Report - c79999.com/

Report Overview

Submitted URL
c79999.com/
IP
23.248.251.242
ASN
#136800 Sun Network Hong Kong Limited - HongKong Backbone
Submitted
2022-11-30 08:54:19
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
20

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	5.3 kB	23.36.77.32
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	52.43.253.52
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.7 kB	48 kB	34.120.237.76
ocsp.globalsign.com	2075	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	722 B	3.8 kB	104.18.20.226
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	682 B	1.6 kB	93.184.220.29
c79999.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.0 kB	168 kB	23.248.251.242
js.users.51.la	53024	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	356 B	2.8 kB	103.143.19.103

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-11-30	medium	c79999.com/	Phishing
2022-11-30	medium	c79999.com/	Phishing
2022-11-30	medium	c79999.com/pc/css/css.css?v=0.04	Phishing
2022-11-30	medium	c79999.com/js/aes.min.js	Phishing
2022-11-30	medium	c79999.com/pc/qrcodejs/qrcode.min.js	Phishing
2022-11-30	medium	c79999.com/js/cry.js	Phishing
2022-11-30	medium	c79999.com/pc/qrcodejs/jquery.min.js	Phishing
2022-11-30	medium	c79999.com/pc/js/jquery.SuperSlide.2.1.1.js	Phishing
2022-11-30	medium	c79999.com/pc/index.html	Phishing
2022-11-30	medium	c79999.com/pc/js/jquery1.42.min.js	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (12)

	URL	Size	First Seen	Last Seen
	c79999.com/pc/index.html	29 B	2023-03-11	2023-03-11
Pretty URL c79999.com/pc/index.html IP 23.248.251.242 ASN #136800 Sun Network Hong Kong Limited - HongKong Backbone Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:55:39 Last Seen2023-03-11 22:55:39 Times Seen1 Hash 7814a850d759c13a2bf7742279555614 082388bd170a8cbc172db5ebcc45662764ed3348 46a020be3c07ef18d725cee9fbeb62483eab36f0a0645fb7756288d6cf1b0cb3 Loading...

	c79999.com/pc/qrcodejs/jquery.min.js	94 kB	2023-03-10	2024-01-02
Pretty URL c79999.com/pc/qrcodejs/jquery.min.js IP 23.248.251.242 ASN #136800 Sun Network Hong Kong Limited - HongKong Backbone Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 04:37:42 Last Seen2024-01-02 16:41:35 Times Seen25 Hash 04169da38e42b7f704e72fce3a957e33 a8c8a5caf9765b4ccb90d708045518e219a9af5d 1f0a1183d9ed40fa1e0cf8a29a6b3eca8c288a6f5c36e16813550c4f8b938636 Loading...

	c79999.com/pc/qrcodejs/qrcode.min.js	20 kB	2023-03-07	2024-04-24
Pretty URL c79999.com/pc/qrcodejs/qrcode.min.js IP 23.248.251.242 ASN #136800 Sun Network Hong Kong Limited - HongKong Backbone Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:56 Last Seen2024-04-24 19:24:17 Times Seen4799 Hash 517b55d3688ce9ef1085a3d9632bcb97 2d06c1f823f34c19981c6ae0b0eb0f5861c5e14b c541ef06327885a8415bca8df6071e14189b4855336def4f36db54bde8484f36 Loading...

	c79999.com/js/cry.js	54 kB	2023-03-10	2023-12-01
Pretty URL c79999.com/js/cry.js IP 23.248.251.242 ASN #136800 Sun Network Hong Kong Limited - HongKong Backbone Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 09:33:02 Last Seen2023-12-01 08:38:14 Times Seen8 Hash fefbb7b2f5db57e96637eb7e9ced5ca5 d6a6c3786d3893ad958f9fd7616a3a4db28cee6c 9b0ac3fd6152d765d0490908ff356aa36e634c0a3ab278e78e1ba6b7984755df Loading...

	c79999.com/js/aes.min.js	2.7 kB	2023-03-10	2023-03-11
Pretty URL c79999.com/js/aes.min.js IP 23.248.251.242 ASN #136800 Sun Network Hong Kong Limited - HongKong Backbone Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 09:33:02 Last Seen2023-03-11 22:55:39 Times Seen1 Hash 343db8d201518bca6750a8c4904732b2 f4bd220ee39e013b2a530420ca10b00a473316d3 85a881720515ea156c388843198c3027c5bbd654493f09fa04d227c0f865ff7b Loading...

	c79999.com/	400 B	2023-03-11	2023-03-11
Pretty URL c79999.com/ IP 23.248.251.242 ASN #136800 Sun Network Hong Kong Limited - HongKong Backbone Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:49:16 Last Seen2023-03-11 22:55:39 Times Seen1 Hash 96e9376d4354755cb39a369caaf65435 3f9264549187ce949e960dbb05ac7bf647ab86ee 8fa5c0500fa736ad9f6744d45489099129d9cbb0f0718afc00488f3fa1698ff4 Loading...

	c79999.com/pc/js/jquery1.42.min.js	72 kB	2023-03-07	2024-04-24
Pretty URL c79999.com/pc/js/jquery1.42.min.js IP 23.248.251.242 ASN #136800 Sun Network Hong Kong Limited - HongKong Backbone Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:20:24 Last Seen2024-04-24 06:17:47 Times Seen130 Hash df0ff7fe7cd0e9795a02c58de82f6d69 5ddc254648c0d8f2b20f277a7de6da3e1d8f960c 83eca7ad41f603b88fa13c9022aeb1e4de0d85280ddd1df2df6df93fb1d6eae5 Loading...

	c79999.com/pc/js/jquery.SuperSlide.2.1.1.js	11 kB	2023-03-07	2024-04-24
Pretty URL c79999.com/pc/js/jquery.SuperSlide.2.1.1.js IP 23.248.251.242 ASN #136800 Sun Network Hong Kong Limited - HongKong Backbone Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18:58 Last Seen2024-04-24 05:31:47 Times Seen639 Hash 169167b16256501954e8b27ae2f717c4 a55a5b630b037452bb1ade6e02599977320239a2 e0b29895b573e456b8fa3c7fe7380425b20fcb36c511b50b60cffc23ffcf2b0f Loading...

	c79999.com/pc/index.html	24 kB	2023-03-11	2023-03-11
Pretty URL c79999.com/pc/index.html IP 23.248.251.242 ASN #136800 Sun Network Hong Kong Limited - HongKong Backbone Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:49:16 Last Seen2023-03-11 22:55:39 Times Seen1 Hash b75c20fb5961f45e2f6011ebae0dfbc1 49aadfac8b85cf69c9b36816a0f249ace3745833 d9b8f2389cda47f2ea649572e26b5b76b1f26c35bfd85039bae57dd01f9ec630 Loading...

	js.users.51.la/21088715.js	5.1 kB	2023-03-11	2023-03-11
Pretty URL js.users.51.la/21088715.js IP 103.143.19.103 ASN #4837 CHINA UNICOM China169 Backbone Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:49:16 Last Seen2023-03-11 22:55:39 Times Seen1 Hash 77a893d7f0a0bc2c0c4687cf74c4b930 3d5e80e607da74ddf7592745db4c6bbbdd82c073 f13c19364bbec75cb034ba2f3ec02646048cfb2bd2d8a9449876619e43df2527 Loading...

		Size	First Seen	Last Seen
	#1 Eval - c0ec741496fd38f41e1964ced1874c4b	564 B	2023-03-10	2023-03-11
Pretty Observations First Seen2023-03-10 09:33:02 Last Seen2023-03-11 22:55:39 Times Seen1 Hash c0ec741496fd38f41e1964ced1874c4b 0f66199d765c3388e75c6c2e1fdc5477ce47e4cc 899481b09b409af05db5900a136cbacda13f6939592477475f1f8806ddffc303 Loading...

		Size	First Seen	Last Seen
	#1 Write - 6b8b5e41ba66f9dec1dd328032fb3e24	101 B	2023-03-11	2023-03-11
Pretty Observations First Seen2023-03-11 22:49:16 Last Seen2023-03-11 22:55:39 Times Seen1 Hash 6b8b5e41ba66f9dec1dd328032fb3e24 ef26e8af81a5be48ab668dbd1bc3407b6d24fc3e b7854946a26145fa1d564fcf27e38991f211154846eea10f9037a497baad05e4 Loading...

HTTP Transactions (31)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
2d2e7649ce9e9ba6fc8b68aa89352e3c
0153d1d3d830a457043e16bb40d48a0b9ddef4b8
8eed57c91b42ef7b2d5eff1309e306e23e13c3de21219af24a693cbf3e8977fc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8EED57C91B42EF7B2D5EFF1309E306E23E13C3DE21219AF24A693CBF3E8977FC"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15520
Expires: Wed, 30 Nov 2022 13:12:47 GMT
Date: Wed, 30 Nov 2022 08:54:07 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6d9d34c96b9a826ae5676640c966469c
8052a16d41a637e420478b7de1ff5a2dc951fccd
f18ac558cb786126bb7efb159e03353d268d5f5796bcfd2691a349dfc68d863c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F18AC558CB786126BB7EFB159E03353D268D5F5796BCFD2691A349DFC68D863C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2393
Expires: Wed, 30 Nov 2022 09:34:01 GMT
Date: Wed, 30 Nov 2022 08:54:08 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
4ed065cb23b5fca1a179dd73b3c5b7b2
4422eb24688f5e056fc1b18b127c7f63b1dbf5e0
b723d770d0dec7441d8505dc5a4e7d34f55c9f564ec52f20d9b70c7c3a0d9d35

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3145
Cache-Control: max-age=95368
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 08:54:08 GMT
Etag: "6385df6f-1d7"
Expires: Thu, 01 Dec 2022 11:23:36 GMT
Last-Modified: Tue, 29 Nov 2022 10:31:11 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: ZhvjMXJ/+B6BbbPYGdEND99vtH2YU+YfTURjZYeuj3Ogb3LILg20n44XLiZL6KzHjFnZyrTCmXw=
x-amz-request-id: B95DPE6ZXT5D24VG
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 30 Nov 2022 08:45:10 GMT
age: 538
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 30 Nov 2022 08:19:41 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2067
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 08:54:08 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

c79999.com/

23.248.251.242

301 Moved Permanently

162 B

URL HTTP/1.1
c79999.com/
IP
23.248.251.242:0
ASN
#136800 Sun Network Hong Kong Limited - HongKong Backbone

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET / HTTP/1.1
Host: c79999.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 30 Nov 2022 08:54:08 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://c79999.com/
Strict-Transport-Security: max-age=31536000

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 30 Nov 2022 08:08:56 GMT
cache-control: public,max-age=3600
age: 2712
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
3c8c689bd654417640d85f3da51af313
85123b6d46230a23d03768bf304b386e5d301305
516138ca79703b45e904d32d7dde1c1e9fd35995b9f1bb1331c547542745676d

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3145
Cache-Control: max-age=90305
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 08:54:08 GMT
Etag: "6385cba8-1d7"
Expires: Thu, 01 Dec 2022 09:59:13 GMT
Last-Modified: Tue, 29 Nov 2022 09:06:48 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

52.43.253.52

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.43.253.52:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: IESbzKC1mhDiYRlALvsFQQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: SsutRsrtRs9E6N9HDk9joWeNSTA=

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
9d50bf45b5b7cf92654128a8c43ec9e1
96bd3dd5e5e698bfa24773e56d122f0af4b1a4bd
39cb5cd10ea6c483ce523fa23a96fd137b63684fbbc42b3df3091ddac4cfbb25

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39CB5CD10EA6C483CE523FA23A96FD137B63684FBBC42B3DF3091DDAC4CFBB25"
Last-Modified: Tue, 29 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Wed, 30 Nov 2022 14:54:09 GMT
Date: Wed, 30 Nov 2022 08:54:09 GMT
Connection: keep-alive

c79999.com/

23.248.251.242

200 OK

802 B

URL HTTP/2
c79999.com/
IP
23.248.251.242:0
ASN
#136800 Sun Network Hong Kong Limited - HongKong Backbone

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Size
802 B (802 bytes)
Hash
613a93000866d90bd3917404779dc448
d767b3f36ef91d803e5a38d1c2fb08fd9cd66882
5cd612155de0e4fdd3b244d32021bb6326efbad8eed241f831cf6ee097dac338

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET / HTTP/1.1
Host: c79999.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 08:54:09 GMT
content-type: text/html
content-length: 802
last-modified: Fri, 29 Jan 2021 11:14:36 GMT
etag: "6013ee1c-322"
strict-transport-security: max-age=31536000
cache-control: no-cache
accept-ranges: bytes
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12582
Expires: Wed, 30 Nov 2022 12:23:52 GMT
Date: Wed, 30 Nov 2022 08:54:10 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12582
Expires: Wed, 30 Nov 2022 12:23:52 GMT
Date: Wed, 30 Nov 2022 08:54:10 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12582
Expires: Wed, 30 Nov 2022 12:23:52 GMT
Date: Wed, 30 Nov 2022 08:54:10 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29e8368b-e5a8-4256-a456-b724e13819e4.jpeg

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29e8368b-e5a8-4256-a456-b724e13819e4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10068 bytes)
Hash
f621857774e4b4adda95f58081644859
639165dc66d171b8266f22cd495181427112bc80
341fd33d3d9486079c182d60e21c355244b6597e6e09ba51ecee2e331b38ca2e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29e8368b-e5a8-4256-a456-b724e13819e4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10068
x-amzn-requestid: 7f386e94-3c17-44a1-a36b-3d0eeff4623d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYhGvEQQoAMFihA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867bc4-5069acfd038ffb2c124b7bd8;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:38:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Bh6VQ3BLEXcZKHFyJxHVGQWVQm-w2s0786t8SQOcHQUaNvSFc1rg-A==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:52:51 GMT
etag: "639165dc66d171b8266f22cd495181427112bc80"
content-type: image/jpeg
age: 39679
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F966ff24e-ea85-4a2e-aead-22f1a723c59f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.7 kB (9674 bytes)
Hash
5508d05a290b663fd89ead9b58f2efd8
53650399f9a986ba54addd668b4557109d12003b
65704a961410fdd318c491fedf002c8e9b184cd34b76fe1b67026d42ce21be3f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F966ff24e-ea85-4a2e-aead-22f1a723c59f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9674
x-amzn-requestid: 7e7d0183-9667-462a-8d44-d125998c1ae3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgEoHVAoAMFvAQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a1d-280ba97e3fe1bf7244cbde35;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ym_L3s5E6MLy6BxqNkVxok6L6hA4c-ilSsEqt42j2IbiXYPb4c6-VQ==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:52:51 GMT
age: 39679
etag: "53650399f9a986ba54addd668b4557109d12003b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.8 kB (4803 bytes)
Hash
cc0a257323f882caff067adb86d906e4
cedf2f21be7cd366bd46055b62b5513db3011dfc
c16a9296d5e840a468fef7fb2764b9f7d4b3131d7ade2ce4999de1eead5469e0

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4803
x-amzn-requestid: 80f7f1c8-0316-4181-83ac-2787b1ae825f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4iFHoIAMF2-g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-2c0a081b07e0785b4350c10c;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: CJiSRzIK7-rQE81gaP2We0LhgKX1YmuJKEGYEqW34Bm1KMx6NB8yhQ==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 22:35:09 GMT
age: 37141
etag: "cedf2f21be7cd366bd46055b62b5513db3011dfc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F48df8a6f-5803-4ce0-ab84-1efc8ca3e251.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.9 kB (8885 bytes)
Hash
8825a2c5c0d98323f489e0b816b7f1d8
05f46985ea4ace57460120876da8e19db08857b3
1d12590a78b32146d6f1d107fb93bdb6cb45228d15babd087c0111495d7138e1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F48df8a6f-5803-4ce0-ab84-1efc8ca3e251.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8885
x-amzn-requestid: 67e1ba67-b4fb-42c8-985d-f34164101c7b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYhIGGtloAMFxjw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867bcd-295995bb1123430c55659fe3;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:38:21 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: vOFoi7vW7NluI5wQB03BGh9efp_jvCoH1sUh4s1ubG_JAC6KcDkHxg==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 559326ad73233233a9e52cb9e8601ede.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 22:15:52 GMT
age: 38298
etag: "05f46985ea4ace57460120876da8e19db08857b3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

c79999.com/pc/css/css.css?v=0.04

23.248.251.242

200 OK

11 kB

URL HTTP/2
c79999.com/pc/css/css.css?v=0.04
IP
23.248.251.242:0
ASN
#136800 Sun Network Hong Kong Limited - HongKong Backbone

File type
data
Size
11 kB (10819 bytes)
Hash
b8e1f0eaae28fff3b4ecf5cac55fe49e
3c110426ffbd54bb4effbaf159a9305003d013cc
e28a591a812d3342d319f129d5a321f1adb001380a4a36c6a87302e861de5fa2

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /pc/css/css.css?v=0.04 HTTP/1.1
Host: c79999.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c79999.com/pc/index.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 08:54:09 GMT
content-type: text/css
last-modified: Sun, 13 Nov 2022 08:23:01 GMT
vary: Accept-Encoding, Accept-Encoding
etag: W/"6370a965-3ca8"
expires: Wed, 30 Nov 2022 20:54:09 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff2730750-552d-4852-8ce1-503874565f75.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.1 kB (9051 bytes)
Hash
05196ec43964cf559caa0c0279148d62
6170d6776615503e3e29f86783febc3e3e78ca66
47f3a5cde661987e3496ce110a0170b10087dd9ba8d4fd691c4830587ba3fa3f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff2730750-552d-4852-8ce1-503874565f75.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9051
x-amzn-requestid: 1032dd9c-a15e-4e8a-9c81-07419e8caf67
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYhGvEMNIAMFaKw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867bc4-1005c20a33320dbf6567ca31;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:38:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: IMaVlQblNnh9mFKwb2LG7hw7h_f1_nVYqO4aEUqY01a2HofnnQqcFQ==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:49:31 GMT
age: 39879
etag: "6170d6776615503e3e29f86783febc3e3e78ca66"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

c79999.com/js/aes.min.js

23.248.251.242

200 OK

65 kB

URL HTTP/2
c79999.com/js/aes.min.js
IP
23.248.251.242:0
ASN
#136800 Sun Network Hong Kong Limited - HongKong Backbone

File type
data
Size
65 kB (64658 bytes)
Hash
4d5a7ab2c575c65311ad3044d3325e05
e32ed6b88b0d0b0e9916a91936e48b02024f1fa3
433af4662443db1ea262ed3340b2e651082119212453fac7ecec6361e5d9720b

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/aes.min.js HTTP/1.1
Host: c79999.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c79999.com/pc/index.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 08:54:09 GMT
content-type: application/javascript
last-modified: Fri, 29 Jan 2021 11:14:43 GMT
vary: Accept-Encoding, Accept-Encoding
etag: W/"6013ee23-a98"
expires: Wed, 30 Nov 2022 20:54:09 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2

ocsp.globalsign.com/gsgccr3dvtlsca2020

104.18.20.226

200 OK

1.4 kB

URL HTTP/1.1
ocsp.globalsign.com/gsgccr3dvtlsca2020
IP
104.18.20.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.4 kB (1414 bytes)
Hash
3d8727fa0d49183f8e5e133c796fee0c
881f13b72197623609fe5e926116eb0282d1abcb
e080d2cca656674b39e187d0e7df708093744a4c86bed5abdff73cfdc2eed432

HTTP Headers

POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 08:54:11 GMT
Content-Type: application/ocsp-response
Content-Length: 1414
Connection: keep-alive
Expires: Sun, 04 Dec 2022 07:27:22 GMT
ETag: "881f13b72197623609fe5e926116eb0282d1abcb"
Last-Modified: Wed, 30 Nov 2022 07:27:23 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2202
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77225b641b861c16-OSL

c79999.com/pc/qrcodejs/qrcode.min.js

23.248.251.242

200 OK

27 kB

URL HTTP/2
c79999.com/pc/qrcodejs/qrcode.min.js
IP
23.248.251.242:0
ASN
#136800 Sun Network Hong Kong Limited - HongKong Backbone

File type
data
Size
27 kB (27233 bytes)
Hash
28be8667af6a624ae71c9422867f763c
5b1aa4362897f5ed786ecb5f4becec6a3bcc1f55
0332052352031b7bce358de69c5e356ff9809d00005874dfa2e5833d0c0aa59d

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /pc/qrcodejs/qrcode.min.js HTTP/1.1
Host: c79999.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c79999.com/pc/index.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 08:54:09 GMT
content-type: application/javascript
last-modified: Tue, 02 Feb 2021 14:03:50 GMT
vary: Accept-Encoding, Accept-Encoding
etag: W/"60195bc6-4dd7"
expires: Wed, 30 Nov 2022 20:54:09 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2

c79999.com/js/cry.js

23.248.251.242

200 OK

20 kB

URL HTTP/2
c79999.com/js/cry.js
IP
23.248.251.242:0
ASN
#136800 Sun Network Hong Kong Limited - HongKong Backbone

File type
data
Size
20 kB (20029 bytes)
Hash
10d6ebd6a18ab66a978d69aa2d900d0a
f8d26b541088147b624cac2bff2351f0c301562e
a0d08a95b334e4e45b6fc7872b50a3a75ec8a6c703fb36351e8a1e970febac96

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/cry.js HTTP/1.1
Host: c79999.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c79999.com/pc/index.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 08:54:09 GMT
content-type: application/javascript
last-modified: Fri, 29 Jan 2021 11:14:43 GMT
vary: Accept-Encoding, Accept-Encoding
etag: W/"6013ee23-d118"
expires: Wed, 30 Nov 2022 20:54:09 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2

js.users.51.la/21088715.js

103.143.19.103

200 OK

2.4 kB

URL HTTP/1.1
js.users.51.la/21088715.js
IP
103.143.19.103:0
ASN
#4837 CHINA UNICOM China169 Backbone

File type
HTML document, ASCII text, with very long lines (5068)
Size
2.4 kB (2406 bytes)
Hash
e89c9e692accf0b45486a2f0540bbe64
a7839599e12a5b73814911221f4a9d7c0230efa3
1ce0188e4e94f000a863a59e5956df79f28a48e3eb6d4281c6840d163d7d29fc

HTTP Headers

GET /21088715.js HTTP/1.1
Host: js.users.51.la
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c79999.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: CloudWAF
Date: Wed, 30 Nov 2022 08:54:15 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: HWWAFSESID=916ec1d29798b61be2d; path=/
HWWAFSESTIME=1669798454887; path=/
Cache-Control: max-age=360000
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Content-Encoding: gzip

ocsp.globalsign.com/gsgccr3dvtlsca2020

104.18.20.226

200 OK

1.4 kB

URL HTTP/1.1
ocsp.globalsign.com/gsgccr3dvtlsca2020
IP
104.18.20.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.4 kB (1414 bytes)
Hash
b0555412be655877dd7a9cad5a6ad138
4f83c5a8d513faf5b54032771306b8ad1753f5b5
40883d390ec5033c45a4bc3cc72fed469812fad5939646f7c5f38778cf8520e1

HTTP Headers

POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 08:54:16 GMT
Content-Type: application/ocsp-response
Content-Length: 1414
Connection: keep-alive
Expires: Sun, 04 Dec 2022 06:54:37 GMT
ETag: "4f83c5a8d513faf5b54032771306b8ad1753f5b5"
Last-Modified: Wed, 30 Nov 2022 06:54:38 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2733
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77225b841ff51c16-OSL

c79999.com/pc/qrcodejs/jquery.min.js

23.248.251.242

200 OK

41 kB

URL HTTP/2
c79999.com/pc/qrcodejs/jquery.min.js
IP
23.248.251.242:0
ASN
#136800 Sun Network Hong Kong Limited - HongKong Backbone

File type
data
Size
41 kB (41230 bytes)
Hash
7cdc20c1c4334ec4e238185db0d494b9
b60d7bd5d715f7abe1ae2c0beaf049846e0a7d90
247fd6314012a2cf2b9304ff2e1e476ef80d888758f9a96d5781201e83531401

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /pc/qrcodejs/jquery.min.js HTTP/1.1
Host: c79999.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c79999.com/pc/index.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 08:54:09 GMT
content-type: application/javascript
last-modified: Tue, 02 Feb 2021 14:03:47 GMT
vary: Accept-Encoding, Accept-Encoding
etag: W/"60195bc3-16dc5"
expires: Wed, 30 Nov 2022 20:54:09 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2

c79999.com/pc/js/jquery.SuperSlide.2.1.1.js

23.248.251.242

200 OK

0 B

URL HTTP/2
c79999.com/pc/js/jquery.SuperSlide.2.1.1.js
IP
23.248.251.242:0
ASN
#136800 Sun Network Hong Kong Limited - HongKong Backbone

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /pc/js/jquery.SuperSlide.2.1.1.js HTTP/1.1
Host: c79999.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c79999.com/pc/index.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 08:54:09 GMT
content-type: application/javascript
last-modified: Tue, 02 Feb 2021 14:03:50 GMT
vary: Accept-Encoding, Accept-Encoding
etag: W/"60195bc6-2c90"
expires: Wed, 30 Nov 2022 20:54:09 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2

c79999.com/pc/index.html

23.248.251.242

200 OK

0 B

URL HTTP/2
c79999.com/pc/index.html
IP
23.248.251.242:0
ASN
#136800 Sun Network Hong Kong Limited - HongKong Backbone

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /pc/index.html HTTP/1.1
Host: c79999.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c79999.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 08:54:09 GMT
content-type: text/html
last-modified: Sun, 13 Nov 2022 08:33:30 GMT
vary: Accept-Encoding, Accept-Encoding
etag: W/"6370abda-655b"
strict-transport-security: max-age=31536000
cache-control: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

c79999.com/pc/js/jquery1.42.min.js

23.248.251.242

200 OK

0 B

URL HTTP/2
c79999.com/pc/js/jquery1.42.min.js
IP
23.248.251.242:0
ASN
#136800 Sun Network Hong Kong Limited - HongKong Backbone

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /pc/js/jquery1.42.min.js HTTP/1.1
Host: c79999.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c79999.com/pc/index.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 08:54:09 GMT
content-type: application/javascript
last-modified: Tue, 02 Feb 2021 14:03:50 GMT
vary: Accept-Encoding, Accept-Encoding
etag: W/"60195bc6-119ed"
expires: Wed, 30 Nov 2022 20:54:09 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (12)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations