Report - imagehut4.cn/up.DLL

Report Overview

Submitted URL
imagehut4.cn/up.DLL
IP
104.21.89.85
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-26 06:03:16
Access
public
Website Title
桂林市创生科技有限公司
Final URL
imagehut4.cn/up.DLL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
8

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
hm.baidu.com	8254	1999-10-11	2012-05-26	2024-04-25	2.3 kB	24 kB	111.45.11.83
imagehut4.cn	unknown	2023-11-24	2012-07-14	2024-03-26	1.7 kB	14 kB	104.21.89.85
sp0.baidu.com	18423	1999-10-11	2014-12-06	2024-04-25	468 B	114 B	103.235.46.40
zz.bdstatic.com	27702	2011-12-26	2017-01-30	2024-04-23	407 B	769 B	58.254.150.48

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-26	medium	imagehut4.cn	Sinkholed
2024-04-26	medium	imagehut4.cn	Sinkholed
2024-04-26	medium	imagehut4.cn	Sinkholed
2024-04-26	medium	imagehut4.cn	Sinkholed

ThreatFox

No alerts detected

JavaScript (9)

	URL	Size	First Seen	Last Seen
	imagehut4.cn/up.DLL	0 B	2023-03-07	2024-05-06
Pretty URL imagehut4.cn/up.DLL IP 104.21.89.85 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-06 12:55:32 Times Seen37377324 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	imagehut4.cn/common.js	9.7 kB	2024-04-26	2024-04-30
Pretty URL imagehut4.cn/common.js IP 104.21.89.85 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 08:03:17 Last Seen2024-04-30 12:04:48 Times Seen3 Hash 8a9287b93e733456c8e0ed7b2983d704 dd7cef6c68ce9dd7790d6312e3cc597b0585b827 eba84ed89188a2e259a09a360622f096f94fa4b05ce976fed362e9ac0d098d60 Loading...

	imagehut4.cn/tj.js	522 B	2024-04-26	2024-04-30
Pretty URL imagehut4.cn/tj.js IP 104.21.89.85 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 08:03:17 Last Seen2024-04-30 12:04:48 Times Seen3 Hash a3967201be7326e5ff00ffaf2fa2bbed c76f45cfa4a84663c4fad5b433934ce003e369ef 1d83467c90f82566f37554016bc548102793fff8fcf9672722ac641760fcb340 Loading...

	unknown	37 B	2023-04-11	2024-05-06
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:49:14 Last Seen2024-05-06 05:43:26 Times Seen22291 Hash 1c5c9160600df2d96d69a4ea16cec7ed 3cf678c9135cc952ba6970ef545035bb757a443f a3520fe88e248d2b6c9c6db93309a037ef969fe297208e5bd7e49a55bb32c808 Loading...

	hm.baidu.com/hm.js?bab76abf9b029e7ee9b1fc83750a53c6	30 kB	2024-04-26	2024-04-26
Pretty URL hm.baidu.com/hm.js?bab76abf9b029e7ee9b1fc83750a53c6 IP 111.45.11.83 ASN #56040 China Mobile communications corporation Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 08:03:17 Last Seen2024-04-26 08:03:17 Times Seen2 Hash c00d86419f4c3e72e0d3e23b719bcd68 7abc61e2261a6a355c1959675911fe1d5cf45235 35d76c31dd45fd809f6212a8282ef76857368add754dbfa436c4b464a85a1ff9 Loading...

	zz.bdstatic.com/linksubmit/push.js	308 B	2023-03-07	2024-05-06
Pretty URL zz.bdstatic.com/linksubmit/push.js IP 58.254.150.48 ASN #136958 China Unicom Guangdong IP network Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18:58 Last Seen2024-05-06 07:24:58 Times Seen4097 Hash f9fc52ab67f035b8baf5d558714cc94d 37062a6fb1ef410d496137d44275738ae743c747 c31f2003f1c93ac1e34b09f376d97a65da6e110bf451cf1e0e50a7946c5e7212 Loading...

	hm.baidu.com/hm.js?feb2d1370f0034b798d69989961a7269	30 kB	2024-04-26	2024-04-26
Pretty URL hm.baidu.com/hm.js?feb2d1370f0034b798d69989961a7269 IP 111.45.11.83 ASN #56040 China Mobile communications corporation Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 08:03:17 Last Seen2024-04-26 08:03:17 Times Seen2 Hash b18df58e0857c6a7b4f524bbb9560186 54c27eb9bac0d23c0e574a710489ea145c88fe64 cd05ff589bbdda5c94bdda865f99c191852da911a9e8e23c268d221c0e907581 Loading...

	unknown	349 B	2024-04-26	2024-04-26
Pretty Introduced by Function Embedded in HTML false Observations First Seen2024-04-26 08:03:17 Last Seen2024-04-26 08:03:17 Times Seen1 Hash 0912b049268ef1cbaf5cf180e1573662 b9723860466a2d4123d5eda6e6ec33ff8376ff3d be11f1c6aaa428999a2333ac00fd5e2e26a19a2bb71c5c30dc7f6893ce1a1ff0 Loading...

	unknown	349 B	2024-04-26	2024-04-26
Pretty Introduced by Function Embedded in HTML false Observations First Seen2024-04-26 08:03:17 Last Seen2024-04-26 08:03:17 Times Seen1 Hash dcbf0d484f1f925fb77b6fe65577ca72 9fac8cb8a25767c372ce492db1700ec6c412fca2 c928d41d6b05a09bac16261952e54c7cb382dedce3fb88046f60615a7856f628 Loading...

HTTP Transactions (10)

URL IP Response Size

hm.baidu.com/hm.js?feb2d1370f0034b798d69989961a7269

111.45.11.83

200 OK

11 kB

URL GET HTTP/1.1
hm.baidu.com/hm.js?feb2d1370f0034b798d69989961a7269
IP
111.45.11.83:443
ASN
#56040 China Mobile communications corporation

Requested by
https://imagehut4.cn/up.DLL
Certificate
IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT

File type
JavaScript source, ASCII text, with very long lines (621)
Size
11 kB (11259 bytes)
Hash
b18df58e0857c6a7b4f524bbb9560186
54c27eb9bac0d23c0e574a710489ea145c88fe64
cd05ff589bbdda5c94bdda865f99c191852da911a9e8e23c268d221c0e907581

HTTP Headers

GET /hm.js?feb2d1370f0034b798d69989961a7269 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://imagehut4.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11259
Content-Type: application/javascript
Date: Fri, 26 Apr 2024 06:02:53 GMT
Etag: 3bec14db02820b3b761304cb0ea75a48
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=F74E1D0F4AD59D06; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800

hm.baidu.com/hm.js?bab76abf9b029e7ee9b1fc83750a53c6

111.45.11.83

200 OK

11 kB

URL GET HTTP/1.1
hm.baidu.com/hm.js?bab76abf9b029e7ee9b1fc83750a53c6
IP
111.45.11.83:443
ASN
#56040 China Mobile communications corporation

Requested by
https://imagehut4.cn/up.DLL
Certificate
IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT

File type
JavaScript source, ASCII text, with very long lines (621)
Size
11 kB (11259 bytes)
Hash
c00d86419f4c3e72e0d3e23b719bcd68
7abc61e2261a6a355c1959675911fe1d5cf45235
35d76c31dd45fd809f6212a8282ef76857368add754dbfa436c4b464a85a1ff9

HTTP Headers

GET /hm.js?bab76abf9b029e7ee9b1fc83750a53c6 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://imagehut4.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11259
Content-Type: application/javascript
Date: Fri, 26 Apr 2024 06:02:53 GMT
Etag: c637ae1e90a3d6df0bf46c83c4e956e0
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=B78B70800E5AEBB6; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800

imagehut4.cn/favicon.ico

104.21.89.85

404 Not Found

43 B

URL GET HTTP/3
imagehut4.cn/favicon.ico
IP
104.21.89.85:443
ASN
#13335 CLOUDFLARENET

Requested by
https://imagehut4.cn/up.DLL
Certificate
IssuerGoogle Trust Services LLC
Subjectimagehut4.cn
Fingerprint69:37:10:AF:9E:2A:ED:9E:84:F3:A8:B0:16:01:13:17:5D:10:46:E3
ValidityFri, 19 Apr 2024 14:31:21 GMT - Thu, 18 Jul 2024 14:31:20 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: imagehut4.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://imagehut4.cn/up.DLL
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 404 Not Found
date: Fri, 26 Apr 2024 06:02:53 GMT
x-powered-by: Nginx
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YuomVErQdP3nTEm3x9H1l5VmJNGeYXLXsf5dGLMJ6zQKhfQ4Xwc3BzXLbuPWC3iaLmI%2FEGv1mdNgSHDPyhtDOoVEp8ahBUmBqC1oHuuY8gHtzsi8nXPS9bVw%2FVxWVFM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a45dd4a90456c4-OSL
alt-svc: h3=":443"; ma=86400

hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1894449073&si=bab76abf9b029e7ee9b1fc83750a53c6&v=1.3.0&lv=1&sn=43449&r=0&ww=1280&u=https%3A%2F%2Fimagehut4.cn%2Fup.DLL&tt=%E6%A1%82%E6%9E%97%E5%B8%82%E5%88%9B%E7%94%9F%E7%A7%91%E6%8A%80%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8

111.45.11.83

200 OK

43 B

URL GET HTTP/1.1
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1894449073&si=bab76abf9b029e7ee9b1fc83750a53c6&v=1.3.0&lv=1&sn=43449&r=0&ww=1280&u=https%3A%2F%2Fimagehut4.cn%2Fup.DLL&tt=%E6%A1%82%E6%9E%97%E5%B8%82%E5%88%9B%E7%94%9F%E7%A7%91%E6%8A%80%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
IP
111.45.11.83:443
ASN
#56040 China Mobile communications corporation

Requested by
https://imagehut4.cn/up.DLL
Certificate
IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1894449073&si=bab76abf9b029e7ee9b1fc83750a53c6&v=1.3.0&lv=1&sn=43449&r=0&ww=1280&u=https%3A%2F%2Fimagehut4.cn%2Fup.DLL&tt=%E6%A1%82%E6%9E%97%E5%B8%82%E5%88%9B%E7%94%9F%E7%A7%91%E6%8A%80%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://imagehut4.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Fri, 26 Apr 2024 06:02:54 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=2494E8AB44E23840; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff

sp0.baidu.com/9_Q4simg2RQJ8t7jm9iCKT-xh_/s.gif?l=https://imagehut4.cn/up.DLL

103.235.46.40

200 OK

0 B

URL GET HTTP/1.1
sp0.baidu.com/9_Q4simg2RQJ8t7jm9iCKT-xh_/s.gif?l=https://imagehut4.cn/up.DLL
IP
103.235.46.40:443
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

Requested by
https://imagehut4.cn/up.DLL
Certificate
IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /9_Q4simg2RQJ8t7jm9iCKT-xh_/s.gif?l=https://imagehut4.cn/up.DLL HTTP/1.1
Host: sp0.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://imagehut4.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/plain; charset=utf-8
Date: Fri, 26 Apr 2024 06:02:55 GMT

imagehut4.cn/up.DLL

104.21.89.85

200 OK

829 B

URL User Request GET HTTP/2
imagehut4.cn/up.DLL
IP
104.21.89.85:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectimagehut4.cn
Fingerprint69:37:10:AF:9E:2A:ED:9E:84:F3:A8:B0:16:01:13:17:5D:10:46:E3
ValidityFri, 19 Apr 2024 14:31:21 GMT - Thu, 18 Jul 2024 14:31:20 GMT

File type
JavaScript source, ASCII text, with very long lines (868), with no line terminators
Size
829 B (829 bytes)
Hash
0e8353811f8cbf2a71f3174c5eb9701c
39043e74cc84bcd222c32cae1feff0c244bd9714
6e285a242e8e2a6357ccb938c047cc8d816b67e77dffaafa35b6db6b4a9f8d5a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /up.DLL HTTP/1.1
Host: imagehut4.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 06:02:51 GMT
content-type: text/html; charset=UTF-8
x-powered-by: Nginx
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=whM8V1JMTxN0Ynj%2BbutrbZlra%2FvYeSRoLkJIAe7q7qOKTTjKwVRjjkzYpbaM9W8et34Ql8PmZhhaisIsNINAl8p7UsOaol0mcakDchXrIqXcAoCAMSkFfflR9DDSAck%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a45dc87e2e0b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

imagehut4.cn/common.js

104.21.89.85

200 OK

9.7 kB

URL GET HTTP/3
imagehut4.cn/common.js
IP
104.21.89.85:443
ASN
#13335 CLOUDFLARENET

Requested by
https://imagehut4.cn/up.DLL
Certificate
IssuerGoogle Trust Services LLC
Subjectimagehut4.cn
Fingerprint69:37:10:AF:9E:2A:ED:9E:84:F3:A8:B0:16:01:13:17:5D:10:46:E3
ValidityFri, 19 Apr 2024 14:31:21 GMT - Thu, 18 Jul 2024 14:31:20 GMT

File type
JavaScript source, ASCII text, with very long lines (9707), with no line terminators
Size
9.7 kB (9670 bytes)
Hash
a5af0595854d42608b2c5a554f9f889f
1d1af91e3542fb3ac6ce869382ce5fcdf1a62cdb
6d12060e9e172bfb6e522cfbc1d8032d2cc997ac0b4ff6d5fff52184244f5ad7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common.js HTTP/1.1
Host: imagehut4.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://imagehut4.cn/up.DLL
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 06:02:52 GMT
content-type: application/x-javascript
etag: W/"8dc65ac732dca4e"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=obPJUtvH1WPFNZmQBopEnx5lod12sZJLo%2B3qe8f01CMdeGTyvDmfR4O5sGXwpfAbjKISmwn%2FRw6bk%2F%2F75Zm1ve%2F2uHmtaRn5NiTDxr48EpDNhry70yeF8%2FE9QEw%2FxGM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a45dcb995956c4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

imagehut4.cn/tj.js

104.21.89.85

200 OK

525 B

URL GET HTTP/3
imagehut4.cn/tj.js
IP
104.21.89.85:443
ASN
#13335 CLOUDFLARENET

Requested by
https://imagehut4.cn/up.DLL
Certificate
IssuerGoogle Trust Services LLC
Subjectimagehut4.cn
Fingerprint69:37:10:AF:9E:2A:ED:9E:84:F3:A8:B0:16:01:13:17:5D:10:46:E3
ValidityFri, 19 Apr 2024 14:31:21 GMT - Thu, 18 Jul 2024 14:31:20 GMT

File type
JavaScript source, ASCII text, with very long lines (564), with no line terminators
Size
525 B (525 bytes)
Hash
87462ba0bac98f8935b47edaa6dd355c
f043669ab0a3950512965e18dffa536a8bdb2e1d
73f8d70f2a332273c660088d63e0aca27e58f2f1bac709642d513947b2c57a77

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /tj.js HTTP/1.1
Host: imagehut4.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://imagehut4.cn/up.DLL
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 06:02:52 GMT
content-type: application/x-javascript
etag: W/"8dc5196e2344e07"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XRK6PG2938EiApNoGzO8IZxLCyMLYCfoMOWNFWHqcq8s37ZkrJ1leNyVwxjVUcQ%2BOYaNwey%2Fvr6zN50ukUhCYiRnC%2FqewVNYqsfVuLK5tQNGvQ6wXRUgBOdwO7hUlLM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a45dcb995a56c4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

zz.bdstatic.com/linksubmit/push.js

58.254.150.48

200 OK

308 B

URL GET HTTP/2
zz.bdstatic.com/linksubmit/push.js
IP
58.254.150.48:443
ASN
#136958 China Unicom Guangdong IP network

Requested by
https://imagehut4.cn/up.DLL
Certificate
IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT

File type
ASCII text, with very long lines (322), with no line terminators
Size
308 B (308 bytes)
Hash
a498658e3623a4285649fd750e8e7f17
03f671b76709d9ecadce4a82348c852b6a1d5149
399125132825b666ee5d39bf0849d027d2ca21783be029cb001673f86579dd8a

HTTP Headers

GET /linksubmit/push.js HTTP/1.1
Host: zz.bdstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://imagehut4.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: JSP3/2.0.14
date: Fri, 26 Apr 2024 06:02:53 GMT
content-type: application/x-javascript
last-modified: Thu, 29 Feb 2024 04:05:18 GMT
etag: "65e0027e-134"
cache-control: max-age=86400
content-encoding: br
age: 72041
accept-ranges: bytes
tracecode: 20031289920198677002042317
ohc-global-saved-time: Thu, 25 Apr 2024 09:33:23 GMT
ohc-cache-hit: gz3un53 [2], zhuzuncache61 [2]
ohc-response-time: 1 0 0 0 0 0
X-Firefox-Spdy: h2

hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1199943366&si=feb2d1370f0034b798d69989961a7269&v=1.3.0&lv=1&sn=43449&r=0&ww=1280&u=https%3A%2F%2Fimagehut4.cn%2Fup.DLL&tt=%E6%A1%82%E6%9E%97%E5%B8%82%E5%88%9B%E7%94%9F%E7%A7%91%E6%8A%80%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8

111.45.11.83

200 OK

43 B

URL GET HTTP/1.1
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1199943366&si=feb2d1370f0034b798d69989961a7269&v=1.3.0&lv=1&sn=43449&r=0&ww=1280&u=https%3A%2F%2Fimagehut4.cn%2Fup.DLL&tt=%E6%A1%82%E6%9E%97%E5%B8%82%E5%88%9B%E7%94%9F%E7%A7%91%E6%8A%80%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
IP
111.45.11.83:443
ASN
#56040 China Mobile communications corporation

Requested by
https://imagehut4.cn/up.DLL
Certificate
IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1199943366&si=feb2d1370f0034b798d69989961a7269&v=1.3.0&lv=1&sn=43449&r=0&ww=1280&u=https%3A%2F%2Fimagehut4.cn%2Fup.DLL&tt=%E6%A1%82%E6%9E%97%E5%B8%82%E5%88%9B%E7%94%9F%E7%A7%91%E6%8A%80%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://imagehut4.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Fri, 26 Apr 2024 06:02:54 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=5EB08217BEAF4142; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (9)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash