r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash cfec3d7283a9b66d2be426ce54d210f3
808c1feb1ba918951d1928c1f6bfc0c253262774
1bad6c06aa3e88dcbc125fc98a6cb753eb2b18d2c8dd61da21d12209aeeda3f9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1BAD6C06AA3E88DCBC125FC98A6CB753EB2B18D2C8DD61DA21D12209AEEDA3F9"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2689
Expires: Tue, 06 Dec 2022 03:01:46 GMT
Date: Tue, 06 Dec 2022 02:16:57 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash ee088fab9b287e174cfd1f2c735a909f
25c3335b514a36ad1a24d00413d60c3d394f5161
494e96358ff12366213d7cc0f9197648c6c62ec14fa0d2c78732a683fa26b192
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2696
Cache-Control: max-age=118758
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 02:16:57 GMT
Etag: "638dc877-1d7"
Expires: Wed, 07 Dec 2022 11:16:15 GMT
Last-Modified: Mon, 05 Dec 2022 10:31:19 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1ea206ac3c440825741687351f8c6e4e
2f38dafd8c43dcce2411a0590bc5c02cd6286735
7d7232c8c91bcd18161ba2c9d23e3bff159604e058bd5b3fc1c7fcbcd03a7ee3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5180
Expires: Tue, 06 Dec 2022 03:43:17 GMT
Date: Tue, 06 Dec 2022 02:16:57 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 06 Dec 2022 01:20:20 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 3397
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: sPT9HDa1ZBoUCBR6he3jtvRfa+hXA7jykq9jvPWyWR5CiAro9FivKTkPHRH2GkJ1usM/BC0mE/s=
x-amz-request-id: KS84VF9ZAJYWMBGA
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 06 Dec 2022 01:48:44 GMT
age: 1693
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 06 Dec 2022 02:16:57 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
699349.com/
43.198.33.164301 Moved Permanently 0 B IP 43.198.33.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: kangle/3.5.14
Date: Tue, 06 Dec 2022 02:16:57 GMT
Location: https://699349.com/
Content-Length: 0
Connection: close
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 06 Dec 2022 02:11:20 GMT
cache-control: public,max-age=3600
age: 337
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 2b9d6a686aa3c4ea24568425e43a5221
d53bb4c9579bd1db78a0520619e888aec79f750f
c38734a8dbe51217d73896c0bf7f5c38c107fd79e0dee24b717f130377e9b5f7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2675
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 02:16:58 GMT
Last-Modified: Tue, 06 Dec 2022 01:32:23 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
52.38.139.17101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.38.139.17:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: PgNAV4Yhi9H3RkRGrHQmyA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: lZhpxcRSjkqCcUCdcW94n9AW+kg=
zerossl.ocsp.sectigo.com/
172.64.155.188200 OK 727 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 172.64.155.188:0
Hash 4a7ade864d6f82e83256ea12de9dc168
8341db59a798602371a85f87be76d26e29a2ae15
79e1b4e69c1ac942815c0c796c0452dee33ef8690d39d5359b9e6dbabc1243ac
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 02:16:58 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Mon, 05 Dec 2022 11:09:54 GMT
Expires: Mon, 12 Dec 2022 11:09:53 GMT
Etag: "8341db59a798602371a85f87be76d26e29a2ae15"
Cache-Control: max-age=549774,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775185c4fc33b523-OSL
699349.com/
16.162.201.20200 OK 10 kB IP 16.162.201.20:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (617), with CRLF line terminators
Hash f848ef5a2002c66fcabdb9bb8fa525f8
ba369f697d758d006295e9963be1d5e7f130bc6a
ba2bcd531f5a4cb6d95f955f91d688a2ecdef4063970202db6f8a49c04cf90ee
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
ETag: "01bda93217d91:0"
Content-Type: text/html
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:38 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 01:11:35 GMT
Content-Length: 10280
Connection: close
code.jquery.com/jquery-1.10.2.min.js
69.16.175.42200 OK 33 kB URL HTTP/2 code.jquery.com/jquery-1.10.2.min.js
IP 69.16.175.42:0
File type ASCII text, with very long lines (32072)
Hash 68cc08e82915da8b82fc6be74ab86365
4089530b0c00f6cbd1452d7f873be85454196fd1
6c63276db5e51f227be1c9bdaf73d76fa01040499944a8c8607db0c234f0575c
GET /jquery-1.10.2.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 06 Dec 2022 02:16:59 GMT
content-encoding: gzip
content-length: 32788
content-type: application/javascript; charset=utf-8
last-modified: Wed, 16 Feb 2022 10:50:39 GMT
accept-ranges: bytes
server: nginx
etag: W/"620cd6ff-16bb3"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1670293019.dop232.sk1.t,1670293019.cds066.sk1.hn,1670293019.cds243.sk1.c
X-Firefox-Spdy: h2
699349.com/css/reset.css
16.162.201.20200 OK 789 B IP 16.162.201.20:0
File type ISO-8859 text, with very long lines (1163), with CRLF line terminators
Hash b9cbcbf6cbbd503de2b62a474ba2a617
075fc579cea19b0f2bd6fd508145eadde482f8f0
a7ac41642553ff7613555fc9e631f0fa9c73b4db25bc537e1c4f059805d992d6
GET /css/reset.css HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Encoding: gzip
ETag: "e602c7fe595d61:0"
Content-Type: text/css
Last-Modified: Mon, 28 Sep 2020 22:19:56 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 14:23:05 GMT
Content-Length: 789
Connection: close
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2580
Expires: Tue, 06 Dec 2022 02:59:59 GMT
Date: Tue, 06 Dec 2022 02:16:59 GMT
Connection: keep-alive
699349.com/bd/xggglf.js
16.162.201.20200 OK 750 B IP 16.162.201.20:0
File type HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (320), with CRLF line terminators
Hash 66c4a121e5a4f1a3160bd4b04c137cd5
c70e0bd6ec7c2595e87c3ca1c07313badac8f678
b2d9964c09a810504fedd009bab467d3f646bb383adf134d5f49b755f5d0b6bc
Analyzer Verdict Alert fortinet Phishing
GET /bd/xggglf.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Encoding: gzip
ETag: "a424b1ec197d91:0"
Content-Type: application/javascript
Last-Modified: Sat, 03 Dec 2022 13:19:51 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 23:44:41 GMT
Content-Length: 750
Connection: close
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1d62ac4e-2ac8-4e49-a61b-a48cff80ffd2.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1d62ac4e-2ac8-4e49-a61b-a48cff80ffd2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8055d0db573ab34924db3b60ed788bb2
a4aae05e7a929fc7f652f56748d2a2da9c44ac45
f6a9555f112882d4ac284c6dc26ae0f02f6ccf8ee312615e01ebec8242bade1f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1d62ac4e-2ac8-4e49-a61b-a48cff80ffd2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9987
x-amzn-requestid: 3d4d7dd0-2be0-46c1-a9c0-aa3cce2e8c81
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSvUHhJIAMFZYQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64c8-63a6960043564aa762caaabe;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:16 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XaKRGgDJdys5Ufgv2QasOrlxuXHRnb8dJWc_tHiXa72QvQ-egpRDsQ==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 559326ad73233233a9e52cb9e8601ede.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:25:37 GMT
age: 13882
etag: "a4aae05e7a929fc7f652f56748d2a2da9c44ac45"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa99f7bcf-386e-4655-b6f0-99abdf67f097.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa99f7bcf-386e-4655-b6f0-99abdf67f097.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2f60a6490f38a772dcd50a1132e98e1b
ff254a1df087d2c157d88a6ef04e395dc49efe5e
653e40becd103cd76cc2f194a87e933e8c548d346f87520fefca3b16430fc4ab
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa99f7bcf-386e-4655-b6f0-99abdf67f097.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8469
x-amzn-requestid: c17eff92-da62-4f0f-9e75-2741012ec43a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: co_sqFSjoAMFQ6w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d131d-61d61d2f0bb01ecb21b809ea;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 21:37:33 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: i6QasBBRK9APW19sH0DdOipvUJA3gWj0CAMTzt7ejRCOk_V2psz-Xw==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:45:47 GMT
age: 16272
etag: "ff254a1df087d2c157d88a6ef04e395dc49efe5e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F42536ef2-6e40-4541-ac60-0ff74058daa7.png
34.120.237.76200 OK 16 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F42536ef2-6e40-4541-ac60-0ff74058daa7.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b5e953213b7b13b8ee202406147fac52
67a09d8cd23ed444667b225f7fbf4bb17b9f42dd
cf6b2502f0a992148f9401c16a329cae5a6c21fb81f03131f3e69c58bc608110
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F42536ef2-6e40-4541-ac60-0ff74058daa7.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 15732
x-amzn-requestid: 7467ddb0-b9f9-47e9-ac31-c7599fe45698
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csVIIESBIAMFU6w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e689a-79e3f8b66e1cf72f3283ac5b;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:54:34 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 3seQ7H4qrlKKpuIWUobiey92ZMkB4jWqd5v6T6379g0V0y6XdVFvWQ==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:22:21 GMT
age: 14078
etag: "67a09d8cd23ed444667b225f7fbf4bb17b9f42dd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2580
Expires: Tue, 06 Dec 2022 02:59:59 GMT
Date: Tue, 06 Dec 2022 02:16:59 GMT
Connection: keep-alive
699349.com/jsdc/1989.js
16.162.201.20200 OK 1.3 kB IP 16.162.201.20:0
File type HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (311), with CRLF line terminators
Hash c8f53e935527bfd8a8c1966d929f1e9f
976cf29c547c3c512bb77db167ade4e28f8faaf4
e5f3902d9839b3aa0a4d91829c1c99dd07b07ce8f99a46c3e140158e6b62aeb8
Analyzer Verdict Alert fortinet Phishing
GET /jsdc/1989.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "80dde97b51cd81:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Tue, 08 Feb 2022 06:32:07 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 15:33:29 GMT
Content-Length: 1312
Connection: close
ocsp.globalsign.com/gsgccr3dvtlsca2020
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsgccr3dvtlsca2020
IP 104.18.20.226:0
Hash 9beee193aead886f82a1a99c49575ee8
d0a9be213962a90d58da8bc397f471a91eb34ea6
6cf2bacad324262dfefe1939e45d988eed14807571a8b920a09d841dd2ff3ab5
POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 02:16:59 GMT
Content-Type: application/ocsp-response
Content-Length: 1414
Connection: keep-alive
Expires: Sat, 10 Dec 2022 00:57:31 GMT
ETag: "d0a9be213962a90d58da8bc397f471a91eb34ea6"
Last-Modified: Tue, 06 Dec 2022 00:57:32 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 6
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 775185ce6cb8b50b-OSL
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F273773ed-3135-47d7-b4ff-5e390a90fecf.jpeg
34.120.237.76200 OK 5.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F273773ed-3135-47d7-b4ff-5e390a90fecf.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 49c08cd33e41826af9dd4a8a912e0ddf
bde85bd98858e4b13484a9cc3263b4db7fb5d348
43471e7b4da8e4e58b842d05cb073ef150ff119eaa6890c86162f03a140459cf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F273773ed-3135-47d7-b4ff-5e390a90fecf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5273
x-amzn-requestid: 5ab71aaf-6757-46dc-86fc-0a866958d22f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSz2EqfIAMFqng=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64e5-15ae9d330e005f547161b4df;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:45 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: xcEI729NEfORs3fT_fHi-BkyqA1sHl0dA6fAGd9hYkJNePUlM4vKQg==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:05:52 GMT
age: 15067
etag: "bde85bd98858e4b13484a9cc3263b4db7fb5d348"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2580
Expires: Tue, 06 Dec 2022 02:59:59 GMT
Date: Tue, 06 Dec 2022 02:16:59 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b15136d60fd0a5e0f657a4f5c75d540f
36082b7329d473829178f280cb71a83b1531e486
79478269b1f5dcfd1e45ccd4264fa44805b37c5c8fec820bcbd2fa1689dfbbd8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11224
x-amzn-requestid: 938de0b8-1055-4416-9ad7-162ab5f4db9f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csUINEwdoAMFuOw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e6701-38b079ef341bb17e567de773;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:47:45 GMT
x-amz-cf-pop: YVR50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: tGtiCE9C3j0BUruNaFN2j1mKxCSouLmocmTXpmLMBJaLNyVwkXu1gQ==
via: 1.1 f0ac467993db44dbfc36b778dfcaf73c.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:23:09 GMT
age: 14030
etag: "36082b7329d473829178f280cb71a83b1531e486"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffaf0de04-19bf-4944-9ac5-5178afafb192.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffaf0de04-19bf-4944-9ac5-5178afafb192.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7f2c354a00ab51d4a41221b6bf191c10
01ceb7233fe05ad8dff3a0a43eef879ea2b83ec4
7d3c8417e1db0db41ceb8b4bf3f506864392dd1ad29319a06a8a6055f6f2ed12
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffaf0de04-19bf-4944-9ac5-5178afafb192.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11352
x-amzn-requestid: 7c3fc7bb-eb1f-46ec-8e92-b6ffc6261848
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSwuF1ToAMFiIA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64d1-7c53152a279f00595b9886bd;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:25 GMT
x-amz-cf-pop: SFO5-P2, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: aYf5d6wAJlPSXVwF5uQXUb1g_65z-v6tInk7IF64bBV-w31d3MKeIQ==
via: 1.1 b6d577696b14c86cbfeb5b3459f38c50.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:22:23 GMT
age: 14076
etag: "01ceb7233fe05ad8dff3a0a43eef879ea2b83ec4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
zerossl.ocsp.sectigo.com/
172.64.155.188200 OK 728 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 172.64.155.188:0
Hash 8c3c69849f1b63928c24911fc38c3ddd
dce7a1d4c96910b835fc6c12e35cfd9ba4e3c88a
eb5a6acf87350ee03ca5b7c9144698dba620ace13fde046390c33898614c3b1e
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 02:16:59 GMT
Content-Type: application/ocsp-response
Content-Length: 728
Connection: keep-alive
Last-Modified: Mon, 05 Dec 2022 16:56:38 GMT
Expires: Mon, 12 Dec 2022 16:56:37 GMT
Etag: "dce7a1d4c96910b835fc6c12e35cfd9ba4e3c88a"
Cache-Control: max-age=570577,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775185ceab6eb4f1-OSL
zerossl.ocsp.sectigo.com/
172.64.155.188200 OK 728 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 172.64.155.188:0
Hash 8c3c69849f1b63928c24911fc38c3ddd
dce7a1d4c96910b835fc6c12e35cfd9ba4e3c88a
eb5a6acf87350ee03ca5b7c9144698dba620ace13fde046390c33898614c3b1e
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 02:16:59 GMT
Content-Type: application/ocsp-response
Content-Length: 728
Connection: keep-alive
Last-Modified: Mon, 05 Dec 2022 16:56:38 GMT
Expires: Mon, 12 Dec 2022 16:56:37 GMT
Etag: "dce7a1d4c96910b835fc6c12e35cfd9ba4e3c88a"
Cache-Control: max-age=570577,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775185cea8b21c12-OSL
zerossl.ocsp.sectigo.com/
172.64.155.188200 OK 728 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 172.64.155.188:0
Hash 8c3c69849f1b63928c24911fc38c3ddd
dce7a1d4c96910b835fc6c12e35cfd9ba4e3c88a
eb5a6acf87350ee03ca5b7c9144698dba620ace13fde046390c33898614c3b1e
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 02:16:59 GMT
Content-Type: application/ocsp-response
Content-Length: 728
Connection: keep-alive
Last-Modified: Mon, 05 Dec 2022 16:56:38 GMT
Expires: Mon, 12 Dec 2022 16:56:37 GMT
Etag: "dce7a1d4c96910b835fc6c12e35cfd9ba4e3c88a"
Cache-Control: max-age=570577,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775185cea963b4fa-OSL
zerossl.ocsp.sectigo.com/
172.64.155.188200 OK 728 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 172.64.155.188:0
Hash 8c3c69849f1b63928c24911fc38c3ddd
dce7a1d4c96910b835fc6c12e35cfd9ba4e3c88a
eb5a6acf87350ee03ca5b7c9144698dba620ace13fde046390c33898614c3b1e
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 02:17:00 GMT
Content-Type: application/ocsp-response
Content-Length: 728
Connection: keep-alive
Last-Modified: Mon, 05 Dec 2022 16:56:38 GMT
Expires: Mon, 12 Dec 2022 16:56:37 GMT
Etag: "dce7a1d4c96910b835fc6c12e35cfd9ba4e3c88a"
Cache-Control: max-age=570576,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775185ceab61fac4-OSL
zerossl.ocsp.sectigo.com/
172.64.155.188200 OK 727 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 172.64.155.188:0
Hash 52c67a61d22a3628eec074bac822476f
15ad978643d87dc7272240c7da8a6d621b8bd0c3
f3595f8e68a914d37c036f0182a5291ce34aef06d0465f5219b21be775e8ed7d
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 02:17:00 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Sat, 03 Dec 2022 12:37:32 GMT
Expires: Sat, 10 Dec 2022 12:37:31 GMT
Etag: "15ad978643d87dc7272240c7da8a6d621b8bd0c3"
Cache-Control: max-age=382230,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775185cf0b88b4f1-OSL
zerossl.ocsp.sectigo.com/
172.64.155.188200 OK 728 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 172.64.155.188:0
Hash 6a3418ecc67300a8c9bbe244e99db05d
df2a89375c7498f839f76d0c641e4793c179c854
e7df5f33f3cd6fdcdf87f0f25ac89f5083b6d8dd3457e6064672d88cd64b345b
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 02:17:00 GMT
Content-Type: application/ocsp-response
Content-Length: 728
Connection: keep-alive
Last-Modified: Mon, 05 Dec 2022 08:16:50 GMT
Expires: Mon, 12 Dec 2022 08:16:49 GMT
Etag: "df2a89375c7498f839f76d0c641e4793c179c854"
Cache-Control: max-age=539388,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775185d01ba9fac4-OSL
js.users.51.la/21088117.js
103.143.19.103200 OK 2.3 kB URL HTTP/1.1 js.users.51.la/21088117.js
IP 103.143.19.103:0
ASN #4837 CHINA UNICOM China169 Backbone
File type ASCII text, with very long lines (4898)
Hash d6ee90be484becdfba69328335d2c2e8
030fb67fd7e44c4cc66a5a5524182e991ae76f96
e367a43c5de0f58a865f1609621cf03e7d74ea8e88c77681c4089bb86f6f9513
GET /21088117.js HTTP/1.1
Host: js.users.51.la
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: CloudWAF
Date: Tue, 06 Dec 2022 02:17:00 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: HWWAFSESID=fb83d3948ddb4ce5716; path=/
HWWAFSESTIME=1670293017150; path=/
Cache-Control: max-age=360000
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
zerossl.ocsp.sectigo.com/
172.64.155.188200 OK 727 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 172.64.155.188:0
Hash 52c67a61d22a3628eec074bac822476f
15ad978643d87dc7272240c7da8a6d621b8bd0c3
f3595f8e68a914d37c036f0182a5291ce34aef06d0465f5219b21be775e8ed7d
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 02:17:00 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Sat, 03 Dec 2022 12:37:32 GMT
Expires: Sat, 10 Dec 2022 12:37:31 GMT
Etag: "15ad978643d87dc7272240c7da8a6d621b8bd0c3"
Cache-Control: max-age=382230,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775185ce3f52b523-OSL
zerossl.ocsp.sectigo.com/
172.64.155.188200 OK 727 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 172.64.155.188:0
Hash 913eb415f10b58d141a8ab8d9045de95
9a204f4015921c2e05d7210b4514f0f8abd9ba24
ff69a78e5e010d2686e002fb930ab914369cd8117bca0d032a6b7ebf302e2fad
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 02:17:00 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Sun, 04 Dec 2022 13:55:31 GMT
Expires: Sun, 11 Dec 2022 13:55:30 GMT
Etag: "9a204f4015921c2e05d7210b4514f0f8abd9ba24"
Cache-Control: max-age=473309,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775185cf88fb1c12-OSL
zerossl.ocsp.sectigo.com/
172.64.155.188200 OK 728 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 172.64.155.188:0
Hash 6a3418ecc67300a8c9bbe244e99db05d
df2a89375c7498f839f76d0c641e4793c179c854
e7df5f33f3cd6fdcdf87f0f25ac89f5083b6d8dd3457e6064672d88cd64b345b
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 02:17:00 GMT
Content-Type: application/ocsp-response
Content-Length: 728
Connection: keep-alive
Last-Modified: Mon, 05 Dec 2022 08:16:50 GMT
Expires: Mon, 12 Dec 2022 08:16:49 GMT
Etag: "df2a89375c7498f839f76d0c641e4793c179c854"
Cache-Control: max-age=539388,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775185cfa9c8b4fa-OSL
zerossl.ocsp.sectigo.com/
172.64.155.188200 OK 727 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 172.64.155.188:0
Hash 913eb415f10b58d141a8ab8d9045de95
9a204f4015921c2e05d7210b4514f0f8abd9ba24
ff69a78e5e010d2686e002fb930ab914369cd8117bca0d032a6b7ebf302e2fad
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 02:17:00 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Sun, 04 Dec 2022 13:55:31 GMT
Expires: Sun, 11 Dec 2022 13:55:30 GMT
Etag: "9a204f4015921c2e05d7210b4514f0f8abd9ba24"
Cache-Control: max-age=473309,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775185d0abcbfac4-OSL
699349.com/css/style.css
16.162.201.20200 OK 3.9 kB IP 16.162.201.20:0
File type Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash b6bd916dfe2c98320a8ced9fc1026a4b
c1e7960176a47489aba82dcab07c0740924777c2
3ea0ac06a28dc3234c77fe2caaeccf5e90c8247d897219568bf8a187ddc85fe5
GET /css/style.css HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "05e3833451dd71:0"
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Sat, 20 Mar 2021 04:55:08 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 00:35:15 GMT
Content-Length: 3874
Connection: close
zerossl.ocsp.sectigo.com/
172.64.155.188200 OK 728 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 172.64.155.188:0
Hash 6a3418ecc67300a8c9bbe244e99db05d
df2a89375c7498f839f76d0c641e4793c179c854
e7df5f33f3cd6fdcdf87f0f25ac89f5083b6d8dd3457e6064672d88cd64b345b
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 02:17:00 GMT
Content-Type: application/ocsp-response
Content-Length: 728
Connection: keep-alive
Last-Modified: Mon, 05 Dec 2022 08:16:50 GMT
Expires: Mon, 12 Dec 2022 08:16:49 GMT
Etag: "df2a89375c7498f839f76d0c641e4793c179c854"
Cache-Control: max-age=539388,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775185d04bfab4f1-OSL
669925a.com/ktzsx.js
18.166.84.185200 OK 789 B IP 18.166.84.185:0
File type HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (308), with CRLF line terminators
Hash 03141e248f325e2d15c127b10dc81803
088b47edb1ada61ae7f6c3729b3b6900cd950355
8e9b46d02d306ab4d801ac2a452df28a5c9725a2050adb7e539a022a46b63d3d
Analyzer Verdict Alert fortinet Phishing
GET /ktzsx.js HTTP/1.1
Host: 669925a.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Encoding: gzip
ETag: "1f212e7b897d91:0"
Content-Type: application/javascript
Last-Modified: Sun, 04 Dec 2022 02:38:24 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 02:04:10 GMT
Content-Length: 789
Connection: close
669925a.com/tttg.js
18.166.84.185200 OK 1.1 kB IP 18.166.84.185:0
File type HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 7037b40fdfa6f99d8498ad0b3d7afe9c
935e0d856de830fe4cd5af81caf0009a95944e8a
93ce52ce24d581a323273c02d367b1e1ecba584b983dee67e20731bfd3e5053c
Analyzer Verdict Alert fortinet Phishing
GET /tttg.js HTTP/1.1
Host: 669925a.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
ETag: "092a4f0f4aed81:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 13 Aug 2022 09:13:24 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 00:12:33 GMT
Content-Length: 1073
Connection: close
669925a.com/zybb/xjgsb.js
18.166.84.185200 OK 2.4 kB URL HTTP/1.1 669925a.com/zybb/xjgsb.js
IP 18.166.84.185:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (392), with CRLF line terminators
Hash 93fbb00b1c5a25ce2b47995c70d95b99
ad5ec259802be56b2961954431cb19cb26ee64fa
475ec23811aea84fa03ad43e0d53995eb6b377c9d39cd1c48ba3b7f87032ac4e
Analyzer Verdict Alert fortinet Phishing
GET /zybb/xjgsb.js HTTP/1.1
Host: 669925a.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
ETag: "01bda93217d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:38 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 01:53:32 GMT
Content-Length: 2353
Connection: close
699349.com/js/SuperSlide.js
16.162.201.20200 OK 3.7 kB URL HTTP/1.1 699349.com/js/SuperSlide.js
IP 16.162.201.20:0
File type Unicode text, UTF-8 text, with very long lines (11013), with CRLF line terminators
Hash 776fcefcd00c399fdccbdd0e11ead966
bc5da70384bcf683b13c973928a3b9fa14ac8c83
b4cd2c5b6220e1f51e2b76d498f9f46eef57bb3a5d8f35ba28b0ef61d7e802ce
Analyzer Verdict Alert fortinet Phishing
GET /js/SuperSlide.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "8009e8de595d61:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Mon, 28 Sep 2020 22:20:21 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 13:59:33 GMT
Content-Length: 3704
Connection: close
669925a.com/jgp.js
18.166.84.185200 OK 1.2 kB IP 18.166.84.185:0
File type HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (419), with CRLF line terminators
Hash ce689cfc313bb282b9c652f73fc83133
90fa7a98b4da41be1947c09ff74995b98fad9e67
ff1cb53716e5e1ded44f6bd7041cba39475d59d07edf26dacc19018cd59ef535
Analyzer Verdict Alert fortinet Phishing
GET /jgp.js HTTP/1.1
Host: 669925a.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Encoding: gzip
ETag: "3bc16594217d91:0"
Content-Type: application/javascript
Last-Modified: Sat, 03 Dec 2022 14:14:38 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 02:15:55 GMT
Content-Length: 1184
Connection: close
699349.com/jsdc/2025.js
16.162.201.20200 OK 1.3 kB IP 16.162.201.20:0
File type HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (311), with CRLF line terminators
Hash 02b1e817717d1383cbbffcc3ee0b0719
c69d1dc10f63964167294027025a8265c521bea5
529fe2bf961ac2951e50ca35496e542ce3d165eadb68174fa9e320d06bc9be6b
Analyzer Verdict Alert fortinet Phishing
GET /jsdc/2025.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Encoding: gzip
ETag: "a995b0329192d81:0"
Content-Type: application/javascript
Last-Modified: Fri, 08 Jul 2022 06:08:52 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 20:57:23 GMT
Content-Length: 1332
Connection: close
669925a.com/mhcz.js
18.166.84.185200 OK 1.2 kB IP 18.166.84.185:0
File type HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (308), with CRLF line terminators
Hash 377e5bd54feb15f93d63eaada7fb5d29
916aff5e5c473f501481277f20b9e614c248372d
4a28ef950976fce3111143075194029398b330a538549acac16abd6e7b8f510a
Analyzer Verdict Alert fortinet Phishing
GET /mhcz.js HTTP/1.1
Host: 669925a.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
ETag: "80b17294217d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:39 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 02:08:25 GMT
Content-Length: 1236
Connection: close
js.users.51.la/21088033.js
103.143.19.103200 OK 2.3 kB URL HTTP/1.1 js.users.51.la/21088033.js
IP 103.143.19.103:0
ASN #4837 CHINA UNICOM China169 Backbone
File type ASCII text, with very long lines (4898)
Hash 3e06eebd51aec7dffcedf9b5c1a4ccfb
6fb85a35a7fdec3a53695e82a69a9c80f3b8a8af
84f8533a7794c42ddd7ab1d4ba1142a3cb22f079f361373f41bdad46b0d2c94c
GET /21088033.js HTTP/1.1
Host: js.users.51.la
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: CloudWAF
Date: Tue, 06 Dec 2022 02:17:00 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: HWWAFSESID=94bf825005f65c7f462; path=/
HWWAFSESTIME=1670293019226; path=/
Cache-Control: max-age=360000
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
628866a.com/js/kj-link.js
43.198.33.164200 OK 832 B URL HTTP/1.1 628866a.com/js/kj-link.js
IP 43.198.33.164:0
File type HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash be49dd2e9699eb09642c4ea3ef383183
df60158a6d8a656f9917e8d4d99e9a59ac337fb5
a5b220f9f064477262b856b3ed268c0aaed372a566e11a07c599fef2837af13a
Analyzer Verdict Alert fortinet Phishing
GET /js/kj-link.js HTTP/1.1
Host: 628866a.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
ETag: "80ad4a198767d81:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 14 May 2022 11:38:15 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 15:48:34 GMT
Content-Length: 832
Connection: close
js.szly123.com/js/2022.js
18.166.84.185200 OK 1.3 kB URL HTTP/1.1 js.szly123.com/js/2022.js
IP 18.166.84.185:0
File type HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (331), with CRLF line terminators
Hash ca73d1d58c1621f02a3d2ca996914364
0d6950b04fdc3ea20d69eef0cfe50375fdb04aaf
b676a63cba89713057e475d622e2db06917e685ad7a3a4f34895dce042e3d7a0
GET /js/2022.js HTTP/1.1
Host: js.szly123.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
ETag: "80532e2d10ffd81:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Wed, 23 Nov 2022 07:49:55 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 13:52:20 GMT
Content-Length: 1317
Connection: close
sbx2019.com/js/sbx.js
43.198.33.164200 OK 3.6 kB IP 43.198.33.164:0
File type HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (672), with CRLF line terminators
Hash 70ced684afe68da47d444a8ff3151b52
3e5f07f6a7a7f2b596c8280dac9ad03789b8683e
bef98dbd143c2fca86cd0b05949385451dc2fd2c15246c77f80bba338e0b51cf
GET /js/sbx.js HTTP/1.1
Host: sbx2019.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
ETag: "80b29adc16d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Fri, 02 Dec 2022 03:55:05 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 01:45:28 GMT
Content-Length: 3640
Connection: close
699349.com/mhczjx.js
16.162.201.20200 OK 1.1 kB IP 16.162.201.20:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash d0684860bd119f7bdc41e3c46e9deea5
67fda50ad30c69a4d46fc08ad1fcaf5469a304ca
fc9aee7ef7f9622accaca51d580769fc13f7310fc51125edf67279472c4fbe06
Analyzer Verdict Alert fortinet Phishing
GET /mhczjx.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "80676465fc8d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Mon, 05 Dec 2022 22:53:31 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 01:25:35 GMT
Content-Length: 1128
Connection: close
699349.com/bd/tszl.js
16.162.201.20404 Not Found 675 B IP 16.162.201.20:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 815ec59bc7238fae2bbe77156ad8f5b2
bc673c626b999f08c7b6ebeb9616834a08a8d3a4
b0f1e83708354377cfb1eee4ff3352255095f26b04edf23081da4c73bb068e4a
Analyzer Verdict Alert fortinet Phishing
GET /bd/tszl.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Content-Encoding: gzip
Content-Type: text/html
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 02:16:59 GMT
Transfer-Encoding: chunked
Connection: close
www.669925a.com/zybb/xjzl.js
16.162.201.20200 OK 1.1 kB URL HTTP/1.1 www.669925a.com/zybb/xjzl.js
IP 16.162.201.20:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (323), with CRLF line terminators
Hash f0a7cc27bd8cf102aa4fae08c7b8e6eb
dbe33ce94f9e24124e4f2a4214366172bfefc9c6
fd2738bc85a536243e78932e1a45c4e6a56342bc95dc386689a06fbea74bdb53
Analyzer Verdict Alert fortinet Phishing
GET /zybb/xjzl.js HTTP/1.1
Host: www.669925a.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
ETag: "01bda93217d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:38 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 02:05:07 GMT
Content-Length: 1108
Connection: close
js.szly123.com/fivetab.js
18.166.84.185200 OK 2.8 kB URL HTTP/1.1 js.szly123.com/fivetab.js
IP 18.166.84.185:0
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (325), with CRLF line terminators
Hash 771d7279b11708f9ab24a9764b602a47
a419b03f631550ebbd656ead879daa5b937ad6fe
44b7bff535d4f092053b1744d4faeaef9a33e6292ed30a64dbd3a8756e0e5eb6
GET /fivetab.js HTTP/1.1
Host: js.szly123.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
ETag: "80d680b110ffd81:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Wed, 23 Nov 2022 07:53:37 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 23:58:45 GMT
Content-Length: 2831
Connection: close
699349.com/zybb/gsb1.js
16.162.201.20200 OK 2.3 kB IP 16.162.201.20:0
File type HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 60bdc84b7b7278ad724efa7f94bb587d
ebeee7e3c74023f8ae871e5c176752031d104a6c
e8cf96fd0bdbf393658fc9b50bcc3f04a12cb4761998c35f026d5151d033ad6a
Analyzer Verdict Alert fortinet Phishing
GET /zybb/gsb1.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "80844193217d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:37 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 00:01:59 GMT
Content-Length: 2344
Connection: close
699349.com/jsdc/1999.js
16.162.201.20200 OK 1.3 kB IP 16.162.201.20:0
File type HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (311), with CRLF line terminators
Hash 4d8577e8b03c85ef9403c3841a88a0ba
4ce86f1b6e6c4ef5d238ff2b532bc937e1cf70c9
1c8be6a55ba3a1f2d1e26db04a31c18706dd3f60a06ea02f20f9cd9bc3092807
Analyzer Verdict Alert fortinet Phishing
GET /jsdc/1999.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "80dde97b51cd81:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Tue, 08 Feb 2022 06:32:07 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 22:20:03 GMT
Content-Length: 1324
Connection: close
js.szly123.com/js/100.js
18.166.84.185200 OK 1.3 kB IP 18.166.84.185:0
File type HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (331), with CRLF line terminators
Hash 690dbddbeb9728abe2ddb56cfbb8c6c5
ab0cd44cbfe13f0b7754209eafa773f9d37fd3e8
5bac7b3fdc959cc6419af6b2ae88607640ffcf43ac7f6d0278873fe188e1272a
GET /js/100.js HTTP/1.1
Host: js.szly123.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
ETag: "801046a5a7fcd81:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sun, 20 Nov 2022 06:16:37 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 14:10:22 GMT
Content-Length: 1304
Connection: close
js.szly123.com/js/gg.js
18.166.84.185200 OK 4.7 kB IP 18.166.84.185:0
File type HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (421), with CRLF line terminators
Hash a84619e95ac5a63acd392fe6c085fd12
437b90cd68fd42822224f42a371aacfc8caae797
ce0bd7ca96d915eb6c6911c441fcadffb87fa592f35ac230ac85b3e851ef8aa8
GET /js/gg.js HTTP/1.1
Host: js.szly123.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
ETag: "93731537d3f9d81:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Wed, 16 Nov 2022 15:50:56 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 23:58:45 GMT
Content-Length: 4735
Connection: close
699349.com/zybb/ryzt.js
16.162.201.20200 OK 753 B IP 16.162.201.20:0
File type HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 76f39d336810d8ca2b16bfe50bf96045
5caa711a1191e0bd8abf2cfe890ff9844773ae5b
860df8eb8f879abf429c8d74b25c90ebab1387374ed45b71bda232c24a9c8d5b
Analyzer Verdict Alert fortinet Phishing
GET /zybb/ryzt.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "01bda93217d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:38 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 00:23:01 GMT
Content-Length: 753
Connection: close
699349.com/zybb/qhzt.js
16.162.201.20200 OK 936 B IP 16.162.201.20:0
File type HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 30669a16665b31d0f2d653398af0dadd
b40266bfbad57755abf83882af576c08e47c7365
8521f1951ca004695449380933db3758625c8d4f9ed52ffb07622993392d9132
Analyzer Verdict Alert fortinet Phishing
GET /zybb/qhzt.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "01bda93217d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:38 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 00:54:42 GMT
Content-Length: 936
Connection: close
ocsp.globalsign.com/gsgccr3dvtlsca2020
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsgccr3dvtlsca2020
IP 104.18.20.226:0
Hash 5425bacd37ff17f18723c39c17534d97
ab51b64d2cb0fb278f18f87826917cf14ca345c4
8509515e421095740d64f7db7c2a906cfbcfb3668ec089bd15249efc4d878889
POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 02:17:00 GMT
Content-Type: application/ocsp-response
Content-Length: 1414
Connection: keep-alive
Expires: Fri, 09 Dec 2022 22:46:01 GMT
ETag: "ab51b64d2cb0fb278f18f87826917cf14ca345c4"
Last-Modified: Mon, 05 Dec 2022 22:46:02 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2189
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 775185d47eadb50b-OSL
zerossl.ocsp.sectigo.com/
172.64.155.188200 OK 727 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 172.64.155.188:0
Hash 1e2a68cf2847cccdf06ff255e083ea83
f637a66a2070d05bc51e3e6698fbd296fdd7d913
8ba05db74def26e59332b95e38aa97b147532acd69eee745b5ecd4e8c1158cf7
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 02:17:00 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Sun, 04 Dec 2022 10:37:53 GMT
Expires: Sun, 11 Dec 2022 10:37:52 GMT
Etag: "f637a66a2070d05bc51e3e6698fbd296fdd7d913"
Cache-Control: max-age=461451,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775185d46a251c12-OSL
699349.com/bd/wlrt.js
16.162.201.20404 Not Found 675 B IP 16.162.201.20:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 815ec59bc7238fae2bbe77156ad8f5b2
bc673c626b999f08c7b6ebeb9616834a08a8d3a4
b0f1e83708354377cfb1eee4ff3352255095f26b04edf23081da4c73bb068e4a
Analyzer Verdict Alert fortinet Phishing
GET /bd/wlrt.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Content-Encoding: gzip
Content-Type: text/html
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 02:16:59 GMT
Transfer-Encoding: chunked
Connection: close
zerossl.ocsp.sectigo.com/
172.64.155.188200 OK 727 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 172.64.155.188:0
Hash 1e2a68cf2847cccdf06ff255e083ea83
f637a66a2070d05bc51e3e6698fbd296fdd7d913
8ba05db74def26e59332b95e38aa97b147532acd69eee745b5ecd4e8c1158cf7
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 02:17:01 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Sun, 04 Dec 2022 10:37:53 GMT
Expires: Sun, 11 Dec 2022 10:37:52 GMT
Etag: "f637a66a2070d05bc51e3e6698fbd296fdd7d913"
Cache-Control: max-age=461450,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775185d48d61b4f1-OSL
zerossl.ocsp.sectigo.com/
172.64.155.188200 OK 727 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 172.64.155.188:0
Hash 1e2a68cf2847cccdf06ff255e083ea83
f637a66a2070d05bc51e3e6698fbd296fdd7d913
8ba05db74def26e59332b95e38aa97b147532acd69eee745b5ecd4e8c1158cf7
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 02:17:01 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Sun, 04 Dec 2022 10:37:53 GMT
Expires: Sun, 11 Dec 2022 10:37:52 GMT
Etag: "f637a66a2070d05bc51e3e6698fbd296fdd7d913"
Cache-Control: max-age=461450,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775185d48bc7b4fa-OSL
zerossl.ocsp.sectigo.com/
172.64.155.188200 OK 727 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 172.64.155.188:0
Hash 1e2a68cf2847cccdf06ff255e083ea83
f637a66a2070d05bc51e3e6698fbd296fdd7d913
8ba05db74def26e59332b95e38aa97b147532acd69eee745b5ecd4e8c1158cf7
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 02:17:01 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Sun, 04 Dec 2022 10:37:53 GMT
Expires: Sun, 11 Dec 2022 10:37:52 GMT
Etag: "f637a66a2070d05bc51e3e6698fbd296fdd7d913"
Cache-Control: max-age=461450,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775185d4a9ceb523-OSL
www.669925a.com/images/amzl.gif
16.162.201.20200 OK 23 kB URL HTTP/1.1 www.669925a.com/images/amzl.gif
IP 16.162.201.20:0
File type GIF image data, version 89a, 957 x 178\012- data
Hash bb3ed49038f25e27ef2205f225164a4e
b050a050b471d5a10ae4873fbb7b294917478e21
d6e6367a2f6a7ca41d2de9187242e539e6fe4306a7aa970068104bff953ca1eb
GET /images/amzl.gif HTTP/1.1
Host: www.669925a.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
ETag: "6f1495ce8566d71:0"
Content-Type: image/gif
Last-Modified: Mon, 21 Jun 2021 10:11:31 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 23:55:09 GMT
Content-Length: 22806
Connection: close
imgs.mygai.cn/tp/hf/852_800x100.gif
107.148.135.221404 Not Found 579 B URL HTTP/1.1 imgs.mygai.cn/tp/hf/852_800x100.gif
IP 107.148.135.221:0
ASN #398823 PEGTECHINC-AP-02
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash fd257e3a9b8d3abd1ecd56a8e8e4c298
8ef622bd79a2d55116e52e16aa238af7f3aca181
697375791a2ce41a6ce2131c494e282b138174397360eb7d3accf8070cc8d282
GET /tp/hf/852_800x100.gif HTTP/1.1
Host: imgs.mygai.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 404 Not Found
Server: kangle/3.5.14
Date: Tue, 06 Dec 2022 02:15:23 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 579
Connection: close
imgs.mygai.cn/tp/49tk/49tk1.gif
107.148.135.221404 Not Found 579 B URL HTTP/1.1 imgs.mygai.cn/tp/49tk/49tk1.gif
IP 107.148.135.221:0
ASN #398823 PEGTECHINC-AP-02
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash fd257e3a9b8d3abd1ecd56a8e8e4c298
8ef622bd79a2d55116e52e16aa238af7f3aca181
697375791a2ce41a6ce2131c494e282b138174397360eb7d3accf8070cc8d282
GET /tp/49tk/49tk1.gif HTTP/1.1
Host: imgs.mygai.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 404 Not Found
Server: kangle/3.5.14
Date: Tue, 06 Dec 2022 02:15:23 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 579
Connection: close
imgs.mygai.cn/tp/00886tk/00886tk.gif
107.148.135.221404 Not Found 579 B URL HTTP/1.1 imgs.mygai.cn/tp/00886tk/00886tk.gif
IP 107.148.135.221:0
ASN #398823 PEGTECHINC-AP-02
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash fd257e3a9b8d3abd1ecd56a8e8e4c298
8ef622bd79a2d55116e52e16aa238af7f3aca181
697375791a2ce41a6ce2131c494e282b138174397360eb7d3accf8070cc8d282
GET /tp/00886tk/00886tk.gif HTTP/1.1
Host: imgs.mygai.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 404 Not Found
Server: kangle/3.5.14
Date: Tue, 06 Dec 2022 02:15:23 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 579
Connection: close
imgs.mygai.cn/tp/2025/2025hf.gif
107.148.135.221404 Not Found 579 B URL HTTP/1.1 imgs.mygai.cn/tp/2025/2025hf.gif
IP 107.148.135.221:0
ASN #398823 PEGTECHINC-AP-02
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash fd257e3a9b8d3abd1ecd56a8e8e4c298
8ef622bd79a2d55116e52e16aa238af7f3aca181
697375791a2ce41a6ce2131c494e282b138174397360eb7d3accf8070cc8d282
GET /tp/2025/2025hf.gif HTTP/1.1
Host: imgs.mygai.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 404 Not Found
Server: kangle/3.5.14
Date: Tue, 06 Dec 2022 02:15:23 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 579
Connection: close
imgs.mygai.cn/tp/hf/9898_800x100.gif
107.148.135.221404 Not Found 579 B URL HTTP/1.1 imgs.mygai.cn/tp/hf/9898_800x100.gif
IP 107.148.135.221:0
ASN #398823 PEGTECHINC-AP-02
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash fd257e3a9b8d3abd1ecd56a8e8e4c298
8ef622bd79a2d55116e52e16aa238af7f3aca181
697375791a2ce41a6ce2131c494e282b138174397360eb7d3accf8070cc8d282
GET /tp/hf/9898_800x100.gif HTTP/1.1
Host: imgs.mygai.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 404 Not Found
Server: kangle/3.5.14
Date: Tue, 06 Dec 2022 02:15:23 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 579
Connection: close
zerossl.ocsp.sectigo.com/
172.64.155.188200 OK 727 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 172.64.155.188:0
Hash 8d89974d759f905eb16d39ebbaf182c0
f8d7e53bba587c5eb3270baff0f1b480b2c6b487
cc37d60c0804ba3bbdb07ce6a9152e6de02091ef6c4410fc4d135ed00369fbae
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 02:17:01 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Sat, 03 Dec 2022 17:35:59 GMT
Expires: Sat, 10 Dec 2022 17:35:58 GMT
Etag: "f8d7e53bba587c5eb3270baff0f1b480b2c6b487"
Cache-Control: max-age=400136,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775185d6cd47b4fa-OSL
zerossl.ocsp.sectigo.com/
172.64.155.188200 OK 727 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 172.64.155.188:0
Hash 8d89974d759f905eb16d39ebbaf182c0
f8d7e53bba587c5eb3270baff0f1b480b2c6b487
cc37d60c0804ba3bbdb07ce6a9152e6de02091ef6c4410fc4d135ed00369fbae
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 02:17:01 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Sat, 03 Dec 2022 17:35:59 GMT
Expires: Sat, 10 Dec 2022 17:35:58 GMT
Etag: "f8d7e53bba587c5eb3270baff0f1b480b2c6b487"
Cache-Control: max-age=400136,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775185d6ce1fb4f1-OSL
imgs.meizhiban.cn/tp/2022/202202.gif
107.148.135.218301 Moved Permanently 0 B URL HTTP/1.1 imgs.meizhiban.cn/tp/2022/202202.gif
IP 107.148.135.218:0
ASN #398823 PEGTECHINC-AP-02
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tp/2022/202202.gif HTTP/1.1
Host: imgs.meizhiban.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Server: kangle/3.5.14
Date: Tue, 06 Dec 2022 02:15:23 GMT
Location: https://d31q194n7fpdes.cloudfront.net/mygai/tp/2022/202202.gif
Content-Length: 0
Connection: close
669925a.com/images/tj.gif
18.166.84.185200 OK 64 kB URL HTTP/1.1 669925a.com/images/tj.gif
IP 18.166.84.185:0
File type GIF image data, version 89a, 1000 x 100\012- data
Hash 887978675d2392b16a1776720a192c12
5b03cc558d8a88f81790dad3fa590e43d292cb02
e659b72736e1dc8d28542ecc908832edbc43f800302d74a51f6f35c401c90ca0
GET /images/tj.gif HTTP/1.1
Host: 669925a.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
ETag: "64d7f2e7667d81:0"
Content-Type: image/gif
Last-Modified: Sat, 14 May 2022 09:37:09 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 14:22:42 GMT
Content-Length: 63666
Connection: close
zerossl.ocsp.sectigo.com/
172.64.155.188200 OK 727 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 172.64.155.188:0
Hash 18908006e9e94e49547f3f8d85ceb65a
80e023f70d4d93993f59a8d5281945fa95de7b3a
2bb77a27594423876e121b7e979513aa98c7778402e9cea596d72015c6e32556
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 02:17:01 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Fri, 02 Dec 2022 19:30:20 GMT
Expires: Fri, 09 Dec 2022 19:30:19 GMT
Etag: "80e023f70d4d93993f59a8d5281945fa95de7b3a"
Cache-Control: max-age=320597,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775185d6bac11c12-OSL
ia.51.la/go1?id=21088117&rt=1670293017450&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=&ing=1&ekc=&sid=1670293017450&tt=&kw=&cu=https%253A%252F%252F699349.com%252F&pu=
103.143.19.103200 0 B URL HTTP/1.1 ia.51.la/go1?id=21088117&rt=1670293017450&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=&ing=1&ekc=&sid=1670293017450&tt=&kw=&cu=https%253A%252F%252F699349.com%252F&pu=
IP 103.143.19.103:0
ASN #4837 CHINA UNICOM China169 Backbone
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /go1?id=21088117&rt=1670293017450&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=&ing=1&ekc=&sid=1670293017450&tt=&kw=&cu=https%253A%252F%252F699349.com%252F&pu= HTTP/1.1
Host: ia.51.la
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200
Server: CloudWAF
Date: Tue, 06 Dec 2022 02:17:01 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: HWWAFSESID=966a18f27cc42978291; path=/
HWWAFSESTIME=1670293017021; path=/
zerossl.ocsp.sectigo.com/
172.64.155.188200 OK 727 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 172.64.155.188:0
Hash 18908006e9e94e49547f3f8d85ceb65a
80e023f70d4d93993f59a8d5281945fa95de7b3a
2bb77a27594423876e121b7e979513aa98c7778402e9cea596d72015c6e32556
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 02:17:01 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Fri, 02 Dec 2022 19:30:20 GMT
Expires: Fri, 09 Dec 2022 19:30:19 GMT
Etag: "80e023f70d4d93993f59a8d5281945fa95de7b3a"
Cache-Control: max-age=320597,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775185d81ddfb4fa-OSL
699349.com/zybb/5wzt.js
16.162.201.20200 OK 722 B IP 16.162.201.20:0
File type HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 717cbc8d6864af2af65e9bf3000ac9fb
39b65a734c5decf6d13cc0a02915d48ceffd67cb
f763b06ebb399fec1aa1cf9b3081dc173539d55c843890d5ee20df395a565f0a
Analyzer Verdict Alert fortinet Phishing
GET /zybb/5wzt.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "0eea892217d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:36 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 01:49:42 GMT
Content-Length: 722
Connection: close
699349.com/zybb/yyzt.js
16.162.201.20200 OK 781 B IP 16.162.201.20:0
File type HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 56f848637b4b2660d75dcf0bf5ab306d
ae0f5638ca02947f1fe8af35cdf70492a22c70d3
a40f3ea3eff374c4466f55e016f939be4f14e2af4ea3539da0338df7f1393d45
Analyzer Verdict Alert fortinet Phishing
GET /zybb/yyzt.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "01bda93217d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:38 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 01:49:42 GMT
Content-Length: 781
Connection: close
imgs.meizhiban.cn/tp/101/100sjb.gif
107.148.135.218404 Not Found 1.2 kB URL HTTP/1.1 imgs.meizhiban.cn/tp/101/100sjb.gif
IP 107.148.135.218:0
ASN #398823 PEGTECHINC-AP-02
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 5343c1a8b203c162a3bf3870d9f50fd4
04b5b886c20d88b57eea6d8ff882624a4ac1e51d
dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f
GET /tp/101/100sjb.gif HTTP/1.1
Host: imgs.meizhiban.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 404 Not Found
Content-Type: text/html
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 02:17:00 GMT
Content-Length: 1245
Connection: close
imgs.mygai.cn/tp/0065tk/0065tk.gif
107.148.135.221404 Not Found 579 B URL HTTP/1.1 imgs.mygai.cn/tp/0065tk/0065tk.gif
IP 107.148.135.221:0
ASN #398823 PEGTECHINC-AP-02
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash fd257e3a9b8d3abd1ecd56a8e8e4c298
8ef622bd79a2d55116e52e16aa238af7f3aca181
697375791a2ce41a6ce2131c494e282b138174397360eb7d3accf8070cc8d282
GET /tp/0065tk/0065tk.gif HTTP/1.1
Host: imgs.mygai.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 404 Not Found
Server: kangle/3.5.14
Date: Tue, 06 Dec 2022 02:15:23 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 579
Connection: close
imgs.mygai.cn/tp/hf/1989_800x100.gif
107.148.135.221404 Not Found 579 B URL HTTP/1.1 imgs.mygai.cn/tp/hf/1989_800x100.gif
IP 107.148.135.221:0
ASN #398823 PEGTECHINC-AP-02
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash fd257e3a9b8d3abd1ecd56a8e8e4c298
8ef622bd79a2d55116e52e16aa238af7f3aca181
697375791a2ce41a6ce2131c494e282b138174397360eb7d3accf8070cc8d282
GET /tp/hf/1989_800x100.gif HTTP/1.1
Host: imgs.mygai.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 404 Not Found
Server: kangle/3.5.14
Date: Tue, 06 Dec 2022 02:15:23 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 579
Connection: close
imgs.mygai.cn/tp/101/100cphf.gif
107.148.135.221404 Not Found 579 B URL HTTP/1.1 imgs.mygai.cn/tp/101/100cphf.gif
IP 107.148.135.221:0
ASN #398823 PEGTECHINC-AP-02
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash fd257e3a9b8d3abd1ecd56a8e8e4c298
8ef622bd79a2d55116e52e16aa238af7f3aca181
697375791a2ce41a6ce2131c494e282b138174397360eb7d3accf8070cc8d282
GET /tp/101/100cphf.gif HTTP/1.1
Host: imgs.mygai.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 404 Not Found
Server: kangle/3.5.14
Date: Tue, 06 Dec 2022 02:15:23 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 579
Connection: close
imgs.mygai.cn/tp/00852tk/00852tk.gif
107.148.135.221404 Not Found 579 B URL HTTP/1.1 imgs.mygai.cn/tp/00852tk/00852tk.gif
IP 107.148.135.221:0
ASN #398823 PEGTECHINC-AP-02
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash fd257e3a9b8d3abd1ecd56a8e8e4c298
8ef622bd79a2d55116e52e16aa238af7f3aca181
697375791a2ce41a6ce2131c494e282b138174397360eb7d3accf8070cc8d282
GET /tp/00852tk/00852tk.gif HTTP/1.1
Host: imgs.mygai.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 404 Not Found
Server: kangle/3.5.14
Date: Tue, 06 Dec 2022 02:15:23 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 579
Connection: close
imgs.mygai.cn/tp/hf/1999_800x100.gif
107.148.135.221404 Not Found 579 B URL HTTP/1.1 imgs.mygai.cn/tp/hf/1999_800x100.gif
IP 107.148.135.221:0
ASN #398823 PEGTECHINC-AP-02
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash fd257e3a9b8d3abd1ecd56a8e8e4c298
8ef622bd79a2d55116e52e16aa238af7f3aca181
697375791a2ce41a6ce2131c494e282b138174397360eb7d3accf8070cc8d282
GET /tp/hf/1999_800x100.gif HTTP/1.1
Host: imgs.mygai.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 404 Not Found
Server: kangle/3.5.14
Date: Tue, 06 Dec 2022 02:15:23 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 579
Connection: close
699349.com/zybb/dhzt.js
16.162.201.20200 OK 764 B IP 16.162.201.20:0
File type HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 17f1b6ee383a543698168fa243d97c2a
0d5d11f7a21aa5863f3a6deb358a7fb70bc0f342
bf218c605646f7b57cf2c1192af89d0385bd112aad82a723dc5eec3cbc64c498
Analyzer Verdict Alert fortinet Phishing
GET /zybb/dhzt.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "0eea892217d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:36 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 01:49:42 GMT
Content-Length: 764
Connection: close
www.290996a.com/tu/%E5%85%AD%E5%90%88%E5%BD%A9.png
18.166.84.185200 OK 3.3 kB URL HTTP/1.1 www.290996a.com/tu/%E5%85%AD%E5%90%88%E5%BD%A9.png
IP 18.166.84.185:0
File type PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced\012- data
Hash 7d85182ed9e949c8359e29b99a15b6a4
ad844dadd7fb80580325fe2e55c8444f67b99e16
d3c6700276f398a149f080b83d1be5f1706b1387661c479bcc96a821c1bba7db
GET /tu/%E5%85%AD%E5%90%88%E5%BD%A9.png HTTP/1.1
Host: www.290996a.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
ETag: "109c534ebb83d41:0"
Content-Type: image/png
Last-Modified: Sat, 24 Nov 2018 06:02:39 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 01:39:12 GMT
Content-Length: 3253
Connection: close
www.775592.com/img/6.png
43.198.33.164200 OK 3.7 kB IP 43.198.33.164:0
File type PNG image data, 100 x 100, 8-bit colormap, non-interlaced\012- data
Hash 8796a3b03fd42f1b1d7d7e2cf05b3bb4
0f34af2ff701dbf5d1ad5bedd3530b9ca8f0e927
77dc2df72ae98a651b05e63320e53c5f24f0a44bbf54b8b2d69312f5cbd48b02
GET /img/6.png HTTP/1.1
Host: www.775592.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
ETag: "70c81f6ccd19d51:0"
Content-Type: image/png
Last-Modified: Mon, 03 Jun 2019 05:30:15 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 13:59:33 GMT
Content-Length: 3706
Connection: close
www.290996a.com/images/sbx.gif
18.166.84.185200 OK 6.2 kB URL HTTP/1.1 www.290996a.com/images/sbx.gif
IP 18.166.84.185:0
File type GIF image data, version 89a, 120 x 91\012- data
Hash accda4679e65b975b589dedae25a3a6a
6d62feb19bad82fe34ca0ec6477d811b1cd2675f
56afc3cf038eacd0a4b7016bbd0272f514aadff241e0045ec3488d1e90f60fa1
GET /images/sbx.gif HTTP/1.1
Host: www.290996a.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
ETag: "ac73b7a67ccd51:0"
Content-Type: image/gif
Last-Modified: Thu, 16 Jan 2020 12:21:27 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 13:56:59 GMT
Content-Length: 6152
Connection: close
905566a.com/images/8.png
43.198.33.164200 OK 10 kB IP 43.198.33.164:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=3, software=Adobe Photoshop CS6 (Windows), datetime=2017-05-19T17:32:36+08:00], baseline, precision 8, 300x300, components 3\012- data
Hash dae8da57ad90df205964de1a3511869d
b02e94c06eac5f255d0af37f0a6443f8bd371269
e8b179efb1b5eee704a9b7e3cf8c36a59c646c9bb7f1acd5ac7e4b1b2e88a5a8
GET /images/8.png HTTP/1.1
Host: 905566a.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
ETag: "7a5b50332f5d41:0"
Content-Type: image/png
Last-Modified: Wed, 17 Apr 2019 09:44:50 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/10.0
Date: Tue, 06 Dec 2022 01:39:12 GMT
Content-Length: 10179
Connection: close
www.290996a.com/images/sxsx.png
18.166.84.185200 OK 3.8 kB URL HTTP/1.1 www.290996a.com/images/sxsx.png
IP 18.166.84.185:0
File type PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced\012- data
Hash 0ef25c8c777978ad14f4ccb0c77da6bf
d795c4f4f3428f04548754136bc0dbd1af92faac
75c65512497bb3a2ebe49d37bde8fc1ef7a5253871c6d58a28a1accd8d42114a
GET /images/sxsx.png HTTP/1.1
Host: www.290996a.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
ETag: "29fc7924429bd41:0"
Content-Type: image/png
Last-Modified: Mon, 24 Dec 2018 04:35:48 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 01:39:11 GMT
Content-Length: 3776
Connection: close
www.290996a.com/tu/pk10.png
18.166.84.185200 OK 3.2 kB URL HTTP/1.1 www.290996a.com/tu/pk10.png
IP 18.166.84.185:0
File type PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced\012- data
Hash 928308dc01922e337feffe659787a9e5
2bc281633711710a1ef8fd20e3e00428395e7eb3
6c59557f63d4c8bf0e47bce1b498aece087ade47efbc87c02cabaa4bf5a2000a
GET /tu/pk10.png HTTP/1.1
Host: www.290996a.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
ETag: "beb29f4dbb83d41:0"
Content-Type: image/png
Last-Modified: Sat, 24 Nov 2018 06:02:38 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 01:39:11 GMT
Content-Length: 3171
Connection: close
www.290996a.com/tu/%E6%97%B6%E6%97%B6%E5%BD%A9.png
18.166.84.185200 OK 3.2 kB URL HTTP/1.1 www.290996a.com/tu/%E6%97%B6%E6%97%B6%E5%BD%A9.png
IP 18.166.84.185:0
File type PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced\012- data
Hash 6c4b987758b8221441aa601f0ac70b38
535984741aba5253b1dc8c20ac6a80a415025494
116d3d50171810bd46a54d0fcca787863623aed6ea5da3d971cf3365db25174f
GET /tu/%E6%97%B6%E6%97%B6%E5%BD%A9.png HTTP/1.1
Host: www.290996a.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
ETag: "acd754fbb83d41:0"
Content-Type: image/png
Last-Modified: Sat, 24 Nov 2018 06:02:40 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 01:39:12 GMT
Content-Length: 3240
Connection: close
290997a.com/images/colors.png
43.198.33.164200 OK 4.2 kB URL HTTP/1.1 290997a.com/images/colors.png
IP 43.198.33.164:0
File type PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced\012- data
Hash 179fe0b168c0963d292ba3bf44666796
56cec0596b0f2cb07846ab075bf3e3453b67ebb7
a3be6bb501c15359aa7515e000e03755e112ebd07d12d7f77bbba5078473aa41
GET /images/colors.png HTTP/1.1
Host: 290997a.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
ETag: "59a86d5419bd41:0"
Content-Type: image/png
Last-Modified: Mon, 24 Dec 2018 04:33:35 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 01:39:12 GMT
Content-Length: 4190
Connection: close
699349.com/zybb/ds3x.js
16.162.201.20200 OK 797 B IP 16.162.201.20:0
File type HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 1179f3dbd5b6b47bad801b62e910f105
689dc9ac51dd1476f4891f56174bb5e538dd70af
abdf3191c4e777b12af5c09561d5756ea064aad6e0d7490471fa4f3bfef71e9f
Analyzer Verdict Alert fortinet Phishing
GET /zybb/ds3x.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "0eea892217d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:36 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 01:49:42 GMT
Content-Length: 797
Connection: close
imgs.mygai.cn/tp/hf/895_800x100.gif
107.148.135.221404 Not Found 579 B URL HTTP/1.1 imgs.mygai.cn/tp/hf/895_800x100.gif
IP 107.148.135.221:0
ASN #398823 PEGTECHINC-AP-02
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash fd257e3a9b8d3abd1ecd56a8e8e4c298
8ef622bd79a2d55116e52e16aa238af7f3aca181
697375791a2ce41a6ce2131c494e282b138174397360eb7d3accf8070cc8d282
GET /tp/hf/895_800x100.gif HTTP/1.1
Host: imgs.mygai.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 404 Not Found
Server: kangle/3.5.14
Date: Tue, 06 Dec 2022 02:15:24 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 579
Connection: close
699349.com/zybb/nvxzt.js
16.162.201.20200 OK 817 B IP 16.162.201.20:0
File type HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 74b1f903aac8a534416d5fee3a40da92
f050a37aec8198661d566ad0d51dea96309977bc
79f83b7660b5b49dcd6041894e911cff8d357300b7ef9d5d0723b4d100d3ebdc
Analyzer Verdict Alert fortinet Phishing
GET /zybb/nvxzt.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "80844193217d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:37 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 23:44:42 GMT
Content-Length: 817
Connection: close
905566a.com/images/7.jpg
43.198.33.164200 OK 17 kB IP 43.198.33.164:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 512x512, components 3\012- data
Hash d803b4cf1dc2437adac8ad9706ece0c4
f97bb7ddffca37cd88e14ec0c4e2571ff429ed44
05acede47462a44cd4fa008afbe6d7ce1cd993f753c8cd2382d719218a63ba21
GET /images/7.jpg HTTP/1.1
Host: 905566a.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
ETag: "a188eb312f5d41:0"
Content-Type: image/jpeg
Last-Modified: Wed, 17 Apr 2019 09:44:47 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/10.0
Date: Mon, 05 Dec 2022 23:55:11 GMT
Content-Length: 16760
Connection: close
www.290996a.com/tu/lf888.png
18.166.84.185200 OK 22 kB URL HTTP/1.1 www.290996a.com/tu/lf888.png
IP 18.166.84.185:0
File type PNG image data, 103 x 112, 8-bit/color RGBA, non-interlaced\012- data
Hash c5b6657412d0b878e34fbd7a19957f3a
4ee5a750b415ffe518aa9f3ee9cdb1b79b058b0f
5b207172438d153afd973450add6ce41d67780f71a11f4e56405a4aae5aab728
GET /tu/lf888.png HTTP/1.1
Host: www.290996a.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
ETag: "60606c9c415ad51:0"
Content-Type: image/png
Last-Modified: Sat, 24 Aug 2019 06:03:12 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 00:10:43 GMT
Content-Length: 22523
Connection: close
699349.com/jsdc/895cc.js
16.162.201.20200 OK 1.3 kB IP 16.162.201.20:0
File type HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (311), with CRLF line terminators
Hash 80bbd5f3d10c08b7645f8e06c0fde184
2d00281cbd3e1216ce2e9edd0f3ef6243366ffc6
e8548ff06a9e7e167235f25ebf3df7d1116e61cd1d91d9b900d0f8b7b5a88285
Analyzer Verdict Alert fortinet Phishing
GET /jsdc/895cc.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Encoding: gzip
ETag: "72e61a98b51cd81:0"
Content-Type: application/javascript
Last-Modified: Tue, 08 Feb 2022 06:32:07 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 00:02:00 GMT
Content-Length: 1320
Connection: close
imgs.mygai.cn/tp/49tk/49tk3.gif
107.148.135.221404 Not Found 579 B URL HTTP/1.1 imgs.mygai.cn/tp/49tk/49tk3.gif
IP 107.148.135.221:0
ASN #398823 PEGTECHINC-AP-02
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash fd257e3a9b8d3abd1ecd56a8e8e4c298
8ef622bd79a2d55116e52e16aa238af7f3aca181
697375791a2ce41a6ce2131c494e282b138174397360eb7d3accf8070cc8d282
GET /tp/49tk/49tk3.gif HTTP/1.1
Host: imgs.mygai.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 404 Not Found
Server: kangle/3.5.14
Date: Tue, 06 Dec 2022 02:15:24 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 579
Connection: close
628866a.com/images/sx004.jpg
43.198.33.164200 OK 418 kB URL HTTP/1.1 628866a.com/images/sx004.jpg
IP 43.198.33.164:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=1280, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=960], baseline, precision 8, 960x1280, components 3\012- data
Size 418 kB (418548 bytes)
Hash cf261190edae73c2d51796b7a8dbe5a5
fe9faa7fa093feb4a0212413e9973c2f8000d49f
1f0da2afea3675b1cb0344468578b041cb6fe2c48f1370a73ea834037ca7b082
GET /images/sx004.jpg HTTP/1.1
Host: 628866a.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
ETag: "8f5a9a0e2fed61:0"
Content-Type: image/jpeg
Last-Modified: Tue, 09 Feb 2021 12:53:56 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 01:39:13 GMT
Content-Length: 418548
Connection: close
imgs.mygai.cn/tp/8769/8769hf.gif
107.148.135.221404 Not Found 579 B URL HTTP/1.1 imgs.mygai.cn/tp/8769/8769hf.gif
IP 107.148.135.221:0
ASN #398823 PEGTECHINC-AP-02
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash fd257e3a9b8d3abd1ecd56a8e8e4c298
8ef622bd79a2d55116e52e16aa238af7f3aca181
697375791a2ce41a6ce2131c494e282b138174397360eb7d3accf8070cc8d282
GET /tp/8769/8769hf.gif HTTP/1.1
Host: imgs.mygai.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 404 Not Found
Server: kangle/3.5.14
Date: Tue, 06 Dec 2022 02:15:24 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 579
Connection: close
699349.com/zybb/tdzt.js
16.162.201.20200 OK 814 B IP 16.162.201.20:0
File type HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash fbcdb1e79ea5239f8af8b4e4550f1644
2aae1c27614a43da3a6707163c0239bcd4685b98
03cf34ad202a561e0d9491a7e0a62b7e3533ff0754536d9399db660f22ed07ba
Analyzer Verdict Alert fortinet Phishing
GET /zybb/tdzt.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Encoding: gzip
ETag: "1be074f4a17d91:0"
Content-Type: application/javascript
Last-Modified: Sun, 04 Dec 2022 05:33:35 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 20:31:02 GMT
Content-Length: 814
Connection: close
699349.com/zybb/5xzt.js
16.162.201.20200 OK 1.5 kB IP 16.162.201.20:0
File type HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 5492950bcd256d496b0a67dcd37594ea
0c5b52c321afe39d1faaa8569c3762594fa90bd1
2ef9a0d8bc4398e528046605fdc57cd8011432083a8a1ced7596356d80c73705
Analyzer Verdict Alert fortinet Phishing
GET /zybb/5xzt.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "0eea892217d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:36 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 01:49:42 GMT
Content-Length: 1492
Connection: close
699349.com/jsdc/9898.js
16.162.201.20200 OK 1.3 kB IP 16.162.201.20:0
File type HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (311), with CRLF line terminators
Hash 91a223b0c90a5bcf10798282e143504c
a44ef11319747ba51377b0488159e7778b365efe
efe4c7b8b4c7bcc1740b4d4d3e2c396e753aa26b3114c08a94244367eaf94387
Analyzer Verdict Alert fortinet Phishing
GET /jsdc/9898.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Encoding: gzip
ETag: "3ddc7a4f22d6d81:0"
Content-Type: application/javascript
Last-Modified: Sun, 02 Oct 2022 05:46:25 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 00:02:01 GMT
Content-Length: 1317
Connection: close
699349.com/zybb/ptyx.js
16.162.201.20200 OK 844 B IP 16.162.201.20:0
File type HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 351a50440a0222439a43b95c28f2b326
8d56f53afffa50785c070f911b529ca3428fde57
4bbdc24ef55e15e9c0c435b11070a18ec9c58df244c3ae287d92b231ed85e1ec
Analyzer Verdict Alert fortinet Phishing
GET /zybb/ptyx.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "80844193217d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:37 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 01:49:42 GMT
Content-Length: 844
Connection: close
628866a.com/images/sx002.jpg
43.198.33.164200 OK 386 kB URL HTTP/1.1 628866a.com/images/sx002.jpg
IP 43.198.33.164:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 1x1, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, software=www.meitu.com], baseline, precision 8, 1440x900, components 3\012- data
Size 386 kB (386517 bytes)
Hash 5a8bd9cb921927c2d02d9a6f7c25d8c0
5737c6396bcd7d5249048bd05887eb76440aee99
fd7fe5380476127a04ee860b0bac7c0cbff17cf35e38cbf00f7e5d2c3431e1d5
GET /images/sx002.jpg HTTP/1.1
Host: 628866a.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
ETag: "9d561fa1e2fed61:0"
Content-Type: image/jpeg
Last-Modified: Tue, 09 Feb 2021 12:53:57 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 22:31:26 GMT
Content-Length: 386517
Connection: close
699349.com/bd/pttg.js
16.162.201.20200 OK 3.8 kB IP 16.162.201.20:0
File type HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash d550d03e6a8602499dea773ce9b74b23
54efe0adde5d710eac9aef121a047f4c163a81c8
b576c96f7b5117b5bd143fa6f7ac0a2e119ef318c591ef63372d8820e1cdd8b1
Analyzer Verdict Alert fortinet Phishing
GET /bd/pttg.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "80b5a5ec197d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 13:19:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 00:28:08 GMT
Content-Length: 3813
Connection: close
699349.com/zybb/ptyw.js
16.162.201.20200 OK 1.1 kB IP 16.162.201.20:0
File type HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash ae700f80fc11c55a1878f2a1f6018c6c
390fe67613ca33bfcbc37c9f42a6df63fd72c3cf
4e6c1b17f1287de2cb1e716ab76e85d59d613d5eacb6f50c728caa3cf96894e8
Analyzer Verdict Alert fortinet Phishing
GET /zybb/ptyw.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "80844193217d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:37 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 13:59:46 GMT
Content-Length: 1055
Connection: close
628866a.com/images/sx003.jpg
43.198.33.164200 OK 77 kB URL HTTP/1.1 628866a.com/images/sx003.jpg
IP 43.198.33.164:0
File type JPEG image data, baseline, precision 8, 501x722, components 3\012- data
Hash 489ea9332ce03d4378afd0c4dfae8b69
39834c555e165e7ba483849cb3f961a966a2cbe2
b5fa3028ebbd0edf0f2a5798f1df71509e35daaa108da14cf013aab934be0662
GET /images/sx003.jpg HTTP/1.1
Host: 628866a.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
ETag: "97315aa0e2fed61:0"
Content-Type: image/jpeg
Last-Modified: Tue, 09 Feb 2021 12:53:56 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 22:34:48 GMT
Content-Length: 76750
Connection: close
628866a.com/images/sx001.jpg
43.198.33.164200 OK 1.1 MB URL HTTP/1.1 628866a.com/images/sx001.jpg
IP 43.198.33.164:0
File type PNG image data, 972 x 690, 8-bit/color RGBA, non-interlaced\012- data
Size 1.1 MB (1079505 bytes)
Hash 13be2b66ee5e018a7f05fdd2137f0ffc
91fc72147092152e9a1fec6c0a6a048800b633c0
070af32e38af80515a54f85e3acf241a03acb18354c0534e2ac9eab8961bbd47
GET /images/sx001.jpg HTTP/1.1
Host: 628866a.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
ETag: "15dd7fb34116d81:0"
Content-Type: image/jpeg
Last-Modified: Mon, 31 Jan 2022 01:27:24 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 22:32:10 GMT
Content-Length: 1079505
Connection: close
699349.com/zybb/dslx.js
16.162.201.20200 OK 861 B IP 16.162.201.20:0
File type HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash ae2fa9862cc3966cc5fdaa8086ea1a28
74b019b17a1fe69a7b48669be53e943dadea98a1
853326c7d76cc89cfd03d84b5a9f5a6406a50601fd706333c4dc513a7fe2d5ea
Analyzer Verdict Alert fortinet Phishing
GET /zybb/dslx.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "80844193217d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:37 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 02:05:31 GMT
Content-Length: 861
Connection: close
699349.com/zybb/24ma.js
16.162.201.20200 OK 1.5 kB IP 16.162.201.20:0
File type HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 16e49c9c9effa65ec7705400d52cc0d1
619affd7d8d7db04c496e76ea82b1fbc594689dc
1de9bd2df0d9bd5aba3d6aff1267226a9c62ec6e6a2fddceaf4bbac904ea4dac
Analyzer Verdict Alert fortinet Phishing
GET /zybb/24ma.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "0eea892217d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:36 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 23:44:43 GMT
Content-Length: 1467
Connection: close
699349.com/zybb/zyzt.js
16.162.201.20200 OK 754 B IP 16.162.201.20:0
File type HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash f4bd219f5a87e4cabefda2d7a3d71b13
016ee8a48eb0dac7b0f12db3f546ebf8589cf842
76d4a00102c057cd657d83083b6eceac91433dbf764e47ebf03ac115951e2c17
Analyzer Verdict Alert fortinet Phishing
GET /zybb/zyzt.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "01bda93217d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:38 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 00:23:02 GMT
Content-Length: 754
Connection: close
699349.com/zybb/xdxzt.js
16.162.201.20200 OK 750 B IP 16.162.201.20:0
File type HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 16bc73eedb253037f5b7d94ae9533f7a
ff624bc5a7e69fd58479bd86163aaab8473b79bb
4a76bd0237e984340a3e33129df1601b7b07a7270905bfed0d3c579cde55a3fe
Analyzer Verdict Alert fortinet Phishing
GET /zybb/xdxzt.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "01bda93217d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:38 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 23:44:43 GMT
Content-Length: 750
Connection: close
699349.com/zybb/gsb2.js
16.162.201.20200 OK 1.4 kB IP 16.162.201.20:0
File type HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 33ed43e41648abd8a8737a3fe1777228
252e60c7df16b2373447a3b6be9f4d27d0a98a51
ecc019b54c39557ee824f9600aba780a47248c7a2505475131fa4975caaecbd3
Analyzer Verdict Alert fortinet Phishing
GET /zybb/gsb2.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "80844193217d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:37 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 00:54:43 GMT
Content-Length: 1407
Connection: close
699349.com/zybb/4jzt.js
16.162.201.20200 OK 792 B IP 16.162.201.20:0
File type HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 4c4dc616fc55821a698d1140815cd8f3
d033f2e5a4f685b5bbb9b938cf6df1c49476e506
f79eefb5325a4d163fc3e552c9bf118323adf8fab05b86e6306aa2dc6c576e19
Analyzer Verdict Alert fortinet Phishing
GET /zybb/4jzt.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "0eea892217d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:36 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 01:49:43 GMT
Content-Length: 792
Connection: close
699349.com/zybb/hbzt.js
16.162.201.20200 OK 847 B IP 16.162.201.20:0
File type HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 40d8f4d6c712eb4498ebebbc67484ca2
51b441159de4ee74b8d981016f20684ca6893f86
4ecce0a74e8ab72d21bb84630e942caf06a3efd62d0e3138be66ac9cd4c7dd72
Analyzer Verdict Alert fortinet Phishing
GET /zybb/hbzt.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "80844193217d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:37 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 23:44:44 GMT
Content-Length: 847
Connection: close
699349.com/zybb/ywbzt.js
16.162.201.20200 OK 556 B IP 16.162.201.20:0
File type HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash dbfb74e16d291f66512806b17781fc22
a464d8b44e10c7b45f094dbf0abce0a94e4eabc1
7e7574bb2225135aacfece96445fb7f18038493b0f4d86f2f9d48dfe33e72966
Analyzer Verdict Alert fortinet Phishing
GET /zybb/ywbzt.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "01bda93217d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:38 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 23:44:44 GMT
Content-Length: 556
Connection: close
699349.com/zybb/dsbzt.js
16.162.201.20200 OK 942 B IP 16.162.201.20:0
File type HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 312c7f625c0f36aac9b50fc7a3bd88ef
afa8ffe68813627328dab76a7d4bc3f54ea0f3b0
2fe094bd0ea77cda61e11cac7b43f31f59978d1a83bf9c66180e847a20cfd42e
Analyzer Verdict Alert fortinet Phishing
GET /zybb/dsbzt.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Encoding: gzip
ETag: "87844093217d91:0"
Content-Type: application/javascript
Last-Modified: Sat, 03 Dec 2022 14:14:36 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 14:12:02 GMT
Content-Length: 942
Connection: close
699349.com/zybb/gongshi.js
16.162.201.20200 OK 869 B URL HTTP/1.1 699349.com/zybb/gongshi.js
IP 16.162.201.20:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 7a267f60344fec389e3c0bbce3efe3ba
238d1d0708356caedc08cd039bf4d726ed67bd9f
b01b3d689baf1690f51527e05bea593f1bd5ae3caf0b7f29f43fe985768bd7c1
Analyzer Verdict Alert fortinet Phishing
GET /zybb/gongshi.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "80844193217d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:37 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 23:44:44 GMT
Content-Length: 869
Connection: close
699349.com/zybb/jmxc.js
16.162.201.20200 OK 994 B IP 16.162.201.20:0
File type HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 8413295f82115c4d8ab3cae26f4a771e
c50b89748deb84bdad22380706a5477844f21c98
6c76c05444e6ebaac3e4b771c7dfa092cd118b7fdaa3d2db46781d2f01235b3e
Analyzer Verdict Alert fortinet Phishing
GET /zybb/jmxc.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "80844193217d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:37 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 00:35:18 GMT
Content-Length: 994
Connection: close
699349.com/zybb/lbzt.js
16.162.201.20200 OK 1.1 kB IP 16.162.201.20:0
File type HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash bc3b109a4d7fd1f640cd9115d1484d55
c9a075cdae853852223a8c525b1a9045356736bc
ad1292d17aaef9305a52b5bd54c096baea3172a3bcd7c5d1a83bef97d5a3a81b
Analyzer Verdict Alert fortinet Phishing
GET /zybb/lbzt.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "80844193217d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:37 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 00:28:15 GMT
Content-Length: 1107
Connection: close
699349.com/jsdc/49ac.js
16.162.201.20200 OK 1.7 kB IP 16.162.201.20:0
File type HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (311), with CRLF line terminators
Hash 1dd52b1a2fd24f57ed713d258cf25668
598f2382be5960d967f5424300bf5c51f501a056
97a9741571d36591084da6e3541123c2a61b232ea43a01d9e67c9ed518cedaba
Analyzer Verdict Alert fortinet Phishing
GET /jsdc/49ac.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Encoding: gzip
ETag: "808c6486e81bd81:0"
Content-Type: application/javascript
Last-Modified: Mon, 07 Feb 2022 06:04:10 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 00:05:08 GMT
Content-Length: 1725
Connection: close
699349.com/jiuxiaoyima.js
16.162.201.20200 OK 1.3 kB URL HTTP/1.1 699349.com/jiuxiaoyima.js
IP 16.162.201.20:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash b85311c8025c51deac09a36cfc067e7b
82d08dc8cf8b1dbb45f4758d657ceb81e2abbf69
50c006b42668af51af14a37e9131666ef43cdf249047404ff3538b56027cc25c
Analyzer Verdict Alert fortinet Phishing
GET /jiuxiaoyima.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "80b17294217d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:39 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 01:49:43 GMT
Content-Length: 1300
Connection: close
699349.com/zybb/gsb3.js
16.162.201.20200 OK 954 B IP 16.162.201.20:0
File type HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 64fcea2274be1eb52dada508ff12abfb
b1537b66477f3416d2e750a718921159e448f52b
8ac7a641417135739d0f18a489ede85c02b99175addade27632917a61cf9e13e
Analyzer Verdict Alert fortinet Phishing
GET /zybb/gsb3.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "80844193217d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:37 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 01:49:43 GMT
Content-Length: 954
Connection: close
699349.com/zybb/3qbc.js
16.162.201.20200 OK 862 B IP 16.162.201.20:0
File type HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash b6446f10764651aa4014031cc736d935
8ccbcdc87b216a3336428e4843d8a5b104f8ec6a
2ab160d91ec6267266c1da1ee5ae567aab15055153ddbbbc4bda1241b716a0e5
Analyzer Verdict Alert fortinet Phishing
GET /zybb/3qbc.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "0eea892217d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:36 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 23:44:44 GMT
Content-Length: 862
Connection: close
699349.com/zybb/dxdzt.js
16.162.201.20200 OK 864 B IP 16.162.201.20:0
File type HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 4d9a6ea33952c0d351431d65dfd62d4e
0d0ff3b427275e9b62496146843c6c1d42f5cb34
d9eeeff394299cccaa4a0b9a8205ac658234ba072468ef4b21aadb55f5760b39
Analyzer Verdict Alert fortinet Phishing
GET /zybb/dxdzt.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "80844193217d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:37 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 01:49:43 GMT
Content-Length: 864
Connection: close
699349.com/bd/tugsb.js
16.162.201.20200 OK 11 kB IP 16.162.201.20:0
File type HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash ecdfd1197f03f977fc8794ac0e52f1c0
ca6797e42549d210025b6828b13c7727d8353c95
475ca60fb97b5f957ed64bb3c1f22a60b7581e2ad024f7bf6cd22fa320022845
Analyzer Verdict Alert fortinet Phishing
GET /bd/tugsb.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "071951a6559d81:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Tue, 26 Apr 2022 11:59:38 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 23:18:29 GMT
Content-Length: 10902
Connection: close
699349.com/zybb/jyzt.js
16.162.201.20200 OK 719 B IP 16.162.201.20:0
File type HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash c76239f943f07b11a0b0a869667a74fb
e77751460670be829755e7d18858f1abf7658e40
f2d2e707063d4eccd5bb3dc8382a729da420132b85739af9036ae539d6ce6aad
Analyzer Verdict Alert fortinet Phishing
GET /zybb/jyzt.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "80844193217d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:37 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 01:49:44 GMT
Content-Length: 719
Connection: close
699349.com/zybb/caitu.js
16.162.201.20200 OK 918 B IP 16.162.201.20:0
File type HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash a4071b455088baa76d935269a80fb6e9
172c8ba58ee644466e039e3ec822e55f42767485
c05b1147ae42978c51b5c444531f34440f0db6c97b378e82789cfafb85fbb93b
Analyzer Verdict Alert fortinet Phishing
GET /zybb/caitu.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "80168846f1f3d61:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Tue, 26 Jan 2021 14:41:05 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 00:23:04 GMT
Content-Length: 918
Connection: close
699349.com/zybb/juesha.js
16.162.201.20200 OK 936 B URL HTTP/1.1 699349.com/zybb/juesha.js
IP 16.162.201.20:0
File type HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash b74c42f4d27da29672c5d68c6f82ba89
b63cd31635f1ae073e3f506d37c86480bc8c4048
046506df352b13fbb9e20e16905c93a00e04f4fb6bcc320ec8c0fa63875c928c
Analyzer Verdict Alert fortinet Phishing
GET /zybb/juesha.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "80844193217d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 03 Dec 2022 14:14:37 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 00:54:43 GMT
Content-Length: 936
Connection: close
699349.com/bd/amyqlj.js
16.162.201.20200 OK 4.4 kB IP 16.162.201.20:0
File type HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash cab5bfdcfcc73ef11c18bf82000b87b5
c231c0cc3f2e7a554609f567f87fd7c5b6bf6a7b
6a528264da8a367808ce36705af903c382403760feaccc95a69652c263361388
Analyzer Verdict Alert fortinet Phishing
GET /bd/amyqlj.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "0bba1386bcd81:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Tue, 30 Aug 2022 15:34:38 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 14:12:04 GMT
Content-Length: 4353
Connection: close
699349.com/bd/axzhzl.js
16.162.201.20200 OK 9.8 kB IP 16.162.201.20:0
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash d15305ad6fc8de926227c043309d60c2
e8d31bf5642e4e467e39335e47c48cd8a2f7710a
543b0d994057705f0d34f27062b6a9c85583e97e3672275b13dab325e809d2d6
Analyzer Verdict Alert fortinet Phishing
GET /bd/axzhzl.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "808947a6b69fd81:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sun, 24 Jul 2022 23:39:43 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 14:12:03 GMT
Content-Length: 9806
Connection: close
699349.com/js/pub.js
16.162.201.20200 OK 582 B IP 16.162.201.20:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (886), with CRLF line terminators
Hash d6e838b5ab0be4e44fd56fbe9421d0c7
92caa5664a411a38643d19c88d02736138b61f8e
df11a68cb7666ce5d704c6b37f02a9ecb01db69a0a7b9560fc1ce82b2ceff557
Analyzer Verdict Alert fortinet Phishing
GET /js/pub.js HTTP/1.1
Host: 699349.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://699349.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Encoding: gzip
ETag: "6b3c08de595d61:0"
Content-Type: application/javascript
Last-Modified: Mon, 28 Sep 2020 22:20:21 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Mon, 05 Dec 2022 14:13:02 GMT
Content-Length: 582
Connection: close