Overview

URL https://www.xnjdtmky.com/default.php
IP23.104.225.192
ASNAS15003 Nobis Technology Group, LLC
Location United States
Report completed2019-01-12 08:13:31 CET
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2019-01-12 2 js.users.51.la/19391302.js Malware
2019-01-12 2 js.users.51.la/19490865.js Malware
2019-01-12 2 js.users.51.la/19358379.js Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

No other reports on IP: 23.104.225.192


Last 10 reports on ASN: AS15003 Nobis Technology Group, LLC

Date UQ / IDS / BL URL IP
2019-01-17 22:20:13 +0100
0 - 0 - 1 szifresh.com/ 147.255.95.156
2019-01-17 22:01:58 +0100
0 - 0 - 1 dsxh2688.com/ 23.105.114.3
2019-01-17 21:35:52 +0100
0 - 0 - 1 dlxckj.net/ 23.105.25.146
2019-01-17 21:17:01 +0100
0 - 0 - 1 smdmbq.com/ 108.187.197.201
2019-01-17 21:13:46 +0100
0 - 0 - 1 slds365.com/ 23.81.223.253
2019-01-17 21:08:44 +0100
0 - 0 - 9 my-sensor.com/ 23.107.248.98
2019-01-17 21:05:44 +0100
0 - 0 - 1 chaossyy.com/ 23.225.167.186
2019-01-17 21:00:41 +0100
0 - 0 - 3 6811517.com/ 23.83.165.62
2019-01-17 20:50:16 +0100
0 - 0 - 1 sjz-italent.com/ 23.83.173.97
2019-01-17 20:49:07 +0100
0 - 0 - 1 shoesxtx.com/ 23.83.173.5

No other reports on domain: xnjdtmky.com



JavaScript

Executed Scripts (5)


Executed Evals (5)

#1 JavaScript::Eval (size: 3, repeated: 1) - SHA256: fd0ad9026eee596b7072a762941f60bef57e760a230edd450b3a634825685c2a

                                        (1)
                                    

#2 JavaScript::Eval (size: 3, repeated: 1) - SHA256: 0e77e68ba5473d98840c3212f4a8cb801226494f1162c8001a9f4ed7b00cbaa8

                                        (2)
                                    

#3 JavaScript::Eval (size: 123, repeated: 3) - SHA256: e815d6c8c3cf5c427d22edfcaa034090a8415e3f187cb342664149c1c75617f8

                                        ({
        "rl": "1176*885",
        "lang": "en-US",
        "ct": "unknow",
        "pf": 1,
        "ins": 1,
        "vd": 1,
        "ce": 1,
        "cd": 24,
        "ds": "�HK:�7�/
                                    

#4 JavaScript::Eval (size: 4, repeated: 4) - SHA256: 5b8d2b991d2c1f5bf78beb557d17e6650086a267e5ffd4bb6f8aaa942c570f5d

                                        ({})
                                    

#5 JavaScript::Eval (size: 225, repeated: 1) - SHA256: 1f0b35a37dd3736c780219c80e9637fdba84c58a5f6897cc25fb1759769e8fa8

                                        document.write('<div style="display:none"><script src="https://js.users.51.la/19490865.js"></script><script src="https://js.users.51.la/19391302.js"></script><script src="https://js.users.51.la/19358379.js"></script></div>');
                                    

Executed Writes (4)

#1 JavaScript::Write (size: 244, repeated: 1) - SHA256: 964a3e7ef96fb1a724be1f0e2add687f2bf42cd6a02da426c4a74fe94729d10d

                                        < a href = "https://www.51.la/?comId=19358379"
title = "51.La Q�A�ߡ��"
target = "_blank" > < span style = "display:inline-block;background-color:#25A69A;color:#fff;padding:2px 5px;font-family:arial;font-size:12px;font-weight:bold;" > 51 La < /span></a >
                                    

#2 JavaScript::Write (size: 244, repeated: 1) - SHA256: 9231ec00c95caa001f245196ebe2b70cf3d2e959ef14abc8ca94f3fb9b3e9108

                                        < a href = "https://www.51.la/?comId=19391302"
title = "51.La Q�A�ߡ��"
target = "_blank" > < span style = "display:inline-block;background-color:#EF5350;color:#fff;padding:2px 5px;font-family:arial;font-size:12px;font-weight:bold;" > 51 La < /span></a >
                                    

#3 JavaScript::Write (size: 244, repeated: 1) - SHA256: 3b5b4c6d27d7e14ff3bd2793421b536706ed58a8cd53589a824b4aceaa9f1c19

                                        < a href = "https://www.51.la/?comId=19490865"
title = "51.La Q�A�ߡ��"
target = "_blank" > < span style = "display:inline-block;background-color:#9B27B0;color:#fff;padding:2px 5px;font-family:arial;font-size:12px;font-weight:bold;" > 51 La < /span></a >
                                    

#4 JavaScript::Write (size: 206, repeated: 1) - SHA256: 47e0b962637ba2d139bd658d2ebf40e3f71f44366a131b3c004cdd59cf3508ac

                                        < div style = "display:none" > < script src = "https://js.users.51.la/19490865.js" > < /script><script src="https:/ / js.users.51. la / 19391302. js "></script><script src="
https: //js.users.51.la/19358379.js"></script></div>
                                    


HTTP Transactions (20)


Request Response
                                        
                                            POST / HTTP/1.1 
Host: ocsp.int-x3.letsencrypt.org
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 117
Content-Type: application/ocsp-request

                                         
                                         91.135.34.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 527
Etag: "1969EF4CF397B474BB86134726EE5A1A5D1BB14210CB0902001B63ED14AFCDA3"
Last-Modified: Fri, 11 Jan 2019 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=43191
Expires: Sat, 12 Jan 2019 19:12:52 GMT
Date: Sat, 12 Jan 2019 07:13:01 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   527
Md5:    fad9536c670df31a92696939ad70c72b
Sha1:   dc9bf7fe532d39d6016dea51f82e7c7dccbd5b7d
Sha256: 1969ef4cf397b474bb86134726ee5a1a5d1bb14210cb0902001b63ed14afcda3
                                        
                                            POST / HTTP/1.1 
Host: isrg.trustid.ocsp.identrust.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.121
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Transfer-Encoding: Binary
Last-Modified: Thu, 10 Jan 2019 22:29:10 GMT
Etag: "bf3c1239e78777b28969ff52cde8c9c84e994ba9"
Content-Length: 1398
Cache-Control: public, no-transform, must-revalidate, max-age=37693
Expires: Sat, 12 Jan 2019 17:41:14 GMT
Date: Sat, 12 Jan 2019 07:13:01 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   1398
Md5:    5d24bb2128ea34f4050ed8dac5b313a8
Sha1:   bf3c1239e78777b28969ff52cde8c9c84e994ba9
Sha256: 90c42e06752a4b6ddf8a9060b3d67b718e5aa3e13e9a26e0c1087ede00c8046f
                                        
                                            GET /default.php HTTP/1.1 
Host: www.xnjdtmky.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         23.104.225.192
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx/1.10.2
Date: Sat, 12 Jan 2019 09:06:37 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.6.38
Strict-Transport-Security: max-age=15768000
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   560
Md5:    5d57764095aa1b55789f01d3dcb301e8
Sha1:   e540746722a7ceb57346796f595fdfd5ca0b7e05
Sha256: f0c94e57114d05bd25d5428982adf3eb452d3c73cd044c64850c2301d9b5c07d
                                        
                                            GET /jquery.la.min.js HTTP/1.1 
Host: www.xnjdtmky.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.xnjdtmky.com/default.php

                                         
                                         23.104.225.192
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx/1.10.2
Date: Sat, 12 Jan 2019 09:06:37 GMT
Content-Length: 282
Last-Modified: Thu, 07 Jun 2018 20:58:15 GMT
Connection: keep-alive
Etag: "5b199c67-11a"
Expires: Sat, 12 Jan 2019 21:06:37 GMT
Cache-Control: max-age=43200
Strict-Transport-Security: max-age=15768000
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   282
Md5:    474982a7f66ac3c68839154410cd5da9
Sha1:   88573b81fa2c208e2cb70fd6f75229ced6c53ef1
Sha256: e616294cb509d040728125786b3fc63f8d8d51d699b8cab3e82172e19267f5dd
                                        
                                            GET /jquery.bc.min.js HTTP/1.1 
Host: www.xnjdtmky.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.xnjdtmky.com/default.php

                                         
                                         23.104.225.192
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx/1.10.2
Date: Sat, 12 Jan 2019 09:06:37 GMT
Content-Length: 7233
Last-Modified: Tue, 31 Jul 2018 14:04:02 GMT
Connection: keep-alive
Etag: "5b606c52-1c41"
Expires: Sat, 12 Jan 2019 21:06:37 GMT
Cache-Control: max-age=43200
Strict-Transport-Security: max-age=15768000
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with very long lines, with no line terminators
Size:   7233
Md5:    6ba813efa2eb43fd9a848cac822b9ac8
Sha1:   efa1610ce80daca39ee26af28df03004f186b7c5
Sha256: 137d8e6546617a9e5114eb62f4e50f7c4c51c5263c201546589205d3b92ce760
                                        
                                            POST /gsdomainvalsha2g2 HTTP/1.1 
Host: ocsp2.globalsign.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 111
Content-Type: application/ocsp-request

                                         
                                         104.18.20.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 12 Jan 2019 07:13:02 GMT
Content-Length: 1558
Connection: keep-alive
Set-Cookie: __cfduid=d5375ab784c50548895d9aa978353d4d61547277182; expires=Sun, 12-Jan-20 07:13:02 GMT; path=/; domain=.globalsign.com; HttpOnly
Last-Modified: Sat, 12 Jan 2019 04:42:45 GMT
Expires: Wed, 16 Jan 2019 04:42:45 GMT
Etag: "84ed96526db39500664617057c433e7b02c22fbb"
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 497dd1767351429d-OSL


--- Additional Info ---
Magic:  data
Size:   1558
Md5:    e40bbc124f469533490378117e4a4267
Sha1:   84ed96526db39500664617057c433e7b02c22fbb
Sha256: ace53d5c3afd0b81728ccee6115fdc424876c04054734705c10614c096f04b5e
                                        
                                            GET /19391302.js HTTP/1.1 
Host: js.users.51.la
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.xnjdtmky.com/default.php

                                         
                                         220.243.212.50
HTTP/1.1 200 OK
Content-Type: application/javascript;charset=UTF-8
                                        
Date: Sat, 12 Jan 2019 07:13:02 GMT
Content-Length: 5193
Connection: keep-alive
Server: nginx/1.14.0
id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSEGjlJe+piAcFRZSCHNlEx2PHWtywPn
Etag: "3c652fa4e5e59be924fac88470d11318"
x-id: 19391302
version-id: G0011165420A1043FFFF900B0080E19C
Last-Modified: Thu Aug 16 17:21:20 CST 2018
request-id: 000001683D796653900BC94BCCA633A0
x-reserved: amazon, aws and amazon web services are trademarks or registered trademarks of Amazon Technologies, Inc
Content-Disposition: inline;filename=f.txt
Age: 57590
X-Via: 1.1 ld148:7 (Cdn Cache Server V2.0)[240 200 2], 1.1 lsh188:1 (Cdn Cache Server V2.0)[1 200 0]


--- Additional Info ---
Magic:  ASCII text, with very long lines, with no line terminators
Size:   5193
Md5:    3c652fa4e5e59be924fac88470d11318
Sha1:   2142a28a8b09bbd62d94bbea07283dbb35398c00
Sha256: 1f2e01d987a727957ab3e7eec54e4d11c943f1cfcd7941a838ed4b2aa66d47ce

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /19490865.js HTTP/1.1 
Host: js.users.51.la
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.xnjdtmky.com/default.php

                                         
                                         220.243.212.50
HTTP/1.1 200 OK
Content-Type: application/javascript;charset=UTF-8
                                        
Date: Sat, 12 Jan 2019 07:13:02 GMT
Content-Length: 5193
Connection: keep-alive
Server: nginx/1.14.0
id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSBd020KScrQMHRYsCaX0bZJ2v9L95VF
Etag: "d719d62958be0c30edf327ca03bc8aa5"
x-id: 19490865
version-id: G0011165421AA538FFFF900B00824E72
Last-Modified: Thu Aug 16 17:39:27 CST 2018
request-id: 000001683C42CF8090461B538B35AA00
x-reserved: amazon, aws and amazon web services are trademarks or registered trademarks of Amazon Technologies, Inc
Content-Disposition: inline;filename=f.txt
Age: 77944
X-Via: 1.1 ld148:9 (Cdn Cache Server V2.0)[477 200 2], 1.1 lsh187:8 (Cdn Cache Server V2.0)[9 200 0]


--- Additional Info ---
Magic:  ASCII text, with very long lines, with no line terminators
Size:   5193
Md5:    d719d62958be0c30edf327ca03bc8aa5
Sha1:   977586509ed4ec29b5cd66b9716283415baec7d5
Sha256: d35eb5b280f73a49f168c41f4669abe37fe43e2f7901e24fb82231edc6ea0099

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /19358379.js HTTP/1.1 
Host: js.users.51.la
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.xnjdtmky.com/default.php

                                         
                                         220.243.212.50
HTTP/1.1 200 OK
Content-Type: application/javascript;charset=UTF-8
                                        
Date: Sat, 12 Jan 2019 07:13:02 GMT
Content-Length: 5193
Connection: keep-alive
Server: nginx/1.14.0
id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSYi3l/xBAutb3kr6rmePvIh0uGD0FZ0
Etag: "f1920bb42ecbf09f98e93518d0214fb7"
x-id: 19358379
version-id: G001116542007D14FFFF900B00801BA8
Last-Modified: Thu Aug 16 17:10:52 CST 2018
request-id: 000001683C9351149006B396C0469A49
x-reserved: amazon, aws and amazon web services are trademarks or registered trademarks of Amazon Technologies, Inc
Content-Disposition: inline;filename=f.txt
Age: 72668
X-Via: 1.1 ld146:4 (Cdn Cache Server V2.0)[257 200 2], 1.1 lsh188:2 (Cdn Cache Server V2.0)[0 200 0]


--- Additional Info ---
Magic:  ASCII text, with very long lines, with no line terminators
Size:   5193
Md5:    f1920bb42ecbf09f98e93518d0214fb7
Sha1:   a559ce088fe14e65f02568e78832070e09090d61
Sha256: c135630c572ebcf2a13524703c09c74e829e40572ee3367e6addba59b2752975

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            POST /gsdomainvalsha2g2 HTTP/1.1 
Host: ocsp2.globalsign.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 111
Content-Type: application/ocsp-request
Cookie: __cfduid=d5375ab784c50548895d9aa978353d4d61547277182

                                         
                                         104.18.20.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 12 Jan 2019 07:13:03 GMT
Content-Length: 1558
Connection: keep-alive
Last-Modified: Sat, 12 Jan 2019 04:05:01 GMT
Expires: Wed, 16 Jan 2019 04:05:01 GMT
Etag: "2a3b9d2919704894cd85a184351c5d549498a2d5"
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 497dd17d0413429d-OSL


--- Additional Info ---
Magic:  data
Size:   1558
Md5:    bcb8a03fba021d8e66efbbaa3376fa96
Sha1:   2a3b9d2919704894cd85a184351c5d549498a2d5
Sha256: 42ddb8665743dcd6d7bef818f076de1c12495823cc0b7e8f24ff5644465031d4
                                        
                                            POST / HTTP/1.1 
Host: ocsp.int-x3.letsencrypt.org
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 117
Content-Type: application/ocsp-request

                                         
                                         91.135.34.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 527
Etag: "43FA4FBA35EE65D84BE6C250CFCEDA422634D7DFBC15CCC273BE1FEF4A1FF363"
Last-Modified: Wed, 09 Jan 2019 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=32219
Expires: Sat, 12 Jan 2019 16:10:02 GMT
Date: Sat, 12 Jan 2019 07:13:03 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   527
Md5:    e3184892fa66dc25348f69c071bad44a
Sha1:   766d07853e688880daeee5a35fa6405281e57289
Sha256: 43fa4fba35ee65d84be6c250cfceda422634d7dfbc15ccc273be1fef4a1ff363
                                        
                                            GET /go1?id=19358379&rt=1547277182860&rl=1176*885&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=%25E4%25BA%25BF%25E4%25B8%2587%25E5%2585%2588%25E7%2594%259F%25E6%2589%258B%25E6%259C%25BA%25E5%25AE%25A2%25E6%2588%25B7%25E7%25AB%25AF%25E6%2598%25AF%25E4%25B8%2580%25E7%25A7%258D%25E5%25B9%25B4%25E8%25BD%25BB%25E4%25BA%25BA%25E6%259C%2580%25E5%2596%259C%25E7%2588%25B1%25E7%259A%2584%25E5%25A8%25B1%25E4%25B9%2590%25E6%2596%25B9%25E5%25BC%258F%252C%25E4%25BA%25BF%25E4%25B8%2587%25E5%2585%2588%25E7%2594%259F%25E6%2589%258B%25E6%259C%25BA&ing=3&ekc=&sid=1547277182860&tt=%25E4%25BA%25BF%25E4%25B8%2587%25E5%2585%2588%25E7%2594%259F%25E6%2589%258B%25E6%259C%25BA%25E5%25AE%25A2%25E6%2588%25B7%25E7%25AB%25AF-mr%25E4%25BA%25BF%25E4%25B8%2587%25E5%2585%2588%25E7%2594%259F%25E6%25AC%25A2%25E8%25BF%258E%25E6%2582%25A8&kw=%25E4%25BA%25BF%25E4%25B8%2587%25E5%2585%2588%25E7%2594%259F%25E6%2589%258B%25E6%259C%25BA%25E5%25AE%25A2%25E6%2588%25B7%25E7%25AB%25AF&cu=https%253A%252F%252Fwww.xnjdtmky.com%252Fdefault.php&pu= HTTP/1.1 
Host: ia.51.la
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.xnjdtmky.com/default.php

                                         
                                         183.131.207.78
HTTP/1.1 200
Content-Type: application/octet-stream
                                        
Server: HuaweiCloudWAF
Date: Sat, 12 Jan 2019 07:12:04 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: HWWAFSESID=8fb45ec85716a598416; path=/ HWWAFSESTIME=1547277122849; path=/


--- Additional Info ---
                                        
                                            GET /go1?id=19391302&rt=1547277182853&rl=1176*885&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=%25E4%25BA%25BF%25E4%25B8%2587%25E5%2585%2588%25E7%2594%259F%25E6%2589%258B%25E6%259C%25BA%25E5%25AE%25A2%25E6%2588%25B7%25E7%25AB%25AF%25E6%2598%25AF%25E4%25B8%2580%25E7%25A7%258D%25E5%25B9%25B4%25E8%25BD%25BB%25E4%25BA%25BA%25E6%259C%2580%25E5%2596%259C%25E7%2588%25B1%25E7%259A%2584%25E5%25A8%25B1%25E4%25B9%2590%25E6%2596%25B9%25E5%25BC%258F%252C%25E4%25BA%25BF%25E4%25B8%2587%25E5%2585%2588%25E7%2594%259F%25E6%2589%258B%25E6%259C%25BA&ing=2&ekc=&sid=1547277182853&tt=%25E4%25BA%25BF%25E4%25B8%2587%25E5%2585%2588%25E7%2594%259F%25E6%2589%258B%25E6%259C%25BA%25E5%25AE%25A2%25E6%2588%25B7%25E7%25AB%25AF-mr%25E4%25BA%25BF%25E4%25B8%2587%25E5%2585%2588%25E7%2594%259F%25E6%25AC%25A2%25E8%25BF%258E%25E6%2582%25A8&kw=%25E4%25BA%25BF%25E4%25B8%2587%25E5%2585%2588%25E7%2594%259F%25E6%2589%258B%25E6%259C%25BA%25E5%25AE%25A2%25E6%2588%25B7%25E7%25AB%25AF&cu=https%253A%252F%252Fwww.xnjdtmky.com%252Fdefault.php&pu= HTTP/1.1 
Host: ia.51.la
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.xnjdtmky.com/default.php

                                         
                                         183.131.207.78
HTTP/1.1 200
Content-Type: application/octet-stream
                                        
Server: HuaweiCloudWAF
Date: Sat, 12 Jan 2019 07:13:04 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: HWWAFSESID=f85af221598acbcfec89; path=/ HWWAFSESTIME=1547277180341; path=/


--- Additional Info ---
                                        
                                            GET /go1?id=19490865&rt=1547277182838&rl=1176*885&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=%25E4%25BA%25BF%25E4%25B8%2587%25E5%2585%2588%25E7%2594%259F%25E6%2589%258B%25E6%259C%25BA%25E5%25AE%25A2%25E6%2588%25B7%25E7%25AB%25AF%25E6%2598%25AF%25E4%25B8%2580%25E7%25A7%258D%25E5%25B9%25B4%25E8%25BD%25BB%25E4%25BA%25BA%25E6%259C%2580%25E5%2596%259C%25E7%2588%25B1%25E7%259A%2584%25E5%25A8%25B1%25E4%25B9%2590%25E6%2596%25B9%25E5%25BC%258F%252C%25E4%25BA%25BF%25E4%25B8%2587%25E5%2585%2588%25E7%2594%259F%25E6%2589%258B%25E6%259C%25BA&ing=1&ekc=&sid=1547277182838&tt=%25E4%25BA%25BF%25E4%25B8%2587%25E5%2585%2588%25E7%2594%259F%25E6%2589%258B%25E6%259C%25BA%25E5%25AE%25A2%25E6%2588%25B7%25E7%25AB%25AF-mr%25E4%25BA%25BF%25E4%25B8%2587%25E5%2585%2588%25E7%2594%259F%25E6%25AC%25A2%25E8%25BF%258E%25E6%2582%25A8&kw=%25E4%25BA%25BF%25E4%25B8%2587%25E5%2585%2588%25E7%2594%259F%25E6%2589%258B%25E6%259C%25BA%25E5%25AE%25A2%25E6%2588%25B7%25E7%25AB%25AF&cu=https%253A%252F%252Fwww.xnjdtmky.com%252Fdefault.php&pu= HTTP/1.1 
Host: ia.51.la
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.xnjdtmky.com/default.php

                                         
                                         183.131.207.78
HTTP/1.1 200
Content-Type: application/octet-stream
                                        
Server: HuaweiCloudWAF
Date: Sat, 12 Jan 2019 07:13:04 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: HWWAFSESID=3deeeacf70e2cf1b109; path=/ HWWAFSESTIME=1547277183152; path=/


--- Additional Info ---
                                        
                                            GET /nlp/index.php?keyword=%E4%BA%BF%E4%B8%87%E5%85%88%E7%94%9F%E6%89%8B%E6%9C%BA%E5%AE%A2%E6%88%B7%E7%AB%AF-mr%E4%BA%BF%E4%B8%87%E5%85%88%E7%94%9F%E6%AC%A2%E8%BF%8E%E6%82%A8&v=9148 HTTP/1.1 
Host: www.huizhongkameng.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.xnjdtmky.com/default.php
Origin: https://www.xnjdtmky.com

                                         
                                         43.230.143.179
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx/1.10.2
Date: Sat, 12 Jan 2019 07:13:12 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.6.37
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   755
Md5:    3ce2fefbf12327e12c38c9f483aa35d2
Sha1:   0c9e342a7949de627fab1e8449c3dee3dc7a8326
Sha256: eccb5a59e70e13a5a7259a8257207224f892eb650612dd3a7eaec1875cc4abbe
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: www.xnjdtmky.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: __tins__19490865=%7B%22sid%22%3A%201547277182838%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201547278982838%7D; __51cke__=; __51laig__=3; __tins__19391302=%7B%22sid%22%3A%201547277182853%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201547278982853%7D; __tins__19358379=%7B%22sid%22%3A%201547277182860%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201547278982860%7D

                                         
                                         23.104.225.192
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=gbk
                                        
Server: nginx/1.10.2
Date: Sat, 12 Jan 2019 09:06:40 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.6.38
Location: http://www.xnjdtmky.com/default.php
Strict-Transport-Security: max-age=15768000


--- Additional Info ---
Magic:  very short file (no magic)
Size:   1
Md5:    7215ee9c7d9dc229d2921a40e899ec5f
Sha1:   b858cb282617fb0956d960215c8e84d1ccf909c6
Sha256: 36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068
                                        
                                            GET /default.php HTTP/1.1 
Host: www.xnjdtmky.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: __tins__19490865=%7B%22sid%22%3A%201547277182838%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201547278982838%7D; __51cke__=; __51laig__=3; __tins__19391302=%7B%22sid%22%3A%201547277182853%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201547278982853%7D; __tins__19358379=%7B%22sid%22%3A%201547277182860%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201547278982860%7D

                                         
                                         23.104.225.192
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Server: nginx/1.10.2
Date: Sat, 12 Jan 2019 09:06:40 GMT
Content-Length: 185
Connection: keep-alive
Location: https://www.xnjdtmky.com/default.php


--- Additional Info ---
Magic:  HTML document text
Size:   185
Md5:    6e7f8aa3bd099765db3fb3b2084fc77d
Sha1:   0993ec635e68bc34d29f6af4c63c08df0a8a06f4
Sha256: 101948f8635e8dffee80941a9c4d1e34c9beaac9b95920086c79d72c82afbae1
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: www.xnjdtmky.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: __tins__19490865=%7B%22sid%22%3A%201547277182838%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201547278982838%7D; __51cke__=; __51laig__=3; __tins__19391302=%7B%22sid%22%3A%201547277182853%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201547278982853%7D; __tins__19358379=%7B%22sid%22%3A%201547277182860%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201547278982860%7D

                                         
                                         23.104.225.192
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=gbk
                                        
Server: nginx/1.10.2
Date: Sat, 12 Jan 2019 09:06:43 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.6.38
Location: http://www.xnjdtmky.com/default.php
Strict-Transport-Security: max-age=15768000


--- Additional Info ---
Magic:  very short file (no magic)
Size:   1
Md5:    7215ee9c7d9dc229d2921a40e899ec5f
Sha1:   b858cb282617fb0956d960215c8e84d1ccf909c6
Sha256: 36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068
                                        
                                            GET /default.php HTTP/1.1 
Host: www.xnjdtmky.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: __tins__19490865=%7B%22sid%22%3A%201547277182838%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201547278982838%7D; __51cke__=; __51laig__=3; __tins__19391302=%7B%22sid%22%3A%201547277182853%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201547278982853%7D; __tins__19358379=%7B%22sid%22%3A%201547277182860%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201547278982860%7D

                                         
                                         23.104.225.192
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Server: nginx/1.10.2
Date: Sat, 12 Jan 2019 09:06:43 GMT
Content-Length: 185
Connection: keep-alive
Location: https://www.xnjdtmky.com/default.php


--- Additional Info ---
Magic:  HTML document text
Size:   185
Md5:    6e7f8aa3bd099765db3fb3b2084fc77d
Sha1:   0993ec635e68bc34d29f6af4c63c08df0a8a06f4
Sha256: 101948f8635e8dffee80941a9c4d1e34c9beaac9b95920086c79d72c82afbae1
                                        
                                            GET /default.php HTTP/1.1 
Host: www.xnjdtmky.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: __tins__19490865=%7B%22sid%22%3A%201547277182838%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201547278982838%7D; __51cke__=; __51laig__=3; __tins__19391302=%7B%22sid%22%3A%201547277182853%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201547278982853%7D; __tins__19358379=%7B%22sid%22%3A%201547277182860%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201547278982860%7D

                                         
                                         23.104.225.192
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx/1.10.2
Date: Sat, 12 Jan 2019 09:06:43 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.6.38
Strict-Transport-Security: max-age=15768000
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   560
Md5:    5d57764095aa1b55789f01d3dcb301e8
Sha1:   e540746722a7ceb57346796f595fdfd5ca0b7e05
Sha256: f0c94e57114d05bd25d5428982adf3eb452d3c73cd044c64850c2301d9b5c07d