www.citictour.com Open in urlscan Pro
154.80.249.30 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.citictour.com/
Submission: On March 31 via automatic, source certstream-suspicious (March 31st 2020, 5:20:18 pm UTC)

Summary HTTP 41 Redirects Behaviour Indicators

Summary

This website contacted 7 IPs in 6 countries across 8 domains to perform 41 HTTP transactions. The main IP is 154.80.249.30, located in Johannesburg, South Africa and belongs to DXTL-HK DXTL Tseung Kwan O Service, HK. The main domain is www.citictour.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on March 31st 2020. Valid for: 3 months.

This is the only time www.citictour.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Bet365 (Entertainment)

Domain & IP information

	IP Address	AS Autonomous System
34	154.80.249.30 154.80.249.30	134548 (DXTL-HK D...) (DXTL-HK DXTL Tseung Kwan O Service)
1	170.178.164.94 170.178.164.94	46844 (ST-BGP) (ST-BGP)
2	103.235.46.191 103.235.46.191	55967 (CNNIC-BAI...) (CNNIC-BAIDU-AP Beijing Baidu Netcom Science and Technology Co.)
1	119.188.176.48 119.188.176.48	4837 (CHINA169-...) (CHINA169-BACKBONE CHINA UNICOM China169 Backbone)
1 2	2a00:1450:400... 2a00:1450:4001:81e::2008	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:400c:c08::9d	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:4001:81e::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:825::2003	15169 (GOOGLE) (GOOGLE)
1	183.232.231.172 183.232.231.172	56040 (CMNET-GUA...) (CMNET-GUANGDONG-AP China Mobile communications corporation)
41	7

34 154.80.249.30 (Johannesburg, South Africa)

ASN134548 (DXTL-HK DXTL Tseung Kwan O Service, HK)

www.citictour.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 170.178.164.94 (Las Vegas, United States)

ASN46844 (ST-BGP, US)
PTR: otisle.5globernatop.net

www.bjilife.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 103.235.46.191 (Hong Kong)

ASN55967 (CNNIC-BAIDU-AP Beijing Baidu Netcom Science and Technology Co., Ltd., CN)

hm.baidu.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 119.188.176.48 (China)

ASN4837 (CHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN)

zz.bdstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81e::2008 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

ssl.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c08::9d (Brussels, Belgium) 1 redirects

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81e::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:825::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 183.232.231.172 (China)

ASN56040 (CMNET-GUANGDONG-AP China Mobile communications corporation, CN)

sp0.baidu.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
34	citictour.com www.citictour.com	4 MB
3	baidu.com hm.baidu.com sp0.baidu.com	14 KB
2	google-analytics.com 1 redirects ssl.google-analytics.com	17 KB
1	google.de www.google.de	109 B
1	google.com 1 redirects www.google.com	182 B
1	doubleclick.net 1 redirects stats.g.doubleclick.net	166 B
1	bdstatic.com zz.bdstatic.com	505 B
1	bjilife.com www.bjilife.com
41	8

	Domain	Requested by
34	www.citictour.com	www.citictour.com
2	ssl.google-analytics.com	1 redirects www.citictour.com
2	hm.baidu.com	www.citictour.com
1	sp0.baidu.com	www.citictour.com
1	www.google.de	www.citictour.com
1	www.google.com	1 redirects
1	stats.g.doubleclick.net	1 redirects
1	zz.bdstatic.com	www.citictour.com
1	www.bjilife.com	www.citictour.com
41	9

This site contains no links.

Subject Issuer	Validity	Valid
citictour.com Let's Encrypt Authority X3	`2020-03-31` - `2020-06-29`	3 months	crt.sh
bjilife.com TrustAsia TLS RSA CA	`2020-02-04` - `2021-02-03`	a year	crt.sh
baidu.com GlobalSign Organization Validation CA - SHA256 - G2	`2020-01-13` - `2020-06-25`	5 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-03-03` - `2020-05-26`	3 months	crt.sh
www.google.de GTS CA 1O1	`2020-03-03` - `2020-05-26`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://www.citictour.com/
Frame ID: 08837E9242B685DD84C6C54B735C2205
Requests: 40 HTTP requests in this frame

Frame: https://www.bjilife.com/as/index.html
Frame ID: B564A3732E9380D095CA0BB9DED3D166
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Windows Server (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i

IIS (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]([\d.]*\d)[^/]*\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

41
Requests

100 %
HTTPS

44 %
IPv6

8
Domains

9
Subdomains

7
IPs

6
Countries

3647 kB
Transfer

3798 kB
Size

9
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 37

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1738703849&utmhn=www.citictour.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=%E6%BE%B3%E9%97%A8%E7%9A%87%E5%86%A0%E8%B5%8C%E5%9C%BA_%E6%BE%B3%E9%97%A8%E7%9A%87%E5%86%A0VIP%E4%B8%93%E7%BA%BF&utmhid=929976861&utmr=-&utmp=%2F&utmht=1585675194698&utmac=UA-121883074-1&utmcc=__utma%3D23852072.1559787018.1585675195.1585675195.1585675195.1%3B%2B__utmz%3D23852072.1585675195.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=604365200&utmredir=1&utmu=DAAAAAAAAAAAAAAAAAAAAAAE~ HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-121883074-1&cid=1559787018.1585675195&jid=604365200&_v=5.7.2&z=1738703849 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-121883074-1&cid=1559787018.1585675195&jid=604365200&_v=5.7.2&z=1738703849 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-121883074-1&cid=1559787018.1585675195&jid=604365200&_v=5.7.2&z=1738703849&slf_rd=1&random=581381195

41 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
www.citictour.com/ 22 KB
7 KB 1873ms
636ms Document
text/html 154.80.249.30
DXTL-HK DXTL Tseu...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.citictour.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 154.80.249.30 Johannesburg, South Africa, ASN134548 (DXTL-HK DXTL Tseung Kwan O Service, HK),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 0ea17b50947776bbb151e1e37ce81c2f8e5e487db42b3d5cf952adcd87cca136

Request headers

Host: www.citictour.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: document
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: document

Response headers

Content-Type: text/html
Content-Encoding: gzip
Last-Modified: Fri, 06 Dec 2019 09:05:26 GMT
Accept-Ranges: bytes
ETag: "0cf7e4c14acd51:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Tue, 31 Mar 2020 17:19:46 GMT
Content-Length: 6745

GET
H/1.1 200
OK daxiagu.css
www.citictour.com/skin/css/ 24 KB
6 KB 316ms
316ms Stylesheet
text/css 154.80.249.30
DXTL-HK DXTL Tseu...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.citictour.com/skin/css/daxiagu.css
Requested by: Host: www.citictour.com
URL: https://www.citictour.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 154.80.249.30 Johannesburg, South Africa, ASN134548 (DXTL-HK DXTL Tseung Kwan O Service, HK),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 4b46a81ed2e921413d729d400148cbc169f57b193b76adcb667562dde9a6134a

Request headers

Referer: https://www.citictour.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

Date: Tue, 31 Mar 2020 17:19:46 GMT
Content-Encoding: gzip
Last-Modified: Thu, 09 Jul 2015 12:19:05 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
ETag: "8541e17241bad01:0"
Vary: Accept-Encoding
Content-Type: text/css
Accept-Ranges: bytes
Content-Length: 5577

GET
H/1.1 200
OK jquery2019.1.1.js Show response
www.citictour.com/js/ 1 KB
1 KB 618ms
302ms Script
application/javascript 154.80.249.30
DXTL-HK DXTL Tseu...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.citictour.com/js/jquery2019.1.1.js
Requested by: Host: www.citictour.com
URL: https://www.citictour.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 154.80.249.30 Johannesburg, South Africa, ASN134548 (DXTL-HK DXTL Tseung Kwan O Service, HK),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 7648bd41bbdca1ee2de48694e73bd2fba80fe1f90e9b9657dc6ca4e82381b7df

Request headers

Referer: https://www.citictour.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Tue, 31 Mar 2020 17:19:47 GMT
Content-Encoding: gzip
Last-Modified: Sat, 23 Mar 2019 10:37:29 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
ETag: "ff4e86a64e1d41:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Accept-Ranges: bytes
Content-Length: 1118

GET
H/1.1 200
OK jquery-1.9.1.min.js Show response
www.citictour.com/skin/js/ 90 KB
41 KB 1656ms
1107ms Script
application/javascript 154.80.249.30
DXTL-HK DXTL Tseu...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.citictour.com/skin/js/jquery-1.9.1.min.js
Requested by: Host: www.citictour.com
URL: https://www.citictour.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 154.80.249.30 Johannesburg, South Africa, ASN134548 (DXTL-HK DXTL Tseung Kwan O Service, HK),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 20c28ceb2bddb447d73e8339a081199178fa4f2cf6d772082916ab46f009e855

Request headers

Referer: https://www.citictour.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Tue, 31 Mar 2020 17:19:47 GMT
Content-Encoding: gzip
Last-Modified: Thu, 09 Jul 2015 12:19:16 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
ETag: "d72d7c7941bad01:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Accept-Ranges: bytes
Content-Length: 41397

GET
H/1.1 200
OK banner.js Show response
www.citictour.com/skin/js/ 2 KB
977 B 867ms
312ms Script
application/javascript 154.80.249.30
DXTL-HK DXTL Tseu...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.citictour.com/skin/js/banner.js
Requested by: Host: www.citictour.com
URL: https://www.citictour.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 154.80.249.30 Johannesburg, South Africa, ASN134548 (DXTL-HK DXTL Tseung Kwan O Service, HK),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 306f0192596d0c82393efecd66ea8ada627fa8893acd8ca906a6116f93edfec8

Request headers

Referer: https://www.citictour.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Tue, 31 Mar 2020 17:19:47 GMT
Content-Encoding: gzip
Last-Modified: Sun, 08 Mar 2015 15:27:20 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
ETag: "306685eb459d01:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Accept-Ranges: bytes
Content-Length: 671

GET
H/1.1 200
OK search_btn.jpg
www.citictour.com/skin/images/ 56 KB
57 KB 1664ms
1107ms Image
image/jpeg 154.80.249.30
DXTL-HK DXTL Tseu...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.citictour.com/skin/images/search_btn.jpg
Requested by: Host: www.citictour.com
URL: https://www.citictour.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 154.80.249.30 Johannesburg, South Africa, ASN134548 (DXTL-HK DXTL Tseung Kwan O Service, HK),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: af93dee61a027aa89e622716fd619cf682435d112f779d0bac1f5d8f02484c16

Request headers

Referer: https://www.citictour.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Tue, 31 Mar 2020 17:19:47 GMT
Last-Modified: Sun, 08 Mar 2015 16:02:48 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
ETag: "702c9352b959d01:0"
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Length: 57645

GET
H/1.1 200
OK logo.png
www.citictour.com/skin/images/ 31 KB
32 KB 1676ms
1110ms Image
image/png 154.80.249.30
DXTL-HK DXTL Tseu...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.citictour.com/skin/images/logo.png
Requested by: Host: www.citictour.com
URL: https://www.citictour.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 154.80.249.30 Johannesburg, South Africa, ASN134548 (DXTL-HK DXTL Tseung Kwan O Service, HK),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: ccc96b1ca63c240abc9cf28afad6c20eb7ea4622bc6ea39ad4ebfa88629ce4bf

Request headers

Referer: https://www.citictour.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Tue, 31 Mar 2020 17:19:47 GMT
Last-Modified: Thu, 09 Jul 2015 12:11:38 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
ETag: "45f8916840bad01:0"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 32155

GET
H/1.1 200
OK jcom.js Show response
www.citictour.com/skin/js/ 5 KB
3 KB 290ms
289ms Script
application/javascript 154.80.249.30
DXTL-HK DXTL Tseu...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.citictour.com/skin/js/jcom.js
Requested by: Host: www.citictour.com
URL: https://www.citictour.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 154.80.249.30 Johannesburg, South Africa, ASN134548 (DXTL-HK DXTL Tseung Kwan O Service, HK),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 66fe00b588a221df9dfb97c04d8d38d623b50cac841b0a38b213cc363633c578

Request headers

Referer: https://www.citictour.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Tue, 31 Mar 2020 17:19:47 GMT
Content-Encoding: gzip
Last-Modified: Sun, 08 Mar 2015 15:27:14 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
ETag: "10cd805ab459d01:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Accept-Ranges: bytes
Content-Length: 2323

GET
H/1.1 200
OK jquery.flexslider-min.js Show response
www.citictour.com/skin/js/ 21 KB
8 KB 825ms
824ms Script
application/javascript 154.80.249.30
DXTL-HK DXTL Tseu...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.citictour.com/skin/js/jquery.flexslider-min.js
Requested by: Host: www.citictour.com
URL: https://www.citictour.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 154.80.249.30 Johannesburg, South Africa, ASN134548 (DXTL-HK DXTL Tseung Kwan O Service, HK),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 0e5d72c20e148edca04967ab4bff432f44264779dc5ecd81bd710eb487fdd145

Request headers

Referer: https://www.citictour.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Tue, 31 Mar 2020 17:19:47 GMT
Content-Encoding: gzip
Last-Modified: Sun, 08 Mar 2015 15:27:13 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
ETag: "b5e0435ab459d01:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Accept-Ranges: bytes
Content-Length: 7966

GET
H/1.1 200
OK 1AFQ104-0-lp.jpg
www.citictour.com/uploads/allimg/191206/ 10 KB
10 KB 739ms
739ms Image
image/jpeg 154.80.249.30
DXTL-HK DXTL Tseu...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.citictour.com/uploads/allimg/191206/1AFQ104-0-lp.jpg
Requested by: Host: www.citictour.com
URL: https://www.citictour.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 154.80.249.30 Johannesburg, South Africa, ASN134548 (DXTL-HK DXTL Tseung Kwan O Service, HK),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: f7202d60b949b29c3c649c3f9a585963222e32b8f31bbdfe9723b291bcdbfbbd

Request headers

Referer: https://www.citictour.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Tue, 31 Mar 2020 17:19:48 GMT
Last-Modified: Fri, 06 Dec 2019 08:57:17 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
ETag: "2ced912913acd51:0"
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Length: 10081

GET
H/1.1 200
OK 1A64U506-0-lp.jpg
www.citictour.com/uploads/allimg/191206/ 8 KB
8 KB 318ms
318ms Image
image/jpeg 154.80.249.30
DXTL-HK DXTL Tseu...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.citictour.com/uploads/allimg/191206/1A64U506-0-lp.jpg
Requested by: Host: www.citictour.com
URL: https://www.citictour.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 154.80.249.30 Johannesburg, South Africa, ASN134548 (DXTL-HK DXTL Tseung Kwan O Service, HK),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 05b634498a5f6b561330b926633524aa185df2edf67862b375464d6e70987410

Request headers

Referer: https://www.citictour.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Tue, 31 Mar 2020 17:19:48 GMT
Last-Modified: Fri, 06 Dec 2019 08:56:58 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
ETag: "c117d81d13acd51:0"
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Length: 8027

GET
H/1.1 200
OK defaultpic.gif
www.citictour.com/images/ 9 KB
9 KB 327ms
327ms Image
image/gif 154.80.249.30
DXTL-HK DXTL Tseu...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.citictour.com/images/defaultpic.gif
Requested by: Host: www.citictour.com
URL: https://www.citictour.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 154.80.249.30 Johannesburg, South Africa, ASN134548 (DXTL-HK DXTL Tseung Kwan O Service, HK),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 16468f7cca9a8e26d54c276e0a46d5f1956c30effa39658403250bb7193d499d

Request headers

Referer: https://www.citictour.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Tue, 31 Mar 2020 17:19:48 GMT
Last-Modified: Tue, 24 Jul 2018 05:36:02 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
ETag: "3f536f351023d41:0"
Content-Type: image/gif
Accept-Ranges: bytes
Content-Length: 8730

GET
H/1.1 200
OK sina_tip.jpg
www.citictour.com/skin/images/ 62 KB
62 KB 557ms
557ms Image
image/jpeg 154.80.249.30
DXTL-HK DXTL Tseu...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.citictour.com/skin/images/sina_tip.jpg
Requested by: Host: www.citictour.com
URL: https://www.citictour.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 154.80.249.30 Johannesburg, South Africa, ASN134548 (DXTL-HK DXTL Tseung Kwan O Service, HK),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: e79b7fdbbb7a5c35e5e46ae98361462f7487f56c34a18a80a49e0864d591246e

Request headers

Referer: https://www.citictour.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Tue, 31 Mar 2020 17:19:48 GMT
Last-Modified: Sun, 08 Mar 2015 15:27:11 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
ETag: "6f6b3b59b459d01:0"
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Length: 63175

GET
H/1.1 200
OK weixin_tip.jpg
www.citictour.com/skin/images/ 59 KB
59 KB 289ms
288ms Image
image/jpeg 154.80.249.30
DXTL-HK DXTL Tseu...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.citictour.com/skin/images/weixin_tip.jpg
Requested by: Host: www.citictour.com
URL: https://www.citictour.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 154.80.249.30 Johannesburg, South Africa, ASN134548 (DXTL-HK DXTL Tseung Kwan O Service, HK),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 2ecc09fc57ac8bdc10e65b3e0cb887bd034cc94d734e4bd556801c384c8dafa6

Request headers

Referer: https://www.citictour.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Tue, 31 Mar 2020 17:19:48 GMT
Last-Modified: Sun, 08 Mar 2015 15:26:52 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
ETag: "eac5cf4db459d01:0"
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Length: 60533

GET
H/1.1 200
OK weixin_2w.jpg
www.citictour.com/skin/images/ 48 KB
48 KB 294ms
294ms Image
image/jpeg 154.80.249.30
DXTL-HK DXTL Tseu...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.citictour.com/skin/images/weixin_2w.jpg
Requested by: Host: www.citictour.com
URL: https://www.citictour.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 154.80.249.30 Johannesburg, South Africa, ASN134548 (DXTL-HK DXTL Tseung Kwan O Service, HK),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 919e7fc2d3ab657656f130f610a3bda4a8a46d76ade4fefe4f131b1ba917773b

Request headers

Referer: https://www.citictour.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Tue, 31 Mar 2020 17:19:48 GMT
Last-Modified: Sun, 08 Mar 2015 15:26:48 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
ETag: "e38f284bb459d01:0"
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Length: 49274

GET
H/1.1 200
OK 1A9394009-0-lp.jpg
www.citictour.com/uploads/allimg/191206/ 13 KB
14 KB 612ms
612ms Image
image/jpeg 154.80.249.30
DXTL-HK DXTL Tseu...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.citictour.com/uploads/allimg/191206/1A9394009-0-lp.jpg
Requested by: Host: www.citictour.com
URL: https://www.citictour.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 154.80.249.30 Johannesburg, South Africa, ASN134548 (DXTL-HK DXTL Tseung Kwan O Service, HK),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 87e6c21878bd9f9611a4ab5162e30ba1ca30190623a29b426f3bec418bf09637

Request headers

Referer: https://www.citictour.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Tue, 31 Mar 2020 17:19:48 GMT
Last-Modified: Fri, 06 Dec 2019 08:59:51 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
ETag: "afd4fb8413acd51:0"
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Length: 13732

GET
H/1.1 200
OK 1A9105612-0-lp.jpg
www.citictour.com/uploads/allimg/191206/ 35 KB
35 KB 354ms
353ms Image
image/jpeg 154.80.249.30
DXTL-HK DXTL Tseu...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.citictour.com/uploads/allimg/191206/1A9105612-0-lp.jpg
Requested by: Host: www.citictour.com
URL: https://www.citictour.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 154.80.249.30 Johannesburg, South Africa, ASN134548 (DXTL-HK DXTL Tseung Kwan O Service, HK),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 7767d5e36ca0f6a331087f59baa183877d53cf8a1f23907c33d5c10b34baeed7

Request headers

Referer: https://www.citictour.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Tue, 31 Mar 2020 17:19:48 GMT
Last-Modified: Fri, 06 Dec 2019 08:59:18 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
ETag: "5a1c5c7113acd51:0"
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Length: 35805

GET
H/1.1 200
OK bottom_pic.jpg
www.citictour.com/skin/images/ 72 KB
73 KB 341ms
341ms Image
image/jpeg 154.80.249.30
DXTL-HK DXTL Tseu...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.citictour.com/skin/images/bottom_pic.jpg
Requested by: Host: www.citictour.com
URL: https://www.citictour.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 154.80.249.30 Johannesburg, South Africa, ASN134548 (DXTL-HK DXTL Tseung Kwan O Service, HK),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 3994407a7ca18ea2051076c8b5149d430fae720317ddc29aad57a658a06fe60a

Request headers

Referer: https://www.citictour.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Tue, 31 Mar 2020 17:19:48 GMT
Last-Modified: Sun, 08 Mar 2015 15:26:42 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
ETag: "ce766447b459d01:0"
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Length: 74145

GET
H/1.1 200
OK Ajax.js Show response
www.citictour.com/skin/js/ 9 KB
4 KB 550ms
550ms Script
application/javascript 154.80.249.30
DXTL-HK DXTL Tseu...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.citictour.com/skin/js/Ajax.js
Requested by: Host: www.citictour.com
URL: https://www.citictour.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 154.80.249.30 Johannesburg, South Africa, ASN134548 (DXTL-HK DXTL Tseung Kwan O Service, HK),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 92166c0f8a12c29f45038d12cde227bc87cd15b92be791110ee0162877c664b1

Request headers

Referer: https://www.citictour.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Tue, 31 Mar 2020 17:19:47 GMT
Content-Encoding: gzip
Last-Modified: Sun, 08 Mar 2015 15:26:46 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
ETag: "bf962d4ab459d01:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Accept-Ranges: bytes
Content-Length: 3533

GET
H/1.1 200
OK qq.js Show response
www.citictour.com/skin/js/ 2 KB
1 KB 284ms
284ms Script
application/javascript 154.80.249.30
DXTL-HK DXTL Tseu...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.citictour.com/skin/js/qq.js
Requested by: Host: www.citictour.com
URL: https://www.citictour.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 154.80.249.30 Johannesburg, South Africa, ASN134548 (DXTL-HK DXTL Tseung Kwan O Service, HK),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 911df5c66b3a2064a83a820f406df7ed339789c688e4e087f87f5c6064b8b7cd

Request headers

Referer: https://www.citictour.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Tue, 31 Mar 2020 17:19:47 GMT
Content-Encoding: gzip
Last-Modified: Sun, 08 Mar 2015 15:27:13 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
ETag: "e7dd265ab459d01:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Accept-Ranges: bytes
Content-Length: 950

GET
H/1.1 200
OK baidu_js_push.js Show response
www.citictour.com/ 447 B
689 B 278ms
277ms Script
application/javascript 154.80.249.30
DXTL-HK DXTL Tseu...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.citictour.com/baidu_js_push.js
Requested by: Host: www.citictour.com
URL: https://www.citictour.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 154.80.249.30 Johannesburg, South Africa, ASN134548 (DXTL-HK DXTL Tseung Kwan O Service, HK),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: a7d527190a93f82f1e018793c15a7551903f0c6c97cad073bd627facd11edef4

Request headers

Referer: https://www.citictour.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Tue, 31 Mar 2020 17:19:47 GMT
Content-Encoding: gzip
Last-Modified: Mon, 09 Jul 2018 05:13:28 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
ETag: "28276e924317d41:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Accept-Ranges: bytes
Content-Length: 382

GET
H/1.1 200
OK index.html
www.bjilife.com/as/ Frame B564 0
0 768ms
155ms Document
text/html 170.178.164.94
ST-BGP

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bjilife.com/as/index.html
Requested by: Host: www.citictour.com
URL: https://www.citictour.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 170.178.164.94 Las Vegas, United States, ASN46844 (ST-BGP, US),
Reverse DNS: otisle.5globernatop.net
Software: Apache /
Resource Hash

Request headers

Host: www.bjilife.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Referer: https://www.citictour.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.citictour.com/

Response headers

Date: Tue, 31 Mar 2020 17:13:37 GMT
Server: Apache
Last-Modified: Thu, 05 Mar 2020 11:52:43 GMT
ETag: "106c-5a01a2cbf0c7c"
Accept-Ranges: bytes
Content-Length: 4204
Connection: close
Content-Type: text/html

GET
H/1.1 200
OK hm.js Show response
hm.baidu.com/ 38 KB
14 KB 985ms
398ms Script
application/javascript 103.235.46.191
CNNIC-BAIDU-AP Be...

General

Check archive.org

Show headers Download Go to

Full URL

https://hm.baidu.com/hm.js?8ffb39d40b3fce4de172245298466d21

Requested by

Host: www.citictour.com
URL: https://www.citictour.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

103.235.46.191 , Hong Kong, ASN55967 (CNNIC-BAIDU-AP Beijing Baidu Netcom Science and Technology Co., Ltd., CN),

Reverse DNS

Software

apache /

Resource Hash

91f8d22f5da8b3c9c92e7fecba491c3ac636656fca86602a693c52afe6c22f7f

Security Headers

Name	Value
Strict-Transport-Security	max-age=172800

Request headers

Referer: https://www.citictour.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Tue, 31 Mar 2020 17:19:55 GMT
Content-Encoding: gzip
Server: apache
Etag: d45b470c500b52bf35bbaf0ae97e9c41
Strict-Transport-Security: max-age=172800
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Cache-Control: max-age=0, must-revalidate
Content-Type: application/javascript
Content-Length: 13810

GET
H2 200 push.js Show response
zz.bdstatic.com/linksubmit/ 308 B
505 B 814ms
281ms Script
application/javascript 119.188.176.48
CHINA169-BACKBONE...

General

Check archive.org

Show headers Download Go to

Full URL: https://zz.bdstatic.com/linksubmit/push.js
Requested by: Host: www.citictour.com
URL: https://www.citictour.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 119.188.176.48 , China, ASN4837 (CHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN),
Reverse DNS
Software: JSP3/2.0.14 /
Resource Hash: c31f2003f1c93ac1e34b09f376d97a65da6e110bf451cf1e0e50a7946c5e7212

Request headers

Referer: https://www.citictour.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 31 Mar 2020 17:19:55 GMT
ohc-cache-hit: jn2un104 [4]
ohc-response-time: 1 0 0 0 0 0
last-modified: Thu, 03 Jan 2019 07:01:54 GMT
server: JSP3/2.0.14
age: 29
etag: "384b81a-134-57e88566a1c80"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
status: 200
accept-ranges: bytes
content-encoding: gzip
content-length: 254

GET
H2 200 ga.js Show response
ssl.google-analytics.com/ 45 KB
17 KB 28ms
6ms Script
text/javascript 2a00:1450:4001:81e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.google-analytics.com/ga.js

Requested by

Host: www.citictour.com
URL: https://www.citictour.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.citictour.com/
Sec-Fetch-Dest: script
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 06 Feb 2020 00:21:02 GMT
server: Golfe2
age: 3890
date: Tue, 31 Mar 2020 16:15:04 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 17168
expires: Tue, 31 Mar 2020 18:15:04 GMT

GET
H/1.1 200
OK loading.gif
www.citictour.com/skin/images/ 764 B
1011 B 679ms
300ms Image
image/gif 154.80.249.30
DXTL-HK DXTL Tseu...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.citictour.com/skin/images/loading.gif
Requested by: Host: www.citictour.com
URL: https://www.citictour.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 154.80.249.30 Johannesburg, South Africa, ASN134548 (DXTL-HK DXTL Tseung Kwan O Service, HK),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: cf163198fa8359281c14c3e77ce553e4c4b1463ade5a32ce8579fc93718f5e75

Request headers

Referer: https://www.citictour.com/skin/css/daxiagu.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Tue, 31 Mar 2020 17:19:49 GMT
Last-Modified: Sun, 08 Mar 2015 15:26:45 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
ETag: "1ebc7749b459d01:0"
Content-Type: image/gif
Accept-Ranges: bytes
Content-Length: 764

GET
H/1.1 200
OK banner1.jpg
www.citictour.com/skin/images/ 1 MB
1 MB 690ms
300ms Image
image/jpeg 154.80.249.30
DXTL-HK DXTL Tseu...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.citictour.com/skin/images/banner1.jpg
Requested by: Host: www.citictour.com
URL: https://www.citictour.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 154.80.249.30 Johannesburg, South Africa, ASN134548 (DXTL-HK DXTL Tseung Kwan O Service, HK),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 09aaf7c2149183ed1d27a686349c54586ead9f092bbd172f683fad6f61515502

Request headers

Referer: https://www.citictour.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Tue, 31 Mar 2020 17:19:49 GMT
Last-Modified: Sun, 08 Mar 2015 15:26:59 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
ETag: "8950d751b459d01:0"
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Length: 1436169

GET
H/1.1 200
OK banner2.jpg
www.citictour.com/skin/images/ 289 KB
289 KB 620ms
333ms Image
image/jpeg 154.80.249.30
DXTL-HK DXTL Tseu...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.citictour.com/skin/images/banner2.jpg
Requested by: Host: www.citictour.com
URL: https://www.citictour.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 154.80.249.30 Johannesburg, South Africa, ASN134548 (DXTL-HK DXTL Tseung Kwan O Service, HK),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 76a34cfea1fc2d1e825002dd9e0122aeaaffebd35a954ecfae83d375b4ea1dd1

Request headers

Referer: https://www.citictour.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Tue, 31 Mar 2020 17:19:49 GMT
Last-Modified: Sun, 08 Mar 2015 15:27:14 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
ETag: "391ee55ab459d01:0"
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Length: 295851

GET
H/1.1 200
OK banner3.jpg
www.citictour.com/skin/images/ 668 KB
668 KB 310ms
310ms Image
image/jpeg 154.80.249.30
DXTL-HK DXTL Tseu...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.citictour.com/skin/images/banner3.jpg
Requested by: Host: www.citictour.com
URL: https://www.citictour.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 154.80.249.30 Johannesburg, South Africa, ASN134548 (DXTL-HK DXTL Tseung Kwan O Service, HK),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: a6e3c56dc71999fe4eeb6fe215a89385e61fdb8fc48e83a7e4b0bc3891304c94

Request headers

Referer: https://www.citictour.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Tue, 31 Mar 2020 17:19:49 GMT
Last-Modified: Sun, 08 Mar 2015 15:27:11 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
ETag: "ea15c59b459d01:0"
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Length: 683658

GET
H/1.1 200
OK banner4.jpg
www.citictour.com/skin/images/ 351 KB
351 KB 309ms
309ms Image
image/jpeg 154.80.249.30
DXTL-HK DXTL Tseu...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.citictour.com/skin/images/banner4.jpg
Requested by: Host: www.citictour.com
URL: https://www.citictour.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 154.80.249.30 Johannesburg, South Africa, ASN134548 (DXTL-HK DXTL Tseung Kwan O Service, HK),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: b0a38e8b7e33064d228eefe97b552db5ac6aa2e9ca71138d9a8df0b0d3cb5872

Request headers

Referer: https://www.citictour.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Tue, 31 Mar 2020 17:19:49 GMT
Last-Modified: Sun, 08 Mar 2015 15:26:53 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
ETag: "fa286d4eb459d01:0"
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Length: 359607

GET
H/1.1 404
Not Found weixin_kuang.png
www.citictour.com/skin/images/ 63 B
63 B 840ms
279ms Image
text/html 154.80.249.30
DXTL-HK DXTL Tseu...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.citictour.com/skin/images/weixin_kuang.png
Requested by: Host: www.citictour.com
URL: https://www.citictour.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 154.80.249.30 Johannesburg, South Africa, ASN134548 (DXTL-HK DXTL Tseung Kwan O Service, HK),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: cc8a65d84ecebb6325c954c778fd0add5e61cfb288c89226b31125b35e30528d

Request headers

Referer: https://www.citictour.com/skin/css/daxiagu.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Tue, 31 Mar 2020 17:19:49 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Content-Length: 63
Content-Type: text/html

GET
H/1.1 200
OK btn_out.jpg
www.citictour.com/skin/images/ 588 B
836 B 834ms
282ms Image
image/jpeg 154.80.249.30
DXTL-HK DXTL Tseu...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.citictour.com/skin/images/btn_out.jpg
Requested by: Host: www.citictour.com
URL: https://www.citictour.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 154.80.249.30 Johannesburg, South Africa, ASN134548 (DXTL-HK DXTL Tseung Kwan O Service, HK),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 9785f7c187a25e08ffb7bdfff717ed734fb568f9c78c1bbdd8087038cf48a9cf

Request headers

Referer: https://www.citictour.com/skin/css/daxiagu.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Tue, 31 Mar 2020 17:19:49 GMT
Last-Modified: Sun, 08 Mar 2015 15:26:45 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
ETag: "e7866049b459d01:0"
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Length: 588

GET
H/1.1 200
OK mid_bg.jpg
www.citictour.com/skin/images/ 194 KB
195 KB 386ms
385ms Image
image/jpeg 154.80.249.30
DXTL-HK DXTL Tseu...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.citictour.com/skin/images/mid_bg.jpg
Requested by: Host: www.citictour.com
URL: https://www.citictour.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 154.80.249.30 Johannesburg, South Africa, ASN134548 (DXTL-HK DXTL Tseung Kwan O Service, HK),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 71aad76bb09a02979bed039b1449d3b8ebb2aa7068f7dd05f85fa60071b33ec7

Request headers

Referer: https://www.citictour.com/skin/css/daxiagu.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Tue, 31 Mar 2020 17:19:49 GMT
Last-Modified: Sun, 08 Mar 2015 15:26:50 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
ETag: "8dd5b64cb459d01:0"
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Length: 198979

GET
H/1.1 200
OK k1_out.jpg
www.citictour.com/skin/images/ 86 KB
86 KB 304ms
304ms Image
image/jpeg 154.80.249.30
DXTL-HK DXTL Tseu...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.citictour.com/skin/images/k1_out.jpg
Requested by: Host: www.citictour.com
URL: https://www.citictour.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 154.80.249.30 Johannesburg, South Africa, ASN134548 (DXTL-HK DXTL Tseung Kwan O Service, HK),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: c798b34ad7e7555654589d2a1e26d3c12ccc6746b43e57cf65329bee605a50a3

Request headers

Referer: https://www.citictour.com/skin/css/daxiagu.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Tue, 31 Mar 2020 17:19:49 GMT
Last-Modified: Sun, 08 Mar 2015 15:27:16 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
ETag: "d0d005cb459d01:0"
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Length: 88266

GET
H/1.1 200
OK k2_out.jpg
www.citictour.com/skin/images/ 24 KB
24 KB 282ms
282ms Image
image/jpeg 154.80.249.30
DXTL-HK DXTL Tseu...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.citictour.com/skin/images/k2_out.jpg
Requested by: Host: www.citictour.com
URL: https://www.citictour.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 154.80.249.30 Johannesburg, South Africa, ASN134548 (DXTL-HK DXTL Tseung Kwan O Service, HK),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 599831da2acd14d97ef6b31769aa413063e690623172372054d5f826b380fd23

Request headers

Referer: https://www.citictour.com/skin/css/daxiagu.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Tue, 31 Mar 2020 17:19:50 GMT
Last-Modified: Sun, 08 Mar 2015 15:27:19 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
ETag: "eed0a85db459d01:0"
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Length: 24270

GET
H/1.1 200
OK k3_out.jpg
www.citictour.com/skin/images/ 21 KB
21 KB 293ms
292ms Image
image/jpeg 154.80.249.30
DXTL-HK DXTL Tseu...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.citictour.com/skin/images/k3_out.jpg
Requested by: Host: www.citictour.com
URL: https://www.citictour.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 154.80.249.30 Johannesburg, South Africa, ASN134548 (DXTL-HK DXTL Tseung Kwan O Service, HK),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 75a9403683d41b720bd94da39d393e2af6ba2fe3ef7d0a6c36f1cec82002380d

Request headers

Referer: https://www.citictour.com/skin/css/daxiagu.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Tue, 31 Mar 2020 17:19:50 GMT
Last-Modified: Sun, 08 Mar 2015 15:27:20 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
ETag: "423f4f5eb459d01:0"
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Length: 21665

GET
H/1.1 200
OK k4_out.jpg
www.citictour.com/skin/images/ 18 KB
18 KB 285ms
285ms Image
image/jpeg 154.80.249.30
DXTL-HK DXTL Tseu...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.citictour.com/skin/images/k4_out.jpg
Requested by: Host: www.citictour.com
URL: https://www.citictour.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 154.80.249.30 Johannesburg, South Africa, ASN134548 (DXTL-HK DXTL Tseung Kwan O Service, HK),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 39a62914159975e87157e2971d46fe065951f5aedd0b8b25bdce914fc3d39aac

Request headers

Referer: https://www.citictour.com/skin/css/daxiagu.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Tue, 31 Mar 2020 17:19:50 GMT
Last-Modified: Sun, 08 Mar 2015 15:26:49 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
ETag: "53ccf64bb459d01:0"
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Length: 18541

GET
H/1.1 200
OK i_gl.jpg
www.citictour.com/skin/images/ 78 KB
78 KB 291ms
290ms Image
image/jpeg 154.80.249.30
DXTL-HK DXTL Tseu...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.citictour.com/skin/images/i_gl.jpg
Requested by: Host: www.citictour.com
URL: https://www.citictour.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 154.80.249.30 Johannesburg, South Africa, ASN134548 (DXTL-HK DXTL Tseung Kwan O Service, HK),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 5abe6735f066b2f01eeb989eb6b7a3348cb4d3228b2d2d1d80938cfabe2f6d7e

Request headers

Referer: https://www.citictour.com/skin/css/daxiagu.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Tue, 31 Mar 2020 17:19:50 GMT
Last-Modified: Sun, 08 Mar 2015 15:27:13 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
ETag: "9d67455ab459d01:0"
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Length: 80033

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1738703849&utmhn=www.citictour.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=%E...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-121883074-1&cid=1559787018.1585675195&jid=604365200&_v=5.7.2&z=1738703849
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-121883074-1&cid=1559787018.1585675195&jid=604365200&_v=5.7.2&z=1738703849
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-121883074-1&cid=1559787018.1585675195&jid=604365200&_v=5.7.2&z=1738703849&slf_rd=1&random=581381195

42 B
109 B

26ms
25ms

Image
image/gif

2a00:1450:4001:825::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-121883074-1&cid=1559787018.1585675195&jid=604365200&_v=5.7.2&z=1738703849&slf_rd=1&random=581381195

Requested by

Host: www.citictour.com
URL: https://www.citictour.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.citictour.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 31 Mar 2020 17:19:54 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 31 Mar 2020 17:19:54 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-121883074-1&cid=1559787018.1585675195&jid=604365200&_v=5.7.2&z=1738703849&slf_rd=1&random=581381195
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
cache-control: no-cache, no-store, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK s.gif
sp0.baidu.com/9_Q4simg2RQJ8t7jm9iCKT-xh_/ 0
116 B 762ms
319ms Image
text/plain 183.232.231.172
CMNET-GUANGDONG-A...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sp0.baidu.com/9_Q4simg2RQJ8t7jm9iCKT-xh_/s.gif?l=https://www.citictour.com/
Requested by: Host: www.citictour.com
URL: https://www.citictour.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 183.232.231.172 , China, ASN56040 (CMNET-GUANGDONG-AP China Mobile communications corporation, CN),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.citictour.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Tue, 31 Mar 2020 17:19:56 GMT
Content-Length: 0
Content-Type: text/plain; charset=utf-8

GET
H/1.1 200
OK hm.gif
hm.baidu.com/ 43 B
299 B 382ms
382ms Image
image/gif 103.235.46.191
CNNIC-BAIDU-AP Be...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1600x1200&vl=1200&et=0&ja=0&ln=en-us&lo=0&rnd=1053082618&si=8ffb39d40b3fce4de172245298466d21&v=1.2.72&lv=1&sn=55871&ct=!!&tt=%E6%BE%B3%E9%97%A8%E7%9A%87%E5%86%A0%E8%B5%8C%E5%9C%BA_%E6%BE%B3%E9%97%A8%E7%9A%87%E5%86%A0VIP%E4%B8%93%E7%BA%BF

Requested by

Host: www.citictour.com
URL: https://www.citictour.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

103.235.46.191 , Hong Kong, ASN55967 (CNNIC-BAIDU-AP Beijing Baidu Netcom Science and Technology Co., Ltd., CN),

Reverse DNS

Software

apache /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=172800
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.citictour.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Pragma: no-cache
Date: Tue, 31 Mar 2020 17:19:56 GMT
X-Content-Type-Options: nosniff
Server: apache
Strict-Transport-Security: max-age=172800
Content-Type: image/gif
Cache-Control: private, max-age=0, no-cache
Content-Length: 43

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Bet365 (Entertainment)

34 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

9 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.www.bjilife.com/	1970-01-19 17:13:31	Name: Hm_lvt_69b9d835d2cb90dac8d84a9a71d48e93 Value: 1585675196
.www.citictour.com/	1969-12-31 23:59:59	Name: Hm_lpvt_8ffb39d40b3fce4de172245298466d21 Value: 1585675196
.www.citictour.com/	1970-01-19 17:13:31	Name: Hm_lvt_8ffb39d40b3fce4de172245298466d21 Value: 1585675196
.citictour.com/	1970-01-19 08:27:55	Name: __utmt Value: 1
.citictour.com/	1970-01-19 08:27:56	Name: __utmb Value: 23852072.1.10.1585675195
.www.bjilife.com/	1969-12-31 23:59:59	Name: Hm_lpvt_69b9d835d2cb90dac8d84a9a71d48e93 Value: 1585675196
.citictour.com/	1969-12-31 23:59:59	Name: __utmc Value: 23852072
.citictour.com/	1970-01-19 12:50:43	Name: __utmz Value: 23852072.1585675195.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none)
.citictour.com/	1970-01-20 01:59:07	Name: __utma Value: 23852072.1559787018.1585675195.1585675195.1585675195.1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

hm.baidu.com
sp0.baidu.com
ssl.google-analytics.com
stats.g.doubleclick.net
www.bjilife.com
www.citictour.com
www.google.com
www.google.de
zz.bdstatic.com
103.235.46.191
119.188.176.48
154.80.249.30
170.178.164.94
183.232.231.172
2a00:1450:4001:81e::2004
2a00:1450:4001:81e::2008
2a00:1450:4001:825::2003
2a00:1450:400c:c08::9d
05b634498a5f6b561330b926633524aa185df2edf67862b375464d6e70987410
09aaf7c2149183ed1d27a686349c54586ead9f092bbd172f683fad6f61515502
0e5d72c20e148edca04967ab4bff432f44264779dc5ecd81bd710eb487fdd145
0ea17b50947776bbb151e1e37ce81c2f8e5e487db42b3d5cf952adcd87cca136
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
16468f7cca9a8e26d54c276e0a46d5f1956c30effa39658403250bb7193d499d
20c28ceb2bddb447d73e8339a081199178fa4f2cf6d772082916ab46f009e855
2ecc09fc57ac8bdc10e65b3e0cb887bd034cc94d734e4bd556801c384c8dafa6
306f0192596d0c82393efecd66ea8ada627fa8893acd8ca906a6116f93edfec8
3994407a7ca18ea2051076c8b5149d430fae720317ddc29aad57a658a06fe60a
39a62914159975e87157e2971d46fe065951f5aedd0b8b25bdce914fc3d39aac
4b46a81ed2e921413d729d400148cbc169f57b193b76adcb667562dde9a6134a
599831da2acd14d97ef6b31769aa413063e690623172372054d5f826b380fd23
5abe6735f066b2f01eeb989eb6b7a3348cb4d3228b2d2d1d80938cfabe2f6d7e
66fe00b588a221df9dfb97c04d8d38d623b50cac841b0a38b213cc363633c578
71aad76bb09a02979bed039b1449d3b8ebb2aa7068f7dd05f85fa60071b33ec7
75a9403683d41b720bd94da39d393e2af6ba2fe3ef7d0a6c36f1cec82002380d
7648bd41bbdca1ee2de48694e73bd2fba80fe1f90e9b9657dc6ca4e82381b7df
76a34cfea1fc2d1e825002dd9e0122aeaaffebd35a954ecfae83d375b4ea1dd1
7767d5e36ca0f6a331087f59baa183877d53cf8a1f23907c33d5c10b34baeed7
87e6c21878bd9f9611a4ab5162e30ba1ca30190623a29b426f3bec418bf09637
911df5c66b3a2064a83a820f406df7ed339789c688e4e087f87f5c6064b8b7cd
919e7fc2d3ab657656f130f610a3bda4a8a46d76ade4fefe4f131b1ba917773b
91f8d22f5da8b3c9c92e7fecba491c3ac636656fca86602a693c52afe6c22f7f
92166c0f8a12c29f45038d12cde227bc87cd15b92be791110ee0162877c664b1
9785f7c187a25e08ffb7bdfff717ed734fb568f9c78c1bbdd8087038cf48a9cf
a6e3c56dc71999fe4eeb6fe215a89385e61fdb8fc48e83a7e4b0bc3891304c94
a7d527190a93f82f1e018793c15a7551903f0c6c97cad073bd627facd11edef4
af93dee61a027aa89e622716fd619cf682435d112f779d0bac1f5d8f02484c16
b0a38e8b7e33064d228eefe97b552db5ac6aa2e9ca71138d9a8df0b0d3cb5872
c31f2003f1c93ac1e34b09f376d97a65da6e110bf451cf1e0e50a7946c5e7212
c798b34ad7e7555654589d2a1e26d3c12ccc6746b43e57cf65329bee605a50a3
cc8a65d84ecebb6325c954c778fd0add5e61cfb288c89226b31125b35e30528d
ccc96b1ca63c240abc9cf28afad6c20eb7ea4622bc6ea39ad4ebfa88629ce4bf
cf163198fa8359281c14c3e77ce553e4c4b1463ade5a32ce8579fc93718f5e75
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e79b7fdbbb7a5c35e5e46ae98361462f7487f56c34a18a80a49e0864d591246e
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f7202d60b949b29c3c649c3f9a585963222e32b8f31bbdfe9723b291bcdbfbbd

www.citictour.com Open in urlscan Pro 154.80.249.30 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

41 Requests

100 %HTTPS

44 %IPv6

8 Domains

9 Subdomains

7 IPs

6 Countries

3647 kBTransfer

3798 kBSize

9 Cookies

0 Outgoing links

Redirected requests

41 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.citictour.com Open in urlscan Pro
154.80.249.30 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

41
Requests

100 %
HTTPS

44 %
IPv6

8
Domains

9
Subdomains

7
IPs

6
Countries

3647 kB
Transfer

3798 kB
Size

9
Cookies

41 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!