Help
RSS
API
Feed
Maltego
Contact
Domain > 917866.com
×
Welcome!
Right click nodes and scroll the mouse to navigate the graph.
×
More information on this domain is in
AlienVault OTX
Is this malicious?
Yes
No
Whois
Property
Value
Email
l3li3x00x@enamewhois.com
NameServer
NS2637.ZTOMY.COM
Created
2014-11-23 00:00:00
Changed
2016-02-08 00:00:00
Expires
2017-11-23 00:00:00
Registrar
ENAME TECHNOLOGY CO.
DNS Resolutions
Date
IP Address
2025-01-15
149.30.226.20
(
ClassC
)
Port 80
HTTP/1.1 301 Moved PermanentlyServer: nginxDate: Wed, 15 Jan 2025 10:04:08 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveLocation: https://917866.com/Strict-Transport-Security: max-age31536000 html>head>title>301 Moved Permanently/title>/head>body>center>h1>301 Moved Permanently/h1>/center>hr>center>nginx/center>/body>/html>
Port 443
HTTP/1.1 200 OKServer: nginxDate: Wed, 15 Jan 2025 10:04:08 GMTContent-Type: text/htmlContent-Length: 7208Last-Modified: Sat, 11 Jan 2025 13:25:04 GMTConnection: keep-aliveVary: Accept-EncodingETag: 67827130-1c28Strict-Transport-Security: max-age31536000Accept-Ranges: bytes !DOCTYPE html>html langzh-CN>head> meta charsetUTF-8> meta nameviewport contentwidthdevice-width, initial-scale1.0> title>hk/title>/head>body> script> //MD5字符串String.prototype.MD5function(bit){var sMessagethis;function RotateLeft(lValue,iShiftBits){return(lValueiShiftBits)|(lValue>>>(32-iShiftBits))}function AddUnsigned(lX,lY){var lX4,lY4,lX8,lY8,lResult;lX8(lX&0x80000000);lY8(lY&0x80000000);lX4(lX&0x40000000);lY4(lY&0x40000000);lResult(lX&0x3FFFFFFF)+(lY&0x3FFFFFFF);if(lX4&lY4)return(lResult^0x80000000^lX8^lY8);if(lX4|lY4){if(lResult&0x40000000)return(lResult^0xC0000000^lX8^lY8);else return(lResult^0x40000000^lX8^lY8)}else return(lResult^lX8^lY8)}function F(x,y,z){return(x&y)|((~x)&z)}function G(x,y,z){return(x&z)|(y&(~z))}function H(x,y,z){return(x^y^z)}function I(x,y,z){return(y^(x|(~z)))}function FF(a,b,c,d,x,s,ac){aAddUnsigned(a,AddUnsigned(AddUnsigned(F(b,c,d),x),ac));return AddUnsigned(RotateLeft(a,s),b)}function GG(a,b,c,d,x,s,ac){aAddUnsigned(a,AddUnsigned(AddUnsigned(G(b,c,d),x),ac));return AddUnsigned(RotateLeft(a,s),b)}function HH(a,b,c,d,x,s,ac){aAddUnsigned(a,AddUnsigned(AddUnsigned(H(b,c,d),x),ac));return AddUnsigned(RotateLeft(a,s),b)}function II(a,b,c,d,x,s,ac){aAddUnsigned(a,AddUnsigned(AddUnsigned(I(b,c,d),x),ac));return AddUnsigned(RotateLeft(a,s),b)}function ConvertToWordArray(sMessage){var lWordCount;var lMessageLengthsMessage.length;var lNumberOfWords_temp1lMessageLength+8;var lNumberOfWords_temp2(lNumberOfWords_temp1-(lNumberOfWords_temp1%64))/64;var lNumberOfWords(lNumberOfWords_temp2+1)*16;var lWordArrayArray(lNumberOfWords-1);var lBytePosition0;var lByteCount0;while(lByteCountlMessageLength){lWordCount(lByteCount-(lByteCount%4))/4;lBytePosition(lByteCount%4)*8;lWordArraylWordCount(lWordArraylWordCount|(sMessage.charCodeAt(lByteCount)lBytePosition));lByteCount++}lWordCount(lByteCount-(lByteCount%4))/4;lBytePosition(lByteCount%4)*8;lWordArraylWordCountlWordArraylWordCount|(0x80lBytePosition);lWordArraylNumberOfWords-2lMessageLength3;lWordArraylNumberOfWords-1lMessageLength>>>29;return lWordArray}function WordToHex(lValue){var WordToHexValue,WordToHexValue_temp,lByte,lCount;for(lCount0;lCount3;lCount++){lByte(lValue>>>(lCount*8))&255;WordToHexValue_temp0+lByte.toString(16);WordToHexValueWordToHexValue+WordToHexValue_temp.substr(WordToHexValue_temp.length-2,2)}return WordToHexValue}var xArray();var k,AA,BB,CC,DD,a,b,c,d;var S117,S1212,S1317,S1422;var S215,S229,S2314,S2420;var S314,S3211,S3316,S3423;var S416,S4210,S4315,S4421;xConvertToWordArray(sMessage);a0x67452301;b0xEFCDAB89;c0x98BADCFE;d0x10325476;for(k0;kx.length;k+16){AAa;BBb;CCc;DDd;aFF(a,b,c,d,xk+0,S11,0xD76AA478);dFF(d,a,b,c,xk+1,S12,0xE8C7B756);cFF(c,d,a,b,xk+2,S13,0x242070DB);bFF(b,c,d,a,xk+3,S14,0xC1BDCEEE);aFF(a,b,c,d,xk+4,S11,0xF57C0FAF);dFF(d,a,b,c,xk+5,S12,0x4787C62A);cFF(c,d,a,b,xk+6,S13,0xA8304613);bFF(b,c,d,a,xk+7,S14,0xFD469501);aFF(a,b,c,d,xk+8,S11,0x698098D8);dFF(d,a,b,c,xk+9,S12,0x8B44F7AF);cFF(c,d,a,b,xk+10,S13,0xFFFF5BB1);bFF(b,c,d,a,xk+11,S14,0x895CD7BE);aFF(a,b,c,d,xk+12,S11,0x6B901122);dFF(d,a,b,c,xk+13,S12,0xFD987193);cFF(c,d,a,b,xk+14,S13,0xA679438E);bFF(b,c,d,a,xk+15,S14,0x49B40821);aGG(a,b,c,d,xk+1,S21,0xF61E2562);dGG(d,a,b,c,xk+6,S22,0xC040B340);cGG(c,d,a,b,xk+11,S23,0x265E5A51);bGG(b,c,d,a,xk+0,S24,0xE9B6C7AA);aGG(a,b,c,d,xk+5,S21,0xD62F105D);dGG(d,a,b,c,xk+10,S22,0x2441453);cGG(c,d,a,b,xk+15,S23,0xD8A1E681);bGG(b,c,d,a,xk+4,S24,0xE7D3FBC8);aGG(a,b,c,d,xk+9,S21,0x21E1CDE6);dGG(d,a,b,c,xk+14,S22,0xC33707D6);cGG(c,d,a,b,xk+3,S23,0xF4D50D87);bGG(b,c,d,a,xk+8,S24,0x455A14ED);aGG(a,b,c,d,xk+13,S21,0xA9E3E905);dGG(d,a,b,c,xk+2,S22,0xFCEFA3F8);cGG(c,d,a,b,xk+7,S23,0x676F02D9);bGG(b,c,d,a,xk+12,S24,0x8D2A4C8A);aHH(a,b,c,d,xk+5,S31,0xFFFA3942);dHH(d,a,b,c,xk+8,S32,0x8771F681);cHH(c,d,a,b,xk+11,S33,0x6D9D6122);bHH(b,c,d,a,xk+14,S34,0xFDE5380C);aHH(a,b,c,d,xk+1,S31,0xA4BEEA44);dHH(d,a,b,c,xk+4,S32,0x4BDECFA9);cHH(c,d,a,b,xk+7,S33,0xF6BB4B60);bHH(b,c,d,a,xk+10,S34,0xBEBFBC70);aHH(a,b,c,d,xk+13,S31,0x289B7EC6);dHH(d,a,b,c,xk+0,S32,0xEAA127FA);cHH(c,d,a,b,xk+3,S33,0xD4EF3085);bHH(b,c,d,a,xk+6,S34,0x4881D05);aHH(a,b,c,d,xk+9,S31,0xD9D4D039);dHH(d,a,b,c,xk+12,S32,0xE6DB99E5);cHH(c,d,a,b,xk+15,S33,0x1FA27CF8);bHH(b,c,d,a,xk+2,S34,0xC4AC5665);aII(a,b,c,d,xk+0,S41,0xF4292244);dII(d,a,b,c,xk+7,S42,0x432AFF97);cII(c,d,a,b,xk+14,S43,0xAB9423A7);bII(b,c,d,a,xk+5,S44,0xFC93A039);aII(a,b,c,d,xk+12,S41,0x655B59C3);dII(d,a,b,c,xk+3,S42,0x8F0CCC92);cII(c,d,a,b,xk+10,S43,0xFFEFF47D);bII(b,c,d,a,xk+1,S44,0x85845DD1);aII(a,b,c,d,xk+8,S41,0x6FA87E4F);dII(d,a,b,c,xk+15,S42,0xFE2CE6E0);cII(c,d,a,b,xk+6,S43,0xA3014314);bII(b,c,d,a,xk+13,S44,0x4E0811A1);aII(a,b,c,d,xk+4,S41,0xF7537E82);dII(d,a,b,c,xk+11,S42,0xBD3AF235);cII(c,d,a,b,xk+2,S43,0x2AD7D2BB);bII(b,c,d,a,xk+9,S44,0xEB86D391);aAddUnsigned(a,AA);bAddUnsigned(b,BB);cAddUnsigned(c,CC);dAddUnsigned(d,DD)}if(bit32){return WordToHex(a)+WordToHex(b)+WordToHex(c)+WordToHex(d)}else{return WordToHex(b)+WordToHex(c)}} //时间戳 function getFullTime(date) { if(!(date instanceof Date && !isNaN(date.getTime()))){ date new Date(); } var Y date.getFullYear() + , M (date.getMonth()+1 10 ? 0+(date.getMonth()+1) : date.getMonth()+1), D (date.getDate() 10 ? 0+(date.getDate()) : date.getDate()), h (date.getHours() 10 ? 0+(date.getHours()) : date.getHours()), m (date.getMinutes() 10 ? 0+(date.getMinutes()) : date.getMinutes()), s (date.getSeconds() 10 ? 0+(date.getSeconds()) : date.getSeconds()); return Y + M + D + h + m; } //路由生成 function getRoute(key,md5){ var cen key % 3; var route ; var start 0; for (var i 0; i cen; i++) { var tlength start + (key + i) % 4 + 5; var temp md5.substring(start,tlength); start tlength; route + temp + /; } return route; } function getCompletedRoute(arr,type){ var temp arrMath.floor(Math.random()*(arr.length)); var uri temp + c@d; var a a@b, b https, c ://, r b + c + a + uri; var key getFullTime(); key Math.random().toString(36).substring(2); var hm key.substring(3,10); var md5 key.MD5(32); var pre md5.substring(0,12) + hm; r r.replace(/a@b/g, pre + .); r r.replace(/c@d/g, type + /); // r r + getRoute(key,md5); // r r + md5.substring(4,key%3+8); return r; } /script> script> var channelCode hhac20824; var type .club; var arr 52635,52635; var r getCompletedRoute(arr,type); r + hk/m.html?channelCode + channelCode; console.log(r); window.location.href r; /script>/body>/html>
View on OTX
|
View on ThreatMiner
Please enable JavaScript to view the
comments powered by Disqus.
Data with thanks to
AlienVault OTX
,
VirusTotal
,
Malwr
and
others
. [
Sitemap
]