r.bing.com/rs/79/fR/jnc,nj/tlifxqsNyCzxIJnRwtQKuZToQQw.js?or=w
23.36.79.19200 OK 27 B URL GET HTTP/2 r.bing.com/rs/79/fR/jnc,nj/tlifxqsNyCzxIJnRwtQKuZToQQw.js?or=w
IP 23.36.79.19:443
ASN #20940 Akamai International B.V.
Certificate IssuerMicrosoft Corporation
Subjectr.bing.com
Fingerprint23:E0:B1:D9:C5:02:8F:FE:35:CB:2A:E6:86:20:A8:83:F8:82:34:9B
ValidityWed, 18 Oct 2023 20:32:40 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type very short file (no magic)
Hash cfcd208495d565ef66e7dff9f98764da
b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
GET /rs/79/fR/jnc,nj/tlifxqsNyCzxIJnRwtQKuZToQQw.js?or=w HTTP/1.1
Host: r.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://jiangshao.fun
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-length: 27
content-type: application/x-javascript; charset=utf-8
server: Kestrel
access-control-allow-headers: *
access-control-allow-origin: *
content-encoding: gzip
last-modified: Tue, 16 Aug 2022 23:54:51 GMT
x-eventid: 656578036ae6467caa0ecf890b67ab91
useragentreductionoptout: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
x-as-instrumentationoptions: AppServerLoggingMaster=1
x-as-machinename: DUBEEAP0000E0C6
x-as-suppresssetcookie: 1
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.5}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingrms"}]}
cache-control: public, max-age=215087
expires: Sun, 03 Dec 2023 05:17:30 GMT
date: Thu, 30 Nov 2023 17:32:43 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.0f4f2417.1701365563.1edf9cf
timing-allow-origin: *
X-Firefox-Spdy: h2
jiangshao.fun/rp/tlifxqsNyCzxIJnRwtQKuZToQQw.js
172.67.186.90200 OK 1 B URL GET HTTP/3 jiangshao.fun/rp/tlifxqsNyCzxIJnRwtQKuZToQQw.js
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type very short file (no magic)
Hash cfcd208495d565ef66e7dff9f98764da
b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/tlifxqsNyCzxIJnRwtQKuZToQQw.js HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:43 GMT
content-type: application/x-javascript; charset=utf-8
content-length: 1
cache-control: public, max-age=432000
content-md5: z80ghJXVZe9m59/5+Ydk2g==
last-modified: Wed, 24 Jun 2020 04:28:34 GMT
etag: 0x8D817F70E779A9C
x-cache: TCP_HIT
x-ms-request-id: 2ac884b3-001e-003f-3ae3-1fd588000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: 109DF4EA4F894E62AFFDC0AAFA91DF78 Ref B: MNZ221060617009 Ref C: 2023-11-27T16:01:55Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: 9C1EC2CF05CF4FB9BC7816745B6A7EA3 Ref B: EWR311000106049 Ref C: 2023-11-30T17:32:43Z
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4d01e3d5695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/rp/22ANafRw0XlJ9p5XRo38QpIkvyg.js
172.67.186.90200 OK 6.1 kB URL GET HTTP/3 jiangshao.fun/rp/22ANafRw0XlJ9p5XRo38QpIkvyg.js
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type ASCII text, with very long lines (6111), with no line terminators
Hash f8c6d0a85334bd6da4bc9b7f185f0755
db600d69f470d17949f69e57468dfc429224bf28
842532a1e1d67ca1efdb72b123bfce418dd286e2fec749cbb1373e688378734c
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/22ANafRw0XlJ9p5XRo38QpIkvyg.js HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:43 GMT
content-type: text/javascript; charset=utf-8
content-length: 6111
cache-control: public, max-age=432000, no-transform, immutable
content-md5: +MbQqFM0vW2kvJt/GF8HVQ==
last-modified: Tue, 07 Nov 2023 23:53:09 GMT
etag: 0x8DBDFECB1CC100D
x-cache: TCP_HIT
x-ms-request-id: deec6e8d-f01e-0049-1bca-1f5fc0000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: 170E15F5BE0649E180E64DAAA565151B Ref B: MNZ221060617045 Ref C: 2023-11-28T09:22:17Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: 985C57C0EFAF449886268CC6D1A1B4C6 Ref B: NYCEDGE1409 Ref C: 2023-11-30T17:32:43Z
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4d02e495695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/sa/simg/favicon-trans-bg-blue-mg-png.png
172.67.186.90200 OK 308 B URL GET HTTP/3 jiangshao.fun/sa/simg/favicon-trans-bg-blue-mg-png.png
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type PNG image data, 32 x 32, 8-bit colormap, non-interlaced\012- data
Hash bda49766e2e7e028ef09d0e34988ecdf
73fed2c00c224aa0df89397ec41488d63975c882
5cbda906c7db6d50c7e200d73841a7bb7404bcff1b3c9121aa5bc79dbc608b9a
Analyzer Verdict Alert OpenPhish phishing Office365
GET /sa/simg/favicon-trans-bg-blue-mg-png.png HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:43 GMT
content-type: image/png
content-length: 308
cache-control: public, max-age=15552000
last-modified: Mon, 01 Jan 1601 00:00:00 GMT
x-cache: TCP_HIT
x-eventid: 65689ea1f4844693addc098ee605ae01
useragentreductionoptout: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F8209A92F33D4881A1194D5F1FFC548F Ref B: NYCEDGE1312 Ref C: 2023-11-30T17:24:02Z
cf-cache-status: HIT
age: 521
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kguhgJBgZ1qpE9Pt6SSSXrnQzwVsGfNKccEukd6U92%2BNp6hg707qUN%2FSZZmMO%2BO0R%2FpiDbhVEshkWS4%2FmGz3PVD%2BzwvgjEV4lkH%2FjRKpLsecKSMnnlzasPlGX%2F%2B6Z8Zv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4d289435695-OSL
alt-svc: h3=":443"; ma=86400
bing.com/th?id=OBFB.A4BA5FAAD27A6328F8FF1BBC72391AE2&pid=Fb
13.107.21.200200 OK 409 B URL GET HTTP/2 bing.com/th?id=OBFB.A4BA5FAAD27A6328F8FF1BBC72391AE2&pid=Fb
IP 13.107.21.200:443
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Certificate IssuerMicrosoft Corporation
Subjectwww.bing.com
FingerprintA5:EC:34:1F:AB:B3:69:71:54:88:69:BA:64:CC:E2:9B:32:B6:65:CD
ValidityTue, 24 Oct 2023 07:42:22 GMT - Sun, 21 Apr 2024 07:42:22 GMT
File type PNG image data, 16 x 16, 8-bit colormap, non-interlaced\012- data
Hash 80969a6d700e813ef741d172674feadd
361263c136cd857ba53fd7743c971bb7527bf12e
0775687711d232f4c891f22cbc4040464e160c09044deaa12c98bfbab9c79cd6
GET /th?id=OBFB.A4BA5FAAD27A6328F8FF1BBC72391AE2&pid=Fb HTTP/1.1
Host: bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=2592000
content-length: 409
content-type: image/png
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 499EC47192404D57990C17CECDBCFF78 Ref B: OSL30EDGE0113 Ref C: 2023-11-30T17:32:43Z
date: Thu, 30 Nov 2023 17:32:42 GMT
X-Firefox-Spdy: h2
jiangshao.fun/th?id=OHR.TrotternishStorr_ROW9568788023_1920x1080.webp&qlt=50
172.67.186.90200 OK 219 kB URL GET HTTP/3 jiangshao.fun/th?id=OHR.TrotternishStorr_ROW9568788023_1920x1080.webp&qlt=50
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Size 219 kB (219166 bytes)
Hash bb79c42137b33e65a62786fdf5188349
c2026d43025e5f9770e779ccc909a7b237bf2892
cd5cc5ac42cd493ebcd616e3540d52ccb593d730ec8cb8ecff1a37ae6cff4349
Analyzer Verdict Alert OpenPhish phishing Office365
GET /th?id=OHR.TrotternishStorr_ROW9568788023_1920x1080.webp&qlt=50 HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:43 GMT
content-type: image/webp
content-length: 219166
cache-control: public, max-age=691200
x-cache: TCP_MISS
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A198803C80814D1893B5FAC6B01475AD Ref B: NYCEDGE1320 Ref C: 2023-11-30T17:32:43Z
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 82e4d4d01e395695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&Type=Event.CPT&DATA={%22pp%22:{%22S%22:%22L%22,%22FC%22:-1,%22BC%22:-1,%22SE%22:-1,%22TC%22:-1,%22H%22:-1,%22BP%22:606,%22CT%22:609,%22IL%22:2}}&P=SERP&DA=BNZE01
172.67.186.90200 OK 0 B URL GET HTTP/3 jiangshao.fun/fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&Type=Event.CPT&DATA={%22pp%22:{%22S%22:%22L%22,%22FC%22:-1,%22BC%22:-1,%22SE%22:-1,%22TC%22:-1,%22H%22:-1,%22BP%22:606,%22CT%22:609,%22IL%22:2}}&P=SERP&DA=BNZE01
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert OpenPhish phishing Office365
GET /fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&Type=Event.CPT&DATA={%22pp%22:{%22S%22:%22L%22,%22FC%22:-1,%22BC%22:-1,%22SE%22:-1,%22TC%22:-1,%22H%22:-1,%22BP%22:606,%22CT%22:609,%22IL%22:2}}&P=SERP&DA=BNZE01 HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:43 GMT
content-length: 0
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A3971C1718C94FA3BB57C86AD29B6F85 Ref B: EWR311000107027 Ref C: 2023-11-30T17:32:43Z
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lLmDy8M9KESKZGmQqZONnBvjAfHaK2is0seWuP%2Fdkm9%2BDPNeckjNjRETgaGAHWSWQNANRK198LGvnJX3GM3PW2ivczOUEy3KbZ5IaOmy4O886lg5s7eARWtSt58bik3n"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82e4d4d45b595695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/fd/ls/lsp.aspx?
172.67.186.90204 No Content 0 B URL POST HTTP/3 jiangshao.fun/fd/ls/lsp.aspx?
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert OpenPhish phishing Office365
POST /fd/ls/lsp.aspx? HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 338
Origin: https://jiangshao.fun
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/3 204 No Content
date: Thu, 30 Nov 2023 17:32:43 GMT
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7D6E32BF002240EAB3FB02967AD11E28 Ref B: NYCEDGE1716 Ref C: 2023-11-30T17:32:43Z
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BozBWmXfAxSQVPx3yjWl6pzlMBz8zWY7iOnTN%2BVFmClPgYUGsSjrWlymzfw9M85YtFS4cU%2Fx3kEBOrw6%2B%2Ba4vB3JMJ%2FBkHWqxr9ZgFWxFU8eHm4UbnN%2FTicTOd%2FqUWAx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82e4d4d45b5a5695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/rp/0lTV1Ww6BLBVP0rxj-z-65knyNs.js
172.67.186.90200 OK 17 kB URL GET HTTP/3 jiangshao.fun/rp/0lTV1Ww6BLBVP0rxj-z-65knyNs.js
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type ASCII text, with very long lines (17402), with no line terminators
Hash f4be1a0bba957f4296aceca775b33ca5
d254d5d56c3a04b0553f4af18fecfeeb9927c8db
48d780a6e405cc2b1fba774f15748a66ec54a0e3e7a86ea429330833feb5cd06
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/0lTV1Ww6BLBVP0rxj-z-65knyNs.js HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:43 GMT
content-type: text/javascript; charset=utf-8
content-length: 17402
cache-control: public, max-age=432000, no-transform, immutable
content-md5: 9L4aC7qVf0KWrOyndbM8pQ==
last-modified: Wed, 19 Jul 2023 05:02:04 GMT
etag: 0x8DB88154B778CB9
x-cache: TCP_HIT
x-ms-request-id: f364abce-001e-004d-17d5-1fd2c7000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: 115D3DC0A375454084D1CF8B9CE8AA9C Ref B: MNZ221060617031 Ref C: 2023-11-28T18:51:24Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: 946031A9D7724E4DA6E78E12359A9DCC Ref B: NYCEDGE1319 Ref C: 2023-11-30T17:32:43Z
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4d45b5c5695-OSL
alt-svc: h3=":443"; ma=86400
r.bing.com/rs/79/x2/nj/V9Lbi4rGakA-OjwcLcoh5jr1zfY.js?or=w
23.36.79.19200 OK 356 B URL GET HTTP/3 r.bing.com/rs/79/x2/nj/V9Lbi4rGakA-OjwcLcoh5jr1zfY.js?or=w
IP 23.36.79.19:443
ASN #20940 Akamai International B.V.
Certificate IssuerMicrosoft Corporation
Subjectr.bing.com
Fingerprint23:E0:B1:D9:C5:02:8F:FE:35:CB:2A:E6:86:20:A8:83:F8:82:34:9B
ValidityWed, 18 Oct 2023 20:32:40 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (520), with no line terminators
Hash f03cfee55a7f1e0b91dd062a5654fc3d
57d2db8b8ac66a403e3a3c1c2dca21e63af5cdf6
39477bae95ee7073936851a67106a42f585454ebd6c4feadeacc818c52da49a4
GET /rs/79/x2/nj/V9Lbi4rGakA-OjwcLcoh5jr1zfY.js?or=w HTTP/1.1
Host: r.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://jiangshao.fun
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 356
content-type: application/x-javascript; charset=utf-8
server: Kestrel
access-control-allow-headers: *
access-control-allow-origin: *
content-encoding: br
last-modified: Thu, 12 Jan 2023 01:31:54 GMT
x-eventid: 6566ec210965451fabc6784e6fce91b8
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
useragentreductionoptout: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
x-as-instrumentationoptions: AppServerLoggingMaster=1
x-as-machinename: DUBEEAP0000E12A
x-as-suppresssetcookie: 1
content-security-policy-report-only: script-src https: 'strict-dynamic' 'report-sample' 'nonce-2GbAhdFEQCiawW0eFfyiGa8pOGs0u5P1muzwM7H/RdY='; base-uri 'self';report-to csp-endpoint
report-to: {"group":"csp-endpoint","max_age":86400,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingcsp"}]}, {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingrms"}]}
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.5}
cache-control: public, max-age=310464
expires: Mon, 04 Dec 2023 07:47:08 GMT
date: Thu, 30 Nov 2023 17:32:44 GMT
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.0f4f2417.1701365564.1ee0fa4
timing-allow-origin: *
X-Firefox-Spdy: h2
jiangshao.fun/rp/2BVj0Bf3iRDmmJZVnz5xFtpoDlE.css
172.67.186.90200 OK 240 kB URL GET HTTP/3 jiangshao.fun/rp/2BVj0Bf3iRDmmJZVnz5xFtpoDlE.css
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 240 kB (239705 bytes)
Hash 47e9bdf483b09c72ad0b14cf9bc512ea
d81563d017f78910e69896559f3e7116da680e51
b56acb0694aeb7a4ff88217b70f9de217f91bb7c838ab48a7dd5f31a79087c7b
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/2BVj0Bf3iRDmmJZVnz5xFtpoDlE.css HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:43 GMT
content-type: text/css; charset=utf-8
content-length: 239705
cache-control: public, max-age=432000, no-transform, immutable
content-md5: R+m99IOwnHKtCxTPm8US6g==
last-modified: Sat, 18 Nov 2023 08:49:32 GMT
etag: 0x8DBE81348F2429C
x-cache: TCP_HIT
x-ms-request-id: 9a0ac13d-101e-001c-6d07-224f4b000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: FD8CCE3DEEBF4B95B0A33EE70C09035A Ref B: MNZ221060606033 Ref C: 2023-11-29T22:15:25Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: 6DF3DCC57AB240129970B200A0704E72 Ref B: NYCEDGE1612 Ref C: 2023-11-30T17:32:43Z
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4d43b405695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/rp/IS-fIIml-FAzFgWC3MsbQafkzRU.js
172.67.186.90200 OK 1.2 kB URL GET HTTP/3 jiangshao.fun/rp/IS-fIIml-FAzFgWC3MsbQafkzRU.js
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type ASCII text, with very long lines (1228), with no line terminators
Hash 04e46d18c015e7c22cb2e4b43dcefd05
212f9f2089a5f85033160582dccb1b41a7e4cd15
a8172a1cd35702e0679aa2fc817640738b09d8c2a1bacf4a132e68d314407744
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/IS-fIIml-FAzFgWC3MsbQafkzRU.js HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:44 GMT
content-type: text/javascript; charset=utf-8
content-length: 1228
cache-control: public, max-age=432000, no-transform, immutable
content-md5: BORtGMAV58IssuS0Pc79BQ==
last-modified: Tue, 16 Aug 2022 03:35:15 GMT
etag: 0x8DA7F38559D2675
x-cache: TCP_HIT
x-ms-request-id: 924f0bd1-e01e-0018-5fe9-1fc24c000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: 2D3151CAAA0B4494818F7296E111CFE8 Ref B: MNZ221060617019 Ref C: 2023-11-27T18:59:21Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: 09B170F469B647D9B7735D2BBB34152E Ref B: NYCEDGE1417 Ref C: 2023-11-30T17:32:44Z
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4d6de055695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/rp/Y5sPBQOMac_CGtVc6SuSxxubuLo.js
172.67.186.90200 OK 37 kB URL GET HTTP/3 jiangshao.fun/rp/Y5sPBQOMac_CGtVc6SuSxxubuLo.js
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type ASCII text, with very long lines (37078), with no line terminators
Hash 3296f64a7a2bf91e144553e17654643b
639b0f05038c69cfc21ad55ce92b92c71b9bb8ba
4de9e2c37234da98c8be5f282084e5603918a287602df7f75af3f1bcf825781f
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/Y5sPBQOMac_CGtVc6SuSxxubuLo.js HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:44 GMT
content-type: text/javascript; charset=utf-8
content-length: 37078
cache-control: public, max-age=432000, no-transform, immutable
content-md5: Mpb2Snor+R4URVPhdlRkOw==
last-modified: Fri, 21 Apr 2023 04:27:03 GMT
etag: 0x8DB4220A820C27D
x-cache: TCP_HIT
x-ms-request-id: d834fe80-701e-001a-59be-1f7cf4000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: BEB8BB0887BF43EF997B49FCB1DF753F Ref B: MNZ221060617019 Ref C: 2023-11-28T14:00:57Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: 92BD5F7983CC422393F681814384AFDE Ref B: EWR311000107017 Ref C: 2023-11-30T17:32:44Z
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4d6bdeb5695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/rp/No5xIZMVh9KdmI4bjLD9p4Xl0Ys.js
172.67.186.90200 OK 1.6 kB URL GET HTTP/3 jiangshao.fun/rp/No5xIZMVh9KdmI4bjLD9p4Xl0Ys.js
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type Unicode text, UTF-8 text, with very long lines (1587), with no line terminators
Hash cb027ba6eb6dd3f033c02183b9423995
368e7121931587d29d988e1b8cb0fda785e5d18b
04a007926a68bb33e36202eb27f53882af7fd009c1ec3ad7177fba380a5fb96f
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/No5xIZMVh9KdmI4bjLD9p4Xl0Ys.js HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:44 GMT
content-type: text/javascript; charset=utf-8
content-length: 1589
cache-control: public, max-age=432000, no-transform, immutable
content-md5: ywJ7putt0/AzwCGDuUI5lQ==
last-modified: Wed, 17 Aug 2022 03:19:44 GMT
etag: 0x8DA7FFF550114B4
x-cache: TCP_HIT
x-ms-request-id: 07b69349-301e-001b-33e1-1f2328000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: 92A25D3DC32B43FD98F5175EB37A8D8B Ref B: MNZ221060606029 Ref C: 2023-11-28T08:19:40Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: A2EB5C5AD9344CB392065B0F12ACF1EF Ref B: NYCEDGE1410 Ref C: 2023-11-30T17:32:44Z
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4d6fe305695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/rp/FZKT2ZNGon4gVKgSRRkJ3oMsoNE.js
172.67.186.90200 OK 1.1 kB URL GET HTTP/3 jiangshao.fun/rp/FZKT2ZNGon4gVKgSRRkJ3oMsoNE.js
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type ASCII text, with very long lines (1051), with no line terminators
Hash f76d06d7669e399dc0788bc5473562bb
159293d99346a27e2054a812451909de832ca0d1
23f0357ae77648ee38f39960e56507d87f8d690c48e759a0e054f6e691c843ec
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/FZKT2ZNGon4gVKgSRRkJ3oMsoNE.js HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:44 GMT
content-type: text/javascript; charset=utf-8
content-length: 1051
cache-control: public, max-age=432000, no-transform, immutable
content-md5: 920G12aeOZ3AeIvFRzViuw==
last-modified: Tue, 16 Aug 2022 03:30:15 GMT
etag: 0x8DA7F37A26EAA19
x-cache: TCP_MISS
x-ms-request-id: 1ffdc663-001e-005d-12b3-2317af000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: CAE8E3FC04E848D1A6DAC2FC91C0F773 Ref B: MNZ221060617021 Ref C: 2023-11-30T17:32:44Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: D7BA1CD369304849A2D30EBE850E92E8 Ref B: EWR311000103031 Ref C: 2023-11-30T17:32:44Z
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4d70e585695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/rp/OZ_K1z4BO6soZ1Z7cxsODqonikk.js
172.67.186.90200 OK 3.0 kB URL GET HTTP/3 jiangshao.fun/rp/OZ_K1z4BO6soZ1Z7cxsODqonikk.js
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type ASCII text, with very long lines (2996), with no line terminators
Hash a4a2895e7fbfe6377307b4c2aab9e525
399fcad73e013bab2867567b731b0e0eaa278a49
2f754393d443981912bdd0e557b8cf9724b956e552c50bfd75044848ac347aa5
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/OZ_K1z4BO6soZ1Z7cxsODqonikk.js HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:44 GMT
content-type: text/javascript; charset=utf-8
content-length: 2996
cache-control: public, max-age=432000, no-transform, immutable
content-md5: pKKJXn+/5jdzB7TCqrnlJQ==
last-modified: Thu, 31 Aug 2023 21:58:35 GMT
etag: 0x8DBAA6D6CCD1C5B
x-cache: TCP_REMOTE_HIT
x-ms-request-id: 0a99f0d0-e01e-00b1-4cde-22033e000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: 9EE1880DF9744E0A982D6732632B7D94 Ref B: MNZ221060618045 Ref C: 2023-11-30T17:32:44Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: 393C0871517A4ADF9BDDFD111E27A747 Ref B: NYCEDGE1614 Ref C: 2023-11-30T17:32:44Z
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4d6de045695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/rp/dszBSmLt9uRJAaI3s0YOIodLb1M.js
172.67.186.90200 OK 561 B URL GET HTTP/3 jiangshao.fun/rp/dszBSmLt9uRJAaI3s0YOIodLb1M.js
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type ASCII text, with very long lines (561), with no line terminators
Hash 6d69808bc13425dcfbcd61c2dcd11305
76ccc14a62edf6e44901a237b3460e22874b6f53
88d86fe4ad7534bb5d79d6ceafdc527ade975d07f49a856ce0ee6783161516c3
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/dszBSmLt9uRJAaI3s0YOIodLb1M.js HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:44 GMT
content-type: text/javascript; charset=utf-8
content-length: 561
cache-control: public, max-age=432000, no-transform, immutable
content-md5: bWmAi8E0Jdz7zWHC3NETBQ==
last-modified: Thu, 13 Apr 2023 19:54:44 GMT
etag: 0x8DB3C58EDDCE44D
x-cache: TCP_REMOTE_HIT
x-ms-request-id: 1373e474-501e-000d-47a9-23d5ff000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: FBCE5176F69C4D85BD33CB1565E0565E Ref B: MNZ221060605053 Ref C: 2023-11-30T17:32:44Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: 9004310D426141AEABF5D234596AAEE0 Ref B: NYCEDGE1317 Ref C: 2023-11-30T17:32:44Z
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4d6cdfd5695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/rp/MWgq_OYohQuMsx-qjpxMXsnruVc.js
172.67.186.90200 OK 226 B URL GET HTTP/3 jiangshao.fun/rp/MWgq_OYohQuMsx-qjpxMXsnruVc.js
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type ASCII text, with no line terminators
Hash a5363c37b617d36dfd6d25bfb89ca56b
31682afce628850b8cb31faa8e9c4c5ec9ebb957
8b4d85985e62c264c03c88b31e68dbabdcc9bd42f40032a43800902261ff373f
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/MWgq_OYohQuMsx-qjpxMXsnruVc.js HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:44 GMT
content-type: application/x-javascript; charset=utf-8
content-length: 226
cache-control: public, max-age=432000, no-transform, immutable
content-md5: pTY8N7YX0239bSW/uJylaw==
last-modified: Wed, 17 Aug 2022 03:16:04 GMT
etag: 0x8DA7FFED1A51F48
x-cache: TCP_HIT
x-ms-request-id: a1476f0c-f01e-00ad-43d5-1f515e000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: 0B5AC8FBE5E1495588EEB06F2DB976FD Ref B: MNZ221060618009 Ref C: 2023-11-29T11:07:13Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: 7C083D4349E24EFBB45FEAF6271FA38B Ref B: NYCEDGE1406 Ref C: 2023-11-30T17:32:44Z
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4d70e455695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/rp/H3UzQorzg6GWzCMZR3t2L4ZQBRQ.js
172.67.186.90200 OK 6.0 kB URL GET HTTP/3 jiangshao.fun/rp/H3UzQorzg6GWzCMZR3t2L4ZQBRQ.js
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type ASCII text, with very long lines (5983), with no line terminators
Hash 785d3c1d93d18e5478f0c3ffce35cd03
1f7533428af383a196cc2319477b762f86500514
b32b54f6d1be64df456502b677407d4cfa5f10e98cde9350d9e63331fdbb7bfc
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/H3UzQorzg6GWzCMZR3t2L4ZQBRQ.js HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:44 GMT
content-type: text/javascript; charset=utf-8
content-length: 5983
cache-control: public, max-age=432000, no-transform, immutable
content-md5: eF08HZPRjlR48MP/zjXNAw==
last-modified: Tue, 25 Jul 2023 15:08:24 GMT
etag: 0x8DB8D20FE54521F
x-cache: TCP_REMOTE_HIT
x-ms-request-id: 8830d342-101e-008a-0ee7-1f469a000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: AF1D07CBBE4E4A41801CF310839D2844 Ref B: MNZ221060605027 Ref C: 2023-11-30T17:32:44Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: E8F7F9F140E6473CB1F5BEF17B276A48 Ref B: NYCEDGE1618 Ref C: 2023-11-30T17:32:44Z
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4d6ee1a5695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/rp/eXfvbnlHE4C4eHtbcUjp_wp0ogM.js
172.67.186.90200 OK 2.0 kB URL GET HTTP/3 jiangshao.fun/rp/eXfvbnlHE4C4eHtbcUjp_wp0ogM.js
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type ASCII text, with very long lines (2009), with no line terminators
Hash 601102ca711e0b4140af45c1657db13f
7977ef6e79471380b8787b5b7148e9ff0a74a203
e47318cd9d80769ac59e732347fb4f574cd4eea9e2c787f3a996805265069001
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/eXfvbnlHE4C4eHtbcUjp_wp0ogM.js HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:44 GMT
content-type: text/javascript; charset=utf-8
content-length: 2009
cache-control: public, max-age=432000, no-transform, immutable
content-md5: YBECynEeC0FAr0XBZX2xPw==
last-modified: Fri, 06 Oct 2023 19:35:02 GMT
etag: 0x8DBC6A355CC5334
x-cache: TCP_HIT
x-ms-request-id: 76542b53-f01e-0066-1cd2-1f520b000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: 0E8BC2C78E0C42328C02874A23282230 Ref B: MNZ221060618049 Ref C: 2023-11-28T08:19:40Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: C22ACCC2865B4AD3A5000D390D3AD639 Ref B: NYCEDGE1713 Ref C: 2023-11-30T17:32:44Z
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4d71e5a5695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/rp/QtZcquNOunoFE0KySXJmXmH6auI.js
172.67.186.90200 OK 2.5 kB URL GET HTTP/3 jiangshao.fun/rp/QtZcquNOunoFE0KySXJmXmH6auI.js
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type ASCII text, with very long lines (2524), with no line terminators
Hash 17cdab99027114dbcbd9d573c5b7a8a9
42d65caae34eba7a051342b24972665e61fa6ae2
5ff6b0f0620aa14559d5d869dbeb96febc4014051fa7d5df20223b10b35312de
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/QtZcquNOunoFE0KySXJmXmH6auI.js HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:44 GMT
content-type: text/javascript; charset=utf-8
content-length: 2524
cache-control: public, max-age=432000, no-transform, immutable
content-md5: F82rmQJxFNvL2dVzxbeoqQ==
last-modified: Wed, 17 Aug 2022 03:25:48 GMT
etag: 0x8DA80002E18A2F4
x-cache: TCP_HIT
x-ms-request-id: f867f170-601e-0029-6dc2-1f235f000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: 234483D9F79E493CB4ABD02F3ACFBB21 Ref B: MNZ221060617033 Ref C: 2023-11-29T22:15:27Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: EF030CB46BA04C319E386EAB008D224B Ref B: EWR311000104009 Ref C: 2023-11-30T17:32:44Z
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4d70e575695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/rp/DB0udn8H5cDxTqZJgNshPTecxvc.js
172.67.186.90200 OK 426 B URL GET HTTP/3 jiangshao.fun/rp/DB0udn8H5cDxTqZJgNshPTecxvc.js
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type ASCII text, with very long lines (426), with no line terminators
Hash 857a0de0bbf14f3427a1afa5cd985bce
0c1d2e767f07e5c0f14ea64980db213d379cc6f7
3ed65f33193430c0b9db61ffe7f5fe27b29f86a28563992c3afc47d4c22c23d7
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/DB0udn8H5cDxTqZJgNshPTecxvc.js HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:44 GMT
content-type: application/x-javascript; charset=utf-8
content-length: 426
cache-control: public, max-age=432000, no-transform, immutable
content-md5: hXoN4LvxTzQnoa+lzZhbzg==
last-modified: Tue, 16 Aug 2022 03:23:24 GMT
etag: 0x8DA7F36ADC1C237
x-cache: TCP_HIT
x-ms-request-id: 74e2c317-801e-000e-4bfa-1f349b000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: 2EE5BE099147475C851912AC2A6D21A9 Ref B: MNZ221060606007 Ref C: 2023-11-28T18:46:33Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: F4DBE257754F40A5A861F113DA96BA8B Ref B: EWR311000102039 Ref C: 2023-11-30T17:32:44Z
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4d6fe215695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/rp/zeCxMEtVi23nUD1VnJIBRkRzb4g.js
172.67.186.90200 OK 3.4 kB URL GET HTTP/3 jiangshao.fun/rp/zeCxMEtVi23nUD1VnJIBRkRzb4g.js
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type ASCII text, with very long lines (3363), with no line terminators
Hash fabb77c7ae3fd2271f5909155fb490e5
cde0b1304b558b6de7503d559c92014644736f88
e482bf4baaa167335f326b9b4f4b83e806cc21fb428b988a4932c806d918771c
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/zeCxMEtVi23nUD1VnJIBRkRzb4g.js HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:44 GMT
content-type: text/javascript; charset=utf-8
content-length: 3363
cache-control: public, max-age=432000, no-transform, immutable
content-md5: +rt3x64/0icfWQkVX7SQ5Q==
last-modified: Wed, 21 Jun 2023 19:00:43 GMT
etag: 0x8DB7289D071C4E4
x-cache: TCP_HIT
x-ms-request-id: 4785f2e2-101e-001c-38ce-1f4f4b000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: D207E760771847B48F8BA054526EB0D0 Ref B: MNZ221060617009 Ref C: 2023-11-28T09:22:18Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: D690A7B89D2440F88EAFB43CDE30F55E Ref B: EWR311000103011 Ref C: 2023-11-30T17:32:44Z
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4d70e555695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/rp/Y5sPBQOMac_CGtVc6SuSxxubuLo.js
172.67.186.90200 OK 37 kB URL GET HTTP/3 jiangshao.fun/rp/Y5sPBQOMac_CGtVc6SuSxxubuLo.js
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type ASCII text, with very long lines (37078), with no line terminators
Hash 3296f64a7a2bf91e144553e17654643b
639b0f05038c69cfc21ad55ce92b92c71b9bb8ba
4de9e2c37234da98c8be5f282084e5603918a287602df7f75af3f1bcf825781f
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/Y5sPBQOMac_CGtVc6SuSxxubuLo.js HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:44 GMT
content-type: text/javascript; charset=utf-8
content-length: 37078
cache-control: public, max-age=432000, no-transform, immutable
content-md5: Mpb2Snor+R4URVPhdlRkOw==
last-modified: Fri, 21 Apr 2023 04:27:03 GMT
etag: 0x8DB4220A820C27D
x-cache: TCP_HIT
x-ms-request-id: d834fe80-701e-001a-59be-1f7cf4000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: BEB8BB0887BF43EF997B49FCB1DF753F Ref B: MNZ221060617019 Ref C: 2023-11-28T14:00:57Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: 92BD5F7983CC422393F681814384AFDE Ref B: EWR311000107017 Ref C: 2023-11-30T17:32:44Z
cf-cache-status: HIT
age: 0
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4d918565695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/rp/KjCBfzuZ475zX0-Fu2bdXt9qifQ.js
172.67.186.90200 OK 576 B URL GET HTTP/3 jiangshao.fun/rp/KjCBfzuZ475zX0-Fu2bdXt9qifQ.js
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type ASCII text, with very long lines (576), with no line terminators
Hash f5712e664873fde8ee9044f693cd2db7
2a30817f3b99e3be735f4f85bb66dd5edf6a89f4
1562669ad323019cda49a6cf3bddece1672282e7275f9d963031b30ea845ffb2
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/KjCBfzuZ475zX0-Fu2bdXt9qifQ.js HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:44 GMT
content-type: application/x-javascript; charset=utf-8
content-length: 576
cache-control: public, max-age=432000, no-transform, immutable
content-md5: 9XEuZkhz/ejukET2k80ttw==
last-modified: Tue, 16 Aug 2022 03:40:04 GMT
etag: 0x8DA7F390172E04B
x-cache: TCP_HIT
x-ms-request-id: 4c52c98c-401e-00a8-44d8-1f8385000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: 91D0EF4D250749BF852A21D84B390BB6 Ref B: MNZ221060607007 Ref C: 2023-11-28T13:20:07Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: 05C71A0DF3B3478EBD89F708FD991275 Ref B: EWR311000101009 Ref C: 2023-11-30T17:32:44Z
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4d70e4e5695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/rp/t6Bkpkzq5ckAnvfW2PY7kNOTPJ0.js
172.67.186.90200 OK 242 B URL GET HTTP/3 jiangshao.fun/rp/t6Bkpkzq5ckAnvfW2PY7kNOTPJ0.js
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type ASCII text, with no line terminators
Hash 6c2c6db3832d53062d303cdff5e2bd30
b7a064a64ceae5c9009ef7d6d8f63b90d3933c9d
06b77ee16a2cd34acd210b4f2b6e423762ea8874bb26ae5a37db9dd01a00ff70
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/t6Bkpkzq5ckAnvfW2PY7kNOTPJ0.js HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:44 GMT
content-type: text/javascript; charset=utf-8
content-length: 242
cache-control: public, max-age=432000, no-transform, immutable
content-md5: bCxts4MtUwYtMDzf9eK9MA==
last-modified: Tue, 06 Jun 2023 10:27:13 GMT
etag: 0x8DB667897FFC1AD
x-cache: TCP_REMOTE_HIT
x-ms-request-id: adf00dac-801e-001e-02c5-22f1f3000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: EA9BC9FB9FC14A89A34DDC2CAEDF2607 Ref B: MNZ221060618021 Ref C: 2023-11-30T17:32:44Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: A6A348F233764289A884821FF624C078 Ref B: NYCEDGE1714 Ref C: 2023-11-30T17:32:44Z
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4d71e645695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/rp/bVDj-v45uX-PoSRsOWdRtQ3qRx4.js
172.67.186.90200 OK 28 kB URL GET HTTP/3 jiangshao.fun/rp/bVDj-v45uX-PoSRsOWdRtQ3qRx4.js
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type ASCII text, with very long lines (28425), with no line terminators
Hash fe527822ec006ea4236bf1104d89d9c9
6d50e3fafe39b97f8fa1246c396751b50dea471e
7906cd35b4b7c2b3f3993c507247e9a4a63a7e645845988220267a803ba54970
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/bVDj-v45uX-PoSRsOWdRtQ3qRx4.js HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:44 GMT
content-type: text/javascript; charset=utf-8
content-length: 28425
cache-control: public, max-age=432000, no-transform, immutable
content-md5: /lJ4IuwAbqQja/EQTYnZyQ==
last-modified: Tue, 24 Oct 2023 21:10:33 GMT
etag: 0x8DBD4D5A95F79E7
x-cache: TCP_HIT
x-ms-request-id: f432ab73-d01e-0085-592e-2030f6000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: 52081F9E405546D798A15F4A7075444F Ref B: MNZ221060617045 Ref C: 2023-11-28T13:08:41Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: A5652E06952840B38FE5A61763F45EF5 Ref B: NYCEDGE1414 Ref C: 2023-11-30T17:32:44Z
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4d71e5d5695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/rp/U8SAaavlT9MNn_8df9jCh6-74bE.js
172.67.186.90200 OK 3.1 kB URL GET HTTP/3 jiangshao.fun/rp/U8SAaavlT9MNn_8df9jCh6-74bE.js
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type ASCII text, with very long lines (3102), with no line terminators
Hash dd6a528c55708896155fea98148725fa
53c48069abe54fd30d9fff1d7fd8c287afbbe1b1
635421af44598c7601907a7ad263a3a8925be6495ba349382f02805dbe668566
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/U8SAaavlT9MNn_8df9jCh6-74bE.js HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:44 GMT
content-type: text/javascript; charset=utf-8
content-length: 3102
cache-control: public, max-age=432000, no-transform, immutable
content-md5: 3WpSjFVwiJYVX+qYFIcl+g==
last-modified: Thu, 23 Nov 2023 12:26:24 GMT
etag: 0x8DBEC1F68BE5D3B
x-cache: TCP_MISS
x-ms-request-id: 76d59bb9-501e-0032-0ab3-231d5c000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: 3546694D4789464A982FE768C6CB6A69 Ref B: MNZ221060617011 Ref C: 2023-11-30T17:32:44Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: 86FA6ADE3AEE49388EEA4CFF12DA13B5 Ref B: EWR311000104029 Ref C: 2023-11-30T17:32:44Z
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4d71e665695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/rp/ZT02jv3UmMr2Vnfh1U8D3RiwJrU.js
172.67.186.90200 OK 22 kB URL GET HTTP/3 jiangshao.fun/rp/ZT02jv3UmMr2Vnfh1U8D3RiwJrU.js
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type ASCII text, with very long lines (21819)
Hash 30280c218d3caaf6b04ec8c6f906e190
653d368efdd498caf65677e1d54f03dd18b026b5
d313c6fff97701cc24db9d84c8b0643ca7a82a01c0868517e6e543779985c46e
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/ZT02jv3UmMr2Vnfh1U8D3RiwJrU.js HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:44 GMT
content-type: text/javascript; charset=utf-8
content-length: 21850
cache-control: public, max-age=432000, no-transform, immutable
content-md5: MCgMIY08qvawTsjG+QbhkA==
last-modified: Wed, 28 Jun 2023 04:59:44 GMT
etag: 0x8DB77947D30FFD8
x-cache: TCP_HIT
x-ms-request-id: 45be228d-301e-0024-36ed-21eb8b000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: 7403D17682DB4B1C81F55380E4CA91E1 Ref B: MNZ221060607025 Ref C: 2023-11-29T12:50:46Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: C411BE850D7245E2A622009B367B1033 Ref B: NYCEDGE1716 Ref C: 2023-11-30T17:32:44Z
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4d6fe285695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/rp/D-hEdXC7G-DgvV_tAK4BodWZ7no.png
172.67.186.90200 OK 5.3 kB URL GET HTTP/3 jiangshao.fun/rp/D-hEdXC7G-DgvV_tAK4BodWZ7no.png
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type PNG image data, 58 x 59, 8-bit/color RGBA, non-interlaced\012- data
Hash c49766495653bb160fe23c0303734b7b
0fe8447570bb1be0e0bd5fed00ae01a1d599ee7a
bc9dd5f6fb6506eaedcc886c79b6c72be115a72664c9eaa2b0f89cc04d63481e
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/D-hEdXC7G-DgvV_tAK4BodWZ7no.png HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/rp/2BVj0Bf3iRDmmJZVnz5xFtpoDlE.css
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:44 GMT
content-type: image/png
content-length: 5339
cache-control: public, max-age=432000, no-transform, immutable
content-md5: xJdmSVZTuxYP4jwDA3NLew==
last-modified: Tue, 29 Aug 2023 02:26:50 GMT
etag: 0x8DBA8376719612E
x-cache: TCP_REMOTE_HIT
x-ms-request-id: a39be018-a01e-009f-7baa-235129000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: 9A938E6B66984050ACA5BCCD5DCD8454 Ref B: MNZ221060618051 Ref C: 2023-11-30T17:32:44Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: A86124498940486681347124BD4297BB Ref B: NYCEDGE1613 Ref C: 2023-11-30T17:32:44Z
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4d85f945695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/rp/ll5safRRGP6rhu7ruw_Elk8rOpg.js
172.67.186.90200 OK 317 kB URL GET HTTP/3 jiangshao.fun/rp/ll5safRRGP6rhu7ruw_Elk8rOpg.js
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type ASCII text, with very long lines (19008)
Size 317 kB (316988 bytes)
Hash 8192d891e754afd81a399f98bc6b265f
965e6c69f45118feab86eeebbb0fc4964f2b3a98
e2e4d97c20d4478e8e947480c8f6c71a2c795776d405366be70db82e4ea4ba77
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/ll5safRRGP6rhu7ruw_Elk8rOpg.js HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:44 GMT
content-type: text/javascript; charset=utf-8
content-length: 316988
cache-control: public, max-age=432000, no-transform, immutable
content-md5: gZLYkedUr9gaOZ+YvGsmXw==
last-modified: Tue, 01 Nov 2022 22:37:42 GMT
etag: 0x8DABC59B0453DEE
x-cache: TCP_HIT
x-ms-request-id: 8d3764d0-901e-0070-29c9-1fa4dc000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: C2BFAF2B76EB4FE9BD2CB89CBBE0C086 Ref B: MNZ221060607011 Ref C: 2023-11-26T12:10:43Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: FD7AD2B553804F16A6349FAD4AACA743 Ref B: EWR311000101049 Ref C: 2023-11-30T17:32:44Z
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4d6bdef5695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/rp/ll5safRRGP6rhu7ruw_Elk8rOpg.js
172.67.186.90200 OK 317 kB URL GET HTTP/3 jiangshao.fun/rp/ll5safRRGP6rhu7ruw_Elk8rOpg.js
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type ASCII text, with very long lines (19008)
Size 317 kB (316988 bytes)
Hash 8192d891e754afd81a399f98bc6b265f
965e6c69f45118feab86eeebbb0fc4964f2b3a98
e2e4d97c20d4478e8e947480c8f6c71a2c795776d405366be70db82e4ea4ba77
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/ll5safRRGP6rhu7ruw_Elk8rOpg.js HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:44 GMT
content-type: text/javascript; charset=utf-8
content-length: 316988
cache-control: public, max-age=432000, no-transform, immutable
content-md5: gZLYkedUr9gaOZ+YvGsmXw==
last-modified: Tue, 01 Nov 2022 22:37:42 GMT
etag: 0x8DABC59B0453DEE
x-cache: TCP_HIT
x-ms-request-id: 8d3764d0-901e-0070-29c9-1fa4dc000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: C2BFAF2B76EB4FE9BD2CB89CBBE0C086 Ref B: MNZ221060607011 Ref C: 2023-11-26T12:10:43Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: FD7AD2B553804F16A6349FAD4AACA743 Ref B: EWR311000101049 Ref C: 2023-11-30T17:32:44Z
cf-cache-status: HIT
age: 0
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4daca105695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/rp/qCP0IfpJCjHMbQYo_ET7zp1IBAI.js
172.67.186.90200 OK 354 kB URL GET HTTP/3 jiangshao.fun/rp/qCP0IfpJCjHMbQYo_ET7zp1IBAI.js
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 354 kB (354341 bytes)
Hash a5d43402119315f997714bcd25e26dcb
a823f421fa490a31cc6d0628fc44fbce9d480402
4928ab04fc16240d0f2e02048b4940b20ed38b2289be98b84b3f27ce82d1f788
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/qCP0IfpJCjHMbQYo_ET7zp1IBAI.js HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:44 GMT
content-type: text/javascript; charset=utf-8
content-length: 354341
cache-control: public, max-age=432000, no-transform, immutable
content-md5: pdQ0AhGTFfmXcUvNJeJtyw==
last-modified: Thu, 30 Nov 2023 03:46:27 GMT
etag: 0x8DBF156EECB7BB6
x-cache: TCP_REMOTE_HIT
x-ms-request-id: 012e1ae0-001e-0096-4483-2314fa000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: A0A04ABD938B4127BF9A256C350CD36D Ref B: MNZ221060607051 Ref C: 2023-11-30T17:32:44Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: 05A05950FBC34E1294606E86DA8ABAAD Ref B: NYCEDGE1714 Ref C: 2023-11-30T17:32:44Z
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4d6cdf85695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/rp/T6lcs6iqB7rn36FIXybLwbqPwEI.js
172.67.186.90200 OK 568 kB URL GET HTTP/3 jiangshao.fun/rp/T6lcs6iqB7rn36FIXybLwbqPwEI.js
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 568 kB (567790 bytes)
Hash f22aef5e40b4fc45d422d6326d4e82cf
4fa95cb3a8aa07bae7dfa1485f26cbc1ba8fc042
597a5a961aff54e9e5ad009c670674a5dc11c9f829764b32b925066b5ab9dc8b
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/T6lcs6iqB7rn36FIXybLwbqPwEI.js HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:44 GMT
content-type: text/javascript; charset=utf-8
content-length: 567790
cache-control: public, max-age=432000, no-transform, immutable
content-md5: 8irvXkC0/EXUItYybU6Czw==
last-modified: Thu, 16 Feb 2023 05:52:32 GMT
etag: 0x8DB0FE1FF2310CB
x-cache: TCP_REMOTE_HIT
x-ms-request-id: b85a22c1-a01e-0044-50a7-229714000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: 6763B89CCEE14FFDB385B0807B654A52 Ref B: MNZ221060617047 Ref C: 2023-11-30T17:32:44Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: BB959AE9E06447A79727908EF179BE10 Ref B: EWR311000107047 Ref C: 2023-11-30T17:32:44Z
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4d6ce015695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/rp/FtO6EEmTnQCuR6rQU5k7R2LZsQI.js
172.67.186.90200 OK 355 kB URL GET HTTP/3 jiangshao.fun/rp/FtO6EEmTnQCuR6rQU5k7R2LZsQI.js
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type ASCII text, with very long lines (425), with no line terminators
Size 355 kB (354599 bytes)
Hash 016ecfdb34031f881fa5e34dfbd0b7a1
16d3ba1049939d00ae47aad053993b4762d9b102
08021ed3bca5532304b597e636beb939ff7baa6d08dca4e94c0dde1fdf940389
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/FtO6EEmTnQCuR6rQU5k7R2LZsQI.js HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:44 GMT
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=432000
content-md5: AW7P2zQDH4gfpeNN+9C3oQ==
last-modified: Wed, 24 Jun 2020 04:22:02 GMT
x-cache: TCP_REMOTE_HIT
x-ms-request-id: 27eeaec9-d01e-0013-29dc-223927000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: 450CD48B396C43BF8202E230A4C708DA Ref B: MNZ221060607029 Ref C: 2023-11-30T17:32:44Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: C983589E01A24643982709F6068F2055 Ref B: NYCEDGE1321 Ref C: 2023-11-30T17:32:44Z
cf-cache-status: MISS
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4d6fe235695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
jiangshao.fun/rp/Yvu4V7hzvXm-5_FtB2akUvonmKM.js
172.67.186.90200 OK 712 B URL GET HTTP/3 jiangshao.fun/rp/Yvu4V7hzvXm-5_FtB2akUvonmKM.js
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type ASCII text, with no line terminators
Hash 51a9ea95d5ed461ed98ac3d23a66aa15
62fbb857b873bd79bee7f16d0766a452fa2798a3
a5b4181611e951faecd6c164d704569c633e95fe68d3d1934b911a089ebf70e8
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/Yvu4V7hzvXm-5_FtB2akUvonmKM.js HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:44 GMT
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=432000
content-md5: UanqldXtRh7ZisPSOmaqFQ==
last-modified: Wed, 24 Jun 2020 04:23:51 GMT
x-cache: TCP_HIT
x-ms-request-id: e0c2d5c4-701e-008c-75e5-1f7525000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: 36BFF40F65124735BB58D0D3E525ABEE Ref B: MNZ221060607019 Ref C: 2023-11-26T06:06:23Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: 9755138277C34BD8A54A3238EA54ADEF Ref B: NYCEDGE1610 Ref C: 2023-11-30T17:32:44Z
cf-cache-status: MISS
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4d6ee1c5695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
jiangshao.fun/rp/T6lcs6iqB7rn36FIXybLwbqPwEI.js
172.67.186.90200 OK 568 kB URL GET HTTP/3 jiangshao.fun/rp/T6lcs6iqB7rn36FIXybLwbqPwEI.js
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 568 kB (567790 bytes)
Hash f22aef5e40b4fc45d422d6326d4e82cf
4fa95cb3a8aa07bae7dfa1485f26cbc1ba8fc042
597a5a961aff54e9e5ad009c670674a5dc11c9f829764b32b925066b5ab9dc8b
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/T6lcs6iqB7rn36FIXybLwbqPwEI.js HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:45 GMT
content-type: text/javascript; charset=utf-8
content-length: 567790
cache-control: public, max-age=432000, no-transform, immutable
content-md5: 8irvXkC0/EXUItYybU6Czw==
last-modified: Thu, 16 Feb 2023 05:52:32 GMT
etag: 0x8DB0FE1FF2310CB
x-cache: TCP_REMOTE_HIT
x-ms-request-id: b85a22c1-a01e-0044-50a7-229714000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: 6763B89CCEE14FFDB385B0807B654A52 Ref B: MNZ221060617047 Ref C: 2023-11-30T17:32:44Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: BB959AE9E06447A79727908EF179BE10 Ref B: EWR311000107047 Ref C: 2023-11-30T17:32:44Z
cf-cache-status: HIT
age: 1
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4dd6cc95695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/rp/OZ_K1z4BO6soZ1Z7cxsODqonikk.js
172.67.186.90200 OK 3.0 kB URL GET HTTP/3 jiangshao.fun/rp/OZ_K1z4BO6soZ1Z7cxsODqonikk.js
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type ASCII text, with very long lines (2996), with no line terminators
Hash a4a2895e7fbfe6377307b4c2aab9e525
399fcad73e013bab2867567b731b0e0eaa278a49
2f754393d443981912bdd0e557b8cf9724b956e552c50bfd75044848ac347aa5
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/OZ_K1z4BO6soZ1Z7cxsODqonikk.js HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:45 GMT
content-type: text/javascript; charset=utf-8
content-length: 2996
cache-control: public, max-age=432000, no-transform, immutable
content-md5: pKKJXn+/5jdzB7TCqrnlJQ==
last-modified: Thu, 31 Aug 2023 21:58:35 GMT
etag: 0x8DBAA6D6CCD1C5B
x-cache: TCP_REMOTE_HIT
x-ms-request-id: 0a99f0d0-e01e-00b1-4cde-22033e000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: 9EE1880DF9744E0A982D6732632B7D94 Ref B: MNZ221060618045 Ref C: 2023-11-30T17:32:44Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: 393C0871517A4ADF9BDDFD111E27A747 Ref B: NYCEDGE1614 Ref C: 2023-11-30T17:32:44Z
cf-cache-status: HIT
age: 1
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4de1db75695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/rp/IS-fIIml-FAzFgWC3MsbQafkzRU.js
172.67.186.90200 OK 1.2 kB URL GET HTTP/3 jiangshao.fun/rp/IS-fIIml-FAzFgWC3MsbQafkzRU.js
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type ASCII text, with very long lines (1228), with no line terminators
Hash 04e46d18c015e7c22cb2e4b43dcefd05
212f9f2089a5f85033160582dccb1b41a7e4cd15
a8172a1cd35702e0679aa2fc817640738b09d8c2a1bacf4a132e68d314407744
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/IS-fIIml-FAzFgWC3MsbQafkzRU.js HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:45 GMT
content-type: text/javascript; charset=utf-8
content-length: 1228
cache-control: public, max-age=432000, no-transform, immutable
content-md5: BORtGMAV58IssuS0Pc79BQ==
last-modified: Tue, 16 Aug 2022 03:35:15 GMT
etag: 0x8DA7F38559D2675
x-cache: TCP_HIT
x-ms-request-id: 924f0bd1-e01e-0018-5fe9-1fc24c000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: 2D3151CAAA0B4494818F7296E111CFE8 Ref B: MNZ221060617019 Ref C: 2023-11-27T18:59:21Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: 09B170F469B647D9B7735D2BBB34152E Ref B: NYCEDGE1417 Ref C: 2023-11-30T17:32:44Z
cf-cache-status: HIT
age: 1
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4de2dcc5695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/rp/H3UzQorzg6GWzCMZR3t2L4ZQBRQ.js
172.67.186.90200 OK 6.0 kB URL GET HTTP/3 jiangshao.fun/rp/H3UzQorzg6GWzCMZR3t2L4ZQBRQ.js
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type ASCII text, with very long lines (5983), with no line terminators
Hash 785d3c1d93d18e5478f0c3ffce35cd03
1f7533428af383a196cc2319477b762f86500514
b32b54f6d1be64df456502b677407d4cfa5f10e98cde9350d9e63331fdbb7bfc
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/H3UzQorzg6GWzCMZR3t2L4ZQBRQ.js HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:45 GMT
content-type: text/javascript; charset=utf-8
content-length: 5983
cache-control: public, max-age=432000, no-transform, immutable
content-md5: eF08HZPRjlR48MP/zjXNAw==
last-modified: Tue, 25 Jul 2023 15:08:24 GMT
etag: 0x8DB8D20FE54521F
x-cache: TCP_REMOTE_HIT
x-ms-request-id: 8830d342-101e-008a-0ee7-1f469a000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: AF1D07CBBE4E4A41801CF310839D2844 Ref B: MNZ221060605027 Ref C: 2023-11-30T17:32:44Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: E8F7F9F140E6473CB1F5BEF17B276A48 Ref B: NYCEDGE1618 Ref C: 2023-11-30T17:32:44Z
cf-cache-status: HIT
age: 1
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4de4de95695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/rp/Yvu4V7hzvXm-5_FtB2akUvonmKM.js
172.67.186.90200 OK 577 B URL GET HTTP/3 jiangshao.fun/rp/Yvu4V7hzvXm-5_FtB2akUvonmKM.js
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type ASCII text, with no line terminators
Hash 51a9ea95d5ed461ed98ac3d23a66aa15
62fbb857b873bd79bee7f16d0766a452fa2798a3
a5b4181611e951faecd6c164d704569c633e95fe68d3d1934b911a089ebf70e8
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/Yvu4V7hzvXm-5_FtB2akUvonmKM.js HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:45 GMT
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=432000
content-md5: UanqldXtRh7ZisPSOmaqFQ==
last-modified: Wed, 24 Jun 2020 04:23:51 GMT
x-cache: TCP_HIT
x-ms-request-id: e0c2d5c4-701e-008c-75e5-1f7525000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: 36BFF40F65124735BB58D0D3E525ABEE Ref B: MNZ221060607019 Ref C: 2023-11-26T06:06:23Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: 9755138277C34BD8A54A3238EA54ADEF Ref B: NYCEDGE1610 Ref C: 2023-11-30T17:32:44Z
cf-cache-status: HIT
age: 1
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4de5e015695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
jiangshao.fun/rp/XcS7FVvrNVdVx4-g2ZHEVpZJd5Q.js
172.67.186.90200 OK 28 kB URL GET HTTP/3 jiangshao.fun/rp/XcS7FVvrNVdVx4-g2ZHEVpZJd5Q.js
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type ASCII text, with very long lines (10033), with CRLF line terminators
Hash 3e1cd65b12888a023f899069eb6fd830
5dc4bb155beb355755c78fa0d991c45696497794
b8bb4d94b0fcfeceae541a257dea9bc8f598c2e008beb857274607868ba3fb10
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/XcS7FVvrNVdVx4-g2ZHEVpZJd5Q.js HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:44 GMT
content-type: text/javascript; charset=utf-8
cache-control: public, max-age=432000
content-md5: PhzWWxKIigI/iZBp62/YMA==
last-modified: Wed, 03 Nov 2021 01:12:41 GMT
x-cache: TCP_HIT
x-ms-request-id: b4c726df-d01e-005e-54c2-1ff6cb000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: C3162748090549758B8288766A14C9C8 Ref B: MNZ221060617017 Ref C: 2023-11-27T16:00:12Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: 677B918CEBEC46858926C5FFC26902F9 Ref B: NYCEDGE1318 Ref C: 2023-11-30T17:32:44Z
cf-cache-status: HIT
age: 0
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4db3aab5695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
jiangshao.fun/rp/fEzca4bKO4pRulhVlOoat7eLgmU.js
172.67.186.90200 OK 2.3 kB URL GET HTTP/3 jiangshao.fun/rp/fEzca4bKO4pRulhVlOoat7eLgmU.js
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type ASCII text, with very long lines (1274), with no line terminators
Hash a969230a51dba5ab5adf5877bcc28cfa
7c4cdc6b86ca3b8a51ba585594ea1ab7b78b8265
8e572950cbda0558f7b9563ce4f5017e06bc9c262cf487e33927a948f8d78f7f
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/fEzca4bKO4pRulhVlOoat7eLgmU.js HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:45 GMT
content-type: text/javascript; charset=utf-8
cache-control: public, max-age=432000
content-md5: qWkjClHbpata31h3vMKM+g==
last-modified: Wed, 23 Feb 2022 17:59:59 GMT
x-cache: TCP_HIT
x-ms-request-id: 964f63c8-901e-005f-42b9-1fa917000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: F520CDCBE46B4582A51FE2FDFA48C9F8 Ref B: MNZ221060607051 Ref C: 2023-11-27T02:59:33Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: FFC6C32F837B4BAE999B9C5C26B27E55 Ref B: EWR311000103017 Ref C: 2023-11-30T17:32:44Z
cf-cache-status: HIT
age: 1
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4defeb75695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
jiangshao.fun/images/sbi?mmasync=1&ptn=Homepage&IID=SBI&IG=A903986D2A5143A0A2E909AB5D6FF6D4&
172.67.186.90200 OK 17 kB URL GET HTTP/3 jiangshao.fun/images/sbi?mmasync=1&ptn=Homepage&IID=SBI&IG=A903986D2A5143A0A2E909AB5D6FF6D4&
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type HTML document, Unicode text, UTF-8 text, with very long lines (29136), with CRLF, LF line terminators
Hash edef73b5ddacab8d256f2c8f1f768b0a
71aecffd977bb03024af24ea86b93cfbbc9f7e92
b3b2c365262bc73b389cbe4bf49c617da1d178fd36ecedc4c7165dccf617b375
Analyzer Verdict Alert OpenPhish phishing Office365
GET /images/sbi?mmasync=1&ptn=Homepage&IID=SBI&IG=A903986D2A5143A0A2E909AB5D6FF6D4& HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jiangshao.fun/
Content-type: application/json
DNT: 1
Connection: keep-alive
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:45 GMT
content-type: text/html; charset=utf-8
cache-control: private
p3p: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
set-cookie: MUID=2FC1AFB77E2E6AA41B79BC6E7F296B55; domain=.bing.com; expires=Tue, 24-Dec-2024 17:32:45 GMT; path=/; secure; SameSite=None
_EDGE_S=SID=1F42C836A7166045339DDBEFA6116184; domain=.bing.com; path=/; HttpOnly
MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; expires=Tue, 24-Dec-2024 17:32:45 GMT; path=/; HttpOnly
SRCHD=AF=NOFORM; domain=.bing.com; expires=Tue, 24-Dec-2024 17:32:45 GMT; path=/; secure; SameSite=None
SRCHUID=V=2&GUID=8F9A2054A3E444F89558BB569340335E&dmnchg=1; domain=.bing.com; expires=Tue, 24-Dec-2024 17:32:45 GMT; path=/; secure; SameSite=None
SRCHUSR=DOB=20231130; domain=.bing.com; expires=Tue, 24-Dec-2024 17:32:45 GMT; path=/; secure; SameSite=None
SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0&SRCHLANG=zh-Hans; domain=.bing.com; expires=Tue, 24-Dec-2024 17:32:45 GMT; path=/; secure; SameSite=None
_SS=SID=1F42C836A7166045339DDBEFA6116184; domain=.bing.com; path=/; secure; SameSite=None
x-eventid: 6568c73d24ae45868a572c220cba6c40
useragentreductionoptout: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 81B435E9DE0B4E2A8D31BD6C07428FEF Ref B: EWR311000107037 Ref C: 2023-11-30T17:32:45Z
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w1dog4px6cvWsS3m%2FkUs0E6QKEXigEiJXJQiiRU2ZrnXTtSdtfBW3VnguV7xKXbQB8QVYeIYQEtTtLWbHX65i4qYcuj5O8uOSii96L8wTk0aZpO%2F6IkxyiyR7Q9s0W%2Bn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82e4d4dd3ca85695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
jiangshao.fun/rp/KjCBfzuZ475zX0-Fu2bdXt9qifQ.js
172.67.186.90200 OK 576 B URL GET HTTP/3 jiangshao.fun/rp/KjCBfzuZ475zX0-Fu2bdXt9qifQ.js
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type ASCII text, with very long lines (576), with no line terminators
Hash f5712e664873fde8ee9044f693cd2db7
2a30817f3b99e3be735f4f85bb66dd5edf6a89f4
1562669ad323019cda49a6cf3bddece1672282e7275f9d963031b30ea845ffb2
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/KjCBfzuZ475zX0-Fu2bdXt9qifQ.js HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:45 GMT
content-type: application/x-javascript; charset=utf-8
content-length: 576
cache-control: public, max-age=432000, no-transform, immutable
content-md5: 9XEuZkhz/ejukET2k80ttw==
last-modified: Tue, 16 Aug 2022 03:40:04 GMT
etag: 0x8DA7F390172E04B
x-cache: TCP_HIT
x-ms-request-id: 4c52c98c-401e-00a8-44d8-1f8385000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: 91D0EF4D250749BF852A21D84B390BB6 Ref B: MNZ221060607007 Ref C: 2023-11-28T13:20:07Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: 05C71A0DF3B3478EBD89F708FD991275 Ref B: EWR311000101009 Ref C: 2023-11-30T17:32:44Z
cf-cache-status: HIT
age: 1
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4dfdfa55695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/rp/zeCxMEtVi23nUD1VnJIBRkRzb4g.js
172.67.186.90200 OK 3.4 kB URL GET HTTP/3 jiangshao.fun/rp/zeCxMEtVi23nUD1VnJIBRkRzb4g.js
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type ASCII text, with very long lines (3363), with no line terminators
Hash fabb77c7ae3fd2271f5909155fb490e5
cde0b1304b558b6de7503d559c92014644736f88
e482bf4baaa167335f326b9b4f4b83e806cc21fb428b988a4932c806d918771c
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/zeCxMEtVi23nUD1VnJIBRkRzb4g.js HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:45 GMT
content-type: text/javascript; charset=utf-8
content-length: 3363
cache-control: public, max-age=432000, no-transform, immutable
content-md5: +rt3x64/0icfWQkVX7SQ5Q==
last-modified: Wed, 21 Jun 2023 19:00:43 GMT
etag: 0x8DB7289D071C4E4
x-cache: TCP_HIT
x-ms-request-id: 4785f2e2-101e-001c-38ce-1f4f4b000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: D207E760771847B48F8BA054526EB0D0 Ref B: MNZ221060617009 Ref C: 2023-11-28T09:22:18Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: D690A7B89D2440F88EAFB43CDE30F55E Ref B: EWR311000103011 Ref C: 2023-11-30T17:32:44Z
cf-cache-status: HIT
age: 1
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4e0a8535695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/rp/Fsa_OI0AplCnVoXGca8ALOo0S0s.svg
172.67.186.90200 OK 282 B URL GET HTTP/3 jiangshao.fun/rp/Fsa_OI0AplCnVoXGca8ALOo0S0s.svg
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type SVG Scalable Vector Graphics image\012- , ASCII text, with CRLF line terminators
Hash e38795b634154ec1ff41c6bcda54ee52
16c6bf388d00a650a75685c671af002cea344b4b
66b589f920473f0fd69c45c8e3c93a95bb456b219cba3d52873f2a3a1880f3f0
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/Fsa_OI0AplCnVoXGca8ALOo0S0s.svg HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:45 GMT
content-type: image/svg+xml
content-length: 282
cache-control: public, max-age=432000, no-transform, immutable
content-md5: 44eVtjQVTsH/Qca82lTuUg==
last-modified: Tue, 16 Aug 2022 03:30:13 GMT
etag: 0x8DA7F37A14FFD30
x-cache: TCP_REMOTE_HIT
x-ms-request-id: 18ac0967-001e-0072-71ad-231a64000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: BEA51D7EC1204856AFA8D621FCB5859B Ref B: MNZ221060607039 Ref C: 2023-11-30T17:32:45Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: 6A7260D6CC7E4283B1508876C30820AB Ref B: EWR311000108039 Ref C: 2023-11-30T17:32:45Z
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4df6f2f5695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/rp/QtZcquNOunoFE0KySXJmXmH6auI.js
172.67.186.90200 OK 2.5 kB URL GET HTTP/3 jiangshao.fun/rp/QtZcquNOunoFE0KySXJmXmH6auI.js
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type ASCII text, with very long lines (2524), with no line terminators
Hash 17cdab99027114dbcbd9d573c5b7a8a9
42d65caae34eba7a051342b24972665e61fa6ae2
5ff6b0f0620aa14559d5d869dbeb96febc4014051fa7d5df20223b10b35312de
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/QtZcquNOunoFE0KySXJmXmH6auI.js HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:45 GMT
content-type: text/javascript; charset=utf-8
content-length: 2524
cache-control: public, max-age=432000, no-transform, immutable
content-md5: F82rmQJxFNvL2dVzxbeoqQ==
last-modified: Wed, 17 Aug 2022 03:25:48 GMT
etag: 0x8DA80002E18A2F4
x-cache: TCP_HIT
x-ms-request-id: f867f170-601e-0029-6dc2-1f235f000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: 234483D9F79E493CB4ABD02F3ACFBB21 Ref B: MNZ221060617033 Ref C: 2023-11-29T22:15:27Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: EF030CB46BA04C319E386EAB008D224B Ref B: EWR311000104009 Ref C: 2023-11-30T17:32:44Z
cf-cache-status: HIT
age: 1
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4e0c86c5695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/rp/f21jlSMmEDN43OaavcdaB-7Phq0.svg
172.67.186.90200 OK 1.1 kB URL GET HTTP/3 jiangshao.fun/rp/f21jlSMmEDN43OaavcdaB-7Phq0.svg
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1111), with no line terminators
Hash 5e834a775c3b3f93f83f7c48e5286257
7f6d63952326103378dce69abdc75a07eecf86ad
006563db23523a6369d81fcfa6f3515f0317cf651d74024635d2bfbe694779b8
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/f21jlSMmEDN43OaavcdaB-7Phq0.svg HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:45 GMT
content-type: image/svg+xml
content-length: 1111
cache-control: public, max-age=432000, no-transform, immutable
content-md5: XoNKd1w7P5P4P3xI5ShiVw==
last-modified: Tue, 10 Jan 2023 09:30:03 GMT
etag: 0x8DAF2ED40F00225
x-cache: TCP_HIT
x-ms-request-id: 611516db-901e-004f-32d6-1f6c7f000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: 827E508069AA41A481D1AE3C27546020 Ref B: MNZ221060618047 Ref C: 2023-11-28T18:46:34Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: DCF81E8556B440379CE8E454D5FB9794 Ref B: NYCEDGE1408 Ref C: 2023-11-30T17:32:45Z
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4df5f265695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/rp/4L4QdyjTv0HYE2Ig2ol9eYoqxg8.svg
172.67.186.90200 OK 1.1 kB URL GET HTTP/3 jiangshao.fun/rp/4L4QdyjTv0HYE2Ig2ol9eYoqxg8.svg
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (796), with CRLF line terminators
Hash 91cd11cfcca65cface96153268d71f63
e0be107728d3bf41d8136220da897d798a2ac60f
8ee1e6d7a487c38412d7b375ac4a6bd7e47f70858055eeb7957226ada05544be
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/4L4QdyjTv0HYE2Ig2ol9eYoqxg8.svg HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:45 GMT
content-type: image/svg+xml
content-length: 1101
cache-control: public, max-age=432000, no-transform, immutable
content-md5: kc0Rz8ymXPrOlhUyaNcfYw==
last-modified: Tue, 16 Aug 2022 03:09:27 GMT
etag: 0x8DA7F34BAE9ECE4
x-cache: TCP_HIT
x-ms-request-id: 19c52a69-a01e-00b0-63bc-1f5ce2000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: 9ACA71B90D13471691BF25A888519B02 Ref B: MNZ221060617053 Ref C: 2023-11-28T18:58:53Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: 90576787CC634F119C271B4F4AA17B3E Ref B: NYCEDGE1719 Ref C: 2023-11-30T17:32:45Z
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4df6f2c5695-OSL
alt-svc: h3=":443"; ma=86400
login.microsoftonline.com/common/oauth2/authorize?client_id=9ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7&response_type=id_token+code&nonce=0c8aaa25-dacc-42ba-8d88-79ef7766219a&redirect_uri=https%3a%2f%2fjiangshao.fun%2forgid%2fidtoken%2fconditional&scope=openid%20email%20profile%209ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7/.default&response_mode=form_post&instance_aware=true&msafed=0&prompt=none&state=%7b%22ig%22%3a%22A903986D2A5143A0A2E909AB5D6FF6D4%22%7d
20.190.181.3200 OK 8.5 kB URL GET HTTP/1.1 login.microsoftonline.com/common/oauth2/authorize?client_id=9ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7&response_type=id_token+code&nonce=0c8aaa25-dacc-42ba-8d88-79ef7766219a&redirect_uri=https%3a%2f%2fjiangshao.fun%2forgid%2fidtoken%2fconditional&scope=openid%20email%20profile%209ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7/.default&response_mode=form_post&instance_aware=true&msafed=0&prompt=none&state=%7b%22ig%22%3a%22A903986D2A5143A0A2E909AB5D6FF6D4%22%7d
IP 20.190.181.3:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Certificate IssuerDigiCert Inc
Subjectstamp2.login.microsoftonline.com
Fingerprint5F:41:B5:48:4D:2A:D3:78:6B:12:6B:D6:0B:85:B4:F8:2A:FF:48:29
ValiditySun, 17 Sep 2023 00:00:00 GMT - Tue, 17 Sep 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (5988), with CRLF, LF line terminators
Hash d4ebfe1fa8a7b3101e3ffc6d5f514585
bed45ffa1910bb18404c22acf0538a9fcda02ccf
099e715cd72709a75c251b01a6d8ef888c426bcd2f9a0255a7e9d51e355d0345
GET /common/oauth2/authorize?client_id=9ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7&response_type=id_token+code&nonce=0c8aaa25-dacc-42ba-8d88-79ef7766219a&redirect_uri=https%3a%2f%2fjiangshao.fun%2forgid%2fidtoken%2fconditional&scope=openid%20email%20profile%209ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7/.default&response_mode=form_post&instance_aware=true&msafed=0&prompt=none&state=%7b%22ig%22%3a%22A903986D2A5143A0A2E909AB5D6FF6D4%22%7d HTTP/1.1
Host: login.microsoftonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Link: <https://aadcdn.msauth.net>; rel=preconnect; crossorigin, <https://aadcdn.msauth.net>; rel=dns-prefetch, <https://aadcdn.msftauth.net>; rel=dns-prefetch
X-DNS-Prefetch-Control: on
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id: 2c3d69f4-35c8-4706-9852-e5b97dc42200
x-ms-ests-server: 2.1.16790.7 - FRC ProdSlices
Referrer-Policy: strict-origin-when-cross-origin
X-XSS-Protection: 0
Set-Cookie: buid=0.AQ8AMe_N-B6jSkuT5F9XHpElWnmtoZ62_ZpPi8MrcPluNMcBAAA.AQABAAEAAAAmoFfGtYxvRrNriQdPKIZ-T5UvwVZJ9X3n8ZO8EDuEzOSJwD0VuSczhZJuCRtYlNo7iTLhn5FxtriSvyU-eoJqmi3Njgh203IAwALa1TPW4d-1Sbb5_hyiew43L2VkFCggAA; expires=Sat, 30-Dec-2023 17:32:45 GMT; path=/; secure; HttpOnly; SameSite=None
esctx-GhONjDlKdpw=AQABAAEAAAAmoFfGtYxvRrNriQdPKIZ-1WcJKsWjBNUpScIcL37X4jcM5Yhr_zCT6PqWeaOmuP-r0p1Xwe3HGtjIxK-7KEiP7RbgB9n7L8zLJFBvfCFO0SfWb_Y1DbCE5BYvb3W0FQ7j_WfJ9IDqvVORcVlcH42k9Y83s4jlOQpqSDCWOvPmPyAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None
fpc=AnVBZAKm5i1Cs1bXGTqMT1yCeMQLAQAAADy--twOAAAA; expires=Sat, 30-Dec-2023 17:32:45 GMT; path=/; secure; HttpOnly; SameSite=None
esctx=PAQABAAEAAAAmoFfGtYxvRrNriQdPKIZ-dlrSV8KvqCa3qfp1D-1uojsVRmmgKEi7V98taEhL0UhEadvXiZg9-SEZaUye4SscDoBQpHcUOap0C-VaQ0u-HdWExjqXCjviAGxPTfI6p7J55WxORHxSgL7yePJuEzsEmc34lOPR1d7ZqMrlU9LwqguBRhKtb8rGJdOqpIndLVsgAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None
x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
stsservicecookie=estsfd; path=/; secure; samesite=none; httponly
Date: Thu, 30 Nov 2023 17:32:44 GMT
Content-Length: 8453
jiangshao.fun/rp/GJDmKr3_TS3Qpm6KEL9UKUQKUO4.jpg
172.67.186.90200 OK 6.8 kB URL GET HTTP/3 jiangshao.fun/rp/GJDmKr3_TS3Qpm6KEL9UKUQKUO4.jpg
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=5, xresolution=74, yresolution=82, resolutionunit=2, software=GIMP 2.10.8, datetime=2019:08:01 11:40:12], progressive, precision 8, 160x160, components 3\012- data
Hash 0c41ee31b04e978b4882d17690f03a3a
1890e62abdff4d2dd0a66e8a10bf5429440a50ee
97785743a5ffc303ff8b7b465cd12af8403f7eed2b2d19687e118e2621059741
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/GJDmKr3_TS3Qpm6KEL9UKUQKUO4.jpg HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:45 GMT
content-type: image/jpeg
content-length: 6817
cache-control: public, max-age=432000, no-transform, immutable
content-md5: DEHuMbBOl4tIgtF2kPA6Og==
last-modified: Tue, 27 Dec 2022 02:23:27 GMT
etag: 0x8DAE7B1566D41DC
x-cache: TCP_HIT
x-ms-request-id: 585f4ef2-501e-008b-08d8-1f1946000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: 5FDB4C3222B54729B3B89B6582C98646 Ref B: MNZ221060606025 Ref C: 2023-11-27T18:56:44Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: DA5EF106CCC94B07BE18E6F9E7A2E1A4 Ref B: EWR311000103027 Ref C: 2023-11-30T17:32:45Z
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4df8f4f5695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/rp/KC_nX2_tPPyFvVw1RK20Yu1FyDk.svg
172.67.186.90200 OK 726 B URL GET HTTP/3 jiangshao.fun/rp/KC_nX2_tPPyFvVw1RK20Yu1FyDk.svg
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (557), with CRLF line terminators
Hash 6601e4a25ab847203e1015b32514b16c
282fe75f6fed3cfc85bd5c3544adb462ed45c839
6e5d3fff70eec85ff6d42c84062076688cb092a3d605f47260dbbe6b3b836b21
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/KC_nX2_tPPyFvVw1RK20Yu1FyDk.svg HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:45 GMT
content-type: image/svg+xml
content-length: 726
cache-control: public, max-age=432000, no-transform, immutable
content-md5: ZgHkolq4RyA+EBWzJRSxbA==
last-modified: Tue, 16 Aug 2022 03:38:50 GMT
etag: 0x8DA7F38D566A323
x-cache: TCP_HIT
x-ms-request-id: a1b69860-b01e-0005-2dce-1ecff0000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: 23A27342AD2D459B88EC3C4445D9F879 Ref B: MNZ221060618039 Ref C: 2023-11-28T13:04:59Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: 8EEA16E0624E4E3C86D812A40E41C122 Ref B: EWR311000106035 Ref C: 2023-11-30T17:32:45Z
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4df7f405695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/rp/hx-eea1zqtCz4K0bW2uH_oN7Fs4.jpg
172.67.186.90200 OK 3.8 kB URL GET HTTP/3 jiangshao.fun/rp/hx-eea1zqtCz4K0bW2uH_oN7Fs4.jpg
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=6, xresolution=86, yresolution=94, resolutionunit=2, software=GIMP 2.10.18, datetime=2020:04:16 19:04:38], progressive, precision 8, 160x160, components 3\012- data
Hash 299a479a2f7f1f30d09545ca8cc5d162
871f9e79ad73aad0b3e0ad1b5b6b87fe837b16ce
b314ead01e8e89c964273418bb1117d24dfe01e4838e7a1b46fa19f64699af05
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/hx-eea1zqtCz4K0bW2uH_oN7Fs4.jpg HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:45 GMT
content-type: image/jpeg
content-length: 3791
cache-control: public, max-age=432000, no-transform, immutable
content-md5: KZpHmi9/HzDQlUXKjMXRYg==
last-modified: Tue, 27 Dec 2022 02:23:27 GMT
etag: 0x8DAE7B1566D68BD
x-cache: TCP_HIT
x-ms-request-id: 6a91f7f5-b01e-0083-72cc-1f0349000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: D183FEE3677747A090662CBB4BB0BB6C Ref B: MNZ221060606037 Ref C: 2023-11-27T18:56:44Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: FE70041BD3E64873A387AB230AC79F26 Ref B: EWR311000107023 Ref C: 2023-11-30T17:32:45Z
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4df8f4d5695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/rp/ln5TQq6AIWfcBlduDk-5bnaJMpY.jpg
172.67.186.90200 OK 4.4 kB URL GET HTTP/3 jiangshao.fun/rp/ln5TQq6AIWfcBlduDk-5bnaJMpY.jpg
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=5, xresolution=74, yresolution=82, resolutionunit=2, software=GIMP 2.10.8, datetime=2019:07:31 17:58:04], progressive, precision 8, 160x160, components 3\012- data
Hash a98a08bdb99b8422c9dc9d6fdd9387c3
967e5342ae802167dc06576e0e4fb96e76893296
5fab9ee214738e71d6c01392ebc7b1eec09ef8e19ca508ef28154e3e7a769acf
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/ln5TQq6AIWfcBlduDk-5bnaJMpY.jpg HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:45 GMT
content-type: image/jpeg
content-length: 4409
cache-control: public, max-age=432000, no-transform, immutable
content-md5: qYoIvbmbhCLJ3J1v3ZOHww==
last-modified: Tue, 27 Dec 2022 02:23:27 GMT
etag: 0x8DAE7B1566D1AF9
x-cache: TCP_HIT
x-ms-request-id: 4bd2d89c-d01e-0071-7a9f-21fb00000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: 5859814362C646EAA5F1475004D3410F Ref B: MNZ221060605053 Ref C: 2023-11-28T13:04:59Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: A4349B2688D14F0BB3946614302EA947 Ref B: EWR311000102033 Ref C: 2023-11-30T17:32:45Z
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4df8f505695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/rp/ni3MyKKVu9pK0SgY6gb6Z2NOGpg.jpg
172.67.186.90200 OK 3.8 kB URL GET HTTP/3 jiangshao.fun/rp/ni3MyKKVu9pK0SgY6gb6Z2NOGpg.jpg
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=5, xresolution=74, yresolution=82, resolutionunit=2, software=GIMP 2.10.8, datetime=2019:08:01 11:43:45], progressive, precision 8, 160x160, components 3\012- data
Hash 281570611f89219a970f2589f98a09db
9e2dccc8a295bbda4ad12818ea06fa67634e1a98
7bdab4155253e159b748e2be6cb1c0af736f18d2a4dbddf79d93d6219a3de9dd
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/ni3MyKKVu9pK0SgY6gb6Z2NOGpg.jpg HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:45 GMT
content-type: image/jpeg
content-length: 3814
cache-control: public, max-age=432000, no-transform, immutable
content-md5: KBVwYR+JIZqXDyWJ+YoJ2w==
last-modified: Tue, 27 Dec 2022 02:23:27 GMT
etag: 0x8DAE7B1566CF413
x-cache: TCP_REMOTE_HIT
x-ms-request-id: 282e1c98-b01e-003a-2fa9-230753000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: A087B896E2434B2FB75E25E00F1C4418 Ref B: MNZ221060606053 Ref C: 2023-11-30T17:32:45Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: E5C73DC5469D48DBBDA93E8F785ACF58 Ref B: NYCEDGE1414 Ref C: 2023-11-30T17:32:45Z
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4df8f595695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/rp/lvCKZ07bEYtoYmY62ifMzVa0RIE.jpg
172.67.186.90200 OK 5.9 kB URL GET HTTP/3 jiangshao.fun/rp/lvCKZ07bEYtoYmY62ifMzVa0RIE.jpg
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=5, xresolution=74, yresolution=82, resolutionunit=2, software=GIMP 2.10.8, datetime=2019:07:31 17:59:08], progressive, precision 8, 160x160, components 3\012- data
Hash f6e70da298349ad94215f0b4a6875037
96f08a674edb118b6862663ada27cccd56b44481
68b6356ba9f37ff17eae98bc094a493075f83d446b1e88f1ed32c2926e72e76c
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/lvCKZ07bEYtoYmY62ifMzVa0RIE.jpg HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:45 GMT
content-type: image/jpeg
content-length: 5944
cache-control: public, max-age=432000, no-transform, immutable
content-md5: 9ucNopg0mtlCFfC0podQNw==
last-modified: Tue, 27 Dec 2022 02:23:27 GMT
etag: 0x8DAE7B1566D1AF9
x-cache: TCP_REMOTE_HIT
x-ms-request-id: ed69d81b-501e-001d-16ac-231097000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: 290BB673EA814E0A919C5D366A521E95 Ref B: MNZ221060617023 Ref C: 2023-11-30T17:32:45Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: E4B0ABFFB7A448C0804E11AA7FCAC6F1 Ref B: NYCEDGE1317 Ref C: 2023-11-30T17:32:45Z
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4df8f585695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/rp/95z5wMy4UcfbSSSlSw780vQ5jKA.jpg
172.67.186.90200 OK 5.4 kB URL GET HTTP/3 jiangshao.fun/rp/95z5wMy4UcfbSSSlSw780vQ5jKA.jpg
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=5, xresolution=74, yresolution=82, resolutionunit=2, software=GIMP 2.10.8, datetime=2019:08:01 11:38:22], progressive, precision 8, 160x160, components 3\012- data
Hash 69d162774f894ff8b920330e376b7a62
f79cf9c0ccb851c7db4924a54b0efcd2f4398ca0
c9faa34663fe19eb4d8c007bf00ad7c4bc993f70c9fc42a04801eccdd59008f7
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/95z5wMy4UcfbSSSlSw780vQ5jKA.jpg HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:45 GMT
content-type: image/jpeg
content-length: 5387
cache-control: public, max-age=432000, no-transform, immutable
content-md5: adFid0+JT/i5IDMON2t6Yg==
last-modified: Tue, 27 Dec 2022 02:23:27 GMT
etag: 0x8DAE7B1566DDD71
x-cache: TCP_REMOTE_HIT
x-ms-request-id: 3a6de4fd-301e-00a2-0536-232732000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: 039FC7B91B094989B0A0FEDAA2363724 Ref B: MNZ221060617017 Ref C: 2023-11-30T17:32:45Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: 5A23B9A956654349887A22400505F7F3 Ref B: EWR311000103023 Ref C: 2023-11-30T17:32:45Z
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4df8f4e5695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/rp/dbmNS45xQvD1diApY1T2HExvOo8.jpg
172.67.186.90200 OK 4.9 kB URL GET HTTP/3 jiangshao.fun/rp/dbmNS45xQvD1diApY1T2HExvOo8.jpg
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=5, xresolution=74, yresolution=82, resolutionunit=2, software=GIMP 2.10.8, datetime=2019:07:31 17:53:43], progressive, precision 8, 160x160, components 3\012- data
Hash fda2ceae0679611937e6e71f701a36ab
75b98d4b8e7142f0f57620296354f61c4c6f3a8f
b818c1e9b0b46cccdc158aca581c3c5f4a9bd3dda380da03af52f43f14f5651e
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/dbmNS45xQvD1diApY1T2HExvOo8.jpg HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:45 GMT
content-type: image/jpeg
content-length: 4934
cache-control: public, max-age=432000, no-transform, immutable
content-md5: /aLOrgZ5YRk35ucfcBo2qw==
last-modified: Tue, 27 Dec 2022 02:23:27 GMT
etag: 0x8DAE7B1566D8FA8
x-cache: TCP_REMOTE_HIT
x-ms-request-id: 018395fe-001e-0096-65ad-2314fa000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: 879EE841CFC345B9B9EFD318363304F9 Ref B: MNZ221060607033 Ref C: 2023-11-30T17:32:45Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: D25991CC53DF4A6E801C723D165E57F6 Ref B: EWR311000103017 Ref C: 2023-11-30T17:32:45Z
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4df8f535695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/rp/FZKT2ZNGon4gVKgSRRkJ3oMsoNE.js
172.67.186.90200 OK 1.1 kB URL GET HTTP/3 jiangshao.fun/rp/FZKT2ZNGon4gVKgSRRkJ3oMsoNE.js
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type ASCII text, with very long lines (1051), with no line terminators
Hash f76d06d7669e399dc0788bc5473562bb
159293d99346a27e2054a812451909de832ca0d1
23f0357ae77648ee38f39960e56507d87f8d690c48e759a0e054f6e691c843ec
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/FZKT2ZNGon4gVKgSRRkJ3oMsoNE.js HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:45 GMT
content-type: text/javascript; charset=utf-8
content-length: 1051
cache-control: public, max-age=432000, no-transform, immutable
content-md5: 920G12aeOZ3AeIvFRzViuw==
last-modified: Tue, 16 Aug 2022 03:30:15 GMT
etag: 0x8DA7F37A26EAA19
x-cache: TCP_MISS
x-ms-request-id: 1ffdc663-001e-005d-12b3-2317af000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: CAE8E3FC04E848D1A6DAC2FC91C0F773 Ref B: MNZ221060617021 Ref C: 2023-11-30T17:32:44Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: D7BA1CD369304849A2D30EBE850E92E8 Ref B: EWR311000103031 Ref C: 2023-11-30T17:32:44Z
cf-cache-status: HIT
age: 1
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4e199525695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/rp/cfeVf2-uV0hUo3ToTbLjztuomWk.jpg
172.67.186.90200 OK 4.5 kB URL GET HTTP/3 jiangshao.fun/rp/cfeVf2-uV0hUo3ToTbLjztuomWk.jpg
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=5, xresolution=74, yresolution=82, resolutionunit=2, software=GIMP 2.10.8, datetime=2019:07:31 17:51:08], progressive, precision 8, 160x158, components 3\012- data
Hash 7aef4ccf6e47b9ba038365cd3d1f5693
71f7957f6fae574854a374e84db2e3cedba89969
08102ba7a0388b1afc9a351b3387b2ddeda846551303170e0273b2f305aeccb2
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/cfeVf2-uV0hUo3ToTbLjztuomWk.jpg HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:45 GMT
content-type: image/jpeg
content-length: 4547
cache-control: public, max-age=432000, no-transform, immutable
content-md5: eu9Mz25HuboDg2XNPR9Wkw==
last-modified: Tue, 27 Dec 2022 02:23:27 GMT
etag: 0x8DAE7B1566DDD71
x-cache: TCP_REMOTE_HIT
x-ms-request-id: 88b32135-401e-00a8-5242-238385000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: DC284A03526741FEA8CB34D27831BC96 Ref B: MNZ221060606017 Ref C: 2023-11-30T17:32:45Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: 58A690D90E3149F396CC53A6D8D26D54 Ref B: EWR311000104017 Ref C: 2023-11-30T17:32:45Z
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4df8f575695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/hp/api/v1/msnpopularnow?&format=json&ecount=20&efirst=0&&
172.67.186.90200 OK 7.4 kB URL GET HTTP/3 jiangshao.fun/hp/api/v1/msnpopularnow?&format=json&ecount=20&efirst=0&&
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (14692), with no line terminators
Hash 8624cfec0c267a9cce277246b3512580
f01fad2bb8d3a25c8c878c9728ad5354baaa8004
8cc281a9d0868d544ebf6457e37682757bef05994600f6005ed4d5ce2c7ed22f
Analyzer Verdict Alert OpenPhish phishing Office365
GET /hp/api/v1/msnpopularnow?&format=json&ecount=20&efirst=0&& HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jiangshao.fun/
Content-type: application/json
DNT: 1
Connection: keep-alive
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:45 GMT
content-type: application/json; charset=utf-8
cache-control: private
p3p: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
set-cookie: MUID=2FC1AFB77E2E6AA41B79BC6E7F296B55; domain=.bing.com; expires=Tue, 24-Dec-2024 17:32:45 GMT; path=/; secure; SameSite=None
_EDGE_S=SID=32B98430EE8D659403F597E9EF026499; domain=.bing.com; path=/; HttpOnly
MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; expires=Tue, 24-Dec-2024 17:32:45 GMT; path=/; HttpOnly
SRCHD=AF=NOFORM; domain=.bing.com; expires=Tue, 24-Dec-2024 17:32:45 GMT; path=/; secure; SameSite=None
SRCHUID=V=2&GUID=63FBBEDFB1F84DF68D30A8847B560491&dmnchg=1; domain=.bing.com; expires=Tue, 24-Dec-2024 17:32:45 GMT; path=/; secure; SameSite=None
SRCHUSR=DOB=20231130; domain=.bing.com; expires=Tue, 24-Dec-2024 17:32:45 GMT; path=/; secure; SameSite=None
SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0&SRCHLANG=zh-Hans; domain=.bing.com; expires=Tue, 24-Dec-2024 17:32:45 GMT; path=/; secure; SameSite=None
_SS=SID=32B98430EE8D659403F597E9EF026499; domain=.bing.com; path=/; secure; SameSite=None
x-eventid: 6568c73d08f344d3a740ca48a318a6d2
useragentreductionoptout: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: BA10542DA8F14E7A8ED3893E758A4A48 Ref B: NYCEDGE1710 Ref C: 2023-11-30T17:32:45Z
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Pub8QewPNYbF4QJHr5I8S3jnj55aYq8xwYPb%2BUo%2Ff7ih%2FOl9SyDiNPvxcWZBBX376wV8vx%2FuovifzxzVg2SAQQxb8%2BDgwUMN6ntOi8HW9%2FgsBnbSS76ABWSwJ9oW4Cwh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82e4d4dd4caf5695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
jiangshao.fun/th?u=https%3a%2f%2fth.bing.com%2fth%3fid%3dORMS.45989d878ec306b8b0644ef93bb1192e%26pid%3dWdp&ehk=H8zWTQLYvsFXw%2bVAYLbOL4huml620E1IQQ1bV%2bOAnNc%3d&w=186&h=88&c=8&rs=2&o=6&pid=WP0
172.67.186.90200 OK 4.0 kB URL GET HTTP/3 jiangshao.fun/th?u=https%3a%2f%2fth.bing.com%2fth%3fid%3dORMS.45989d878ec306b8b0644ef93bb1192e%26pid%3dWdp&ehk=H8zWTQLYvsFXw%2bVAYLbOL4huml620E1IQQ1bV%2bOAnNc%3d&w=186&h=88&c=8&rs=2&o=6&pid=WP0
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 186x88, components 3\012- data
Hash 0a9de5076a6f32e9c17eff16559ec1f2
82499078c6c9f2a0f53ce473945c92f76aad07af
1255252e0abf8b4ae889b7709bf6bf65a713881ad822bda336667076068b6e96
Analyzer Verdict Alert OpenPhish phishing Office365
GET /th?u=https%3a%2f%2fth.bing.com%2fth%3fid%3dORMS.45989d878ec306b8b0644ef93bb1192e%26pid%3dWdp&ehk=H8zWTQLYvsFXw%2bVAYLbOL4huml620E1IQQ1bV%2bOAnNc%3d&w=186&h=88&c=8&rs=2&o=6&pid=WP0 HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:45 GMT
content-type: image/jpeg
content-length: 4045
cache-control: public, max-age=2592000
x-cache: TCP_MISS
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 179D846C0C604BF9B64B919F557BB77A Ref B: NYCEDGE1408 Ref C: 2023-11-30T17:32:45Z
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 82e4d4e0e8ac5695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/rp/UYtUYDcn1oZlFG-YfBPz59zejYI.svg
172.67.186.90200 OK 3.0 kB URL GET HTTP/3 jiangshao.fun/rp/UYtUYDcn1oZlFG-YfBPz59zejYI.svg
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (964), with no line terminators
Hash 88e3ed3dd7eee133f73ffb9d36b04b6f
518b54603727d68665146f987c13f3e7dcde8d82
a39ab0a67c08d907eddb18741460399232202c26648d676a22ad06e9c1d874cb
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/UYtUYDcn1oZlFG-YfBPz59zejYI.svg HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:45 GMT
content-type: image/svg+xml
cache-control: public, max-age=432000
content-md5: iOPtPdfu4TP3P/udNrBLbw==
last-modified: Wed, 24 Jun 2020 04:23:25 GMT
x-cache: TCP_HIT
x-ms-request-id: 1f967c98-401e-0063-39cc-1f80d0000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: CBF51787C9A641B59365C4A252EA1E05 Ref B: MNZ221060617045 Ref C: 2023-11-27T18:27:03Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: 57675676377A443D877D319C10EE307C Ref B: NYCEDGE1717 Ref C: 2023-11-30T17:32:45Z
cf-cache-status: MISS
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4df6f345695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
jiangshao.fun/th?u=https%3a%2f%2fth.bing.com%2fth%3fid%3dORMS.23ccdb35790e760372d823b540d2e429%26pid%3dWdp&ehk=fa5hXij0%2frY9JiZEdn2ED3KvhlcTCHGTSjPB9VPH0bI%3d&w=186&h=88&c=8&rs=2&o=6&pid=WP0
172.67.186.90200 OK 3.9 kB URL GET HTTP/3 jiangshao.fun/th?u=https%3a%2f%2fth.bing.com%2fth%3fid%3dORMS.23ccdb35790e760372d823b540d2e429%26pid%3dWdp&ehk=fa5hXij0%2frY9JiZEdn2ED3KvhlcTCHGTSjPB9VPH0bI%3d&w=186&h=88&c=8&rs=2&o=6&pid=WP0
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 186x88, components 3\012- data
Hash dbdb0551a76a627e3fdbd19cde1d57d2
6331eae232af9b1b48ce4ef402e52af823f9cde9
6f1d6574b1442eb98f6c96f718aaeceae6df417a28164a992c70daae56198fc9
Analyzer Verdict Alert OpenPhish phishing Office365
GET /th?u=https%3a%2f%2fth.bing.com%2fth%3fid%3dORMS.23ccdb35790e760372d823b540d2e429%26pid%3dWdp&ehk=fa5hXij0%2frY9JiZEdn2ED3KvhlcTCHGTSjPB9VPH0bI%3d&w=186&h=88&c=8&rs=2&o=6&pid=WP0 HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:45 GMT
content-type: image/jpeg
content-length: 3922
cache-control: public, max-age=2592000
x-cache: TCP_MISS
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A1AA43CB2B8142119CF9F08D89970CFD Ref B: EWR311000106031 Ref C: 2023-11-30T17:32:45Z
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 82e4d4e0f8b45695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/th?u=https%3a%2f%2fth.bing.com%2fth%3fid%3dORMS.78655cc46d97eecf55e7fd05bb8d8493%26pid%3dWdp&ehk=DpJGzU0H7gXwpf5i%2fwPAE%2bYTyCeMvQ%2fKKnYVlOjGNaI%3d&w=186&h=88&c=8&rs=2&o=6&pid=WP0
172.67.186.90200 OK 4.7 kB URL GET HTTP/3 jiangshao.fun/th?u=https%3a%2f%2fth.bing.com%2fth%3fid%3dORMS.78655cc46d97eecf55e7fd05bb8d8493%26pid%3dWdp&ehk=DpJGzU0H7gXwpf5i%2fwPAE%2bYTyCeMvQ%2fKKnYVlOjGNaI%3d&w=186&h=88&c=8&rs=2&o=6&pid=WP0
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 186x88, components 3\012- data
Hash 61091fb8e482198c900aae96ee0a9c26
3be53d964cbd5485fd2ca572fe2167a925f25761
2e98a413a778447a3e0a4749a79e44ec4c72d6f82cadc84f501f082a80e3fedd
Analyzer Verdict Alert OpenPhish phishing Office365
GET /th?u=https%3a%2f%2fth.bing.com%2fth%3fid%3dORMS.78655cc46d97eecf55e7fd05bb8d8493%26pid%3dWdp&ehk=DpJGzU0H7gXwpf5i%2fwPAE%2bYTyCeMvQ%2fKKnYVlOjGNaI%3d&w=186&h=88&c=8&rs=2&o=6&pid=WP0 HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:45 GMT
content-type: image/jpeg
content-length: 4707
cache-control: public, max-age=2592000
x-cache: TCP_MISS
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 72B83FB802EA483AAD8AB4B5041ED4E7 Ref B: EWR311000108019 Ref C: 2023-11-30T17:32:45Z
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 82e4d4e0e8a55695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/th?u=https%3a%2f%2fth.bing.com%2fth%3fid%3dORMS.8797df4ed4f2f9c21b298f3d0780ba45%26pid%3dWdp&ehk=GcD1ZpH88PHkPdaIBMFdODExfZX7BsvbhBUWhVJNr%2f4%3d&w=186&h=88&c=8&rs=2&o=6&pid=WP0
172.67.186.90200 OK 3.1 kB URL GET HTTP/3 jiangshao.fun/th?u=https%3a%2f%2fth.bing.com%2fth%3fid%3dORMS.8797df4ed4f2f9c21b298f3d0780ba45%26pid%3dWdp&ehk=GcD1ZpH88PHkPdaIBMFdODExfZX7BsvbhBUWhVJNr%2f4%3d&w=186&h=88&c=8&rs=2&o=6&pid=WP0
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 186x88, components 3\012- data
Hash d85036754d4eaa4900561a32193a953a
cc86ea053e748642a759ce8266ddc0856c327047
67f27715fb4a808d5c218418e969e8c837b6be3d61fba0a06a60ad62cbcf5188
Analyzer Verdict Alert OpenPhish phishing Office365
GET /th?u=https%3a%2f%2fth.bing.com%2fth%3fid%3dORMS.8797df4ed4f2f9c21b298f3d0780ba45%26pid%3dWdp&ehk=GcD1ZpH88PHkPdaIBMFdODExfZX7BsvbhBUWhVJNr%2f4%3d&w=186&h=88&c=8&rs=2&o=6&pid=WP0 HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:45 GMT
content-type: image/jpeg
content-length: 3075
cache-control: public, max-age=2592000
x-cache: TCP_MISS
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 970F8F5234774BAC966A400E41DB74CA Ref B: NYCEDGE1412 Ref C: 2023-11-30T17:32:45Z
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 82e4d4e0f8cb5695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/th?u=https%3a%2f%2fth.bing.com%2fth%3fid%3dORMS.bdce9e751bedf6e98f882e3246a19ed2%26pid%3dWdp&ehk=HjxFZiSz3CrH0nAH%2bTtRGdU%2boNN9Gl1r%2bBk81RpZ14Y%3d&w=186&h=88&c=8&rs=2&o=6&pid=WP0
172.67.186.90200 OK 3.0 kB URL GET HTTP/3 jiangshao.fun/th?u=https%3a%2f%2fth.bing.com%2fth%3fid%3dORMS.bdce9e751bedf6e98f882e3246a19ed2%26pid%3dWdp&ehk=HjxFZiSz3CrH0nAH%2bTtRGdU%2boNN9Gl1r%2bBk81RpZ14Y%3d&w=186&h=88&c=8&rs=2&o=6&pid=WP0
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 186x88, components 3\012- data
Hash 64e21579313cc20c8d376ccd5294776b
92546c05e413e217ae6b2827ac515862c006ba3b
9ec0faae2e960aaafb0ba5a1a957cf53269828391924e92cd08552ab518f74bb
Analyzer Verdict Alert OpenPhish phishing Office365
GET /th?u=https%3a%2f%2fth.bing.com%2fth%3fid%3dORMS.bdce9e751bedf6e98f882e3246a19ed2%26pid%3dWdp&ehk=HjxFZiSz3CrH0nAH%2bTtRGdU%2boNN9Gl1r%2bBk81RpZ14Y%3d&w=186&h=88&c=8&rs=2&o=6&pid=WP0 HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:45 GMT
content-type: image/jpeg
content-length: 3033
cache-control: public, max-age=2592000
x-cache: TCP_MISS
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7325FD2359D94F4FA91A9450293A1596 Ref B: NYCEDGE1310 Ref C: 2023-11-30T17:32:45Z
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 82e4d4e0f8c65695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/rp/gDhETIC4523fiuXACrV4Qgflrv8.js
172.67.186.90200 OK 4.4 kB URL GET HTTP/3 jiangshao.fun/rp/gDhETIC4523fiuXACrV4Qgflrv8.js
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type ASCII text, with very long lines (328), with no line terminators
Hash cdddab121eb434876615391ad4107b9a
8038444c80b8e76ddf8ae5c00ab5784207e5aeff
243d212a9ff764ccda9b19c3c823b2f408a0718e56a3e7a8b5b533e108db56cb
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/gDhETIC4523fiuXACrV4Qgflrv8.js HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:45 GMT
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=432000
content-md5: zd2rEh60NIdmFTka1BB7mg==
last-modified: Fri, 18 Dec 2020 02:55:43 GMT
x-cache: TCP_REMOTE_HIT
x-ms-request-id: 631c9cc2-701e-0025-281b-20b457000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: EBA964F2D5964A09AD76B807AD3B5D35 Ref B: MNZ221060617035 Ref C: 2023-11-30T17:32:45Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: 5857038D741840B799FDAF043F423ED4 Ref B: EWR311000106011 Ref C: 2023-11-30T17:32:45Z
cf-cache-status: HIT
age: 0
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4dfffbc5695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
jiangshao.fun/rp/fEzca4bKO4pRulhVlOoat7eLgmU.js
172.67.186.90200 OK 3.5 kB URL GET HTTP/3 jiangshao.fun/rp/fEzca4bKO4pRulhVlOoat7eLgmU.js
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type ASCII text, with very long lines (1274), with no line terminators
Hash a969230a51dba5ab5adf5877bcc28cfa
7c4cdc6b86ca3b8a51ba585594ea1ab7b78b8265
8e572950cbda0558f7b9563ce4f5017e06bc9c262cf487e33927a948f8d78f7f
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/fEzca4bKO4pRulhVlOoat7eLgmU.js HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:44 GMT
content-type: text/javascript; charset=utf-8
cache-control: public, max-age=432000
content-md5: qWkjClHbpata31h3vMKM+g==
last-modified: Wed, 23 Feb 2022 17:59:59 GMT
x-cache: TCP_HIT
x-ms-request-id: 964f63c8-901e-005f-42b9-1fa917000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: F520CDCBE46B4582A51FE2FDFA48C9F8 Ref B: MNZ221060607051 Ref C: 2023-11-27T02:59:33Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: FFC6C32F837B4BAE999B9C5C26B27E55 Ref B: EWR311000103017 Ref C: 2023-11-30T17:32:44Z
cf-cache-status: MISS
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4d6fe2d5695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
jiangshao.fun/rp/gDhETIC4523fiuXACrV4Qgflrv8.js
172.67.186.90200 OK 4.7 kB URL GET HTTP/3 jiangshao.fun/rp/gDhETIC4523fiuXACrV4Qgflrv8.js
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type ASCII text, with very long lines (328), with no line terminators
Hash cdddab121eb434876615391ad4107b9a
8038444c80b8e76ddf8ae5c00ab5784207e5aeff
243d212a9ff764ccda9b19c3c823b2f408a0718e56a3e7a8b5b533e108db56cb
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/gDhETIC4523fiuXACrV4Qgflrv8.js HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:45 GMT
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=432000
content-md5: zd2rEh60NIdmFTka1BB7mg==
last-modified: Fri, 18 Dec 2020 02:55:43 GMT
x-cache: TCP_REMOTE_HIT
x-ms-request-id: 631c9cc2-701e-0025-281b-20b457000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: EBA964F2D5964A09AD76B807AD3B5D35 Ref B: MNZ221060617035 Ref C: 2023-11-30T17:32:45Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: 5857038D741840B799FDAF043F423ED4 Ref B: EWR311000106011 Ref C: 2023-11-30T17:32:45Z
cf-cache-status: MISS
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4d70e515695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
aadcdn.msauth.net/ests/2.1/content/cdnbundles/ux.converged.error.strings-en.min_6evsa3z3joz7vkmhexm7iw2.js
13.107.213.53200 OK 11 kB URL GET HTTP/2 aadcdn.msauth.net/ests/2.1/content/cdnbundles/ux.converged.error.strings-en.min_6evsa3z3joz7vkmhexm7iw2.js
IP 13.107.213.53:443
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://login.microsoftonline.com/common/oauth2/authorize?client_id=9ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7&response_type=id_token+code&nonce=0c8aaa25-dacc-42ba-8d88-79ef7766219a&redirect_uri=https%3a%2f%2fjiangshao.fun%2forgid%2fidtoken%2fconditional&scope=openid%20email%20profile%209ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7/.default&response_mode=form_post&instance_aware=true&msafed=0&prompt=none&state=%7b%22ig%22%3a%22A903986D2A5143A0A2E909AB5D6FF6D4%22%7d
Certificate IssuerDigiCert Inc
Subjectaadcdn.msauth.net
Fingerprint88:95:0C:FA:9D:33:AA:BF:A4:FD:9D:84:A6:E8:02:06:58:50:AD:8C
ValiditySun, 29 Oct 2023 00:00:00 GMT - Tue, 29 Oct 2024 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (30734), with no line terminators
Hash e845520376778e867bbe43077979bb23
b557b50b15c36696558c62ae6bcdd3772b7aa3e3
87f950adb976672a37f2ac84090b7319c93f78756ae3c91303181b9e58629b05
GET /ests/2.1/content/cdnbundles/ux.converged.error.strings-en.min_6evsa3z3joz7vkmhexm7iw2.js HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
Origin: https://login.microsoftonline.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: public, max-age=31536000
content-length: 10620
content-type: application/x-javascript
content-encoding: gzip
content-md5: OZaL9uRNxpR7a9xbSbLRtQ==
last-modified: Wed, 01 Nov 2023 20:13:52 GMT
etag: 0x8DBDB1711107051
x-cache: TCP_HIT
x-ms-request-id: 87ee4e77-201e-0045-082d-236368000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0xXxoZQAAAAAjK60HUZONTJ/Bs2/9XT/FQU1TMDRFREdFMTkxOAAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
x-azure-ref: 0PcdoZQAAAAA3WY92oN0uTbb/bsdrB8rDU1ZHMjBFREdFMDYyMgAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
date: Thu, 30 Nov 2023 17:32:45 GMT
X-Firefox-Spdy: h2
jiangshao.fun/th?u=https%3a%2f%2fth.bing.com%2fth%3fid%3dORMS.e7475b22eeca3a2c6a39ada50aa593ba%26pid%3dWdp&ehk=1IyjM7HMBGYDH2VB4mVP7rojhE3ElSroUAJB9e%2bLN7E%3d&w=186&h=88&c=8&rs=2&o=6&pid=WP0
172.67.186.90200 OK 3.9 kB URL GET HTTP/3 jiangshao.fun/th?u=https%3a%2f%2fth.bing.com%2fth%3fid%3dORMS.e7475b22eeca3a2c6a39ada50aa593ba%26pid%3dWdp&ehk=1IyjM7HMBGYDH2VB4mVP7rojhE3ElSroUAJB9e%2bLN7E%3d&w=186&h=88&c=8&rs=2&o=6&pid=WP0
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 186x88, components 3\012- data
Hash 83f060019fb86221ab89ad4fc4a92e8f
d5eb6ee08dae1f8b3bfe127a541469ccec78937b
2763aa2edaa6a800182028bf10f783aedef761eed9e0d738ceba55dacb07d3f4
Analyzer Verdict Alert OpenPhish phishing Office365
GET /th?u=https%3a%2f%2fth.bing.com%2fth%3fid%3dORMS.e7475b22eeca3a2c6a39ada50aa593ba%26pid%3dWdp&ehk=1IyjM7HMBGYDH2VB4mVP7rojhE3ElSroUAJB9e%2bLN7E%3d&w=186&h=88&c=8&rs=2&o=6&pid=WP0 HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:45 GMT
content-type: image/jpeg
content-length: 3913
cache-control: public, max-age=2592000
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: CB12C1275028424786CA2109D5A3D04F Ref B: NYCEDGE1606 Ref C: 2023-11-30T17:32:45Z
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 82e4d4e108d55695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/th?u=https%3a%2f%2fth.bing.com%2fth%3fid%3dORMS.29f0b87e4ae41fed662a498db62b5c5e%26pid%3dWdp&ehk=QAx5KkrUDN1KfgRVQ8fMPKcWKVL1vqDrOnUk%2ftFExow%3d&w=186&h=88&c=8&rs=2&o=6&pid=WP0
172.67.186.90200 OK 1.7 kB URL GET HTTP/3 jiangshao.fun/th?u=https%3a%2f%2fth.bing.com%2fth%3fid%3dORMS.29f0b87e4ae41fed662a498db62b5c5e%26pid%3dWdp&ehk=QAx5KkrUDN1KfgRVQ8fMPKcWKVL1vqDrOnUk%2ftFExow%3d&w=186&h=88&c=8&rs=2&o=6&pid=WP0
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 186x88, components 3\012- data
Hash b2adba277f37938643f3fdad1f96f452
5e7af1260e8939124efbc19708387c683f0479db
cb0b1f46c336f79fb9ab7cc4d5f4a9ba29e833e59c3a1e30ac1ccc2451e6e9cb
Analyzer Verdict Alert OpenPhish phishing Office365
GET /th?u=https%3a%2f%2fth.bing.com%2fth%3fid%3dORMS.29f0b87e4ae41fed662a498db62b5c5e%26pid%3dWdp&ehk=QAx5KkrUDN1KfgRVQ8fMPKcWKVL1vqDrOnUk%2ftFExow%3d&w=186&h=88&c=8&rs=2&o=6&pid=WP0 HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:45 GMT
content-type: image/jpeg
content-length: 1711
cache-control: public, max-age=2592000
x-cache: TCP_MISS
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 230BBDC5D6E04A23BB61EE14D638E010 Ref B: EWR311000108037 Ref C: 2023-11-30T17:32:45Z
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 82e4d4e108cf5695-OSL
alt-svc: h3=":443"; ma=86400
aadcdn.msauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_ltjvsvk5aekta_kgibi0gg2.css
13.107.213.53200 OK 20 kB URL GET HTTP/2 aadcdn.msauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_ltjvsvk5aekta_kgibi0gg2.css
IP 13.107.213.53:443
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://login.microsoftonline.com/common/oauth2/authorize?client_id=9ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7&response_type=id_token+code&nonce=0c8aaa25-dacc-42ba-8d88-79ef7766219a&redirect_uri=https%3a%2f%2fjiangshao.fun%2forgid%2fidtoken%2fconditional&scope=openid%20email%20profile%209ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7/.default&response_mode=form_post&instance_aware=true&msafed=0&prompt=none&state=%7b%22ig%22%3a%22A903986D2A5143A0A2E909AB5D6FF6D4%22%7d
Certificate IssuerDigiCert Inc
Subjectaadcdn.msauth.net
Fingerprint88:95:0C:FA:9D:33:AA:BF:A4:FD:9D:84:A6:E8:02:06:58:50:AD:8C
ValiditySun, 29 Oct 2023 00:00:00 GMT - Tue, 29 Oct 2024 23:59:59 GMT
File type ASCII text, with very long lines (61177)
Hash 2ed8d5b2f2b901e92d03f9068812341a
8470214fc8e246c3910bcb0eae9070d4abe3a389
1a0ea89ae667420caeae29d594d53258e6ed157dab7e8dfe6f154f0054b0cf99
GET /ests/2.1/content/cdnbundles/converged.v2.login.min_ltjvsvk5aekta_kgibi0gg2.css HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
Origin: https://login.microsoftonline.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: public, max-age=31536000
content-length: 20208
content-type: text/css
content-encoding: gzip
content-md5: znAMuOwBXwRYMjVZ8p4wCw==
last-modified: Wed, 06 Sep 2023 21:22:45 GMT
etag: 0x8DBAF1F69A21EAA
x-cache: TCP_HIT
x-ms-request-id: 481d022c-a01e-0009-5d1b-224460000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0xkZoZQAAAACkcoz6E9GVQ7gOyqTgX8YFQU1TMDRFREdFMTgyMgAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
x-azure-ref: 0PcdoZQAAAAAmXtS2TlcVTqiJxILgOHKbU1ZHMjBFREdFMDYyMgAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
date: Thu, 30 Nov 2023 17:32:45 GMT
X-Firefox-Spdy: h2
jiangshao.fun/rp/fHZP5vAMq4BYyuujjrdIIIijePQ.png
172.67.186.90200 OK 22 kB URL GET HTTP/3 jiangshao.fun/rp/fHZP5vAMq4BYyuujjrdIIIijePQ.png
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type PNG image data, 926 x 92, 8-bit/color RGBA, non-interlaced\012- data
Hash f0d11cde238eb54a334858a3b0432a3f
7c764fe6f00cab8058caeba38eb7482088a378f4
579adf148a5905868140df9075b90a2ff33c9070dfd35b3ab869a2d9aacd9a96
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/fHZP5vAMq4BYyuujjrdIIIijePQ.png HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:45 GMT
content-type: image/png
content-length: 22297
cache-control: public, max-age=432000, no-transform, immutable
content-md5: 8NEc3iOOtUozSFijsEMqPw==
last-modified: Tue, 20 Jun 2023 15:16:37 GMT
etag: 0x8DB71A157AB4902
x-cache: TCP_REMOTE_HIT
x-ms-request-id: 1ff7a842-001e-005d-0db0-2317af000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: 5BE2B433AF45417C83A30C65A65A64A2 Ref B: MNZ221060618035 Ref C: 2023-11-30T17:32:45Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: 93229432D7C645C18A9A60C0EB9FE39A Ref B: NYCEDGE1316 Ref C: 2023-11-30T17:32:45Z
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4e068125695-OSL
alt-svc: h3=":443"; ma=86400
aadcdn.msauth.net/shared/1.0/content/js/ConvergedError_Core_rl_ua24w9JJKp2YHsu_Wzg2.js
13.107.213.53200 OK 96 kB URL GET HTTP/2 aadcdn.msauth.net/shared/1.0/content/js/ConvergedError_Core_rl_ua24w9JJKp2YHsu_Wzg2.js
IP 13.107.213.53:443
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://login.microsoftonline.com/common/oauth2/authorize?client_id=9ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7&response_type=id_token+code&nonce=0c8aaa25-dacc-42ba-8d88-79ef7766219a&redirect_uri=https%3a%2f%2fjiangshao.fun%2forgid%2fidtoken%2fconditional&scope=openid%20email%20profile%209ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7/.default&response_mode=form_post&instance_aware=true&msafed=0&prompt=none&state=%7b%22ig%22%3a%22A903986D2A5143A0A2E909AB5D6FF6D4%22%7d
Certificate IssuerDigiCert Inc
Subjectaadcdn.msauth.net
Fingerprint88:95:0C:FA:9D:33:AA:BF:A4:FD:9D:84:A6:E8:02:06:58:50:AD:8C
ValiditySun, 29 Oct 2023 00:00:00 GMT - Tue, 29 Oct 2024 23:59:59 GMT
File type ASCII text, with very long lines (64616)
Hash ae5fee6b6e30f4924aa76607b2efd6ce
ad60d313b759132b57991f29418d0aac5dea9fc7
53705874cc111ba32b64bd9147c415f9a2f4aeb774d58a7c511a5f2f14f7f32a
GET /shared/1.0/content/js/ConvergedError_Core_rl_ua24w9JJKp2YHsu_Wzg2.js HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
Origin: https://login.microsoftonline.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: public, max-age=31536000
content-length: 95979
content-type: application/x-javascript
content-encoding: gzip
content-md5: pznfiBtHKO1AMgKdbJV8vQ==
last-modified: Tue, 31 Oct 2023 21:22:49 GMT
etag: 0x8DBDA5788A5FDB6
x-cache: TCP_HIT
x-ms-request-id: dbffc97a-f01e-0040-3a05-20e462000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0NdNnZQAAAABB+55OTQWdQ4Beeqo5TnmGQU1TMDRFREdFMTkxOAAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
x-azure-ref: 0PcdoZQAAAACCm4JjGwUJTaS0+n4GN+HAU1ZHMjBFREdFMDYyMgAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
date: Thu, 30 Nov 2023 17:32:45 GMT
X-Firefox-Spdy: h2
jiangshao.fun/th?u=https%3a%2f%2fth.bing.com%2fth%3fid%3dORMS.3ee5b816baeb007810a0e589d4155697%26pid%3dWdp&ehk=7fLgpH%2fJAxeCmeeM8m7oC7Sve01qlNVj%2fgsfms2GbqI%3d&w=186&h=88&c=8&rs=2&o=6&pid=WP0
172.67.186.90200 OK 3.5 kB URL GET HTTP/3 jiangshao.fun/th?u=https%3a%2f%2fth.bing.com%2fth%3fid%3dORMS.3ee5b816baeb007810a0e589d4155697%26pid%3dWdp&ehk=7fLgpH%2fJAxeCmeeM8m7oC7Sve01qlNVj%2fgsfms2GbqI%3d&w=186&h=88&c=8&rs=2&o=6&pid=WP0
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 186x88, components 3\012- data
Hash 60593718ddd1b815feb1240892c74272
428e07a3c2cda68bd3c06a6ef970f3b32f362f57
dcd24ba7b29015568e8c9b1f9594643b9418632c0c2c401ea325b572d5ff68fa
Analyzer Verdict Alert OpenPhish phishing Office365
GET /th?u=https%3a%2f%2fth.bing.com%2fth%3fid%3dORMS.3ee5b816baeb007810a0e589d4155697%26pid%3dWdp&ehk=7fLgpH%2fJAxeCmeeM8m7oC7Sve01qlNVj%2fgsfms2GbqI%3d&w=186&h=88&c=8&rs=2&o=6&pid=WP0 HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:45 GMT
content-type: image/jpeg
content-length: 3540
cache-control: public, max-age=2592000
x-cache: TCP_MISS
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 153C61C6F54D47CE8B01AC6EE9C0E569 Ref B: NYCEDGE1307 Ref C: 2023-11-30T17:32:45Z
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 82e4d4e128f65695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/th?u=https%3a%2f%2fth.bing.com%2fth%3fid%3dORMS.d26f0c14e93597dafb2801d56ed1288c%26pid%3dWdp&ehk=9huVsiNfFb96e0MwBzvgJ7St9YzQZRCKd7krdzi9FmI%3d&w=186&h=88&c=8&rs=2&o=6&pid=WP0
172.67.186.90200 OK 2.6 kB URL GET HTTP/3 jiangshao.fun/th?u=https%3a%2f%2fth.bing.com%2fth%3fid%3dORMS.d26f0c14e93597dafb2801d56ed1288c%26pid%3dWdp&ehk=9huVsiNfFb96e0MwBzvgJ7St9YzQZRCKd7krdzi9FmI%3d&w=186&h=88&c=8&rs=2&o=6&pid=WP0
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 186x88, components 3\012- data
Hash 4f9aab4926c40b3b10622cb412b6f9a7
14ae30322ec2434976f9570b7f7064773b41f63e
4f1908fe14a2d840c00b48744de80c742db3d7e02e19819342a13309996e4969
Analyzer Verdict Alert OpenPhish phishing Office365
GET /th?u=https%3a%2f%2fth.bing.com%2fth%3fid%3dORMS.d26f0c14e93597dafb2801d56ed1288c%26pid%3dWdp&ehk=9huVsiNfFb96e0MwBzvgJ7St9YzQZRCKd7krdzi9FmI%3d&w=186&h=88&c=8&rs=2&o=6&pid=WP0 HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:45 GMT
content-type: image/jpeg
content-length: 2587
cache-control: public, max-age=2592000
x-cache: TCP_MISS
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 20DB94DA18D64C96947B875462C4A4C1 Ref B: EWR311000104017 Ref C: 2023-11-30T17:32:45Z
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 82e4d4e118eb5695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/th?u=https%3a%2f%2fth.bing.com%2fth%3fid%3dORMS.cda572c98f83a33de8ec8123374deaef%26pid%3dWdp&ehk=0BR01o8%2bJ%2fid5ZiloO67fT8CMgoyY5h%2fGWPV%2fO76Xto%3d&w=186&h=88&c=8&rs=2&o=6&pid=WP0
172.67.186.90200 OK 3.8 kB URL GET HTTP/3 jiangshao.fun/th?u=https%3a%2f%2fth.bing.com%2fth%3fid%3dORMS.cda572c98f83a33de8ec8123374deaef%26pid%3dWdp&ehk=0BR01o8%2bJ%2fid5ZiloO67fT8CMgoyY5h%2fGWPV%2fO76Xto%3d&w=186&h=88&c=8&rs=2&o=6&pid=WP0
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 186x88, components 3\012- data
Hash 003b66a60352bc2569cf6983a38ee8c7
092a19270ddb3f09db203812cedb116eceb83a16
a8265bcd7bc5429be1990c585f1ab4daea8f8d4b603c53e6adeab157a48b459c
Analyzer Verdict Alert OpenPhish phishing Office365
GET /th?u=https%3a%2f%2fth.bing.com%2fth%3fid%3dORMS.cda572c98f83a33de8ec8123374deaef%26pid%3dWdp&ehk=0BR01o8%2bJ%2fid5ZiloO67fT8CMgoyY5h%2fGWPV%2fO76Xto%3d&w=186&h=88&c=8&rs=2&o=6&pid=WP0 HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:45 GMT
content-type: image/jpeg
content-length: 3828
cache-control: public, max-age=2592000
x-cache: TCP_MISS
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A1227B502B944077BD328BECDDC69E3B Ref B: NYCEDGE1411 Ref C: 2023-11-30T17:32:45Z
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 82e4d4e118ec5695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/th?u=https%3a%2f%2fth.bing.com%2fth%3fid%3dORMS.aabad0c7225e8db330cbd7b37ee8048c%26pid%3dWdp&ehk=J04IZxozHJVJW%2bpM%2b5Fyzp0nyakH84XfCAfi4IiaByk%3d&w=186&h=88&c=8&rs=2&o=6&pid=WP0
172.67.186.90200 OK 3.1 kB URL GET HTTP/3 jiangshao.fun/th?u=https%3a%2f%2fth.bing.com%2fth%3fid%3dORMS.aabad0c7225e8db330cbd7b37ee8048c%26pid%3dWdp&ehk=J04IZxozHJVJW%2bpM%2b5Fyzp0nyakH84XfCAfi4IiaByk%3d&w=186&h=88&c=8&rs=2&o=6&pid=WP0
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 186x88, components 3\012- data
Hash 8eaa17a7c4993d1ec6074df856b72512
9d4654ca637a42310bf6a28fc76073d1c79b23e2
2d0f19b7ef4cfb1712a20d4295f9a4413a67fdfa01b32e01a9e56a8ec5d4f557
Analyzer Verdict Alert OpenPhish phishing Office365
GET /th?u=https%3a%2f%2fth.bing.com%2fth%3fid%3dORMS.aabad0c7225e8db330cbd7b37ee8048c%26pid%3dWdp&ehk=J04IZxozHJVJW%2bpM%2b5Fyzp0nyakH84XfCAfi4IiaByk%3d&w=186&h=88&c=8&rs=2&o=6&pid=WP0 HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:45 GMT
content-type: image/jpeg
content-length: 3134
cache-control: public, max-age=2592000
x-cache: TCP_MISS
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0A00EE103B9948EE8D7FE8DAD6F4708F Ref B: NYCEDGE1720 Ref C: 2023-11-30T17:32:45Z
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 82e4d4e118ef5695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/th?u=https%3a%2f%2fth.bing.com%2fth%3fid%3dORMS.9e09ad6e18e3b45b12506bc9fec4b6d9%26pid%3dWdp&ehk=HkU8uXdHCt%2bUdXvOMkpXVRw8WzSizPwetqvPGidG2HE%3d&w=186&h=88&c=8&rs=2&o=6&pid=WP0
172.67.186.90200 OK 4.6 kB URL GET HTTP/3 jiangshao.fun/th?u=https%3a%2f%2fth.bing.com%2fth%3fid%3dORMS.9e09ad6e18e3b45b12506bc9fec4b6d9%26pid%3dWdp&ehk=HkU8uXdHCt%2bUdXvOMkpXVRw8WzSizPwetqvPGidG2HE%3d&w=186&h=88&c=8&rs=2&o=6&pid=WP0
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 186x88, components 3\012- data
Hash 2135ec10407566c9a4345e8735e149a1
11cb0b72ebcdffb64c3e14e53b2ad37b6639100a
31eddec79a2672f60895fbab7bc260c81e56b1729be57c4f7ea12d4d5c725e31
Analyzer Verdict Alert OpenPhish phishing Office365
GET /th?u=https%3a%2f%2fth.bing.com%2fth%3fid%3dORMS.9e09ad6e18e3b45b12506bc9fec4b6d9%26pid%3dWdp&ehk=HkU8uXdHCt%2bUdXvOMkpXVRw8WzSizPwetqvPGidG2HE%3d&w=186&h=88&c=8&rs=2&o=6&pid=WP0 HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:45 GMT
content-type: image/jpeg
content-length: 4619
cache-control: public, max-age=2592000
x-cache: TCP_MISS
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7C9AE1609B9546DEA6D48A1A06F17B4C Ref B: EWR311000104011 Ref C: 2023-11-30T17:32:45Z
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 82e4d4e128f05695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/th?u=https%3a%2f%2fth.bing.com%2fth%3fid%3dORMS.179d75a1c00337748175da4aac89fccf%26pid%3dWdp&ehk=9Z1nxv75XFWF6pm%2fg2AWh3FSGARVF2jXpXC2bjr4djI%3d&w=186&h=88&c=8&rs=2&o=6&pid=WP0
172.67.186.90200 OK 2.6 kB URL GET HTTP/3 jiangshao.fun/th?u=https%3a%2f%2fth.bing.com%2fth%3fid%3dORMS.179d75a1c00337748175da4aac89fccf%26pid%3dWdp&ehk=9Z1nxv75XFWF6pm%2fg2AWh3FSGARVF2jXpXC2bjr4djI%3d&w=186&h=88&c=8&rs=2&o=6&pid=WP0
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 186x88, components 3\012- data
Hash 03c2bbabeb6c005e2c6becce9e3914cd
b927343572461339f58aa30e24b8438cf0084eb2
e805241107db1ac650d5999ac42f31bc36ce2faccd17522bd7567fde8e59b0c4
Analyzer Verdict Alert OpenPhish phishing Office365
GET /th?u=https%3a%2f%2fth.bing.com%2fth%3fid%3dORMS.179d75a1c00337748175da4aac89fccf%26pid%3dWdp&ehk=9Z1nxv75XFWF6pm%2fg2AWh3FSGARVF2jXpXC2bjr4djI%3d&w=186&h=88&c=8&rs=2&o=6&pid=WP0 HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:45 GMT
content-type: image/jpeg
content-length: 2641
cache-control: public, max-age=2592000
x-cache: TCP_MISS
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: BBBEA6AC797940AB88677B631A2EC15E Ref B: NYCEDGE1321 Ref C: 2023-11-30T17:32:45Z
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 82e4d4e118e45695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/th?u=https%3a%2f%2fth.bing.com%2fth%3fid%3dORMS.25b73fb34d056c017a2185c85263916e%26pid%3dWdp&ehk=EQK3rzKU82aC3lHHpuftcfQLsciIColEh60EHZCrBgw%3d&w=186&h=88&c=8&rs=2&o=6&pid=WP0
172.67.186.90200 OK 3.6 kB URL GET HTTP/3 jiangshao.fun/th?u=https%3a%2f%2fth.bing.com%2fth%3fid%3dORMS.25b73fb34d056c017a2185c85263916e%26pid%3dWdp&ehk=EQK3rzKU82aC3lHHpuftcfQLsciIColEh60EHZCrBgw%3d&w=186&h=88&c=8&rs=2&o=6&pid=WP0
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 186x88, components 3\012- data
Hash f25b8e0e01bd60c4f79653e0cc0ec06b
7d1975fb3f7bb6882622c9b85a2130cf7d9c12ae
395dc993bfcbc68e944d364bb1bdeaedcfed1f93a6000c32adaf18dcae8eaa9e
Analyzer Verdict Alert OpenPhish phishing Office365
GET /th?u=https%3a%2f%2fth.bing.com%2fth%3fid%3dORMS.25b73fb34d056c017a2185c85263916e%26pid%3dWdp&ehk=EQK3rzKU82aC3lHHpuftcfQLsciIColEh60EHZCrBgw%3d&w=186&h=88&c=8&rs=2&o=6&pid=WP0 HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:45 GMT
content-type: image/jpeg
content-length: 3600
cache-control: public, max-age=2592000
x-cache: TCP_MISS
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E060424346D1423FBD09950A058CEBDD Ref B: NYCEDGE1614 Ref C: 2023-11-30T17:32:45Z
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 82e4d4e138ff5695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/th?u=https%3a%2f%2fth.bing.com%2fth%3fid%3dORMS.a46e94145f1e935da1415efef926517c%26pid%3dWdp&ehk=Bexfb5rcmt7nTDL9eTrWHJ1dJdalYtqrSG019KkSm%2bw%3d&w=186&h=88&c=8&rs=2&o=6&pid=WP0
172.67.186.90200 OK 3.2 kB URL GET HTTP/3 jiangshao.fun/th?u=https%3a%2f%2fth.bing.com%2fth%3fid%3dORMS.a46e94145f1e935da1415efef926517c%26pid%3dWdp&ehk=Bexfb5rcmt7nTDL9eTrWHJ1dJdalYtqrSG019KkSm%2bw%3d&w=186&h=88&c=8&rs=2&o=6&pid=WP0
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 186x88, components 3\012- data
Hash 10f8cf1c24f931dfe96b0390ad87d655
a53ee9d39657e668340b9e049a13632699d827dd
d837722fca4effcd69b8e195f3b43b07a88afba92b4df03e5d7a9d0d5af46aec
Analyzer Verdict Alert OpenPhish phishing Office365
GET /th?u=https%3a%2f%2fth.bing.com%2fth%3fid%3dORMS.a46e94145f1e935da1415efef926517c%26pid%3dWdp&ehk=Bexfb5rcmt7nTDL9eTrWHJ1dJdalYtqrSG019KkSm%2bw%3d&w=186&h=88&c=8&rs=2&o=6&pid=WP0 HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:45 GMT
content-type: image/jpeg
content-length: 3157
cache-control: public, max-age=2592000
x-cache: TCP_MISS
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8B22E088EABF4B869398F4BB86BA5488 Ref B: EWR311000104009 Ref C: 2023-11-30T17:32:45Z
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 82e4d4e128f75695-OSL
alt-svc: h3=":443"; ma=86400
r.bing.com/rs/79/x2/nj/V9Lbi4rGakA-OjwcLcoh5jr1zfY.js?or=w
23.36.79.19200 OK 356 B URL GET HTTP/3 r.bing.com/rs/79/x2/nj/V9Lbi4rGakA-OjwcLcoh5jr1zfY.js?or=w
IP 23.36.79.19:443
ASN #20940 Akamai International B.V.
Certificate IssuerMicrosoft Corporation
Subjectr.bing.com
Fingerprint23:E0:B1:D9:C5:02:8F:FE:35:CB:2A:E6:86:20:A8:83:F8:82:34:9B
ValidityWed, 18 Oct 2023 20:32:40 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (520), with no line terminators
Hash f03cfee55a7f1e0b91dd062a5654fc3d
57d2db8b8ac66a403e3a3c1c2dca21e63af5cdf6
39477bae95ee7073936851a67106a42f585454ebd6c4feadeacc818c52da49a4
GET /rs/79/x2/nj/V9Lbi4rGakA-OjwcLcoh5jr1zfY.js?or=w HTTP/1.1
Host: r.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://jiangshao.fun
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-length: 356
content-type: application/x-javascript; charset=utf-8
server: Kestrel
access-control-allow-headers: *
access-control-allow-origin: *
content-encoding: br
last-modified: Thu, 12 Jan 2023 01:31:54 GMT
x-eventid: 6566ec210965451fabc6784e6fce91b8
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
useragentreductionoptout: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
x-as-instrumentationoptions: AppServerLoggingMaster=1
x-as-machinename: DUBEEAP0000E12A
x-as-suppresssetcookie: 1
content-security-policy-report-only: script-src https: 'strict-dynamic' 'report-sample' 'nonce-2GbAhdFEQCiawW0eFfyiGa8pOGs0u5P1muzwM7H/RdY='; base-uri 'self';report-to csp-endpoint
report-to: {"group":"csp-endpoint","max_age":86400,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingcsp"}]}, {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingrms"}]}
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.5}
cache-control: public, max-age=310462
expires: Mon, 04 Dec 2023 07:47:08 GMT
date: Thu, 30 Nov 2023 17:32:46 GMT
quic-version: 0x00000001
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.0f4f2417.1701365566.1ee3f32
timing-allow-origin: *
aadcdn.msauth.net/ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js
13.107.213.53200 OK 40 kB URL GET HTTP/2 aadcdn.msauth.net/ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js
IP 13.107.213.53:443
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://login.microsoftonline.com/common/oauth2/authorize?client_id=9ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7&response_type=id_token+code&nonce=0c8aaa25-dacc-42ba-8d88-79ef7766219a&redirect_uri=https%3a%2f%2fjiangshao.fun%2forgid%2fidtoken%2fconditional&scope=openid%20email%20profile%209ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7/.default&response_mode=form_post&instance_aware=true&msafed=0&prompt=none&state=%7b%22ig%22%3a%22A903986D2A5143A0A2E909AB5D6FF6D4%22%7d
Certificate IssuerDigiCert Inc
Subjectaadcdn.msauth.net
Fingerprint88:95:0C:FA:9D:33:AA:BF:A4:FD:9D:84:A6:E8:02:06:58:50:AD:8C
ValiditySun, 29 Oct 2023 00:00:00 GMT - Tue, 29 Oct 2024 23:59:59 GMT
File type ASCII text, with very long lines (65450), with CRLF line terminators
Hash 75cf78d0e38c65a538ad253ca9e48dbe
bf0452e4a42a9af3b69d5d8c3a3a0433f14921b6
df2aa8537c1992c94846a0ffffaa9031d430d9d0210b9e396ec059aff62627e0
GET /ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
Origin: https://login.microsoftonline.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000
content-length: 40454
content-type: application/x-javascript
content-encoding: gzip
content-md5: HWW92uTq7vx3y5z+zFZbXQ==
last-modified: Fri, 26 Feb 2021 06:13:13 GMT
etag: 0x8D8DA1D997CA245
x-cache: TCP_HIT
x-ms-request-id: 7fde0207-e01e-001d-5110-1b584a000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0QYNbZQAAAAChEMJ1jhBJRZGU1TUUghMAQU1TMDRFREdFMTkwOAAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
x-azure-ref: 0PsdoZQAAAACzZ260jj7qRIGeuSU75OzsU1ZHMjBFREdFMDYyMgAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
date: Thu, 30 Nov 2023 17:32:45 GMT
X-Firefox-Spdy: h2
jiangshao.fun/rp/eXfvbnlHE4C4eHtbcUjp_wp0ogM.js
172.67.186.90200 OK 2.0 kB URL GET HTTP/3 jiangshao.fun/rp/eXfvbnlHE4C4eHtbcUjp_wp0ogM.js
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type ASCII text, with very long lines (2009), with no line terminators
Hash 601102ca711e0b4140af45c1657db13f
7977ef6e79471380b8787b5b7148e9ff0a74a203
e47318cd9d80769ac59e732347fb4f574cd4eea9e2c787f3a996805265069001
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/eXfvbnlHE4C4eHtbcUjp_wp0ogM.js HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:46 GMT
content-type: text/javascript; charset=utf-8
content-length: 2009
cache-control: public, max-age=432000, no-transform, immutable
content-md5: YBECynEeC0FAr0XBZX2xPw==
last-modified: Fri, 06 Oct 2023 19:35:02 GMT
etag: 0x8DBC6A355CC5334
x-cache: TCP_HIT
x-ms-request-id: 76542b53-f01e-0066-1cd2-1f520b000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: 0E8BC2C78E0C42328C02874A23282230 Ref B: MNZ221060618049 Ref C: 2023-11-28T08:19:40Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: C22ACCC2865B4AD3A5000D390D3AD639 Ref B: NYCEDGE1713 Ref C: 2023-11-30T17:32:44Z
cf-cache-status: HIT
age: 2
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4e3ebd15695-OSL
alt-svc: h3=":443"; ma=86400
assets.msn.com/bundles/v1/bingHomepage/latest/widget-initializer.js
23.36.79.8200 OK 6.6 kB URL GET HTTP/2 assets.msn.com/bundles/v1/bingHomepage/latest/widget-initializer.js
IP 23.36.79.8:443
ASN #20940 Akamai International B.V.
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (19627)
Hash 6a57e4acae2d82619ad37056e8de818a
10845130b44263a871d825caee336b4b096e74f7
92e6a2ae0de1410b072a98d819eb590b3beb6a7e8bff47f9f86213cd56102e53
GET /bundles/v1/bingHomepage/latest/widget-initializer.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://jiangshao.fun
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-length: 6648
content-md5: VrCV+unB2D4FKgPCz6DrpQ==
last-modified: Wed, 15 Nov 2023 03:40:56 GMT
etag: 0x8DBE58CACFD7C32
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 6daa4f7b-c01e-0107-62d2-17e46c000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Thu, 30 Nov 2023 17:32:46 GMT
akamai-request-bc: [a=23.36.79.4,b=3814177267,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=1, clienttt; dur=1, origin; dur=0 , cdntime; dur=1
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 23.36.79.4
akamai-request-id: e357b9f3
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=86400
timing-allow-origin: *
akamai-grn: 0.044f2417.1701365566.e357b9f3
vary: Origin
X-Firefox-Spdy: h2
jiangshao.fun/rp/bVDj-v45uX-PoSRsOWdRtQ3qRx4.js
172.67.186.90200 OK 28 kB URL GET HTTP/3 jiangshao.fun/rp/bVDj-v45uX-PoSRsOWdRtQ3qRx4.js
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type ASCII text, with very long lines (28425), with no line terminators
Hash fe527822ec006ea4236bf1104d89d9c9
6d50e3fafe39b97f8fa1246c396751b50dea471e
7906cd35b4b7c2b3f3993c507247e9a4a63a7e645845988220267a803ba54970
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/bVDj-v45uX-PoSRsOWdRtQ3qRx4.js HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:46 GMT
content-type: text/javascript; charset=utf-8
content-length: 28425
cache-control: public, max-age=432000, no-transform, immutable
content-md5: /lJ4IuwAbqQja/EQTYnZyQ==
last-modified: Tue, 24 Oct 2023 21:10:33 GMT
etag: 0x8DBD4D5A95F79E7
x-cache: TCP_HIT
x-ms-request-id: f432ab73-d01e-0085-592e-2030f6000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: 52081F9E405546D798A15F4A7075444F Ref B: MNZ221060617045 Ref C: 2023-11-28T13:08:41Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: A5652E06952840B38FE5A61763F45EF5 Ref B: NYCEDGE1414 Ref C: 2023-11-30T17:32:44Z
cf-cache-status: HIT
age: 2
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4e42c0b5695-OSL
alt-svc: h3=":443"; ma=86400
aadcdn.msauth.net/ests/2.1/content/cdnbundles/frameworksupport.min_oadrnc13magb009k4d20lg2.js
13.107.213.53200 OK 4.9 kB URL GET HTTP/2 aadcdn.msauth.net/ests/2.1/content/cdnbundles/frameworksupport.min_oadrnc13magb009k4d20lg2.js
IP 13.107.213.53:443
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://login.microsoftonline.com/common/oauth2/authorize?client_id=9ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7&response_type=id_token+code&nonce=0c8aaa25-dacc-42ba-8d88-79ef7766219a&redirect_uri=https%3a%2f%2fjiangshao.fun%2forgid%2fidtoken%2fconditional&scope=openid%20email%20profile%209ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7/.default&response_mode=form_post&instance_aware=true&msafed=0&prompt=none&state=%7b%22ig%22%3a%22A903986D2A5143A0A2E909AB5D6FF6D4%22%7d
Certificate IssuerDigiCert Inc
Subjectaadcdn.msauth.net
Fingerprint88:95:0C:FA:9D:33:AA:BF:A4:FD:9D:84:A6:E8:02:06:58:50:AD:8C
ValiditySun, 29 Oct 2023 00:00:00 GMT - Tue, 29 Oct 2024 23:59:59 GMT
File type ASCII text, with very long lines (512)
Hash 39a0eb35cd7799a181d34f4ae1ddb496
e933ca8534bcb6ad79d240316ce23c8b870050d0
c8cef105fcaf7cbf3f8682c861045505c24d41cf6686c20c1c03e14031a3db69
GET /ests/2.1/content/cdnbundles/frameworksupport.min_oadrnc13magb009k4d20lg2.js HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
Origin: https://login.microsoftonline.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000
content-length: 4880
content-type: application/x-javascript
content-encoding: gzip
content-md5: A8dgUeRfi6/VknMbox6Cuw==
last-modified: Thu, 22 Oct 2020 20:43:21 GMT
etag: 0x8D876CB1D67B929
x-cache: TCP_HIT
x-ms-request-id: 1ce83a6f-e01e-0021-4cd6-168d42000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0sW1VZQAAAADQ4p6zwk4vRIqlkcLnSjqNQU1TMDRFREdFMTgwNwAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
x-azure-ref: 0PsdoZQAAAACH8V4lCS8ASKwAkpZCxoU4U1ZHMjBFREdFMDYyMgAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
date: Thu, 30 Nov 2023 17:32:45 GMT
X-Firefox-Spdy: h2
aadcdn.msauth.net/ests/2.1/content/cdnbundles/watson.min_q5ptmu8aniymd4ftuqdkda2.js
13.107.213.53200 OK 3.9 kB URL GET HTTP/2 aadcdn.msauth.net/ests/2.1/content/cdnbundles/watson.min_q5ptmu8aniymd4ftuqdkda2.js
IP 13.107.213.53:443
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://login.microsoftonline.com/common/oauth2/authorize?client_id=9ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7&response_type=id_token+code&nonce=0c8aaa25-dacc-42ba-8d88-79ef7766219a&redirect_uri=https%3a%2f%2fjiangshao.fun%2forgid%2fidtoken%2fconditional&scope=openid%20email%20profile%209ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7/.default&response_mode=form_post&instance_aware=true&msafed=0&prompt=none&state=%7b%22ig%22%3a%22A903986D2A5143A0A2E909AB5D6FF6D4%22%7d
Certificate IssuerDigiCert Inc
Subjectaadcdn.msauth.net
Fingerprint88:95:0C:FA:9D:33:AA:BF:A4:FD:9D:84:A6:E8:02:06:58:50:AD:8C
ValiditySun, 29 Oct 2023 00:00:00 GMT - Tue, 29 Oct 2024 23:59:59 GMT
File type ASCII text, with very long lines (2054)
Hash 439a53994f1a9c860c7787ed5100ca0c
15ba120f64bbf6a59a457841b10df0d6d1b4574c
441bfa485fb0eb8ad2be7001209868b57c41769cae9512a774419f5882c093e6
GET /ests/2.1/content/cdnbundles/watson.min_q5ptmu8aniymd4ftuqdkda2.js HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
Origin: https://login.microsoftonline.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000
content-length: 3921
content-type: application/x-javascript
content-encoding: gzip
content-md5: up2irhKVlrgd4fr/sCzQ9w==
last-modified: Tue, 28 Jun 2022 20:27:38 GMT
etag: 0x8DA5944A4FF258E
x-cache: TCP_HIT
x-ms-request-id: 06de02a9-501e-004a-74a1-15ea77000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0sW1VZQAAAAB2YI3aB3UfS6+VRjcIS3TmQU1TMDRFREdFMTkwNgAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
x-azure-ref: 0PsdoZQAAAACyje6m7LUUS71+aGzo0EI7U1ZHMjBFREdFMDYyMgAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
date: Thu, 30 Nov 2023 17:32:45 GMT
X-Firefox-Spdy: h2
jiangshao.fun/rp/t6Bkpkzq5ckAnvfW2PY7kNOTPJ0.js
172.67.186.90200 OK 242 B URL GET HTTP/3 jiangshao.fun/rp/t6Bkpkzq5ckAnvfW2PY7kNOTPJ0.js
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type ASCII text, with no line terminators
Hash 6c2c6db3832d53062d303cdff5e2bd30
b7a064a64ceae5c9009ef7d6d8f63b90d3933c9d
06b77ee16a2cd34acd210b4f2b6e423762ea8874bb26ae5a37db9dd01a00ff70
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/t6Bkpkzq5ckAnvfW2PY7kNOTPJ0.js HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:46 GMT
content-type: text/javascript; charset=utf-8
content-length: 242
cache-control: public, max-age=432000, no-transform, immutable
content-md5: bCxts4MtUwYtMDzf9eK9MA==
last-modified: Tue, 06 Jun 2023 10:27:13 GMT
etag: 0x8DB667897FFC1AD
x-cache: TCP_REMOTE_HIT
x-ms-request-id: adf00dac-801e-001e-02c5-22f1f3000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: EA9BC9FB9FC14A89A34DDC2CAEDF2607 Ref B: MNZ221060618021 Ref C: 2023-11-30T17:32:44Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: A6A348F233764289A884821FF624C078 Ref B: NYCEDGE1714 Ref C: 2023-11-30T17:32:44Z
cf-cache-status: HIT
age: 2
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4e49c775695-OSL
alt-svc: h3=":443"; ma=86400
aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/convergederror_customizationloader_d1c2106e02ef578e29a0.js
13.107.213.53200 OK 35 kB URL GET HTTP/2 aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/convergederror_customizationloader_d1c2106e02ef578e29a0.js
IP 13.107.213.53:443
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://login.microsoftonline.com/common/oauth2/authorize?client_id=9ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7&response_type=id_token+code&nonce=0c8aaa25-dacc-42ba-8d88-79ef7766219a&redirect_uri=https%3a%2f%2fjiangshao.fun%2forgid%2fidtoken%2fconditional&scope=openid%20email%20profile%209ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7/.default&response_mode=form_post&instance_aware=true&msafed=0&prompt=none&state=%7b%22ig%22%3a%22A903986D2A5143A0A2E909AB5D6FF6D4%22%7d
Certificate IssuerDigiCert Inc
Subjectaadcdn.msauth.net
Fingerprint88:95:0C:FA:9D:33:AA:BF:A4:FD:9D:84:A6:E8:02:06:58:50:AD:8C
ValiditySun, 29 Oct 2023 00:00:00 GMT - Tue, 29 Oct 2024 23:59:59 GMT
File type ASCII text, with very long lines (56724)
Hash 9c2daa71cb14e1e6ad62d66840364e99
014ef8a5c257a70c769d15448c8c1b8753654138
fc7c50e9f64e0e51fc9a08e50287f2cdb45a733e540e73a43916e9db79ed9173
GET /shared/1.0/content/js/asyncchunk/convergederror_customizationloader_d1c2106e02ef578e29a0.js HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000
content-length: 34590
content-type: application/x-javascript
content-encoding: gzip
content-md5: MJClHEq5xiEzHHNm5z5HSw==
last-modified: Sat, 28 Oct 2023 00:53:34 GMT
etag: 0x8DBD75050292EED
x-cache: TCP_HIT
x-ms-request-id: 15fb762f-101e-0072-7d02-1a9377000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0r4JbZQAAAAD9z+rLQlhFTbjPswi7i1g0QU1TMDRFREdFMTkxNwAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
x-azure-ref: 0PsdoZQAAAAAqQduh0K7jTIT6pOowECLeU1ZHMjBFREdFMDYyMgAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
date: Thu, 30 Nov 2023 17:32:45 GMT
X-Firefox-Spdy: h2
jiangshao.fun/rp/U8SAaavlT9MNn_8df9jCh6-74bE.js
172.67.186.90200 OK 3.1 kB URL GET HTTP/3 jiangshao.fun/rp/U8SAaavlT9MNn_8df9jCh6-74bE.js
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type ASCII text, with very long lines (3102), with no line terminators
Hash dd6a528c55708896155fea98148725fa
53c48069abe54fd30d9fff1d7fd8c287afbbe1b1
635421af44598c7601907a7ad263a3a8925be6495ba349382f02805dbe668566
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/U8SAaavlT9MNn_8df9jCh6-74bE.js HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:46 GMT
content-type: text/javascript; charset=utf-8
content-length: 3102
cache-control: public, max-age=432000, no-transform, immutable
content-md5: 3WpSjFVwiJYVX+qYFIcl+g==
last-modified: Thu, 23 Nov 2023 12:26:24 GMT
etag: 0x8DBEC1F68BE5D3B
x-cache: TCP_MISS
x-ms-request-id: 76d59bb9-501e-0032-0ab3-231d5c000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: 3546694D4789464A982FE768C6CB6A69 Ref B: MNZ221060617011 Ref C: 2023-11-30T17:32:44Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: 86FA6ADE3AEE49388EEA4CFF12DA13B5 Ref B: EWR311000104029 Ref C: 2023-11-30T17:32:44Z
cf-cache-status: HIT
age: 2
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4e4bc885695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/rp/rlQNuNFG4Xz8PQnUazG9FrMwim0.css
172.67.186.90200 OK 824 B URL GET HTTP/3 jiangshao.fun/rp/rlQNuNFG4Xz8PQnUazG9FrMwim0.css
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type ASCII text, with very long lines (824), with no line terminators
Hash 6d94f94bfb17721a8da8b53731eb0601
ae540db8d146e17cfc3d09d46b31bd16b3308a6d
21829c74fce2c9bbbb3099a7a487de71465ed712410c32bc6c69884db07a90dd
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/rlQNuNFG4Xz8PQnUazG9FrMwim0.css HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:46 GMT
content-type: text/css; charset=utf-8
content-length: 824
cache-control: public, max-age=432000, no-transform, immutable
content-md5: bZT5S/sXchqNqLU3MesGAQ==
last-modified: Fri, 03 Feb 2023 20:30:54 GMT
etag: 0x8DB06258CC126AE
x-cache: TCP_REMOTE_HIT
x-ms-request-id: 035ea1fc-201e-0065-63d8-22b36f000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: F6E5949E7CD7485483F8EE9A682A2268 Ref B: MNZ221060618039 Ref C: 2023-11-30T17:32:46Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: A98F32A469BC400BB4BC95D08051E333 Ref B: NYCEDGE1407 Ref C: 2023-11-30T17:32:46Z
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4e3dbac5695-OSL
alt-svc: h3=":443"; ma=86400
aadcdn.msauth.net/shared/1.0/content/images/check_small_48540c930333871c385fcba2c659ccdb.svg
13.107.213.53200 OK 1.0 kB URL GET HTTP/2 aadcdn.msauth.net/shared/1.0/content/images/check_small_48540c930333871c385fcba2c659ccdb.svg
IP 13.107.213.53:443
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://login.microsoftonline.com/common/oauth2/authorize?client_id=9ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7&response_type=id_token+code&nonce=0c8aaa25-dacc-42ba-8d88-79ef7766219a&redirect_uri=https%3a%2f%2fjiangshao.fun%2forgid%2fidtoken%2fconditional&scope=openid%20email%20profile%209ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7/.default&response_mode=form_post&instance_aware=true&msafed=0&prompt=none&state=%7b%22ig%22%3a%22A903986D2A5143A0A2E909AB5D6FF6D4%22%7d
Certificate IssuerDigiCert Inc
Subjectaadcdn.msauth.net
Fingerprint88:95:0C:FA:9D:33:AA:BF:A4:FD:9D:84:A6:E8:02:06:58:50:AD:8C
ValiditySun, 29 Oct 2023 00:00:00 GMT - Tue, 29 Oct 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2370), with CRLF line terminators
Hash c36fa14790dfc6ca22068a958373c2ba
c4e33a1a3356b535eb62ecde6fb0de1232b1b910
22d511adce8d3498f842b05df7281ce582fdc6817fe27606ecd21e72277857f3
GET /shared/1.0/content/images/check_small_48540c930333871c385fcba2c659ccdb.svg HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000
content-length: 1009
content-type: image/svg+xml
content-encoding: gzip
content-md5: iYTzOJM089b1SPwrN/KdOg==
last-modified: Wed, 24 May 2023 10:11:46 GMT
etag: 0x8DB5C3F48118378
x-cache: TCP_HIT
x-ms-request-id: 967740d9-501e-008a-0764-206e33000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0nWFoZQAAAACwFLJP5jsoT4vLva5d6L+oQU1TMDRFREdFMTgxNwAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
x-azure-ref: 0PsdoZQAAAAAlkBNfNh7jR5q/lon1zaUGU1ZHMjBFREdFMDYyMgAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
date: Thu, 30 Nov 2023 17:32:45 GMT
X-Firefox-Spdy: h2
aadcdn.msauth.net/shared/1.0/content/images/close_790189870c9543725dc3f5a15fb25e46.svg
13.107.213.53200 OK 190 B URL GET HTTP/2 aadcdn.msauth.net/shared/1.0/content/images/close_790189870c9543725dc3f5a15fb25e46.svg
IP 13.107.213.53:443
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://login.microsoftonline.com/common/oauth2/authorize?client_id=9ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7&response_type=id_token+code&nonce=0c8aaa25-dacc-42ba-8d88-79ef7766219a&redirect_uri=https%3a%2f%2fjiangshao.fun%2forgid%2fidtoken%2fconditional&scope=openid%20email%20profile%209ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7/.default&response_mode=form_post&instance_aware=true&msafed=0&prompt=none&state=%7b%22ig%22%3a%22A903986D2A5143A0A2E909AB5D6FF6D4%22%7d
Certificate IssuerDigiCert Inc
Subjectaadcdn.msauth.net
Fingerprint88:95:0C:FA:9D:33:AA:BF:A4:FD:9D:84:A6:E8:02:06:58:50:AD:8C
ValiditySun, 29 Oct 2023 00:00:00 GMT - Tue, 29 Oct 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with no line terminators
Hash 40eb39126300b56bf66c20ee75b54093
83678d94097257eb474713dec49e8094f49d2e2a
765709425a5b9209e875dccf2217d3161429d2d48159fc1df7b253b77c1574f4
GET /shared/1.0/content/images/close_790189870c9543725dc3f5a15fb25e46.svg HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000
content-length: 190
content-type: image/svg+xml
content-encoding: gzip
content-md5: rp+/fadJKxLUo+jgFmYTeQ==
last-modified: Wed, 24 May 2023 10:11:46 GMT
etag: 0x8DB5C3F4823AA6E
x-cache: TCP_HIT
x-ms-request-id: 28081a5f-401e-002b-7c0e-238357000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0CNNnZQAAAADUttL0bq0XSZdrt13QBYy9QU1TMDRFREdFMTkxMwAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
x-azure-ref: 0PsdoZQAAAABQkhFO4TBXQ61SYTC9KA9UU1ZHMjBFREdFMDYyMgAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
date: Thu, 30 Nov 2023 17:32:45 GMT
X-Firefox-Spdy: h2
jiangshao.fun/rp/mTvYtesNthcOorYbOfifrZv-tbU.css
172.67.186.90200 OK 610 B URL GET HTTP/3 jiangshao.fun/rp/mTvYtesNthcOorYbOfifrZv-tbU.css
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type ASCII text, with very long lines (610), with no line terminators
Hash f8a63d56887d438392803b9f90b4c119
993bd8b5eb0db6170ea2b61b39f89fad9bfeb5b5
ef156b16fdcf73f670e7d402d4e7980f6558609a39195729f7a144f2d7329bf3
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/mTvYtesNthcOorYbOfifrZv-tbU.css HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:46 GMT
content-type: text/css; charset=utf-8
content-length: 610
cache-control: public, max-age=432000, no-transform, immutable
content-md5: +KY9Voh9Q4OSgDufkLTBGQ==
last-modified: Wed, 31 Aug 2022 07:20:14 GMT
etag: 0x8DA8B213FF4025B
x-cache: TCP_HIT
x-ms-request-id: 8fbfd975-c01e-001f-10c1-22ae2f000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: 2B6FBAEE7DEE4F8DA6F398F71ED3CF3E Ref B: MNZ221060606029 Ref C: 2023-11-29T22:15:32Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: 625629A0B28040878813BB487C3770BB Ref B: EWR311000102039 Ref C: 2023-11-30T17:32:46Z
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4e3dbaf5695-OSL
alt-svc: h3=":443"; ma=86400
login.microsoftonline.com/common/oauth2/authorize?client_id=9ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7&response_type=id_token+code&nonce=0c8aaa25-dacc-42ba-8d88-79ef7766219a&redirect_uri=https%3a%2f%2fjiangshao.fun%2forgid%2fidtoken%2fconditional&scope=openid%20email%20profile%209ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7/.default&response_mode=form_post&instance_aware=true&msafed=0&prompt=none&state=%7b%22ig%22%3a%22A903986D2A5143A0A2E909AB5D6FF6D4%22%7d
20.190.181.3200 OK 8.5 kB URL GET HTTP/1.1 login.microsoftonline.com/common/oauth2/authorize?client_id=9ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7&response_type=id_token+code&nonce=0c8aaa25-dacc-42ba-8d88-79ef7766219a&redirect_uri=https%3a%2f%2fjiangshao.fun%2forgid%2fidtoken%2fconditional&scope=openid%20email%20profile%209ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7/.default&response_mode=form_post&instance_aware=true&msafed=0&prompt=none&state=%7b%22ig%22%3a%22A903986D2A5143A0A2E909AB5D6FF6D4%22%7d
IP 20.190.181.3:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Certificate IssuerDigiCert Inc
Subjectstamp2.login.microsoftonline.com
Fingerprint5F:41:B5:48:4D:2A:D3:78:6B:12:6B:D6:0B:85:B4:F8:2A:FF:48:29
ValiditySun, 17 Sep 2023 00:00:00 GMT - Tue, 17 Sep 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (6127), with CRLF, LF line terminators
Hash ca83bd7bd330ad4cdbf2749120844337
502dc0842452d1c2c482b84c061d0b20248a76bf
807e2acecfe5c11c15eb6d0da0d2887a300007f2517c13a43e6289317439d075
GET /common/oauth2/authorize?client_id=9ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7&response_type=id_token+code&nonce=0c8aaa25-dacc-42ba-8d88-79ef7766219a&redirect_uri=https%3a%2f%2fjiangshao.fun%2forgid%2fidtoken%2fconditional&scope=openid%20email%20profile%209ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7/.default&response_mode=form_post&instance_aware=true&msafed=0&prompt=none&state=%7b%22ig%22%3a%22A903986D2A5143A0A2E909AB5D6FF6D4%22%7d HTTP/1.1
Host: login.microsoftonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/common/oauth2/authorize?client_id=9ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7&response_type=id_token+code&nonce=0c8aaa25-dacc-42ba-8d88-79ef7766219a&redirect_uri=https%3a%2f%2fjiangshao.fun%2forgid%2fidtoken%2fconditional&scope=openid%20email%20profile%209ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7/.default&response_mode=form_post&instance_aware=true&msafed=0&prompt=none&state=%7b%22ig%22%3a%22A903986D2A5143A0A2E909AB5D6FF6D4%22%7d
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: buid=0.AQ8AMe_N-B6jSkuT5F9XHpElWnmtoZ62_ZpPi8MrcPluNMcBAAA.AQABAAEAAAAmoFfGtYxvRrNriQdPKIZ-T5UvwVZJ9X3n8ZO8EDuEzOSJwD0VuSczhZJuCRtYlNo7iTLhn5FxtriSvyU-eoJqmi3Njgh203IAwALa1TPW4d-1Sbb5_hyiew43L2VkFCggAA; esctx-GhONjDlKdpw=AQABAAEAAAAmoFfGtYxvRrNriQdPKIZ-1WcJKsWjBNUpScIcL37X4jcM5Yhr_zCT6PqWeaOmuP-r0p1Xwe3HGtjIxK-7KEiP7RbgB9n7L8zLJFBvfCFO0SfWb_Y1DbCE5BYvb3W0FQ7j_WfJ9IDqvVORcVlcH42k9Y83s4jlOQpqSDCWOvPmPyAA; fpc=AnVBZAKm5i1Cs1bXGTqMT1yCeMQLAQAAADy--twOAAAA; esctx=PAQABAAEAAAAmoFfGtYxvRrNriQdPKIZ-dlrSV8KvqCa3qfp1D-1uojsVRmmgKEi7V98taEhL0UhEadvXiZg9-SEZaUye4SscDoBQpHcUOap0C-VaQ0u-HdWExjqXCjviAGxPTfI6p7J55WxORHxSgL7yePJuEzsEmc34lOPR1d7ZqMrlU9LwqguBRhKtb8rGJdOqpIndLVsgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Link: <https://aadcdn.msauth.net>; rel=preconnect; crossorigin, <https://aadcdn.msauth.net>; rel=dns-prefetch, <https://aadcdn.msftauth.net>; rel=dns-prefetch
X-DNS-Prefetch-Control: on
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id: b2cb063e-2643-4a3e-ba73-63f0b8257f00
x-ms-ests-server: 2.1.16790.7 - SEC ProdSlices
Referrer-Policy: strict-origin-when-cross-origin
X-XSS-Protection: 0
Set-Cookie: buid=0.AQ8AMe_N-B6jSkuT5F9XHpElWnmtoZ62_ZpPi8MrcPluNMcBAAA.AQABAAEAAAAmoFfGtYxvRrNriQdPKIZ-PtEvfYNU-7-aNXdBT3GsI8C9ehrMMSw4VXlC_wMaodskELbhFrd8kP1B9QFLoUuIRcMFbOkPaS_PuJa9TwaYHovTDImJCXXSyTnEWweEBTwgAA; expires=Sat, 30-Dec-2023 17:32:46 GMT; path=/; secure; HttpOnly; SameSite=None
esctx-DdUmkpCgmPE=AQABAAEAAAAmoFfGtYxvRrNriQdPKIZ-IXwMxVdGX9Zfiud1lBPnqnHrqHwT8kYlosrwG51ahNXPj49dLuHBMhfhJQyHxBH2yuR8RFAyX4TBzYCrbMJ7zzUTpgfBkvk1jRUyjQuS1qYHbQgr-r6gcOlQLiNy7d1Lwx7IGToZ104FjemP_SZNMSAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None
fpc=AnVBZAKm5i1Cs1bXGTqMT1yCeMQLAgAAADy--twOAAAA; expires=Sat, 30-Dec-2023 17:32:46 GMT; path=/; secure; HttpOnly; SameSite=None
x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
Date: Thu, 30 Nov 2023 17:32:45 GMT
Content-Length: 8477
jiangshao.fun/rp/fCy-uLDoPoCVSxQ2C0xuQlVQvFQ.css
172.67.186.90200 OK 589 B URL GET HTTP/3 jiangshao.fun/rp/fCy-uLDoPoCVSxQ2C0xuQlVQvFQ.css
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type ASCII text, with very long lines (589), with no line terminators
Hash 7a903a859615d137e561051c006435c2
7c2cbeb8b0e83e80954b14360b4c6e425550bc54
281d6234fd292800c2a5dbd14e524c9cee0d4438188b0b7d873abf41515a7666
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/fCy-uLDoPoCVSxQ2C0xuQlVQvFQ.css HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:46 GMT
content-type: text/css; charset=utf-8
content-length: 589
cache-control: public, max-age=432000, no-transform, immutable
content-md5: epA6hZYV0TflYQUcAGQ1wg==
last-modified: Mon, 15 Aug 2022 22:49:32 GMT
etag: 0x8DA7F106B6E5F95
x-cache: TCP_HIT
x-ms-request-id: 7ffce842-b01e-0083-29d8-220349000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: 1EB8577C63C248E28A77A4007E2ADCB9 Ref B: MNZ221060606033 Ref C: 2023-11-29T22:15:32Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: C9BC10E70F77486F9224A4304820274B Ref B: EWR311000107047 Ref C: 2023-11-30T17:32:46Z
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4e3dbae5695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/rp/pIsVXbvGVHDzgSgqH54h_y3Uayc.css
172.67.186.90200 OK 10 kB URL GET HTTP/3 jiangshao.fun/rp/pIsVXbvGVHDzgSgqH54h_y3Uayc.css
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type ASCII text, with very long lines (10425), with no line terminators
Hash b74765f3d1ed99c2fac3fa5e4202dc4b
a48b155dbbc65470f381282a1f9e21ff2dd46b27
1792b996f940322e3222d3abe4b08a1ae60cd7fda3e186fa008d14c0e541551d
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/pIsVXbvGVHDzgSgqH54h_y3Uayc.css HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:46 GMT
content-type: text/css; charset=utf-8
content-length: 10425
cache-control: public, max-age=432000, no-transform, immutable
content-md5: t0dl89HtmcL6w/peQgLcSw==
last-modified: Thu, 23 Nov 2023 00:00:57 GMT
etag: 0x8DBEBB74514F363
x-cache: TCP_REMOTE_HIT
x-ms-request-id: eb5d4f9a-f01e-00ad-16ac-22515e000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: AC2AD552D2E749809CB12C8D6C5A1295 Ref B: MNZ221060618051 Ref C: 2023-11-30T17:32:46Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: F5D85773B99D4C85944A7681B07EB358 Ref B: NYCEDGE1316 Ref C: 2023-11-30T17:32:46Z
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4e3dbb15695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/rp/N2lJ7oj8-rzNUKGXa9HmrCDrDdw.js
172.67.186.90200 OK 8.5 kB URL GET HTTP/3 jiangshao.fun/rp/N2lJ7oj8-rzNUKGXa9HmrCDrDdw.js
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type ASCII text, with very long lines (8484), with no line terminators
Hash 768c025cadc4cbd980733f771feba772
376949ee88fcfabccd50a1976bd1e6ac20eb0ddc
bd014843a7d652b50956a5faaa927f66f810c8d2086b53a487fe9b45bcdca1b1
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/N2lJ7oj8-rzNUKGXa9HmrCDrDdw.js HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:46 GMT
content-type: text/javascript; charset=utf-8
content-length: 8484
cache-control: public, max-age=432000, no-transform, immutable
content-md5: dowCXK3Ey9mAcz93H+uncg==
last-modified: Tue, 10 Oct 2023 21:42:11 GMT
etag: 0x8DBC9D9C29480EF
x-cache: TCP_REMOTE_HIT
x-ms-request-id: bf70e5dc-f01e-0014-34cd-1f5544000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: 77DC8AB8D4454C1BBB56F2C33044EC39 Ref B: MNZ221060607039 Ref C: 2023-11-30T17:32:46Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: 24C44E08845C48509AE70BE2A5B74631 Ref B: EWR311000103045 Ref C: 2023-11-30T17:32:46Z
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4e3dbaa5695-OSL
alt-svc: h3=":443"; ma=86400
aadcdn.msauth.net/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg
13.107.213.53200 OK 1.4 kB URL GET HTTP/2 aadcdn.msauth.net/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg
IP 13.107.213.53:443
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://login.microsoftonline.com/common/oauth2/authorize?client_id=9ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7&response_type=id_token+code&nonce=0c8aaa25-dacc-42ba-8d88-79ef7766219a&redirect_uri=https%3a%2f%2fjiangshao.fun%2forgid%2fidtoken%2fconditional&scope=openid%20email%20profile%209ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7/.default&response_mode=form_post&instance_aware=true&msafed=0&prompt=none&state=%7b%22ig%22%3a%22A903986D2A5143A0A2E909AB5D6FF6D4%22%7d
Certificate IssuerDigiCert Inc
Subjectaadcdn.msauth.net
Fingerprint88:95:0C:FA:9D:33:AA:BF:A4:FD:9D:84:A6:E8:02:06:58:50:AD:8C
ValiditySun, 29 Oct 2023 00:00:00 GMT - Tue, 29 Oct 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (3651), with no line terminators
Hash ee5c8d9fb6248c938fd0dc19370e90bd
d01a22720918b781338b5bbf9202b241a5f99ee4
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000
content-length: 1435
content-type: image/svg+xml
content-encoding: gzip
content-md5: nzaLxFgP7ZB3dfMcaybWzw==
last-modified: Wed, 24 May 2023 10:11:48 GMT
etag: 0x8DB5C3F4911527F
x-cache: TCP_HIT
x-ms-request-id: bf3c24ae-101e-005e-019f-22f65d000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0tGJoZQAAAACrzEJk38XjTodJA72ldpI/QU1TMDRFREdFMTgxNwAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
x-azure-ref: 0PsdoZQAAAACQqSVf8K6NRJI0+oVk1n/XU1ZHMjBFREdFMDYyMgAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
date: Thu, 30 Nov 2023 17:32:45 GMT
X-Firefox-Spdy: h2
login.microsoftonline.com/common/handlers/watson
20.190.181.3200 OK 265 B URL POST HTTP/1.1 login.microsoftonline.com/common/handlers/watson
IP 20.190.181.3:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://login.microsoftonline.com/common/oauth2/authorize?client_id=9ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7&response_type=id_token+code&nonce=0c8aaa25-dacc-42ba-8d88-79ef7766219a&redirect_uri=https%3a%2f%2fjiangshao.fun%2forgid%2fidtoken%2fconditional&scope=openid%20email%20profile%209ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7/.default&response_mode=form_post&instance_aware=true&msafed=0&prompt=none&state=%7b%22ig%22%3a%22A903986D2A5143A0A2E909AB5D6FF6D4%22%7d
Certificate IssuerDigiCert Inc
Subjectstamp2.login.microsoftonline.com
Fingerprint5F:41:B5:48:4D:2A:D3:78:6B:12:6B:D6:0B:85:B4:F8:2A:FF:48:29
ValiditySun, 17 Sep 2023 00:00:00 GMT - Tue, 17 Sep 2024 23:59:59 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash f1e68f87ccb71fd23236523d33f0ec9a
dbb8fe3a7833cb6ea9686a0524fa20ad6645700c
4f4d009b30f193753f1896462dc7e09ff1e06fdb595327074b0bf966360086b1
POST /common/handlers/watson HTTP/1.1
Host: login.microsoftonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/common/oauth2/authorize?client_id=9ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7&response_type=id_token+code&nonce=0c8aaa25-dacc-42ba-8d88-79ef7766219a&redirect_uri=https%3a%2f%2fjiangshao.fun%2forgid%2fidtoken%2fconditional&scope=openid%20email%20profile%209ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7/.default&response_mode=form_post&instance_aware=true&msafed=0&prompt=none&state=%7b%22ig%22%3a%22A903986D2A5143A0A2E909AB5D6FF6D4%22%7d
Content-Type: application/json; charset=utf-8
canary: PAQABAAEAAAAmoFfGtYxvRrNriQdPKIZ-TAJ0oIeYq8z39MqRpa3y2biW64CTU9RivfFA4Mn2GIgde5g4ikxj5xvkZeElIavxv1pn-HtbWhWNbLRs0ajcV0SUw7_KQ6lNFaRcZzykg9-xl8aV3RavvqC774oITJ2UzLcsgZPJUvUUOGcx0TU5gDDb_Hhb55cRWFv3Gizrv3e0V-CkKfBNGD1KVmtUY9dWQCto7TtuLX8alPE-5UgOKyAA
hpgid: 1117
hpgact: 1800
client-request-id: 7051b7c7-3779-4e95-8421-636f001df2e6
X-Requested-With: XMLHttpRequest
Content-Length: 5819
Origin: https://login.microsoftonline.com
DNT: 1
Connection: keep-alive
Cookie: buid=0.AQ8AMe_N-B6jSkuT5F9XHpElWnmtoZ62_ZpPi8MrcPluNMcBAAA.AQABAAEAAAAmoFfGtYxvRrNriQdPKIZ-T5UvwVZJ9X3n8ZO8EDuEzOSJwD0VuSczhZJuCRtYlNo7iTLhn5FxtriSvyU-eoJqmi3Njgh203IAwALa1TPW4d-1Sbb5_hyiew43L2VkFCggAA; esctx-GhONjDlKdpw=AQABAAEAAAAmoFfGtYxvRrNriQdPKIZ-1WcJKsWjBNUpScIcL37X4jcM5Yhr_zCT6PqWeaOmuP-r0p1Xwe3HGtjIxK-7KEiP7RbgB9n7L8zLJFBvfCFO0SfWb_Y1DbCE5BYvb3W0FQ7j_WfJ9IDqvVORcVlcH42k9Y83s4jlOQpqSDCWOvPmPyAA; fpc=AnVBZAKm5i1Cs1bXGTqMT1yCeMQLAQAAADy--twOAAAA; esctx=PAQABAAEAAAAmoFfGtYxvRrNriQdPKIZ-dlrSV8KvqCa3qfp1D-1uojsVRmmgKEi7V98taEhL0UhEadvXiZg9-SEZaUye4SscDoBQpHcUOap0C-VaQ0u-HdWExjqXCjviAGxPTfI6p7J55WxORHxSgL7yePJuEzsEmc34lOPR1d7ZqMrlU9LwqguBRhKtb8rGJdOqpIndLVsgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
client-request-id: 7051b7c7-3779-4e95-8421-636f001df2e6
x-ms-request-id: 158f3470-7dbd-4537-a71b-09710af01700
x-ms-ests-server: 2.1.16790.7 - NEULR1 ProdSlices
Referrer-Policy: strict-origin-when-cross-origin
X-XSS-Protection: 0
Set-Cookie: fpc=AnVBZAKm5i1Cs1bXGTqMT1yCeMQLAQAAADy--twOAAAA; expires=Sat, 30-Dec-2023 17:32:46 GMT; path=/; secure; HttpOnly; SameSite=None
x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
Date: Thu, 30 Nov 2023 17:32:45 GMT
Content-Length: 265
jiangshao.fun/hp/api/v1/momentsintime?format=json&ssd=20231130_0800&
172.67.186.90200 OK 750 B URL GET HTTP/3 jiangshao.fun/hp/api/v1/momentsintime?format=json&ssd=20231130_0800&
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash 28e36f39929ff85c50ef9469cb16d4b3
0bc7c00a6e04293f1a87b0dfca9dcec1c3bfe336
9a74e6f08fcd7361596c75310cdec58592ada508b955a71f8353f85e27cdb13b
Analyzer Verdict Alert OpenPhish phishing Office365
GET /hp/api/v1/momentsintime?format=json&ssd=20231130_0800& HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jiangshao.fun/
Content-type: application/json
DNT: 1
Connection: keep-alive
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:46 GMT
content-type: application/json; charset=utf-8
cache-control: private
p3p: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
set-cookie: MUID=2FC1AFB77E2E6AA41B79BC6E7F296B55; domain=.bing.com; expires=Tue, 24-Dec-2024 17:32:46 GMT; path=/; secure; SameSite=None
_EDGE_S=SID=053371EB03B46A673EC4623202D36BC4; domain=.bing.com; path=/; HttpOnly
MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; expires=Tue, 24-Dec-2024 17:32:46 GMT; path=/; HttpOnly
SRCHD=AF=NOFORM; domain=.bing.com; expires=Tue, 24-Dec-2024 17:32:46 GMT; path=/; secure; SameSite=None
SRCHUID=V=2&GUID=D05189439DF449B7A4B4601FE3D2C736&dmnchg=1; domain=.bing.com; expires=Tue, 24-Dec-2024 17:32:46 GMT; path=/; secure; SameSite=None
SRCHUSR=DOB=20231130; domain=.bing.com; expires=Tue, 24-Dec-2024 17:32:46 GMT; path=/; secure; SameSite=None
SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0&SRCHLANG=zh-Hans; domain=.bing.com; expires=Tue, 24-Dec-2024 17:32:46 GMT; path=/; secure; SameSite=None
_SS=SID=053371EB03B46A673EC4623202D36BC4; domain=.bing.com; path=/; secure; SameSite=None
x-eventid: 6568c73e11e749de961290e6f125c81c
useragentreductionoptout: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9B2DC2E60030494591F43BFD6E160E24 Ref B: EWR311000101029 Ref C: 2023-11-30T17:32:46Z
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=30hW2ovXN%2FfnYuPuGUWfb69nDg353mQHYnY%2FW0iSvzG6klQDHaKJju5K47fjwONf%2BPX2v8sTAugsZTKYDuk2fmxBUg6Bphrqm%2FJBY4RJIkL6xRlXJCEsHSYwZk4BmSKN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82e4d4e48c625695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
jiangshao.fun/rp/OUGU-N0FiScxTUHgZZYbR2CE9yQ.js
172.67.186.90200 OK 2.7 kB URL GET HTTP/3 jiangshao.fun/rp/OUGU-N0FiScxTUHgZZYbR2CE9yQ.js
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type ASCII text, with very long lines (2683), with no line terminators
Hash fb797698ef041dd693aee90fb9c13c7e
394194f8dd058927314d41e065961b476084f724
795e9290718eb62a1fb00646dc738f6a6b715b1171dd54a3d2defa013a74f3da
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/OUGU-N0FiScxTUHgZZYbR2CE9yQ.js HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:46 GMT
content-type: text/javascript; charset=utf-8
content-length: 2683
cache-control: public, max-age=432000, no-transform, immutable
content-md5: +3l2mO8EHdaTrukPucE8fg==
last-modified: Thu, 09 Nov 2023 08:37:55 GMT
etag: 0x8DBE0FF2B4140F6
x-cache: TCP_HIT
x-ms-request-id: a739a7b9-501e-006f-03c7-1f17d8000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: E9A39689926944D684B955D7EB42BF24 Ref B: MNZ221060617023 Ref C: 2023-11-27T18:59:36Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: 0FFABBC0792C4EF2ADADD1DD8BD3C463 Ref B: EWR311000107011 Ref C: 2023-11-30T17:32:46Z
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4e4dca65695-OSL
alt-svc: h3=":443"; ma=86400
aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/convergederror_stringcustomizationhelper_aaa0cb386d06d2e824bf.js
13.107.213.53200 OK 36 kB URL GET HTTP/2 aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/convergederror_stringcustomizationhelper_aaa0cb386d06d2e824bf.js
IP 13.107.213.53:443
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://login.microsoftonline.com/common/oauth2/authorize?client_id=9ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7&response_type=id_token+code&nonce=0c8aaa25-dacc-42ba-8d88-79ef7766219a&redirect_uri=https%3a%2f%2fjiangshao.fun%2forgid%2fidtoken%2fconditional&scope=openid%20email%20profile%209ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7/.default&response_mode=form_post&instance_aware=true&msafed=0&prompt=none&state=%7b%22ig%22%3a%22A903986D2A5143A0A2E909AB5D6FF6D4%22%7d
Certificate IssuerDigiCert Inc
Subjectaadcdn.msauth.net
Fingerprint88:95:0C:FA:9D:33:AA:BF:A4:FD:9D:84:A6:E8:02:06:58:50:AD:8C
ValiditySun, 29 Oct 2023 00:00:00 GMT - Tue, 29 Oct 2024 23:59:59 GMT
File type ASCII text, with very long lines (64612)
Hash ba6b33f4ceeb1ea0c9386b2540ed9a0a
a6f125fa05cd767c6f3c35c2536d05852e533f7f
242434a4109041f0c35c462c9ca2d0c26767c61b0ded4406b631e9b2bcfd5e27
GET /shared/1.0/content/js/asyncchunk/convergederror_stringcustomizationhelper_aaa0cb386d06d2e824bf.js HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000
content-length: 35906
content-type: application/x-javascript
content-encoding: gzip
content-md5: CnEKgfUvLO92+tuWPot+EQ==
last-modified: Sat, 28 Oct 2023 00:53:34 GMT
etag: 0x8DBD75050233BF8
x-cache: TCP_HIT
x-ms-request-id: 7811223b-501e-000e-440f-23956e000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0fS1oZQAAAADy34bnTsXQTZjluTgSGGC/QU1TMDRFREdFMTgxMwAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
x-azure-ref: 0PsdoZQAAAADyvav8AwNzQJAD7heHiBVwU1ZHMjBFREdFMDYyMgAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
date: Thu, 30 Nov 2023 17:32:45 GMT
X-Firefox-Spdy: h2
login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1701365563&rver=6.0.5286.0&wp=MBI_SSL&wreply=https:%2F%2fjiangshao.fun%2Fsecure%2FPassport.aspx%3Fpopup%3D1%26ssl%3D1&lc=1044&id=264960&checkda=1
20.190.177.20200 OK 191 B URL GET HTTP/1.1 login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1701365563&rver=6.0.5286.0&wp=MBI_SSL&wreply=https:%2F%2fjiangshao.fun%2Fsecure%2FPassport.aspx%3Fpopup%3D1%26ssl%3D1&lc=1044&id=264960&checkda=1
IP 20.190.177.20:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Certificate IssuerDigiCert Inc
Subjectlogin.live.com
FingerprintF6:95:3F:10:AD:8C:5F:52:2B:86:41:BA:29:A9:7F:BC:47:88:2D:0D
ValidityFri, 10 Nov 2023 00:00:00 GMT - Sun, 10 Nov 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with no line terminators
Hash 9b0ce85aa087375c974ef95b04853244
107b96b571d9264b3643e8491e1ecdacef761c4e
d7cbca11d1669baab9fb3119177b92b1e93ea7c920583b51b15c7155f652728c
GET /login.srf?wa=wsignin1.0&rpsnv=11&ct=1701365563&rver=6.0.5286.0&wp=MBI_SSL&wreply=https:%2F%2fjiangshao.fun%2Fsecure%2FPassport.aspx%3Fpopup%3D1%26ssl%3D1&lc=1044&id=264960&checkda=1 HTTP/1.1
Host: login.live.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Thu, 30 Nov 2023 17:31:46 GMT
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
Referrer-Policy: strict-origin-when-cross-origin
x-ms-route-info: C105_BL2
x-ms-request-id: 230d95f6-6e33-4af8-875a-e239b6d51b6c
PPServer: PPV: 30 H: BL02PF1F4BA372A V: 0
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1; mode=block
Set-Cookie: uaid=9c7f355a596049ef917d00f8f73e264b; domain=login.live.com; Secure; path=/; SameSite=None; HttpOnly
MSPRequ=id=264960<=1701365566&co=1; domain=login.live.com; Secure; path=/; SameSite=None; HttpOnly
OParams=11O.DoOddYCNHxO2STKN6jXQg*t*5JLM8cIiQahS1M13btCR8QNs1MZrVdm9K*TvFnl!NJZDIF1CxB!tsiysi3e43At5cPdzvRR0l1GnOHsOjP4*3iJZMKO1hS0X7Ep004oB2Mf8O5DRI8eRnNBXBwMZWKa3N*iZ1glqvk1*w!NQJpQ73smAtr8a1uV1DNNVTH33hY9lkRUq!N8du7LmUPnMbcXHSjeFv*cu3om8b7RTcbxS6DUafveqNN!E20m9ZC04xodOWg6dabbLIEb8cyKUL*VNT8A5uPrvAdo7t4jqvWN25MPPm6vLijfyJLW0dZT2xQ$$; domain=login.live.com; Secure; path=/; SameSite=None; HttpOnly
Date: Thu, 30 Nov 2023 17:32:45 GMT
Content-Length: 191
jiangshao.fun/th?id=OHR.RioNegro_ROW9293014046_1920x1080.jpg&w=360
172.67.186.90200 OK 10 kB URL GET HTTP/3 jiangshao.fun/th?id=OHR.RioNegro_ROW9293014046_1920x1080.jpg&w=360
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 360x202, components 3\012- data
Hash ba3d306252e6c0946cba8ade9e52a8ed
d04effc197f8d47d1c2947f8bb85bbd5c19d8664
9b687f0900bfe65adf456d3f323f0f64c6c7b9dcf5007d85e50c015c366aa946
Analyzer Verdict Alert OpenPhish phishing Office365
GET /th?id=OHR.RioNegro_ROW9293014046_1920x1080.jpg&w=360 HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0&WTS=63836962362; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:46 GMT
content-type: image/jpeg
content-length: 10131
cache-control: public, max-age=691200
x-cache: TCP_MISS
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C09BCFF27A1E409B84BC7462939616EF Ref B: NYCEDGE1412 Ref C: 2023-11-30T17:32:46Z
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 82e4d4e5ed7f5695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/th?id=OHR.BradgateFallow_ROW8870334567_1920x1080.jpg&w=360
172.67.186.90200 OK 18 kB URL GET HTTP/3 jiangshao.fun/th?id=OHR.BradgateFallow_ROW8870334567_1920x1080.jpg&w=360
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 360x202, components 3\012- data
Hash fdd7ebcfcb313853e89c2dafd176eae4
7273d857b323d8148f1e2b7376d8faef00bd2495
4e4f9a68ba646b65b15dd89a72c99444104fd9ef79af9a51cd3638250a024d2b
Analyzer Verdict Alert OpenPhish phishing Office365
GET /th?id=OHR.BradgateFallow_ROW8870334567_1920x1080.jpg&w=360 HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0&WTS=63836962362; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:46 GMT
content-type: image/jpeg
content-length: 18235
cache-control: public, max-age=691200
x-cache: TCP_MISS
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9EB16E392B2649D798E6D6F0AC033455 Ref B: NYCEDGE1615 Ref C: 2023-11-30T17:32:46Z
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 82e4d4e5ed805695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/th?id=OHR.HallofMosses_ROW8720599078_1920x1080.jpg&w=360
172.67.186.90200 OK 21 kB URL GET HTTP/3 jiangshao.fun/th?id=OHR.HallofMosses_ROW8720599078_1920x1080.jpg&w=360
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 360x202, components 3\012- data
Hash 1e8b20cc961bd42c2e6fdb369ac7a7ce
a26cf35362e37fe87f12686178a2174be681a788
68b94f7625f8c1e54232d17a2ceebde5eb965a9a408ed5c69ab648ae9b994c23
Analyzer Verdict Alert OpenPhish phishing Office365
GET /th?id=OHR.HallofMosses_ROW8720599078_1920x1080.jpg&w=360 HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0&WTS=63836962362; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:46 GMT
content-type: image/jpeg
content-length: 20792
cache-control: public, max-age=691200
x-cache: TCP_MISS
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E0B3690B881C4DBFA88977784D48E0B8 Ref B: NYCEDGE1316 Ref C: 2023-11-30T17:32:46Z
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 82e4d4e5fda85695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/th?id=OHR.AssiniboineProvincialPark_ROW9470886401_1920x1080.jpg&w=360
172.67.186.90200 OK 17 kB URL GET HTTP/3 jiangshao.fun/th?id=OHR.AssiniboineProvincialPark_ROW9470886401_1920x1080.jpg&w=360
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 360x202, components 3\012- data
Hash a54a2203a18b1809a4786bbaccca6148
0531494fd54a711fc90389d3385e2ba1b4490316
88d8bd48960146acdeea7157866ab895a0880f990b24f8f84928184049770b41
Analyzer Verdict Alert OpenPhish phishing Office365
GET /th?id=OHR.AssiniboineProvincialPark_ROW9470886401_1920x1080.jpg&w=360 HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0&WTS=63836962362; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:46 GMT
content-type: image/jpeg
content-length: 16599
cache-control: public, max-age=691200
x-cache: TCP_MISS
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: CA775EF027BA4A7484C219903ECE2697 Ref B: NYCEDGE1710 Ref C: 2023-11-30T17:32:46Z
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 82e4d4e5ed7e5695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/th?id=OHR.TeideNational_ROW8662095131_1920x1080.jpg&w=360
172.67.186.90200 OK 15 kB URL GET HTTP/3 jiangshao.fun/th?id=OHR.TeideNational_ROW8662095131_1920x1080.jpg&w=360
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 360x202, components 3\012- data
Hash 609ba35cdcf115a93cc708049a4f406b
f1a98ae907619f5078a6fb23d206997cfba338e9
2b3d4baa2fe2f0a45bb2d507983591cacef28359a251abb0d34ff9156893f1aa
Analyzer Verdict Alert OpenPhish phishing Office365
GET /th?id=OHR.TeideNational_ROW8662095131_1920x1080.jpg&w=360 HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0&WTS=63836962362; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:46 GMT
content-type: image/jpeg
content-length: 14967
cache-control: public, max-age=691200
x-cache: TCP_MISS
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 1D16A7626E9B47CD8B646D17B6E74A2C Ref B: NYCEDGE1421 Ref C: 2023-11-30T17:32:46Z
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 82e4d4e5fdae5695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/th?id=OHR.TajoRiver_ROW8810692657_1920x1080.jpg&w=360
172.67.186.90200 OK 17 kB URL GET HTTP/3 jiangshao.fun/th?id=OHR.TajoRiver_ROW8810692657_1920x1080.jpg&w=360
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 360x202, components 3\012- data
Hash e34a2d524b8d2b33ac8a2574d3080df1
5729a69e76f8d33237594c709b5f0ccb160f6ab0
12542797d6ed58e2fa732f3f777a59cb6fe878e82af81a77a202eb4f6183e9ec
Analyzer Verdict Alert OpenPhish phishing Office365
GET /th?id=OHR.TajoRiver_ROW8810692657_1920x1080.jpg&w=360 HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0&WTS=63836962362; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:46 GMT
content-type: image/jpeg
content-length: 17376
cache-control: public, max-age=691200
x-cache: TCP_MISS
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0864A9CEB2CD46CEA64F4F0DED1B1CD7 Ref B: NYCEDGE1713 Ref C: 2023-11-30T17:32:46Z
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 82e4d4e5ed855695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/th?id=OHR.TrotternishStorr_ROW9568788023_1920x1080.webp
172.67.186.90200 OK 219 kB URL GET HTTP/3 jiangshao.fun/th?id=OHR.TrotternishStorr_ROW9568788023_1920x1080.webp
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Size 219 kB (219166 bytes)
Hash bb79c42137b33e65a62786fdf5188349
c2026d43025e5f9770e779ccc909a7b237bf2892
cd5cc5ac42cd493ebcd616e3540d52ccb593d730ec8cb8ecff1a37ae6cff4349
Analyzer Verdict Alert OpenPhish phishing Office365
GET /th?id=OHR.TrotternishStorr_ROW9568788023_1920x1080.webp HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:46 GMT
content-type: image/webp
content-length: 219166
cache-control: public, max-age=691200
x-cache: TCP_MISS
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9BADF3C99ABD42F9B1EB6D3A068E42B5 Ref B: EWR311000105045 Ref C: 2023-11-30T17:32:46Z
cf-cache-status: DYNAMIC
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4e47c475695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/rp/2aPz58fteSIuR5AHc_06MNbvmgM.js
172.67.186.90200 OK 122 kB URL GET HTTP/3 jiangshao.fun/rp/2aPz58fteSIuR5AHc_06MNbvmgM.js
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 122 kB (121786 bytes)
Hash 861c1511ba57930ef6ce3a495712f016
d9a3f3e7c7ed79222e47900773fd3a30d6ef9a03
db1abbeb32fa4bee6a92cc07088150a1c06696dbd9a9286912ce1ee0d6c14ec6
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/2aPz58fteSIuR5AHc_06MNbvmgM.js HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:46 GMT
content-type: text/javascript; charset=utf-8
content-length: 121786
cache-control: public, max-age=432000, no-transform, immutable
content-md5: hhwVEbpXkw72zjpJVxLwFg==
last-modified: Thu, 30 Nov 2023 06:29:56 GMT
etag: 0x8DBF16DC50CA577
x-cache: TCP_REMOTE_HIT
x-ms-request-id: 50784a70-601e-0080-719f-23e22d000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: 5222B792C4294B9CB7A8BFC6B098F37B Ref B: MNZ221060605049 Ref C: 2023-11-30T17:32:46Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: 8BF6485EC83646BF93258F16D4B7E11D Ref B: EWR311000107009 Ref C: 2023-11-30T17:32:46Z
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4e4dca45695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/th?id=OHR.SchwerinerSchloss_ROW9723994138_1920x1080.jpg&w=720
172.67.186.90200 OK 50 kB URL GET HTTP/3 jiangshao.fun/th?id=OHR.SchwerinerSchloss_ROW9723994138_1920x1080.jpg&w=720
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 720x405, components 3\012- data
Hash af5bb13c94cd05d0050d6186d8c51dbb
c2b8270f3644e0ec9e4c9da4c27429335bd0e0ab
923683260235f5779f55665fa5ed14545a38aaad1332f847b246b6e9e3fb79e2
Analyzer Verdict Alert OpenPhish phishing Office365
GET /th?id=OHR.SchwerinerSchloss_ROW9723994138_1920x1080.jpg&w=720 HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0&WTS=63836962362; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:46 GMT
content-type: image/jpeg
content-length: 49688
cache-control: public, max-age=691200
x-cache: TCP_MISS
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 5B4849CC296A4E538296D62AE631D0A3 Ref B: NYCEDGE1315 Ref C: 2023-11-30T17:32:46Z
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 82e4d4e5ed7d5695-OSL
alt-svc: h3=":443"; ma=86400
www2.bing.com/ipv6test/test
13.107.21.200 64 B URL GET www2.bing.com/ipv6test/test
IP 13.107.21.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Certificate IssuerMicrosoft Corporation
Subjectwww.bing.com
FingerprintA5:EC:34:1F:AB:B3:69:71:54:88:69:BA:64:CC:E2:9B:32:B6:65:CD
ValidityTue, 24 Oct 2023 07:42:22 GMT - Sun, 21 Apr 2024 07:42:22 GMT
File type ASCII text, with no line terminators
Hash e82d9bd501b46df5cb2b650af9e1b126
0fe6876226e88d8104ed51cb6329eb172bba8d68
c2ba8fccfc980bcc8fc24e7a41bfcfee88cca9331c8d4d62890d7dfab4a12226
GET /ipv6test/test HTTP/1.1
Host: www2.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-length: 64
content-type: text/html; charset=utf-8
content-encoding: br
expires: -1
vary: Accept-Encoding
p3p: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
set-cookie: MUID=22FB2BEE453C61D7147B383744C9605F; domain=.bing.com; expires=Tue, 24-Dec-2024 17:32:46 GMT; path=/; secure; SameSite=None
MUIDB=22FB2BEE453C61D7147B383744C9605F; expires=Tue, 24-Dec-2024 17:32:46 GMT; path=/; HttpOnly
_EDGE_S=F=1&SID=192F16DB1E966FB414E705021F636E7C; domain=.bing.com; path=/; HttpOnly
_EDGE_V=1; domain=.bing.com; expires=Tue, 24-Dec-2024 17:32:46 GMT; path=/; HttpOnly
SRCHD=AF=NOFORM; domain=.bing.com; expires=Tue, 24-Dec-2024 17:32:46 GMT; path=/; secure; SameSite=None
SRCHUID=V=2&GUID=00FE1DA0F0A64D06B093F8BE248420DD&dmnchg=1; domain=.bing.com; expires=Tue, 24-Dec-2024 17:32:46 GMT; path=/; secure; SameSite=None
SRCHUSR=DOB=20231130; domain=.bing.com; expires=Tue, 24-Dec-2024 17:32:46 GMT; path=/; secure; SameSite=None
SRCHHPGUSR=SRCHLANG=en; domain=.bing.com; expires=Tue, 24-Dec-2024 17:32:46 GMT; path=/; secure; SameSite=None
_SS=SID=192F16DB1E966FB414E705021F636E7C; domain=.bing.com; path=/; secure; SameSite=None
x-eventid: 6568c73e9b314da5a7bcfd3de8a3612d
useragentreductionoptout: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7837FC0C2C7848718CB4B16F9105EBB4 Ref B: OSL30EDGE0113 Ref C: 2023-11-30T17:32:46Z
date: Thu, 30 Nov 2023 17:32:46 GMT
X-Firefox-Spdy: h2
jiangshao.fun/fd/ls/lsp.aspx
172.67.186.90204 No Content 0 B URL POST HTTP/3 jiangshao.fun/fd/ls/lsp.aspx
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert OpenPhish phishing Office365
POST /fd/ls/lsp.aspx HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/xml
Content-Length: 13109
Origin: https://jiangshao.fun
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0&WTS=63836962362; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000; ipv6=hit=1701369171020&t=4
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
date: Thu, 30 Nov 2023 17:32:48 GMT
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F20CEB463A2F45638F82635F16C2C771 Ref B: NYCEDGE1707 Ref C: 2023-11-30T17:32:47Z
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bvBDdPqi0zfyhSqIT%2Bii%2B%2FNWJg0zYEHhJraSPaL9tJQeaS%2BnwqKwLl5%2FjnH2R3C2E6u%2FtMhqWvT75G%2Fpxahtxuw8EJ%2B0cty7fjUYTznLFKs1%2B19Bw44%2FyC6waCHX%2BfLT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82e4d4eef82d5695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/rp/kmQOPQp8vl1HvI8PfMk2LoJInSM.js
172.67.186.90200 OK 269 B URL GET HTTP/3 jiangshao.fun/rp/kmQOPQp8vl1HvI8PfMk2LoJInSM.js
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type ASCII text, with very long lines (391), with no line terminators
Hash 55ec2297c0cf262c5fa9332f97c1b77a
92640e3d0a7cbe5d47bc8f0f7cc9362e82489d23
342c3dd52a8a456f53093671d8d91f7af5b3299d72d60edb28e4f506368c6467
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/kmQOPQp8vl1HvI8PfMk2LoJInSM.js HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:45 GMT
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=432000
content-md5: Vewil8DPJixfqTMvl8G3eg==
last-modified: Tue, 29 Sep 2020 02:01:15 GMT
x-cache: TCP_REMOTE_HIT
x-ms-request-id: 53464fd5-701e-00a3-42e1-1f78ee000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: A77D2177CD78460193A34682E89D9F0A Ref B: MNZ221060606031 Ref C: 2023-11-30T17:32:45Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: 619732BFE4BB481A8662CCDB6B8743AB Ref B: EWR311000106039 Ref C: 2023-11-30T17:32:45Z
cf-cache-status: HIT
age: 0
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4e04ff75695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
jiangshao.jiangshao.fun/fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fimages%2Fsbi%3Fmmasync%3D1%26ptn%3DHomepage%26IID%3DSBI%26IG%3DA903986D2A5143A0A2E909AB5D6FF6D4%26%22%2C%22format%22%3A%22dom%22%2C%22status%22%3A200%2C%22time%22%3A2855%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365569753%2C%22Name%22%3A%22fetched%22%2C%22FID%22%3A%22HP%22%7D%5D
0.0.0.0 0 B URL GET jiangshao.jiangshao.fun/fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fimages%2Fsbi%3Fmmasync%3D1%26ptn%3DHomepage%26IID%3DSBI%26IG%3DA903986D2A5143A0A2E909AB5D6FF6D4%26%22%2C%22format%22%3A%22dom%22%2C%22status%22%3A200%2C%22time%22%3A2855%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365569753%2C%22Name%22%3A%22fetched%22%2C%22FID%22%3A%22HP%22%7D%5D
IP 0.0.0.0:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fimages%2Fsbi%3Fmmasync%3D1%26ptn%3DHomepage%26IID%3DSBI%26IG%3DA903986D2A5143A0A2E909AB5D6FF6D4%26%22%2C%22format%22%3A%22dom%22%2C%22status%22%3A200%2C%22time%22%3A2855%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365569753%2C%22Name%22%3A%22fetched%22%2C%22FID%22%3A%22HP%22%7D%5D HTTP/1.1
Host: jiangshao.jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
jiangshao.fun/th?u=https%3a%2f%2fth.bing.com%2fth%3fid%3dORMS.e53d29267bf77a793c7e73ff777db349%26pid%3dWdp&ehk=PHvZez8rqiz%2bymo%2f447d9sF4ezelaf8ER9RJVNLeaHg%3d&w=186&h=88&c=8&rs=2&o=6&pid=WP0
172.67.186.90200 OK 2.6 kB URL GET HTTP/3 jiangshao.fun/th?u=https%3a%2f%2fth.bing.com%2fth%3fid%3dORMS.e53d29267bf77a793c7e73ff777db349%26pid%3dWdp&ehk=PHvZez8rqiz%2bymo%2f447d9sF4ezelaf8ER9RJVNLeaHg%3d&w=186&h=88&c=8&rs=2&o=6&pid=WP0
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 186x88, components 3\012- data
Hash d6aef01b032bfc39f12ac8edd4091779
c455628cfd03e89f6d23220149d3897dc56df57a
e69d64cf4bb42cfb76b2d326157f93fe8dbf6b12a38542e7127b87f696f1ec28
Analyzer Verdict Alert OpenPhish phishing Office365
GET /th?u=https%3a%2f%2fth.bing.com%2fth%3fid%3dORMS.e53d29267bf77a793c7e73ff777db349%26pid%3dWdp&ehk=PHvZez8rqiz%2bymo%2f447d9sF4ezelaf8ER9RJVNLeaHg%3d&w=186&h=88&c=8&rs=2&o=6&pid=WP0 HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:45 GMT
content-type: image/jpeg
content-length: 2552
cache-control: public, max-age=2592000
x-cache: TCP_MISS
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 6A89620E3B904CEBAB6A7C1E5453A57D Ref B: EWR311000105037 Ref C: 2023-11-30T17:32:45Z
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 82e4d4e0e8a25695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/rewardsapp/ncheader?ver=41563656&IID=SERP.5020&IG=A903986D2A5143A0A2E909AB5D6FF6D4
172.67.186.90200 OK 1.4 kB URL POST HTTP/3 jiangshao.fun/rewardsapp/ncheader?ver=41563656&IID=SERP.5020&IG=A903986D2A5143A0A2E909AB5D6FF6D4
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type HTML document, ASCII text, with very long lines (1459), with no line terminators
Hash b01fdaf113568d6059585e0bf6931e8a
93d5ffccd02d7965929e240f3a8349ec7f718a29
d65a09f723e61b2f5cfd26b15fa11cc9c735ed696683352b0701b848c6346ef3
Analyzer Verdict Alert OpenPhish phishing Office365
POST /rewardsapp/ncheader?ver=41563656&IID=SERP.5020&IG=A903986D2A5143A0A2E909AB5D6FF6D4 HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 4
Origin: https://jiangshao.fun
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:46 GMT
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: -1
p3p: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
set-cookie: MUID=2FC1AFB77E2E6AA41B79BC6E7F296B55; domain=.bing.com; expires=Tue, 24-Dec-2024 17:32:45 GMT; path=/; secure; SameSite=None
_EDGE_S=SID=256B9C32B8306AD60EB78FEBB9BF6BDC; domain=.bing.com; path=/; HttpOnly
MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; expires=Tue, 24-Dec-2024 17:32:45 GMT; path=/; HttpOnly
SRCHD=AF=NOFORM; domain=.bing.com; expires=Tue, 24-Dec-2024 17:32:45 GMT; path=/; secure; SameSite=None
SRCHUID=V=2&GUID=421F3DEA4DCB4CAE853F48A2C5A91DB1&dmnchg=1; domain=.bing.com; expires=Tue, 24-Dec-2024 17:32:45 GMT; path=/; secure; SameSite=None
SRCHUSR=DOB=20231130; domain=.bing.com; expires=Tue, 24-Dec-2024 17:32:45 GMT; path=/; secure; SameSite=None
SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0&SRCHLANG=zh-Hans; domain=.bing.com; expires=Tue, 24-Dec-2024 17:32:45 GMT; path=/; secure; SameSite=None
_SS=SID=256B9C32B8306AD60EB78FEBB9BF6BDC; domain=.bing.com; path=/; secure; SameSite=None
x-eventid: 6568c73df2b34ab8a47314d24d6e2e16
useragentreductionoptout: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 353E4B8C06D946A7B92240236A404B52 Ref B: NYCEDGE1720 Ref C: 2023-11-30T17:32:45Z
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LCnmVpGq%2B%2FdzfKVpg1nO3c1pxZ%2Btn9QCr8LnV4nxhaM4WSmTrgUIc0LF%2FASPH8kPTqA96Ved6YIzdHJt7nd4pXaLCGI%2B24pDt8lRRUFEjagUXR5KEYvYZjJ%2FJz%2FM9V%2B0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82e4d4e1f9b95695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
jiangshao.fun/rp/fdVZU4ttbw8NDRm6H3I5BW3_vCo.svg
172.67.186.90200 OK 671 B URL GET HTTP/3 jiangshao.fun/rp/fdVZU4ttbw8NDRm6H3I5BW3_vCo.svg
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (715), with no line terminators
Hash 9b96404f8e1430916f1060f73f89722f
6f04b312748ba30e13b89b338183d18d572e7019
96bc77cbc7a03adb7ac076f8d2f75de4368d0dc85e1c422c45e1c5752b024840
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/fdVZU4ttbw8NDRm6H3I5BW3_vCo.svg HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:45 GMT
content-type: image/svg+xml
cache-control: public, max-age=432000
content-md5: 2e0aQjQvN2lVcUGQcPjoGA==
last-modified: Wed, 24 Jun 2020 04:27:07 GMT
x-cache: TCP_HIT
x-ms-request-id: 6658a4ef-701e-0047-21ba-1d7670000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: CAC03EA1A50E46F4BC3709BF6C93005B Ref B: MNZ221060607035 Ref C: 2023-11-27T18:57:33Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: 3C5AAB3E2ADD48CABCBF08FCD842AC5B Ref B: EWR311000106037 Ref C: 2023-11-30T17:32:45Z
cf-cache-status: MISS
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4df6f2b5695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
jiangshao.jiangshao.fun/fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fhp%2Fapi%2Fv1%2Fmsnpopularnow%3F%26format%3Djson%26ecount%3D20%26efirst%3D0%26%26%22%2C%22format%22%3A%22json%22%2C%22time%22%3A2675%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365569574%2C%22Name%22%3A%22requested%22%2C%22FID%22%3A%22HP%22%7D%5D
0.0.0.0 0 B URL GET jiangshao.jiangshao.fun/fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fhp%2Fapi%2Fv1%2Fmsnpopularnow%3F%26format%3Djson%26ecount%3D20%26efirst%3D0%26%26%22%2C%22format%22%3A%22json%22%2C%22time%22%3A2675%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365569574%2C%22Name%22%3A%22requested%22%2C%22FID%22%3A%22HP%22%7D%5D
IP 0.0.0.0:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fhp%2Fapi%2Fv1%2Fmsnpopularnow%3F%26format%3Djson%26ecount%3D20%26efirst%3D0%26%26%22%2C%22format%22%3A%22json%22%2C%22time%22%3A2675%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365569574%2C%22Name%22%3A%22requested%22%2C%22FID%22%3A%22HP%22%7D%5D HTTP/1.1
Host: jiangshao.jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
jiangshao.jiangshao.fun/fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22Fallback%22%3A%221%22%2C%22ShowAnimation%22%3A%22%22%2C%22RedDotAnimation%22%3A%22true%22%2C%22FID%22%3A%22ModernRewardsFlyout%22%2C%22EventName%22%3A%22AnimationLoad%22%2C%22T%22%3A%22CI.Load%22%2C%22TS%22%3A1701365571579%2C%22Name%22%3A%22AnimationLoad%22%7D%5D
0.0.0.0 0 B URL GET jiangshao.jiangshao.fun/fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22Fallback%22%3A%221%22%2C%22ShowAnimation%22%3A%22%22%2C%22RedDotAnimation%22%3A%22true%22%2C%22FID%22%3A%22ModernRewardsFlyout%22%2C%22EventName%22%3A%22AnimationLoad%22%2C%22T%22%3A%22CI.Load%22%2C%22TS%22%3A1701365571579%2C%22Name%22%3A%22AnimationLoad%22%7D%5D
IP 0.0.0.0:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22Fallback%22%3A%221%22%2C%22ShowAnimation%22%3A%22%22%2C%22RedDotAnimation%22%3A%22true%22%2C%22FID%22%3A%22ModernRewardsFlyout%22%2C%22EventName%22%3A%22AnimationLoad%22%2C%22T%22%3A%22CI.Load%22%2C%22TS%22%3A1701365571579%2C%22Name%22%3A%22AnimationLoad%22%7D%5D HTTP/1.1
Host: jiangshao.jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0&WTS=63836962362; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000; ipv6=hit=1701369171020&t=4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
jiangshao.fun/rp/da3XTE4E24gCNAQJm5tKrqZDeuc.js
172.67.186.90200 OK 252 B URL GET HTTP/3 jiangshao.fun/rp/da3XTE4E24gCNAQJm5tKrqZDeuc.js
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type ASCII text, with no line terminators
Hash a990c9ee50db9a25f7594c38dc995d6e
62a934d2654b395a8163de63efb15342da220d1a
03979481a3a1e10f0412713c1ef4147f71ed0ec8f94582ec083b18a1d365d8b0
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/da3XTE4E24gCNAQJm5tKrqZDeuc.js HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:45 GMT
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=432000
content-md5: H2Lp/cbKQ/P8LE+laFbzaA==
last-modified: Mon, 13 Jul 2020 22:52:10 GMT
x-cache: TCP_HIT
x-ms-request-id: 4e791e71-a01e-00a0-4c80-20998a000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: AA0B3B3159E84907880699B9AF192E37 Ref B: MNZ221060617019 Ref C: 2023-11-27T18:57:33Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: 36D915E2367F4486A7C1A9F6E02A05D8 Ref B: NYCEDGE1714 Ref C: 2023-11-30T17:32:45Z
cf-cache-status: MISS
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4e068135695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
jiangshao.fun/th?u=https%3a%2f%2fth.bing.com%2fth%3fid%3dORMS.c4f1e670a3c7d8e2f8e30b14a318b599%26pid%3dWdp&ehk=Oct6pNYewxhO4t0DYO58cggcJ2PhLZMaaVGy8%2f1pqok%3d&w=186&h=88&c=8&rs=2&o=6&pid=WP0
172.67.186.90200 OK 4.2 kB URL GET HTTP/3 jiangshao.fun/th?u=https%3a%2f%2fth.bing.com%2fth%3fid%3dORMS.c4f1e670a3c7d8e2f8e30b14a318b599%26pid%3dWdp&ehk=Oct6pNYewxhO4t0DYO58cggcJ2PhLZMaaVGy8%2f1pqok%3d&w=186&h=88&c=8&rs=2&o=6&pid=WP0
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 186x88, components 3\012- data
Hash 1e2c2a51b81a5f09232c8b66680bc23d
faa2e5498d51eea75df90c62a7aaeac09bd30d55
f2079069b798dfbc19d35b37ce0c1dc6aab1781e1220a0f022e77b2e6a69a964
Analyzer Verdict Alert OpenPhish phishing Office365
GET /th?u=https%3a%2f%2fth.bing.com%2fth%3fid%3dORMS.c4f1e670a3c7d8e2f8e30b14a318b599%26pid%3dWdp&ehk=Oct6pNYewxhO4t0DYO58cggcJ2PhLZMaaVGy8%2f1pqok%3d&w=186&h=88&c=8&rs=2&o=6&pid=WP0 HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:45 GMT
content-type: image/jpeg
content-length: 4165
cache-control: public, max-age=2592000
x-cache: TCP_MISS
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 89B86A7D870A401587EA55ADA17AB3DD Ref B: NYCEDGE1710 Ref C: 2023-11-30T17:32:45Z
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 82e4d4e0e89e5695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/rp/k02upO3eJWjKAquJryP9z-tXM5o.js
172.67.186.90200 OK 423 B URL GET HTTP/3 jiangshao.fun/rp/k02upO3eJWjKAquJryP9z-tXM5o.js
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type ASCII text, with very long lines (429), with no line terminators
Hash 7d7b56ff3546bb1dc756fcdb6f04e4bc
d2d15f0cbd68e053b6efebcd8770cf72a321c625
fb52e19f2536865cb5a94f06f8b005f7727e00d94969e0a40e9bd8cdc9bc645e
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/k02upO3eJWjKAquJryP9z-tXM5o.js HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:44 GMT
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=432000
content-md5: OlBJ2yavnOA9tqU9NUEILQ==
last-modified: Wed, 24 Jun 2020 04:27:36 GMT
x-cache: TCP_HIT
x-ms-request-id: 65172dfa-501e-009b-6aeb-1fdc2e000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: E404A5A7116E421EAE1EC66606B9AF7E Ref B: MNZ221060618035 Ref C: 2023-11-27T18:59:19Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: 07F50C717F3942319F339D4C76751511 Ref B: EWR311000101051 Ref C: 2023-11-30T17:32:44Z
cf-cache-status: MISS
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4d6fe225695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
jiangshao.fun/rp/VMYMrXeSZyOXW5LQn-ede-_1jZk.js
172.67.186.90200 OK 924 B URL GET HTTP/3 jiangshao.fun/rp/VMYMrXeSZyOXW5LQn-ede-_1jZk.js
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type ASCII text, with very long lines (950), with no line terminators
Hash 5f7eba06572d12175aa8ce27cf255b32
eb03cfa2b28a4844e528a481fc2aaf5deae04c1d
e6aa47ff45025dfdc5e4525c7bc3820752921bcb8e2f03b96945e72e373eea89
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/VMYMrXeSZyOXW5LQn-ede-_1jZk.js HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:44 GMT
content-type: text/javascript; charset=utf-8
cache-control: public, max-age=432000
content-md5: R0QujVg4uqpkCoVvmOQNxg==
last-modified: Mon, 11 Jul 2022 23:07:32 GMT
x-cache: TCP_HIT
x-ms-request-id: 4b47418d-e01e-0037-13d8-1fcf87000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: D88BACD3922C45BCA42CF48B4E1D5A0A Ref B: MNZ221060618017 Ref C: 2023-11-29T11:07:13Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: 7CAEE3AB3E1346AE8BA225561E211A8B Ref B: EWR311000102025 Ref C: 2023-11-30T17:32:44Z
cf-cache-status: MISS
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4d70e545695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
jiangshao.fun/th?u=https%3a%2f%2fth.bing.com%2fth%3fid%3dORMS.3dcae1a38e68857de44dff264e333073%26pid%3dWdp&ehk=mhl%2f6xzBfZmJu0ectWH4DoczVXpYew0p1wFb2PUdzdc%3d&w=186&h=88&c=8&rs=2&o=6&pid=WP0
172.67.186.90200 OK 4.5 kB URL GET HTTP/3 jiangshao.fun/th?u=https%3a%2f%2fth.bing.com%2fth%3fid%3dORMS.3dcae1a38e68857de44dff264e333073%26pid%3dWdp&ehk=mhl%2f6xzBfZmJu0ectWH4DoczVXpYew0p1wFb2PUdzdc%3d&w=186&h=88&c=8&rs=2&o=6&pid=WP0
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 186x88, components 3\012- data
Hash 997ab0f1e766afe53ee0c792b8ea0783
9faf4d2dde6cc1183411d57405974f2964458e3a
869fea79d6d38b31c945786dc9d9e7eca26982ef5088e754e69dea057a49fd03
Analyzer Verdict Alert OpenPhish phishing Office365
GET /th?u=https%3a%2f%2fth.bing.com%2fth%3fid%3dORMS.3dcae1a38e68857de44dff264e333073%26pid%3dWdp&ehk=mhl%2f6xzBfZmJu0ectWH4DoczVXpYew0p1wFb2PUdzdc%3d&w=186&h=88&c=8&rs=2&o=6&pid=WP0 HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:45 GMT
content-type: image/jpeg
content-length: 4537
cache-control: public, max-age=2592000
x-cache: TCP_MISS
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7D3B7D0E80784D93BCAF5D03B488934B Ref B: NYCEDGE1408 Ref C: 2023-11-30T17:32:45Z
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 82e4d4e118e25695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.jiangshao.fun/fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22T%22%3A%22CI.Mobile_Icon_V1_Shown%22%2C%22TS%22%3A1701365570759%2C%22Name%22%3A%22shown%22%2C%22FID%22%3A%22Show%22%7D%2C%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fhp%2Fapi%2Fv1%2Fimagegallery%3Fformat%3Djson%26ssd%3D20231130_0800%26%22%2C%22format%22%3A%22json%22%2C%22status%22%3A200%2C%22time%22%3A4019%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365570917%2C%22Name%22%3A%22fetched%22%2C%22FID%22%3A%22HP%22%7D%5D
0.0.0.0 0 B URL GET jiangshao.jiangshao.fun/fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22T%22%3A%22CI.Mobile_Icon_V1_Shown%22%2C%22TS%22%3A1701365570759%2C%22Name%22%3A%22shown%22%2C%22FID%22%3A%22Show%22%7D%2C%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fhp%2Fapi%2Fv1%2Fimagegallery%3Fformat%3Djson%26ssd%3D20231130_0800%26%22%2C%22format%22%3A%22json%22%2C%22status%22%3A200%2C%22time%22%3A4019%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365570917%2C%22Name%22%3A%22fetched%22%2C%22FID%22%3A%22HP%22%7D%5D
IP 0.0.0.0:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22T%22%3A%22CI.Mobile_Icon_V1_Shown%22%2C%22TS%22%3A1701365570759%2C%22Name%22%3A%22shown%22%2C%22FID%22%3A%22Show%22%7D%2C%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fhp%2Fapi%2Fv1%2Fimagegallery%3Fformat%3Djson%26ssd%3D20231130_0800%26%22%2C%22format%22%3A%22json%22%2C%22status%22%3A200%2C%22time%22%3A4019%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365570917%2C%22Name%22%3A%22fetched%22%2C%22FID%22%3A%22HP%22%7D%5D HTTP/1.1
Host: jiangshao.jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0&WTS=63836962362; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
jiangshao.fun/hp/api/v1/codexnudge?format=json&
172.67.186.90200 OK 2.3 kB URL GET HTTP/3 jiangshao.fun/hp/api/v1/codexnudge?format=json&
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type troff or preprocessor input, Unicode text, UTF-8 text, with very long lines (2205), with no line terminators
Hash d5003b2adb8833f16f02a316180a1c43
3f094c61ea1fe3df3e1880a43d43ecda1b3f0632
ad65f5f70e3cb3f624e193308229cb4600958d7a977e83e73252387776b97b48
Analyzer Verdict Alert OpenPhish phishing Office365
GET /hp/api/v1/codexnudge?format=json& HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jiangshao.fun/
Content-type: application/json
DNT: 1
Connection: keep-alive
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:45 GMT
content-type: application/json; charset=utf-8
cache-control: private
p3p: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
set-cookie: MUID=2FC1AFB77E2E6AA41B79BC6E7F296B55; domain=.bing.com; expires=Tue, 24-Dec-2024 17:32:45 GMT; path=/; secure; SameSite=None
_EDGE_S=SID=128C2ED507B062212F533D0C063F6355; domain=.bing.com; path=/; HttpOnly
MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; expires=Tue, 24-Dec-2024 17:32:45 GMT; path=/; HttpOnly
SRCHD=AF=NOFORM; domain=.bing.com; expires=Tue, 24-Dec-2024 17:32:45 GMT; path=/; secure; SameSite=None
SRCHUID=V=2&GUID=94C70F8A348D44EF97525392475230FA&dmnchg=1; domain=.bing.com; expires=Tue, 24-Dec-2024 17:32:45 GMT; path=/; secure; SameSite=None
SRCHUSR=DOB=20231130; domain=.bing.com; expires=Tue, 24-Dec-2024 17:32:45 GMT; path=/; secure; SameSite=None
SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0&SRCHLANG=zh-Hans; domain=.bing.com; expires=Tue, 24-Dec-2024 17:32:45 GMT; path=/; secure; SameSite=None
_SS=SID=128C2ED507B062212F533D0C063F6355; domain=.bing.com; path=/; secure; SameSite=None
x-eventid: 6568c73d1f384da1ab9d7cff1c1e3fc2
useragentreductionoptout: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A14010EB74644DC79B4FE3AA552C2D68 Ref B: NYCEDGE1414 Ref C: 2023-11-30T17:32:45Z
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uki4dfuZh0%2B6vW1AMsLOGcR7ZgA46fOGdNJwl39j5TCQRXINHZ689ynzbyVavaBOmUeil2GMFkRx9xVRbvN2FbFW9dCGQV67YHeQASpNRGePKSxtsyt9QPuLfblrNMwC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82e4d4dd3ca95695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
jiangshao.fun/th?u=https%3a%2f%2fth.bing.com%2fth%3fid%3dORMS.09fa9c877883f2ca32913f56dd94db4f%26pid%3dWdp&ehk=n6n%2bI%2f0m4QJd3%2fiHuoTGRvWpbF1JDDdLaznmOO4g4JA%3d&w=186&h=88&c=8&rs=2&o=6&pid=WP0
172.67.186.90200 OK 2.8 kB URL GET HTTP/3 jiangshao.fun/th?u=https%3a%2f%2fth.bing.com%2fth%3fid%3dORMS.09fa9c877883f2ca32913f56dd94db4f%26pid%3dWdp&ehk=n6n%2bI%2f0m4QJd3%2fiHuoTGRvWpbF1JDDdLaznmOO4g4JA%3d&w=186&h=88&c=8&rs=2&o=6&pid=WP0
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 186x88, components 3\012- data
Hash 0c7ba6f4cec585a666c1e57671628714
8bc9070ceb53b76923e03aa7bf21219b792b64d7
4857603b004e902e04e03d6e9564149a877fbed348330348e789997855ec1ad8
Analyzer Verdict Alert OpenPhish phishing Office365
GET /th?u=https%3a%2f%2fth.bing.com%2fth%3fid%3dORMS.09fa9c877883f2ca32913f56dd94db4f%26pid%3dWdp&ehk=n6n%2bI%2f0m4QJd3%2fiHuoTGRvWpbF1JDDdLaznmOO4g4JA%3d&w=186&h=88&c=8&rs=2&o=6&pid=WP0 HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:45 GMT
content-type: image/jpeg
content-length: 2760
cache-control: public, max-age=2592000
x-cache: TCP_MISS
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: AE3591750AFB4A40B1395C6FB61D86DD Ref B: EWR311000107009 Ref C: 2023-11-30T17:32:45Z
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 82e4d4e0f8bf5695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/rp/kiGH9ukZK6Q4hvtDtwwVc1yvueg.svg
172.67.186.90200 OK 1.4 kB URL GET HTTP/3 jiangshao.fun/rp/kiGH9ukZK6Q4hvtDtwwVc1yvueg.svg
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (1579), with no line terminators
Hash 17ff48711c119bfd9e10593db33dcd7f
cda6c8ee1bbb6768aa427b834518635287765efb
90f2ff2cd325854397a1b2c887b86aa685a5a035513dd26d52a62f353e773cce
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/kiGH9ukZK6Q4hvtDtwwVc1yvueg.svg HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:45 GMT
content-type: image/svg+xml
cache-control: public, max-age=432000
content-md5: YgWAZX6KRbSnuEULjaXNMg==
last-modified: Wed, 12 May 2021 05:44:23 GMT
x-cache: TCP_REMOTE_HIT
x-ms-request-id: 390d027c-101e-008a-4e2d-21469a000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: 1D9B00288CAB42E4B800F87293A08E6A Ref B: MNZ221060607051 Ref C: 2023-11-30T17:32:45Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: 252C36F4C3214F748E4455A4EAD11F7B Ref B: EWR311000105047 Ref C: 2023-11-30T17:32:45Z
cf-cache-status: MISS
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4df7f3f5695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
jiangshao.fun/th?u=https%3a%2f%2fth.bing.com%2fth%3fid%3dORMS.d46d5547837386961262617762388ba6%26pid%3dWdp&ehk=PVkIWflWfZ44e09Sv2W8RTvb0UQF0qPP7N6SuzHTuis%3d&w=186&h=88&c=8&rs=2&o=6&pid=WP0
172.67.186.90200 OK 4.2 kB URL GET HTTP/3 jiangshao.fun/th?u=https%3a%2f%2fth.bing.com%2fth%3fid%3dORMS.d46d5547837386961262617762388ba6%26pid%3dWdp&ehk=PVkIWflWfZ44e09Sv2W8RTvb0UQF0qPP7N6SuzHTuis%3d&w=186&h=88&c=8&rs=2&o=6&pid=WP0
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 186x88, components 3\012- data
Hash 35397e9496500b78a81a638dcb665ef8
601ccb18985c2ad306f44519d8678e51ff2431c0
64e43eb5c900cd458f646b14b19655655691250bcc1707f887ebb586d2286089
Analyzer Verdict Alert OpenPhish phishing Office365
GET /th?u=https%3a%2f%2fth.bing.com%2fth%3fid%3dORMS.d46d5547837386961262617762388ba6%26pid%3dWdp&ehk=PVkIWflWfZ44e09Sv2W8RTvb0UQF0qPP7N6SuzHTuis%3d&w=186&h=88&c=8&rs=2&o=6&pid=WP0 HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:45 GMT
content-type: image/jpeg
content-length: 4222
cache-control: public, max-age=2592000
x-cache: TCP_MISS
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 21889CD94C3C4D698BE801BA3ABEC683 Ref B: NYCEDGE1307 Ref C: 2023-11-30T17:32:45Z
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 82e4d4e108d85695-OSL
alt-svc: h3=":443"; ma=86400
jiangshao.fun/rp/VMYMrXeSZyOXW5LQn-ede-_1jZk.js
172.67.186.90200 OK 924 B URL GET HTTP/3 jiangshao.fun/rp/VMYMrXeSZyOXW5LQn-ede-_1jZk.js
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type ASCII text, with very long lines (950), with no line terminators
Hash 5f7eba06572d12175aa8ce27cf255b32
eb03cfa2b28a4844e528a481fc2aaf5deae04c1d
e6aa47ff45025dfdc5e4525c7bc3820752921bcb8e2f03b96945e72e373eea89
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/VMYMrXeSZyOXW5LQn-ede-_1jZk.js HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:45 GMT
content-type: text/javascript; charset=utf-8
cache-control: public, max-age=432000
content-md5: R0QujVg4uqpkCoVvmOQNxg==
last-modified: Mon, 11 Jul 2022 23:07:32 GMT
x-cache: TCP_HIT
x-ms-request-id: 4b47418d-e01e-0037-13d8-1fcf87000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: D88BACD3922C45BCA42CF48B4E1D5A0A Ref B: MNZ221060618017 Ref C: 2023-11-29T11:07:13Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: 7CAEE3AB3E1346AE8BA225561E211A8B Ref B: EWR311000102025 Ref C: 2023-11-30T17:32:44Z
cf-cache-status: HIT
age: 1
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4e088305695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
jiangshao.jiangshao.fun/fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fhp%2Fapi%2Fmodel%22%2C%22format%22%3A%22json%22%2C%22time%22%3A3068%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365569966%2C%22Name%22%3A%22parsed%22%2C%22FID%22%3A%22HP%22%7D%5D
0.0.0.0 0 B URL GET jiangshao.jiangshao.fun/fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fhp%2Fapi%2Fmodel%22%2C%22format%22%3A%22json%22%2C%22time%22%3A3068%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365569966%2C%22Name%22%3A%22parsed%22%2C%22FID%22%3A%22HP%22%7D%5D
IP 0.0.0.0:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fhp%2Fapi%2Fmodel%22%2C%22format%22%3A%22json%22%2C%22time%22%3A3068%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365569966%2C%22Name%22%3A%22parsed%22%2C%22FID%22%3A%22HP%22%7D%5D HTTP/1.1
Host: jiangshao.jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
jiangshao.jiangshao.fun/fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fhp%2Fapi%2Fv1%2Fcodexnudge%3Fformat%3Djson%26%22%2C%22format%22%3A%22json%22%2C%22time%22%3A2675%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365569574%2C%22Name%22%3A%22requested%22%2C%22FID%22%3A%22HP%22%7D%5D
0.0.0.0 0 B URL GET jiangshao.jiangshao.fun/fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fhp%2Fapi%2Fv1%2Fcodexnudge%3Fformat%3Djson%26%22%2C%22format%22%3A%22json%22%2C%22time%22%3A2675%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365569574%2C%22Name%22%3A%22requested%22%2C%22FID%22%3A%22HP%22%7D%5D
IP 0.0.0.0:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fhp%2Fapi%2Fv1%2Fcodexnudge%3Fformat%3Djson%26%22%2C%22format%22%3A%22json%22%2C%22time%22%3A2675%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365569574%2C%22Name%22%3A%22requested%22%2C%22FID%22%3A%22HP%22%7D%5D HTTP/1.1
Host: jiangshao.jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
jiangshao.jiangshao.fun/fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22correlationId%22%3A%226568c73a6f684d9d9334850491e361b2%22%2C%22T%22%3A%22CI.acclink%22%2C%22TS%22%3A1701365570107%2C%22Name%22%3A%22loadJsModule%22%2C%22FID%22%3A%22init%22%7D%2C%7B%22correlationId%22%3A%226568c73a6f684d9d9334850491e361b2%22%2C%22T%22%3A%22CI.acclink%22%2C%22TS%22%3A1701365570107%2C%22Name%22%3A%22undirectflow%22%2C%22FID%22%3A%22init%22%7D%2C%7B%22func%22%3A%22carousel%22%2C%22count%22%3A1%2C%22time%22%3A3253%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365570151%2C%22Name%22%3A%22fetched%22%2C%22FID%22%3A%22HP%22%7D%5D
0.0.0.0 0 B URL GET jiangshao.jiangshao.fun/fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22correlationId%22%3A%226568c73a6f684d9d9334850491e361b2%22%2C%22T%22%3A%22CI.acclink%22%2C%22TS%22%3A1701365570107%2C%22Name%22%3A%22loadJsModule%22%2C%22FID%22%3A%22init%22%7D%2C%7B%22correlationId%22%3A%226568c73a6f684d9d9334850491e361b2%22%2C%22T%22%3A%22CI.acclink%22%2C%22TS%22%3A1701365570107%2C%22Name%22%3A%22undirectflow%22%2C%22FID%22%3A%22init%22%7D%2C%7B%22func%22%3A%22carousel%22%2C%22count%22%3A1%2C%22time%22%3A3253%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365570151%2C%22Name%22%3A%22fetched%22%2C%22FID%22%3A%22HP%22%7D%5D
IP 0.0.0.0:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22correlationId%22%3A%226568c73a6f684d9d9334850491e361b2%22%2C%22T%22%3A%22CI.acclink%22%2C%22TS%22%3A1701365570107%2C%22Name%22%3A%22loadJsModule%22%2C%22FID%22%3A%22init%22%7D%2C%7B%22correlationId%22%3A%226568c73a6f684d9d9334850491e361b2%22%2C%22T%22%3A%22CI.acclink%22%2C%22TS%22%3A1701365570107%2C%22Name%22%3A%22undirectflow%22%2C%22FID%22%3A%22init%22%7D%2C%7B%22func%22%3A%22carousel%22%2C%22count%22%3A1%2C%22time%22%3A3253%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365570151%2C%22Name%22%3A%22fetched%22%2C%22FID%22%3A%22HP%22%7D%5D HTTP/1.1
Host: jiangshao.jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
jiangshao.jiangshao.fun/fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fhp%2Fapi%2Fmodel%22%2C%22format%22%3A%22json%22%2C%22time%22%3A2676%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365569575%2C%22Name%22%3A%22requested%22%2C%22FID%22%3A%22HP%22%7D%5D
0.0.0.0 0 B URL GET jiangshao.jiangshao.fun/fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fhp%2Fapi%2Fmodel%22%2C%22format%22%3A%22json%22%2C%22time%22%3A2676%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365569575%2C%22Name%22%3A%22requested%22%2C%22FID%22%3A%22HP%22%7D%5D
IP 0.0.0.0:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fhp%2Fapi%2Fmodel%22%2C%22format%22%3A%22json%22%2C%22time%22%3A2676%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365569575%2C%22Name%22%3A%22requested%22%2C%22FID%22%3A%22HP%22%7D%5D HTTP/1.1
Host: jiangshao.jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
jiangshao.jiangshao.fun/fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22micComponent%22%3A%22rendered%22%2C%22time%22%3A2674%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365569572%2C%22Name%22%3A%22speech%22%2C%22FID%22%3A%22HP%22%7D%5D
0.0.0.0 0 B URL GET jiangshao.jiangshao.fun/fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22micComponent%22%3A%22rendered%22%2C%22time%22%3A2674%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365569572%2C%22Name%22%3A%22speech%22%2C%22FID%22%3A%22HP%22%7D%5D
IP 0.0.0.0:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22micComponent%22%3A%22rendered%22%2C%22time%22%3A2674%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365569572%2C%22Name%22%3A%22speech%22%2C%22FID%22%3A%22HP%22%7D%5D HTTP/1.1
Host: jiangshao.jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
jiangshao.fun/rp/NnFHhz2jL6yzChtIhaB5IIVKY5k.svg
172.67.186.90200 OK 1.1 kB URL GET HTTP/3 jiangshao.fun/rp/NnFHhz2jL6yzChtIhaB5IIVKY5k.svg
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1139), with no line terminators
Hash b1e974788fb1e7a6fc495e52f04d9c43
ef7a5e6ab0432f2e4b7531dd25452cf8992a1993
7e250948d12e368490fd33ab91e07bc981cd2ed448489e7876d6ca01775d4d97
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/NnFHhz2jL6yzChtIhaB5IIVKY5k.svg HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:45 GMT
content-type: image/svg+xml
cache-control: public, max-age=432000
content-md5: wEyINKyRgCGG5s5neuSonQ==
last-modified: Wed, 24 Jun 2020 04:22:48 GMT
x-cache: TCP_HIT
x-ms-request-id: 266e9f46-401e-0011-6fd2-1f879f000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: E57961CC5B0645DFA3BB3D3D77051BCD Ref B: MNZ221060618031 Ref C: 2023-11-26T07:37:56Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: 2E7BFFA1A0124A71BE879AA19829C43D Ref B: NYCEDGE1616 Ref C: 2023-11-30T17:32:45Z
cf-cache-status: MISS
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4df8f445695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
jiangshao.fun/ipv6test/test?FORM=MONITR
172.67.186.90200 OK 64 B URL GET HTTP/3 jiangshao.fun/ipv6test/test?FORM=MONITR
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type ASCII text, with no line terminators
Hash e82d9bd501b46df5cb2b650af9e1b126
0fe6876226e88d8104ed51cb6329eb172bba8d68
c2ba8fccfc980bcc8fc24e7a41bfcfee88cca9331c8d4d62890d7dfab4a12226
Analyzer Verdict Alert OpenPhish phishing Office365
GET /ipv6test/test?FORM=MONITR HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0&WTS=63836962362; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000; ipv6=hit=1701369171020
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:46 GMT
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: -1
p3p: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
set-cookie: MUID=2FC1AFB77E2E6AA41B79BC6E7F296B55; domain=.bing.com; expires=Tue, 24-Dec-2024 17:32:46 GMT; path=/; secure; SameSite=None
_EDGE_S=SID=3A6164CCEF3E68103B087715EEB16947; domain=.bing.com; path=/; HttpOnly
MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; expires=Tue, 24-Dec-2024 17:32:46 GMT; path=/; HttpOnly
SRCHD=AF=MONITR; domain=.bing.com; expires=Tue, 24-Dec-2024 17:32:46 GMT; path=/; secure; SameSite=None
SRCHUID=V=2&GUID=A22FD829F1194400932D66A0E8904ECD&dmnchg=1; domain=.bing.com; expires=Tue, 24-Dec-2024 17:32:46 GMT; path=/; secure; SameSite=None
SRCHUSR=DOB=20231130; domain=.bing.com; expires=Tue, 24-Dec-2024 17:32:46 GMT; path=/; secure; SameSite=None
SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0&WTS=63836962362&SRCHLANG=zh-Hans; domain=.bing.com; expires=Tue, 24-Dec-2024 17:32:46 GMT; path=/; secure; SameSite=None
_SS=SID=3A6164CCEF3E68103B087715EEB16947; domain=.bing.com; path=/; secure; SameSite=None
x-eventid: 6568c73e1244417190b707771bbc8039
useragentreductionoptout: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: EACD6E0D52544B349ED592DDD463B74F Ref B: NYCEDGE1406 Ref C: 2023-11-30T17:32:46Z
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SfRQRvKQHuj8b0zs3%2BWc1jvit1Mkdxr633TRqUyVRmgq5K51OBVG7z7nRAQqmcm5idPbDcdq0a1YX6NzLaBANjm525u9feqcZf%2Fbe08fMK0uv8F3swPMGmeyHFE9duQK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82e4d4e67e485695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
jiangshao.jiangshao.fun/fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22T%22%3A%22CI.ASBundleLoad%22%2C%22TS%22%3A1701365571393%2C%22Name%22%3A%22AutoSuggestBootstrap%22%2C%22FID%22%3A%22AS%22%7D%2C%7B%22Fallback%22%3A%221%22%2C%22IsRewardUser%22%3A%22%22%2C%22IsAutoOpenFlyout%22%3A%22%22%2C%22SuppressionReason%22%3A%22NoTrigger%3APathIsNotSerp%22%2C%22FID%22%3A%22ModernRewardsFlyout%22%2C%22EventName%22%3A%22AutoOpenFlyoutFired%22%2C%22T%22%3A%22CI.Init%22%2C%22TS%22%3A1701365571578%2C%22Name%22%3A%22AutoOpenFlyoutFired%22%7D%5D
0.0.0.0 0 B URL GET jiangshao.jiangshao.fun/fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22T%22%3A%22CI.ASBundleLoad%22%2C%22TS%22%3A1701365571393%2C%22Name%22%3A%22AutoSuggestBootstrap%22%2C%22FID%22%3A%22AS%22%7D%2C%7B%22Fallback%22%3A%221%22%2C%22IsRewardUser%22%3A%22%22%2C%22IsAutoOpenFlyout%22%3A%22%22%2C%22SuppressionReason%22%3A%22NoTrigger%3APathIsNotSerp%22%2C%22FID%22%3A%22ModernRewardsFlyout%22%2C%22EventName%22%3A%22AutoOpenFlyoutFired%22%2C%22T%22%3A%22CI.Init%22%2C%22TS%22%3A1701365571578%2C%22Name%22%3A%22AutoOpenFlyoutFired%22%7D%5D
IP 0.0.0.0:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22T%22%3A%22CI.ASBundleLoad%22%2C%22TS%22%3A1701365571393%2C%22Name%22%3A%22AutoSuggestBootstrap%22%2C%22FID%22%3A%22AS%22%7D%2C%7B%22Fallback%22%3A%221%22%2C%22IsRewardUser%22%3A%22%22%2C%22IsAutoOpenFlyout%22%3A%22%22%2C%22SuppressionReason%22%3A%22NoTrigger%3APathIsNotSerp%22%2C%22FID%22%3A%22ModernRewardsFlyout%22%2C%22EventName%22%3A%22AutoOpenFlyoutFired%22%2C%22T%22%3A%22CI.Init%22%2C%22TS%22%3A1701365571578%2C%22Name%22%3A%22AutoOpenFlyoutFired%22%7D%5D HTTP/1.1
Host: jiangshao.jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0&WTS=63836962362; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000; ipv6=hit=1701369171020&t=4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
jiangshao.jiangshao.fun/fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22Count%22%3A20%2C%22time%22%3A3258%2C%22T%22%3A%22CI.Show%22%2C%22TS%22%3A1701365570156%2C%22Name%22%3A%22ProactiveTrendingNowTiles%22%2C%22FID%22%3A%22HP%22%7D%5D
0.0.0.0 0 B URL GET jiangshao.jiangshao.fun/fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22Count%22%3A20%2C%22time%22%3A3258%2C%22T%22%3A%22CI.Show%22%2C%22TS%22%3A1701365570156%2C%22Name%22%3A%22ProactiveTrendingNowTiles%22%2C%22FID%22%3A%22HP%22%7D%5D
IP 0.0.0.0:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22Count%22%3A20%2C%22time%22%3A3258%2C%22T%22%3A%22CI.Show%22%2C%22TS%22%3A1701365570156%2C%22Name%22%3A%22ProactiveTrendingNowTiles%22%2C%22FID%22%3A%22HP%22%7D%5D HTTP/1.1
Host: jiangshao.jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
jiangshao.jiangshao.fun/fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fhp%2Fapi%2Fv1%2Fmomentsintime%3Fformat%3Djson%26ssd%3D20231130_0800%26%22%2C%22format%22%3A%22json%22%2C%22time%22%3A3811%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365570709%2C%22Name%22%3A%22requested%22%2C%22FID%22%3A%22HP%22%7D%5D
0.0.0.0 0 B URL GET jiangshao.jiangshao.fun/fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fhp%2Fapi%2Fv1%2Fmomentsintime%3Fformat%3Djson%26ssd%3D20231130_0800%26%22%2C%22format%22%3A%22json%22%2C%22time%22%3A3811%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365570709%2C%22Name%22%3A%22requested%22%2C%22FID%22%3A%22HP%22%7D%5D
IP 0.0.0.0:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fhp%2Fapi%2Fv1%2Fmomentsintime%3Fformat%3Djson%26ssd%3D20231130_0800%26%22%2C%22format%22%3A%22json%22%2C%22time%22%3A3811%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365570709%2C%22Name%22%3A%22requested%22%2C%22FID%22%3A%22HP%22%7D%5D HTTP/1.1
Host: jiangshao.jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
jiangshao.jiangshao.fun/fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fimages%2Fsbi%3Fmmasync%3D1%26ptn%3DHomepage%26IID%3DSBI%26IG%3DA903986D2A5143A0A2E909AB5D6FF6D4%26%22%2C%22format%22%3A%22dom%22%2C%22time%22%3A2675%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365569573%2C%22Name%22%3A%22requested%22%2C%22FID%22%3A%22HP%22%7D%5D
0.0.0.0 0 B URL GET jiangshao.jiangshao.fun/fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fimages%2Fsbi%3Fmmasync%3D1%26ptn%3DHomepage%26IID%3DSBI%26IG%3DA903986D2A5143A0A2E909AB5D6FF6D4%26%22%2C%22format%22%3A%22dom%22%2C%22time%22%3A2675%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365569573%2C%22Name%22%3A%22requested%22%2C%22FID%22%3A%22HP%22%7D%5D
IP 0.0.0.0:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fimages%2Fsbi%3Fmmasync%3D1%26ptn%3DHomepage%26IID%3DSBI%26IG%3DA903986D2A5143A0A2E909AB5D6FF6D4%26%22%2C%22format%22%3A%22dom%22%2C%22time%22%3A2675%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365569573%2C%22Name%22%3A%22requested%22%2C%22FID%22%3A%22HP%22%7D%5D HTTP/1.1
Host: jiangshao.jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
jiangshao.jiangshao.fun/fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useDynamicModules%22%2C%22module%22%3A%22rms-answers-HomepageVNext-PeregrineWidgets%22%2C%22error%22%3A%22TypeError%3A%20error%20loading%20dynamically%20imported%20module%22%2C%22time%22%3A3758%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365570656%2C%22Name%22%3A%22ImportError%22%2C%22FID%22%3A%22HP%22%7D%5D
0.0.0.0 0 B URL GET jiangshao.jiangshao.fun/fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useDynamicModules%22%2C%22module%22%3A%22rms-answers-HomepageVNext-PeregrineWidgets%22%2C%22error%22%3A%22TypeError%3A%20error%20loading%20dynamically%20imported%20module%22%2C%22time%22%3A3758%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365570656%2C%22Name%22%3A%22ImportError%22%2C%22FID%22%3A%22HP%22%7D%5D
IP 0.0.0.0:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useDynamicModules%22%2C%22module%22%3A%22rms-answers-HomepageVNext-PeregrineWidgets%22%2C%22error%22%3A%22TypeError%3A%20error%20loading%20dynamically%20imported%20module%22%2C%22time%22%3A3758%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365570656%2C%22Name%22%3A%22ImportError%22%2C%22FID%22%3A%22HP%22%7D%5D HTTP/1.1
Host: jiangshao.jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
jiangshao.jiangshao.fun/fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fhp%2Fapi%2Fv1%2Fcodexnudge%3Fformat%3Djson%26%22%2C%22format%22%3A%22json%22%2C%22status%22%3A200%2C%22time%22%3A2842%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365569740%2C%22Name%22%3A%22fetched%22%2C%22FID%22%3A%22HP%22%7D%5D
0.0.0.0 0 B URL GET jiangshao.jiangshao.fun/fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fhp%2Fapi%2Fv1%2Fcodexnudge%3Fformat%3Djson%26%22%2C%22format%22%3A%22json%22%2C%22status%22%3A200%2C%22time%22%3A2842%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365569740%2C%22Name%22%3A%22fetched%22%2C%22FID%22%3A%22HP%22%7D%5D
IP 0.0.0.0:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fhp%2Fapi%2Fv1%2Fcodexnudge%3Fformat%3Djson%26%22%2C%22format%22%3A%22json%22%2C%22status%22%3A200%2C%22time%22%3A2842%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365569740%2C%22Name%22%3A%22fetched%22%2C%22FID%22%3A%22HP%22%7D%5D HTTP/1.1
Host: jiangshao.jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
jiangshao.jiangshao.fun/fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22T%22%3A%22CI.ClientInst%22%2C%22TS%22%3A1701365570022%2C%22Name%22%3A%22OrgId%22%2C%22FID%22%3A%22NoSignInAttempt%22%7D%2C%7B%22ID%22%3A%2263245%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1701365570032%2C%22Name%22%3A%22BottomBanner%22%2C%22FID%22%3A%22Mcp%22%7D%2C%7B%22T%22%3A%22CI.BNP%22%2C%22TS%22%3A1701365570032%2C%22Name%22%3A%22bnp.notif.shown%22%2C%22FID%22%3A%2263245%22%7D%2C%7B%22T%22%3A%22CI.BNP%22%2C%22TS%22%3A1701365570049%2C%22Name%22%3A%22bnp.embed.ready%22%2C%22FID%22%3A%2263245%22%7D%2C%7B%22ID%22%3A%2263245%22%2C%22T%22%3A%22CI.BNPUxAssetIndex%22%2C%22TS%22%3A1701365570049%2C%22Name%22%3A0%2C%22FID%22%3A%22BNP%22%7D%2C%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fhp%2Fapi%2Fv1%2Fmsnpopularnow%3F%26format%3Djson%26ecount%3D20%26efirst%3D0%26%26%22%2C%22format%22%3A%22json%22%2C%22status%22%3A200%2C%22time%22%3A3157%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365570055%2C%22Name%22%3A%22fetched%22%2C%22FID%22%3A%22HP%22%7D%5D
0.0.0.0 0 B URL GET jiangshao.jiangshao.fun/fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22T%22%3A%22CI.ClientInst%22%2C%22TS%22%3A1701365570022%2C%22Name%22%3A%22OrgId%22%2C%22FID%22%3A%22NoSignInAttempt%22%7D%2C%7B%22ID%22%3A%2263245%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1701365570032%2C%22Name%22%3A%22BottomBanner%22%2C%22FID%22%3A%22Mcp%22%7D%2C%7B%22T%22%3A%22CI.BNP%22%2C%22TS%22%3A1701365570032%2C%22Name%22%3A%22bnp.notif.shown%22%2C%22FID%22%3A%2263245%22%7D%2C%7B%22T%22%3A%22CI.BNP%22%2C%22TS%22%3A1701365570049%2C%22Name%22%3A%22bnp.embed.ready%22%2C%22FID%22%3A%2263245%22%7D%2C%7B%22ID%22%3A%2263245%22%2C%22T%22%3A%22CI.BNPUxAssetIndex%22%2C%22TS%22%3A1701365570049%2C%22Name%22%3A0%2C%22FID%22%3A%22BNP%22%7D%2C%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fhp%2Fapi%2Fv1%2Fmsnpopularnow%3F%26format%3Djson%26ecount%3D20%26efirst%3D0%26%26%22%2C%22format%22%3A%22json%22%2C%22status%22%3A200%2C%22time%22%3A3157%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365570055%2C%22Name%22%3A%22fetched%22%2C%22FID%22%3A%22HP%22%7D%5D
IP 0.0.0.0:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22T%22%3A%22CI.ClientInst%22%2C%22TS%22%3A1701365570022%2C%22Name%22%3A%22OrgId%22%2C%22FID%22%3A%22NoSignInAttempt%22%7D%2C%7B%22ID%22%3A%2263245%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1701365570032%2C%22Name%22%3A%22BottomBanner%22%2C%22FID%22%3A%22Mcp%22%7D%2C%7B%22T%22%3A%22CI.BNP%22%2C%22TS%22%3A1701365570032%2C%22Name%22%3A%22bnp.notif.shown%22%2C%22FID%22%3A%2263245%22%7D%2C%7B%22T%22%3A%22CI.BNP%22%2C%22TS%22%3A1701365570049%2C%22Name%22%3A%22bnp.embed.ready%22%2C%22FID%22%3A%2263245%22%7D%2C%7B%22ID%22%3A%2263245%22%2C%22T%22%3A%22CI.BNPUxAssetIndex%22%2C%22TS%22%3A1701365570049%2C%22Name%22%3A0%2C%22FID%22%3A%22BNP%22%7D%2C%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fhp%2Fapi%2Fv1%2Fmsnpopularnow%3F%26format%3Djson%26ecount%3D20%26efirst%3D0%26%26%22%2C%22format%22%3A%22json%22%2C%22status%22%3A200%2C%22time%22%3A3157%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365570055%2C%22Name%22%3A%22fetched%22%2C%22FID%22%3A%22HP%22%7D%5D HTTP/1.1
Host: jiangshao.jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
jiangshao.fun/hp/api/v1/imagegallery?format=json&ssd=20231130_0800&
172.67.186.90200 OK 11 kB URL GET HTTP/3 jiangshao.fun/hp/api/v1/imagegallery?format=json&ssd=20231130_0800&
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert OpenPhish phishing Office365
GET /hp/api/v1/imagegallery?format=json&ssd=20231130_0800& HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jiangshao.fun/
Content-type: application/json
DNT: 1
Connection: keep-alive
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:46 GMT
content-type: application/json; charset=utf-8
cache-control: private
p3p: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
set-cookie: MUID=2FC1AFB77E2E6AA41B79BC6E7F296B55; domain=.bing.com; expires=Tue, 24-Dec-2024 17:32:46 GMT; path=/; secure; SameSite=None
_EDGE_S=SID=36491B196C0065AE2BDE08C06D8A64F0; domain=.bing.com; path=/; HttpOnly
MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; expires=Tue, 24-Dec-2024 17:32:46 GMT; path=/; HttpOnly
SRCHD=AF=NOFORM; domain=.bing.com; expires=Tue, 24-Dec-2024 17:32:46 GMT; path=/; secure; SameSite=None
SRCHUID=V=2&GUID=5D2DBC48F42945959E1BE56C8C9691B3&dmnchg=1; domain=.bing.com; expires=Tue, 24-Dec-2024 17:32:46 GMT; path=/; secure; SameSite=None
SRCHUSR=DOB=20231130; domain=.bing.com; expires=Tue, 24-Dec-2024 17:32:46 GMT; path=/; secure; SameSite=None
SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0&SRCHLANG=zh-Hans; domain=.bing.com; expires=Tue, 24-Dec-2024 17:32:46 GMT; path=/; secure; SameSite=None
_SS=SID=36491B196C0065AE2BDE08C06D8A64F0; domain=.bing.com; path=/; secure; SameSite=None
x-eventid: 6568c73e340a40e2a67d584016471636
useragentreductionoptout: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2B7D067302CD4E159147728E0A5783D1 Ref B: EWR311000103045 Ref C: 2023-11-30T17:32:46Z
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ED3kp9zqfK8%2BYUZw%2BEkOy%2Bm9OrF5sSPt7s23OwawkqSxQB3DywRYXRo2dluW%2BLtJPAGihoDz5iItw0Q%2ByFvCRgBC9VHhml4oCKBYU5lPHqW8lL3rcpGkJBxxbpGcoU82"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82e4d4e48c6a5695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
jiangshao.jiangshao.fun/fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22Namespace%22%3A%22Homepage%22%2C%22CustomData%22%3A%22%7B%5C%22chipText%5C%22%3A%5C%22%E5%86%99%E4%B8%80%E4%B8%AA%E5%8E%9F%E5%88%9B%E7%9F%AD%E6%96%87%EF%BC%8C%E8%AE%B2%E8%BF%B0%E4%B8%80%E6%9D%A1%E9%B1%BC%E5%92%8C%E4%B8%80%E5%8F%AA%E9%9D%92%E8%9B%99%E5%AF%BB%E6%89%BE%E7%9C%9F%E7%88%B1%E7%9A%84%E6%95%85%E4%BA%8B%E3%80%82%5C%22%2C%5C%22chipIndex%5C%22%3A1%7D%22%2C%22T%22%3A%22CI.SystemEvent%22%2C%22TS%22%3A1701365574790%2C%22Name%22%3A%22QueryShown%22%2C%22FID%22%3A%22Codex%22%7D%5D
0.0.0.0 0 B URL GET jiangshao.jiangshao.fun/fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22Namespace%22%3A%22Homepage%22%2C%22CustomData%22%3A%22%7B%5C%22chipText%5C%22%3A%5C%22%E5%86%99%E4%B8%80%E4%B8%AA%E5%8E%9F%E5%88%9B%E7%9F%AD%E6%96%87%EF%BC%8C%E8%AE%B2%E8%BF%B0%E4%B8%80%E6%9D%A1%E9%B1%BC%E5%92%8C%E4%B8%80%E5%8F%AA%E9%9D%92%E8%9B%99%E5%AF%BB%E6%89%BE%E7%9C%9F%E7%88%B1%E7%9A%84%E6%95%85%E4%BA%8B%E3%80%82%5C%22%2C%5C%22chipIndex%5C%22%3A1%7D%22%2C%22T%22%3A%22CI.SystemEvent%22%2C%22TS%22%3A1701365574790%2C%22Name%22%3A%22QueryShown%22%2C%22FID%22%3A%22Codex%22%7D%5D
IP 0.0.0.0:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22Namespace%22%3A%22Homepage%22%2C%22CustomData%22%3A%22%7B%5C%22chipText%5C%22%3A%5C%22%E5%86%99%E4%B8%80%E4%B8%AA%E5%8E%9F%E5%88%9B%E7%9F%AD%E6%96%87%EF%BC%8C%E8%AE%B2%E8%BF%B0%E4%B8%80%E6%9D%A1%E9%B1%BC%E5%92%8C%E4%B8%80%E5%8F%AA%E9%9D%92%E8%9B%99%E5%AF%BB%E6%89%BE%E7%9C%9F%E7%88%B1%E7%9A%84%E6%95%85%E4%BA%8B%E3%80%82%5C%22%2C%5C%22chipIndex%5C%22%3A1%7D%22%2C%22T%22%3A%22CI.SystemEvent%22%2C%22TS%22%3A1701365574790%2C%22Name%22%3A%22QueryShown%22%2C%22FID%22%3A%22Codex%22%7D%5D HTTP/1.1
Host: jiangshao.jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0&WTS=63836962362; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000; ipv6=hit=1701369171020&t=4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
jiangshao.fun/rp/vE_Wye-y6H0tMPGd14yRiLbXay0.js
172.67.186.90200 OK 938 B URL GET HTTP/3 jiangshao.fun/rp/vE_Wye-y6H0tMPGd14yRiLbXay0.js
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type ASCII text, with very long lines (968), with no line terminators
Hash 87965d99c016e60ff9be5c8b28f0203d
6070c6da62ecad7118bd5df9fc3cbb4393e9019e
867652ab940e72b7db5fc11b1338bf50ed12ac987d610f186789e661680cad68
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/vE_Wye-y6H0tMPGd14yRiLbXay0.js HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:45 GMT
content-type: text/javascript; charset=utf-8
cache-control: public, max-age=432000
content-md5: 2/dxsfCwU5PRi8Vf1t2Upw==
last-modified: Tue, 14 Jun 2022 17:04:46 GMT
x-cache: TCP_HIT
x-ms-request-id: 5a51b88a-201e-0038-12c0-1fb9eb000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: E7C8F8D8547F4D879D6316AE37E0DC07 Ref B: MNZ221060605021 Ref C: 2023-11-26T06:54:37Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: 9DCBB4723CCA44D9BF61FAA178D79B9C Ref B: NYCEDGE1412 Ref C: 2023-11-30T17:32:44Z
cf-cache-status: HIT
age: 1
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4deeea65695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
aadcdn.msauth.net/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg
13.107.213.53200 OK 1.9 kB URL GET HTTP/2 aadcdn.msauth.net/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg
IP 13.107.213.53:443
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://login.microsoftonline.com/common/oauth2/authorize?client_id=9ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7&response_type=id_token+code&nonce=0c8aaa25-dacc-42ba-8d88-79ef7766219a&redirect_uri=https%3a%2f%2fjiangshao.fun%2forgid%2fidtoken%2fconditional&scope=openid%20email%20profile%209ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7/.default&response_mode=form_post&instance_aware=true&msafed=0&prompt=none&state=%7b%22ig%22%3a%22A903986D2A5143A0A2E909AB5D6FF6D4%22%7d
Certificate IssuerDigiCert Inc
Subjectaadcdn.msauth.net
Fingerprint88:95:0C:FA:9D:33:AA:BF:A4:FD:9D:84:A6:E8:02:06:58:50:AD:8C
ValiditySun, 29 Oct 2023 00:00:00 GMT - Tue, 29 Oct 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1982), with no line terminators
Hash 4b5c228b4faba433d06ec569ed855b2d
a7d3882b93e332460e7c59510a6a811ef011983f
eb19d76cd1fad39abf0f2778991883a5cf9ff560117ce8f7c64124e71471b4ed
GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: public, max-age=31536000
content-length: 673
content-type: image/svg+xml
content-encoding: gzip
content-md5: DhdidjYrlCeaRJJRG/y9mA==
last-modified: Wed, 24 May 2023 10:11:46 GMT
etag: 0x8DB5C3F47E260FD
x-cache: TCP_HIT
x-ms-request-id: 17509178-201e-0069-5d7c-190642000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0PUtaZQAAAADzVd1XQgMOT5+aJm+OjSr5QU1TMDRFREdFMTkwOAAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
x-azure-ref: 0PsdoZQAAAADlkgZCXPmhRbhvONZsngwbU1ZHMjBFREdFMDYyMgAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
date: Thu, 30 Nov 2023 17:32:45 GMT
X-Firefox-Spdy: h2
jiangshao.fun/rp/k02upO3eJWjKAquJryP9z-tXM5o.js
172.67.186.90200 OK 423 B URL GET HTTP/3 jiangshao.fun/rp/k02upO3eJWjKAquJryP9z-tXM5o.js
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type ASCII text, with very long lines (429), with no line terminators
Hash 7d7b56ff3546bb1dc756fcdb6f04e4bc
d2d15f0cbd68e053b6efebcd8770cf72a321c625
fb52e19f2536865cb5a94f06f8b005f7727e00d94969e0a40e9bd8cdc9bc645e
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/k02upO3eJWjKAquJryP9z-tXM5o.js HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:45 GMT
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=432000
content-md5: OlBJ2yavnOA9tqU9NUEILQ==
last-modified: Wed, 24 Jun 2020 04:27:36 GMT
x-cache: TCP_HIT
x-ms-request-id: 65172dfa-501e-009b-6aeb-1fdc2e000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: E404A5A7116E421EAE1EC66606B9AF7E Ref B: MNZ221060618035 Ref C: 2023-11-27T18:59:19Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: 07F50C717F3942319F339D4C76751511 Ref B: EWR311000101051 Ref C: 2023-11-30T17:32:44Z
cf-cache-status: HIT
age: 1
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4deae4c5695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
jiangshao.jiangshao.fun/fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fimages%2Fsbi%3Fmmasync%3D1%26ptn%3DHomepage%26IID%3DSBI%26IG%3DA903986D2A5143A0A2E909AB5D6FF6D4%26%22%2C%22format%22%3A%22dom%22%2C%22time%22%3A2969%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365569866%2C%22Name%22%3A%22parsed%22%2C%22FID%22%3A%22HP%22%7D%5D
0.0.0.0 0 B URL GET jiangshao.jiangshao.fun/fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fimages%2Fsbi%3Fmmasync%3D1%26ptn%3DHomepage%26IID%3DSBI%26IG%3DA903986D2A5143A0A2E909AB5D6FF6D4%26%22%2C%22format%22%3A%22dom%22%2C%22time%22%3A2969%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365569866%2C%22Name%22%3A%22parsed%22%2C%22FID%22%3A%22HP%22%7D%5D
IP 0.0.0.0:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fimages%2Fsbi%3Fmmasync%3D1%26ptn%3DHomepage%26IID%3DSBI%26IG%3DA903986D2A5143A0A2E909AB5D6FF6D4%26%22%2C%22format%22%3A%22dom%22%2C%22time%22%3A2969%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365569866%2C%22Name%22%3A%22parsed%22%2C%22FID%22%3A%22HP%22%7D%5D HTTP/1.1
Host: jiangshao.jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
jiangshao.jiangshao.fun/fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fhp%2Fapi%2Fv1%2Fimagegallery%3Fformat%3Djson%26ssd%3D20231130_0800%26%22%2C%22format%22%3A%22json%22%2C%22time%22%3A3812%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365570709%2C%22Name%22%3A%22requested%22%2C%22FID%22%3A%22HP%22%7D%5D
0.0.0.0 0 B URL GET jiangshao.jiangshao.fun/fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fhp%2Fapi%2Fv1%2Fimagegallery%3Fformat%3Djson%26ssd%3D20231130_0800%26%22%2C%22format%22%3A%22json%22%2C%22time%22%3A3812%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365570709%2C%22Name%22%3A%22requested%22%2C%22FID%22%3A%22HP%22%7D%5D
IP 0.0.0.0:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fhp%2Fapi%2Fv1%2Fimagegallery%3Fformat%3Djson%26ssd%3D20231130_0800%26%22%2C%22format%22%3A%22json%22%2C%22time%22%3A3812%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365570709%2C%22Name%22%3A%22requested%22%2C%22FID%22%3A%22HP%22%7D%5D HTTP/1.1
Host: jiangshao.jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
jiangshao.fun/rewardsapp/reportActivity?IG=A903986D2A5143A0A2E909AB5D6FF6D4&IID=SERP.5029&&src=hp
172.67.186.90200 OK 1.6 kB URL POST HTTP/3 jiangshao.fun/rewardsapp/reportActivity?IG=A903986D2A5143A0A2E909AB5D6FF6D4&IID=SERP.5029&&src=hp
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type HTML document, ASCII text, with very long lines (1754), with no line terminators
Hash 4988f72630c7c304db970d64966618a4
338df57ba1dbab05bb66dbc7bcad9d37be8617af
7eae300f84c6112f957150d6874c074cfa5f3a1f8f04ea8259b432da959d87cf
Analyzer Verdict Alert OpenPhish phishing Office365
POST /rewardsapp/reportActivity?IG=A903986D2A5143A0A2E909AB5D6FF6D4&IID=SERP.5029&&src=hp HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 34
Origin: https://jiangshao.fun
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0&WTS=63836962362; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000; ipv6=hit=1701369171020
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:47 GMT
content-type: text/html; charset=utf-8
cache-control: no-cache
pragma: no-cache
expires: -1
p3p: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
set-cookie: MUID=2FC1AFB77E2E6AA41B79BC6E7F296B55; domain=.bing.com; expires=Tue, 24-Dec-2024 17:32:46 GMT; path=/; secure; SameSite=None
_EDGE_S=SID=13E950E504D964CC1734433C05566550; domain=.bing.com; path=/; HttpOnly
MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; expires=Tue, 24-Dec-2024 17:32:46 GMT; path=/; HttpOnly
SRCHD=AF=NOFORM; domain=.bing.com; expires=Tue, 24-Dec-2024 17:32:46 GMT; path=/; secure; SameSite=None
SRCHUID=V=2&GUID=24D97D902F9E4F688E733047D85A8EEA&dmnchg=1; domain=.bing.com; expires=Tue, 24-Dec-2024 17:32:46 GMT; path=/; secure; SameSite=None
SRCHUSR=DOB=20231130; domain=.bing.com; expires=Tue, 24-Dec-2024 17:32:46 GMT; path=/; secure; SameSite=None
SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0&WTS=63836962362&SRCHLANG=zh-Hans; domain=.bing.com; expires=Tue, 24-Dec-2024 17:32:46 GMT; path=/; secure; SameSite=None
_SS=R=0&RB=0&GB=0&RG=200&RP=0; domain=.bing.com; path=/; secure; SameSite=None
_RwBf=r=0&ilt=1&ihpd=1&ispd=0&rc=0&rb=0&gb=0&rg=200&pc=0&mtu=0&rbb=0&g=0&cid=&clo=0&v=1&l=2023-11-30T08:00:00.0000000Z&lft=0001-01-01T00:00:00.0000000&aof=0&o=2&p=&c=&t=0&s=0001-01-01T00:00:00.0000000+00:00&ts=2023-11-30T17:32:46.9579509+00:00&rwred=0&wls=&wlb=&lka=0&lkt=0&aad=0&TH=; domain=.bing.com; expires=Sat, 30-Nov-2024 17:32:46 GMT; path=/; secure; SameSite=None
_Rwho=u=d; domain=.bing.com; path=/; secure; HttpOnly; SameSite=None
x-eventid: 6568c73eec8a48c9a28b73049f67832e
useragentreductionoptout: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: EDCB3CC164DB4BAE91CA7A52F5976D2D Ref B: NYCEDGE1420 Ref C: 2023-11-30T17:32:46Z
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wp7Avs6Z24%2FouM7b2%2B%2F2AYsryags70lhV38wUrO2Rt43nWXZpSM7EUmn128M7RoCnP83Iuvl81eZVM9asM%2BamhpBUbYrruLfgKtQXNEZIo6yptK1EXL4yblm8jFunCrS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82e4d4e8d9685695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
jiangshao.jiangshao.fun/fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22T%22%3A%22CI.Init%22%2C%22TS%22%3A1701365568497%2C%22Name%22%3A%22Base%22%2C%22FID%22%3A%22CI%22%7D%2C%7B%22width%22%3A%221280%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1701365568497%2C%22Name%22%3A%22M%22%2C%22FID%22%3A%22BRW%22%7D%2C%7B%22height%22%3A%221024%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1701365568497%2C%22Name%22%3A%22T%22%2C%22FID%22%3A%22BRH%22%7D%2C%7B%22RawDPR%22%3A%221.0%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1701365568497%2C%22Name%22%3A%221.0%22%2C%22FID%22%3A%22DPR%22%7D%2C%7B%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1701365568497%2C%22Name%22%3A%220%22%2C%22FID%22%3A%22DM%22%7D%2C%7B%22comp%22%3A%22loaded%22%2C%22time%22%3A2673%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365569571%2C%22Name%22%3A%22speech%22%2C%22FID%22%3A%22HP%22%7D%5D
0.0.0.0 0 B URL GET jiangshao.jiangshao.fun/fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22T%22%3A%22CI.Init%22%2C%22TS%22%3A1701365568497%2C%22Name%22%3A%22Base%22%2C%22FID%22%3A%22CI%22%7D%2C%7B%22width%22%3A%221280%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1701365568497%2C%22Name%22%3A%22M%22%2C%22FID%22%3A%22BRW%22%7D%2C%7B%22height%22%3A%221024%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1701365568497%2C%22Name%22%3A%22T%22%2C%22FID%22%3A%22BRH%22%7D%2C%7B%22RawDPR%22%3A%221.0%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1701365568497%2C%22Name%22%3A%221.0%22%2C%22FID%22%3A%22DPR%22%7D%2C%7B%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1701365568497%2C%22Name%22%3A%220%22%2C%22FID%22%3A%22DM%22%7D%2C%7B%22comp%22%3A%22loaded%22%2C%22time%22%3A2673%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365569571%2C%22Name%22%3A%22speech%22%2C%22FID%22%3A%22HP%22%7D%5D
IP 0.0.0.0:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22T%22%3A%22CI.Init%22%2C%22TS%22%3A1701365568497%2C%22Name%22%3A%22Base%22%2C%22FID%22%3A%22CI%22%7D%2C%7B%22width%22%3A%221280%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1701365568497%2C%22Name%22%3A%22M%22%2C%22FID%22%3A%22BRW%22%7D%2C%7B%22height%22%3A%221024%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1701365568497%2C%22Name%22%3A%22T%22%2C%22FID%22%3A%22BRH%22%7D%2C%7B%22RawDPR%22%3A%221.0%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1701365568497%2C%22Name%22%3A%221.0%22%2C%22FID%22%3A%22DPR%22%7D%2C%7B%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1701365568497%2C%22Name%22%3A%220%22%2C%22FID%22%3A%22DM%22%7D%2C%7B%22comp%22%3A%22loaded%22%2C%22time%22%3A2673%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365569571%2C%22Name%22%3A%22speech%22%2C%22FID%22%3A%22HP%22%7D%5D HTTP/1.1
Host: jiangshao.jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
jiangshao.jiangshao.fun/fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fhp%2Fapi%2Fv1%2Fmsnpopularnow%3F%26format%3Djson%26ecount%3D20%26efirst%3D0%26%26%22%2C%22format%22%3A%22json%22%2C%22time%22%3A3204%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365570103%2C%22Name%22%3A%22parsed%22%2C%22FID%22%3A%22HP%22%7D%5D
0.0.0.0 0 B URL GET jiangshao.jiangshao.fun/fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fhp%2Fapi%2Fv1%2Fmsnpopularnow%3F%26format%3Djson%26ecount%3D20%26efirst%3D0%26%26%22%2C%22format%22%3A%22json%22%2C%22time%22%3A3204%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365570103%2C%22Name%22%3A%22parsed%22%2C%22FID%22%3A%22HP%22%7D%5D
IP 0.0.0.0:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fhp%2Fapi%2Fv1%2Fmsnpopularnow%3F%26format%3Djson%26ecount%3D20%26efirst%3D0%26%26%22%2C%22format%22%3A%22json%22%2C%22time%22%3A3204%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365570103%2C%22Name%22%3A%22parsed%22%2C%22FID%22%3A%22HP%22%7D%5D HTTP/1.1
Host: jiangshao.jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
jiangshao.jiangshao.fun/fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fhp%2Fapi%2Fv1%2Fmomentsintime%3Fformat%3Djson%26ssd%3D20231130_0800%26%22%2C%22format%22%3A%22json%22%2C%22time%22%3A4048%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365570945%2C%22Name%22%3A%22parsed%22%2C%22FID%22%3A%22HP%22%7D%5D
0.0.0.0 0 B URL GET jiangshao.jiangshao.fun/fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fhp%2Fapi%2Fv1%2Fmomentsintime%3Fformat%3Djson%26ssd%3D20231130_0800%26%22%2C%22format%22%3A%22json%22%2C%22time%22%3A4048%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365570945%2C%22Name%22%3A%22parsed%22%2C%22FID%22%3A%22HP%22%7D%5D
IP 0.0.0.0:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fhp%2Fapi%2Fv1%2Fmomentsintime%3Fformat%3Djson%26ssd%3D20231130_0800%26%22%2C%22format%22%3A%22json%22%2C%22time%22%3A4048%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365570945%2C%22Name%22%3A%22parsed%22%2C%22FID%22%3A%22HP%22%7D%5D HTTP/1.1
Host: jiangshao.jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0&WTS=63836962362; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
jiangshao.jiangshao.fun/fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22time%22%3A3808%2C%22T%22%3A%22CI.Error%22%2C%22TS%22%3A1701365570706%2C%22Name%22%3A%22ImportedWidgetModuleErrorEvent%22%2C%22FID%22%3A%22HP%22%7D%5D
0.0.0.0 0 B URL GET jiangshao.jiangshao.fun/fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22time%22%3A3808%2C%22T%22%3A%22CI.Error%22%2C%22TS%22%3A1701365570706%2C%22Name%22%3A%22ImportedWidgetModuleErrorEvent%22%2C%22FID%22%3A%22HP%22%7D%5D
IP 0.0.0.0:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22time%22%3A3808%2C%22T%22%3A%22CI.Error%22%2C%22TS%22%3A1701365570706%2C%22Name%22%3A%22ImportedWidgetModuleErrorEvent%22%2C%22FID%22%3A%22HP%22%7D%5D HTTP/1.1
Host: jiangshao.jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
jiangshao.jiangshao.fun/fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fhp%2Fapi%2Fv1%2Fimagegallery%3Fformat%3Djson%26ssd%3D20231130_0800%26%22%2C%22format%22%3A%22json%22%2C%22time%22%3A4036%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365570934%2C%22Name%22%3A%22parsed%22%2C%22FID%22%3A%22HP%22%7D%5D
0.0.0.0 0 B URL GET jiangshao.jiangshao.fun/fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fhp%2Fapi%2Fv1%2Fimagegallery%3Fformat%3Djson%26ssd%3D20231130_0800%26%22%2C%22format%22%3A%22json%22%2C%22time%22%3A4036%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365570934%2C%22Name%22%3A%22parsed%22%2C%22FID%22%3A%22HP%22%7D%5D
IP 0.0.0.0:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fhp%2Fapi%2Fv1%2Fimagegallery%3Fformat%3Djson%26ssd%3D20231130_0800%26%22%2C%22format%22%3A%22json%22%2C%22time%22%3A4036%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365570934%2C%22Name%22%3A%22parsed%22%2C%22FID%22%3A%22HP%22%7D%5D HTTP/1.1
Host: jiangshao.jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0&WTS=63836962362; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
jiangshao.jiangshao.fun/fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useDynamicModules%22%2C%22module%22%3A%22rms-answers-HomepageVNext-PeregrineWidgets%22%2C%22error%22%3A%22%22%2C%22time%22%3A2676%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365569575%2C%22Name%22%3A%22Importing%22%2C%22FID%22%3A%22HP%22%7D%5D
0.0.0.0 0 B URL GET jiangshao.jiangshao.fun/fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useDynamicModules%22%2C%22module%22%3A%22rms-answers-HomepageVNext-PeregrineWidgets%22%2C%22error%22%3A%22%22%2C%22time%22%3A2676%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365569575%2C%22Name%22%3A%22Importing%22%2C%22FID%22%3A%22HP%22%7D%5D
IP 0.0.0.0:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useDynamicModules%22%2C%22module%22%3A%22rms-answers-HomepageVNext-PeregrineWidgets%22%2C%22error%22%3A%22%22%2C%22time%22%3A2676%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365569575%2C%22Name%22%3A%22Importing%22%2C%22FID%22%3A%22HP%22%7D%5D HTTP/1.1
Host: jiangshao.jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
jiangshao.fun/notifications/render?bnptrigger=%7B%22PartnerId%22%3A%22HomePage%22%2C%22IID%22%3A%22Bnp%22%2C%22Attributes%22%3A%7B%22RawRequestURL%22%3A%22%2F%22%7D%7D&IG=A903986D2A5143A0A2E909AB5D6FF6D4&IID=Bnp
172.67.186.90200 OK 29 kB URL GET HTTP/3 jiangshao.fun/notifications/render?bnptrigger=%7B%22PartnerId%22%3A%22HomePage%22%2C%22IID%22%3A%22Bnp%22%2C%22Attributes%22%3A%7B%22RawRequestURL%22%3A%22%2F%22%7D%7D&IG=A903986D2A5143A0A2E909AB5D6FF6D4&IID=Bnp
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert OpenPhish phishing Office365
GET /notifications/render?bnptrigger=%7B%22PartnerId%22%3A%22HomePage%22%2C%22IID%22%3A%22Bnp%22%2C%22Attributes%22%3A%7B%22RawRequestURL%22%3A%22%2F%22%7D%7D&IG=A903986D2A5143A0A2E909AB5D6FF6D4&IID=Bnp HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:45 GMT
content-type: text/html; charset=utf-8
cache-control: no-cache
pragma: no-cache
expires: -1
p3p: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
set-cookie: MUID=2FC1AFB77E2E6AA41B79BC6E7F296B55; domain=.bing.com; expires=Tue, 24-Dec-2024 17:32:45 GMT; path=/; secure; SameSite=None
_EDGE_S=SID=3B2CC4E11F0568723CB5D7381E0269ED; domain=.bing.com; path=/; HttpOnly
MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; expires=Tue, 24-Dec-2024 17:32:45 GMT; path=/; HttpOnly
SRCHD=AF=NOFORM; domain=.bing.com; expires=Tue, 24-Dec-2024 17:32:45 GMT; path=/; secure; SameSite=None
SRCHUID=V=2&GUID=0F897E4C688049149B4EA1CC88B9E816&dmnchg=1; domain=.bing.com; expires=Tue, 24-Dec-2024 17:32:45 GMT; path=/; secure; SameSite=None
SRCHUSR=DOB=20231130; domain=.bing.com; expires=Tue, 24-Dec-2024 17:32:45 GMT; path=/; secure; SameSite=None
SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0&SRCHLANG=zh-Hans; domain=.bing.com; expires=Tue, 24-Dec-2024 17:32:45 GMT; path=/; secure; SameSite=None
_SS=SID=3B2CC4E11F0568723CB5D7381E0269ED; domain=.bing.com; path=/; secure; SameSite=None
x-eventid: 6568c73da2a84200b6a46ffb6ec40386
useragentreductionoptout: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: AF052480F1BD4DDC8972386EFCA8B749 Ref B: EWR311000107023 Ref C: 2023-11-30T17:32:45Z
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F%2BYgjrtQOrZUR48d0%2B%2FR7uDpX0viilI6o3lqdtom%2FYGuC48pWzFNLLOj%2BRzXaD454ugLsU0xBtG1%2FfLMe259fns5%2BS%2FPudZVQ46YL2PEvjEQLGUU2Uyvz9QcCc8eYlz2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82e4d4de2dc55695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
jiangshao.fun/rp/vE_Wye-y6H0tMPGd14yRiLbXay0.js
172.67.186.90200 OK 938 B URL GET HTTP/3 jiangshao.fun/rp/vE_Wye-y6H0tMPGd14yRiLbXay0.js
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type ASCII text, with very long lines (968), with no line terminators
Hash 87965d99c016e60ff9be5c8b28f0203d
6070c6da62ecad7118bd5df9fc3cbb4393e9019e
867652ab940e72b7db5fc11b1338bf50ed12ac987d610f186789e661680cad68
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/vE_Wye-y6H0tMPGd14yRiLbXay0.js HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:44 GMT
content-type: text/javascript; charset=utf-8
cache-control: public, max-age=432000
content-md5: 2/dxsfCwU5PRi8Vf1t2Upw==
last-modified: Tue, 14 Jun 2022 17:04:46 GMT
x-cache: TCP_HIT
x-ms-request-id: 5a51b88a-201e-0038-12c0-1fb9eb000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: E7C8F8D8547F4D879D6316AE37E0DC07 Ref B: MNZ221060605021 Ref C: 2023-11-26T06:54:37Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: 9DCBB4723CCA44D9BF61FAA178D79B9C Ref B: NYCEDGE1412 Ref C: 2023-11-30T17:32:44Z
cf-cache-status: MISS
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4d6fe2a5695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
jiangshao.fun/rp/jcyY-6efRSe6_NSfPQcnOcSkjKY.js
172.67.186.90200 OK 3.3 kB URL GET HTTP/3 jiangshao.fun/rp/jcyY-6efRSe6_NSfPQcnOcSkjKY.js
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
File type ASCII text, with very long lines (3393), with no line terminators
Hash cfce39461f195411949b11b49371d739
eb90efe57bb33b59e91e0fd523515e9b6782e8b8
c8bc24098a430c593d00ef6c4a9bacaad862ea4066188cc7c722b3d08f38c9ce
Analyzer Verdict Alert OpenPhish phishing Office365
GET /rp/jcyY-6efRSe6_NSfPQcnOcSkjKY.js HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:45 GMT
content-type: text/javascript; charset=utf-8
cache-control: public, max-age=432000
content-md5: kr7huWxloXpqjy8FO0er9A==
last-modified: Tue, 14 Jun 2022 17:04:34 GMT
x-cache: TCP_REMOTE_HIT
x-ms-request-id: f37eb131-c01e-000f-2bf2-216b47000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: D6EE81F725434801B75252F28438851D Ref B: MNZ221060606017 Ref C: 2023-11-30T17:32:45Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: 6E446E09522F4664952C49219E178CC7 Ref B: EWR311000107047 Ref C: 2023-11-30T17:32:45Z
cf-cache-status: MISS
vary: Accept-Encoding
server: cloudflare
cf-ray: 82e4d4e04ffc5695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
172.67.186.90200 OK 121 kB URL User Request GET HTTP/2 IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
Size 121 kB (120992 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert OpenPhish phishing Office365
GET / HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 30 Nov 2023 17:32:42 GMT
content-type: text/html; charset=utf-8
cache-control: private
p3p: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
set-cookie: MUID=2FC1AFB77E2E6AA41B79BC6E7F296B55; domain=.bing.com; expires=Tue, 24-Dec-2024 17:32:42 GMT; path=/; secure; SameSite=None
MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; expires=Tue, 24-Dec-2024 17:32:42 GMT; path=/; HttpOnly
_EDGE_S=F=1&SID=0CF07E99D348630E35E36D40D24F62EE; domain=.bing.com; path=/; HttpOnly
_EDGE_V=1; domain=.bing.com; expires=Tue, 24-Dec-2024 17:32:42 GMT; path=/; HttpOnly
SRCHD=AF=NOFORM; domain=.bing.com; expires=Tue, 24-Dec-2024 17:32:42 GMT; path=/; secure; SameSite=None
SRCHUID=V=2&GUID=A7528F4A04274E849CC001AA86074CEF&dmnchg=1; domain=.bing.com; expires=Tue, 24-Dec-2024 17:32:42 GMT; path=/; secure; SameSite=None
SRCHUSR=DOB=20231130; domain=.bing.com; expires=Tue, 24-Dec-2024 17:32:42 GMT; path=/; secure; SameSite=None
SRCHHPGUSR=SRCHLANG=zh-Hans; domain=.bing.com; expires=Tue, 24-Dec-2024 17:32:42 GMT; path=/; secure; SameSite=None
_SS=SID=0CF07E99D348630E35E36D40D24F62EE; domain=.bing.com; path=/; secure; SameSite=None
ULC=; domain=.bing.com; expires=Wed, 29-Nov-2023 17:32:42 GMT; path=/; secure; SameSite=None
_HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; domain=.bing.com; expires=Tue, 24-Dec-2024 17:32:42 GMT; path=/; secure; SameSite=None
x-eventid: 6568c73a6f684d9d9334850491e361b2
useragentreductionoptout: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F8B664C8CC2F4700951FE0199C9A77F0 Ref B: EWR311000108051 Ref C: 2023-11-30T17:32:42Z
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yINvOv%2BP5A230u8%2BT431yBeyKvJzrLP84VenKDpZUDlyHcg%2FRkutFvukPaZhSY2Ofdg9MvsLpEAj9s%2Bb%2BshiVuCzwEO%2FqeEV0fQWOrcBcpIO3WUu%2F0hl0uw%2FngQzHE2M"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82e4d4cce91056a5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
jiangshao.jiangshao.fun/fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22Namespace%22%3A%22Homepage%22%2C%22CustomData%22%3A%22%7B%5C%22chips%5C%22%3A%5B%7B%5C%22clickThroughUrl%5C%22%3A%5C%22https%3A%2F%2Fwww.bing.com%2Fsearch%3Fiscopilotedu%3D1%26sendquery%3D1%26q%3D%25E5%25A6%2582%25E6%259E%259C%25E6%258A%258A%25E5%25A4%25A9%25E7%2584%25B6%25E6%25B0%2594%25E6%258D%25A2%25E6%2588%2590%25E7%2594%25B5%25E8%2583%25BD%25EF%25BC%258C%2520%25E8%25B4%25A6%25E5%258D%2595%25E4%25BC%259A%25E6%259C%2589%25E4%25BB%2580%25E4%25B9%2588%25E6%25A0%25B7%25E7%259A%2584%25E5%258F%2598%25E5%258C%2596%25EF%25BC%259F%5C%22%2C%5C%22fullText%5C%22%3Anull%2C%5C%22imageUrl%5C%22%3Anull%2C%5C%22modifiedBy%5C%22%3Anull%2C%5C%22modifiedTimestamp%5C%22%3A0%2C%5C%22prompt%5C%22%3A%5C%22%5C%22%2C%5C%22promptIconUrl%5C%22%3Anull%2C%5C%22promptSubtitle%5C%22%3Anull%2C%5C%22query%5C%22%3A%5C%22%E5%A6%82%E6%9E%9C%E6%8A%8A%E5%A4%A9%E7%84%B6%E6%B0%94%E6%8D%A2%E6%88%90%E7%94%B5%E8%83%BD%EF%BC%8C%20%E8%B4%A6%E5%8D%95%E4%BC%9A%E6%9C%89%E4%BB%80%E4%B9%88%E6%A0%B7%E7%9A%84%E5%8F%98%E5%8C%96%EF%BC%9F%5C%22%2C%5C%22response%5C%22%3Anull%2C%5C%22type%5C%22%3A0%2C%5C%22category%5C%22%3Anull%7D%2C%7B%5C%22clickThroughUrl%5C%22%3A%5C%22https%3A%2F%2Fwww.bing.com%2Fsearch%3Fiscopilotedu%3D1%26sendquery%3D1%26q%3D%25E5%2586%2599%25E4%25B8%2580%25E4%25B8%25AA%25E5%258E%259F%25E5%2588%259B%25E7%259F%25AD%25E6%2596%2587%25EF%25BC%258C%25E8%25AE%25B2%25E8%25BF%25B0%25E4%25B8%2580%25E6%259D%25A1%25E9%25B1%25BC%25E5%2592%258C%25E4%25B8%2580%25E5%258F%25AA%25E9%259D%2592%25E8%259B%2599%25E5%25AF%25BB%25E6%2589%25BE%25E7%259C%259F%25E7%2588%25B1%25E7%259A%2584%25E6%2595%2585%25E4%25BA%258B%25E3%2580%2582%5C%22%2C%5C%22fullText%5C%22%3Anull%2C%5C%22imageUrl%5C%22%3Anull%2C%5C%22modifiedBy%5C%22%3Anull%2C%5C%22modifiedTimestamp%5C%22%3A0%2C%5C%22prompt%5C%22%3A%5C%22%5C%22%2C%5C%22promptIconUrl%5C%22%3Anull%2C%5C%22promptSubtitle%5C%22%3Anull%2C%5C%22query%5C%22%3A%5C%22%E5%86%99%E4%B8%80%E4%B8%AA%E5%8E%9F%E5%88%9B%E7%9F%AD%E6%96%87%EF%BC%8C%E8%AE%B2%E8%BF%B0%E4%B8%80%E6%9D%A1%E9%B1%BC%E5%92%8C%E4%B8%80%E5%8F%AA%E9%9D%92%E8%9B%99%E5%AF%BB%E6%89%BE%E7%9C%9F%E7%88%B1%E7%9A%84%E6%95%85%E4%BA%8B%E3%80%82%5C%22%2C%5C%22response%5C%22%3Anull%2C%5C%22type%5C%22%3A0%2C%5C%22category%5C%22%3Anull%7D%2C%7B%5C%22clickThroughUrl%5C%22%3A%5C%22https%3A%2F%2Fwww.bing.com%2Fsearch%3Fiscopilotedu%3D1%26sendquery%3D1%26q%3D%25E7%2594%25A8%25E8%25A1%25A8%25E6%25A0%25BC%25E5%2588%2586%25E6%259E%2590%25E4%25B8%2580%25E4%25B8%258B%25E5%259C%25A8%25E8%2589%25BA%25E6%259C%25AF%25E6%2596%25B9%25E9%259D%25A2%25E5%2585%25AC%25E5%2585%25B1%25E8%25B5%2584%25E9%2587%2591%25E7%259A%2584%25E6%258A%2595%25E5%2585%25A5%25E4%25B8%258EGDP%25E7%259A%2584%25E5%2585%25B3%25E8%2581%2594%25E3%2580%2582%5C%22%2C%5C%22fullText%5C%22%3Anull%2C%5C%22imageUrl%5C%22%3Anull%2C%5C%22modifiedBy%5C%22%3Anull%2C%5C%22modifiedTimestamp%5C%22%3A0%2C%5C%22prompt%5C%22%3A%5C%22%5C%22%2C%5C%22promptIconUrl%5C%22%3Anull%2C%5C%22promptSubtitle%5C%22%3Anull%2C%5C%22query%5C%22%3A%5C%22%E7%94%A8%E8%A1%A8%E6%A0%BC%E5%88%86%E6%9E%90%E4%B8%80%E4%B8%8B%E5%9C%A8%E8%89%BA%E6%9C%AF%E6%96%B9%E9%9D%A2%E5%85%AC%E5%85%B1%E8%B5%84%E9%87%91%E7%9A%84%E6%8A%95%E5%85%A5%E4%B8%8EGDP%E7%9A%84%E5%85%B3%E8%81%94%E3%80%82%5C%22%2C%5C%22response%5C%22%3Anull%2C%5C%22type%5C%22%3A0%2C%5C%22category%5C%22%3Anull%7D%2C%7B%5C%22clickThroughUrl%5C%22%3A%5C%22https%3A%2F%2Fwww.bing.com%2Fsearch%3Fiscopilotedu%3D1%26sendquery%3D1%26q%3D%25E5%25B8%25AE%25E6%2588%2591%25E5%2586%2599%25E4%25B8%2580%25E5%25B0%2581%25E5%25AE%259D%25E5%25AE%259D%25E7%2599%25BE%25E5%25A4%25A9%25E5%25AE%25B4%25E7%259A%2584%25E7%2594%25B5%25E5%25AD%2590%25E9%2582%2580%25E8%25AF%25B7%25E5%2587%25BD%25E3%2580%2582%25E5%25A4%2587%25E6%25B3%25A8%25E4%25B8%258D%25E7%2594%25A8%25E4%25BB%25BD%25E5%25AD%2590%25E9%2592%25B1%25E3%2580%2582%5C%22%2C%5C%22fullText%5C%22%3Anull%2C%5C%22imageUrl%5C%22%3Anull%2C%5C%22modifiedBy%5C%22%3Anull%2C%5C%22modifiedTimestamp%5C%22%3A0%2C%5C%22prompt%5C%22%3A%5C%22%5C%22%2C%5C%22promptIconUrl%5C%22%3Anull%2C%5C%22promptSubtitle%5C%22%3Anull%2C%5C%22query%5C%22%3A%5C%22%E5%B8%AE%E6%88%91%E5%86%99%E4%B8%80%E5%B0%81%E5%AE%9D%E5%AE%9D%E7%99%BE%E5%A4%A9%E5%AE%B4%E7%9A%84%E7%94%B5%E5%AD%90%E9%82%80%E8%AF%B7%E5%87%BD%E3%80%82%E5%A4%87%E6%B3%A8%E4%B8%8D%E7%94%A8%E4%BB%BD%E5%AD%90%E9%92%B1%E3%80%82%5C%22%2C%5C%22response%5C%22%3Anull%2C%5C%22type%5C%22%3A0%2C%5C%22category%5C%22%3Anull%7D%5D%2C%5C%22chipsCount%5C%22%3A4%7D%22%2C%22T%22%3A%22CI.SystemEvent%22%2C%22TS%22%3A1701365569743%2C%22Name%22%3A%22QueryRendered%22%2C%22FID%22%3A%22Codex%22%7D%5D
0.0.0.0 0 B URL GET jiangshao.jiangshao.fun/fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22Namespace%22%3A%22Homepage%22%2C%22CustomData%22%3A%22%7B%5C%22chips%5C%22%3A%5B%7B%5C%22clickThroughUrl%5C%22%3A%5C%22https%3A%2F%2Fwww.bing.com%2Fsearch%3Fiscopilotedu%3D1%26sendquery%3D1%26q%3D%25E5%25A6%2582%25E6%259E%259C%25E6%258A%258A%25E5%25A4%25A9%25E7%2584%25B6%25E6%25B0%2594%25E6%258D%25A2%25E6%2588%2590%25E7%2594%25B5%25E8%2583%25BD%25EF%25BC%258C%2520%25E8%25B4%25A6%25E5%258D%2595%25E4%25BC%259A%25E6%259C%2589%25E4%25BB%2580%25E4%25B9%2588%25E6%25A0%25B7%25E7%259A%2584%25E5%258F%2598%25E5%258C%2596%25EF%25BC%259F%5C%22%2C%5C%22fullText%5C%22%3Anull%2C%5C%22imageUrl%5C%22%3Anull%2C%5C%22modifiedBy%5C%22%3Anull%2C%5C%22modifiedTimestamp%5C%22%3A0%2C%5C%22prompt%5C%22%3A%5C%22%5C%22%2C%5C%22promptIconUrl%5C%22%3Anull%2C%5C%22promptSubtitle%5C%22%3Anull%2C%5C%22query%5C%22%3A%5C%22%E5%A6%82%E6%9E%9C%E6%8A%8A%E5%A4%A9%E7%84%B6%E6%B0%94%E6%8D%A2%E6%88%90%E7%94%B5%E8%83%BD%EF%BC%8C%20%E8%B4%A6%E5%8D%95%E4%BC%9A%E6%9C%89%E4%BB%80%E4%B9%88%E6%A0%B7%E7%9A%84%E5%8F%98%E5%8C%96%EF%BC%9F%5C%22%2C%5C%22response%5C%22%3Anull%2C%5C%22type%5C%22%3A0%2C%5C%22category%5C%22%3Anull%7D%2C%7B%5C%22clickThroughUrl%5C%22%3A%5C%22https%3A%2F%2Fwww.bing.com%2Fsearch%3Fiscopilotedu%3D1%26sendquery%3D1%26q%3D%25E5%2586%2599%25E4%25B8%2580%25E4%25B8%25AA%25E5%258E%259F%25E5%2588%259B%25E7%259F%25AD%25E6%2596%2587%25EF%25BC%258C%25E8%25AE%25B2%25E8%25BF%25B0%25E4%25B8%2580%25E6%259D%25A1%25E9%25B1%25BC%25E5%2592%258C%25E4%25B8%2580%25E5%258F%25AA%25E9%259D%2592%25E8%259B%2599%25E5%25AF%25BB%25E6%2589%25BE%25E7%259C%259F%25E7%2588%25B1%25E7%259A%2584%25E6%2595%2585%25E4%25BA%258B%25E3%2580%2582%5C%22%2C%5C%22fullText%5C%22%3Anull%2C%5C%22imageUrl%5C%22%3Anull%2C%5C%22modifiedBy%5C%22%3Anull%2C%5C%22modifiedTimestamp%5C%22%3A0%2C%5C%22prompt%5C%22%3A%5C%22%5C%22%2C%5C%22promptIconUrl%5C%22%3Anull%2C%5C%22promptSubtitle%5C%22%3Anull%2C%5C%22query%5C%22%3A%5C%22%E5%86%99%E4%B8%80%E4%B8%AA%E5%8E%9F%E5%88%9B%E7%9F%AD%E6%96%87%EF%BC%8C%E8%AE%B2%E8%BF%B0%E4%B8%80%E6%9D%A1%E9%B1%BC%E5%92%8C%E4%B8%80%E5%8F%AA%E9%9D%92%E8%9B%99%E5%AF%BB%E6%89%BE%E7%9C%9F%E7%88%B1%E7%9A%84%E6%95%85%E4%BA%8B%E3%80%82%5C%22%2C%5C%22response%5C%22%3Anull%2C%5C%22type%5C%22%3A0%2C%5C%22category%5C%22%3Anull%7D%2C%7B%5C%22clickThroughUrl%5C%22%3A%5C%22https%3A%2F%2Fwww.bing.com%2Fsearch%3Fiscopilotedu%3D1%26sendquery%3D1%26q%3D%25E7%2594%25A8%25E8%25A1%25A8%25E6%25A0%25BC%25E5%2588%2586%25E6%259E%2590%25E4%25B8%2580%25E4%25B8%258B%25E5%259C%25A8%25E8%2589%25BA%25E6%259C%25AF%25E6%2596%25B9%25E9%259D%25A2%25E5%2585%25AC%25E5%2585%25B1%25E8%25B5%2584%25E9%2587%2591%25E7%259A%2584%25E6%258A%2595%25E5%2585%25A5%25E4%25B8%258EGDP%25E7%259A%2584%25E5%2585%25B3%25E8%2581%2594%25E3%2580%2582%5C%22%2C%5C%22fullText%5C%22%3Anull%2C%5C%22imageUrl%5C%22%3Anull%2C%5C%22modifiedBy%5C%22%3Anull%2C%5C%22modifiedTimestamp%5C%22%3A0%2C%5C%22prompt%5C%22%3A%5C%22%5C%22%2C%5C%22promptIconUrl%5C%22%3Anull%2C%5C%22promptSubtitle%5C%22%3Anull%2C%5C%22query%5C%22%3A%5C%22%E7%94%A8%E8%A1%A8%E6%A0%BC%E5%88%86%E6%9E%90%E4%B8%80%E4%B8%8B%E5%9C%A8%E8%89%BA%E6%9C%AF%E6%96%B9%E9%9D%A2%E5%85%AC%E5%85%B1%E8%B5%84%E9%87%91%E7%9A%84%E6%8A%95%E5%85%A5%E4%B8%8EGDP%E7%9A%84%E5%85%B3%E8%81%94%E3%80%82%5C%22%2C%5C%22response%5C%22%3Anull%2C%5C%22type%5C%22%3A0%2C%5C%22category%5C%22%3Anull%7D%2C%7B%5C%22clickThroughUrl%5C%22%3A%5C%22https%3A%2F%2Fwww.bing.com%2Fsearch%3Fiscopilotedu%3D1%26sendquery%3D1%26q%3D%25E5%25B8%25AE%25E6%2588%2591%25E5%2586%2599%25E4%25B8%2580%25E5%25B0%2581%25E5%25AE%259D%25E5%25AE%259D%25E7%2599%25BE%25E5%25A4%25A9%25E5%25AE%25B4%25E7%259A%2584%25E7%2594%25B5%25E5%25AD%2590%25E9%2582%2580%25E8%25AF%25B7%25E5%2587%25BD%25E3%2580%2582%25E5%25A4%2587%25E6%25B3%25A8%25E4%25B8%258D%25E7%2594%25A8%25E4%25BB%25BD%25E5%25AD%2590%25E9%2592%25B1%25E3%2580%2582%5C%22%2C%5C%22fullText%5C%22%3Anull%2C%5C%22imageUrl%5C%22%3Anull%2C%5C%22modifiedBy%5C%22%3Anull%2C%5C%22modifiedTimestamp%5C%22%3A0%2C%5C%22prompt%5C%22%3A%5C%22%5C%22%2C%5C%22promptIconUrl%5C%22%3Anull%2C%5C%22promptSubtitle%5C%22%3Anull%2C%5C%22query%5C%22%3A%5C%22%E5%B8%AE%E6%88%91%E5%86%99%E4%B8%80%E5%B0%81%E5%AE%9D%E5%AE%9D%E7%99%BE%E5%A4%A9%E5%AE%B4%E7%9A%84%E7%94%B5%E5%AD%90%E9%82%80%E8%AF%B7%E5%87%BD%E3%80%82%E5%A4%87%E6%B3%A8%E4%B8%8D%E7%94%A8%E4%BB%BD%E5%AD%90%E9%92%B1%E3%80%82%5C%22%2C%5C%22response%5C%22%3Anull%2C%5C%22type%5C%22%3A0%2C%5C%22category%5C%22%3Anull%7D%5D%2C%5C%22chipsCount%5C%22%3A4%7D%22%2C%22T%22%3A%22CI.SystemEvent%22%2C%22TS%22%3A1701365569743%2C%22Name%22%3A%22QueryRendered%22%2C%22FID%22%3A%22Codex%22%7D%5D
IP 0.0.0.0:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22Namespace%22%3A%22Homepage%22%2C%22CustomData%22%3A%22%7B%5C%22chips%5C%22%3A%5B%7B%5C%22clickThroughUrl%5C%22%3A%5C%22https%3A%2F%2Fwww.bing.com%2Fsearch%3Fiscopilotedu%3D1%26sendquery%3D1%26q%3D%25E5%25A6%2582%25E6%259E%259C%25E6%258A%258A%25E5%25A4%25A9%25E7%2584%25B6%25E6%25B0%2594%25E6%258D%25A2%25E6%2588%2590%25E7%2594%25B5%25E8%2583%25BD%25EF%25BC%258C%2520%25E8%25B4%25A6%25E5%258D%2595%25E4%25BC%259A%25E6%259C%2589%25E4%25BB%2580%25E4%25B9%2588%25E6%25A0%25B7%25E7%259A%2584%25E5%258F%2598%25E5%258C%2596%25EF%25BC%259F%5C%22%2C%5C%22fullText%5C%22%3Anull%2C%5C%22imageUrl%5C%22%3Anull%2C%5C%22modifiedBy%5C%22%3Anull%2C%5C%22modifiedTimestamp%5C%22%3A0%2C%5C%22prompt%5C%22%3A%5C%22%5C%22%2C%5C%22promptIconUrl%5C%22%3Anull%2C%5C%22promptSubtitle%5C%22%3Anull%2C%5C%22query%5C%22%3A%5C%22%E5%A6%82%E6%9E%9C%E6%8A%8A%E5%A4%A9%E7%84%B6%E6%B0%94%E6%8D%A2%E6%88%90%E7%94%B5%E8%83%BD%EF%BC%8C%20%E8%B4%A6%E5%8D%95%E4%BC%9A%E6%9C%89%E4%BB%80%E4%B9%88%E6%A0%B7%E7%9A%84%E5%8F%98%E5%8C%96%EF%BC%9F%5C%22%2C%5C%22response%5C%22%3Anull%2C%5C%22type%5C%22%3A0%2C%5C%22category%5C%22%3Anull%7D%2C%7B%5C%22clickThroughUrl%5C%22%3A%5C%22https%3A%2F%2Fwww.bing.com%2Fsearch%3Fiscopilotedu%3D1%26sendquery%3D1%26q%3D%25E5%2586%2599%25E4%25B8%2580%25E4%25B8%25AA%25E5%258E%259F%25E5%2588%259B%25E7%259F%25AD%25E6%2596%2587%25EF%25BC%258C%25E8%25AE%25B2%25E8%25BF%25B0%25E4%25B8%2580%25E6%259D%25A1%25E9%25B1%25BC%25E5%2592%258C%25E4%25B8%2580%25E5%258F%25AA%25E9%259D%2592%25E8%259B%2599%25E5%25AF%25BB%25E6%2589%25BE%25E7%259C%259F%25E7%2588%25B1%25E7%259A%2584%25E6%2595%2585%25E4%25BA%258B%25E3%2580%2582%5C%22%2C%5C%22fullText%5C%22%3Anull%2C%5C%22imageUrl%5C%22%3Anull%2C%5C%22modifiedBy%5C%22%3Anull%2C%5C%22modifiedTimestamp%5C%22%3A0%2C%5C%22prompt%5C%22%3A%5C%22%5C%22%2C%5C%22promptIconUrl%5C%22%3Anull%2C%5C%22promptSubtitle%5C%22%3Anull%2C%5C%22query%5C%22%3A%5C%22%E5%86%99%E4%B8%80%E4%B8%AA%E5%8E%9F%E5%88%9B%E7%9F%AD%E6%96%87%EF%BC%8C%E8%AE%B2%E8%BF%B0%E4%B8%80%E6%9D%A1%E9%B1%BC%E5%92%8C%E4%B8%80%E5%8F%AA%E9%9D%92%E8%9B%99%E5%AF%BB%E6%89%BE%E7%9C%9F%E7%88%B1%E7%9A%84%E6%95%85%E4%BA%8B%E3%80%82%5C%22%2C%5C%22response%5C%22%3Anull%2C%5C%22type%5C%22%3A0%2C%5C%22category%5C%22%3Anull%7D%2C%7B%5C%22clickThroughUrl%5C%22%3A%5C%22https%3A%2F%2Fwww.bing.com%2Fsearch%3Fiscopilotedu%3D1%26sendquery%3D1%26q%3D%25E7%2594%25A8%25E8%25A1%25A8%25E6%25A0%25BC%25E5%2588%2586%25E6%259E%2590%25E4%25B8%2580%25E4%25B8%258B%25E5%259C%25A8%25E8%2589%25BA%25E6%259C%25AF%25E6%2596%25B9%25E9%259D%25A2%25E5%2585%25AC%25E5%2585%25B1%25E8%25B5%2584%25E9%2587%2591%25E7%259A%2584%25E6%258A%2595%25E5%2585%25A5%25E4%25B8%258EGDP%25E7%259A%2584%25E5%2585%25B3%25E8%2581%2594%25E3%2580%2582%5C%22%2C%5C%22fullText%5C%22%3Anull%2C%5C%22imageUrl%5C%22%3Anull%2C%5C%22modifiedBy%5C%22%3Anull%2C%5C%22modifiedTimestamp%5C%22%3A0%2C%5C%22prompt%5C%22%3A%5C%22%5C%22%2C%5C%22promptIconUrl%5C%22%3Anull%2C%5C%22promptSubtitle%5C%22%3Anull%2C%5C%22query%5C%22%3A%5C%22%E7%94%A8%E8%A1%A8%E6%A0%BC%E5%88%86%E6%9E%90%E4%B8%80%E4%B8%8B%E5%9C%A8%E8%89%BA%E6%9C%AF%E6%96%B9%E9%9D%A2%E5%85%AC%E5%85%B1%E8%B5%84%E9%87%91%E7%9A%84%E6%8A%95%E5%85%A5%E4%B8%8EGDP%E7%9A%84%E5%85%B3%E8%81%94%E3%80%82%5C%22%2C%5C%22response%5C%22%3Anull%2C%5C%22type%5C%22%3A0%2C%5C%22category%5C%22%3Anull%7D%2C%7B%5C%22clickThroughUrl%5C%22%3A%5C%22https%3A%2F%2Fwww.bing.com%2Fsearch%3Fiscopilotedu%3D1%26sendquery%3D1%26q%3D%25E5%25B8%25AE%25E6%2588%2591%25E5%2586%2599%25E4%25B8%2580%25E5%25B0%2581%25E5%25AE%259D%25E5%25AE%259D%25E7%2599%25BE%25E5%25A4%25A9%25E5%25AE%25B4%25E7%259A%2584%25E7%2594%25B5%25E5%25AD%2590%25E9%2582%2580%25E8%25AF%25B7%25E5%2587%25BD%25E3%2580%2582%25E5%25A4%2587%25E6%25B3%25A8%25E4%25B8%258D%25E7%2594%25A8%25E4%25BB%25BD%25E5%25AD%2590%25E9%2592%25B1%25E3%2580%2582%5C%22%2C%5C%22fullText%5C%22%3Anull%2C%5C%22imageUrl%5C%22%3Anull%2C%5C%22modifiedBy%5C%22%3Anull%2C%5C%22modifiedTimestamp%5C%22%3A0%2C%5C%22prompt%5C%22%3A%5C%22%5C%22%2C%5C%22promptIconUrl%5C%22%3Anull%2C%5C%22promptSubtitle%5C%22%3Anull%2C%5C%22query%5C%22%3A%5C%22%E5%B8%AE%E6%88%91%E5%86%99%E4%B8%80%E5%B0%81%E5%AE%9D%E5%AE%9D%E7%99%BE%E5%A4%A9%E5%AE%B4%E7%9A%84%E7%94%B5%E5%AD%90%E9%82%80%E8%AF%B7%E5%87%BD%E3%80%82%E5%A4%87%E6%B3%A8%E4%B8%8D%E7%94%A8%E4%BB%BD%E5%AD%90%E9%92%B1%E3%80%82%5C%22%2C%5C%22response%5C%22%3Anull%2C%5C%22type%5C%22%3A0%2C%5C%22category%5C%22%3Anull%7D%5D%2C%5C%22chipsCount%5C%22%3A4%7D%22%2C%22T%22%3A%22CI.SystemEvent%22%2C%22TS%22%3A1701365569743%2C%22Name%22%3A%22QueryRendered%22%2C%22FID%22%3A%22Codex%22%7D%5D HTTP/1.1
Host: jiangshao.jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
jiangshao.jiangshao.fun/fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fhp%2Fapi%2Fv1%2Fcodexnudge%3Fformat%3Djson%26%22%2C%22format%22%3A%22json%22%2C%22time%22%3A2848%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365569746%2C%22Name%22%3A%22parsed%22%2C%22FID%22%3A%22HP%22%7D%5D
0.0.0.0 0 B URL GET jiangshao.jiangshao.fun/fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fhp%2Fapi%2Fv1%2Fcodexnudge%3Fformat%3Djson%26%22%2C%22format%22%3A%22json%22%2C%22time%22%3A2848%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365569746%2C%22Name%22%3A%22parsed%22%2C%22FID%22%3A%22HP%22%7D%5D
IP 0.0.0.0:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fhp%2Fapi%2Fv1%2Fcodexnudge%3Fformat%3Djson%26%22%2C%22format%22%3A%22json%22%2C%22time%22%3A2848%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365569746%2C%22Name%22%3A%22parsed%22%2C%22FID%22%3A%22HP%22%7D%5D HTTP/1.1
Host: jiangshao.jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
jiangshao.jiangshao.fun/fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fhp%2Fapi%2Fv1%2Fmomentsintime%3Fformat%3Djson%26ssd%3D20231130_0800%26%22%2C%22format%22%3A%22json%22%2C%22status%22%3A200%2C%22time%22%3A4042%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365570940%2C%22Name%22%3A%22fetched%22%2C%22FID%22%3A%22HP%22%7D%5D
0.0.0.0 0 B URL GET jiangshao.jiangshao.fun/fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fhp%2Fapi%2Fv1%2Fmomentsintime%3Fformat%3Djson%26ssd%3D20231130_0800%26%22%2C%22format%22%3A%22json%22%2C%22status%22%3A200%2C%22time%22%3A4042%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365570940%2C%22Name%22%3A%22fetched%22%2C%22FID%22%3A%22HP%22%7D%5D
IP 0.0.0.0:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fhp%2Fapi%2Fv1%2Fmomentsintime%3Fformat%3Djson%26ssd%3D20231130_0800%26%22%2C%22format%22%3A%22json%22%2C%22status%22%3A200%2C%22time%22%3A4042%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365570940%2C%22Name%22%3A%22fetched%22%2C%22FID%22%3A%22HP%22%7D%5D HTTP/1.1
Host: jiangshao.jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0&WTS=63836962362; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=; SRCHUSR=T=1701365562000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
jiangshao.fun/hp/api/model
172.67.186.90200 OK 26 kB URL GET HTTP/3 jiangshao.fun/hp/api/model
IP 172.67.186.90:443
Certificate IssuerGoogle Trust Services LLC
Subjectjiangshao.fun
Fingerprint4B:28:B9:21:9D:A7:F5:23:B6:AD:43:EC:79:56:3B:3E:0B:5F:AD:71
ValidityFri, 27 Oct 2023 17:03:05 GMT - Thu, 25 Jan 2024 17:03:04 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert OpenPhish phishing Office365
GET /hp/api/model HTTP/1.1
Host: jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jiangshao.fun/
Content-type: application/json
DNT: 1
Connection: keep-alive
Cookie: MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 30 Nov 2023 17:32:45 GMT
content-type: application/json; charset=utf-8
cache-control: private
p3p: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
set-cookie: MUID=2FC1AFB77E2E6AA41B79BC6E7F296B55; domain=.bing.com; expires=Tue, 24-Dec-2024 17:32:45 GMT; path=/; secure; SameSite=None
_EDGE_S=SID=15D927DFCB91641E022E3406CA4565BC; domain=.bing.com; path=/; HttpOnly
MUIDB=2FC1AFB77E2E6AA41B79BC6E7F296B55; expires=Tue, 24-Dec-2024 17:32:45 GMT; path=/; HttpOnly
SRCHD=AF=NOFORM; domain=.bing.com; expires=Tue, 24-Dec-2024 17:32:45 GMT; path=/; secure; SameSite=None
SRCHUID=V=2&GUID=FD1891874CF74FB0B6B1FA605E8CF251&dmnchg=1; domain=.bing.com; expires=Tue, 24-Dec-2024 17:32:45 GMT; path=/; secure; SameSite=None
SRCHUSR=DOB=20231130; domain=.bing.com; expires=Tue, 24-Dec-2024 17:32:45 GMT; path=/; secure; SameSite=None
SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0&SRCHLANG=zh-Hans; domain=.bing.com; expires=Tue, 24-Dec-2024 17:32:45 GMT; path=/; secure; SameSite=None
_SS=SID=15D927DFCB91641E022E3406CA4565BC; domain=.bing.com; path=/; secure; SameSite=None
ULC=; domain=.bing.com; expires=Wed, 29-Nov-2023 17:32:45 GMT; path=/; secure; SameSite=None
_HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoyLCJUb2JicyI6MH0=; domain=.bing.com; expires=Tue, 24-Dec-2024 17:32:45 GMT; path=/; secure; SameSite=None
x-eventid: 6568c73dc7014fe6be39f949185756ea
useragentreductionoptout: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: EBFF52DEE2654B89A59C4469153F8E10 Ref B: NYCEDGE1311 Ref C: 2023-11-30T17:32:45Z
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0PT%2BLLtQmMzK21CwuW9E5eDtpQIv7E%2BgpNmvory%2FzkN6aC9XdlXMMo5jmUkIcUWmM6B0%2Bq7BGWBFOuh%2BHz4FDEk2REy9JdWo2bI0jKHs2mB9dok8IUAXRmvUrXyvGSP0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82e4d4dd4cb25695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
jiangshao.jiangshao.fun/fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22Namespace%22%3A%22Homepage%22%2C%22CustomData%22%3A%22%7B%5C%22chipText%5C%22%3A%5C%22%E5%A6%82%E6%9E%9C%E6%8A%8A%E5%A4%A9%E7%84%B6%E6%B0%94%E6%8D%A2%E6%88%90%E7%94%B5%E8%83%BD%EF%BC%8C%20%E8%B4%A6%E5%8D%95%E4%BC%9A%E6%9C%89%E4%BB%80%E4%B9%88%E6%A0%B7%E7%9A%84%E5%8F%98%E5%8C%96%EF%BC%9F%5C%22%2C%5C%22chipIndex%5C%22%3A0%7D%22%2C%22T%22%3A%22CI.SystemEvent%22%2C%22TS%22%3A1701365569763%2C%22Name%22%3A%22QueryShown%22%2C%22FID%22%3A%22Codex%22%7D%2C%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fhp%2Fapi%2Fmodel%22%2C%22format%22%3A%22json%22%2C%22status%22%3A200%2C%22time%22%3A2935%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365569833%2C%22Name%22%3A%22fetched%22%2C%22FID%22%3A%22HP%22%7D%5D
0.0.0.0 0 B URL GET jiangshao.jiangshao.fun/fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22Namespace%22%3A%22Homepage%22%2C%22CustomData%22%3A%22%7B%5C%22chipText%5C%22%3A%5C%22%E5%A6%82%E6%9E%9C%E6%8A%8A%E5%A4%A9%E7%84%B6%E6%B0%94%E6%8D%A2%E6%88%90%E7%94%B5%E8%83%BD%EF%BC%8C%20%E8%B4%A6%E5%8D%95%E4%BC%9A%E6%9C%89%E4%BB%80%E4%B9%88%E6%A0%B7%E7%9A%84%E5%8F%98%E5%8C%96%EF%BC%9F%5C%22%2C%5C%22chipIndex%5C%22%3A0%7D%22%2C%22T%22%3A%22CI.SystemEvent%22%2C%22TS%22%3A1701365569763%2C%22Name%22%3A%22QueryShown%22%2C%22FID%22%3A%22Codex%22%7D%2C%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fhp%2Fapi%2Fmodel%22%2C%22format%22%3A%22json%22%2C%22status%22%3A200%2C%22time%22%3A2935%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365569833%2C%22Name%22%3A%22fetched%22%2C%22FID%22%3A%22HP%22%7D%5D
IP 0.0.0.0:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /fd/ls/l?IG=A903986D2A5143A0A2E909AB5D6FF6D4&CID=2FC1AFB77E2E6AA41B79BC6E7F296B55&TYPE=Event.ClientInst&DATA=%5B%7B%22Namespace%22%3A%22Homepage%22%2C%22CustomData%22%3A%22%7B%5C%22chipText%5C%22%3A%5C%22%E5%A6%82%E6%9E%9C%E6%8A%8A%E5%A4%A9%E7%84%B6%E6%B0%94%E6%8D%A2%E6%88%90%E7%94%B5%E8%83%BD%EF%BC%8C%20%E8%B4%A6%E5%8D%95%E4%BC%9A%E6%9C%89%E4%BB%80%E4%B9%88%E6%A0%B7%E7%9A%84%E5%8F%98%E5%8C%96%EF%BC%9F%5C%22%2C%5C%22chipIndex%5C%22%3A0%7D%22%2C%22T%22%3A%22CI.SystemEvent%22%2C%22TS%22%3A1701365569763%2C%22Name%22%3A%22QueryShown%22%2C%22FID%22%3A%22Codex%22%7D%2C%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fhp%2Fapi%2Fmodel%22%2C%22format%22%3A%22json%22%2C%22status%22%3A200%2C%22time%22%3A2935%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1701365569833%2C%22Name%22%3A%22fetched%22%2C%22FID%22%3A%22HP%22%7D%5D HTTP/1.1
Host: jiangshao.jiangshao.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jiangshao.fun/
Cookie: SRCHHPGUSR=BRW=M&BRH=T&CW=1280&CH=1024&SCW=1280&SCH=1024&DPR=1.0&UTC=0&DM=0; _UR=cdxcls=0&QS=0&TQS=0; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0xMS0zMFQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIlRucyI6MCwiRGZ0IjpudWxsLCJNdnMiOjAsIkZsdCI6MCwiSW1wIjoxLCJUb2JicyI6MH0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache