Report - 124.70.110.235:9090/SubPlat_ysfri/platform/showPlatform.ins

Report Overview

Visited public
2023-11-20 11:20:40
Tags
URL
124.70.110.235:9090/SubPlat_ysfri/platform/showPlatform.ins
Finishing URL
124.70.110.235:9090/SubPlat_ysfri/platform/showPlatform.ins
IP / ASN
124.70.110.235
#55990 Huawei Cloud Service data center
Title
平台简介

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
124.70.110.235:9090	unknown	unknown	No data	No data	9.8 kB	1.2 MB	124.70.110.235
124.70.110.235:9091	unknown	unknown	No data	No data	698 B	2.1 kB	124.70.110.235
api.map.baidu.com	15559	1999-10-11	2014-07-17 12:32:55	2023-11-20 04:03:32	1.1 kB	42 kB	103.235.46.245
miao.baidu.com	26288	1999-10-11	2019-11-28 10:22:38	2023-11-19 13:29:23	2.3 kB	2.4 kB	153.3.237.19
dlswbr.baidu.com	27276	1999-10-11	2018-01-20 12:27:17	2023-11-20 04:03:38	423 B	56 kB	125.74.42.35

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-11-20	medium	124.70.110.235	Sinkholed
2023-11-20	medium	124.70.110.235	Sinkholed
2023-11-20	medium	124.70.110.235	Sinkholed
2023-11-20	medium	124.70.110.235	Sinkholed
2023-11-20	medium	124.70.110.235	Sinkholed
2023-11-20	medium	124.70.110.235	Sinkholed
2023-11-20	medium	124.70.110.235	Sinkholed
2023-11-20	medium	124.70.110.235	Sinkholed
2023-11-20	medium	124.70.110.235	Sinkholed
2023-11-20	medium	124.70.110.235	Sinkholed
2023-11-20	medium	124.70.110.235	Sinkholed
2023-11-20	medium	124.70.110.235	Sinkholed
2023-11-20	medium	124.70.110.235	Sinkholed
2023-11-20	medium	124.70.110.235	Sinkholed
2023-11-20	medium	124.70.110.235	Sinkholed
2023-11-20	medium	124.70.110.235	Sinkholed
2023-11-20	medium	124.70.110.235	Sinkholed
2023-11-20	medium	124.70.110.235	Sinkholed
2023-11-20	medium	124.70.110.235	Sinkholed
2023-11-20	medium	124.70.110.235	Sinkholed
2023-11-20	medium	124.70.110.235	Sinkholed
2023-11-20	medium	124.70.110.235	Sinkholed
2023-11-20	medium	124.70.110.235	Sinkholed

ThreatFox

No alerts detected

JavaScript (13)

	URL	From	Size	First Seen	Last Seen
	unknown	Function	26 B	2023-04-11	2025-06-05
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:13 Last Seen2025-06-05 19:32 Times Seen129519 Hash 1c862db5f2555377c2dc1e62ed7b3981 c29e6dc25c08a70995127ec13ded6f80d9a36174 27d373a6961f797edf69a80f7f24877ef85c2fc4f9f770b2540b1bf5e66823ac Loading...

	124.70.110.235:9090/SubPlat_ysfri/platform/showPlatform.ins	ScriptElement	0 B	0001-01-01	2025-06-05
Pretty URL 124.70.110.235:9090/SubPlat_ysfri/platform/showPlatform.ins IP 124.70.110.235 ASN #55990 Huawei Cloud Service data center Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-06-05 19:44 Times Seen4856219 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	api.map.baidu.com/getscript?v=1.5&ak=&services=&t=20220919035045	ScriptElement	150 kB	2023-11-20	2023-11-20
Pretty URL api.map.baidu.com/getscript?v=1.5&ak=&services=&t=20220919035045 IP 103.235.46.245 ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-20 12:20 Last Seen2023-11-20 12:20 Times Seen1 Hash 7b645f86859df704c58bab5aabd6edcf 4e236aa59a454c58dd2a43be1538603ac0928691 9abaf3db9491b564f13290ca72f579d47d849ca3b24b36220868af7dc0ebc46c Loading...

	124.70.110.235:9090/SubPlat_ysfri/js/h.js?v=21	ScriptElement	777 B	2023-11-20	2023-11-20
Pretty URL 124.70.110.235:9090/SubPlat_ysfri/js/h.js?v=21 IP 124.70.110.235 ASN #55990 Huawei Cloud Service data center Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-20 12:20 Last Seen2023-11-20 12:20 Times Seen1 Hash 3d66ba10736b14c3b0b12db640301d7e f5361030895d99898e1dcee08e4f6a4838abb32d ab7529115e8a4ed10d2f10b63af13b283a5208835f8a8ea0f21daa4019c23343 Loading...

	124.70.110.235:9090/SubPlat_ysfri/public/js/jquery.SuperSlide.2.1.3.js	ScriptElement	12 kB	2023-04-06	2025-06-04
Pretty URL 124.70.110.235:9090/SubPlat_ysfri/public/js/jquery.SuperSlide.2.1.3.js IP 124.70.110.235 ASN #55990 Huawei Cloud Service data center Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-06 17:38 Last Seen2025-06-04 02:02 Times Seen276 Hash 7759faa518e2bcb3982765e1450e8a01 c8589017e7ee9a6d1b2f6cb98476a162429ef526 9bdee38b7059922e4aee8d466b7317e8365014c7267a9dc8fb6d0a78f60dc099 Loading...

	api.map.baidu.com/api?v=1.5	ScriptElement	206 B	2023-11-20	2023-11-20
Pretty URL api.map.baidu.com/api?v=1.5 IP 103.235.46.245 ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-20 12:20 Last Seen2023-11-20 12:20 Times Seen1 Hash c5be3389fca5e1fc6f603c5527b1ebd8 e0909884eb39de0a9f3e46536cdf3272b96d421a 03b6a051b38f6f8c5c8d160e868ec55c286e51ce86965a2abb9977961445baa9 Loading...

	124.70.110.235:9090/SubPlat_ysfri/platform/showPlatform.ins	ScriptElement	0 B	0001-01-01	2025-06-05
Pretty URL 124.70.110.235:9090/SubPlat_ysfri/platform/showPlatform.ins IP 124.70.110.235 ASN #55990 Huawei Cloud Service data center Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-06-05 19:44 Times Seen4856219 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	124.70.110.235:9090/SubPlat_ysfri/secondjs/ijmqluery.js	ScriptElement	92 kB	2023-11-20	2023-11-20
Pretty URL 124.70.110.235:9090/SubPlat_ysfri/secondjs/ijmqluery.js IP 124.70.110.235 ASN #55990 Huawei Cloud Service data center Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-20 12:20 Last Seen2023-11-20 12:20 Times Seen1 Hash 1d353d54c3966e7cdfedf5dbd9e72122 5447532170bfbf8a14ba8f724b5bbe491ff97879 2ae163c7a4374450ead8d292f2e09fea8171016f40ca304bde407799fd0a08f6 Loading...

	miao.baidu.com/e.js	ScriptElement	305 B	2023-11-20	2023-11-20
Pretty URL miao.baidu.com/e.js IP 153.3.237.19 ASN #4837 CHINA UNICOM China169 Backbone Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-20 12:20 Last Seen2023-11-20 12:20 Times Seen1 Hash 2fa7d009ad37c3c04dba8ae0ed6ef7c1 339f2d761e70f9f122f1262e2c0d8fd883bd18f6 825c13fcd712627798a55a376b5c2e83968a9a168060da0fda01fa763376b6d1 Loading...

	dlswbr.baidu.com/heicha/mw/abclite-2059-s.js	ScriptElement	194 kB	2024-08-20	2024-08-20
Pretty URL dlswbr.baidu.com/heicha/mw/abclite-2059-s.js IP 125.74.42.35 ASN #4134 Chinanet Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 18:40 Last Seen2024-08-20 18:40 Times Seen1 Hash faacfbc14c6e4a25fdf5437ca5590a8e d23df029c378dd35bb0bf829c673572369c6987c 058adb2bcdd47c7a85b284bafce5a44945cf63a81b1eeba7d2f95349ce2cc53a Loading...

	unknown	Function	96 kB	2023-11-18	2025-06-05
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-11-18 06:33 Last Seen2025-06-05 08:50 Times Seen1776 Hash 7e63f5ef25d4e579205e0a375e7ed099 a9f7333e59057489a7b5f686ce507b7e144a0cf8 1d15a2842bae92c0146f783bcd053a927a9869df9a12a2f7bb9d879815348471 Loading...

	124.70.110.235:9090/SubPlat_ysfri/public/lib/layui/layui.all.js	ScriptElement	282 kB	2023-05-25	2025-03-11
Pretty URL 124.70.110.235:9090/SubPlat_ysfri/public/lib/layui/layui.all.js IP 124.70.110.235 ASN #55990 Huawei Cloud Service data center Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-25 04:54 Last Seen2025-03-11 05:47 Times Seen11 Hash 63803734d909a0f3c9987f0c4d5014c1 cc4a3181baad84bb528cfc844449d45956ee9739 46bc6c1e3fe7e50c654abc636a390e29019a0dcca681a696cbd46b33f29d600f Loading...

		Size	First Seen	Last Seen
	#1 Write - b1703f4b25f20701b3969282927c732a	118 B	2024-08-20 18:40	2024-08-20 18:40
Pretty Observations First Seen2024-08-20 18:40 Last Seen2024-08-20 18:40 Times Seen1 Hash b1703f4b25f20701b3969282927c732a 6d7d9f05a360a6897240760ea56712283686cdfc 63077d407ca0a89ccf503f726838850d3afeecd7c940c0bcfce996372653d016 Loading...

HTTP Transactions (30)

URL IP Response Size

124.70.110.235:9090/SubPlat_ysfri/platform/showPlatform.ins

124.70.110.235

200 OK

11 kB

URL User Request GET HTTP/1.1
124.70.110.235:9090/SubPlat_ysfri/platform/showPlatform.ins
IP
124.70.110.235:9090
ASN
#55990 Huawei Cloud Service data center

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1043), with CRLF line terminators
Size
11 kB (11057 bytes)
Hash
b900fbeeb055068affdb809bae425a91
c2a78dadbc7c8269353d2fa8cab9b24adef209ed
4a7cc8243f6ddd6e9bbfebfc687b97bd887f88390796047cded1bc4b59baccfa

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /SubPlat_ysfri/platform/showPlatform.ins HTTP/1.1
Host: 124.70.110.235:9090
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=8095D8DB19665425BDCBA9361C5A54C2; Path=/SubPlat_ysfri; HttpOnly
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Transfer-Encoding: chunked
Date: Mon, 20 Nov 2023 11:20:22 GMT

124.70.110.235:9090/SubPlat_ysfri/secondcss/main_context.css

124.70.110.235

200 OK

667 B

URL GET HTTP/1.1
124.70.110.235:9090/SubPlat_ysfri/secondcss/main_context.css
IP
124.70.110.235:9090
ASN
#55990 Huawei Cloud Service data center

Requested by
http://124.70.110.235:9090/SubPlat_ysfri/platform/showPlatform.ins

File type
ASCII text, with CRLF line terminators
Size
667 B (667 bytes)
Hash
07a586c73498ea5f58ba8190aebb4a3d
06255ed1602d8bba16ba856a68b2dff2e927c1bb
a5ab5b992d250c3a347827d812c3dd2165baf491d107f11c06310edb77f2fd2a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /SubPlat_ysfri/secondcss/main_context.css HTTP/1.1
Host: 124.70.110.235:9090
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://124.70.110.235:9090/SubPlat_ysfri/platform/showPlatform.ins
Cookie: JSESSIONID=8095D8DB19665425BDCBA9361C5A54C2
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Accept-Ranges: bytes
ETag: W/"667-1645543684000"
Last-Modified: Tue, 22 Feb 2022 15:28:04 GMT
Content-Type: text/css
Content-Length: 667
Date: Mon, 20 Nov 2023 11:20:22 GMT

124.70.110.235:9090/SubPlat_ysfri/public/js/jquery.SuperSlide.2.1.3.js

124.70.110.235

200 OK

12 kB

URL GET HTTP/1.1
124.70.110.235:9090/SubPlat_ysfri/public/js/jquery.SuperSlide.2.1.3.js
IP
124.70.110.235:9090
ASN
#55990 Huawei Cloud Service data center

Requested by
http://124.70.110.235:9090/SubPlat_ysfri/platform/showPlatform.ins

File type
Unicode text, UTF-8 text, with very long lines (11467), with CRLF line terminators
Size
12 kB (11949 bytes)
Hash
4b4b358da0ad2c682e6fbb3c2428e583
8c5242fc5ba95585e15a16c84f7f43172e6779ae
1d6f3374e6585f541d143d936c0b264b2104d53a9108bcf81d66e895d03287e0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /SubPlat_ysfri/public/js/jquery.SuperSlide.2.1.3.js HTTP/1.1
Host: 124.70.110.235:9090
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://124.70.110.235:9090/SubPlat_ysfri/platform/showPlatform.ins
Cookie: JSESSIONID=8095D8DB19665425BDCBA9361C5A54C2
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Accept-Ranges: bytes
ETag: W/"11949-1645543684000"
Last-Modified: Tue, 22 Feb 2022 15:28:04 GMT
Content-Type: application/javascript
Content-Length: 11949
Date: Mon, 20 Nov 2023 11:20:22 GMT

124.70.110.235:9090/SubPlat_ysfri/js/h.js?v=21

124.70.110.235

200 OK

777 B

URL GET HTTP/1.1
124.70.110.235:9090/SubPlat_ysfri/js/h.js?v=21
IP
124.70.110.235:9090
ASN
#55990 Huawei Cloud Service data center

Requested by
http://124.70.110.235:9090/SubPlat_ysfri/platform/showPlatform.ins

File type
Unicode text, UTF-8 text, with CRLF line terminators
Size
777 B (777 bytes)
Hash
3d66ba10736b14c3b0b12db640301d7e
f5361030895d99898e1dcee08e4f6a4838abb32d
ab7529115e8a4ed10d2f10b63af13b283a5208835f8a8ea0f21daa4019c23343

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /SubPlat_ysfri/js/h.js?v=21 HTTP/1.1
Host: 124.70.110.235:9090
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://124.70.110.235:9090/SubPlat_ysfri/platform/showPlatform.ins
Cookie: JSESSIONID=8095D8DB19665425BDCBA9361C5A54C2
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Accept-Ranges: bytes
ETag: W/"777-1696648215064"
Last-Modified: Sat, 07 Oct 2023 03:10:15 GMT
Content-Type: application/javascript
Content-Length: 777
Date: Mon, 20 Nov 2023 11:20:22 GMT

124.70.110.235:9090/SubPlat_ysfri/secondcss/common.css

124.70.110.235

200 OK

3.1 kB

URL GET HTTP/1.1
124.70.110.235:9090/SubPlat_ysfri/secondcss/common.css
IP
124.70.110.235:9090
ASN
#55990 Huawei Cloud Service data center

Requested by
http://124.70.110.235:9090/SubPlat_ysfri/platform/showPlatform.ins

File type
ASCII text, with CRLF line terminators
Size
3.1 kB (3070 bytes)
Hash
0a4779b3a77e3d13fa22a7f9f3ba7596
aab8f5bd5434bb36f15fd49f7ea429ce357e1a43
2d5f2a9b5dd25424d59ddbbb15040dfa3ead9b2777a408e91159d0c77fea3fe8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /SubPlat_ysfri/secondcss/common.css HTTP/1.1
Host: 124.70.110.235:9090
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://124.70.110.235:9090/SubPlat_ysfri/platform/showPlatform.ins
Cookie: JSESSIONID=8095D8DB19665425BDCBA9361C5A54C2
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Accept-Ranges: bytes
ETag: W/"3070-1645543684000"
Last-Modified: Tue, 22 Feb 2022 15:28:04 GMT
Content-Type: text/css
Content-Length: 3070
Date: Mon, 20 Nov 2023 11:20:23 GMT

124.70.110.235:9091/SubPlat_ZgKd/secondjs/jquery.js

124.70.110.235

404 Not Found

763 B

URL GET HTTP/1.1
124.70.110.235:9091/SubPlat_ZgKd/secondjs/jquery.js
IP
124.70.110.235:9091
ASN
#55990 Huawei Cloud Service data center

Requested by
http://124.70.110.235:9090/SubPlat_ysfri/platform/showPlatform.ins

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (743), with no line terminators
Size
763 B (763 bytes)
Hash
e0ddf2628db07e61b8f912f8d9dbca7b
fdb9b2faa4d17af8f7610e30a43e253bb96d10ac
94e4d8f37edcaad00fc98c9c8aa54762249a29709ee1524c6b5eb1de9565544d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /SubPlat_ZgKd/secondjs/jquery.js HTTP/1.1
Host: 124.70.110.235:9091
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://124.70.110.235:9090/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: Apache-Coyote/1.1
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Type: text/html;charset=utf-8
Content-Language: en
Content-Length: 763
Date: Mon, 20 Nov 2023 11:20:23 GMT

124.70.110.235:9090/SubPlat_ysfri/secondcss/introduction.css

124.70.110.235

200 OK

1.9 kB

URL GET HTTP/1.1
124.70.110.235:9090/SubPlat_ysfri/secondcss/introduction.css
IP
124.70.110.235:9090
ASN
#55990 Huawei Cloud Service data center

Requested by
http://124.70.110.235:9090/SubPlat_ysfri/platform/showPlatform.ins

File type
ASCII text, with CRLF line terminators
Size
1.9 kB (1890 bytes)
Hash
998532c990102cfcbfb2689d4790b55b
58a5a2455158ffedddc6e5af4f613fe26e0b5ed1
8bec4a9b631265a61b12feb5651e86f7d3791e08513c2b04703a376457974dc5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /SubPlat_ysfri/secondcss/introduction.css HTTP/1.1
Host: 124.70.110.235:9090
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://124.70.110.235:9090/SubPlat_ysfri/platform/showPlatform.ins
Cookie: JSESSIONID=8095D8DB19665425BDCBA9361C5A54C2
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Accept-Ranges: bytes
ETag: W/"1890-1645543686000"
Last-Modified: Tue, 22 Feb 2022 15:28:06 GMT
Content-Type: text/css
Content-Length: 1890
Date: Mon, 20 Nov 2023 11:20:23 GMT

api.map.baidu.com/api?v=1.5

103.235.46.245

200 OK

206 B

URL GET HTTP/1.1
api.map.baidu.com/api?v=1.5
IP
103.235.46.245:80
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

Requested by
http://124.70.110.235:9090/SubPlat_ysfri/platform/showPlatform.ins

File type
HTML document, ASCII text, with no line terminators
Size
206 B (206 bytes)
Hash
c5be3389fca5e1fc6f603c5527b1ebd8
e0909884eb39de0a9f3e46536cdf3272b96d421a
03b6a051b38f6f8c5c8d160e868ec55c286e51ce86965a2abb9977961445baa9

HTTP Headers

GET /api?v=1.5 HTTP/1.1
Host: api.map.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://124.70.110.235:9090/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Connection: keep-alive
Content-Length: 206
Content-Type: text/javascript;charset=utf-8
Date: Mon, 20 Nov 2023 11:20:23 GMT
Expires: Tue, 21 Nov 2023 11:20:23 GMT
Http_x_bd_logid: 1223384222
Http_x_bd_logid64: 1223384902419777802
Http_x_bd_product: map
Http_x_bd_subsys: apimap
P3p: CP=" OTI DSP COR IVA OUR IND COM ", CP=" OTI DSP COR IVA OUR IND COM "
Server: apache
Set-Cookie: BAIDUID=A24D1F8B66DD66F51654733BC6B08F4B:FG=1; expires=Tue, 19-Nov-24 11:20:23 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1
BAIDUID=B8FB23E1114C0D21A04DC69BBDC50413:FG=1; expires=Tue, 19-Nov-24 11:20:23 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1
Tracecode: 12233842222538152970112019

124.70.110.235:9090/SubPlat_ysfri/secondjs/ijmqluery.js

124.70.110.235

200 OK

92 kB

URL GET HTTP/1.1
124.70.110.235:9090/SubPlat_ysfri/secondjs/ijmqluery.js
IP
124.70.110.235:9090
ASN
#55990 Huawei Cloud Service data center

Requested by
http://124.70.110.235:9090/SubPlat_ysfri/platform/showPlatform.ins

File type
HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (65504), with CRLF line terminators
Size
92 kB (92532 bytes)
Hash
1d353d54c3966e7cdfedf5dbd9e72122
5447532170bfbf8a14ba8f724b5bbe491ff97879
2ae163c7a4374450ead8d292f2e09fea8171016f40ca304bde407799fd0a08f6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /SubPlat_ysfri/secondjs/ijmqluery.js HTTP/1.1
Host: 124.70.110.235:9090
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://124.70.110.235:9090/SubPlat_ysfri/platform/showPlatform.ins
Cookie: JSESSIONID=8095D8DB19665425BDCBA9361C5A54C2
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Accept-Ranges: bytes
ETag: W/"92532-1645543684000"
Last-Modified: Tue, 22 Feb 2022 15:28:04 GMT
Content-Type: application/javascript
Content-Length: 92532
Date: Mon, 20 Nov 2023 11:20:22 GMT

124.70.110.235:9090/SubPlat_ysfri/public/lib/layui/css/layui.css

124.70.110.235

200 OK

98 kB

URL GET HTTP/1.1
124.70.110.235:9090/SubPlat_ysfri/public/lib/layui/css/layui.css
IP
124.70.110.235:9090
ASN
#55990 Huawei Cloud Service data center

Requested by
http://124.70.110.235:9090/SubPlat_ysfri/platform/showPlatform.ins

File type
ASCII text, with very long lines (733), with CRLF, CR line terminators
Size
98 kB (97763 bytes)
Hash
cf0410afce1901be709255908412033f
89ac252dcbc9a468a4d8724d92a4d2558d10dcd9
3d1451e0bfdfd83408e5df44518689fa194ae6bce87a62c4285f876ad33e44be

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /SubPlat_ysfri/public/lib/layui/css/layui.css HTTP/1.1
Host: 124.70.110.235:9090
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://124.70.110.235:9090/SubPlat_ysfri/platform/showPlatform.ins
Cookie: JSESSIONID=8095D8DB19665425BDCBA9361C5A54C2
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Accept-Ranges: bytes
ETag: W/"97763-1645543684000"
Last-Modified: Tue, 22 Feb 2022 15:28:04 GMT
Content-Type: text/css
Content-Length: 97763
Date: Mon, 20 Nov 2023 11:20:22 GMT

124.70.110.235:9090/SubPlat_ysfri/public/css/app.css

124.70.110.235

200 OK

16 kB

URL GET HTTP/1.1
124.70.110.235:9090/SubPlat_ysfri/public/css/app.css
IP
124.70.110.235:9090
ASN
#55990 Huawei Cloud Service data center

Requested by
http://124.70.110.235:9090/SubPlat_ysfri/platform/showPlatform.ins

File type
ASCII text, with CRLF line terminators
Size
16 kB (16157 bytes)
Hash
ead92e115ce066cd5ad2f93824579c53
34b7f0ad2821e4451ef91bd421f4460fd9d3e850
9e2817ea35c7ef120c76f536181c75367a386fe6940c83af44228553a94124f5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /SubPlat_ysfri/public/css/app.css HTTP/1.1
Host: 124.70.110.235:9090
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://124.70.110.235:9090/SubPlat_ysfri/platform/showPlatform.ins
Cookie: JSESSIONID=8095D8DB19665425BDCBA9361C5A54C2
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Accept-Ranges: bytes
ETag: W/"16157-1645543684000"
Last-Modified: Tue, 22 Feb 2022 15:28:04 GMT
Content-Type: text/css
Content-Length: 16157
Date: Mon, 20 Nov 2023 11:20:22 GMT

124.70.110.235:9090/SubPlat_ysfri/public/lib/layui/layui.all.js

124.70.110.235

200 OK

282 kB

URL GET HTTP/1.1
124.70.110.235:9090/SubPlat_ysfri/public/lib/layui/layui.all.js
IP
124.70.110.235:9090
ASN
#55990 Huawei Cloud Service data center

Requested by
http://124.70.110.235:9090/SubPlat_ysfri/platform/showPlatform.ins

File type
Unicode text, UTF-8 text, with very long lines (65130), with CRLF line terminators
Size
282 kB (281897 bytes)
Hash
63803734d909a0f3c9987f0c4d5014c1
cc4a3181baad84bb528cfc844449d45956ee9739
46bc6c1e3fe7e50c654abc636a390e29019a0dcca681a696cbd46b33f29d600f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /SubPlat_ysfri/public/lib/layui/layui.all.js HTTP/1.1
Host: 124.70.110.235:9090
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://124.70.110.235:9090/SubPlat_ysfri/platform/showPlatform.ins
Cookie: JSESSIONID=8095D8DB19665425BDCBA9361C5A54C2
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Accept-Ranges: bytes
ETag: W/"281897-1645543686000"
Last-Modified: Tue, 22 Feb 2022 15:28:06 GMT
Content-Type: application/javascript
Content-Length: 281897
Date: Mon, 20 Nov 2023 11:20:22 GMT

124.70.110.235:9090/SubPlat_ysfri/secondimages/other_icon/3.png

124.70.110.235

200 OK

2.8 kB

URL GET HTTP/1.1
124.70.110.235:9090/SubPlat_ysfri/secondimages/other_icon/3.png
IP
124.70.110.235:9090
ASN
#55990 Huawei Cloud Service data center

Requested by
http://124.70.110.235:9090/SubPlat_ysfri/platform/showPlatform.ins

File type
PNG image data, 54 x 54, 8-bit/color RGBA, non-interlaced\012- data
Size
2.8 kB (2787 bytes)
Hash
421b7a9da8b59a26cf8c53cb5c18cc19
7d520022debaf810d1591f799a9f194dc5de8230
dc116d90c6e6b65fb4bf3742ba545b89efa6f8a64b689997a532a229f0e9fa08

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /SubPlat_ysfri/secondimages/other_icon/3.png HTTP/1.1
Host: 124.70.110.235:9090
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://124.70.110.235:9090/SubPlat_ysfri/platform/showPlatform.ins
Cookie: JSESSIONID=8095D8DB19665425BDCBA9361C5A54C2
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Accept-Ranges: bytes
ETag: W/"2787-1645543684000"
Last-Modified: Tue, 22 Feb 2022 15:28:04 GMT
Content-Type: image/png
Content-Length: 2787
Date: Mon, 20 Nov 2023 11:20:25 GMT

124.70.110.235:9090/SubPlat_ysfri/secondimages/other_icon/1.png

124.70.110.235

200 OK

2.5 kB

URL GET HTTP/1.1
124.70.110.235:9090/SubPlat_ysfri/secondimages/other_icon/1.png
IP
124.70.110.235:9090
ASN
#55990 Huawei Cloud Service data center

Requested by
http://124.70.110.235:9090/SubPlat_ysfri/platform/showPlatform.ins

File type
PNG image data, 54 x 54, 8-bit/color RGBA, non-interlaced\012- data
Size
2.5 kB (2533 bytes)
Hash
06e128427b9f5929feedcd8d4a0fca45
798929871a63dd2c091fed697f91781e3ccd4a3c
3586d27a70b71e744e073c82e7cbc4be89aa3278f07253c099f6cd29a6dc08fd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /SubPlat_ysfri/secondimages/other_icon/1.png HTTP/1.1
Host: 124.70.110.235:9090
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://124.70.110.235:9090/SubPlat_ysfri/platform/showPlatform.ins
Cookie: JSESSIONID=8095D8DB19665425BDCBA9361C5A54C2
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Accept-Ranges: bytes
ETag: W/"2533-1645543684000"
Last-Modified: Tue, 22 Feb 2022 15:28:04 GMT
Content-Type: image/png
Content-Length: 2533
Date: Mon, 20 Nov 2023 11:20:25 GMT

124.70.110.235:9090/SubPlat_ysfri/secondimages/other_icon/4.png

124.70.110.235

200 OK

1.7 kB

URL GET HTTP/1.1
124.70.110.235:9090/SubPlat_ysfri/secondimages/other_icon/4.png
IP
124.70.110.235:9090
ASN
#55990 Huawei Cloud Service data center

Requested by
http://124.70.110.235:9090/SubPlat_ysfri/platform/showPlatform.ins

File type
PNG image data, 54 x 54, 8-bit/color RGBA, non-interlaced\012- data
Size
1.7 kB (1706 bytes)
Hash
0501969ab85f24f96acd134f62753f9e
ea77b871ca8338cd1d8c8d7f9fa317f7fe48bd2e
e372239b47cce5cf4b945066b2a86d3d29a48e947a338f1b1d13d57f9f046b66

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /SubPlat_ysfri/secondimages/other_icon/4.png HTTP/1.1
Host: 124.70.110.235:9090
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://124.70.110.235:9090/SubPlat_ysfri/platform/showPlatform.ins
Cookie: JSESSIONID=8095D8DB19665425BDCBA9361C5A54C2
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Accept-Ranges: bytes
ETag: W/"1706-1645543686000"
Last-Modified: Tue, 22 Feb 2022 15:28:06 GMT
Content-Type: image/png
Content-Length: 1706
Date: Mon, 20 Nov 2023 11:20:25 GMT

124.70.110.235:9090/SubPlat_ysfri/secondimages/other_icon/2.png

124.70.110.235

200 OK

2.5 kB

URL GET HTTP/1.1
124.70.110.235:9090/SubPlat_ysfri/secondimages/other_icon/2.png
IP
124.70.110.235:9090
ASN
#55990 Huawei Cloud Service data center

Requested by
http://124.70.110.235:9090/SubPlat_ysfri/platform/showPlatform.ins

File type
PNG image data, 54 x 54, 8-bit/color RGBA, non-interlaced\012- data
Size
2.5 kB (2503 bytes)
Hash
5d4bfb790afe2146d93adcb397193331
c2e396dea328d63507bc1580aea2a7d2df9e1538
6ab15d8e580a9c5bf2c1207cbb9b4b1c07698f5fad2df269b9d0a0cef583347d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /SubPlat_ysfri/secondimages/other_icon/2.png HTTP/1.1
Host: 124.70.110.235:9090
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://124.70.110.235:9090/SubPlat_ysfri/platform/showPlatform.ins
Cookie: JSESSIONID=8095D8DB19665425BDCBA9361C5A54C2
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Accept-Ranges: bytes
ETag: W/"2503-1645543684000"
Last-Modified: Tue, 22 Feb 2022 15:28:04 GMT
Content-Type: image/png
Content-Length: 2503
Date: Mon, 20 Nov 2023 11:20:25 GMT

124.70.110.235:9090/SubPlat_ysfri/public/lib/layui/css/modules/laydate/default/laydate.css?v=5.0.9

124.70.110.235

200 OK

7.5 kB

URL GET HTTP/1.1
124.70.110.235:9090/SubPlat_ysfri/public/lib/layui/css/modules/laydate/default/laydate.css?v=5.0.9
IP
124.70.110.235:9090
ASN
#55990 Huawei Cloud Service data center

Requested by
http://124.70.110.235:9090/SubPlat_ysfri/platform/showPlatform.ins

File type
ASCII text, with very long lines (7480), with CRLF line terminators
Size
7.5 kB (7538 bytes)
Hash
5daebf040b85af721dec500f8c5e09b0
56c547fe96c0169e161ead258de0965f2696b777
b9f8db0b82ccbd61eb83db9e4a83dbbde8a960ef414a405f6c85c88095969e48

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /SubPlat_ysfri/public/lib/layui/css/modules/laydate/default/laydate.css?v=5.0.9 HTTP/1.1
Host: 124.70.110.235:9090
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://124.70.110.235:9090/SubPlat_ysfri/platform/showPlatform.ins
Cookie: JSESSIONID=8095D8DB19665425BDCBA9361C5A54C2
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Accept-Ranges: bytes
ETag: W/"7538-1645543684000"
Last-Modified: Tue, 22 Feb 2022 15:28:04 GMT
Content-Type: text/css
Content-Length: 7538
Date: Mon, 20 Nov 2023 11:20:25 GMT

124.70.110.235:9090/SubPlat_ysfri/public/lib/layui/css/modules/code.css

124.70.110.235

200 OK

1.1 kB

URL GET HTTP/1.1
124.70.110.235:9090/SubPlat_ysfri/public/lib/layui/css/modules/code.css
IP
124.70.110.235:9090
ASN
#55990 Huawei Cloud Service data center

Requested by
http://124.70.110.235:9090/SubPlat_ysfri/platform/showPlatform.ins

File type
ASCII text, with very long lines (1006), with CRLF line terminators
Size
1.1 kB (1064 bytes)
Hash
7d4447b87f348835af8214625c4a66bf
9db85ce4904de5c049721f14d68264110a927972
421a9f442676357b452c011ef20b1e804a7ab5e3c7faebb6dbcd29f75e807952

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /SubPlat_ysfri/public/lib/layui/css/modules/code.css HTTP/1.1
Host: 124.70.110.235:9090
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://124.70.110.235:9090/SubPlat_ysfri/platform/showPlatform.ins
Cookie: JSESSIONID=8095D8DB19665425BDCBA9361C5A54C2
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Accept-Ranges: bytes
ETag: W/"1064-1645543684000"
Last-Modified: Tue, 22 Feb 2022 15:28:04 GMT
Content-Type: text/css
Content-Length: 1064
Date: Mon, 20 Nov 2023 11:20:25 GMT

124.70.110.235:9090/SubPlat_ysfri/public/lib/layui/css/modules/layer/default/layer.css?v=3.1.1

124.70.110.235

200 OK

14 kB

URL GET HTTP/1.1
124.70.110.235:9090/SubPlat_ysfri/public/lib/layui/css/modules/layer/default/layer.css?v=3.1.1
IP
124.70.110.235:9090
ASN
#55990 Huawei Cloud Service data center

Requested by
http://124.70.110.235:9090/SubPlat_ysfri/platform/showPlatform.ins

File type
ASCII text, with very long lines (14368), with CRLF line terminators
Size
14 kB (14426 bytes)
Hash
ec72be2a3f17ef15406fd36979438a6a
0bf9390c780188ab0aadcf66fe407aec8fd20c4e
7c1ab963d329506f1baf7aa6babc01472571d21f7c6830136e4433c61b5ca129

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /SubPlat_ysfri/public/lib/layui/css/modules/layer/default/layer.css?v=3.1.1 HTTP/1.1
Host: 124.70.110.235:9090
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://124.70.110.235:9090/SubPlat_ysfri/platform/showPlatform.ins
Cookie: JSESSIONID=8095D8DB19665425BDCBA9361C5A54C2
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Accept-Ranges: bytes
ETag: W/"14426-1645543684000"
Last-Modified: Tue, 22 Feb 2022 15:28:04 GMT
Content-Type: text/css
Content-Length: 14426
Date: Mon, 20 Nov 2023 11:20:25 GMT

api.map.baidu.com/getscript?v=1.5&ak=&services=&t=20220919035045

103.235.46.245

200 OK

39 kB

URL GET HTTP/1.1
api.map.baidu.com/getscript?v=1.5&ak=&services=&t=20220919035045
IP
103.235.46.245:80
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

Requested by
http://124.70.110.235:9090/SubPlat_ysfri/platform/showPlatform.ins

File type
ASCII text, with very long lines (65536), with no line terminators
Size
39 kB (39242 bytes)
Hash
7b645f86859df704c58bab5aabd6edcf
4e236aa59a454c58dd2a43be1538603ac0928691
9abaf3db9491b564f13290ca72f579d47d849ca3b24b36220868af7dc0ebc46c

HTTP Headers

GET /getscript?v=1.5&ak=&services=&t=20220919035045 HTTP/1.1
Host: api.map.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://124.70.110.235:9090/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/javascript;charset=utf-8
Date: Mon, 20 Nov 2023 11:20:25 GMT
Expires: Tue, 21 Nov 2023 11:20:25 GMT
Http_x_bd_logid: 1225083627
Http_x_bd_logid64: 1225083350795130378
Http_x_bd_product: map
Http_x_bd_subsys: apimap
P3p: CP=" OTI DSP COR IVA OUR IND COM ", CP=" OTI DSP COR IVA OUR IND COM "
Server: apache
Set-Cookie: BAIDUID=A4C9912CF2097D2491FB903A985FB100:FG=1; expires=Tue, 19-Nov-24 11:20:25 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1
BAIDUID=2A40462BF0AD3B8519D2C6C37E1D8266:FG=1; expires=Tue, 19-Nov-24 11:20:25 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1
Tracecode: 12250836272538152970112019
Vary: Accept-Encoding
Transfer-Encoding: chunked

124.70.110.235:9091/SubPlat_ZgKd/secondjs/jquery.js

124.70.110.235

404 Not Found

763 B

URL GET HTTP/1.1
124.70.110.235:9091/SubPlat_ZgKd/secondjs/jquery.js
IP
124.70.110.235:9091
ASN
#55990 Huawei Cloud Service data center

Requested by
http://124.70.110.235:9090/SubPlat_ysfri/platform/showPlatform.ins

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (743), with no line terminators
Size
763 B (763 bytes)
Hash
e0ddf2628db07e61b8f912f8d9dbca7b
fdb9b2faa4d17af8f7610e30a43e253bb96d10ac
94e4d8f37edcaad00fc98c9c8aa54762249a29709ee1524c6b5eb1de9565544d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /SubPlat_ZgKd/secondjs/jquery.js HTTP/1.1
Host: 124.70.110.235:9091
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://124.70.110.235:9090/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: Apache-Coyote/1.1
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Type: text/html;charset=utf-8
Content-Language: en
Content-Length: 763
Date: Mon, 20 Nov 2023 11:20:26 GMT

124.70.110.235:9090/SubPlat_ysfri/images/other_icon/1.jpg

124.70.110.235

404 Not Found

769 B

URL GET HTTP/1.1
124.70.110.235:9090/SubPlat_ysfri/images/other_icon/1.jpg
IP
124.70.110.235:9090
ASN
#55990 Huawei Cloud Service data center

Requested by
http://124.70.110.235:9090/SubPlat_ysfri/platform/showPlatform.ins

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (749), with no line terminators
Size
769 B (769 bytes)
Hash
2776aa233b510f3732b5e2fbb8ffffc0
c89d5c7ad70473f9ec0643881395cfc1c9a0cc1f
f01b8e49698f02893ac04b7e1ec0c84bb2535fbd6b6d477e2d6818c7c6ed1d7e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /SubPlat_ysfri/images/other_icon/1.jpg HTTP/1.1
Host: 124.70.110.235:9090
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://124.70.110.235:9090/SubPlat_ysfri/secondcss/main_context.css
Cookie: JSESSIONID=8095D8DB19665425BDCBA9361C5A54C2
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: Apache-Coyote/1.1
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Type: text/html;charset=utf-8
Content-Language: en
Content-Length: 769
Date: Mon, 20 Nov 2023 11:20:25 GMT

124.70.110.235:9090/SubPlat_ysfri/public/img/banner_1.jpg

124.70.110.235

200 OK

2.8 kB

URL GET HTTP/1.1
124.70.110.235:9090/SubPlat_ysfri/public/img/banner_1.jpg
IP
124.70.110.235:9090
ASN
#55990 Huawei Cloud Service data center

Requested by
http://124.70.110.235:9090/SubPlat_ysfri/platform/showPlatform.ins

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 800x93, components 3\012- data
Size
2.8 kB (2810 bytes)
Hash
25535183af7f553cca7717acff4122ab
932c133e759fd3eb86350102cd4d3db9ffbb182d
aebd34bb4707bf4f1b85bc80c77c55ca8ea3e9c8ddeeb48c78c3eb0001da0cbf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /SubPlat_ysfri/public/img/banner_1.jpg HTTP/1.1
Host: 124.70.110.235:9090
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://124.70.110.235:9090/SubPlat_ysfri/public/css/app.css
Cookie: JSESSIONID=8095D8DB19665425BDCBA9361C5A54C2
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Accept-Ranges: bytes
ETag: W/"2810-1645543686000"
Last-Modified: Tue, 22 Feb 2022 15:28:06 GMT
Content-Type: image/jpeg
Content-Length: 2810
Date: Mon, 20 Nov 2023 11:20:25 GMT

api.map.baidu.com/images/blank.gif?product=jsapi&v=1.5&t=33403984&code=5000

103.235.46.245

200 OK

49 B

URL GET HTTP/1.1
api.map.baidu.com/images/blank.gif?product=jsapi&v=1.5&t=33403984&code=5000
IP
103.235.46.245:80
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

Requested by
http://124.70.110.235:9090/SubPlat_ysfri/platform/showPlatform.ins

File type
GIF image data, version 89a, 1 x 1\012- data
Size
49 B (49 bytes)
Hash
21ab56428956fa0823bbf6df5f556247
1788a399030f630679895f9510d7712a70e401d2
e8d53268d4346841c6a057ce97739a8d27edeb858132c57b6eb2865acc5609e4

HTTP Headers

GET /images/blank.gif?product=jsapi&v=1.5&t=33403984&code=5000 HTTP/1.1
Host: api.map.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://124.70.110.235:9090/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=86400
Connection: keep-alive
Content-Length: 49
Content-Type: image/gif
Date: Mon, 20 Nov 2023 11:20:26 GMT
Etag: "6548c7c6-31"
Expires: Tue, 21 Nov 2023 11:20:26 GMT
Http_x_bd_logid: 1226051955
Http_x_bd_logid64: 1226051940235659530
Http_x_bd_product: map
Http_x_bd_subsys: apimap
Last-Modified: Mon, 06 Nov 2023 11:02:30 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Server: apache
Set-Cookie: BAIDUID=4739C4BAE208AE64C4468EE77A46CA8F:FG=1; expires=Tue, 19-Nov-24 11:20:26 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1

124.70.110.235:9090/SubPlat_ysfri/public/img/logo.png

124.70.110.235

200 OK

23 kB

URL GET HTTP/1.1
124.70.110.235:9090/SubPlat_ysfri/public/img/logo.png
IP
124.70.110.235:9090
ASN
#55990 Huawei Cloud Service data center

Requested by
http://124.70.110.235:9090/SubPlat_ysfri/platform/showPlatform.ins

File type
PNG image data, 96 x 97, 8-bit/color RGBA, non-interlaced\012- data
Size
23 kB (22774 bytes)
Hash
7be91075e2aff92d29643856213d4b9b
ceadd032fdc5afeccadec1b3eccc5e3256a01cab
f1a32d3c09b765b1e157f388c7c05e654f16ed57362642e2ee7bea3e0bbdfbe9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /SubPlat_ysfri/public/img/logo.png HTTP/1.1
Host: 124.70.110.235:9090
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://124.70.110.235:9090/SubPlat_ysfri/platform/showPlatform.ins
Cookie: JSESSIONID=8095D8DB19665425BDCBA9361C5A54C2
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Accept-Ranges: bytes
ETag: W/"22774-1645543684000"
Last-Modified: Tue, 22 Feb 2022 15:28:04 GMT
Content-Type: image/png
Content-Length: 22774
Date: Mon, 20 Nov 2023 11:20:25 GMT

124.70.110.235:9090/SubPlat_ysfri/images/logo.jpg

124.70.110.235

200 OK

582 kB

URL GET HTTP/1.1
124.70.110.235:9090/SubPlat_ysfri/images/logo.jpg
IP
124.70.110.235:9090
ASN
#55990 Huawei Cloud Service data center

Requested by
http://124.70.110.235:9090/SubPlat_ysfri/platform/showPlatform.ins

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2011:04:15 08:58:51], baseline, precision 8, 52x52, components 3\012- data
Size
582 kB (582533 bytes)
Hash
41246e16e0f83a46a9a33eaff04e9c08
51010e63f3db958fd44e77ec9fe9464489a11112
6b1f8b788389531538d9f1cc8cf536b86854b4140f2744faa57f7c2adee72240

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /SubPlat_ysfri/images/logo.jpg HTTP/1.1
Host: 124.70.110.235:9090
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://124.70.110.235:9090/SubPlat_ysfri/platform/showPlatform.ins
Cookie: JSESSIONID=8095D8DB19665425BDCBA9361C5A54C2
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Accept-Ranges: bytes
ETag: W/"582533-1645543686000"
Last-Modified: Tue, 22 Feb 2022 15:28:06 GMT
Content-Type: image/jpeg
Content-Length: 582533
Date: Mon, 20 Nov 2023 11:20:26 GMT

miao.baidu.com/e.js

153.3.237.19

200 OK

305 B

URL GET HTTP/1.1
miao.baidu.com/e.js
IP
153.3.237.19:443
ASN
#4837 CHINA UNICOM China169 Backbone

Requested by
http://124.70.110.235:9090/SubPlat_ysfri/platform/showPlatform.ins
Certificate
IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT

File type
ASCII text, with very long lines (305), with no line terminators
Size
305 B (305 bytes)
Hash
2fa7d009ad37c3c04dba8ae0ed6ef7c1
339f2d761e70f9f122f1262e2c0d8fd883bd18f6
825c13fcd712627798a55a376b5c2e83968a9a168060da0fda01fa763376b6d1

HTTP Headers

GET /e.js HTTP/1.1
Host: miao.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://124.70.110.235:9090/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Length: 305
Content-Type: application/javascript; charset=utf-8
Date: Mon, 20 Nov 2023 11:20:29 GMT
Etag: 2df973079f43d6dbbd73a722eb910fbb

miao.baidu.com/abdr?_o=http%3A%2F%2F124.70.110.235%3A9090

153.3.237.19

200 OK

214 B

URL POST HTTP/1.1
miao.baidu.com/abdr?_o=http%3A%2F%2F124.70.110.235%3A9090
IP
153.3.237.19:443
ASN
#4837 CHINA UNICOM China169 Backbone

Requested by
http://124.70.110.235:9090/SubPlat_ysfri/platform/showPlatform.ins
Certificate
IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
214 B (214 bytes)
Hash
ace92c2396a4590ccf0bcabba8c96d6e
37ff4392a2542af0ff672b5c2bc207221c6bee22
3b69d8d5c776382c5c49823b0ba2cc3e96783759568a69f22f96732c92e3b923

HTTP Headers

POST /abdr?_o=http%3A%2F%2F124.70.110.235%3A9090 HTTP/1.1
Host: miao.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1927
Origin: http://124.70.110.235:9090
DNT: 1
Connection: keep-alive
Referer: http://124.70.110.235:9090/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Ab-Sr: 1.0.1_ODExMGNjZDhiZDc0OGJlMzlmZWY2YzlmNjMxYTk4OGYyYzFiZmFhNWVmMmY1Mjg5MDcyMTQ3Zjk2OTA1MTVkZDNhMmNhNTg0MWE2ZmM5MjIyMWEyMjlkODZlMWMxYzEzNjg1OWY2MDI1NGY0ODE3OTcxYzE0YWZhNGNjZWRjZmYyZWVmNTU2NGFlMWVmOGUzOGQ3NGMwNjc3ZmE5NThhNw==
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Origin, Host, Content-Type, x-requested-with, X-Custom-Header
Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE
Access-Control-Allow-Origin: http://124.70.110.235:9090
Access-Control-Expose-Headers: Ab-sr, Authentication
Access-Control-Max-Age: 3600
Authentication: a3bc697b0691efdc02e9350b0dff1bbe0000000000000000
Content-Length: 214
Content-Type: application/json; charset=utf-8
Date: Mon, 20 Nov 2023 11:20:30 GMT
Set-Cookie: ab_jid=5e9a1126036d3e86d31a1be6b5812400a3d0; Path=/; Domain=miao.baidu.com; Max-Age=2147483647; HttpOnly; Secure; SameSite=None
ab_bid=5e9a1126036d3e86d31a1be6b5812400a3d0; Path=/; Domain=miao.baidu.com; Max-Age=2147483647; HttpOnly; Secure; SameSite=None
ab_sr=1.0.1_ODExMGNjZDhiZDc0OGJlMzlmZWY2YzlmNjMxYTk4OGYyYzFiZmFhNWVmMmY1Mjg5MDcyMTQ3Zjk2OTA1MTVkZDNhMmNhNTg0MWE2ZmM5MjIyMWEyMjlkODZlMWMxYzEzNjg1OWY2MDI1NGY0ODE3OTcxYzE0YWZhNGNjZWRjZmYyZWVmNTU2NGFlMWVmOGUzOGQ3NGMwNjc3ZmE5NThhNw==; Path=/; Domain=baidu.com; Max-Age=7200; HttpOnly; Secure; SameSite=None

dlswbr.baidu.com/heicha/mw/abclite-2059-s.js

125.74.42.35

200 OK

55 kB

URL GET HTTP/2
dlswbr.baidu.com/heicha/mw/abclite-2059-s.js
IP
125.74.42.35:443
ASN
#4134 Chinanet

Requested by
http://124.70.110.235:9090/SubPlat_ysfri/platform/showPlatform.ins
Certificate
IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT

File type
gzip compressed data, from Unix\012- data
Size
55 kB (55239 bytes)
Hash
a6be913b318024cff9d54a06d1a22a18
75608c7becf9733d3188b4bfdef08ec5011771e8
2e3b16e462e7f3e5818cbaab9c1b6816771cbc367eac76204a765c09917a567b

HTTP Headers

GET /heicha/mw/abclite-2059-s.js HTTP/1.1
Host: dlswbr.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://124.70.110.235:9090/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: JSP3/2.0.14
date: Mon, 20 Nov 2023 11:20:27 GMT
content-type: application/javascript
last-modified: Mon, 20 Nov 2023 06:03:10 GMT
etag: W/"655af69e-2f405"
age: 19021
ohc-global-saved-time: Mon, 20 Nov 2023 06:03:17 GMT
ohc-cache-hit: lz3ct73 [2], xiangyix249 [2]
ohc-file-size: 193541
x-cache-status: HIT
access-control-allow-origin: *
cache-control: max-age=7200
content-encoding: gzip
X-Firefox-Spdy: h2

miao.baidu.com/abdr?data=%7B%22data%22%3A%2258h09ZwEvWG9BSphLyoNtpFrbCihMB7GpA9lsPA1AHPbq6E2Fve2bXQCOgW%2BH8X5%2FNGfC6Zjr5Tl%2FUTHyXSKhYDkhZGH8a65ehzDwIPhx1QJ9qjLvivOI%2F%2B4%2BqLy5lDBWuODYOYK%2B9I76%2BA2EN6nh1QHi8nIp%2FgMsVAp0mI95RsfEj39kwbeCwYHeHqeQy0ydgEIy1nj9ZCgce%2BmknWNowdcEqMueDVJOWWNp%2BrgRKcRaML5cWlDYQxqHKp%2BM34Z36L4n00cf0uNx7fUL6sg4md8gtHVF%2FseANH2G4d9v9jQKf3cyfxrzDbiMNE%2FCVT8h6mNurgFve0ZAuG4NBTmiS9iLTmNTLTobZ01juQWb8Ru3pmA%2Ba21Zkhra0%2BeHWwYn41YJFHTWKthHFkKRSlwPa%2F%2FtcZKp7vpBNBwdy2Fj4hsdP%2BMDR4hBzxWDULVuMcBhrc%2FIR0FDEfJtQa5Andfqg%3D%3D%22%2C%22key_id%22%3A%2221cc765250b74d52%22%2C%22enc%22%3A2%7D&_=0.07267869562110796

153.3.237.19

200 OK

2 B

URL GET HTTP/1.1
miao.baidu.com/abdr?data=%7B%22data%22%3A%2258h09ZwEvWG9BSphLyoNtpFrbCihMB7GpA9lsPA1AHPbq6E2Fve2bXQCOgW%2BH8X5%2FNGfC6Zjr5Tl%2FUTHyXSKhYDkhZGH8a65ehzDwIPhx1QJ9qjLvivOI%2F%2B4%2BqLy5lDBWuODYOYK%2B9I76%2BA2EN6nh1QHi8nIp%2FgMsVAp0mI95RsfEj39kwbeCwYHeHqeQy0ydgEIy1nj9ZCgce%2BmknWNowdcEqMueDVJOWWNp%2BrgRKcRaML5cWlDYQxqHKp%2BM34Z36L4n00cf0uNx7fUL6sg4md8gtHVF%2FseANH2G4d9v9jQKf3cyfxrzDbiMNE%2FCVT8h6mNurgFve0ZAuG4NBTmiS9iLTmNTLTobZ01juQWb8Ru3pmA%2Ba21Zkhra0%2BeHWwYn41YJFHTWKthHFkKRSlwPa%2F%2FtcZKp7vpBNBwdy2Fj4hsdP%2BMDR4hBzxWDULVuMcBhrc%2FIR0FDEfJtQa5Andfqg%3D%3D%22%2C%22key_id%22%3A%2221cc765250b74d52%22%2C%22enc%22%3A2%7D&_=0.07267869562110796
IP
153.3.237.19:443
ASN
#4837 CHINA UNICOM China169 Backbone

Requested by
http://124.70.110.235:9090/SubPlat_ysfri/platform/showPlatform.ins
Certificate
IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
c77974d03a46c1b6ce63ba45cc7df478
30fa5b2f8626174cc610e5288e2e95d7b6b9d97d
74eece59a3bfc010cf1681602d70864d05e31097224a5da3637e70bc6ebecc7e

HTTP Headers

GET /abdr?data=%7B%22data%22%3A%2258h09ZwEvWG9BSphLyoNtpFrbCihMB7GpA9lsPA1AHPbq6E2Fve2bXQCOgW%2BH8X5%2FNGfC6Zjr5Tl%2FUTHyXSKhYDkhZGH8a65ehzDwIPhx1QJ9qjLvivOI%2F%2B4%2BqLy5lDBWuODYOYK%2B9I76%2BA2EN6nh1QHi8nIp%2FgMsVAp0mI95RsfEj39kwbeCwYHeHqeQy0ydgEIy1nj9ZCgce%2BmknWNowdcEqMueDVJOWWNp%2BrgRKcRaML5cWlDYQxqHKp%2BM34Z36L4n00cf0uNx7fUL6sg4md8gtHVF%2FseANH2G4d9v9jQKf3cyfxrzDbiMNE%2FCVT8h6mNurgFve0ZAuG4NBTmiS9iLTmNTLTobZ01juQWb8Ru3pmA%2Ba21Zkhra0%2BeHWwYn41YJFHTWKthHFkKRSlwPa%2F%2FtcZKp7vpBNBwdy2Fj4hsdP%2BMDR4hBzxWDULVuMcBhrc%2FIR0FDEfJtQa5Andfqg%3D%3D%22%2C%22key_id%22%3A%2221cc765250b74d52%22%2C%22enc%22%3A2%7D&_=0.07267869562110796 HTTP/1.1
Host: miao.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://124.70.110.235:9090/
Cookie: ab_jid=5e9a1126036d3e86d31a1be6b5812400a3d0; ab_bid=5e9a1126036d3e86d31a1be6b5812400a3d0; ab_sr=1.0.1_ODExMGNjZDhiZDc0OGJlMzlmZWY2YzlmNjMxYTk4OGYyYzFiZmFhNWVmMmY1Mjg5MDcyMTQ3Zjk2OTA1MTVkZDNhMmNhNTg0MWE2ZmM5MjIyMWEyMjlkODZlMWMxYzEzNjg1OWY2MDI1NGY0ODE3OTcxYzE0YWZhNGNjZWRjZmYyZWVmNTU2NGFlMWVmOGUzOGQ3NGMwNjc3ZmE5NThhNw==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Origin, Host, Content-Type, x-requested-with, X-Custom-Header
Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE
Access-Control-Allow-Origin: http://124.70.110.235:9090
Access-Control-Max-Age: 3600
Content-Length: 2
Content-Type: application/json; charset=utf-8
Date: Mon, 20 Nov 2023 11:20:33 GMT

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (13)

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash