r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash cfec3d7283a9b66d2be426ce54d210f3
808c1feb1ba918951d1928c1f6bfc0c253262774
1bad6c06aa3e88dcbc125fc98a6cb753eb2b18d2c8dd61da21d12209aeeda3f9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1BAD6C06AA3E88DCBC125FC98A6CB753EB2B18D2C8DD61DA21D12209AEEDA3F9"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12067
Expires: Tue, 06 Dec 2022 13:49:30 GMT
Date: Tue, 06 Dec 2022 10:28:23 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash ee088fab9b287e174cfd1f2c735a909f
25c3335b514a36ad1a24d00413d60c3d394f5161
494e96358ff12366213d7cc0f9197648c6c62ec14fa0d2c78732a683fa26b192
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5780
Cache-Control: max-age=92356
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 10:28:23 GMT
Etag: "638dc877-1d7"
Expires: Wed, 07 Dec 2022 12:07:39 GMT
Last-Modified: Mon, 05 Dec 2022 10:31:19 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1ea206ac3c440825741687351f8c6e4e
2f38dafd8c43dcce2411a0590bc5c02cd6286735
7d7232c8c91bcd18161ba2c9d23e3bff159604e058bd5b3fc1c7fcbcd03a7ee3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12136
Expires: Tue, 06 Dec 2022 13:50:39 GMT
Date: Tue, 06 Dec 2022 10:28:23 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 06 Dec 2022 10:18:38 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 585
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: L1r3i+kpj5ii/lHOZu/kBhtKs3ttm6C0KEJ8jPPK8RHqNUglBk7Avz+7iyDLAU4S+Ttr9n+K4aA=
x-amz-request-id: AM6TVNZCG7765H4A
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 06 Dec 2022 09:48:53 GMT
age: 2370
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 06 Dec 2022 10:28:23 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
165252b.com/
43.198.33.164301 Moved Permanently 0 B IP 43.198.33.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: 165252b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: kangle/3.5.14
Date: Tue, 06 Dec 2022 10:28:23 GMT
Location: https://165252b.com/
Content-Length: 0
Connection: close
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, ETag, Alert, Expires, Cache-Control, Backoff, Content-Length, Content-Type, Pragma, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 06 Dec 2022 10:11:20 GMT
cache-control: public,max-age=3600
age: 1024
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 2b9d6a686aa3c4ea24568425e43a5221
d53bb4c9579bd1db78a0520619e888aec79f750f
c38734a8dbe51217d73896c0bf7f5c38c107fd79e0dee24b717f130377e9b5f7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5770
Cache-Control: max-age=87278
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 10:28:24 GMT
Etag: "638db4ac-1d7"
Expires: Wed, 07 Dec 2022 10:43:02 GMT
Last-Modified: Mon, 05 Dec 2022 09:06:52 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
35.166.172.24101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.166.172.24:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 0gcuEejnu1OhE7KHT6vWZg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ivg7OuOJko+tlCB6mAdrR5HMiEI=
zerossl.ocsp.sectigo.com/
172.64.155.188200 OK 727 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 172.64.155.188:0
Hash 4dc541ab085aedadcee7fec917aa52c1
1e92ea0f6484192869a3bde7089967fc5d90d0d7
03db5b5488af254dc710f8417b6e278d9f578c095b9728b375ceb5d8102cf284
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 10:28:25 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Fri, 02 Dec 2022 22:55:49 GMT
Expires: Fri, 09 Dec 2022 22:55:48 GMT
Etag: "1e92ea0f6484192869a3bde7089967fc5d90d0d7"
Cache-Control: max-age=303442,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775455a81eab0b3d-OSL
165252b.com/
18.166.84.185200 OK 3.8 kB IP 18.166.84.185:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 137abb7dff2fa2019ebed89d5cf35bed
7c8407b1122be1ae7502ae2932ae6afcf97e639e
246a6fc642f6f2ccfa16f94c613ed69e0eae6da3dae07b436dc383e31aac60c2
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: 165252b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
ETag: "807c56b3b68d91:0"
Content-Type: text/html
Content-Encoding: gzip
Last-Modified: Mon, 05 Dec 2022 14:34:37 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 07:06:54 GMT
Content-Length: 3780
Connection: close
code.jquery.com/jquery-1.10.2.min.js
69.16.175.10200 OK 33 kB URL HTTP/2 code.jquery.com/jquery-1.10.2.min.js
IP 69.16.175.10:0
File type ASCII text, with very long lines (32072)
Hash 68cc08e82915da8b82fc6be74ab86365
4089530b0c00f6cbd1452d7f873be85454196fd1
6c63276db5e51f227be1c9bdaf73d76fa01040499944a8c8607db0c234f0575c
GET /jquery-1.10.2.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://165252b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 06 Dec 2022 10:28:25 GMT
content-encoding: gzip
content-length: 32788
content-type: application/javascript; charset=utf-8
last-modified: Wed, 16 Feb 2022 10:50:39 GMT
accept-ranges: bytes
server: nginx
etag: W/"620cd6ff-16bb3"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1670322505.dop023.sk1.t,1670322505.cds071.sk1.hn,1670322505.cds243.sk1.c
X-Firefox-Spdy: h2
165252b.com/21087101.js
18.166.84.185200 OK 2.3 kB IP 18.166.84.185:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (4898), with no line terminators
Hash 5026ffd6e6c9dfab39611630f4675f44
fb6847e8e5aafd3e9fd7e5769cb85eb99f9ed06e
460807ee247fe0d107d981ea6c648cf27296165c20641204c5d432a4820013d4
Analyzer Verdict Alert fortinet Phishing
GET /21087101.js HTTP/1.1
Host: 165252b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://165252b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "0b85d4401cd81:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Mon, 07 Feb 2022 08:54:08 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 09:50:36 GMT
Content-Length: 2317
Connection: close
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9337
Expires: Tue, 06 Dec 2022 13:04:03 GMT
Date: Tue, 06 Dec 2022 10:28:26 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0ca09fa3-9c1c-4e27-b763-2de04564da9d.jpeg
34.120.237.76200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0ca09fa3-9c1c-4e27-b763-2de04564da9d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 73b9f329cd3a39d0756de62dd5f190b7
0f1c7567b89cc3de60196e47e37879296359bc78
e15711efe27a3d302a9869cf01d27fd65bd0beca9d03a19d93bbf11e28f3e1d8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0ca09fa3-9c1c-4e27-b763-2de04564da9d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4827
x-amzn-requestid: 9091cc45-8fb1-4b07-8ef9-3f42b85fb81e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSuYH_KIAMFpMQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64c2-6bf3bf8659ef3feb27c1803f;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:10 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: fxdYE-ftBwC_0KcBJBQqvUbVXM54TmsKR8QXIfLIhdLYsqtaxdx9tg==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:22:26 GMT
age: 43560
etag: "0f1c7567b89cc3de60196e47e37879296359bc78"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9337
Expires: Tue, 06 Dec 2022 13:04:03 GMT
Date: Tue, 06 Dec 2022 10:28:26 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb60ffdb0-9abd-43ed-ba00-442492cc7b45.jpeg
34.120.237.76200 OK 8.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb60ffdb0-9abd-43ed-ba00-442492cc7b45.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4c0e37b32bf91d9877ad7cb9f4f875a5
cec2ccf17ae08fe009c09563d214564c3499ad4c
4cec4e669ba4b149573de59df16d8cae06a6d4393092d7e06150596f38dc6856
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb60ffdb0-9abd-43ed-ba00-442492cc7b45.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8287
x-amzn-requestid: f434241a-bf89-44a4-8320-37083f11ae0c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSuYHxOIAMFYuw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64c2-1a89a8d25044d96535ad8a36;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:10 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Ut9ZM7T05yaYKdk6GVUSnG7yIQ07QmG-jOy9mgE_K1AB9qUgx6L3LQ==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:30:52 GMT
age: 43054
etag: "cec2ccf17ae08fe009c09563d214564c3499ad4c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9337
Expires: Tue, 06 Dec 2022 13:04:03 GMT
Date: Tue, 06 Dec 2022 10:28:26 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F70fb9d31-10e5-4323-9fbd-ed451a00e6b1.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F70fb9d31-10e5-4323-9fbd-ed451a00e6b1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7e1b54923ba506fde6b21c5bfb51ccc8
366aa3ab0790c496ea51bc08d1f2ff3358530d9e
a993ca6dc9a1f854f4542f9221e4f90060825ea863974b5163a9d3e284dc4663
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F70fb9d31-10e5-4323-9fbd-ed451a00e6b1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10594
x-amzn-requestid: eee9f193-eef5-44bf-997a-877fa206749e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSyIHpGoAMF1fw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64da-0a9190f7698dbf2f73bb1575;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:34 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: f-KQCOuDl461V8MBPsSOj1ILCU91Q0pCSENaldkMHR2oZdrEUnHeaA==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:03:16 GMT
age: 44710
etag: "366aa3ab0790c496ea51bc08d1f2ff3358530d9e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9337
Expires: Tue, 06 Dec 2022 13:04:03 GMT
Date: Tue, 06 Dec 2022 10:28:26 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b15136d60fd0a5e0f657a4f5c75d540f
36082b7329d473829178f280cb71a83b1531e486
79478269b1f5dcfd1e45ccd4264fa44805b37c5c8fec820bcbd2fa1689dfbbd8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11224
x-amzn-requestid: 938de0b8-1055-4416-9ad7-162ab5f4db9f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csUINEwdoAMFuOw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e6701-38b079ef341bb17e567de773;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:47:45 GMT
x-amz-cf-pop: YVR50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: tGtiCE9C3j0BUruNaFN2j1mKxCSouLmocmTXpmLMBJaLNyVwkXu1gQ==
via: 1.1 f0ac467993db44dbfc36b778dfcaf73c.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:23:09 GMT
age: 43517
etag: "36082b7329d473829178f280cb71a83b1531e486"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9337
Expires: Tue, 06 Dec 2022 13:04:03 GMT
Date: Tue, 06 Dec 2022 10:28:26 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7663e5fc-37de-4be8-9be7-49805622f85d.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7663e5fc-37de-4be8-9be7-49805622f85d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 99d1ff8fa2e095dcf2bda3d1e1af1221
f914f04a0e1fb45a221d31d2105bfc73015b03e6
90325d4299a44dbd213857ada6f6880db8c33ad61685cfcb60c4a2455a84cf87
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7663e5fc-37de-4be8-9be7-49805622f85d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10183
x-amzn-requestid: 557e6b38-7be9-4953-968b-2e5bd3491ef4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csUDYEQbIAMFwRg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e66e2-1fcd8fc4719bc0bc7d11abd2;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:47:14 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: z1_zJTJMuk724WMOmIc660b54AyZK8ffNVF5N7ehZ00W2kaL3Lcd1A==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:47:14 GMT
age: 45672
etag: "f914f04a0e1fb45a221d31d2105bfc73015b03e6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbcfc1e29-0017-4346-aacf-66d3875076ce.jpeg
34.120.237.76200 OK 5.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbcfc1e29-0017-4346-aacf-66d3875076ce.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 18bbcbf84b00d3bc602830478ff1bd7f
1f25392db4cf3693259202b24e898f21093b8bf9
cb2b44e1f74a9bb43fab48536f6146e273c728b34e4889ff3f18a411d14d2282
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbcfc1e29-0017-4346-aacf-66d3875076ce.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5790
x-amzn-requestid: 2e409a5f-ce04-4b9b-b3a2-74e5bbd256d3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSvoEoUoAMFsxg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64ca-72e1bb13187b18aa26c8566f;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:18 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: WBNaNTgYQaDVlJqu2u341xYy_6zmr5LqmCD2BPjGPGgmAG20WNHyKw==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:46:52 GMT
age: 45694
etag: "1f25392db4cf3693259202b24e898f21093b8bf9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
165252b.com/21087213.js
18.166.84.185200 OK 2.3 kB IP 18.166.84.185:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (4898), with no line terminators
Hash 2c36800990ca5c880e38b660f521f3e6
cee5b2658a911467b6f7c622fa6da88619a0e3f7
cea97b59e3645585dd9f0251aea8b2363f05058ed3a4c71d297f1617380e3eaf
Analyzer Verdict Alert fortinet Phishing
GET /21087213.js HTTP/1.1
Host: 165252b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://165252b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "8021c54301cd81:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Mon, 07 Feb 2022 08:54:07 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 10:00:52 GMT
Content-Length: 2317
Connection: close
165252b.com/css1/style.css
18.166.84.185200 OK 1.8 kB URL HTTP/1.1 165252b.com/css1/style.css
IP 18.166.84.185:0
File type Unicode text, UTF-8 text, with very long lines (301), with CRLF line terminators
Hash b7f8fd73132e23e1457faf5acdffaf8b
db851cc5040905f822657a20e96c2842a7dd3314
6f6fe9c79257804f14395b6b55f3be701fa917cd509c2ef80eb614de781813e0
GET /css1/style.css HTTP/1.1
Host: 165252b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://165252b.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "8048d1218f3d81:0"
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Fri, 07 Jan 2022 06:23:49 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 10:07:29 GMT
Content-Length: 1792
Connection: close
165252b.com/js/swiper.min.js
18.166.84.185404 Not Found 675 B URL HTTP/1.1 165252b.com/js/swiper.min.js
IP 18.166.84.185:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 815ec59bc7238fae2bbe77156ad8f5b2
bc673c626b999f08c7b6ebeb9616834a08a8d3a4
b0f1e83708354377cfb1eee4ff3352255095f26b04edf23081da4c73bb068e4a
Analyzer Verdict Alert fortinet Phishing
GET /js/swiper.min.js HTTP/1.1
Host: 165252b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://165252b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Content-Encoding: gzip
Content-Type: text/html
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 10:28:23 GMT
Transfer-Encoding: chunked
Connection: close
165252b.com/css1/swiper.min.css
18.166.84.185200 OK 2.4 kB URL HTTP/1.1 165252b.com/css1/swiper.min.css
IP 18.166.84.185:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (14260)
Hash 1357f6e95574bd1c792585868be9a401
173cb6439ed00c47abdeaf9285ed9dfbd3fbbbaf
c9d12a223c41b0be637fb0815f80762224495b2690f15ba6158adc0b598eedd0
GET /css1/swiper.min.css HTTP/1.1
Host: 165252b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://165252b.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "0d17287c3d81:0"
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Fri, 07 Jan 2022 04:07:06 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 10:28:23 GMT
Content-Length: 2400
Connection: close
165252b.com/cj/%E8%A7%A3%E8%9B%87%E8%9B%8B%E5%9B%BE.js
18.166.84.185200 OK 623 B URL HTTP/1.1 165252b.com/cj/%E8%A7%A3%E8%9B%87%E8%9B%8B%E5%9B%BE.js
IP 18.166.84.185:0
File type HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 9248d8691de9e170b199ba007091abbb
95b20e3ebc3277bf5d76f3f9c48c953114372f7e
1102733a62a309d18855706bd79a196d28fd4a909f447026f5a50499965439c5
Analyzer Verdict Alert fortinet Phishing
GET /cj/%E8%A7%A3%E8%9B%87%E8%9B%8B%E5%9B%BE.js HTTP/1.1
Host: 165252b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://165252b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "80da6fe5c68d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Mon, 05 Dec 2022 16:30:33 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 10:00:53 GMT
Content-Length: 623
Connection: close
165252b.com/21262045.js
18.166.84.185200 OK 2.3 kB IP 18.166.84.185:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (4898), with no line terminators
Hash 38dc5adf854b42f121f06a04a07f4356
74e15660b677b84b9fad69e81255177d43393711
481548ab8727772034f228b07a18fd43b3be64deeda2972ba7777f21716e7ca8
Analyzer Verdict Alert fortinet Phishing
GET /21262045.js HTTP/1.1
Host: 165252b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://165252b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "80e34df49224d81:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Fri, 18 Feb 2022 06:44:19 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 10:28:23 GMT
Content-Length: 2318
Connection: close
165252b.com/ddns.js
18.166.84.185404 Not Found 675 B IP 18.166.84.185:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 815ec59bc7238fae2bbe77156ad8f5b2
bc673c626b999f08c7b6ebeb9616834a08a8d3a4
b0f1e83708354377cfb1eee4ff3352255095f26b04edf23081da4c73bb068e4a
Analyzer Verdict Alert fortinet Phishing
GET /ddns.js HTTP/1.1
Host: 165252b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://165252b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Content-Encoding: gzip
Content-Type: text/html
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 10:28:23 GMT
Transfer-Encoding: chunked
Connection: close
165252b.com/cj/%E5%9B%9B%E8%82%96%E5%85%AB%E7%A0%81.js
18.166.84.185200 OK 643 B URL HTTP/1.1 165252b.com/cj/%E5%9B%9B%E8%82%96%E5%85%AB%E7%A0%81.js
IP 18.166.84.185:0
File type HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 7fc7f9d3a40c6fa853e88b00ec224ad3
8cc81ffa91f7fef369421bce2e6915f9c2703382
9bcebd150d6215fc6fdc6865427c7be84606c5881b8d0a856279ba65330e7c27
Analyzer Verdict Alert fortinet Phishing
GET /cj/%E5%9B%9B%E8%82%96%E5%85%AB%E7%A0%81.js HTTP/1.1
Host: 165252b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://165252b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "0cb6ae8c68d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Mon, 05 Dec 2022 16:30:38 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 07:06:55 GMT
Content-Length: 643
Connection: close
165252b.com/cj/%E5%9B%9B%E5%B0%BE%E5%85%AB%E7%A0%81.js
18.166.84.185200 OK 572 B URL HTTP/1.1 165252b.com/cj/%E5%9B%9B%E5%B0%BE%E5%85%AB%E7%A0%81.js
IP 18.166.84.185:0
File type HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 417395fba3d08bc730ca38714ab9fc32
cc7f94f669c66b302bece3938df6a8591803fc53
3800864af74a68b65c7dfa584c6a24222e72d6ca7e6d8d8b0fdf544de16f4010
Analyzer Verdict Alert fortinet Phishing
GET /cj/%E5%9B%9B%E5%B0%BE%E5%85%AB%E7%A0%81.js HTTP/1.1
Host: 165252b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://165252b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "0cb6ae8c68d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Mon, 05 Dec 2022 16:30:38 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 10:22:08 GMT
Content-Length: 572
Connection: close
ocsp.globalsign.com/gsgccr3dvtlsca2020
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsgccr3dvtlsca2020
IP 104.18.21.226:0
Hash 597adbbad7b302398bf21c6dccbe28a4
4935b2ee629271c7a9959d570062f2d6a0cc767f
a571e126be09305cd363e5cfca096d187f03389a687ba5ad4cafc654510c07ee
POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 10:28:27 GMT
Content-Type: application/ocsp-response
Content-Length: 1414
Connection: keep-alive
Expires: Sat, 10 Dec 2022 07:48:25 GMT
ETag: "4935b2ee629271c7a9959d570062f2d6a0cc767f"
Last-Modified: Tue, 06 Dec 2022 07:48:26 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 669
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 775455ba8e84b4ff-OSL
165252b.com/cj/%E8%A7%A3%E5%8F%A6%E7%89%88%E8%9B%87%E8%9B%8B%E5%9B%BE.js
18.166.84.185200 OK 1.7 kB URL HTTP/1.1 165252b.com/cj/%E8%A7%A3%E5%8F%A6%E7%89%88%E8%9B%87%E8%9B%8B%E5%9B%BE.js
IP 18.166.84.185:0
File type HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (676), with CRLF line terminators
Hash 6011b7d31f1b4c5d79bdee91a7a2f01e
fdac9d3d24bfd99aa938f0c3c9ba22b89db44b9f
b47aaf2ebe68d6666260c8d8da9c049f798f1d014c15f7cac8abfa1308a47a4f
Analyzer Verdict Alert fortinet Phishing
GET /cj/%E8%A7%A3%E5%8F%A6%E7%89%88%E8%9B%87%E8%9B%8B%E5%9B%BE.js HTTP/1.1
Host: 165252b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://165252b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "80da6fe5c68d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Mon, 05 Dec 2022 16:30:33 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 10:26:35 GMT
Content-Length: 1657
Connection: close
165252b.com/cj/%E4%B8%89%E5%A4%B4%E4%B8%AD%E7%89%B9.js
18.166.84.185200 OK 482 B URL HTTP/1.1 165252b.com/cj/%E4%B8%89%E5%A4%B4%E4%B8%AD%E7%89%B9.js
IP 18.166.84.185:0
File type HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 3a97645f15fc5164dda92e30b076a695
de098924e19466ca31cef7680d7152ece109679c
2e7f68b1ca6833b5b3e9921ce65f96509f6afdab420316dc1f3ffed76c9f0e06
Analyzer Verdict Alert fortinet Phishing
GET /cj/%E4%B8%89%E5%A4%B4%E4%B8%AD%E7%89%B9.js HTTP/1.1
Host: 165252b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://165252b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "0cb6ae8c68d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Mon, 05 Dec 2022 16:30:38 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 10:22:08 GMT
Content-Length: 482
Connection: close
165252b.com/cj/%E4%B8%80%E5%8F%A5%E8%A7%A3%E7%89%B9.js
18.166.84.185200 OK 1.1 kB URL HTTP/1.1 165252b.com/cj/%E4%B8%80%E5%8F%A5%E8%A7%A3%E7%89%B9.js
IP 18.166.84.185:0
File type HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash d5d95328124485b830ef0ad31c384dc0
538f4f22cf6adfb639ff24a4697ec2f5725ebe99
6d13c89bce23681dcab176aec12c59c70786de169f11325ba1a7ce5eb765fb93
Analyzer Verdict Alert fortinet Phishing
GET /cj/%E4%B8%80%E5%8F%A5%E8%A7%A3%E7%89%B9.js HTTP/1.1
Host: 165252b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://165252b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "80613e9c68d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Mon, 05 Dec 2022 16:30:39 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 10:28:24 GMT
Content-Length: 1112
Connection: close
ia.51.la/go1?id=21087101&rt=1670322506189&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=&ing=1&ekc=&sid=1670322506189&tt=&kw=&cu=https%253A%252F%252F165252b.com%252F&pu=
103.143.19.103200 0 B URL HTTP/1.1 ia.51.la/go1?id=21087101&rt=1670322506189&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=&ing=1&ekc=&sid=1670322506189&tt=&kw=&cu=https%253A%252F%252F165252b.com%252F&pu=
IP 103.143.19.103:0
ASN #4837 CHINA UNICOM China169 Backbone
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /go1?id=21087101&rt=1670322506189&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=&ing=1&ekc=&sid=1670322506189&tt=&kw=&cu=https%253A%252F%252F165252b.com%252F&pu= HTTP/1.1
Host: ia.51.la
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://165252b.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200
Server: CloudWAF
Date: Tue, 06 Dec 2022 10:28:28 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: HWWAFSESID=c10884cc3875c236134; path=/
HWWAFSESTIME=1670322506989; path=/
ia.51.la/go1?id=21087213&rt=1670322507259&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=&ing=2&ekc=&sid=1670322507259&tt=&kw=&cu=https%253A%252F%252F165252b.com%252F&pu=
103.143.19.103200 0 B URL HTTP/1.1 ia.51.la/go1?id=21087213&rt=1670322507259&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=&ing=2&ekc=&sid=1670322507259&tt=&kw=&cu=https%253A%252F%252F165252b.com%252F&pu=
IP 103.143.19.103:0
ASN #4837 CHINA UNICOM China169 Backbone
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /go1?id=21087213&rt=1670322507259&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=&ing=2&ekc=&sid=1670322507259&tt=&kw=&cu=https%253A%252F%252F165252b.com%252F&pu= HTTP/1.1
Host: ia.51.la
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://165252b.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200
Server: CloudWAF
Date: Tue, 06 Dec 2022 10:28:29 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: HWWAFSESID=7f3f960a62c04044199; path=/
HWWAFSESTIME=1670322507174; path=/
165252b.com/cj/%E4%B8%80%E5%AD%97%E7%8E%84%E6%9C%BA.js
18.166.84.185200 OK 1.1 kB URL HTTP/1.1 165252b.com/cj/%E4%B8%80%E5%AD%97%E7%8E%84%E6%9C%BA.js
IP 18.166.84.185:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (406), with CRLF line terminators
Hash bdba2d9317686d5c93efbb3665ece85b
879ff476e6ab9733389a8f467011674e31c5bbac
c3bbb2d0f90f220384f965f8dc7dca1005f6c84c70a44168d0961327caf561dd
Analyzer Verdict Alert fortinet Phishing
GET /cj/%E4%B8%80%E5%AD%97%E7%8E%84%E6%9C%BA.js HTTP/1.1
Host: 165252b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://165252b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "80613e9c68d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Mon, 05 Dec 2022 16:30:39 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 04:35:08 GMT
Content-Length: 1081
Connection: close
165252b.com/cj/%E5%B9%B3%E7%89%B9%E4%B8%80%E5%B0%BE.js
18.166.84.185200 OK 334 B URL HTTP/1.1 165252b.com/cj/%E5%B9%B3%E7%89%B9%E4%B8%80%E5%B0%BE.js
IP 18.166.84.185:0
File type HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 11b0c0559cdf221b471b61bcbe49a826
aad0808850c810108cbcf45f448cb51764c614a8
1b3161ee0d9635d0eba35efa4d823016773a57a2ac31c67cd525b0f727f91f3e
Analyzer Verdict Alert fortinet Phishing
GET /cj/%E5%B9%B3%E7%89%B9%E4%B8%80%E5%B0%BE.js HTTP/1.1
Host: 165252b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://165252b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Encoding: gzip
ETag: "65168de7c68d91:0"
Content-Type: application/javascript
Last-Modified: Mon, 05 Dec 2022 16:30:36 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 10:24:35 GMT
Content-Length: 334
Connection: close
165252b.com/cj/%E5%B9%B3%E7%89%B9%E4%B8%80%E8%82%96.js
18.166.84.185200 OK 313 B URL HTTP/1.1 165252b.com/cj/%E5%B9%B3%E7%89%B9%E4%B8%80%E8%82%96.js
IP 18.166.84.185:0
File type HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash fdbe858634a8f0aee772e25fb1eb76e3
b7b6e81ffb2162ce816c5990a9aacc12f787e93a
b4d69982aeaf55b397e98268bcad47de22f65264139a1fade7c05c44e588aff7
Analyzer Verdict Alert fortinet Phishing
GET /cj/%E5%B9%B3%E7%89%B9%E4%B8%80%E8%82%96.js HTTP/1.1
Host: 165252b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://165252b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Encoding: gzip
ETag: "d648c2e7c68d91:0"
Content-Type: application/javascript
Last-Modified: Mon, 05 Dec 2022 16:30:36 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 10:22:08 GMT
Content-Length: 313
Connection: close
165252b.com/cj/%E8%A7%A3%E8%B7%91%E7%8B%97.js
18.166.84.185200 OK 1.5 kB URL HTTP/1.1 165252b.com/cj/%E8%A7%A3%E8%B7%91%E7%8B%97.js
IP 18.166.84.185:0
File type HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 6ddbacf3e979d05f910acf988a867d97
d2ecfa96a761453b4c672c9f5b9e51430c692c2c
5290d9ea0770b055c52f191aafd5008de5776b21633260841d4b70a3ddfb877f
Analyzer Verdict Alert fortinet Phishing
GET /cj/%E8%A7%A3%E8%B7%91%E7%8B%97.js HTTP/1.1
Host: 165252b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://165252b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "80da6fe5c68d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Mon, 05 Dec 2022 16:30:33 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 10:28:25 GMT
Content-Length: 1490
Connection: close
165252b.com/cj/%E8%A7%A3%E5%9B%9B%E4%B8%8D%E5%83%8F.js
18.166.84.185200 OK 856 B URL HTTP/1.1 165252b.com/cj/%E8%A7%A3%E5%9B%9B%E4%B8%8D%E5%83%8F.js
IP 18.166.84.185:0
File type HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 4f5336c3a848e1bed72070b0f499e94c
209fb278714bdd96da3bf4e78f8e061caceb5eb0
27cadf764753442858c37f6cf52b79cb000dadd998d2969605b14294ab567f64
Analyzer Verdict Alert fortinet Phishing
GET /cj/%E8%A7%A3%E5%9B%9B%E4%B8%8D%E5%83%8F.js HTTP/1.1
Host: 165252b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://165252b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "0718e6c68d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Mon, 05 Dec 2022 16:30:34 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 10:24:35 GMT
Content-Length: 856
Connection: close
165252b.com/cj/%E8%A7%A3%E5%9B%9B%E5%AD%97%E7%AC%A6.js
18.166.84.185200 OK 676 B URL HTTP/1.1 165252b.com/cj/%E8%A7%A3%E5%9B%9B%E5%AD%97%E7%AC%A6.js
IP 18.166.84.185:0
File type HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 23c5e80a8b850b65ddaa92d7ffa359dd
399345ecd47752970b3c181e057f36c0652446f6
19b9484711db612523ba06f29ebb71e74e38d1902a188fbaa3c2b72645edd236
Analyzer Verdict Alert fortinet Phishing
GET /cj/%E8%A7%A3%E5%9B%9B%E5%AD%97%E7%AC%A6.js HTTP/1.1
Host: 165252b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://165252b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "0718e6c68d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Mon, 05 Dec 2022 16:30:34 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 08:29:24 GMT
Content-Length: 676
Connection: close
165252b.com/cj/%E5%A4%A7%E5%B0%8F%E4%B8%AD%E7%89%B9.js
18.166.84.185200 OK 330 B URL HTTP/1.1 165252b.com/cj/%E5%A4%A7%E5%B0%8F%E4%B8%AD%E7%89%B9.js
IP 18.166.84.185:0
File type HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash e7ec4292e97ba0551f5901835712be44
cc192934be032bc754c58c1ea5686e30699a4986
30487cb6f0bf99224150fb689e7945546e5c5f31f7ca8a49cf7b9255201cb887
Analyzer Verdict Alert fortinet Phishing
GET /cj/%E5%A4%A7%E5%B0%8F%E4%B8%AD%E7%89%B9.js HTTP/1.1
Host: 165252b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://165252b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Encoding: gzip
ETag: "131ece3c68d91:0"
Content-Type: application/javascript
Last-Modified: Mon, 05 Dec 2022 16:30:30 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 10:26:51 GMT
Content-Length: 330
Connection: close
165252b.com/cj/gsb2.js
18.166.84.185200 OK 1.4 kB IP 18.166.84.185:0
File type HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash a773db293ccb8bdc437111d810f3817f
e6a931b8f0c5e2e47f24d5410e428e31f5b89ead
fb25f5e21f23a39a47fdfb24d07772cd3b0d9e1efd64f61f626e72a1a450d2b4
Analyzer Verdict Alert fortinet Phishing
GET /cj/gsb2.js HTTP/1.1
Host: 165252b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://165252b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "8080de3c68d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Mon, 05 Dec 2022 16:30:29 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 10:28:25 GMT
Content-Length: 1400
Connection: close
165252b.com/cj/%E5%90%88%E6%95%B0%E4%B8%AD%E7%89%B9.js
18.166.84.185200 OK 336 B URL HTTP/1.1 165252b.com/cj/%E5%90%88%E6%95%B0%E4%B8%AD%E7%89%B9.js
IP 18.166.84.185:0
File type HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 9c0c3b16a2b0be8e8d63b454d39393be
811e797d99c5b9201ea8e7e4882e72b6ef6080c8
39d4f2e3857c0198210d61f8627d0e85aebafe565f59177972cbee639f60b2b4
Analyzer Verdict Alert fortinet Phishing
GET /cj/%E5%90%88%E6%95%B0%E4%B8%AD%E7%89%B9.js HTTP/1.1
Host: 165252b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://165252b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Encoding: gzip
ETag: "945fa5e4c68d91:0"
Content-Type: application/javascript
Last-Modified: Mon, 05 Dec 2022 16:30:31 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 10:28:25 GMT
Transfer-Encoding: chunked
Connection: close
165252b.com/cj/%E8%A7%A3%E7%BA%A2%E5%AD%97.js
18.166.84.185200 OK 444 B URL HTTP/1.1 165252b.com/cj/%E8%A7%A3%E7%BA%A2%E5%AD%97.js
IP 18.166.84.185:0
File type HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 102fdd503f861f1678e2a59dba06a255
152ac9710ac4d72c6385561db84db2abca9f514e
4e4c19846cbb0a36bac30224396e76632369e882794f868c28212f2c7fe0534b
Analyzer Verdict Alert fortinet Phishing
GET /cj/%E8%A7%A3%E7%BA%A2%E5%AD%97.js HTTP/1.1
Host: 165252b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://165252b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Encoding: gzip
ETag: "4038e5c68d91:0"
Content-Type: application/javascript
Last-Modified: Mon, 05 Dec 2022 16:30:32 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 10:22:09 GMT
Content-Length: 444
Connection: close
165252b.com/cj/%E8%A7%A3%E8%80%81%E7%89%88%E8%B7%91%E7%8B%97.js
18.166.84.185200 OK 1.4 kB URL HTTP/1.1 165252b.com/cj/%E8%A7%A3%E8%80%81%E7%89%88%E8%B7%91%E7%8B%97.js
IP 18.166.84.185:0
File type HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 6c830c50400a59ea58e811aad9e7b065
44f72d9305c0874ef2881b850c154facb12210d4
a0d1f12f40ec6495c38b751dfeb130c0b8648b0b47573834199733f256ecefa2
Analyzer Verdict Alert fortinet Phishing
GET /cj/%E8%A7%A3%E8%80%81%E7%89%88%E8%B7%91%E7%8B%97.js HTTP/1.1
Host: 165252b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://165252b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "044d7e4c68d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Mon, 05 Dec 2022 16:30:32 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 10:24:37 GMT
Content-Length: 1365
Connection: close
165252b.com/cj/%E4%B8%83%E5%B0%BE%E4%B8%AD%E7%89%B9.js
18.166.84.185200 OK 581 B URL HTTP/1.1 165252b.com/cj/%E4%B8%83%E5%B0%BE%E4%B8%AD%E7%89%B9.js
IP 18.166.84.185:0
File type HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 6a7ebc7f0058220a276ae1f6ef859e46
6fb97ca323adfb812006057492ba2a9ab2082b67
36901188a5462c178a07fcbd22660e0f0bf3fb521653852c30943cd3b774706a
Analyzer Verdict Alert fortinet Phishing
GET /cj/%E4%B8%83%E5%B0%BE%E4%B8%AD%E7%89%B9.js HTTP/1.1
Host: 165252b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://165252b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "8034d2e7c68d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Mon, 05 Dec 2022 16:30:37 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 10:17:37 GMT
Content-Length: 581
Connection: close
165252b.com/cj/%E7%BB%9D%E6%9D%80%E4%B8%80%E5%B0%BE.js
18.166.84.185200 OK 819 B URL HTTP/1.1 165252b.com/cj/%E7%BB%9D%E6%9D%80%E4%B8%80%E5%B0%BE.js
IP 18.166.84.185:0
File type HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash f757ee7ebd3fb67b0aebc9ddab51beea
c2e051cf14b6b9231cf3a0b74f62da57755a560c
159d76116539748bf661823cad2dfd317eaf618a8f096747b639aa8f7860dd41
Analyzer Verdict Alert fortinet Phishing
GET /cj/%E7%BB%9D%E6%9D%80%E4%B8%80%E5%B0%BE.js HTTP/1.1
Host: 165252b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://165252b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "09e39e7c68d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Mon, 05 Dec 2022 16:30:36 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 10:00:54 GMT
Content-Length: 819
Connection: close
165252b.com/cj/%E8%A7%A3%E5%8F%A6%E7%89%88%E8%B7%91%E7%8B%97.js
18.166.84.185200 OK 1.1 kB URL HTTP/1.1 165252b.com/cj/%E8%A7%A3%E5%8F%A6%E7%89%88%E8%B7%91%E7%8B%97.js
IP 18.166.84.185:0
File type HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 3c53a7820fb6140b7f1055f841d488c9
2d4662fc1aedd537b6e5fc0c245a2533df9e1c08
72ff0da64c97b578fc8b86bd4ccf6768b17592a0866f3cc63f230a000155852d
Analyzer Verdict Alert fortinet Phishing
GET /cj/%E8%A7%A3%E5%8F%A6%E7%89%88%E8%B7%91%E7%8B%97.js HTTP/1.1
Host: 165252b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://165252b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "80da6fe5c68d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Mon, 05 Dec 2022 16:30:33 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 09:55:54 GMT
Content-Length: 1147
Connection: close
165252b.com/cj/%E7%B2%BE%E9%80%89%E4%B9%9D%E8%82%96.js
18.166.84.185200 OK 747 B URL HTTP/1.1 165252b.com/cj/%E7%B2%BE%E9%80%89%E4%B9%9D%E8%82%96.js
IP 18.166.84.185:0
File type HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 70797a1b5b1cf9215af5dc05270cb987
49e5658b23ee86ef414e8fd5751aff77829987cb
de3e6b1f07aabf39a7534ea9c2390f9a65e7436085357eac70749b678bb787ac
Analyzer Verdict Alert fortinet Phishing
GET /cj/%E7%B2%BE%E9%80%89%E4%B9%9D%E8%82%96.js HTTP/1.1
Host: 165252b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://165252b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "0718e6c68d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Mon, 05 Dec 2022 16:30:34 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 08:58:45 GMT
Content-Length: 747
Connection: close
165252b.com/cj/%E5%90%89%E7%BE%8E%E5%87%B6%E4%B8%91.js
18.166.84.185200 OK 560 B URL HTTP/1.1 165252b.com/cj/%E5%90%89%E7%BE%8E%E5%87%B6%E4%B8%91.js
IP 18.166.84.185:0
File type HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 2de7910534ef8d78ca4e484dab96c917
c15554df8574442807291e2dcb2fa65d913d1843
4d451fd9c12700e84242c515f768d17c6ee1d9152d165870374f6ac5da1c34f5
Analyzer Verdict Alert fortinet Phishing
GET /cj/%E5%90%89%E7%BE%8E%E5%87%B6%E4%B8%91.js HTTP/1.1
Host: 165252b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://165252b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "044d7e4c68d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Mon, 05 Dec 2022 16:30:32 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 10:24:37 GMT
Content-Length: 560
Connection: close
165252b.com/cj/%E6%98%A5%E5%A4%8F%E7%A7%8B%E5%86%AC.js
18.166.84.185200 OK 688 B URL HTTP/1.1 165252b.com/cj/%E6%98%A5%E5%A4%8F%E7%A7%8B%E5%86%AC.js
IP 18.166.84.185:0
File type HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash a3e703b30c571ebab0efc1a5a168c806
a497538ee113c73bffeaf809e023c9998ff3e69e
294ac14b00e9354f94bfd36be2ab948b333ce9112ee9f485cb12df8213b46188
Analyzer Verdict Alert fortinet Phishing
GET /cj/%E6%98%A5%E5%A4%8F%E7%A7%8B%E5%86%AC.js HTTP/1.1
Host: 165252b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://165252b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "017a6e3c68d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Mon, 05 Dec 2022 16:30:30 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 08:29:26 GMT
Content-Length: 688
Connection: close
165252b.com/cj/%E7%BB%9D%E6%9D%80%E4%B8%89%E8%82%96.js
18.166.84.185200 OK 663 B URL HTTP/1.1 165252b.com/cj/%E7%BB%9D%E6%9D%80%E4%B8%89%E8%82%96.js
IP 18.166.84.185:0
File type HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash f07b397ac3ab351e985ef362a496a668
f4d6c0537c7e8cacd254c4ed7d3c834f436934be
82a8b5ecd7cd27ce5b7bc83f745d60af59b2a6221775a909186066b1e6dcf08d
Analyzer Verdict Alert fortinet Phishing
GET /cj/%E7%BB%9D%E6%9D%80%E4%B8%89%E8%82%96.js HTTP/1.1
Host: 165252b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://165252b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "807a1e6c68d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Mon, 05 Dec 2022 16:30:35 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 10:24:37 GMT
Content-Length: 663
Connection: close
165252b.com/cj/%E9%A3%8E%E9%9B%A8%E9%9B%B7%E7%94%B5.js
18.166.84.185200 OK 632 B URL HTTP/1.1 165252b.com/cj/%E9%A3%8E%E9%9B%A8%E9%9B%B7%E7%94%B5.js
IP 18.166.84.185:0
File type HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 84ac2170a919be76ecd853b263c3ac16
feaca768f5d26206c40967d1f7d1e747e406ec66
0956493d01d696d08c8934f287d69d54ba03d7f5d474a823751e497492cbdb62
Analyzer Verdict Alert fortinet Phishing
GET /cj/%E9%A3%8E%E9%9B%A8%E9%9B%B7%E7%94%B5.js HTTP/1.1
Host: 165252b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://165252b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "80ad3ee4c68d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Mon, 05 Dec 2022 16:30:31 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 10:28:27 GMT
Content-Length: 632
Connection: close
165252b.com/cj/%E7%B2%BE%E9%80%89%E5%8F%8C%E6%B3%A2.js
18.166.84.185200 OK 699 B URL HTTP/1.1 165252b.com/cj/%E7%B2%BE%E9%80%89%E5%8F%8C%E6%B3%A2.js
IP 18.166.84.185:0
File type HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 93c3dcdefb630f2d7c500a8728f24ccb
2b7f96148ac66b074f2ef6c3211d2375159cf62e
ea91aaa9c192e0280cad049762f4727459ca10df82452bed244d26a26de000e4
Analyzer Verdict Alert fortinet Phishing
GET /cj/%E7%B2%BE%E9%80%89%E5%8F%8C%E6%B3%A2.js HTTP/1.1
Host: 165252b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://165252b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "807a1e6c68d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Mon, 05 Dec 2022 16:30:35 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 07:33:11 GMT
Content-Length: 699
Connection: close
165252b.com/cj/%E7%BB%9D%E6%9D%80%E4%B8%80%E5%A4%B4.js
18.166.84.185200 OK 519 B URL HTTP/1.1 165252b.com/cj/%E7%BB%9D%E6%9D%80%E4%B8%80%E5%A4%B4.js
IP 18.166.84.185:0
File type HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 0e3102b01332f46929fac9a7f588905c
73f78a4ac3e987012d80ab1e265c02008e45f49e
fba970ac1c25bb2d9ccb5641fece6429de5875f66fb6d5edea849ba251f33afa
Analyzer Verdict Alert fortinet Phishing
GET /cj/%E7%BB%9D%E6%9D%80%E4%B8%80%E5%A4%B4.js HTTP/1.1
Host: 165252b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://165252b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "807a1e6c68d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Mon, 05 Dec 2022 16:30:35 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 07:23:51 GMT
Content-Length: 519
Connection: close
165252b.com/cj/%E7%90%B4%E6%A3%8B%E4%B9%A6%E7%94%BB.js
18.166.84.185200 OK 774 B URL HTTP/1.1 165252b.com/cj/%E7%90%B4%E6%A3%8B%E4%B9%A6%E7%94%BB.js
IP 18.166.84.185:0
File type HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 5c746c222c61d4168a7157a933f15ff1
2f3bb4e3589a781d02bc090fbe4fa7efcbb851bb
195f360210412d0d355ce0922e30f7b5acc7895429c90a4a1a660b99daeac11e
Analyzer Verdict Alert fortinet Phishing
GET /cj/%E7%90%B4%E6%A3%8B%E4%B9%A6%E7%94%BB.js HTTP/1.1
Host: 165252b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://165252b.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "8034d2e7c68d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Mon, 05 Dec 2022 16:30:37 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Tue, 06 Dec 2022 10:24:38 GMT
Content-Length: 774
Connection: close