r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3bbb845b153026fc5332dd4506585b57
3cad200fac28fd00f34ce6ef79373e661e188743
6035871c0de6ff2d120921461207cfa32bc286e1fe78849ce74815ffbb9ff950
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6035871C0DE6FF2D120921461207CFA32BC286E1FE78849CE74815FFBB9FF950"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13002
Expires: Fri, 02 Dec 2022 19:15:48 GMT
Date: Fri, 02 Dec 2022 15:39:06 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 7439fb99a444b66db1e68ffbfaa38451
4b7742d7956485906f1c392c478515ff89a46184
636327ce88f733e5a1d39af212f97242717a39ce20edaef330fafea238e3a309
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2283
Cache-Control: max-age=156612
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 15:39:06 GMT
Etag: "6389d3f3-1d7"
Expires: Sun, 04 Dec 2022 11:09:18 GMT
Last-Modified: Fri, 02 Dec 2022 10:31:15 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 55b4c61a1e99001307750e3647fe1102
7559f9f6770b7d3f45b723167062096312641e08
39f6bb64420bcfc8f0b010168fd35b67732984cd0698409f04d5ae40410422aa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39F6BB64420BCFC8F0B010168FD35B67732984CD0698409F04D5AE40410422AA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10986
Expires: Fri, 02 Dec 2022 18:42:12 GMT
Date: Fri, 02 Dec 2022 15:39:06 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 02 Dec 2022 15:19:57 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1149
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: if2YSmydichcQSeaZv6cRElCRicxjDU696XvpMpx4BPy4jbfGq1YOY8TATqEYo1A3fW4AYlUilc=
x-amz-request-id: 7MMQ6DDY4ZGN2AA3
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 02 Dec 2022 14:46:44 GMT
age: 3142
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 15:39:06 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
258686.cc/
16.162.201.20301 Moved Permanently 0 B IP 16.162.201.20:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: 258686.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: kangle/3.5.14
Date: Fri, 02 Dec 2022 15:39:06 GMT
Location: https://258686.cc/
Content-Length: 0
Connection: close
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 02 Dec 2022 15:08:57 GMT
cache-control: public,max-age=3600
age: 1810
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 7f1f8fc556d1f7e0aea3e1208ee2fd1c
09c341a56ff876479cfc8a0505a5fef4a5d110f1
65adcf58887bcc23f73379f74ab19a61cfbb93285c95c64b44a6716eeacc1482
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2248
Cache-Control: max-age=151515
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 15:39:07 GMT
Etag: "6389c02e-1d7"
Expires: Sun, 04 Dec 2022 09:44:22 GMT
Last-Modified: Fri, 02 Dec 2022 09:06:54 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
54.149.149.164101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.149.149.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: lSCk30c4JVxYocwhIyJzWg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: uW/7LfBdIFGDx6HvdimbLisf5do=
zerossl.ocsp.sectigo.com/
172.64.155.188200 OK 728 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 172.64.155.188:0
Hash 26b068bae46893266123e12e99731670
527624a1b597e703a207d964fca60c9510fe11c5
2553db5e5753296a962544585a85b762135ce2afe42ef9fcbe607bcae5aed84a
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 15:39:07 GMT
Content-Type: application/ocsp-response
Content-Length: 728
Connection: keep-alive
Last-Modified: Fri, 02 Dec 2022 02:28:50 GMT
Expires: Fri, 09 Dec 2022 02:28:49 GMT
Etag: "527624a1b597e703a207d964fca60c9510fe11c5"
Cache-Control: max-age=556781,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7735274caddcb4eb-OSL
258686.cc/
16.162.201.20200 OK 5.1 kB IP 16.162.201.20:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ISO-8859 text, with very long lines (316), with CRLF line terminators
Hash 11515ff8f66bf901376969b75721c4cd
d5bfb55da9f6479c03eeea7d419375199655f70c
fc4648195818281bcecf80aa926cf525d2d452100aadbab0e2a136b5cbcf6946
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: 258686.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
ETag: "805d9cae9d4d91:0"
Content-Type: text/html
Content-Encoding: gzip
Last-Modified: Wed, 30 Nov 2022 09:25:27 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Fri, 02 Dec 2022 15:38:59 GMT
Content-Length: 5059
Connection: close
code.jquery.com/jquery-1.10.2.min.js
69.16.175.42200 OK 33 kB URL HTTP/2 code.jquery.com/jquery-1.10.2.min.js
IP 69.16.175.42:0
File type ASCII text, with very long lines (32072)
Hash 68cc08e82915da8b82fc6be74ab86365
4089530b0c00f6cbd1452d7f873be85454196fd1
6c63276db5e51f227be1c9bdaf73d76fa01040499944a8c8607db0c234f0575c
GET /jquery-1.10.2.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 15:39:08 GMT
content-encoding: gzip
content-length: 32788
content-type: application/javascript; charset=utf-8
last-modified: Wed, 16 Feb 2022 10:50:39 GMT
accept-ranges: bytes
server: nginx
etag: W/"620cd6ff-16bb3"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1669995548.dop204.sk1.t,1669995548.cds071.sk1.hn,1669995548.cds243.sk1.c
X-Firefox-Spdy: h2
258686.cc/css/style.css
16.162.201.20200 OK 4.7 kB IP 16.162.201.20:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (13933)
Hash 8cddacdc9cbbd8b4efad4d71bcd7618f
a1139fa983d8d9fb837ab0b9e6bbcb2d3a81985b
52542ff588ec5976ac2c306aed8ae559675cd1cf1d597821fd3932f20ed8c633
GET /css/style.css HTTP/1.1
Host: 258686.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "802f54d58fdd81:0"
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Mon, 21 Nov 2022 03:19:23 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Fri, 02 Dec 2022 14:39:32 GMT
Content-Length: 4733
Connection: close
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7692
Expires: Fri, 02 Dec 2022 17:47:20 GMT
Date: Fri, 02 Dec 2022 15:39:08 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb582f62c-d1ce-4054-b87e-36be40dadfa4.jpeg
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb582f62c-d1ce-4054-b87e-36be40dadfa4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 156e9ea97b774cbd8361072e4041b6c8
fc71ae3cae92ed6011904bb2367f23bf4e69fab4
58d953c19ebbbdfc3965bbe3f52308d4702deaf4d0c029f4674bcb862da138af
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb582f62c-d1ce-4054-b87e-36be40dadfa4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8863
x-amzn-requestid: 798d014b-0f9c-4787-a676-8f5e8fae3d11
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cdG14HBNIAMFdWg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638851bf-7549feac6d476a8512676412;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 07:03:27 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: r_0F64VpyutAOJ9IcTWrs3Sv--fhKiwKsV1FW0fOMSRt1QLLPxvJzg==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 10:51:17 GMT
age: 17271
etag: "fc71ae3cae92ed6011904bb2367f23bf4e69fab4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7692
Expires: Fri, 02 Dec 2022 17:47:20 GMT
Date: Fri, 02 Dec 2022 15:39:08 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F40b76495-d9ea-430e-9b62-92b639b122e0.jpeg
34.120.237.76200 OK 6.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F40b76495-d9ea-430e-9b62-92b639b122e0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 58a28fc1cbcacdb07b3ca175281982b5
9bc47ee49fc070d0997e49a719bd9758685ad583
d3bfcf749c4652cb29f7c82a5d7ba940bd607f9060e49c1c40a112eb3e625bd9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F40b76495-d9ea-430e-9b62-92b639b122e0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 6564
x-amzn-requestid: e2875cf3-3915-43a5-a724-4de2ca03de56
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGepHOiIAMFTFQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-5f7e2a3f609d54a609a12670;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: mwGAEu-gPXY5Opwd972VbBA6l33dNk7bPFSyZmciaplQKj2ZuTkQSg==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:34:47 GMT
age: 65061
etag: "9bc47ee49fc070d0997e49a719bd9758685ad583"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg
34.120.237.76200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cc0a257323f882caff067adb86d906e4
cedf2f21be7cd366bd46055b62b5513db3011dfc
c16a9296d5e840a468fef7fb2764b9f7d4b3131d7ade2ce4999de1eead5469e0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 4803
x-amzn-requestid: ad2d9243-5e32-4faf-8ff3-b9abd3af1e89
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cb1_hEJJIAMF4Vg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387d063-596f5833509112ee6cbedf54;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:51:31 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: PIC-TIeTFK_Y2AiqowYT4_8tMuzIKO23lAwx18fYepTf4PIWkmLqkQ==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 05:20:15 GMT
age: 37133
etag: "cedf2f21be7cd366bd46055b62b5513db3011dfc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F864be807-d5f6-42e3-bd58-f7641a256b9a.jpeg
34.120.237.76200 OK 7.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F864be807-d5f6-42e3-bd58-f7641a256b9a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 379a4a1b95d3aa3c5a4f8e7f9abb030f
d45dceb3dc58a07197aa5077582b5b1cd2ff791a
1b92dec5bf90beffbcd9060052b8788f08645dd4ba34219f7ddb2d40bbd2d151
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F864be807-d5f6-42e3-bd58-f7641a256b9a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 7732
x-amzn-requestid: 3781c2b7-082a-468a-a186-f7483494e749
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGeoEq3IAMFnKg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-679fe9f905e07abf4e6a812c;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: FhCtGsjgnq83-zRNBH-y9BHUh2IRaN0ahO-BCUw7bTWU8jAanBqdlA==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:53:35 GMT
age: 63933
etag: "d45dceb3dc58a07197aa5077582b5b1cd2ff791a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg
34.120.237.76200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b986f9fcbeca91ed5c8d58fbfaf47d19
6e6c8bd2bce144cc4da1cd7be375b046b60dca79
07a8938d2841f8c13bd646f4e79e41e46acd6463aa019cd70871b3741f12bb4f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6174
x-amzn-requestid: f78f1e9d-8c0c-495d-a862-61838f8297e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cZ0iyH2WoAMFQdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63870144-45442a8544259930564f685b;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 07:07:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: QIOz71_Kr08pIIwOm2GUkWr421fO7-UyUI7LYld0JBaGnYQ0j3IDFg==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 06:00:48 GMT
age: 34700
etag: "6e6c8bd2bce144cc4da1cd7be375b046b60dca79"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6edb00ee-3888-4974-ae1a-52ef18e62d0d.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6edb00ee-3888-4974-ae1a-52ef18e62d0d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1c80b8025242ddfcc816ec612456b99e
aa944d10fe4a44b790b01ef62edc0f85a6d558e3
a9f060bc15738a3fe257e0c81a29e4611a89c273bcbb2765ce856d4e854a5f1f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6edb00ee-3888-4974-ae1a-52ef18e62d0d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11402
x-amzn-requestid: 20c2c359-1e43-40c0-885d-1c90e76ea12b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGzJHu-IAMFbYA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891e7a-1d89722e767daa014b174a39;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:36:58 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: OJBnbjJB_kvPuJcePGnno3zI0CTWAzV-Osb2L1hPZZhlNYhFHWmLsA==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:51:33 GMT
age: 64055
etag: "aa944d10fe4a44b790b01ef62edc0f85a6d558e3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
258686.cc/bbs/ttt.js
16.162.201.20200 OK 1.2 kB IP 16.162.201.20:0
File type HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 62f942e7931f69eeb41d1f9de9f34c14
52565abcb3d3d7efe9f1bdffae1883aa00818575
8537e2753a0cb09829dc7d9db21742291b07703c3945db72a61d6a2d06dd7822
Analyzer Verdict Alert fortinet Phishing
GET /bbs/ttt.js HTTP/1.1
Host: 258686.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "80f7623975d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 01 Dec 2022 15:11:07 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Fri, 02 Dec 2022 15:32:30 GMT
Content-Length: 1221
Connection: close
zerossl.ocsp.sectigo.com/
172.64.155.188200 OK 728 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 172.64.155.188:0
Hash 5c4a80eab2b2670d9f47477875a45874
e595f25a4deb894274e504d50f45c475d6a3f3b2
16c9da921dc5849c75af016bafcf9b4f499a27b2619ae74dc4334072f4169378
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 15:39:09 GMT
Content-Type: application/ocsp-response
Content-Length: 728
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 18:21:29 GMT
Expires: Thu, 08 Dec 2022 18:21:28 GMT
Etag: "e595f25a4deb894274e504d50f45c475d6a3f3b2"
Cache-Control: max-age=527538,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 773527559f11b4eb-OSL
zerossl.ocsp.sectigo.com/
172.64.155.188200 OK 727 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 172.64.155.188:0
Hash 5cef9a0828d0f88b80722e423337cffd
b2aac4427191c7c08146437df462256406b9ba0f
6e2f48293ca9f09ff6ab5488e935005f16f87bceb13c06f942fe7f13edbecbc0
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 15:39:09 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Tue, 29 Nov 2022 22:51:29 GMT
Expires: Tue, 06 Dec 2022 22:51:28 GMT
Etag: "b2aac4427191c7c08146437df462256406b9ba0f"
Cache-Control: max-age=370938,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77352756c94c0b45-OSL
zerossl.ocsp.sectigo.com/
172.64.155.188200 OK 728 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 172.64.155.188:0
Hash 5c4a80eab2b2670d9f47477875a45874
e595f25a4deb894274e504d50f45c475d6a3f3b2
16c9da921dc5849c75af016bafcf9b4f499a27b2619ae74dc4334072f4169378
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 15:39:09 GMT
Content-Type: application/ocsp-response
Content-Length: 728
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 18:21:29 GMT
Expires: Thu, 08 Dec 2022 18:21:28 GMT
Etag: "e595f25a4deb894274e504d50f45c475d6a3f3b2"
Cache-Control: max-age=527538,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77352755db73b52d-OSL
zerossl.ocsp.sectigo.com/
172.64.155.188200 OK 728 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 172.64.155.188:0
Hash 5c4a80eab2b2670d9f47477875a45874
e595f25a4deb894274e504d50f45c475d6a3f3b2
16c9da921dc5849c75af016bafcf9b4f499a27b2619ae74dc4334072f4169378
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 15:39:09 GMT
Content-Type: application/ocsp-response
Content-Length: 728
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 18:21:29 GMT
Expires: Thu, 08 Dec 2022 18:21:28 GMT
Etag: "e595f25a4deb894274e504d50f45c475d6a3f3b2"
Cache-Control: max-age=527538,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77352755dd80b50f-OSL
zerossl.ocsp.sectigo.com/
172.64.155.188200 OK 727 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 172.64.155.188:0
Hash 5cef9a0828d0f88b80722e423337cffd
b2aac4427191c7c08146437df462256406b9ba0f
6e2f48293ca9f09ff6ab5488e935005f16f87bceb13c06f942fe7f13edbecbc0
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 15:39:09 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Tue, 29 Nov 2022 22:51:29 GMT
Expires: Tue, 06 Dec 2022 22:51:28 GMT
Etag: "b2aac4427191c7c08146437df462256406b9ba0f"
Cache-Control: max-age=370938,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77352756e85db4eb-OSL
zerossl.ocsp.sectigo.com/
172.64.155.188200 OK 727 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 172.64.155.188:0
Hash 5cef9a0828d0f88b80722e423337cffd
b2aac4427191c7c08146437df462256406b9ba0f
6e2f48293ca9f09ff6ab5488e935005f16f87bceb13c06f942fe7f13edbecbc0
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 15:39:09 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Tue, 29 Nov 2022 22:51:29 GMT
Expires: Tue, 06 Dec 2022 22:51:28 GMT
Etag: "b2aac4427191c7c08146437df462256406b9ba0f"
Cache-Control: max-age=370938,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 773527568e0e0b69-OSL
zerossl.ocsp.sectigo.com/
172.64.155.188200 OK 728 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 172.64.155.188:0
Hash e51e4522ce2f7346dc3beaf2f1cd1481
902d9c0ca7781a6ab1b8ab41c3be4bcc313b69be
cef27bad60828a04ed755226299e0a0dcf57d61031864a850b179d2a87cdc174
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 15:39:09 GMT
Content-Type: application/ocsp-response
Content-Length: 728
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 20:16:54 GMT
Expires: Thu, 08 Dec 2022 20:16:53 GMT
Etag: "902d9c0ca7781a6ab1b8ab41c3be4bcc313b69be"
Cache-Control: max-age=534463,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77352757cd7db52d-OSL
zerossl.ocsp.sectigo.com/
172.64.155.188200 OK 728 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 172.64.155.188:0
Hash e51e4522ce2f7346dc3beaf2f1cd1481
902d9c0ca7781a6ab1b8ab41c3be4bcc313b69be
cef27bad60828a04ed755226299e0a0dcf57d61031864a850b179d2a87cdc174
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 15:39:09 GMT
Content-Type: application/ocsp-response
Content-Length: 728
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 20:16:54 GMT
Expires: Thu, 08 Dec 2022 20:16:53 GMT
Etag: "902d9c0ca7781a6ab1b8ab41c3be4bcc313b69be"
Cache-Control: max-age=534463,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 773527580f51b50f-OSL
258686.cc/css/style3.css
16.162.201.20200 OK 2.4 kB IP 16.162.201.20:0
File type Unicode text, UTF-8 (with BOM) text
Hash 65756fed472454dd3753129953d988b8
a8ce04f9b1e7acef3dec83059b146f0504f99627
5d109810e8ca006b8842f1e6454f8449c31e05bcc0123cea131aff3d26f83c10
GET /css/style3.css HTTP/1.1
Host: 258686.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "07b622594fcd81:0"
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Sun, 20 Nov 2022 03:57:02 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Fri, 02 Dec 2022 14:47:15 GMT
Content-Length: 2447
Connection: close
258686.cc/css/style-1.css
16.162.201.20200 OK 2.7 kB URL HTTP/1.1 258686.cc/css/style-1.css
IP 16.162.201.20:0
File type Unicode text, UTF-8 (with BOM) text
Hash b8ea52aa32b5787e354f13f5c255f4d5
74c4b4842446cbd743fe30035b0595b9690df08f
0569aae8646451c9a2f609fb2d70617700fdf882cd5722e83c05c0ba9cdbe873
GET /css/style-1.css HTTP/1.1
Host: 258686.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "806ce36d58fdd81:0"
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Mon, 21 Nov 2022 03:22:05 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Fri, 02 Dec 2022 15:39:09 GMT
Content-Length: 2661
Connection: close
258686.cc/pub.js
16.162.201.20200 OK 364 B IP 16.162.201.20:0
File type Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 05d0ec0e1b3b22282bce21b8b3485491
a698e7d90d41fa6604bb8dac536d9fdbd913014b
c0624c94ed91b3e78e41a9b66b023524ec56a4de000288c4c4b42b42dec9ca3e
Analyzer Verdict Alert fortinet Phishing
GET /pub.js HTTP/1.1
Host: 258686.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Encoding: gzip
ETag: "e816939a48fdd81:0"
Content-Type: application/javascript
Last-Modified: Mon, 21 Nov 2022 01:28:48 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/10.0
Date: Fri, 02 Dec 2022 15:32:30 GMT
Content-Length: 364
Connection: close
6278311.com/bbs/xgjrtg.js
18.166.84.185200 OK 1.5 kB URL HTTP/1.1 6278311.com/bbs/xgjrtg.js
IP 18.166.84.185:0
File type HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash ef60c600adfac475136989469ecaa8f3
465ef0e91aadad8e220fe1b9088d1187ba2ba086
861896becb3ab7e2edfe351fd03bc5070a641996bd4a6f46ea0f0bbfdd101925
GET /bbs/xgjrtg.js HTTP/1.1
Host: 6278311.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
ETag: "80c39cd9fb5d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Fri, 02 Dec 2022 03:12:03 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Fri, 02 Dec 2022 15:24:15 GMT
Content-Length: 1525
Connection: close
258686.cc/bbs/bywz.js
16.162.201.20200 OK 728 B IP 16.162.201.20:0
File type HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 8d6f5783f0e8369875bb1f2b3ff77e98
c3e8fef569ffbc8abd5c1ed6a3bcc6b42af32eef
a19c379d539281ef222fdca1f935e0cfd2f236fdbefdc99e2771e94fc1b97e2a
Analyzer Verdict Alert fortinet Phishing
GET /bbs/bywz.js HTTP/1.1
Host: 258686.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "08a30676f2d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sun, 27 Nov 2022 14:49:08 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Fri, 02 Dec 2022 14:25:51 GMT
Content-Length: 728
Connection: close
6278311.com/bbs/amjrtg.js
18.166.84.185200 OK 1.7 kB URL HTTP/1.1 6278311.com/bbs/amjrtg.js
IP 18.166.84.185:0
File type HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (401), with CRLF line terminators
Hash b8039a81eb9c04186c6806ac6f7ec5b4
4b5875b663ffc5b12b3c937de6109aa20a90ba1e
3899717e6b56d6103a4475e57473755f8aa9d495537f5deaeec065aa14c4a652
GET /bbs/amjrtg.js HTTP/1.1
Host: 6278311.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
ETag: "80acf217156d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Fri, 02 Dec 2022 06:12:45 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Fri, 02 Dec 2022 15:28:47 GMT
Content-Length: 1662
Connection: close
6278311.com/bbs/49tie.js
18.166.84.185200 OK 6.2 kB IP 18.166.84.185:0
File type HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 3dfd526e2270745e1ab1380ef8489ebc
aa58d23b02ec1b574352816b2331c871185235b9
4dd449d3797a311523a62b122b8f2e21d65246030fb60a1dfd39fe44c59539a8
GET /bbs/49tie.js HTTP/1.1
Host: 6278311.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
ETag: "08c279e55d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Fri, 02 Dec 2022 00:31:52 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Fri, 02 Dec 2022 15:33:10 GMT
Content-Length: 6214
Connection: close
zerossl.ocsp.sectigo.com/
172.64.155.188200 OK 728 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 172.64.155.188:0
Hash e51e4522ce2f7346dc3beaf2f1cd1481
902d9c0ca7781a6ab1b8ab41c3be4bcc313b69be
cef27bad60828a04ed755226299e0a0dcf57d61031864a850b179d2a87cdc174
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 15:39:09 GMT
Content-Type: application/ocsp-response
Content-Length: 728
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 20:16:54 GMT
Expires: Thu, 08 Dec 2022 20:16:53 GMT
Etag: "902d9c0ca7781a6ab1b8ab41c3be4bcc313b69be"
Cache-Control: max-age=534463,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 773527582973b4eb-OSL
793366b.com/js/49tktz.js
18.166.84.185200 OK 725 B IP 18.166.84.185:0
File type HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 362dfe0a029fcc6723462e802758ba55
0380ebe0bedece005b55209dd882038d7e84e253
74d1070b2e12d9616a9e0f7d067ab0a219c3c399e7b1910ea6159430d409e42a
GET /js/49tktz.js HTTP/1.1
Host: 793366b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Encoding: gzip
ETag: "df786423985d81:0"
Content-Type: application/javascript
Last-Modified: Tue, 21 Jun 2022 06:36:38 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/10.0
Date: Fri, 02 Dec 2022 13:58:33 GMT
Content-Length: 725
Connection: close
793366b.com/jsdc/bcbb.js
18.166.84.185200 OK 202 B IP 18.166.84.185:0
File type HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 54ae53ded19f7de2c0f7e2601d92826b
30b2adcd0f3734e9150f0bba8520d1813d72a5ef
481b6e0cd3a8c4a328fe6050b2cab0e5ce3dfd257b5b3eb77e7cc88c6a428559
GET /jsdc/bcbb.js HTTP/1.1
Host: 793366b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Encoding: gzip
ETag: "81f3eb344d5d81:0"
Content-Type: application/javascript
Last-Modified: Sat, 01 Oct 2022 03:20:04 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/10.0
Date: Fri, 02 Dec 2022 13:56:05 GMT
Content-Length: 202
Connection: close
793366b.com/bbs/62lj.js
18.166.84.185200 OK 956 B IP 18.166.84.185:0
File type HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (306), with CRLF line terminators
Hash 6309210cb586eb6ebd0f377726607349
c0b4aa94aeea723bdbd691efb784d17cb77d242d
7209d2126afffcb502b5a1ac3d37a4d3aaeab1e61f807ac5df40608a697a7e51
GET /bbs/62lj.js HTTP/1.1
Host: 793366b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
ETag: "80ae3cd69b1d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 26 Nov 2022 13:34:41 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Fri, 02 Dec 2022 15:33:23 GMT
Content-Length: 956
Connection: close
258686.cc/bbs/gpjx.js
16.162.201.20200 OK 2.0 kB IP 16.162.201.20:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash a9f60f05894d749b1621a30e9e9b31b4
638373aa982b6a24424157231e470bd771ac58ef
171b6edae6cc6de473874167c86d9c905d4e4004a7b59f75a7653e71a0086a68
Analyzer Verdict Alert fortinet Phishing
GET /bbs/gpjx.js HTTP/1.1
Host: 258686.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "80385f485f6d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Fri, 02 Dec 2022 15:03:49 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Fri, 02 Dec 2022 15:33:45 GMT
Content-Length: 2022
Connection: close
258686.cc/bbs/ptyw.js
16.162.201.20200 OK 879 B IP 16.162.201.20:0
File type HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 6fa4b1ee65d7fd6dd4703d9575c42c13
3807fd821d3f6a9dd9e0e396cab18f5338f6aa74
442df3b0a4bb5d372012b9d87f98e77a0adbab678666d98c4747c17dcd2ac000
Analyzer Verdict Alert fortinet Phishing
GET /bbs/ptyw.js HTTP/1.1
Host: 258686.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "0fc284a5f6d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Fri, 02 Dec 2022 15:03:52 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Fri, 02 Dec 2022 15:31:23 GMT
Content-Length: 879
Connection: close
258686.cc/bbs/dszt.js
16.162.201.20200 OK 913 B IP 16.162.201.20:0
File type HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash ae1daf5569bd33081ee2f029c0b78c9f
5fd1c5487c81cecfbf509f17af1e4353ce832ad8
ddd06ec1055910b853b8400509fc1e43cd51ec9f87ea2323a95bb467677c2203
Analyzer Verdict Alert fortinet Phishing
GET /bbs/dszt.js HTTP/1.1
Host: 258686.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "806590495f6d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Fri, 02 Dec 2022 15:03:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Fri, 02 Dec 2022 15:27:42 GMT
Content-Length: 913
Connection: close
258686.cc/bbs/ptyx.js
16.162.201.20200 OK 842 B IP 16.162.201.20:0
File type HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 2f9f0c43508f83513baae8cd3eb3485f
d381dae1f8e8cab1c3be9bc49c7f0e18384de5ee
c1deccef0546c11e3dfb4c10a991db08ecd8fd9838eaee408522142da207d242
Analyzer Verdict Alert fortinet Phishing
GET /bbs/ptyx.js HTTP/1.1
Host: 258686.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: W/"0fc284a5f6d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Fri, 02 Dec 2022 15:03:52 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Fri, 02 Dec 2022 15:23:25 GMT
Content-Length: 842
Connection: close
258686.cc/tttg.js
16.162.201.20200 OK 1.2 kB IP 16.162.201.20:0
File type HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 9fefda70fc1936fd8a375b938b01e39d
569bc83734a42e05fa842e59c0e2ddd79242e9db
2a33301eee4e8b72b0f25d74f5e5f835ef1e2f7ad906c150704053809c744102
Analyzer Verdict Alert fortinet Phishing
GET /tttg.js HTTP/1.1
Host: 258686.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "80eeb6362fed81:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Tue, 22 Nov 2022 11:03:13 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Fri, 02 Dec 2022 14:39:32 GMT
Content-Length: 1233
Connection: close
258686.cc/images/zu.gif
16.162.201.20200 OK 2.1 kB IP 16.162.201.20:0
File type GIF image data, version 89a, 32 x 21\012- data
Hash 52749bca18fbee499325cefb1a63ffc8
630b2645f80b9e0bbf4df484437203c7fef66abc
9be846c18af51a3afe4ae5926237234faa293785eac585f4122eb8c8e1ddebac
GET /images/zu.gif HTTP/1.1
Host: 258686.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "7a525008fffd71:0"
Content-Type: image/gif
Last-Modified: Sun, 02 Jan 2022 04:12:48 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/10.0
Date: Fri, 02 Dec 2022 15:21:51 GMT
Content-Length: 2109
Connection: close
js.szly123.com/js/100.js
18.166.84.185200 OK 1.3 kB IP 18.166.84.185:0
File type HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (331), with CRLF line terminators
Hash 690dbddbeb9728abe2ddb56cfbb8c6c5
ab0cd44cbfe13f0b7754209eafa773f9d37fd3e8
5bac7b3fdc959cc6419af6b2ae88607640ffcf43ac7f6d0278873fe188e1272a
GET /js/100.js HTTP/1.1
Host: js.szly123.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
ETag: "801046a5a7fcd81:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sun, 20 Nov 2022 06:16:37 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 02 Dec 2022 13:52:24 GMT
Content-Length: 1304
Connection: close
www.6278311.com/js/gg1q.js
16.162.201.20200 OK 3.6 kB URL HTTP/1.1 www.6278311.com/js/gg1q.js
IP 16.162.201.20:0
File type HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (303), with CRLF line terminators
Hash af13ef77a49c23ad7824fa510aae1e28
48c94363b85b54c7399436a3e54c5cf7ec9fcf22
fb82f4139777ca615448d005e9cfacd39a39ec990861f208b8eba5d5b418eb71
GET /js/gg1q.js HTTP/1.1
Host: www.6278311.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
ETag: "0bd9ff38d5d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 01 Dec 2022 14:05:22 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Fri, 02 Dec 2022 15:24:38 GMT
Content-Length: 3595
Connection: close
js.szly123.com/js/2022.js
18.166.84.185200 OK 1.3 kB URL HTTP/1.1 js.szly123.com/js/2022.js
IP 18.166.84.185:0
File type HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (331), with CRLF line terminators
Hash ca73d1d58c1621f02a3d2ca996914364
0d6950b04fdc3ea20d69eef0cfe50375fdb04aaf
b676a63cba89713057e475d622e2db06917e685ad7a3a4f34895dce042e3d7a0
GET /js/2022.js HTTP/1.1
Host: js.szly123.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
ETag: "80532e2d10ffd81:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Wed, 23 Nov 2022 07:49:55 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 02 Dec 2022 13:52:21 GMT
Content-Length: 1317
Connection: close
js.szly123.com/fivetab.js
18.166.84.185200 OK 2.8 kB URL HTTP/1.1 js.szly123.com/fivetab.js
IP 18.166.84.185:0
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (325), with CRLF line terminators
Hash 771d7279b11708f9ab24a9764b602a47
a419b03f631550ebbd656ead879daa5b937ad6fe
44b7bff535d4f092053b1744d4faeaef9a33e6292ed30a64dbd3a8756e0e5eb6
GET /fivetab.js HTTP/1.1
Host: js.szly123.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
ETag: "80d680b110ffd81:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Wed, 23 Nov 2022 07:53:37 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 02 Dec 2022 13:52:22 GMT
Content-Length: 2831
Connection: close
js.szly123.com/js/gg.js
18.166.84.185200 OK 3.9 kB IP 18.166.84.185:0
File type HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (421), with CRLF line terminators
Hash 8903cfd68c16964dc46ed3795fe5d10f
05ad0231078a2453f7912a556e4e6e8f206174be
d02f71147b346bbcd5a9a9b2a6cc5a16ad5bcd5ede324fdb094212c11c479ffd
GET /js/gg.js HTTP/1.1
Host: js.szly123.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
ETag: "030c936d3f9d81:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Wed, 16 Nov 2022 15:50:56 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 02 Dec 2022 15:27:24 GMT
Content-Length: 3857
Connection: close
www.793366b.com/bbs/amyqlj.js
16.162.201.20200 OK 4.3 kB URL HTTP/1.1 www.793366b.com/bbs/amyqlj.js
IP 16.162.201.20:0
File type HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 953999285305edd049ced77086a2a1f4
2061524bdac01699389e67e3d55e2f83d4a4d384
6bf2db11b255fbd92d631fc6abd4943effbd9e0c7242a01a866b9e277315d5f6
GET /bbs/amyqlj.js HTTP/1.1
Host: www.793366b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
ETag: "80eb9b49af1d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 26 Nov 2022 15:53:55 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Fri, 02 Dec 2022 13:59:54 GMT
Content-Length: 4348
Connection: close
zerossl.ocsp.sectigo.com/
172.64.155.188200 OK 727 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 172.64.155.188:0
Hash 6d7e2c41f6bf940725dc334579253eaa
ab107e16eca0795a2237258f99b8f4e9a79aa3ad
596e702b8c8f1b443d4a60608be119d09e8cac4405532f129e956cd021a4a33f
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 15:39:10 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Wed, 30 Nov 2022 22:37:56 GMT
Expires: Wed, 07 Dec 2022 22:37:55 GMT
Etag: "ab107e16eca0795a2237258f99b8f4e9a79aa3ad"
Cache-Control: max-age=456524,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7735275baa69b50f-OSL
zerossl.ocsp.sectigo.com/
172.64.155.188200 OK 727 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 172.64.155.188:0
Hash 6d7e2c41f6bf940725dc334579253eaa
ab107e16eca0795a2237258f99b8f4e9a79aa3ad
596e702b8c8f1b443d4a60608be119d09e8cac4405532f129e956cd021a4a33f
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 15:39:10 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Wed, 30 Nov 2022 22:37:56 GMT
Expires: Wed, 07 Dec 2022 22:37:55 GMT
Etag: "ab107e16eca0795a2237258f99b8f4e9a79aa3ad"
Cache-Control: max-age=456524,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7735275bbbc70b69-OSL
www.793366b.com/bbs/gg621133.js
16.162.201.20200 OK 956 B URL HTTP/1.1 www.793366b.com/bbs/gg621133.js
IP 16.162.201.20:0
File type HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (390), with CRLF line terminators
Hash aae790524e5f83a2d83542af2a4de641
339cbd2ca3555cae1c2857e8871ebd64379a0357
a3c76b8dbe39da05b10ed83d1101bb83c6ff55ee01f5c4aa19aae430ae629186
GET /bbs/gg621133.js HTTP/1.1
Host: www.793366b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Encoding: gzip
ETag: "9879119e4d91:0"
Content-Type: application/javascript
Last-Modified: Wed, 30 Nov 2022 09:28:12 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/10.0
Date: Fri, 02 Dec 2022 14:48:30 GMT
Content-Length: 956
Connection: close
www.793366b.com/js/tugsb.js
16.162.201.20200 OK 11 kB URL HTTP/1.1 www.793366b.com/js/tugsb.js
IP 16.162.201.20:0
File type HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash bfdd26d6e3483ac82f993cdf12282bd2
b26f3d32e0c85084ce94af98128b3bae858e059b
c44634e335d5fb44538c0d93c4125358145cda20202ada00bbe58a0747bc797a
GET /js/tugsb.js HTTP/1.1
Host: www.793366b.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
ETag: "02337b4b5acd81:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Wed, 10 Aug 2022 12:35:42 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Fri, 02 Dec 2022 13:57:43 GMT
Content-Length: 10910
Connection: close
258686.cc/bbs/sbzt.js
16.162.201.20200 OK 974 B IP 16.162.201.20:0
File type HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash fbfb9c84b98788081b5c74b19da239d6
bfe32eff82e25e721c918f088fa000229e9c8d2c
842280a0af54f14731a053493b3d658b97147fb5f01019a516573b2a138b5b8a
Analyzer Verdict Alert fortinet Phishing
GET /bbs/sbzt.js HTTP/1.1
Host: 258686.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "0fc284a5f6d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Fri, 02 Dec 2022 15:03:52 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Fri, 02 Dec 2022 15:34:31 GMT
Content-Length: 974
Connection: close
6278311.com/images/290990.gif
18.166.84.185200 OK 16 kB URL HTTP/1.1 6278311.com/images/290990.gif
IP 18.166.84.185:0
File type GIF image data, version 89a, 957 x 178\012- data
Hash 3faa951fa7389811be8be4badb264b53
98e577be2637d1e9abc4e2813fc3e001f96d3b9b
b4aad8fd10414c38061a9a23aa9f4e6fb3abac1607f3388167a613287b3fcef0
GET /images/290990.gif HTTP/1.1
Host: 6278311.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
ETag: "53856eb136d91:0"
Content-Type: image/gif
Last-Modified: Fri, 02 Dec 2022 06:04:20 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/10.0
Date: Fri, 02 Dec 2022 15:38:41 GMT
Content-Length: 16358
Connection: close
zerossl.ocsp.sectigo.com/
172.64.155.188200 OK 727 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 172.64.155.188:0
Hash 6d7e2c41f6bf940725dc334579253eaa
ab107e16eca0795a2237258f99b8f4e9a79aa3ad
596e702b8c8f1b443d4a60608be119d09e8cac4405532f129e956cd021a4a33f
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 15:39:10 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Wed, 30 Nov 2022 22:37:56 GMT
Expires: Wed, 07 Dec 2022 22:37:55 GMT
Etag: "ab107e16eca0795a2237258f99b8f4e9a79aa3ad"
Cache-Control: max-age=456524,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7735275ba9deb52d-OSL
zerossl.ocsp.sectigo.com/
172.64.155.188200 OK 727 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 172.64.155.188:0
Hash 6d7e2c41f6bf940725dc334579253eaa
ab107e16eca0795a2237258f99b8f4e9a79aa3ad
596e702b8c8f1b443d4a60608be119d09e8cac4405532f129e956cd021a4a33f
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 15:39:10 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Wed, 30 Nov 2022 22:37:56 GMT
Expires: Wed, 07 Dec 2022 22:37:55 GMT
Etag: "ab107e16eca0795a2237258f99b8f4e9a79aa3ad"
Cache-Control: max-age=456524,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7735275bbd43b4eb-OSL
imgs.meizhiban.cn/tp/626969/00853tk.gif
107.148.135.219200 OK 13 kB URL HTTP/1.1 imgs.meizhiban.cn/tp/626969/00853tk.gif
IP 107.148.135.219:0
ASN #398823 PEGTECHINC-AP-02
File type GIF image data, version 89a, 800 x 100\012- data
Hash 42cd26fdd4d6f7fa430485da92a1e6a9
513562b6bd4b39f2976498cc7de0ccee4cede87a
373fa67ad10402234f394ec8f502bc7616ff2ac8c11289528b6dfee8f8a7bb1c
GET /tp/626969/00853tk.gif HTTP/1.1
Host: imgs.meizhiban.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
ETag: "84c7bbd4c230d61:0"
Content-Type: image/gif
Last-Modified: Sat, 23 May 2020 05:27:20 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/8.5, MacauOS
X-Powered-By: ASP.NET
Date: Fri, 02 Dec 2022 14:51:39 GMT
Content-Length: 13033
Connection: close
imgs.meizhiban.cn/tp/2025/2025hf.gif
107.148.135.219301 Moved Permanently 0 B URL HTTP/1.1 imgs.meizhiban.cn/tp/2025/2025hf.gif
IP 107.148.135.219:0
ASN #398823 PEGTECHINC-AP-02
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tp/2025/2025hf.gif HTTP/1.1
Host: imgs.meizhiban.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Server: kangle/3.5.14
Date: Fri, 02 Dec 2022 15:37:35 GMT
Location: https://d31q194n7fpdes.cloudfront.net/mygai/tp/2025/2025hf.gif
Content-Length: 0
Connection: close
imgs.meizhiban.cn/tp/49tk/49tk3.gif
107.148.135.219301 Moved Permanently 0 B URL HTTP/1.1 imgs.meizhiban.cn/tp/49tk/49tk3.gif
IP 107.148.135.219:0
ASN #398823 PEGTECHINC-AP-02
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tp/49tk/49tk3.gif HTTP/1.1
Host: imgs.meizhiban.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Server: kangle/3.5.14
Date: Fri, 02 Dec 2022 15:37:35 GMT
Location: https://d31q194n7fpdes.cloudfront.net/mygai/tp/49tk/49tk3.gif
Content-Length: 0
Connection: close
imgs.meizhiban.cn/tp/1999/1999_01.gif
107.148.135.219301 Moved Permanently 0 B URL HTTP/1.1 imgs.meizhiban.cn/tp/1999/1999_01.gif
IP 107.148.135.219:0
ASN #398823 PEGTECHINC-AP-02
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tp/1999/1999_01.gif HTTP/1.1
Host: imgs.meizhiban.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Server: kangle/3.5.14
Date: Fri, 02 Dec 2022 15:37:35 GMT
Location: https://d31q194n7fpdes.cloudfront.net/mygai/tp/1999/1999_01.gif
Content-Length: 0
Connection: close
imgs.meizhiban.cn/tp/9898/9898_100.gif
107.148.135.219301 Moved Permanently 0 B URL HTTP/1.1 imgs.meizhiban.cn/tp/9898/9898_100.gif
IP 107.148.135.219:0
ASN #398823 PEGTECHINC-AP-02
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tp/9898/9898_100.gif HTTP/1.1
Host: imgs.meizhiban.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Server: kangle/3.5.14
Date: Fri, 02 Dec 2022 15:37:35 GMT
Location: https://d31q194n7fpdes.cloudfront.net/mygai/tp/9898/9898_100.gif
Content-Length: 0
Connection: close
zerossl.ocsp.sectigo.com/
172.64.155.188200 OK 727 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 172.64.155.188:0
Hash 6d7e2c41f6bf940725dc334579253eaa
ab107e16eca0795a2237258f99b8f4e9a79aa3ad
596e702b8c8f1b443d4a60608be119d09e8cac4405532f129e956cd021a4a33f
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 15:39:10 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Wed, 30 Nov 2022 22:37:56 GMT
Expires: Wed, 07 Dec 2022 22:37:55 GMT
Etag: "ab107e16eca0795a2237258f99b8f4e9a79aa3ad"
Cache-Control: max-age=456524,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7735275bbdc50b45-OSL
258686.cc/bbs/whzt.js
16.162.201.20200 OK 1.1 kB IP 16.162.201.20:0
File type HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash dd2d4a84acc89dffcd8b7f0c790c7151
77c0e0b628bbb6eebbc2f4014ef3ce839b0716bf
4707c16a5660f6e5d3fe52bf88264de0d28989389941f358c8da5b288c0fa7f2
Analyzer Verdict Alert fortinet Phishing
GET /bbs/whzt.js HTTP/1.1
Host: 258686.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "0fc284a5f6d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Fri, 02 Dec 2022 15:03:52 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Fri, 02 Dec 2022 15:15:49 GMT
Content-Length: 1079
Connection: close
258686.cc/bbs/jyzt.js
16.162.201.20200 OK 856 B IP 16.162.201.20:0
File type HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (305), with CRLF line terminators
Hash d797e76ea05fcbdb027ff7ed688392dd
1d202bbf50870d4746683440a5f5c30cb713a0ee
8b34be82fc5f0b95b5d763bf8a47330943856ddf7cbcb7772fc6dfd0eddd61e6
Analyzer Verdict Alert fortinet Phishing
GET /bbs/jyzt.js HTTP/1.1
Host: 258686.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "0fc284a5f6d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Fri, 02 Dec 2022 15:03:52 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Fri, 02 Dec 2022 15:34:31 GMT
Content-Length: 856
Connection: close
imgs.meizhiban.cn/tp/2022/202202.gif
107.148.135.219301 Moved Permanently 0 B URL HTTP/1.1 imgs.meizhiban.cn/tp/2022/202202.gif
IP 107.148.135.219:0
ASN #398823 PEGTECHINC-AP-02
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tp/2022/202202.gif HTTP/1.1
Host: imgs.meizhiban.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Server: kangle/3.5.14
Date: Fri, 02 Dec 2022 15:37:35 GMT
Location: https://d31q194n7fpdes.cloudfront.net/mygai/tp/2022/202202.gif
Content-Length: 0
Connection: close
imgs.meizhiban.cn/tp/100/100sjb.gif
107.148.135.219301 Moved Permanently 0 B URL HTTP/1.1 imgs.meizhiban.cn/tp/100/100sjb.gif
IP 107.148.135.219:0
ASN #398823 PEGTECHINC-AP-02
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tp/100/100sjb.gif HTTP/1.1
Host: imgs.meizhiban.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Server: kangle/3.5.14
Date: Fri, 02 Dec 2022 15:37:35 GMT
Location: https://d31q194n7fpdes.cloudfront.net/mygai/tp/100/100sjb.gif
Content-Length: 0
Connection: close
imgs.meizhiban.cn/tp/100/100cphf.gif
107.148.135.219301 Moved Permanently 0 B URL HTTP/1.1 imgs.meizhiban.cn/tp/100/100cphf.gif
IP 107.148.135.219:0
ASN #398823 PEGTECHINC-AP-02
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tp/100/100cphf.gif HTTP/1.1
Host: imgs.meizhiban.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Server: kangle/3.5.14
Date: Fri, 02 Dec 2022 15:37:35 GMT
Location: https://d31q194n7fpdes.cloudfront.net/mygai/tp/100/100cphf.gif
Content-Length: 0
Connection: close
imgs.meizhiban.cn/tp/2022/202201.gif
107.148.135.219301 Moved Permanently 0 B URL HTTP/1.1 imgs.meizhiban.cn/tp/2022/202201.gif
IP 107.148.135.219:0
ASN #398823 PEGTECHINC-AP-02
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tp/2022/202201.gif HTTP/1.1
Host: imgs.meizhiban.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Server: kangle/3.5.14
Date: Fri, 02 Dec 2022 15:37:35 GMT
Location: https://d31q194n7fpdes.cloudfront.net/mygai/tp/2022/202201.gif
Content-Length: 0
Connection: close
imgs.meizhiban.cn/tp/626969/00886tk.gif
107.148.135.219301 Moved Permanently 0 B URL HTTP/1.1 imgs.meizhiban.cn/tp/626969/00886tk.gif
IP 107.148.135.219:0
ASN #398823 PEGTECHINC-AP-02
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tp/626969/00886tk.gif HTTP/1.1
Host: imgs.meizhiban.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Server: kangle/3.5.14
Date: Fri, 02 Dec 2022 15:37:35 GMT
Location: https://d31q194n7fpdes.cloudfront.net/mygai/tp/626969/00886tk.gif
Content-Length: 0
Connection: close
imgs.meizhiban.cn/tp/8769/8769hf.gif
107.148.135.219301 Moved Permanently 0 B URL HTTP/1.1 imgs.meizhiban.cn/tp/8769/8769hf.gif
IP 107.148.135.219:0
ASN #398823 PEGTECHINC-AP-02
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tp/8769/8769hf.gif HTTP/1.1
Host: imgs.meizhiban.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Server: kangle/3.5.14
Date: Fri, 02 Dec 2022 15:37:35 GMT
Location: https://d31q194n7fpdes.cloudfront.net/mygai/tp/8769/8769hf.gif
Content-Length: 0
Connection: close
imgs.meizhiban.cn/tp/hf/1989_800x100.gif
107.148.135.219301 Moved Permanently 0 B URL HTTP/1.1 imgs.meizhiban.cn/tp/hf/1989_800x100.gif
IP 107.148.135.219:0
ASN #398823 PEGTECHINC-AP-02
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tp/hf/1989_800x100.gif HTTP/1.1
Host: imgs.meizhiban.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Server: kangle/3.5.14
Date: Fri, 02 Dec 2022 15:37:35 GMT
Location: https://d31q194n7fpdes.cloudfront.net/mygai/tp/hf/1989_800x100.gif
Content-Length: 0
Connection: close
258686.cc/bbs/jmxc.js
16.162.201.20200 OK 858 B IP 16.162.201.20:0
File type HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash c5bf904dcb5d078fc32a098bc102980c
0efa213077170c49152b069c64b5cd1d3571cb63
cf58f32fe80091b322de6e026a729c130ae66779e8d2efff0cd6dfb8e0248966
Analyzer Verdict Alert fortinet Phishing
GET /bbs/jmxc.js HTTP/1.1
Host: 258686.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "806590495f6d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Fri, 02 Dec 2022 15:03:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Fri, 02 Dec 2022 15:26:33 GMT
Content-Length: 858
Connection: close
258686.cc/jsdc/9898.js
16.162.201.20200 OK 1.3 kB IP 16.162.201.20:0
File type HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (331), with CRLF line terminators
Hash 1ec275cf09b0ab8583915ff6b1533c7e
899d7a9a33449385c52104cf56aa94a102f0a610
e2860de7fbf35e63838e4e2cff773cf7cf6912ffca0b85d617bd6e4f2047410d
Analyzer Verdict Alert fortinet Phishing
GET /jsdc/9898.js HTTP/1.1
Host: 258686.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "0fe84bca7fcd81:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sun, 20 Nov 2022 06:17:16 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Fri, 02 Dec 2022 14:25:53 GMT
Content-Length: 1310
Connection: close
imgs.meizhiban.cn/tp/hf/895_800x100.gif
107.148.135.219301 Moved Permanently 0 B URL HTTP/1.1 imgs.meizhiban.cn/tp/hf/895_800x100.gif
IP 107.148.135.219:0
ASN #398823 PEGTECHINC-AP-02
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tp/hf/895_800x100.gif HTTP/1.1
Host: imgs.meizhiban.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Server: kangle/3.5.14
Date: Fri, 02 Dec 2022 15:37:35 GMT
Location: https://d31q194n7fpdes.cloudfront.net/mygai/tp/hf/895_800x100.gif
Content-Length: 0
Connection: close
258686.cc/jsdc/852.js
16.162.201.20200 OK 1.3 kB IP 16.162.201.20:0
File type HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (331), with CRLF line terminators
Hash 223f525ca2492f293f6a990ba578db40
04f6182e878d4f9af401f060719aa17ff53952e4
4730e6a43cfea210a19b4af0b850520a685eb1d199aed5e65cda2fdb06668d08
Analyzer Verdict Alert fortinet Phishing
GET /jsdc/852.js HTTP/1.1
Host: 258686.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "0fe84bca7fcd81:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sun, 20 Nov 2022 06:17:16 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Fri, 02 Dec 2022 14:39:33 GMT
Content-Length: 1307
Connection: close
258686.cc/bbs/stzt.js
16.162.201.20200 OK 963 B IP 16.162.201.20:0
File type HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 98912095976b1bd9762bbde2ffdbc227
2cffea9f2d90daaccdded2ee93eeb71a84f0c533
d665dc7a78c24ec51676a5be18cc586be1743a9fe358c47e60d552da256416b8
Analyzer Verdict Alert fortinet Phishing
GET /bbs/stzt.js HTTP/1.1
Host: 258686.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "0fc284a5f6d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Fri, 02 Dec 2022 15:03:52 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Fri, 02 Dec 2022 15:19:29 GMT
Content-Length: 963
Connection: close
258686.cc/bbs/jssx.js
16.162.201.20200 OK 754 B IP 16.162.201.20:0
File type HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash dc5ce7b5f6a1672cdd6f016d519cbc9d
1bcade8044be15cae5ee4cf63e93231578f76fab
923858013f4c3adafd1f3de66dafdf261aa2cb078ef327759bb1d0199b2d0504
Analyzer Verdict Alert fortinet Phishing
GET /bbs/jssx.js HTTP/1.1
Host: 258686.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Encoding: gzip
ETag: W/"733114a5f6d91:0"
Content-Type: application/javascript
Last-Modified: Fri, 02 Dec 2022 15:03:51 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/10.0
Date: Fri, 02 Dec 2022 15:27:39 GMT
Content-Length: 754
Connection: close
258686.cc/bbs/jcbt.js
16.162.201.20200 OK 2.3 kB IP 16.162.201.20:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 9baac4a4447e51d066707fae4af619cc
5a7b4f3e50f7081436b9dd4161881e09d153d516
90cf6b5664701ed030beb4237bd73a6ac686ce984542cdd23601e42eca7a80e3
Analyzer Verdict Alert fortinet Phishing
GET /bbs/jcbt.js HTTP/1.1
Host: 258686.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "0cff7485f6d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Fri, 02 Dec 2022 15:03:50 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Fri, 02 Dec 2022 15:33:50 GMT
Content-Length: 2338
Connection: close
258686.cc/jsdc/1989.js
16.162.201.20200 OK 1.3 kB IP 16.162.201.20:0
File type HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (331), with CRLF line terminators
Hash 000a26ae018b13cd43483535c7ea73f3
8ddd62ba201e377aa880bc61e4ddd3da477ccb57
b8e1a35f2dddbf5ddec600be0621e4e9ca4181c1aad9e8ffb7c05f9dd47165f1
Analyzer Verdict Alert fortinet Phishing
GET /jsdc/1989.js HTTP/1.1
Host: 258686.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "0fe84bca7fcd81:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sun, 20 Nov 2022 06:17:16 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Fri, 02 Dec 2022 14:39:34 GMT
Content-Length: 1314
Connection: close
258686.cc/bbs/7wzt.js
16.162.201.20200 OK 1.0 kB IP 16.162.201.20:0
File type HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 16981e0c1dbc98f9446003f957a61b54
9d5b4886a396858cd7cc4b0319aa454b25b63fd1
03363ca1b8e5ff3ed78758b8e3ad110e297a54a1fb5df9124a5c8346541d0e73
Analyzer Verdict Alert fortinet Phishing
GET /bbs/7wzt.js HTTP/1.1
Host: 258686.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "0cff7485f6d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Fri, 02 Dec 2022 15:03:50 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Fri, 02 Dec 2022 15:15:50 GMT
Content-Length: 1041
Connection: close
258686.cc/bbs/jsbanbo.js
16.162.201.20200 OK 1.0 kB IP 16.162.201.20:0
File type HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 26fab10481fb3cecb9402a29e7957edb
55f649c74574a2b09179c6ccdcd09dfe6abf7be4
99261d4c0d56abaed401816369a842b39ab2dbdfcdb036d38a51de2a1e88d52c
Analyzer Verdict Alert fortinet Phishing
GET /bbs/jsbanbo.js HTTP/1.1
Host: 258686.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: W/"806590495f6d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Fri, 02 Dec 2022 15:03:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Fri, 02 Dec 2022 15:27:43 GMT
Content-Length: 1043
Connection: close
258686.cc/bbs/6xzt.js
16.162.201.20200 OK 979 B IP 16.162.201.20:0
File type HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash ea2f3305543844c2c3d6e9a6c98b4adf
54ecc1814d5546691e49560aa5aabdb13a1bcacf
c1090e4fb8601b41036f8c397df74236483ce69fc57b2ad55e1a91c18060e08f
Analyzer Verdict Alert fortinet Phishing
GET /bbs/6xzt.js HTTP/1.1
Host: 258686.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "0cff7485f6d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Fri, 02 Dec 2022 15:03:50 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Fri, 02 Dec 2022 15:39:11 GMT
Content-Length: 979
Connection: close
258686.cc/bbs/zhxj.js
16.162.201.20200 OK 1.2 kB IP 16.162.201.20:0
File type HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 598f975f3e11092ce0be999795fe552a
1d7ba67a730b15b9348e9c4531ed1438eace0c39
8ff6ebafc1f792602672448efecd3b5ac48ad2b8a96f36c70623e51277fcdee6
Analyzer Verdict Alert fortinet Phishing
GET /bbs/zhxj.js HTTP/1.1
Host: 258686.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "803596baeb5d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Fri, 02 Dec 2022 01:16:39 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Fri, 02 Dec 2022 15:27:40 GMT
Content-Length: 1172
Connection: close
258686.cc/bbs/cxqdx.js
16.162.201.20200 OK 917 B IP 16.162.201.20:0
File type HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash edb37d77a6746663bf64a48bf622ff0b
517edd25695bfe1aefc272c425b8f5d5e8f4a723
8832c84238135758f43077c554b1bd78b6c8657b2db8096442154f64ae0c12c2
Analyzer Verdict Alert fortinet Phishing
GET /bbs/cxqdx.js HTTP/1.1
Host: 258686.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "806590495f6d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Fri, 02 Dec 2022 15:03:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Fri, 02 Dec 2022 15:19:29 GMT
Content-Length: 917
Connection: close
258686.cc/jsdc/2025.js
16.162.201.20200 OK 1.3 kB IP 16.162.201.20:0
File type HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (331), with CRLF line terminators
Hash 09a855359d02b1410e6bf6a2ed199648
43f66be621b2ed497ee995bdf9cd046d35fa6687
4736981a8ab53f327aa003e2c2a689bb414d8071bbb79bc499a2a58aee52c5f6
Analyzer Verdict Alert fortinet Phishing
GET /jsdc/2025.js HTTP/1.1
Host: 258686.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "0fe84bca7fcd81:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sun, 20 Nov 2022 06:17:16 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Fri, 02 Dec 2022 14:47:20 GMT
Content-Length: 1328
Connection: close
258686.cc/bbs/3guo.js
16.162.201.20200 OK 1.0 kB IP 16.162.201.20:0
File type HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash a6b7572919484d7bc0ad59e73e1ae3cc
f541cfc7f9bfc056b68f871664e48c6b3264dba1
964a049a89589c161a46be6a08ef3703295843a47c4c9cac2722dda1197ce7ae
Analyzer Verdict Alert fortinet Phishing
GET /bbs/3guo.js HTTP/1.1
Host: 258686.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "0cff7485f6d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Fri, 02 Dec 2022 15:03:50 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Fri, 02 Dec 2022 15:34:41 GMT
Content-Length: 1049
Connection: close
258686.cc/bbs/36ma.js
16.162.201.20200 OK 947 B IP 16.162.201.20:0
File type HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 5a25103ecbae220e5dac314894c98a81
4c6cb3cfb3bf8584caccb70e3925e4da9a4de684
6ae1e6133b6b6f753c7c4dd29d2d8a676b4a3b46de626b78a036391903b4445d
Analyzer Verdict Alert fortinet Phishing
GET /bbs/36ma.js HTTP/1.1
Host: 258686.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "0cff7485f6d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Fri, 02 Dec 2022 15:03:50 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Fri, 02 Dec 2022 15:34:32 GMT
Content-Length: 947
Connection: close
258686.cc/bbs/jxzt.js
16.162.201.20200 OK 986 B IP 16.162.201.20:0
File type HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash b9c91cc4ef7daa1db24941856ed6f31f
e7dd8c98ff8ca4327a970ba083a4ee5ed78e0aaf
2e6c508e643b00892fc9848a3696901a253ce7ad56d67ca141a162d874badf45
Analyzer Verdict Alert fortinet Phishing
GET /bbs/jxzt.js HTTP/1.1
Host: 258686.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "806590495f6d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Fri, 02 Dec 2022 15:03:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Fri, 02 Dec 2022 15:34:32 GMT
Content-Length: 986
Connection: close
258686.cc/jsdc/895cc.js
16.162.201.20200 OK 1.3 kB IP 16.162.201.20:0
File type HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (331), with CRLF line terminators
Hash ee342f5c203b3ff834b82a51032f2450
e2e5cb27a92b174fc99122e39915ba83eb89b8f7
9baa549d7181d958b97f37918cb160cbe7ffb7036dc8cf43a595093bfd3ab396
Analyzer Verdict Alert fortinet Phishing
GET /jsdc/895cc.js HTTP/1.1
Host: 258686.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "0fe84bca7fcd81:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sun, 20 Nov 2022 06:17:16 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Fri, 02 Dec 2022 14:39:34 GMT
Content-Length: 1315
Connection: close
258686.cc/21087433.js
16.162.201.20200 OK 2.3 kB IP 16.162.201.20:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (4898), with no line terminators
Hash d884a46e4dd35c7a2b7eaae79e9bfa09
be33fcf9be712dbb8eb2c97659c4113775199f29
15f812bdb896c2bfc0598ef3c183564a86afc44b9cca9ff8d518b4a08eb13124
Analyzer Verdict Alert fortinet Phishing
GET /21087433.js HTTP/1.1
Host: 258686.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "0b944e9311cd81:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Mon, 07 Feb 2022 14:49:30 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Fri, 02 Dec 2022 14:39:35 GMT
Content-Length: 2318
Connection: close
258686.cc/bbs/xjgsb.js
16.162.201.20200 OK 2.1 kB IP 16.162.201.20:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 79395761cebcc33f1dafb7f5b397eab0
b6830dc277f42851f56ebb50ba404378a0ed3c6d
84ee1ff80e64cdb471a6ce78faead60a178c9b7ae97d18468a1f127664ff2636
Analyzer Verdict Alert fortinet Phishing
GET /bbs/xjgsb.js HTTP/1.1
Host: 258686.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "8092c14a5f6d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Fri, 02 Dec 2022 15:03:53 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Fri, 02 Dec 2022 15:34:31 GMT
Content-Length: 2086
Connection: close
258686.cc/jsdc/1999.js
16.162.201.20200 OK 1.3 kB IP 16.162.201.20:0
File type HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (331), with CRLF line terminators
Hash 9d36bc93e8c768d6b9749dce139c8e9d
c956efec065ae492d0d7488fd93a5cdb35471dd5
5b4e31b1f99826c9b88e33b2d5fbf9d805d4d8b8e7995997ea9c9527cdb3692b
Analyzer Verdict Alert fortinet Phishing
GET /jsdc/1999.js HTTP/1.1
Host: 258686.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "0fe84bca7fcd81:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sun, 20 Nov 2022 06:17:16 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Fri, 02 Dec 2022 15:21:52 GMT
Content-Length: 1327
Connection: close
258686.cc/5z30m.js
16.162.201.20200 OK 1.2 kB IP 16.162.201.20:0
File type HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (303), with CRLF line terminators
Hash a0c0871dcbe9db16e877aa8320a3f4a2
ea80834cc431503c1fa782b0969c12e8189725b1
d92cdbaec1951d6f509afc53d12a58b8a4244bf4ade523e8670e1eb89ffd5785
Analyzer Verdict Alert fortinet Phishing
GET /5z30m.js HTTP/1.1
Host: 258686.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "03bb57b261d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Fri, 25 Nov 2022 23:34:38 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Fri, 02 Dec 2022 15:34:28 GMT
Content-Length: 1161
Connection: close
258686.cc/21272965.js
16.162.201.20200 OK 2.3 kB IP 16.162.201.20:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (4898), with no line terminators
Hash 30aad511500ce7d2db48f8f7cf3f9acf
48eb3572e0ecc947bb14f0ec21a19f52a592ceb3
c1c6596b48bace76769a051953c7f77c28396d8f57b87cfbf21e96b83c37b1e0
Analyzer Verdict Alert fortinet Phishing
GET /21272965.js HTTP/1.1
Host: 258686.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "0171139ed36d81:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sun, 13 Mar 2022 15:15:50 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Fri, 02 Dec 2022 14:47:21 GMT
Content-Length: 2318
Connection: close
258686.cc/bbs/gsb.js
16.162.201.20200 OK 1.8 kB IP 16.162.201.20:0
File type HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (376), with CRLF line terminators
Hash 4b313d6800599ab4b7c82c7c0529ffd2
d9c1bc41f4827cc7e54769997d9bbf18e11eb0ca
75f06ac5ee05956c528c2d95f72ce04cfac00c0b167a1e8ac0b5b0b93eac5292
Analyzer Verdict Alert fortinet Phishing
GET /bbs/gsb.js HTTP/1.1
Host: 258686.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: W/"8092c14a5f6d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Fri, 02 Dec 2022 15:03:53 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Fri, 02 Dec 2022 15:39:13 GMT
Content-Length: 1756
Connection: close
258686.cc/bbs/dxzt.js
16.162.201.20200 OK 883 B IP 16.162.201.20:0
File type HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (317), with CRLF line terminators
Hash f25dfe25dd33f515fdf3df5967aae4c7
88dc6318e5f3a112a28e77d9df0abb8ad647da4c
9d52ec9a58b6df4360473bcf19e75c9cde0a5e9f6d547f8e0b7afe1b163a129c
Analyzer Verdict Alert fortinet Phishing
GET /bbs/dxzt.js HTTP/1.1
Host: 258686.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "806590495f6d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Fri, 02 Dec 2022 15:03:51 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Fri, 02 Dec 2022 15:23:33 GMT
Content-Length: 883
Connection: close
258686.cc/bbs/hongzi.js
16.162.201.20200 OK 714 B IP 16.162.201.20:0
File type HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 3bbfa1428c658d3b0f7040c2e1ebc8d8
89631d728efe3e9780f9c2083a72abf0079aba4e
883e6eb3af1624b6281fd49bc9eefb41a99694ef4fc0734df8eca61a075a44a0
Analyzer Verdict Alert fortinet Phishing
GET /bbs/hongzi.js HTTP/1.1
Host: 258686.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Encoding: gzip
ETag: "e85881485f6d91:0"
Content-Type: application/javascript
Last-Modified: Fri, 02 Dec 2022 15:03:49 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/10.0
Date: Fri, 02 Dec 2022 15:34:31 GMT
Content-Length: 714
Connection: close
258686.cc/bbs/jssw.js
16.162.201.20200 OK 772 B IP 16.162.201.20:0
File type HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash ef137474daf735168bd3f16215eca71e
c57f4271a8e733634aec35a8c686764f44796c25
820fcfbe8444df310aa105304677d2b3b60a9ced87b1559280844641fa9ef29e
Analyzer Verdict Alert fortinet Phishing
GET /bbs/jssw.js HTTP/1.1
Host: 258686.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Encoding: gzip
ETag: W/"2281f4a5f6d91:0"
Content-Type: application/javascript
Last-Modified: Fri, 02 Dec 2022 15:03:51 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/10.0
Date: Fri, 02 Dec 2022 15:39:13 GMT
Transfer-Encoding: chunked
Connection: close
258686.cc/bbs/pt5bz.js
16.162.201.20200 OK 893 B IP 16.162.201.20:0
File type HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 8498a6cbe7c5552f8eb7d06b922bb4be
0d24fdcdf870abe75a1cda4575d835d84ddc78c8
0fe6314047289daa3df89ca8b14075b1ed141da3768c897453b60e6e396f3416
Analyzer Verdict Alert fortinet Phishing
GET /bbs/pt5bz.js HTTP/1.1
Host: 258686.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "0fc284a5f6d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Fri, 02 Dec 2022 15:03:52 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Fri, 02 Dec 2022 15:34:31 GMT
Content-Length: 893
Connection: close
258686.cc/bbs/yxym.js
16.162.201.20200 OK 950 B IP 16.162.201.20:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 78af8805dd2d065e2c8f0a115f9326cf
4dc384e1f3b1a32855800ed5be850e22b6aafb14
e35b8c94daa963e7e0cff47883b6fdb415467f934a62ae256e4f1078bd90967c
Analyzer Verdict Alert fortinet Phishing
GET /bbs/yxym.js HTTP/1.1
Host: 258686.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "0fc284a5f6d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Fri, 02 Dec 2022 15:03:52 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Fri, 02 Dec 2022 15:23:23 GMT
Content-Length: 950
Connection: close
258686.cc/images/aomqiqi.gif
16.162.201.20200 OK 254 B URL HTTP/1.1 258686.cc/images/aomqiqi.gif
IP 16.162.201.20:0
File type GIF image data, version 89a, 16 x 17\012- data
Hash b013f8fa3ec997fe20dc80b82af0ad0a
e02ce6c30d5c0abfaa3e008d1a3ce7d11f299ed9
119bff063d1d402fdf6e48bc7e681d48aabfb9bc65378dfcf64a8845ec3fceef
GET /images/aomqiqi.gif HTTP/1.1
Host: 258686.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "ab4b5481e23d81:0"
Content-Type: image/gif
Last-Modified: Wed, 16 Feb 2022 10:16:38 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/10.0
Date: Fri, 02 Dec 2022 15:39:14 GMT
Content-Length: 254
Connection: close
258686.cc/bbs/amcz.js
16.162.201.20200 OK 3.1 kB IP 16.162.201.20:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (319), with CRLF line terminators
Hash 8fd985761d22ee2de743fbeec8f2fbeb
936bb3809c60e1616a677700d40fd3f227d7a489
d1f9fc9cc8884177109b2d4fda8be352316ba08132b32d60e412d29d86cda333
Analyzer Verdict Alert fortinet Phishing
GET /bbs/amcz.js HTTP/1.1
Host: 258686.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: W/"0cff7485f6d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Fri, 02 Dec 2022 15:03:50 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Fri, 02 Dec 2022 15:34:31 GMT
Content-Length: 3120
Connection: close
258686.cc/images/htj.gif
16.162.201.20200 OK 1.4 kB IP 16.162.201.20:0
File type GIF image data, version 89a, 30 x 17\012- data
Hash 836bdcff9bf658caa69220f404bc969e
3a94e1edebee0613ef68a9a9b3ab01026204674e
ff09ec2872d7cb87ff39451da22fea270ec3f87f57841094a70e2eebdb2e798c
GET /images/htj.gif HTTP/1.1
Host: 258686.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "53f5910fc5dd71:0"
Content-Type: image/gif
Last-Modified: Thu, 10 Jun 2021 13:25:21 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/10.0
Date: Fri, 02 Dec 2022 15:39:14 GMT
Content-Length: 1422
Connection: close
258686.cc/jsdc/49ac.js
16.162.201.20200 OK 1.7 kB IP 16.162.201.20:0
File type HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (331), with CRLF line terminators
Hash 9aa4a3726ea78441ab08b7e3c4ab87ff
d95d01ed62e7e6d10d7397c5a85d2b447897eff8
3331236257f72c71d8d8c06b58e4defc3d3d1f72cf007a94b4e383faf7781806
Analyzer Verdict Alert fortinet Phishing
GET /jsdc/49ac.js HTTP/1.1
Host: 258686.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "0fe84bca7fcd81:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sun, 20 Nov 2022 06:17:16 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Fri, 02 Dec 2022 14:39:35 GMT
Content-Length: 1716
Connection: close
258686.cc/bbs/cz4z.js
16.162.201.20200 OK 972 B IP 16.162.201.20:0
File type HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash c35a46cb654aa9dc95a8e5c537567b35
2a9f39df0c78a7b777c798abbcf9ebecf4dff036
104434c080f9082e4d6959ab38d1f5d522e8372d2ab7959a8eb2a1ae80fe855f
Analyzer Verdict Alert fortinet Phishing
GET /bbs/cz4z.js HTTP/1.1
Host: 258686.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: W/"80385f485f6d91:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Fri, 02 Dec 2022 15:03:49 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Fri, 02 Dec 2022 15:27:41 GMT
Content-Length: 972
Connection: close
258686.cc/21087101.js
16.162.201.20200 OK 2.3 kB IP 16.162.201.20:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (4898), with no line terminators
Hash 5026ffd6e6c9dfab39611630f4675f44
fb6847e8e5aafd3e9fd7e5769cb85eb99f9ed06e
460807ee247fe0d107d981ea6c648cf27296165c20641204c5d432a4820013d4
Analyzer Verdict Alert fortinet Phishing
GET /21087101.js HTTP/1.1
Host: 258686.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "804fdde9311cd81:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Mon, 07 Feb 2022 14:49:31 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Fri, 02 Dec 2022 15:39:14 GMT
Content-Length: 2317
Connection: close
258686.cc/img/logo.jpg
16.162.201.20200 OK 0 B IP 16.162.201.20:0
GET /img/logo.jpg HTTP/1.1
Host: 258686.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://258686.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
ETag: "81f48cf5592d91:0"
Content-Type: image/jpeg
Last-Modified: Sun, 27 Nov 2022 12:15:37 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/10.0
Date: Fri, 02 Dec 2022 15:16:46 GMT
Content-Length: 137115
Connection: close