Report - 97zg.com/index.php/page/index/hzhb

Report Overview

Submitted URL
97zg.com/index.php/page/index/hzhb
IP
104.250.44.3
ASN
#137280 Kingsoft cloud corporation limited
Submitted
2023-01-14 06:11:49
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
12

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	341 B	736 B	93.184.220.29
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	62 kB	34.120.237.76
www.97zg.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.0 kB	146 kB	23.236.99.193
ocsp.globalsign.com	2075	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	359 B	1.9 kB	104.18.20.226
s11.cnzz.com	106882	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	294 B	686 B	150.138.98.224
www.baidu.com	3121	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	350 B	499 B	104.193.88.123
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.7 kB	7.1 kB	23.33.119.27
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	52.43.179.154
97zg.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	365 B	481 B	23.236.99.193
hm.baidu.com	8254	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.2 kB	12 kB	103.235.46.191
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	35.241.9.150
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	391 B	34.117.237.239

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-01-14	medium	97zg.com/index.php/page/index/hzhb	Malware
2023-01-14	medium	www.97zg.com/index.php/page/index/hzhb	Malware
2023-01-14	medium	www.97zg.com/csdj/js/logajax.js	Malware
2023-01-14	medium	www.97zg.com/index.php/sitemap	Malware
2023-01-14	medium	www.97zg.com/skins/index/default/js/common.js	Malware
2023-01-14	medium	www.97zg.com/skins/index/default/js/jquery.js	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (14)

	URL	Size	First Seen	Last Seen
	www.97zg.com/index.php/page/index/hzhb	147 B	2023-03-12	2023-10-31
Pretty URL www.97zg.com/index.php/page/index/hzhb IP 23.236.99.193 ASN #21859 ZEN-ECN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 22:49:59 Last Seen2023-10-31 13:54:54 Times Seen2 Hash 3fb2378f15ebff457b4e08c6858c474c 93cc9b98f6af51420854e310c595a921cbb94956 2d0ec76515280b4934968f854a511d7f624cb0e4dfc4835a0e5bb408239bdf46 Loading...

	www.97zg.com/index.php/page/index/hzhb	16 B	2023-03-12	2023-03-26
Pretty URL www.97zg.com/index.php/page/index/hzhb IP 23.236.99.193 ASN #21859 ZEN-ECN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 14:46:13 Last Seen2023-03-26 10:40:41 Times Seen3 Hash fcd6d80f670ab5f7c9b82db73507d84d f16bb44c093b26661339b1cb89a5c912a7f9e72b 89f6f97ad41e0acd5b22ddc1ac9a7107ef7a3a8e99c2e2e42591dff54e63cc28 Loading...

	www.97zg.com/index.php/page/index/hzhb	423 B	2023-03-12	2023-03-14
Pretty URL www.97zg.com/index.php/page/index/hzhb IP 23.236.99.193 ASN #21859 ZEN-ECN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 22:49:59 Last Seen2023-03-14 16:04:07 Times Seen1 Hash 6d35b93bd428d583fa7deb269511e80a 5675c9e8e2ab0cb7e18c8e66cd39124f35a8bbcc 126aba273cae57e2b32ee0e5d17f3f642e46b2436b1c4af795ec0e2df573bbaa Loading...

	www.97zg.com/index.php/page/index/hzhb	394 B	2023-03-12	2023-03-14
Pretty URL www.97zg.com/index.php/page/index/hzhb IP 23.236.99.193 ASN #21859 ZEN-ECN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 14:46:13 Last Seen2023-03-14 16:04:07 Times Seen1 Hash 2c75887f8da7b6377ce00f26660272c4 70cc3aa267d0e80c36e8741f3fd89637786dac41 84fd60a452b8b5ceea287f23d1f63ef0bf414cab4aacac71bd42101597e0628d Loading...

	www.97zg.com/index.php/page/index/hzhb	29 B	2023-03-12	2023-03-12
Pretty URL www.97zg.com/index.php/page/index/hzhb IP 23.236.99.193 ASN #21859 ZEN-ECN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 22:49:59 Last Seen2023-03-12 22:49:59 Times Seen1 Hash cfe89b5941b6ae16470a52b6bff275d2 5acd56c539a782708a4b5c231f445717efe2fb0c 83b482f8543317014fbad1c023828283fbfc39eed832af4304990ae8be07e103 Loading...

	www.97zg.com/index.php/page/index/hzhb	83 B	2023-03-12	2023-03-12
Pretty URL www.97zg.com/index.php/page/index/hzhb IP 23.236.99.193 ASN #21859 ZEN-ECN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 22:49:59 Last Seen2023-03-12 22:49:59 Times Seen1 Hash e114b97f6e16729664b783d5b5b88d5d 33c54cbcc4b662c340b7bcc6b7757bdf11c19ee2 5f5a2081e83067e0a192146bc66a79d1e1f17c2bdacae92e735b86e77fb085ce Loading...

	www.97zg.com/index.php/page/index/hzhb	299 B	2023-03-12	2023-10-31
Pretty URL www.97zg.com/index.php/page/index/hzhb IP 23.236.99.193 ASN #21859 ZEN-ECN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 14:46:13 Last Seen2023-10-31 13:54:54 Times Seen2 Hash df40e9ed51d022928443cc100bd03a7c ba8ac5ea0e0d0cbef964bc0e5e04deab95e0a707 e81a06506086f3d6fa7cdac25a13c7f4df54702438e5dbf8604e5404400f917e Loading...

	s11.cnzz.com/stat.php?id=1253879096&show=pic	0 B	2023-03-07	2024-04-26
Pretty URL s11.cnzz.com/stat.php?id=1253879096&show=pic IP 150.138.98.224 ASN #58541 Qingdao,266000 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-26 14:57:11 Times Seen37093740 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	hm.baidu.com/hm.js?baf10682a4bac501cee703362b1f3d20	30 kB	2023-03-12	2023-03-12
Pretty URL hm.baidu.com/hm.js?baf10682a4bac501cee703362b1f3d20 IP 103.235.46.191 ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 22:49:59 Last Seen2023-03-12 22:49:59 Times Seen1 Hash c55b4597fbd9c49e378f0d8996aa5a91 c6705a554dfdb80e1a6eaf85a55b7bc707989fa3 a63d49683521f5c2e5995bccda56e2c7f4686793df73445f3393e0839de2bfac Loading...

	www.97zg.com/csdj/js/logajax.js	6.0 kB	2023-03-12	2023-10-31
Pretty URL www.97zg.com/csdj/js/logajax.js IP 23.236.99.193 ASN #21859 ZEN-ECN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 14:46:13 Last Seen2023-10-31 13:54:54 Times Seen10 Hash 968b1d6529c1dc3b26041ebe84a2e629 24c311302fd72ae63cae63e5ff42e2c11529a915 6f383d125b790f9a83c7d7e6fc1bbc209331dd4942a29df0cecd4006f961a3d5 Loading...

	www.97zg.com/skins/index/default/js/common.js	7.0 kB	2023-03-12	2023-10-31
Pretty URL www.97zg.com/skins/index/default/js/common.js IP 23.236.99.193 ASN #21859 ZEN-ECN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 14:46:13 Last Seen2023-10-31 13:54:54 Times Seen3 Hash 5787fb9094f2cfce18b9f4be6c4eba2a 2d13ba76bbcc2b4bb6caee79def9f24519e66b57 dd427d42720bc559ec5d8e8c8fed5a716647b9f9d9f9eedd519bf52a435df202 Loading...

	www.97zg.com/skins/index/default/js/jquery.js	79 kB	2023-03-12	2023-10-31
Pretty URL www.97zg.com/skins/index/default/js/jquery.js IP 23.236.99.193 ASN #21859 ZEN-ECN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 22:17:30 Last Seen2023-10-31 13:54:54 Times Seen7 Hash 3cde07b746203d061284c5f40c6aa418 e6a7eec34cd054ef152df3e0e5f0626c6917c8ee f1c4dc00d6f7aa20991c9025755af0c285e2c8f624f2378e9d81276caebf9a16 Loading...

		Size	First Seen	Last Seen
	#1 Write - 5b499f89c700c4fb18b0a9b9dc1e47a1	156 B	2023-03-12	2023-10-31
Pretty Observations First Seen2023-03-12 14:46:13 Last Seen2023-10-31 13:54:54 Times Seen14 Hash 5b499f89c700c4fb18b0a9b9dc1e47a1 e8b51d4b41ae980416cf0364a00708b974081ffc a3a6f75265ec4a2cfee358996dac427138a6a7061c7a179aca95959334c95a19 Loading...

	#2 Write - c99b3f785a845cdb3eaacbf52ed8a460	143 B	2023-03-12	2023-10-31
Pretty Observations First Seen2023-03-12 14:46:13 Last Seen2023-10-31 13:54:54 Times Seen3 Hash c99b3f785a845cdb3eaacbf52ed8a460 c11a1ffd5a5bccd150bd616e22725b1a2e40dbc3 82e08c3c7687097437bd2a906edace542e41f20cbf684422f17d65dd07c2b5b1 Loading...

HTTP Transactions (35)

URL IP Response Size

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
cab5b63e128895128726181aff42e42e
d39c36237554fcd41addec0664d7fe7f7d157c06
18e82a5b82eb8f2d8b49df824c336015f19367c5a05467ad139a56db59f88852

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "18E82A5B82EB8F2D8B49DF824C336015F19367C5A05467AD139A56DB59F88852"
Last-Modified: Wed, 11 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4813
Expires: Sat, 14 Jan 2023 07:31:49 GMT
Date: Sat, 14 Jan 2023 06:11:36 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a8b4f1afb0e830b797238d34ab9254aa
e011acef3d05c959a65205d53b651ecd18a889fe
f7ceff5b4fda083c7449b7298c232224cf48a632dcb87233b646790de207d49c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F7CEFF5B4FDA083C7449B7298C232224CF48A632DCB87233B646790DE207D49C"
Last-Modified: Thu, 12 Jan 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5594
Expires: Sat, 14 Jan 2023 07:44:50 GMT
Date: Sat, 14 Jan 2023 06:11:36 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Alert, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 14 Jan 2023 05:48:53 GMT
content-type: application/json
age: 1363
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
0f4ecf4f26be1ba09e61135b1b488bf4
f16b8277e00033bc990a8bcce54b693cb3c87d62
3018c2a228f0a894d217e8e8b0b8dd060527f06879cd2f469bac6c8766acbbf8

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3018C2A228F0A894D217E8E8B0B8DD060527F06879CD2F469BAC6C8766ACBBF8"
Last-Modified: Wed, 11 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2917
Expires: Sat, 14 Jan 2023 07:00:13 GMT
Date: Sat, 14 Jan 2023 06:11:36 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: QSY+5/iC7XMt1f9lHfzfFXiSb6TjEoGlJve6cRIuHueb8xy0N/clf4Tk5acbJKvZOQdJku69tNs=
x-amz-request-id: WBR9AYT64AN15YPA
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 14 Jan 2023 05:43:37 GMT
age: 1679
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 14 Jan 2023 06:11:36 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Expires, Pragma, Content-Type, Backoff, Last-Modified, Cache-Control, ETag
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 14 Jan 2023 05:33:45 GMT
age: 2272
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
b1e3535cab3c1ac295b1412126a9325c
d1bdf1b8663817ae34b6182db29d6b20666779e7
90c4ecd4b0782647fd78110b5bacfb73d2b05aae4de789a90318574407dfb565

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 434
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 14 Jan 2023 06:11:37 GMT
Last-Modified: Sat, 14 Jan 2023 06:04:23 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

52.43.179.154

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.43.179.154:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: e+YtBbYsjgcb0EUz9MbolQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: +UQ7Cuy/qx7Z0j7q4278rVS33bY=

97zg.com/index.php/page/index/hzhb

23.236.99.193

301 Moved Permanently

0 B

URL HTTP/1.1
97zg.com/index.php/page/index/hzhb
IP
23.236.99.193:0
ASN
#21859 ZEN-ECN

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /index.php/page/index/hzhb HTTP/1.1
Host: 97zg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Server: Microsoft-IIS/7.5
Location: http://www.97zg.com/index.php/page/index/hzhb
Date: Sat, 14 Jan 2023 06:11:37 GMT
Accept-Ranges: bytes
X-Powered-By: WAF/2.0
x-link-via: dallas01:80;lsj12:80;
x-b2f-cs-cache: no-cache
X-Cache-Status: MISS from KS-CLOUD-LSJ-12-03, MISS from KS-CLOUD-DALLAS-FOREIGN-01-03
X-Cdn-Request-ID: c80dd632840b9db8b14cb40299f8a587

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
256e39696ba05f2324bbc49b2a396115
e1cf8b15abd0a20eb1218be517c03459514a59e0
d576a66e6b39751bdbc7b662454d37866b75efef1aa51761daba61783d755bc9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D576A66E6B39751BDBC7B662454D37866B75EFEF1AA51761DABA61783D755BC9"
Last-Modified: Thu, 12 Jan 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5425
Expires: Sat, 14 Jan 2023 07:42:03 GMT
Date: Sat, 14 Jan 2023 06:11:38 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
256e39696ba05f2324bbc49b2a396115
e1cf8b15abd0a20eb1218be517c03459514a59e0
d576a66e6b39751bdbc7b662454d37866b75efef1aa51761daba61783d755bc9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D576A66E6B39751BDBC7B662454D37866B75EFEF1AA51761DABA61783D755BC9"
Last-Modified: Thu, 12 Jan 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5425
Expires: Sat, 14 Jan 2023 07:42:03 GMT
Date: Sat, 14 Jan 2023 06:11:38 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
256e39696ba05f2324bbc49b2a396115
e1cf8b15abd0a20eb1218be517c03459514a59e0
d576a66e6b39751bdbc7b662454d37866b75efef1aa51761daba61783d755bc9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D576A66E6B39751BDBC7B662454D37866B75EFEF1AA51761DABA61783D755BC9"
Last-Modified: Thu, 12 Jan 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5425
Expires: Sat, 14 Jan 2023 07:42:03 GMT
Date: Sat, 14 Jan 2023 06:11:38 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
256e39696ba05f2324bbc49b2a396115
e1cf8b15abd0a20eb1218be517c03459514a59e0
d576a66e6b39751bdbc7b662454d37866b75efef1aa51761daba61783d755bc9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D576A66E6B39751BDBC7B662454D37866B75EFEF1AA51761DABA61783D755BC9"
Last-Modified: Thu, 12 Jan 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5425
Expires: Sat, 14 Jan 2023 07:42:03 GMT
Date: Sat, 14 Jan 2023 06:11:38 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
256e39696ba05f2324bbc49b2a396115
e1cf8b15abd0a20eb1218be517c03459514a59e0
d576a66e6b39751bdbc7b662454d37866b75efef1aa51761daba61783d755bc9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D576A66E6B39751BDBC7B662454D37866B75EFEF1AA51761DABA61783D755BC9"
Last-Modified: Thu, 12 Jan 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5425
Expires: Sat, 14 Jan 2023 07:42:03 GMT
Date: Sat, 14 Jan 2023 06:11:38 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F750e055f-1243-4c70-87b9-582708543ae4.jpeg

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F750e055f-1243-4c70-87b9-582708543ae4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10337 bytes)
Hash
0da64df67061f18811c06143292c4d5c
866288df55737a8e66ea1c0d460f72e0c9367173
611b58debf4cf0425e401878ff8fcd06ed9551b638520711e146e23c8b34575d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F750e055f-1243-4c70-87b9-582708543ae4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10337
x-amzn-requestid: d76c1d2b-78b3-40fd-bf51-39151337ea0e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: etN87GJ3IAMFqqQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c1f6b8-21f54dee09a33f1e5cd20e79;Sampled=0
x-amzn-remapped-date: Sat, 14 Jan 2023 00:26:32 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: PCN3LvHgc5rPRghKY4yGj9PD6jOHUj7eWz7Ir7L1wda7LLbmUgNO_Q==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 14 Jan 2023 04:07:30 GMT
age: 7448
etag: "866288df55737a8e66ea1c0d460f72e0c9367173"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F217f47b7-7266-4f31-a889-da2550827aab.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.9 kB (8871 bytes)
Hash
52e72b1dbc9a93274c080eade6dbe9d5
a43c0b04bb01df4f56567a54ef39baf5d6cdd75d
80824298f622522bbf538a719c5586d953e5a7c245d4eb2344131dde7b937ad4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F217f47b7-7266-4f31-a889-da2550827aab.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8871
x-amzn-requestid: e56a0195-3705-4650-b2af-4dde36516690
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: enjNoHxVoAMF5YA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63bfb257-365691b672f1ae5a0f0fd5e4;Sampled=0
x-amzn-remapped-date: Thu, 12 Jan 2023 07:10:15 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Fng_0UgXEGOlOfegLifoC2GpbBTBSAbj_cuCLlEx4I0Olzo1jHB0rg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 13 Jan 2023 07:14:10 GMT
age: 82648
etag: "a43c0b04bb01df4f56567a54ef39baf5d6cdd75d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

14 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd91e555-c9f3-4166-92be-27db2e1919b6.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
14 kB (13626 bytes)
Hash
afcc8f4875f4b74ca0640829b689731e
584d0e11665ae89f9a294baf1e9bb4f0e4e9a4df
3e487396389c4330abc99bc99053eecc6aaf56f7afa398d70c30e1f4709577a0

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd91e555-c9f3-4166-92be-27db2e1919b6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 13626
x-amzn-requestid: 4769eaeb-0c78-4054-ad47-eefdd6ab2d03
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eWHMZErbIAMF6sQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b8b8b5-4c7bacfe060899044e361f70;Sampled=0
x-amzn-remapped-date: Sat, 07 Jan 2023 00:11:33 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: JRzc2Mcl4EasyH6_1kFh7sr-57f1HNDu-YN8YptDe_kcTET9x8P9LA==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Fri, 13 Jan 2023 14:03:21 GMT
age: 58097
etag: "584d0e11665ae89f9a294baf1e9bb4f0e4e9a4df"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa2ecf6b3-8443-4b47-96b6-2695fa885f0d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.4 kB (7437 bytes)
Hash
d3c35722c1c8a0b7a17b5a48a352aa64
4a939794eb33d9fb1b2cc56ca92f683a7d28e407
073d355bfc201c7feb4af2d1fac623fe7803f081c28467fa72b363074b0446a4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa2ecf6b3-8443-4b47-96b6-2695fa885f0d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7437
x-amzn-requestid: 0efc1457-5919-4244-9837-6e75d03ef1d6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: enAd0F0poAMF6PA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63bf7abe-24df70ad7e1811a744a7c9de;Sampled=0
x-amzn-remapped-date: Thu, 12 Jan 2023 03:13:02 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: GHOHtSwiU15cNal3kPt8BOKwjvozSDeXZ2zxhuGQcBjN6FYXAdjMDw==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 14 Jan 2023 03:59:23 GMT
age: 7935
etag: "4a939794eb33d9fb1b2cc56ca92f683a7d28e407"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F917985a1-aa8d-4c0a-860c-0b16c203387e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.2 kB (8181 bytes)
Hash
d24ea1f095f492934a1f1c63f5d8590c
dade37148c9b9a941f93a8535d8ddc5de3952623
2d8e3f90eb347eb3479a6c5d20a1c2ca6a0560f335a6c6800948db2640e4c878

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F917985a1-aa8d-4c0a-860c-0b16c203387e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8181
x-amzn-requestid: 7ada8fbd-58e6-4433-a532-b4a4ef93ac9c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: es0paH-OIAMFg5A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c1ce3c-582529522dbb67ee728484f8;Sampled=0
x-amzn-remapped-date: Fri, 13 Jan 2023 21:33:48 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: AHjOmYxva5avyA3gt9DvYLas_B2ACimer5QRQOi919HDtSjnKq22lw==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Fri, 13 Jan 2023 21:36:45 GMT
age: 30893
etag: "dade37148c9b9a941f93a8535d8ddc5de3952623"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F44dfed94-1e38-4105-8fc7-5ab0ae001cdd.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.5 kB (7466 bytes)
Hash
6df192c1053dbe9de29f29608e76dabe
b4a13de14cfeca5113726f4e08cf25285bcc35c8
c55be5facddfb5d5e3147ec009300761b1e60ac8c8f2ec066c9c91ef4832a02a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F44dfed94-1e38-4105-8fc7-5ab0ae001cdd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7466
x-amzn-requestid: 9c471b0d-4db5-4571-9913-0c372594a239
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: enAczGcZoAMFZ0A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63bf7ab8-249769bd788217df7c2b35d6;Sampled=0
x-amzn-remapped-date: Thu, 12 Jan 2023 03:12:56 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: wVx0mfwLJHF2SuJ1IXeMa147-LKz97Yb1BBte9P1o3-tu_9yI5Fv9w==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sat, 14 Jan 2023 03:32:03 GMT
age: 9575
etag: "b4a13de14cfeca5113726f4e08cf25285bcc35c8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

www.97zg.com/index.php/page/index/hzhb

23.236.99.193

200 OK

7.4 kB

URL HTTP/1.1
www.97zg.com/index.php/page/index/hzhb
IP
23.236.99.193:0
ASN
#21859 ZEN-ECN

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ISO-8859 text, with very long lines (556), with CRLF, LF line terminators
Size
7.4 kB (7412 bytes)
Hash
4d8f40690ab57ebc89594c0c80dee969
9e1c30fb606935e7225de990aa0aef4ded2418c8
f0bf00525a31506adab3a24e944a302088a57c89cb7a09f4c7de0fc037984d6a

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /index.php/page/index/hzhb HTTP/1.1
Host: www.97zg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Content-Type: text/html; charset=gbk
Content-Length: 7412
Connection: keep-alive
Server: Microsoft-IIS/7.5
Date: Thu, 12 Jan 2023 23:33:03 GMT
Expires: Sat, 11 Feb 2023 23:33:03 GMT
Age: 110315
Accept-Ranges: bytes
X-Powered-By: WAF/2.0
x-link-via: dallas01:80;lsj12:80;
X-Cache-Status: HIT from KS-CLOUD-LSJ-12-03, HIT from KS-CLOUD-DALLAS-FOREIGN-01-03
X-Cdn-Request-ID: 9f1884c34a3b9debfefc613f47530260

www.97zg.com/skins/index/default/css/style.css

23.236.99.193

200 OK

14 kB

URL HTTP/1.1
www.97zg.com/skins/index/default/css/style.css
IP
23.236.99.193:0
ASN
#21859 ZEN-ECN

File type
ISO-8859 text, with very long lines (366)
Size
14 kB (14397 bytes)
Hash
e34468a9d33a28c31da94e9e7757e265
cf19538b0f545d43db41afbbd9b4af87317fce74
f9ee7ece17133e9107d5914efba68c43599de82eb4e49edf239cf016cacbd0dc

HTTP Headers

GET /skins/index/default/css/style.css HTTP/1.1
Host: www.97zg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.97zg.com/index.php/page/index/hzhb

HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 14397
Connection: keep-alive
Server: Microsoft-IIS/7.5
ETag: "604e1cfa2e3d11:0"
Date: Wed, 11 Jan 2023 12:41:25 GMT
Last-Modified: Thu, 21 Jul 2016 03:50:09 GMT
Expires: Fri, 10 Feb 2023 12:41:25 GMT
Age: 235814
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding
X-Powered-By: WAF/2.0
x-link-via: dallas01:80;lsj12:80;
X-Cache-Status: HIT from KS-CLOUD-LSJ-12-01, HIT from KS-CLOUD-DALLAS-FOREIGN-01-02
X-Cdn-Request-ID: 747f7d76773ed2c37faf8a8f0f493a17

www.97zg.com/csdj/js/logajax.js

23.236.99.193

200 OK

2.2 kB

URL HTTP/1.1
www.97zg.com/csdj/js/logajax.js
IP
23.236.99.193:0
ASN
#21859 ZEN-ECN

File type
ISO-8859 text, with CRLF line terminators
Size
2.2 kB (2212 bytes)
Hash
38f5b0e2c8fdc839ddd9074c3cf7342f
53f98877f53f213c09167fbeb7002cffbc6e1dea
011b266ecfb1deb70045731d963a41b0ea5305de401711ab7b37da3fabd9af31

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /csdj/js/logajax.js HTTP/1.1
Host: www.97zg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.97zg.com/index.php/page/index/hzhb

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 2212
Connection: keep-alive
Server: Microsoft-IIS/7.5
ETag: "0a4965518bbd11:0"
Date: Fri, 13 Jan 2023 20:02:49 GMT
Last-Modified: Tue, 31 May 2016 08:42:16 GMT
Expires: Sun, 12 Feb 2023 20:02:49 GMT
Age: 36530
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding
X-Powered-By: WAF/2.0
x-link-via: dallas01:80;lsj12:80;
X-Cache-Status: MISS from KS-CLOUD-LSJ-12-03, HIT from KS-CLOUD-DALLAS-FOREIGN-01-02
X-Cdn-Request-ID: 41683f56d2f7bc7b4d8dfab0bb061f2e

www.97zg.com/index.php/sitemap

23.236.99.193

200 OK

0 B

URL HTTP/1.1
www.97zg.com/index.php/sitemap
IP
23.236.99.193:0
ASN
#21859 ZEN-ECN

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /index.php/sitemap HTTP/1.1
Host: www.97zg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.97zg.com/index.php/page/index/hzhb

HTTP/1.1 200 OK
Content-Type: text/html; charset=gbk
Content-Length: 0
Connection: keep-alive
Server: Microsoft-IIS/7.5
Date: Fri, 13 Jan 2023 20:05:15 GMT
Expires: Sun, 12 Feb 2023 20:05:15 GMT
Age: 36384
Accept-Ranges: bytes
X-Powered-By: WAF/2.0
x-link-via: dallas01:80;lsj12:80;
X-Cache-Status: HIT from KS-CLOUD-LSJ-12-03, HIT from KS-CLOUD-DALLAS-FOREIGN-01-02
X-Cdn-Request-ID: 2edef93308040d8810fd20474e1f4cc0

www.97zg.com/skins/index/default/js/common.js

23.236.99.193

200 OK

2.3 kB

URL HTTP/1.1
www.97zg.com/skins/index/default/js/common.js
IP
23.236.99.193:0
ASN
#21859 ZEN-ECN

File type
ISO-8859 text, with CRLF line terminators
Size
2.3 kB (2324 bytes)
Hash
b1b6abd94e605e117602046eec188d54
a2d6374944e5632d80378fe194f75d421265c245
856d97a2db8707e76aaa0f93521fc24ae9e7f8d42ea3e70daf6ef666b01e7c91

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /skins/index/default/js/common.js HTTP/1.1
Host: www.97zg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.97zg.com/index.php/page/index/hzhb

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 2324
Connection: keep-alive
Server: Microsoft-IIS/7.5
ETag: "abc9d6dd7c6cd51:0"
Date: Fri, 13 Jan 2023 06:40:55 GMT
Last-Modified: Mon, 16 Sep 2019 10:52:43 GMT
Expires: Sun, 12 Feb 2023 06:40:55 GMT
Age: 84643
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding
X-Powered-By: WAF/2.0
x-link-via: dallas01:80;lsj12:80;
X-Cache-Status: MISS from KS-CLOUD-LSJ-12-03, HIT from KS-CLOUD-DALLAS-FOREIGN-01-05
X-Cdn-Request-ID: 1cd9fe92509b13b97c122975c4f6e0b3

www.97zg.com/skins/index/default/js/jquery.js

23.236.99.193

200 OK

35 kB

URL HTTP/1.1
www.97zg.com/skins/index/default/js/jquery.js
IP
23.236.99.193:0
ASN
#21859 ZEN-ECN

File type
ASCII text, with very long lines (820)
Size
35 kB (34570 bytes)
Hash
da56bf91278681e7e4d23ecf85355ce0
234d95fc7728ea81b7385b083d2684a649c98e9c
4a8c8ee640e78e4414ffb8cc7308638f8d25dadbf530ae9916efc285d146f21a

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /skins/index/default/js/jquery.js HTTP/1.1
Host: www.97zg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.97zg.com/index.php/page/index/hzhb

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 34570
Connection: keep-alive
Server: Microsoft-IIS/7.5
ETag: "0f0d15018bbd11:0"
Date: Wed, 11 Jan 2023 14:47:45 GMT
Last-Modified: Tue, 31 May 2016 08:42:08 GMT
Expires: Fri, 10 Feb 2023 14:47:45 GMT
Age: 228234
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding
X-Powered-By: WAF/2.0
x-link-via: dallas01:80;lsj12:80;
X-Cache-Status: HIT from KS-CLOUD-LSJ-12-03, HIT from KS-CLOUD-DALLAS-FOREIGN-01-02
X-Cdn-Request-ID: 23aca4b4e0d7cefb92605c6ba496fe05

www.97zg.com/skins/index/default/images/logo.gif

23.236.99.193

200 OK

12 kB

URL HTTP/1.1
www.97zg.com/skins/index/default/images/logo.gif
IP
23.236.99.193:0
ASN
#21859 ZEN-ECN

File type
PNG image data, 190 x 47, 8-bit/color RGBA, non-interlaced\012- data
Size
12 kB (12186 bytes)
Hash
765008e73a68d5cf65dcf2a672e9b507
b64ed4ef0ef351a98907a30a0007a5fd4ccb49de
7f2f0226ca5df7fef71dcb4ae5f0a3fc26c02749884d2ec7800c43ee3419564f

HTTP Headers

GET /skins/index/default/images/logo.gif HTTP/1.1
Host: www.97zg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.97zg.com/index.php/page/index/hzhb

HTTP/1.1 200 OK
Content-Type: image/gif
Content-Length: 12186
Connection: keep-alive
Server: Microsoft-IIS/7.5
ETag: "0f0d15018bbd11:0"
Date: Fri, 16 Dec 2022 21:12:25 GMT
Last-Modified: Tue, 31 May 2016 08:42:08 GMT
Expires: Sun, 15 Jan 2023 21:12:25 GMT
Age: 2451554
Accept-Ranges: bytes
X-Powered-By: WAF/2.0
x-link-via: dallas01:80;lsj12:80;
X-Cache-Status: HIT from KS-CLOUD-LSJ-12-03, HIT from KS-CLOUD-DALLAS-FOREIGN-01-05
X-Cdn-Request-ID: a1b1d2c8c72ac0534920ff483c3df7e8

www.97zg.com/skins/index/default/images/menu-separator.gif

23.236.99.193

200 OK

1.1 kB

URL HTTP/1.1
www.97zg.com/skins/index/default/images/menu-separator.gif
IP
23.236.99.193:0
ASN
#21859 ZEN-ECN

File type
GIF image data, version 89a, 2 x 19\012- data
Size
1.1 kB (1098 bytes)
Hash
6c4c1313b6a1b9bf0dfa4bb6c4114146
d8174f6bd90e69106454f5829b40fd0c0dbcde22
506f45154641006d80a37423a46c076c9c468a2d3426fdc04a18b3842f368ec0

HTTP Headers

GET /skins/index/default/images/menu-separator.gif HTTP/1.1
Host: www.97zg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.97zg.com/skins/index/default/css/style.css

HTTP/1.1 200 OK
Content-Type: image/gif
Content-Length: 1098
Connection: keep-alive
Server: Microsoft-IIS/7.5
ETag: "0f0d15018bbd11:0"
Date: Mon, 09 Jan 2023 15:20:25 GMT
Last-Modified: Tue, 31 May 2016 08:42:08 GMT
Expires: Wed, 08 Feb 2023 15:20:25 GMT
Age: 399074
Accept-Ranges: bytes
X-Powered-By: WAF/2.0
x-link-via: dallas01:80;lsj12:80;
X-Cache-Status: HIT from KS-CLOUD-LSJ-12-01, HIT from KS-CLOUD-DALLAS-FOREIGN-01-02
X-Cdn-Request-ID: 81b45f7d493598c233ae8f5a44eb9992

ocsp.globalsign.com/gsrsaovsslca2018

104.18.20.226

200 OK

1.4 kB

URL HTTP/1.1
ocsp.globalsign.com/gsrsaovsslca2018
IP
104.18.20.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.4 kB (1432 bytes)
Hash
6c454310555297b4412aaeeb1c3009aa
a754938cb615f85d7a53674b2b334a00991bfb52
59510b054e492d288f8e7fa84da887d1c5a1625cea0a6ff996e8ad955e60e345

HTTP Headers

POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 14 Jan 2023 06:11:40 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Wed, 18 Jan 2023 04:40:47 GMT
ETag: "a754938cb615f85d7a53674b2b334a00991bfb52"
Last-Modified: Sat, 14 Jan 2023 04:40:48 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2961
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7894372faa640afa-OSL

s11.cnzz.com/stat.php?id=1253879096&show=pic

150.138.98.224

200 OK

20 B

URL HTTP/1.1
s11.cnzz.com/stat.php?id=1253879096&show=pic
IP
150.138.98.224:0
ASN
#58541 Qingdao,266000

File type
data
Size
20 B (20 bytes)
Hash
7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2

HTTP Headers

GET /stat.php?id=1253879096&show=pic HTTP/1.1
Host: s11.cnzz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.97zg.com/

HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/javascript
Content-Length: 20
Connection: keep-alive
Date: Sat, 14 Jan 2023 05:13:29 GMT
Vary: Accept-Encoding
X-Powered-By: PHP/5.5.25
Last-Modified: Sat, 14 Jan 2023 05:13:29 GMT
Cache-Control: max-age=1800,s-maxage=3600
Content-Encoding: gzip
Ali-Swift-Global-Savetime: 1673673209
Via: cache13.l2cn1807[325,325,200-0,M], cache49.l2cn1807[326,0], ens-cache21.cn4461[0,0,200-0,H], ens-cache13.cn4461[1,0]
Age: 3491
X-Cache: HIT TCP_MEM_HIT dirn:9:306537856
X-Swift-SaveTime: Sat, 14 Jan 2023 05:13:29 GMT
X-Swift-CacheTime: 3600
Timing-Allow-Origin: *
EagleId: 968a62a116736767002358667e

www.97zg.com/favicon.ico

23.236.99.193

200 OK

68 kB

URL HTTP/1.1
www.97zg.com/favicon.ico
IP
23.236.99.193:0
ASN
#21859 ZEN-ECN

File type
MS Windows icon resource - 1 icon, -128x-128, 32 bits/pixel\012- data
Size
68 kB (67646 bytes)
Hash
a92ada1cb61adea687796f0cdcf22233
b527ec32a6dc2ea9dce5790c8bf82556567d89a8
51efd402e6c5fab0d6b7691561bb19eea98830fa50b6bb02c121eee1e9a4fbae

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.97zg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.97zg.com/index.php/page/index/hzhb

HTTP/1.1 200 OK
Content-Type: image/x-icon
Content-Length: 67646
Connection: keep-alive
Server: Microsoft-IIS/7.5
ETag: "0d1c75618bbd11:0"
Date: Wed, 11 Jan 2023 01:30:55 GMT
Last-Modified: Tue, 31 May 2016 08:42:18 GMT
Expires: Fri, 10 Feb 2023 01:30:55 GMT
Age: 276045
Accept-Ranges: bytes
X-Powered-By: WAF/2.0
x-link-via: dallas01:80;lsj12:80;
X-Cache-Status: HIT from KS-CLOUD-LSJ-12-03, HIT from KS-CLOUD-DALLAS-FOREIGN-01-02
X-Cdn-Request-ID: 9672a198a728106354d273c5e6e2af87

www.baidu.com/index.php/user/ulog/index/index?random=0.9643510333527214

104.193.88.123

302 Found

231 B

URL HTTP/1.1
www.baidu.com/index.php/user/ulog/index/index?random=0.9643510333527214
IP
104.193.88.123:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
231 B (231 bytes)
Hash
b2b56d190a4144bb8735a4489d3f6e41
e695e000ffc52a43071d18acee071eb5265e0c46
f3ed3164b34c8587ca5bacff26607428dea664065d228a2183668f511b0412bf

HTTP Headers

GET /index.php/user/ulog/index/index?random=0.9643510333527214 HTTP/1.1
Host: www.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://www.97zg.com
Connection: keep-alive
Referer: http://www.97zg.com/

HTTP/1.1 302 Found
Cache-Control: max-age=86400
Content-Length: 231
Content-Type: text/html; charset=iso-8859-1
Date: Sat, 14 Jan 2023 06:11:40 GMT
Expires: Sun, 15 Jan 2023 06:11:40 GMT
Location: http://www.baidu.com/forbiddenip/forbidden.html
Server: Apache

hm.baidu.com/hm.js?baf10682a4bac501cee703362b1f3d20

103.235.46.191

200 OK

11 kB

URL HTTP/1.1
hm.baidu.com/hm.js?baf10682a4bac501cee703362b1f3d20
IP
103.235.46.191:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
ASCII text, with very long lines (618)
Size
11 kB (11256 bytes)
Hash
67396dfd9823706d9a6c292c1ea0edac
8bb3c44cd05b815c207e726673cf3ee02978a648
6a9cad01193957570b54b334fcccadbc9c861cf31178649a83372e434f78fd7d

HTTP Headers

GET /hm.js?baf10682a4bac501cee703362b1f3d20 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.97zg.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11256
Content-Type: application/javascript
Date: Sat, 14 Jan 2023 06:11:40 GMT
Etag: 35c929dad90edd48f55d595bd1bbd222
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=0DC97E22B4946CC2; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800

hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=280508440&si=baf10682a4bac501cee703362b1f3d20&v=1.3.0&lv=1&sn=43855&r=0&ww=1280&u=http%3A%2F%2Fwww.97zg.com%2Findex.php%2Fpage%2Findex%2Fhzhb&tt=%E5%90%88%E4%BD%9C%E4%BC%99%E4%BC%B4%20-%20%E6%88%98%E6%AD%8C%E7%BD%91%7CMc%E4%B9%9D%E5%B1%80%7C%E4%BC%A0%E5%A5%87%E6%88%98%E6%AD%8C%E7%BD%91%7C97%E6%88%98%E6%AD%8C%E7%BD%91%E7%BB%BC%E5%90%88%E5%B9%B3%E5%8F%B0%E3%80%90%E4%B9%9D%E5%B1%80%E6%88%98%E6%AD%8C%E7%BD%91%E3%80%91

103.235.46.191

200 OK

43 B

URL HTTP/1.1
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=280508440&si=baf10682a4bac501cee703362b1f3d20&v=1.3.0&lv=1&sn=43855&r=0&ww=1280&u=http%3A%2F%2Fwww.97zg.com%2Findex.php%2Fpage%2Findex%2Fhzhb&tt=%E5%90%88%E4%BD%9C%E4%BC%99%E4%BC%B4%20-%20%E6%88%98%E6%AD%8C%E7%BD%91%7CMc%E4%B9%9D%E5%B1%80%7C%E4%BC%A0%E5%A5%87%E6%88%98%E6%AD%8C%E7%BD%91%7C97%E6%88%98%E6%AD%8C%E7%BD%91%E7%BB%BC%E5%90%88%E5%B9%B3%E5%8F%B0%E3%80%90%E4%B9%9D%E5%B1%80%E6%88%98%E6%AD%8C%E7%BD%91%E3%80%91
IP
103.235.46.191:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=280508440&si=baf10682a4bac501cee703362b1f3d20&v=1.3.0&lv=1&sn=43855&r=0&ww=1280&u=http%3A%2F%2Fwww.97zg.com%2Findex.php%2Fpage%2Findex%2Fhzhb&tt=%E5%90%88%E4%BD%9C%E4%BC%99%E4%BC%B4%20-%20%E6%88%98%E6%AD%8C%E7%BD%91%7CMc%E4%B9%9D%E5%B1%80%7C%E4%BC%A0%E5%A5%87%E6%88%98%E6%AD%8C%E7%BD%91%7C97%E6%88%98%E6%AD%8C%E7%BD%91%E7%BB%BC%E5%90%88%E5%B9%B3%E5%8F%B0%E3%80%90%E4%B9%9D%E5%B1%80%E6%88%98%E6%AD%8C%E7%BD%91%E3%80%91 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.97zg.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sat, 14 Jan 2023 06:11:41 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=74750206AB8077FE; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (14)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML