Analysis
-
max time kernel
145s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
02-10-2024 01:22
Static task
static1
Behavioral task
behavioral1
Sample
083c0a7961f296522b9f867e022dfe48_JaffaCakes118.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
083c0a7961f296522b9f867e022dfe48_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
083c0a7961f296522b9f867e022dfe48_JaffaCakes118.html
-
Size
103KB
-
MD5
083c0a7961f296522b9f867e022dfe48
-
SHA1
9dc18f45cf2e4caa40c0ff002370f95349a245c2
-
SHA256
bdcf08abd671d05c5c26809a5c6acead38f08b8d80644445a737bbf554aef7d6
-
SHA512
2b98cd71bf0502b85414026818ccdf1ae0ab9023fcf9b9fe7025e6afe18ddbf264e5a109d1950b004d65b802650df2b3e10f7e93e6a3c730143af3f00f878bf1
-
SSDEEP
768:nlqGQO57+LKZwWjeTA81BLJvYNoIHvdiGdTrSGZSdlYdlaL:nlqGQO57+LKZXNoIH1iGdTrSGZQke
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3968 msedge.exe 3968 msedge.exe 1856 msedge.exe 1856 msedge.exe 436 identity_helper.exe 436 identity_helper.exe 4428 msedge.exe 4428 msedge.exe 4428 msedge.exe 4428 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1856 wrote to memory of 1536 1856 msedge.exe 82 PID 1856 wrote to memory of 1536 1856 msedge.exe 82 PID 1856 wrote to memory of 4856 1856 msedge.exe 83 PID 1856 wrote to memory of 4856 1856 msedge.exe 83 PID 1856 wrote to memory of 4856 1856 msedge.exe 83 PID 1856 wrote to memory of 4856 1856 msedge.exe 83 PID 1856 wrote to memory of 4856 1856 msedge.exe 83 PID 1856 wrote to memory of 4856 1856 msedge.exe 83 PID 1856 wrote to memory of 4856 1856 msedge.exe 83 PID 1856 wrote to memory of 4856 1856 msedge.exe 83 PID 1856 wrote to memory of 4856 1856 msedge.exe 83 PID 1856 wrote to memory of 4856 1856 msedge.exe 83 PID 1856 wrote to memory of 4856 1856 msedge.exe 83 PID 1856 wrote to memory of 4856 1856 msedge.exe 83 PID 1856 wrote to memory of 4856 1856 msedge.exe 83 PID 1856 wrote to memory of 4856 1856 msedge.exe 83 PID 1856 wrote to memory of 4856 1856 msedge.exe 83 PID 1856 wrote to memory of 4856 1856 msedge.exe 83 PID 1856 wrote to memory of 4856 1856 msedge.exe 83 PID 1856 wrote to memory of 4856 1856 msedge.exe 83 PID 1856 wrote to memory of 4856 1856 msedge.exe 83 PID 1856 wrote to memory of 4856 1856 msedge.exe 83 PID 1856 wrote to memory of 4856 1856 msedge.exe 83 PID 1856 wrote to memory of 4856 1856 msedge.exe 83 PID 1856 wrote to memory of 4856 1856 msedge.exe 83 PID 1856 wrote to memory of 4856 1856 msedge.exe 83 PID 1856 wrote to memory of 4856 1856 msedge.exe 83 PID 1856 wrote to memory of 4856 1856 msedge.exe 83 PID 1856 wrote to memory of 4856 1856 msedge.exe 83 PID 1856 wrote to memory of 4856 1856 msedge.exe 83 PID 1856 wrote to memory of 4856 1856 msedge.exe 83 PID 1856 wrote to memory of 4856 1856 msedge.exe 83 PID 1856 wrote to memory of 4856 1856 msedge.exe 83 PID 1856 wrote to memory of 4856 1856 msedge.exe 83 PID 1856 wrote to memory of 4856 1856 msedge.exe 83 PID 1856 wrote to memory of 4856 1856 msedge.exe 83 PID 1856 wrote to memory of 4856 1856 msedge.exe 83 PID 1856 wrote to memory of 4856 1856 msedge.exe 83 PID 1856 wrote to memory of 4856 1856 msedge.exe 83 PID 1856 wrote to memory of 4856 1856 msedge.exe 83 PID 1856 wrote to memory of 4856 1856 msedge.exe 83 PID 1856 wrote to memory of 4856 1856 msedge.exe 83 PID 1856 wrote to memory of 3968 1856 msedge.exe 84 PID 1856 wrote to memory of 3968 1856 msedge.exe 84 PID 1856 wrote to memory of 3284 1856 msedge.exe 85 PID 1856 wrote to memory of 3284 1856 msedge.exe 85 PID 1856 wrote to memory of 3284 1856 msedge.exe 85 PID 1856 wrote to memory of 3284 1856 msedge.exe 85 PID 1856 wrote to memory of 3284 1856 msedge.exe 85 PID 1856 wrote to memory of 3284 1856 msedge.exe 85 PID 1856 wrote to memory of 3284 1856 msedge.exe 85 PID 1856 wrote to memory of 3284 1856 msedge.exe 85 PID 1856 wrote to memory of 3284 1856 msedge.exe 85 PID 1856 wrote to memory of 3284 1856 msedge.exe 85 PID 1856 wrote to memory of 3284 1856 msedge.exe 85 PID 1856 wrote to memory of 3284 1856 msedge.exe 85 PID 1856 wrote to memory of 3284 1856 msedge.exe 85 PID 1856 wrote to memory of 3284 1856 msedge.exe 85 PID 1856 wrote to memory of 3284 1856 msedge.exe 85 PID 1856 wrote to memory of 3284 1856 msedge.exe 85 PID 1856 wrote to memory of 3284 1856 msedge.exe 85 PID 1856 wrote to memory of 3284 1856 msedge.exe 85 PID 1856 wrote to memory of 3284 1856 msedge.exe 85 PID 1856 wrote to memory of 3284 1856 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\083c0a7961f296522b9f867e022dfe48_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1856 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc0da46f8,0x7ffcc0da4708,0x7ffcc0da47182⤵PID:1536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,12352692227513405498,15428098648208425516,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:22⤵PID:4856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,12352692227513405498,15428098648208425516,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,12352692227513405498,15428098648208425516,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:82⤵PID:3284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12352692227513405498,15428098648208425516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵PID:4136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12352692227513405498,15428098648208425516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:12⤵PID:4852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12352692227513405498,15428098648208425516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4260 /prefetch:12⤵PID:1588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12352692227513405498,15428098648208425516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:12⤵PID:1832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,12352692227513405498,15428098648208425516,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6220 /prefetch:82⤵PID:4500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,12352692227513405498,15428098648208425516,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6220 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12352692227513405498,15428098648208425516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:12⤵PID:4340
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12352692227513405498,15428098648208425516,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:12⤵PID:3144
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12352692227513405498,15428098648208425516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:12⤵PID:2448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12352692227513405498,15428098648208425516,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2176 /prefetch:12⤵PID:2848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,12352692227513405498,15428098648208425516,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4428
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3760
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4484
Network
-
Remote address:8.8.8.8:53Request133.211.185.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requesthostads.cnIN AResponsehostads.cnIN A101.33.116.226
-
Remote address:8.8.8.8:53Requestpligg.tac-bf2.frIN AResponse
-
Remote address:101.33.116.226:80RequestGET / HTTP/1.1
Host: hostads.cn
Connection: keep-alive
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Date: Wed, 02 Oct 2024 01:22:56 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
-
Remote address:101.33.116.226:80RequestGET /base/templates/css/common.css HTTP/1.1
Host: hostads.cn
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: text/css,*/*;q=0.1
Referer: http://hostads.cn/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Date: Wed, 02 Oct 2024 01:22:57 GMT
Content-Type: text/css
Last-Modified: Sun, 12 May 2019 04:24:02 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5cd79fe2-f3a"
Expires: Wed, 02 Oct 2024 13:22:57 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
-
Remote address:101.33.116.226:80RequestGET /menu/js/dropmenu47.js HTTP/1.1
Host: hostads.cn
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Referer: http://hostads.cn/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Date: Wed, 02 Oct 2024 01:22:57 GMT
Content-Type: application/javascript
Content-Length: 720
Last-Modified: Tue, 29 Jun 2021 18:51:55 GMT
Connection: keep-alive
ETag: "60db6bcb-2d0"
Expires: Wed, 02 Oct 2024 13:22:57 GMT
Cache-Control: max-age=43200
Accept-Ranges: bytes
-
Remote address:101.33.116.226:80RequestGET /product/js/productlist_roll.js HTTP/1.1
Host: hostads.cn
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Referer: http://hostads.cn/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Date: Wed, 02 Oct 2024 01:22:57 GMT
Content-Type: application/javascript
Last-Modified: Wed, 07 Apr 2010 05:51:18 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"4bbc1d56-1b85"
Expires: Wed, 02 Oct 2024 13:22:57 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
-
Remote address:101.33.116.226:80RequestGET /product/pics/20210701/1625130732.jpg HTTP/1.1
Host: hostads.cn
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://hostads.cn/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Date: Wed, 02 Oct 2024 01:22:58 GMT
Content-Type: image/jpeg
Content-Length: 85440
Last-Modified: Thu, 01 Jul 2021 09:12:12 GMT
Connection: keep-alive
ETag: "60dd86ec-14dc0"
Expires: Fri, 01 Nov 2024 01:22:58 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
-
Remote address:101.33.116.226:80RequestGET /news/pics/20201118/1605686676.jpg HTTP/1.1
Host: hostads.cn
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://hostads.cn/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Date: Wed, 02 Oct 2024 01:23:03 GMT
Content-Type: image/jpeg
Content-Length: 147506
Last-Modified: Wed, 18 Nov 2020 08:04:36 GMT
Connection: keep-alive
ETag: "5fb4d594-24032"
Expires: Fri, 01 Nov 2024 01:23:03 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
-
Remote address:101.33.116.226:80RequestGET /news/pics/20201117/1605602396.jpg HTTP/1.1
Host: hostads.cn
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://hostads.cn/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Date: Wed, 02 Oct 2024 01:23:08 GMT
Content-Type: image/jpeg
Content-Length: 171249
Last-Modified: Tue, 17 Nov 2020 08:39:56 GMT
Connection: keep-alive
ETag: "5fb38c5c-29cf1"
Expires: Fri, 01 Nov 2024 01:23:08 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
-
Remote address:101.33.116.226:80RequestGET /news/pics/20201117/1605593055.jpg HTTP/1.1
Host: hostads.cn
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://hostads.cn/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Date: Wed, 02 Oct 2024 01:23:13 GMT
Content-Type: image/jpeg
Content-Length: 146535
Last-Modified: Tue, 17 Nov 2020 06:04:15 GMT
Connection: keep-alive
ETag: "5fb367df-23c67"
Expires: Fri, 01 Nov 2024 01:23:13 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
-
Remote address:101.33.116.226:80RequestGET /news/pics/20201117/1605588110.jpg HTTP/1.1
Host: hostads.cn
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://hostads.cn/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Date: Wed, 02 Oct 2024 01:23:17 GMT
Content-Type: image/jpeg
Content-Length: 146252
Last-Modified: Tue, 17 Nov 2020 04:41:50 GMT
Connection: keep-alive
ETag: "5fb3548e-23b4c"
Expires: Fri, 01 Nov 2024 01:23:17 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
-
Remote address:101.33.116.226:80RequestGET /news/pics/20201116/1605518254.jpg HTTP/1.1
Host: hostads.cn
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://hostads.cn/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Date: Wed, 02 Oct 2024 01:23:22 GMT
Content-Type: image/jpeg
Content-Length: 168297
Last-Modified: Mon, 16 Nov 2020 09:17:34 GMT
Connection: keep-alive
ETag: "5fb243ae-29169"
Expires: Fri, 01 Nov 2024 01:23:22 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
-
Remote address:101.33.116.226:80RequestGET /news/pics/20201116/1605504958.jpg HTTP/1.1
Host: hostads.cn
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://hostads.cn/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Date: Wed, 02 Oct 2024 01:23:27 GMT
Content-Type: image/jpeg
Content-Length: 143593
Last-Modified: Mon, 16 Nov 2020 05:35:58 GMT
Connection: keep-alive
ETag: "5fb20fbe-230e9"
Expires: Fri, 01 Nov 2024 01:23:27 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
-
Remote address:101.33.116.226:80RequestGET /news/pics/20201116/1605462464.jpg HTTP/1.1
Host: hostads.cn
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://hostads.cn/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Date: Wed, 02 Oct 2024 01:23:30 GMT
Content-Type: image/jpeg
Content-Length: 158575
Last-Modified: Sun, 15 Nov 2020 17:47:44 GMT
Connection: keep-alive
ETag: "5fb169c0-26b6f"
Expires: Fri, 01 Nov 2024 01:23:30 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
-
Remote address:101.33.116.226:80RequestGET /diy/pics/20101016/1287196120.jpg HTTP/1.1
Host: hostads.cn
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://hostads.cn/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Date: Wed, 02 Oct 2024 01:23:33 GMT
Content-Type: image/jpeg
Content-Length: 10932
Last-Modified: Wed, 27 Oct 2010 01:39:06 GMT
Connection: keep-alive
ETag: "4cc782ba-2ab4"
Expires: Fri, 01 Nov 2024 01:23:33 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
-
Remote address:142.250.187.194:80RequestGET /pagead/show_ads.js HTTP/1.1
Host: pagead2.googlesyndication.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Date: Wed, 02 Oct 2024 01:22:56 GMT
Expires: Wed, 02 Oct 2024 01:22:56 GMT
Cache-Control: private, max-age=3600
Content-Type: text/javascript; charset=UTF-8
ETag: 4521823051691364861
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 10595
X-XSS-Protection: 0
-
Remote address:101.33.116.226:80RequestGET /base/js/base.js HTTP/1.1
Host: hostads.cn
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Referer: http://hostads.cn/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Date: Wed, 02 Oct 2024 01:22:57 GMT
Content-Type: application/javascript
Last-Modified: Sat, 11 May 2019 17:54:02 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5cd70c3a-13339"
Expires: Wed, 02 Oct 2024 13:22:57 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
-
Remote address:8.8.8.8:53Requestgoogleads.g.doubleclick.netIN AResponsegoogleads.g.doubleclick.netIN A142.250.187.194
-
Remote address:142.250.179.238:80RequestGET /ga.js HTTP/1.1
Host: www.google-analytics.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Intervention: <https://permanently-removed.invalid/feature/5718547946799104>; level="warning"
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 17168
Content-Security-Policy-Report-Only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:215:0
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to=coop_reporting
Report-To: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:215:0"}],}
Date: Wed, 02 Oct 2024 00:49:32 GMT
Expires: Wed, 02 Oct 2024 02:49:32 GMT
Cache-Control: public, max-age=7200
Age: 2004
Last-Modified: Tue, 12 Dec 2023 18:09:08 GMT
Content-Type: text/javascript
Vary: Accept-Encoding
-
Remote address:8.8.8.8:53Request240.221.184.93.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request23.159.190.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request194.187.250.142.in-addr.arpaIN PTRResponse194.187.250.142.in-addr.arpaIN PTRlhr25s33-in-f21e100net
-
Remote address:8.8.8.8:53Request226.116.33.101.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request238.179.250.142.in-addr.arpaIN PTRResponse238.179.250.142.in-addr.arpaIN PTRlhr25s31-in-f141e100net
-
Remote address:101.33.116.226:80RequestGET /base/js/common.js HTTP/1.1
Host: hostads.cn
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Referer: http://hostads.cn/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Date: Wed, 02 Oct 2024 01:22:57 GMT
Content-Type: application/javascript
Last-Modified: Sun, 12 May 2019 12:49:44 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5cd81668-2f8c"
Expires: Wed, 02 Oct 2024 13:22:57 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
-
Remote address:101.33.116.226:80RequestGET /product/templates/css/productclass_dolphin.css HTTP/1.1
Host: hostads.cn
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: text/css,*/*;q=0.1
Referer: http://hostads.cn/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Date: Wed, 02 Oct 2024 01:22:57 GMT
Content-Type: text/css
Content-Length: 534
Last-Modified: Fri, 22 Oct 2010 01:44:52 GMT
Connection: keep-alive
ETag: "4cc0ec94-216"
Expires: Wed, 02 Oct 2024 13:22:57 GMT
Cache-Control: max-age=43200
Accept-Ranges: bytes
-
Remote address:101.33.116.226:80RequestGET /news/templates/css/newspicmemo.css HTTP/1.1
Host: hostads.cn
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: text/css,*/*;q=0.1
Referer: http://hostads.cn/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Date: Wed, 02 Oct 2024 01:22:57 GMT
Content-Type: text/css
Content-Length: 780
Last-Modified: Fri, 09 Jan 2009 01:20:18 GMT
Connection: keep-alive
ETag: "4966a652-30c"
Expires: Wed, 02 Oct 2024 13:22:57 GMT
Cache-Control: max-age=43200
Accept-Ranges: bytes
-
Remote address:101.33.116.226:80RequestGET /diy/pics/20101026/1288073960.jpg HTTP/1.1
Host: hostads.cn
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://hostads.cn/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Date: Wed, 02 Oct 2024 01:22:58 GMT
Content-Type: image/jpeg
Content-Length: 4477
Last-Modified: Tue, 26 Oct 2010 06:19:22 GMT
Connection: keep-alive
ETag: "4cc672ea-117d"
Expires: Fri, 01 Nov 2024 01:22:58 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
-
Remote address:101.33.116.226:80RequestGET /product/pics/20210702/1625162609.jpg HTTP/1.1
Host: hostads.cn
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://hostads.cn/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Date: Wed, 02 Oct 2024 01:22:58 GMT
Content-Type: image/jpeg
Content-Length: 62311
Last-Modified: Thu, 01 Jul 2021 18:03:29 GMT
Connection: keep-alive
ETag: "60de0371-f367"
Expires: Fri, 01 Nov 2024 01:22:58 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
-
Remote address:101.33.116.226:80RequestGET /product/pics/20210701/1625129032.jpg HTTP/1.1
Host: hostads.cn
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://hostads.cn/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Date: Wed, 02 Oct 2024 01:22:59 GMT
Content-Type: image/jpeg
Content-Length: 80626
Last-Modified: Thu, 01 Jul 2021 08:43:52 GMT
Connection: keep-alive
ETag: "60dd8048-13af2"
Expires: Fri, 01 Nov 2024 01:22:59 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
-
Remote address:101.33.116.226:80RequestGET /product/pics/20210701/1625124800.jpg HTTP/1.1
Host: hostads.cn
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://hostads.cn/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Date: Wed, 02 Oct 2024 01:23:02 GMT
Content-Type: image/jpeg
Content-Length: 78841
Last-Modified: Thu, 01 Jul 2021 07:33:20 GMT
Connection: keep-alive
ETag: "60dd6fc0-133f9"
Expires: Fri, 01 Nov 2024 01:23:02 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
-
Remote address:101.33.116.226:80RequestGET /news/pics/20201117/1605603859.jpg HTTP/1.1
Host: hostads.cn
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://hostads.cn/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Date: Wed, 02 Oct 2024 01:23:07 GMT
Content-Type: image/jpeg
Content-Length: 156906
Last-Modified: Tue, 17 Nov 2020 09:04:19 GMT
Connection: keep-alive
ETag: "5fb39213-264ea"
Expires: Fri, 01 Nov 2024 01:23:07 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
-
Remote address:101.33.116.226:80RequestGET /news/pics/20201117/1605595721.jpg HTTP/1.1
Host: hostads.cn
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://hostads.cn/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Date: Wed, 02 Oct 2024 01:23:12 GMT
Content-Type: image/jpeg
Content-Length: 158404
Last-Modified: Tue, 17 Nov 2020 06:48:41 GMT
Connection: keep-alive
ETag: "5fb37249-26ac4"
Expires: Fri, 01 Nov 2024 01:23:12 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
-
Remote address:101.33.116.226:80RequestGET /news/pics/20201117/1605590873.jpg HTTP/1.1
Host: hostads.cn
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://hostads.cn/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Date: Wed, 02 Oct 2024 01:23:17 GMT
Content-Type: image/jpeg
Content-Length: 166874
Last-Modified: Tue, 17 Nov 2020 05:27:53 GMT
Connection: keep-alive
ETag: "5fb35f59-28bda"
Expires: Fri, 01 Nov 2024 01:23:17 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
-
Remote address:101.33.116.226:80RequestGET /news/pics/20201116/1605540491.jpg HTTP/1.1
Host: hostads.cn
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://hostads.cn/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Date: Wed, 02 Oct 2024 01:23:21 GMT
Content-Type: image/jpeg
Content-Length: 140347
Last-Modified: Mon, 16 Nov 2020 15:28:11 GMT
Connection: keep-alive
ETag: "5fb29a8b-2243b"
Expires: Fri, 01 Nov 2024 01:23:21 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
-
Remote address:101.33.116.226:80RequestGET /news/pics/20201116/1605463384.jpg HTTP/1.1
Host: hostads.cn
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://hostads.cn/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Date: Wed, 02 Oct 2024 01:23:27 GMT
Content-Type: image/jpeg
Content-Length: 175321
Last-Modified: Sun, 15 Nov 2020 18:03:04 GMT
Connection: keep-alive
ETag: "5fb16d58-2acd9"
Expires: Fri, 01 Nov 2024 01:23:27 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
-
Remote address:101.33.116.226:80RequestGET /news/pics/20201116/1605461543.jpg HTTP/1.1
Host: hostads.cn
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://hostads.cn/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Date: Wed, 02 Oct 2024 01:23:32 GMT
Content-Type: image/jpeg
Content-Length: 190496
Last-Modified: Sun, 15 Nov 2020 17:32:23 GMT
Connection: keep-alive
ETag: "5fb16627-2e820"
Expires: Fri, 01 Nov 2024 01:23:32 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
-
Remote address:101.33.116.226:80RequestGET /base/js/form.js HTTP/1.1
Host: hostads.cn
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Referer: http://hostads.cn/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Date: Wed, 02 Oct 2024 01:22:57 GMT
Content-Type: application/javascript
Last-Modified: Sat, 11 May 2019 17:54:02 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5cd70c3a-3fd4"
Expires: Wed, 02 Oct 2024 13:22:57 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
-
Remote address:101.33.116.226:80RequestGET /menu/templates/images/bottommenu_1/A.css HTTP/1.1
Host: hostads.cn
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: text/css,*/*;q=0.1
Referer: http://hostads.cn/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Date: Wed, 02 Oct 2024 01:22:58 GMT
Content-Type: text/css
Content-Length: 489
Last-Modified: Wed, 27 Oct 2010 02:17:28 GMT
Connection: keep-alive
ETag: "4cc78bb8-1e9"
Expires: Wed, 02 Oct 2024 13:22:58 GMT
Cache-Control: max-age=43200
Accept-Ranges: bytes
-
Remote address:101.33.116.226:80RequestGET /diy/pics/20210724/1627121985.jpg HTTP/1.1
Host: hostads.cn
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://hostads.cn/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Date: Wed, 02 Oct 2024 01:22:58 GMT
Content-Type: image/jpeg
Content-Length: 174180
Last-Modified: Sat, 24 Jul 2021 10:19:45 GMT
Connection: keep-alive
ETag: "60fbe941-2a864"
Expires: Fri, 01 Nov 2024 01:22:58 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
-
Remote address:101.33.116.226:80RequestGET /news/pics/20201117/1605599136.jpg HTTP/1.1
Host: hostads.cn
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://hostads.cn/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Date: Wed, 02 Oct 2024 01:23:08 GMT
Content-Type: image/jpeg
Content-Length: 187214
Last-Modified: Tue, 17 Nov 2020 07:45:36 GMT
Connection: keep-alive
ETag: "5fb37fa0-2db4e"
Expires: Fri, 01 Nov 2024 01:23:08 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
-
Remote address:101.33.116.226:80RequestGET /news/pics/20201116/1605505945.jpg HTTP/1.1
Host: hostads.cn
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://hostads.cn/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Date: Wed, 02 Oct 2024 01:23:27 GMT
Content-Type: image/jpeg
Content-Length: 113673
Last-Modified: Mon, 16 Nov 2020 05:52:25 GMT
Connection: keep-alive
ETag: "5fb21399-1bc09"
Expires: Fri, 01 Nov 2024 01:23:27 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
-
Remote address:101.33.116.226:80RequestGET /menu/templates/css/dropmenu47.css HTTP/1.1
Host: hostads.cn
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: text/css,*/*;q=0.1
Referer: http://hostads.cn/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Date: Wed, 02 Oct 2024 01:22:57 GMT
Content-Type: text/css
Last-Modified: Tue, 29 Jun 2021 18:51:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"60db6bcb-526"
Expires: Wed, 02 Oct 2024 13:22:57 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
-
Remote address:101.33.116.226:80RequestGET /product/templates/css/productlist_roll.css HTTP/1.1
Host: hostads.cn
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: text/css,*/*;q=0.1
Referer: http://hostads.cn/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Date: Wed, 02 Oct 2024 01:22:57 GMT
Content-Type: text/css
Last-Modified: Wed, 27 Oct 2010 05:32:32 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"4cc7b970-772"
Expires: Wed, 02 Oct 2024 13:22:57 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
-
Remote address:101.33.116.226:80RequestGET /product/pics/20210701/1625133088.jpg HTTP/1.1
Host: hostads.cn
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://hostads.cn/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Date: Wed, 02 Oct 2024 01:22:58 GMT
Content-Type: image/jpeg
Content-Length: 65853
Last-Modified: Thu, 01 Jul 2021 09:51:28 GMT
Connection: keep-alive
ETag: "60dd9020-1013d"
Expires: Fri, 01 Nov 2024 01:22:58 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
-
Remote address:101.33.116.226:80RequestGET /base/js/blockui.js HTTP/1.1
Host: hostads.cn
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Referer: http://hostads.cn/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Date: Wed, 02 Oct 2024 01:22:57 GMT
Content-Type: application/javascript
Last-Modified: Sat, 11 May 2019 17:39:58 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5cd708ee-312b"
Expires: Wed, 02 Oct 2024 13:22:57 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
-
Remote address:101.33.116.226:80RequestGET /product/pics/20210701/1625126051.jpg HTTP/1.1
Host: hostads.cn
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://hostads.cn/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Date: Wed, 02 Oct 2024 01:23:00 GMT
Content-Type: image/jpeg
Content-Length: 49512
Last-Modified: Thu, 01 Jul 2021 07:54:11 GMT
Connection: keep-alive
ETag: "60dd74a3-c168"
Expires: Fri, 01 Nov 2024 01:23:00 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
-
Remote address:8.8.8.8:53Request97.17.167.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request97.17.167.52.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request154.239.44.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request26.165.165.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request198.187.3.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request172.210.232.199.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requesttpc.googlesyndication.comIN AResponsetpc.googlesyndication.comIN A142.250.200.33
-
Remote address:142.250.200.33:443RequestGET /sodar/sodar2.js HTTP/2.0
host: tpc.googlesyndication.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
Remote address:8.8.8.8:53Request33.200.250.142.in-addr.arpaIN PTRResponse33.200.250.142.in-addr.arpaIN PTRlhr48s30-in-f11e100net
-
Remote address:8.8.8.8:53Request23.236.111.52.in-addr.arpaIN PTRResponse
-
35.6kB 1.2MB 617 898
HTTP Request
GET http://hostads.cn/HTTP Response
200HTTP Request
GET http://hostads.cn/base/templates/css/common.cssHTTP Response
200HTTP Request
GET http://hostads.cn/menu/js/dropmenu47.jsHTTP Response
200HTTP Request
GET http://hostads.cn/product/js/productlist_roll.jsHTTP Response
200HTTP Request
GET http://hostads.cn/product/pics/20210701/1625130732.jpgHTTP Response
200HTTP Request
GET http://hostads.cn/news/pics/20201118/1605686676.jpgHTTP Response
200HTTP Request
GET http://hostads.cn/news/pics/20201117/1605602396.jpgHTTP Response
200HTTP Request
GET http://hostads.cn/news/pics/20201117/1605593055.jpgHTTP Response
200HTTP Request
GET http://hostads.cn/news/pics/20201117/1605588110.jpgHTTP Response
200HTTP Request
GET http://hostads.cn/news/pics/20201116/1605518254.jpgHTTP Response
200HTTP Request
GET http://hostads.cn/news/pics/20201116/1605504958.jpgHTTP Response
200HTTP Request
GET http://hostads.cn/news/pics/20201116/1605462464.jpgHTTP Response
200HTTP Request
GET http://hostads.cn/diy/pics/20101016/1287196120.jpgHTTP Response
200 -
834 B 11.8kB 11 14
HTTP Request
GET http://pagead2.googlesyndication.com/pagead/show_ads.jsHTTP Response
200 -
1.7kB 31.9kB 27 28
HTTP Request
GET http://hostads.cn/base/js/base.jsHTTP Response
200 -
1.0kB 18.8kB 13 19
HTTP Request
GET http://www.google-analytics.com/ga.jsHTTP Response
200 -
37.2kB 1.3MB 652 913
HTTP Request
GET http://hostads.cn/base/js/common.jsHTTP Response
200HTTP Request
GET http://hostads.cn/product/templates/css/productclass_dolphin.cssHTTP Response
200HTTP Request
GET http://hostads.cn/news/templates/css/newspicmemo.cssHTTP Response
200HTTP Request
GET http://hostads.cn/diy/pics/20101026/1288073960.jpgHTTP Response
200HTTP Request
GET http://hostads.cn/product/pics/20210702/1625162609.jpgHTTP Response
200HTTP Request
GET http://hostads.cn/product/pics/20210701/1625129032.jpgHTTP Response
200HTTP Request
GET http://hostads.cn/product/pics/20210701/1625124800.jpgHTTP Response
200HTTP Request
GET http://hostads.cn/news/pics/20201117/1605603859.jpgHTTP Response
200HTTP Request
GET http://hostads.cn/news/pics/20201117/1605595721.jpgHTTP Response
200HTTP Request
GET http://hostads.cn/news/pics/20201117/1605590873.jpgHTTP Response
200HTTP Request
GET http://hostads.cn/news/pics/20201116/1605540491.jpgHTTP Response
200HTTP Request
GET http://hostads.cn/news/pics/20201116/1605463384.jpgHTTP Response
200HTTP Request
GET http://hostads.cn/news/pics/20201116/1605461543.jpgHTTP Response
200 -
16.7kB 498.3kB 297 364
HTTP Request
GET http://hostads.cn/base/js/form.jsHTTP Response
200HTTP Request
GET http://hostads.cn/menu/templates/images/bottommenu_1/A.cssHTTP Response
200HTTP Request
GET http://hostads.cn/diy/pics/20210724/1627121985.jpgHTTP Response
200HTTP Request
GET http://hostads.cn/news/pics/20201117/1605599136.jpgHTTP Response
200HTTP Request
GET http://hostads.cn/news/pics/20201116/1605505945.jpgHTTP Response
200 -
3.7kB 70.3kB 45 57
HTTP Request
GET http://hostads.cn/menu/templates/css/dropmenu47.cssHTTP Response
200HTTP Request
GET http://hostads.cn/product/templates/css/productlist_roll.cssHTTP Response
200HTTP Request
GET http://hostads.cn/product/pics/20210701/1625133088.jpgHTTP Response
200 -
2.6kB 56.7kB 38 46
HTTP Request
GET http://hostads.cn/base/js/blockui.jsHTTP Response
200HTTP Request
GET http://hostads.cn/product/pics/20210701/1625126051.jpgHTTP Response
200 -
1.8kB 13.2kB 15 18
HTTP Request
GET https://tpc.googlesyndication.com/sodar/sodar2.js -
322 B 7
-
73 B 147 B 1 1
DNS Request
133.211.185.52.in-addr.arpa
-
56 B 72 B 1 1
DNS Request
hostads.cn
DNS Response
101.33.116.226
-
62 B 120 B 1 1
DNS Request
pligg.tac-bf2.fr
-
73 B 89 B 1 1
DNS Request
googleads.g.doubleclick.net
DNS Response
142.250.187.194
-
73 B 144 B 1 1
DNS Request
240.221.184.93.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
23.159.190.20.in-addr.arpa
-
74 B 112 B 1 1
DNS Request
194.187.250.142.in-addr.arpa
-
73 B 130 B 1 1
DNS Request
226.116.33.101.in-addr.arpa
-
74 B 113 B 1 1
DNS Request
238.179.250.142.in-addr.arpa
-
510 B 8
-
142 B 145 B 2 1
DNS Request
97.17.167.52.in-addr.arpa
DNS Request
97.17.167.52.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
154.239.44.20.in-addr.arpa
-
72 B 146 B 1 1
DNS Request
26.165.165.52.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
198.187.3.20.in-addr.arpa
-
74 B 128 B 1 1
DNS Request
172.210.232.199.in-addr.arpa
-
71 B 87 B 1 1
DNS Request
tpc.googlesyndication.com
DNS Response
142.250.200.33
-
4.1kB 12.5kB 13 14
-
73 B 111 B 1 1
DNS Request
33.200.250.142.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
23.236.111.52.in-addr.arpa
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ecf7ca53c80b5245e35839009d12f866
SHA1a7af77cf31d410708ebd35a232a80bddfb0615bb
SHA256882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687
SHA512706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696
-
Filesize
152B
MD54dd2754d1bea40445984d65abee82b21
SHA14b6a5658bae9a784a370a115fbb4a12e92bd3390
SHA256183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d
SHA51292d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize192B
MD524fd909f291836b1c0cc35bc01d3ed8b
SHA1436716b3bb1fded02d3c42098e585260e12191e6
SHA256495ba2d2ab8f10f4ab3585c8bfcc8be4a04987a061c5341034be3a60c5d81fc5
SHA5122395576156fd47f0b942dade0f76b2600e2ea4ff345755cec3232092539531727c517ce6c0e2e6ec3322c6ea70c2d3e6bae0a34662fc7b5c49355c5e87b03014
-
Filesize
613B
MD52dca09cd821914ab24b2e9d2eaec11f5
SHA10c253d1a9196eef7b4c63f51b76d6993e4d74e1c
SHA25673ba4e52f259867215f64ce33c53bad6ac562736085c2e64de6aa16152ea36b6
SHA512f9f49994438f908ee0a6cc51321a9994b74fe3a5bb9c1efcd598411337e4efd3d669be52444c1d78a5d533a0658045258f0c9b687dd1f161319727471617078e
-
Filesize
5KB
MD5215d686932023dfe12d33d2ef938992b
SHA1c7f725b263e4865554652745514e2c3b98156321
SHA256ebc45ab518688256464c7d0952fdaa5316f60deb3c4050e4768d9e3a15c3293f
SHA512c767dedfa7a7e8343f75517ed36d3cf49f904968a0eaab4e663e8f84c3b3131109abf1a7a94b0cdf4eeafea869393bd1d03cc91b2f1cf356abb2f698b60b0cec
-
Filesize
6KB
MD5fa1486e5ee49b440b76b63d39073190f
SHA12aeef2a189e7410049e133554aeb7573959066b5
SHA256e833a7c136cf185cca7ad04ed7ca36346aa71a2214c266853908846a646a9a8e
SHA5123a60ac3344409e2643e213245aa1bdd38680c6d3903907879c508a29c7bea598f5f8c7bdd4018e8063de0f3abc2575924e7fefecc7120febf0f091b206f7e266
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5c934ed779d9066c3c070b664caa0ec81
SHA1d5cb50ea67c61db11176f5f7bae36e32f9e086d9
SHA256b1655f8831d4074a71a92441cfa7d8aca102f247df13df1512ca6d7863aa5ab6
SHA5120e1934b9bcb800ce597e473a02c8955465b12790eee786b09ee3032e50c2b5da916d1b1d0c31869790d8907dd9f036ce85cb45a796f86120cf6fcff79a32bb24