Report - kvy6326.com/

Report Overview

Submitted URL
kvy6326.com/
IP
156.234.168.109
ASN
#131685 Sun Network Hong Kong Limited
Submitted
2022-12-05 20:24:40
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
30

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.4 kB	6.2 kB	23.36.76.226
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	340 B	963 B	104.18.32.68
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.9 kB	34.160.144.191
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	54.71.202.2
www.kvy6326.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	11 kB	35 kB	156.234.168.109
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.8 kB	64 kB	34.120.237.76
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	686 B	1.4 kB	216.58.211.3
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
www.googletagmanager.com	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	384 B	44 kB	142.250.74.168
c349b2front.jt1216.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	15 kB	263 kB	180.127.43.61
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	682 B	1.6 kB	93.184.220.29
kvy6326.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	343 B	164 B	156.234.168.109
www.google-analytics.com	40	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.2 kB	21 kB	142.250.74.110

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-12-05	medium	kvy6326.com/	Phishing
2022-12-05	medium	www.kvy6326.com/	Phishing
2022-12-05	medium	www.kvy6326.com/init.js	Phishing
2022-12-05	medium	www.kvy6326.com/_glaxy_c349b2_/_extra_/api/app/getIp	Phishing
2022-12-05	medium	www.kvy6326.com/_glaxy_c349b2_/webToken	Phishing
2022-12-05	medium	www.kvy6326.com/_glaxy_c349b2_/_extra_/api/signIn/haveEverdaySign	Phishing
2022-12-05	medium	www.kvy6326.com/_glaxy_c349b2_/webToken	Phishing
2022-12-05	medium	www.kvy6326.com/_glaxy_c349b2_/webToken	Phishing
2022-12-05	medium	www.kvy6326.com/_glaxy_c349b2_/areaLimitV2	Phishing
2022-12-05	medium	www.kvy6326.com/_glaxy_c349b2_/_extra_/api/app/indexBanner	Phishing
2022-12-05	medium	www.kvy6326.com/_glaxy_c349b2_/_extra_/api/app/getPTNewDomains	Phishing
2022-12-05	medium	www.kvy6326.com/_glaxy_c349b2_/game/queryGames	Phishing
2022-12-05	medium	www.kvy6326.com/_glaxy_c349b2_/_extra_/api/app/getOnlineNumAGQJ	Phishing
2022-12-05	medium	www.kvy6326.com/_glaxy_c349b2_/_extra_/api/app/baccarat/getAllRank	Phishing
2022-12-05	medium	www.kvy6326.com/_glaxy_c349b2_/customer/preCreateAccount	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (14)

	URL	Size	First Seen	Last Seen
	c349b2front.jt1216.com/cdn/c349b2FW/static/js/Home.0838ae3d.js	46 kB	2023-03-07	2023-04-14
Pretty URL c349b2front.jt1216.com/cdn/c349b2FW/static/js/Home.0838ae3d.js IP 180.127.43.61 ASN #4134 Chinanet Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:04:32 Last Seen2023-04-14 22:58:27 Times Seen5 Hash 2249d84eec553e222531a54cdfb5d0ca d99f088bded6c64524eef0ed9ffa2979d8fb11ff 7defd79dbe53eb99229753966fabe6657542de391f9d44aa44c1e764273efe20 Loading...

	www.kvy6326.com/	255 B	2023-03-07	2023-03-26
Pretty URL www.kvy6326.com/ IP 156.234.168.109 ASN #131685 Sun Network Hong Kong Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:39:47 Last Seen2023-03-26 04:51:02 Times Seen6 Hash 3aef7c695e9f9e7a155d620fba1f3c88 c6d531ed63370ce63d598a751b57fca93436c63b e3c5aeceb03e3456cc23dbf0bb869e8f42c51fe956cdbcb2856b08afad49ac8b Loading...

	www.kvy6326.com/	367 B	2023-03-08	2023-03-11
Pretty URL www.kvy6326.com/ IP 156.234.168.109 ASN #131685 Sun Network Hong Kong Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:58:20 Last Seen2023-03-11 23:31:18 Times Seen1 Hash ec4025944a56078a3d02b7ab7a0c16b3 dc391f3267bd410cd97cba53ae6da85ed1cd28f3 994386aac85b7a66b6c281e11ac59eb04c078855cdbcced372b682eef280dce1 Loading...

	c349b2front.jt1216.com/cdn/c349b2FW/behavior/behavior.js	13 kB	2023-03-07	2023-08-30
Pretty URL c349b2front.jt1216.com/cdn/c349b2FW/behavior/behavior.js IP 180.127.43.61 ASN #4134 Chinanet Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:39:47 Last Seen2023-08-30 01:52:25 Times Seen62 Hash 554bfa08304c0d1614f53816d86ced48 eb597b4e22aa0df7fbfc0589d170a87faf3fc89b a2d970933a14441aba2bf69fe96b819db12244b25bd02c88f0f5f39bb89de965 Loading...

	www.google-analytics.com/analytics.js	50 kB	2023-03-08	2024-04-26
Pretty URL www.google-analytics.com/analytics.js IP 142.250.74.110 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 05:22:31 Last Seen2024-04-26 05:50:27 Times Seen1534 Hash fda30e8a22c9bcd954fd8d0fadd0e77c ae47cd34cbde081a48d7f92fc80aaf06a1381193 b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719 Loading...

	www.kvy6326.com/init.js	4.5 kB	2023-03-07	2023-04-14
Pretty URL www.kvy6326.com/init.js IP 156.234.168.109 ASN #131685 Sun Network Hong Kong Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:39:47 Last Seen2023-04-14 22:58:27 Times Seen10 Hash db0270665342b40b6df87350be292e8e 8820551c1c23ffa4f66b16e7b463ba5467bae185 d244e2ee3822e054132f5d45bcff5415599d529f0c250d2884217d4bd7b771ac Loading...

	www.kvy6326.com/	373 B	2023-03-07	2023-03-26
Pretty URL www.kvy6326.com/ IP 156.234.168.109 ASN #131685 Sun Network Hong Kong Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:39:47 Last Seen2023-03-26 04:51:02 Times Seen6 Hash 00a4a413528d4528e6845a1e6722b752 2950bcedd173994b292693af3ae1ef27abf9fec6 32263c2ee51128f35f329bf0664dab20ebbc41f5b893e47698dd08c7938965e2 Loading...

	www.kvy6326.com/	157 B	2023-03-07	2023-03-26
Pretty URL www.kvy6326.com/ IP 156.234.168.109 ASN #131685 Sun Network Hong Kong Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:39:47 Last Seen2023-03-26 04:51:02 Times Seen6 Hash 9bdb5de2ba4496818d23616532367b82 1f8e7e358acab58aa66b3697f220bbeb94ee0414 9feb2d82f6794ffa42cce669195804cf96faf3bed169cd59dfb4228bbd27e8b4 Loading...

	www.googletagmanager.com/gtag/js?id=UA-124279463-1	112 kB	2023-03-08	2024-02-11
Pretty URL www.googletagmanager.com/gtag/js?id=UA-124279463-1 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 19:48:13 Last Seen2024-02-11 09:33:45 Times Seen1 Hash 80d10f12c8946bb1dd0eea87bbd5a76d f6d6ee094497b4d45a19df2ea867dcd6705d48d5 c9c66adf6fee735183f576724a087e1300f454d247f0d6341b1d913f553c29a9 Loading...

	c349b2front.jt1216.com/cdn/c349b2FW/static/js/app.4e8dcfe5.js	336 kB	2023-03-08	2023-03-11
Pretty URL c349b2front.jt1216.com/cdn/c349b2FW/static/js/app.4e8dcfe5.js IP 180.127.43.61 ASN #4134 Chinanet Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:58:20 Last Seen2023-03-11 23:31:18 Times Seen1 Hash 4b20ad051d6b3374ebab72f0c5d7c005 dc798437cb84ea907044dec5d536b3f7af8f7977 c2115a794b72c26493a0bff316142ceb4447feac5041d954a3868de8751442f7 Loading...

	c349b2front.jt1216.com/cdn/c349b2FW/3s/remove.js?v=20210302	171 B	2023-03-07	2024-04-21
Pretty URL c349b2front.jt1216.com/cdn/c349b2FW/3s/remove.js?v=20210302 IP 180.127.43.61 ASN #4134 Chinanet Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:39:47 Last Seen2024-04-21 23:06:08 Times Seen421 Hash 3f318734a8d8aefebe5f160df1f2f63c 3c2b87d334c76835fbe7144b74de83c9146739e1 03b30094fc8961140dc3ec1a1527337ead8667d9bc2ce6ed3981f1eb5217edf3 Loading...

	www.kvy6326.com/	110 B	2023-03-07	2023-03-26
Pretty URL www.kvy6326.com/ IP 156.234.168.109 ASN #131685 Sun Network Hong Kong Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:39:47 Last Seen2023-03-26 04:51:02 Times Seen6 Hash 8508472a6de23912d470e51ff1990f22 87b05a5c8101a07948db900321b300c194a2643f 9b3d1d04517bfe6ec8f933a42730d6f0c0a4175b102c4efcdd8e02007292ae67 Loading...

	www.kvy6326.com/saconfig/secure/yunwei.js?0.8799586990439007	530 B	2023-03-08	2023-03-11
Pretty URL www.kvy6326.com/saconfig/secure/yunwei.js?0.8799586990439007 IP 156.234.168.109 ASN #131685 Sun Network Hong Kong Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:58:20 Last Seen2023-03-11 23:31:18 Times Seen1 Hash 7903e966d30b916b05975a287b861599 3519f46c115baee4994a1385b6303769608ec33b efa06a60cf4850b54eea6487094240b2437ac2170be5f557fa622faa57fb0175 Loading...

		Size	First Seen	Last Seen
	#1 Write - 07b59f54d875c0a3dc6a256dfb61a021	92 B	2023-03-08	2024-02-11
Pretty Observations First Seen2023-03-08 19:48:13 Last Seen2024-02-11 09:33:45 Times Seen1 Hash 07b59f54d875c0a3dc6a256dfb61a021 3da00fbc0520d735e487cc921a3a68b5e6deaf4d c818284a162ce876aafaf088a2fc9b4555c58c13ec149f6ff111d2caba2867bf Loading...

HTTP Transactions (77)

URL IP Response Size

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
cfec3d7283a9b66d2be426ce54d210f3
808c1feb1ba918951d1928c1f6bfc0c253262774
1bad6c06aa3e88dcbc125fc98a6cb753eb2b18d2c8dd61da21d12209aeeda3f9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1BAD6C06AA3E88DCBC125FC98A6CB753EB2B18D2C8DD61DA21D12209AEEDA3F9"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10618
Expires: Mon, 05 Dec 2022 23:21:24 GMT
Date: Mon, 05 Dec 2022 20:24:26 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
ee088fab9b287e174cfd1f2c735a909f
25c3335b514a36ad1a24d00413d60c3d394f5161
494e96358ff12366213d7cc0f9197648c6c62ec14fa0d2c78732a683fa26b192

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1349
Cache-Control: max-age=138562
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 20:24:26 GMT
Etag: "638dc877-1d7"
Expires: Wed, 07 Dec 2022 10:53:48 GMT
Last-Modified: Mon, 05 Dec 2022 10:31:19 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1ea206ac3c440825741687351f8c6e4e
2f38dafd8c43dcce2411a0590bc5c02cd6286735
7d7232c8c91bcd18161ba2c9d23e3bff159604e058bd5b3fc1c7fcbcd03a7ee3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6973
Expires: Mon, 05 Dec 2022 22:20:39 GMT
Date: Mon, 05 Dec 2022 20:24:26 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 05 Dec 2022 20:20:19 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 247
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: bZlwbmwXuccBNDSMJgv5wGlbl+7LPeO/nLUcXRBdHPUUb0G4O7vk8TMZv0X1bvOKANZk30GGMj2Kz2+/l1Cdkw==
x-amz-request-id: 3YW9K12E7YVT9DXA
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 05 Dec 2022 19:46:48 GMT
age: 2258
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 20:24:26 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

kvy6326.com/

156.234.168.109

301 Moved Permanently

0 B

URL HTTP/1.1
kvy6326.com/
IP
156.234.168.109:0
ASN
#131685 Sun Network Hong Kong Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET / HTTP/1.1
Host: kvy6326.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Content-Length: 0
Connection: Keep-Alive
X-NoCache: this
Date: Mon, 05 Dec 2022 16:55:19 GMT
Location: http://www.kvy6326.com/

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 05 Dec 2022 20:11:19 GMT
cache-control: public,max-age=3600
age: 788
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
2b9d6a686aa3c4ea24568425e43a5221
d53bb4c9579bd1db78a0520619e888aec79f750f
c38734a8dbe51217d73896c0bf7f5c38c107fd79e0dee24b717f130377e9b5f7

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1334
Cache-Control: max-age=133479
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 20:24:27 GMT
Etag: "638db4ac-1d7"
Expires: Wed, 07 Dec 2022 09:29:06 GMT
Last-Modified: Mon, 05 Dec 2022 09:06:52 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

54.71.202.2

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.71.202.2:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: +2w1vjQKp0QE3z7J2SS+BQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: EdXJF7D8r89VEOONtCtTsmPVV+Q=

www.kvy6326.com/

156.234.168.109

200 OK

1.6 kB

URL HTTP/1.1
www.kvy6326.com/
IP
156.234.168.109:0
ASN
#131685 Sun Network Hong Kong Limited

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (3592), with no line terminators
Size
1.6 kB (1589 bytes)
Hash
4d485a25ddc34ef34621e8d7a97cafed
6715100e6d1d2b2a957531860d8f5241fb538202
9ad9b9d3a1aad5150a0b9aebeb88e73eaf09223b93be47bf82144156279c9896

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET / HTTP/1.1
Host: www.kvy6326.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Server: openresty
Date: Mon, 05 Dec 2022 20:24:28 GMT
Content-Type: text/html
Last-Modified: Tue, 29 Nov 2022 03:34:02 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63857daa-e3e"
Timing-Allow-Origin: *
Access-Control-Allow-Origin: *
Content-Encoding: gzip
X-Cache: MISS

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10485
Expires: Mon, 05 Dec 2022 23:19:13 GMT
Date: Mon, 05 Dec 2022 20:24:28 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10485
Expires: Mon, 05 Dec 2022 23:19:13 GMT
Date: Mon, 05 Dec 2022 20:24:28 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10485
Expires: Mon, 05 Dec 2022 23:19:13 GMT
Date: Mon, 05 Dec 2022 20:24:28 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10485
Expires: Mon, 05 Dec 2022 23:19:13 GMT
Date: Mon, 05 Dec 2022 20:24:28 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg

34.120.237.76

200 OK

8.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.3 kB (8315 bytes)
Hash
db1701b7b9d161a0c935bb6e10b17893
22a8c4bd58c729c1abcf794466e8f3231dfb034b
b495524a33e5b1d3ba34cfbe867ada0da956c061370b1fcde06b23a6194a9787

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8315
x-amzn-requestid: f1bcc33b-aad9-4d3b-b1f9-49282f2d4fb9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clsAMGVboAMFfxg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc067-13472a097177d4751c8f7a8c;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:23 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: JuY0xcLDiERwrVhq33d4PP64liDqFfk9bc9xX1H62o0tOwrt1ek7Pg==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 21:42:39 GMT
age: 81709
etag: "22a8c4bd58c729c1abcf794466e8f3231dfb034b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.7 kB (5681 bytes)
Hash
43309032a892c486f9985ef520df696e
36f4682ca6a33ff80ee02129c77e6f27e996ede0
24225ff504f30405d9ec3feb2555c738fcca0d6b265f285aa9c73a64c78a496e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5681
x-amzn-requestid: 8f0d66b8-d532-48d9-9a29-74540cd6ab3a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cltXnEotIAMFqkA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc296-27349a376ff819ab63b04a81;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:41:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Uz-wJTZjej3sjP-O68BQ4hB_kkAecG0o7GkeZUan90ZgV87g0Cg_ZA==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 3cd7af07832481c336aa1c93c9b4a6fe.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 21:49:44 GMT
age: 81284
etag: "36f4682ca6a33ff80ee02129c77e6f27e996ede0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa99f7bcf-386e-4655-b6f0-99abdf67f097.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.5 kB (8469 bytes)
Hash
2f60a6490f38a772dcd50a1132e98e1b
ff254a1df087d2c157d88a6ef04e395dc49efe5e
653e40becd103cd76cc2f194a87e933e8c548d346f87520fefca3b16430fc4ab

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa99f7bcf-386e-4655-b6f0-99abdf67f097.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8469
x-amzn-requestid: c17eff92-da62-4f0f-9e75-2741012ec43a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: co_sqFSjoAMFQ6w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d131d-61d61d2f0bb01ecb21b809ea;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 21:37:33 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: kf_hcK2d2YFhladZn1S4cyGq7vLTSKdWgPUTNT0M9LwHXuOV-nlgGw==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 21:52:07 GMT
age: 81141
etag: "ff254a1df087d2c157d88a6ef04e395dc49efe5e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60dcc231-abb7-48f1-8ec5-e25b31bd100b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10396 bytes)
Hash
24c69d7ef356b352956d6dcbc9f5df1d
2cc31dc1c5d2d2a8b3a378dce8a1240a79acfec9
94d068620c34652cb2d24ca8b3cf962febe9606e6d3a33d937fc9d99f176edef

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60dcc231-abb7-48f1-8ec5-e25b31bd100b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10396
x-amzn-requestid: b879fd2e-b6cf-4373-b780-2d97481c45f8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cioNbH5KoAMFUsA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638a8722-6add7f8e225878473b20c015;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 23:15:46 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ir97GJKaFoW6BNXCcmMqp0JSUd5JhCACyUvLh5G-0BWCDVJsqs7XhQ==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 11:06:22 GMT
age: 33486
etag: "2cc31dc1c5d2d2a8b3a378dce8a1240a79acfec9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3af2e495-85ff-410f-8418-e683c7f84bcd.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.7 kB (7728 bytes)
Hash
027480c06cd67621f373c6765dafee4d
9f80bb7ca6f699d88eaec2248dec508c589fe994
f69a0d6bd6e79d8fa7f2f15df11237c0a8b04d45af3cd5870eeef86d18f553bf

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3af2e495-85ff-410f-8418-e683c7f84bcd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7728
x-amzn-requestid: 9f37e7a6-1f00-4a81-9b14-962fd0b6cdf4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clsAMEJxoAMFchQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc067-4a4cce217327b44525ea1e98;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:23 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ztC4S0WeA3ft_9JafrL6fInXo4jwkb0cTWUx4Z8L2uz3EWQS-d6F5A==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 22:09:54 GMT
age: 80074
etag: "9f80bb7ca6f699d88eaec2248dec508c589fe994"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.7 kB (4666 bytes)
Hash
c01fe1cccdb3b672bbade6d98217ffe9
a9a529dc9894827f6243a1bf57f81caa4fe88fc2
c43da6212c79a08e22e78e04e99e8f5422e64b4b0a87f30b7907f1b4bc675c71

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4666
x-amzn-requestid: 850d341f-5ccb-453c-8adf-a8194f8fbdad
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clr_-GiboAMFwww=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc066-766293f2526e637235067aca;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:22 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: kmki-SBINSx1kbiIkaSGebdCLrnDeHVhYeotAWzE__CevkNDdfzRGg==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 21:44:05 GMT
age: 81623
etag: "a9a529dc9894827f6243a1bf57f81caa4fe88fc2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
5f16a534222e5749ef240d413826c2f6
11683d84d420dd6f919425094edb8961278f7fed
691ebf7feb1f7d6ae7e5e7efd678626c62042dda520506f262c7d9a67a48e3ed

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 20:24:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtag/js?id=UA-124279463-1

142.250.74.168

200 OK

44 kB

URL HTTP/2
www.googletagmanager.com/gtag/js?id=UA-124279463-1
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1921)
Size
44 kB (43631 bytes)
Hash
ff7900da685f34cf5636a201e564e083
7ba1b9c18c65f0dc36406a420d19f8b2357ad744
420dc019eb0f1a2fcec910d1fbdf8ac97b9418d3669ffa09e9281d146ee032d6

HTTP Headers

GET /gtag/js?id=UA-124279463-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.kvy6326.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 05 Dec 2022 20:24:28 GMT
expires: Mon, 05 Dec 2022 20:24:28 GMT
cache-control: private, max-age=900
last-modified: Mon, 05 Dec 2022 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43631
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
5f16a534222e5749ef240d413826c2f6
11683d84d420dd6f919425094edb8961278f7fed
691ebf7feb1f7d6ae7e5e7efd678626c62042dda520506f262c7d9a67a48e3ed

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 20:24:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.kvy6326.com/init.js

156.234.168.109

200 OK

1.8 kB

URL HTTP/1.1
www.kvy6326.com/init.js
IP
156.234.168.109:0
ASN
#131685 Sun Network Hong Kong Limited

File type
Unicode text, UTF-8 text
Size
1.8 kB (1757 bytes)
Hash
fb6a45cd74e38ccb40e24520e281e7e9
2dee9fc64d2c707281493367e78aecb993fb36c8
c9e4181b27c065bca29139bdb5a65fd4d612efa3e1650558dfc9677ef993f361

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /init.js HTTP/1.1
Host: www.kvy6326.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.kvy6326.com/

HTTP/1.1 200 OK
Server: openresty
Date: Tue, 29 Nov 2022 02:26:18 GMT
Content-Type: application/javascript
Last-Modified: Wed, 27 Jul 2022 06:11:54 GMT
ETag: "62e0d72a-117b"
Timing-Allow-Origin: *
Access-Control-Allow-Origin: *
Content-Length: 1757
Content-Encoding: gzip
Vary: Accept-Encoding
Connection: keep-alive
X-Cache: HIT

www.kvy6326.com/saconfig/secure/yunwei.js?0.8799586990439007

156.234.168.109

200 OK

530 B

URL HTTP/1.1
www.kvy6326.com/saconfig/secure/yunwei.js?0.8799586990439007
IP
156.234.168.109:0
ASN
#131685 Sun Network Hong Kong Limited

File type
Unicode text, UTF-8 text
Size
530 B (530 bytes)
Hash
7903e966d30b916b05975a287b861599
3519f46c115baee4994a1385b6303769608ec33b
efa06a60cf4850b54eea6487094240b2437ac2170be5f557fa622faa57fb0175

HTTP Headers

GET /saconfig/secure/yunwei.js?0.8799586990439007 HTTP/1.1
Host: www.kvy6326.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.kvy6326.com/

HTTP/1.1 200 OK
Server: openresty
Date: Mon, 05 Dec 2022 20:24:28 GMT
Content-Type: application/javascript
Content-Length: 530
Last-Modified: Fri, 18 Nov 2022 08:20:36 GMT
Connection: keep-alive
ETag: "63774054-212"
Timing-Allow-Origin: *
Access-Control-Allow-Origin: *
X-Cache: MISS

www.google-analytics.com/analytics.js

142.250.74.110

200 OK

20 kB

URL HTTP/2
www.google-analytics.com/analytics.js
IP
142.250.74.110:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1325)
Size
20 kB (20039 bytes)
Hash
47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e

HTTP Headers

GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.kvy6326.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Mon, 05 Dec 2022 18:41:08 GMT
expires: Mon, 05 Dec 2022 20:41:08 GMT
cache-control: public, max-age=7200
age: 6201
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google-analytics.com/j/collect?v=1&_v=j98&a=733425585&t=pageview&_s=1&dl=http%3A%2F%2Fwww.kvy6326.com%2F&ul=en-us&de=UTF-8&dt=%E6%81%92%E5%B3%B0%E5%A8%B1%E4%B9%90-%E6%AF%8F%E5%A4%A9%E6%9C%89%E6%83%8A%E5%96%9C%EF%BC%8C%E4%BF%A1%E8%AA%89%E9%A6%96%E9%80%89&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAUABAAAAACAAI~&jid=1941691038&gjid=902586126&cid=849085480.1670271867&tid=UA-124279463-1&_gid=1955231571.1670271867&_r=1&gtm=2oubu0&z=1207939984

142.250.74.110

200 OK

1 B

URL HTTP/2
www.google-analytics.com/j/collect?v=1&_v=j98&a=733425585&t=pageview&_s=1&dl=http%3A%2F%2Fwww.kvy6326.com%2F&ul=en-us&de=UTF-8&dt=%E6%81%92%E5%B3%B0%E5%A8%B1%E4%B9%90-%E6%AF%8F%E5%A4%A9%E6%9C%89%E6%83%8A%E5%96%9C%EF%BC%8C%E4%BF%A1%E8%AA%89%E9%A6%96%E9%80%89&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAUABAAAAACAAI~&jid=1941691038&gjid=902586126&cid=849085480.1670271867&tid=UA-124279463-1&_gid=1955231571.1670271867&_r=1&gtm=2oubu0&z=1207939984
IP
142.250.74.110:0
ASN
#15169 GOOGLE

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

HTTP Headers

POST /j/collect?v=1&_v=j98&a=733425585&t=pageview&_s=1&dl=http%3A%2F%2Fwww.kvy6326.com%2F&ul=en-us&de=UTF-8&dt=%E6%81%92%E5%B3%B0%E5%A8%B1%E4%B9%90-%E6%AF%8F%E5%A4%A9%E6%9C%89%E6%83%8A%E5%96%9C%EF%BC%8C%E4%BF%A1%E8%AA%89%E9%A6%96%E9%80%89&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAUABAAAAACAAI~&jid=1941691038&gjid=902586126&cid=849085480.1670271867&tid=UA-124279463-1&_gid=1955231571.1670271867&_r=1&gtm=2oubu0&z=1207939984 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: http://www.kvy6326.com
Connection: keep-alive
Referer: http://www.kvy6326.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: http://www.kvy6326.com
date: Mon, 05 Dec 2022 20:24:29 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.kvy6326.com/favicon.ico

156.234.168.109

200 OK

4.7 kB

URL HTTP/1.1
www.kvy6326.com/favicon.ico
IP
156.234.168.109:0
ASN
#131685 Sun Network Hong Kong Limited

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size
4.7 kB (4675 bytes)
Hash
7d09949f6382ed26fd278e6163b5c1c5
8c9e900f13af89bf9cf1d212b73e865230dfefb2
544f33e9d1b1d1888f17589a51d532a8cba3bec59c3c638962102669d89dde91

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.kvy6326.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.kvy6326.com/

HTTP/1.1 200 OK
Server: openresty
Date: Mon, 05 Dec 2022 18:53:05 GMT
Content-Type: image/x-icon
Content-Length: 4675
Last-Modified: Thu, 23 Sep 2021 05:18:36 GMT
ETag: "614c0e2c-1243"
Timing-Allow-Origin: *
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Connection: keep-alive
X-Cache: HIT

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a4ac4ef56f606b97a3b9a97abe6635ae
e43a114bef6b2357c83d8e288a475dcefab70f25
837d706e47e61aaa5b438a0540a387fc57054ba9f6d3491f5a7fd04711240e70

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "837D706E47E61AAA5B438A0540A387FC57054BA9F6D3491F5A7FD04711240E70"
Last-Modified: Sat, 03 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1450
Expires: Mon, 05 Dec 2022 20:48:40 GMT
Date: Mon, 05 Dec 2022 20:24:30 GMT
Connection: keep-alive

ocsp.sectigo.com/

104.18.32.68

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
6ee14755b635459296d538222a81e668
e2be5109c428f7718bab68d620423c9f4f5d5814
53da2978ebf31021c360665f08134d9571106856737d55b0685510da63f50dbe

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 05 Dec 2022 20:24:30 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 05 Dec 2022 20:08:29 GMT
Expires: Mon, 12 Dec 2022 20:08:28 GMT
Etag: "e2be5109c428f7718bab68d620423c9f4f5d5814"
Cache-Control: max-age=603237,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 774f8174d90fb4e8-OSL

c349b2front.jt1216.com/cdn/c349b2FW/3s/remove.js?v=20210302

180.127.43.61

200 OK

171 B

URL HTTP/2
c349b2front.jt1216.com/cdn/c349b2FW/3s/remove.js?v=20210302
IP
180.127.43.61:0
ASN
#4134 Chinanet

File type
ASCII text
Size
171 B (171 bytes)
Hash
3f318734a8d8aefebe5f160df1f2f63c
3c2b87d334c76835fbe7144b74de83c9146739e1
03b30094fc8961140dc3ec1a1527337ead8667d9bc2ce6ed3981f1eb5217edf3

HTTP Headers

GET /cdn/c349b2FW/3s/remove.js?v=20210302 HTTP/1.1
Host: c349b2front.jt1216.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.kvy6326.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
content-length: 171
date: Mon, 05 Dec 2022 20:22:43 GMT
server: nginx
last-modified: Tue, 29 Nov 2022 02:38:53 GMT
etag: "638570bd-ab"
access-control-allow-origin: *
accept-ranges: bytes
x-cc-via: 10_dx-jiangsu-lianyungang-5-cache-4[H,1]
X-Firefox-Spdy: h2

www.kvy6326.com/_glaxy_c349b2_/_extra_/api/app/getIp

156.234.168.109

200 OK

90 B

URL HTTP/1.1
www.kvy6326.com/_glaxy_c349b2_/_extra_/api/app/getIp
IP
156.234.168.109:0
ASN
#131685 Sun Network Hong Kong Limited

File type
JSON data\012- , Unicode text, UTF-8 text, with no line terminators
Size
90 B (90 bytes)
Hash
51ae0a863a76a98819c941abfb77faaa
c95bb40f77825a33d63e4559ded4237992d219dd
52cdaa087d34be6d111513fccadd1b133728dc2701b861a998223317f5fb0cee

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

POST /_glaxy_c349b2_/_extra_/api/app/getIp HTTP/1.1
Host: www.kvy6326.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
AppId: gvfKHSZqKIMDMPHG8fP0Fp6SZsjrEh7s
Qid: 4751b59f0a5a65e116974cc1e6106d0c
v: 1.0.0
srcAppId: gvfKHSZqKIMDMPHG8fP0Fp6SZsjrEh7s
ipaddress: null
Sign: 9cf8f9768c3077f412c664520f39a8d1
Content-Length: 70
Origin: http://www.kvy6326.com
Connection: keep-alive
Referer: http://www.kvy6326.com/
Cookie: _ga=GA1.2.849085480.1670271867; _gid=GA1.2.1955231571.1670271867; _gat_gtag_UA_124279463_1=1

HTTP/1.1 200 OK
Server: openresty
Date: Mon, 05 Dec 2022 20:24:33 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP
Cache-Control: private, must-revalidate
pragma: no-cache
expires: -1
X-RateLimit-Limit: 2000
X-RateLimit-Remaining: 1992
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, PATCH, DELETE
Access-Control-Allow-Headers: Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Authorization , Access-Control-Request-Headers, X-CSRF-TOKEN
Access-Control-Expose-Headers: Authorization, authenticated
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: *
Access-Control-Allow-Origin: *, *
X-Cache: MISS

www.kvy6326.com/_glaxy_c349b2_/webToken

156.234.168.109

200

379 B

URL HTTP/1.1
www.kvy6326.com/_glaxy_c349b2_/webToken
IP
156.234.168.109:0
ASN
#131685 Sun Network Hong Kong Limited

File type
JSON data\012- , Unicode text, UTF-8 text, with very long lines (371), with no line terminators
Size
379 B (379 bytes)
Hash
c9356a13c4d245404e7047676055cd14
0af12ee5cba87bee38717937126400751f4dc0f6
4977b10da1270e4817363cd715d49bf2a4f98e66fa6973fc329768d70e664663

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

POST /_glaxy_c349b2_/webToken HTTP/1.1
Host: www.kvy6326.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
AppId: gvfKHSZqKIMDMPHG8fP0Fp6SZsjrEh7s
Qid: bffe5d21df80f2a357f0cd4d6e2a950d
v: 1.0.0
srcAppId: gvfKHSZqKIMDMPHG8fP0Fp6SZsjrEh7s
ipaddress: null
Sign: 43f49b851a237c78d054f7f4742bc9ff
Content-Length: 48
Origin: http://www.kvy6326.com
Connection: keep-alive
Referer: http://www.kvy6326.com/
Cookie: _ga=GA1.2.849085480.1670271867; _gid=GA1.2.1955231571.1670271867; _gat_gtag_UA_124279463_1=1

HTTP/1.1 200 
Server: openresty
Date: Mon, 05 Dec 2022 20:24:33 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: JSESSIONID=B5A24D102413D546EA9F69DB548D2C60; Path=/; HttpOnly
Access-Control-Allow-Headers: *
Access-Control-Allow-Method: *
Access-Control-Allow-Origin: *
X-Cache: MISS

www.kvy6326.com/_glaxy_c349b2_/_extra_/api/signIn/haveEverdaySign

156.234.168.109

200 OK

8.8 kB

URL HTTP/1.1
www.kvy6326.com/_glaxy_c349b2_/_extra_/api/signIn/haveEverdaySign
IP
156.234.168.109:0
ASN
#131685 Sun Network Hong Kong Limited

File type
JSON data\012- , ASCII text, with very long lines (8838), with no line terminators
Size
8.8 kB (8838 bytes)
Hash
2a969e2e3a0bf194bc25377e482933e9
4cd2bb997d3728675396bbb1ed3af6d12b212839
da3894e9bec44cc49bf09cc1d253094e55988d966a9f2a98febe915b6f4b0906

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

POST /_glaxy_c349b2_/_extra_/api/signIn/haveEverdaySign HTTP/1.1
Host: www.kvy6326.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
AppId: gvfKHSZqKIMDMPHG8fP0Fp6SZsjrEh7s
Qid: 8990a1cb0fa5438a7f06d7db1f0daed0
v: 1.0.0
srcAppId: gvfKHSZqKIMDMPHG8fP0Fp6SZsjrEh7s
ipaddress: null
Sign: 3deb4e4cf6cbdd4e16825b7ed5558073
Content-Length: 70
Origin: http://www.kvy6326.com
Connection: keep-alive
Referer: http://www.kvy6326.com/home
Cookie: _ga=GA1.2.849085480.1670271867; _gid=GA1.2.1955231571.1670271867; _gat_gtag_UA_124279463_1=1

HTTP/1.1 200 OK
Server: openresty
Date: Mon, 05 Dec 2022 20:24:34 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP
Cache-Control: private, must-revalidate
X-RateLimit-Limit: 2000
X-RateLimit-Remaining: 1991
pragma: no-cache
expires: -1
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, PATCH, DELETE
Access-Control-Allow-Headers: Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Authorization , Access-Control-Request-Headers, X-CSRF-TOKEN
Access-Control-Expose-Headers: Authorization, authenticated
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: *
Access-Control-Allow-Origin: *, *
X-Cache: MISS

www.kvy6326.com/_glaxy_c349b2_/webToken

156.234.168.109

200

379 B

URL HTTP/1.1
www.kvy6326.com/_glaxy_c349b2_/webToken
IP
156.234.168.109:0
ASN
#131685 Sun Network Hong Kong Limited

File type
JSON data\012- , Unicode text, UTF-8 text, with very long lines (371), with no line terminators
Size
379 B (379 bytes)
Hash
50a4a893964bfe0ca9c12577f51f6975
d8ece87eb038a854b87e54f8f2bc7bc5b0f3d180
46b56a513f50ce33f81d5abd34e88ceb9eea198203d3d14e638a1dd3a03634d1

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

POST /_glaxy_c349b2_/webToken HTTP/1.1
Host: www.kvy6326.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
AppId: gvfKHSZqKIMDMPHG8fP0Fp6SZsjrEh7s
Qid: fa1e24716f3eab837bd7687ff9a7a3c0
v: 1.0.0
srcAppId: gvfKHSZqKIMDMPHG8fP0Fp6SZsjrEh7s
ipaddress: null
Sign: 9730d2fa243368689aa568a7146371e5
Content-Length: 48
Origin: http://www.kvy6326.com
Connection: keep-alive
Referer: http://www.kvy6326.com/home
Cookie: _ga=GA1.2.849085480.1670271867; _gid=GA1.2.1955231571.1670271867; _gat_gtag_UA_124279463_1=1

HTTP/1.1 200 
Server: openresty
Date: Mon, 05 Dec 2022 20:24:34 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: JSESSIONID=E87D694053553850753551489E4F07BD; Path=/; HttpOnly
Access-Control-Allow-Headers: *
Access-Control-Allow-Method: *
Access-Control-Allow-Origin: *
X-Cache: MISS

www.kvy6326.com/_glaxy_c349b2_/webToken

156.234.168.109

200

379 B

URL HTTP/1.1
www.kvy6326.com/_glaxy_c349b2_/webToken
IP
156.234.168.109:0
ASN
#131685 Sun Network Hong Kong Limited

File type
JSON data\012- , Unicode text, UTF-8 text, with very long lines (371), with no line terminators
Size
379 B (379 bytes)
Hash
1c5d29987a4f5210be8af20ca9fb6e49
7de24a10b333bda3109375e8ff6019a4fe5fe8c8
86da4339e0545554a5596d38e253e7f349cbf6cc678f7bd2ecdec4a2651a0276

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

POST /_glaxy_c349b2_/webToken HTTP/1.1
Host: www.kvy6326.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
AppId: gvfKHSZqKIMDMPHG8fP0Fp6SZsjrEh7s
Qid: 87f97071dc5f384330b77d6a5acc9b2d
v: 1.0.0
srcAppId: gvfKHSZqKIMDMPHG8fP0Fp6SZsjrEh7s
ipaddress: null
Sign: 28a24b1f31a40e9ce4033f307a7432e9
Content-Length: 48
Origin: http://www.kvy6326.com
Connection: keep-alive
Referer: http://www.kvy6326.com/home
Cookie: _ga=GA1.2.849085480.1670271867; _gid=GA1.2.1955231571.1670271867; _gat_gtag_UA_124279463_1=1

HTTP/1.1 200 
Server: openresty
Date: Mon, 05 Dec 2022 20:24:34 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: JSESSIONID=4A0C7171848FBC82E4F1454EA9775BEA; Path=/; HttpOnly
Access-Control-Allow-Headers: *
Access-Control-Allow-Method: *
Access-Control-Allow-Origin: *
X-Cache: MISS

c349b2front.jt1216.com/cdn/c349b2FW/static/img/logo.07ed1f20.png

180.127.43.61

200 OK

35 kB

URL HTTP/2
c349b2front.jt1216.com/cdn/c349b2FW/static/img/logo.07ed1f20.png
IP
180.127.43.61:0
ASN
#4134 Chinanet

File type
data
Size
35 kB (34839 bytes)
Hash
7789d378daf7da91e9799364b189794f
6ddfd51e732a02aae07296c96d21a5f8c1f4013c
30231189b059379e44a06403f89d7a96afa1f18b734cbb205d3c9d20bdbafa32

HTTP Headers

GET /cdn/c349b2FW/static/img/logo.07ed1f20.png HTTP/1.1
Host: c349b2front.jt1216.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.kvy6326.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/png
date: Mon, 05 Dec 2022 09:05:04 GMT
server: nginx
last-modified: Tue, 29 Nov 2022 02:38:53 GMT
vary: Accept-Encoding
etag: W/"638570bd-878a"
access-control-allow-origin: *
content-encoding: gzip
x-cc-via: 13_dx-jiangsu-lianyungang-5-cache-4[H,0]
X-Firefox-Spdy: h2

c349b2front.jt1216.com/cdn/c349b2FW/static/img/offer2.aee16349.jpg

180.127.43.61

200 OK

50 kB

URL HTTP/2
c349b2front.jt1216.com/cdn/c349b2FW/static/img/offer2.aee16349.jpg
IP
180.127.43.61:0
ASN
#4134 Chinanet

File type
data
Size
50 kB (50475 bytes)
Hash
abaaeb65e8eb201fa008987954a87705
677d1856b8370142606d3ccc37371c148e40c6cc
238fbe8fa814c75592aa0ee1c8d41f87c84a66fdaa9b40b15e048dac5f264f8a

HTTP Headers

GET /cdn/c349b2FW/static/img/offer2.aee16349.jpg HTTP/1.1
Host: c349b2front.jt1216.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.kvy6326.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
date: Mon, 05 Dec 2022 03:09:41 GMT
server: nginx
last-modified: Tue, 29 Nov 2022 02:38:53 GMT
vary: Accept-Encoding
etag: W/"638570bd-e0eb"
access-control-allow-origin: *
content-encoding: gzip
x-cc-via: 6_dx-jiangsu-lianyungang-5-cache-4[H,0]
X-Firefox-Spdy: h2

www.kvy6326.com/_glaxy_c349b2_/areaLimitV2

156.234.168.109

200

108 B

URL HTTP/1.1
www.kvy6326.com/_glaxy_c349b2_/areaLimitV2
IP
156.234.168.109:0
ASN
#131685 Sun Network Hong Kong Limited

File type
JSON data\012- , Unicode text, UTF-8 text, with no line terminators
Size
108 B (108 bytes)
Hash
7d915e4d5c29047ae8bdb5f9913285a2
a539cdbb05606dc848f401698b90aedcb3f66553
e7400cf77653940e94a119aaa748f8e9b12529465ba27fd806bb5be108986b1a

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

POST /_glaxy_c349b2_/areaLimitV2 HTTP/1.1
Host: www.kvy6326.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
AppId: gvfKHSZqKIMDMPHG8fP0Fp6SZsjrEh7s
Qid: 438e6e2e92393d4b2b164a891806872c
v: 1.0.0
srcAppId: gvfKHSZqKIMDMPHG8fP0Fp6SZsjrEh7s
ipaddress: 91.90.42.154
Sign: 8a11a01b01fe8fc9186f4ca784edbe5c
token: 6sNvgv4wu0KpehdpV7gQ0pLImZ1vwhVpNLrC+N46Frsf8kePTHhKZxfItikUmF1VC1E0X2xHCqyHnZO6jeomOAwPcOkQHvix8Hq7ZenIavLsQv4r+lgMTA==
deviceId: 9e4947f35751465411fd1a4f5c358c78
Content-Length: 48
Origin: http://www.kvy6326.com
Connection: keep-alive
Referer: http://www.kvy6326.com/home
Cookie: _ga=GA1.2.849085480.1670271867; _gid=GA1.2.1955231571.1670271867; _gat_gtag_UA_124279463_1=1; JSESSIONID=4A0C7171848FBC82E4F1454EA9775BEA

HTTP/1.1 200 
Server: openresty
Date: Mon, 05 Dec 2022 20:24:34 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Headers: *
Access-Control-Allow-Method: *
Access-Control-Allow-Origin: *
X-Cache: MISS

www.kvy6326.com/_glaxy_c349b2_/_extra_/api/app/indexBanner

156.234.168.109

200 OK

1.6 kB

URL HTTP/1.1
www.kvy6326.com/_glaxy_c349b2_/_extra_/api/app/indexBanner
IP
156.234.168.109:0
ASN
#131685 Sun Network Hong Kong Limited

File type
JSON data\012- , Unicode text, UTF-8 text, with very long lines (1607), with no line terminators
Size
1.6 kB (1615 bytes)
Hash
4be9fce32d67dfd43fa8aaa95ab6c13e
51206a767bb92d67169d3115bae09930e0415409
d6686e6d546b6d9c7229ffa0ec89e9da0867283b4f0bcdd21e60f686a47e128d

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

POST /_glaxy_c349b2_/_extra_/api/app/indexBanner HTTP/1.1
Host: www.kvy6326.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
AppId: gvfKHSZqKIMDMPHG8fP0Fp6SZsjrEh7s
Qid: cfefeb4133bb75726c066fe4e9cee82d
v: 1.0.0
srcAppId: gvfKHSZqKIMDMPHG8fP0Fp6SZsjrEh7s
ipaddress: 91.90.42.154
Sign: 5f51dc85434b5d1c794029929bf4b34a
token: 6sNvgv4wu0K/SgsXqxVM7afknsY6oiUMtn3LtqMakhGKCsjR/C/SsRfItikUmF1VFCk0eK21awD8Tgkddn/RkJuhJOW9rRMz7y0BVyXzOA2QD6Dok6JluQ==
deviceId: 9e4947f35751465411fd1a4f5c358c78
Content-Length: 82
Origin: http://www.kvy6326.com
Connection: keep-alive
Referer: http://www.kvy6326.com/home
Cookie: _ga=GA1.2.849085480.1670271867; _gid=GA1.2.1955231571.1670271867; _gat_gtag_UA_124279463_1=1; JSESSIONID=4A0C7171848FBC82E4F1454EA9775BEA

HTTP/1.1 200 OK
Server: openresty
Date: Mon, 05 Dec 2022 20:24:34 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP
Cache-Control: private, must-revalidate
pragma: no-cache
expires: -1
X-RateLimit-Limit: 2000
X-RateLimit-Remaining: 1990
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, PATCH, DELETE
Access-Control-Allow-Headers: Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Authorization , Access-Control-Request-Headers, X-CSRF-TOKEN
Access-Control-Expose-Headers: Authorization, authenticated
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: *
Access-Control-Allow-Origin: *, *
X-Cache: MISS

c349b2front.jt1216.com/cdn/c349b2FW/static/img/charge_tutorial.39911fdf.png

180.127.43.61

200 OK

15 kB

URL HTTP/2
c349b2front.jt1216.com/cdn/c349b2FW/static/img/charge_tutorial.39911fdf.png
IP
180.127.43.61:0
ASN
#4134 Chinanet

File type
data
Size
15 kB (15409 bytes)
Hash
d2f40e2f7a78e615f4f0bf99b1af4ba1
30a658c6d5844a48d759a7994d52d2c20b3e77b8
3617fcf3b7c8c4c0750dd7b2a389c9691655da68704a2b63cc28d2e4a7892f69

HTTP Headers

GET /cdn/c349b2FW/static/img/charge_tutorial.39911fdf.png HTTP/1.1
Host: c349b2front.jt1216.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c349b2front.jt1216.com/cdn/c349b2FW/static/css/app.7c0e53df.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/png
date: Mon, 05 Dec 2022 09:05:03 GMT
server: nginx
last-modified: Tue, 29 Nov 2022 02:38:53 GMT
vary: Accept-Encoding
etag: W/"638570bd-3ae9"
access-control-allow-origin: *
content-encoding: gzip
x-cc-via: 10_dx-jiangsu-lianyungang-5-cache-4[H,3]
X-Firefox-Spdy: h2

www.kvy6326.com/_glaxy_c349b2_/_extra_/api/app/getPTNewDomains

156.234.168.109

200 OK

106 B

URL HTTP/1.1
www.kvy6326.com/_glaxy_c349b2_/_extra_/api/app/getPTNewDomains
IP
156.234.168.109:0
ASN
#131685 Sun Network Hong Kong Limited

File type
JSON data\012- , Unicode text, UTF-8 text, with no line terminators
Size
106 B (106 bytes)
Hash
a881adc7f940253005cc914fb3df5ac6
979c8c645bd36ae8f51755d0b4c056266dc58b55
49aaf18a436048acaa25ce23d5a4b2bc597496d31925e9f39ff65ac8d5a9d899

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

POST /_glaxy_c349b2_/_extra_/api/app/getPTNewDomains HTTP/1.1
Host: www.kvy6326.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
AppId: gvfKHSZqKIMDMPHG8fP0Fp6SZsjrEh7s
Qid: a3dc65f9a078022a3a10f3919dc04140
v: 1.0.0
srcAppId: gvfKHSZqKIMDMPHG8fP0Fp6SZsjrEh7s
ipaddress: 91.90.42.154
Sign: 73f68f53b96c924120f9d26bf9ccfd53
token: 6sNvgv4wu0K/SgsXqxVM7afknsY6oiUMtn3LtqMakhGKCsjR/C/SsRfItikUmF1VFCk0eK21awD8Tgkddn/RkJuhJOW9rRMz7y0BVyXzOA2QD6Dok6JluQ==
deviceId: 9e4947f35751465411fd1a4f5c358c78
Content-Length: 70
Origin: http://www.kvy6326.com
Connection: keep-alive
Referer: http://www.kvy6326.com/home
Cookie: _ga=GA1.2.849085480.1670271867; _gid=GA1.2.1955231571.1670271867; _gat_gtag_UA_124279463_1=1; JSESSIONID=4A0C7171848FBC82E4F1454EA9775BEA

HTTP/1.1 200 OK
Server: openresty
Date: Mon, 05 Dec 2022 20:24:34 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP
Cache-Control: private, must-revalidate
pragma: no-cache
expires: -1
X-RateLimit-Limit: 2000
X-RateLimit-Remaining: 1998
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, PATCH, DELETE
Access-Control-Allow-Headers: Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Authorization , Access-Control-Request-Headers, X-CSRF-TOKEN
Access-Control-Expose-Headers: Authorization, authenticated
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: *
Access-Control-Allow-Origin: *, *
X-Cache: MISS

www.kvy6326.com/_glaxy_c349b2_/game/queryGames

156.234.168.109

200

1.8 kB

URL HTTP/1.1
www.kvy6326.com/_glaxy_c349b2_/game/queryGames
IP
156.234.168.109:0
ASN
#131685 Sun Network Hong Kong Limited

File type
JSON data\012- , Unicode text, UTF-8 text, with very long lines (1812), with no line terminators
Size
1.8 kB (1820 bytes)
Hash
b3e5f73f8a2b3aa38e4f0696639282e6
1f593eec19982f0f7d6db1ba86d290561f384d4c
6b2e261c00e2390acc19d83891b03d82bbde59cf2d9f1d9474b0e18b84fc2a87

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

POST /_glaxy_c349b2_/game/queryGames HTTP/1.1
Host: www.kvy6326.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
AppId: gvfKHSZqKIMDMPHG8fP0Fp6SZsjrEh7s
Qid: 8189386b04dce50cc615265a880340f0
v: 1.0.0
srcAppId: gvfKHSZqKIMDMPHG8fP0Fp6SZsjrEh7s
ipaddress: 91.90.42.154
Sign: 87fd8dd87d6aeb394ec617b273c38a63
token: 6sNvgv4wu0K/SgsXqxVM7afknsY6oiUMtn3LtqMakhGKCsjR/C/SsRfItikUmF1VFCk0eK21awD8Tgkddn/RkJuhJOW9rRMz7y0BVyXzOA2QD6Dok6JluQ==
deviceId: 9e4947f35751465411fd1a4f5c358c78
Content-Length: 65
Origin: http://www.kvy6326.com
Connection: keep-alive
Referer: http://www.kvy6326.com/home
Cookie: _ga=GA1.2.849085480.1670271867; _gid=GA1.2.1955231571.1670271867; _gat_gtag_UA_124279463_1=1; JSESSIONID=4A0C7171848FBC82E4F1454EA9775BEA

HTTP/1.1 200 
Server: openresty
Date: Mon, 05 Dec 2022 20:24:34 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Access-Control-Allow-Headers: *
Access-Control-Allow-Method: *
Access-Control-Allow-Origin: *
X-Cache: MISS

c349b2front.jt1216.com/cdn/c349b2FW/_wms/img/_l/_banner/banner-index-32438b377703b94c67fa3ac453ca0f08f.jpg_.webp

180.127.43.61

200 OK

71 kB

URL HTTP/2
c349b2front.jt1216.com/cdn/c349b2FW/_wms/img/_l/_banner/banner-index-32438b377703b94c67fa3ac453ca0f08f.jpg_.webp
IP
180.127.43.61:0
ASN
#4134 Chinanet

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1920x400, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
71 kB (70666 bytes)
Hash
5482ffb8edc0c689b085dc5c4e06bbfa
9d91ecf57dc1aaae89fc45e236559988500cf463
7d9ff193de5c815d7967a89406c743566912b7f172dfb5adb12a277aa7c5dc54

HTTP Headers

GET /cdn/c349b2FW/_wms/img/_l/_banner/banner-index-32438b377703b94c67fa3ac453ca0f08f.jpg_.webp HTTP/1.1
Host: c349b2front.jt1216.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.kvy6326.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/webp
content-length: 70666
date: Mon, 05 Dec 2022 11:06:36 GMT
server: nginx
last-modified: Tue, 12 Apr 2022 07:31:21 GMT
etag: "62552ac9-1140a"
access-control-allow-origin: *
accept-ranges: bytes
x-cc-via: 8_dx-jiangsu-lianyungang-5-cache-4[H,1]
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba66ee21-e2f8-434c-a2b3-004950fdfd58.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11253 bytes)
Hash
557fea28a0a540d2ffdadd828e03de0b
c314368e2e73dabf2c5d856e2c3e1fae610a3005
0fdd195911cdfff46a6dd8ba7b760953e5317fd7ee88abf1e19458518979fdee

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba66ee21-e2f8-434c-a2b3-004950fdfd58.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 11253
x-amzn-requestid: e0561a00-8657-4af0-b24c-08b328282f79
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: co_wKE9coAMFjmQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d1334-2844266d51d5c5672f34ff61;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 21:37:56 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: v2OgP5Rhp06ijoZU2F8vOhLjBfHdBMPa2mOIg6EiYJrgCRbrKgJz2g==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 21:52:07 GMT
age: 81148
etag: "c314368e2e73dabf2c5d856e2c3e1fae610a3005"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

www.kvy6326.com/_glaxy_c349b2_/_extra_/api/app/getOnlineNumAGQJ

156.234.168.109

200 OK

73 B

URL HTTP/1.1
www.kvy6326.com/_glaxy_c349b2_/_extra_/api/app/getOnlineNumAGQJ
IP
156.234.168.109:0
ASN
#131685 Sun Network Hong Kong Limited

File type
JSON data\012- , Unicode text, UTF-8 text, with no line terminators
Size
73 B (73 bytes)
Hash
9247a2da8b48be41e5842c4b04b08e2c
33b60504aab9d1231f922ce9d303514655432e71
4b0b28b04c4fc2cbe2dc6b5b68ad57fa7df7e0ab608e82967dce03365df05be1

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

POST /_glaxy_c349b2_/_extra_/api/app/getOnlineNumAGQJ HTTP/1.1
Host: www.kvy6326.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
AppId: gvfKHSZqKIMDMPHG8fP0Fp6SZsjrEh7s
Qid: 74cfa80624cab8a6d18cd643aa7c447d
v: 1.0.0
srcAppId: gvfKHSZqKIMDMPHG8fP0Fp6SZsjrEh7s
ipaddress: 91.90.42.154
Sign: 9a7d099236585c5779081003f4d3c2d9
token: 6sNvgv4wu0K/SgsXqxVM7afknsY6oiUMtn3LtqMakhGKCsjR/C/SsRfItikUmF1VFCk0eK21awD8Tgkddn/RkJuhJOW9rRMz7y0BVyXzOA2QD6Dok6JluQ==
deviceId: 9e4947f35751465411fd1a4f5c358c78
Content-Length: 70
Origin: http://www.kvy6326.com
Connection: keep-alive
Referer: http://www.kvy6326.com/home
Cookie: _ga=GA1.2.849085480.1670271867; _gid=GA1.2.1955231571.1670271867; _gat_gtag_UA_124279463_1=1; JSESSIONID=4A0C7171848FBC82E4F1454EA9775BEA

HTTP/1.1 200 OK
Server: openresty
Date: Mon, 05 Dec 2022 20:24:35 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP
Cache-Control: private, must-revalidate
pragma: no-cache
expires: -1
X-RateLimit-Limit: 2000
X-RateLimit-Remaining: 1988
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, PATCH, DELETE
Access-Control-Allow-Headers: Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Authorization , Access-Control-Request-Headers, X-CSRF-TOKEN
Access-Control-Expose-Headers: Authorization, authenticated
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: *
Access-Control-Allow-Origin: *, *
X-Cache: MISS

c349b2front.jt1216.com/cdn/c349b2FW/static/img/game3.88cdee07.jpg

180.127.43.61

200 OK

68 kB

URL HTTP/2
c349b2front.jt1216.com/cdn/c349b2FW/static/img/game3.88cdee07.jpg
IP
180.127.43.61:0
ASN
#4134 Chinanet

File type
data
Size
68 kB (68014 bytes)
Hash
63858d834b1e48e9b640ce1dd5aeec06
cddcd9c317e714c97ad3a212520bdb793d5d03a4
b5110947004a0f621249004174d7bd70efb971ebc13431def9c484e45e245eff

HTTP Headers

GET /cdn/c349b2FW/static/img/game3.88cdee07.jpg HTTP/1.1
Host: c349b2front.jt1216.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.kvy6326.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
date: Mon, 05 Dec 2022 03:09:42 GMT
server: nginx
last-modified: Tue, 29 Nov 2022 02:38:53 GMT
vary: Accept-Encoding
etag: W/"638570bd-10237"
access-control-allow-origin: *
content-encoding: gzip
x-cc-via: 13_dx-jiangsu-lianyungang-5-cache-4[H,0]
X-Firefox-Spdy: h2

www.kvy6326.com/_glaxy_c349b2_/_extra_/api/app/baccarat/getAllRank

156.234.168.109

200 OK

4.9 kB

URL HTTP/1.1
www.kvy6326.com/_glaxy_c349b2_/_extra_/api/app/baccarat/getAllRank
IP
156.234.168.109:0
ASN
#131685 Sun Network Hong Kong Limited

File type
JSON data\012- , Unicode text, UTF-8 text, with very long lines (4931), with no line terminators
Size
4.9 kB (4945 bytes)
Hash
ae84fce16d97bbe7bd6e4be4330584c8
0543b8e9074cbeb37eb2320686bab0035eee492d
425c102241d937fa2b6e4fbcba6e453fbf546db731c85396658078398bf855c9

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

POST /_glaxy_c349b2_/_extra_/api/app/baccarat/getAllRank HTTP/1.1
Host: www.kvy6326.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
AppId: gvfKHSZqKIMDMPHG8fP0Fp6SZsjrEh7s
Qid: 8770ab9f15a76a1f66e4fae799255974
v: 1.0.0
srcAppId: gvfKHSZqKIMDMPHG8fP0Fp6SZsjrEh7s
ipaddress: 91.90.42.154
Sign: 19ca001ff9ee0411b1777f459e603f82
token: 6sNvgv4wu0K/SgsXqxVM7afknsY6oiUMtn3LtqMakhGKCsjR/C/SsRfItikUmF1VFCk0eK21awD8Tgkddn/RkJuhJOW9rRMz7y0BVyXzOA2QD6Dok6JluQ==
deviceId: 9e4947f35751465411fd1a4f5c358c78
Content-Length: 70
Origin: http://www.kvy6326.com
Connection: keep-alive
Referer: http://www.kvy6326.com/home
Cookie: _ga=GA1.2.849085480.1670271867; _gid=GA1.2.1955231571.1670271867; _gat_gtag_UA_124279463_1=1; JSESSIONID=4A0C7171848FBC82E4F1454EA9775BEA

HTTP/1.1 200 OK
Server: openresty
Date: Mon, 05 Dec 2022 20:24:35 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP
Cache-Control: private, must-revalidate
pragma: no-cache
expires: -1
X-RateLimit-Limit: 2000
X-RateLimit-Remaining: 1999
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, PATCH, DELETE
Access-Control-Allow-Headers: Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Authorization , Access-Control-Request-Headers, X-CSRF-TOKEN
Access-Control-Expose-Headers: Authorization, authenticated
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: *
Access-Control-Allow-Origin: *, *
X-Cache: MISS

www.kvy6326.com/_glaxy_c349b2_/customer/preCreateAccount

156.234.168.109

200

102 B

URL HTTP/1.1
www.kvy6326.com/_glaxy_c349b2_/customer/preCreateAccount
IP
156.234.168.109:0
ASN
#131685 Sun Network Hong Kong Limited

File type
JSON data\012- , Unicode text, UTF-8 text, with no line terminators
Size
102 B (102 bytes)
Hash
90a7d53727528612ca18b6bd673aff37
5cac508c65bb4ef1b6eb64f9d953df0ca36ba075
b1445a30cd057c2a8552cf730027a6e094839c0d8878000c52f6b22b39e4df6e

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

POST /_glaxy_c349b2_/customer/preCreateAccount HTTP/1.1
Host: www.kvy6326.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
AppId: gvfKHSZqKIMDMPHG8fP0Fp6SZsjrEh7s
Qid: dcf0e5678c9fe1900eae4e6f2d50cd58
v: 1.0.0
srcAppId: gvfKHSZqKIMDMPHG8fP0Fp6SZsjrEh7s
ipaddress: 91.90.42.154
Sign: 40ca95ede0284ec4617b25acf3bafb21
token: 6sNvgv4wu0K/SgsXqxVM7afknsY6oiUMtn3LtqMakhGKCsjR/C/SsRfItikUmF1VFCk0eK21awD8Tgkddn/RkJuhJOW9rRMz7y0BVyXzOA2QD6Dok6JluQ==
deviceId: 9e4947f35751465411fd1a4f5c358c78
Content-Length: 48
Origin: http://www.kvy6326.com
Connection: keep-alive
Referer: http://www.kvy6326.com/home
Cookie: _ga=GA1.2.849085480.1670271867; _gid=GA1.2.1955231571.1670271867; _gat_gtag_UA_124279463_1=1; JSESSIONID=4A0C7171848FBC82E4F1454EA9775BEA

HTTP/1.1 200 
Server: openresty
Date: Mon, 05 Dec 2022 20:24:35 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Headers: *
Access-Control-Allow-Method: *
Access-Control-Allow-Origin: *
X-Cache: MISS

c349b2front.jt1216.com/cdn/c349b2FW/static/img/hezuo.361762e2.jpg

180.127.43.61

200 OK

13 kB

URL HTTP/2
c349b2front.jt1216.com/cdn/c349b2FW/static/img/hezuo.361762e2.jpg
IP
180.127.43.61:0
ASN
#4134 Chinanet

File type
data
Size
13 kB (12675 bytes)
Hash
8d89298ced4b0cbb96c29d20b93f54f5
b46ae52d65f2efad2bb5bcacff9fb9a42c940fae
f2cd626c04f2bd727a2ca5a8317c00486a11e226a9280cda789e9e217aa28b67

HTTP Headers

GET /cdn/c349b2FW/static/img/hezuo.361762e2.jpg HTTP/1.1
Host: c349b2front.jt1216.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c349b2front.jt1216.com/cdn/c349b2FW/static/css/app.7c0e53df.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
date: Mon, 05 Dec 2022 09:05:03 GMT
server: nginx
last-modified: Tue, 29 Nov 2022 02:38:53 GMT
vary: Accept-Encoding
etag: W/"638570bd-326b"
access-control-allow-origin: *
content-encoding: gzip
x-cc-via: 5_dx-jiangsu-lianyungang-5-cache-4[H,3]
X-Firefox-Spdy: h2

c349b2front.jt1216.com/cdn/c349b2FW/static/img/footer_logo.47d005bf.png

180.127.43.61

200 OK

0 B

URL HTTP/2
c349b2front.jt1216.com/cdn/c349b2FW/static/img/footer_logo.47d005bf.png
IP
180.127.43.61:0
ASN
#4134 Chinanet

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /cdn/c349b2FW/static/img/footer_logo.47d005bf.png HTTP/1.1
Host: c349b2front.jt1216.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c349b2front.jt1216.com/cdn/c349b2FW/static/css/app.7c0e53df.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/png
date: Mon, 05 Dec 2022 07:24:20 GMT
server: nginx
last-modified: Tue, 29 Nov 2022 02:38:53 GMT
vary: Accept-Encoding
etag: W/"638570bd-4c95"
access-control-allow-origin: *
content-encoding: gzip
x-cc-via: 8_dx-jiangsu-lianyungang-5-cache-4[H,3]
X-Firefox-Spdy: h2

c349b2front.jt1216.com/cdn/c349b2FW/cdn_test.jpg?1670271866132

180.127.43.61

200 OK

0 B

URL HTTP/2
c349b2front.jt1216.com/cdn/c349b2FW/cdn_test.jpg?1670271866132
IP
180.127.43.61:0
ASN
#4134 Chinanet

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /cdn/c349b2FW/cdn_test.jpg?1670271866132 HTTP/1.1
Host: c349b2front.jt1216.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.kvy6326.com
Connection: keep-alive
Referer: http://www.kvy6326.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: image/jpeg
date: Mon, 05 Dec 2022 20:24:30 GMT
server: nginx
last-modified: Tue, 29 Nov 2022 02:38:53 GMT
vary: Accept-Encoding
etag: W/"638570bd-c6d7"
access-control-allow-origin: *
content-encoding: gzip
x-cc-via: 117_HK-xianggang-xianggang-4-cache-2[M,7],72_HK-xianggang-xianggang-29-cache-1[M,12],15_dx-jiangsu-lianyungang-5-cache-4[M,51]
X-Firefox-Spdy: h2

c349b2front.jt1216.com/cdn/c349b2FW/static/css/chunk-vendors.97ef3fde.css

180.127.43.61

200 OK

0 B

URL HTTP/2
c349b2front.jt1216.com/cdn/c349b2FW/static/css/chunk-vendors.97ef3fde.css
IP
180.127.43.61:0
ASN
#4134 Chinanet

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /cdn/c349b2FW/static/css/chunk-vendors.97ef3fde.css HTTP/1.1
Host: c349b2front.jt1216.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.kvy6326.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css
date: Mon, 05 Dec 2022 20:22:42 GMT
server: nginx
last-modified: Tue, 29 Nov 2022 02:38:53 GMT
vary: Accept-Encoding
etag: W/"638570bd-132ec"
access-control-allow-origin: *
content-encoding: gzip
x-cc-via: 5_dx-jiangsu-lianyungang-5-cache-4[H,0]
X-Firefox-Spdy: h2

c349b2front.jt1216.com/cdn/c349b2FW/behavior/behavior.js

180.127.43.61

200 OK

0 B

URL HTTP/2
c349b2front.jt1216.com/cdn/c349b2FW/behavior/behavior.js
IP
180.127.43.61:0
ASN
#4134 Chinanet

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /cdn/c349b2FW/behavior/behavior.js HTTP/1.1
Host: c349b2front.jt1216.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.kvy6326.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Mon, 05 Dec 2022 20:22:43 GMT
server: nginx
last-modified: Tue, 29 Nov 2022 02:38:53 GMT
vary: Accept-Encoding
etag: W/"638570bd-31e5"
access-control-allow-origin: *
content-encoding: gzip
x-cc-via: 10_dx-jiangsu-lianyungang-5-cache-4[H,0]
X-Firefox-Spdy: h2

c349b2front.jt1216.com/cdn/c349b2FW/static/img/logosmall.00ff086a.png

180.127.43.61

200 OK

0 B

URL HTTP/2
c349b2front.jt1216.com/cdn/c349b2FW/static/img/logosmall.00ff086a.png
IP
180.127.43.61:0
ASN
#4134 Chinanet

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /cdn/c349b2FW/static/img/logosmall.00ff086a.png HTTP/1.1
Host: c349b2front.jt1216.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.kvy6326.com
Connection: keep-alive
Referer: http://www.kvy6326.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/png
date: Mon, 05 Dec 2022 09:05:06 GMT
server: nginx
last-modified: Tue, 29 Nov 2022 02:38:53 GMT
vary: Accept-Encoding
etag: W/"638570bd-1834"
access-control-allow-origin: *
content-encoding: gzip
x-cc-via: 16_dx-jiangsu-lianyungang-5-cache-4[H,1]
X-Firefox-Spdy: h2

c349b2front.jt1216.com/cdn/c349b2FW/static/js/app.4e8dcfe5.js

180.127.43.61

200 OK

0 B

URL HTTP/2
c349b2front.jt1216.com/cdn/c349b2FW/static/js/app.4e8dcfe5.js
IP
180.127.43.61:0
ASN
#4134 Chinanet

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /cdn/c349b2FW/static/js/app.4e8dcfe5.js HTTP/1.1
Host: c349b2front.jt1216.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.kvy6326.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Mon, 05 Dec 2022 20:22:43 GMT
server: nginx
last-modified: Tue, 29 Nov 2022 02:38:53 GMT
vary: Accept-Encoding
etag: W/"638570bd-51ed3"
access-control-allow-origin: *
content-encoding: gzip
x-cc-via: 8_dx-jiangsu-lianyungang-5-cache-4[H,1]
X-Firefox-Spdy: h2

c349b2front.jt1216.com/cdn/c349b2FW/static/js/chunk-vendors.345dc292.js

180.127.43.61

200 OK

0 B

URL HTTP/2
c349b2front.jt1216.com/cdn/c349b2FW/static/js/chunk-vendors.345dc292.js
IP
180.127.43.61:0
ASN
#4134 Chinanet

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /cdn/c349b2FW/static/js/chunk-vendors.345dc292.js HTTP/1.1
Host: c349b2front.jt1216.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.kvy6326.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Mon, 05 Dec 2022 20:22:43 GMT
server: nginx
last-modified: Tue, 29 Nov 2022 02:38:53 GMT
vary: Accept-Encoding
etag: W/"638570bd-f1884"
access-control-allow-origin: *
content-encoding: gzip
x-cc-via: 11_dx-jiangsu-lianyungang-5-cache-4[H,1]
X-Firefox-Spdy: h2

c349b2front.jt1216.com/cdn/c349b2FW/static/css/Home.fba8b51e.css

180.127.43.61

200 OK

0 B

URL HTTP/2
c349b2front.jt1216.com/cdn/c349b2FW/static/css/Home.fba8b51e.css
IP
180.127.43.61:0
ASN
#4134 Chinanet

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /cdn/c349b2FW/static/css/Home.fba8b51e.css HTTP/1.1
Host: c349b2front.jt1216.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.kvy6326.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: text/css
date: Mon, 05 Dec 2022 20:22:43 GMT
server: nginx
last-modified: Tue, 29 Nov 2022 02:38:53 GMT
vary: Accept-Encoding
etag: W/"638570bd-14a48"
access-control-allow-origin: *
content-encoding: gzip
x-cc-via: 12_dx-jiangsu-lianyungang-5-cache-4[H,1]
X-Firefox-Spdy: h2

c349b2front.jt1216.com/cdn/c349b2FW/static/img/offer.ac2639c2.jpg

180.127.43.61

200 OK

0 B

URL HTTP/2
c349b2front.jt1216.com/cdn/c349b2FW/static/img/offer.ac2639c2.jpg
IP
180.127.43.61:0
ASN
#4134 Chinanet

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /cdn/c349b2FW/static/img/offer.ac2639c2.jpg HTTP/1.1
Host: c349b2front.jt1216.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.kvy6326.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
date: Mon, 05 Dec 2022 03:41:04 GMT
server: nginx
last-modified: Tue, 29 Nov 2022 02:38:53 GMT
vary: Accept-Encoding
etag: W/"638570bd-1413a"
access-control-allow-origin: *
content-encoding: gzip
x-cc-via: 12_dx-jiangsu-lianyungang-5-cache-4[H,1]
X-Firefox-Spdy: h2

c349b2front.jt1216.com/cdn/c349b2FW/_wms/img/_l/_banner/banner-index-1c31fe59ed770d166abb27c5d3c5a142d.jpg_.webp

180.127.43.61

200 OK

0 B

URL HTTP/2
c349b2front.jt1216.com/cdn/c349b2FW/_wms/img/_l/_banner/banner-index-1c31fe59ed770d166abb27c5d3c5a142d.jpg_.webp
IP
180.127.43.61:0
ASN
#4134 Chinanet

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /cdn/c349b2FW/_wms/img/_l/_banner/banner-index-1c31fe59ed770d166abb27c5d3c5a142d.jpg_.webp HTTP/1.1
Host: c349b2front.jt1216.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.kvy6326.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/webp
date: Mon, 05 Dec 2022 11:06:36 GMT
server: nginx
last-modified: Tue, 29 Nov 2022 02:04:58 GMT
vary: Accept-Encoding
etag: W/"638568ca-10276"
access-control-allow-origin: *
content-encoding: gzip
x-cc-via: 8_dx-jiangsu-lianyungang-5-cache-4[H,1]
X-Firefox-Spdy: h2

c349b2front.jt1216.com/cdn/c349b2FW/static/img/game5.c6c3eaea.jpg

180.127.43.61

200 OK

0 B

URL HTTP/2
c349b2front.jt1216.com/cdn/c349b2FW/static/img/game5.c6c3eaea.jpg
IP
180.127.43.61:0
ASN
#4134 Chinanet

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /cdn/c349b2FW/static/img/game5.c6c3eaea.jpg HTTP/1.1
Host: c349b2front.jt1216.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.kvy6326.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
date: Mon, 05 Dec 2022 03:41:03 GMT
server: nginx
last-modified: Tue, 29 Nov 2022 02:38:53 GMT
vary: Accept-Encoding
etag: W/"638570bd-d33c"
access-control-allow-origin: *
content-encoding: gzip
x-cc-via: 15_dx-jiangsu-lianyungang-5-cache-4[H,1]
X-Firefox-Spdy: h2

c349b2front.jt1216.com/cdn/c349b2FW/static/img/game9.790a376a.jpg

180.127.43.61

200 OK

0 B

URL HTTP/2
c349b2front.jt1216.com/cdn/c349b2FW/static/img/game9.790a376a.jpg
IP
180.127.43.61:0
ASN
#4134 Chinanet

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /cdn/c349b2FW/static/img/game9.790a376a.jpg HTTP/1.1
Host: c349b2front.jt1216.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.kvy6326.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
date: Mon, 05 Dec 2022 03:32:15 GMT
server: nginx
last-modified: Tue, 29 Nov 2022 02:38:53 GMT
vary: Accept-Encoding
etag: W/"638570bd-db33"
access-control-allow-origin: *
content-encoding: gzip
x-cc-via: 16_dx-jiangsu-lianyungang-5-cache-4[H,0]
X-Firefox-Spdy: h2

c349b2front.jt1216.com/cdn/c349b2FW/static/img/game7.b2d3ce06.jpg

180.127.43.61

200 OK

0 B

URL HTTP/2
c349b2front.jt1216.com/cdn/c349b2FW/static/img/game7.b2d3ce06.jpg
IP
180.127.43.61:0
ASN
#4134 Chinanet

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /cdn/c349b2FW/static/img/game7.b2d3ce06.jpg HTTP/1.1
Host: c349b2front.jt1216.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.kvy6326.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
date: Mon, 05 Dec 2022 03:41:03 GMT
server: nginx
last-modified: Tue, 29 Nov 2022 02:38:53 GMT
vary: Accept-Encoding
etag: W/"638570bd-d57b"
access-control-allow-origin: *
content-encoding: gzip
x-cc-via: 6_dx-jiangsu-lianyungang-5-cache-4[H,1]
X-Firefox-Spdy: h2

c349b2front.jt1216.com/cdn/c349b2FW/_wms/img/_l/_banner/banner-index-02186f15fc8e05b939d68c9113cae8be2.jpg_.webp

180.127.43.61

200 OK

0 B

URL HTTP/2
c349b2front.jt1216.com/cdn/c349b2FW/_wms/img/_l/_banner/banner-index-02186f15fc8e05b939d68c9113cae8be2.jpg_.webp
IP
180.127.43.61:0
ASN
#4134 Chinanet

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /cdn/c349b2FW/_wms/img/_l/_banner/banner-index-02186f15fc8e05b939d68c9113cae8be2.jpg_.webp HTTP/1.1
Host: c349b2front.jt1216.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.kvy6326.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/webp
date: Mon, 05 Dec 2022 11:06:36 GMT
server: nginx
last-modified: Tue, 29 Nov 2022 02:04:58 GMT
vary: Accept-Encoding
etag: W/"638568ca-20df0"
access-control-allow-origin: *
content-encoding: gzip
x-cc-via: 16_dx-jiangsu-lianyungang-5-cache-4[H,1]
X-Firefox-Spdy: h2

c349b2front.jt1216.com/cdn/c349b2FW/static/img/game.b9b13060.jpg

180.127.43.61

200 OK

0 B

URL HTTP/2
c349b2front.jt1216.com/cdn/c349b2FW/static/img/game.b9b13060.jpg
IP
180.127.43.61:0
ASN
#4134 Chinanet

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /cdn/c349b2FW/static/img/game.b9b13060.jpg HTTP/1.1
Host: c349b2front.jt1216.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c349b2front.jt1216.com/cdn/c349b2FW/static/css/app.7c0e53df.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
date: Mon, 05 Dec 2022 09:05:03 GMT
server: nginx
last-modified: Tue, 29 Nov 2022 02:38:53 GMT
vary: Accept-Encoding
etag: W/"638570bd-4cd0"
access-control-allow-origin: *
content-encoding: gzip
x-cc-via: 8_dx-jiangsu-lianyungang-5-cache-4[H,3]
X-Firefox-Spdy: h2

c349b2front.jt1216.com/cdn/c349b2FW/static/img/sideIcon.64731ed0.png

180.127.43.61

200 OK

0 B

URL HTTP/2
c349b2front.jt1216.com/cdn/c349b2FW/static/img/sideIcon.64731ed0.png
IP
180.127.43.61:0
ASN
#4134 Chinanet

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /cdn/c349b2FW/static/img/sideIcon.64731ed0.png HTTP/1.1
Host: c349b2front.jt1216.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c349b2front.jt1216.com/cdn/c349b2FW/static/css/app.7c0e53df.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/png
date: Mon, 05 Dec 2022 09:05:03 GMT
server: nginx
last-modified: Tue, 29 Nov 2022 02:38:53 GMT
vary: Accept-Encoding
etag: W/"638570bd-207d"
access-control-allow-origin: *
content-encoding: gzip
x-cc-via: 9_dx-jiangsu-lianyungang-5-cache-4[H,3]
X-Firefox-Spdy: h2

c349b2front.jt1216.com/cdn/c349b2FW/_wms/img/_l/_banner/banner-index-10f40a80fb5aa39327b4b37ae3ac5e8fa7.jpg_.webp

180.127.43.61

200 OK

0 B

URL HTTP/2
c349b2front.jt1216.com/cdn/c349b2FW/_wms/img/_l/_banner/banner-index-10f40a80fb5aa39327b4b37ae3ac5e8fa7.jpg_.webp
IP
180.127.43.61:0
ASN
#4134 Chinanet

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /cdn/c349b2FW/_wms/img/_l/_banner/banner-index-10f40a80fb5aa39327b4b37ae3ac5e8fa7.jpg_.webp HTTP/1.1
Host: c349b2front.jt1216.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.kvy6326.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/webp
date: Mon, 05 Dec 2022 11:06:36 GMT
server: nginx
last-modified: Tue, 29 Nov 2022 02:04:59 GMT
vary: Accept-Encoding
etag: W/"638568cb-e546"
access-control-allow-origin: *
content-encoding: gzip
x-cc-via: 9_dx-jiangsu-lianyungang-5-cache-4[H,1]
X-Firefox-Spdy: h2

c349b2front.jt1216.com/cdn/c349b2FW/static/img/ag1.8f102913.jpg

180.127.43.61

200 OK

0 B

URL HTTP/2
c349b2front.jt1216.com/cdn/c349b2FW/static/img/ag1.8f102913.jpg
IP
180.127.43.61:0
ASN
#4134 Chinanet

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /cdn/c349b2FW/static/img/ag1.8f102913.jpg HTTP/1.1
Host: c349b2front.jt1216.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c349b2front.jt1216.com/cdn/c349b2FW/static/css/app.7c0e53df.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
date: Mon, 05 Dec 2022 03:09:39 GMT
server: nginx
last-modified: Tue, 29 Nov 2022 02:38:53 GMT
vary: Accept-Encoding
etag: W/"638570bd-ff0c"
access-control-allow-origin: *
content-encoding: gzip
x-cc-via: 6_dx-jiangsu-lianyungang-5-cache-4[H,2]
X-Firefox-Spdy: h2

c349b2front.jt1216.com/cdn/c349b2FW/static/img/ag2.58063024.jpg

180.127.43.61

200 OK

0 B

URL HTTP/2
c349b2front.jt1216.com/cdn/c349b2FW/static/img/ag2.58063024.jpg
IP
180.127.43.61:0
ASN
#4134 Chinanet

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /cdn/c349b2FW/static/img/ag2.58063024.jpg HTTP/1.1
Host: c349b2front.jt1216.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c349b2front.jt1216.com/cdn/c349b2FW/static/css/app.7c0e53df.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
date: Mon, 05 Dec 2022 09:05:03 GMT
server: nginx
last-modified: Tue, 29 Nov 2022 02:38:53 GMT
vary: Accept-Encoding
etag: W/"638570bd-3f43"
access-control-allow-origin: *
content-encoding: gzip
x-cc-via: 8_dx-jiangsu-lianyungang-5-cache-4[H,3]
X-Firefox-Spdy: h2

c349b2front.jt1216.com/cdn/c349b2FW/static/css/app.7c0e53df.css

180.127.43.61

200 OK

0 B

URL HTTP/2
c349b2front.jt1216.com/cdn/c349b2FW/static/css/app.7c0e53df.css
IP
180.127.43.61:0
ASN
#4134 Chinanet

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /cdn/c349b2FW/static/css/app.7c0e53df.css HTTP/1.1
Host: c349b2front.jt1216.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.kvy6326.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css
date: Mon, 05 Dec 2022 20:22:43 GMT
server: nginx
last-modified: Tue, 29 Nov 2022 02:38:53 GMT
vary: Accept-Encoding
etag: W/"638570bd-5fc1b"
access-control-allow-origin: *
content-encoding: gzip
x-cc-via: 14_dx-jiangsu-lianyungang-5-cache-4[H,1]
X-Firefox-Spdy: h2

c349b2front.jt1216.com/cdn/c349b2FW/static/js/Home.0838ae3d.js

180.127.43.61

200 OK

0 B

URL HTTP/2
c349b2front.jt1216.com/cdn/c349b2FW/static/js/Home.0838ae3d.js
IP
180.127.43.61:0
ASN
#4134 Chinanet

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /cdn/c349b2FW/static/js/Home.0838ae3d.js HTTP/1.1
Host: c349b2front.jt1216.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.kvy6326.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Mon, 05 Dec 2022 20:22:44 GMT
server: nginx
last-modified: Tue, 29 Nov 2022 02:38:53 GMT
vary: Accept-Encoding
etag: W/"638570bd-b3ed"
access-control-allow-origin: *
content-encoding: gzip
x-cc-via: 14_dx-jiangsu-lianyungang-5-cache-4[H,1]
X-Firefox-Spdy: h2

c349b2front.jt1216.com/cdn/c349b2FW/static/img/game6.b0f07d7a.jpg

180.127.43.61

200 OK

0 B

URL HTTP/2
c349b2front.jt1216.com/cdn/c349b2FW/static/img/game6.b0f07d7a.jpg
IP
180.127.43.61:0
ASN
#4134 Chinanet

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /cdn/c349b2FW/static/img/game6.b0f07d7a.jpg HTTP/1.1
Host: c349b2front.jt1216.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.kvy6326.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
date: Mon, 05 Dec 2022 03:41:04 GMT
server: nginx
last-modified: Tue, 29 Nov 2022 02:38:53 GMT
vary: Accept-Encoding
etag: W/"638570bd-b2f5"
access-control-allow-origin: *
content-encoding: gzip
x-cc-via: 5_dx-jiangsu-lianyungang-5-cache-4[H,1]
X-Firefox-Spdy: h2

c349b2front.jt1216.com/cdn/c349b2FW/static/img/game8.ffce75c2.jpg

180.127.43.61

200 OK

0 B

URL HTTP/2
c349b2front.jt1216.com/cdn/c349b2FW/static/img/game8.ffce75c2.jpg
IP
180.127.43.61:0
ASN
#4134 Chinanet

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /cdn/c349b2FW/static/img/game8.ffce75c2.jpg HTTP/1.1
Host: c349b2front.jt1216.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.kvy6326.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
date: Mon, 05 Dec 2022 03:41:03 GMT
server: nginx
last-modified: Tue, 29 Nov 2022 02:38:53 GMT
vary: Accept-Encoding
etag: W/"638570bd-1177e"
access-control-allow-origin: *
content-encoding: gzip
x-cc-via: 15_dx-jiangsu-lianyungang-5-cache-4[H,1]
X-Firefox-Spdy: h2

c349b2front.jt1216.com/cdn/c349b2FW/_wms/img/_l/_banner/banner-index-5378e8f4e62e58d11f0b2212e535f0331.jpg_.webp

180.127.43.61

200 OK

0 B

URL HTTP/2
c349b2front.jt1216.com/cdn/c349b2FW/_wms/img/_l/_banner/banner-index-5378e8f4e62e58d11f0b2212e535f0331.jpg_.webp
IP
180.127.43.61:0
ASN
#4134 Chinanet

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /cdn/c349b2FW/_wms/img/_l/_banner/banner-index-5378e8f4e62e58d11f0b2212e535f0331.jpg_.webp HTTP/1.1
Host: c349b2front.jt1216.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.kvy6326.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/webp
date: Mon, 05 Dec 2022 11:06:36 GMT
server: nginx
last-modified: Tue, 29 Nov 2022 02:04:59 GMT
vary: Accept-Encoding
etag: W/"638568cb-7462"
access-control-allow-origin: *
content-encoding: gzip
x-cc-via: 15_dx-jiangsu-lianyungang-5-cache-4[H,0]
X-Firefox-Spdy: h2

c349b2front.jt1216.com/cdn/c349b2FW/static/img/ag3.be67febf.jpg

180.127.43.61

200 OK

0 B

URL HTTP/2
c349b2front.jt1216.com/cdn/c349b2FW/static/img/ag3.be67febf.jpg
IP
180.127.43.61:0
ASN
#4134 Chinanet

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /cdn/c349b2FW/static/img/ag3.be67febf.jpg HTTP/1.1
Host: c349b2front.jt1216.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c349b2front.jt1216.com/cdn/c349b2FW/static/css/app.7c0e53df.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
date: Mon, 05 Dec 2022 09:05:03 GMT
server: nginx
last-modified: Tue, 29 Nov 2022 02:38:53 GMT
vary: Accept-Encoding
etag: W/"638570bd-3ce9"
access-control-allow-origin: *
content-encoding: gzip
x-cc-via: 14_dx-jiangsu-lianyungang-5-cache-4[H,2]
X-Firefox-Spdy: h2

c349b2front.jt1216.com/cdn/c349b2FW/static/img/game2.2b372bf5.jpg

180.127.43.61

200 OK

0 B

URL HTTP/2
c349b2front.jt1216.com/cdn/c349b2FW/static/img/game2.2b372bf5.jpg
IP
180.127.43.61:0
ASN
#4134 Chinanet

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /cdn/c349b2FW/static/img/game2.2b372bf5.jpg HTTP/1.1
Host: c349b2front.jt1216.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c349b2front.jt1216.com/cdn/c349b2FW/static/css/app.7c0e53df.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
date: Mon, 05 Dec 2022 09:05:03 GMT
server: nginx
last-modified: Tue, 29 Nov 2022 02:38:53 GMT
vary: Accept-Encoding
etag: W/"638570bd-ed46"
access-control-allow-origin: *
content-encoding: gzip
x-cc-via: 11_dx-jiangsu-lianyungang-5-cache-4[H,3]
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (14)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations