ValidityWed, 24 Apr 2024 00:00:00 GMT - Wed, 27 Nov 2024 23:59:59 GMT
File type JavaScript source, Unicode text, UTF-8 (with BOM) text, with very long lines (12205), with CRLF line terminators
Hash 85ecdf607988b70b9052d4f7f8c96de4
c8f77cebfa8f81e5c7580728e9dbb62739344211
2430e259261f594d7429ad51e30ee4c0fed466bd2f5ea8c249091b75b39ce03f
GET /chajian/bm.js HTTP/1.1
Host: xgkj-644222.lookcame.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xgkj-644222.lookcame.com/chajian/H.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Wed, 14 Feb 2024 05:33:02 GMT
Accept-Ranges: bytes
ETag: "0fbe94675fda1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Tue, 30 Apr 2024 12:15:30 GMT
Content-Length: 4969
dz-lh64958.jiujiutuku.com/favicon.ico
104.234.34.103404 Not Found 146 B URL GET HTTP/1.1 dz-lh64958.jiujiutuku.com/favicon.ico
IP 104.234.34.103:80
Requested by http://dz-lh64958.jiujiutuku.com/#2
File type HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
GET /favicon.ico HTTP/1.1
Host: dz-lh64958.jiujiutuku.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://dz-lh64958.jiujiutuku.com/
Cookie: Hm_lvt_d5c1b27da4a454bd33d3bcbebbdc3da7=1714479331; Hm_lpvt_d5c1b27da4a454bd33d3bcbebbdc3da7=1714479331
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Server: nginx
Date: Tue, 30 Apr 2024 12:15:31 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive
hm.baidu.com/hm.js?8ad181435b98628e18f7017f8b573829
111.45.3.198200 OK 0 B URL GET HTTP/1.1 hm.baidu.com/hm.js?8ad181435b98628e18f7017f8b573829
IP 111.45.3.198:443
ASN #56040 China Mobile communications corporation
Requested by https://xgkj-644222.lookcame.com/chajian/H.html
Certificate IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /hm.js?8ad181435b98628e18f7017f8b573829 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xgkj-644222.lookcame.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 0
Date: Tue, 30 Apr 2024 12:15:32 GMT
Server: apache
Strict-Transport-Security: max-age=172800
Content-Type: text/plain; charset=utf-8
libs.baidu.com/jquery/1.9.1/jquery.min.js
39.156.66.111200 OK 33 kB URL GET HTTP/1.1 libs.baidu.com/jquery/1.9.1/jquery.min.js
IP 39.156.66.111:443
ASN #9808 China Mobile Communications Group Co., Ltd.
Requested by https://xgkj-644222.lookcame.com/chajian/H.html
Certificate IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT
File type JavaScript source, ASCII text, with very long lines (32089), with CRLF line terminators
Hash 383771ef1692bfcc3f2b6917ca985778
a1ce0bfa507f23cc414a9a7634bd73b994bb3b35
20638e363fcc5152155f24b281303e17da62da62d24ef5dcf863b184d9a25734
GET /jquery/1.9.1/jquery.min.js HTTP/1.1
Host: libs.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xgkj-644222.lookcame.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: max-age=2592000
Connection: keep-alive
Content-Encoding: gzip
Content-Type: application/x-javascript
Date: Tue, 30 Apr 2024 12:15:33 GMT
Expires: Thu, 30 May 2024 12:15:33 GMT
Last-Modified: Wed, 07 Jan 2015 09:16:30 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Server: Apache
Set-Cookie: BAIDUID=FAEAB67FE1049D6A7148084336B1C0B6:FG=1; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2145916555; path=/; domain=.baidu.com; version=1
Strict-Transport-Security: max-age=87600
Vary: Accept-Encoding
Transfer-Encoding: chunked
xgkj-644222.lookcame.com/chajian/bmjg.js?_=1714479334235
23.26.192.131200 OK 222 B URL GET HTTP/1.1 xgkj-644222.lookcame.com/chajian/bmjg.js?_=1714479334235
IP 23.26.192.131:443
Requested by https://xgkj-644222.lookcame.com/chajian/H.html
Certificate IssuerSectigo Limited
Subjectxgkj-644222.lookcame.com
FingerprintDA:76:38:AD:7C:5E:F7:60:A5:01:A5:9B:0F:D9:A2:C9:7C:35:0F:61
ValidityWed, 24 Apr 2024 00:00:00 GMT - Wed, 27 Nov 2024 23:59:59 GMT
File type Unicode text, UTF-8 (with BOM) text, with no line terminators
Hash 3a3faf1c43167051483f7f9e748add9f
e15bd89bc368f46b589459ff96c8c17255dd72dc
7791ae5d6343970d6e9d5d0b46bd20aa39f16466b10e1c0d89167bc57d575716
GET /chajian/bmjg.js?_=1714479334235 HTTP/1.1
Host: xgkj-644222.lookcame.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://xgkj-644222.lookcame.com/chajian/H.html
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 27 Apr 2024 05:34:35 GMT
Accept-Ranges: bytes
ETag: "c52f1966498da1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Tue, 30 Apr 2024 12:15:33 GMT
Content-Length: 222
xgkj-644222.lookcame.com/chajian/bmjg.js?_=1714479334236
23.26.192.131200 OK 222 B URL GET HTTP/1.1 xgkj-644222.lookcame.com/chajian/bmjg.js?_=1714479334236
IP 23.26.192.131:443
Requested by https://xgkj-644222.lookcame.com/chajian/H.html
Certificate IssuerSectigo Limited
Subjectxgkj-644222.lookcame.com
FingerprintDA:76:38:AD:7C:5E:F7:60:A5:01:A5:9B:0F:D9:A2:C9:7C:35:0F:61
ValidityWed, 24 Apr 2024 00:00:00 GMT - Wed, 27 Nov 2024 23:59:59 GMT
File type Unicode text, UTF-8 (with BOM) text, with no line terminators
Hash 3a3faf1c43167051483f7f9e748add9f
e15bd89bc368f46b589459ff96c8c17255dd72dc
7791ae5d6343970d6e9d5d0b46bd20aa39f16466b10e1c0d89167bc57d575716
GET /chajian/bmjg.js?_=1714479334236 HTTP/1.1
Host: xgkj-644222.lookcame.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://xgkj-644222.lookcame.com/chajian/H.html
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 27 Apr 2024 05:34:35 GMT
Accept-Ranges: bytes
ETag: "c52f1966498da1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Tue, 30 Apr 2024 12:15:34 GMT
Content-Length: 222
xgkj-644222.lookcame.com/chajian/bmjg.js?_=1714479334237
23.26.192.131200 OK 222 B URL GET HTTP/1.1 xgkj-644222.lookcame.com/chajian/bmjg.js?_=1714479334237
IP 23.26.192.131:443
Requested by https://xgkj-644222.lookcame.com/chajian/H.html
Certificate IssuerSectigo Limited
Subjectxgkj-644222.lookcame.com
FingerprintDA:76:38:AD:7C:5E:F7:60:A5:01:A5:9B:0F:D9:A2:C9:7C:35:0F:61
ValidityWed, 24 Apr 2024 00:00:00 GMT - Wed, 27 Nov 2024 23:59:59 GMT
File type Unicode text, UTF-8 (with BOM) text, with no line terminators
Hash 3a3faf1c43167051483f7f9e748add9f
e15bd89bc368f46b589459ff96c8c17255dd72dc
7791ae5d6343970d6e9d5d0b46bd20aa39f16466b10e1c0d89167bc57d575716
GET /chajian/bmjg.js?_=1714479334237 HTTP/1.1
Host: xgkj-644222.lookcame.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://xgkj-644222.lookcame.com/chajian/H.html
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 27 Apr 2024 05:34:35 GMT
Accept-Ranges: bytes
ETag: "c52f1966498da1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Tue, 30 Apr 2024 12:15:36 GMT
Content-Length: 222
xgkj-644222.lookcame.com/chajian/bmjg.js?_=1714479334238
23.26.192.131503 Service Unavailable 326 B URL GET HTTP/1.1 xgkj-644222.lookcame.com/chajian/bmjg.js?_=1714479334238
IP 23.26.192.131:443
Requested by https://xgkj-644222.lookcame.com/chajian/H.html
Certificate IssuerSectigo Limited
Subjectxgkj-644222.lookcame.com
FingerprintDA:76:38:AD:7C:5E:F7:60:A5:01:A5:9B:0F:D9:A2:C9:7C:35:0F:61
ValidityWed, 24 Apr 2024 00:00:00 GMT - Wed, 27 Nov 2024 23:59:59 GMT
File type HTML document, ASCII text, with CRLF line terminators
Hash bf3231d7fad0292d818aac7d6d669f00
c29683b3788d729a5fc4504279d10e31da60745c
fb2d9f058c2010c57f86a05ae33d282f33e3825290c66b8b120cd177416c6bdf
GET /chajian/bmjg.js?_=1714479334238 HTTP/1.1
Host: xgkj-644222.lookcame.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://xgkj-644222.lookcame.com/chajian/H.html
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 503 Service Unavailable
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Tue, 30 Apr 2024 12:15:37 GMT
Connection: close
Content-Length: 326
hfhw-222141.zhejiangwenzhou.com/images/bg.gif
199.119.203.114200 OK 22 kB URL GET HTTP/1.1 hfhw-222141.zhejiangwenzhou.com/images/bg.gif
IP 199.119.203.114:80
Requested by http://dz-lh64958.jiujiutuku.com/#2
File type GIF image data, version 89a, 198 x 198
Hash 5475f340eaa8a7e069826c8c172562ed
43e3e6d1d8391854584ade24df4a2a40d121f689
e41d2163cd518827834b20c5c9bc6246a4ab60f03791c4c35f0f5b8ec5324d29
GET /images/bg.gif HTTP/1.1
Host: hfhw-222141.zhejiangwenzhou.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://dz-lh64958.jiujiutuku.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 30 Apr 2024 12:15:30 GMT
Content-Type: image/gif
Content-Length: 22445
Last-Modified: Sun, 19 Dec 2021 14:51:45 GMT
Connection: keep-alive
ETag: "61bf4701-57ad"
Expires: Thu, 30 May 2024 12:15:30 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
xgkj-644222.lookcame.com/chajian/bmjg.js?_=1714479334239
23.26.192.131200 OK 222 B URL GET HTTP/1.1 xgkj-644222.lookcame.com/chajian/bmjg.js?_=1714479334239
IP 23.26.192.131:443
Requested by https://xgkj-644222.lookcame.com/chajian/H.html
Certificate IssuerSectigo Limited
Subjectxgkj-644222.lookcame.com
FingerprintDA:76:38:AD:7C:5E:F7:60:A5:01:A5:9B:0F:D9:A2:C9:7C:35:0F:61
ValidityWed, 24 Apr 2024 00:00:00 GMT - Wed, 27 Nov 2024 23:59:59 GMT
File type Unicode text, UTF-8 (with BOM) text, with no line terminators
Hash 3a3faf1c43167051483f7f9e748add9f
e15bd89bc368f46b589459ff96c8c17255dd72dc
7791ae5d6343970d6e9d5d0b46bd20aa39f16466b10e1c0d89167bc57d575716
GET /chajian/bmjg.js?_=1714479334239 HTTP/1.1
Host: xgkj-644222.lookcame.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://xgkj-644222.lookcame.com/chajian/H.html
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 27 Apr 2024 05:34:35 GMT
Accept-Ranges: bytes
ETag: "c52f1966498da1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Tue, 30 Apr 2024 12:15:40 GMT
Content-Length: 222
xgkj-644222.lookcame.com/chajian/bmjg.js?_=1714479334240
23.26.192.131200 OK 222 B URL GET HTTP/1.1 xgkj-644222.lookcame.com/chajian/bmjg.js?_=1714479334240
IP 23.26.192.131:443
Requested by https://xgkj-644222.lookcame.com/chajian/H.html
Certificate IssuerSectigo Limited
Subjectxgkj-644222.lookcame.com
FingerprintDA:76:38:AD:7C:5E:F7:60:A5:01:A5:9B:0F:D9:A2:C9:7C:35:0F:61
ValidityWed, 24 Apr 2024 00:00:00 GMT - Wed, 27 Nov 2024 23:59:59 GMT
File type Unicode text, UTF-8 (with BOM) text, with no line terminators
Hash 3a3faf1c43167051483f7f9e748add9f
e15bd89bc368f46b589459ff96c8c17255dd72dc
7791ae5d6343970d6e9d5d0b46bd20aa39f16466b10e1c0d89167bc57d575716
GET /chajian/bmjg.js?_=1714479334240 HTTP/1.1
Host: xgkj-644222.lookcame.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://xgkj-644222.lookcame.com/chajian/H.html
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 27 Apr 2024 05:34:35 GMT
Accept-Ranges: bytes
ETag: "c52f1966498da1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Tue, 30 Apr 2024 12:15:41 GMT
Content-Length: 222
xgkj-644222.lookcame.com/chajian/bmjg.js?_=1714479334241
23.26.192.131 326 B URL GET xgkj-644222.lookcame.com/chajian/bmjg.js?_=1714479334241
IP 23.26.192.131:0
Requested by https://xgkj-644222.lookcame.com/chajian/H.html
Certificate IssuerSectigo Limited
Subjectxgkj-644222.lookcame.com
FingerprintDA:76:38:AD:7C:5E:F7:60:A5:01:A5:9B:0F:D9:A2:C9:7C:35:0F:61
ValidityWed, 24 Apr 2024 00:00:00 GMT - Wed, 27 Nov 2024 23:59:59 GMT
File type HTML document, ASCII text, with CRLF line terminators
Hash bf3231d7fad0292d818aac7d6d669f00
c29683b3788d729a5fc4504279d10e31da60745c
fb2d9f058c2010c57f86a05ae33d282f33e3825290c66b8b120cd177416c6bdf
GET /chajian/bmjg.js?_=1714479334241 HTTP/1.1
Host: xgkj-644222.lookcame.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://xgkj-644222.lookcame.com/chajian/H.html
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 503 Service Unavailable
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Tue, 30 Apr 2024 12:15:43 GMT
Connection: close
Content-Length: 326
dz-lh64958.jiujiutuku.com/
0.0.0.0 0 B URL User Request GET dz-lh64958.jiujiutuku.com/
IP 0.0.0.0:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: dz-lh64958.jiujiutuku.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://42878.com/
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
dz-lh64958.jiujiutuku.com/
104.234.34.103200 OK 805 kB URL User Request GET HTTP/1.1 dz-lh64958.jiujiutuku.com/
IP 104.234.34.103:80
File type HTML document, Unicode text, UTF-8 text, with very long lines (918)
Size 805 kB (804776 bytes)
Hash 7296ec451168a5a86821abf0bf24ccf8
48f36d6b92828490bce4abbd849e41f0edb28190
a709e68f7f093a8c89cd1f8052cd78c0ddc5ae4ede0b3f8ef3f46184ee0b125d
Analyzer Verdict Alert Public Nextron YARA rules malware Detects hex encoded code that has been base64 encoded
GET / HTTP/1.1
Host: dz-lh64958.jiujiutuku.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://42878.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 30 Apr 2024 12:15:29 GMT
Content-Type: text/html
Last-Modified: Tue, 30 Apr 2024 08:27:50 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6630ab86-c47a8"
Content-Encoding: gzip
gggppp666.com/965960.gif
0.0.0.0 0 B IP 0.0.0.0:0
Requested by http://dz-lh64958.jiujiutuku.com/#2
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /965960.gif HTTP/1.1
Host: gggppp666.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://dz-lh64958.jiujiutuku.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache