urlquery - report: 165252b.com/

Fully Qualifying Domain Name	Rank	First Seen	Last Seen	IP	Comment
r3.o.lencr.org (7)	344	No data	No data	23.36.76.226
165252b.com (37)	0	2021-04-29 07:07:26 UTC	2022-10-15 04:52:20 UTC	18.166.84.185	Unknown ranking
img-getpocket.cdn.mozilla.net (6)	1631	2018-06-21 23:36:00 UTC	2020-02-19 04:43:25 UTC	34.120.237.76
ocsp.digicert.com (2)	86	2012-05-21 07:02:23 UTC	2020-05-02 20:58:10 UTC	93.184.220.29
firefox.settings.services.mozilla.com (2)	867	2020-06-04 20:08:41 UTC	2022-12-05 04:09:09 UTC	34.102.187.140
content-signature-2.cdn.mozilla.net (1)	1152	No data	No data	34.160.144.191
contile.services.mozilla.com (1)	1114	2021-05-27 18:32:35 UTC	2022-12-05 04:09:48 UTC	34.117.237.239
165252b.com (37)	0	2021-04-29 07:07:26 UTC	2022-10-15 04:52:20 UTC	43.198.33.164	Unknown ranking
push.services.mozilla.com (1)	2140	2014-10-24 08:27:06 UTC	2020-05-03 10:09:39 UTC	35.166.172.24
zerossl.ocsp.sectigo.com (1)	4049	No data	No data	172.64.155.188
code.jquery.com (1)	634	2012-05-21 17:28:02 UTC	2020-04-21 12:46:20 UTC	69.16.175.10
ocsp.globalsign.com (1)	2075	2012-07-20 17:46:16 UTC	2020-05-02 20:58:10 UTC	104.18.21.226
ia.51.la (2)	59607	2017-10-31 08:01:51 UTC	2020-05-01 02:41:03 UTC	103.143.19.103

Scan Date	Severity	Indicator	Comment
2022-12-06	2	165252b.com/	Phishing
2022-12-06	2	165252b.com/	Phishing
2022-12-06	2	165252b.com/21087101.js	Phishing
2022-12-06	2	165252b.com/21087213.js	Phishing
2022-12-06	2	165252b.com/js/swiper.min.js	Phishing
2022-12-06	2	165252b.com/cj/%E8%A7%A3%E8%9B%87%E8%9B%8B%E5%9B%BE.js	Phishing
2022-12-06	2	165252b.com/21262045.js	Phishing
2022-12-06	2	165252b.com/ddns.js	Phishing
2022-12-06	2	165252b.com/cj/%E5%9B%9B%E8%82%96%E5%85%AB%E7%A0%81.js	Phishing
2022-12-06	2	165252b.com/cj/%E5%9B%9B%E5%B0%BE%E5%85%AB%E7%A0%81.js	Phishing
2022-12-06	2	165252b.com/cj/%E8%A7%A3%E5%8F%A6%E7%89%88%E8%9B%87%E8%9B%8B%E5%9B%BE.js	Phishing
2022-12-06	2	165252b.com/cj/%E4%B8%89%E5%A4%B4%E4%B8%AD%E7%89%B9.js	Phishing
2022-12-06	2	165252b.com/cj/%E4%B8%80%E5%8F%A5%E8%A7%A3%E7%89%B9.js	Phishing
2022-12-06	2	165252b.com/cj/%E4%B8%80%E5%AD%97%E7%8E%84%E6%9C%BA.js	Phishing
2022-12-06	2	165252b.com/cj/%E5%B9%B3%E7%89%B9%E4%B8%80%E5%B0%BE.js	Phishing
2022-12-06	2	165252b.com/cj/%E5%B9%B3%E7%89%B9%E4%B8%80%E8%82%96.js	Phishing
2022-12-06	2	165252b.com/cj/%E8%A7%A3%E8%B7%91%E7%8B%97.js	Phishing
2022-12-06	2	165252b.com/cj/%E8%A7%A3%E5%9B%9B%E4%B8%8D%E5%83%8F.js	Phishing
2022-12-06	2	165252b.com/cj/%E8%A7%A3%E5%9B%9B%E5%AD%97%E7%AC%A6.js	Phishing
2022-12-06	2	165252b.com/cj/%E5%A4%A7%E5%B0%8F%E4%B8%AD%E7%89%B9.js	Phishing
2022-12-06	2	165252b.com/cj/gsb2.js	Phishing
2022-12-06	2	165252b.com/cj/%E5%90%88%E6%95%B0%E4%B8%AD%E7%89%B9.js	Phishing
2022-12-06	2	165252b.com/cj/%E8%A7%A3%E7%BA%A2%E5%AD%97.js	Phishing
2022-12-06	2	165252b.com/cj/%E8%A7%A3%E8%80%81%E7%89%88%E8%B7%91%E7%8B%97.js	Phishing
2022-12-06	2	165252b.com/cj/%E4%B8%83%E5%B0%BE%E4%B8%AD%E7%89%B9.js	Phishing
2022-12-06	2	165252b.com/cj/%E7%BB%9D%E6%9D%80%E4%B8%80%E5%B0%BE.js	Phishing
2022-12-06	2	165252b.com/cj/%E8%A7%A3%E5%8F%A6%E7%89%88%E8%B7%91%E7%8B%97.js	Phishing
2022-12-06	2	165252b.com/cj/%E7%B2%BE%E9%80%89%E4%B9%9D%E8%82%96.js	Phishing
2022-12-06	2	165252b.com/cj/%E5%90%89%E7%BE%8E%E5%87%B6%E4%B8%91.js	Phishing
2022-12-06	2	165252b.com/cj/%E6%98%A5%E5%A4%8F%E7%A7%8B%E5%86%AC.js	Phishing
2022-12-06	2	165252b.com/cj/%E7%BB%9D%E6%9D%80%E4%B8%89%E8%82%96.js	Phishing
2022-12-06	2	165252b.com/cj/%E9%A3%8E%E9%9B%A8%E9%9B%B7%E7%94%B5.js	Phishing
2022-12-06	2	165252b.com/cj/%E7%B2%BE%E9%80%89%E5%8F%8C%E6%B3%A2.js	Phishing
2022-12-06	2	165252b.com/cj/%E7%BB%9D%E6%9D%80%E4%B8%80%E5%A4%B4.js	Phishing
2022-12-06	2	165252b.com/cj/%E7%90%B4%E6%A3%8B%E4%B9%A6%E7%94%BB.js	Phishing

Date	UQ / IDS / BL	URL	IP
2022-12-14 15:22:34 +0000	0 - 0 - 35	217575b.com/	18.166.84.185
2022-12-06 10:28:34 +0000	0 - 0 - 35	165252b.com/	18.166.84.185
2022-12-06 02:17:08 +0000	0 - 0 - 56	699349.com/	18.166.84.185
2022-11-22 07:04:58 +0000	0 - 0 - 115	393976.cc/	18.166.84.185

Date	UQ / IDS / BL	URL	IP
2023-02-09 05:58:49 +0000	0 - 1 - 1	track.buller-matuma.com/67966588-f19b-4295-91 (...)	18.195.128.171
2023-02-09 05:58:19 +0000	0 - 1 - 4	www.mediacdnc.com/go/74346df3-79de-4938-a627- (...)	3.70.16.242
2023-02-09 05:57:54 +0000	0 - 0 - 3	qvznmz.lllustriousdate.net/?utm_source=1e3a4e (...)	63.32.216.166
2023-02-09 05:57:33 +0000	0 - 3 - 0	accesstra.de/002bc7000v3v	52.76.71.161
2023-02-09 05:56:59 +0000	0 - 0 - 4	clk.flexdirectpath.com/c/c=1787734/s=289339/m (...)	3.136.80.112

Date	UQ / IDS / BL	URL	IP
2022-12-06 10:28:34 +0000	0 - 0 - 35	165252b.com/	18.166.84.185

HTTP Transactions (62)

Request	Response
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.76.226 HASH: 1bad6c06aa3e88dcbc125fc98a6cb753eb2b18d2c8dd61da21d12209aeeda3f9 23.36.76.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "1BAD6C06AA3E88DCBC125FC98A6CB753EB2B18D2C8DD61DA21D12209AEEDA3F9" Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=12067 Expires: Tue, 06 Dec 2022 13:49:30 GMT Date: Tue, 06 Dec 2022 10:28:23 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: cfec3d7283a9b66d2be426ce54d210f3 Sha1: 808c1feb1ba918951d1928c1f6bfc0c253262774 Sha256: 1bad6c06aa3e88dcbc125fc98a6cb753eb2b18d2c8dd61da21d12209aeeda3f9
POST / HTTP/1.1 Host: ocsp.digicert.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.digicert.com/ FQDN: ocsp.digicert.com IP: 93.184.220.29 HASH: 494e96358ff12366213d7cc0f9197648c6c62ec14fa0d2c78732a683fa26b192 93.184.220.29 HTTP/1.1 200 OK Content-Type: application/ocsp-response Accept-Ranges: bytes Age: 5780 Cache-Control: max-age=92356 Date: Tue, 06 Dec 2022 10:28:23 GMT Etag: "638dc877-1d7" Expires: Wed, 07 Dec 2022 12:07:39 GMT Last-Modified: Mon, 05 Dec 2022 10:31:19 GMT Server: ECS (ska/F71C) X-Cache: HIT Content-Length: 471 --- Additional Info --- Magic: data Size: 471 Md5: ee088fab9b287e174cfd1f2c735a909f Sha1: 25c3335b514a36ad1a24d00413d60c3d394f5161 Sha256: 494e96358ff12366213d7cc0f9197648c6c62ec14fa0d2c78732a683fa26b192
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.76.226 HASH: 7d7232c8c91bcd18161ba2c9d23e3bff159604e058bd5b3fc1c7fcbcd03a7ee3 23.36.76.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3" Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=12136 Expires: Tue, 06 Dec 2022 13:50:39 GMT Date: Tue, 06 Dec 2022 10:28:23 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 1ea206ac3c440825741687351f8c6e4e Sha1: 2f38dafd8c43dcce2411a0590bc5c02cd6286735 Sha256: 7d7232c8c91bcd18161ba2c9d23e3bff159604e058bd5b3fc1c7fcbcd03a7ee3
GET /v1/ HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: firefox.settings.services.mozilla.com/v1/ FQDN: firefox.settings.services.mozilla.com IP: 34.102.187.140 HASH: 4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e 34.102.187.140 HTTP/2 200 OK content-type: application/json access-control-allow-origin: * access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; strict-transport-security: max-age=31536000 x-content-type-options: nosniff content-length: 939 via: 1.1 google date: Tue, 06 Dec 2022 10:18:38 GMT cache-control: public,max-age=3600 age: 585 alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JSON data\012- , ASCII text, with very long lines (939), with no line terminators Size: 939 Md5: 14cd9a0afb6ba9a763651d5112760d1e Sha1: 75d7b104ab9ab11fbb73c3f348b43b0119b5adfa Sha256: 4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1 Host: content-signature-2.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	URL: content-signature-2.cdn.mozilla.net/chains/remote-setti (...) FQDN: content-signature-2.cdn.mozilla.net IP: 34.160.144.191 HASH: 651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0 34.160.144.191 HTTP/2 200 OK content-type: binary/octet-stream x-amz-id-2: L1r3i+kpj5ii/lHOZu/kBhtKs3ttm6C0KEJ8jPPK8RHqNUglBk7Avz+7iyDLAU4S+Ttr9n+K4aA= x-amz-request-id: AM6TVNZCG7765H4A content-disposition: attachment accept-ranges: bytes server: AmazonS3 content-length: 5348 via: 1.1 google date: Tue, 06 Dec 2022 09:48:53 GMT age: 2370 last-modified: Wed, 30 Nov 2022 10:06:34 GMT etag: "53341dea33f4f3d9b4966f80589f429a" cache-control: public,max-age=3600 alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: PEM certificate\012- , ASCII text Size: 5348 Md5: 53341dea33f4f3d9b4966f80589f429a Sha1: 20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d Sha256: 651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /v1/tiles HTTP/1.1 Host: contile.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: contile.services.mozilla.com/v1/tiles FQDN: contile.services.mozilla.com IP: 34.117.237.239 HASH: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3 34.117.237.239 HTTP/2 200 OK content-type: application/json server: nginx date: Tue, 06 Dec 2022 10:28:23 GMT content-length: 12 strict-transport-security: max-age=31536000 via: 1.1 google alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JSON data\012- , ASCII text, with no line terminators Size: 12 Md5: 23e88fb7b99543fb33315b29b1fad9d6 Sha1: a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET / HTTP/1.1 Host: 165252b.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Upgrade-Insecure-Requests: 1	URL: 165252b.com/ FQDN: 165252b.com IP: 43.198.33.164 HASH: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 43.198.33.164 HTTP/1.1 301 Moved Permanently Server: kangle/3.5.14 Date: Tue, 06 Dec 2022 10:28:23 GMT Location: https://165252b.com/ Content-Length: 0 Connection: close --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Alerts: Blocklists: - fortinet: Phishing
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/json Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/json Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: firefox.settings.services.mozilla.com/v1/buckets/main/c (...) FQDN: firefox.settings.services.mozilla.com IP: 34.102.187.140 HASH: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300 34.102.187.140 HTTP/2 200 OK content-type: application/json access-control-allow-origin: * access-control-expose-headers: Retry-After, ETag, Alert, Expires, Cache-Control, Backoff, Content-Length, Content-Type, Pragma, Last-Modified content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; strict-transport-security: max-age=31536000 x-content-type-options: nosniff content-length: 329 via: 1.1 google date: Tue, 06 Dec 2022 10:11:20 GMT cache-control: public,max-age=3600 age: 1024 last-modified: Fri, 25 Mar 2022 17:45:46 GMT etag: "1648230346554" alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JSON data\012- , ASCII text, with very long lines (329), with no line terminators Size: 329 Md5: 0333b0655111aa68de771adfcc4db243 Sha1: 63f295a144ac87a7c8e23417626724eeca68a7eb Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
POST / HTTP/1.1 Host: ocsp.digicert.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.digicert.com/ FQDN: ocsp.digicert.com IP: 93.184.220.29 HASH: c38734a8dbe51217d73896c0bf7f5c38c107fd79e0dee24b717f130377e9b5f7 93.184.220.29 HTTP/1.1 200 OK Content-Type: application/ocsp-response Accept-Ranges: bytes Age: 5770 Cache-Control: max-age=87278 Date: Tue, 06 Dec 2022 10:28:24 GMT Etag: "638db4ac-1d7" Expires: Wed, 07 Dec 2022 10:43:02 GMT Last-Modified: Mon, 05 Dec 2022 09:06:52 GMT Server: ECS (ska/F71C) X-Cache: HIT Content-Length: 471 --- Additional Info --- Magic: data Size: 471 Md5: 2b9d6a686aa3c4ea24568425e43a5221 Sha1: d53bb4c9579bd1db78a0520619e888aec79f750f Sha256: c38734a8dbe51217d73896c0bf7f5c38c107fd79e0dee24b717f130377e9b5f7
GET / HTTP/1.1 Host: push.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Sec-WebSocket-Version: 13 Origin: wss://push.services.mozilla.com/ Sec-WebSocket-Protocol: push-notification Sec-WebSocket-Extensions: permessage-deflate Sec-WebSocket-Key: 0gcuEejnu1OhE7KHT6vWZg== Connection: keep-alive, Upgrade Sec-Fetch-Dest: websocket Sec-Fetch-Mode: websocket Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache Upgrade: websocket	URL: push.services.mozilla.com/ FQDN: push.services.mozilla.com IP: 35.166.172.24 HASH: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 35.166.172.24 HTTP/1.1 101 Switching Protocols Connection: Upgrade Upgrade: websocket Sec-WebSocket-Accept: ivg7OuOJko+tlCB6mAdrR5HMiEI= --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1 Host: zerossl.ocsp.sectigo.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: zerossl.ocsp.sectigo.com/ FQDN: zerossl.ocsp.sectigo.com IP: 172.64.155.188 HASH: 03db5b5488af254dc710f8417b6e278d9f578c095b9728b375ceb5d8102cf284 172.64.155.188 HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Tue, 06 Dec 2022 10:28:25 GMT Content-Length: 727 Connection: keep-alive Last-Modified: Fri, 02 Dec 2022 22:55:49 GMT Expires: Fri, 09 Dec 2022 22:55:48 GMT Etag: "1e92ea0f6484192869a3bde7089967fc5d90d0d7" Cache-Control: max-age=303442,s-maxage=1800,public,no-transform,must-revalidate X-CCACDN-Proxy-ID: mcdpinlb4 X-Frame-Options: SAMEORIGIN CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 775455a81eab0b3d-OSL --- Additional Info --- Magic: data Size: 727 Md5: 4dc541ab085aedadcee7fec917aa52c1 Sha1: 1e92ea0f6484192869a3bde7089967fc5d90d0d7 Sha256: 03db5b5488af254dc710f8417b6e278d9f578c095b9728b375ceb5d8102cf284
GET / HTTP/1.1 Host: 165252b.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: none Sec-Fetch-User: ?1	URL: 165252b.com/ FQDN: 165252b.com IP: 18.166.84.185 HASH: 246a6fc642f6f2ccfa16f94c613ed69e0eae6da3dae07b436dc383e31aac60c2 18.166.84.185 HTTP/1.1 200 OK Content-Type: text/html ETag: "807c56b3b68d91:0" Content-Encoding: gzip Last-Modified: Mon, 05 Dec 2022 14:34:37 GMT Accept-Ranges: bytes Vary: Accept-Encoding Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Tue, 06 Dec 2022 07:06:54 GMT Content-Length: 3780 Connection: close --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators Size: 3780 Md5: 137abb7dff2fa2019ebed89d5cf35bed Sha1: 7c8407b1122be1ae7502ae2932ae6afcf97e639e Sha256: 246a6fc642f6f2ccfa16f94c613ed69e0eae6da3dae07b436dc383e31aac60c2 Alerts: Blocklists: - fortinet: Phishing
GET /jquery-1.10.2.min.js HTTP/1.1 Host: code.jquery.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://165252b.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	URL: code.jquery.com/jquery-1.10.2.min.js FQDN: code.jquery.com IP: 69.16.175.10 HASH: 6c63276db5e51f227be1c9bdaf73d76fa01040499944a8c8607db0c234f0575c 69.16.175.10 HTTP/2 200 OK content-type: application/javascript; charset=utf-8 date: Tue, 06 Dec 2022 10:28:25 GMT content-encoding: gzip content-length: 32788 last-modified: Wed, 16 Feb 2022 10:50:39 GMT accept-ranges: bytes server: nginx etag: W/"620cd6ff-16bb3" cache-control: max-age=315360000, public access-control-allow-origin: * vary: Accept-Encoding x-hw: 1670322505.dop023.sk1.t,1670322505.cds071.sk1.hn,1670322505.cds243.sk1.c X-Firefox-Spdy: h2 --- Additional Info --- Magic: ASCII text, with very long lines (32072) Size: 32788 Md5: 68cc08e82915da8b82fc6be74ab86365 Sha1: 4089530b0c00f6cbd1452d7f873be85454196fd1 Sha256: 6c63276db5e51f227be1c9bdaf73d76fa01040499944a8c8607db0c234f0575c
GET /21087101.js HTTP/1.1 Host: 165252b.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://165252b.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin	URL: 165252b.com/21087101.js FQDN: 165252b.com IP: 18.166.84.185 HASH: 460807ee247fe0d107d981ea6c648cf27296165c20641204c5d432a4820013d4 18.166.84.185 HTTP/1.1 200 OK Content-Type: application/javascript ETag: "0b85d4401cd81:0" Content-Encoding: gzip Last-Modified: Mon, 07 Feb 2022 08:54:08 GMT Accept-Ranges: bytes Vary: Accept-Encoding Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Tue, 06 Dec 2022 09:50:36 GMT Content-Length: 2317 Connection: close --- Additional Info --- Magic: Unicode text, UTF-8 (with BOM) text, with very long lines (4898), with no line terminators Size: 2317 Md5: 5026ffd6e6c9dfab39611630f4675f44 Sha1: fb6847e8e5aafd3e9fd7e5769cb85eb99f9ed06e Sha256: 460807ee247fe0d107d981ea6c648cf27296165c20641204c5d432a4820013d4 Alerts: Blocklists: - fortinet: Phishing
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.76.226 HASH: ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7 23.36.76.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7" Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=9337 Expires: Tue, 06 Dec 2022 13:04:03 GMT Date: Tue, 06 Dec 2022 10:28:26 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 83e0936435ad95a15c9ec5ff9520f4fe Sha1: a8225ee0d8ae117f977f7ff817c342c62e91b5a9 Sha256: ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0ca09fa3-9c1c-4e27-b763-2de04564da9d.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: e15711efe27a3d302a9869cf01d27fd65bd0beca9d03a19d93bbf11e28f3e1d8 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 4827 x-amzn-requestid: 9091cc45-8fb1-4b07-8ef9-3f42b85fb81e x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: csSuYH_KIAMFpMQ= x-content-type-options: nosniff x-amzn-trace-id: Root=1-638e64c2-6bf3bf8659ef3feb27c1803f;Sampled=0 x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:10 GMT x-amz-cf-pop: HIO50-C1, SEA19-C2 x-cache: Hit from cloudfront x-amz-cf-id: fxdYE-ftBwC_0KcBJBQqvUbVXM54TmsKR8QXIfLIhdLYsqtaxdx9tg== via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google date: Mon, 05 Dec 2022 22:22:26 GMT age: 43560 etag: "0f1c7567b89cc3de60196e47e37879296359bc78" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 4827 Md5: 73b9f329cd3a39d0756de62dd5f190b7 Sha1: 0f1c7567b89cc3de60196e47e37879296359bc78 Sha256: e15711efe27a3d302a9869cf01d27fd65bd0beca9d03a19d93bbf11e28f3e1d8
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.76.226 HASH: ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7 23.36.76.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7" Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=9337 Expires: Tue, 06 Dec 2022 13:04:03 GMT Date: Tue, 06 Dec 2022 10:28:26 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 83e0936435ad95a15c9ec5ff9520f4fe Sha1: a8225ee0d8ae117f977f7ff817c342c62e91b5a9 Sha256: ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb60ffdb0-9abd-43ed-ba00-442492cc7b45.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 4cec4e669ba4b149573de59df16d8cae06a6d4393092d7e06150596f38dc6856 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 8287 x-amzn-requestid: f434241a-bf89-44a4-8320-37083f11ae0c x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: csSuYHxOIAMFYuw= x-content-type-options: nosniff x-amzn-trace-id: Root=1-638e64c2-1a89a8d25044d96535ad8a36;Sampled=0 x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:10 GMT x-amz-cf-pop: HIO50-C1, SEA19-C2 x-cache: Hit from cloudfront x-amz-cf-id: Ut9ZM7T05yaYKdk6GVUSnG7yIQ07QmG-jOy9mgE_K1AB9qUgx6L3LQ== via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google date: Mon, 05 Dec 2022 22:30:52 GMT age: 43054 etag: "cec2ccf17ae08fe009c09563d214564c3499ad4c" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 8287 Md5: 4c0e37b32bf91d9877ad7cb9f4f875a5 Sha1: cec2ccf17ae08fe009c09563d214564c3499ad4c Sha256: 4cec4e669ba4b149573de59df16d8cae06a6d4393092d7e06150596f38dc6856
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.76.226 HASH: ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7 23.36.76.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7" Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=9337 Expires: Tue, 06 Dec 2022 13:04:03 GMT Date: Tue, 06 Dec 2022 10:28:26 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 83e0936435ad95a15c9ec5ff9520f4fe Sha1: a8225ee0d8ae117f977f7ff817c342c62e91b5a9 Sha256: ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F70fb9d31-10e5-4323-9fbd-ed451a00e6b1.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: a993ca6dc9a1f854f4542f9221e4f90060825ea863974b5163a9d3e284dc4663 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 10594 x-amzn-requestid: eee9f193-eef5-44bf-997a-877fa206749e x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: csSyIHpGoAMF1fw= x-content-type-options: nosniff x-amzn-trace-id: Root=1-638e64da-0a9190f7698dbf2f73bb1575;Sampled=0 x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:34 GMT x-amz-cf-pop: HIO50-C1, SEA19-C2 x-cache: Hit from cloudfront x-amz-cf-id: f-KQCOuDl461V8MBPsSOj1ILCU91Q0pCSENaldkMHR2oZdrEUnHeaA== via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google date: Mon, 05 Dec 2022 22:03:16 GMT age: 44710 etag: "366aa3ab0790c496ea51bc08d1f2ff3358530d9e" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 10594 Md5: 7e1b54923ba506fde6b21c5bfb51ccc8 Sha1: 366aa3ab0790c496ea51bc08d1f2ff3358530d9e Sha256: a993ca6dc9a1f854f4542f9221e4f90060825ea863974b5163a9d3e284dc4663
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.76.226 HASH: ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7 23.36.76.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7" Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=9337 Expires: Tue, 06 Dec 2022 13:04:03 GMT Date: Tue, 06 Dec 2022 10:28:26 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 83e0936435ad95a15c9ec5ff9520f4fe Sha1: a8225ee0d8ae117f977f7ff817c342c62e91b5a9 Sha256: ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 79478269b1f5dcfd1e45ccd4264fa44805b37c5c8fec820bcbd2fa1689dfbbd8 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 11224 x-amzn-requestid: 938de0b8-1055-4416-9ad7-162ab5f4db9f x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: csUINEwdoAMFuOw= x-content-type-options: nosniff x-amzn-trace-id: Root=1-638e6701-38b079ef341bb17e567de773;Sampled=0 x-amzn-remapped-date: Mon, 05 Dec 2022 21:47:45 GMT x-amz-cf-pop: YVR50-C1, SEA19-C2 x-cache: Hit from cloudfront x-amz-cf-id: tGtiCE9C3j0BUruNaFN2j1mKxCSouLmocmTXpmLMBJaLNyVwkXu1gQ== via: 1.1 f0ac467993db44dbfc36b778dfcaf73c.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google date: Mon, 05 Dec 2022 22:23:09 GMT age: 43517 etag: "36082b7329d473829178f280cb71a83b1531e486" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 11224 Md5: b15136d60fd0a5e0f657a4f5c75d540f Sha1: 36082b7329d473829178f280cb71a83b1531e486 Sha256: 79478269b1f5dcfd1e45ccd4264fa44805b37c5c8fec820bcbd2fa1689dfbbd8
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.76.226 HASH: ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7 23.36.76.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7" Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=9337 Expires: Tue, 06 Dec 2022 13:04:03 GMT Date: Tue, 06 Dec 2022 10:28:26 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 83e0936435ad95a15c9ec5ff9520f4fe Sha1: a8225ee0d8ae117f977f7ff817c342c62e91b5a9 Sha256: ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7663e5fc-37de-4be8-9be7-49805622f85d.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 90325d4299a44dbd213857ada6f6880db8c33ad61685cfcb60c4a2455a84cf87 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 10183 x-amzn-requestid: 557e6b38-7be9-4953-968b-2e5bd3491ef4 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: csUDYEQbIAMFwRg= x-content-type-options: nosniff x-amzn-trace-id: Root=1-638e66e2-1fcd8fc4719bc0bc7d11abd2;Sampled=0 x-amzn-remapped-date: Mon, 05 Dec 2022 21:47:14 GMT x-amz-cf-pop: SEA19-C2 x-cache: Miss from cloudfront x-amz-cf-id: z1_zJTJMuk724WMOmIc660b54AyZK8ffNVF5N7ehZ00W2kaL3Lcd1A== via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google date: Mon, 05 Dec 2022 21:47:14 GMT age: 45672 etag: "f914f04a0e1fb45a221d31d2105bfc73015b03e6" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 10183 Md5: 99d1ff8fa2e095dcf2bda3d1e1af1221 Sha1: f914f04a0e1fb45a221d31d2105bfc73015b03e6 Sha256: 90325d4299a44dbd213857ada6f6880db8c33ad61685cfcb60c4a2455a84cf87
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbcfc1e29-0017-4346-aacf-66d3875076ce.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: cb2b44e1f74a9bb43fab48536f6146e273c728b34e4889ff3f18a411d14d2282 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 5790 x-amzn-requestid: 2e409a5f-ce04-4b9b-b3a2-74e5bbd256d3 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: csSvoEoUoAMFsxg= x-content-type-options: nosniff x-amzn-trace-id: Root=1-638e64ca-72e1bb13187b18aa26c8566f;Sampled=0 x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:18 GMT x-amz-cf-pop: HIO50-C1, SEA19-C2 x-cache: Hit from cloudfront x-amz-cf-id: WBNaNTgYQaDVlJqu2u341xYy_6zmr5LqmCD2BPjGPGgmAG20WNHyKw== via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google date: Mon, 05 Dec 2022 21:46:52 GMT age: 45694 etag: "1f25392db4cf3693259202b24e898f21093b8bf9" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 5790 Md5: 18bbcbf84b00d3bc602830478ff1bd7f Sha1: 1f25392db4cf3693259202b24e898f21093b8bf9 Sha256: cb2b44e1f74a9bb43fab48536f6146e273c728b34e4889ff3f18a411d14d2282
GET /21087213.js HTTP/1.1 Host: 165252b.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://165252b.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin	URL: 165252b.com/21087213.js FQDN: 165252b.com IP: 18.166.84.185 HASH: cea97b59e3645585dd9f0251aea8b2363f05058ed3a4c71d297f1617380e3eaf 18.166.84.185 HTTP/1.1 200 OK Content-Type: application/javascript ETag: "8021c54301cd81:0" Content-Encoding: gzip Last-Modified: Mon, 07 Feb 2022 08:54:07 GMT Accept-Ranges: bytes Vary: Accept-Encoding Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Tue, 06 Dec 2022 10:00:52 GMT Content-Length: 2317 Connection: close --- Additional Info --- Magic: Unicode text, UTF-8 (with BOM) text, with very long lines (4898), with no line terminators Size: 2317 Md5: 2c36800990ca5c880e38b660f521f3e6 Sha1: cee5b2658a911467b6f7c622fa6da88619a0e3f7 Sha256: cea97b59e3645585dd9f0251aea8b2363f05058ed3a4c71d297f1617380e3eaf Alerts: Blocklists: - fortinet: Phishing
GET /css1/style.css HTTP/1.1 Host: 165252b.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://165252b.com/ Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin	URL: 165252b.com/css1/style.css FQDN: 165252b.com IP: 18.166.84.185 HASH: 6f6fe9c79257804f14395b6b55f3be701fa917cd509c2ef80eb614de781813e0 18.166.84.185 HTTP/1.1 200 OK Content-Type: text/css ETag: "8048d1218f3d81:0" Content-Encoding: gzip Last-Modified: Fri, 07 Jan 2022 06:23:49 GMT Accept-Ranges: bytes Vary: Accept-Encoding Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Tue, 06 Dec 2022 10:07:29 GMT Content-Length: 1792 Connection: close --- Additional Info --- Magic: Unicode text, UTF-8 text, with very long lines (301), with CRLF line terminators Size: 1792 Md5: b7f8fd73132e23e1457faf5acdffaf8b Sha1: db851cc5040905f822657a20e96c2842a7dd3314 Sha256: 6f6fe9c79257804f14395b6b55f3be701fa917cd509c2ef80eb614de781813e0
GET /js/swiper.min.js HTTP/1.1 Host: 165252b.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://165252b.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin	URL: 165252b.com/js/swiper.min.js FQDN: 165252b.com IP: 18.166.84.185 HASH: b0f1e83708354377cfb1eee4ff3352255095f26b04edf23081da4c73bb068e4a 18.166.84.185 HTTP/1.1 404 Not Found Content-Type: text/html Content-Encoding: gzip Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Tue, 06 Dec 2022 10:28:23 GMT Transfer-Encoding: chunked Connection: close --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators Size: 675 Md5: 815ec59bc7238fae2bbe77156ad8f5b2 Sha1: bc673c626b999f08c7b6ebeb9616834a08a8d3a4 Sha256: b0f1e83708354377cfb1eee4ff3352255095f26b04edf23081da4c73bb068e4a Alerts: Blocklists: - fortinet: Phishing
GET /css1/swiper.min.css HTTP/1.1 Host: 165252b.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://165252b.com/ Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin	URL: 165252b.com/css1/swiper.min.css FQDN: 165252b.com IP: 18.166.84.185 HASH: c9d12a223c41b0be637fb0815f80762224495b2690f15ba6158adc0b598eedd0 18.166.84.185 HTTP/1.1 200 OK Content-Type: text/css ETag: "0d17287c3d81:0" Content-Encoding: gzip Last-Modified: Fri, 07 Jan 2022 04:07:06 GMT Accept-Ranges: bytes Vary: Accept-Encoding Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Tue, 06 Dec 2022 10:28:23 GMT Content-Length: 2400 Connection: close --- Additional Info --- Magic: Unicode text, UTF-8 (with BOM) text, with very long lines (14260) Size: 2400 Md5: 1357f6e95574bd1c792585868be9a401 Sha1: 173cb6439ed00c47abdeaf9285ed9dfbd3fbbbaf Sha256: c9d12a223c41b0be637fb0815f80762224495b2690f15ba6158adc0b598eedd0
GET /cj/%E8%A7%A3%E8%9B%87%E8%9B%8B%E5%9B%BE.js HTTP/1.1 Host: 165252b.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://165252b.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin	URL: 165252b.com/cj/%E8%A7%A3%E8%9B%87%E8%9B%8B%E5%9B%BE.js FQDN: 165252b.com IP: 18.166.84.185 HASH: 1102733a62a309d18855706bd79a196d28fd4a909f447026f5a50499965439c5 18.166.84.185 HTTP/1.1 200 OK Content-Type: application/javascript ETag: "80da6fe5c68d91:0" Content-Encoding: gzip Last-Modified: Mon, 05 Dec 2022 16:30:33 GMT Accept-Ranges: bytes Vary: Accept-Encoding Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Tue, 06 Dec 2022 10:00:53 GMT Content-Length: 623 Connection: close --- Additional Info --- Magic: HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators Size: 623 Md5: 9248d8691de9e170b199ba007091abbb Sha1: 95b20e3ebc3277bf5d76f3f9c48c953114372f7e Sha256: 1102733a62a309d18855706bd79a196d28fd4a909f447026f5a50499965439c5 Alerts: Blocklists: - fortinet: Phishing
GET /21262045.js HTTP/1.1 Host: 165252b.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://165252b.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin	URL: 165252b.com/21262045.js FQDN: 165252b.com IP: 18.166.84.185 HASH: 481548ab8727772034f228b07a18fd43b3be64deeda2972ba7777f21716e7ca8 18.166.84.185 HTTP/1.1 200 OK Content-Type: application/javascript ETag: "80e34df49224d81:0" Content-Encoding: gzip Last-Modified: Fri, 18 Feb 2022 06:44:19 GMT Accept-Ranges: bytes Vary: Accept-Encoding Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Tue, 06 Dec 2022 10:28:23 GMT Content-Length: 2318 Connection: close --- Additional Info --- Magic: Unicode text, UTF-8 (with BOM) text, with very long lines (4898), with no line terminators Size: 2318 Md5: 38dc5adf854b42f121f06a04a07f4356 Sha1: 74e15660b677b84b9fad69e81255177d43393711 Sha256: 481548ab8727772034f228b07a18fd43b3be64deeda2972ba7777f21716e7ca8 Alerts: Blocklists: - fortinet: Phishing
GET /ddns.js HTTP/1.1 Host: 165252b.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://165252b.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin	URL: 165252b.com/ddns.js FQDN: 165252b.com IP: 18.166.84.185 HASH: b0f1e83708354377cfb1eee4ff3352255095f26b04edf23081da4c73bb068e4a 18.166.84.185 HTTP/1.1 404 Not Found Content-Type: text/html Content-Encoding: gzip Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Tue, 06 Dec 2022 10:28:23 GMT Transfer-Encoding: chunked Connection: close --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators Size: 675 Md5: 815ec59bc7238fae2bbe77156ad8f5b2 Sha1: bc673c626b999f08c7b6ebeb9616834a08a8d3a4 Sha256: b0f1e83708354377cfb1eee4ff3352255095f26b04edf23081da4c73bb068e4a Alerts: Blocklists: - fortinet: Phishing
GET /cj/%E5%9B%9B%E8%82%96%E5%85%AB%E7%A0%81.js HTTP/1.1 Host: 165252b.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://165252b.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin	URL: 165252b.com/cj/%E5%9B%9B%E8%82%96%E5%85%AB%E7%A0%81.js FQDN: 165252b.com IP: 18.166.84.185 HASH: 9bcebd150d6215fc6fdc6865427c7be84606c5881b8d0a856279ba65330e7c27 18.166.84.185 HTTP/1.1 200 OK Content-Type: application/javascript ETag: "0cb6ae8c68d91:0" Content-Encoding: gzip Last-Modified: Mon, 05 Dec 2022 16:30:38 GMT Accept-Ranges: bytes Vary: Accept-Encoding Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Tue, 06 Dec 2022 07:06:55 GMT Content-Length: 643 Connection: close --- Additional Info --- Magic: HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators Size: 643 Md5: 7fc7f9d3a40c6fa853e88b00ec224ad3 Sha1: 8cc81ffa91f7fef369421bce2e6915f9c2703382 Sha256: 9bcebd150d6215fc6fdc6865427c7be84606c5881b8d0a856279ba65330e7c27 Alerts: Blocklists: - fortinet: Phishing
GET /cj/%E5%9B%9B%E5%B0%BE%E5%85%AB%E7%A0%81.js HTTP/1.1 Host: 165252b.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://165252b.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin	URL: 165252b.com/cj/%E5%9B%9B%E5%B0%BE%E5%85%AB%E7%A0%81.js FQDN: 165252b.com IP: 18.166.84.185 HASH: 3800864af74a68b65c7dfa584c6a24222e72d6ca7e6d8d8b0fdf544de16f4010 18.166.84.185 HTTP/1.1 200 OK Content-Type: application/javascript ETag: "0cb6ae8c68d91:0" Content-Encoding: gzip Last-Modified: Mon, 05 Dec 2022 16:30:38 GMT Accept-Ranges: bytes Vary: Accept-Encoding Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Tue, 06 Dec 2022 10:22:08 GMT Content-Length: 572 Connection: close --- Additional Info --- Magic: HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators Size: 572 Md5: 417395fba3d08bc730ca38714ab9fc32 Sha1: cc7f94f669c66b302bece3938df6a8591803fc53 Sha256: 3800864af74a68b65c7dfa584c6a24222e72d6ca7e6d8d8b0fdf544de16f4010 Alerts: Blocklists: - fortinet: Phishing
POST /gsgccr3dvtlsca2020 HTTP/1.1 Host: ocsp.globalsign.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 79 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.globalsign.com/gsgccr3dvtlsca2020 FQDN: ocsp.globalsign.com IP: 104.18.21.226 HASH: a571e126be09305cd363e5cfca096d187f03389a687ba5ad4cafc654510c07ee 104.18.21.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Tue, 06 Dec 2022 10:28:27 GMT Content-Length: 1414 Connection: keep-alive Expires: Sat, 10 Dec 2022 07:48:25 GMT ETag: "4935b2ee629271c7a9959d570062f2d6a0cc767f" Last-Modified: Tue, 06 Dec 2022 07:48:26 GMT Cache-Control: public, no-transform, must-revalidate, s-maxage=3600 CF-Cache-Status: HIT Age: 669 Accept-Ranges: bytes Vary: Accept-Encoding Server: cloudflare CF-RAY: 775455ba8e84b4ff-OSL --- Additional Info --- Magic: data Size: 1414 Md5: 597adbbad7b302398bf21c6dccbe28a4 Sha1: 4935b2ee629271c7a9959d570062f2d6a0cc767f Sha256: a571e126be09305cd363e5cfca096d187f03389a687ba5ad4cafc654510c07ee
GET /cj/%E8%A7%A3%E5%8F%A6%E7%89%88%E8%9B%87%E8%9B%8B%E5%9B%BE.js HTTP/1.1 Host: 165252b.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://165252b.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin	URL: 165252b.com/cj/%E8%A7%A3%E5%8F%A6%E7%89%88%E8%9B%87%E8% (...) FQDN: 165252b.com IP: 18.166.84.185 HASH: b47aaf2ebe68d6666260c8d8da9c049f798f1d014c15f7cac8abfa1308a47a4f 18.166.84.185 HTTP/1.1 200 OK Content-Type: application/javascript ETag: "80da6fe5c68d91:0" Content-Encoding: gzip Last-Modified: Mon, 05 Dec 2022 16:30:33 GMT Accept-Ranges: bytes Vary: Accept-Encoding Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Tue, 06 Dec 2022 10:26:35 GMT Content-Length: 1657 Connection: close --- Additional Info --- Magic: HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (676), with CRLF line terminators Size: 1657 Md5: 6011b7d31f1b4c5d79bdee91a7a2f01e Sha1: fdac9d3d24bfd99aa938f0c3c9ba22b89db44b9f Sha256: b47aaf2ebe68d6666260c8d8da9c049f798f1d014c15f7cac8abfa1308a47a4f Alerts: Blocklists: - fortinet: Phishing
GET /cj/%E4%B8%89%E5%A4%B4%E4%B8%AD%E7%89%B9.js HTTP/1.1 Host: 165252b.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://165252b.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin	URL: 165252b.com/cj/%E4%B8%89%E5%A4%B4%E4%B8%AD%E7%89%B9.js FQDN: 165252b.com IP: 18.166.84.185 HASH: 2e7f68b1ca6833b5b3e9921ce65f96509f6afdab420316dc1f3ffed76c9f0e06 18.166.84.185 HTTP/1.1 200 OK Content-Type: application/javascript ETag: "0cb6ae8c68d91:0" Content-Encoding: gzip Last-Modified: Mon, 05 Dec 2022 16:30:38 GMT Accept-Ranges: bytes Vary: Accept-Encoding Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Tue, 06 Dec 2022 10:22:08 GMT Content-Length: 482 Connection: close --- Additional Info --- Magic: HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators Size: 482 Md5: 3a97645f15fc5164dda92e30b076a695 Sha1: de098924e19466ca31cef7680d7152ece109679c Sha256: 2e7f68b1ca6833b5b3e9921ce65f96509f6afdab420316dc1f3ffed76c9f0e06 Alerts: Blocklists: - fortinet: Phishing
GET /cj/%E4%B8%80%E5%8F%A5%E8%A7%A3%E7%89%B9.js HTTP/1.1 Host: 165252b.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://165252b.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin	URL: 165252b.com/cj/%E4%B8%80%E5%8F%A5%E8%A7%A3%E7%89%B9.js FQDN: 165252b.com IP: 18.166.84.185 HASH: 6d13c89bce23681dcab176aec12c59c70786de169f11325ba1a7ce5eb765fb93 18.166.84.185 HTTP/1.1 200 OK Content-Type: application/javascript ETag: "80613e9c68d91:0" Content-Encoding: gzip Last-Modified: Mon, 05 Dec 2022 16:30:39 GMT Accept-Ranges: bytes Vary: Accept-Encoding Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Tue, 06 Dec 2022 10:28:24 GMT Content-Length: 1112 Connection: close --- Additional Info --- Magic: HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators Size: 1112 Md5: d5d95328124485b830ef0ad31c384dc0 Sha1: 538f4f22cf6adfb639ff24a4697ec2f5725ebe99 Sha256: 6d13c89bce23681dcab176aec12c59c70786de169f11325ba1a7ce5eb765fb93 Alerts: Blocklists: - fortinet: Phishing
GET /go1?id=21087101&rt=1670322506189&rl=12801024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=&ing=1&ekc=&sid=1670322506189&tt=&kw=&cu=https%253A%252F%252F165252b.com%252F&pu= HTTP/1.1 Host: ia.51.la User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://165252b.com/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	URL: ia.51.la/go1?id=21087101&rt=1670322506189&rl=1280*1024& (...) FQDN: ia.51.la IP: 103.143.19.103 HASH: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 103.143.19.103 HTTP/1.1 200 Server: CloudWAF Date: Tue, 06 Dec 2022 10:28:28 GMT Content-Length: 0 Connection: keep-alive Set-Cookie: HWWAFSESID=c10884cc3875c236134; path=/ HWWAFSESTIME=1670322506989; path=/ --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /go1?id=21087213&rt=1670322507259&rl=12801024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=&ing=2&ekc=&sid=1670322507259&tt=&kw=&cu=https%253A%252F%252F165252b.com%252F&pu= HTTP/1.1 Host: ia.51.la User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://165252b.com/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	URL: ia.51.la/go1?id=21087213&rt=1670322507259&rl=1280*1024& (...) FQDN: ia.51.la IP: 103.143.19.103 HASH: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 103.143.19.103 HTTP/1.1 200 Server: CloudWAF Date: Tue, 06 Dec 2022 10:28:29 GMT Content-Length: 0 Connection: keep-alive Set-Cookie: HWWAFSESID=7f3f960a62c04044199; path=/ HWWAFSESTIME=1670322507174; path=/ --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cj/%E4%B8%80%E5%AD%97%E7%8E%84%E6%9C%BA.js HTTP/1.1 Host: 165252b.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://165252b.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin	URL: 165252b.com/cj/%E4%B8%80%E5%AD%97%E7%8E%84%E6%9C%BA.js FQDN: 165252b.com IP: 18.166.84.185 HASH: c3bbb2d0f90f220384f965f8dc7dca1005f6c84c70a44168d0961327caf561dd 18.166.84.185 HTTP/1.1 200 OK Content-Type: application/javascript ETag: "80613e9c68d91:0" Content-Encoding: gzip Last-Modified: Mon, 05 Dec 2022 16:30:39 GMT Accept-Ranges: bytes Vary: Accept-Encoding Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Tue, 06 Dec 2022 04:35:08 GMT Content-Length: 1081 Connection: close --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (406), with CRLF line terminators Size: 1081 Md5: bdba2d9317686d5c93efbb3665ece85b Sha1: 879ff476e6ab9733389a8f467011674e31c5bbac Sha256: c3bbb2d0f90f220384f965f8dc7dca1005f6c84c70a44168d0961327caf561dd Alerts: Blocklists: - fortinet: Phishing
GET /cj/%E5%B9%B3%E7%89%B9%E4%B8%80%E5%B0%BE.js HTTP/1.1 Host: 165252b.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://165252b.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin	URL: 165252b.com/cj/%E5%B9%B3%E7%89%B9%E4%B8%80%E5%B0%BE.js FQDN: 165252b.com IP: 18.166.84.185 HASH: 1b3161ee0d9635d0eba35efa4d823016773a57a2ac31c67cd525b0f727f91f3e 18.166.84.185 HTTP/1.1 200 OK Content-Type: application/javascript Content-Encoding: gzip ETag: "65168de7c68d91:0" Last-Modified: Mon, 05 Dec 2022 16:30:36 GMT Accept-Ranges: bytes Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Tue, 06 Dec 2022 10:24:35 GMT Content-Length: 334 Connection: close --- Additional Info --- Magic: HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators Size: 334 Md5: 11b0c0559cdf221b471b61bcbe49a826 Sha1: aad0808850c810108cbcf45f448cb51764c614a8 Sha256: 1b3161ee0d9635d0eba35efa4d823016773a57a2ac31c67cd525b0f727f91f3e Alerts: Blocklists: - fortinet: Phishing
GET /cj/%E5%B9%B3%E7%89%B9%E4%B8%80%E8%82%96.js HTTP/1.1 Host: 165252b.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://165252b.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin	URL: 165252b.com/cj/%E5%B9%B3%E7%89%B9%E4%B8%80%E8%82%96.js FQDN: 165252b.com IP: 18.166.84.185 HASH: b4d69982aeaf55b397e98268bcad47de22f65264139a1fade7c05c44e588aff7 18.166.84.185 HTTP/1.1 200 OK Content-Type: application/javascript Content-Encoding: gzip ETag: "d648c2e7c68d91:0" Last-Modified: Mon, 05 Dec 2022 16:30:36 GMT Accept-Ranges: bytes Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Tue, 06 Dec 2022 10:22:08 GMT Content-Length: 313 Connection: close --- Additional Info --- Magic: HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators Size: 313 Md5: fdbe858634a8f0aee772e25fb1eb76e3 Sha1: b7b6e81ffb2162ce816c5990a9aacc12f787e93a Sha256: b4d69982aeaf55b397e98268bcad47de22f65264139a1fade7c05c44e588aff7 Alerts: Blocklists: - fortinet: Phishing
GET /cj/%E8%A7%A3%E8%B7%91%E7%8B%97.js HTTP/1.1 Host: 165252b.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://165252b.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin	URL: 165252b.com/cj/%E8%A7%A3%E8%B7%91%E7%8B%97.js FQDN: 165252b.com IP: 18.166.84.185 HASH: 5290d9ea0770b055c52f191aafd5008de5776b21633260841d4b70a3ddfb877f 18.166.84.185 HTTP/1.1 200 OK Content-Type: application/javascript ETag: "80da6fe5c68d91:0" Content-Encoding: gzip Last-Modified: Mon, 05 Dec 2022 16:30:33 GMT Accept-Ranges: bytes Vary: Accept-Encoding Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Tue, 06 Dec 2022 10:28:25 GMT Content-Length: 1490 Connection: close --- Additional Info --- Magic: HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators Size: 1490 Md5: 6ddbacf3e979d05f910acf988a867d97 Sha1: d2ecfa96a761453b4c672c9f5b9e51430c692c2c Sha256: 5290d9ea0770b055c52f191aafd5008de5776b21633260841d4b70a3ddfb877f Alerts: Blocklists: - fortinet: Phishing
GET /cj/%E8%A7%A3%E5%9B%9B%E4%B8%8D%E5%83%8F.js HTTP/1.1 Host: 165252b.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://165252b.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin	URL: 165252b.com/cj/%E8%A7%A3%E5%9B%9B%E4%B8%8D%E5%83%8F.js FQDN: 165252b.com IP: 18.166.84.185 HASH: 27cadf764753442858c37f6cf52b79cb000dadd998d2969605b14294ab567f64 18.166.84.185 HTTP/1.1 200 OK Content-Type: application/javascript ETag: "0718e6c68d91:0" Content-Encoding: gzip Last-Modified: Mon, 05 Dec 2022 16:30:34 GMT Accept-Ranges: bytes Vary: Accept-Encoding Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Tue, 06 Dec 2022 10:24:35 GMT Content-Length: 856 Connection: close --- Additional Info --- Magic: HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators Size: 856 Md5: 4f5336c3a848e1bed72070b0f499e94c Sha1: 209fb278714bdd96da3bf4e78f8e061caceb5eb0 Sha256: 27cadf764753442858c37f6cf52b79cb000dadd998d2969605b14294ab567f64 Alerts: Blocklists: - fortinet: Phishing
GET /cj/%E8%A7%A3%E5%9B%9B%E5%AD%97%E7%AC%A6.js HTTP/1.1 Host: 165252b.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://165252b.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin	URL: 165252b.com/cj/%E8%A7%A3%E5%9B%9B%E5%AD%97%E7%AC%A6.js FQDN: 165252b.com IP: 18.166.84.185 HASH: 19b9484711db612523ba06f29ebb71e74e38d1902a188fbaa3c2b72645edd236 18.166.84.185 HTTP/1.1 200 OK Content-Type: application/javascript ETag: "0718e6c68d91:0" Content-Encoding: gzip Last-Modified: Mon, 05 Dec 2022 16:30:34 GMT Accept-Ranges: bytes Vary: Accept-Encoding Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Tue, 06 Dec 2022 08:29:24 GMT Content-Length: 676 Connection: close --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators Size: 676 Md5: 23c5e80a8b850b65ddaa92d7ffa359dd Sha1: 399345ecd47752970b3c181e057f36c0652446f6 Sha256: 19b9484711db612523ba06f29ebb71e74e38d1902a188fbaa3c2b72645edd236 Alerts: Blocklists: - fortinet: Phishing
GET /cj/%E5%A4%A7%E5%B0%8F%E4%B8%AD%E7%89%B9.js HTTP/1.1 Host: 165252b.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://165252b.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin	URL: 165252b.com/cj/%E5%A4%A7%E5%B0%8F%E4%B8%AD%E7%89%B9.js FQDN: 165252b.com IP: 18.166.84.185 HASH: 30487cb6f0bf99224150fb689e7945546e5c5f31f7ca8a49cf7b9255201cb887 18.166.84.185 HTTP/1.1 200 OK Content-Type: application/javascript Content-Encoding: gzip ETag: "131ece3c68d91:0" Last-Modified: Mon, 05 Dec 2022 16:30:30 GMT Accept-Ranges: bytes Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Tue, 06 Dec 2022 10:26:51 GMT Content-Length: 330 Connection: close --- Additional Info --- Magic: HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators Size: 330 Md5: e7ec4292e97ba0551f5901835712be44 Sha1: cc192934be032bc754c58c1ea5686e30699a4986 Sha256: 30487cb6f0bf99224150fb689e7945546e5c5f31f7ca8a49cf7b9255201cb887 Alerts: Blocklists: - fortinet: Phishing
GET /cj/gsb2.js HTTP/1.1 Host: 165252b.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://165252b.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin	URL: 165252b.com/cj/gsb2.js FQDN: 165252b.com IP: 18.166.84.185 HASH: fb25f5e21f23a39a47fdfb24d07772cd3b0d9e1efd64f61f626e72a1a450d2b4 18.166.84.185 HTTP/1.1 200 OK Content-Type: application/javascript ETag: "8080de3c68d91:0" Content-Encoding: gzip Last-Modified: Mon, 05 Dec 2022 16:30:29 GMT Accept-Ranges: bytes Vary: Accept-Encoding Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Tue, 06 Dec 2022 10:28:25 GMT Content-Length: 1400 Connection: close --- Additional Info --- Magic: HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators Size: 1400 Md5: a773db293ccb8bdc437111d810f3817f Sha1: e6a931b8f0c5e2e47f24d5410e428e31f5b89ead Sha256: fb25f5e21f23a39a47fdfb24d07772cd3b0d9e1efd64f61f626e72a1a450d2b4 Alerts: Blocklists: - fortinet: Phishing
GET /cj/%E5%90%88%E6%95%B0%E4%B8%AD%E7%89%B9.js HTTP/1.1 Host: 165252b.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://165252b.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin	URL: 165252b.com/cj/%E5%90%88%E6%95%B0%E4%B8%AD%E7%89%B9.js FQDN: 165252b.com IP: 18.166.84.185 HASH: 39d4f2e3857c0198210d61f8627d0e85aebafe565f59177972cbee639f60b2b4 18.166.84.185 HTTP/1.1 200 OK Content-Type: application/javascript Content-Encoding: gzip ETag: "945fa5e4c68d91:0" Last-Modified: Mon, 05 Dec 2022 16:30:31 GMT Accept-Ranges: bytes Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Tue, 06 Dec 2022 10:28:25 GMT Transfer-Encoding: chunked Connection: close --- Additional Info --- Magic: HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators Size: 336 Md5: 9c0c3b16a2b0be8e8d63b454d39393be Sha1: 811e797d99c5b9201ea8e7e4882e72b6ef6080c8 Sha256: 39d4f2e3857c0198210d61f8627d0e85aebafe565f59177972cbee639f60b2b4 Alerts: Blocklists: - fortinet: Phishing
GET /cj/%E8%A7%A3%E7%BA%A2%E5%AD%97.js HTTP/1.1 Host: 165252b.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://165252b.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin	URL: 165252b.com/cj/%E8%A7%A3%E7%BA%A2%E5%AD%97.js FQDN: 165252b.com IP: 18.166.84.185 HASH: 4e4c19846cbb0a36bac30224396e76632369e882794f868c28212f2c7fe0534b 18.166.84.185 HTTP/1.1 200 OK Content-Type: application/javascript Content-Encoding: gzip ETag: "4038e5c68d91:0" Last-Modified: Mon, 05 Dec 2022 16:30:32 GMT Accept-Ranges: bytes Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Tue, 06 Dec 2022 10:22:09 GMT Content-Length: 444 Connection: close --- Additional Info --- Magic: HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators Size: 444 Md5: 102fdd503f861f1678e2a59dba06a255 Sha1: 152ac9710ac4d72c6385561db84db2abca9f514e Sha256: 4e4c19846cbb0a36bac30224396e76632369e882794f868c28212f2c7fe0534b Alerts: Blocklists: - fortinet: Phishing
GET /cj/%E8%A7%A3%E8%80%81%E7%89%88%E8%B7%91%E7%8B%97.js HTTP/1.1 Host: 165252b.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://165252b.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin	URL: 165252b.com/cj/%E8%A7%A3%E8%80%81%E7%89%88%E8%B7%91%E7% (...) FQDN: 165252b.com IP: 18.166.84.185 HASH: a0d1f12f40ec6495c38b751dfeb130c0b8648b0b47573834199733f256ecefa2 18.166.84.185 HTTP/1.1 200 OK Content-Type: application/javascript ETag: "044d7e4c68d91:0" Content-Encoding: gzip Last-Modified: Mon, 05 Dec 2022 16:30:32 GMT Accept-Ranges: bytes Vary: Accept-Encoding Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Tue, 06 Dec 2022 10:24:37 GMT Content-Length: 1365 Connection: close --- Additional Info --- Magic: HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators Size: 1365 Md5: 6c830c50400a59ea58e811aad9e7b065 Sha1: 44f72d9305c0874ef2881b850c154facb12210d4 Sha256: a0d1f12f40ec6495c38b751dfeb130c0b8648b0b47573834199733f256ecefa2 Alerts: Blocklists: - fortinet: Phishing
GET /cj/%E4%B8%83%E5%B0%BE%E4%B8%AD%E7%89%B9.js HTTP/1.1 Host: 165252b.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://165252b.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin	URL: 165252b.com/cj/%E4%B8%83%E5%B0%BE%E4%B8%AD%E7%89%B9.js FQDN: 165252b.com IP: 18.166.84.185 HASH: 36901188a5462c178a07fcbd22660e0f0bf3fb521653852c30943cd3b774706a 18.166.84.185 HTTP/1.1 200 OK Content-Type: application/javascript ETag: "8034d2e7c68d91:0" Content-Encoding: gzip Last-Modified: Mon, 05 Dec 2022 16:30:37 GMT Accept-Ranges: bytes Vary: Accept-Encoding Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Tue, 06 Dec 2022 10:17:37 GMT Content-Length: 581 Connection: close --- Additional Info --- Magic: HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators Size: 581 Md5: 6a7ebc7f0058220a276ae1f6ef859e46 Sha1: 6fb97ca323adfb812006057492ba2a9ab2082b67 Sha256: 36901188a5462c178a07fcbd22660e0f0bf3fb521653852c30943cd3b774706a Alerts: Blocklists: - fortinet: Phishing
GET /cj/%E7%BB%9D%E6%9D%80%E4%B8%80%E5%B0%BE.js HTTP/1.1 Host: 165252b.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://165252b.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin	URL: 165252b.com/cj/%E7%BB%9D%E6%9D%80%E4%B8%80%E5%B0%BE.js FQDN: 165252b.com IP: 18.166.84.185 HASH: 159d76116539748bf661823cad2dfd317eaf618a8f096747b639aa8f7860dd41 18.166.84.185 HTTP/1.1 200 OK Content-Type: application/javascript ETag: "09e39e7c68d91:0" Content-Encoding: gzip Last-Modified: Mon, 05 Dec 2022 16:30:36 GMT Accept-Ranges: bytes Vary: Accept-Encoding Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Tue, 06 Dec 2022 10:00:54 GMT Content-Length: 819 Connection: close --- Additional Info --- Magic: HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators Size: 819 Md5: f757ee7ebd3fb67b0aebc9ddab51beea Sha1: c2e051cf14b6b9231cf3a0b74f62da57755a560c Sha256: 159d76116539748bf661823cad2dfd317eaf618a8f096747b639aa8f7860dd41 Alerts: Blocklists: - fortinet: Phishing
GET /cj/%E8%A7%A3%E5%8F%A6%E7%89%88%E8%B7%91%E7%8B%97.js HTTP/1.1 Host: 165252b.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://165252b.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin	URL: 165252b.com/cj/%E8%A7%A3%E5%8F%A6%E7%89%88%E8%B7%91%E7% (...) FQDN: 165252b.com IP: 18.166.84.185 HASH: 72ff0da64c97b578fc8b86bd4ccf6768b17592a0866f3cc63f230a000155852d 18.166.84.185 HTTP/1.1 200 OK Content-Type: application/javascript ETag: "80da6fe5c68d91:0" Content-Encoding: gzip Last-Modified: Mon, 05 Dec 2022 16:30:33 GMT Accept-Ranges: bytes Vary: Accept-Encoding Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Tue, 06 Dec 2022 09:55:54 GMT Content-Length: 1147 Connection: close --- Additional Info --- Magic: HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators Size: 1147 Md5: 3c53a7820fb6140b7f1055f841d488c9 Sha1: 2d4662fc1aedd537b6e5fc0c245a2533df9e1c08 Sha256: 72ff0da64c97b578fc8b86bd4ccf6768b17592a0866f3cc63f230a000155852d Alerts: Blocklists: - fortinet: Phishing
GET /cj/%E7%B2%BE%E9%80%89%E4%B9%9D%E8%82%96.js HTTP/1.1 Host: 165252b.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://165252b.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin	URL: 165252b.com/cj/%E7%B2%BE%E9%80%89%E4%B9%9D%E8%82%96.js FQDN: 165252b.com IP: 18.166.84.185 HASH: de3e6b1f07aabf39a7534ea9c2390f9a65e7436085357eac70749b678bb787ac 18.166.84.185 HTTP/1.1 200 OK Content-Type: application/javascript ETag: "0718e6c68d91:0" Content-Encoding: gzip Last-Modified: Mon, 05 Dec 2022 16:30:34 GMT Accept-Ranges: bytes Vary: Accept-Encoding Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Tue, 06 Dec 2022 08:58:45 GMT Content-Length: 747 Connection: close --- Additional Info --- Magic: HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators Size: 747 Md5: 70797a1b5b1cf9215af5dc05270cb987 Sha1: 49e5658b23ee86ef414e8fd5751aff77829987cb Sha256: de3e6b1f07aabf39a7534ea9c2390f9a65e7436085357eac70749b678bb787ac Alerts: Blocklists: - fortinet: Phishing
GET /cj/%E5%90%89%E7%BE%8E%E5%87%B6%E4%B8%91.js HTTP/1.1 Host: 165252b.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://165252b.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin	URL: 165252b.com/cj/%E5%90%89%E7%BE%8E%E5%87%B6%E4%B8%91.js FQDN: 165252b.com IP: 18.166.84.185 HASH: 4d451fd9c12700e84242c515f768d17c6ee1d9152d165870374f6ac5da1c34f5 18.166.84.185 HTTP/1.1 200 OK Content-Type: application/javascript ETag: "044d7e4c68d91:0" Content-Encoding: gzip Last-Modified: Mon, 05 Dec 2022 16:30:32 GMT Accept-Ranges: bytes Vary: Accept-Encoding Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Tue, 06 Dec 2022 10:24:37 GMT Content-Length: 560 Connection: close --- Additional Info --- Magic: HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators Size: 560 Md5: 2de7910534ef8d78ca4e484dab96c917 Sha1: c15554df8574442807291e2dcb2fa65d913d1843 Sha256: 4d451fd9c12700e84242c515f768d17c6ee1d9152d165870374f6ac5da1c34f5 Alerts: Blocklists: - fortinet: Phishing
GET /cj/%E6%98%A5%E5%A4%8F%E7%A7%8B%E5%86%AC.js HTTP/1.1 Host: 165252b.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://165252b.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin	URL: 165252b.com/cj/%E6%98%A5%E5%A4%8F%E7%A7%8B%E5%86%AC.js FQDN: 165252b.com IP: 18.166.84.185 HASH: 294ac14b00e9354f94bfd36be2ab948b333ce9112ee9f485cb12df8213b46188 18.166.84.185 HTTP/1.1 200 OK Content-Type: application/javascript ETag: "017a6e3c68d91:0" Content-Encoding: gzip Last-Modified: Mon, 05 Dec 2022 16:30:30 GMT Accept-Ranges: bytes Vary: Accept-Encoding Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Tue, 06 Dec 2022 08:29:26 GMT Content-Length: 688 Connection: close --- Additional Info --- Magic: HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators Size: 688 Md5: a3e703b30c571ebab0efc1a5a168c806 Sha1: a497538ee113c73bffeaf809e023c9998ff3e69e Sha256: 294ac14b00e9354f94bfd36be2ab948b333ce9112ee9f485cb12df8213b46188 Alerts: Blocklists: - fortinet: Phishing
GET /cj/%E7%BB%9D%E6%9D%80%E4%B8%89%E8%82%96.js HTTP/1.1 Host: 165252b.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://165252b.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin	URL: 165252b.com/cj/%E7%BB%9D%E6%9D%80%E4%B8%89%E8%82%96.js FQDN: 165252b.com IP: 18.166.84.185 HASH: 82a8b5ecd7cd27ce5b7bc83f745d60af59b2a6221775a909186066b1e6dcf08d 18.166.84.185 HTTP/1.1 200 OK Content-Type: application/javascript ETag: "807a1e6c68d91:0" Content-Encoding: gzip Last-Modified: Mon, 05 Dec 2022 16:30:35 GMT Accept-Ranges: bytes Vary: Accept-Encoding Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Tue, 06 Dec 2022 10:24:37 GMT Content-Length: 663 Connection: close --- Additional Info --- Magic: HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators Size: 663 Md5: f07b397ac3ab351e985ef362a496a668 Sha1: f4d6c0537c7e8cacd254c4ed7d3c834f436934be Sha256: 82a8b5ecd7cd27ce5b7bc83f745d60af59b2a6221775a909186066b1e6dcf08d Alerts: Blocklists: - fortinet: Phishing
GET /cj/%E9%A3%8E%E9%9B%A8%E9%9B%B7%E7%94%B5.js HTTP/1.1 Host: 165252b.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://165252b.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin	URL: 165252b.com/cj/%E9%A3%8E%E9%9B%A8%E9%9B%B7%E7%94%B5.js FQDN: 165252b.com IP: 18.166.84.185 HASH: 0956493d01d696d08c8934f287d69d54ba03d7f5d474a823751e497492cbdb62 18.166.84.185 HTTP/1.1 200 OK Content-Type: application/javascript ETag: "80ad3ee4c68d91:0" Content-Encoding: gzip Last-Modified: Mon, 05 Dec 2022 16:30:31 GMT Accept-Ranges: bytes Vary: Accept-Encoding Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Tue, 06 Dec 2022 10:28:27 GMT Content-Length: 632 Connection: close --- Additional Info --- Magic: HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators Size: 632 Md5: 84ac2170a919be76ecd853b263c3ac16 Sha1: feaca768f5d26206c40967d1f7d1e747e406ec66 Sha256: 0956493d01d696d08c8934f287d69d54ba03d7f5d474a823751e497492cbdb62 Alerts: Blocklists: - fortinet: Phishing
GET /cj/%E7%B2%BE%E9%80%89%E5%8F%8C%E6%B3%A2.js HTTP/1.1 Host: 165252b.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://165252b.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin	URL: 165252b.com/cj/%E7%B2%BE%E9%80%89%E5%8F%8C%E6%B3%A2.js FQDN: 165252b.com IP: 18.166.84.185 HASH: ea91aaa9c192e0280cad049762f4727459ca10df82452bed244d26a26de000e4 18.166.84.185 HTTP/1.1 200 OK Content-Type: application/javascript ETag: "807a1e6c68d91:0" Content-Encoding: gzip Last-Modified: Mon, 05 Dec 2022 16:30:35 GMT Accept-Ranges: bytes Vary: Accept-Encoding Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Tue, 06 Dec 2022 07:33:11 GMT Content-Length: 699 Connection: close --- Additional Info --- Magic: HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators Size: 699 Md5: 93c3dcdefb630f2d7c500a8728f24ccb Sha1: 2b7f96148ac66b074f2ef6c3211d2375159cf62e Sha256: ea91aaa9c192e0280cad049762f4727459ca10df82452bed244d26a26de000e4 Alerts: Blocklists: - fortinet: Phishing
GET /cj/%E7%BB%9D%E6%9D%80%E4%B8%80%E5%A4%B4.js HTTP/1.1 Host: 165252b.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://165252b.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin	URL: 165252b.com/cj/%E7%BB%9D%E6%9D%80%E4%B8%80%E5%A4%B4.js FQDN: 165252b.com IP: 18.166.84.185 HASH: fba970ac1c25bb2d9ccb5641fece6429de5875f66fb6d5edea849ba251f33afa 18.166.84.185 HTTP/1.1 200 OK Content-Type: application/javascript ETag: "807a1e6c68d91:0" Content-Encoding: gzip Last-Modified: Mon, 05 Dec 2022 16:30:35 GMT Accept-Ranges: bytes Vary: Accept-Encoding Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Tue, 06 Dec 2022 07:23:51 GMT Content-Length: 519 Connection: close --- Additional Info --- Magic: HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators Size: 519 Md5: 0e3102b01332f46929fac9a7f588905c Sha1: 73f78a4ac3e987012d80ab1e265c02008e45f49e Sha256: fba970ac1c25bb2d9ccb5641fece6429de5875f66fb6d5edea849ba251f33afa Alerts: Blocklists: - fortinet: Phishing
GET /cj/%E7%90%B4%E6%A3%8B%E4%B9%A6%E7%94%BB.js HTTP/1.1 Host: 165252b.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://165252b.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin	URL: 165252b.com/cj/%E7%90%B4%E6%A3%8B%E4%B9%A6%E7%94%BB.js FQDN: 165252b.com IP: 18.166.84.185 HASH: 195f360210412d0d355ce0922e30f7b5acc7895429c90a4a1a660b99daeac11e 18.166.84.185 HTTP/1.1 200 OK Content-Type: application/javascript ETag: "8034d2e7c68d91:0" Content-Encoding: gzip Last-Modified: Mon, 05 Dec 2022 16:30:37 GMT Accept-Ranges: bytes Vary: Accept-Encoding Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Tue, 06 Dec 2022 10:24:38 GMT Content-Length: 774 Connection: close --- Additional Info --- Magic: HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators Size: 774 Md5: 5c746c222c61d4168a7157a933f15ff1 Sha1: 2f3bb4e3589a781d02bc090fbe4fa7efcbb851bb Sha256: 195f360210412d0d355ce0922e30f7b5acc7895429c90a4a1a660b99daeac11e Alerts: Blocklists: - fortinet: Phishing

URL	165252b.com/
IP	18.166.84.185 (Hong Kong)
ASN	#16509 AMAZON-02
UserAgent	Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed	2022-12-06 10:28:34 UTC
Status	Loading report..
IDS alerts	0
Blocklist alert	35
urlquery alerts	No alerts detected
Tags	None

Overview

Domain Summary (13)

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Blocklists

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 4 reports on IP: 18.166.84.185

Last 5 reports on ASN: AMAZON-02

Last 1 reports on domain: 165252b.com

No other reports with similar screenshot

JavaScript

Executed Scripts (16)

Executed Evals (0)

Executed Writes (0)

HTTP Transactions (62)

Overview

Domain Summary (13)

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro

Blocklists

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 4 reports on IP: 18.166.84.185

Last 5 reports on ASN: AMAZON-02

Last 1 reports on domain: 165252b.com

No other reports with similar screenshot

JavaScript

Executed Scripts (16)

Executed Evals (0)

Executed Writes (0)

HTTP Transactions (62)

Network Intrusion Detection Systems