r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 555d8608594803d49eeb9581c6b70702
d01e0201e0ba0cf751ef97226620338a853bc635
2885cdac311a30161a8ac9ef8e54c788afafd4f86ed197a651fc6d8bda077908
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2885CDAC311A30161A8AC9EF8E54C788AFAFD4F86ED197A651FC6D8BDA077908"
Last-Modified: Mon, 12 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2624
Expires: Wed, 14 Dec 2022 16:06:06 GMT
Date: Wed, 14 Dec 2022 15:22:22 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3c0c53379f331e934f61070074d41035
420f6e542cbf741838566f22e475a80e2f600d21
4b7213ec107cdf1c2cd61a124453fb682ec291af0004d071105c87e2fe7528f5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4B7213EC107CDF1C2CD61A124453FB682EC291AF0004D071105C87E2FE7528F5"
Last-Modified: Mon, 12 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9105
Expires: Wed, 14 Dec 2022 17:54:07 GMT
Date: Wed, 14 Dec 2022 15:22:22 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Backoff, Content-Length, Content-Type, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 14 Dec 2022 15:08:52 GMT
content-type: application/json
age: 810
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 51bd0cc75ed746fd33c950eb12936b7e
4a1007ea6c6e4f5e8b4a7d1f85f7a3e329dc8f50
188d4a0d544f40048dc7476cb4f5e478f1eb49a8ef1d51699fb155d2ae258655
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "188D4A0D544F40048DC7476CB4F5E478F1EB49A8EF1D51699FB155D2AE258655"
Last-Modified: Tue, 13 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14685
Expires: Wed, 14 Dec 2022 19:27:08 GMT
Date: Wed, 14 Dec 2022 15:22:23 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: uOFVf+shV/ew9/yj05JU/4yPcQK9OxTEAvZgb+nDZs4dsHBbp387hzdke5sc5Db8EqS3weaSckw=
x-amz-request-id: 59DMGM7Z92NSQYJQ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 14 Dec 2022 14:50:33 GMT
age: 1910
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 14 Dec 2022 15:22:23 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
217575b.com/
43.198.33.164301 Moved Permanently 0 B IP 43.198.33.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: 217575b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: kangle/3.5.14
Date: Wed, 14 Dec 2022 15:22:22 GMT
Location: https://217575b.com/
Content-Length: 0
Connection: close
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Cache-Control, Backoff, Content-Length, Pragma, Alert, Expires, Last-Modified, Retry-After, ETag, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 14 Dec 2022 14:33:20 GMT
age: 2943
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 210b7a2584ae55362c4b582e325f37f7
5f1982f961f1c5db96bbb66af075bab3cb535963
cb3767debad90cb8a34ce287de194cdb2a4f7146e7b51560fd2e0eb11fbfbc2f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1785
Cache-Control: max-age=152058
Content-Type: application/ocsp-response
Date: Wed, 14 Dec 2022 15:22:23 GMT
Etag: "63999230-1d7"
Expires: Fri, 16 Dec 2022 09:36:41 GMT
Last-Modified: Wed, 14 Dec 2022 09:06:56 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 471
zerossl.ocsp.sectigo.com/
104.18.32.68200 OK 727 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 104.18.32.68:0
Hash 6f88e759bd6252bbcbfd2914cb35927f
7931983b4006ccf5bc9a7a817172c78dcdbbec32
cdd68dc15ff9d8e37146c68cf693e423abb511b5151b2bc183de9af070aca2ed
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 14 Dec 2022 15:22:24 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Wed, 14 Dec 2022 05:35:59 GMT
Expires: Wed, 21 Dec 2022 05:35:58 GMT
Etag: "7931983b4006ccf5bc9a7a817172c78dcdbbec32"
Cache-Control: max-age=569013,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7797ef4bddbdb4ee-OSL
push.services.mozilla.com/
54.200.107.47101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.200.107.47:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: GpsuVM952OdTbJ7flE6Wiw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: bPM/llZhtumUwbcq4KVFaytTfHo=
217575b.com/
43.198.33.164200 OK 5.3 kB IP 43.198.33.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash fbae4376eac01121d0266f1cc0d3218b
31793ce1b7450970a5736202fb61cbdcdfffd8ae
72d4e0bd08d238b32a0b76ce80daf41f66fe2def0c620368e5240070d72eb840
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: 217575b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
ETag: "0a0aeda4ecd91:0"
Content-Type: text/html
Content-Encoding: gzip
Last-Modified: Sat, 10 Dec 2022 04:21:20 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Wed, 14 Dec 2022 14:09:25 GMT
Content-Length: 5258
Connection: close
code.jquery.com/jquery-1.10.2.min.js
69.16.175.10200 OK 33 kB URL HTTP/2 code.jquery.com/jquery-1.10.2.min.js
IP 69.16.175.10:0
File type ASCII text, with very long lines (32072)
Hash 68cc08e82915da8b82fc6be74ab86365
4089530b0c00f6cbd1452d7f873be85454196fd1
6c63276db5e51f227be1c9bdaf73d76fa01040499944a8c8607db0c234f0575c
GET /jquery-1.10.2.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://217575b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 14 Dec 2022 15:22:24 GMT
content-encoding: gzip
content-length: 32788
content-type: application/javascript; charset=utf-8
last-modified: Wed, 16 Feb 2022 10:50:39 GMT
accept-ranges: bytes
server: nginx
etag: W/"620cd6ff-16bb3"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1671031344.dop202.sk1.t,1671031344.cds264.sk1.hn,1671031344.cds243.sk1.c
X-Firefox-Spdy: h2
217575b.com/css/style.css
43.198.33.164200 OK 6.6 kB URL HTTP/1.1 217575b.com/css/style.css
IP 43.198.33.164:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (452), with CRLF line terminators
Hash 88f93f841398f0bf4ff0ee4d1beccd7d
9e512da7781c1d8054bca1b842fb396ed3f7d298
fa1efc1cd9382e653bb4ed87d7b10c1019ff99036303f10706dde4749928c0e6
GET /css/style.css HTTP/1.1
Host: 217575b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://217575b.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "0930e9c625d61:0"
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Sat, 09 May 2020 05:58:50 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Wed, 14 Dec 2022 14:11:14 GMT
Content-Length: 6632
Connection: close
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 08f7321e01de2d111fc8100424937061
01ea459fe9270ea25e3cec2228d1cf3cd61d80b8
36ca62b5281e0d5434f0bf6119b2074eb05f5336db3113b5556d2a4273ed2816
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "36CA62B5281E0D5434F0BF6119B2074EB05F5336DB3113B5556D2A4273ED2816"
Last-Modified: Mon, 12 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2871
Expires: Wed, 14 Dec 2022 16:10:16 GMT
Date: Wed, 14 Dec 2022 15:22:25 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 08f7321e01de2d111fc8100424937061
01ea459fe9270ea25e3cec2228d1cf3cd61d80b8
36ca62b5281e0d5434f0bf6119b2074eb05f5336db3113b5556d2a4273ed2816
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "36CA62B5281E0D5434F0BF6119B2074EB05F5336DB3113B5556D2A4273ED2816"
Last-Modified: Mon, 12 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2871
Expires: Wed, 14 Dec 2022 16:10:16 GMT
Date: Wed, 14 Dec 2022 15:22:25 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 08f7321e01de2d111fc8100424937061
01ea459fe9270ea25e3cec2228d1cf3cd61d80b8
36ca62b5281e0d5434f0bf6119b2074eb05f5336db3113b5556d2a4273ed2816
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "36CA62B5281E0D5434F0BF6119B2074EB05F5336DB3113B5556D2A4273ED2816"
Last-Modified: Mon, 12 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2871
Expires: Wed, 14 Dec 2022 16:10:16 GMT
Date: Wed, 14 Dec 2022 15:22:25 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3319031c-7524-4aba-998b-86a7b8a1132f.jpeg
34.120.237.76200 OK 6.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3319031c-7524-4aba-998b-86a7b8a1132f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 690133687ca909986a7ac4e919193bbb
9f36b8f5cd7f540d18318c0b8ca55d40e85ed1d4
d4913048b7f2b341c77a345420a855e6385e00c64ef30f6cf136ad16f6bda771
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3319031c-7524-4aba-998b-86a7b8a1132f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6711
x-amzn-requestid: ac93518c-b2e1-4995-9152-11c30c05cc9b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c9h4oHmiIAMFXQA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639549d0-5180e10e467c4c4c5e7fd1f4;Sampled=0
x-amzn-remapped-date: Sun, 11 Dec 2022 03:09:04 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: YHHaFWjmRFuBvcFQ6orltY_4JuQEcHhfyjxHO3-XZduh_hEGfPcPoA==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Wed, 14 Dec 2022 03:59:04 GMT
age: 41001
etag: "9f36b8f5cd7f540d18318c0b8ca55d40e85ed1d4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88d6f0a9-7f6f-4650-8d61-2ed3133aaf86.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88d6f0a9-7f6f-4650-8d61-2ed3133aaf86.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9ddda117cee658be4cfe3a5d04a88c46
a167e2211732837cf07b3b9a0b33610492ab8a47
bc5fae9d44914c804f82d1e0f90a01fe14d86063da59292bf78100f539b3f7a8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88d6f0a9-7f6f-4650-8d61-2ed3133aaf86.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13205
x-amzn-requestid: 23929642-4b48-40f4-8847-854dfca772b8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dGpKoH_4oAMF_8w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6398ef10-19ad3c327c190b9227d232a2;Sampled=0
x-amzn-remapped-date: Tue, 13 Dec 2022 21:30:56 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Vx7sZ090BsrHPpf5WTWPKYaCNlYvuh5chiNxw2anH2Kd1WovN9Dc4w==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Tue, 13 Dec 2022 21:49:29 GMT
age: 63176
etag: "a167e2211732837cf07b3b9a0b33610492ab8a47"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb91a48bd-4125-4a30-8a37-7ba4692b71f2.jpeg
34.120.237.76200 OK 5.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb91a48bd-4125-4a30-8a37-7ba4692b71f2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3acfbf939eab432007f8315f2376f563
e14ad15ba9151accd71ea1c4b312d3d5c0a7f62c
d02ae4fa55f6ba4b1ca2186eb31a40018eada1e1491efdc4a95ffba4c35afa07
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb91a48bd-4125-4a30-8a37-7ba4692b71f2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5108
x-amzn-requestid: cba619a3-ef9a-420b-b280-2b53608aad53
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dGpL0G93IAMF59Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6398ef18-7cc4f81a16016a8d63156bff;Sampled=0
x-amzn-remapped-date: Tue, 13 Dec 2022 21:31:04 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 3JmSN0RECaKzxPmndCUHm_4YLojawf7kw8A43yj1h1IfuZQKsVl6eg==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Tue, 13 Dec 2022 21:56:32 GMT
age: 62753
etag: "e14ad15ba9151accd71ea1c4b312d3d5c0a7f62c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2263c6ae-1846-44f1-8b25-471bca417daf.jpeg
34.120.237.76200 OK 4.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2263c6ae-1846-44f1-8b25-471bca417daf.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d8b0477fb90d103e2155bbf7ab47d877
ab668e755bd742b165fa3ba46a4c486c616a7ff6
40e2282cf64da6034f73a2ff0c0d060550caa364244d5bdf282d2f54719d48ad
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2263c6ae-1846-44f1-8b25-471bca417daf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4703
x-amzn-requestid: 975cb427-5feb-4c36-bcfe-bed0cc9bd3b5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: czpW4Hh4IAMFeRA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639155c5-63d6d97371f11d6012edae68;Sampled=0
x-amzn-remapped-date: Thu, 08 Dec 2022 03:11:01 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: BouIqIrg_vfxBH0weDXiqoEBcSV8_d4qDVB3Er5PeIrZz249iHdqGQ==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 36810aa1793ee589dc8c194860296078.cloudfront.net (CloudFront), 1.1 google
date: Wed, 14 Dec 2022 05:29:25 GMT
age: 35580
etag: "ab668e755bd742b165fa3ba46a4c486c616a7ff6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F054e0b4b-d420-4463-a5a6-3096c010530a.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F054e0b4b-d420-4463-a5a6-3096c010530a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash eb3fe83fc6c46d9953cd9a5a37846113
ee75bf121ea7418f2063aba8f9a633a4ad6d43bd
bb5cabacaedef79cc52f747b9551711435fb4e06d8130d545cbe6f750881b03e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F054e0b4b-d420-4463-a5a6-3096c010530a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7467
x-amzn-requestid: 117d50cf-86a5-4b45-aec1-e7cc651904e1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c-FJQFiooAMF8wA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6395823b-2626bd6f1c3c97ac113992dc;Sampled=0
x-amzn-remapped-date: Sun, 11 Dec 2022 07:09:47 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: CkOpo-sDuqiPCsxtSd95WRF00doInVSk7Cygj0BKk_VhZrJp6wpFKQ==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Wed, 14 Dec 2022 08:02:15 GMT
age: 26410
etag: "ee75bf121ea7418f2063aba8f9a633a4ad6d43bd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbf99cc35-2988-4958-a87c-f7f44e2094c7.jpeg
34.120.237.76200 OK 4.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbf99cc35-2988-4958-a87c-f7f44e2094c7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f8501112ef886bfa0aaf2239cee2d312
f07542e9312ef0b42c96f2687766fe46f57f38cb
296c8dd5bdcb6ff49fcfebe464a7baa9c22bbe8ef6fef0798e92b10e1b3b1ac9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbf99cc35-2988-4958-a87c-f7f44e2094c7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4294
x-amzn-requestid: a906aaed-cfa3-453a-b872-87f906f6251c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dGp1ME7aoAMFWyg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6398f021-23ddca2815a10a181549c5d8;Sampled=0
x-amzn-remapped-date: Tue, 13 Dec 2022 21:35:29 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 2uDwp7t_YtOtwnTAUFA9n_mcS-JHhi37LnqgWhLYF6We8IQl6gfCBQ==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Tue, 13 Dec 2022 21:55:32 GMT
age: 62813
etag: "f07542e9312ef0b42c96f2687766fe46f57f38cb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
217575b.com/bbs/sxbm.js
43.198.33.164200 OK 1.3 kB IP 43.198.33.164:0
File type HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 94664b619b64d87e32ef84e7cd527539
97fa10d938dff7e8f53ccf63230fb48c3fcd1086
df9834f83429ad697c1dfb899812592ba504b7fd81c81aecd816f3747904593a
Analyzer Verdict Alert fortinet Phishing
GET /bbs/sxbm.js HTTP/1.1
Host: 217575b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://217575b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "05547f1c8fd91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Wed, 14 Dec 2022 14:32:50 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Wed, 14 Dec 2022 15:10:35 GMT
Content-Length: 1259
Connection: close
217575b.com/bbs/gsb.js
43.198.33.164200 OK 2.1 kB IP 43.198.33.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash dad765b36ebc2e894fbc6e22d2090376
0ab56e466e5de4676d8fef6f52b7410b5b77da89
d41ad7f6a24a5eb574c6734dee94b6312918504432d51c3bcf166f0987526752
Analyzer Verdict Alert fortinet Phishing
GET /bbs/gsb.js HTTP/1.1
Host: 217575b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://217575b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "80beaef0c8fd91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Wed, 14 Dec 2022 14:32:49 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Wed, 14 Dec 2022 14:55:47 GMT
Content-Length: 2077
Connection: close
217575b.com/bbs/swbm.js
43.198.33.164200 OK 1.1 kB IP 43.198.33.164:0
File type HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 8c7f463292476eb27a36eb779ab7ce2f
2a6f2f4dd7fe678fe622148af2e7bd3fa413a7f9
64539ca94055eeffbe752ae827fa783874cb75ca4f588d1753eaf3da8406a57b
Analyzer Verdict Alert fortinet Phishing
GET /bbs/swbm.js HTTP/1.1
Host: 217575b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://217575b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "05547f1c8fd91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Wed, 14 Dec 2022 14:32:50 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Wed, 14 Dec 2022 14:38:49 GMT
Content-Length: 1106
Connection: close
zerossl.ocsp.sectigo.com/
104.18.32.68200 OK 728 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 104.18.32.68:0
Hash 03cc3ac438e9a2e98ba6fd7ff800a16c
42aaa4ed500dfe1ca27f524df44155be1cd5c5d5
e392baa1bc6825634be337fc97e99cfb0cbc61f4389076da61bb9ec0c0f91576
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 14 Dec 2022 15:22:25 GMT
Content-Type: application/ocsp-response
Content-Length: 728
Connection: keep-alive
Last-Modified: Mon, 12 Dec 2022 15:34:12 GMT
Expires: Mon, 19 Dec 2022 15:34:11 GMT
Etag: "42aaa4ed500dfe1ca27f524df44155be1cd5c5d5"
Cache-Control: max-age=432105,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7797ef5549eab4ee-OSL
ocsp.globalsign.com/gsgccr3dvtlsca2020
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsgccr3dvtlsca2020
IP 104.18.20.226:0
Hash 39ed6a8bd6c5c5482b7e25dbeb739fee
722f4f756b8f63c718bdffa2531feafc2efc36bd
a43921ec69d64592dd255545ef99d0a1a07a04deb562ba02c3de53fedfa54db6
POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 14 Dec 2022 15:22:25 GMT
Content-Type: application/ocsp-response
Content-Length: 1414
Connection: keep-alive
Expires: Sun, 18 Dec 2022 14:10:56 GMT
ETag: "722f4f756b8f63c718bdffa2531feafc2efc36bd"
Last-Modified: Wed, 14 Dec 2022 14:10:57 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7797ef55d975b503-OSL
217575b.com/js/superslide.js
43.198.33.164200 OK 3.7 kB URL HTTP/1.1 217575b.com/js/superslide.js
IP 43.198.33.164:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (11013), with CRLF line terminators
Hash e5a70296695d2ec2b36606af022e382e
977a8dde7032e6d661143b96bbc9b693dd17ce5b
60c95691ba463b06c012e471602cb175c69debb01b33d426db7b53c3ead7cd6a
Analyzer Verdict Alert fortinet Phishing
GET /js/superslide.js HTTP/1.1
Host: 217575b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://217575b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "013ee9d7c4cd71:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Wed, 19 May 2021 07:00:14 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Wed, 14 Dec 2022 13:59:48 GMT
Content-Length: 3715
Connection: close
217575b.com/bbs/qqpg.js
43.198.33.164200 OK 2.4 kB IP 43.198.33.164:0
File type HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (672), with CRLF line terminators
Hash 98f352c57722d6fbbbbafa42b120ac00
729ee6c6db8e540dc2d404abdb02fb1333e89e34
beb8b06ace5daa3e5667def60ae6874cd6d571d5115f4ee45ffdfae0eedf4a15
Analyzer Verdict Alert fortinet Phishing
GET /bbs/qqpg.js HTTP/1.1
Host: 217575b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://217575b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "05547f1c8fd91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Wed, 14 Dec 2022 14:32:50 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Wed, 14 Dec 2022 15:09:01 GMT
Content-Length: 2448
Connection: close
217575b.com/bbs/ujcc.js
43.198.33.164200 OK 873 B IP 43.198.33.164:0
File type HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 400f89da15c82bb4b1a40e991938e7c4
af73f34fc8eec9ab1d3925d52a7ec029bcd128bf
32b1789924acfa720f1e20dabb72e4644215e989cf98ebc2e403fa761ca98d76
Analyzer Verdict Alert fortinet Phishing
GET /bbs/ujcc.js HTTP/1.1
Host: 217575b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://217575b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "05547f1c8fd91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Wed, 14 Dec 2022 14:32:50 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Wed, 14 Dec 2022 15:18:58 GMT
Content-Length: 873
Connection: close
217575b.com/bbs/shiju.js
43.198.33.164200 OK 1.3 kB IP 43.198.33.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (717), with CRLF line terminators
Hash be68e5d4fae4effa0e4545cd8aa1d592
1efeaee90ce7cf1c9de60f11bd68432d7ce41995
92069e3f41ca4321366d730198f37d84eb9d5bd673b0961b65e9436dc50005c1
Analyzer Verdict Alert fortinet Phishing
GET /bbs/shiju.js HTTP/1.1
Host: 217575b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://217575b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "05547f1c8fd91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Wed, 14 Dec 2022 14:32:50 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Wed, 14 Dec 2022 15:09:02 GMT
Content-Length: 1257
Connection: close
217575b.com/bbs/gsb3.js
43.198.33.164200 OK 1.3 kB IP 43.198.33.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash cafe78f0939eb2e734a80e9c060c439a
f719ed93488bc543ba7b8caa67bd23e8b2c2501e
48517ad2bd7201732d0dcdd09ddca11565d14d2fc38338c02288afa2da3dca7e
Analyzer Verdict Alert fortinet Phishing
GET /bbs/gsb3.js HTTP/1.1
Host: 217575b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://217575b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "80beaef0c8fd91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Wed, 14 Dec 2022 14:32:49 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Wed, 14 Dec 2022 14:43:27 GMT
Content-Length: 1340
Connection: close
217575b.com/bbs/6iek.js
43.198.33.164200 OK 482 B IP 43.198.33.164:0
File type HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (327), with CRLF line terminators
Hash 139a57fa9c009ac0eca872db4e389edf
47e06b916f2d3e9ef51e84515e09ffbccd37fd23
cbf5a1e72d8d604e0ffbff4c7caaaf27ec95878de9c462cd3b059706a56d5d38
Analyzer Verdict Alert fortinet Phishing
GET /bbs/6iek.js HTTP/1.1
Host: 217575b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://217575b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Encoding: gzip
ETag: W/"b21b7cf0c8fd91:0"
Content-Type: application/javascript
Last-Modified: Wed, 14 Dec 2022 14:32:48 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/10.0
Date: Wed, 14 Dec 2022 15:09:02 GMT
Content-Length: 482
Connection: close
217575b.com/bbs/ds12m.js
43.198.33.164200 OK 1.1 kB IP 43.198.33.164:0
File type HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (311), with CRLF line terminators
Hash 7be0dac0d83dd1a3a504ab675bab7cd4
137593051d3a99f05fd4bb140f96c05d6a48c414
81fd15619d22b5436c4d71e1dc788ed221bd2b34432bc9f91f3651ff22e6f0a1
Analyzer Verdict Alert fortinet Phishing
GET /bbs/ds12m.js HTTP/1.1
Host: 217575b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://217575b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "02816f0c8fd91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Wed, 14 Dec 2022 14:32:48 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Wed, 14 Dec 2022 15:18:27 GMT
Content-Length: 1110
Connection: close
217575b.com/bbs/ptyx.js
43.198.33.164200 OK 1.0 kB IP 43.198.33.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (1029), with CRLF line terminators
Hash eed48ab2410f37a6b15138af8e7a2668
918aa19cfc7cffe5004796b03c705af21cec7f67
c3638a3a057d0dc47bfdafcfd1f274d0562dc74ebe9ac139f398132083ef7fc0
Analyzer Verdict Alert fortinet Phishing
GET /bbs/ptyx.js HTTP/1.1
Host: 217575b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://217575b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "05547f1c8fd91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Wed, 14 Dec 2022 14:32:50 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Wed, 14 Dec 2022 15:18:58 GMT
Content-Length: 1028
Connection: close
49719c.com/images/290990.gif
43.198.33.164200 OK 16 kB URL HTTP/1.1 49719c.com/images/290990.gif
IP 43.198.33.164:0
File type GIF image data, version 89a, 957 x 178\012- data
Hash 35b22374b4ef34528ae45a2a37371382
4349bbb242dd5aa027a73ebd7d81c086ed3c7fae
8b3a1a2268052bc88ad27af1beca64650904bb4e8119201e888a03cdf2b4e699
GET /images/290990.gif HTTP/1.1
Host: 49719c.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://217575b.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
ETag: "52ae2b487dfd91:0"
Content-Type: image/gif
Last-Modified: Wed, 14 Dec 2022 05:31:14 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/10.0
Date: Wed, 14 Dec 2022 15:12:19 GMT
Content-Length: 16154
Connection: close
217575b.com/bbs/fslx.js
43.198.33.164200 OK 855 B IP 43.198.33.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (319), with CRLF line terminators
Hash 50a03d0d3ebc7fc48572808ac1fa93ce
4fcd7b75f5c02a4800f31a32a4fb3c34ee4e256a
a0230e2dce2f5cf2cd5dd6f33af2cbe23c61ec889fa1913557eb1c3d970ba056
Analyzer Verdict Alert fortinet Phishing
GET /bbs/fslx.js HTTP/1.1
Host: 217575b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://217575b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "80beaef0c8fd91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Wed, 14 Dec 2022 14:32:49 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Wed, 14 Dec 2022 15:11:52 GMT
Content-Length: 855
Connection: close
zerossl.ocsp.sectigo.com/
104.18.32.68200 OK 727 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 104.18.32.68:0
Hash b58c67ba1b8907556216c08a8bfc4040
097ce36631b9f76753b0e82763d2acdfbde780dc
a4b66c6ccd425ef2cd180f96c39bb64f698871e3f62e6e989cbe52bfa9a624d6
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 14 Dec 2022 15:22:26 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Sun, 11 Dec 2022 10:37:56 GMT
Expires: Sun, 18 Dec 2022 10:37:55 GMT
Etag: "097ce36631b9f76753b0e82763d2acdfbde780dc"
Cache-Control: max-age=327928,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7797ef5b0858b4ee-OSL
zerossl.ocsp.sectigo.com/
104.18.32.68200 OK 727 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 104.18.32.68:0
Hash b58c67ba1b8907556216c08a8bfc4040
097ce36631b9f76753b0e82763d2acdfbde780dc
a4b66c6ccd425ef2cd180f96c39bb64f698871e3f62e6e989cbe52bfa9a624d6
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 14 Dec 2022 15:22:26 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Sun, 11 Dec 2022 10:37:56 GMT
Expires: Sun, 18 Dec 2022 10:37:55 GMT
Etag: "097ce36631b9f76753b0e82763d2acdfbde780dc"
Cache-Control: max-age=327928,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7797ef5b1a220b69-OSL
imgs.meizhiban.cn/tp/626969/189393.gif
107.148.135.220200 OK 25 kB URL HTTP/1.1 imgs.meizhiban.cn/tp/626969/189393.gif
IP 107.148.135.220:0
ASN #398823 PEGTECHINC-AP-02
File type GIF image data, version 89a, 800 x 150\012- data
Hash a8cfe4e1c2915dbdf37af0ddba5f5f5c
0c34c7154bc2a296f199bee8513dd85928fd7f72
924f55ebcc27982925f74ca11ce2294891cb89e2b2f8bb88ddefca52d16e6e43
GET /tp/626969/189393.gif HTTP/1.1
Host: imgs.meizhiban.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://217575b.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
ETag: "1bc187d2c130d61:0"
Content-Type: image/gif
Last-Modified: Sat, 23 May 2020 05:20:07 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Wed, 14 Dec 2022 14:51:51 GMT
Content-Length: 25343
Connection: close
imgs.meizhiban.cn/tp/626969/24628.gif
107.148.135.220200 OK 50 kB URL HTTP/1.1 imgs.meizhiban.cn/tp/626969/24628.gif
IP 107.148.135.220:0
ASN #398823 PEGTECHINC-AP-02
File type GIF image data, version 89a, 800 x 150\012- data
Hash 0dd1b461d009cdf0a44835fac820b8a5
c14692c983078ac41873d10fc206f7beb1ee0c66
78f886c7fe627c006b5489ce32e324c8b1613e554be2cdfb92e2245ea7f4771f
GET /tp/626969/24628.gif HTTP/1.1
Host: imgs.meizhiban.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://217575b.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
ETag: "3f3cb4368b44d61:0"
Content-Type: image/gif
Last-Modified: Wed, 17 Jun 2020 09:39:36 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Wed, 14 Dec 2022 14:51:48 GMT
Content-Length: 49986
Connection: close
217575b.com/bbs/amcz.js
43.198.33.164200 OK 1.2 kB IP 43.198.33.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 4438281006b0dba0d3866e49c0509a65
bc1d895442e8be25bb5fb34f833e38d76b9e09da
7cdd10215c91fae4096942052aa9eda29994ccf2fca39ea4e33fc2895dff4d1d
Analyzer Verdict Alert fortinet Phishing
GET /bbs/amcz.js HTTP/1.1
Host: 217575b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://217575b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "02816f0c8fd91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Wed, 14 Dec 2022 14:32:48 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Wed, 14 Dec 2022 14:56:02 GMT
Content-Length: 1183
Connection: close
217575b.com/bbs/yzxj.js
43.198.33.164200 OK 1.6 kB IP 43.198.33.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (717), with CRLF line terminators
Hash 642097223cd4ffa995b3517ada15f6cc
a82e16ec1987698801a7307989856ef5a5c44e8c
fbbe22ec7fa83344fde38c1755cb5a93ec2340a90db1fd0a415531e1ebe87141
Analyzer Verdict Alert fortinet Phishing
GET /bbs/yzxj.js HTTP/1.1
Host: 217575b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://217575b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "05547f1c8fd91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Wed, 14 Dec 2022 14:32:50 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Wed, 14 Dec 2022 15:18:58 GMT
Content-Length: 1594
Connection: close
217575b.com/bbs/ptyw.js
43.198.33.164200 OK 839 B IP 43.198.33.164:0
File type HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 1b21a2e7acc1fc2a8adf85eec6e3e072
003ae2496df67b8129e73e5d39725b00091dd830
2eabb23d4ca786df84f9c3d165a38d8ef8dc05b82c1b222963836a1b0c3df6a0
Analyzer Verdict Alert fortinet Phishing
GET /bbs/ptyw.js HTTP/1.1
Host: 217575b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://217575b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Encoding: gzip
ETag: "319b3ff1c8fd91:0"
Content-Type: application/javascript
Last-Modified: Wed, 14 Dec 2022 14:32:49 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/10.0
Date: Wed, 14 Dec 2022 14:55:48 GMT
Content-Length: 839
Connection: close
217575b.com/bbs/ptszr.js
43.198.33.164200 OK 1.4 kB IP 43.198.33.164:0
File type HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 4fc32e6263b33d9b0cffbc0b83a16623
38b9db9b051b75ca85f7beb19310d121b83c82ad
cb9ba4c0905e094cc835e7df669e1fe2b1d907af634225ea961265a65332dfd4
Analyzer Verdict Alert fortinet Phishing
GET /bbs/ptszr.js HTTP/1.1
Host: 217575b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://217575b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "80beaef0c8fd91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Wed, 14 Dec 2022 14:32:49 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Wed, 14 Dec 2022 14:42:23 GMT
Content-Length: 1436
Connection: close
217575b.com/bbs/yxym.js
43.198.33.164200 OK 2.1 kB IP 43.198.33.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (513), with CRLF line terminators
Hash fd07887bc071aad7f0e8072dbe5d5e6a
aeafc4dd860035859a3bba75fb7a1304cc94ef82
cc8539a3449606723da62d42934caeb2e2645d442d289283c928a3e72578a9bb
Analyzer Verdict Alert fortinet Phishing
GET /bbs/yxym.js HTTP/1.1
Host: 217575b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://217575b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "05547f1c8fd91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Wed, 14 Dec 2022 14:32:50 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Wed, 14 Dec 2022 14:49:16 GMT
Content-Length: 2141
Connection: close
217575b.com/bbs/ampg.js
43.198.33.164200 OK 2.1 kB IP 43.198.33.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 0ba91cdd8b9d58c65c66f8a7647032a9
fe2ecd9c31e8378d51babca43dc36b70b6722dc8
e57e7bb2662f717497b63dfad179c99c3f044caacf4338d92f56c5a9f3a016b3
Analyzer Verdict Alert fortinet Phishing
GET /bbs/ampg.js HTTP/1.1
Host: 217575b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://217575b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "02816f0c8fd91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Wed, 14 Dec 2022 14:32:48 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Wed, 14 Dec 2022 14:55:48 GMT
Content-Length: 2088
Connection: close
217575b.com/bbs/lwzt.js
43.198.33.164200 OK 1.3 kB IP 43.198.33.164:0
File type HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 5fac05041e6fee52eb0db009875a2106
4c70bd424d502a392cd54576d99797e949a88d9a
378bc08df82623391d19c9e9495596f640bd4d56d10bde0da3f213720473df34
Analyzer Verdict Alert fortinet Phishing
GET /bbs/lwzt.js HTTP/1.1
Host: 217575b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://217575b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "80beaef0c8fd91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Wed, 14 Dec 2022 14:32:49 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Wed, 14 Dec 2022 15:18:59 GMT
Content-Length: 1261
Connection: close
217575b.com/bbs/hzjx.js
43.198.33.164200 OK 1.7 kB IP 43.198.33.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (717), with CRLF line terminators
Hash 7a089038dc32b9e69a43fd2193b34dc4
5502b1f9a93058e4ee64ad9582e7159b39c32b28
4d3f4b8d326fdf4f224884af49dccfcf6d4f4f6b9134785c4a5a791322e684b8
Analyzer Verdict Alert fortinet Phishing
GET /bbs/hzjx.js HTTP/1.1
Host: 217575b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://217575b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "80beaef0c8fd91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Wed, 14 Dec 2022 14:32:49 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Wed, 14 Dec 2022 15:10:40 GMT
Content-Length: 1691
Connection: close
js.users.51.la/21506517.js
103.143.19.103200 OK 2.3 kB URL HTTP/1.1 js.users.51.la/21506517.js
IP 103.143.19.103:0
ASN #4837 CHINA UNICOM China169 Backbone
File type ASCII text, with very long lines (4898)
Hash 7405134a15292a613376bf887b3eb443
6cdcd68cd0466455c634f3f87979969e0f04092a
cfa3588cd5c52e3cd0e2e7975c4a150a5f9dc1ba7cf9b5dc4808877dd3568695
GET /21506517.js HTTP/1.1
Host: js.users.51.la
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://217575b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: CloudWAF
Date: Wed, 14 Dec 2022 15:22:27 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: HWWAFSESID=8a2855ad0774656d7e4; path=/
HWWAFSESTIME=1671031343913; path=/
Cache-Control: max-age=360000
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
217575b.com/bbs/jyzt.js
43.198.33.164200 OK 925 B IP 43.198.33.164:0
File type HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 577c3e416e9c1d751896f43dd5f3ccc0
3134950fb35987a55f2db78683b1fc44c32574ae
747578d91edeac7b0197fd62bb6f42d28bd6ebc212323d87941670c899ce558e
Analyzer Verdict Alert fortinet Phishing
GET /bbs/jyzt.js HTTP/1.1
Host: 217575b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://217575b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "80beaef0c8fd91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Wed, 14 Dec 2022 14:32:49 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Wed, 14 Dec 2022 14:48:54 GMT
Content-Length: 925
Connection: close
217575b.com/bbs/jxzt.js
43.198.33.164200 OK 958 B IP 43.198.33.164:0
File type HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 002a6953b83a8e3d9c7169c9cd24a713
baae19e38f1564cbb49588a764361b42c5c0023e
bcae2a84c3ee7965e1e6cce94c7775c7f6414c26376e4c7be80482ffaf70fa40
Analyzer Verdict Alert fortinet Phishing
GET /bbs/jxzt.js HTTP/1.1
Host: 217575b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://217575b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "80beaef0c8fd91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Wed, 14 Dec 2022 14:32:49 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Wed, 14 Dec 2022 15:18:29 GMT
Content-Length: 958
Connection: close
217575b.com/bbs/jssx.js
43.198.33.164200 OK 1.3 kB IP 43.198.33.164:0
File type HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 3a288371ba65ae095617b93da5ab27cb
ffd1b1e5a1d5c2a4d8d081e7c58f527a783032c6
fcdaeac5dd2ddb512e9499c4d8d7ae1869212c63790b7a9e966d3c0c4d577d8c
Analyzer Verdict Alert fortinet Phishing
GET /bbs/jssx.js HTTP/1.1
Host: 217575b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://217575b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "80beaef0c8fd91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Wed, 14 Dec 2022 14:32:49 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Wed, 14 Dec 2022 14:49:17 GMT
Content-Length: 1321
Connection: close
217575b.com/bbs/36mzt.js
43.198.33.164200 OK 1.9 kB IP 43.198.33.164:0
File type HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 196f3fd8d0239dc2777ee44295733796
b808605279c1e95ec413c8737bfd85604bdbab35
2c50dccbdbdfe74358451768b4a9b921339114507610c09f89efa704923b6aa8
Analyzer Verdict Alert fortinet Phishing
GET /bbs/36mzt.js HTTP/1.1
Host: 217575b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://217575b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: W/"02816f0c8fd91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Wed, 14 Dec 2022 14:32:48 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Wed, 14 Dec 2022 14:44:41 GMT
Content-Length: 1874
Connection: close
217575b.com/js/agzhzl.js
43.198.33.164200 OK 10 kB IP 43.198.33.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 330c2b347304c2ace68aef324be0cd9d
7e09fb0477131c75d518da1620986db04abed191
f31a29fbc8ffd12147991253ac0b80716c9a1c3e8c913c2dfc9c8bce366db8fa
Analyzer Verdict Alert fortinet Phishing
GET /js/agzhzl.js HTTP/1.1
Host: 217575b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://217575b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "809caa2d9236d71:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Wed, 21 Apr 2021 09:39:09 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Wed, 14 Dec 2022 15:22:27 GMT
Content-Length: 10020
Connection: close
217575b.com/js/amyqlj.js
43.198.33.164200 OK 4.3 kB IP 43.198.33.164:0
File type HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash b62b3fd9ac10c18fd357df08a7c93047
9a0a0906e96d79a7df26b6365672d323ea64572c
551faa99d4a36a0bb07fc3d507c2bc29751ac2ecf53fcbcba90297af74e65f74
Analyzer Verdict Alert fortinet Phishing
GET /js/amyqlj.js HTTP/1.1
Host: 217575b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://217575b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "0e146716a72d81:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 28 May 2022 08:10:50 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Wed, 14 Dec 2022 15:05:01 GMT
Content-Length: 4251
Connection: close
217575b.com/bbs/sxsw.js
43.198.33.164200 OK 1.3 kB IP 43.198.33.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (357), with CRLF line terminators
Hash 4ce189971c208415b91dcbe76186d447
af2f4d12a5f3998d54027cdefa26905bd6376d47
87e2c6bb46c4bc2031ab998007323121ef70ea6d639490b441ff8fc82119dd56
Analyzer Verdict Alert fortinet Phishing
GET /bbs/sxsw.js HTTP/1.1
Host: 217575b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://217575b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "05547f1c8fd91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Wed, 14 Dec 2022 14:32:50 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Wed, 14 Dec 2022 15:18:59 GMT
Content-Length: 1327
Connection: close
217575b.com/js/pub.js
43.198.33.164200 OK 342 B IP 43.198.33.164:0
File type Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 5b124a5ee7aa65498cad11c21c40da5b
5fd9edf60f872ca342037669f6ca3be3e9f6c962
83f31b09a7f585b679024b0cace095de7ba9c24a26f6a38e8942ac9cbd854bd7
Analyzer Verdict Alert fortinet Phishing
GET /js/pub.js HTTP/1.1
Host: 217575b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://217575b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Encoding: gzip
ETag: "bd58cf875f42d71:0"
Content-Type: application/javascript
Last-Modified: Thu, 06 May 2021 10:06:49 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/10.0
Date: Wed, 14 Dec 2022 14:07:57 GMT
Content-Length: 342
Connection: close
217575b.com/21087101.js
43.198.33.164200 OK 2.3 kB IP 43.198.33.164:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (4898), with no line terminators
Hash 5026ffd6e6c9dfab39611630f4675f44
fb6847e8e5aafd3e9fd7e5769cb85eb99f9ed06e
460807ee247fe0d107d981ea6c648cf27296165c20641204c5d432a4820013d4
Analyzer Verdict Alert fortinet Phishing
GET /21087101.js HTTP/1.1
Host: 217575b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://217575b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "807fb40fb1bd81:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Mon, 07 Feb 2022 08:16:27 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Wed, 14 Dec 2022 14:10:01 GMT
Content-Length: 2317
Connection: close
217575b.com/21087191.js
43.198.33.164200 OK 2.3 kB IP 43.198.33.164:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (4898), with no line terminators
Hash e1cdc0301ad27d9e31be014b5d81ffe6
10500d22432180c589e600e5b73fce11c076fa58
0354deda17e2659a5690d983c9f2d1e67f2cf585840264c66a0b3583fe5bdc51
Analyzer Verdict Alert fortinet Phishing
GET /21087191.js HTTP/1.1
Host: 217575b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://217575b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "807fb40fb1bd81:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Mon, 07 Feb 2022 08:16:27 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Wed, 14 Dec 2022 14:20:42 GMT
Content-Length: 2317
Connection: close
217575b.com/bbs/js6x.js
43.198.33.164200 OK 1.2 kB IP 43.198.33.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (471), with CRLF line terminators
Hash 430b65b0596daabea39d231799038b02
f11eb0eabe0e601b77f871beaf14d876d5531963
6cad47e915be2a4c0a6e6edb158bb9e6af0ff9ad7cbbe3b007e34b9475e8aecc
Analyzer Verdict Alert fortinet Phishing
GET /bbs/js6x.js HTTP/1.1
Host: 217575b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://217575b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "80beaef0c8fd91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Wed, 14 Dec 2022 14:32:49 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Wed, 14 Dec 2022 15:18:58 GMT
Content-Length: 1240
Connection: close
217575b.com/bbs/xjtmt.js
43.198.33.164200 OK 1.2 kB IP 43.198.33.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash c0c175b58890c438f037815c93445f46
4e393293f7217fb24a6def7dec03177c40b388d2
2c9d83655c30cdb90f49055597a449606d2406e480e5fe8a7a36c9f3e96a42e2
Analyzer Verdict Alert fortinet Phishing
GET /bbs/xjtmt.js HTTP/1.1
Host: 217575b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://217575b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "05547f1c8fd91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Wed, 14 Dec 2022 14:32:50 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Wed, 14 Dec 2022 15:18:58 GMT
Content-Length: 1166
Connection: close
217575b.com/bbs/sbx.js
43.198.33.164200 OK 2.2 kB IP 43.198.33.164:0
File type HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (308), with CRLF line terminators
Hash 4007958ecc830ea2f260685a789593c4
4a790fb4432417275cf41d13ac26d87aad0ea1a9
ef3928fd95a4dac7a1985e5d966620bb57d936a2f01bd052e80336b7e69decbf
Analyzer Verdict Alert fortinet Phishing
GET /bbs/sbx.js HTTP/1.1
Host: 217575b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://217575b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "05547f1c8fd91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Wed, 14 Dec 2022 14:32:50 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Wed, 14 Dec 2022 14:52:18 GMT
Content-Length: 2195
Connection: close
217575b.com/img/amct2.jpg
43.198.33.164200 OK 77 kB URL HTTP/1.1 217575b.com/img/amct2.jpg
IP 43.198.33.164:0
File type JPEG image data, baseline, precision 8, 501x722, components 3\012- data
Hash 489ea9332ce03d4378afd0c4dfae8b69
39834c555e165e7ba483849cb3f961a966a2cbe2
b5fa3028ebbd0edf0f2a5798f1df71509e35daaa108da14cf013aab934be0662
GET /img/amct2.jpg HTTP/1.1
Host: 217575b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://217575b.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "926db8f9d643d61:0"
Content-Type: image/jpeg
Last-Modified: Tue, 16 Jun 2020 12:09:24 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/10.0
Date: Wed, 14 Dec 2022 15:22:28 GMT
Content-Length: 76750
Connection: close
217575b.com/img/toplogo.gif
43.198.33.164200 OK 94 kB URL HTTP/1.1 217575b.com/img/toplogo.gif
IP 43.198.33.164:0
File type GIF image data, version 89a, 688 x 168\012- data
Hash 35988ec51d13356cc585c4dfa190a073
854d8000ed027baae3426471e35bfa5cfcbd17a7
047d26e08ad7a09bb8e3ada0cd166cda11e319053e98fafab0cc986df5692f26
GET /img/toplogo.gif HTTP/1.1
Host: 217575b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://217575b.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "ab5c37806d72d81:0"
Content-Type: image/gif
Last-Modified: Sat, 28 May 2022 08:32:43 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/10.0
Date: Wed, 14 Dec 2022 14:03:35 GMT
Content-Length: 93626
Connection: close