r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 5ceaca9fd4ad000cb435820812fc69c8
8168397aaf7b572c89a9c83f46c0b65e4ac509f2
9c4e52e7e17158307d752db0bc3d1fbedae4f305cc301fd73b260f73ab796492
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9C4E52E7E17158307D752DB0BC3D1FBEDAE4F305CC301FD73B260F73AB796492"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12749
Expires: Tue, 06 Dec 2022 16:39:12 GMT
Date: Tue, 06 Dec 2022 13:06:43 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash f83c5e33ba42e312ee398848bbb711f5
caa1fd23b1fbbe883292ded04404c1cfd861eb09
106d08fba45f1e13f85b4b5abc456594878494238933e54b6a06e21ed8a52bc9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2083
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 13:06:43 GMT
Last-Modified: Tue, 06 Dec 2022 12:32:00 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1ea206ac3c440825741687351f8c6e4e
2f38dafd8c43dcce2411a0590bc5c02cd6286735
7d7232c8c91bcd18161ba2c9d23e3bff159604e058bd5b3fc1c7fcbcd03a7ee3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5103
Expires: Tue, 06 Dec 2022 14:31:46 GMT
Date: Tue, 06 Dec 2022 13:06:43 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 06 Dec 2022 12:18:38 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2885
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: C6So507nKMXxrfNRC22+ILxGBV7dbq2qoknYaepQETBVC+A99/x1DfZNsIrOVwZqNx8LyE9Xs8c=
x-amz-request-id: GZVVPQ71EN9JVM0H
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 06 Dec 2022 12:48:56 GMT
age: 1067
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 06 Dec 2022 13:06:43 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ningxiaguotou.com/
60.205.181.202200 OK 13 kB IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (748), with CRLF line terminators
Hash 6642998a2002291bf4bb05abf0a3ac0b
8c9e666f44f412e43c37324d267505e874f9ed21
d385df68ac979f621f22c6992fd5a11f6f289624839f513851a664d4fcdce819
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:06:43 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Last-Modified: Tue, 06 Dec 2022 09:20:28 GMT
Accept-Ranges: bytes
Vary: User-Agent,Accept-Encoding
Cache-Control: private, max-age=600
Expires: Tue, 06 Dec 2022 13:16:43 GMT
Content-Encoding: gzip
ETag: "f43a-5ef25509de1fb-gzip"
Content-Length: 12787
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Language: zh-CN
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 06 Dec 2022 12:11:20 GMT
cache-control: public,max-age=3600
age: 3324
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ningxiaguotou.com/css/nav.css
60.205.181.202200 OK 848 B URL HTTP/1.1 ningxiaguotou.com/css/nav.css
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type ASCII text, with CRLF line terminators
Hash f183f5b016f2da48414ff5b5e1494b9a
4b539e4e4f435dd9e761663a981e5196ab2d3e4a
43902b360607f8ee214e8c6967c4c7871aa00cd7cd111cb8b5862ed196ac32cb
GET /css/nav.css HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:06:44 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Last-Modified: Tue, 01 Nov 2022 12:06:46 GMT
Accept-Ranges: bytes
Cache-Control: max-age=3600
Expires: Tue, 06 Dec 2022 14:06:44 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
ETag: "bc2-5ec678eda2180-gzip"
Content-Length: 848
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
Content-Language: zh-CN
ningxiaguotou.com/css/style.css
60.205.181.202200 OK 7.9 kB URL HTTP/1.1 ningxiaguotou.com/css/style.css
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash 9c0287b99a4c05fad4526ee38a76547b
a49abd0a2cfd1358ef39739733434850899f814f
0d83e0df8e57fb013cd9830a1ceb09043b4efc86a5e6d46b06f8be2a24157563
GET /css/style.css HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:06:44 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Last-Modified: Fri, 16 Sep 2022 08:33:08 GMT
Accept-Ranges: bytes
Cache-Control: max-age=3600
Expires: Tue, 06 Dec 2022 14:06:44 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
ETag: "a20a-5e8c73623b900-gzip"
Content-Length: 7900
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
Content-Language: zh-CN
ningxiaguotou.com/js/link.js
60.205.181.202200 OK 368 B URL HTTP/1.1 ningxiaguotou.com/js/link.js
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash b0f92a2f9e7cc392f53522e029fb48cd
d64397fb2eb5f59a0154d97f8d0878c093d47045
7027f8b5351ab50b326a3812a64220dbaef5898441aa1f4a2fe84b47879063f7
Analyzer Verdict Alert fortinet Phishing
GET /js/link.js HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:06:44 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Last-Modified: Wed, 01 Jul 2020 00:42:00 GMT
Accept-Ranges: bytes
Cache-Control: max-age=3600
Expires: Tue, 06 Dec 2022 14:06:44 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
ETag: "258-5a9568f4ca600-gzip"
Content-Length: 368
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
Content-Language: zh-CN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0f7dcaa590e32cfd1c075255188d5f06
d4bb4954fefdb3b59560b54adf500e806e252e39
195795c2511b31519134f5eb4442d8708918ecaff72f8e821a5473ad7c97c448
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2070
Cache-Control: max-age=160476
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 13:06:44 GMT
Etag: "638f062a-1d7"
Expires: Thu, 08 Dec 2022 09:41:20 GMT
Last-Modified: Tue, 06 Dec 2022 09:06:50 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
ningxiaguotou.com/sitegray/sitegray.js
60.205.181.202200 OK 3.1 kB URL HTTP/1.1 ningxiaguotou.com/sitegray/sitegray.js
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash a8c186d24e2ff308e39a8898d2f2bf6d
9c6a7e2ce7c9b019499b19452161ce8a8325ee5a
b3b25abc83b482747f4662174594c9e20777813d77d7b2b828d16bb4f3165bd0
Analyzer Verdict Alert fortinet Phishing
GET /sitegray/sitegray.js HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:06:44 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Last-Modified: Wed, 30 Nov 2022 10:30:23 GMT
Accept-Ranges: bytes
Cache-Control: max-age=3600
Expires: Tue, 06 Dec 2022 14:06:44 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
ETag: "3513-5eead978e6dc0-gzip"
Content-Length: 3076
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
Content-Language: zh-CN
ningxiaguotou.com/sitegray/sitegray.css
60.205.181.202200 OK 413 B URL HTTP/1.1 ningxiaguotou.com/sitegray/sitegray.css
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type Unicode text, UTF-8 (with BOM) text, with very long lines (322), with CRLF line terminators
Hash 216f1c9d274fb885af5b8b91f212d988
43aaf7542e1162d852fefc61cd8dd5958331aaed
28811a5c1308f688b1df6a73189d82e13fcd9207c10b5921ab644675c86ebd8f
GET /sitegray/sitegray.css HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:06:44 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Last-Modified: Wed, 30 Nov 2022 10:30:23 GMT
Accept-Ranges: bytes
Cache-Control: max-age=3600
Expires: Tue, 06 Dec 2022 14:06:44 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
ETag: "29c-5eead978e6dc0-gzip"
Content-Length: 413
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
Content-Language: zh-CN
ningxiaguotou.com/js/terminator2.2.min.js
60.205.181.202200 OK 6.9 kB URL HTTP/1.1 ningxiaguotou.com/js/terminator2.2.min.js
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type Unicode text, UTF-8 (with BOM) text, with very long lines (17308), with CRLF line terminators
Hash 1bb37bb462a32ac7c1da861355ded415
0f6be32a83478f922fca30f2ca58038de762cf2f
04633e3727c4422ebbf90e0e03c9ff73377b12469180aba3cfcd999dfaae3b7d
Analyzer Verdict Alert fortinet Phishing
GET /js/terminator2.2.min.js HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:06:44 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Last-Modified: Wed, 01 Jul 2020 00:42:00 GMT
Accept-Ranges: bytes
Cache-Control: max-age=3600
Expires: Tue, 06 Dec 2022 14:06:44 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
ETag: "4527-5a9568f4ca600-gzip"
Content-Length: 6940
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
Content-Language: zh-CN
ningxiaguotou.com/_sitegray/_sitegray_d.css
60.205.181.202200 OK 20 B URL HTTP/1.1 ningxiaguotou.com/_sitegray/_sitegray_d.css
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type ASCII text, with no line terminators
Hash 311749c1d5f9bcf240ca9c25eae61f47
29703f0938cab5945db52e553f3f22cbd7f0b478
183f83b69b6f7ced023f06bc9b98b2d00c9e08b5c627c1f6e9002f48f0bbfb5c
GET /_sitegray/_sitegray_d.css HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:06:44 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Last-Modified: Wed, 30 Nov 2022 10:33:27 GMT
Accept-Ranges: bytes
Content-Length: 20
Cache-Control: max-age=3600
Expires: Tue, 06 Dec 2022 14:06:44 GMT
ETag: "14-5eeada28d7192-gzip"
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
Content-Language: zh-CN
ningxiaguotou.com/js/bdtxk.js
60.205.181.202200 OK 30 kB URL HTTP/1.1 ningxiaguotou.com/js/bdtxk.js
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type Unicode text, UTF-8 (with BOM) text, with very long lines (32061), with CRLF line terminators
Hash 13c0a672ab2f4284db27bc8908ddf04c
fbfdbae3deaf4ef98bbd4b2b2a4aff0a8b828412
45ad4c21adbb6d72f82cad3bbb70de785e8dae879e1f86971835c2ecc854e2ef
Analyzer Verdict Alert fortinet Phishing
GET /js/bdtxk.js HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:06:44 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Last-Modified: Wed, 01 Jul 2020 00:41:59 GMT
Accept-Ranges: bytes
Cache-Control: max-age=3600
Expires: Tue, 06 Dec 2022 14:06:44 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
ETag: "148c8-5a9568f3d63c0-gzip"
Content-Length: 29462
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
Content-Language: zh-CN
ningxiaguotou.com/_sitegray/_sitegray.js
60.205.181.202200 OK 99 B URL HTTP/1.1 ningxiaguotou.com/_sitegray/_sitegray.js
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type ASCII text, with CRLF line terminators
Hash 46a5730f1a1d08bc98c22f13eeb06376
bd17d7f4acc7c9f04a07aec0d24dfff70a8d7756
0bfdf613920cbd3b3a4374e88a1dd8f37d2313eb105fffbf634b20f902a9a6a8
Analyzer Verdict Alert fortinet Phishing
GET /_sitegray/_sitegray.js HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:06:44 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Last-Modified: Wed, 30 Nov 2022 10:33:27 GMT
Accept-Ranges: bytes
Cache-Control: max-age=3600
Expires: Tue, 06 Dec 2022 14:06:44 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
ETag: "5f-5eeada28da072-gzip"
Content-Length: 99
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
Content-Language: zh-CN
push.services.mozilla.com/
52.42.148.177101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.42.148.177:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: s+TC751kWR7CbgvZHokGVQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ZdfOmBfqdp7Ojl3Q0Q4N2gkjq1E=
ningxiaguotou.com/system/resource/js/dynclicks.js
60.205.181.202404 Not Found 1.7 kB URL HTTP/1.1 ningxiaguotou.com/system/resource/js/dynclicks.js
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash d7b61a7f2acbc3b1532d5d473a65eafe
17ab21a5f49c5ffda2106159f4c7c77a791b21e5
29c0b0a5db57af93122bca27d4c301f5d1b7d34e5f410a85b4c1af2e747a1407
Analyzer Verdict Alert fortinet Phishing
GET /system/resource/js/dynclicks.js HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/
HTTP/1.1 404 Not Found
Date: Tue, 06 Dec 2022 13:06:44 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Content-Length: 1693
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Language: zh-CN
ningxiaguotou.com/system/resource/js/vsbscreen.min.js
60.205.181.202404 Not Found 1.7 kB URL HTTP/1.1 ningxiaguotou.com/system/resource/js/vsbscreen.min.js
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash d7b61a7f2acbc3b1532d5d473a65eafe
17ab21a5f49c5ffda2106159f4c7c77a791b21e5
29c0b0a5db57af93122bca27d4c301f5d1b7d34e5f410a85b4c1af2e747a1407
Analyzer Verdict Alert fortinet Phishing
GET /system/resource/js/vsbscreen.min.js HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/
HTTP/1.1 404 Not Found
Date: Tue, 06 Dec 2022 13:06:44 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Content-Length: 1693
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html
Content-Language: zh-CN
ningxiaguotou.com/system/resource/js/counter.js
60.205.181.202404 Not Found 1.7 kB URL HTTP/1.1 ningxiaguotou.com/system/resource/js/counter.js
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash d7b61a7f2acbc3b1532d5d473a65eafe
17ab21a5f49c5ffda2106159f4c7c77a791b21e5
29c0b0a5db57af93122bca27d4c301f5d1b7d34e5f410a85b4c1af2e747a1407
Analyzer Verdict Alert fortinet Phishing
GET /system/resource/js/counter.js HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/
HTTP/1.1 404 Not Found
Date: Tue, 06 Dec 2022 13:06:44 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Content-Length: 1693
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html
Content-Language: zh-CN
ningxiaguotou.com/system/resource/js/openlink.js
60.205.181.202404 Not Found 1.7 kB URL HTTP/1.1 ningxiaguotou.com/system/resource/js/openlink.js
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash d7b61a7f2acbc3b1532d5d473a65eafe
17ab21a5f49c5ffda2106159f4c7c77a791b21e5
29c0b0a5db57af93122bca27d4c301f5d1b7d34e5f410a85b4c1af2e747a1407
Analyzer Verdict Alert fortinet Phishing
GET /system/resource/js/openlink.js HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/
HTTP/1.1 404 Not Found
Date: Tue, 06 Dec 2022 13:06:44 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Content-Length: 1693
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html
Content-Language: zh-CN
ningxiaguotou.com/system/resource/js/base64.js
60.205.181.202404 Not Found 1.7 kB URL HTTP/1.1 ningxiaguotou.com/system/resource/js/base64.js
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash d7b61a7f2acbc3b1532d5d473a65eafe
17ab21a5f49c5ffda2106159f4c7c77a791b21e5
29c0b0a5db57af93122bca27d4c301f5d1b7d34e5f410a85b4c1af2e747a1407
Analyzer Verdict Alert fortinet Phishing
GET /system/resource/js/base64.js HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/
HTTP/1.1 404 Not Found
Date: Tue, 06 Dec 2022 13:06:44 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Content-Length: 1693
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html
Content-Language: zh-CN
ningxiaguotou.com/system/resource/js/formfunc.js
60.205.181.202404 Not Found 1.7 kB URL HTTP/1.1 ningxiaguotou.com/system/resource/js/formfunc.js
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash d7b61a7f2acbc3b1532d5d473a65eafe
17ab21a5f49c5ffda2106159f4c7c77a791b21e5
29c0b0a5db57af93122bca27d4c301f5d1b7d34e5f410a85b4c1af2e747a1407
Analyzer Verdict Alert fortinet Phishing
GET /system/resource/js/formfunc.js HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/
HTTP/1.1 404 Not Found
Date: Tue, 06 Dec 2022 13:06:44 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Content-Length: 1693
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html
Content-Language: zh-CN
ningxiaguotou.com/system/resource/js/ajax.js
60.205.181.202404 Not Found 1.7 kB URL HTTP/1.1 ningxiaguotou.com/system/resource/js/ajax.js
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash d7b61a7f2acbc3b1532d5d473a65eafe
17ab21a5f49c5ffda2106159f4c7c77a791b21e5
29c0b0a5db57af93122bca27d4c301f5d1b7d34e5f410a85b4c1af2e747a1407
Analyzer Verdict Alert fortinet Phishing
GET /system/resource/js/ajax.js HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/
HTTP/1.1 404 Not Found
Date: Tue, 06 Dec 2022 13:06:44 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Content-Length: 1693
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html
Content-Language: zh-CN
ningxiaguotou.com/system/resource/js/news/mp4video.js
60.205.181.202404 Not Found 1.7 kB URL HTTP/1.1 ningxiaguotou.com/system/resource/js/news/mp4video.js
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash d7b61a7f2acbc3b1532d5d473a65eafe
17ab21a5f49c5ffda2106159f4c7c77a791b21e5
29c0b0a5db57af93122bca27d4c301f5d1b7d34e5f410a85b4c1af2e747a1407
Analyzer Verdict Alert fortinet Phishing
GET /system/resource/js/news/mp4video.js HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/
HTTP/1.1 404 Not Found
Date: Tue, 06 Dec 2022 13:06:45 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Content-Length: 1693
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html
Content-Language: zh-CN
ningxiaguotou.com/js/int.js
60.205.181.202200 OK 2.5 kB URL HTTP/1.1 ningxiaguotou.com/js/int.js
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash 3173daf66d215f69944eb931d1e4ed44
64867fbeef08d44795709ce4baa33b502aa3cf3a
c5d733d5b646c9519cf44e18082bb0a10322da520aba3deab0ca6960cc4ba989
Analyzer Verdict Alert fortinet Phishing
GET /js/int.js HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:06:45 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Last-Modified: Wed, 01 Jul 2020 00:41:59 GMT
Accept-Ranges: bytes
Cache-Control: max-age=3600
Expires: Tue, 06 Dec 2022 14:06:45 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
ETag: "2630-5a9568f3d63c0-gzip"
Content-Length: 2501
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
Content-Language: zh-CN
ningxiaguotou.com/js/lrscroll.js
60.205.181.202200 OK 1.3 kB URL HTTP/1.1 ningxiaguotou.com/js/lrscroll.js
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 59fec889c31dc2c47beb14638d6614b9
10abdc59de5ba333279a0a1f61d6e8c2710b4702
bb9a814305d60bc3a0281e2a25b9d9e1086f36c4308c4a53ddb056c59ccd7753
Analyzer Verdict Alert fortinet Phishing
GET /js/lrscroll.js HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:06:45 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Last-Modified: Wed, 01 Jul 2020 00:42:00 GMT
Accept-Ranges: bytes
Cache-Control: max-age=3600
Expires: Tue, 06 Dec 2022 14:06:45 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
ETag: "f7f-5a9568f4ca600-gzip"
Content-Length: 1339
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
Content-Language: zh-CN
ningxiaguotou.com/index.vsb.css
60.205.181.202200 OK 506 B URL HTTP/1.1 ningxiaguotou.com/index.vsb.css
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type Unicode text, UTF-8 text, with CRLF, LF line terminators
Hash a1e6250f290f19188636dadde318646e
8fe69f83be011e45935a2bfa9e99a56442c9403f
6869ff57a410fdc54085056333290a51f95ce3f6529d8a26da567a229d825a24
GET /index.vsb.css HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:06:45 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Last-Modified: Wed, 30 Nov 2022 10:33:27 GMT
Accept-Ranges: bytes
Cache-Control: max-age=3600
Expires: Tue, 06 Dec 2022 14:06:45 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
ETag: "797-5eeada28e0dd2-gzip"
Content-Length: 506
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
Content-Language: zh-CN
ningxiaguotou.com/js/koala.min.1.5.js
60.205.181.202200 OK 17 kB URL HTTP/1.1 ningxiaguotou.com/js/koala.min.1.5.js
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type Unicode text, UTF-8 (with BOM) text, with very long lines (35547), with CRLF line terminators
Hash b1b95168c19cf03ad1f11136e8f454cc
b54bb5d7d0a68bb33e9a86a3b381942922276e77
06e812c0150fe6051ba72a0faab63fa66ddd56cf3f47298fd001f20f18bb174f
Analyzer Verdict Alert fortinet Phishing
GET /js/koala.min.1.5.js HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:06:45 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Last-Modified: Wed, 01 Jul 2020 00:42:00 GMT
Accept-Ranges: bytes
Cache-Control: max-age=3600
Expires: Tue, 06 Dec 2022 14:06:45 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
ETag: "8b92-5a9568f4ca600-gzip"
Content-Length: 16819
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
Content-Language: zh-CN
ningxiaguotou.com/images/r.png
60.205.181.202200 OK 1.9 kB URL HTTP/1.1 ningxiaguotou.com/images/r.png
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type PNG image data, 28 x 45, 8-bit/color RGBA, non-interlaced\012- data
Hash 001165ca21a3493270fb4d7221824ac0
d3f2733429c1e5896573913c851ed60dd6bb277b
d69ec8a5be4499b471f7ff92c2839ebc72c0e87837578c20d973353425b363c6
GET /images/r.png HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:06:45 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Last-Modified: Wed, 01 Jul 2020 00:41:59 GMT
Accept-Ranges: bytes
Content-Length: 1940
Cache-Control: max-age=3600
Expires: Tue, 06 Dec 2022 14:06:45 GMT
ETag: "794-5a9568f3d63c0-gzip"
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png
Content-Language: zh-CN
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14476
Expires: Tue, 06 Dec 2022 17:08:01 GMT
Date: Tue, 06 Dec 2022 13:06:45 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14476
Expires: Tue, 06 Dec 2022 17:08:01 GMT
Date: Tue, 06 Dec 2022 13:06:45 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14476
Expires: Tue, 06 Dec 2022 17:08:01 GMT
Date: Tue, 06 Dec 2022 13:06:45 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14476
Expires: Tue, 06 Dec 2022 17:08:01 GMT
Date: Tue, 06 Dec 2022 13:06:45 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b15136d60fd0a5e0f657a4f5c75d540f
36082b7329d473829178f280cb71a83b1531e486
79478269b1f5dcfd1e45ccd4264fa44805b37c5c8fec820bcbd2fa1689dfbbd8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11224
x-amzn-requestid: 938de0b8-1055-4416-9ad7-162ab5f4db9f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csUINEwdoAMFuOw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e6701-38b079ef341bb17e567de773;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:47:45 GMT
x-amz-cf-pop: YVR50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: tGtiCE9C3j0BUruNaFN2j1mKxCSouLmocmTXpmLMBJaLNyVwkXu1gQ==
via: 1.1 f0ac467993db44dbfc36b778dfcaf73c.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:23:09 GMT
age: 53016
etag: "36082b7329d473829178f280cb71a83b1531e486"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a1b8c21-bea6-4053-8dea-90393eea45b7.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a1b8c21-bea6-4053-8dea-90393eea45b7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 30d72693680b3ac91c0eee4d47a26196
cd923a5a3810bfe86be2eca4b97c739d76756d93
69ca9e172f6b0c5bf158022d533701b89282630deaa0ce7df27ed459c9bfe75e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a1b8c21-bea6-4053-8dea-90393eea45b7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8656
x-amzn-requestid: cfc71f7f-d1c6-47c9-8107-864701dbf3c3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSwkEHmIAMFUnw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64d0-6705510852d26ae24b3e5ea4;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:24 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: zTGiKMan3uG3edx5AsFabNE4eG_dmzrIIOFCWcOxYN0UgSCGTNTtxw==
via: 1.1 c9b161639a9353c2354b895548ea9fca.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:22:25 GMT
age: 53060
etag: "cd923a5a3810bfe86be2eca4b97c739d76756d93"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc8b8df80-ffce-4960-a0e3-83eaf7ee52f3.jpeg
34.120.237.76200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc8b8df80-ffce-4960-a0e3-83eaf7ee52f3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ebd3528452aecd80e39bbf82d3f71f2c
eaa956309d27052d466f7c4bd75b3bdf8443f251
680066dadbddc2cd7179ad5bdfbf9b2014ea601561e585d18dfcda73512ae84a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc8b8df80-ffce-4960-a0e3-83eaf7ee52f3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6352
x-amzn-requestid: cd970b83-2a99-4e38-afed-580d733040a4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSuWF1bIAMFcpg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64c2-1ba552306e857bb37424d679;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:10 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: P9Yc2Lh9Kw4AEDZyc9R9WExLdUnCitDeuy0NjttQM-EL1cdVndZxFA==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:30:36 GMT
age: 52569
etag: "eaa956309d27052d466f7c4bd75b3bdf8443f251"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa8a7b1a4-645c-4164-abf9-5450ef421f97.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa8a7b1a4-645c-4164-abf9-5450ef421f97.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fddffc8edfa3ca668c8ac740d34f46c5
63483fc211cfb2808c7f37940a4065b4f4177c59
3c736f085f8f25d68c3dd946d5a546dc6d1f5f6e94a0da17b7fd4662d61a0b50
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa8a7b1a4-645c-4164-abf9-5450ef421f97.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8660
x-amzn-requestid: d5cf901f-bd2b-4269-918a-29a0bec09a40
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: co_uBG9IIAMFxcw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d1326-63b4ea925878dab212409f2b;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 21:37:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: bywOU4HpwW6ebOdbHiI_ctX46Z-LXrUcRIVacGUtf_tyISXlXjOP4g==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:51:33 GMT
age: 54912
etag: "63483fc211cfb2808c7f37940a4065b4f4177c59"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d735c66-8946-4145-a67f-e17dd48087bc.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d735c66-8946-4145-a67f-e17dd48087bc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 38b97436af942d5eb1111ca7043259a0
0234fe32c84c4711f0619714f3ac6d3db1b717d3
a76a7721355abbaecd5c8cb5218e7e4626dc345eb26e7541c71bf4ceaa7ae5d8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d735c66-8946-4145-a67f-e17dd48087bc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11175
x-amzn-requestid: 9c93ddca-1247-44af-a364-e617f69ace26
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSzYEnEoAMFa2A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64e2-7d38ea383725901524bc2ca0;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: jqWuNfsDgPOsqxlX2HGJdhXm9GnGC-TBafSbSCrztICFgEwcyqc_iA==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:22:22 GMT
age: 53063
etag: "0234fe32c84c4711f0619714f3ac6d3db1b717d3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ningxiaguotou.com/system/resource/js/vsbscreen.min.js
60.205.181.202404 Not Found 1.7 kB URL HTTP/1.1 ningxiaguotou.com/system/resource/js/vsbscreen.min.js
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash d7b61a7f2acbc3b1532d5d473a65eafe
17ab21a5f49c5ffda2106159f4c7c77a791b21e5
29c0b0a5db57af93122bca27d4c301f5d1b7d34e5f410a85b4c1af2e747a1407
Analyzer Verdict Alert fortinet Phishing
GET /system/resource/js/vsbscreen.min.js HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/
HTTP/1.1 404 Not Found
Date: Tue, 06 Dec 2022 13:06:45 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Content-Length: 1693
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Language: zh-CN
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffaf0de04-19bf-4944-9ac5-5178afafb192.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffaf0de04-19bf-4944-9ac5-5178afafb192.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7f2c354a00ab51d4a41221b6bf191c10
01ceb7233fe05ad8dff3a0a43eef879ea2b83ec4
7d3c8417e1db0db41ceb8b4bf3f506864392dd1ad29319a06a8a6055f6f2ed12
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffaf0de04-19bf-4944-9ac5-5178afafb192.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11352
x-amzn-requestid: 7c3fc7bb-eb1f-46ec-8e92-b6ffc6261848
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSwuF1ToAMFiIA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64d1-7c53152a279f00595b9886bd;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:25 GMT
x-amz-cf-pop: SFO5-P2, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: aYf5d6wAJlPSXVwF5uQXUb1g_65z-v6tInk7IF64bBV-w31d3MKeIQ==
via: 1.1 b6d577696b14c86cbfeb5b3459f38c50.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:22:23 GMT
age: 53062
etag: "01ceb7233fe05ad8dff3a0a43eef879ea2b83ec4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ningxiaguotou.com/images/ztcolumn.png
60.205.181.202200 OK 2.2 kB URL HTTP/1.1 ningxiaguotou.com/images/ztcolumn.png
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type PNG image data, 422 x 27, 8-bit/color RGBA, non-interlaced\012- data
Hash 7f868d6f97853be2fd785f1a828f6bd6
fd08efacc6fd58c04ab179cdf1f40a68206d6d03
a131e7bd1e41a4bf8b217e3a7c3fbf89a0e6dffae1572b8ebcc9638efce56af3
GET /images/ztcolumn.png HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:06:45 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Last-Modified: Wed, 01 Jul 2020 00:42:00 GMT
Accept-Ranges: bytes
Content-Length: 2212
Cache-Control: max-age=3600
Expires: Tue, 06 Dec 2022 14:06:45 GMT
ETag: "8a4-5a9568f4ca600-gzip"
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png
Content-Language: zh-CN
ningxiaguotou.com/system/resource/js/counter.js
60.205.181.202404 Not Found 1.7 kB URL HTTP/1.1 ningxiaguotou.com/system/resource/js/counter.js
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash d7b61a7f2acbc3b1532d5d473a65eafe
17ab21a5f49c5ffda2106159f4c7c77a791b21e5
29c0b0a5db57af93122bca27d4c301f5d1b7d34e5f410a85b4c1af2e747a1407
Analyzer Verdict Alert fortinet Phishing
GET /system/resource/js/counter.js HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/
HTTP/1.1 404 Not Found
Date: Tue, 06 Dec 2022 13:06:46 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Content-Length: 1693
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html
Content-Language: zh-CN
ningxiaguotou.com/images/ztzl3.jpg
60.205.181.202200 OK 31 kB URL HTTP/1.1 ningxiaguotou.com/images/ztzl3.jpg
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 422x89, components 3\012- data
Hash 917010b65227d06993490f231f4a373b
ad6634408cb93fa67d169cc03949cd77e5e1bdb9
3d1d91c96b3791eb1bbeada2b0fbc7faab2b6c9aa0f944b3477bd49f81337f84
GET /images/ztzl3.jpg HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:06:45 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Last-Modified: Fri, 25 Oct 2019 05:16:34 GMT
Accept-Ranges: bytes
Content-Length: 30986
Cache-Control: max-age=3600
Expires: Tue, 06 Dec 2022 14:06:45 GMT
ETag: "790a-595b540e63080-gzip"
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/jpeg
Content-Language: zh-CN
ningxiaguotou.com/images/1991.png
60.205.181.202200 OK 68 kB URL HTTP/1.1 ningxiaguotou.com/images/1991.png
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type PNG image data, 422 x 89, 8-bit/color RGBA, non-interlaced\012- data
Hash af97e55b27378c2d1c91ee17a3275ad5
78393049c602339ff6b8a82bcf31937bccd3ea00
ac27ce636fa9360c7e087f6178a114c178f624db1573089790d97ee05d0335ff
GET /images/1991.png HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:06:45 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 22 Mar 2021 11:40:55 GMT
Accept-Ranges: bytes
Content-Length: 68537
Cache-Control: max-age=3600
Expires: Tue, 06 Dec 2022 14:06:45 GMT
ETag: "10bb9-5be1e89dfdfc0-gzip"
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png
Content-Language: zh-CN
ningxiaguotou.com/images/ztzl.jpg
60.205.181.202200 OK 46 kB URL HTTP/1.1 ningxiaguotou.com/images/ztzl.jpg
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 422x89, components 3\012- data
Hash e39c7a73d11a5876dcdc5063e0e29dbb
f74ee192c60db2be53e11fb8d6a3abffba471379
56908ad34b486ddc21610cee2ebd0f7b2f9a52ac7a61e7b7c3c427daed9f44ff
GET /images/ztzl.jpg HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:06:45 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Last-Modified: Tue, 10 Sep 2019 13:22:06 GMT
Accept-Ranges: bytes
Content-Length: 46113
Cache-Control: max-age=3600
Expires: Tue, 06 Dec 2022 14:06:45 GMT
ETag: "b421-59232ca715b80-gzip"
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/jpeg
Content-Language: zh-CN
ningxiaguotou.com/images/ztzl4.jpg
60.205.181.202200 OK 38 kB URL HTTP/1.1 ningxiaguotou.com/images/ztzl4.jpg
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 422x89, components 3\012- data
Hash f55304b7883ff45400f373c9e2f5a25c
551f637163e9ffa2365f361056ab3f07a0f0ec45
f4aab19e5b104281de74dd6a02b27af75f65837e1174938638111b7021d55a5e
GET /images/ztzl4.jpg HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:06:46 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Last-Modified: Fri, 25 Oct 2019 05:17:10 GMT
Accept-Ranges: bytes
Content-Length: 38353
Cache-Control: max-age=3600
Expires: Tue, 06 Dec 2022 14:06:46 GMT
ETag: "95d1-595b5430b8180-gzip"
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/jpeg
Content-Language: zh-CN
ningxiaguotou.com/images/bj.jpg
60.205.181.202404 Not Found 1.7 kB URL HTTP/1.1 ningxiaguotou.com/images/bj.jpg
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash d7b61a7f2acbc3b1532d5d473a65eafe
17ab21a5f49c5ffda2106159f4c7c77a791b21e5
29c0b0a5db57af93122bca27d4c301f5d1b7d34e5f410a85b4c1af2e747a1407
GET /images/bj.jpg HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/css/style.css
HTTP/1.1 404 Not Found
Date: Tue, 06 Dec 2022 13:06:46 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Content-Length: 1693
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html
Content-Language: zh-CN
ningxiaguotou.com/system/resource/js/dynclicks.js
60.205.181.202404 Not Found 1.7 kB URL HTTP/1.1 ningxiaguotou.com/system/resource/js/dynclicks.js
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash d7b61a7f2acbc3b1532d5d473a65eafe
17ab21a5f49c5ffda2106159f4c7c77a791b21e5
29c0b0a5db57af93122bca27d4c301f5d1b7d34e5f410a85b4c1af2e747a1407
Analyzer Verdict Alert fortinet Phishing
GET /system/resource/js/dynclicks.js HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/
HTTP/1.1 404 Not Found
Date: Tue, 06 Dec 2022 13:06:46 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Content-Length: 1693
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html
Content-Language: zh-CN
ningxiaguotou.com/images/danghuiicon.png
60.205.181.202200 OK 27 kB URL HTTP/1.1 ningxiaguotou.com/images/danghuiicon.png
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type PNG image data, 469 x 69, 8-bit/color RGBA, non-interlaced\012- data
Hash bcf30939f57a8fbd3b942cfc193f788d
a8ee62ffa2b9613237759a5de33307afdfceb358
1cbf3aee42a4183c2130a0620ff2ae7409ad6f6d66aba6efb87a282e8151db0d
GET /images/danghuiicon.png HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:06:46 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Last-Modified: Sun, 16 Oct 2022 02:21:20 GMT
Accept-Ranges: bytes
Content-Length: 27110
Cache-Control: max-age=3600
Expires: Tue, 06 Dec 2022 14:06:46 GMT
ETag: "69e6-5eb1d83b7e800-gzip"
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/png
Content-Language: zh-CN
ningxiaguotou.com/js/Marquee.js
60.205.181.202200 OK 2.8 kB URL HTTP/1.1 ningxiaguotou.com/js/Marquee.js
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash f61ff0e5b0deeb24d88278f08fdd191c
4ef0540819d0bc614602b4502c3c8eaccf562855
86f82f54d623339dda402e83437f9f985639fec78f1ca086824b530accc20e0f
Analyzer Verdict Alert fortinet Phishing
GET /js/Marquee.js HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:06:44 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Last-Modified: Wed, 01 Jul 2020 00:42:00 GMT
Accept-Ranges: bytes
Cache-Control: max-age=3600
Expires: Tue, 06 Dec 2022 14:06:44 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
ETag: "2384-5a9568f4ca600-gzip"
Content-Length: 2814
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
Content-Language: zh-CN
ningxiaguotou.com/images/sp.png
60.205.181.202200 OK 5.6 kB URL HTTP/1.1 ningxiaguotou.com/images/sp.png
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type PNG image data, 411 x 229, 8-bit/color RGBA, non-interlaced\012- data
Hash 9e751ea2429da7d60cd3e1864eeafbdd
7afa7ad977bb40086f5af477d386d75c071b88b2
4ab34efa55f081b3f2aa7533411065cf3f5af206339163d104f8f4e661aba3b2
GET /images/sp.png HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:06:46 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Last-Modified: Tue, 10 Sep 2019 13:22:02 GMT
Accept-Ranges: bytes
Content-Length: 5594
Cache-Control: max-age=3600
Expires: Tue, 06 Dec 2022 14:06:46 GMT
ETag: "15da-59232ca345280-gzip"
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/png
Content-Language: zh-CN
ningxiaguotou.com/system/resource/js/openlink.js
60.205.181.202404 Not Found 1.7 kB URL HTTP/1.1 ningxiaguotou.com/system/resource/js/openlink.js
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash d7b61a7f2acbc3b1532d5d473a65eafe
17ab21a5f49c5ffda2106159f4c7c77a791b21e5
29c0b0a5db57af93122bca27d4c301f5d1b7d34e5f410a85b4c1af2e747a1407
Analyzer Verdict Alert fortinet Phishing
GET /system/resource/js/openlink.js HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/
HTTP/1.1 404 Not Found
Date: Tue, 06 Dec 2022 13:06:46 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Content-Length: 1693
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html
Content-Language: zh-CN
ningxiaguotou.com/images/yqlj2.png
60.205.181.202200 OK 1.6 kB URL HTTP/1.1 ningxiaguotou.com/images/yqlj2.png
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type PNG image data, 23 x 23, 8-bit/color RGBA, non-interlaced\012- data
Hash ed2b95bd256e5b01da43bf8767fd99c5
c66f52c6e523382a8fb8a65bd4bf5460d0e98331
9f98d4d5926dd46e079eb471d78f47d22766ef1e4df33c48dd5fe229983c132e
GET /images/yqlj2.png HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/css/style.css
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:06:46 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Last-Modified: Tue, 10 Sep 2019 13:27:23 GMT
Accept-Ranges: bytes
Content-Length: 1647
Cache-Control: max-age=3600
Expires: Tue, 06 Dec 2022 14:06:46 GMT
ETag: "66f-59232dd5664c0-gzip"
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: image/png
Content-Language: zh-CN
ningxiaguotou.com/__local/0/6E/C2/6DEE116DCE33819FEC8F6783D4A_E78068E1_E37B.jpg
60.205.181.202200 OK 58 kB URL HTTP/1.1 ningxiaguotou.com/__local/0/6E/C2/6DEE116DCE33819FEC8F6783D4A_E78068E1_E37B.jpg
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1024x516, components 3\012- data
Hash 06ec26dee116dce33819fec8f6783d4a
052a6a8ecddafb214ecb0757cb61500b80d06fb9
ab4f2321bfd9c91d160128b0ed7c159642d7e0caf8c94e8d50b1b7038be84745
GET /__local/0/6E/C2/6DEE116DCE33819FEC8F6783D4A_E78068E1_E37B.jpg HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:06:46 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Last-Modified: Fri, 10 Jun 2022 10:14:55 GMT
Accept-Ranges: bytes
Content-Length: 58235
Cache-Control: max-age=3600
Expires: Tue, 06 Dec 2022 14:06:46 GMT
ETag: "e37b-5e11535b265c0-gzip"
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/jpeg
Content-Language: zh-CN
ningxiaguotou.com/images/logo.png
60.205.181.202200 OK 11 kB URL HTTP/1.1 ningxiaguotou.com/images/logo.png
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type PNG image data, 455 x 53, 8-bit/color RGBA, non-interlaced\012- data
Hash c4ff4904dbbcad38cd3ecfb448ea6199
d008ccb7104f65fbd0c7f0673c1482ec30ca5029
cfa7681bf925f75e2452a35aa3a0ad79e1c6cbb4ca15ccee42cfaf4e7148c2ff
GET /images/logo.png HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:06:46 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Last-Modified: Tue, 10 Sep 2019 13:27:20 GMT
Accept-Ranges: bytes
Content-Length: 10638
Cache-Control: max-age=3600
Expires: Tue, 06 Dec 2022 14:06:46 GMT
ETag: "298e-59232dd289e00-gzip"
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: image/png
Content-Language: zh-CN
ningxiaguotou.com/images/ss.png
60.205.181.202200 OK 1.3 kB URL HTTP/1.1 ningxiaguotou.com/images/ss.png
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type PNG image data, 18 x 17, 8-bit/color RGBA, non-interlaced\012- data
Hash dcdb69bea6791e487c2b01a6ddc316bd
ec571bafb619caa4e2395a25e8fba4fba20b7ff2
b40e731d95583065f9080a9483ab9f9a93c4c2b59aa592ed053a7ee79924016e
GET /images/ss.png HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:06:46 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Last-Modified: Tue, 10 Sep 2019 13:27:23 GMT
Accept-Ranges: bytes
Content-Length: 1304
Cache-Control: max-age=3600
Expires: Tue, 06 Dec 2022 14:06:46 GMT
ETag: "518-59232dd5664c0-gzip"
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png
Content-Language: zh-CN
ningxiaguotou.com/images/zc.png
60.205.181.202200 OK 3.3 kB URL HTTP/1.1 ningxiaguotou.com/images/zc.png
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type PNG image data, 130 x 40, 8-bit/color RGBA, non-interlaced\012- data
Hash d8d45035430e6d81e237c4f9115a7a55
aae9f7808cf7ebfdc99ce162e615a2a86fc95972
498f69f52c379bc152cea329d53940991453a5c31cb0dbb572cc578f6ea36258
GET /images/zc.png HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:06:47 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Last-Modified: Thu, 23 Sep 2021 10:22:59 GMT
Accept-Ranges: bytes
Content-Length: 3275
Cache-Control: max-age=3600
Expires: Tue, 06 Dec 2022 14:06:47 GMT
ETag: "ccb-5cca703ce26c0-gzip"
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png
Content-Language: zh-CN
ningxiaguotou.com/system/resource/js/base64.js
60.205.181.202404 Not Found 1.7 kB URL HTTP/1.1 ningxiaguotou.com/system/resource/js/base64.js
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash d7b61a7f2acbc3b1532d5d473a65eafe
17ab21a5f49c5ffda2106159f4c7c77a791b21e5
29c0b0a5db57af93122bca27d4c301f5d1b7d34e5f410a85b4c1af2e747a1407
Analyzer Verdict Alert fortinet Phishing
GET /system/resource/js/base64.js HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/
HTTP/1.1 404 Not Found
Date: Tue, 06 Dec 2022 13:06:47 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Content-Length: 1693
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/html
Content-Language: zh-CN
ningxiaguotou.com/images/close4.png
60.205.181.202200 OK 1.4 kB URL HTTP/1.1 ningxiaguotou.com/images/close4.png
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type PNG image data, 56 x 56, 8-bit/color RGBA, non-interlaced\012- data
Hash fe6a2c7bcf4b64d0f91e0e606e64e8e1
8c05cd7875c8a0448b323800718f624226c22d75
189f0c2a1ccc2861448f599e2db1f850ddd09260b2833542f5473c67b9677558
GET /images/close4.png HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/css/style.css
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:06:47 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Last-Modified: Tue, 10 Sep 2019 13:27:19 GMT
Accept-Ranges: bytes
Content-Length: 1435
Cache-Control: max-age=3600
Expires: Tue, 06 Dec 2022 14:06:47 GMT
ETag: "59b-59232dd195bc0-gzip"
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: image/png
Content-Language: zh-CN
ningxiaguotou.com/images/lj.png
60.205.181.202200 OK 1.1 kB URL HTTP/1.1 ningxiaguotou.com/images/lj.png
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced\012- data
Hash 1dc072c0d98ce3ddf8ca894696df1d47
c8a3d2d1accb91b30987da9c77460e4109395e17
69081b1fe12942e909de68adb041580f420172796eaed7d18b5351b99e706ba0
GET /images/lj.png HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/css/style.css
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:06:47 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Last-Modified: Tue, 10 Sep 2019 13:27:19 GMT
Accept-Ranges: bytes
Content-Length: 1064
Cache-Control: max-age=3600
Expires: Tue, 06 Dec 2022 14:06:47 GMT
ETag: "428-59232dd195bc0-gzip"
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/png
Content-Language: zh-CN
ningxiaguotou.com/system/resource/js/formfunc.js
60.205.181.202404 Not Found 1.7 kB URL HTTP/1.1 ningxiaguotou.com/system/resource/js/formfunc.js
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash d7b61a7f2acbc3b1532d5d473a65eafe
17ab21a5f49c5ffda2106159f4c7c77a791b21e5
29c0b0a5db57af93122bca27d4c301f5d1b7d34e5f410a85b4c1af2e747a1407
Analyzer Verdict Alert fortinet Phishing
GET /system/resource/js/formfunc.js HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/
HTTP/1.1 404 Not Found
Date: Tue, 06 Dec 2022 13:06:47 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Content-Length: 1693
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html
Content-Language: zh-CN
ningxiaguotou.com/images/more2.png
60.205.181.202200 OK 1.1 kB URL HTTP/1.1 ningxiaguotou.com/images/more2.png
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type PNG image data, 14 x 18, 8-bit/color RGBA, non-interlaced\012- data
Hash 6cd7bce5167a9781ec8f6ba186143f60
aba400ed222c3b01de8a74e51d61404f2ba265b1
6df66ea98a5af3eaa0b6d0ba61bfb64206190cd50ecbec9d9c1f5ee3547aaab6
GET /images/more2.png HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:06:47 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Last-Modified: Wed, 01 Jul 2020 00:42:00 GMT
Accept-Ranges: bytes
Content-Length: 1095
Cache-Control: max-age=3600
Expires: Tue, 06 Dec 2022 14:06:47 GMT
ETag: "447-5a9568f4ca600-gzip"
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: image/png
Content-Language: zh-CN
ningxiaguotou.com/__local/9/1B/16/8CF9B1335A4E337D8EE7C40083A_4A149E02_4D5.png?e=.png
60.205.181.202200 OK 1.2 kB URL HTTP/1.1 ningxiaguotou.com/__local/9/1B/16/8CF9B1335A4E337D8EE7C40083A_4A149E02_4D5.png?e=.png
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type PNG image data, 18 x 20, 8-bit/color RGBA, non-interlaced\012- data
Hash 91b168cf9b1335a4e337d8ee7c40083a
c4871e1d6ec46c7fa1b494481e671291567bcc56
416388a4a02574d7bea7d11128ad2627383c4b939d74e9b3fa754905b82f2a43
GET /__local/9/1B/16/8CF9B1335A4E337D8EE7C40083A_4A149E02_4D5.png?e=.png HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:06:47 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Last-Modified: Sun, 09 Oct 2022 08:05:35 GMT
Accept-Ranges: bytes
Content-Length: 1237
Cache-Control: max-age=3600
Expires: Tue, 06 Dec 2022 14:06:47 GMT
ETag: "4d5-5ea9581f691c0-gzip"
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: image/png
Content-Language: zh-CN
ningxiaguotou.com/images/645d371454da9e89195dfa8beefc982.jpg
60.205.181.202200 OK 27 kB URL HTTP/1.1 ningxiaguotou.com/images/645d371454da9e89195dfa8beefc982.jpg
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 258x258, components 3\012- data
Hash bafe2b4f2494148db1163347a457efde
5aa52081ed2c60c0382f86a73f98e84b12aa0eed
aa8c47a2e1f1200354bc7aef27b28f21b3f75bb6ea86750121cd11ab13cc8c72
GET /images/645d371454da9e89195dfa8beefc982.jpg HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:06:47 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Last-Modified: Wed, 25 Sep 2019 08:55:28 GMT
Accept-Ranges: bytes
Content-Length: 27312
Cache-Control: max-age=3600
Expires: Tue, 06 Dec 2022 14:06:47 GMT
ETag: "6ab0-5935cd081e000-gzip"
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: image/jpeg
Content-Language: zh-CN
ningxiaguotou.com/images/navx11.png
60.205.181.202200 OK 964 B URL HTTP/1.1 ningxiaguotou.com/images/navx11.png
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type PNG image data, 9 x 6, 8-bit/color RGBA, non-interlaced\012- data
Hash d9bdc7f60dd2d978b22b42ad51cd974a
75d9f5b064c221b2652a1169a8967b59bbd147a0
97ca4c5d1963790ce765ec704f4395d14388ba889383fd80930321e640df2d9f
GET /images/navx11.png HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/css/nav.css
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:06:47 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Last-Modified: Tue, 10 Sep 2019 13:27:23 GMT
Accept-Ranges: bytes
Content-Length: 964
Cache-Control: max-age=3600
Expires: Tue, 06 Dec 2022 14:06:47 GMT
ETag: "3c4-59232dd5664c0-gzip"
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: image/png
Content-Language: zh-CN
ningxiaguotou.com/images/ershidasybg.jpg
60.205.181.202200 OK 337 kB URL HTTP/1.1 ningxiaguotou.com/images/ershidasybg.jpg
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x1052, components 3\012- data
Size 337 kB (337065 bytes)
Hash 6bb9dbb67f020a2b6fd4e8a9af4bcc6e
0cb9b9ae3f6645a2fbd767c5c11b56b30c5325c2
350ec408f41647493551c14e0da18859640007065dcf599ffd10ecce1b742eb4
GET /images/ershidasybg.jpg HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:06:46 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Last-Modified: Sun, 16 Oct 2022 02:21:28 GMT
Accept-Ranges: bytes
Content-Length: 337065
Cache-Control: max-age=3600
Expires: Tue, 06 Dec 2022 14:06:46 GMT
ETag: "524a9-5eb1d8431fa00-gzip"
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/jpeg
Content-Language: zh-CN
ningxiaguotou.com/images/more3.png
60.205.181.202200 OK 1.1 kB URL HTTP/1.1 ningxiaguotou.com/images/more3.png
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type PNG image data, 14 x 18, 8-bit/color RGBA, non-interlaced\012- data
Hash 9436926e8c376ee6821bdf85904dd01e
98003e2ec404dba3896252055fa56fd7f824ad00
b1d25be6e33dea9ac9370f5341e1365e128631826ba1aef4c8877b85418c4614
GET /images/more3.png HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:06:48 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Last-Modified: Wed, 01 Jul 2020 00:42:00 GMT
Accept-Ranges: bytes
Content-Length: 1097
Cache-Control: max-age=3600
Expires: Tue, 06 Dec 2022 14:06:48 GMT
ETag: "449-5a9568f4ca600-gzip"
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: image/png
Content-Language: zh-CN
ningxiaguotou.com/images/19/09/26/16d9g9lo4m/xuexijijinping.jpg
60.205.181.202200 OK 168 kB URL HTTP/1.1 ningxiaguotou.com/images/19/09/26/16d9g9lo4m/xuexijijinping.jpg
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=724, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1400x100, components 3\012- data
Size 168 kB (167765 bytes)
Hash 5c5edd4cfe5685c2b68591d7ff28616e
42c4f55aba8963f472d010aadb85c6573a6a9a21
fd30bf8987f16990cd8298cf11308da198bb26bf25a9ddffd6609a21093f664e
GET /images/19/09/26/16d9g9lo4m/xuexijijinping.jpg HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:06:48 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Last-Modified: Wed, 01 Jul 2020 00:54:12 GMT
Accept-Ranges: bytes
Content-Length: 167765
Cache-Control: max-age=3600
Expires: Tue, 06 Dec 2022 14:06:48 GMT
ETag: "28f55-5a956baee1500-gzip"
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: image/jpeg
Content-Language: zh-CN
ningxiaguotou.com/images/2022020609.png
60.205.181.202200 OK 90 kB URL HTTP/1.1 ningxiaguotou.com/images/2022020609.png
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type PNG image data, 900 x 95, 8-bit/color RGB, non-interlaced\012- data
Hash 23f8a9a0a74657333a7e591f9c21ba74
cb95ac65c98c5c8e02665dc85782c8e97e4b554b
63a075473f5e91c0cca2531735a5d0dd1446bed160ea5611ada3c91cc5afa141
GET /images/2022020609.png HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:06:46 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Last-Modified: Thu, 09 Jun 2022 10:57:18 GMT
Accept-Ranges: bytes
Content-Length: 89812
Cache-Control: max-age=3600
Expires: Tue, 06 Dec 2022 14:06:46 GMT
ETag: "15ed4-5e101af6e1f80-gzip"
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png
Content-Language: zh-CN
ningxiaguotou.com/__local/E/B1/E0/CD5DCF45AFF8793C13341B8FE8E_29C0BB0B_1302E.jpg
60.205.181.202200 OK 78 kB URL HTTP/1.1 ningxiaguotou.com/__local/E/B1/E0/CD5DCF45AFF8793C13341B8FE8E_29C0BB0B_1302E.jpg
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1024x682, components 3\012- data
Hash eb1e0cd5dcf45aff8793c13341b8fe8e
d8a3b288abd04788efdb98a503b07f62d6c2f856
49b265c91b7f4e1247c45a184debcf502525e981329b8a833f8618d31a6ff59d
GET /__local/E/B1/E0/CD5DCF45AFF8793C13341B8FE8E_29C0BB0B_1302E.jpg HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:06:48 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Last-Modified: Thu, 10 Nov 2022 10:30:33 GMT
Accept-Ranges: bytes
Content-Length: 77870
Cache-Control: max-age=3600
Expires: Tue, 06 Dec 2022 14:06:48 GMT
ETag: "1302e-5ed1b43538440-gzip"
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: image/jpeg
Content-Language: zh-CN
ningxiaguotou.com/__local/D/B7/74/48A0350623894E467E782B64150_A8410E05_13F3D.jpg
60.205.181.202200 OK 82 kB URL HTTP/1.1 ningxiaguotou.com/__local/D/B7/74/48A0350623894E467E782B64150_A8410E05_13F3D.jpg
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 220x220, segment length 16, baseline, precision 8, 960x640, components 3\012- data
Hash db77448a0350623894e467e782b64150
322802d475d8559e3c0b8185ac494c24c7aa462c
b18068221087ad33c130c4390013dcd74d079f3e71b69f36fbd7af0a7d1d9fd8
GET /__local/D/B7/74/48A0350623894E467E782B64150_A8410E05_13F3D.jpg HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:06:49 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Last-Modified: Wed, 09 Nov 2022 12:11:02 GMT
Accept-Ranges: bytes
Content-Length: 81725
Cache-Control: max-age=3600
Expires: Tue, 06 Dec 2022 14:06:49 GMT
ETag: "13f3d-5ed088cd76180-gzip"
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: image/jpeg
Content-Language: zh-CN
ningxiaguotou.com/images/l.png
60.205.181.202200 OK 1.9 kB URL HTTP/1.1 ningxiaguotou.com/images/l.png
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type PNG image data, 28 x 45, 8-bit/color RGBA, non-interlaced\012- data
Hash e9c0295c884035e5be3041786f06fb76
3f43d445f7a4044d918fec3b82b6c8456276f53d
fa03920c385f357ea51d6bed8fed5bb5e7dbc1b9811d3d637fc8c9ad99ea2d1f
GET /images/l.png HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:06:49 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Last-Modified: Wed, 01 Jul 2020 00:42:00 GMT
Accept-Ranges: bytes
Content-Length: 1947
Cache-Control: max-age=3600
Expires: Tue, 06 Dec 2022 14:06:49 GMT
ETag: "79b-5a9568f4ca600-gzip"
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: image/png
Content-Language: zh-CN
ningxiaguotou.com/images/1101.png
60.205.181.202200 OK 116 kB URL HTTP/1.1 ningxiaguotou.com/images/1101.png
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type PNG image data, 1400 x 100, 8-bit/color RGBA, non-interlaced\012- data
Size 116 kB (115815 bytes)
Hash d8ce38a498019d1aecc841b06f43a1ab
95413d5ce78b53c8b4ac626296e26ee40609b2c6
3f2c8f865aa570586bffb3dd7f27666a4fa1a64fe88790fa81f4907eb0fb38fe
GET /images/1101.png HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:06:48 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Last-Modified: Tue, 01 Nov 2022 12:11:27 GMT
Accept-Ranges: bytes
Content-Length: 115815
Cache-Control: max-age=3600
Expires: Tue, 06 Dec 2022 14:06:48 GMT
ETag: "1c467-5ec679f99d9c0-gzip"
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: image/png
Content-Language: zh-CN
ningxiaguotou.com/images/ad.jpg
60.205.181.202200 OK 130 kB URL HTTP/1.1 ningxiaguotou.com/images/ad.jpg
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC 2015 (Windows), datetime=2020:02:09 14:15:23], baseline, precision 8, 1400x100, components 3\012- data
Size 130 kB (130078 bytes)
Hash c082c01d5038aa3c7a3b4318c9c58729
11cf2c425460bdc7fbcab209ee14ae3365872965
fa017cbe132ddb27b77dc87f702fa0093d7d07880264e87a7622c202ca213cb3
GET /images/ad.jpg HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:06:50 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Last-Modified: Wed, 01 Jul 2020 00:42:00 GMT
Accept-Ranges: bytes
Content-Length: 130078
Cache-Control: max-age=3600
Expires: Tue, 06 Dec 2022 14:06:50 GMT
ETag: "1fc1e-5a9568f4ca600-gzip"
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: image/jpeg
Content-Language: zh-CN
ningxiaguotou.com/__local/B/2F/5E/79CC7F98C9C475E025E27530936_CB9780DE_19454.jpg
60.205.181.202200 OK 104 kB URL HTTP/1.1 ningxiaguotou.com/__local/B/2F/5E/79CC7F98C9C475E025E27530936_CB9780DE_19454.jpg
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1024x682, components 3\012- data
Size 104 kB (103508 bytes)
Hash b2f5e79cc7f98c9c475e025e27530936
4ff2271175bfe40322688af8f8eb185098a82d3c
48e51ac5732fae54c4a4eb552cfb55a3f061390b8f51aab9a4374dae910d53c5
GET /__local/B/2F/5E/79CC7F98C9C475E025E27530936_CB9780DE_19454.jpg HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:06:49 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Last-Modified: Sat, 19 Nov 2022 12:28:34 GMT
Accept-Ranges: bytes
Content-Length: 103508
Cache-Control: max-age=3600
Expires: Tue, 06 Dec 2022 14:06:49 GMT
ETag: "19454-5edd1f5f56080-gzip"
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: image/jpeg
Content-Language: zh-CN
ningxiaguotou.com/images/more1.png
60.205.181.202200 OK 1.1 kB URL HTTP/1.1 ningxiaguotou.com/images/more1.png
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type PNG image data, 14 x 18, 8-bit/color RGBA, non-interlaced\012- data
Hash 59915756548a2b50ac8e41e27f24d0d5
eff18d790988e6cb9a087e4e32048cc4d1012ca9
cdf8d6347bd5aeb88f46efa08ef5410dd66a94ddd69dcca8b209da0dcc1162c1
GET /images/more1.png HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:06:50 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Last-Modified: Wed, 01 Jul 2020 00:42:00 GMT
Accept-Ranges: bytes
Content-Length: 1103
Cache-Control: max-age=3600
Expires: Tue, 06 Dec 2022 14:06:50 GMT
ETag: "44f-5a9568f4ca600-gzip"
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: image/png
Content-Language: zh-CN
ningxiaguotou.com/system/resource/js/ajax.js
60.205.181.202404 Not Found 1.7 kB URL HTTP/1.1 ningxiaguotou.com/system/resource/js/ajax.js
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash d7b61a7f2acbc3b1532d5d473a65eafe
17ab21a5f49c5ffda2106159f4c7c77a791b21e5
29c0b0a5db57af93122bca27d4c301f5d1b7d34e5f410a85b4c1af2e747a1407
Analyzer Verdict Alert fortinet Phishing
GET /system/resource/js/ajax.js HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/
HTTP/1.1 404 Not Found
Date: Tue, 06 Dec 2022 13:06:47 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Content-Length: 1693
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/html
Content-Language: zh-CN
ningxiaguotou.com/system/resource/js/ajax.js
60.205.181.202404 Not Found 1.7 kB URL HTTP/1.1 ningxiaguotou.com/system/resource/js/ajax.js
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash d7b61a7f2acbc3b1532d5d473a65eafe
17ab21a5f49c5ffda2106159f4c7c77a791b21e5
29c0b0a5db57af93122bca27d4c301f5d1b7d34e5f410a85b4c1af2e747a1407
Analyzer Verdict Alert fortinet Phishing
GET /system/resource/js/ajax.js HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/
HTTP/1.1 404 Not Found
Date: Tue, 06 Dec 2022 13:06:51 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Content-Length: 1693
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: text/html
Content-Language: zh-CN
ningxiaguotou.com/images/0628.jpg
60.205.181.202200 OK 26 kB URL HTTP/1.1 ningxiaguotou.com/images/0628.jpg
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 1253x80, components 3\012- data
Hash 3238c839f41f29edd4a7f345543702cb
835e892d54a2538d10b45eb989254dbe94f49166
14e9c0e687598913e573f7b6e54322f02a132498f704fa73fecfbd49bee91df9
GET /images/0628.jpg HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:06:47 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Last-Modified: Tue, 28 Jun 2022 10:09:38 GMT
Accept-Ranges: bytes
Content-Length: 25783
Cache-Control: max-age=3600
Expires: Tue, 06 Dec 2022 14:06:47 GMT
ETag: "64b7-5e27f3bf21c80-gzip"
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: image/jpeg
Content-Language: zh-CN
ningxiaguotou.com/images/tb2.png
60.205.181.202200 OK 938 B URL HTTP/1.1 ningxiaguotou.com/images/tb2.png
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type PNG image data, 4 x 4, 8-bit/color RGBA, non-interlaced\012- data
Hash 334235c21286f6899369fd9a5aa1fc9d
33f9737ea71c23e7d1c21bb39a61c8049a42a650
ea7f03956d682bf10ee058f4329d858c8899246573bf416535977fbc7a28aa86
GET /images/tb2.png HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/css/style.css
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:06:51 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Last-Modified: Tue, 10 Sep 2019 13:27:21 GMT
Accept-Ranges: bytes
Content-Length: 938
Cache-Control: max-age=3600
Expires: Tue, 06 Dec 2022 14:06:51 GMT
ETag: "3aa-59232dd37e040-gzip"
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Content-Type: image/png
Content-Language: zh-CN
ningxiaguotou.com/images/dj.png
60.205.181.202200 OK 18 kB URL HTTP/1.1 ningxiaguotou.com/images/dj.png
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type PNG image data, 220 x 80, 8-bit/color RGBA, non-interlaced\012- data
Hash be3af6730a7019dea8c65aee1bbf394c
f1f96cc8aa5ec098ea2fc2e7f5b3b97c7b141d7e
2945c64ae97f57f108887cb006ce1a2c5febdb09d1090b1c3f896269948cd6c6
GET /images/dj.png HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/css/style.css
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:06:51 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Last-Modified: Tue, 10 Sep 2019 13:27:19 GMT
Accept-Ranges: bytes
Content-Length: 18369
Cache-Control: max-age=3600
Expires: Tue, 06 Dec 2022 14:06:51 GMT
ETag: "47c1-59232dd195bc0-gzip"
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Content-Type: image/png
Content-Language: zh-CN
ningxiaguotou.com/images/column2.jpg
60.205.181.202200 OK 1.1 kB URL HTTP/1.1 ningxiaguotou.com/images/column2.jpg
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 42x4, components 3\012- data
Hash e73ad71630f68b1f1012b6d45d709b9e
cd768567acc3e678eaee629318437f8ca97e7723
9b91e77b05578ad75e810456d5a850b3ad41d580361ad610755dd94cb4014307
GET /images/column2.jpg HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/css/style.css
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:06:51 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Last-Modified: Tue, 10 Sep 2019 13:27:20 GMT
Accept-Ranges: bytes
Content-Length: 1127
Cache-Control: max-age=3600
Expires: Tue, 06 Dec 2022 14:06:51 GMT
ETag: "467-59232dd289e00-gzip"
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Content-Type: image/jpeg
Content-Language: zh-CN
ningxiaguotou.com/images/column1.jpg
60.205.181.202200 OK 1.1 kB URL HTTP/1.1 ningxiaguotou.com/images/column1.jpg
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 34x4, components 3\012- data
Hash 263f2de044abf9d14f13bf00f313c88b
111a81f68d2c587ed1bed72664657c90bd51e2c0
cadd50a26fd55480d4409f7bdb2d84aacf50d5f56d93766537b5906093dbfe1b
GET /images/column1.jpg HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/css/style.css
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:06:51 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Last-Modified: Tue, 10 Sep 2019 13:27:20 GMT
Accept-Ranges: bytes
Content-Length: 1131
Cache-Control: max-age=3600
Expires: Tue, 06 Dec 2022 14:06:51 GMT
ETag: "46b-59232dd289e00-gzip"
Keep-Alive: timeout=5, max=88
Connection: Keep-Alive
Content-Type: image/jpeg
Content-Language: zh-CN
ningxiaguotou.com/images/tb1.png
60.205.181.202200 OK 931 B URL HTTP/1.1 ningxiaguotou.com/images/tb1.png
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type PNG image data, 4 x 4, 8-bit/color RGBA, non-interlaced\012- data
Hash a40d76de5e70846be0c479762a269a1b
78dcd91ec38f68727a2fafd9f84f1caefe204df8
ac68ff2b60d9ef0c5505caf12262335400e758cf60482ff1d3da0a1c4e482e9e
GET /images/tb1.png HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/css/style.css
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:06:51 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Last-Modified: Tue, 10 Sep 2019 13:27:21 GMT
Accept-Ranges: bytes
Content-Length: 931
Cache-Control: max-age=3600
Expires: Tue, 06 Dec 2022 14:06:51 GMT
ETag: "3a3-59232dd37e040-gzip"
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: image/png
Content-Language: zh-CN
ningxiaguotou.com/images/jticonbg.png
60.205.181.202200 OK 4.0 kB URL HTTP/1.1 ningxiaguotou.com/images/jticonbg.png
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced\012- data
Hash ccdcee343540094c17c08c5c5f992ae9
96bb8489eac286fd6dc1466361d212779c5c670f
6e5caf262e66e9654cfba2daa64ebfbcfd88f93f97f262ca21af6ad3391a3de4
GET /images/jticonbg.png HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/css/style.css
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:06:52 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Last-Modified: Tue, 10 Sep 2019 13:27:19 GMT
Accept-Ranges: bytes
Content-Length: 3977
Cache-Control: max-age=3600
Expires: Tue, 06 Dec 2022 14:06:52 GMT
ETag: "f89-59232dd195bc0-gzip"
Keep-Alive: timeout=5, max=87
Connection: Keep-Alive
Content-Type: image/png
Content-Language: zh-CN
ningxiaguotou.com/images/jticon2.png
60.205.181.202200 OK 2.2 kB URL HTTP/1.1 ningxiaguotou.com/images/jticon2.png
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type PNG image data, 45 x 38, 8-bit/color RGBA, non-interlaced\012- data
Hash 669edda6b52068ae394ff792ce6f8db1
f28a5614e76fc4d0fd1de9f10f2b380cd610aac8
747a3a45328337925816dca408722faeb498d57ba73cc9a12615886fbfd29317
GET /images/jticon2.png HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/css/style.css
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:06:52 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Last-Modified: Tue, 10 Sep 2019 13:27:22 GMT
Accept-Ranges: bytes
Content-Length: 2222
Cache-Control: max-age=3600
Expires: Tue, 06 Dec 2022 14:06:52 GMT
ETag: "8ae-59232dd472280-gzip"
Keep-Alive: timeout=5, max=86
Connection: Keep-Alive
Content-Type: image/png
Content-Language: zh-CN
ningxiaguotou.com/images/jticon1.png
60.205.181.202200 OK 1.8 kB URL HTTP/1.1 ningxiaguotou.com/images/jticon1.png
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type PNG image data, 45 x 38, 8-bit/color RGBA, non-interlaced\012- data
Hash 83e57ef215d2e9066ee4a1e1880f8012
42bec22f2df9b66cc94c97bb995ebf37f0fb0515
daa2d9ebabbb45fd533fcea38bcbe77214662b0e103b7c18637cef5c3d2e60bd
GET /images/jticon1.png HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/css/style.css
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:06:52 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Last-Modified: Tue, 10 Sep 2019 13:27:22 GMT
Accept-Ranges: bytes
Content-Length: 1790
Cache-Control: max-age=3600
Expires: Tue, 06 Dec 2022 14:06:52 GMT
ETag: "6fe-59232dd472280-gzip"
Keep-Alive: timeout=5, max=88
Connection: Keep-Alive
Content-Type: image/png
Content-Language: zh-CN
ningxiaguotou.com/images/jticon3.png
60.205.181.202200 OK 1.5 kB URL HTTP/1.1 ningxiaguotou.com/images/jticon3.png
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type PNG image data, 45 x 38, 8-bit/color RGBA, non-interlaced\012- data
Hash 7ce5e6da43c4909f6a7e891c7db491ba
44ac5f930e51d26e55bfe69abb729e17a3c882ec
5668d6d55687b2cccbd55a5a40fc08dd1683366c47956b1411d116d4339a8412
GET /images/jticon3.png HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/css/style.css
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:06:52 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Last-Modified: Tue, 10 Sep 2019 13:27:22 GMT
Accept-Ranges: bytes
Content-Length: 1491
Cache-Control: max-age=3600
Expires: Tue, 06 Dec 2022 14:06:52 GMT
ETag: "5d3-59232dd472280-gzip"
Keep-Alive: timeout=5, max=85
Connection: Keep-Alive
Content-Type: image/png
Content-Language: zh-CN
ningxiaguotou.com/system/resource/js/news/mp4video.js
60.205.181.202404 Not Found 1.7 kB URL HTTP/1.1 ningxiaguotou.com/system/resource/js/news/mp4video.js
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash d7b61a7f2acbc3b1532d5d473a65eafe
17ab21a5f49c5ffda2106159f4c7c77a791b21e5
29c0b0a5db57af93122bca27d4c301f5d1b7d34e5f410a85b4c1af2e747a1407
Analyzer Verdict Alert fortinet Phishing
GET /system/resource/js/news/mp4video.js HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/
HTTP/1.1 404 Not Found
Date: Tue, 06 Dec 2022 13:06:51 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Content-Length: 1693
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: text/html
Content-Language: zh-CN
ningxiaguotou.com/__local/0/E3/59/9A40A9DCC2D59952B8AA5E32D76_67B1B108_16173.jpg
60.205.181.202200 OK 0 B URL HTTP/1.1 ningxiaguotou.com/__local/0/E3/59/9A40A9DCC2D59952B8AA5E32D76_67B1B108_16173.jpg
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
GET /__local/0/E3/59/9A40A9DCC2D59952B8AA5E32D76_67B1B108_16173.jpg HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:06:49 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Last-Modified: Thu, 17 Nov 2022 06:29:40 GMT
Accept-Ranges: bytes
Content-Length: 90483
Cache-Control: max-age=3600
Expires: Tue, 06 Dec 2022 14:06:49 GMT
ETag: "16173-5eda4b6bfdd00-gzip"
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/jpeg
Content-Language: zh-CN
ningxiaguotou.com/images/jt.jpg
60.205.181.202200 OK 0 B URL HTTP/1.1 ningxiaguotou.com/images/jt.jpg
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
GET /images/jt.jpg HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/css/style.css
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:06:51 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Last-Modified: Tue, 10 Sep 2019 13:27:19 GMT
Accept-Ranges: bytes
Content-Length: 37611
Cache-Control: max-age=3600
Expires: Tue, 06 Dec 2022 14:06:51 GMT
ETag: "92eb-59232dd195bc0-gzip"
Keep-Alive: timeout=5, max=88
Connection: Keep-Alive
Content-Type: image/jpeg
Content-Language: zh-CN
ningxiaguotou.com/images/yw.jpg
60.205.181.202200 OK 0 B URL HTTP/1.1 ningxiaguotou.com/images/yw.jpg
IP 60.205.181.202:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
GET /images/yw.jpg HTTP/1.1
Host: ningxiaguotou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ningxiaguotou.com/css/style.css
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:06:51 GMT
Server: **********
X-Frame-Options: SAMEORIGIN
Last-Modified: Tue, 10 Sep 2019 13:27:20 GMT
Accept-Ranges: bytes
Content-Length: 243877
Cache-Control: max-age=3600
Expires: Tue, 06 Dec 2022 14:06:51 GMT
ETag: "3b8a5-59232dd289e00-gzip"
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: image/jpeg
Content-Language: zh-CN