Report - 699349.com/

Report Overview

Submitted URL
699349.com/
IP
18.166.84.185
ASN
#16509 AMAZON-02
Submitted
2022-12-06 02:17:08
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
112

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	52.38.139.17
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	68 kB	34.120.237.76
js.users.51.la	53024	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	712 B	5.4 kB	103.143.19.103
js.szly123.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	12 kB	18.166.84.185
imgs.mygai.cn	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	5.0 kB	9.7 kB	107.148.135.221
imgs.meizhiban.cn	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	773 B	1.6 kB	107.148.135.218
905566a.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	750 B	27 kB	43.198.33.164
699349.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	18 kB	106 kB	43.198.33.164
ocsp.globalsign.com	2075	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	722 B	3.8 kB	104.18.20.226
www.669925a.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	740 B	24 kB	16.162.201.20
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
zerossl.ocsp.sectigo.com	4049	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	7.0 kB	24 kB	172.64.155.188
code.jquery.com	634	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	366 B	33 kB	69.16.175.42
669925a.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.1 kB	72 kB	18.166.84.185
628866a.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.9 kB	2.0 MB	43.198.33.164
sbx2019.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	351 B	4.0 kB	43.198.33.164
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.7 kB	4.4 kB	23.36.77.32
www.775592.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	375 B	4.0 kB	43.198.33.164
ia.51.la	59607	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	537 B	200 B	103.143.19.103
www.290996a.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.3 kB	44 kB	18.166.84.185
290997a.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	380 B	4.5 kB	43.198.33.164
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	682 B	1.5 kB	93.184.220.29

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-12-06	medium	699349.com/	Phishing
2022-12-06	medium	699349.com/	Phishing
2022-12-06	medium	699349.com/bd/xggglf.js	Phishing
2022-12-06	medium	699349.com/jsdc/1989.js	Phishing
2022-12-06	medium	669925a.com/ktzsx.js	Phishing
2022-12-06	medium	669925a.com/tttg.js	Phishing
2022-12-06	medium	669925a.com/zybb/xjgsb.js	Phishing
2022-12-06	medium	699349.com/js/SuperSlide.js	Phishing
2022-12-06	medium	669925a.com/jgp.js	Phishing
2022-12-06	medium	699349.com/jsdc/2025.js	Phishing
2022-12-06	medium	669925a.com/mhcz.js	Phishing
2022-12-06	medium	628866a.com/js/kj-link.js	Phishing
2022-12-06	medium	699349.com/mhczjx.js	Phishing
2022-12-06	medium	699349.com/bd/tszl.js	Phishing
2022-12-06	medium	www.669925a.com/zybb/xjzl.js	Phishing
2022-12-06	medium	699349.com/zybb/gsb1.js	Phishing
2022-12-06	medium	699349.com/jsdc/1999.js	Phishing
2022-12-06	medium	699349.com/zybb/ryzt.js	Phishing
2022-12-06	medium	699349.com/zybb/qhzt.js	Phishing
2022-12-06	medium	699349.com/bd/wlrt.js	Phishing
2022-12-06	medium	699349.com/zybb/5wzt.js	Phishing
2022-12-06	medium	699349.com/zybb/yyzt.js	Phishing
2022-12-06	medium	699349.com/zybb/dhzt.js	Phishing
2022-12-06	medium	699349.com/zybb/ds3x.js	Phishing
2022-12-06	medium	699349.com/zybb/nvxzt.js	Phishing
2022-12-06	medium	699349.com/jsdc/895cc.js	Phishing
2022-12-06	medium	699349.com/zybb/tdzt.js	Phishing
2022-12-06	medium	699349.com/zybb/5xzt.js	Phishing
2022-12-06	medium	699349.com/jsdc/9898.js	Phishing
2022-12-06	medium	699349.com/zybb/ptyx.js	Phishing
2022-12-06	medium	699349.com/bd/pttg.js	Phishing
2022-12-06	medium	699349.com/zybb/ptyw.js	Phishing
2022-12-06	medium	699349.com/zybb/dslx.js	Phishing
2022-12-06	medium	699349.com/zybb/24ma.js	Phishing
2022-12-06	medium	699349.com/zybb/zyzt.js	Phishing
2022-12-06	medium	699349.com/zybb/xdxzt.js	Phishing
2022-12-06	medium	699349.com/zybb/gsb2.js	Phishing
2022-12-06	medium	699349.com/zybb/4jzt.js	Phishing
2022-12-06	medium	699349.com/zybb/hbzt.js	Phishing
2022-12-06	medium	699349.com/zybb/ywbzt.js	Phishing
2022-12-06	medium	699349.com/zybb/dsbzt.js	Phishing
2022-12-06	medium	699349.com/zybb/gongshi.js	Phishing
2022-12-06	medium	699349.com/zybb/jmxc.js	Phishing
2022-12-06	medium	699349.com/zybb/lbzt.js	Phishing
2022-12-06	medium	699349.com/jsdc/49ac.js	Phishing
2022-12-06	medium	699349.com/jiuxiaoyima.js	Phishing
2022-12-06	medium	699349.com/zybb/gsb3.js	Phishing
2022-12-06	medium	699349.com/zybb/3qbc.js	Phishing
2022-12-06	medium	699349.com/zybb/dxdzt.js	Phishing
2022-12-06	medium	699349.com/bd/tugsb.js	Phishing
2022-12-06	medium	699349.com/zybb/jyzt.js	Phishing
2022-12-06	medium	699349.com/zybb/caitu.js	Phishing
2022-12-06	medium	699349.com/zybb/juesha.js	Phishing
2022-12-06	medium	699349.com/bd/amyqlj.js	Phishing
2022-12-06	medium	699349.com/bd/axzhzl.js	Phishing
2022-12-06	medium	699349.com/js/pub.js	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (43)

	URL	Size	First Seen	Last Seen
	699349.com/jsdc/1999.js	6.0 kB	2023-03-08	2023-03-08
Pretty URL 699349.com/jsdc/1999.js IP 16.162.201.20 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:00:02 Last Seen2023-03-08 20:00:02 Times Seen1 Hash d6dcfd1e45ebe0cc99af2da4d7e91c64 4c2ee167a3c31a630c4708a28ef0b42abd82b977 673aac22b6b34c0b1f5a565999ee2ca790e917288d8d1e5380ce7efbc905f7ef Loading...

	js.szly123.com/js/gg.js	14 kB	2023-03-08	2023-03-13
Pretty URL js.szly123.com/js/gg.js IP 18.166.84.185 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:39:55 Last Seen2023-03-13 03:44:57 Times Seen1 Hash fd81faf7a4e192055299f54a51b11671 2cb1d623a74c6446dcda3f1430d13013b92cbacd 9d3b8cb0a3ea57afdb0edbfd4f4e03364ccff2fec7cdc34e5d54b52b818e8cce Loading...

	699349.com/jsdc/1989.js	5.8 kB	2023-03-08	2023-03-08
Pretty URL 699349.com/jsdc/1989.js IP 16.162.201.20 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:00:02 Last Seen2023-03-08 20:00:02 Times Seen1 Hash d68e23217f4ee374aa1753e288395659 a87c4bf84734083656dbe2a902dcfbb83a3534b8 6be5e7a94f59cb3d0d2b79fdf6b91563d517f1915bfce11f62ca8c11dc9202ae Loading...

	www.669925a.com/zybb/xjzl.js	7.9 kB	2023-03-08	2023-03-08
Pretty URL www.669925a.com/zybb/xjzl.js IP 16.162.201.20 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:00:02 Last Seen2023-03-08 20:00:02 Times Seen1 Hash c0953874c658aec316a9383239af024c 75ee5faf695ee28ea07b5424a2af0a9a359943f7 1ab5af1222a7b1a137c595d74cbf66130bb08572cb684888dea32ec6dd48e1f8 Loading...

	js.szly123.com/js/100.js	5.8 kB	2023-03-08	2023-03-13
Pretty URL js.szly123.com/js/100.js IP 18.166.84.185 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:39:55 Last Seen2023-03-13 03:44:57 Times Seen1 Hash 835ed7b7e2ac878d002a6255f69f922c 7bb7702a3ba4a8ed628bdb34748b9fca6d5b4256 da3bd5ee82f6d6b71b507a84dcf7f92ceb6a1a85cd0bd862332549b27a3f1df8 Loading...

	699349.com/jsdc/895cc.js	5.8 kB	2023-03-08	2023-03-08
Pretty URL 699349.com/jsdc/895cc.js IP 16.162.201.20 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:00:02 Last Seen2023-03-08 20:00:02 Times Seen1 Hash 1b5bd3148850de4c9765062c044ddb0b d43f48a4efd40c3d10ad9a8147db1ef5b0e6e9f4 11371989af672ce7e7960d63a4c81c12d1dabc921d6079cf8f39ae282c26dfc3 Loading...

	699349.com/jiuxiaoyima.js	13 kB	2023-03-08	2023-03-08
Pretty URL 699349.com/jiuxiaoyima.js IP 16.162.201.20 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:00:02 Last Seen2023-03-08 20:00:02 Times Seen1 Hash 993088c124632a5cb067093bf9edda80 c1660d75280608070973b08193573739b7128903 bee7ec28989058b96bd36cd141b8d07538e04c4b7896a70ebaffabdacbe6130e Loading...

	699349.com/zybb/gsb3.js	6.3 kB	2023-03-08	2023-03-08
Pretty URL 699349.com/zybb/gsb3.js IP 16.162.201.20 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:00:02 Last Seen2023-03-08 20:00:02 Times Seen1 Hash 562e86c5082ff313602588bf76786be1 6dc5915b837a41942be8922a6ee8f728ad6bf369 3b9a6e87349e667aa7e7baa482998fde82633209b91aebde93e0e27c688bf72d Loading...

	669925a.com/tttg.js	6.9 kB	2023-03-08	2023-03-08
Pretty URL 669925a.com/tttg.js IP 18.166.84.185 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:00:02 Last Seen2023-03-08 20:00:02 Times Seen1 Hash 72b5ac97840cfbc9b0cbe67889cd83d1 ce02be907431193dc4aa1bf009a85f1e2c7d6438 db64b5fc31c3d4419fdc3dec401d89e30cb132c2e1b37fd40af8e4f14f99cfd5 Loading...

	699349.com/bd/pttg.js	26 kB	2023-03-08	2023-03-08
Pretty URL 699349.com/bd/pttg.js IP 16.162.201.20 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:00:02 Last Seen2023-03-08 20:00:02 Times Seen1 Hash b728f08482b347dc34c48752e3edd2b9 4b140009db084fa5b1fe9e2e52193bcb189e27f7 de76e43cd64ad00c07f806d458f08c16134372fe8ae9973657ae04eb9813ce9d Loading...

	699349.com/bd/axzhzl.js	78 kB	2023-03-08	2023-03-11
Pretty URL 699349.com/bd/axzhzl.js IP 16.162.201.20 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:00:02 Last Seen2023-03-11 15:34:13 Times Seen1 Hash bfb54edb9e5d4c40a187c656c2ff414b 9b41a764a13c8d02322bc2ca79e3e6b1ebcd60df 2138075433804755092bfd4f78c3788ba017459c80cccbe450392ba2f0f0e7b4 Loading...

	669925a.com/jgp.js	6.9 kB	2023-03-08	2023-03-08
Pretty URL 669925a.com/jgp.js IP 18.166.84.185 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:00:02 Last Seen2023-03-08 20:00:02 Times Seen1 Hash 02c463738aa2313442487bfc86f9de4f e2366c0c9748765872209effaff5ead5fdd2148b 833cb38b61376f0d820886a43e86fbacf1628324b27b7d59c535285c04fc8b7f Loading...

	699349.com/jsdc/2025.js	5.8 kB	2023-03-08	2023-03-08
Pretty URL 699349.com/jsdc/2025.js IP 16.162.201.20 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:00:02 Last Seen2023-03-08 20:00:02 Times Seen1 Hash fffd412e25dc9b319ffbb3fadfff41f8 a07d59b6d9f35364738dbe5cb4b20b6937450c77 324cafec5c7c218f9174508dd60152be652f4711df8e52da46af49032f6d828b Loading...

	699349.com/zybb/dslx.js	6.5 kB	2023-03-08	2023-03-08
Pretty URL 699349.com/zybb/dslx.js IP 16.162.201.20 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:00:02 Last Seen2023-03-08 20:00:02 Times Seen1 Hash 206eda7e4222b4dfa4e683caf79f57d2 8ffa142a42bf44426f03284c35957d104226d06e 79f8e9480afab26b2272182cd9336032b509bcb2b41420634736a523d1c86fb0 Loading...

	699349.com/zybb/hbzt.js	5.0 kB	2023-03-08	2023-03-08
Pretty URL 699349.com/zybb/hbzt.js IP 16.162.201.20 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:00:02 Last Seen2023-03-08 20:00:02 Times Seen1 Hash b9862332ac2bf318c32bff202c89a24e d1bee641187f9acca3526b5bf2990ba996c5f7a5 9ce70bf235519bed7e3fb69febae12befb04db002069d6ed55c54c5b4b3d43d7 Loading...

	699349.com/zybb/juesha.js	11 kB	2023-03-08	2023-03-08
Pretty URL 699349.com/zybb/juesha.js IP 16.162.201.20 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:00:02 Last Seen2023-03-08 20:00:02 Times Seen1 Hash b3cb73036d03bb94ef642aaa96ef6118 4451f7f60da112e407d51a1ffa8eddf5a255dfad 2c7835b4c6f3b8aab406695a80873a848ba468fad95467e9c3e648c24455ec3d Loading...

	699349.com/zybb/dsbzt.js	9.0 kB	2023-03-08	2023-03-08
Pretty URL 699349.com/zybb/dsbzt.js IP 16.162.201.20 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:00:02 Last Seen2023-03-08 20:00:02 Times Seen1 Hash ea734fdbbab8528f841a6836e37d2459 3660eb4b2d9d657a80a15d893d81a8ed87ea491a 69a8caec88de8a9645c88dbf5a4552a7a31c284b1de037c8444ea53782e6bf20 Loading...

	699349.com/zybb/jmxc.js	10 kB	2023-03-08	2023-03-08
Pretty URL 699349.com/zybb/jmxc.js IP 16.162.201.20 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:00:02 Last Seen2023-03-08 20:00:02 Times Seen1 Hash a4696310e5951bcb762eaef59d8656de b952f28c6759819de1148c336f2a5c23e4f8e973 a8b059691dbd95e2a58c583b20f221da7b2316f831688730836a021631b3bfc6 Loading...

	699349.com/js/SuperSlide.js	11 kB	2023-03-07	2024-04-26
Pretty URL 699349.com/js/SuperSlide.js IP 16.162.201.20 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:19:46 Last Seen2024-04-26 00:58:55 Times Seen598 Hash cd674d9e02f20426d9acf1d11c85539b 74ab51a432e33698a7a627f05baf749472b72cc3 496bdf2635c9f9494f51d0ba63c8a43e5b6dfb7c88b4426e6a56f577d945e3e9 Loading...

	699349.com/mhczjx.js	7.4 kB	2023-03-08	2023-03-08
Pretty URL 699349.com/mhczjx.js IP 16.162.201.20 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:00:02 Last Seen2023-03-08 20:00:02 Times Seen1 Hash f8075658c59dd34c9e99671fa91879f0 c245f6b99be08a3cf43f73e26ce903f00e4e8ee8 6df55d26fef0136336c3fbb8dc443c69683eacd23bd75852fb61d5adc0e1b781 Loading...

	js.szly123.com/fivetab.js	35 kB	2023-03-08	2023-03-13
Pretty URL js.szly123.com/fivetab.js IP 18.166.84.185 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:39:55 Last Seen2023-03-13 03:44:57 Times Seen1 Hash 4d2401f1438e781336494f65858f1d05 8f3e68a30945c73523b4d3dc3289c9982d743d01 f3b9ba72b61eaf735a8062b8fed6d8648bafd43306feaba90f07fa994290a6c1 Loading...

	699349.com/zybb/gsb1.js	19 kB	2023-03-08	2023-03-08
Pretty URL 699349.com/zybb/gsb1.js IP 16.162.201.20 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:00:02 Last Seen2023-03-08 20:00:02 Times Seen1 Hash d25facdab62f6bbfc3acb80362f6e74a 28898c329d376f653caefb5533bc52ada55f3ab0 cd13fb08f096bdd060523f6ad9f3a2de29fca1e151acf8f8dd9a11b2572f78e6 Loading...

	699349.com/zybb/5xzt.js	23 kB	2023-03-08	2023-03-08
Pretty URL 699349.com/zybb/5xzt.js IP 16.162.201.20 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:00:02 Last Seen2023-03-08 20:00:02 Times Seen1 Hash 9658aa3932a893582bd5796152703daf e6467085923c4467ea0dff4b7ea6238c8ddcccd5 1b6a32a8015a6f698c7c297fa51890090482bc34b612035b06b9c6fc89113c79 Loading...

	699349.com/jsdc/9898.js	5.8 kB	2023-03-08	2023-03-08
Pretty URL 699349.com/jsdc/9898.js IP 16.162.201.20 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:00:02 Last Seen2023-03-08 20:00:02 Times Seen1 Hash 2bbc92dd71263902f848cca9adf6d953 9b4161ed2c13ccc31f63f26cf757c44b257170dd f9fa4b38b8b83fd11cd9cc06e108a9c2fe7cfbfda96843e29c2dd9d13b42bc14 Loading...

	699349.com/zybb/lbzt.js	17 kB	2023-03-08	2023-03-08
Pretty URL 699349.com/zybb/lbzt.js IP 16.162.201.20 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:00:02 Last Seen2023-03-08 20:00:02 Times Seen1 Hash c08209a0e8a3336d1e66859aa9d47819 451b3fd62e9353ba60fd5b1f1ae660be2014d6c7 b5c52972612b396d899359925c6e2a196a09ba4d704650f26399393b175cc96c Loading...

	699349.com/zybb/caitu.js	11 kB	2023-03-08	2023-03-08
Pretty URL 699349.com/zybb/caitu.js IP 16.162.201.20 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:00:02 Last Seen2023-03-08 20:00:02 Times Seen1 Hash 6a05846dffe8f139b42b2ef102638cf3 17301d0192c892ec0cbdea391c954aa5964cd638 69db696cbf8733c874b4ddf39e72ae65ae899202ced2e772f55c8ab5ba0e1b88 Loading...

	js.users.51.la/21088117.js	4.9 kB	2023-03-08	2023-03-08
Pretty URL js.users.51.la/21088117.js IP 103.143.19.103 ASN #4837 CHINA UNICOM China169 Backbone Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:00:02 Last Seen2023-03-08 20:00:02 Times Seen1 Hash ffe1861213aba2cfee28002557388920 4691a11f558a67423d728da4d1a557437c370257 ea6311c98a0c4e701c9aebcbddb4258eb07d2da86770f4d3f45d43be61567a0e Loading...

	699349.com/zybb/qhzt.js	8.6 kB	2023-03-08	2023-03-08
Pretty URL 699349.com/zybb/qhzt.js IP 16.162.201.20 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:00:02 Last Seen2023-03-08 20:00:02 Times Seen1 Hash 3604757444a55eaa43e9ef4a5dd98240 119f106f0eedc0886f56875e476fd519ebe79a42 2c33ec51bff34f46aff313c4ffc57021e7fec9967397f50062431b239fa07e96 Loading...

	699349.com/zybb/tdzt.js	5.0 kB	2023-03-08	2023-03-08
Pretty URL 699349.com/zybb/tdzt.js IP 16.162.201.20 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:00:02 Last Seen2023-03-08 20:00:02 Times Seen1 Hash 385e28d87430a214bc845144f71e29e1 6c60a7d9a8e1fc62e2c1e51a6e670bb1decac334 a954dca2530876f52d3e8e1afe6be3aac7a6be7ddc01dca8ff9bc2cb3c195206 Loading...

	699349.com/zybb/ptyx.js	5.6 kB	2023-03-08	2023-03-08
Pretty URL 699349.com/zybb/ptyx.js IP 16.162.201.20 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:00:02 Last Seen2023-03-08 20:00:02 Times Seen1 Hash d2df5e37d03ffb39dfbff004f2a52372 66df357be170e2a090e70715e5442d5180f61363 a24fb82a292e161e7f3b029eff9d48f229aa8dfd4fc40b3ac9563030f9ab3dae Loading...

	699349.com/zybb/ptyw.js	17 kB	2023-03-08	2023-03-08
Pretty URL 699349.com/zybb/ptyw.js IP 16.162.201.20 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:00:02 Last Seen2023-03-08 20:00:02 Times Seen1 Hash cb7f9cc8b9e11c37e825fe6823011c30 49d3a04d99036c458491b7a3ad27186b8301d138 414d4c26a893085f1018ad1c8b208345b4c8678a2d1ef05a429865f34c5d6aec Loading...

	699349.com/zybb/dxdzt.js	6.3 kB	2023-03-08	2023-03-08
Pretty URL 699349.com/zybb/dxdzt.js IP 16.162.201.20 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:00:02 Last Seen2023-03-08 20:00:02 Times Seen1 Hash cea916ea8d80a2e2921b405485cef4aa 2038005bc51c8c54b9a7731d4a344b905a417da8 42e6c6020ab41581af51501c5bd7a0d0d50395fe0d3c2d3df8ef840cd5107e92 Loading...

	669925a.com/zybb/xjgsb.js	33 kB	2023-03-08	2023-03-08
Pretty URL 669925a.com/zybb/xjgsb.js IP 18.166.84.185 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:00:02 Last Seen2023-03-08 20:00:02 Times Seen1 Hash 1920a52d27a11057c53737dc1565afc9 6536530cd18e46f3648b065bbe7435e7e53f2d39 dba734bfcade32016df22f950910067c2a1745885b411969ad9d51c96956a313 Loading...

	js.users.51.la/21088033.js	4.9 kB	2023-03-08	2023-03-08
Pretty URL js.users.51.la/21088033.js IP 103.143.19.103 ASN #4837 CHINA UNICOM China169 Backbone Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:00:02 Last Seen2023-03-08 20:00:02 Times Seen1 Hash 08d38aae7dbb83c01863d7657f73ec26 0e5427699c177ea5466297f6ce6167dc4e97b03f 4ef00a0af92ce8dcfba6b59c849ffc0f116011ad283618e0e407cdf6fc93f4df Loading...

	699349.com/zybb/gsb2.js	9.6 kB	2023-03-08	2023-03-08
Pretty URL 699349.com/zybb/gsb2.js IP 16.162.201.20 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:00:02 Last Seen2023-03-08 20:00:02 Times Seen1 Hash b582e8d1f70027502a8b5273d459c356 59917cc155943770a8ab33be998b01a1414ee7e0 aa8ecb5937726ba8fd5fca225dc8c93f6888c0be0af3e0c73e0c61efffe14438 Loading...

	699349.com/jsdc/49ac.js	7.6 kB	2023-03-08	2023-03-08
Pretty URL 699349.com/jsdc/49ac.js IP 16.162.201.20 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:00:02 Last Seen2023-03-08 20:00:02 Times Seen1 Hash 25d66c461f0fa978c6c0b94fc9bca40e c2267199256e5be5f5a7fb5723f44696a52ca06d a4c58c0837f4b757abfb1c966273055d17f35c1c01c002d1709b60b303bc10a2 Loading...

	699349.com/bd/amyqlj.js	36 kB	2023-03-08	2023-03-08
Pretty URL 699349.com/bd/amyqlj.js IP 16.162.201.20 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:00:02 Last Seen2023-03-08 20:00:02 Times Seen1 Hash 7655f1781047bb471c881a0dda1aa118 18b147cfd5bdaac1a4a6a0d832595ecc9ca581c6 edd5f3381446c25df638e692c6d8f79e73e83b2a8d37afa3bbc79d9389ea067a Loading...

	code.jquery.com/jquery-1.10.2.min.js	93 kB	2023-03-07	2024-04-26
Pretty URL code.jquery.com/jquery-1.10.2.min.js IP 69.16.175.42 ASN #20446 STACKPATH-CDN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-04-26 09:36:19 Times Seen10175 Hash 628072e7212db1e8cdacb22b21752cda 0511abe9863c2ea7084efa7e24d1d86c5b3974f1 0ba081f546084bd5097aa8a73c75931d5aa1fc4d6e846e53c21f98e6a1509988 Loading...

	669925a.com/mhcz.js	5.0 kB	2023-03-08	2023-03-08
Pretty URL 669925a.com/mhcz.js IP 18.166.84.185 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:00:02 Last Seen2023-03-08 20:00:02 Times Seen1 Hash 3666165b5797d697257397a87443cd65 104b695935a3c34323607b1654c1d1e4dddc2e4e 153055a74d318bba5fe704f5b203008f01e168ceb2bcb89e59b0978fb6e8f90e Loading...

	js.szly123.com/js/2022.js	5.9 kB	2023-03-08	2023-05-07
Pretty URL js.szly123.com/js/2022.js IP 18.166.84.185 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:39:55 Last Seen2023-05-07 18:33:58 Times Seen5 Hash 94ee862368573db27c129d2bd89e9bfc 5ac22d5fad28df104d6b4d504229f4ee3c6e6835 3325dbc7d92ce92147c369d99c5330482e398099605f3d2c720658b7f191848f Loading...

	sbx2019.com/js/sbx.js	42 kB	2023-03-08	2023-03-08
Pretty URL sbx2019.com/js/sbx.js IP 43.198.33.164 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:00:02 Last Seen2023-03-08 20:00:02 Times Seen1 Hash 7143b8190a9b06a7b087e97160c97309 c9169f1484af33226cdc2ae7453792ac6fca2167 acd5c414554a98e11f276000c9567d897fa49a7846aad95dc610a9e0f090df89 Loading...

	699349.com/zybb/24ma.js	14 kB	2023-03-08	2023-03-08
Pretty URL 699349.com/zybb/24ma.js IP 16.162.201.20 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:00:02 Last Seen2023-03-08 20:00:02 Times Seen1 Hash 64174a7df584dad7e09bb8c525b13b0a f301c05347e9afb353b3dc382730eb110e1cf035 dcb01c2c4f1ed34bfc65bce19b870f8591a8550d6dd5ef48eccc671622b99413 Loading...

	699349.com/bd/tugsb.js	122 kB	2023-03-08	2023-03-08
Pretty URL 699349.com/bd/tugsb.js IP 16.162.201.20 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:00:02 Last Seen2023-03-08 20:00:02 Times Seen1 Hash f19f71cc50adabe6b811edea15f587cc fb4954684fb722fa6fe4cfc5bffd82426a540bef 3be3e2232e5dbfa9990fe374f442ffbda5ed4cde4d66e35e88847108fb19ceec Loading...

HTTP Transactions (138)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
cfec3d7283a9b66d2be426ce54d210f3
808c1feb1ba918951d1928c1f6bfc0c253262774
1bad6c06aa3e88dcbc125fc98a6cb753eb2b18d2c8dd61da21d12209aeeda3f9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1BAD6C06AA3E88DCBC125FC98A6CB753EB2B18D2C8DD61DA21D12209AEEDA3F9"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2689
Expires: Tue, 06 Dec 2022 03:01:46 GMT
Date: Tue, 06 Dec 2022 02:16:57 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
ee088fab9b287e174cfd1f2c735a909f
25c3335b514a36ad1a24d00413d60c3d394f5161
494e96358ff12366213d7cc0f9197648c6c62ec14fa0d2c78732a683fa26b192

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2696
Cache-Control: max-age=118758
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 02:16:57 GMT
Etag: "638dc877-1d7"
Expires: Wed, 07 Dec 2022 11:16:15 GMT
Last-Modified: Mon, 05 Dec 2022 10:31:19 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1ea206ac3c440825741687351f8c6e4e
2f38dafd8c43dcce2411a0590bc5c02cd6286735
7d7232c8c91bcd18161ba2c9d23e3bff159604e058bd5b3fc1c7fcbcd03a7ee3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5180
Expires: Tue, 06 Dec 2022 03:43:17 GMT
Date: Tue, 06 Dec 2022 02:16:57 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 06 Dec 2022 01:20:20 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 3397
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: sPT9HDa1ZBoUCBR6he3jtvRfa+hXA7jykq9jvPWyWR5CiAro9FivKTkPHRH2GkJ1usM/BC0mE/s=
x-amz-request-id: KS84VF9ZAJYWMBGA
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 06 Dec 2022 01:48:44 GMT
age: 1693
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 06 Dec 2022 02:16:57 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

699349.com/

43.198.33.164

301 Moved Permanently

0 B

URL HTTP/1.1
699349.com/
IP
43.198.33.164:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET / HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Server: kangle/3.5.14
Date: Tue, 06 Dec 2022 02:16:57 GMT
Location: https://699349.com/
Content-Length: 0
Connection: close

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 06 Dec 2022 02:11:20 GMT
cache-control: public,max-age=3600
age: 337
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
2b9d6a686aa3c4ea24568425e43a5221
d53bb4c9579bd1db78a0520619e888aec79f750f
c38734a8dbe51217d73896c0bf7f5c38c107fd79e0dee24b717f130377e9b5f7

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2675
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 02:16:58 GMT
Last-Modified: Tue, 06 Dec 2022 01:32:23 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

52.38.139.17

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.38.139.17:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: PgNAV4Yhi9H3RkRGrHQmyA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: lZhpxcRSjkqCcUCdcW94n9AW+kg=

zerossl.ocsp.sectigo.com/

172.64.155.188

200 OK

727 B

URL HTTP/1.1
zerossl.ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
727 B (727 bytes)
Hash
4a7ade864d6f82e83256ea12de9dc168
8341db59a798602371a85f87be76d26e29a2ae15
79e1b4e69c1ac942815c0c796c0452dee33ef8690d39d5359b9e6dbabc1243ac

HTTP Headers

POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 02:16:58 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Mon, 05 Dec 2022 11:09:54 GMT
Expires: Mon, 12 Dec 2022 11:09:53 GMT
Etag: "8341db59a798602371a85f87be76d26e29a2ae15"
Cache-Control: max-age=549774,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775185c4fc33b523-OSL

699349.com/

16.162.201.20

200 OK

10 kB

URL HTTP/1.1
699349.com/
IP
16.162.201.20:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (617), with CRLF line terminators
Size
10 kB (10280 bytes)
Hash
f848ef5a2002c66fcabdb9bb8fa525f8
ba369f697d758d006295e9963be1d5e7f130bc6a
ba2bcd531f5a4cb6d95f955f91d688a2ecdef4063970202db6f8a49c04cf90ee

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET / HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 200 OK
ETag: "01bda93217d91:0"
Content-Type: text/html
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:38 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 01:11:35 GMT
Content-Length: 10280
Connection: close

code.jquery.com/jquery-1.10.2.min.js

69.16.175.42

200 OK

33 kB

URL HTTP/2
code.jquery.com/jquery-1.10.2.min.js
IP
69.16.175.42:0
ASN
#20446 STACKPATH-CDN

File type
ASCII text, with very long lines (32072)
Size
33 kB (32788 bytes)
Hash
68cc08e82915da8b82fc6be74ab86365
4089530b0c00f6cbd1452d7f873be85454196fd1
6c63276db5e51f227be1c9bdaf73d76fa01040499944a8c8607db0c234f0575c

HTTP Headers

GET /jquery-1.10.2.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 06 Dec 2022 02:16:59 GMT
content-encoding: gzip
content-length: 32788
content-type: application/javascript; charset=utf-8
last-modified: Wed, 16 Feb 2022 10:50:39 GMT
accept-ranges: bytes
server: nginx
etag: W/"620cd6ff-16bb3"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1670293019.dop232.sk1.t,1670293019.cds066.sk1.hn,1670293019.cds243.sk1.c
X-Firefox-Spdy: h2

699349.com/css/reset.css

16.162.201.20

200 OK

789 B

URL HTTP/1.1
699349.com/css/reset.css
IP
16.162.201.20:0
ASN
#16509 AMAZON-02

File type
ISO-8859 text, with very long lines (1163), with CRLF line terminators
Size
789 B (789 bytes)
Hash
b9cbcbf6cbbd503de2b62a474ba2a617
075fc579cea19b0f2bd6fd508145eadde482f8f0
a7ac41642553ff7613555fc9e631f0fa9c73b4db25bc537e1c4f059805d992d6

HTTP Headers

GET /css/reset.css HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Content-Encoding: gzip
ETag: "e602c7fe595d61:0"
Content-Type: text/css
Last-Modified: Mon, 28 Sep 2020 22:19:56 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 14:23:05 GMT
Content-Length: 789
Connection: close

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2580
Expires: Tue, 06 Dec 2022 02:59:59 GMT
Date: Tue, 06 Dec 2022 02:16:59 GMT
Connection: keep-alive

699349.com/bd/xggglf.js

16.162.201.20

200 OK

750 B

URL HTTP/1.1
699349.com/bd/xggglf.js
IP
16.162.201.20:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (320), with CRLF line terminators
Size
750 B (750 bytes)
Hash
66c4a121e5a4f1a3160bd4b04c137cd5
c70e0bd6ec7c2595e87c3ca1c07313badac8f678
b2d9964c09a810504fedd009bab467d3f646bb383adf134d5f49b755f5d0b6bc

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /bd/xggglf.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Content-Encoding: gzip
ETag: "a424b1ec197d91:0"
Content-Type: application/javascript
Last-Modified: Sat, 03 Dec 2022 13:19:51 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 23:44:41 GMT
Content-Length: 750
Connection: close

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1d62ac4e-2ac8-4e49-a61b-a48cff80ffd2.jpeg

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1d62ac4e-2ac8-4e49-a61b-a48cff80ffd2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (9987 bytes)
Hash
8055d0db573ab34924db3b60ed788bb2
a4aae05e7a929fc7f652f56748d2a2da9c44ac45
f6a9555f112882d4ac284c6dc26ae0f02f6ccf8ee312615e01ebec8242bade1f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1d62ac4e-2ac8-4e49-a61b-a48cff80ffd2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9987
x-amzn-requestid: 3d4d7dd0-2be0-46c1-a9c0-aa3cce2e8c81
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSvUHhJIAMFZYQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64c8-63a6960043564aa762caaabe;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:16 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XaKRGgDJdys5Ufgv2QasOrlxuXHRnb8dJWc_tHiXa72QvQ-egpRDsQ==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 559326ad73233233a9e52cb9e8601ede.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:25:37 GMT
age: 13882
etag: "a4aae05e7a929fc7f652f56748d2a2da9c44ac45"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa99f7bcf-386e-4655-b6f0-99abdf67f097.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.5 kB (8469 bytes)
Hash
2f60a6490f38a772dcd50a1132e98e1b
ff254a1df087d2c157d88a6ef04e395dc49efe5e
653e40becd103cd76cc2f194a87e933e8c548d346f87520fefca3b16430fc4ab

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa99f7bcf-386e-4655-b6f0-99abdf67f097.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8469
x-amzn-requestid: c17eff92-da62-4f0f-9e75-2741012ec43a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: co_sqFSjoAMFQ6w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d131d-61d61d2f0bb01ecb21b809ea;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 21:37:33 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: i6QasBBRK9APW19sH0DdOipvUJA3gWj0CAMTzt7ejRCOk_V2psz-Xw==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:45:47 GMT
age: 16272
etag: "ff254a1df087d2c157d88a6ef04e395dc49efe5e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

16 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F42536ef2-6e40-4541-ac60-0ff74058daa7.png
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
16 kB (15732 bytes)
Hash
b5e953213b7b13b8ee202406147fac52
67a09d8cd23ed444667b225f7fbf4bb17b9f42dd
cf6b2502f0a992148f9401c16a329cae5a6c21fb81f03131f3e69c58bc608110

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F42536ef2-6e40-4541-ac60-0ff74058daa7.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 15732
x-amzn-requestid: 7467ddb0-b9f9-47e9-ac31-c7599fe45698
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csVIIESBIAMFU6w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e689a-79e3f8b66e1cf72f3283ac5b;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:54:34 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 3seQ7H4qrlKKpuIWUobiey92ZMkB4jWqd5v6T6379g0V0y6XdVFvWQ==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:22:21 GMT
age: 14078
etag: "67a09d8cd23ed444667b225f7fbf4bb17b9f42dd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2580
Expires: Tue, 06 Dec 2022 02:59:59 GMT
Date: Tue, 06 Dec 2022 02:16:59 GMT
Connection: keep-alive

699349.com/jsdc/1989.js

16.162.201.20

200 OK

1.3 kB

URL HTTP/1.1
699349.com/jsdc/1989.js
IP
16.162.201.20:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (311), with CRLF line terminators
Size
1.3 kB (1312 bytes)
Hash
c8f53e935527bfd8a8c1966d929f1e9f
976cf29c547c3c512bb77db167ade4e28f8faaf4
e5f3902d9839b3aa0a4d91829c1c99dd07b07ce8f99a46c3e140158e6b62aeb8

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /jsdc/1989.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
ETag: "80dde97b51cd81:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Tue, 08 Feb 2022 06:32:07 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 15:33:29 GMT
Content-Length: 1312
Connection: close

ocsp.globalsign.com/gsgccr3dvtlsca2020

104.18.20.226

200 OK

1.4 kB

URL HTTP/1.1
ocsp.globalsign.com/gsgccr3dvtlsca2020
IP
104.18.20.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.4 kB (1414 bytes)
Hash
9beee193aead886f82a1a99c49575ee8
d0a9be213962a90d58da8bc397f471a91eb34ea6
6cf2bacad324262dfefe1939e45d988eed14807571a8b920a09d841dd2ff3ab5

HTTP Headers

POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 02:16:59 GMT
Content-Type: application/ocsp-response
Content-Length: 1414
Connection: keep-alive
Expires: Sat, 10 Dec 2022 00:57:31 GMT
ETag: "d0a9be213962a90d58da8bc397f471a91eb34ea6"
Last-Modified: Tue, 06 Dec 2022 00:57:32 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 6
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 775185ce6cb8b50b-OSL

34.120.237.76

200 OK

5.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F273773ed-3135-47d7-b4ff-5e390a90fecf.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.3 kB (5273 bytes)
Hash
49c08cd33e41826af9dd4a8a912e0ddf
bde85bd98858e4b13484a9cc3263b4db7fb5d348
43471e7b4da8e4e58b842d05cb073ef150ff119eaa6890c86162f03a140459cf

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F273773ed-3135-47d7-b4ff-5e390a90fecf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5273
x-amzn-requestid: 5ab71aaf-6757-46dc-86fc-0a866958d22f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSz2EqfIAMFqng=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64e5-15ae9d330e005f547161b4df;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:45 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: xcEI729NEfORs3fT_fHi-BkyqA1sHl0dA6fAGd9hYkJNePUlM4vKQg==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:05:52 GMT
age: 15067
etag: "bde85bd98858e4b13484a9cc3263b4db7fb5d348"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2580
Expires: Tue, 06 Dec 2022 02:59:59 GMT
Date: Tue, 06 Dec 2022 02:16:59 GMT
Connection: keep-alive

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11224 bytes)
Hash
b15136d60fd0a5e0f657a4f5c75d540f
36082b7329d473829178f280cb71a83b1531e486
79478269b1f5dcfd1e45ccd4264fa44805b37c5c8fec820bcbd2fa1689dfbbd8

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11224
x-amzn-requestid: 938de0b8-1055-4416-9ad7-162ab5f4db9f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csUINEwdoAMFuOw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e6701-38b079ef341bb17e567de773;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:47:45 GMT
x-amz-cf-pop: YVR50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: tGtiCE9C3j0BUruNaFN2j1mKxCSouLmocmTXpmLMBJaLNyVwkXu1gQ==
via: 1.1 f0ac467993db44dbfc36b778dfcaf73c.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:23:09 GMT
age: 14030
etag: "36082b7329d473829178f280cb71a83b1531e486"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffaf0de04-19bf-4944-9ac5-5178afafb192.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11352 bytes)
Hash
7f2c354a00ab51d4a41221b6bf191c10
01ceb7233fe05ad8dff3a0a43eef879ea2b83ec4
7d3c8417e1db0db41ceb8b4bf3f506864392dd1ad29319a06a8a6055f6f2ed12

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffaf0de04-19bf-4944-9ac5-5178afafb192.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11352
x-amzn-requestid: 7c3fc7bb-eb1f-46ec-8e92-b6ffc6261848
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSwuF1ToAMFiIA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64d1-7c53152a279f00595b9886bd;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:25 GMT
x-amz-cf-pop: SFO5-P2, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: aYf5d6wAJlPSXVwF5uQXUb1g_65z-v6tInk7IF64bBV-w31d3MKeIQ==
via: 1.1 b6d577696b14c86cbfeb5b3459f38c50.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:22:23 GMT
age: 14076
etag: "01ceb7233fe05ad8dff3a0a43eef879ea2b83ec4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

zerossl.ocsp.sectigo.com/

172.64.155.188

200 OK

728 B

URL HTTP/1.1
zerossl.ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
728 B (728 bytes)
Hash
8c3c69849f1b63928c24911fc38c3ddd
dce7a1d4c96910b835fc6c12e35cfd9ba4e3c88a
eb5a6acf87350ee03ca5b7c9144698dba620ace13fde046390c33898614c3b1e

HTTP Headers

POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 02:16:59 GMT
Content-Type: application/ocsp-response
Content-Length: 728
Connection: keep-alive
Last-Modified: Mon, 05 Dec 2022 16:56:38 GMT
Expires: Mon, 12 Dec 2022 16:56:37 GMT
Etag: "dce7a1d4c96910b835fc6c12e35cfd9ba4e3c88a"
Cache-Control: max-age=570577,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775185ceab6eb4f1-OSL

zerossl.ocsp.sectigo.com/

172.64.155.188

200 OK

728 B

URL HTTP/1.1
zerossl.ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
728 B (728 bytes)
Hash
8c3c69849f1b63928c24911fc38c3ddd
dce7a1d4c96910b835fc6c12e35cfd9ba4e3c88a
eb5a6acf87350ee03ca5b7c9144698dba620ace13fde046390c33898614c3b1e

HTTP Headers

POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 02:16:59 GMT
Content-Type: application/ocsp-response
Content-Length: 728
Connection: keep-alive
Last-Modified: Mon, 05 Dec 2022 16:56:38 GMT
Expires: Mon, 12 Dec 2022 16:56:37 GMT
Etag: "dce7a1d4c96910b835fc6c12e35cfd9ba4e3c88a"
Cache-Control: max-age=570577,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775185cea8b21c12-OSL

zerossl.ocsp.sectigo.com/

172.64.155.188

200 OK

728 B

URL HTTP/1.1
zerossl.ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
728 B (728 bytes)
Hash
8c3c69849f1b63928c24911fc38c3ddd
dce7a1d4c96910b835fc6c12e35cfd9ba4e3c88a
eb5a6acf87350ee03ca5b7c9144698dba620ace13fde046390c33898614c3b1e

HTTP Headers

POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 02:16:59 GMT
Content-Type: application/ocsp-response
Content-Length: 728
Connection: keep-alive
Last-Modified: Mon, 05 Dec 2022 16:56:38 GMT
Expires: Mon, 12 Dec 2022 16:56:37 GMT
Etag: "dce7a1d4c96910b835fc6c12e35cfd9ba4e3c88a"
Cache-Control: max-age=570577,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775185cea963b4fa-OSL

zerossl.ocsp.sectigo.com/

172.64.155.188

200 OK

728 B

URL HTTP/1.1
zerossl.ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
728 B (728 bytes)
Hash
8c3c69849f1b63928c24911fc38c3ddd
dce7a1d4c96910b835fc6c12e35cfd9ba4e3c88a
eb5a6acf87350ee03ca5b7c9144698dba620ace13fde046390c33898614c3b1e

HTTP Headers

POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 02:17:00 GMT
Content-Type: application/ocsp-response
Content-Length: 728
Connection: keep-alive
Last-Modified: Mon, 05 Dec 2022 16:56:38 GMT
Expires: Mon, 12 Dec 2022 16:56:37 GMT
Etag: "dce7a1d4c96910b835fc6c12e35cfd9ba4e3c88a"
Cache-Control: max-age=570576,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775185ceab61fac4-OSL

zerossl.ocsp.sectigo.com/

172.64.155.188

200 OK

727 B

URL HTTP/1.1
zerossl.ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
727 B (727 bytes)
Hash
52c67a61d22a3628eec074bac822476f
15ad978643d87dc7272240c7da8a6d621b8bd0c3
f3595f8e68a914d37c036f0182a5291ce34aef06d0465f5219b21be775e8ed7d

HTTP Headers

POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 02:17:00 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Sat, 03 Dec 2022 12:37:32 GMT
Expires: Sat, 10 Dec 2022 12:37:31 GMT
Etag: "15ad978643d87dc7272240c7da8a6d621b8bd0c3"
Cache-Control: max-age=382230,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775185cf0b88b4f1-OSL

zerossl.ocsp.sectigo.com/

172.64.155.188

200 OK

728 B

URL HTTP/1.1
zerossl.ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
728 B (728 bytes)
Hash
6a3418ecc67300a8c9bbe244e99db05d
df2a89375c7498f839f76d0c641e4793c179c854
e7df5f33f3cd6fdcdf87f0f25ac89f5083b6d8dd3457e6064672d88cd64b345b

HTTP Headers

POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 02:17:00 GMT
Content-Type: application/ocsp-response
Content-Length: 728
Connection: keep-alive
Last-Modified: Mon, 05 Dec 2022 08:16:50 GMT
Expires: Mon, 12 Dec 2022 08:16:49 GMT
Etag: "df2a89375c7498f839f76d0c641e4793c179c854"
Cache-Control: max-age=539388,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775185d01ba9fac4-OSL

js.users.51.la/21088117.js

103.143.19.103

200 OK

2.3 kB

URL HTTP/1.1
js.users.51.la/21088117.js
IP
103.143.19.103:0
ASN
#4837 CHINA UNICOM China169 Backbone

File type
ASCII text, with very long lines (4898)
Size
2.3 kB (2309 bytes)
Hash
d6ee90be484becdfba69328335d2c2e8
030fb67fd7e44c4cc66a5a5524182e991ae76f96
e367a43c5de0f58a865f1609621cf03e7d74ea8e88c77681c4089bb86f6f9513

HTTP Headers

GET /21088117.js HTTP/1.1
Host: js.users.51.la
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: CloudWAF
Date: Tue, 06 Dec 2022 02:17:00 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: HWWAFSESID=fb83d3948ddb4ce5716; path=/
HWWAFSESTIME=1670293017150; path=/
Cache-Control: max-age=360000
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Content-Encoding: gzip

zerossl.ocsp.sectigo.com/

172.64.155.188

200 OK

727 B

URL HTTP/1.1
zerossl.ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
727 B (727 bytes)
Hash
52c67a61d22a3628eec074bac822476f
15ad978643d87dc7272240c7da8a6d621b8bd0c3
f3595f8e68a914d37c036f0182a5291ce34aef06d0465f5219b21be775e8ed7d

HTTP Headers

POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 02:17:00 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Sat, 03 Dec 2022 12:37:32 GMT
Expires: Sat, 10 Dec 2022 12:37:31 GMT
Etag: "15ad978643d87dc7272240c7da8a6d621b8bd0c3"
Cache-Control: max-age=382230,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775185ce3f52b523-OSL

zerossl.ocsp.sectigo.com/

172.64.155.188

200 OK

727 B

URL HTTP/1.1
zerossl.ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
727 B (727 bytes)
Hash
913eb415f10b58d141a8ab8d9045de95
9a204f4015921c2e05d7210b4514f0f8abd9ba24
ff69a78e5e010d2686e002fb930ab914369cd8117bca0d032a6b7ebf302e2fad

HTTP Headers

POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 02:17:00 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Sun, 04 Dec 2022 13:55:31 GMT
Expires: Sun, 11 Dec 2022 13:55:30 GMT
Etag: "9a204f4015921c2e05d7210b4514f0f8abd9ba24"
Cache-Control: max-age=473309,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775185cf88fb1c12-OSL

zerossl.ocsp.sectigo.com/

172.64.155.188

200 OK

728 B

URL HTTP/1.1
zerossl.ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
728 B (728 bytes)
Hash
6a3418ecc67300a8c9bbe244e99db05d
df2a89375c7498f839f76d0c641e4793c179c854
e7df5f33f3cd6fdcdf87f0f25ac89f5083b6d8dd3457e6064672d88cd64b345b

HTTP Headers

POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 02:17:00 GMT
Content-Type: application/ocsp-response
Content-Length: 728
Connection: keep-alive
Last-Modified: Mon, 05 Dec 2022 08:16:50 GMT
Expires: Mon, 12 Dec 2022 08:16:49 GMT
Etag: "df2a89375c7498f839f76d0c641e4793c179c854"
Cache-Control: max-age=539388,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775185cfa9c8b4fa-OSL

zerossl.ocsp.sectigo.com/

172.64.155.188

200 OK

727 B

URL HTTP/1.1
zerossl.ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
727 B (727 bytes)
Hash
913eb415f10b58d141a8ab8d9045de95
9a204f4015921c2e05d7210b4514f0f8abd9ba24
ff69a78e5e010d2686e002fb930ab914369cd8117bca0d032a6b7ebf302e2fad

HTTP Headers

POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 02:17:00 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Sun, 04 Dec 2022 13:55:31 GMT
Expires: Sun, 11 Dec 2022 13:55:30 GMT
Etag: "9a204f4015921c2e05d7210b4514f0f8abd9ba24"
Cache-Control: max-age=473309,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775185d0abcbfac4-OSL

699349.com/css/style.css

16.162.201.20

200 OK

3.9 kB

URL HTTP/1.1
699349.com/css/style.css
IP
16.162.201.20:0
ASN
#16509 AMAZON-02

File type
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
3.9 kB (3874 bytes)
Hash
b6bd916dfe2c98320a8ced9fc1026a4b
c1e7960176a47489aba82dcab07c0740924777c2
3ea0ac06a28dc3234c77fe2caaeccf5e90c8247d897219568bf8a187ddc85fe5

HTTP Headers

GET /css/style.css HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
ETag: "05e3833451dd71:0"
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Sat, 20 Mar 2021 04:55:08 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 00:35:15 GMT
Content-Length: 3874
Connection: close

zerossl.ocsp.sectigo.com/

172.64.155.188

200 OK

728 B

URL HTTP/1.1
zerossl.ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
728 B (728 bytes)
Hash
6a3418ecc67300a8c9bbe244e99db05d
df2a89375c7498f839f76d0c641e4793c179c854
e7df5f33f3cd6fdcdf87f0f25ac89f5083b6d8dd3457e6064672d88cd64b345b

HTTP Headers

POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 02:17:00 GMT
Content-Type: application/ocsp-response
Content-Length: 728
Connection: keep-alive
Last-Modified: Mon, 05 Dec 2022 08:16:50 GMT
Expires: Mon, 12 Dec 2022 08:16:49 GMT
Etag: "df2a89375c7498f839f76d0c641e4793c179c854"
Cache-Control: max-age=539388,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775185d04bfab4f1-OSL

669925a.com/ktzsx.js

18.166.84.185

200 OK

789 B

URL HTTP/1.1
669925a.com/ktzsx.js
IP
18.166.84.185:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (308), with CRLF line terminators
Size
789 B (789 bytes)
Hash
03141e248f325e2d15c127b10dc81803
088b47edb1ada61ae7f6c3729b3b6900cd950355
8e9b46d02d306ab4d801ac2a452df28a5c9725a2050adb7e539a022a46b63d3d

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /ktzsx.js HTTP/1.1
Host: 669925a.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Encoding: gzip
ETag: "1f212e7b897d91:0"
Content-Type: application/javascript
Last-Modified: Sun, 04 Dec 2022 02:38:24 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 02:04:10 GMT
Content-Length: 789
Connection: close

669925a.com/tttg.js

18.166.84.185

200 OK

1.1 kB

URL HTTP/1.1
669925a.com/tttg.js
IP
18.166.84.185:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
1.1 kB (1073 bytes)
Hash
7037b40fdfa6f99d8498ad0b3d7afe9c
935e0d856de830fe4cd5af81caf0009a95944e8a
93ce52ce24d581a323273c02d367b1e1ecba584b983dee67e20731bfd3e5053c

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /tttg.js HTTP/1.1
Host: 669925a.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
ETag: "092a4f0f4aed81:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 13 Aug 2022 09:13:24 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 00:12:33 GMT
Content-Length: 1073
Connection: close

669925a.com/zybb/xjgsb.js

18.166.84.185

200 OK

2.4 kB

URL HTTP/1.1
669925a.com/zybb/xjgsb.js
IP
18.166.84.185:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (392), with CRLF line terminators
Size
2.4 kB (2353 bytes)
Hash
93fbb00b1c5a25ce2b47995c70d95b99
ad5ec259802be56b2961954431cb19cb26ee64fa
475ec23811aea84fa03ad43e0d53995eb6b377c9d39cd1c48ba3b7f87032ac4e

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /zybb/xjgsb.js HTTP/1.1
Host: 669925a.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
ETag: "01bda93217d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:38 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 01:53:32 GMT
Content-Length: 2353
Connection: close

699349.com/js/SuperSlide.js

16.162.201.20

200 OK

3.7 kB

URL HTTP/1.1
699349.com/js/SuperSlide.js
IP
16.162.201.20:0
ASN
#16509 AMAZON-02

File type
Unicode text, UTF-8 text, with very long lines (11013), with CRLF line terminators
Size
3.7 kB (3704 bytes)
Hash
776fcefcd00c399fdccbdd0e11ead966
bc5da70384bcf683b13c973928a3b9fa14ac8c83
b4cd2c5b6220e1f51e2b76d498f9f46eef57bb3a5d8f35ba28b0ef61d7e802ce

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/SuperSlide.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
ETag: "8009e8de595d61:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Mon, 28 Sep 2020 22:20:21 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 13:59:33 GMT
Content-Length: 3704
Connection: close

669925a.com/jgp.js

18.166.84.185

200 OK

1.2 kB

URL HTTP/1.1
669925a.com/jgp.js
IP
18.166.84.185:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (419), with CRLF line terminators
Size
1.2 kB (1184 bytes)
Hash
ce689cfc313bb282b9c652f73fc83133
90fa7a98b4da41be1947c09ff74995b98fad9e67
ff1cb53716e5e1ded44f6bd7041cba39475d59d07edf26dacc19018cd59ef535

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /jgp.js HTTP/1.1
Host: 669925a.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Encoding: gzip
ETag: "3bc16594217d91:0"
Content-Type: application/javascript
Last-Modified: Sat, 03 Dec 2022 14:14:38 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 02:15:55 GMT
Content-Length: 1184
Connection: close

699349.com/jsdc/2025.js

16.162.201.20

200 OK

1.3 kB

URL HTTP/1.1
699349.com/jsdc/2025.js
IP
16.162.201.20:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (311), with CRLF line terminators
Size
1.3 kB (1332 bytes)
Hash
02b1e817717d1383cbbffcc3ee0b0719
c69d1dc10f63964167294027025a8265c521bea5
529fe2bf961ac2951e50ca35496e542ce3d165eadb68174fa9e320d06bc9be6b

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /jsdc/2025.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Content-Encoding: gzip
ETag: "a995b0329192d81:0"
Content-Type: application/javascript
Last-Modified: Fri, 08 Jul 2022 06:08:52 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 20:57:23 GMT
Content-Length: 1332
Connection: close

669925a.com/mhcz.js

18.166.84.185

200 OK

1.2 kB

URL HTTP/1.1
669925a.com/mhcz.js
IP
18.166.84.185:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (308), with CRLF line terminators
Size
1.2 kB (1236 bytes)
Hash
377e5bd54feb15f93d63eaada7fb5d29
916aff5e5c473f501481277f20b9e614c248372d
4a28ef950976fce3111143075194029398b330a538549acac16abd6e7b8f510a

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /mhcz.js HTTP/1.1
Host: 669925a.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
ETag: "80b17294217d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:39 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 02:08:25 GMT
Content-Length: 1236
Connection: close

js.users.51.la/21088033.js

103.143.19.103

200 OK

2.3 kB

URL HTTP/1.1
js.users.51.la/21088033.js
IP
103.143.19.103:0
ASN
#4837 CHINA UNICOM China169 Backbone

File type
ASCII text, with very long lines (4898)
Size
2.3 kB (2310 bytes)
Hash
3e06eebd51aec7dffcedf9b5c1a4ccfb
6fb85a35a7fdec3a53695e82a69a9c80f3b8a8af
84f8533a7794c42ddd7ab1d4ba1142a3cb22f079f361373f41bdad46b0d2c94c

HTTP Headers

GET /21088033.js HTTP/1.1
Host: js.users.51.la
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: CloudWAF
Date: Tue, 06 Dec 2022 02:17:00 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: HWWAFSESID=94bf825005f65c7f462; path=/
HWWAFSESTIME=1670293019226; path=/
Cache-Control: max-age=360000
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Content-Encoding: gzip

628866a.com/js/kj-link.js

43.198.33.164

200 OK

832 B

URL HTTP/1.1
628866a.com/js/kj-link.js
IP
43.198.33.164:0
ASN
#16509 AMAZON-02

File type
HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
832 B (832 bytes)
Hash
be49dd2e9699eb09642c4ea3ef383183
df60158a6d8a656f9917e8d4d99e9a59ac337fb5
a5b220f9f064477262b856b3ed268c0aaed372a566e11a07c599fef2837af13a

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/kj-link.js HTTP/1.1
Host: 628866a.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
ETag: "80ad4a198767d81:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 14 May 2022 11:38:15 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 15:48:34 GMT
Content-Length: 832
Connection: close

js.szly123.com/js/2022.js

18.166.84.185

200 OK

1.3 kB

URL HTTP/1.1
js.szly123.com/js/2022.js
IP
18.166.84.185:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (331), with CRLF line terminators
Size
1.3 kB (1317 bytes)
Hash
ca73d1d58c1621f02a3d2ca996914364
0d6950b04fdc3ea20d69eef0cfe50375fdb04aaf
b676a63cba89713057e475d622e2db06917e685ad7a3a4f34895dce042e3d7a0

HTTP Headers

GET /js/2022.js HTTP/1.1
Host: js.szly123.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
ETag: "80532e2d10ffd81:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Wed, 23 Nov 2022 07:49:55 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 13:52:20 GMT
Content-Length: 1317
Connection: close

sbx2019.com/js/sbx.js

43.198.33.164

200 OK

3.6 kB

URL HTTP/1.1
sbx2019.com/js/sbx.js
IP
43.198.33.164:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (672), with CRLF line terminators
Size
3.6 kB (3640 bytes)
Hash
70ced684afe68da47d444a8ff3151b52
3e5f07f6a7a7f2b596c8280dac9ad03789b8683e
bef98dbd143c2fca86cd0b05949385451dc2fd2c15246c77f80bba338e0b51cf

HTTP Headers

GET /js/sbx.js HTTP/1.1
Host: sbx2019.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
ETag: "80b29adc16d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Fri, 02 Dec 2022 03:55:05 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 01:45:28 GMT
Content-Length: 3640
Connection: close

699349.com/mhczjx.js

16.162.201.20

200 OK

1.1 kB

URL HTTP/1.1
699349.com/mhczjx.js
IP
16.162.201.20:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.1 kB (1128 bytes)
Hash
d0684860bd119f7bdc41e3c46e9deea5
67fda50ad30c69a4d46fc08ad1fcaf5469a304ca
fc9aee7ef7f9622accaca51d580769fc13f7310fc51125edf67279472c4fbe06

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /mhczjx.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
ETag: "80676465fc8d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Mon, 05 Dec 2022 22:53:31 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 01:25:35 GMT
Content-Length: 1128
Connection: close

699349.com/bd/tszl.js

16.162.201.20

404 Not Found

675 B

URL HTTP/1.1
699349.com/bd/tszl.js
IP
16.162.201.20:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size
675 B (675 bytes)
Hash
815ec59bc7238fae2bbe77156ad8f5b2
bc673c626b999f08c7b6ebeb9616834a08a8d3a4
b0f1e83708354377cfb1eee4ff3352255095f26b04edf23081da4c73bb068e4a

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /bd/tszl.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 404 Not Found
Content-Encoding: gzip
Content-Type: text/html
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 02:16:59 GMT
Transfer-Encoding: chunked
Connection: close

www.669925a.com/zybb/xjzl.js

16.162.201.20

200 OK

1.1 kB

URL HTTP/1.1
www.669925a.com/zybb/xjzl.js
IP
16.162.201.20:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (323), with CRLF line terminators
Size
1.1 kB (1108 bytes)
Hash
f0a7cc27bd8cf102aa4fae08c7b8e6eb
dbe33ce94f9e24124e4f2a4214366172bfefc9c6
fd2738bc85a536243e78932e1a45c4e6a56342bc95dc386689a06fbea74bdb53

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /zybb/xjzl.js HTTP/1.1
Host: www.669925a.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
ETag: "01bda93217d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:38 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 02:05:07 GMT
Content-Length: 1108
Connection: close

js.szly123.com/fivetab.js

18.166.84.185

200 OK

2.8 kB

URL HTTP/1.1
js.szly123.com/fivetab.js
IP
18.166.84.185:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (325), with CRLF line terminators
Size
2.8 kB (2831 bytes)
Hash
771d7279b11708f9ab24a9764b602a47
a419b03f631550ebbd656ead879daa5b937ad6fe
44b7bff535d4f092053b1744d4faeaef9a33e6292ed30a64dbd3a8756e0e5eb6

HTTP Headers

GET /fivetab.js HTTP/1.1
Host: js.szly123.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
ETag: "80d680b110ffd81:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Wed, 23 Nov 2022 07:53:37 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 23:58:45 GMT
Content-Length: 2831
Connection: close

699349.com/zybb/gsb1.js

16.162.201.20

200 OK

2.3 kB

URL HTTP/1.1
699349.com/zybb/gsb1.js
IP
16.162.201.20:0
ASN
#16509 AMAZON-02

File type
HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
2.3 kB (2344 bytes)
Hash
60bdc84b7b7278ad724efa7f94bb587d
ebeee7e3c74023f8ae871e5c176752031d104a6c
e8cf96fd0bdbf393658fc9b50bcc3f04a12cb4761998c35f026d5151d033ad6a

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /zybb/gsb1.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
ETag: "80844193217d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:37 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 00:01:59 GMT
Content-Length: 2344
Connection: close

699349.com/jsdc/1999.js

16.162.201.20

200 OK

1.3 kB

URL HTTP/1.1
699349.com/jsdc/1999.js
IP
16.162.201.20:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (311), with CRLF line terminators
Size
1.3 kB (1324 bytes)
Hash
4d8577e8b03c85ef9403c3841a88a0ba
4ce86f1b6e6c4ef5d238ff2b532bc937e1cf70c9
1c8be6a55ba3a1f2d1e26db04a31c18706dd3f60a06ea02f20f9cd9bc3092807

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /jsdc/1999.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
ETag: "80dde97b51cd81:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Tue, 08 Feb 2022 06:32:07 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 22:20:03 GMT
Content-Length: 1324
Connection: close

js.szly123.com/js/100.js

18.166.84.185

200 OK

1.3 kB

URL HTTP/1.1
js.szly123.com/js/100.js
IP
18.166.84.185:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (331), with CRLF line terminators
Size
1.3 kB (1304 bytes)
Hash
690dbddbeb9728abe2ddb56cfbb8c6c5
ab0cd44cbfe13f0b7754209eafa773f9d37fd3e8
5bac7b3fdc959cc6419af6b2ae88607640ffcf43ac7f6d0278873fe188e1272a

HTTP Headers

GET /js/100.js HTTP/1.1
Host: js.szly123.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
ETag: "801046a5a7fcd81:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sun, 20 Nov 2022 06:16:37 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 14:10:22 GMT
Content-Length: 1304
Connection: close

js.szly123.com/js/gg.js

18.166.84.185

200 OK

4.7 kB

URL HTTP/1.1
js.szly123.com/js/gg.js
IP
18.166.84.185:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (421), with CRLF line terminators
Size
4.7 kB (4735 bytes)
Hash
a84619e95ac5a63acd392fe6c085fd12
437b90cd68fd42822224f42a371aacfc8caae797
ce0bd7ca96d915eb6c6911c441fcadffb87fa592f35ac230ac85b3e851ef8aa8

HTTP Headers

GET /js/gg.js HTTP/1.1
Host: js.szly123.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
ETag: "93731537d3f9d81:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Wed, 16 Nov 2022 15:50:56 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 23:58:45 GMT
Content-Length: 4735
Connection: close

699349.com/zybb/ryzt.js

16.162.201.20

200 OK

753 B

URL HTTP/1.1
699349.com/zybb/ryzt.js
IP
16.162.201.20:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
753 B (753 bytes)
Hash
76f39d336810d8ca2b16bfe50bf96045
5caa711a1191e0bd8abf2cfe890ff9844773ae5b
860df8eb8f879abf429c8d74b25c90ebab1387374ed45b71bda232c24a9c8d5b

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /zybb/ryzt.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
ETag: "01bda93217d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:38 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 00:23:01 GMT
Content-Length: 753
Connection: close

699349.com/zybb/qhzt.js

16.162.201.20

200 OK

936 B

URL HTTP/1.1
699349.com/zybb/qhzt.js
IP
16.162.201.20:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
936 B (936 bytes)
Hash
30669a16665b31d0f2d653398af0dadd
b40266bfbad57755abf83882af576c08e47c7365
8521f1951ca004695449380933db3758625c8d4f9ed52ffb07622993392d9132

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /zybb/qhzt.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
ETag: "01bda93217d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:38 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 00:54:42 GMT
Content-Length: 936
Connection: close

ocsp.globalsign.com/gsgccr3dvtlsca2020

104.18.20.226

200 OK

1.4 kB

URL HTTP/1.1
ocsp.globalsign.com/gsgccr3dvtlsca2020
IP
104.18.20.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.4 kB (1414 bytes)
Hash
5425bacd37ff17f18723c39c17534d97
ab51b64d2cb0fb278f18f87826917cf14ca345c4
8509515e421095740d64f7db7c2a906cfbcfb3668ec089bd15249efc4d878889

HTTP Headers

POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 02:17:00 GMT
Content-Type: application/ocsp-response
Content-Length: 1414
Connection: keep-alive
Expires: Fri, 09 Dec 2022 22:46:01 GMT
ETag: "ab51b64d2cb0fb278f18f87826917cf14ca345c4"
Last-Modified: Mon, 05 Dec 2022 22:46:02 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2189
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 775185d47eadb50b-OSL

zerossl.ocsp.sectigo.com/

172.64.155.188

200 OK

727 B

URL HTTP/1.1
zerossl.ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
727 B (727 bytes)
Hash
1e2a68cf2847cccdf06ff255e083ea83
f637a66a2070d05bc51e3e6698fbd296fdd7d913
8ba05db74def26e59332b95e38aa97b147532acd69eee745b5ecd4e8c1158cf7

HTTP Headers

POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 02:17:00 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Sun, 04 Dec 2022 10:37:53 GMT
Expires: Sun, 11 Dec 2022 10:37:52 GMT
Etag: "f637a66a2070d05bc51e3e6698fbd296fdd7d913"
Cache-Control: max-age=461451,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775185d46a251c12-OSL

699349.com/bd/wlrt.js

16.162.201.20

404 Not Found

675 B

URL HTTP/1.1
699349.com/bd/wlrt.js
IP
16.162.201.20:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size
675 B (675 bytes)
Hash
815ec59bc7238fae2bbe77156ad8f5b2
bc673c626b999f08c7b6ebeb9616834a08a8d3a4
b0f1e83708354377cfb1eee4ff3352255095f26b04edf23081da4c73bb068e4a

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /bd/wlrt.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 404 Not Found
Content-Encoding: gzip
Content-Type: text/html
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 02:16:59 GMT
Transfer-Encoding: chunked
Connection: close

zerossl.ocsp.sectigo.com/

172.64.155.188

200 OK

727 B

URL HTTP/1.1
zerossl.ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
727 B (727 bytes)
Hash
1e2a68cf2847cccdf06ff255e083ea83
f637a66a2070d05bc51e3e6698fbd296fdd7d913
8ba05db74def26e59332b95e38aa97b147532acd69eee745b5ecd4e8c1158cf7

HTTP Headers

POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 02:17:01 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Sun, 04 Dec 2022 10:37:53 GMT
Expires: Sun, 11 Dec 2022 10:37:52 GMT
Etag: "f637a66a2070d05bc51e3e6698fbd296fdd7d913"
Cache-Control: max-age=461450,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775185d48d61b4f1-OSL

zerossl.ocsp.sectigo.com/

172.64.155.188

200 OK

727 B

URL HTTP/1.1
zerossl.ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
727 B (727 bytes)
Hash
1e2a68cf2847cccdf06ff255e083ea83
f637a66a2070d05bc51e3e6698fbd296fdd7d913
8ba05db74def26e59332b95e38aa97b147532acd69eee745b5ecd4e8c1158cf7

HTTP Headers

POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 02:17:01 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Sun, 04 Dec 2022 10:37:53 GMT
Expires: Sun, 11 Dec 2022 10:37:52 GMT
Etag: "f637a66a2070d05bc51e3e6698fbd296fdd7d913"
Cache-Control: max-age=461450,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775185d48bc7b4fa-OSL

zerossl.ocsp.sectigo.com/

172.64.155.188

200 OK

727 B

URL HTTP/1.1
zerossl.ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
727 B (727 bytes)
Hash
1e2a68cf2847cccdf06ff255e083ea83
f637a66a2070d05bc51e3e6698fbd296fdd7d913
8ba05db74def26e59332b95e38aa97b147532acd69eee745b5ecd4e8c1158cf7

HTTP Headers

POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 02:17:01 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Sun, 04 Dec 2022 10:37:53 GMT
Expires: Sun, 11 Dec 2022 10:37:52 GMT
Etag: "f637a66a2070d05bc51e3e6698fbd296fdd7d913"
Cache-Control: max-age=461450,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775185d4a9ceb523-OSL

www.669925a.com/images/amzl.gif

16.162.201.20

200 OK

23 kB

URL HTTP/1.1
www.669925a.com/images/amzl.gif
IP
16.162.201.20:0
ASN
#16509 AMAZON-02

File type
GIF image data, version 89a, 957 x 178\012- data
Size
23 kB (22806 bytes)
Hash
bb3ed49038f25e27ef2205f225164a4e
b050a050b471d5a10ae4873fbb7b294917478e21
d6e6367a2f6a7ca41d2de9187242e539e6fe4306a7aa970068104bff953ca1eb

HTTP Headers

GET /images/amzl.gif HTTP/1.1
Host: www.669925a.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
ETag: "6f1495ce8566d71:0"
Content-Type: image/gif
Last-Modified: Mon, 21 Jun 2021 10:11:31 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 23:55:09 GMT
Content-Length: 22806
Connection: close

imgs.mygai.cn/tp/hf/852_800x100.gif

107.148.135.221

404 Not Found

579 B

URL HTTP/1.1
imgs.mygai.cn/tp/hf/852_800x100.gif
IP
107.148.135.221:0
ASN
#398823 PEGTECHINC-AP-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
579 B (579 bytes)
Hash
fd257e3a9b8d3abd1ecd56a8e8e4c298
8ef622bd79a2d55116e52e16aa238af7f3aca181
697375791a2ce41a6ce2131c494e282b138174397360eb7d3accf8070cc8d282

HTTP Headers

GET /tp/hf/852_800x100.gif HTTP/1.1
Host: imgs.mygai.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 404 Not Found
Server: kangle/3.5.14
Date: Tue, 06 Dec 2022 02:15:23 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 579
Connection: close

imgs.mygai.cn/tp/49tk/49tk1.gif

107.148.135.221

404 Not Found

579 B

URL HTTP/1.1
imgs.mygai.cn/tp/49tk/49tk1.gif
IP
107.148.135.221:0
ASN
#398823 PEGTECHINC-AP-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
579 B (579 bytes)
Hash
fd257e3a9b8d3abd1ecd56a8e8e4c298
8ef622bd79a2d55116e52e16aa238af7f3aca181
697375791a2ce41a6ce2131c494e282b138174397360eb7d3accf8070cc8d282

HTTP Headers

GET /tp/49tk/49tk1.gif HTTP/1.1
Host: imgs.mygai.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 404 Not Found
Server: kangle/3.5.14
Date: Tue, 06 Dec 2022 02:15:23 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 579
Connection: close

imgs.mygai.cn/tp/00886tk/00886tk.gif

107.148.135.221

404 Not Found

579 B

URL HTTP/1.1
imgs.mygai.cn/tp/00886tk/00886tk.gif
IP
107.148.135.221:0
ASN
#398823 PEGTECHINC-AP-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
579 B (579 bytes)
Hash
fd257e3a9b8d3abd1ecd56a8e8e4c298
8ef622bd79a2d55116e52e16aa238af7f3aca181
697375791a2ce41a6ce2131c494e282b138174397360eb7d3accf8070cc8d282

HTTP Headers

GET /tp/00886tk/00886tk.gif HTTP/1.1
Host: imgs.mygai.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 404 Not Found
Server: kangle/3.5.14
Date: Tue, 06 Dec 2022 02:15:23 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 579
Connection: close

imgs.mygai.cn/tp/2025/2025hf.gif

107.148.135.221

404 Not Found

579 B

URL HTTP/1.1
imgs.mygai.cn/tp/2025/2025hf.gif
IP
107.148.135.221:0
ASN
#398823 PEGTECHINC-AP-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
579 B (579 bytes)
Hash
fd257e3a9b8d3abd1ecd56a8e8e4c298
8ef622bd79a2d55116e52e16aa238af7f3aca181
697375791a2ce41a6ce2131c494e282b138174397360eb7d3accf8070cc8d282

HTTP Headers

GET /tp/2025/2025hf.gif HTTP/1.1
Host: imgs.mygai.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 404 Not Found
Server: kangle/3.5.14
Date: Tue, 06 Dec 2022 02:15:23 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 579
Connection: close

imgs.mygai.cn/tp/hf/9898_800x100.gif

107.148.135.221

404 Not Found

579 B

URL HTTP/1.1
imgs.mygai.cn/tp/hf/9898_800x100.gif
IP
107.148.135.221:0
ASN
#398823 PEGTECHINC-AP-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
579 B (579 bytes)
Hash
fd257e3a9b8d3abd1ecd56a8e8e4c298
8ef622bd79a2d55116e52e16aa238af7f3aca181
697375791a2ce41a6ce2131c494e282b138174397360eb7d3accf8070cc8d282

HTTP Headers

GET /tp/hf/9898_800x100.gif HTTP/1.1
Host: imgs.mygai.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 404 Not Found
Server: kangle/3.5.14
Date: Tue, 06 Dec 2022 02:15:23 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 579
Connection: close

zerossl.ocsp.sectigo.com/

172.64.155.188

200 OK

727 B

URL HTTP/1.1
zerossl.ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
727 B (727 bytes)
Hash
8d89974d759f905eb16d39ebbaf182c0
f8d7e53bba587c5eb3270baff0f1b480b2c6b487
cc37d60c0804ba3bbdb07ce6a9152e6de02091ef6c4410fc4d135ed00369fbae

HTTP Headers

POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 02:17:01 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Sat, 03 Dec 2022 17:35:59 GMT
Expires: Sat, 10 Dec 2022 17:35:58 GMT
Etag: "f8d7e53bba587c5eb3270baff0f1b480b2c6b487"
Cache-Control: max-age=400136,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775185d6cd47b4fa-OSL

zerossl.ocsp.sectigo.com/

172.64.155.188

200 OK

727 B

URL HTTP/1.1
zerossl.ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
727 B (727 bytes)
Hash
8d89974d759f905eb16d39ebbaf182c0
f8d7e53bba587c5eb3270baff0f1b480b2c6b487
cc37d60c0804ba3bbdb07ce6a9152e6de02091ef6c4410fc4d135ed00369fbae

HTTP Headers

POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 02:17:01 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Sat, 03 Dec 2022 17:35:59 GMT
Expires: Sat, 10 Dec 2022 17:35:58 GMT
Etag: "f8d7e53bba587c5eb3270baff0f1b480b2c6b487"
Cache-Control: max-age=400136,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775185d6ce1fb4f1-OSL

imgs.meizhiban.cn/tp/2022/202202.gif

107.148.135.218

301 Moved Permanently

0 B

URL HTTP/1.1
imgs.meizhiban.cn/tp/2022/202202.gif
IP
107.148.135.218:0
ASN
#398823 PEGTECHINC-AP-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /tp/2022/202202.gif HTTP/1.1
Host: imgs.meizhiban.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 301 Moved Permanently
Server: kangle/3.5.14
Date: Tue, 06 Dec 2022 02:15:23 GMT
Location: https://d31q194n7fpdes.cloudfront.net/mygai/tp/2022/202202.gif
Content-Length: 0
Connection: close

669925a.com/images/tj.gif

18.166.84.185

200 OK

64 kB

URL HTTP/1.1
669925a.com/images/tj.gif
IP
18.166.84.185:0
ASN
#16509 AMAZON-02

File type
GIF image data, version 89a, 1000 x 100\012- data
Size
64 kB (63666 bytes)
Hash
887978675d2392b16a1776720a192c12
5b03cc558d8a88f81790dad3fa590e43d292cb02
e659b72736e1dc8d28542ecc908832edbc43f800302d74a51f6f35c401c90ca0

HTTP Headers

GET /images/tj.gif HTTP/1.1
Host: 669925a.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
ETag: "64d7f2e7667d81:0"
Content-Type: image/gif
Last-Modified: Sat, 14 May 2022 09:37:09 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 14:22:42 GMT
Content-Length: 63666
Connection: close

zerossl.ocsp.sectigo.com/

172.64.155.188

200 OK

727 B

URL HTTP/1.1
zerossl.ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
727 B (727 bytes)
Hash
18908006e9e94e49547f3f8d85ceb65a
80e023f70d4d93993f59a8d5281945fa95de7b3a
2bb77a27594423876e121b7e979513aa98c7778402e9cea596d72015c6e32556

HTTP Headers

POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 02:17:01 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Fri, 02 Dec 2022 19:30:20 GMT
Expires: Fri, 09 Dec 2022 19:30:19 GMT
Etag: "80e023f70d4d93993f59a8d5281945fa95de7b3a"
Cache-Control: max-age=320597,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775185d6bac11c12-OSL

ia.51.la/go1?id=21088117&rt=1670293017450&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=&ing=1&ekc=&sid=1670293017450&tt=&kw=&cu=https%253A%252F%252F699349.com%252F&pu=

103.143.19.103

200

0 B

URL HTTP/1.1
ia.51.la/go1?id=21088117&rt=1670293017450&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=&ing=1&ekc=&sid=1670293017450&tt=&kw=&cu=https%253A%252F%252F699349.com%252F&pu=
IP
103.143.19.103:0
ASN
#4837 CHINA UNICOM China169 Backbone

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /go1?id=21088117&rt=1670293017450&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=&ing=1&ekc=&sid=1670293017450&tt=&kw=&cu=https%253A%252F%252F699349.com%252F&pu= HTTP/1.1
Host: ia.51.la
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 
Server: CloudWAF
Date: Tue, 06 Dec 2022 02:17:01 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: HWWAFSESID=966a18f27cc42978291; path=/
HWWAFSESTIME=1670293017021; path=/

zerossl.ocsp.sectigo.com/

172.64.155.188

200 OK

727 B

URL HTTP/1.1
zerossl.ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
727 B (727 bytes)
Hash
18908006e9e94e49547f3f8d85ceb65a
80e023f70d4d93993f59a8d5281945fa95de7b3a
2bb77a27594423876e121b7e979513aa98c7778402e9cea596d72015c6e32556

HTTP Headers

POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 02:17:01 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Fri, 02 Dec 2022 19:30:20 GMT
Expires: Fri, 09 Dec 2022 19:30:19 GMT
Etag: "80e023f70d4d93993f59a8d5281945fa95de7b3a"
Cache-Control: max-age=320597,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775185d81ddfb4fa-OSL

699349.com/zybb/5wzt.js

16.162.201.20

200 OK

722 B

URL HTTP/1.1
699349.com/zybb/5wzt.js
IP
16.162.201.20:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
722 B (722 bytes)
Hash
717cbc8d6864af2af65e9bf3000ac9fb
39b65a734c5decf6d13cc0a02915d48ceffd67cb
f763b06ebb399fec1aa1cf9b3081dc173539d55c843890d5ee20df395a565f0a

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /zybb/5wzt.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
ETag: "0eea892217d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:36 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 01:49:42 GMT
Content-Length: 722
Connection: close

699349.com/zybb/yyzt.js

16.162.201.20

200 OK

781 B

URL HTTP/1.1
699349.com/zybb/yyzt.js
IP
16.162.201.20:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
781 B (781 bytes)
Hash
56f848637b4b2660d75dcf0bf5ab306d
ae0f5638ca02947f1fe8af35cdf70492a22c70d3
a40f3ea3eff374c4466f55e016f939be4f14e2af4ea3539da0338df7f1393d45

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /zybb/yyzt.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
ETag: "01bda93217d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:38 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 01:49:42 GMT
Content-Length: 781
Connection: close

imgs.meizhiban.cn/tp/101/100sjb.gif

107.148.135.218

404 Not Found

1.2 kB

URL HTTP/1.1
imgs.meizhiban.cn/tp/101/100sjb.gif
IP
107.148.135.218:0
ASN
#398823 PEGTECHINC-AP-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size
1.2 kB (1245 bytes)
Hash
5343c1a8b203c162a3bf3870d9f50fd4
04b5b886c20d88b57eea6d8ff882624a4ac1e51d
dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f

HTTP Headers

GET /tp/101/100sjb.gif HTTP/1.1
Host: imgs.meizhiban.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 404 Not Found
Content-Type: text/html
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 02:17:00 GMT
Content-Length: 1245
Connection: close

imgs.mygai.cn/tp/0065tk/0065tk.gif

107.148.135.221

404 Not Found

579 B

URL HTTP/1.1
imgs.mygai.cn/tp/0065tk/0065tk.gif
IP
107.148.135.221:0
ASN
#398823 PEGTECHINC-AP-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
579 B (579 bytes)
Hash
fd257e3a9b8d3abd1ecd56a8e8e4c298
8ef622bd79a2d55116e52e16aa238af7f3aca181
697375791a2ce41a6ce2131c494e282b138174397360eb7d3accf8070cc8d282

HTTP Headers

GET /tp/0065tk/0065tk.gif HTTP/1.1
Host: imgs.mygai.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 404 Not Found
Server: kangle/3.5.14
Date: Tue, 06 Dec 2022 02:15:23 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 579
Connection: close

imgs.mygai.cn/tp/hf/1989_800x100.gif

107.148.135.221

404 Not Found

579 B

URL HTTP/1.1
imgs.mygai.cn/tp/hf/1989_800x100.gif
IP
107.148.135.221:0
ASN
#398823 PEGTECHINC-AP-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
579 B (579 bytes)
Hash
fd257e3a9b8d3abd1ecd56a8e8e4c298
8ef622bd79a2d55116e52e16aa238af7f3aca181
697375791a2ce41a6ce2131c494e282b138174397360eb7d3accf8070cc8d282

HTTP Headers

GET /tp/hf/1989_800x100.gif HTTP/1.1
Host: imgs.mygai.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 404 Not Found
Server: kangle/3.5.14
Date: Tue, 06 Dec 2022 02:15:23 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 579
Connection: close

imgs.mygai.cn/tp/101/100cphf.gif

107.148.135.221

404 Not Found

579 B

URL HTTP/1.1
imgs.mygai.cn/tp/101/100cphf.gif
IP
107.148.135.221:0
ASN
#398823 PEGTECHINC-AP-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
579 B (579 bytes)
Hash
fd257e3a9b8d3abd1ecd56a8e8e4c298
8ef622bd79a2d55116e52e16aa238af7f3aca181
697375791a2ce41a6ce2131c494e282b138174397360eb7d3accf8070cc8d282

HTTP Headers

GET /tp/101/100cphf.gif HTTP/1.1
Host: imgs.mygai.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 404 Not Found
Server: kangle/3.5.14
Date: Tue, 06 Dec 2022 02:15:23 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 579
Connection: close

imgs.mygai.cn/tp/00852tk/00852tk.gif

107.148.135.221

404 Not Found

579 B

URL HTTP/1.1
imgs.mygai.cn/tp/00852tk/00852tk.gif
IP
107.148.135.221:0
ASN
#398823 PEGTECHINC-AP-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
579 B (579 bytes)
Hash
fd257e3a9b8d3abd1ecd56a8e8e4c298
8ef622bd79a2d55116e52e16aa238af7f3aca181
697375791a2ce41a6ce2131c494e282b138174397360eb7d3accf8070cc8d282

HTTP Headers

GET /tp/00852tk/00852tk.gif HTTP/1.1
Host: imgs.mygai.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 404 Not Found
Server: kangle/3.5.14
Date: Tue, 06 Dec 2022 02:15:23 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 579
Connection: close

imgs.mygai.cn/tp/hf/1999_800x100.gif

107.148.135.221

404 Not Found

579 B

URL HTTP/1.1
imgs.mygai.cn/tp/hf/1999_800x100.gif
IP
107.148.135.221:0
ASN
#398823 PEGTECHINC-AP-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
579 B (579 bytes)
Hash
fd257e3a9b8d3abd1ecd56a8e8e4c298
8ef622bd79a2d55116e52e16aa238af7f3aca181
697375791a2ce41a6ce2131c494e282b138174397360eb7d3accf8070cc8d282

HTTP Headers

GET /tp/hf/1999_800x100.gif HTTP/1.1
Host: imgs.mygai.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 404 Not Found
Server: kangle/3.5.14
Date: Tue, 06 Dec 2022 02:15:23 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 579
Connection: close

699349.com/zybb/dhzt.js

16.162.201.20

200 OK

764 B

URL HTTP/1.1
699349.com/zybb/dhzt.js
IP
16.162.201.20:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
764 B (764 bytes)
Hash
17f1b6ee383a543698168fa243d97c2a
0d5d11f7a21aa5863f3a6deb358a7fb70bc0f342
bf218c605646f7b57cf2c1192af89d0385bd112aad82a723dc5eec3cbc64c498

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /zybb/dhzt.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
ETag: "0eea892217d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:36 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 01:49:42 GMT
Content-Length: 764
Connection: close

www.290996a.com/tu/%E5%85%AD%E5%90%88%E5%BD%A9.png

18.166.84.185

200 OK

3.3 kB

URL HTTP/1.1
www.290996a.com/tu/%E5%85%AD%E5%90%88%E5%BD%A9.png
IP
18.166.84.185:0
ASN
#16509 AMAZON-02

File type
PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced\012- data
Size
3.3 kB (3253 bytes)
Hash
7d85182ed9e949c8359e29b99a15b6a4
ad844dadd7fb80580325fe2e55c8444f67b99e16
d3c6700276f398a149f080b83d1be5f1706b1387661c479bcc96a821c1bba7db

HTTP Headers

GET /tu/%E5%85%AD%E5%90%88%E5%BD%A9.png HTTP/1.1
Host: www.290996a.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
ETag: "109c534ebb83d41:0"
Content-Type: image/png
Last-Modified: Sat, 24 Nov 2018 06:02:39 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 01:39:12 GMT
Content-Length: 3253
Connection: close

www.775592.com/img/6.png

43.198.33.164

200 OK

3.7 kB

URL HTTP/1.1
www.775592.com/img/6.png
IP
43.198.33.164:0
ASN
#16509 AMAZON-02

File type
PNG image data, 100 x 100, 8-bit colormap, non-interlaced\012- data
Size
3.7 kB (3706 bytes)
Hash
8796a3b03fd42f1b1d7d7e2cf05b3bb4
0f34af2ff701dbf5d1ad5bedd3530b9ca8f0e927
77dc2df72ae98a651b05e63320e53c5f24f0a44bbf54b8b2d69312f5cbd48b02

HTTP Headers

GET /img/6.png HTTP/1.1
Host: www.775592.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
ETag: "70c81f6ccd19d51:0"
Content-Type: image/png
Last-Modified: Mon, 03 Jun 2019 05:30:15 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 13:59:33 GMT
Content-Length: 3706
Connection: close

www.290996a.com/images/sbx.gif

18.166.84.185

200 OK

6.2 kB

URL HTTP/1.1
www.290996a.com/images/sbx.gif
IP
18.166.84.185:0
ASN
#16509 AMAZON-02

File type
GIF image data, version 89a, 120 x 91\012- data
Size
6.2 kB (6152 bytes)
Hash
accda4679e65b975b589dedae25a3a6a
6d62feb19bad82fe34ca0ec6477d811b1cd2675f
56afc3cf038eacd0a4b7016bbd0272f514aadff241e0045ec3488d1e90f60fa1

HTTP Headers

GET /images/sbx.gif HTTP/1.1
Host: www.290996a.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
ETag: "ac73b7a67ccd51:0"
Content-Type: image/gif
Last-Modified: Thu, 16 Jan 2020 12:21:27 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 13:56:59 GMT
Content-Length: 6152
Connection: close

905566a.com/images/8.png

43.198.33.164

200 OK

10 kB

URL HTTP/1.1
905566a.com/images/8.png
IP
43.198.33.164:0
ASN
#16509 AMAZON-02

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=3, software=Adobe Photoshop CS6 (Windows), datetime=2017-05-19T17:32:36+08:00], baseline, precision 8, 300x300, components 3\012- data
Size
10 kB (10179 bytes)
Hash
dae8da57ad90df205964de1a3511869d
b02e94c06eac5f255d0af37f0a6443f8bd371269
e8b179efb1b5eee704a9b7e3cf8c36a59c646c9bb7f1acd5ac7e4b1b2e88a5a8

HTTP Headers

GET /images/8.png HTTP/1.1
Host: 905566a.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
ETag: "7a5b50332f5d41:0"
Content-Type: image/png
Last-Modified: Wed, 17 Apr 2019 09:44:50 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/10.0
Date: Tue, 06 Dec 2022 01:39:12 GMT
Content-Length: 10179
Connection: close

www.290996a.com/images/sxsx.png

18.166.84.185

200 OK

3.8 kB

URL HTTP/1.1
www.290996a.com/images/sxsx.png
IP
18.166.84.185:0
ASN
#16509 AMAZON-02

File type
PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced\012- data
Size
3.8 kB (3776 bytes)
Hash
0ef25c8c777978ad14f4ccb0c77da6bf
d795c4f4f3428f04548754136bc0dbd1af92faac
75c65512497bb3a2ebe49d37bde8fc1ef7a5253871c6d58a28a1accd8d42114a

HTTP Headers

GET /images/sxsx.png HTTP/1.1
Host: www.290996a.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
ETag: "29fc7924429bd41:0"
Content-Type: image/png
Last-Modified: Mon, 24 Dec 2018 04:35:48 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 01:39:11 GMT
Content-Length: 3776
Connection: close

www.290996a.com/tu/pk10.png

18.166.84.185

200 OK

3.2 kB

URL HTTP/1.1
www.290996a.com/tu/pk10.png
IP
18.166.84.185:0
ASN
#16509 AMAZON-02

File type
PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced\012- data
Size
3.2 kB (3171 bytes)
Hash
928308dc01922e337feffe659787a9e5
2bc281633711710a1ef8fd20e3e00428395e7eb3
6c59557f63d4c8bf0e47bce1b498aece087ade47efbc87c02cabaa4bf5a2000a

HTTP Headers

GET /tu/pk10.png HTTP/1.1
Host: www.290996a.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
ETag: "beb29f4dbb83d41:0"
Content-Type: image/png
Last-Modified: Sat, 24 Nov 2018 06:02:38 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 01:39:11 GMT
Content-Length: 3171
Connection: close

www.290996a.com/tu/%E6%97%B6%E6%97%B6%E5%BD%A9.png

18.166.84.185

200 OK

3.2 kB

URL HTTP/1.1
www.290996a.com/tu/%E6%97%B6%E6%97%B6%E5%BD%A9.png
IP
18.166.84.185:0
ASN
#16509 AMAZON-02

File type
PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced\012- data
Size
3.2 kB (3240 bytes)
Hash
6c4b987758b8221441aa601f0ac70b38
535984741aba5253b1dc8c20ac6a80a415025494
116d3d50171810bd46a54d0fcca787863623aed6ea5da3d971cf3365db25174f

HTTP Headers

GET /tu/%E6%97%B6%E6%97%B6%E5%BD%A9.png HTTP/1.1
Host: www.290996a.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
ETag: "acd754fbb83d41:0"
Content-Type: image/png
Last-Modified: Sat, 24 Nov 2018 06:02:40 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 01:39:12 GMT
Content-Length: 3240
Connection: close

290997a.com/images/colors.png

43.198.33.164

200 OK

4.2 kB

URL HTTP/1.1
290997a.com/images/colors.png
IP
43.198.33.164:0
ASN
#16509 AMAZON-02

File type
PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced\012- data
Size
4.2 kB (4190 bytes)
Hash
179fe0b168c0963d292ba3bf44666796
56cec0596b0f2cb07846ab075bf3e3453b67ebb7
a3be6bb501c15359aa7515e000e03755e112ebd07d12d7f77bbba5078473aa41

HTTP Headers

GET /images/colors.png HTTP/1.1
Host: 290997a.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
ETag: "59a86d5419bd41:0"
Content-Type: image/png
Last-Modified: Mon, 24 Dec 2018 04:33:35 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 01:39:12 GMT
Content-Length: 4190
Connection: close

699349.com/zybb/ds3x.js

16.162.201.20

200 OK

797 B

URL HTTP/1.1
699349.com/zybb/ds3x.js
IP
16.162.201.20:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
797 B (797 bytes)
Hash
1179f3dbd5b6b47bad801b62e910f105
689dc9ac51dd1476f4891f56174bb5e538dd70af
abdf3191c4e777b12af5c09561d5756ea064aad6e0d7490471fa4f3bfef71e9f

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /zybb/ds3x.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
ETag: "0eea892217d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:36 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 01:49:42 GMT
Content-Length: 797
Connection: close

imgs.mygai.cn/tp/hf/895_800x100.gif

107.148.135.221

404 Not Found

579 B

URL HTTP/1.1
imgs.mygai.cn/tp/hf/895_800x100.gif
IP
107.148.135.221:0
ASN
#398823 PEGTECHINC-AP-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
579 B (579 bytes)
Hash
fd257e3a9b8d3abd1ecd56a8e8e4c298
8ef622bd79a2d55116e52e16aa238af7f3aca181
697375791a2ce41a6ce2131c494e282b138174397360eb7d3accf8070cc8d282

HTTP Headers

GET /tp/hf/895_800x100.gif HTTP/1.1
Host: imgs.mygai.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 404 Not Found
Server: kangle/3.5.14
Date: Tue, 06 Dec 2022 02:15:24 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 579
Connection: close

699349.com/zybb/nvxzt.js

16.162.201.20

200 OK

817 B

URL HTTP/1.1
699349.com/zybb/nvxzt.js
IP
16.162.201.20:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
817 B (817 bytes)
Hash
74b1f903aac8a534416d5fee3a40da92
f050a37aec8198661d566ad0d51dea96309977bc
79f83b7660b5b49dcd6041894e911cff8d357300b7ef9d5d0723b4d100d3ebdc

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /zybb/nvxzt.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
ETag: "80844193217d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:37 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 23:44:42 GMT
Content-Length: 817
Connection: close

905566a.com/images/7.jpg

43.198.33.164

200 OK

17 kB

URL HTTP/1.1
905566a.com/images/7.jpg
IP
43.198.33.164:0
ASN
#16509 AMAZON-02

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 512x512, components 3\012- data
Size
17 kB (16760 bytes)
Hash
d803b4cf1dc2437adac8ad9706ece0c4
f97bb7ddffca37cd88e14ec0c4e2571ff429ed44
05acede47462a44cd4fa008afbe6d7ce1cd993f753c8cd2382d719218a63ba21

HTTP Headers

GET /images/7.jpg HTTP/1.1
Host: 905566a.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
ETag: "a188eb312f5d41:0"
Content-Type: image/jpeg
Last-Modified: Wed, 17 Apr 2019 09:44:47 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/10.0
Date: Mon, 05 Dec 2022 23:55:11 GMT
Content-Length: 16760
Connection: close

www.290996a.com/tu/lf888.png

18.166.84.185

200 OK

22 kB

URL HTTP/1.1
www.290996a.com/tu/lf888.png
IP
18.166.84.185:0
ASN
#16509 AMAZON-02

File type
PNG image data, 103 x 112, 8-bit/color RGBA, non-interlaced\012- data
Size
22 kB (22523 bytes)
Hash
c5b6657412d0b878e34fbd7a19957f3a
4ee5a750b415ffe518aa9f3ee9cdb1b79b058b0f
5b207172438d153afd973450add6ce41d67780f71a11f4e56405a4aae5aab728

HTTP Headers

GET /tu/lf888.png HTTP/1.1
Host: www.290996a.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
ETag: "60606c9c415ad51:0"
Content-Type: image/png
Last-Modified: Sat, 24 Aug 2019 06:03:12 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 00:10:43 GMT
Content-Length: 22523
Connection: close

699349.com/jsdc/895cc.js

16.162.201.20

200 OK

1.3 kB

URL HTTP/1.1
699349.com/jsdc/895cc.js
IP
16.162.201.20:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (311), with CRLF line terminators
Size
1.3 kB (1320 bytes)
Hash
80bbd5f3d10c08b7645f8e06c0fde184
2d00281cbd3e1216ce2e9edd0f3ef6243366ffc6
e8548ff06a9e7e167235f25ebf3df7d1116e61cd1d91d9b900d0f8b7b5a88285

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /jsdc/895cc.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Content-Encoding: gzip
ETag: "72e61a98b51cd81:0"
Content-Type: application/javascript
Last-Modified: Tue, 08 Feb 2022 06:32:07 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 00:02:00 GMT
Content-Length: 1320
Connection: close

imgs.mygai.cn/tp/49tk/49tk3.gif

107.148.135.221

404 Not Found

579 B

URL HTTP/1.1
imgs.mygai.cn/tp/49tk/49tk3.gif
IP
107.148.135.221:0
ASN
#398823 PEGTECHINC-AP-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
579 B (579 bytes)
Hash
fd257e3a9b8d3abd1ecd56a8e8e4c298
8ef622bd79a2d55116e52e16aa238af7f3aca181
697375791a2ce41a6ce2131c494e282b138174397360eb7d3accf8070cc8d282

HTTP Headers

GET /tp/49tk/49tk3.gif HTTP/1.1
Host: imgs.mygai.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 404 Not Found
Server: kangle/3.5.14
Date: Tue, 06 Dec 2022 02:15:24 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 579
Connection: close

628866a.com/images/sx004.jpg

43.198.33.164

200 OK

418 kB

URL HTTP/1.1
628866a.com/images/sx004.jpg
IP
43.198.33.164:0
ASN
#16509 AMAZON-02

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=1280, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=960], baseline, precision 8, 960x1280, components 3\012- data
Size
418 kB (418548 bytes)
Hash
cf261190edae73c2d51796b7a8dbe5a5
fe9faa7fa093feb4a0212413e9973c2f8000d49f
1f0da2afea3675b1cb0344468578b041cb6fe2c48f1370a73ea834037ca7b082

HTTP Headers

GET /images/sx004.jpg HTTP/1.1
Host: 628866a.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
ETag: "8f5a9a0e2fed61:0"
Content-Type: image/jpeg
Last-Modified: Tue, 09 Feb 2021 12:53:56 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 01:39:13 GMT
Content-Length: 418548
Connection: close

imgs.mygai.cn/tp/8769/8769hf.gif

107.148.135.221

404 Not Found

579 B

URL HTTP/1.1
imgs.mygai.cn/tp/8769/8769hf.gif
IP
107.148.135.221:0
ASN
#398823 PEGTECHINC-AP-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
579 B (579 bytes)
Hash
fd257e3a9b8d3abd1ecd56a8e8e4c298
8ef622bd79a2d55116e52e16aa238af7f3aca181
697375791a2ce41a6ce2131c494e282b138174397360eb7d3accf8070cc8d282

HTTP Headers

GET /tp/8769/8769hf.gif HTTP/1.1
Host: imgs.mygai.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 404 Not Found
Server: kangle/3.5.14
Date: Tue, 06 Dec 2022 02:15:24 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 579
Connection: close

699349.com/zybb/tdzt.js

16.162.201.20

200 OK

814 B

URL HTTP/1.1
699349.com/zybb/tdzt.js
IP
16.162.201.20:0
ASN
#16509 AMAZON-02

File type
HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
814 B (814 bytes)
Hash
fbcdb1e79ea5239f8af8b4e4550f1644
2aae1c27614a43da3a6707163c0239bcd4685b98
03cf34ad202a561e0d9491a7e0a62b7e3533ff0754536d9399db660f22ed07ba

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /zybb/tdzt.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Content-Encoding: gzip
ETag: "1be074f4a17d91:0"
Content-Type: application/javascript
Last-Modified: Sun, 04 Dec 2022 05:33:35 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 20:31:02 GMT
Content-Length: 814
Connection: close

699349.com/zybb/5xzt.js

16.162.201.20

200 OK

1.5 kB

URL HTTP/1.1
699349.com/zybb/5xzt.js
IP
16.162.201.20:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
1.5 kB (1492 bytes)
Hash
5492950bcd256d496b0a67dcd37594ea
0c5b52c321afe39d1faaa8569c3762594fa90bd1
2ef9a0d8bc4398e528046605fdc57cd8011432083a8a1ced7596356d80c73705

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /zybb/5xzt.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
ETag: "0eea892217d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:36 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 01:49:42 GMT
Content-Length: 1492
Connection: close

699349.com/jsdc/9898.js

16.162.201.20

200 OK

1.3 kB

URL HTTP/1.1
699349.com/jsdc/9898.js
IP
16.162.201.20:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (311), with CRLF line terminators
Size
1.3 kB (1317 bytes)
Hash
91a223b0c90a5bcf10798282e143504c
a44ef11319747ba51377b0488159e7778b365efe
efe4c7b8b4c7bcc1740b4d4d3e2c396e753aa26b3114c08a94244367eaf94387

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /jsdc/9898.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Content-Encoding: gzip
ETag: "3ddc7a4f22d6d81:0"
Content-Type: application/javascript
Last-Modified: Sun, 02 Oct 2022 05:46:25 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 00:02:01 GMT
Content-Length: 1317
Connection: close

699349.com/zybb/ptyx.js

16.162.201.20

200 OK

844 B

URL HTTP/1.1
699349.com/zybb/ptyx.js
IP
16.162.201.20:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
844 B (844 bytes)
Hash
351a50440a0222439a43b95c28f2b326
8d56f53afffa50785c070f911b529ca3428fde57
4bbdc24ef55e15e9c0c435b11070a18ec9c58df244c3ae287d92b231ed85e1ec

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /zybb/ptyx.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
ETag: "80844193217d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:37 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 01:49:42 GMT
Content-Length: 844
Connection: close

628866a.com/images/sx002.jpg

43.198.33.164

200 OK

386 kB

URL HTTP/1.1
628866a.com/images/sx002.jpg
IP
43.198.33.164:0
ASN
#16509 AMAZON-02

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 1x1, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, software=www.meitu.com], baseline, precision 8, 1440x900, components 3\012- data
Size
386 kB (386517 bytes)
Hash
5a8bd9cb921927c2d02d9a6f7c25d8c0
5737c6396bcd7d5249048bd05887eb76440aee99
fd7fe5380476127a04ee860b0bac7c0cbff17cf35e38cbf00f7e5d2c3431e1d5

HTTP Headers

GET /images/sx002.jpg HTTP/1.1
Host: 628866a.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
ETag: "9d561fa1e2fed61:0"
Content-Type: image/jpeg
Last-Modified: Tue, 09 Feb 2021 12:53:57 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 22:31:26 GMT
Content-Length: 386517
Connection: close

699349.com/bd/pttg.js

16.162.201.20

200 OK

3.8 kB

URL HTTP/1.1
699349.com/bd/pttg.js
IP
16.162.201.20:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
3.8 kB (3813 bytes)
Hash
d550d03e6a8602499dea773ce9b74b23
54efe0adde5d710eac9aef121a047f4c163a81c8
b576c96f7b5117b5bd143fa6f7ac0a2e119ef318c591ef63372d8820e1cdd8b1

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /bd/pttg.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
ETag: "80b5a5ec197d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 13:19:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 00:28:08 GMT
Content-Length: 3813
Connection: close

699349.com/zybb/ptyw.js

16.162.201.20

200 OK

1.1 kB

URL HTTP/1.1
699349.com/zybb/ptyw.js
IP
16.162.201.20:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
1.1 kB (1055 bytes)
Hash
ae700f80fc11c55a1878f2a1f6018c6c
390fe67613ca33bfcbc37c9f42a6df63fd72c3cf
4e6c1b17f1287de2cb1e716ab76e85d59d613d5eacb6f50c728caa3cf96894e8

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /zybb/ptyw.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
ETag: "80844193217d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:37 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 13:59:46 GMT
Content-Length: 1055
Connection: close

628866a.com/images/sx003.jpg

43.198.33.164

200 OK

77 kB

URL HTTP/1.1
628866a.com/images/sx003.jpg
IP
43.198.33.164:0
ASN
#16509 AMAZON-02

File type
JPEG image data, baseline, precision 8, 501x722, components 3\012- data
Size
77 kB (76750 bytes)
Hash
489ea9332ce03d4378afd0c4dfae8b69
39834c555e165e7ba483849cb3f961a966a2cbe2
b5fa3028ebbd0edf0f2a5798f1df71509e35daaa108da14cf013aab934be0662

HTTP Headers

GET /images/sx003.jpg HTTP/1.1
Host: 628866a.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
ETag: "97315aa0e2fed61:0"
Content-Type: image/jpeg
Last-Modified: Tue, 09 Feb 2021 12:53:56 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 22:34:48 GMT
Content-Length: 76750
Connection: close

628866a.com/images/sx001.jpg

43.198.33.164

200 OK

1.1 MB

URL HTTP/1.1
628866a.com/images/sx001.jpg
IP
43.198.33.164:0
ASN
#16509 AMAZON-02

File type
PNG image data, 972 x 690, 8-bit/color RGBA, non-interlaced\012- data
Size
1.1 MB (1079505 bytes)
Hash
13be2b66ee5e018a7f05fdd2137f0ffc
91fc72147092152e9a1fec6c0a6a048800b633c0
070af32e38af80515a54f85e3acf241a03acb18354c0534e2ac9eab8961bbd47

HTTP Headers

GET /images/sx001.jpg HTTP/1.1
Host: 628866a.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
ETag: "15dd7fb34116d81:0"
Content-Type: image/jpeg
Last-Modified: Mon, 31 Jan 2022 01:27:24 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 22:32:10 GMT
Content-Length: 1079505
Connection: close

699349.com/zybb/dslx.js

16.162.201.20

200 OK

861 B

URL HTTP/1.1
699349.com/zybb/dslx.js
IP
16.162.201.20:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
861 B (861 bytes)
Hash
ae2fa9862cc3966cc5fdaa8086ea1a28
74b019b17a1fe69a7b48669be53e943dadea98a1
853326c7d76cc89cfd03d84b5a9f5a6406a50601fd706333c4dc513a7fe2d5ea

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /zybb/dslx.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
ETag: "80844193217d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:37 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 02:05:31 GMT
Content-Length: 861
Connection: close

699349.com/zybb/24ma.js

16.162.201.20

200 OK

1.5 kB

URL HTTP/1.1
699349.com/zybb/24ma.js
IP
16.162.201.20:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
1.5 kB (1467 bytes)
Hash
16e49c9c9effa65ec7705400d52cc0d1
619affd7d8d7db04c496e76ea82b1fbc594689dc
1de9bd2df0d9bd5aba3d6aff1267226a9c62ec6e6a2fddceaf4bbac904ea4dac

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /zybb/24ma.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
ETag: "0eea892217d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:36 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 23:44:43 GMT
Content-Length: 1467
Connection: close

699349.com/zybb/zyzt.js

16.162.201.20

200 OK

754 B

URL HTTP/1.1
699349.com/zybb/zyzt.js
IP
16.162.201.20:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
754 B (754 bytes)
Hash
f4bd219f5a87e4cabefda2d7a3d71b13
016ee8a48eb0dac7b0f12db3f546ebf8589cf842
76d4a00102c057cd657d83083b6eceac91433dbf764e47ebf03ac115951e2c17

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /zybb/zyzt.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
ETag: "01bda93217d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:38 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 00:23:02 GMT
Content-Length: 754
Connection: close

699349.com/zybb/xdxzt.js

16.162.201.20

200 OK

750 B

URL HTTP/1.1
699349.com/zybb/xdxzt.js
IP
16.162.201.20:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
750 B (750 bytes)
Hash
16bc73eedb253037f5b7d94ae9533f7a
ff624bc5a7e69fd58479bd86163aaab8473b79bb
4a76bd0237e984340a3e33129df1601b7b07a7270905bfed0d3c579cde55a3fe

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /zybb/xdxzt.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
ETag: "01bda93217d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:38 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 23:44:43 GMT
Content-Length: 750
Connection: close

699349.com/zybb/gsb2.js

16.162.201.20

200 OK

1.4 kB

URL HTTP/1.1
699349.com/zybb/gsb2.js
IP
16.162.201.20:0
ASN
#16509 AMAZON-02

File type
HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
1.4 kB (1407 bytes)
Hash
33ed43e41648abd8a8737a3fe1777228
252e60c7df16b2373447a3b6be9f4d27d0a98a51
ecc019b54c39557ee824f9600aba780a47248c7a2505475131fa4975caaecbd3

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /zybb/gsb2.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
ETag: "80844193217d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:37 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 00:54:43 GMT
Content-Length: 1407
Connection: close

699349.com/zybb/4jzt.js

16.162.201.20

200 OK

792 B

URL HTTP/1.1
699349.com/zybb/4jzt.js
IP
16.162.201.20:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
792 B (792 bytes)
Hash
4c4dc616fc55821a698d1140815cd8f3
d033f2e5a4f685b5bbb9b938cf6df1c49476e506
f79eefb5325a4d163fc3e552c9bf118323adf8fab05b86e6306aa2dc6c576e19

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /zybb/4jzt.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
ETag: "0eea892217d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:36 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 01:49:43 GMT
Content-Length: 792
Connection: close

699349.com/zybb/hbzt.js

16.162.201.20

200 OK

847 B

URL HTTP/1.1
699349.com/zybb/hbzt.js
IP
16.162.201.20:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
847 B (847 bytes)
Hash
40d8f4d6c712eb4498ebebbc67484ca2
51b441159de4ee74b8d981016f20684ca6893f86
4ecce0a74e8ab72d21bb84630e942caf06a3efd62d0e3138be66ac9cd4c7dd72

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /zybb/hbzt.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
ETag: "80844193217d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:37 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 23:44:44 GMT
Content-Length: 847
Connection: close

699349.com/zybb/ywbzt.js

16.162.201.20

200 OK

556 B

URL HTTP/1.1
699349.com/zybb/ywbzt.js
IP
16.162.201.20:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
556 B (556 bytes)
Hash
dbfb74e16d291f66512806b17781fc22
a464d8b44e10c7b45f094dbf0abce0a94e4eabc1
7e7574bb2225135aacfece96445fb7f18038493b0f4d86f2f9d48dfe33e72966

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /zybb/ywbzt.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
ETag: "01bda93217d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:38 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 23:44:44 GMT
Content-Length: 556
Connection: close

699349.com/zybb/dsbzt.js

16.162.201.20

200 OK

942 B

URL HTTP/1.1
699349.com/zybb/dsbzt.js
IP
16.162.201.20:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
942 B (942 bytes)
Hash
312c7f625c0f36aac9b50fc7a3bd88ef
afa8ffe68813627328dab76a7d4bc3f54ea0f3b0
2fe094bd0ea77cda61e11cac7b43f31f59978d1a83bf9c66180e847a20cfd42e

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /zybb/dsbzt.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Content-Encoding: gzip
ETag: "87844093217d91:0"
Content-Type: application/javascript
Last-Modified: Sat, 03 Dec 2022 14:14:36 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 14:12:02 GMT
Content-Length: 942
Connection: close

699349.com/zybb/gongshi.js

16.162.201.20

200 OK

869 B

URL HTTP/1.1
699349.com/zybb/gongshi.js
IP
16.162.201.20:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
869 B (869 bytes)
Hash
7a267f60344fec389e3c0bbce3efe3ba
238d1d0708356caedc08cd039bf4d726ed67bd9f
b01b3d689baf1690f51527e05bea593f1bd5ae3caf0b7f29f43fe985768bd7c1

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /zybb/gongshi.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
ETag: "80844193217d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:37 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 23:44:44 GMT
Content-Length: 869
Connection: close

699349.com/zybb/jmxc.js

16.162.201.20

200 OK

994 B

URL HTTP/1.1
699349.com/zybb/jmxc.js
IP
16.162.201.20:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
994 B (994 bytes)
Hash
8413295f82115c4d8ab3cae26f4a771e
c50b89748deb84bdad22380706a5477844f21c98
6c76c05444e6ebaac3e4b771c7dfa092cd118b7fdaa3d2db46781d2f01235b3e

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /zybb/jmxc.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
ETag: "80844193217d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:37 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 00:35:18 GMT
Content-Length: 994
Connection: close

699349.com/zybb/lbzt.js

16.162.201.20

200 OK

1.1 kB

URL HTTP/1.1
699349.com/zybb/lbzt.js
IP
16.162.201.20:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
1.1 kB (1107 bytes)
Hash
bc3b109a4d7fd1f640cd9115d1484d55
c9a075cdae853852223a8c525b1a9045356736bc
ad1292d17aaef9305a52b5bd54c096baea3172a3bcd7c5d1a83bef97d5a3a81b

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /zybb/lbzt.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
ETag: "80844193217d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:37 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 00:28:15 GMT
Content-Length: 1107
Connection: close

699349.com/jsdc/49ac.js

16.162.201.20

200 OK

1.7 kB

URL HTTP/1.1
699349.com/jsdc/49ac.js
IP
16.162.201.20:0
ASN
#16509 AMAZON-02

File type
HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (311), with CRLF line terminators
Size
1.7 kB (1725 bytes)
Hash
1dd52b1a2fd24f57ed713d258cf25668
598f2382be5960d967f5424300bf5c51f501a056
97a9741571d36591084da6e3541123c2a61b232ea43a01d9e67c9ed518cedaba

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /jsdc/49ac.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Content-Encoding: gzip
ETag: "808c6486e81bd81:0"
Content-Type: application/javascript
Last-Modified: Mon, 07 Feb 2022 06:04:10 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 00:05:08 GMT
Content-Length: 1725
Connection: close

699349.com/jiuxiaoyima.js

16.162.201.20

200 OK

1.3 kB

URL HTTP/1.1
699349.com/jiuxiaoyima.js
IP
16.162.201.20:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.3 kB (1300 bytes)
Hash
b85311c8025c51deac09a36cfc067e7b
82d08dc8cf8b1dbb45f4758d657ceb81e2abbf69
50c006b42668af51af14a37e9131666ef43cdf249047404ff3538b56027cc25c

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /jiuxiaoyima.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
ETag: "80b17294217d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:39 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 01:49:43 GMT
Content-Length: 1300
Connection: close

699349.com/zybb/gsb3.js

16.162.201.20

200 OK

954 B

URL HTTP/1.1
699349.com/zybb/gsb3.js
IP
16.162.201.20:0
ASN
#16509 AMAZON-02

File type
HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
954 B (954 bytes)
Hash
64fcea2274be1eb52dada508ff12abfb
b1537b66477f3416d2e750a718921159e448f52b
8ac7a641417135739d0f18a489ede85c02b99175addade27632917a61cf9e13e

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /zybb/gsb3.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
ETag: "80844193217d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:37 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 01:49:43 GMT
Content-Length: 954
Connection: close

699349.com/zybb/3qbc.js

16.162.201.20

200 OK

862 B

URL HTTP/1.1
699349.com/zybb/3qbc.js
IP
16.162.201.20:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
862 B (862 bytes)
Hash
b6446f10764651aa4014031cc736d935
8ccbcdc87b216a3336428e4843d8a5b104f8ec6a
2ab160d91ec6267266c1da1ee5ae567aab15055153ddbbbc4bda1241b716a0e5

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /zybb/3qbc.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
ETag: "0eea892217d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:36 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 23:44:44 GMT
Content-Length: 862
Connection: close

699349.com/zybb/dxdzt.js

16.162.201.20

200 OK

864 B

URL HTTP/1.1
699349.com/zybb/dxdzt.js
IP
16.162.201.20:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
864 B (864 bytes)
Hash
4d9a6ea33952c0d351431d65dfd62d4e
0d0ff3b427275e9b62496146843c6c1d42f5cb34
d9eeeff394299cccaa4a0b9a8205ac658234ba072468ef4b21aadb55f5760b39

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /zybb/dxdzt.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
ETag: "80844193217d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:37 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 01:49:43 GMT
Content-Length: 864
Connection: close

699349.com/bd/tugsb.js

16.162.201.20

200 OK

11 kB

URL HTTP/1.1
699349.com/bd/tugsb.js
IP
16.162.201.20:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
11 kB (10902 bytes)
Hash
ecdfd1197f03f977fc8794ac0e52f1c0
ca6797e42549d210025b6828b13c7727d8353c95
475ca60fb97b5f957ed64bb3c1f22a60b7581e2ad024f7bf6cd22fa320022845

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /bd/tugsb.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
ETag: "071951a6559d81:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Tue, 26 Apr 2022 11:59:38 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 23:18:29 GMT
Content-Length: 10902
Connection: close

699349.com/zybb/jyzt.js

16.162.201.20

200 OK

719 B

URL HTTP/1.1
699349.com/zybb/jyzt.js
IP
16.162.201.20:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
719 B (719 bytes)
Hash
c76239f943f07b11a0b0a869667a74fb
e77751460670be829755e7d18858f1abf7658e40
f2d2e707063d4eccd5bb3dc8382a729da420132b85739af9036ae539d6ce6aad

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /zybb/jyzt.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
ETag: "80844193217d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:37 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 01:49:44 GMT
Content-Length: 719
Connection: close

699349.com/zybb/caitu.js

16.162.201.20

200 OK

918 B

URL HTTP/1.1
699349.com/zybb/caitu.js
IP
16.162.201.20:0
ASN
#16509 AMAZON-02

File type
HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
918 B (918 bytes)
Hash
a4071b455088baa76d935269a80fb6e9
172c8ba58ee644466e039e3ec822e55f42767485
c05b1147ae42978c51b5c444531f34440f0db6c97b378e82789cfafb85fbb93b

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /zybb/caitu.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
ETag: "80168846f1f3d61:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Tue, 26 Jan 2021 14:41:05 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 00:23:04 GMT
Content-Length: 918
Connection: close

699349.com/zybb/juesha.js

16.162.201.20

200 OK

936 B

URL HTTP/1.1
699349.com/zybb/juesha.js
IP
16.162.201.20:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
936 B (936 bytes)
Hash
b74c42f4d27da29672c5d68c6f82ba89
b63cd31635f1ae073e3f506d37c86480bc8c4048
046506df352b13fbb9e20e16905c93a00e04f4fb6bcc320ec8c0fa63875c928c

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /zybb/juesha.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
ETag: "80844193217d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:37 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 00:54:43 GMT
Content-Length: 936
Connection: close

699349.com/bd/amyqlj.js

16.162.201.20

200 OK

4.4 kB

URL HTTP/1.1
699349.com/bd/amyqlj.js
IP
16.162.201.20:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
4.4 kB (4353 bytes)
Hash
cab5bfdcfcc73ef11c18bf82000b87b5
c231c0cc3f2e7a554609f567f87fd7c5b6bf6a7b
6a528264da8a367808ce36705af903c382403760feaccc95a69652c263361388

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /bd/amyqlj.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
ETag: "0bba1386bcd81:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Tue, 30 Aug 2022 15:34:38 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 14:12:04 GMT
Content-Length: 4353
Connection: close

699349.com/bd/axzhzl.js

16.162.201.20

200 OK

9.8 kB

URL HTTP/1.1
699349.com/bd/axzhzl.js
IP
16.162.201.20:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
9.8 kB (9806 bytes)
Hash
d15305ad6fc8de926227c043309d60c2
e8d31bf5642e4e467e39335e47c48cd8a2f7710a
543b0d994057705f0d34f27062b6a9c85583e97e3672275b13dab325e809d2d6

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /bd/axzhzl.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
ETag: "808947a6b69fd81:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sun, 24 Jul 2022 23:39:43 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 14:12:03 GMT
Content-Length: 9806
Connection: close

699349.com/js/pub.js

16.162.201.20

200 OK

582 B

URL HTTP/1.1
699349.com/js/pub.js
IP
16.162.201.20:0
ASN
#16509 AMAZON-02

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (886), with CRLF line terminators
Size
582 B (582 bytes)
Hash
d6e838b5ab0be4e44fd56fbe9421d0c7
92caa5664a411a38643d19c88d02736138b61f8e
df11a68cb7666ce5d704c6b37f02a9ecb01db69a0a7b9560fc1ce82b2ceff557

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/pub.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Content-Encoding: gzip
ETag: "6b3c08de595d61:0"
Content-Type: application/javascript
Last-Modified: Mon, 28 Sep 2020 22:20:21 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 14:13:02 GMT
Content-Length: 582
Connection: close

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (43)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations