Report - hf3999.com/

Report Overview

Submitted URL
hf3999.com/
IP
154.91.171.68
ASN
#0
Submitted
2022-11-26 15:44:10
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
24

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
hf3999.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	342 B	163 B	156.234.168.109
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	340 B	963 B	172.64.155.188
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.4 kB	6.2 kB	23.36.76.226
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	53 kB	34.120.237.76
www.google-analytics.com	40	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	370 B	21 kB	142.250.74.174
www.hf3999.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	7.6 kB	28 kB	103.101.153.144
c349b2front.jt1216.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	14 kB	197 kB	222.184.83.44
www.googletagmanager.com	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	383 B	44 kB	142.250.74.168
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	682 B	1.6 kB	93.184.220.29
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	44.236.232.139
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	686 B	1.4 kB	142.250.74.3

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-11-26	medium	hf3999.com/	Phishing
2022-11-26	medium	www.hf3999.com/	Phishing
2022-11-26	medium	www.hf3999.com/init.js	Phishing
2022-11-26	medium	www.hf3999.com/saconfig/secure/yunwei.js?0.15939944554444885	Phishing
2022-11-26	medium	www.hf3999.com/_glaxy_c349b2_/webToken	Phishing
2022-11-26	medium	www.hf3999.com/_glaxy_c349b2_/_extra_/api/app/getIp	Phishing
2022-11-26	medium	www.hf3999.com/_glaxy_c349b2_/webToken	Phishing
2022-11-26	medium	www.hf3999.com/_glaxy_c349b2_/_extra_/api/signIn/haveEverdaySign	Phishing
2022-11-26	medium	www.hf3999.com/_glaxy_c349b2_/areaLimitV2	Phishing
2022-11-26	medium	www.hf3999.com/_glaxy_c349b2_/webToken	Phishing
2022-11-26	medium	www.hf3999.com/_glaxy_c349b2_/game/queryGames	Phishing
2022-11-26	medium	www.hf3999.com/_glaxy_c349b2_/customer/preCreateAccount	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (14)

	URL	Size	First Seen	Last Seen
	www.googletagmanager.com/gtag/js?id=UA-124279463-1	112 kB	2023-03-11	2023-03-11
Pretty URL www.googletagmanager.com/gtag/js?id=UA-124279463-1 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 20:47:49 Last Seen2023-03-11 20:47:49 Times Seen1 Hash c19a16f69a297e7984edf3636112c670 eada1dd0ed7db903d768826168899f802d3a7576 717da70f3ffca4d0c20db1a6c1f85eb68b055c633a08e2fda06508d05b4fe7c4 Loading...

	www.hf3999.com/saconfig/secure/yunwei.js?0.15939944554444885	530 B	2023-03-08	2023-03-11
Pretty URL www.hf3999.com/saconfig/secure/yunwei.js?0.15939944554444885 IP 103.101.153.144 ASN #136600 Beijing Fengniao Network Technology Co., Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:58:20 Last Seen2023-03-11 23:31:18 Times Seen1 Hash 7903e966d30b916b05975a287b861599 3519f46c115baee4994a1385b6303769608ec33b efa06a60cf4850b54eea6487094240b2437ac2170be5f557fa622faa57fb0175 Loading...

	www.hf3999.com/	255 B	2023-03-07	2023-03-26
Pretty URL www.hf3999.com/ IP 103.101.153.144 ASN #136600 Beijing Fengniao Network Technology Co., Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:39:47 Last Seen2023-03-26 04:51:02 Times Seen6 Hash 3aef7c695e9f9e7a155d620fba1f3c88 c6d531ed63370ce63d598a751b57fca93436c63b e3c5aeceb03e3456cc23dbf0bb869e8f42c51fe956cdbcb2856b08afad49ac8b Loading...

	www.google-analytics.com/analytics.js	50 kB	2023-03-08	2024-04-19
Pretty URL www.google-analytics.com/analytics.js IP 142.250.74.174 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 05:22:31 Last Seen2024-04-19 19:03:21 Times Seen1521 Hash fda30e8a22c9bcd954fd8d0fadd0e77c ae47cd34cbde081a48d7f92fc80aaf06a1381193 b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719 Loading...

	c349b2front.jt1216.com/cdn/c349b2FW/static/js/app.2247cc39.js	336 kB	2023-03-11	2023-03-11
Pretty URL c349b2front.jt1216.com/cdn/c349b2FW/static/js/app.2247cc39.js IP 222.184.83.44 ASN #4134 Chinanet Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 20:24:52 Last Seen2023-03-11 20:47:49 Times Seen1 Hash ca301bc5155425f9662c917011849d73 fe689493b48b6c9718673481aae4a7d43075f6d2 efdbe741f5ff17f3f36c7b5d476834fbcb51864a8e9698af34363c2243f16495 Loading...

	www.hf3999.com/	110 B	2023-03-07	2023-03-26
Pretty URL www.hf3999.com/ IP 103.101.153.144 ASN #136600 Beijing Fengniao Network Technology Co., Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:39:47 Last Seen2023-03-26 04:51:02 Times Seen6 Hash 8508472a6de23912d470e51ff1990f22 87b05a5c8101a07948db900321b300c194a2643f 9b3d1d04517bfe6ec8f933a42730d6f0c0a4175b102c4efcdd8e02007292ae67 Loading...

	www.hf3999.com/	157 B	2023-03-07	2023-03-26
Pretty URL www.hf3999.com/ IP 103.101.153.144 ASN #136600 Beijing Fengniao Network Technology Co., Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:39:47 Last Seen2023-03-26 04:51:02 Times Seen6 Hash 9bdb5de2ba4496818d23616532367b82 1f8e7e358acab58aa66b3697f220bbeb94ee0414 9feb2d82f6794ffa42cce669195804cf96faf3bed169cd59dfb4228bbd27e8b4 Loading...

	c349b2front.jt1216.com/cdn/c349b2FW/3s/remove.js?v=20210302	171 B	2023-03-07	2024-04-18
Pretty URL c349b2front.jt1216.com/cdn/c349b2FW/3s/remove.js?v=20210302 IP 222.184.83.44 ASN #4134 Chinanet Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:39:47 Last Seen2024-04-18 08:36:19 Times Seen416 Hash 3f318734a8d8aefebe5f160df1f2f63c 3c2b87d334c76835fbe7144b74de83c9146739e1 03b30094fc8961140dc3ec1a1527337ead8667d9bc2ce6ed3981f1eb5217edf3 Loading...

	c349b2front.jt1216.com/cdn/c349b2FW/behavior/behavior.js	13 kB	2023-03-07	2023-08-30
Pretty URL c349b2front.jt1216.com/cdn/c349b2FW/behavior/behavior.js IP 222.184.83.44 ASN #4134 Chinanet Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:39:47 Last Seen2023-08-30 01:52:25 Times Seen62 Hash 554bfa08304c0d1614f53816d86ced48 eb597b4e22aa0df7fbfc0589d170a87faf3fc89b a2d970933a14441aba2bf69fe96b819db12244b25bd02c88f0f5f39bb89de965 Loading...

	www.hf3999.com/	367 B	2023-03-11	2023-03-11
Pretty URL www.hf3999.com/ IP 103.101.153.144 ASN #136600 Beijing Fengniao Network Technology Co., Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 20:24:53 Last Seen2023-03-11 20:47:49 Times Seen1 Hash 0fcb8922a63b958488727d253f5411e1 4b83b5a881270e7c32be0ca537d2f0fc76555579 a2e390fdf62dead1118992db20188d33576cad02bab5508e7853e485aa0d35ef Loading...

	www.hf3999.com/	373 B	2023-03-07	2023-03-26
Pretty URL www.hf3999.com/ IP 103.101.153.144 ASN #136600 Beijing Fengniao Network Technology Co., Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:39:47 Last Seen2023-03-26 04:51:02 Times Seen6 Hash 00a4a413528d4528e6845a1e6722b752 2950bcedd173994b292693af3ae1ef27abf9fec6 32263c2ee51128f35f329bf0664dab20ebbc41f5b893e47698dd08c7938965e2 Loading...

	c349b2front.jt1216.com/cdn/c349b2FW/static/js/Home.0838ae3d.js	46 kB	2023-03-07	2023-04-14
Pretty URL c349b2front.jt1216.com/cdn/c349b2FW/static/js/Home.0838ae3d.js IP 222.184.83.44 ASN #4134 Chinanet Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:04:32 Last Seen2023-04-14 22:58:27 Times Seen5 Hash 2249d84eec553e222531a54cdfb5d0ca d99f088bded6c64524eef0ed9ffa2979d8fb11ff 7defd79dbe53eb99229753966fabe6657542de391f9d44aa44c1e764273efe20 Loading...

	www.hf3999.com/init.js	4.5 kB	2023-03-07	2023-04-14
Pretty URL www.hf3999.com/init.js IP 103.101.153.144 ASN #136600 Beijing Fengniao Network Technology Co., Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:39:47 Last Seen2023-04-14 22:58:27 Times Seen10 Hash db0270665342b40b6df87350be292e8e 8820551c1c23ffa4f66b16e7b463ba5467bae185 d244e2ee3822e054132f5d45bcff5415599d529f0c250d2884217d4bd7b771ac Loading...

		Size	First Seen	Last Seen
	#1 Write - 3d28cadfdbbab27ca05b0ef4aaad67b4	93 B	2023-03-11	2023-03-11
Pretty Observations First Seen2023-03-11 20:47:49 Last Seen2023-03-11 20:47:49 Times Seen1 Hash 3d28cadfdbbab27ca05b0ef4aaad67b4 fa553a5845250887a55894862899d43c3c61bfd0 73fd1dbecba7ecd7f6d16da2c9f00b3ac0eb295ad92a75db32267815f617574f Loading...

HTTP Transactions (70)

URL IP Response Size

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a9f1d4d98705c281fed3b60343463200
db6f8aa98d2eda4e5473b116a222c3055568bb78
164d11173045b569cafb32e300e4c1ec6d6ab177fd34d0414cc40c541268779f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "164D11173045B569CAFB32E300E4C1EC6D6AB177FD34D0414CC40C541268779F"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5009
Expires: Sat, 26 Nov 2022 17:07:26 GMT
Date: Sat, 26 Nov 2022 15:43:57 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
15b59d5e62caedb4bec3ba6724906c1e
960f801e608a56fdd11449f4face29f62cad2b21
8c72a45737c2eeddf328b0ed3236f3243551d904e94ec9dd7254972ebfb9229e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2291
Cache-Control: max-age=156322
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 15:43:57 GMT
Etag: "6381eaec-1d7"
Expires: Mon, 28 Nov 2022 11:09:19 GMT
Last-Modified: Sat, 26 Nov 2022 10:31:08 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
71f9c681a82440fd55e76c780a20e55d
3147768cfbcdd06e0c6e69684292e68e99917a80
5ea71ce6dd9e927f9bb3f97f59cc1ac7dc25a949024815965b29bc5835614786

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5EA71CE6DD9E927F9BB3F97F59CC1AC7DC25A949024815965B29BC5835614786"
Last-Modified: Sat, 26 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14974
Expires: Sat, 26 Nov 2022 19:53:31 GMT
Date: Sat, 26 Nov 2022 15:43:57 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
567df7db606cf5d0871aa5bc9311b6da
4263faac7cbab2fcaf6661911dcad5091c06be17
e9650e1fdc46fc8678708ddcc37ab369c7a6d50489a004be896f20c7a3a644b0

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 26 Nov 2022 15:19:13 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1484
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: tLYECE1joTLU8aDwMh+M2aKJv4e3769fTFZSBoH6x/bVdhmcpGnIi8zUX/88k9XuB9OrYLEq1vg=
x-amz-request-id: Z8EJM1RE02GE66VS
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 26 Nov 2022 15:41:16 GMT
age: 161
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 15:43:57 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Content-Type, Content-Length, Last-Modified, Alert, Backoff, Pragma, Expires, Retry-After, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 26 Nov 2022 15:08:54 GMT
cache-control: public,max-age=3600
age: 2104
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

hf3999.com/

156.234.168.109

301 Moved Permanently

0 B

URL HTTP/1.1
hf3999.com/
IP
156.234.168.109:0
ASN
#131685 Sun Network Hong Kong Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET / HTTP/1.1
Host: hf3999.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Content-Length: 0
Connection: Keep-Alive
X-NoCache: this
Date: Sat, 26 Nov 2022 12:15:11 GMT
Location: http://www.hf3999.com/

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
d3df71aab146eefc49acb608796aab63
8401892995193919376dfcd798b09c8261579454
a616c1e54e896576601e6107c1814adbebf35364d8ed807cdd89ac36b8200c88

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1751
Cache-Control: max-age=150724
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 15:43:58 GMT
Etag: "6381d72b-1d7"
Expires: Mon, 28 Nov 2022 09:36:02 GMT
Last-Modified: Sat, 26 Nov 2022 09:06:51 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

44.236.232.139

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
44.236.232.139:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: II0qVelcr/xOm3pqISamHQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Gq35eYWGcDa1nW+6vf03uFjB5qE=

www.hf3999.com/

103.101.153.144

200 OK

1.6 kB

URL HTTP/1.1
www.hf3999.com/
IP
103.101.153.144:0
ASN
#136600 Beijing Fengniao Network Technology Co., Ltd

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (3592), with no line terminators
Size
1.6 kB (1590 bytes)
Hash
fc76e5eba9b224e0137720b07e692b8f
f2ff6b526ef35c2ce11263126e6b19607df0ed93
face0829ae391b9b9b5ab82bae5e0f8fc6b237b15263760f595b0a09eb69747d

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET / HTTP/1.1
Host: www.hf3999.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 25 Nov 2022 05:02:13 GMT
Content-Type: text/html
Last-Modified: Fri, 25 Nov 2022 03:46:44 GMT
Transfer-Encoding: chunked
Vary: Accept-Encoding
ETag: W/"63803aa4-e3e"
Timing-Allow-Origin: *
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Connection: keep-alive
X-Cache: HIT

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
e388353a642bc503beff27c23339e2b5
7849301df8cbfa3f9c019b1d4033b66e0f44c4bd
5e595e9ce96c6147c3ff79ebba0068ddb0d997237a671936cb05d9575c59a424

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 15:43:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtag/js?id=UA-124279463-1

142.250.74.168

200 OK

44 kB

URL HTTP/2
www.googletagmanager.com/gtag/js?id=UA-124279463-1
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1921)
Size
44 kB (43614 bytes)
Hash
3bf0b2998243c082eb2a4c30f42c2d2a
0ce83f0041db0a7f350d0f782eb2ab3e5f442069
8fe5f158eb28018a8709bfdf01c9354855dafd3a7c487a52cccaaf49bb6d7dab

HTTP Headers

GET /gtag/js?id=UA-124279463-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.hf3999.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 26 Nov 2022 15:43:59 GMT
expires: Sat, 26 Nov 2022 15:43:59 GMT
cache-control: private, max-age=900
last-modified: Sat, 26 Nov 2022 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43614
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
e388353a642bc503beff27c23339e2b5
7849301df8cbfa3f9c019b1d4033b66e0f44c4bd
5e595e9ce96c6147c3ff79ebba0068ddb0d997237a671936cb05d9575c59a424

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 15:43:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.hf3999.com/init.js

103.101.153.144

200 OK

4.5 kB

URL HTTP/1.1
www.hf3999.com/init.js
IP
103.101.153.144:0
ASN
#136600 Beijing Fengniao Network Technology Co., Ltd

File type
Unicode text, UTF-8 text
Size
4.5 kB (4475 bytes)
Hash
db0270665342b40b6df87350be292e8e
8820551c1c23ffa4f66b16e7b463ba5467bae185
d244e2ee3822e054132f5d45bcff5415599d529f0c250d2884217d4bd7b771ac

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /init.js HTTP/1.1
Host: www.hf3999.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.hf3999.com/

HTTP/1.1 200 OK
Server: openresty
Date: Sat, 26 Nov 2022 15:43:59 GMT
Content-Type: application/javascript
Content-Length: 4475
Last-Modified: Wed, 27 Jul 2022 06:11:54 GMT
Connection: keep-alive
ETag: "62e0d72a-117b"
Timing-Allow-Origin: *
Access-Control-Allow-Origin: *
X-Cache: MISS

www.hf3999.com/saconfig/secure/yunwei.js?0.15939944554444885

103.101.153.144

200 OK

530 B

URL HTTP/1.1
www.hf3999.com/saconfig/secure/yunwei.js?0.15939944554444885
IP
103.101.153.144:0
ASN
#136600 Beijing Fengniao Network Technology Co., Ltd

File type
Unicode text, UTF-8 text
Size
530 B (530 bytes)
Hash
7903e966d30b916b05975a287b861599
3519f46c115baee4994a1385b6303769608ec33b
efa06a60cf4850b54eea6487094240b2437ac2170be5f557fa622faa57fb0175

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /saconfig/secure/yunwei.js?0.15939944554444885 HTTP/1.1
Host: www.hf3999.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.hf3999.com/

HTTP/1.1 200 OK
Server: openresty
Date: Sat, 26 Nov 2022 15:43:59 GMT
Content-Type: application/javascript
Content-Length: 530
Last-Modified: Fri, 18 Nov 2022 08:20:35 GMT
Connection: keep-alive
ETag: "63774053-212"
Timing-Allow-Origin: *
Access-Control-Allow-Origin: *
X-Cache: MISS

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8bb181e3f5ca898c6e31a8efc2e28291
eda3a91f8e2cbc5467da08ad85e6f6a30702b66c
0e943aacb4a46480ab031ef294a0e089976ec125c331c15116b6c79f6b0f2ff0

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7885
Expires: Sat, 26 Nov 2022 17:55:24 GMT
Date: Sat, 26 Nov 2022 15:43:59 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8bb181e3f5ca898c6e31a8efc2e28291
eda3a91f8e2cbc5467da08ad85e6f6a30702b66c
0e943aacb4a46480ab031ef294a0e089976ec125c331c15116b6c79f6b0f2ff0

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7885
Expires: Sat, 26 Nov 2022 17:55:24 GMT
Date: Sat, 26 Nov 2022 15:43:59 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8bb181e3f5ca898c6e31a8efc2e28291
eda3a91f8e2cbc5467da08ad85e6f6a30702b66c
0e943aacb4a46480ab031ef294a0e089976ec125c331c15116b6c79f6b0f2ff0

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7885
Expires: Sat, 26 Nov 2022 17:55:24 GMT
Date: Sat, 26 Nov 2022 15:43:59 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc537c2d0-d011-4ed0-a5d4-5f5d2190c49b.webp

34.120.237.76

200 OK

4.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc537c2d0-d011-4ed0-a5d4-5f5d2190c49b.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.4 kB (4366 bytes)
Hash
abd79421a3c44a8df11ad2cc50083309
8665e5f3026f2c2b9505eb139c478f4d359851c3
3a66b00498fa1322730705b1c4502614b5a520ac3f884f494d65e27a5bb62c3f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc537c2d0-d011-4ed0-a5d4-5f5d2190c49b.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4366
x-amzn-requestid: ce25f5ab-0c92-431e-ae4e-618829594a74
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLVNZFjHoAMFXLg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63813588-6a3a8dff70e717011e3a0606;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:37:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: CkXSlYXZ0DFVjVSVin4Km3_9nETFtQ8Qf6f2V5kjuwoCejVH3Qk0Qg==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 21:47:48 GMT
age: 64571
etag: "8665e5f3026f2c2b9505eb139c478f4d359851c3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

16 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1de44df6-bdc7-487f-a2a0-b42d26be2420.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
16 kB (15818 bytes)
Hash
17ebe470d040a6ea8c57e9b9d4f4e828
1ac7a410cd4f3709f476c776dd5646dd982dcfa8
d65114b68fcc12344c6df7bf294718b79822fa9782d3bd54ca044b66f82052b1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1de44df6-bdc7-487f-a2a0-b42d26be2420.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 15818
x-amzn-requestid: a6570859-3b03-492e-9f84-e25b01223da2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLXrUF3bIAMF8CA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381397b-379b1bcf2ac0715835e10e48;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:54:03 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: TI0cacek54dPUYW7fYy0xm-1CKdRXZGqBH1vGURakUsBbm-WGcW-vA==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 559326ad73233233a9e52cb9e8601ede.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 22:17:55 GMT
age: 62765
etag: "1ac7a410cd4f3709f476c776dd5646dd982dcfa8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F34ec689c-96b7-450b-b77e-e0ecb4d89c3c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.0 kB (9049 bytes)
Hash
c8dc4b8a7e9f7f4f84f0da568b43392b
3d32bff85cb7ec118c4496d0c3802829fdc9af3b
4b0ffde427085c796a7a5823604b29a4af43dbb93e99ec41f34feb37f52ac7d9

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F34ec689c-96b7-450b-b77e-e0ecb4d89c3c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9049
x-amzn-requestid: 6cbd9639-c29d-4ff4-8091-3168f64f4c78
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLVVGHzKoAMFSuA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638135ba-100ea4235fdf1df8491041c8;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:38:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: utbUF-6Z7rMqPNdRKHJyI-IZoyTy6HpkNBY-60xcZ-6NDXBz1XN6-Q==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 21:48:40 GMT
age: 64520
etag: "3d32bff85cb7ec118c4496d0c3802829fdc9af3b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

3.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf04cc9f-ee4b-42fd-914f-cd86b9dc30eb.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
3.5 kB (3502 bytes)
Hash
a783df85f30f9c555f9df6b99f61744d
61f9bed607e81606be78285596acdc5e0e4f4994
19db42201d0fa059f680d890ede6683c04e893e6308a2256d0203f826a7f34de

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf04cc9f-ee4b-42fd-914f-cd86b9dc30eb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 3502
x-amzn-requestid: ca3f2610-e03c-48a7-abb3-fbbab76f63d2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cCvYUHO5IAMFqDA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637dc5ce-7e36137711dc4668278c1c94;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 07:03:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: SRN-oOfa8Z0mQZFYkWAv32XFiXChfGjfwZkfWz-IzHubwrKgzwoTxQ==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 03:55:38 GMT
age: 42502
etag: "61f9bed607e81606be78285596acdc5e0e4f4994"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f5318cc-4728-4160-afd1-9d20b79b7de9.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.9 kB (9914 bytes)
Hash
3b1c6878914466cfece680fa7cb73502
47fac81a2dd809df5c42ca1362f71d553572d2b1
6458883dfa2bdfd483e92e5f847a229508ef00ce1dbd11f49eec369d0bd3160a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f5318cc-4728-4160-afd1-9d20b79b7de9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9914
x-amzn-requestid: 4db4ed29-20b4-4ca7-8835-2463d0989d5b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLVVFHQYIAMFc4Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638135b9-613da006118724124e345b29;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:38:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: qKxrYxVsJWOXAbrn6IpwLycF3rknFLkQeDyKOLq5WyflvTLeUjg_Lg==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 22:18:42 GMT
age: 62718
etag: "47fac81a2dd809df5c42ca1362f71d553572d2b1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.3 kB (4309 bytes)
Hash
841a4b110022a99ddea6f7bf66df0fa1
126771b86638108050cf57c0d12faa27f80f0edb
240fbffc1f9104433297d3ff7afba2d0b58d7f1b13d9a9260a1bad25216665db

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4309
x-amzn-requestid: a22b4d7e-e208-4bda-81c2-d13e6463380e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: blE0hGNioAMF_Tg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6371e81c-1b13846866f56a0e47675e56;Sampled=0
x-amzn-remapped-date: Mon, 14 Nov 2022 07:02:52 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 0sYKpJWi2Tv9Atz3PYXm5j7kmncAOxjcLcK4hgAkJ5b4pNMDmjdB6g==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 02:19:43 GMT
age: 48257
etag: "126771b86638108050cf57c0d12faa27f80f0edb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

www.google-analytics.com/analytics.js

142.250.74.174

200 OK

20 kB

URL HTTP/2
www.google-analytics.com/analytics.js
IP
142.250.74.174:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1325)
Size
20 kB (20039 bytes)
Hash
47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e

HTTP Headers

GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.hf3999.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Sat, 26 Nov 2022 14:41:08 GMT
expires: Sat, 26 Nov 2022 16:41:08 GMT
cache-control: public, max-age=7200
age: 3772
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.hf3999.com/favicon.ico

103.101.153.144

200 OK

4.7 kB

URL HTTP/1.1
www.hf3999.com/favicon.ico
IP
103.101.153.144:0
ASN
#136600 Beijing Fengniao Network Technology Co., Ltd

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size
4.7 kB (4675 bytes)
Hash
7d09949f6382ed26fd278e6163b5c1c5
8c9e900f13af89bf9cf1d212b73e865230dfefb2
544f33e9d1b1d1888f17589a51d532a8cba3bec59c3c638962102669d89dde91

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.hf3999.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.hf3999.com/

HTTP/1.1 200 OK
Server: openresty
Date: Sat, 26 Nov 2022 15:44:00 GMT
Content-Type: image/x-icon
Content-Length: 4675
Last-Modified: Thu, 23 Sep 2021 05:18:36 GMT
Connection: keep-alive
ETag: "614c0e2c-1243"
Timing-Allow-Origin: *
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
X-Cache: MISS

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
fb359f89c5fba339a4ad4152b61bfca7
365438105c76b1d9ef9f65e8339233060511dae8
c1531ceb5f9949b150ca2bd0b6c252a15f2635b3df5daf9f10fa76b909c5f470

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 15:44:00 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 25 Nov 2022 08:08:29 GMT
Expires: Fri, 02 Dec 2022 08:08:28 GMT
Etag: "365438105c76b1d9ef9f65e8339233060511dae8"
Cache-Control: max-age=490467,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7703be348b751bfe-OSL

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
db74bdea3d586cab0323942480996b1d
353d6dd8b096972c61fdc0cc50ec79b882c200f9
7f019f05621b0d5379db079df2c8cb2de3b3b98b8ed0ca6f847068ed19cd0d40

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7F019F05621B0D5379DB079DF2C8CB2DE3B3B98B8ED0CA6F847068ED19CD0D40"
Last-Modified: Thu, 24 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21562
Expires: Sat, 26 Nov 2022 21:43:23 GMT
Date: Sat, 26 Nov 2022 15:44:01 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
641883a7253aedc03b263eb64172a7e1
6c362bd4ed7a16f8721a6220bd1ab758124102d3
450b3a757f2e38e88742ea20788af9f9f36f96cc280cf9ce3e2de2755457a6c2

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "450B3A757F2E38E88742EA20788AF9F9F36F96CC280CF9CE3E2DE2755457A6C2"
Last-Modified: Fri, 25 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21578
Expires: Sat, 26 Nov 2022 21:43:39 GMT
Date: Sat, 26 Nov 2022 15:44:01 GMT
Connection: keep-alive

c349b2front.jt1216.com/cdn/c349b2FW/3s/remove.js?v=20210302

222.184.83.44

200 OK

171 B

URL HTTP/2
c349b2front.jt1216.com/cdn/c349b2FW/3s/remove.js?v=20210302
IP
222.184.83.44:0
ASN
#4134 Chinanet

File type
ASCII text
Size
171 B (171 bytes)
Hash
3f318734a8d8aefebe5f160df1f2f63c
3c2b87d334c76835fbe7144b74de83c9146739e1
03b30094fc8961140dc3ec1a1527337ead8667d9bc2ce6ed3981f1eb5217edf3

HTTP Headers

GET /cdn/c349b2FW/3s/remove.js?v=20210302 HTTP/1.1
Host: c349b2front.jt1216.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.hf3999.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
content-length: 171
date: Sat, 26 Nov 2022 15:18:10 GMT
server: nginx
last-modified: Fri, 25 Nov 2022 03:02:21 GMT
etag: "6380303d-ab"
access-control-allow-origin: *
accept-ranges: bytes
x-cc-via: 25_dx-jiangsu-huaian-13-cache-3[H,1]
X-Firefox-Spdy: h2

www.hf3999.com/_glaxy_c349b2_/webToken

103.101.153.144

200

379 B

URL HTTP/1.1
www.hf3999.com/_glaxy_c349b2_/webToken
IP
103.101.153.144:0
ASN
#136600 Beijing Fengniao Network Technology Co., Ltd

File type
JSON data\012- , Unicode text, UTF-8 text, with very long lines (371), with no line terminators
Size
379 B (379 bytes)
Hash
3ca9a1e468a6e1c2d6632291fd6de727
8ff8cfe62b3c673660c38b7c6270805e5b3d6ce7
5ebda1c4122438f7a446c87ce5c159474b46d5dd3220df5c641297140390e5ce

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

POST /_glaxy_c349b2_/webToken HTTP/1.1
Host: www.hf3999.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
AppId: gvfKHSZqKIMDMPHG8fP0Fp6SZsjrEh7s
Qid: 5c428017566670679a3f9f8150cd1101
v: 1.0.0
srcAppId: gvfKHSZqKIMDMPHG8fP0Fp6SZsjrEh7s
ipaddress: null
Sign: 352f50a357ce63f99ef3939a80b434bd
Content-Length: 48
Origin: http://www.hf3999.com
Connection: keep-alive
Referer: http://www.hf3999.com/
Cookie: _ga=GA1.2.521999937.1669477440; _gid=GA1.2.649515406.1669477440; _gat_gtag_UA_124279463_1=1

HTTP/1.1 200 
Server: openresty
Date: Sat, 26 Nov 2022 15:44:04 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: JSESSIONID=5500D3B921D6BC644ED67FC37F41A220; Path=/; HttpOnly
Access-Control-Allow-Headers: *
Access-Control-Allow-Method: *
Access-Control-Allow-Origin: *
X-Cache: MISS

www.hf3999.com/_glaxy_c349b2_/_extra_/api/app/getIp

103.101.153.144

200 OK

90 B

URL HTTP/1.1
www.hf3999.com/_glaxy_c349b2_/_extra_/api/app/getIp
IP
103.101.153.144:0
ASN
#136600 Beijing Fengniao Network Technology Co., Ltd

File type
JSON data\012- , Unicode text, UTF-8 text, with no line terminators
Size
90 B (90 bytes)
Hash
79d5500d8d9cb64fe2109a02fb7c5999
cb42e3c5b75fc13f75b2ee8fc8db7f53fde116a0
1c7bd44e6f8e640b199ba2ebbfbea81a7c4b7677e4609d09ace08156e9373168

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

POST /_glaxy_c349b2_/_extra_/api/app/getIp HTTP/1.1
Host: www.hf3999.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
AppId: gvfKHSZqKIMDMPHG8fP0Fp6SZsjrEh7s
Qid: a12875d398d2b30d4231be8dc17dec9e
v: 1.0.0
srcAppId: gvfKHSZqKIMDMPHG8fP0Fp6SZsjrEh7s
ipaddress: null
Sign: d1d333ac72a589ce67817a55355f7210
Content-Length: 70
Origin: http://www.hf3999.com
Connection: keep-alive
Referer: http://www.hf3999.com/
Cookie: _ga=GA1.2.521999937.1669477440; _gid=GA1.2.649515406.1669477440; _gat_gtag_UA_124279463_1=1

HTTP/1.1 200 OK
Server: openresty
Date: Sat, 26 Nov 2022 15:44:05 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP
Cache-Control: private, must-revalidate
pragma: no-cache
expires: -1
X-RateLimit-Limit: 2000
X-RateLimit-Remaining: 1998
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, PATCH, DELETE
Access-Control-Allow-Headers: Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Authorization , Access-Control-Request-Headers, X-CSRF-TOKEN
Access-Control-Expose-Headers: Authorization, authenticated
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: *
Access-Control-Allow-Origin: *, *
X-Cache: MISS

www.hf3999.com/_glaxy_c349b2_/webToken

103.101.153.144

200

379 B

URL HTTP/1.1
www.hf3999.com/_glaxy_c349b2_/webToken
IP
103.101.153.144:0
ASN
#136600 Beijing Fengniao Network Technology Co., Ltd

File type
JSON data\012- , Unicode text, UTF-8 text, with very long lines (371), with no line terminators
Size
379 B (379 bytes)
Hash
71591c2b451b386bc2479890919c80db
e063700d5f1f2eccb0686dd2c8f096aa6e27e10a
1ee40ce36c84e5ec582e7eac7b66da8d4d7bd66d943a7c420e5280bcd57f1939

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

POST /_glaxy_c349b2_/webToken HTTP/1.1
Host: www.hf3999.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
AppId: gvfKHSZqKIMDMPHG8fP0Fp6SZsjrEh7s
Qid: ac63055e830f70c0d922ee6338c15352
v: 1.0.0
srcAppId: gvfKHSZqKIMDMPHG8fP0Fp6SZsjrEh7s
ipaddress: null
Sign: d510fea6524065e30973b79acb8096ff
Content-Length: 48
Origin: http://www.hf3999.com
Connection: keep-alive
Referer: http://www.hf3999.com/home
Cookie: _ga=GA1.2.521999937.1669477440; _gid=GA1.2.649515406.1669477440; _gat_gtag_UA_124279463_1=1

HTTP/1.1 200 
Server: openresty
Date: Sat, 26 Nov 2022 15:44:05 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: JSESSIONID=3425A6EF714A50E8DC93AF809A79E31B; Path=/; HttpOnly
Access-Control-Allow-Headers: *
Access-Control-Allow-Method: *
Access-Control-Allow-Origin: *
X-Cache: MISS

www.hf3999.com/_glaxy_c349b2_/_extra_/api/signIn/haveEverdaySign

103.101.153.144

200 OK

8.8 kB

URL HTTP/1.1
www.hf3999.com/_glaxy_c349b2_/_extra_/api/signIn/haveEverdaySign
IP
103.101.153.144:0
ASN
#136600 Beijing Fengniao Network Technology Co., Ltd

File type
JSON data\012- , ASCII text, with very long lines (8838), with no line terminators
Size
8.8 kB (8838 bytes)
Hash
43844da4323523176ad473812ffe780e
cd8e347c6c36bdc348387d5ee9e2866d95f575b7
cf1023f51c5dd8281969fdd4c8f450951fc2352c055676e7ee295c5d2b4266f2

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

POST /_glaxy_c349b2_/_extra_/api/signIn/haveEverdaySign HTTP/1.1
Host: www.hf3999.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
AppId: gvfKHSZqKIMDMPHG8fP0Fp6SZsjrEh7s
Qid: 008bc2d17ab50a9e48727f9084394c27
v: 1.0.0
srcAppId: gvfKHSZqKIMDMPHG8fP0Fp6SZsjrEh7s
ipaddress: null
Sign: 6a249ca01ab40d89edd070e4daf4d104
Content-Length: 70
Origin: http://www.hf3999.com
Connection: keep-alive
Referer: http://www.hf3999.com/home
Cookie: _ga=GA1.2.521999937.1669477440; _gid=GA1.2.649515406.1669477440; _gat_gtag_UA_124279463_1=1

HTTP/1.1 200 OK
Server: openresty
Date: Sat, 26 Nov 2022 15:44:05 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP
Cache-Control: private, must-revalidate
X-RateLimit-Limit: 2000
X-RateLimit-Remaining: 1997
pragma: no-cache
expires: -1
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, PATCH, DELETE
Access-Control-Allow-Headers: Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Authorization , Access-Control-Request-Headers, X-CSRF-TOKEN
Access-Control-Expose-Headers: Authorization, authenticated
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: *
Access-Control-Allow-Origin: *, *
X-Cache: MISS

www.hf3999.com/_glaxy_c349b2_/areaLimitV2

103.101.153.144

200

108 B

URL HTTP/1.1
www.hf3999.com/_glaxy_c349b2_/areaLimitV2
IP
103.101.153.144:0
ASN
#136600 Beijing Fengniao Network Technology Co., Ltd

File type
JSON data\012- , Unicode text, UTF-8 text, with no line terminators
Size
108 B (108 bytes)
Hash
7d915e4d5c29047ae8bdb5f9913285a2
a539cdbb05606dc848f401698b90aedcb3f66553
e7400cf77653940e94a119aaa748f8e9b12529465ba27fd806bb5be108986b1a

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

POST /_glaxy_c349b2_/areaLimitV2 HTTP/1.1
Host: www.hf3999.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
AppId: gvfKHSZqKIMDMPHG8fP0Fp6SZsjrEh7s
Qid: ee7e53308b64320947b6255de62d49c4
v: 1.0.0
srcAppId: gvfKHSZqKIMDMPHG8fP0Fp6SZsjrEh7s
ipaddress: null
Sign: 70801058653c703df53ddb567576fa17
token: 6sNvgv4wu0ICwux5LB/xtPzCS02KOsmLDafw2JEi5K8/CHMKK6YkhxfItikUmF1VwMjclQk6wq49uRQbg2MvXQgf5d1nH3x8zT0wjUs37+G4t/5RrmMgoA==
deviceId: 9e4947f35751465411fd1a4f5c358c78
Content-Length: 48
Origin: http://www.hf3999.com
Connection: keep-alive
Referer: http://www.hf3999.com/home
Cookie: _ga=GA1.2.521999937.1669477440; _gid=GA1.2.649515406.1669477440; _gat_gtag_UA_124279463_1=1; JSESSIONID=5500D3B921D6BC644ED67FC37F41A220

HTTP/1.1 200 
Server: openresty
Date: Sat, 26 Nov 2022 15:44:05 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Access-Control-Allow-Headers: *
Access-Control-Allow-Method: *
Access-Control-Allow-Origin: *
X-Cache: MISS

www.hf3999.com/_glaxy_c349b2_/webToken

103.101.153.144

200

380 B

URL HTTP/1.1
www.hf3999.com/_glaxy_c349b2_/webToken
IP
103.101.153.144:0
ASN
#136600 Beijing Fengniao Network Technology Co., Ltd

File type
JSON data\012- , Unicode text, UTF-8 text, with very long lines (372), with no line terminators
Size
380 B (380 bytes)
Hash
5b196534393db6cee19c9526befbd58d
feb324faad5964623fff71a8060c480da1a59ccd
eecbea9604c67f6e87a2b788417d9a677c3a6de2696edeb3ed3a39ebfc5db19a

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

POST /_glaxy_c349b2_/webToken HTTP/1.1
Host: www.hf3999.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
AppId: gvfKHSZqKIMDMPHG8fP0Fp6SZsjrEh7s
Qid: 80cc118fa8dccc860c5c47f0d4b6c5b6
v: 1.0.0
srcAppId: gvfKHSZqKIMDMPHG8fP0Fp6SZsjrEh7s
ipaddress: null
Sign: b1d71e31d79080ff820daded4eeae646
Content-Length: 48
Origin: http://www.hf3999.com
Connection: keep-alive
Referer: http://www.hf3999.com/home
Cookie: _ga=GA1.2.521999937.1669477440; _gid=GA1.2.649515406.1669477440; _gat_gtag_UA_124279463_1=1

HTTP/1.1 200 
Server: openresty
Date: Sat, 26 Nov 2022 15:44:05 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: JSESSIONID=B4E789B775E9CE6A025AECF1B489F9DA; Path=/; HttpOnly
Access-Control-Allow-Headers: *
Access-Control-Allow-Method: *
Access-Control-Allow-Origin: *
X-Cache: MISS

c349b2front.jt1216.com/cdn/c349b2FW/static/img/charge_tutorial.39911fdf.png

222.184.83.44

200 OK

15 kB

URL HTTP/2
c349b2front.jt1216.com/cdn/c349b2FW/static/img/charge_tutorial.39911fdf.png
IP
222.184.83.44:0
ASN
#4134 Chinanet

File type
data
Size
15 kB (15217 bytes)
Hash
dcd05e78bc6b0e0b3d86278028ac2a06
dea6b7e14b226397a2d7da17781c2688b3ecef6b
dea77ee84f102ff3c020db869d22181018bae0c75864bb60f592f478c0669afb

HTTP Headers

GET /cdn/c349b2FW/static/img/charge_tutorial.39911fdf.png HTTP/1.1
Host: c349b2front.jt1216.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c349b2front.jt1216.com/cdn/c349b2FW/static/css/app.7c0e53df.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/png
date: Sat, 26 Nov 2022 09:36:48 GMT
server: nginx
last-modified: Fri, 25 Nov 2022 03:02:21 GMT
vary: Accept-Encoding
etag: W/"6380303d-3ae9"
access-control-allow-origin: *
content-encoding: gzip
x-cc-via: 24_dx-jiangsu-huaian-13-cache-3[H,3]
X-Firefox-Spdy: h2

c349b2front.jt1216.com/cdn/c349b2FW/static/img/footer_logo.47d005bf.png

222.184.83.44

200 OK

21 kB

URL HTTP/2
c349b2front.jt1216.com/cdn/c349b2FW/static/img/footer_logo.47d005bf.png
IP
222.184.83.44:0
ASN
#4134 Chinanet

File type
data
Size
21 kB (20936 bytes)
Hash
33bc19e92625aac8c726748295f4374e
156305a2796b20061e713fe944a74d016eaf1cd4
7abec590323605d6a6f85f157c2ac5981259472faec39cafe90414163291646f

HTTP Headers

GET /cdn/c349b2FW/static/img/footer_logo.47d005bf.png HTTP/1.1
Host: c349b2front.jt1216.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c349b2front.jt1216.com/cdn/c349b2FW/static/css/app.7c0e53df.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/png
date: Fri, 25 Nov 2022 21:29:19 GMT
server: nginx
last-modified: Mon, 21 Nov 2022 01:14:36 GMT
vary: Accept-Encoding
etag: W/"637ad0fc-4c95"
access-control-allow-origin: *
content-encoding: gzip
x-cc-via: 25_dx-jiangsu-huaian-13-cache-3[H,3]
X-Firefox-Spdy: h2

c349b2front.jt1216.com/cdn/c349b2FW/static/img/logosmall.00ff086a.png

222.184.83.44

200 OK

6.3 kB

URL HTTP/2
c349b2front.jt1216.com/cdn/c349b2FW/static/img/logosmall.00ff086a.png
IP
222.184.83.44:0
ASN
#4134 Chinanet

File type
data
Size
6.3 kB (6330 bytes)
Hash
e66cd525790b20be07a050b34e9dc5bd
f29c5d8f38de13170f8a04659ea10f74561e7f89
aa7c4cc969964bf8b8ceb2d74150fdd860dbd3527b24e47a53fa85d4a1442e8e

HTTP Headers

GET /cdn/c349b2FW/static/img/logosmall.00ff086a.png HTTP/1.1
Host: c349b2front.jt1216.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.hf3999.com
Connection: keep-alive
Referer: http://www.hf3999.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/png
date: Sat, 26 Nov 2022 12:33:33 GMT
server: nginx
last-modified: Fri, 25 Nov 2022 03:02:21 GMT
vary: Accept-Encoding
etag: W/"6380303d-1834"
access-control-allow-origin: *
content-encoding: gzip
x-cc-via: 32_dx-jiangsu-huaian-13-cache-3[H,3]
X-Firefox-Spdy: h2

www.hf3999.com/_glaxy_c349b2_/game/queryGames

103.101.153.144

200

1.8 kB

URL HTTP/1.1
www.hf3999.com/_glaxy_c349b2_/game/queryGames
IP
103.101.153.144:0
ASN
#136600 Beijing Fengniao Network Technology Co., Ltd

File type
JSON data\012- , Unicode text, UTF-8 text, with very long lines (1812), with no line terminators
Size
1.8 kB (1820 bytes)
Hash
7c54b3270714c6ffef48b781c3ed5865
889188ec29352505a5d277465e8ff1fbc3393784
6544ac19a8646b225094d2498062c15baa7a6abf846d4ea85e34691156cb3054

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

POST /_glaxy_c349b2_/game/queryGames HTTP/1.1
Host: www.hf3999.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
AppId: gvfKHSZqKIMDMPHG8fP0Fp6SZsjrEh7s
Qid: 2afa6440955ae8c4c2303d101a708043
v: 1.0.0
srcAppId: gvfKHSZqKIMDMPHG8fP0Fp6SZsjrEh7s
ipaddress: 91.90.42.154
Sign: f7d6371ff990d71618bbd96310687bd4
token: 6sNvgv4wu0JmoZpRTWc8rZ83l4dQ0iq1bEHEaHlOFnzeUoqT1pjSOhfItikUmF1Vk5xQfJ79ikLeo2oAEhkzNbKPiWnA5kV2fWLaoRA9Lqt57EvzLrpACA==
deviceId: 9e4947f35751465411fd1a4f5c358c78
Content-Length: 65
Origin: http://www.hf3999.com
Connection: keep-alive
Referer: http://www.hf3999.com/home
Cookie: _ga=GA1.2.521999937.1669477440; _gid=GA1.2.649515406.1669477440; _gat_gtag_UA_124279463_1=1; JSESSIONID=B4E789B775E9CE6A025AECF1B489F9DA

HTTP/1.1 200 
Server: openresty
Date: Sat, 26 Nov 2022 15:44:06 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Headers: *
Access-Control-Allow-Method: *
Access-Control-Allow-Origin: *
X-Cache: MISS

c349b2front.jt1216.com/cdn/c349b2FW/static/img/game.b9b13060.jpg

222.184.83.44

200 OK

19 kB

URL HTTP/2
c349b2front.jt1216.com/cdn/c349b2FW/static/img/game.b9b13060.jpg
IP
222.184.83.44:0
ASN
#4134 Chinanet

File type
data
Size
19 kB (19435 bytes)
Hash
260a96e0cdc40f75fc202db62e0d97b3
fc5e71d1ef9a8f310e49a19ad02cc88a45dfe832
432300ac35fbe964a7e07a91a47081a3f297f911b1b70353853ae5b31efa62a9

HTTP Headers

GET /cdn/c349b2FW/static/img/game.b9b13060.jpg HTTP/1.1
Host: c349b2front.jt1216.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c349b2front.jt1216.com/cdn/c349b2FW/static/css/app.7c0e53df.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
date: Sat, 26 Nov 2022 07:34:37 GMT
server: nginx
last-modified: Fri, 25 Nov 2022 03:02:21 GMT
vary: Accept-Encoding
etag: W/"6380303d-4cd0"
access-control-allow-origin: *
content-encoding: gzip
x-cc-via: 30_dx-jiangsu-huaian-13-cache-3[H,2]
X-Firefox-Spdy: h2

www.hf3999.com/_glaxy_c349b2_/customer/preCreateAccount

103.101.153.144

200

101 B

URL HTTP/1.1
www.hf3999.com/_glaxy_c349b2_/customer/preCreateAccount
IP
103.101.153.144:0
ASN
#136600 Beijing Fengniao Network Technology Co., Ltd

File type
JSON data\012- , Unicode text, UTF-8 text, with no line terminators
Size
101 B (101 bytes)
Hash
ad10d99b06d2572bdf0764e5905d94b6
5fffdf3965edc603021e7a2edab388360049b8d5
92d984e894a6361110648e0af3786d2a549ad9c36310e1caded6a8aed83710db

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

POST /_glaxy_c349b2_/customer/preCreateAccount HTTP/1.1
Host: www.hf3999.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
AppId: gvfKHSZqKIMDMPHG8fP0Fp6SZsjrEh7s
Qid: c8d3f79741e90746679339ea8fafffbd
v: 1.0.0
srcAppId: gvfKHSZqKIMDMPHG8fP0Fp6SZsjrEh7s
ipaddress: 91.90.42.154
Sign: eef4d3102672e3071058aada737568a3
token: 6sNvgv4wu0JmoZpRTWc8rZ83l4dQ0iq1bEHEaHlOFnzeUoqT1pjSOhfItikUmF1Vk5xQfJ79ikLeo2oAEhkzNbKPiWnA5kV2fWLaoRA9Lqt57EvzLrpACA==
deviceId: 9e4947f35751465411fd1a4f5c358c78
Content-Length: 48
Origin: http://www.hf3999.com
Connection: keep-alive
Referer: http://www.hf3999.com/home
Cookie: _ga=GA1.2.521999937.1669477440; _gid=GA1.2.649515406.1669477440; _gat_gtag_UA_124279463_1=1; JSESSIONID=B4E789B775E9CE6A025AECF1B489F9DA

HTTP/1.1 200 
Server: openresty
Date: Sat, 26 Nov 2022 15:44:06 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Headers: *
Access-Control-Allow-Method: *
Access-Control-Allow-Origin: *
X-Cache: MISS

c349b2front.jt1216.com/cdn/c349b2FW/static/js/Home.0838ae3d.js

222.184.83.44

200 OK

50 kB

URL HTTP/2
c349b2front.jt1216.com/cdn/c349b2FW/static/js/Home.0838ae3d.js
IP
222.184.83.44:0
ASN
#4134 Chinanet

File type
data
Size
50 kB (50101 bytes)
Hash
2ad8665b1c6da0ff4ff8a31ee3d2f64f
6b1dd88691c94712f6a2355af019d14b8c49f005
02d2cfbd2252b8f1e4d9314102aa535fa860945ddf56769cd2d27c67bcafde8f

HTTP Headers

GET /cdn/c349b2FW/static/js/Home.0838ae3d.js HTTP/1.1
Host: c349b2front.jt1216.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.hf3999.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Sat, 26 Nov 2022 15:44:04 GMT
server: nginx
last-modified: Fri, 25 Nov 2022 03:02:21 GMT
vary: Accept-Encoding
etag: W/"6380303d-b3ed"
access-control-allow-origin: *
content-encoding: gzip
x-cc-via: 32_dx-jiangsu-huaian-13-cache-3[H,15]
X-Firefox-Spdy: h2

c349b2front.jt1216.com/cdn/c349b2FW/static/img/game6.b0f07d7a.jpg

222.184.83.44

200 OK

75 kB

URL HTTP/2
c349b2front.jt1216.com/cdn/c349b2FW/static/img/game6.b0f07d7a.jpg
IP
222.184.83.44:0
ASN
#4134 Chinanet

File type
data
Size
75 kB (74841 bytes)
Hash
4debb49ea8e006608989c7ef66cc5c7e
b23927efe16de3ebdb2489eee34eaf85e6c38671
36e075a10863bbe510c3b6d3556b83fd7e6e52dcff99702baa8937a439a49f58

HTTP Headers

GET /cdn/c349b2FW/static/img/game6.b0f07d7a.jpg HTTP/1.1
Host: c349b2front.jt1216.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.hf3999.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
date: Sat, 26 Nov 2022 07:34:38 GMT
server: nginx
last-modified: Fri, 25 Nov 2022 03:02:21 GMT
vary: Accept-Encoding
etag: W/"6380303d-b2f5"
access-control-allow-origin: *
content-encoding: gzip
x-cc-via: 26_dx-jiangsu-huaian-13-cache-3[H,18]
X-Firefox-Spdy: h2

c349b2front.jt1216.com/cdn/c349b2FW/static/js/app.2247cc39.js

222.184.83.44

200 OK

0 B

URL HTTP/2
c349b2front.jt1216.com/cdn/c349b2FW/static/js/app.2247cc39.js
IP
222.184.83.44:0
ASN
#4134 Chinanet

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /cdn/c349b2FW/static/js/app.2247cc39.js HTTP/1.1
Host: c349b2front.jt1216.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.hf3999.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Sat, 26 Nov 2022 15:18:12 GMT
server: nginx
last-modified: Fri, 25 Nov 2022 03:02:21 GMT
vary: Accept-Encoding
etag: W/"6380303d-51e60"
access-control-allow-origin: *
content-encoding: gzip
x-cc-via: 31_dx-jiangsu-huaian-13-cache-3[H,24]
X-Firefox-Spdy: h2

c349b2front.jt1216.com/cdn/c349b2FW/static/img/offer2.aee16349.jpg

222.184.83.44

200 OK

0 B

URL HTTP/2
c349b2front.jt1216.com/cdn/c349b2FW/static/img/offer2.aee16349.jpg
IP
222.184.83.44:0
ASN
#4134 Chinanet

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /cdn/c349b2FW/static/img/offer2.aee16349.jpg HTTP/1.1
Host: c349b2front.jt1216.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.hf3999.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
date: Sat, 26 Nov 2022 05:46:17 GMT
server: nginx
last-modified: Fri, 25 Nov 2022 03:02:21 GMT
vary: Accept-Encoding
etag: W/"6380303d-e0eb"
access-control-allow-origin: *
content-encoding: gzip
x-cc-via: 30_dx-jiangsu-huaian-13-cache-3[H,28]
X-Firefox-Spdy: h2

c349b2front.jt1216.com/cdn/c349b2FW/static/img/ag3.be67febf.jpg

222.184.83.44

200 OK

0 B

URL HTTP/2
c349b2front.jt1216.com/cdn/c349b2FW/static/img/ag3.be67febf.jpg
IP
222.184.83.44:0
ASN
#4134 Chinanet

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /cdn/c349b2FW/static/img/ag3.be67febf.jpg HTTP/1.1
Host: c349b2front.jt1216.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c349b2front.jt1216.com/cdn/c349b2FW/static/css/app.7c0e53df.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
date: Sat, 26 Nov 2022 11:54:24 GMT
server: nginx
last-modified: Fri, 25 Nov 2022 03:02:21 GMT
vary: Accept-Encoding
etag: W/"6380303d-3ce9"
access-control-allow-origin: *
content-encoding: gzip
x-cc-via: 25_dx-jiangsu-huaian-13-cache-3[H,2]
X-Firefox-Spdy: h2

c349b2front.jt1216.com/cdn/c349b2FW/static/img/icon.0a0c16fb.png

222.184.83.44

200 OK

0 B

URL HTTP/2
c349b2front.jt1216.com/cdn/c349b2FW/static/img/icon.0a0c16fb.png
IP
222.184.83.44:0
ASN
#4134 Chinanet

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /cdn/c349b2FW/static/img/icon.0a0c16fb.png HTTP/1.1
Host: c349b2front.jt1216.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c349b2front.jt1216.com/cdn/c349b2FW/static/css/app.7c0e53df.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/png
date: Sat, 26 Nov 2022 11:54:24 GMT
server: nginx
last-modified: Fri, 25 Nov 2022 03:02:21 GMT
vary: Accept-Encoding
etag: W/"6380303d-19c7"
access-control-allow-origin: *
content-encoding: gzip
x-cc-via: 26_dx-jiangsu-huaian-13-cache-3[H,3]
X-Firefox-Spdy: h2

c349b2front.jt1216.com/cdn/c349b2FW/static/img/ag1.8f102913.jpg

222.184.83.44

200 OK

0 B

URL HTTP/2
c349b2front.jt1216.com/cdn/c349b2FW/static/img/ag1.8f102913.jpg
IP
222.184.83.44:0
ASN
#4134 Chinanet

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /cdn/c349b2FW/static/img/ag1.8f102913.jpg HTTP/1.1
Host: c349b2front.jt1216.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c349b2front.jt1216.com/cdn/c349b2FW/static/css/app.7c0e53df.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
date: Sat, 26 Nov 2022 07:34:37 GMT
server: nginx
last-modified: Fri, 25 Nov 2022 03:02:21 GMT
vary: Accept-Encoding
etag: W/"6380303d-ff0c"
access-control-allow-origin: *
content-encoding: gzip
x-cc-via: 32_dx-jiangsu-huaian-13-cache-3[H,19]
X-Firefox-Spdy: h2

c349b2front.jt1216.com/cdn/c349b2FW/static/img/game2.2b372bf5.jpg

222.184.83.44

200 OK

0 B

URL HTTP/2
c349b2front.jt1216.com/cdn/c349b2FW/static/img/game2.2b372bf5.jpg
IP
222.184.83.44:0
ASN
#4134 Chinanet

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /cdn/c349b2FW/static/img/game2.2b372bf5.jpg HTTP/1.1
Host: c349b2front.jt1216.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c349b2front.jt1216.com/cdn/c349b2FW/static/css/app.7c0e53df.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
date: Sat, 26 Nov 2022 09:36:48 GMT
server: nginx
last-modified: Fri, 25 Nov 2022 03:02:21 GMT
vary: Accept-Encoding
etag: W/"6380303d-ed46"
access-control-allow-origin: *
content-encoding: gzip
x-cc-via: 26_dx-jiangsu-huaian-13-cache-3[H,42]
X-Firefox-Spdy: h2

c349b2front.jt1216.com/cdn/c349b2FW/cdn_test.jpg?1669477439675

222.184.83.44

200 OK

0 B

URL HTTP/2
c349b2front.jt1216.com/cdn/c349b2FW/cdn_test.jpg?1669477439675
IP
222.184.83.44:0
ASN
#4134 Chinanet

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /cdn/c349b2FW/cdn_test.jpg?1669477439675 HTTP/1.1
Host: c349b2front.jt1216.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.hf3999.com
Connection: keep-alive
Referer: http://www.hf3999.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: image/jpeg
date: Sat, 26 Nov 2022 15:44:01 GMT
server: nginx
last-modified: Fri, 25 Nov 2022 03:02:21 GMT
vary: Accept-Encoding
etag: W/"6380303d-c6d7"
access-control-allow-origin: *
content-encoding: gzip
x-cc-via: 117_HK-xianggang-xianggang-4-cache-2[M,6],16_dx-lt-yd-obgp-zhejiang-hangzhou-11-cache-2[M,43],32_dx-jiangsu-huaian-13-cache-3[M,269]
X-Firefox-Spdy: h2

c349b2front.jt1216.com/cdn/c349b2FW/static/img/game5.c6c3eaea.jpg

222.184.83.44

200 OK

0 B

URL HTTP/2
c349b2front.jt1216.com/cdn/c349b2FW/static/img/game5.c6c3eaea.jpg
IP
222.184.83.44:0
ASN
#4134 Chinanet

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /cdn/c349b2FW/static/img/game5.c6c3eaea.jpg HTTP/1.1
Host: c349b2front.jt1216.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.hf3999.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
date: Sat, 26 Nov 2022 07:34:38 GMT
server: nginx
last-modified: Fri, 25 Nov 2022 03:02:21 GMT
vary: Accept-Encoding
etag: W/"6380303d-d33c"
access-control-allow-origin: *
content-encoding: gzip
x-cc-via: 31_dx-jiangsu-huaian-13-cache-3[H,29]
X-Firefox-Spdy: h2

c349b2front.jt1216.com/cdn/c349b2FW/static/img/game8.ffce75c2.jpg

222.184.83.44

200 OK

0 B

URL HTTP/2
c349b2front.jt1216.com/cdn/c349b2FW/static/img/game8.ffce75c2.jpg
IP
222.184.83.44:0
ASN
#4134 Chinanet

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /cdn/c349b2FW/static/img/game8.ffce75c2.jpg HTTP/1.1
Host: c349b2front.jt1216.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.hf3999.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
date: Sat, 26 Nov 2022 05:46:17 GMT
server: nginx
last-modified: Fri, 25 Nov 2022 03:02:21 GMT
vary: Accept-Encoding
etag: W/"6380303d-1177e"
access-control-allow-origin: *
content-encoding: gzip
x-cc-via: 31_dx-jiangsu-huaian-13-cache-3[H,35]
X-Firefox-Spdy: h2

c349b2front.jt1216.com/cdn/c349b2FW/static/img/hezuo.361762e2.jpg

222.184.83.44

200 OK

0 B

URL HTTP/2
c349b2front.jt1216.com/cdn/c349b2FW/static/img/hezuo.361762e2.jpg
IP
222.184.83.44:0
ASN
#4134 Chinanet

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /cdn/c349b2FW/static/img/hezuo.361762e2.jpg HTTP/1.1
Host: c349b2front.jt1216.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c349b2front.jt1216.com/cdn/c349b2FW/static/css/app.7c0e53df.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
date: Fri, 25 Nov 2022 15:47:00 GMT
server: nginx
last-modified: Fri, 25 Nov 2022 03:02:21 GMT
vary: Accept-Encoding
etag: W/"6380303d-326b"
access-control-allow-origin: *
content-encoding: gzip
x-cc-via: 30_dx-jiangsu-huaian-13-cache-3[H,2]
X-Firefox-Spdy: h2

c349b2front.jt1216.com/cdn/c349b2FW/_wms/img/_l/_banner/banner-index-109df39bd4a69aeafd72040676daf0407.jpg_.webp

222.184.83.44

200 OK

0 B

URL HTTP/2
c349b2front.jt1216.com/cdn/c349b2FW/_wms/img/_l/_banner/banner-index-109df39bd4a69aeafd72040676daf0407.jpg_.webp
IP
222.184.83.44:0
ASN
#4134 Chinanet

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /cdn/c349b2FW/_wms/img/_l/_banner/banner-index-109df39bd4a69aeafd72040676daf0407.jpg_.webp HTTP/1.1
Host: c349b2front.jt1216.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.hf3999.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/webp
date: Sat, 26 Nov 2022 06:09:31 GMT
server: nginx
last-modified: Tue, 12 Apr 2022 07:31:20 GMT
vary: Accept-Encoding
etag: W/"62552ac8-810c"
access-control-allow-origin: *
content-encoding: gzip
x-cc-via: 31_dx-jiangsu-huaian-13-cache-3[H,2]
X-Firefox-Spdy: h2

c349b2front.jt1216.com/cdn/c349b2FW/static/css/app.7c0e53df.css

222.184.83.44

200 OK

0 B

URL HTTP/2
c349b2front.jt1216.com/cdn/c349b2FW/static/css/app.7c0e53df.css
IP
222.184.83.44:0
ASN
#4134 Chinanet

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /cdn/c349b2FW/static/css/app.7c0e53df.css HTTP/1.1
Host: c349b2front.jt1216.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.hf3999.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css
date: Sat, 26 Nov 2022 15:31:41 GMT
server: nginx
last-modified: Fri, 25 Nov 2022 03:02:21 GMT
vary: Accept-Encoding
etag: W/"6380303d-5fc1b"
access-control-allow-origin: *
content-encoding: gzip
x-cc-via: 26_dx-jiangsu-huaian-13-cache-3[H,5]
X-Firefox-Spdy: h2

c349b2front.jt1216.com/cdn/c349b2FW/static/img/game4.0bac7650.jpg

222.184.83.44

200 OK

0 B

URL HTTP/2
c349b2front.jt1216.com/cdn/c349b2FW/static/img/game4.0bac7650.jpg
IP
222.184.83.44:0
ASN
#4134 Chinanet

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /cdn/c349b2FW/static/img/game4.0bac7650.jpg HTTP/1.1
Host: c349b2front.jt1216.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.hf3999.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
date: Fri, 25 Nov 2022 15:47:00 GMT
server: nginx
last-modified: Mon, 21 Nov 2022 01:14:36 GMT
vary: Accept-Encoding
etag: W/"637ad0fc-efa9"
access-control-allow-origin: *
content-encoding: gzip
x-cc-via: 25_dx-jiangsu-huaian-13-cache-3[H,43]
X-Firefox-Spdy: h2

c349b2front.jt1216.com/cdn/c349b2FW/static/img/icon.37d73da9.png

222.184.83.44

200 OK

0 B

URL HTTP/2
c349b2front.jt1216.com/cdn/c349b2FW/static/img/icon.37d73da9.png
IP
222.184.83.44:0
ASN
#4134 Chinanet

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /cdn/c349b2FW/static/img/icon.37d73da9.png HTTP/1.1
Host: c349b2front.jt1216.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c349b2front.jt1216.com/cdn/c349b2FW/static/css/app.7c0e53df.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/png
date: Fri, 25 Nov 2022 15:47:00 GMT
server: nginx
last-modified: Fri, 25 Nov 2022 03:02:21 GMT
vary: Accept-Encoding
etag: W/"6380303d-7e87"
access-control-allow-origin: *
content-encoding: gzip
x-cc-via: 31_dx-jiangsu-huaian-13-cache-3[H,2]
X-Firefox-Spdy: h2

c349b2front.jt1216.com/cdn/c349b2FW/_wms/img/_l/_banner/banner-index-0c31fe59ed770d166abb27c5d3c5a142d.jpg_.webp

222.184.83.44

200 OK

0 B

URL HTTP/2
c349b2front.jt1216.com/cdn/c349b2FW/_wms/img/_l/_banner/banner-index-0c31fe59ed770d166abb27c5d3c5a142d.jpg_.webp
IP
222.184.83.44:0
ASN
#4134 Chinanet

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /cdn/c349b2FW/_wms/img/_l/_banner/banner-index-0c31fe59ed770d166abb27c5d3c5a142d.jpg_.webp HTTP/1.1
Host: c349b2front.jt1216.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.hf3999.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/webp
date: Sat, 26 Nov 2022 14:49:36 GMT
server: nginx
last-modified: Fri, 25 Nov 2022 04:09:55 GMT
vary: Accept-Encoding
etag: W/"63804013-10276"
access-control-allow-origin: *
content-encoding: gzip
x-cc-via: 31_dx-jiangsu-huaian-13-cache-3[H,3]
X-Firefox-Spdy: h2

c349b2front.jt1216.com/cdn/c349b2FW/static/css/chunk-vendors.97ef3fde.css

222.184.83.44

200 OK

0 B

URL HTTP/2
c349b2front.jt1216.com/cdn/c349b2FW/static/css/chunk-vendors.97ef3fde.css
IP
222.184.83.44:0
ASN
#4134 Chinanet

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /cdn/c349b2FW/static/css/chunk-vendors.97ef3fde.css HTTP/1.1
Host: c349b2front.jt1216.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.hf3999.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css
date: Sat, 26 Nov 2022 15:31:41 GMT
server: nginx
last-modified: Fri, 25 Nov 2022 03:02:21 GMT
vary: Accept-Encoding
etag: W/"6380303d-132ec"
access-control-allow-origin: *
content-encoding: gzip
x-cc-via: 32_dx-jiangsu-huaian-13-cache-3[H,4]
X-Firefox-Spdy: h2

c349b2front.jt1216.com/cdn/c349b2FW/behavior/behavior.js

222.184.83.44

200 OK

0 B

URL HTTP/2
c349b2front.jt1216.com/cdn/c349b2FW/behavior/behavior.js
IP
222.184.83.44:0
ASN
#4134 Chinanet

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /cdn/c349b2FW/behavior/behavior.js HTTP/1.1
Host: c349b2front.jt1216.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.hf3999.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Sat, 26 Nov 2022 15:18:10 GMT
server: nginx
last-modified: Fri, 25 Nov 2022 03:02:21 GMT
vary: Accept-Encoding
etag: W/"6380303d-31e5"
access-control-allow-origin: *
content-encoding: gzip
x-cc-via: 30_dx-jiangsu-huaian-13-cache-3[H,2]
X-Firefox-Spdy: h2

c349b2front.jt1216.com/cdn/c349b2FW/static/css/Home.fba8b51e.css

222.184.83.44

200 OK

0 B

URL HTTP/2
c349b2front.jt1216.com/cdn/c349b2FW/static/css/Home.fba8b51e.css
IP
222.184.83.44:0
ASN
#4134 Chinanet

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /cdn/c349b2FW/static/css/Home.fba8b51e.css HTTP/1.1
Host: c349b2front.jt1216.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.hf3999.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: text/css
date: Sat, 26 Nov 2022 15:44:04 GMT
server: nginx
last-modified: Fri, 25 Nov 2022 03:02:21 GMT
vary: Accept-Encoding
etag: W/"6380303d-14a48"
access-control-allow-origin: *
content-encoding: gzip
x-cc-via: 25_dx-jiangsu-huaian-13-cache-3[H,39]
X-Firefox-Spdy: h2

c349b2front.jt1216.com/cdn/c349b2FW/static/img/game1.c3e33166.jpg

222.184.83.44

200 OK

0 B

URL HTTP/2
c349b2front.jt1216.com/cdn/c349b2FW/static/img/game1.c3e33166.jpg
IP
222.184.83.44:0
ASN
#4134 Chinanet

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /cdn/c349b2FW/static/img/game1.c3e33166.jpg HTTP/1.1
Host: c349b2front.jt1216.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c349b2front.jt1216.com/cdn/c349b2FW/static/css/app.7c0e53df.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
date: Sat, 26 Nov 2022 11:54:24 GMT
server: nginx
last-modified: Fri, 25 Nov 2022 03:02:21 GMT
vary: Accept-Encoding
etag: W/"6380303d-2ccb"
access-control-allow-origin: *
content-encoding: gzip
x-cc-via: 27_dx-jiangsu-huaian-13-cache-3[H,3]
X-Firefox-Spdy: h2

c349b2front.jt1216.com/cdn/c349b2FW/static/img/offer3.32a305f0.jpg

222.184.83.44

200 OK

0 B

URL HTTP/2
c349b2front.jt1216.com/cdn/c349b2FW/static/img/offer3.32a305f0.jpg
IP
222.184.83.44:0
ASN
#4134 Chinanet

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /cdn/c349b2FW/static/img/offer3.32a305f0.jpg HTTP/1.1
Host: c349b2front.jt1216.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.hf3999.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
date: Sat, 26 Nov 2022 07:34:38 GMT
server: nginx
last-modified: Fri, 25 Nov 2022 03:02:21 GMT
vary: Accept-Encoding
etag: W/"6380303d-c912"
access-control-allow-origin: *
content-encoding: gzip
x-cc-via: 25_dx-jiangsu-huaian-13-cache-3[H,28]
X-Firefox-Spdy: h2

c349b2front.jt1216.com/cdn/c349b2FW/_wms/img/_l/_banner/banner-index-32438b377703b94c67fa3ac453ca0f08f.jpg_.webp

222.184.83.44

200 OK

0 B

URL HTTP/2
c349b2front.jt1216.com/cdn/c349b2FW/_wms/img/_l/_banner/banner-index-32438b377703b94c67fa3ac453ca0f08f.jpg_.webp
IP
222.184.83.44:0
ASN
#4134 Chinanet

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /cdn/c349b2FW/_wms/img/_l/_banner/banner-index-32438b377703b94c67fa3ac453ca0f08f.jpg_.webp HTTP/1.1
Host: c349b2front.jt1216.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.hf3999.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/webp
content-length: 70666
date: Sat, 26 Nov 2022 06:09:31 GMT
server: nginx
last-modified: Tue, 12 Apr 2022 07:31:21 GMT
etag: "62552ac9-1140a"
access-control-allow-origin: *
accept-ranges: bytes
x-cc-via: 30_dx-jiangsu-huaian-13-cache-3[H,12]
X-Firefox-Spdy: h2

c349b2front.jt1216.com/cdn/c349b2FW/static/img/ag5.6337f516.jpg

222.184.83.44

200 OK

0 B

URL HTTP/2
c349b2front.jt1216.com/cdn/c349b2FW/static/img/ag5.6337f516.jpg
IP
222.184.83.44:0
ASN
#4134 Chinanet

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /cdn/c349b2FW/static/img/ag5.6337f516.jpg HTTP/1.1
Host: c349b2front.jt1216.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c349b2front.jt1216.com/cdn/c349b2FW/static/css/app.7c0e53df.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
date: Fri, 25 Nov 2022 15:47:00 GMT
server: nginx
last-modified: Mon, 21 Nov 2022 01:14:36 GMT
vary: Accept-Encoding
etag: W/"637ad0fc-393e"
access-control-allow-origin: *
content-encoding: gzip
x-cc-via: 25_dx-jiangsu-huaian-13-cache-3[H,2]
X-Firefox-Spdy: h2

c349b2front.jt1216.com/cdn/c349b2FW/static/img/sideIcon.64731ed0.png

222.184.83.44

200 OK

0 B

URL HTTP/2
c349b2front.jt1216.com/cdn/c349b2FW/static/img/sideIcon.64731ed0.png
IP
222.184.83.44:0
ASN
#4134 Chinanet

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /cdn/c349b2FW/static/img/sideIcon.64731ed0.png HTTP/1.1
Host: c349b2front.jt1216.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c349b2front.jt1216.com/cdn/c349b2FW/static/css/app.7c0e53df.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/png
date: Fri, 25 Nov 2022 15:47:00 GMT
server: nginx
last-modified: Fri, 25 Nov 2022 03:02:21 GMT
vary: Accept-Encoding
etag: W/"6380303d-207d"
access-control-allow-origin: *
content-encoding: gzip
x-cc-via: 31_dx-jiangsu-huaian-13-cache-3[H,3]
X-Firefox-Spdy: h2

c349b2front.jt1216.com/cdn/c349b2FW/static/js/chunk-vendors.345dc292.js

222.184.83.44

200 OK

0 B

URL HTTP/2
c349b2front.jt1216.com/cdn/c349b2FW/static/js/chunk-vendors.345dc292.js
IP
222.184.83.44:0
ASN
#4134 Chinanet

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /cdn/c349b2FW/static/js/chunk-vendors.345dc292.js HTTP/1.1
Host: c349b2front.jt1216.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.hf3999.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Sat, 26 Nov 2022 15:18:11 GMT
server: nginx
last-modified: Fri, 25 Nov 2022 03:02:21 GMT
vary: Accept-Encoding
etag: W/"6380303d-f1884"
access-control-allow-origin: *
content-encoding: gzip
x-cc-via: 31_dx-jiangsu-huaian-13-cache-3[H,36]
X-Firefox-Spdy: h2

c349b2front.jt1216.com/cdn/c349b2FW/static/img/game7.b2d3ce06.jpg

222.184.83.44

200 OK

0 B

URL HTTP/2
c349b2front.jt1216.com/cdn/c349b2FW/static/img/game7.b2d3ce06.jpg
IP
222.184.83.44:0
ASN
#4134 Chinanet

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /cdn/c349b2FW/static/img/game7.b2d3ce06.jpg HTTP/1.1
Host: c349b2front.jt1216.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.hf3999.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
date: Sat, 26 Nov 2022 11:54:25 GMT
server: nginx
last-modified: Fri, 25 Nov 2022 03:02:21 GMT
vary: Accept-Encoding
etag: W/"6380303d-d57b"
access-control-allow-origin: *
content-encoding: gzip
x-cc-via: 25_dx-jiangsu-huaian-13-cache-3[H,31]
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (14)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations