Overview

URL699349.com/
IP 18.166.84.185 (Hong Kong)
ASN#16509 AMAZON-02
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-12-06 02:17:08 UTC
StatusLoading report..
IDS alerts0
Blocklist alert56
urlquery alerts No alerts detected
Tags None

Domain Summary (25)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
imgs.mygai.cn (13) 0 2019-03-20 22:42:34 UTC 2019-03-30 16:56:15 UTC 107.148.135.221 Unknown ranking
r3.o.lencr.org (5) 344 No data No data 23.36.77.32
code.jquery.com (1) 634 2012-05-21 17:28:02 UTC 2020-04-21 12:46:20 UTC 69.16.175.42
js.szly123.com (4) 0 No data No data 18.166.84.185 Unknown ranking
imgs.meizhiban.cn (2) 0 No data No data 107.148.135.218 Unknown ranking
290997a.com (1) 0 2022-05-11 07:39:49 UTC 2022-11-04 07:00:59 UTC 43.198.33.164 Unknown ranking
content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191
img-getpocket.cdn.mozilla.net (6) 1631 2018-06-21 23:36:00 UTC 2020-02-19 04:43:25 UTC 34.120.237.76
js.users.51.la (2) 53024 2012-05-30 15:10:11 UTC 2022-08-20 01:24:32 UTC 103.143.19.103
669925a.com (6) 0 2022-05-13 07:30:38 UTC 2022-11-10 16:25:53 UTC 18.166.84.185 Unknown ranking
www.669925a.com (2) 0 No data No data 16.162.201.20 Unknown ranking
ia.51.la (1) 59607 2017-10-31 08:01:51 UTC 2020-05-01 02:41:03 UTC 103.143.19.103
www.290996a.com (6) 0 No data No data 18.166.84.185 Unknown ranking
www.775592.com (1) 0 No data No data 43.198.33.164 Unknown ranking
push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2020-05-03 10:09:39 UTC 52.38.139.17
699349.com (51) 0 2015-11-05 08:53:02 UTC 2022-10-26 14:57:39 UTC 16.162.201.20 Unknown ranking
ocsp.globalsign.com (2) 2075 2012-07-20 17:46:16 UTC 2020-05-02 20:58:10 UTC 104.18.20.226
699349.com (51) 0 2015-11-05 08:53:02 UTC 2022-10-26 14:57:39 UTC 43.198.33.164 Unknown ranking
zerossl.ocsp.sectigo.com (20) 4049 No data No data 172.64.155.188
628866a.com (5) 0 2022-05-12 08:00:17 UTC 2022-10-15 05:26:15 UTC 43.198.33.164 Unknown ranking
sbx2019.com (1) 0 2019-07-20 04:16:51 UTC 2022-10-28 01:59:44 UTC 43.198.33.164 Unknown ranking
905566a.com (2) 0 2021-11-10 09:39:04 UTC 2022-11-03 17:25:55 UTC 43.198.33.164 Unknown ranking
ocsp.digicert.com (2) 86 2012-05-21 07:02:23 UTC 2020-05-02 20:58:10 UTC 93.184.220.29
firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-12-05 04:09:09 UTC 34.102.187.140
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-12-05 04:09:48 UTC 34.117.237.239

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-12-06 2 699349.com/ Phishing
2022-12-06 2 699349.com/ Phishing
2022-12-06 2 699349.com/bd/xggglf.js Phishing
2022-12-06 2 699349.com/jsdc/1989.js Phishing
2022-12-06 2 669925a.com/ktzsx.js Phishing
2022-12-06 2 669925a.com/tttg.js Phishing
2022-12-06 2 669925a.com/zybb/xjgsb.js Phishing
2022-12-06 2 699349.com/js/SuperSlide.js Phishing
2022-12-06 2 669925a.com/jgp.js Phishing
2022-12-06 2 699349.com/jsdc/2025.js Phishing
2022-12-06 2 669925a.com/mhcz.js Phishing
2022-12-06 2 628866a.com/js/kj-link.js Phishing
2022-12-06 2 699349.com/mhczjx.js Phishing
2022-12-06 2 699349.com/bd/tszl.js Phishing
2022-12-06 2 www.669925a.com/zybb/xjzl.js Phishing
2022-12-06 2 699349.com/zybb/gsb1.js Phishing
2022-12-06 2 699349.com/jsdc/1999.js Phishing
2022-12-06 2 699349.com/zybb/ryzt.js Phishing
2022-12-06 2 699349.com/zybb/qhzt.js Phishing
2022-12-06 2 699349.com/bd/wlrt.js Phishing
2022-12-06 2 699349.com/zybb/5wzt.js Phishing
2022-12-06 2 699349.com/zybb/yyzt.js Phishing
2022-12-06 2 699349.com/zybb/dhzt.js Phishing
2022-12-06 2 699349.com/zybb/ds3x.js Phishing
2022-12-06 2 699349.com/zybb/nvxzt.js Phishing
2022-12-06 2 699349.com/jsdc/895cc.js Phishing
2022-12-06 2 699349.com/zybb/tdzt.js Phishing
2022-12-06 2 699349.com/zybb/5xzt.js Phishing
2022-12-06 2 699349.com/jsdc/9898.js Phishing
2022-12-06 2 699349.com/zybb/ptyx.js Phishing
2022-12-06 2 699349.com/bd/pttg.js Phishing
2022-12-06 2 699349.com/zybb/ptyw.js Phishing
2022-12-06 2 699349.com/zybb/dslx.js Phishing
2022-12-06 2 699349.com/zybb/24ma.js Phishing
2022-12-06 2 699349.com/zybb/zyzt.js Phishing
2022-12-06 2 699349.com/zybb/xdxzt.js Phishing
2022-12-06 2 699349.com/zybb/gsb2.js Phishing
2022-12-06 2 699349.com/zybb/4jzt.js Phishing
2022-12-06 2 699349.com/zybb/hbzt.js Phishing
2022-12-06 2 699349.com/zybb/ywbzt.js Phishing
2022-12-06 2 699349.com/zybb/dsbzt.js Phishing
2022-12-06 2 699349.com/zybb/gongshi.js Phishing
2022-12-06 2 699349.com/zybb/jmxc.js Phishing
2022-12-06 2 699349.com/zybb/lbzt.js Phishing
2022-12-06 2 699349.com/jsdc/49ac.js Phishing
2022-12-06 2 699349.com/jiuxiaoyima.js Phishing
2022-12-06 2 699349.com/zybb/gsb3.js Phishing
2022-12-06 2 699349.com/zybb/3qbc.js Phishing
2022-12-06 2 699349.com/zybb/dxdzt.js Phishing
2022-12-06 2 699349.com/bd/tugsb.js Phishing
2022-12-06 2 699349.com/zybb/jyzt.js Phishing
2022-12-06 2 699349.com/zybb/caitu.js Phishing
2022-12-06 2 699349.com/zybb/juesha.js Phishing
2022-12-06 2 699349.com/bd/amyqlj.js Phishing
2022-12-06 2 699349.com/bd/axzhzl.js Phishing
2022-12-06 2 699349.com/js/pub.js Phishing

mnemonic secure dns
 No alerts detected

Quad9 DNS
 No alerts detected


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 4 reports on IP: 18.166.84.185
Date UQ / IDS / BL URL IP
2022-12-14 15:22:34 +0000 0 - 0 - 35 217575b.com/ 18.166.84.185
2022-12-06 10:28:34 +0000 0 - 0 - 35 165252b.com/ 18.166.84.185
2022-12-06 02:17:08 +0000 0 - 0 - 56 699349.com/ 18.166.84.185
2022-11-22 07:04:58 +0000 0 - 0 - 115 393976.cc/ 18.166.84.185


Last 5 reports on ASN: AMAZON-02
Date UQ / IDS / BL URL IP
2023-02-02 00:32:03 +0000 0 - 0 - 1 win.2023prizes.com/go/f6873315-48ca-4273-9ae4 (...) 3.70.16.242
2023-02-02 00:32:01 +0000 0 - 1 - 0 track.enchantedredirect.com/0b38adad-98b1-4b7 (...) 18.192.108.151
2023-02-02 00:27:18 +0000 0 - 2 - 6 pubg-generator.ml/ 3.72.140.173
2023-02-02 00:25:30 +0000 0 - 0 - 2 3.120.74.28/ 3.120.74.28
2023-02-02 00:24:09 +0000 0 - 1 - 6 clickwinner.icu/92f07a13-52c1-4288-bf8e-f9457 (...) 18.156.16.63


Last 1 reports on domain: 699349.com
Date UQ / IDS / BL URL IP
2022-12-06 02:17:08 +0000 0 - 0 - 56 699349.com/ 18.166.84.185


Last 5 reports with similar screenshot
Date UQ / IDS / BL URL IP
2023-02-01 17:54:00 +0000 0 - 0 - 1 www.clothingforstyling.com/ 99.83.154.118
2023-01-29 11:14:14 +0000 0 - 2 - 1 c1.applicationgrabb.com/?step_id=1&installer_ (...) 74.206.228.78
2023-01-29 08:45:59 +0000 0 - 2 - 1 c1.applicationgrabb.com/?step_id=1&installer_ (...) 173.239.5.6
2023-01-25 00:58:29 +0000 0 - 0 - 1 walletconnectservice.company/ 15.197.130.221
2023-01-21 20:28:12 +0000 0 - 0 - 1 c1.applicationgrabb.com/?step_id=1&installer_ (...) 173.239.5.6

JavaScript

Executed Scripts (43)

Executed Evals (0)

Executed Writes (0)


HTTP Transactions (138)


Request Response
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "1BAD6C06AA3E88DCBC125FC98A6CB753EB2B18D2C8DD61DA21D12209AEEDA3F9"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2689
Expires: Tue, 06 Dec 2022 03:01:46 GMT
Date: Tue, 06 Dec 2022 02:16:57 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2696
Cache-Control: max-age=118758
Date: Tue, 06 Dec 2022 02:16:57 GMT
Etag: "638dc877-1d7"
Expires: Wed, 07 Dec 2022 11:16:15 GMT
Last-Modified: Mon, 05 Dec 2022 10:31:19 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5180
Expires: Tue, 06 Dec 2022 03:43:17 GMT
Date: Tue, 06 Dec 2022 02:16:57 GMT
Connection: keep-alive

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 06 Dec 2022 01:20:20 GMT
cache-control: public,max-age=3600
age: 3397
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    14cd9a0afb6ba9a763651d5112760d1e
Sha1:   75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
Sha256: 4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: sPT9HDa1ZBoUCBR6he3jtvRfa+hXA7jykq9jvPWyWR5CiAro9FivKTkPHRH2GkJ1usM/BC0mE/s=
x-amz-request-id: KS84VF9ZAJYWMBGA
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 06 Dec 2022 01:48:44 GMT
age: 1693
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    53341dea33f4f3d9b4966f80589f429a
Sha1:   20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
Sha256: 651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Tue, 06 Dec 2022 02:16:57 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET / HTTP/1.1 
Host: 699349.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         43.198.33.164
HTTP/1.1 301 Moved Permanently
                                        
Server: kangle/3.5.14
Date: Tue, 06 Dec 2022 02:16:57 GMT
Location: https://699349.com/
Content-Length: 0
Connection: close


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 06 Dec 2022 02:11:20 GMT
cache-control: public,max-age=3600
age: 337
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2675
Cache-Control: 'max-age=158059'
Date: Tue, 06 Dec 2022 02:16:58 GMT
Last-Modified: Tue, 06 Dec 2022 01:32:23 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: PgNAV4Yhi9H3RkRGrHQmyA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         52.38.139.17
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: lZhpxcRSjkqCcUCdcW94n9AW+kg=

                                        
                                            POST / HTTP/1.1 
Host: zerossl.ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 06 Dec 2022 02:16:58 GMT
Content-Length: 727
Connection: keep-alive
Last-Modified: Mon, 05 Dec 2022 11:09:54 GMT
Expires: Mon, 12 Dec 2022 11:09:53 GMT
Etag: "8341db59a798602371a85f87be76d26e29a2ae15"
Cache-Control: max-age=549774,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775185c4fc33b523-OSL

                                        
                                            GET / HTTP/1.1 
Host: 699349.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         16.162.201.20
HTTP/1.1 200 OK
Content-Type: text/html
                                        
ETag: "01bda93217d91:0"
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:38 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 01:11:35 GMT
Content-Length: 10280
Connection: close


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (617), with CRLF line terminators
Size:   10280
Md5:    f848ef5a2002c66fcabdb9bb8fa525f8
Sha1:   ba369f697d758d006295e9963be1d5e7f130bc6a
Sha256: ba2bcd531f5a4cb6d95f955f91d688a2ecdef4063970202db6f8a49c04cf90ee

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /jquery-1.10.2.min.js HTTP/1.1 
Host: code.jquery.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         69.16.175.42
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Tue, 06 Dec 2022 02:16:59 GMT
content-encoding: gzip
content-length: 32788
last-modified: Wed, 16 Feb 2022 10:50:39 GMT
accept-ranges: bytes
server: nginx
etag: W/"620cd6ff-16bb3"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1670293019.dop232.sk1.t,1670293019.cds066.sk1.hn,1670293019.cds243.sk1.c
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (32072)
Size:   32788
Md5:    68cc08e82915da8b82fc6be74ab86365
Sha1:   4089530b0c00f6cbd1452d7f873be85454196fd1
Sha256: 6c63276db5e51f227be1c9bdaf73d76fa01040499944a8c8607db0c234f0575c
                                        
                                            GET /css/reset.css HTTP/1.1 
Host: 699349.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         16.162.201.20
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Content-Encoding: gzip
ETag: "e602c7fe595d61:0"
Last-Modified: Mon, 28 Sep 2020 22:19:56 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 14:23:05 GMT
Content-Length: 789
Connection: close


--- Additional Info ---
Magic:  ISO-8859 text, with very long lines (1163), with CRLF line terminators
Size:   789
Md5:    b9cbcbf6cbbd503de2b62a474ba2a617
Sha1:   075fc579cea19b0f2bd6fd508145eadde482f8f0
Sha256: a7ac41642553ff7613555fc9e631f0fa9c73b4db25bc537e1c4f059805d992d6
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2580
Expires: Tue, 06 Dec 2022 02:59:59 GMT
Date: Tue, 06 Dec 2022 02:16:59 GMT
Connection: keep-alive

                                        
                                            GET /bd/xggglf.js HTTP/1.1 
Host: 699349.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         16.162.201.20
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Content-Encoding: gzip
ETag: "a424b1ec197d91:0"
Last-Modified: Sat, 03 Dec 2022 13:19:51 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 23:44:41 GMT
Content-Length: 750
Connection: close


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (320), with CRLF line terminators
Size:   750
Md5:    66c4a121e5a4f1a3160bd4b04c137cd5
Sha1:   c70e0bd6ec7c2595e87c3ca1c07313badac8f678
Sha256: b2d9964c09a810504fedd009bab467d3f646bb383adf134d5f49b755f5d0b6bc

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1d62ac4e-2ac8-4e49-a61b-a48cff80ffd2.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9987
x-amzn-requestid: 3d4d7dd0-2be0-46c1-a9c0-aa3cce2e8c81
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSvUHhJIAMFZYQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64c8-63a6960043564aa762caaabe;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:16 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XaKRGgDJdys5Ufgv2QasOrlxuXHRnb8dJWc_tHiXa72QvQ-egpRDsQ==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 559326ad73233233a9e52cb9e8601ede.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:25:37 GMT
age: 13882
etag: "a4aae05e7a929fc7f652f56748d2a2da9c44ac45"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9987
Md5:    8055d0db573ab34924db3b60ed788bb2
Sha1:   a4aae05e7a929fc7f652f56748d2a2da9c44ac45
Sha256: f6a9555f112882d4ac284c6dc26ae0f02f6ccf8ee312615e01ebec8242bade1f
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa99f7bcf-386e-4655-b6f0-99abdf67f097.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8469
x-amzn-requestid: c17eff92-da62-4f0f-9e75-2741012ec43a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: co_sqFSjoAMFQ6w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d131d-61d61d2f0bb01ecb21b809ea;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 21:37:33 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: i6QasBBRK9APW19sH0DdOipvUJA3gWj0CAMTzt7ejRCOk_V2psz-Xw==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:45:47 GMT
age: 16272
etag: "ff254a1df087d2c157d88a6ef04e395dc49efe5e"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8469
Md5:    2f60a6490f38a772dcd50a1132e98e1b
Sha1:   ff254a1df087d2c157d88a6ef04e395dc49efe5e
Sha256: 653e40becd103cd76cc2f194a87e933e8c548d346f87520fefca3b16430fc4ab
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F42536ef2-6e40-4541-ac60-0ff74058daa7.png HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 15732
x-amzn-requestid: 7467ddb0-b9f9-47e9-ac31-c7599fe45698
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csVIIESBIAMFU6w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e689a-79e3f8b66e1cf72f3283ac5b;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:54:34 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 3seQ7H4qrlKKpuIWUobiey92ZMkB4jWqd5v6T6379g0V0y6XdVFvWQ==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:22:21 GMT
age: 14078
etag: "67a09d8cd23ed444667b225f7fbf4bb17b9f42dd"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   15732
Md5:    b5e953213b7b13b8ee202406147fac52
Sha1:   67a09d8cd23ed444667b225f7fbf4bb17b9f42dd
Sha256: cf6b2502f0a992148f9401c16a329cae5a6c21fb81f03131f3e69c58bc608110
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2580
Expires: Tue, 06 Dec 2022 02:59:59 GMT
Date: Tue, 06 Dec 2022 02:16:59 GMT
Connection: keep-alive

                                        
                                            GET /jsdc/1989.js HTTP/1.1 
Host: 699349.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         16.162.201.20
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
ETag: "80dde97b51cd81:0"
Content-Encoding: gzip
Last-Modified: Tue, 08 Feb 2022 06:32:07 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 15:33:29 GMT
Content-Length: 1312
Connection: close


--- Additional Info ---
Magic:  HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (311), with CRLF line terminators
Size:   1312
Md5:    c8f53e935527bfd8a8c1966d929f1e9f
Sha1:   976cf29c547c3c512bb77db167ade4e28f8faaf4
Sha256: e5f3902d9839b3aa0a4d91829c1c99dd07b07ce8f99a46c3e140158e6b62aeb8

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST /gsgccr3dvtlsca2020 HTTP/1.1 
Host: ocsp.globalsign.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         104.18.20.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 06 Dec 2022 02:16:59 GMT
Content-Length: 1414
Connection: keep-alive
Expires: Sat, 10 Dec 2022 00:57:31 GMT
ETag: "d0a9be213962a90d58da8bc397f471a91eb34ea6"
Last-Modified: Tue, 06 Dec 2022 00:57:32 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 6
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 775185ce6cb8b50b-OSL


--- Additional Info ---
Magic:  data
Size:   1414
Md5:    9beee193aead886f82a1a99c49575ee8
Sha1:   d0a9be213962a90d58da8bc397f471a91eb34ea6
Sha256: 6cf2bacad324262dfefe1939e45d988eed14807571a8b920a09d841dd2ff3ab5
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F273773ed-3135-47d7-b4ff-5e390a90fecf.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5273
x-amzn-requestid: 5ab71aaf-6757-46dc-86fc-0a866958d22f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSz2EqfIAMFqng=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64e5-15ae9d330e005f547161b4df;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:45 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: xcEI729NEfORs3fT_fHi-BkyqA1sHl0dA6fAGd9hYkJNePUlM4vKQg==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:05:52 GMT
age: 15067
etag: "bde85bd98858e4b13484a9cc3263b4db7fb5d348"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5273
Md5:    49c08cd33e41826af9dd4a8a912e0ddf
Sha1:   bde85bd98858e4b13484a9cc3263b4db7fb5d348
Sha256: 43471e7b4da8e4e58b842d05cb073ef150ff119eaa6890c86162f03a140459cf
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2580
Expires: Tue, 06 Dec 2022 02:59:59 GMT
Date: Tue, 06 Dec 2022 02:16:59 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11224
x-amzn-requestid: 938de0b8-1055-4416-9ad7-162ab5f4db9f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csUINEwdoAMFuOw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e6701-38b079ef341bb17e567de773;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:47:45 GMT
x-amz-cf-pop: YVR50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: tGtiCE9C3j0BUruNaFN2j1mKxCSouLmocmTXpmLMBJaLNyVwkXu1gQ==
via: 1.1 f0ac467993db44dbfc36b778dfcaf73c.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:23:09 GMT
age: 14030
etag: "36082b7329d473829178f280cb71a83b1531e486"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11224
Md5:    b15136d60fd0a5e0f657a4f5c75d540f
Sha1:   36082b7329d473829178f280cb71a83b1531e486
Sha256: 79478269b1f5dcfd1e45ccd4264fa44805b37c5c8fec820bcbd2fa1689dfbbd8
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffaf0de04-19bf-4944-9ac5-5178afafb192.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11352
x-amzn-requestid: 7c3fc7bb-eb1f-46ec-8e92-b6ffc6261848
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSwuF1ToAMFiIA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64d1-7c53152a279f00595b9886bd;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:25 GMT
x-amz-cf-pop: SFO5-P2, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: aYf5d6wAJlPSXVwF5uQXUb1g_65z-v6tInk7IF64bBV-w31d3MKeIQ==
via: 1.1 b6d577696b14c86cbfeb5b3459f38c50.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:22:23 GMT
age: 14076
etag: "01ceb7233fe05ad8dff3a0a43eef879ea2b83ec4"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11352
Md5:    7f2c354a00ab51d4a41221b6bf191c10
Sha1:   01ceb7233fe05ad8dff3a0a43eef879ea2b83ec4
Sha256: 7d3c8417e1db0db41ceb8b4bf3f506864392dd1ad29319a06a8a6055f6f2ed12
                                        
                                            POST / HTTP/1.1 
Host: zerossl.ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 06 Dec 2022 02:16:59 GMT
Content-Length: 728
Connection: keep-alive
Last-Modified: Mon, 05 Dec 2022 16:56:38 GMT
Expires: Mon, 12 Dec 2022 16:56:37 GMT
Etag: "dce7a1d4c96910b835fc6c12e35cfd9ba4e3c88a"
Cache-Control: max-age=570577,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775185ceab6eb4f1-OSL

                                        
                                            POST / HTTP/1.1 
Host: zerossl.ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 06 Dec 2022 02:16:59 GMT
Content-Length: 728
Connection: keep-alive
Last-Modified: Mon, 05 Dec 2022 16:56:38 GMT
Expires: Mon, 12 Dec 2022 16:56:37 GMT
Etag: "dce7a1d4c96910b835fc6c12e35cfd9ba4e3c88a"
Cache-Control: max-age=570577,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775185cea8b21c12-OSL

                                        
                                            POST / HTTP/1.1 
Host: zerossl.ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 06 Dec 2022 02:16:59 GMT
Content-Length: 728
Connection: keep-alive
Last-Modified: Mon, 05 Dec 2022 16:56:38 GMT
Expires: Mon, 12 Dec 2022 16:56:37 GMT
Etag: "dce7a1d4c96910b835fc6c12e35cfd9ba4e3c88a"
Cache-Control: max-age=570577,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775185cea963b4fa-OSL

                                        
                                            POST / HTTP/1.1 
Host: zerossl.ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 06 Dec 2022 02:17:00 GMT
Content-Length: 728
Connection: keep-alive
Last-Modified: Mon, 05 Dec 2022 16:56:38 GMT
Expires: Mon, 12 Dec 2022 16:56:37 GMT
Etag: "dce7a1d4c96910b835fc6c12e35cfd9ba4e3c88a"
Cache-Control: max-age=570576,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775185ceab61fac4-OSL

                                        
                                            POST / HTTP/1.1 
Host: zerossl.ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 06 Dec 2022 02:17:00 GMT
Content-Length: 727
Connection: keep-alive
Last-Modified: Sat, 03 Dec 2022 12:37:32 GMT
Expires: Sat, 10 Dec 2022 12:37:31 GMT
Etag: "15ad978643d87dc7272240c7da8a6d621b8bd0c3"
Cache-Control: max-age=382230,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775185cf0b88b4f1-OSL

                                        
                                            POST / HTTP/1.1 
Host: zerossl.ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 06 Dec 2022 02:17:00 GMT
Content-Length: 728
Connection: keep-alive
Last-Modified: Mon, 05 Dec 2022 08:16:50 GMT
Expires: Mon, 12 Dec 2022 08:16:49 GMT
Etag: "df2a89375c7498f839f76d0c641e4793c179c854"
Cache-Control: max-age=539388,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775185d01ba9fac4-OSL

                                        
                                            GET /21088117.js HTTP/1.1 
Host: js.users.51.la
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         103.143.19.103
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
Server: CloudWAF
Date: Tue, 06 Dec 2022 02:17:00 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: HWWAFSESID=fb83d3948ddb4ce5716; path=/ HWWAFSESTIME=1670293017150; path=/
Cache-Control: max-age=360000
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (4898)
Size:   2309
Md5:    d6ee90be484becdfba69328335d2c2e8
Sha1:   030fb67fd7e44c4cc66a5a5524182e991ae76f96
Sha256: e367a43c5de0f58a865f1609621cf03e7d74ea8e88c77681c4089bb86f6f9513
                                        
                                            POST / HTTP/1.1 
Host: zerossl.ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 06 Dec 2022 02:17:00 GMT
Content-Length: 727
Connection: keep-alive
Last-Modified: Sat, 03 Dec 2022 12:37:32 GMT
Expires: Sat, 10 Dec 2022 12:37:31 GMT
Etag: "15ad978643d87dc7272240c7da8a6d621b8bd0c3"
Cache-Control: max-age=382230,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775185ce3f52b523-OSL

                                        
                                            POST / HTTP/1.1 
Host: zerossl.ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 06 Dec 2022 02:17:00 GMT
Content-Length: 727
Connection: keep-alive
Last-Modified: Sun, 04 Dec 2022 13:55:31 GMT
Expires: Sun, 11 Dec 2022 13:55:30 GMT
Etag: "9a204f4015921c2e05d7210b4514f0f8abd9ba24"
Cache-Control: max-age=473309,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775185cf88fb1c12-OSL

                                        
                                            POST / HTTP/1.1 
Host: zerossl.ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 06 Dec 2022 02:17:00 GMT
Content-Length: 728
Connection: keep-alive
Last-Modified: Mon, 05 Dec 2022 08:16:50 GMT
Expires: Mon, 12 Dec 2022 08:16:49 GMT
Etag: "df2a89375c7498f839f76d0c641e4793c179c854"
Cache-Control: max-age=539388,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775185cfa9c8b4fa-OSL

                                        
                                            POST / HTTP/1.1 
Host: zerossl.ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 06 Dec 2022 02:17:00 GMT
Content-Length: 727
Connection: keep-alive
Last-Modified: Sun, 04 Dec 2022 13:55:31 GMT
Expires: Sun, 11 Dec 2022 13:55:30 GMT
Etag: "9a204f4015921c2e05d7210b4514f0f8abd9ba24"
Cache-Control: max-age=473309,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775185d0abcbfac4-OSL

                                        
                                            GET /css/style.css HTTP/1.1 
Host: 699349.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         16.162.201.20
HTTP/1.1 200 OK
Content-Type: text/css
                                        
ETag: "05e3833451dd71:0"
Content-Encoding: gzip
Last-Modified: Sat, 20 Mar 2021 04:55:08 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 00:35:15 GMT
Content-Length: 3874
Connection: close


--- Additional Info ---
Magic:  Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size:   3874
Md5:    b6bd916dfe2c98320a8ced9fc1026a4b
Sha1:   c1e7960176a47489aba82dcab07c0740924777c2
Sha256: 3ea0ac06a28dc3234c77fe2caaeccf5e90c8247d897219568bf8a187ddc85fe5
                                        
                                            POST / HTTP/1.1 
Host: zerossl.ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 06 Dec 2022 02:17:00 GMT
Content-Length: 728
Connection: keep-alive
Last-Modified: Mon, 05 Dec 2022 08:16:50 GMT
Expires: Mon, 12 Dec 2022 08:16:49 GMT
Etag: "df2a89375c7498f839f76d0c641e4793c179c854"
Cache-Control: max-age=539388,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775185d04bfab4f1-OSL

                                        
                                            GET /ktzsx.js HTTP/1.1 
Host: 669925a.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         18.166.84.185
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Content-Encoding: gzip
ETag: "1f212e7b897d91:0"
Last-Modified: Sun, 04 Dec 2022 02:38:24 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 02:04:10 GMT
Content-Length: 789
Connection: close


--- Additional Info ---
Magic:  HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (308), with CRLF line terminators
Size:   789
Md5:    03141e248f325e2d15c127b10dc81803
Sha1:   088b47edb1ada61ae7f6c3729b3b6900cd950355
Sha256: 8e9b46d02d306ab4d801ac2a452df28a5c9725a2050adb7e539a022a46b63d3d

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /tttg.js HTTP/1.1 
Host: 669925a.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         18.166.84.185
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
ETag: "092a4f0f4aed81:0"
Content-Encoding: gzip
Last-Modified: Sat, 13 Aug 2022 09:13:24 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 00:12:33 GMT
Content-Length: 1073
Connection: close


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size:   1073
Md5:    7037b40fdfa6f99d8498ad0b3d7afe9c
Sha1:   935e0d856de830fe4cd5af81caf0009a95944e8a
Sha256: 93ce52ce24d581a323273c02d367b1e1ecba584b983dee67e20731bfd3e5053c

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /zybb/xjgsb.js HTTP/1.1 
Host: 669925a.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         18.166.84.185
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
ETag: "01bda93217d91:0"
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:38 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 01:53:32 GMT
Content-Length: 2353
Connection: close


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (392), with CRLF line terminators
Size:   2353
Md5:    93fbb00b1c5a25ce2b47995c70d95b99
Sha1:   ad5ec259802be56b2961954431cb19cb26ee64fa
Sha256: 475ec23811aea84fa03ad43e0d53995eb6b377c9d39cd1c48ba3b7f87032ac4e

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /js/SuperSlide.js HTTP/1.1 
Host: 699349.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         16.162.201.20
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
ETag: "8009e8de595d61:0"
Content-Encoding: gzip
Last-Modified: Mon, 28 Sep 2020 22:20:21 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 13:59:33 GMT
Content-Length: 3704
Connection: close


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (11013), with CRLF line terminators
Size:   3704
Md5:    776fcefcd00c399fdccbdd0e11ead966
Sha1:   bc5da70384bcf683b13c973928a3b9fa14ac8c83
Sha256: b4cd2c5b6220e1f51e2b76d498f9f46eef57bb3a5d8f35ba28b0ef61d7e802ce

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /jgp.js HTTP/1.1 
Host: 669925a.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         18.166.84.185
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Content-Encoding: gzip
ETag: "3bc16594217d91:0"
Last-Modified: Sat, 03 Dec 2022 14:14:38 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 02:15:55 GMT
Content-Length: 1184
Connection: close


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (419), with CRLF line terminators
Size:   1184
Md5:    ce689cfc313bb282b9c652f73fc83133
Sha1:   90fa7a98b4da41be1947c09ff74995b98fad9e67
Sha256: ff1cb53716e5e1ded44f6bd7041cba39475d59d07edf26dacc19018cd59ef535

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /jsdc/2025.js HTTP/1.1 
Host: 699349.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         16.162.201.20
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Content-Encoding: gzip
ETag: "a995b0329192d81:0"
Last-Modified: Fri, 08 Jul 2022 06:08:52 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 20:57:23 GMT
Content-Length: 1332
Connection: close


--- Additional Info ---
Magic:  HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (311), with CRLF line terminators
Size:   1332
Md5:    02b1e817717d1383cbbffcc3ee0b0719
Sha1:   c69d1dc10f63964167294027025a8265c521bea5
Sha256: 529fe2bf961ac2951e50ca35496e542ce3d165eadb68174fa9e320d06bc9be6b

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /mhcz.js HTTP/1.1 
Host: 669925a.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         18.166.84.185
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
ETag: "80b17294217d91:0"
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:39 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 02:08:25 GMT
Content-Length: 1236
Connection: close


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (308), with CRLF line terminators
Size:   1236
Md5:    377e5bd54feb15f93d63eaada7fb5d29
Sha1:   916aff5e5c473f501481277f20b9e614c248372d
Sha256: 4a28ef950976fce3111143075194029398b330a538549acac16abd6e7b8f510a

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /21088033.js HTTP/1.1 
Host: js.users.51.la
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         103.143.19.103
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
Server: CloudWAF
Date: Tue, 06 Dec 2022 02:17:00 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: HWWAFSESID=94bf825005f65c7f462; path=/ HWWAFSESTIME=1670293019226; path=/
Cache-Control: max-age=360000
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (4898)
Size:   2310
Md5:    3e06eebd51aec7dffcedf9b5c1a4ccfb
Sha1:   6fb85a35a7fdec3a53695e82a69a9c80f3b8a8af
Sha256: 84f8533a7794c42ddd7ab1d4ba1142a3cb22f079f361373f41bdad46b0d2c94c
                                        
                                            GET /js/kj-link.js HTTP/1.1 
Host: 628866a.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         43.198.33.164
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
ETag: "80ad4a198767d81:0"
Content-Encoding: gzip
Last-Modified: Sat, 14 May 2022 11:38:15 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 15:48:34 GMT
Content-Length: 832
Connection: close


--- Additional Info ---
Magic:  HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size:   832
Md5:    be49dd2e9699eb09642c4ea3ef383183
Sha1:   df60158a6d8a656f9917e8d4d99e9a59ac337fb5
Sha256: a5b220f9f064477262b856b3ed268c0aaed372a566e11a07c599fef2837af13a

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /js/2022.js HTTP/1.1 
Host: js.szly123.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         18.166.84.185
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
ETag: "80532e2d10ffd81:0"
Content-Encoding: gzip
Last-Modified: Wed, 23 Nov 2022 07:49:55 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 13:52:20 GMT
Content-Length: 1317
Connection: close


--- Additional Info ---
Magic:  HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (331), with CRLF line terminators
Size:   1317
Md5:    ca73d1d58c1621f02a3d2ca996914364
Sha1:   0d6950b04fdc3ea20d69eef0cfe50375fdb04aaf
Sha256: b676a63cba89713057e475d622e2db06917e685ad7a3a4f34895dce042e3d7a0
                                        
                                            GET /js/sbx.js HTTP/1.1 
Host: sbx2019.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         43.198.33.164
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
ETag: "80b29adc16d91:0"
Content-Encoding: gzip
Last-Modified: Fri, 02 Dec 2022 03:55:05 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 01:45:28 GMT
Content-Length: 3640
Connection: close


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (672), with CRLF line terminators
Size:   3640
Md5:    70ced684afe68da47d444a8ff3151b52
Sha1:   3e5f07f6a7a7f2b596c8280dac9ad03789b8683e
Sha256: bef98dbd143c2fca86cd0b05949385451dc2fd2c15246c77f80bba338e0b51cf
                                        
                                            GET /mhczjx.js HTTP/1.1 
Host: 699349.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         16.162.201.20
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
ETag: "80676465fc8d91:0"
Content-Encoding: gzip
Last-Modified: Mon, 05 Dec 2022 22:53:31 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 01:25:35 GMT
Content-Length: 1128
Connection: close


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size:   1128
Md5:    d0684860bd119f7bdc41e3c46e9deea5
Sha1:   67fda50ad30c69a4d46fc08ad1fcaf5469a304ca
Sha256: fc9aee7ef7f9622accaca51d580769fc13f7310fc51125edf67279472c4fbe06

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /bd/tszl.js HTTP/1.1 
Host: 699349.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         16.162.201.20
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Content-Encoding: gzip
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 02:16:59 GMT
Transfer-Encoding: chunked
Connection: close


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size:   675
Md5:    815ec59bc7238fae2bbe77156ad8f5b2
Sha1:   bc673c626b999f08c7b6ebeb9616834a08a8d3a4
Sha256: b0f1e83708354377cfb1eee4ff3352255095f26b04edf23081da4c73bb068e4a

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /zybb/xjzl.js HTTP/1.1 
Host: www.669925a.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         16.162.201.20
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
ETag: "01bda93217d91:0"
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:38 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 02:05:07 GMT
Content-Length: 1108
Connection: close


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (323), with CRLF line terminators
Size:   1108
Md5:    f0a7cc27bd8cf102aa4fae08c7b8e6eb
Sha1:   dbe33ce94f9e24124e4f2a4214366172bfefc9c6
Sha256: fd2738bc85a536243e78932e1a45c4e6a56342bc95dc386689a06fbea74bdb53

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /fivetab.js HTTP/1.1 
Host: js.szly123.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         18.166.84.185
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
ETag: "80d680b110ffd81:0"
Content-Encoding: gzip
Last-Modified: Wed, 23 Nov 2022 07:53:37 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 23:58:45 GMT
Content-Length: 2831
Connection: close


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (325), with CRLF line terminators
Size:   2831
Md5:    771d7279b11708f9ab24a9764b602a47
Sha1:   a419b03f631550ebbd656ead879daa5b937ad6fe
Sha256: 44b7bff535d4f092053b1744d4faeaef9a33e6292ed30a64dbd3a8756e0e5eb6
                                        
                                            GET /zybb/gsb1.js HTTP/1.1 
Host: 699349.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         16.162.201.20
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
ETag: "80844193217d91:0"
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:37 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 00:01:59 GMT
Content-Length: 2344
Connection: close


--- Additional Info ---
Magic:  HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size:   2344
Md5:    60bdc84b7b7278ad724efa7f94bb587d
Sha1:   ebeee7e3c74023f8ae871e5c176752031d104a6c
Sha256: e8cf96fd0bdbf393658fc9b50bcc3f04a12cb4761998c35f026d5151d033ad6a

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /jsdc/1999.js HTTP/1.1 
Host: 699349.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         16.162.201.20
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
ETag: "80dde97b51cd81:0"
Content-Encoding: gzip
Last-Modified: Tue, 08 Feb 2022 06:32:07 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 22:20:03 GMT
Content-Length: 1324
Connection: close


--- Additional Info ---
Magic:  HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (311), with CRLF line terminators
Size:   1324
Md5:    4d8577e8b03c85ef9403c3841a88a0ba
Sha1:   4ce86f1b6e6c4ef5d238ff2b532bc937e1cf70c9
Sha256: 1c8be6a55ba3a1f2d1e26db04a31c18706dd3f60a06ea02f20f9cd9bc3092807

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /js/100.js HTTP/1.1 
Host: js.szly123.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         18.166.84.185
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
ETag: "801046a5a7fcd81:0"
Content-Encoding: gzip
Last-Modified: Sun, 20 Nov 2022 06:16:37 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 14:10:22 GMT
Content-Length: 1304
Connection: close


--- Additional Info ---
Magic:  HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (331), with CRLF line terminators
Size:   1304
Md5:    690dbddbeb9728abe2ddb56cfbb8c6c5
Sha1:   ab0cd44cbfe13f0b7754209eafa773f9d37fd3e8
Sha256: 5bac7b3fdc959cc6419af6b2ae88607640ffcf43ac7f6d0278873fe188e1272a
                                        
                                            GET /js/gg.js HTTP/1.1 
Host: js.szly123.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         18.166.84.185
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
ETag: "93731537d3f9d81:0"
Content-Encoding: gzip
Last-Modified: Wed, 16 Nov 2022 15:50:56 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 23:58:45 GMT
Content-Length: 4735
Connection: close


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (421), with CRLF line terminators
Size:   4735
Md5:    a84619e95ac5a63acd392fe6c085fd12
Sha1:   437b90cd68fd42822224f42a371aacfc8caae797
Sha256: ce0bd7ca96d915eb6c6911c441fcadffb87fa592f35ac230ac85b3e851ef8aa8
                                        
                                            GET /zybb/ryzt.js HTTP/1.1 
Host: 699349.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         16.162.201.20
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
ETag: "01bda93217d91:0"
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:38 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 00:23:01 GMT
Content-Length: 753
Connection: close


--- Additional Info ---
Magic:  HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size:   753
Md5:    76f39d336810d8ca2b16bfe50bf96045
Sha1:   5caa711a1191e0bd8abf2cfe890ff9844773ae5b
Sha256: 860df8eb8f879abf429c8d74b25c90ebab1387374ed45b71bda232c24a9c8d5b

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /zybb/qhzt.js HTTP/1.1 
Host: 699349.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         16.162.201.20
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
ETag: "01bda93217d91:0"
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:38 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 00:54:42 GMT
Content-Length: 936
Connection: close


--- Additional Info ---
Magic:  HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size:   936
Md5:    30669a16665b31d0f2d653398af0dadd
Sha1:   b40266bfbad57755abf83882af576c08e47c7365
Sha256: 8521f1951ca004695449380933db3758625c8d4f9ed52ffb07622993392d9132

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST /gsgccr3dvtlsca2020 HTTP/1.1 
Host: ocsp.globalsign.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         104.18.20.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 06 Dec 2022 02:17:00 GMT
Content-Length: 1414
Connection: keep-alive
Expires: Fri, 09 Dec 2022 22:46:01 GMT
ETag: "ab51b64d2cb0fb278f18f87826917cf14ca345c4"
Last-Modified: Mon, 05 Dec 2022 22:46:02 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2189
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 775185d47eadb50b-OSL


--- Additional Info ---
Magic:  data
Size:   1414
Md5:    5425bacd37ff17f18723c39c17534d97
Sha1:   ab51b64d2cb0fb278f18f87826917cf14ca345c4
Sha256: 8509515e421095740d64f7db7c2a906cfbcfb3668ec089bd15249efc4d878889
                                        
                                            POST / HTTP/1.1 
Host: zerossl.ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 06 Dec 2022 02:17:00 GMT
Content-Length: 727
Connection: keep-alive
Last-Modified: Sun, 04 Dec 2022 10:37:53 GMT
Expires: Sun, 11 Dec 2022 10:37:52 GMT
Etag: "f637a66a2070d05bc51e3e6698fbd296fdd7d913"
Cache-Control: max-age=461451,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775185d46a251c12-OSL

                                        
                                            GET /bd/wlrt.js HTTP/1.1 
Host: 699349.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         16.162.201.20
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Content-Encoding: gzip
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 02:16:59 GMT
Transfer-Encoding: chunked
Connection: close


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size:   675
Md5:    815ec59bc7238fae2bbe77156ad8f5b2
Sha1:   bc673c626b999f08c7b6ebeb9616834a08a8d3a4
Sha256: b0f1e83708354377cfb1eee4ff3352255095f26b04edf23081da4c73bb068e4a

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: zerossl.ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 06 Dec 2022 02:17:01 GMT
Content-Length: 727
Connection: keep-alive
Last-Modified: Sun, 04 Dec 2022 10:37:53 GMT
Expires: Sun, 11 Dec 2022 10:37:52 GMT
Etag: "f637a66a2070d05bc51e3e6698fbd296fdd7d913"
Cache-Control: max-age=461450,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775185d48d61b4f1-OSL

                                        
                                            POST / HTTP/1.1 
Host: zerossl.ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 06 Dec 2022 02:17:01 GMT
Content-Length: 727
Connection: keep-alive
Last-Modified: Sun, 04 Dec 2022 10:37:53 GMT
Expires: Sun, 11 Dec 2022 10:37:52 GMT
Etag: "f637a66a2070d05bc51e3e6698fbd296fdd7d913"
Cache-Control: max-age=461450,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775185d48bc7b4fa-OSL

                                        
                                            POST / HTTP/1.1 
Host: zerossl.ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 06 Dec 2022 02:17:01 GMT
Content-Length: 727
Connection: keep-alive
Last-Modified: Sun, 04 Dec 2022 10:37:53 GMT
Expires: Sun, 11 Dec 2022 10:37:52 GMT
Etag: "f637a66a2070d05bc51e3e6698fbd296fdd7d913"
Cache-Control: max-age=461450,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775185d4a9ceb523-OSL

                                        
                                            GET /images/amzl.gif HTTP/1.1 
Host: www.669925a.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         16.162.201.20
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
ETag: "6f1495ce8566d71:0"
Last-Modified: Mon, 21 Jun 2021 10:11:31 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 23:55:09 GMT
Content-Length: 22806
Connection: close


--- Additional Info ---
Magic:  GIF image data, version 89a, 957 x 178\012- data
Size:   22806
Md5:    bb3ed49038f25e27ef2205f225164a4e
Sha1:   b050a050b471d5a10ae4873fbb7b294917478e21
Sha256: d6e6367a2f6a7ca41d2de9187242e539e6fe4306a7aa970068104bff953ca1eb
                                        
                                            GET /tp/hf/852_800x100.gif HTTP/1.1 
Host: imgs.mygai.cn
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         107.148.135.221
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=utf-8
                                        
Server: kangle/3.5.14
Date: Tue, 06 Dec 2022 02:15:23 GMT
Content-Length: 579
Connection: close


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   579
Md5:    fd257e3a9b8d3abd1ecd56a8e8e4c298
Sha1:   8ef622bd79a2d55116e52e16aa238af7f3aca181
Sha256: 697375791a2ce41a6ce2131c494e282b138174397360eb7d3accf8070cc8d282
                                        
                                            GET /tp/49tk/49tk1.gif HTTP/1.1 
Host: imgs.mygai.cn
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         107.148.135.221
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=utf-8
                                        
Server: kangle/3.5.14
Date: Tue, 06 Dec 2022 02:15:23 GMT
Content-Length: 579
Connection: close


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   579
Md5:    fd257e3a9b8d3abd1ecd56a8e8e4c298
Sha1:   8ef622bd79a2d55116e52e16aa238af7f3aca181
Sha256: 697375791a2ce41a6ce2131c494e282b138174397360eb7d3accf8070cc8d282
                                        
                                            GET /tp/00886tk/00886tk.gif HTTP/1.1 
Host: imgs.mygai.cn
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         107.148.135.221
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=utf-8
                                        
Server: kangle/3.5.14
Date: Tue, 06 Dec 2022 02:15:23 GMT
Content-Length: 579
Connection: close


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   579
Md5:    fd257e3a9b8d3abd1ecd56a8e8e4c298
Sha1:   8ef622bd79a2d55116e52e16aa238af7f3aca181
Sha256: 697375791a2ce41a6ce2131c494e282b138174397360eb7d3accf8070cc8d282
                                        
                                            GET /tp/2025/2025hf.gif HTTP/1.1 
Host: imgs.mygai.cn
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         107.148.135.221
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=utf-8
                                        
Server: kangle/3.5.14
Date: Tue, 06 Dec 2022 02:15:23 GMT
Content-Length: 579
Connection: close


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   579
Md5:    fd257e3a9b8d3abd1ecd56a8e8e4c298
Sha1:   8ef622bd79a2d55116e52e16aa238af7f3aca181
Sha256: 697375791a2ce41a6ce2131c494e282b138174397360eb7d3accf8070cc8d282
                                        
                                            GET /tp/hf/9898_800x100.gif HTTP/1.1 
Host: imgs.mygai.cn
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         107.148.135.221
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=utf-8
                                        
Server: kangle/3.5.14
Date: Tue, 06 Dec 2022 02:15:23 GMT
Content-Length: 579
Connection: close


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   579
Md5:    fd257e3a9b8d3abd1ecd56a8e8e4c298
Sha1:   8ef622bd79a2d55116e52e16aa238af7f3aca181
Sha256: 697375791a2ce41a6ce2131c494e282b138174397360eb7d3accf8070cc8d282
                                        
                                            POST / HTTP/1.1 
Host: zerossl.ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 06 Dec 2022 02:17:01 GMT
Content-Length: 727
Connection: keep-alive
Last-Modified: Sat, 03 Dec 2022 17:35:59 GMT
Expires: Sat, 10 Dec 2022 17:35:58 GMT
Etag: "f8d7e53bba587c5eb3270baff0f1b480b2c6b487"
Cache-Control: max-age=400136,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775185d6cd47b4fa-OSL

                                        
                                            POST / HTTP/1.1 
Host: zerossl.ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 06 Dec 2022 02:17:01 GMT
Content-Length: 727
Connection: keep-alive
Last-Modified: Sat, 03 Dec 2022 17:35:59 GMT
Expires: Sat, 10 Dec 2022 17:35:58 GMT
Etag: "f8d7e53bba587c5eb3270baff0f1b480b2c6b487"
Cache-Control: max-age=400136,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775185d6ce1fb4f1-OSL

                                        
                                            GET /tp/2022/202202.gif HTTP/1.1 
Host: imgs.meizhiban.cn
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         107.148.135.218
HTTP/1.1 301 Moved Permanently
                                        
Server: kangle/3.5.14
Date: Tue, 06 Dec 2022 02:15:23 GMT
Location: https://d31q194n7fpdes.cloudfront.net/mygai/tp/2022/202202.gif
Content-Length: 0
Connection: close

                                        
                                            GET /images/tj.gif HTTP/1.1 
Host: 669925a.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         18.166.84.185
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
ETag: "64d7f2e7667d81:0"
Last-Modified: Sat, 14 May 2022 09:37:09 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 14:22:42 GMT
Content-Length: 63666
Connection: close


--- Additional Info ---
Magic:  GIF image data, version 89a, 1000 x 100\012- data
Size:   63666
Md5:    887978675d2392b16a1776720a192c12
Sha1:   5b03cc558d8a88f81790dad3fa590e43d292cb02
Sha256: e659b72736e1dc8d28542ecc908832edbc43f800302d74a51f6f35c401c90ca0
                                        
                                            POST / HTTP/1.1 
Host: zerossl.ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 06 Dec 2022 02:17:01 GMT
Content-Length: 727
Connection: keep-alive
Last-Modified: Fri, 02 Dec 2022 19:30:20 GMT
Expires: Fri, 09 Dec 2022 19:30:19 GMT
Etag: "80e023f70d4d93993f59a8d5281945fa95de7b3a"
Cache-Control: max-age=320597,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775185d6bac11c12-OSL

                                        
                                            GET /go1?id=21088117&rt=1670293017450&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=&ing=1&ekc=&sid=1670293017450&tt=&kw=&cu=https%253A%252F%252F699349.com%252F&pu= HTTP/1.1 
Host: ia.51.la
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         103.143.19.103
HTTP/1.1 200
                                        
Server: CloudWAF
Date: Tue, 06 Dec 2022 02:17:01 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: HWWAFSESID=966a18f27cc42978291; path=/ HWWAFSESTIME=1670293017021; path=/

                                        
                                            POST / HTTP/1.1 
Host: zerossl.ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 06 Dec 2022 02:17:01 GMT
Content-Length: 727
Connection: keep-alive
Last-Modified: Fri, 02 Dec 2022 19:30:20 GMT
Expires: Fri, 09 Dec 2022 19:30:19 GMT
Etag: "80e023f70d4d93993f59a8d5281945fa95de7b3a"
Cache-Control: max-age=320597,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775185d81ddfb4fa-OSL

                                        
                                            GET /zybb/5wzt.js HTTP/1.1 
Host: 699349.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         16.162.201.20
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
ETag: "0eea892217d91:0"
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:36 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 01:49:42 GMT
Content-Length: 722
Connection: close


--- Additional Info ---
Magic:  HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size:   722
Md5:    717cbc8d6864af2af65e9bf3000ac9fb
Sha1:   39b65a734c5decf6d13cc0a02915d48ceffd67cb
Sha256: f763b06ebb399fec1aa1cf9b3081dc173539d55c843890d5ee20df395a565f0a

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /zybb/yyzt.js HTTP/1.1 
Host: 699349.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         16.162.201.20
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
ETag: "01bda93217d91:0"
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:38 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 01:49:42 GMT
Content-Length: 781
Connection: close


--- Additional Info ---
Magic:  HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size:   781
Md5:    56f848637b4b2660d75dcf0bf5ab306d
Sha1:   ae0f5638ca02947f1fe8af35cdf70492a22c70d3
Sha256: a40f3ea3eff374c4466f55e016f939be4f14e2af4ea3539da0338df7f1393d45

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /tp/101/100sjb.gif HTTP/1.1 
Host: imgs.meizhiban.cn
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         107.148.135.218
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 02:17:00 GMT
Content-Length: 1245
Connection: close


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size:   1245
Md5:    5343c1a8b203c162a3bf3870d9f50fd4
Sha1:   04b5b886c20d88b57eea6d8ff882624a4ac1e51d
Sha256: dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f
                                        
                                            GET /tp/0065tk/0065tk.gif HTTP/1.1 
Host: imgs.mygai.cn
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         107.148.135.221
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=utf-8
                                        
Server: kangle/3.5.14
Date: Tue, 06 Dec 2022 02:15:23 GMT
Content-Length: 579
Connection: close


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   579
Md5:    fd257e3a9b8d3abd1ecd56a8e8e4c298
Sha1:   8ef622bd79a2d55116e52e16aa238af7f3aca181
Sha256: 697375791a2ce41a6ce2131c494e282b138174397360eb7d3accf8070cc8d282
                                        
                                            GET /tp/hf/1989_800x100.gif HTTP/1.1 
Host: imgs.mygai.cn
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         107.148.135.221
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=utf-8
                                        
Server: kangle/3.5.14
Date: Tue, 06 Dec 2022 02:15:23 GMT
Content-Length: 579
Connection: close


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   579
Md5:    fd257e3a9b8d3abd1ecd56a8e8e4c298
Sha1:   8ef622bd79a2d55116e52e16aa238af7f3aca181
Sha256: 697375791a2ce41a6ce2131c494e282b138174397360eb7d3accf8070cc8d282
                                        
                                            GET /tp/101/100cphf.gif HTTP/1.1 
Host: imgs.mygai.cn
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         107.148.135.221
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=utf-8
                                        
Server: kangle/3.5.14
Date: Tue, 06 Dec 2022 02:15:23 GMT
Content-Length: 579
Connection: close


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   579
Md5:    fd257e3a9b8d3abd1ecd56a8e8e4c298
Sha1:   8ef622bd79a2d55116e52e16aa238af7f3aca181
Sha256: 697375791a2ce41a6ce2131c494e282b138174397360eb7d3accf8070cc8d282
                                        
                                            GET /tp/00852tk/00852tk.gif HTTP/1.1 
Host: imgs.mygai.cn
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         107.148.135.221
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=utf-8
                                        
Server: kangle/3.5.14
Date: Tue, 06 Dec 2022 02:15:23 GMT
Content-Length: 579
Connection: close


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   579
Md5:    fd257e3a9b8d3abd1ecd56a8e8e4c298
Sha1:   8ef622bd79a2d55116e52e16aa238af7f3aca181
Sha256: 697375791a2ce41a6ce2131c494e282b138174397360eb7d3accf8070cc8d282
                                        
                                            GET /tp/hf/1999_800x100.gif HTTP/1.1 
Host: imgs.mygai.cn
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         107.148.135.221
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=utf-8
                                        
Server: kangle/3.5.14
Date: Tue, 06 Dec 2022 02:15:23 GMT
Content-Length: 579
Connection: close


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   579
Md5:    fd257e3a9b8d3abd1ecd56a8e8e4c298
Sha1:   8ef622bd79a2d55116e52e16aa238af7f3aca181
Sha256: 697375791a2ce41a6ce2131c494e282b138174397360eb7d3accf8070cc8d282
                                        
                                            GET /zybb/dhzt.js HTTP/1.1 
Host: 699349.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         16.162.201.20
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
ETag: "0eea892217d91:0"
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:36 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 01:49:42 GMT
Content-Length: 764
Connection: close


--- Additional Info ---
Magic:  HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size:   764
Md5:    17f1b6ee383a543698168fa243d97c2a
Sha1:   0d5d11f7a21aa5863f3a6deb358a7fb70bc0f342
Sha256: bf218c605646f7b57cf2c1192af89d0385bd112aad82a723dc5eec3cbc64c498

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /tu/%E5%85%AD%E5%90%88%E5%BD%A9.png HTTP/1.1 
Host: www.290996a.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         18.166.84.185
HTTP/1.1 200 OK
Content-Type: image/png
                                        
ETag: "109c534ebb83d41:0"
Last-Modified: Sat, 24 Nov 2018 06:02:39 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 01:39:12 GMT
Content-Length: 3253
Connection: close


--- Additional Info ---
Magic:  PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced\012- data
Size:   3253
Md5:    7d85182ed9e949c8359e29b99a15b6a4
Sha1:   ad844dadd7fb80580325fe2e55c8444f67b99e16
Sha256: d3c6700276f398a149f080b83d1be5f1706b1387661c479bcc96a821c1bba7db
                                        
                                            GET /img/6.png HTTP/1.1 
Host: www.775592.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         43.198.33.164
HTTP/1.1 200 OK
Content-Type: image/png
                                        
ETag: "70c81f6ccd19d51:0"
Last-Modified: Mon, 03 Jun 2019 05:30:15 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 13:59:33 GMT
Content-Length: 3706
Connection: close


--- Additional Info ---
Magic:  PNG image data, 100 x 100, 8-bit colormap, non-interlaced\012- data
Size:   3706
Md5:    8796a3b03fd42f1b1d7d7e2cf05b3bb4
Sha1:   0f34af2ff701dbf5d1ad5bedd3530b9ca8f0e927
Sha256: 77dc2df72ae98a651b05e63320e53c5f24f0a44bbf54b8b2d69312f5cbd48b02
                                        
                                            GET /images/sbx.gif HTTP/1.1 
Host: www.290996a.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         18.166.84.185
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
ETag: "ac73b7a67ccd51:0"
Last-Modified: Thu, 16 Jan 2020 12:21:27 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 13:56:59 GMT
Content-Length: 6152
Connection: close


--- Additional Info ---
Magic:  GIF image data, version 89a, 120 x 91\012- data
Size:   6152
Md5:    accda4679e65b975b589dedae25a3a6a
Sha1:   6d62feb19bad82fe34ca0ec6477d811b1cd2675f
Sha256: 56afc3cf038eacd0a4b7016bbd0272f514aadff241e0045ec3488d1e90f60fa1
                                        
                                            GET /images/8.png HTTP/1.1 
Host: 905566a.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         43.198.33.164
HTTP/1.1 200 OK
Content-Type: image/png
                                        
ETag: "7a5b50332f5d41:0"
Last-Modified: Wed, 17 Apr 2019 09:44:50 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/10.0
Date: Tue, 06 Dec 2022 01:39:12 GMT
Content-Length: 10179
Connection: close


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=3, software=Adobe Photoshop CS6 (Windows), datetime=2017-05-19T17:32:36+08:00], baseline, precision 8, 300x300, components 3\012- data
Size:   10179
Md5:    dae8da57ad90df205964de1a3511869d
Sha1:   b02e94c06eac5f255d0af37f0a6443f8bd371269
Sha256: e8b179efb1b5eee704a9b7e3cf8c36a59c646c9bb7f1acd5ac7e4b1b2e88a5a8
                                        
                                            GET /images/sxsx.png HTTP/1.1 
Host: www.290996a.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         18.166.84.185
HTTP/1.1 200 OK
Content-Type: image/png
                                        
ETag: "29fc7924429bd41:0"
Last-Modified: Mon, 24 Dec 2018 04:35:48 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 01:39:11 GMT
Content-Length: 3776
Connection: close


--- Additional Info ---
Magic:  PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced\012- data
Size:   3776
Md5:    0ef25c8c777978ad14f4ccb0c77da6bf
Sha1:   d795c4f4f3428f04548754136bc0dbd1af92faac
Sha256: 75c65512497bb3a2ebe49d37bde8fc1ef7a5253871c6d58a28a1accd8d42114a
                                        
                                            GET /tu/pk10.png HTTP/1.1 
Host: www.290996a.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         18.166.84.185
HTTP/1.1 200 OK
Content-Type: image/png
                                        
ETag: "beb29f4dbb83d41:0"
Last-Modified: Sat, 24 Nov 2018 06:02:38 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 01:39:11 GMT
Content-Length: 3171
Connection: close


--- Additional Info ---
Magic:  PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced\012- data
Size:   3171
Md5:    928308dc01922e337feffe659787a9e5
Sha1:   2bc281633711710a1ef8fd20e3e00428395e7eb3
Sha256: 6c59557f63d4c8bf0e47bce1b498aece087ade47efbc87c02cabaa4bf5a2000a
                                        
                                            GET /tu/%E6%97%B6%E6%97%B6%E5%BD%A9.png HTTP/1.1 
Host: www.290996a.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         18.166.84.185
HTTP/1.1 200 OK
Content-Type: image/png
                                        
ETag: "acd754fbb83d41:0"
Last-Modified: Sat, 24 Nov 2018 06:02:40 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 01:39:12 GMT
Content-Length: 3240
Connection: close


--- Additional Info ---
Magic:  PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced\012- data
Size:   3240
Md5:    6c4b987758b8221441aa601f0ac70b38
Sha1:   535984741aba5253b1dc8c20ac6a80a415025494
Sha256: 116d3d50171810bd46a54d0fcca787863623aed6ea5da3d971cf3365db25174f
                                        
                                            GET /images/colors.png HTTP/1.1 
Host: 290997a.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         43.198.33.164
HTTP/1.1 200 OK
Content-Type: image/png
                                        
ETag: "59a86d5419bd41:0"
Last-Modified: Mon, 24 Dec 2018 04:33:35 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 01:39:12 GMT
Content-Length: 4190
Connection: close


--- Additional Info ---
Magic:  PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced\012- data
Size:   4190
Md5:    179fe0b168c0963d292ba3bf44666796
Sha1:   56cec0596b0f2cb07846ab075bf3e3453b67ebb7
Sha256: a3be6bb501c15359aa7515e000e03755e112ebd07d12d7f77bbba5078473aa41
                                        
                                            GET /zybb/ds3x.js HTTP/1.1 
Host: 699349.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         16.162.201.20
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
ETag: "0eea892217d91:0"
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:36 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 01:49:42 GMT
Content-Length: 797
Connection: close


--- Additional Info ---
Magic:  HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size:   797
Md5:    1179f3dbd5b6b47bad801b62e910f105
Sha1:   689dc9ac51dd1476f4891f56174bb5e538dd70af
Sha256: abdf3191c4e777b12af5c09561d5756ea064aad6e0d7490471fa4f3bfef71e9f

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /tp/hf/895_800x100.gif HTTP/1.1 
Host: imgs.mygai.cn
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         107.148.135.221
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=utf-8
                                        
Server: kangle/3.5.14
Date: Tue, 06 Dec 2022 02:15:24 GMT
Content-Length: 579
Connection: close


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   579
Md5:    fd257e3a9b8d3abd1ecd56a8e8e4c298
Sha1:   8ef622bd79a2d55116e52e16aa238af7f3aca181
Sha256: 697375791a2ce41a6ce2131c494e282b138174397360eb7d3accf8070cc8d282
                                        
                                            GET /zybb/nvxzt.js HTTP/1.1 
Host: 699349.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         16.162.201.20
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
ETag: "80844193217d91:0"
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:37 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 23:44:42 GMT
Content-Length: 817
Connection: close


--- Additional Info ---
Magic:  HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size:   817
Md5:    74b1f903aac8a534416d5fee3a40da92
Sha1:   f050a37aec8198661d566ad0d51dea96309977bc
Sha256: 79f83b7660b5b49dcd6041894e911cff8d357300b7ef9d5d0723b4d100d3ebdc

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /images/7.jpg HTTP/1.1 
Host: 905566a.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         43.198.33.164
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
ETag: "a188eb312f5d41:0"
Last-Modified: Wed, 17 Apr 2019 09:44:47 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/10.0
Date: Mon, 05 Dec 2022 23:55:11 GMT
Content-Length: 16760
Connection: close


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 512x512, components 3\012- data
Size:   16760
Md5:    d803b4cf1dc2437adac8ad9706ece0c4
Sha1:   f97bb7ddffca37cd88e14ec0c4e2571ff429ed44
Sha256: 05acede47462a44cd4fa008afbe6d7ce1cd993f753c8cd2382d719218a63ba21
                                        
                                            GET /tu/lf888.png HTTP/1.1 
Host: www.290996a.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         18.166.84.185
HTTP/1.1 200 OK
Content-Type: image/png
                                        
ETag: "60606c9c415ad51:0"
Last-Modified: Sat, 24 Aug 2019 06:03:12 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 00:10:43 GMT
Content-Length: 22523
Connection: close


--- Additional Info ---
Magic:  PNG image data, 103 x 112, 8-bit/color RGBA, non-interlaced\012- data
Size:   22523
Md5:    c5b6657412d0b878e34fbd7a19957f3a
Sha1:   4ee5a750b415ffe518aa9f3ee9cdb1b79b058b0f
Sha256: 5b207172438d153afd973450add6ce41d67780f71a11f4e56405a4aae5aab728
                                        
                                            GET /jsdc/895cc.js HTTP/1.1 
Host: 699349.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         16.162.201.20
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Content-Encoding: gzip
ETag: "72e61a98b51cd81:0"
Last-Modified: Tue, 08 Feb 2022 06:32:07 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 00:02:00 GMT
Content-Length: 1320
Connection: close


--- Additional Info ---
Magic:  HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (311), with CRLF line terminators
Size:   1320
Md5:    80bbd5f3d10c08b7645f8e06c0fde184
Sha1:   2d00281cbd3e1216ce2e9edd0f3ef6243366ffc6
Sha256: e8548ff06a9e7e167235f25ebf3df7d1116e61cd1d91d9b900d0f8b7b5a88285

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /tp/49tk/49tk3.gif HTTP/1.1 
Host: imgs.mygai.cn
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         107.148.135.221
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=utf-8
                                        
Server: kangle/3.5.14
Date: Tue, 06 Dec 2022 02:15:24 GMT
Content-Length: 579
Connection: close


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   579
Md5:    fd257e3a9b8d3abd1ecd56a8e8e4c298
Sha1:   8ef622bd79a2d55116e52e16aa238af7f3aca181
Sha256: 697375791a2ce41a6ce2131c494e282b138174397360eb7d3accf8070cc8d282
                                        
                                            GET /images/sx004.jpg HTTP/1.1 
Host: 628866a.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         43.198.33.164
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
ETag: "8f5a9a0e2fed61:0"
Last-Modified: Tue, 09 Feb 2021 12:53:56 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 01:39:13 GMT
Content-Length: 418548
Connection: close


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=1280, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=960], baseline, precision 8, 960x1280, components 3\012- data
Size:   418548
Md5:    cf261190edae73c2d51796b7a8dbe5a5
Sha1:   fe9faa7fa093feb4a0212413e9973c2f8000d49f
Sha256: 1f0da2afea3675b1cb0344468578b041cb6fe2c48f1370a73ea834037ca7b082
                                        
                                            GET /tp/8769/8769hf.gif HTTP/1.1 
Host: imgs.mygai.cn
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         107.148.135.221
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=utf-8
                                        
Server: kangle/3.5.14
Date: Tue, 06 Dec 2022 02:15:24 GMT
Content-Length: 579
Connection: close


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   579
Md5:    fd257e3a9b8d3abd1ecd56a8e8e4c298
Sha1:   8ef622bd79a2d55116e52e16aa238af7f3aca181
Sha256: 697375791a2ce41a6ce2131c494e282b138174397360eb7d3accf8070cc8d282
                                        
                                            GET /zybb/tdzt.js HTTP/1.1 
Host: 699349.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         16.162.201.20
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Content-Encoding: gzip
ETag: "1be074f4a17d91:0"
Last-Modified: Sun, 04 Dec 2022 05:33:35 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 20:31:02 GMT
Content-Length: 814
Connection: close


--- Additional Info ---
Magic:  HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size:   814
Md5:    fbcdb1e79ea5239f8af8b4e4550f1644
Sha1:   2aae1c27614a43da3a6707163c0239bcd4685b98
Sha256: 03cf34ad202a561e0d9491a7e0a62b7e3533ff0754536d9399db660f22ed07ba

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /zybb/5xzt.js HTTP/1.1 
Host: 699349.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         16.162.201.20
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
ETag: "0eea892217d91:0"
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:36 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 01:49:42 GMT
Content-Length: 1492
Connection: close


--- Additional Info ---
Magic:  HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size:   1492
Md5:    5492950bcd256d496b0a67dcd37594ea
Sha1:   0c5b52c321afe39d1faaa8569c3762594fa90bd1
Sha256: 2ef9a0d8bc4398e528046605fdc57cd8011432083a8a1ced7596356d80c73705

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /jsdc/9898.js HTTP/1.1 
Host: 699349.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         16.162.201.20
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Content-Encoding: gzip
ETag: "3ddc7a4f22d6d81:0"
Last-Modified: Sun, 02 Oct 2022 05:46:25 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 00:02:01 GMT
Content-Length: 1317
Connection: close


--- Additional Info ---
Magic:  HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (311), with CRLF line terminators
Size:   1317
Md5:    91a223b0c90a5bcf10798282e143504c
Sha1:   a44ef11319747ba51377b0488159e7778b365efe
Sha256: efe4c7b8b4c7bcc1740b4d4d3e2c396e753aa26b3114c08a94244367eaf94387

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /zybb/ptyx.js HTTP/1.1 
Host: 699349.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         16.162.201.20
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
ETag: "80844193217d91:0"
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:37 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 01:49:42 GMT
Content-Length: 844
Connection: close


--- Additional Info ---
Magic:  HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size:   844
Md5:    351a50440a0222439a43b95c28f2b326
Sha1:   8d56f53afffa50785c070f911b529ca3428fde57
Sha256: 4bbdc24ef55e15e9c0c435b11070a18ec9c58df244c3ae287d92b231ed85e1ec

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /images/sx002.jpg HTTP/1.1 
Host: 628866a.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         43.198.33.164
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
ETag: "9d561fa1e2fed61:0"
Last-Modified: Tue, 09 Feb 2021 12:53:57 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 22:31:26 GMT
Content-Length: 386517
Connection: close


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 1x1, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, software=www.meitu.com], baseline, precision 8, 1440x900, components 3\012- data
Size:   386517
Md5:    5a8bd9cb921927c2d02d9a6f7c25d8c0
Sha1:   5737c6396bcd7d5249048bd05887eb76440aee99
Sha256: fd7fe5380476127a04ee860b0bac7c0cbff17cf35e38cbf00f7e5d2c3431e1d5
                                        
                                            GET /bd/pttg.js HTTP/1.1 
Host: 699349.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         16.162.201.20
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
ETag: "80b5a5ec197d91:0"
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 13:19:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 00:28:08 GMT
Content-Length: 3813
Connection: close


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size:   3813
Md5:    d550d03e6a8602499dea773ce9b74b23
Sha1:   54efe0adde5d710eac9aef121a047f4c163a81c8
Sha256: b576c96f7b5117b5bd143fa6f7ac0a2e119ef318c591ef63372d8820e1cdd8b1

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /zybb/ptyw.js HTTP/1.1 
Host: 699349.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         16.162.201.20
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
ETag: "80844193217d91:0"
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:37 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 13:59:46 GMT
Content-Length: 1055
Connection: close


--- Additional Info ---
Magic:  HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size:   1055
Md5:    ae700f80fc11c55a1878f2a1f6018c6c
Sha1:   390fe67613ca33bfcbc37c9f42a6df63fd72c3cf
Sha256: 4e6c1b17f1287de2cb1e716ab76e85d59d613d5eacb6f50c728caa3cf96894e8

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /images/sx003.jpg HTTP/1.1 
Host: 628866a.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         43.198.33.164
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
ETag: "97315aa0e2fed61:0"
Last-Modified: Tue, 09 Feb 2021 12:53:56 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 22:34:48 GMT
Content-Length: 76750
Connection: close


--- Additional Info ---
Magic:  JPEG image data, baseline, precision 8, 501x722, components 3\012- data
Size:   76750
Md5:    489ea9332ce03d4378afd0c4dfae8b69
Sha1:   39834c555e165e7ba483849cb3f961a966a2cbe2
Sha256: b5fa3028ebbd0edf0f2a5798f1df71509e35daaa108da14cf013aab934be0662
                                        
                                            GET /images/sx001.jpg HTTP/1.1 
Host: 628866a.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         43.198.33.164
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
ETag: "15dd7fb34116d81:0"
Last-Modified: Mon, 31 Jan 2022 01:27:24 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 22:32:10 GMT
Content-Length: 1079505
Connection: close


--- Additional Info ---
Magic:  PNG image data, 972 x 690, 8-bit/color RGBA, non-interlaced\012- data
Size:   1079505
Md5:    13be2b66ee5e018a7f05fdd2137f0ffc
Sha1:   91fc72147092152e9a1fec6c0a6a048800b633c0
Sha256: 070af32e38af80515a54f85e3acf241a03acb18354c0534e2ac9eab8961bbd47
                                        
                                            GET /zybb/dslx.js HTTP/1.1 
Host: 699349.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         16.162.201.20
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
ETag: "80844193217d91:0"
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:37 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 02:05:31 GMT
Content-Length: 861
Connection: close


--- Additional Info ---
Magic:  HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size:   861
Md5:    ae2fa9862cc3966cc5fdaa8086ea1a28
Sha1:   74b019b17a1fe69a7b48669be53e943dadea98a1
Sha256: 853326c7d76cc89cfd03d84b5a9f5a6406a50601fd706333c4dc513a7fe2d5ea

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /zybb/24ma.js HTTP/1.1 
Host: 699349.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         16.162.201.20
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
ETag: "0eea892217d91:0"
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:36 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 23:44:43 GMT
Content-Length: 1467
Connection: close


--- Additional Info ---
Magic:  HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size:   1467
Md5:    16e49c9c9effa65ec7705400d52cc0d1
Sha1:   619affd7d8d7db04c496e76ea82b1fbc594689dc
Sha256: 1de9bd2df0d9bd5aba3d6aff1267226a9c62ec6e6a2fddceaf4bbac904ea4dac

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /zybb/zyzt.js HTTP/1.1 
Host: 699349.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         16.162.201.20
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
ETag: "01bda93217d91:0"
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:38 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 00:23:02 GMT
Content-Length: 754
Connection: close


--- Additional Info ---
Magic:  HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size:   754
Md5:    f4bd219f5a87e4cabefda2d7a3d71b13
Sha1:   016ee8a48eb0dac7b0f12db3f546ebf8589cf842
Sha256: 76d4a00102c057cd657d83083b6eceac91433dbf764e47ebf03ac115951e2c17

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /zybb/xdxzt.js HTTP/1.1 
Host: 699349.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         16.162.201.20
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
ETag: "01bda93217d91:0"
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:38 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 23:44:43 GMT
Content-Length: 750
Connection: close


--- Additional Info ---
Magic:  HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size:   750
Md5:    16bc73eedb253037f5b7d94ae9533f7a
Sha1:   ff624bc5a7e69fd58479bd86163aaab8473b79bb
Sha256: 4a76bd0237e984340a3e33129df1601b7b07a7270905bfed0d3c579cde55a3fe

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /zybb/gsb2.js HTTP/1.1 
Host: 699349.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         16.162.201.20
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
ETag: "80844193217d91:0"
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:37 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 00:54:43 GMT
Content-Length: 1407
Connection: close


--- Additional Info ---
Magic:  HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size:   1407
Md5:    33ed43e41648abd8a8737a3fe1777228
Sha1:   252e60c7df16b2373447a3b6be9f4d27d0a98a51
Sha256: ecc019b54c39557ee824f9600aba780a47248c7a2505475131fa4975caaecbd3

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /zybb/4jzt.js HTTP/1.1 
Host: 699349.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         16.162.201.20
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
ETag: "0eea892217d91:0"
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:36 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 01:49:43 GMT
Content-Length: 792
Connection: close


--- Additional Info ---
Magic:  HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size:   792
Md5:    4c4dc616fc55821a698d1140815cd8f3
Sha1:   d033f2e5a4f685b5bbb9b938cf6df1c49476e506
Sha256: f79eefb5325a4d163fc3e552c9bf118323adf8fab05b86e6306aa2dc6c576e19

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /zybb/hbzt.js HTTP/1.1 
Host: 699349.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         16.162.201.20
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
ETag: "80844193217d91:0"
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:37 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 23:44:44 GMT
Content-Length: 847
Connection: close


--- Additional Info ---
Magic:  HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size:   847
Md5:    40d8f4d6c712eb4498ebebbc67484ca2
Sha1:   51b441159de4ee74b8d981016f20684ca6893f86
Sha256: 4ecce0a74e8ab72d21bb84630e942caf06a3efd62d0e3138be66ac9cd4c7dd72

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /zybb/ywbzt.js HTTP/1.1 
Host: 699349.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         16.162.201.20
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
ETag: "01bda93217d91:0"
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:38 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 23:44:44 GMT
Content-Length: 556
Connection: close


--- Additional Info ---
Magic:  HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size:   556
Md5:    dbfb74e16d291f66512806b17781fc22
Sha1:   a464d8b44e10c7b45f094dbf0abce0a94e4eabc1
Sha256: 7e7574bb2225135aacfece96445fb7f18038493b0f4d86f2f9d48dfe33e72966

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /zybb/dsbzt.js HTTP/1.1 
Host: 699349.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         16.162.201.20
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Content-Encoding: gzip
ETag: "87844093217d91:0"
Last-Modified: Sat, 03 Dec 2022 14:14:36 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 14:12:02 GMT
Content-Length: 942
Connection: close


--- Additional Info ---
Magic:  HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size:   942
Md5:    312c7f625c0f36aac9b50fc7a3bd88ef
Sha1:   afa8ffe68813627328dab76a7d4bc3f54ea0f3b0
Sha256: 2fe094bd0ea77cda61e11cac7b43f31f59978d1a83bf9c66180e847a20cfd42e

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /zybb/gongshi.js HTTP/1.1 
Host: 699349.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         16.162.201.20
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
ETag: "80844193217d91:0"
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:37 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 23:44:44 GMT
Content-Length: 869
Connection: close


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size:   869
Md5:    7a267f60344fec389e3c0bbce3efe3ba
Sha1:   238d1d0708356caedc08cd039bf4d726ed67bd9f
Sha256: b01b3d689baf1690f51527e05bea593f1bd5ae3caf0b7f29f43fe985768bd7c1

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /zybb/jmxc.js HTTP/1.1 
Host: 699349.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         16.162.201.20
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
ETag: "80844193217d91:0"
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:37 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 00:35:18 GMT
Content-Length: 994
Connection: close


--- Additional Info ---
Magic:  HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size:   994
Md5:    8413295f82115c4d8ab3cae26f4a771e
Sha1:   c50b89748deb84bdad22380706a5477844f21c98
Sha256: 6c76c05444e6ebaac3e4b771c7dfa092cd118b7fdaa3d2db46781d2f01235b3e

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /zybb/lbzt.js HTTP/1.1 
Host: 699349.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         16.162.201.20
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
ETag: "80844193217d91:0"
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:37 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 00:28:15 GMT
Content-Length: 1107
Connection: close


--- Additional Info ---
Magic:  HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size:   1107
Md5:    bc3b109a4d7fd1f640cd9115d1484d55
Sha1:   c9a075cdae853852223a8c525b1a9045356736bc
Sha256: ad1292d17aaef9305a52b5bd54c096baea3172a3bcd7c5d1a83bef97d5a3a81b

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /jsdc/49ac.js HTTP/1.1 
Host: 699349.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         16.162.201.20
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Content-Encoding: gzip
ETag: "808c6486e81bd81:0"
Last-Modified: Mon, 07 Feb 2022 06:04:10 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 00:05:08 GMT
Content-Length: 1725
Connection: close


--- Additional Info ---
Magic:  HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (311), with CRLF line terminators
Size:   1725
Md5:    1dd52b1a2fd24f57ed713d258cf25668
Sha1:   598f2382be5960d967f5424300bf5c51f501a056
Sha256: 97a9741571d36591084da6e3541123c2a61b232ea43a01d9e67c9ed518cedaba

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /jiuxiaoyima.js HTTP/1.1 
Host: 699349.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         16.162.201.20
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
ETag: "80b17294217d91:0"
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:39 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 01:49:43 GMT
Content-Length: 1300
Connection: close


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size:   1300
Md5:    b85311c8025c51deac09a36cfc067e7b
Sha1:   82d08dc8cf8b1dbb45f4758d657ceb81e2abbf69
Sha256: 50c006b42668af51af14a37e9131666ef43cdf249047404ff3538b56027cc25c

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /zybb/gsb3.js HTTP/1.1 
Host: 699349.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         16.162.201.20
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
ETag: "80844193217d91:0"
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:37 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 01:49:43 GMT
Content-Length: 954
Connection: close


--- Additional Info ---
Magic:  HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size:   954
Md5:    64fcea2274be1eb52dada508ff12abfb
Sha1:   b1537b66477f3416d2e750a718921159e448f52b
Sha256: 8ac7a641417135739d0f18a489ede85c02b99175addade27632917a61cf9e13e

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /zybb/3qbc.js HTTP/1.1 
Host: 699349.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         16.162.201.20
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
ETag: "0eea892217d91:0"
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:36 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 23:44:44 GMT
Content-Length: 862
Connection: close


--- Additional Info ---
Magic:  HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size:   862
Md5:    b6446f10764651aa4014031cc736d935
Sha1:   8ccbcdc87b216a3336428e4843d8a5b104f8ec6a
Sha256: 2ab160d91ec6267266c1da1ee5ae567aab15055153ddbbbc4bda1241b716a0e5

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /zybb/dxdzt.js HTTP/1.1 
Host: 699349.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         16.162.201.20
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
ETag: "80844193217d91:0"
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:37 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 01:49:43 GMT
Content-Length: 864
Connection: close


--- Additional Info ---
Magic:  HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size:   864
Md5:    4d9a6ea33952c0d351431d65dfd62d4e
Sha1:   0d0ff3b427275e9b62496146843c6c1d42f5cb34
Sha256: d9eeeff394299cccaa4a0b9a8205ac658234ba072468ef4b21aadb55f5760b39

Alerts:
  Blocklists:
    - fortinet: Phishing