Windows Analysis Report
http://aa5aa5aa5aa5aa44.app/

Overview

General Information

Sample URL:	http://aa5aa5aa5aa5aa44.app/
Analysis ID:	1520328
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

HTML body with high number of embedded images detected

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://aa5aa5aa5aa5aa44.app/

Avira URL Cloud: detection malicious, Label: malware

Antivirus detection for URL or domain

Source: http://aa5aa5aa5aa5aa44.app/assets/index-fd1be804.css	Avira URL Cloud: Label: malware
Source: http://aa5aa5aa5aa5aa44.app/assets/ColVideoItem-2396d821.css	Avira URL Cloud: Label: malware
Source: http://aa5aa5aa5aa5aa44.app/assets/AdvertisementList.vue_vue_type_script_setup_true_name_AdvertisementList_lang-6c6de8d9.js	Avira URL Cloud: Label: malware
Source: http://aa5aa5aa5aa5aa44.app/assets/Home-52354fe8.js	Avira URL Cloud: Label: malware
Source: http://aa5aa5aa5aa5aa44.app/assets/SwiperBanner-cd8dc074.css	Avira URL Cloud: Label: malware
Source: http://aa5aa5aa5aa5aa44.app/openIM.wasm	Avira URL Cloud: Label: malware
Source: http://aa5aa5aa5aa5aa44.app/favicon.ico	Avira URL Cloud: Label: malware
Source: http://aa5aa5aa5aa5aa44.app/assets/index-71f5a5dd.js	Avira URL Cloud: Label: malware
Source: http://aa5aa5aa5aa5aa44.app/assets/worker-d3bc0bde.js	Avira URL Cloud: Label: malware
Source: http://aa5aa5aa5aa5aa44.app/wasm_exec.js	Avira URL Cloud: Label: malware
Source: http://aa5aa5aa5aa5aa44.app/assets/logo-b4e095e7.png	Avira URL Cloud: Label: malware
Source: http://aa5aa5aa5aa5aa44.app/assets/qr_code-8c1a238d.jpg	Avira URL Cloud: Label: malware
Source: http://aa5aa5aa5aa5aa44.app/assets/Home-f4762739.css	Avira URL Cloud: Label: malware
Source: http://aa5aa5aa5aa5aa44.app/assets/ColVideoItem-07d4d17c.js	Avira URL Cloud: Label: malware
Source: http://aa5aa5aa5aa5aa44.app/assets/SwiperBanner-530f3655.js	Avira URL Cloud: Label: malware
Source: http://aa5aa5aa5aa5aa44.app/console-ban.min.js	Avira URL Cloud: Label: malware

HTML body with high number of embedded images detected

Source: http://aa5aa5aa5aa5aa44.app/home

HTTP Parser: Total embedded image size: 75098

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49741 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 13.95.65.251
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /z.js?id=1281366638&async=1 HTTP/1.1Host: v1.cnzz.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /z.js?id=1281366638&async=1 HTTP/1.1Host: v1.cnzz.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /maps?callback=___onAPILoaded&v=2.0&key=0f3e523aa49b944f6ae53c488cbae6c3&plugin= HTTP/1.1Host: webapi.amap.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /c.js?web_id=1281366638&t=z HTTP/1.1Host: c.cnzz.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /v3/log/init?platform=JS&s=rsv3&logversion=2.0&product=JsInit&key=0f3e523aa49b944f6ae53c488cbae6c3&t=1727417949472&sdkversion=2.0&appname=http%253A%252F%252Faa5aa5aa5aa5aa44.app%252Fhome&csid=7EF5F9F4-A4F9-4234-B965-6AEE75896E1C&resolution=12801024&mob=0&vt=1&dpr=1&scale=1&detect=false&callback=jsonp_463776_1727417949473_ HTTP/1.1Host: restapi.amap.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /maps?callback=___onAPILoaded&v=2.0&key=0f3e523aa49b944f6ae53c488cbae6c3&plugin= HTTP/1.1Host: webapi.amap.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /c.js?web_id=1281366638&t=z HTTP/1.1Host: c.cnzz.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /msg_demo/v/pc/video/category HTTP/1.1Host: aawapi-v3.trh999.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /msg_demo/v/pc/video/adList HTTP/1.1Host: aawapi-v3.trh999.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /msg_demo/client_config/get HTTP/1.1Host: aawapi-v3.trh999.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /msg_demo/v/search/hotLists HTTP/1.1Host: aawapi-v3.trh999.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v3/log/init?platform=JS&s=rsv3&logversion=2.0&product=JsInit&key=0f3e523aa49b944f6ae53c488cbae6c3&t=1727417949472&sdkversion=2.0&appname=http%253A%252F%252Faa5aa5aa5aa5aa44.app%252Fhome&csid=7EF5F9F4-A4F9-4234-B965-6AEE75896E1C&resolution=12801024&mob=0&vt=1&dpr=1&scale=1&detect=false&callback=jsonp_463776_1727417949473_ HTTP/1.1Host: restapi.amap.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: aa5aa5aa5aa5aa44.appConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/index-71f5a5dd.js HTTP/1.1Host: aa5aa5aa5aa5aa44.appConnection: keep-aliveOrigin: http://aa5aa5aa5aa5aa44.appUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/index-fd1be804.css HTTP/1.1Host: aa5aa5aa5aa5aa44.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wasm_exec.js HTTP/1.1Host: aa5aa5aa5aa5aa44.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /console-ban.min.js HTTP/1.1Host: aa5aa5aa5aa5aa44.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js-sdk-pro.min.js HTTP/1.1Host: sdk.51.laConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wasm_exec.js HTTP/1.1Host: aa5aa5aa5aa5aa44.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /console-ban.min.js HTTP/1.1Host: aa5aa5aa5aa5aa44.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/worker-d3bc0bde.js HTTP/1.1Host: aa5aa5aa5aa5aa44.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%221eac12e6-1eaf-5e53-a3f2-b84436421122%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201727419743727%2C%20%22ct%22%3A%201727417943727%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=dd8959f7-020d-5d87-92de-a14fa2ef4951; __51vuft__KQFtdGOd9WuFBLcO=1727417943730
Source: global traffic	HTTP traffic detected: GET /assets/index-71f5a5dd.js HTTP/1.1Host: aa5aa5aa5aa5aa44.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%221eac12e6-1eaf-5e53-a3f2-b84436421122%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201727419743727%2C%20%22ct%22%3A%201727417943727%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=dd8959f7-020d-5d87-92de-a14fa2ef4951; __51vuft__KQFtdGOd9WuFBLcO=1727417943730
Source: global traffic	HTTP traffic detected: GET /assets/worker-d3bc0bde.js HTTP/1.1Host: aa5aa5aa5aa5aa44.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%221eac12e6-1eaf-5e53-a3f2-b84436421122%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201727419743727%2C%20%22ct%22%3A%201727417943727%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=dd8959f7-020d-5d87-92de-a14fa2ef4951; __51vuft__KQFtdGOd9WuFBLcO=1727417943730
Source: global traffic	HTTP traffic detected: GET /js-sdk-pro.min.js HTTP/1.1Host: sdk.51.laConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v6/collect?dt=4 HTTP/1.1Host: collect-v6.51.laConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/Home-52354fe8.js HTTP/1.1Host: aa5aa5aa5aa5aa44.appConnection: keep-aliveOrigin: http://aa5aa5aa5aa5aa44.appUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%221eac12e6-1eaf-5e53-a3f2-b84436421122%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201727419743727%2C%20%22ct%22%3A%201727417943727%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=dd8959f7-020d-5d87-92de-a14fa2ef4951; __51vuft__KQFtdGOd9WuFBLcO=1727417943730; UM_distinctid=19232220dae2bd-07a6196558f62e-26031e51-140000-19232220daf416; CNZZDATA1281366638=1701857660-1727417946-%7C1727417946
Source: global traffic	HTTP traffic detected: GET /assets/SwiperBanner-530f3655.js HTTP/1.1Host: aa5aa5aa5aa5aa44.appConnection: keep-aliveOrigin: http://aa5aa5aa5aa5aa44.appUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%221eac12e6-1eaf-5e53-a3f2-b84436421122%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201727419743727%2C%20%22ct%22%3A%201727417943727%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=dd8959f7-020d-5d87-92de-a14fa2ef4951; __51vuft__KQFtdGOd9WuFBLcO=1727417943730; UM_distinctid=19232220dae2bd-07a6196558f62e-26031e51-140000-19232220daf416; CNZZDATA1281366638=1701857660-1727417946-%7C1727417946
Source: global traffic	HTTP traffic detected: GET /assets/ColVideoItem-07d4d17c.js HTTP/1.1Host: aa5aa5aa5aa5aa44.appConnection: keep-aliveOrigin: http://aa5aa5aa5aa5aa44.appUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%221eac12e6-1eaf-5e53-a3f2-b84436421122%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201727419743727%2C%20%22ct%22%3A%201727417943727%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=dd8959f7-020d-5d87-92de-a14fa2ef4951; __51vuft__KQFtdGOd9WuFBLcO=1727417943730; UM_distinctid=19232220dae2bd-07a6196558f62e-26031e51-140000-19232220daf416; CNZZDATA1281366638=1701857660-1727417946-%7C1727417946
Source: global traffic	HTTP traffic detected: GET /assets/ColVideoItem-2396d821.css HTTP/1.1Host: aa5aa5aa5aa5aa44.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%221eac12e6-1eaf-5e53-a3f2-b84436421122%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201727419743727%2C%20%22ct%22%3A%201727417943727%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=dd8959f7-020d-5d87-92de-a14fa2ef4951; __51vuft__KQFtdGOd9WuFBLcO=1727417943730; UM_distinctid=19232220dae2bd-07a6196558f62e-26031e51-140000-19232220daf416; CNZZDATA1281366638=1701857660-1727417946-%7C1727417946
Source: global traffic	HTTP traffic detected: GET /assets/SwiperBanner-cd8dc074.css HTTP/1.1Host: aa5aa5aa5aa5aa44.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%221eac12e6-1eaf-5e53-a3f2-b84436421122%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201727419743727%2C%20%22ct%22%3A%201727417943727%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=dd8959f7-020d-5d87-92de-a14fa2ef4951; __51vuft__KQFtdGOd9WuFBLcO=1727417943730; UM_distinctid=19232220dae2bd-07a6196558f62e-26031e51-140000-19232220daf416; CNZZDATA1281366638=1701857660-1727417946-%7C1727417946
Source: global traffic	HTTP traffic detected: GET /assets/Home-f4762739.css HTTP/1.1Host: aa5aa5aa5aa5aa44.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%221eac12e6-1eaf-5e53-a3f2-b84436421122%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201727419743727%2C%20%22ct%22%3A%201727417943727%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=dd8959f7-020d-5d87-92de-a14fa2ef4951; __51vuft__KQFtdGOd9WuFBLcO=1727417943730; UM_distinctid=19232220dae2bd-07a6196558f62e-26031e51-140000-19232220daf416; CNZZDATA1281366638=1701857660-1727417946-%7C1727417946
Source: global traffic	HTTP traffic detected: GET /assets/AdvertisementList.vue_vue_type_script_setup_true_name_AdvertisementList_lang-6c6de8d9.js HTTP/1.1Host: aa5aa5aa5aa5aa44.appConnection: keep-aliveOrigin: http://aa5aa5aa5aa5aa44.appUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%221eac12e6-1eaf-5e53-a3f2-b84436421122%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201727419743727%2C%20%22ct%22%3A%201727417943727%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=dd8959f7-020d-5d87-92de-a14fa2ef4951; __51vuft__KQFtdGOd9WuFBLcO=1727417943730; UM_distinctid=19232220dae2bd-07a6196558f62e-26031e51-140000-19232220daf416; CNZZDATA1281366638=1701857660-1727417946-%7C1727417946
Source: global traffic	HTTP traffic detected: GET /openIM.wasm HTTP/1.1Host: aa5aa5aa5aa5aa44.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%221eac12e6-1eaf-5e53-a3f2-b84436421122%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201727419743727%2C%20%22ct%22%3A%201727417943727%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=dd8959f7-020d-5d87-92de-a14fa2ef4951; __51vuft__KQFtdGOd9WuFBLcO=1727417943730; UM_distinctid=19232220dae2bd-07a6196558f62e-26031e51-140000-19232220daf416; CNZZDATA1281366638=1701857660-1727417946-%7C1727417946
Source: global traffic	HTTP traffic detected: GET /assets/logo-b4e095e7.png HTTP/1.1Host: aa5aa5aa5aa5aa44.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%221eac12e6-1eaf-5e53-a3f2-b84436421122%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201727419743727%2C%20%22ct%22%3A%201727417943727%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=dd8959f7-020d-5d87-92de-a14fa2ef4951; __51vuft__KQFtdGOd9WuFBLcO=1727417943730; UM_distinctid=19232220dae2bd-07a6196558f62e-26031e51-140000-19232220daf416; CNZZDATA1281366638=1701857660-1727417946-%7C1727417946
Source: global traffic	HTTP traffic detected: GET /assets/qr_code-8c1a238d.jpg HTTP/1.1Host: aa5aa5aa5aa5aa44.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%221eac12e6-1eaf-5e53-a3f2-b84436421122%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201727419743727%2C%20%22ct%22%3A%201727417943727%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=dd8959f7-020d-5d87-92de-a14fa2ef4951; __51vuft__KQFtdGOd9WuFBLcO=1727417943730; UM_distinctid=19232220dae2bd-07a6196558f62e-26031e51-140000-19232220daf416; CNZZDATA1281366638=1701857660-1727417946-%7C1727417946
Source: global traffic	HTTP traffic detected: GET /assets/Home-52354fe8.js HTTP/1.1Host: aa5aa5aa5aa5aa44.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%221eac12e6-1eaf-5e53-a3f2-b84436421122%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201727419743727%2C%20%22ct%22%3A%201727417943727%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=dd8959f7-020d-5d87-92de-a14fa2ef4951; __51vuft__KQFtdGOd9WuFBLcO=1727417943730; UM_distinctid=19232220dae2bd-07a6196558f62e-26031e51-140000-19232220daf416; CNZZDATA1281366638=1701857660-1727417946-%7C1727417946
Source: global traffic	HTTP traffic detected: GET /assets/ColVideoItem-07d4d17c.js HTTP/1.1Host: aa5aa5aa5aa5aa44.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%221eac12e6-1eaf-5e53-a3f2-b84436421122%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201727419743727%2C%20%22ct%22%3A%201727417943727%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=dd8959f7-020d-5d87-92de-a14fa2ef4951; __51vuft__KQFtdGOd9WuFBLcO=1727417943730; UM_distinctid=19232220dae2bd-07a6196558f62e-26031e51-140000-19232220daf416; CNZZDATA1281366638=1701857660-1727417946-%7C1727417946
Source: global traffic	HTTP traffic detected: GET /assets/SwiperBanner-530f3655.js HTTP/1.1Host: aa5aa5aa5aa5aa44.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%221eac12e6-1eaf-5e53-a3f2-b84436421122%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201727419743727%2C%20%22ct%22%3A%201727417943727%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=dd8959f7-020d-5d87-92de-a14fa2ef4951; __51vuft__KQFtdGOd9WuFBLcO=1727417943730; UM_distinctid=19232220dae2bd-07a6196558f62e-26031e51-140000-19232220daf416; CNZZDATA1281366638=1701857660-1727417946-%7C1727417946
Source: global traffic	HTTP traffic detected: GET /assets/AdvertisementList.vue_vue_type_script_setup_true_name_AdvertisementList_lang-6c6de8d9.js HTTP/1.1Host: aa5aa5aa5aa5aa44.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%221eac12e6-1eaf-5e53-a3f2-b84436421122%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201727419743727%2C%20%22ct%22%3A%201727417943727%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=dd8959f7-020d-5d87-92de-a14fa2ef4951; __51vuft__KQFtdGOd9WuFBLcO=1727417943730; UM_distinctid=19232220dae2bd-07a6196558f62e-26031e51-140000-19232220daf416; CNZZDATA1281366638=1701857660-1727417946-%7C1727417946
Source: global traffic	HTTP traffic detected: GET /assets/logo-b4e095e7.png HTTP/1.1Host: aa5aa5aa5aa5aa44.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%221eac12e6-1eaf-5e53-a3f2-b84436421122%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201727419743727%2C%20%22ct%22%3A%201727417943727%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=dd8959f7-020d-5d87-92de-a14fa2ef4951; __51vuft__KQFtdGOd9WuFBLcO=1727417943730; UM_distinctid=19232220dae2bd-07a6196558f62e-26031e51-140000-19232220daf416; CNZZDATA1281366638=1701857660-1727417946-%7C1727417946
Source: global traffic	HTTP traffic detected: GET /assets/qr_code-8c1a238d.jpg HTTP/1.1Host: aa5aa5aa5aa5aa44.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%221eac12e6-1eaf-5e53-a3f2-b84436421122%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201727419743727%2C%20%22ct%22%3A%201727417943727%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=dd8959f7-020d-5d87-92de-a14fa2ef4951; __51vuft__KQFtdGOd9WuFBLcO=1727417943730; UM_distinctid=19232220dae2bd-07a6196558f62e-26031e51-140000-19232220daf416; CNZZDATA1281366638=1701857660-1727417946-%7C1727417946
Source: global traffic	HTTP traffic detected: GET /openIM.wasm HTTP/1.1Host: aa5aa5aa5aa5aa44.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%221eac12e6-1eaf-5e53-a3f2-b84436421122%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201727419743727%2C%20%22ct%22%3A%201727417943727%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=dd8959f7-020d-5d87-92de-a14fa2ef4951; __51vuft__KQFtdGOd9WuFBLcO=1727417943730; UM_distinctid=19232220dae2bd-07a6196558f62e-26031e51-140000-19232220daf416; CNZZDATA1281366638=1701857660-1727417946-%7C1727417946
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: aa5aa5aa5aa5aa44.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%221eac12e6-1eaf-5e53-a3f2-b84436421122%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201727419743727%2C%20%22ct%22%3A%201727417943727%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=dd8959f7-020d-5d87-92de-a14fa2ef4951; __51vuft__KQFtdGOd9WuFBLcO=1727417943730; UM_distinctid=19232220dae2bd-07a6196558f62e-26031e51-140000-19232220daf416; CNZZDATA1281366638=1701857660-1727417946-%7C1727417946
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: aa5aa5aa5aa5aa44.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%221eac12e6-1eaf-5e53-a3f2-b84436421122%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201727419743727%2C%20%22ct%22%3A%201727417943727%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=dd8959f7-020d-5d87-92de-a14fa2ef4951; __51vuft__KQFtdGOd9WuFBLcO=1727417943730; UM_distinctid=19232220dae2bd-07a6196558f62e-26031e51-140000-19232220daf416; CNZZDATA1281366638=1701857660-1727417946-%7C1727417946

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: aa5aa5aa5aa5aa44.app
Source: global traffic	DNS traffic detected: DNS query: sdk.51.la
Source: global traffic	DNS traffic detected: DNS query: v1.cnzz.com
Source: global traffic	DNS traffic detected: DNS query: collect-v6.51.la
Source: global traffic	DNS traffic detected: DNS query: z6.cnzz.com
Source: global traffic	DNS traffic detected: DNS query: c.cnzz.com
Source: global traffic	DNS traffic detected: DNS query: webapi.amap.com
Source: global traffic	DNS traffic detected: DNS query: aawapi-v3.trh999.com
Source: global traffic	DNS traffic detected: DNS query: restapi.amap.com
Source: global traffic	DNS traffic detected: DNS query: cos-v3.024kh.com
Source: global traffic	DNS traffic detected: DNS query: _3669._https.cos-v3.024kh.com

Source: unknown

HTTP traffic detected: POST /stat.htm?id=1281366638&r=&lg=en-us&ntime=none&cnzz_eid=1701857660-1727417946-&showp=1280x1024&p=http%3A%2F%2Faa5aa5aa5aa5aa44.app%2F&t=%E7%88%B1%E7%88%B1%E7%BD%91&umuuid=19232220dae2bd-07a6196558f62e-26031e51-140000-19232220daf416&h=1 HTTP/1.1Host: z6.cnzz.comConnection: keep-aliveContent-Length: 0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: http://aa5aa5aa5aa5aa44.appSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: TengineContent-Type: text/plainContent-Length: 18Connection: closeDate: Fri, 27 Sep 2024 06:19:14 GMTAccess-Control-Allow-Credentials: falseAccess-Control-Allow-Headers: Access-Control-Allow-Methods: Access-Control-Allow-Origin: Access-Control-Expose-Headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers,Cache-Control,Content-Language,Content-Type,Expires,Last-Modified,Pragma,FooBarAccess-Control-Max-Age: 172800x-alicdn-da-ups-status: endOs,0,404Via: cache16.l2hk3[11,0], ens-cache2.de7[221,0]Timing-Allow-Origin: EagleId: a3b5839617274179544764956e
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: TengineContent-Type: text/plainContent-Length: 18Connection: closeDate: Fri, 27 Sep 2024 06:19:14 GMTAccess-Control-Allow-Credentials: falseAccess-Control-Allow-Headers: Access-Control-Allow-Methods: Access-Control-Allow-Origin: Access-Control-Expose-Headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers,Cache-Control,Content-Language,Content-Type,Expires,Last-Modified,Pragma,FooBarAccess-Control-Max-Age: 172800x-alicdn-da-ups-status: endOs,0,404Via: cache19.l2hk3[12,0], ens-cache7.de7[227,0]Timing-Allow-Origin: EagleId: a3b5839b17274179544908503e
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: TengineContent-Type: text/plainContent-Length: 18Connection: closeDate: Fri, 27 Sep 2024 06:19:14 GMTAccess-Control-Allow-Credentials: falseAccess-Control-Allow-Headers: Access-Control-Allow-Methods: Access-Control-Allow-Origin: Access-Control-Expose-Headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers,Cache-Control,Content-Language,Content-Type,Expires,Last-Modified,Pragma,FooBarAccess-Control-Max-Age: 172800x-alicdn-da-ups-status: endOs,0,404Via: cache22.l2hk3[12,0], ens-cache5.de7[221,0]Timing-Allow-Origin: EagleId: a3b5839917274179545051865e
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: TengineContent-Type: text/plainContent-Length: 18Connection: closeDate: Fri, 27 Sep 2024 06:19:14 GMTAccess-Control-Allow-Credentials: falseAccess-Control-Allow-Headers: Access-Control-Allow-Methods: Access-Control-Allow-Origin: Access-Control-Expose-Headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers,Cache-Control,Content-Language,Content-Type,Expires,Last-Modified,Pragma,FooBarAccess-Control-Max-Age: 172800x-alicdn-da-ups-status: endOs,0,404Via: cache7.l2hk3[11,0], ens-cache3.de7[228,0]Timing-Allow-Origin: EagleId: a3b5839717274179545063682e

Source: chromecache_117.4.dr, chromecache_101.4.dr	String found in binary or memory: http://gaode.com
Source: chromecache_117.4.dr, chromecache_101.4.dr	String found in binary or memory: http://m.amap.com
Source: chromecache_98.4.dr, chromecache_86.4.dr	String found in binary or memory: https://quanjing.cnzz.com
Source: chromecache_117.4.dr, chromecache_101.4.dr	String found in binary or memory: https://webapi.amap.com
Source: chromecache_98.4.dr, chromecache_86.4.dr	String found in binary or memory: https://www.cnzz.com/stat/website.php?web_id=

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49741 version: TLS 1.2

Source: classification engine

Classification label: mal56.win@16/74@41/15

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=2024,i,4110611763947970368,17166306496067060294,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://aa5aa5aa5aa5aa44.app/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=2024,i,4110611763947970368,17166306496067060294,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: chromecache_101.4.dr

Binary or memory string: (function(config){!function(global,factory){"object"==typeof exports&&"undefined"!=typeof module?module.exports=factory():"function"==typeof define&&define.amd?define(factory):(global=global||self).AMap=factory()}(this,function(){"use strict";var shared,worker,AMap;function define(_,chunk){var sharedChunk,workerBundleString;shared?worker?(workerBundleString='var sharedChunk = {key:"'+config[0]+'",db:"'+(config[14]||"")+'",nebulaVersion:"'+(config[15]||"")+'",movingDraw:'+Boolean(window.movingDraw)+',host:"'+config[2]+'",}; ('+shared+")(sharedChunk); ("+worker+")(sharedChunk);",sharedChunk={key:config[0],movingDraw:window.movingDraw},shared(sharedChunk),sharedChunk=chunk(sharedChunk),workerBundleString="undefined"!=typeof URL?window.URL.createObjectURL(new Blob([workerBundleString],{type:"text/javascript"})):"",(AMap=sharedChunk(config)).getConfig().workerUrl=workerBundleString):worker=chunk:shared=chunk}define(["exports"],function(exports){var extend=function(f){for(var t,r,i=Array.prototype.slice.call(arguments,1),o=0,n=i.length;o<n;o+=1)for(var a in t=i[o]||{})t.hasOwnProperty(a)&&("function"==typeof(r=t[a])&&f.prototype?f.prototype[a]=r:f[a]=r);return f};function isBrowser(){return"undefined"!=typeof window&&"undefined"!=typeof document}function isWasmSuppport(){try{if("object"==typeof WebAssembly&&"function"==typeof WebAssembly.instantiate&&TextDecoder&&TextEncoder){var f=new WebAssembly.Module(new Uint8Array([0,97,115,109,1,0,0,0]));if(f instanceof WebAssembly.Module)return new WebAssembly.Instance(f)instanceof WebAssembly.Instance}}catch(f){}return!1}var testWepP=function(f){var e=new Image;e.src="data:image/webp;base64,UklGRi4AAABXRUJQVlA4TCEAAAAvAUAAEB8wAiMwAgSSNtse/cXjxyCCmrYNWPwmHRH9jwMA",e.onload=e.onerror=function(){f(2===e.height)}};function isWorkerEnv(){try{return document,!1}catch(f){return!0}}function getSupport(f){function e(f){return-1!==r.indexOf(f)}var t={runSupport:(new Date).getTime()},j=isWasmSuppport(),r=navigator.userAgent.toLowerCase(),U=!0,i=e("macintosh"),F=e("ipad;")||e("ipad "),o=e("ipod touch;"),n=e("iphone;")||e("iphone "),o=n||F||o,a=(i||o)&&e("safari")&&e("version/"),l=e("macwechat"),s=e("windowswechat"),R={touch:!1,mac:i,Ue:!1,webkit:!1,$e:!1,scale:1,android:!1,DW:isWorkerEnv(),wasm:j,safari:a,AQ:l,gQ:s,amapRunTime:t};if(isBrowser()){var d=window,s=(l=document).documentElement,c=/([a-z0-9]*\d+[a-z0-9]*)/,D="google swiftshader;microsoft basic render driver;vmware svga 3d;Intel 965GM;Intel B43;Intel G41;Intel G45;Intel G965;Intel GMA 3600;Intel Mobile 4;Intel Mobile 45;Intel Mobile 965".split(";"),u="ActiveXObject"in d,y=0!=window.detectRetina&&("devicePixelRatio"in d&&1<d.devicePixelRatio||u&&"matchMedia"in d&&d.matchMedia("(min-resolution:144dpi)")&&d.matchMedia("(min-resolution:144dpi)").matches),B=e("windows nt"),b=(r.search(/windows nt [1-5]\./),r.search(/windows nt 5\.[12]/),e("windows nt 10"),e("windows phone")),G=e("Mb2345Browser"),V=(o&&r.search(/ os [456]_/),o&&r.search(/ os [4-8]_/),o&&r.search(/ os [7

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.184.196	www.google.com	United States	15169	GOOGLEUS	false
90.84.161.25	unknown	France	5511	OPENTRANSITFR	false
163.181.131.212	aawapi-v3.trh999.com.w.cdngslb.com	United States	24429	TAOBAOZhejiangTaobaoNetworkCoLtdCN	false
163.181.131.215	unknown	United States	24429	TAOBAOZhejiangTaobaoNetworkCoLtdCN	false
47.246.165.44	unknown	United States	45102	CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC	false
203.119.169.174	unknown	China	37963	CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	false
148.153.240.75	hcdnwsa120.v5.cdnhwczoy106.cn	United States	63199	CDSC-AS1US	false
122.225.212.209	all.cnzz.com.danuoyi.tbcache.com	China	58461	CT-HANGZHOU-IDCNo288Fu-chunRoadCN	false
59.82.132.217	restapi.amap.com.gds.alibabadns.com	China	37963	CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	false
212.50.235.119	g952bba.cdn.dakaiwangzhi.com	Netherlands	25820	IT7NETCA	false
223.109.148.140	z.gds.cnzz.com	China	56046	CMNET-JIANGSU-APChinaMobilecommunicationscorporationCN	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
47.246.174.224	os30.wagbridge.ingress.amap.com	United States	45102	CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC	false
134.122.200.173	aa5aa5aa5aa5aa44.app	United States	64050	BCPL-SGBGPNETGlobalASNSG	false

Private

IP
192.168.2.7

Contacted Domains

Name	IP	Active
os30.wagbridge.ingress.amap.com	47.246.174.224	true
bg.microsoft.map.fastly.net	199.232.210.172	true
hcdnwsa120.v5.cdnhwczoy106.cn	148.153.240.75	true
all.cnzz.com.danuoyi.tbcache.com	122.225.212.209	true
www.google.com	142.250.184.196	true
aawapi-v3.trh999.com.w.cdngslb.com	163.181.131.212	true
aa5aa5aa5aa5aa44.app	134.122.200.173	true
restapi.amap.com.gds.alibabadns.com	59.82.132.217	true
g952bba.cdn.dakaiwangzhi.com	212.50.235.119	true
z.gds.cnzz.com	223.109.148.140	true
_3669._https.cos-v3.024kh.com	unknown	unknown
v1.cnzz.com	unknown	unknown
cos-v3.024kh.com	unknown	unknown
z6.cnzz.com	unknown	unknown
webapi.amap.com	unknown	unknown
c.cnzz.com	unknown	unknown
collect-v6.51.la	unknown	unknown
restapi.amap.com	unknown	unknown
sdk.51.la	unknown	unknown
aawapi-v3.trh999.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://aa5aa5aa5aa5aa44.app/assets/index-fd1be804.css	true	Avira URL Cloud: malware	unknown
https://aawapi-v3.trh999.com/msg_demo/client_config/get	false	Avira URL Cloud: safe	unknown
http://aa5aa5aa5aa5aa44.app/assets/SwiperBanner-cd8dc074.css	true	Avira URL Cloud: malware	unknown
http://aa5aa5aa5aa5aa44.app/assets/ColVideoItem-2396d821.css	true	Avira URL Cloud: malware	unknown
http://aa5aa5aa5aa5aa44.app/home	true		unknown
https://aawapi-v3.trh999.com/msg_demo/v/pc/video/getAllCategoryVideos	false	Avira URL Cloud: safe	unknown
https://c.cnzz.com/c.js?web_id=1281366638&t=z	false	Avira URL Cloud: safe	unknown
http://collect-v6.51.la/v6/collect?dt=4	false	Avira URL Cloud: safe	unknown
http://aa5aa5aa5aa5aa44.app/assets/Home-52354fe8.js	true	Avira URL Cloud: malware	unknown
http://aa5aa5aa5aa5aa44.app/assets/AdvertisementList.vue_vue_type_script_setup_true_name_AdvertisementList_lang-6c6de8d9.js	true	Avira URL Cloud: malware	unknown
https://v1.cnzz.com/z.js?id=1281366638&async=1	false	Avira URL Cloud: safe	unknown
http://sdk.51.la/js-sdk-pro.min.js	false	Avira URL Cloud: safe	unknown
http://aa5aa5aa5aa5aa44.app/openIM.wasm	true	Avira URL Cloud: malware	unknown
https://aawapi-v3.trh999.com/msg_demo/v/pc/video/category	false	Avira URL Cloud: safe	unknown
http://aa5aa5aa5aa5aa44.app/favicon.ico	true	Avira URL Cloud: malware	unknown
https://z6.cnzz.com/stat.htm?id=1281366638&r=&lg=en-us&ntime=none&cnzz_eid=1701857660-1727417946-&showp=1280x1024&p=http%3A%2F%2Faa5aa5aa5aa5aa44.app%2F&t=%E7%88%B1%E7%88%B1%E7%BD%91&umuuid=19232220dae2bd-07a6196558f62e-26031e51-140000-19232220daf416&h=1	false	Avira URL Cloud: safe	unknown
https://webapi.amap.com/maps?callback=___onAPILoaded&v=2.0&key=0f3e523aa49b944f6ae53c488cbae6c3&plugin=	false	Avira URL Cloud: safe	unknown
http://aa5aa5aa5aa5aa44.app/assets/index-71f5a5dd.js	true	Avira URL Cloud: malware	unknown
http://aa5aa5aa5aa5aa44.app/assets/worker-d3bc0bde.js	true	Avira URL Cloud: malware	unknown
http://aa5aa5aa5aa5aa44.app/wasm_exec.js	true	Avira URL Cloud: malware	unknown
http://aa5aa5aa5aa5aa44.app/assets/Home-f4762739.css	true	Avira URL Cloud: malware	unknown
http://aa5aa5aa5aa5aa44.app/assets/qr_code-8c1a238d.jpg	true	Avira URL Cloud: malware	unknown
http://aa5aa5aa5aa5aa44.app/assets/logo-b4e095e7.png	true	Avira URL Cloud: malware	unknown
http://aa5aa5aa5aa5aa44.app/assets/ColVideoItem-07d4d17c.js	true	Avira URL Cloud: malware	unknown
https://restapi.amap.com/v3/log/init?platform=JS&s=rsv3&logversion=2.0&product=JsInit&key=0f3e523aa49b944f6ae53c488cbae6c3&t=1727417949472&sdkversion=2.0&appname=http%253A%252F%252Faa5aa5aa5aa5aa44.app%252Fhome&csid=7EF5F9F4-A4F9-4234-B965-6AEE75896E1C&resolution=1280*1024&mob=0&vt=1&dpr=1&scale=1&detect=false&callback=jsonp_463776_1727417949473_	false	Avira URL Cloud: safe	unknown
http://aa5aa5aa5aa5aa44.app/assets/SwiperBanner-530f3655.js	true	Avira URL Cloud: malware	unknown
https://aawapi-v3.trh999.com/msg_demo/v/pc/video/adList	false	Avira URL Cloud: safe	unknown
http://aa5aa5aa5aa5aa44.app/	true		unknown
http://aa5aa5aa5aa5aa44.app/console-ban.min.js	true	Avira URL Cloud: malware	unknown
https://aawapi-v3.trh999.com/msg_demo/v/search/hotLists	false	Avira URL Cloud: safe	unknown

Name	Type	MD5	SHA1	SHA256
Chrome Cache Entry: 100	gzip compressed data, from Unix, original size modulo 2^32 20181	4CD4A5CBD38F559D62AD6AF034EFAB9F	9F16B90722D51DF618C6860E7B1513AC5D7A7704	22D3213A055E4FDDD2B344CDD870856E95AB9A11A4797DFB6CE7031C306A22F8
Chrome Cache Entry: 101	Unicode text, UTF-8 text, with very long lines (65476), with no line terminators	1D38F11C08A59073FDB7B095566972EB	49AD4C956AE959E1D3999B83B2FE529DBA763586	31776489410322680895D4CDA93DC58E0C99020428D85E6BE88718F26845DBDB
Chrome Cache Entry: 102	gzip compressed data, from Unix, original size modulo 2^32 3821	A17AC62621D11BCCCCF4EE4E13944CAA	BCE8E778648FFF5E6E6D422EDDE6ECD6291E9949	F8221EACC4EBEFD443F87E0FA73A759AC9131BC83BCE561074861DE96F6BB592
Chrome Cache Entry: 103	gzip compressed data, from Unix, original size modulo 2^32 111187	750EAE11BB11F59002CC5188B7B34DA7	826EB81B4183CFDED70AFCDE46F3C3C2B9F3BA54	A73B12D26034D95DBEE4282F026D63BBEC59C4C5667DCB6557681B0B4DBF75F5
Chrome Cache Entry: 104	gzip compressed data, from Unix, original size modulo 2^32 195653	8E4F52DFAEFDD875A22C8A55B9A991BE	8E9DF14F274CB838B0D9FCC5F2DF63B948FDA8E4	5CD22CF981E4499AD08A272DD5D06C633FBFF1B7891137D802E86530BFEFC4D7
Chrome Cache Entry: 105	ASCII text, with no line terminators	53AF239EE5D3E261545DEDEDCB6FFD57	04CA7E137E1E9FEEAD96A7DF45BB67D5AB3DE190	99EB12F2AB3C4866A353E098FFA3CB7A967E617C49B98480394EC5D8EA92B094
Chrome Cache Entry: 106	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, extended sequential, precision 8, 368x368, components 3	ABB136A9FAE142D3E00508EBCD3561B1	A796F7AB06D2A39A7A54FAD9962A2B9BA2266012	A154A154DF3CD9689974AB42DFDE252F2ABEC2881BC0D0F17443425771D4AA0E
Chrome Cache Entry: 107	gzip compressed data, from Unix, original size modulo 2^32 1051722	FA5983EB4A5A034A65807DF2BA0DE24E	F7AB2352923962DC96F0477EBF48EAFB6305B18C	788496270B3577D2D3C4A271B5DB88ADD2DEEC926A7457B6951CCE5055F4D245
Chrome Cache Entry: 108	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, extended sequential, precision 8, 368x368, components 3	ABB136A9FAE142D3E00508EBCD3561B1	A796F7AB06D2A39A7A54FAD9962A2B9BA2266012	A154A154DF3CD9689974AB42DFDE252F2ABEC2881BC0D0F17443425771D4AA0E
Chrome Cache Entry: 109	ASCII text, with no line terminators	69AD23F7E21C7438DAE3AD4F4D7EF7A1	BDC6CC4CBBD16B2B11A17AA01DBAAD40F6A3DC65	38014DD52032FF8B26F9D77EF5AD8A1095F5A6A6E3B4EB9DF2F634FC3171A2C1
Chrome Cache Entry: 110	gzip compressed data, from Unix, original size modulo 2^32 95671	D952743BA2192470BC9591FA7A328C05	CD92CB30F32F459B7116473DFE09AB7467198A23	C2902D45BE8855E4C53FDBC671066DC9809AD226FE64A2126AB6DD9F2F8EC687
Chrome Cache Entry: 111	gzip compressed data, from Unix, original size modulo 2^32 5229	B9B22A2F49FA393B880540EABC3CE959	4C2B44B12CD1A479BF04A3B6327A18EF24739DBE	FC58815B3BFA8454E740D2A1D85F9EF9A18DE72DFB0325D2E498C469AF6B6EAA
Chrome Cache Entry: 112	ASCII text, with very long lines (572)	CA0D1FED679E9FB577B152B84172E3B0	F31F910FFB6AFFE9D858F510B28B061F26B8132D	F4762739ED1A30A8EFE8131CE186DC2F22DAED56AC2D02C385DB17E305085B3C
Chrome Cache Entry: 113	gzip compressed data, from Unix, original size modulo 2^32 20181	4CD4A5CBD38F559D62AD6AF034EFAB9F	9F16B90722D51DF618C6860E7B1513AC5D7A7704	22D3213A055E4FDDD2B344CDD870856E95AB9A11A4797DFB6CE7031C306A22F8
Chrome Cache Entry: 114	gzip compressed data, from Unix, original size modulo 2^32 109906	176CEC075F01354A5590096E6D76BA0E	C5D55B39659BB211DB1A760F9F76CD0916E803F0	ED5E3269C996842192828AC3E2535D876E92399D9BC423D5F7BB3F1B625CD2AA
Chrome Cache Entry: 115	ASCII text, with no line terminators	53AF239EE5D3E261545DEDEDCB6FFD57	04CA7E137E1E9FEEAD96A7DF45BB67D5AB3DE190	99EB12F2AB3C4866A353E098FFA3CB7A967E617C49B98480394EC5D8EA92B094
Chrome Cache Entry: 116	PNG image data, 240 x 83, 8-bit colormap, non-interlaced	4576C2507DF5793A05A99E260458EEC0	B66DEDE8808B934D0BA67D6B10BA33B4D672C0F1	F823426935D9762A7CD38E4137750E3E60DE9B8B96F784775111E337D32B9BF3
Chrome Cache Entry: 117	Unicode text, UTF-8 text, with very long lines (65476), with no line terminators	1D38F11C08A59073FDB7B095566972EB	49AD4C956AE959E1D3999B83B2FE529DBA763586	31776489410322680895D4CDA93DC58E0C99020428D85E6BE88718F26845DBDB
Chrome Cache Entry: 118	gzip compressed data, from Unix, original size modulo 2^32 29529945	4E5746DA0558EFFF522E8D8C43F301EA	FBA1443FA477F12ED51E89A33949FBA4CC918F4D	4595267593A7C642A3E49B2B5803A61C7B6B332CB9943F19B33067E28A838632
Chrome Cache Entry: 119	gzip compressed data, from Unix, original size modulo 2^32 3821	A17AC62621D11BCCCCF4EE4E13944CAA	BCE8E778648FFF5E6E6D422EDDE6ECD6291E9949	F8221EACC4EBEFD443F87E0FA73A759AC9131BC83BCE561074861DE96F6BB592
Chrome Cache Entry: 71	ASCII text, with very long lines (10194), with no line terminators	E7D207E088F25BE4FAF3AEA4D8E5BE3A	F103ED3E7FF92B0AC7CACF8BF4D48DAD15DEF6A2	B380323A481CF28ABB892B7008B81B39BB6203213B7B4A1735143FF56364C1D2
Chrome Cache Entry: 72	gzip compressed data, from Unix, original size modulo 2^32 29529945	4E5746DA0558EFFF522E8D8C43F301EA	FBA1443FA477F12ED51E89A33949FBA4CC918F4D	4595267593A7C642A3E49B2B5803A61C7B6B332CB9943F19B33067E28A838632
Chrome Cache Entry: 73	gzip compressed data, from Unix, original size modulo 2^32 208214	0BF7EC1C396AF7D31CFAE87B4641309C	124C2221937663C817DBDECB7FC3B4717D6ECF4D	522B5565B735AE076DC0E6802AD704D6ED7EA8D4C5D48FF1B402C76EF4C9B55C
Chrome Cache Entry: 74	MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel	38AA79AB79B7769916EA54C4720BB9C1	C79EFFFE80F1C832B75ED94C1275C4CF6D7F9DD7	2AF64CA00CBD7C5771E471FDB8A05898D403E836A16CBFCAF4761FCE3EA706AA
Chrome Cache Entry: 75	gzip compressed data, from Unix, original size modulo 2^32 2138	3D5A632297FD91ECB0C850EAC5E296A1	C03BA716B2F7A2355DFF913A62E85C79513D183C	2B5904A85D64957422C007FB02FF7E73474ADF164E90EF12AB1530059F07A536
Chrome Cache Entry: 76	gzip compressed data, from Unix, original size modulo 2^32 11440	D007D8F7F1F79C80923EAD7DCD976547	BB0C072E344ACACD9630BDDBD0520EDD40D82416	A692CD6384749C5884301D588EE9F9EA88DB373ED3CCEE8C83FE8F7424B49631
Chrome Cache Entry: 77	gzip compressed data, from Unix, original size modulo 2^32 3635	EE2B8DA55797717C999C206700180627	2606EE89CB1004019C19706355867476DF6A56BB	1878A84C2F145E9B2B8BC8355DB2AF7FEEFFA45DB2D0FEAD3EA2FBBF0E3EAD75
Chrome Cache Entry: 78	gzip compressed data, from Unix, original size modulo 2^32 95671	D952743BA2192470BC9591FA7A328C05	CD92CB30F32F459B7116473DFE09AB7467198A23	C2902D45BE8855E4C53FDBC671066DC9809AD226FE64A2126AB6DD9F2F8EC687
Chrome Cache Entry: 79	ASCII text, with no line terminators	53AF239EE5D3E261545DEDEDCB6FFD57	04CA7E137E1E9FEEAD96A7DF45BB67D5AB3DE190	99EB12F2AB3C4866A353E098FFA3CB7A967E617C49B98480394EC5D8EA92B094
Chrome Cache Entry: 80	gzip compressed data, from Unix, original size modulo 2^32 5229	B9B22A2F49FA393B880540EABC3CE959	4C2B44B12CD1A479BF04A3B6327A18EF24739DBE	FC58815B3BFA8454E740D2A1D85F9EF9A18DE72DFB0325D2E498C469AF6B6EAA
Chrome Cache Entry: 81	gzip compressed data, from Unix, original size modulo 2^32 1753	E77944A0638B641738B19D903E286398	E69319C843B0639F6E8B8D6F76A53DF194A5324F	469AD405DE70B3C910E1523A4F380139DE9D32D92BD001AE680FBEE53F552366
Chrome Cache Entry: 82	MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel	38AA79AB79B7769916EA54C4720BB9C1	C79EFFFE80F1C832B75ED94C1275C4CF6D7F9DD7	2AF64CA00CBD7C5771E471FDB8A05898D403E836A16CBFCAF4761FCE3EA706AA
Chrome Cache Entry: 83	ASCII text, with very long lines (10194), with no line terminators	E7D207E088F25BE4FAF3AEA4D8E5BE3A	F103ED3E7FF92B0AC7CACF8BF4D48DAD15DEF6A2	B380323A481CF28ABB892B7008B81B39BB6203213B7B4A1735143FF56364C1D2
Chrome Cache Entry: 84	gzip compressed data, from Unix, original size modulo 2^32 4718	788F3732DCE3FB82D4C8F6FCCACD6E45	6E2619FA9C05225F5CED5AC70B6AE3DB8DF09C08	FA5F4A6EA3DA291895D02796DBB48B8A00F12DFCB8B24F5AA980F43B2691CE1D
Chrome Cache Entry: 85	ASCII text, with no line terminators	53AF239EE5D3E261545DEDEDCB6FFD57	04CA7E137E1E9FEEAD96A7DF45BB67D5AB3DE190	99EB12F2AB3C4866A353E098FFA3CB7A967E617C49B98480394EC5D8EA92B094
Chrome Cache Entry: 86	HTML document, ASCII text, with very long lines (906), with no line terminators	F8F26231E1F168236A0365361D83D1F7	567A3381A71CF669D44CC5F8FC34EBD326424A49	79395263091CA3F617A22212CFAA7F1461BE213B8DDE83A3156AFC2B323F140E
Chrome Cache Entry: 87	ASCII text, with no line terminators	69AD23F7E21C7438DAE3AD4F4D7EF7A1	BDC6CC4CBBD16B2B11A17AA01DBAAD40F6A3DC65	38014DD52032FF8B26F9D77EF5AD8A1095F5A6A6E3B4EB9DF2F634FC3171A2C1
Chrome Cache Entry: 88	gzip compressed data, from Unix, original size modulo 2^32 1051722	FA5983EB4A5A034A65807DF2BA0DE24E	F7AB2352923962DC96F0477EBF48EAFB6305B18C	788496270B3577D2D3C4A271B5DB88ADD2DEEC926A7457B6951CCE5055F4D245
Chrome Cache Entry: 89	gzip compressed data, from Unix, original size modulo 2^32 484367	15706FF2EFD23175561B462CD4075B7D	D96B048741226764320F488EDFEC3045CE2637A6	5E02B67F3F837D0519D63DA16C3FC9DFC70049787973B5EB9A886CC330B99421
Chrome Cache Entry: 90	gzip compressed data, from Unix, original size modulo 2^32 3635	EE2B8DA55797717C999C206700180627	2606EE89CB1004019C19706355867476DF6A56BB	1878A84C2F145E9B2B8BC8355DB2AF7FEEFFA45DB2D0FEAD3EA2FBBF0E3EAD75
Chrome Cache Entry: 91	gzip compressed data, from Unix, original size modulo 2^32 109906	176CEC075F01354A5590096E6D76BA0E	C5D55B39659BB211DB1A760F9F76CD0916E803F0	ED5E3269C996842192828AC3E2535D876E92399D9BC423D5F7BB3F1B625CD2AA
Chrome Cache Entry: 92	gzip compressed data, from Unix, original size modulo 2^32 2173	1F4DD56E7729AF74BFF14F4DAD816890	F6090DAE3AA332CC93A400928FB0ABA8C5594F5A	7AF44B20D003006894A6B5158F27EE9BF81B4A72797DE9FF5D48E48288D7C460
Chrome Cache Entry: 93	PNG image data, 240 x 83, 8-bit colormap, non-interlaced	4576C2507DF5793A05A99E260458EEC0	B66DEDE8808B934D0BA67D6B10BA33B4D672C0F1	F823426935D9762A7CD38E4137750E3E60DE9B8B96F784775111E337D32B9BF3
Chrome Cache Entry: 94	gzip compressed data, from Unix, original size modulo 2^32 111187	750EAE11BB11F59002CC5188B7B34DA7	826EB81B4183CFDED70AFCDE46F3C3C2B9F3BA54	A73B12D26034D95DBEE4282F026D63BBEC59C4C5667DCB6557681B0B4DBF75F5
Chrome Cache Entry: 95	gzip compressed data, from Unix, original size modulo 2^32 208214	0BF7EC1C396AF7D31CFAE87B4641309C	124C2221937663C817DBDECB7FC3B4717D6ECF4D	522B5565B735AE076DC0E6802AD704D6ED7EA8D4C5D48FF1B402C76EF4C9B55C
Chrome Cache Entry: 96	gzip compressed data, from Unix, original size modulo 2^32 1753	E77944A0638B641738B19D903E286398	E69319C843B0639F6E8B8D6F76A53DF194A5324F	469AD405DE70B3C910E1523A4F380139DE9D32D92BD001AE680FBEE53F552366
Chrome Cache Entry: 97	gzip compressed data, from Unix, original size modulo 2^32 195653	8E4F52DFAEFDD875A22C8A55B9A991BE	8E9DF14F274CB838B0D9FCC5F2DF63B948FDA8E4	5CD22CF981E4499AD08A272DD5D06C633FBFF1B7891137D802E86530BFEFC4D7
Chrome Cache Entry: 98	HTML document, ASCII text, with very long lines (906), with no line terminators	F8F26231E1F168236A0365361D83D1F7	567A3381A71CF669D44CC5F8FC34EBD326424A49	79395263091CA3F617A22212CFAA7F1461BE213B8DDE83A3156AFC2B323F140E
Chrome Cache Entry: 99	gzip compressed data, from Unix, original size modulo 2^32 11440	D007D8F7F1F79C80923EAD7DCD976547	BB0C072E344ACACD9630BDDBD0520EDD40D82416	A692CD6384749C5884301D588EE9F9EA88DB373ED3CCEE8C83FE8F7424B49631

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://aa5aa5aa5aa5aa44.app/

Avira URL Cloud: detection malicious, Label: malware

Antivirus detection for URL or domain

Source: http://aa5aa5aa5aa5aa44.app/assets/index-fd1be804.css	Avira URL Cloud: Label: malware
Source: http://aa5aa5aa5aa5aa44.app/assets/ColVideoItem-2396d821.css	Avira URL Cloud: Label: malware
Source: http://aa5aa5aa5aa5aa44.app/assets/AdvertisementList.vue_vue_type_script_setup_true_name_AdvertisementList_lang-6c6de8d9.js	Avira URL Cloud: Label: malware
Source: http://aa5aa5aa5aa5aa44.app/assets/Home-52354fe8.js	Avira URL Cloud: Label: malware
Source: http://aa5aa5aa5aa5aa44.app/assets/SwiperBanner-cd8dc074.css	Avira URL Cloud: Label: malware
Source: http://aa5aa5aa5aa5aa44.app/openIM.wasm	Avira URL Cloud: Label: malware
Source: http://aa5aa5aa5aa5aa44.app/favicon.ico	Avira URL Cloud: Label: malware
Source: http://aa5aa5aa5aa5aa44.app/assets/index-71f5a5dd.js	Avira URL Cloud: Label: malware
Source: http://aa5aa5aa5aa5aa44.app/assets/worker-d3bc0bde.js	Avira URL Cloud: Label: malware
Source: http://aa5aa5aa5aa5aa44.app/wasm_exec.js	Avira URL Cloud: Label: malware
Source: http://aa5aa5aa5aa5aa44.app/assets/logo-b4e095e7.png	Avira URL Cloud: Label: malware
Source: http://aa5aa5aa5aa5aa44.app/assets/qr_code-8c1a238d.jpg	Avira URL Cloud: Label: malware
Source: http://aa5aa5aa5aa5aa44.app/assets/Home-f4762739.css	Avira URL Cloud: Label: malware
Source: http://aa5aa5aa5aa5aa44.app/assets/ColVideoItem-07d4d17c.js	Avira URL Cloud: Label: malware
Source: http://aa5aa5aa5aa5aa44.app/assets/SwiperBanner-530f3655.js	Avira URL Cloud: Label: malware
Source: http://aa5aa5aa5aa5aa44.app/console-ban.min.js	Avira URL Cloud: Label: malware

HTML body with high number of embedded images detected

Source: http://aa5aa5aa5aa5aa44.app/home

HTTP Parser: Total embedded image size: 75098

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49741 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 13.95.65.251
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /z.js?id=1281366638&async=1 HTTP/1.1Host: v1.cnzz.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /z.js?id=1281366638&async=1 HTTP/1.1Host: v1.cnzz.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /maps?callback=___onAPILoaded&v=2.0&key=0f3e523aa49b944f6ae53c488cbae6c3&plugin= HTTP/1.1Host: webapi.amap.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /c.js?web_id=1281366638&t=z HTTP/1.1Host: c.cnzz.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /v3/log/init?platform=JS&s=rsv3&logversion=2.0&product=JsInit&key=0f3e523aa49b944f6ae53c488cbae6c3&t=1727417949472&sdkversion=2.0&appname=http%253A%252F%252Faa5aa5aa5aa5aa44.app%252Fhome&csid=7EF5F9F4-A4F9-4234-B965-6AEE75896E1C&resolution=12801024&mob=0&vt=1&dpr=1&scale=1&detect=false&callback=jsonp_463776_1727417949473_ HTTP/1.1Host: restapi.amap.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /maps?callback=___onAPILoaded&v=2.0&key=0f3e523aa49b944f6ae53c488cbae6c3&plugin= HTTP/1.1Host: webapi.amap.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /c.js?web_id=1281366638&t=z HTTP/1.1Host: c.cnzz.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /msg_demo/v/pc/video/category HTTP/1.1Host: aawapi-v3.trh999.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /msg_demo/v/pc/video/adList HTTP/1.1Host: aawapi-v3.trh999.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /msg_demo/client_config/get HTTP/1.1Host: aawapi-v3.trh999.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /msg_demo/v/search/hotLists HTTP/1.1Host: aawapi-v3.trh999.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v3/log/init?platform=JS&s=rsv3&logversion=2.0&product=JsInit&key=0f3e523aa49b944f6ae53c488cbae6c3&t=1727417949472&sdkversion=2.0&appname=http%253A%252F%252Faa5aa5aa5aa5aa44.app%252Fhome&csid=7EF5F9F4-A4F9-4234-B965-6AEE75896E1C&resolution=12801024&mob=0&vt=1&dpr=1&scale=1&detect=false&callback=jsonp_463776_1727417949473_ HTTP/1.1Host: restapi.amap.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: aa5aa5aa5aa5aa44.appConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/index-71f5a5dd.js HTTP/1.1Host: aa5aa5aa5aa5aa44.appConnection: keep-aliveOrigin: http://aa5aa5aa5aa5aa44.appUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/index-fd1be804.css HTTP/1.1Host: aa5aa5aa5aa5aa44.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wasm_exec.js HTTP/1.1Host: aa5aa5aa5aa5aa44.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /console-ban.min.js HTTP/1.1Host: aa5aa5aa5aa5aa44.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js-sdk-pro.min.js HTTP/1.1Host: sdk.51.laConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wasm_exec.js HTTP/1.1Host: aa5aa5aa5aa5aa44.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /console-ban.min.js HTTP/1.1Host: aa5aa5aa5aa5aa44.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/worker-d3bc0bde.js HTTP/1.1Host: aa5aa5aa5aa5aa44.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%221eac12e6-1eaf-5e53-a3f2-b84436421122%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201727419743727%2C%20%22ct%22%3A%201727417943727%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=dd8959f7-020d-5d87-92de-a14fa2ef4951; __51vuft__KQFtdGOd9WuFBLcO=1727417943730
Source: global traffic	HTTP traffic detected: GET /assets/index-71f5a5dd.js HTTP/1.1Host: aa5aa5aa5aa5aa44.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%221eac12e6-1eaf-5e53-a3f2-b84436421122%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201727419743727%2C%20%22ct%22%3A%201727417943727%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=dd8959f7-020d-5d87-92de-a14fa2ef4951; __51vuft__KQFtdGOd9WuFBLcO=1727417943730
Source: global traffic	HTTP traffic detected: GET /assets/worker-d3bc0bde.js HTTP/1.1Host: aa5aa5aa5aa5aa44.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%221eac12e6-1eaf-5e53-a3f2-b84436421122%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201727419743727%2C%20%22ct%22%3A%201727417943727%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=dd8959f7-020d-5d87-92de-a14fa2ef4951; __51vuft__KQFtdGOd9WuFBLcO=1727417943730
Source: global traffic	HTTP traffic detected: GET /js-sdk-pro.min.js HTTP/1.1Host: sdk.51.laConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v6/collect?dt=4 HTTP/1.1Host: collect-v6.51.laConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/Home-52354fe8.js HTTP/1.1Host: aa5aa5aa5aa5aa44.appConnection: keep-aliveOrigin: http://aa5aa5aa5aa5aa44.appUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%221eac12e6-1eaf-5e53-a3f2-b84436421122%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201727419743727%2C%20%22ct%22%3A%201727417943727%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=dd8959f7-020d-5d87-92de-a14fa2ef4951; __51vuft__KQFtdGOd9WuFBLcO=1727417943730; UM_distinctid=19232220dae2bd-07a6196558f62e-26031e51-140000-19232220daf416; CNZZDATA1281366638=1701857660-1727417946-%7C1727417946
Source: global traffic	HTTP traffic detected: GET /assets/SwiperBanner-530f3655.js HTTP/1.1Host: aa5aa5aa5aa5aa44.appConnection: keep-aliveOrigin: http://aa5aa5aa5aa5aa44.appUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%221eac12e6-1eaf-5e53-a3f2-b84436421122%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201727419743727%2C%20%22ct%22%3A%201727417943727%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=dd8959f7-020d-5d87-92de-a14fa2ef4951; __51vuft__KQFtdGOd9WuFBLcO=1727417943730; UM_distinctid=19232220dae2bd-07a6196558f62e-26031e51-140000-19232220daf416; CNZZDATA1281366638=1701857660-1727417946-%7C1727417946
Source: global traffic	HTTP traffic detected: GET /assets/ColVideoItem-07d4d17c.js HTTP/1.1Host: aa5aa5aa5aa5aa44.appConnection: keep-aliveOrigin: http://aa5aa5aa5aa5aa44.appUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%221eac12e6-1eaf-5e53-a3f2-b84436421122%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201727419743727%2C%20%22ct%22%3A%201727417943727%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=dd8959f7-020d-5d87-92de-a14fa2ef4951; __51vuft__KQFtdGOd9WuFBLcO=1727417943730; UM_distinctid=19232220dae2bd-07a6196558f62e-26031e51-140000-19232220daf416; CNZZDATA1281366638=1701857660-1727417946-%7C1727417946
Source: global traffic	HTTP traffic detected: GET /assets/ColVideoItem-2396d821.css HTTP/1.1Host: aa5aa5aa5aa5aa44.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%221eac12e6-1eaf-5e53-a3f2-b84436421122%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201727419743727%2C%20%22ct%22%3A%201727417943727%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=dd8959f7-020d-5d87-92de-a14fa2ef4951; __51vuft__KQFtdGOd9WuFBLcO=1727417943730; UM_distinctid=19232220dae2bd-07a6196558f62e-26031e51-140000-19232220daf416; CNZZDATA1281366638=1701857660-1727417946-%7C1727417946
Source: global traffic	HTTP traffic detected: GET /assets/SwiperBanner-cd8dc074.css HTTP/1.1Host: aa5aa5aa5aa5aa44.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%221eac12e6-1eaf-5e53-a3f2-b84436421122%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201727419743727%2C%20%22ct%22%3A%201727417943727%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=dd8959f7-020d-5d87-92de-a14fa2ef4951; __51vuft__KQFtdGOd9WuFBLcO=1727417943730; UM_distinctid=19232220dae2bd-07a6196558f62e-26031e51-140000-19232220daf416; CNZZDATA1281366638=1701857660-1727417946-%7C1727417946
Source: global traffic	HTTP traffic detected: GET /assets/Home-f4762739.css HTTP/1.1Host: aa5aa5aa5aa5aa44.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%221eac12e6-1eaf-5e53-a3f2-b84436421122%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201727419743727%2C%20%22ct%22%3A%201727417943727%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=dd8959f7-020d-5d87-92de-a14fa2ef4951; __51vuft__KQFtdGOd9WuFBLcO=1727417943730; UM_distinctid=19232220dae2bd-07a6196558f62e-26031e51-140000-19232220daf416; CNZZDATA1281366638=1701857660-1727417946-%7C1727417946
Source: global traffic	HTTP traffic detected: GET /assets/AdvertisementList.vue_vue_type_script_setup_true_name_AdvertisementList_lang-6c6de8d9.js HTTP/1.1Host: aa5aa5aa5aa5aa44.appConnection: keep-aliveOrigin: http://aa5aa5aa5aa5aa44.appUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%221eac12e6-1eaf-5e53-a3f2-b84436421122%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201727419743727%2C%20%22ct%22%3A%201727417943727%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=dd8959f7-020d-5d87-92de-a14fa2ef4951; __51vuft__KQFtdGOd9WuFBLcO=1727417943730; UM_distinctid=19232220dae2bd-07a6196558f62e-26031e51-140000-19232220daf416; CNZZDATA1281366638=1701857660-1727417946-%7C1727417946
Source: global traffic	HTTP traffic detected: GET /openIM.wasm HTTP/1.1Host: aa5aa5aa5aa5aa44.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%221eac12e6-1eaf-5e53-a3f2-b84436421122%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201727419743727%2C%20%22ct%22%3A%201727417943727%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=dd8959f7-020d-5d87-92de-a14fa2ef4951; __51vuft__KQFtdGOd9WuFBLcO=1727417943730; UM_distinctid=19232220dae2bd-07a6196558f62e-26031e51-140000-19232220daf416; CNZZDATA1281366638=1701857660-1727417946-%7C1727417946
Source: global traffic	HTTP traffic detected: GET /assets/logo-b4e095e7.png HTTP/1.1Host: aa5aa5aa5aa5aa44.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%221eac12e6-1eaf-5e53-a3f2-b84436421122%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201727419743727%2C%20%22ct%22%3A%201727417943727%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=dd8959f7-020d-5d87-92de-a14fa2ef4951; __51vuft__KQFtdGOd9WuFBLcO=1727417943730; UM_distinctid=19232220dae2bd-07a6196558f62e-26031e51-140000-19232220daf416; CNZZDATA1281366638=1701857660-1727417946-%7C1727417946
Source: global traffic	HTTP traffic detected: GET /assets/qr_code-8c1a238d.jpg HTTP/1.1Host: aa5aa5aa5aa5aa44.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%221eac12e6-1eaf-5e53-a3f2-b84436421122%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201727419743727%2C%20%22ct%22%3A%201727417943727%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=dd8959f7-020d-5d87-92de-a14fa2ef4951; __51vuft__KQFtdGOd9WuFBLcO=1727417943730; UM_distinctid=19232220dae2bd-07a6196558f62e-26031e51-140000-19232220daf416; CNZZDATA1281366638=1701857660-1727417946-%7C1727417946
Source: global traffic	HTTP traffic detected: GET /assets/Home-52354fe8.js HTTP/1.1Host: aa5aa5aa5aa5aa44.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%221eac12e6-1eaf-5e53-a3f2-b84436421122%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201727419743727%2C%20%22ct%22%3A%201727417943727%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=dd8959f7-020d-5d87-92de-a14fa2ef4951; __51vuft__KQFtdGOd9WuFBLcO=1727417943730; UM_distinctid=19232220dae2bd-07a6196558f62e-26031e51-140000-19232220daf416; CNZZDATA1281366638=1701857660-1727417946-%7C1727417946
Source: global traffic	HTTP traffic detected: GET /assets/ColVideoItem-07d4d17c.js HTTP/1.1Host: aa5aa5aa5aa5aa44.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%221eac12e6-1eaf-5e53-a3f2-b84436421122%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201727419743727%2C%20%22ct%22%3A%201727417943727%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=dd8959f7-020d-5d87-92de-a14fa2ef4951; __51vuft__KQFtdGOd9WuFBLcO=1727417943730; UM_distinctid=19232220dae2bd-07a6196558f62e-26031e51-140000-19232220daf416; CNZZDATA1281366638=1701857660-1727417946-%7C1727417946
Source: global traffic	HTTP traffic detected: GET /assets/SwiperBanner-530f3655.js HTTP/1.1Host: aa5aa5aa5aa5aa44.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%221eac12e6-1eaf-5e53-a3f2-b84436421122%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201727419743727%2C%20%22ct%22%3A%201727417943727%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=dd8959f7-020d-5d87-92de-a14fa2ef4951; __51vuft__KQFtdGOd9WuFBLcO=1727417943730; UM_distinctid=19232220dae2bd-07a6196558f62e-26031e51-140000-19232220daf416; CNZZDATA1281366638=1701857660-1727417946-%7C1727417946
Source: global traffic	HTTP traffic detected: GET /assets/AdvertisementList.vue_vue_type_script_setup_true_name_AdvertisementList_lang-6c6de8d9.js HTTP/1.1Host: aa5aa5aa5aa5aa44.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%221eac12e6-1eaf-5e53-a3f2-b84436421122%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201727419743727%2C%20%22ct%22%3A%201727417943727%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=dd8959f7-020d-5d87-92de-a14fa2ef4951; __51vuft__KQFtdGOd9WuFBLcO=1727417943730; UM_distinctid=19232220dae2bd-07a6196558f62e-26031e51-140000-19232220daf416; CNZZDATA1281366638=1701857660-1727417946-%7C1727417946
Source: global traffic	HTTP traffic detected: GET /assets/logo-b4e095e7.png HTTP/1.1Host: aa5aa5aa5aa5aa44.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%221eac12e6-1eaf-5e53-a3f2-b84436421122%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201727419743727%2C%20%22ct%22%3A%201727417943727%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=dd8959f7-020d-5d87-92de-a14fa2ef4951; __51vuft__KQFtdGOd9WuFBLcO=1727417943730; UM_distinctid=19232220dae2bd-07a6196558f62e-26031e51-140000-19232220daf416; CNZZDATA1281366638=1701857660-1727417946-%7C1727417946
Source: global traffic	HTTP traffic detected: GET /assets/qr_code-8c1a238d.jpg HTTP/1.1Host: aa5aa5aa5aa5aa44.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%221eac12e6-1eaf-5e53-a3f2-b84436421122%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201727419743727%2C%20%22ct%22%3A%201727417943727%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=dd8959f7-020d-5d87-92de-a14fa2ef4951; __51vuft__KQFtdGOd9WuFBLcO=1727417943730; UM_distinctid=19232220dae2bd-07a6196558f62e-26031e51-140000-19232220daf416; CNZZDATA1281366638=1701857660-1727417946-%7C1727417946
Source: global traffic	HTTP traffic detected: GET /openIM.wasm HTTP/1.1Host: aa5aa5aa5aa5aa44.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%221eac12e6-1eaf-5e53-a3f2-b84436421122%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201727419743727%2C%20%22ct%22%3A%201727417943727%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=dd8959f7-020d-5d87-92de-a14fa2ef4951; __51vuft__KQFtdGOd9WuFBLcO=1727417943730; UM_distinctid=19232220dae2bd-07a6196558f62e-26031e51-140000-19232220daf416; CNZZDATA1281366638=1701857660-1727417946-%7C1727417946
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: aa5aa5aa5aa5aa44.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%221eac12e6-1eaf-5e53-a3f2-b84436421122%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201727419743727%2C%20%22ct%22%3A%201727417943727%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=dd8959f7-020d-5d87-92de-a14fa2ef4951; __51vuft__KQFtdGOd9WuFBLcO=1727417943730; UM_distinctid=19232220dae2bd-07a6196558f62e-26031e51-140000-19232220daf416; CNZZDATA1281366638=1701857660-1727417946-%7C1727417946
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: aa5aa5aa5aa5aa44.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%221eac12e6-1eaf-5e53-a3f2-b84436421122%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201727419743727%2C%20%22ct%22%3A%201727417943727%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=dd8959f7-020d-5d87-92de-a14fa2ef4951; __51vuft__KQFtdGOd9WuFBLcO=1727417943730; UM_distinctid=19232220dae2bd-07a6196558f62e-26031e51-140000-19232220daf416; CNZZDATA1281366638=1701857660-1727417946-%7C1727417946

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: aa5aa5aa5aa5aa44.app
Source: global traffic	DNS traffic detected: DNS query: sdk.51.la
Source: global traffic	DNS traffic detected: DNS query: v1.cnzz.com
Source: global traffic	DNS traffic detected: DNS query: collect-v6.51.la
Source: global traffic	DNS traffic detected: DNS query: z6.cnzz.com
Source: global traffic	DNS traffic detected: DNS query: c.cnzz.com
Source: global traffic	DNS traffic detected: DNS query: webapi.amap.com
Source: global traffic	DNS traffic detected: DNS query: aawapi-v3.trh999.com
Source: global traffic	DNS traffic detected: DNS query: restapi.amap.com
Source: global traffic	DNS traffic detected: DNS query: cos-v3.024kh.com
Source: global traffic	DNS traffic detected: DNS query: _3669._https.cos-v3.024kh.com

Source: unknown

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: TengineContent-Type: text/plainContent-Length: 18Connection: closeDate: Fri, 27 Sep 2024 06:19:14 GMTAccess-Control-Allow-Credentials: falseAccess-Control-Allow-Headers: Access-Control-Allow-Methods: Access-Control-Allow-Origin: Access-Control-Expose-Headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers,Cache-Control,Content-Language,Content-Type,Expires,Last-Modified,Pragma,FooBarAccess-Control-Max-Age: 172800x-alicdn-da-ups-status: endOs,0,404Via: cache16.l2hk3[11,0], ens-cache2.de7[221,0]Timing-Allow-Origin: EagleId: a3b5839617274179544764956e
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: TengineContent-Type: text/plainContent-Length: 18Connection: closeDate: Fri, 27 Sep 2024 06:19:14 GMTAccess-Control-Allow-Credentials: falseAccess-Control-Allow-Headers: Access-Control-Allow-Methods: Access-Control-Allow-Origin: Access-Control-Expose-Headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers,Cache-Control,Content-Language,Content-Type,Expires,Last-Modified,Pragma,FooBarAccess-Control-Max-Age: 172800x-alicdn-da-ups-status: endOs,0,404Via: cache19.l2hk3[12,0], ens-cache7.de7[227,0]Timing-Allow-Origin: EagleId: a3b5839b17274179544908503e
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: TengineContent-Type: text/plainContent-Length: 18Connection: closeDate: Fri, 27 Sep 2024 06:19:14 GMTAccess-Control-Allow-Credentials: falseAccess-Control-Allow-Headers: Access-Control-Allow-Methods: Access-Control-Allow-Origin: Access-Control-Expose-Headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers,Cache-Control,Content-Language,Content-Type,Expires,Last-Modified,Pragma,FooBarAccess-Control-Max-Age: 172800x-alicdn-da-ups-status: endOs,0,404Via: cache22.l2hk3[12,0], ens-cache5.de7[221,0]Timing-Allow-Origin: EagleId: a3b5839917274179545051865e
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: TengineContent-Type: text/plainContent-Length: 18Connection: closeDate: Fri, 27 Sep 2024 06:19:14 GMTAccess-Control-Allow-Credentials: falseAccess-Control-Allow-Headers: Access-Control-Allow-Methods: Access-Control-Allow-Origin: Access-Control-Expose-Headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers,Cache-Control,Content-Language,Content-Type,Expires,Last-Modified,Pragma,FooBarAccess-Control-Max-Age: 172800x-alicdn-da-ups-status: endOs,0,404Via: cache7.l2hk3[11,0], ens-cache3.de7[228,0]Timing-Allow-Origin: EagleId: a3b5839717274179545063682e

Source: chromecache_117.4.dr, chromecache_101.4.dr	String found in binary or memory: http://gaode.com
Source: chromecache_117.4.dr, chromecache_101.4.dr	String found in binary or memory: http://m.amap.com
Source: chromecache_98.4.dr, chromecache_86.4.dr	String found in binary or memory: https://quanjing.cnzz.com
Source: chromecache_117.4.dr, chromecache_101.4.dr	String found in binary or memory: https://webapi.amap.com
Source: chromecache_98.4.dr, chromecache_86.4.dr	String found in binary or memory: https://www.cnzz.com/stat/website.php?web_id=

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49741 version: TLS 1.2

Source: classification engine

Classification label: mal56.win@16/74@41/15

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=2024,i,4110611763947970368,17166306496067060294,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://aa5aa5aa5aa5aa44.app/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=2024,i,4110611763947970368,17166306496067060294,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: chromecache_101.4.dr

ID:	1520328
Product:	CloudBasic
Start time:	08:17:58
Start date:	27.09.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
http://aa5aa5aa5aa5aa44.app/

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Malware Analysis System Evasion

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report http://aa5aa5aa5aa5aa44.app/

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Malware Analysis System Evasion

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
http://aa5aa5aa5aa5aa44.app/