ocsp.trust-provider.cn/
117.27.246.96 600 B IP 117.27.246.96:0
Hash dadcffa3f042b793e2de406f65dc20ea
d77a8836361ae88b624f4f7663519d217c27a15c
17cb96c0d1640fa50146a256eaed9d9ff1cc6eeb7299f4ec54c28b3a86be8d43
POST / HTTP/1.1
Host: ocsp.trust-provider.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: volc-dcdn
Content-Type: application/ocsp-response
Content-Length: 600
Connection: keep-alive
cache-control: max-age=3600
age: 1794
expires: Thu, 04 Apr 2024 00:30:47 GMT
date: Fri, 29 Mar 2024 08:24:45 GMT
etag: "d77a8836361ae88b624f4f7663519d217c27a15c"
x-frame-options: SAMEORIGIN
x-ccacdn-proxy-id: scdpinlb5
cf-cache-status: HIT
accept-ranges: bytes
cf-ray: 86b449580a465ddb-HKG
ctl-cache-status: HIT from hk-xianggang4-ca06, HIT from he-baoding2-ca02
last-modified: Thu, 28 Mar 2024 00:30:48 GMT
request-id: 66067acd281d995b0c240afe0948333b
via: n172-013-214.fzmp.ToB
x-request-ip: 91.90.42.154
x-tt-trace-tag: id=5
x-dsa-trace-id: 17117006857ae2bbe0d7e3659c98106b2ede09ad94
X-Dsa-Origin-Status: 200
server-timing: cdn-cache;desc=MISS, origin;dur=46, edge;dur=0
120.76.28.239200 OK 16 kB URL User Request GET HTTP/1.1 IP 120.76.28.239:80
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type JavaScript source, Unicode text, UTF-8 text, with CRLF, LF line terminators
Hash c0362ddb9249983d24f3c1d400359f21
94d284edd2a4c5d7217d363593b44daeeb1c227c
eb0e7bcf9b987a5ce783eed588ec08a4555b9ddad3d44b7e282f81d2a635a1ee
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /login.php/ HTTP/1.1
Host: 120.76.28.239
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 08:24:45 GMT
Server: Apache/2.4.18 (Win64) OpenSSL/1.0.1r PHP/5.6.18
X-Powered-By: PHP/5.6.18
Access-Control-Allow-Origin: *
Set-Cookie: PHPSESSID=42tll76a70od1gf5slajs1li72; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
120.76.28.239/login.php/js/userinfo.js
120.76.28.239200 OK 16 kB URL GET HTTP/1.1 120.76.28.239/login.php/js/userinfo.js
IP 120.76.28.239:80
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
Requested by http://120.76.28.239/login.php/
File type JavaScript source, Unicode text, UTF-8 text, with CRLF, LF line terminators
Hash c0362ddb9249983d24f3c1d400359f21
94d284edd2a4c5d7217d363593b44daeeb1c227c
eb0e7bcf9b987a5ce783eed588ec08a4555b9ddad3d44b7e282f81d2a635a1ee
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /login.php/js/userinfo.js HTTP/1.1
Host: 120.76.28.239
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://120.76.28.239/login.php/
Cookie: PHPSESSID=42tll76a70od1gf5slajs1li72
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 08:24:45 GMT
Server: Apache/2.4.18 (Win64) OpenSSL/1.0.1r PHP/5.6.18
X-Powered-By: PHP/5.6.18
Access-Control-Allow-Origin: *
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
120.76.28.239/login.php/css/type_style.css
120.76.28.239200 OK 16 kB URL GET HTTP/1.1 120.76.28.239/login.php/css/type_style.css
IP 120.76.28.239:80
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
Requested by http://120.76.28.239/login.php/
File type JavaScript source, Unicode text, UTF-8 text, with CRLF, LF line terminators
Hash c0362ddb9249983d24f3c1d400359f21
94d284edd2a4c5d7217d363593b44daeeb1c227c
eb0e7bcf9b987a5ce783eed588ec08a4555b9ddad3d44b7e282f81d2a635a1ee
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /login.php/css/type_style.css HTTP/1.1
Host: 120.76.28.239
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://120.76.28.239/login.php/
Cookie: PHPSESSID=42tll76a70od1gf5slajs1li72
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 08:24:45 GMT
Server: Apache/2.4.18 (Win64) OpenSSL/1.0.1r PHP/5.6.18
X-Powered-By: PHP/5.6.18
Access-Control-Allow-Origin: *
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
120.76.28.239/login.php/css/default-theme/jquery-ui-1.9.2.custom.min.css
120.76.28.239200 OK 16 kB URL GET HTTP/1.1 120.76.28.239/login.php/css/default-theme/jquery-ui-1.9.2.custom.min.css
IP 120.76.28.239:80
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
Requested by http://120.76.28.239/login.php/
File type JavaScript source, Unicode text, UTF-8 text, with CRLF, LF line terminators
Hash c0362ddb9249983d24f3c1d400359f21
94d284edd2a4c5d7217d363593b44daeeb1c227c
eb0e7bcf9b987a5ce783eed588ec08a4555b9ddad3d44b7e282f81d2a635a1ee
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /login.php/css/default-theme/jquery-ui-1.9.2.custom.min.css HTTP/1.1
Host: 120.76.28.239
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://120.76.28.239/login.php/
Cookie: PHPSESSID=42tll76a70od1gf5slajs1li72
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 08:24:45 GMT
Server: Apache/2.4.18 (Win64) OpenSSL/1.0.1r PHP/5.6.18
X-Powered-By: PHP/5.6.18
Access-Control-Allow-Origin: *
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
120.76.28.239/login.php/js/jquery-1.11.1.min.js
120.76.28.239200 OK 16 kB URL GET HTTP/1.1 120.76.28.239/login.php/js/jquery-1.11.1.min.js
IP 120.76.28.239:80
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
Requested by http://120.76.28.239/login.php/
File type JavaScript source, Unicode text, UTF-8 text, with CRLF, LF line terminators
Hash c0362ddb9249983d24f3c1d400359f21
94d284edd2a4c5d7217d363593b44daeeb1c227c
eb0e7bcf9b987a5ce783eed588ec08a4555b9ddad3d44b7e282f81d2a635a1ee
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /login.php/js/jquery-1.11.1.min.js HTTP/1.1
Host: 120.76.28.239
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://120.76.28.239/login.php/
Cookie: PHPSESSID=42tll76a70od1gf5slajs1li72
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 08:24:45 GMT
Server: Apache/2.4.18 (Win64) OpenSSL/1.0.1r PHP/5.6.18
X-Powered-By: PHP/5.6.18
Access-Control-Allow-Origin: *
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
120.76.28.239/login.php/js/css-pop.js
120.76.28.239200 OK 16 kB URL GET HTTP/1.1 120.76.28.239/login.php/js/css-pop.js
IP 120.76.28.239:80
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
Requested by http://120.76.28.239/login.php/
File type JavaScript source, Unicode text, UTF-8 text, with CRLF, LF line terminators
Hash c0362ddb9249983d24f3c1d400359f21
94d284edd2a4c5d7217d363593b44daeeb1c227c
eb0e7bcf9b987a5ce783eed588ec08a4555b9ddad3d44b7e282f81d2a635a1ee
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /login.php/js/css-pop.js HTTP/1.1
Host: 120.76.28.239
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://120.76.28.239/login.php/
Cookie: PHPSESSID=42tll76a70od1gf5slajs1li72
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 08:24:45 GMT
Server: Apache/2.4.18 (Win64) OpenSSL/1.0.1r PHP/5.6.18
X-Powered-By: PHP/5.6.18
Access-Control-Allow-Origin: *
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
120.76.28.239/login.php/js/jquery-ui-1.9.2.custom.min.js
120.76.28.239200 OK 16 kB URL GET HTTP/1.1 120.76.28.239/login.php/js/jquery-ui-1.9.2.custom.min.js
IP 120.76.28.239:80
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
Requested by http://120.76.28.239/login.php/
File type JavaScript source, Unicode text, UTF-8 text, with CRLF, LF line terminators
Hash c0362ddb9249983d24f3c1d400359f21
94d284edd2a4c5d7217d363593b44daeeb1c227c
eb0e7bcf9b987a5ce783eed588ec08a4555b9ddad3d44b7e282f81d2a635a1ee
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /login.php/js/jquery-ui-1.9.2.custom.min.js HTTP/1.1
Host: 120.76.28.239
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://120.76.28.239/login.php/
Cookie: PHPSESSID=42tll76a70od1gf5slajs1li72
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 08:24:45 GMT
Server: Apache/2.4.18 (Win64) OpenSSL/1.0.1r PHP/5.6.18
X-Powered-By: PHP/5.6.18
Access-Control-Allow-Origin: *
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
ocsp.trust-provider.cn/
117.27.246.96 600 B IP 117.27.246.96:0
Hash dadcffa3f042b793e2de406f65dc20ea
d77a8836361ae88b624f4f7663519d217c27a15c
17cb96c0d1640fa50146a256eaed9d9ff1cc6eeb7299f4ec54c28b3a86be8d43
POST / HTTP/1.1
Host: ocsp.trust-provider.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: volc-dcdn
Content-Type: application/ocsp-response
Content-Length: 600
Connection: keep-alive
age: 1796
x-ccacdn-proxy-id: scdpinlb5
cache-control: max-age=3600
cf-ray: 86b449580a465ddb-HKG
ctl-cache-status: HIT from hk-xianggang4-ca06, HIT from he-baoding2-ca02
etag: "d77a8836361ae88b624f4f7663519d217c27a15c"
expires: Thu, 04 Apr 2024 00:30:47 GMT
x-frame-options: SAMEORIGIN
request-id: 66067acf4c2bb9a65fd5df90749d278f
cf-cache-status: HIT
accept-ranges: bytes
date: Fri, 29 Mar 2024 08:24:47 GMT
last-modified: Thu, 28 Mar 2024 00:30:48 GMT
via: n172-013-214.fzmp.ToB
x-request-ip: 91.90.42.154
x-tt-trace-tag: id=5
x-dsa-trace-id: 17117006878e50feef672976d5d5ef8965f193a2c9
X-Dsa-Origin-Status: 200
server-timing: cdn-cache;desc=MISS, origin;dur=43, edge;dur=0
hm.baidu.com/h.js?bc39e74764250d79ffdc33b2d4fdded0
103.235.46.191200 OK 93 B URL GET HTTP/1.1 hm.baidu.com/h.js?bc39e74764250d79ffdc33b2d4fdded0
IP 103.235.46.191:443
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
Requested by http://120.76.28.239/login.php/
Certificate IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT
File type HTML document, ASCII text
Hash de3aafa89129408429f9230095f947bf
d971099d0e399d863e5d98535d0d76e856778676
367ab6ca297af2c1784664738e535c5a026f140e6c2725d15362b360127222da
GET /h.js?bc39e74764250d79ffdc33b2d4fdded0 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://120.76.28.239/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Location: https://hm.baidu.com/h.js?bc39e74764250d79ffdc33b2d4fdded0
Date: Fri, 29 Mar 2024 08:24:47 GMT
Content-Length: 93
Content-Type: text/html; charset=utf-8
hm.baidu.com/h.js?bc39e74764250d79ffdc33b2d4fdded0
103.235.46.191200 OK 11 kB URL GET HTTP/1.1 hm.baidu.com/h.js?bc39e74764250d79ffdc33b2d4fdded0
IP 103.235.46.191:443
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
Requested by http://120.76.28.239/login.php/
Certificate IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT
File type JavaScript source, ASCII text, with very long lines (618)
Hash 8c18b6469af17a3eb7fe29105736fe01
fc8cc8f9cbd1ed08404681d8b6797acbebab93c3
c838ce9b918d939f6db7dfcf938b5ddb2aa42a4ae7117a874f75669a999cea87
GET /h.js?bc39e74764250d79ffdc33b2d4fdded0 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://120.76.28.239/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11256
Content-Type: application/javascript
Date: Fri, 29 Mar 2024 08:24:48 GMT
Etag: 3c6bb9a8f3fbcaba5179968f749f2ade
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=F5FB0E1507257A06; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
120.76.28.239/images/favicon.ico
120.76.28.239200 OK 68 kB URL GET HTTP/1.1 120.76.28.239/images/favicon.ico
IP 120.76.28.239:80
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
Requested by http://120.76.28.239/login.php/
File type MS Windows icon resource - 1 icon, -128x-128, 32 bits/pixel
Hash 7295130c92a96c478ff87384d33ff77b
f57adf92fc2645766b2b3abe2c6cc3032b269104
aa15bcfe8915a14279fa7e0795f049f57eb2ba5863a01dfc024eed8efbe21ef6
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /images/favicon.ico HTTP/1.1
Host: 120.76.28.239
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://120.76.28.239/login.php/
Cookie: PHPSESSID=42tll76a70od1gf5slajs1li72
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 08:24:48 GMT
Server: Apache/2.4.18 (Win64) OpenSSL/1.0.1r PHP/5.6.18
Last-Modified: Tue, 06 Apr 2021 00:21:23 GMT
ETag: "1083e-5bf42cb4cf5ce"
Accept-Ranges: bytes
Content-Length: 67646
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/x-icon
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=581474593&si=bc39e74764250d79ffdc33b2d4fdded0&v=1.3.0&lv=1&sn=57559&r=0&ww=1280&u=http%3A%2F%2F120.76.28.239%2Flogin.php%2F&tt=GPS
103.235.46.191200 OK 43 B URL GET HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=581474593&si=bc39e74764250d79ffdc33b2d4fdded0&v=1.3.0&lv=1&sn=57559&r=0&ww=1280&u=http%3A%2F%2F120.76.28.239%2Flogin.php%2F&tt=GPS
IP 103.235.46.191:443
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
Requested by http://120.76.28.239/login.php/
Certificate IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT
File type GIF image data, version 89a, 1 x 1
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=581474593&si=bc39e74764250d79ffdc33b2d4fdded0&v=1.3.0&lv=1&sn=57559&r=0&ww=1280&u=http%3A%2F%2F120.76.28.239%2Flogin.php%2F&tt=GPS HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://120.76.28.239/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Fri, 29 Mar 2024 08:24:49 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=0762A91F4200D0A1; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
120.76.28.239/login.php/images/qr_365gps.png
120.76.28.239200 OK 18 kB URL GET HTTP/1.1 120.76.28.239/login.php/images/qr_365gps.png
IP 120.76.28.239:80
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
Requested by http://120.76.28.239/login.php/
Hash 37b60e9c1b7061cfc8402d13ff755ff0
64084c8d57664e642e2fc58bc408808e48a0ae99
e371d72663011f67e0923cac56a7fe811563080f1cc53742356137457b523f16
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /login.php/images/qr_365gps.png HTTP/1.1
Host: 120.76.28.239
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://120.76.28.239/login.php/
Cookie: PHPSESSID=42tll76a70od1gf5slajs1li72
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 29 Mar 2024 08:24:46 GMT
Server: Apache/2.4.18 (Win64) OpenSSL/1.0.1r PHP/5.6.18
X-Powered-By: PHP/5.6.18
Access-Control-Allow-Origin: *
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8