urlscan.io logo urlscan.io
SecurityTrails logo

ggyq288.cn Open in urlscan Pro
142.252.28.7  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://ggyq288.cn/
Submission: On August 11 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 3 countries across 5 domains to perform 52 HTTP transactions. The main IP is 142.252.28.7, located in San Jose, United States and belongs to EGIHOSTING, US. The main domain is ggyq288.cn.
This is the only time ggyq288.cn was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: First Citizens Bank (Banking)

Domain & IP information

IP Address AS Autonomous System
23 38 142.252.28.7 18779 (EGIHOSTING)
20 69.89.129.19 22976 (FIRST-CIT...)
4 103.235.46.191 55967 (BAIDU Bei...)
1 2 202.79.171.227 64050 (BCPL-SG B...)
1 39.156.68.163 9808 (CMNET-GD ...)
1 11 104.17.209.240 13335 (CLOUDFLAR...)
52 7
38    142.252.28.7 (San Jose, United States)

ASN18779 (EGIHOSTING, US)
ggyq288.cn
www.ggyq288.cn
20    69.89.129.19 (United States)

ASN22976 (FIRST-CITIZENS-01, US)
PTR: m.guarantybank.com
www.firstcitizens.com
4    103.235.46.191 (Hong Kong)

ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN)
hm.baidu.com
2    202.79.171.227 (Hong Kong)

ASN64050 (BCPL-SG BGPNET Global ASN, SG)
www.qqwwddffvvaadas13da5s4d5as7d86.vip
1    39.156.68.163 (China)

ASN9808 (CMNET-GD Guangdong Mobile Communication Co.Ltd., CN)
api.share.baidu.com
11    104.17.209.240 (United States)

ASN13335 (CLOUDFLARENET, US)
zndhwk2nlgcbvdel3-firstcitizensbank.siteintercept.qualtrics.com
siteintercept.qualtrics.com
Domain Requested by
31 ggyq288.cn 23 redirects ggyq288.cn
20 www.firstcitizens.com ggyq288.cn
9 siteintercept.qualtrics.com zndhwk2nlgcbvdel3-firstcitizensbank.siteintercept.qualtrics.com
siteintercept.qualtrics.com
7 www.ggyq288.cn ggyq288.cn
4 hm.baidu.com ggyq288.cn
2 zndhwk2nlgcbvdel3-firstcitizensbank.siteintercept.qualtrics.com 1 redirects
2 www.qqwwddffvvaadas13da5s4d5as7d86.vip 1 redirects ggyq288.cn
1 api.share.baidu.com ggyq288.cn
0 trk.ggyq288.cn Failed ggyq288.cn
52 9

This site contains links to these domains. Also see Links.

Domain
locations.ggyq288.cn
jobs.ggyq288.cn
digitalbanking.ggyq288.cn
banking.ggyq288.cn
apply.ggyq288.cn
Subject Issuer Validity Valid
firstcitizens.com
DigiCert SHA2 Secure Server CA		 2020-07-09 -
2022-07-10		 2 years crt.sh
baidu.com
GlobalSign Organization Validation CA - SHA256 - G2		 2020-04-02 -
2021-07-26		 a year crt.sh
*.qualtrics.com
DigiCert SHA2 Secure Server CA		 2018-10-08 -
2021-01-06		 2 years crt.sh

This page contains 2 frames:

Primary Page: http://ggyq288.cn/
Frame ID: F417F681D3927FE254F12886C3ED856A
Requests: 51 HTTP requests in this frame

Frame: http://www.qqwwddffvvaadas13da5s4d5as7d86.vip/sd/
Frame ID: 7664563CAE3F61DB9442E5AC2E1C3375
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • headers server /Microsoft-HTTPAPI(?:\/([\d.]+))?/i

Page Statistics

52
Requests

65 %
HTTPS

0 %
IPv6

5
Domains

9
Subdomains

7
IPs

3
Countries

987 kB
Transfer

1257 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • http://ggyq288.cn/fonts/MyFontsWebfontsKit.css HTTP 302
  • https://www.firstcitizens.com/fonts/myfontswebfontskit.css
Request Chain 6
  • http://ggyq288.cn/css/fcb-main.css?v=072820 HTTP 302
  • http://www.ggyq288.cn/css/fcb-main.css?v=072820
Request Chain 7
  • http://ggyq288.cn/css/fcb-responsive.css?v=072820 HTTP 302
  • http://www.ggyq288.cn/css/fcb-responsive.css?v=072820
Request Chain 10
  • http://ggyq288.cn/img/logo_fcb.svg HTTP 302
  • https://www.firstcitizens.com/img/logo_fcb.svg
Request Chain 11
  • http://ggyq288.cn/img/gcs_sm.png HTTP 302
  • https://www.firstcitizens.com/img/gcs_sm.png
Request Chain 12
  • http://ggyq288.cn/images/banners/personal/FCB-Govt-Mortgage-795x270_12.19.19.png HTTP 302
  • https://www.firstcitizens.com/images/banners/personal/fcb-govt-mortgage-795x270_12.19.19.png
Request Chain 13
  • http://ggyq288.cn/images/banners/personal/FCB-Govt-Mortgage-560x320_12.19.19.png HTTP 302
  • https://www.firstcitizens.com/images/banners/personal/fcb-govt-mortgage-560x320_12.19.19.png
Request Chain 14
  • http://ggyq288.cn/content/images/content_personal_carousel_7for2017.png HTTP 302
  • https://www.firstcitizens.com/content/images/content_personal_carousel_7for2017.png
Request Chain 15
  • http://ggyq288.cn/content/images/content_personal_carousel_bank-at-home_300x90.png HTTP 302
  • https://www.firstcitizens.com/content/images/content_personal_carousel_bank-at-home_300x90.png
Request Chain 16
  • http://ggyq288.cn/content/images/Carousel-Banners_COVID19_300x90.jpg HTTP 302
  • https://www.firstcitizens.com/content/images/carousel-banners_covid19_300x90.jpg
Request Chain 17
  • http://ggyq288.cn/content/images/content_placeholder.jpg HTTP 302
  • https://www.firstcitizens.com/content/images/content_placeholder.jpg
Request Chain 18
  • http://ggyq288.cn/images/tca/TCA_desktop_1x_02.13.19.jpg HTTP 302
  • https://www.firstcitizens.com/images/tca/tca_desktop_1x_02.13.19.jpg
Request Chain 19
  • http://ggyq288.cn/images/tca/TCA_logo_1x_02.13.19.png HTTP 302
  • https://www.firstcitizens.com/images/tca/tca_logo_1x_02.13.19.png
Request Chain 20
  • http://ggyq288.cn/content/images/fcb-badge-logo-130x130.png HTTP 302
  • https://www.firstcitizens.com/content/images/fcb-badge-logo-130x130.png
Request Chain 21
  • http://ggyq288.cn/img/icon_equalhousing.png HTTP 302
  • https://www.firstcitizens.com/img/icon_equalhousing.png
Request Chain 22
  • http://ggyq288.cn/img/icon_memberfdic.png HTTP 302
  • https://www.firstcitizens.com/img/icon_memberfdic.png
Request Chain 23
  • http://ggyq288.cn/img/logo_foreverfirst.png HTTP 302
  • https://www.firstcitizens.com/img/logo_foreverfirst.png
Request Chain 24
  • http://ggyq288.cn/includes-new/securimage/securimage_show.php HTTP 302
  • http://www.ggyq288.cn/includes-new/securimage/securimage_show.php
Request Chain 25
  • http://ggyq288.cn/img/icon_reloadcaptcha.png HTTP 302
  • https://www.firstcitizens.com/img/icon_reloadcaptcha.png
Request Chain 28
  • http://www.qqwwddffvvaadas13da5s4d5as7d86.vip/sd HTTP 301
  • http://www.qqwwddffvvaadas13da5s4d5as7d86.vip/sd/
Request Chain 29
  • http://ggyq288.cn/fonts/MyFontsWebfontsKit.css HTTP 302
  • https://www.firstcitizens.com/fonts/myfontswebfontskit.css
Request Chain 33
  • http://ggyq288.cn/img/tab_divider.png HTTP 302
  • https://www.firstcitizens.com/img/tab_divider.png
Request Chain 34
  • http://ggyq288.cn/img/icon_planning.png HTTP 302
  • https://www.firstcitizens.com/img/icon_planning.png
Request Chain 35
  • http://ggyq288.cn/img/icon_expand_arrow_dk_blue.png HTTP 302
  • https://www.firstcitizens.com/img/icon_expand_arrow_dk_blue.png
Request Chain 41
  • http://zndhwk2nlgcbvdel3-firstcitizensbank.siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_ZID=ZN_dhWK2NLgcbvdeL3&t=1597105973001 HTTP 301
  • https://zndhwk2nlgcbvdel3-firstcitizensbank.siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_ZID=ZN_dhWK2NLgcbvdeL3&t=1597105973001
Request Chain 50
  • http://siteintercept.qualtrics.com/WRQualtricsShared/Graphics//siteintercept/feedback-dkblue-right.png HTTP 307
  • https://siteintercept.qualtrics.com/WRQualtricsShared/Graphics//siteintercept/feedback-dkblue-right.png

52 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
ggyq288.cn/ 		131 KB
23 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://ggyq288.cn/
Protocol
HTTP/1.1
Server
142.252.28.7 San Jose, United States, ASN18779 (EGIHOSTING, US),
Reverse DNS
Software
Nginx Microsoft-HTTPAPI/2.0 / Nginx
Resource Hash
61fdb4081561c160653f09bf5678a9a47e0844fcb57b4b217f8fcd6394af9eae

Request headers

Host
ggyq288.cn
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Transfer-Encoding
chunked
Content-Type
text/html; charset=utf-8
Content-Encoding
gzip
ETag
"8d83856b979ded6"
Server
Nginx Microsoft-HTTPAPI/2.0
X-Powered-By
Nginx
Date
Tue, 11 Aug 2020 00:32:37 GMT
8f0cc8c1-a758-427f-bd6c-4ac925829c0a.js
ggyq288.cn/js/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://ggyq288.cn/js/8f0cc8c1-a758-427f-bd6c-4ac925829c0a.js
Requested by
Host: ggyq288.cn
URL: http://ggyq288.cn/
Protocol
HTTP/1.1
Server
142.252.28.7 San Jose, United States, ASN18779 (EGIHOSTING, US),
Reverse DNS
Software
Nginx Microsoft-HTTPAPI/2.0 / Nginx
Resource Hash
8f82976b46f7ba14f455fb06a8cbe0e2152eb8cbe8647f47ca2dc9c567324264

Request headers

Referer
http://ggyq288.cn/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 11 Aug 2020 00:32:38 GMT
Content-Encoding
gzip
Server
Nginx Microsoft-HTTPAPI/2.0
Cache-Control
no-cache, no-store, must-revalidate
X-Powered-By
Nginx
Transfer-Encoding
chunked
Content-Type
application/javascript; charset=utf-8
myfontswebfontskit.css
www.firstcitizens.com/fonts/
Redirect Chain
  • http://ggyq288.cn/fonts/MyFontsWebfontsKit.css
  • https://www.firstcitizens.com/fonts/myfontswebfontskit.css
0
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.firstcitizens.com/fonts/myfontswebfontskit.css
Requested by
Host: ggyq288.cn
URL: http://ggyq288.cn/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.89.129.19 , United States, ASN22976 (FIRST-CITIZENS-01, US),
Reverse DNS
m.guarantybank.com
Software
/
Resource Hash

Request headers

Referer
http://ggyq288.cn/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Redirect headers

Location
https://www.firstcitizens.com/fonts/myfontswebfontskit.css
Date
Tue, 11 Aug 2020 00:32:37 GMT
Server
Nginx Microsoft-HTTPAPI/2.0
X-Powered-By
Nginx
Transfer-Encoding
chunked
bootstrap.min.css
ggyq288.cn/css/ 		84 KB
84 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://ggyq288.cn/css/bootstrap.min.css?v=032020
Requested by
Host: ggyq288.cn
URL: http://ggyq288.cn/
Protocol
HTTP/1.1
Server
142.252.28.7 San Jose, United States, ASN18779 (EGIHOSTING, US),
Reverse DNS
Software
Nginx Microsoft-HTTPAPI/2.0 / Nginx
Resource Hash
2f233e39fe1abd557a821cefc3c761ba846c8c0c1130dea087ffb87a83820cd7

Request headers

Referer
http://ggyq288.cn/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 11 Aug 2020 00:32:37 GMT
ETag
"8d83d8d2afc03c0"
Server
Nginx Microsoft-HTTPAPI/2.0
X-Powered-By
Nginx
Transfer-Encoding
chunked
Content-Type
text/css
fcb-style.css
ggyq288.cn/css/ 		25 KB
25 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://ggyq288.cn/css/fcb-style.css?v=032020
Requested by
Host: ggyq288.cn
URL: http://ggyq288.cn/
Protocol
HTTP/1.1
Server
142.252.28.7 San Jose, United States, ASN18779 (EGIHOSTING, US),
Reverse DNS
Software
Nginx Microsoft-HTTPAPI/2.0 / Nginx
Resource Hash
71ec1fef01b25e040a2208ad5c3641a10b4faedecf76e3e0e466ae77d3b2f12a

Request headers

Referer
http://ggyq288.cn/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 11 Aug 2020 00:32:37 GMT
ETag
"8d83d8d2a46ccd7"
Server
Nginx Microsoft-HTTPAPI/2.0
X-Powered-By
Nginx
Transfer-Encoding
chunked
Content-Type
text/css
fcb-header.css
ggyq288.cn/css/ 		15 KB
15 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://ggyq288.cn/css/fcb-header.css?v=110719
Requested by
Host: ggyq288.cn
URL: http://ggyq288.cn/
Protocol
HTTP/1.1
Server
142.252.28.7 San Jose, United States, ASN18779 (EGIHOSTING, US),
Reverse DNS
Software
Nginx Microsoft-HTTPAPI/2.0 / Nginx
Resource Hash
214a0e116cca5f1af965b942fe7addff9ea251cd2546b2082329be46a2393c3e

Request headers

Referer
http://ggyq288.cn/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 11 Aug 2020 00:32:37 GMT
ETag
"8d83d8d29911764"
Server
Nginx Microsoft-HTTPAPI/2.0
X-Powered-By
Nginx
Transfer-Encoding
chunked
Content-Type
text/css
fcb-footer.css
ggyq288.cn/css/ 		3 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://ggyq288.cn/css/fcb-footer.css?v=032020
Requested by
Host: ggyq288.cn
URL: http://ggyq288.cn/
Protocol
HTTP/1.1
Server
142.252.28.7 San Jose, United States, ASN18779 (EGIHOSTING, US),
Reverse DNS
Software
Nginx Microsoft-HTTPAPI/2.0 / Nginx
Resource Hash
ce06c39578dab4c69b173f706b845412b4978270bab8cfaf47ac10c06e554add

Request headers

Referer
http://ggyq288.cn/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 11 Aug 2020 00:32:37 GMT
ETag
"8d83d8d296aefa0"
Server
Nginx Microsoft-HTTPAPI/2.0
X-Powered-By
Nginx
Transfer-Encoding
chunked
Content-Type
text/css
fcb-main.css
www.ggyq288.cn/css/
Redirect Chain
  • http://ggyq288.cn/css/fcb-main.css?v=072820
  • http://www.ggyq288.cn/css/fcb-main.css?v=072820
250 KB
250 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://www.ggyq288.cn/css/fcb-main.css?v=072820
Requested by
Host: ggyq288.cn
URL: http://ggyq288.cn/
Protocol
HTTP/1.1
Server
142.252.28.7 San Jose, United States, ASN18779 (EGIHOSTING, US),
Reverse DNS
Software
Nginx Microsoft-HTTPAPI/2.0 / Nginx
Resource Hash
c256719730fbd3529f413c559398c9aa57d4cd96a04972fb90b7919b2817d877

Request headers

Referer
http://ggyq288.cn/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 11 Aug 2020 00:32:41 GMT
Cache-Control
public,max-age=31536000
Server
Nginx Microsoft-HTTPAPI/2.0
accept-ranges
bytes
X-Powered-By
Nginx
Content-Length
255813
Content-Type
text/css

Redirect headers

Location
http://www.ggyq288.cn/css/fcb-main.css?v=072820
Date
Tue, 11 Aug 2020 00:32:37 GMT
Server
Nginx Microsoft-HTTPAPI/2.0
X-Powered-By
Nginx
Transfer-Encoding
chunked
fcb-responsive.css
www.ggyq288.cn/css/
Redirect Chain
  • http://ggyq288.cn/css/fcb-responsive.css?v=072820
  • http://www.ggyq288.cn/css/fcb-responsive.css?v=072820
298 KB
298 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://www.ggyq288.cn/css/fcb-responsive.css?v=072820
Requested by
Host: ggyq288.cn
URL: http://ggyq288.cn/
Protocol
HTTP/1.1
Server
142.252.28.7 San Jose, United States, ASN18779 (EGIHOSTING, US),
Reverse DNS
Software
Nginx Microsoft-HTTPAPI/2.0 / Nginx
Resource Hash
985b67b9ace7c3f438e02e21e51f460635221e40939450cdc0b46790ccd2e87c

Request headers

Referer
http://ggyq288.cn/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 11 Aug 2020 00:32:41 GMT
Cache-Control
public,max-age=31536000
Server
Nginx Microsoft-HTTPAPI/2.0
accept-ranges
bytes
X-Powered-By
Nginx
Content-Length
305288
Content-Type
text/css

Redirect headers

Location
http://www.ggyq288.cn/css/fcb-responsive.css?v=072820
Date
Tue, 11 Aug 2020 00:32:38 GMT
Server
Nginx Microsoft-HTTPAPI/2.0
X-Powered-By
Nginx
Transfer-Encoding
chunked
promo_banner.css
ggyq288.cn/css/ 		14 KB
14 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://ggyq288.cn/css/promo_banner.css?v=072820
Requested by
Host: ggyq288.cn
URL: http://ggyq288.cn/
Protocol
HTTP/1.1
Server
142.252.28.7 San Jose, United States, ASN18779 (EGIHOSTING, US),
Reverse DNS
Software
Nginx Microsoft-HTTPAPI/2.0 / Nginx
Resource Hash
ced3cf09e6e86c8aa187ca6d5a4c1da82ff0ce264bfc3f438a7d9fc5fa8f80f2

Request headers

Referer
http://ggyq288.cn/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 11 Aug 2020 00:32:37 GMT
ETag
"8d83d8d2a2a2fcc"
Server
Nginx Microsoft-HTTPAPI/2.0
X-Powered-By
Nginx
Transfer-Encoding
chunked
Content-Type
text/css
fcb-cleanup.css
ggyq288.cn/css/ 		2 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://ggyq288.cn/css/fcb-cleanup.css?v=072820
Requested by
Host: ggyq288.cn
URL: http://ggyq288.cn/
Protocol
HTTP/1.1
Server
142.252.28.7 San Jose, United States, ASN18779 (EGIHOSTING, US),
Reverse DNS
Software
Nginx Microsoft-HTTPAPI/2.0 / Nginx
Resource Hash
261fd945e63082ace0bab0ea288dddbc5aef48fbc27b876a3eb610becfbff649

Request headers

Referer
http://ggyq288.cn/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 11 Aug 2020 00:32:38 GMT
ETag
"8d83d8d2a171c7f"
Server
Nginx Microsoft-HTTPAPI/2.0
X-Powered-By
Nginx
Transfer-Encoding
chunked
Content-Type
text/css
logo_fcb.svg
www.firstcitizens.com/img/
Redirect Chain
  • http://ggyq288.cn/img/logo_fcb.svg
  • https://www.firstcitizens.com/img/logo_fcb.svg
9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.firstcitizens.com/img/logo_fcb.svg
Requested by
Host: ggyq288.cn
URL: http://ggyq288.cn/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.89.129.19 , United States, ASN22976 (FIRST-CITIZENS-01, US),
Reverse DNS
m.guarantybank.com
Software
Apache /
Resource Hash
01901e279b8d2acdf453d4d0c08e226a352c45eb0c64d5cd0536d4158a722d82

Request headers

Referer
http://ggyq288.cn/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 11 Aug 2020 00:32:40 GMT
Last-Modified
Fri, 27 Mar 2020 21:43:58 GMT
Server
Apache
ETag
"3cf-241e-5a1dcffada380"
Content-Type
image/svg+xml
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=200
Content-Length
9246

Redirect headers

Location
https://www.firstcitizens.com/img/logo_fcb.svg
Date
Tue, 11 Aug 2020 00:32:38 GMT
Server
Nginx Microsoft-HTTPAPI/2.0
X-Powered-By
Nginx
Transfer-Encoding
chunked
gcs_sm.png
www.firstcitizens.com/img/
Redirect Chain
  • http://ggyq288.cn/img/gcs_sm.png
  • https://www.firstcitizens.com/img/gcs_sm.png
430 B
705 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.firstcitizens.com/img/gcs_sm.png
Requested by
Host: ggyq288.cn
URL: http://ggyq288.cn/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.89.129.19 , United States, ASN22976 (FIRST-CITIZENS-01, US),
Reverse DNS
m.guarantybank.com
Software
Apache /
Resource Hash
8ec384c7d34a1372d621fe6bc69f73f53e7ab3b3c124341ede5f63c8e42f5d73

Request headers

Referer
http://ggyq288.cn/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 11 Aug 2020 00:32:40 GMT
Last-Modified
Thu, 27 Jun 2019 20:04:41 GMT
Server
Apache
ETag
"40e6-1ae-58c53ac184840"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=200
Content-Length
430

Redirect headers

Location
https://www.firstcitizens.com/img/gcs_sm.png
Date
Tue, 11 Aug 2020 00:32:38 GMT
Server
Nginx Microsoft-HTTPAPI/2.0
X-Powered-By
Nginx
Transfer-Encoding
chunked
fcb-govt-mortgage-795x270_12.19.19.png
www.firstcitizens.com/images/banners/personal/
Redirect Chain
  • http://ggyq288.cn/images/banners/personal/FCB-Govt-Mortgage-795x270_12.19.19.png
  • https://www.firstcitizens.com/images/banners/personal/fcb-govt-mortgage-795x270_12.19.19.png
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.firstcitizens.com/images/banners/personal/fcb-govt-mortgage-795x270_12.19.19.png
Requested by
Host: ggyq288.cn
URL: http://ggyq288.cn/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.89.129.19 , United States, ASN22976 (FIRST-CITIZENS-01, US),
Reverse DNS
m.guarantybank.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://ggyq288.cn/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Redirect headers

Location
https://www.firstcitizens.com/images/banners/personal/fcb-govt-mortgage-795x270_12.19.19.png
Date
Tue, 11 Aug 2020 00:32:40 GMT
Server
Nginx Microsoft-HTTPAPI/2.0
X-Powered-By
Nginx
Transfer-Encoding
chunked
fcb-govt-mortgage-560x320_12.19.19.png
www.firstcitizens.com/images/banners/personal/
Redirect Chain
  • http://ggyq288.cn/images/banners/personal/FCB-Govt-Mortgage-560x320_12.19.19.png
  • https://www.firstcitizens.com/images/banners/personal/fcb-govt-mortgage-560x320_12.19.19.png
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.firstcitizens.com/images/banners/personal/fcb-govt-mortgage-560x320_12.19.19.png
Requested by
Host: ggyq288.cn
URL: http://ggyq288.cn/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.89.129.19 , United States, ASN22976 (FIRST-CITIZENS-01, US),
Reverse DNS
m.guarantybank.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://ggyq288.cn/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Redirect headers

Location
https://www.firstcitizens.com/images/banners/personal/fcb-govt-mortgage-560x320_12.19.19.png
Date
Tue, 11 Aug 2020 00:32:40 GMT
Server
Nginx Microsoft-HTTPAPI/2.0
X-Powered-By
Nginx
Transfer-Encoding
chunked
content_personal_carousel_7for2017.png
www.firstcitizens.com/content/images/
Redirect Chain
  • http://ggyq288.cn/content/images/content_personal_carousel_7for2017.png
  • https://www.firstcitizens.com/content/images/content_personal_carousel_7for2017.png
81 KB
82 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.firstcitizens.com/content/images/content_personal_carousel_7for2017.png
Requested by
Host: ggyq288.cn
URL: http://ggyq288.cn/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.89.129.19 , United States, ASN22976 (FIRST-CITIZENS-01, US),
Reverse DNS
m.guarantybank.com
Software
Apache /
Resource Hash
6e57107808017fcc49750db2e4ad359eab0cea9464cb523ad34d8ab849c32580

Request headers

Referer
http://ggyq288.cn/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 11 Aug 2020 00:32:41 GMT
Last-Modified
Thu, 27 Jun 2019 20:04:14 GMT
Server
Apache
ETag
"347f-14528-58c53aa7c4b80"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=198
Content-Length
83240

Redirect headers

Location
https://www.firstcitizens.com/content/images/content_personal_carousel_7for2017.png
Date
Tue, 11 Aug 2020 00:32:41 GMT
Server
Nginx Microsoft-HTTPAPI/2.0
X-Powered-By
Nginx
Transfer-Encoding
chunked
content_personal_carousel_bank-at-home_300x90.png
www.firstcitizens.com/content/images/
Redirect Chain
  • http://ggyq288.cn/content/images/content_personal_carousel_bank-at-home_300x90.png
  • https://www.firstcitizens.com/content/images/content_personal_carousel_bank-at-home_300x90.png
41 KB
41 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.firstcitizens.com/content/images/content_personal_carousel_bank-at-home_300x90.png
Requested by
Host: ggyq288.cn
URL: http://ggyq288.cn/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.89.129.19 , United States, ASN22976 (FIRST-CITIZENS-01, US),
Reverse DNS
m.guarantybank.com
Software
Apache /
Resource Hash
2a64c58dac28744d49b8b0360550948b94e06ab3496db5d179f01176ce783715

Request headers

Referer
http://ggyq288.cn/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 11 Aug 2020 00:32:41 GMT
Last-Modified
Fri, 27 Mar 2020 21:43:53 GMT
Server
Apache
ETag
"41fe-a2e1-5a1dcff615840"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=198
Content-Length
41697

Redirect headers

Location
https://www.firstcitizens.com/content/images/content_personal_carousel_bank-at-home_300x90.png
Date
Tue, 11 Aug 2020 00:32:41 GMT
Server
Nginx Microsoft-HTTPAPI/2.0
X-Powered-By
Nginx
Transfer-Encoding
chunked
carousel-banners_covid19_300x90.jpg
www.firstcitizens.com/content/images/
Redirect Chain
  • http://ggyq288.cn/content/images/Carousel-Banners_COVID19_300x90.jpg
  • https://www.firstcitizens.com/content/images/carousel-banners_covid19_300x90.jpg
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.firstcitizens.com/content/images/carousel-banners_covid19_300x90.jpg
Requested by
Host: ggyq288.cn
URL: http://ggyq288.cn/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.89.129.19 , United States, ASN22976 (FIRST-CITIZENS-01, US),
Reverse DNS
m.guarantybank.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://ggyq288.cn/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Redirect headers

Location
https://www.firstcitizens.com/content/images/carousel-banners_covid19_300x90.jpg
Date
Tue, 11 Aug 2020 00:32:41 GMT
Server
Nginx Microsoft-HTTPAPI/2.0
X-Powered-By
Nginx
Transfer-Encoding
chunked
content_placeholder.jpg
www.firstcitizens.com/content/images/
Redirect Chain
  • http://ggyq288.cn/content/images/content_placeholder.jpg
  • https://www.firstcitizens.com/content/images/content_placeholder.jpg
723 B
998 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.firstcitizens.com/content/images/content_placeholder.jpg
Requested by
Host: ggyq288.cn
URL: http://ggyq288.cn/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.89.129.19 , United States, ASN22976 (FIRST-CITIZENS-01, US),
Reverse DNS
m.guarantybank.com
Software
Apache /
Resource Hash
1fe87e9c1dae6c019087c1eccc664eb45ff4a5969c2aee938d75e76ed25f607e

Request headers

Referer
http://ggyq288.cn/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 11 Aug 2020 00:32:42 GMT
Last-Modified
Thu, 27 Jun 2019 20:04:15 GMT
Server
Apache
ETag
"51b-2d3-58c53aa8b8dc0"
Content-Type
image/jpeg
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=198
Content-Length
723

Redirect headers

Location
https://www.firstcitizens.com/content/images/content_placeholder.jpg
Date
Tue, 11 Aug 2020 00:32:41 GMT
Server
Nginx Microsoft-HTTPAPI/2.0
X-Powered-By
Nginx
Transfer-Encoding
chunked
tca_desktop_1x_02.13.19.jpg
www.firstcitizens.com/images/tca/
Redirect Chain
  • http://ggyq288.cn/images/tca/TCA_desktop_1x_02.13.19.jpg
  • https://www.firstcitizens.com/images/tca/tca_desktop_1x_02.13.19.jpg
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.firstcitizens.com/images/tca/tca_desktop_1x_02.13.19.jpg
Requested by
Host: ggyq288.cn
URL: http://ggyq288.cn/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.89.129.19 , United States, ASN22976 (FIRST-CITIZENS-01, US),
Reverse DNS
m.guarantybank.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://ggyq288.cn/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Redirect headers

Location
https://www.firstcitizens.com/images/tca/tca_desktop_1x_02.13.19.jpg
Date
Tue, 11 Aug 2020 00:32:42 GMT
Server
Nginx Microsoft-HTTPAPI/2.0
X-Powered-By
Nginx
Transfer-Encoding
chunked
tca_logo_1x_02.13.19.png
www.firstcitizens.com/images/tca/
Redirect Chain
  • http://ggyq288.cn/images/tca/TCA_logo_1x_02.13.19.png
  • https://www.firstcitizens.com/images/tca/tca_logo_1x_02.13.19.png
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.firstcitizens.com/images/tca/tca_logo_1x_02.13.19.png
Requested by
Host: ggyq288.cn
URL: http://ggyq288.cn/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.89.129.19 , United States, ASN22976 (FIRST-CITIZENS-01, US),
Reverse DNS
m.guarantybank.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://ggyq288.cn/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Redirect headers

Location
https://www.firstcitizens.com/images/tca/tca_logo_1x_02.13.19.png
Date
Tue, 11 Aug 2020 00:32:42 GMT
Server
Nginx Microsoft-HTTPAPI/2.0
X-Powered-By
Nginx
Transfer-Encoding
chunked
fcb-badge-logo-130x130.png
www.firstcitizens.com/content/images/
Redirect Chain
  • http://ggyq288.cn/content/images/fcb-badge-logo-130x130.png
  • https://www.firstcitizens.com/content/images/fcb-badge-logo-130x130.png
28 KB
28 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.firstcitizens.com/content/images/fcb-badge-logo-130x130.png
Requested by
Host: ggyq288.cn
URL: http://ggyq288.cn/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.89.129.19 , United States, ASN22976 (FIRST-CITIZENS-01, US),
Reverse DNS
m.guarantybank.com
Software
Apache /
Resource Hash
5f07db4687620404f32d52d780e77ab5359ce688f703085093cdd4b17ab31c94

Request headers

Referer
http://ggyq288.cn/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 11 Aug 2020 00:32:42 GMT
Last-Modified
Thu, 27 Jun 2019 20:04:16 GMT
Server
Apache
ETag
"a3f-6ecd-58c53aa9ad000"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=197
Content-Length
28365

Redirect headers

Location
https://www.firstcitizens.com/content/images/fcb-badge-logo-130x130.png
Date
Tue, 11 Aug 2020 00:32:42 GMT
Server
Nginx Microsoft-HTTPAPI/2.0
X-Powered-By
Nginx
Transfer-Encoding
chunked
icon_equalhousing.png
www.firstcitizens.com/img/
Redirect Chain
  • http://ggyq288.cn/img/icon_equalhousing.png
  • https://www.firstcitizens.com/img/icon_equalhousing.png
2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.firstcitizens.com/img/icon_equalhousing.png
Requested by
Host: ggyq288.cn
URL: http://ggyq288.cn/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.89.129.19 , United States, ASN22976 (FIRST-CITIZENS-01, US),
Reverse DNS
m.guarantybank.com
Software
Apache /
Resource Hash
4ad8b1261cb071210486bca7c49983d0598759e7dbd7236179e37f04246b6978

Request headers

Referer
http://ggyq288.cn/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 11 Aug 2020 00:32:42 GMT
Last-Modified
Thu, 27 Jun 2019 20:04:41 GMT
Server
Apache
ETag
"8f1-678-58c53ac184840"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=195
Content-Length
1656

Redirect headers

Location
https://www.firstcitizens.com/img/icon_equalhousing.png
Date
Tue, 11 Aug 2020 00:32:42 GMT
Server
Nginx Microsoft-HTTPAPI/2.0
X-Powered-By
Nginx
Transfer-Encoding
chunked
icon_memberfdic.png
www.firstcitizens.com/img/
Redirect Chain
  • http://ggyq288.cn/img/icon_memberfdic.png
  • https://www.firstcitizens.com/img/icon_memberfdic.png
2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.firstcitizens.com/img/icon_memberfdic.png
Requested by
Host: ggyq288.cn
URL: http://ggyq288.cn/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.89.129.19 , United States, ASN22976 (FIRST-CITIZENS-01, US),
Reverse DNS
m.guarantybank.com
Software
Apache /
Resource Hash
7285ae6888dc58090592292d6980a062bd7694ca5a856602236dfcc6b6b2d8cd

Request headers

Referer
http://ggyq288.cn/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 11 Aug 2020 00:32:42 GMT
Last-Modified
Thu, 27 Jun 2019 20:04:41 GMT
Server
Apache
ETag
"90c-714-58c53ac184840"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=196
Content-Length
1812

Redirect headers

Location
https://www.firstcitizens.com/img/icon_memberfdic.png
Date
Tue, 11 Aug 2020 00:32:42 GMT
Server
Nginx Microsoft-HTTPAPI/2.0
X-Powered-By
Nginx
Transfer-Encoding
chunked
logo_foreverfirst.png
www.firstcitizens.com/img/
Redirect Chain
  • http://ggyq288.cn/img/logo_foreverfirst.png
  • https://www.firstcitizens.com/img/logo_foreverfirst.png
2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.firstcitizens.com/img/logo_foreverfirst.png
Requested by
Host: ggyq288.cn
URL: http://ggyq288.cn/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.89.129.19 , United States, ASN22976 (FIRST-CITIZENS-01, US),
Reverse DNS
m.guarantybank.com
Software
Apache /
Resource Hash
a5bf2103eeeb4297952f732b2babd2c88ccfa4e422477586cae8fd33d5132317

Request headers

Referer
http://ggyq288.cn/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 11 Aug 2020 00:32:43 GMT
Last-Modified
Thu, 27 Jun 2019 20:04:42 GMT
Server
Apache
ETag
"934-8fe-58c53ac278a80"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=195
Content-Length
2302

Redirect headers

Location
https://www.firstcitizens.com/img/logo_foreverfirst.png
Date
Tue, 11 Aug 2020 00:32:42 GMT
Server
Nginx Microsoft-HTTPAPI/2.0
X-Powered-By
Nginx
Transfer-Encoding
chunked
securimage_show.php
www.ggyq288.cn/includes-new/securimage/
Redirect Chain
  • http://ggyq288.cn/includes-new/securimage/securimage_show.php
  • http://www.ggyq288.cn/includes-new/securimage/securimage_show.php
4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.ggyq288.cn/includes-new/securimage/securimage_show.php
Requested by
Host: ggyq288.cn
URL: http://ggyq288.cn/
Protocol
HTTP/1.1
Server
142.252.28.7 San Jose, United States, ASN18779 (EGIHOSTING, US),
Reverse DNS
Software
Nginx Microsoft-HTTPAPI/2.0 / Nginx
Resource Hash
16803f6846220db90e926b98b8ea6481717d0f2ef85c4ef7785c7db3d0ba5f7e

Request headers

Referer
http://ggyq288.cn/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 11 Aug 2020 00:32:43 GMT
Cache-Control
public,max-age=31536000
Server
Nginx Microsoft-HTTPAPI/2.0
accept-ranges
bytes
X-Powered-By
Nginx
Content-Length
4453
Content-Type
image/png

Redirect headers

Location
http://www.ggyq288.cn/includes-new/securimage/securimage_show.php
Date
Tue, 11 Aug 2020 00:32:42 GMT
Server
Nginx Microsoft-HTTPAPI/2.0
X-Powered-By
Nginx
Transfer-Encoding
chunked
icon_reloadcaptcha.png
www.firstcitizens.com/img/
Redirect Chain
  • http://ggyq288.cn/img/icon_reloadcaptcha.png
  • https://www.firstcitizens.com/img/icon_reloadcaptcha.png
2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.firstcitizens.com/img/icon_reloadcaptcha.png
Requested by
Host: ggyq288.cn
URL: http://ggyq288.cn/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.89.129.19 , United States, ASN22976 (FIRST-CITIZENS-01, US),
Reverse DNS
m.guarantybank.com
Software
Apache /
Resource Hash
25dacd29b5c16a99e504eba2b2f80d5ef8c2430b8d5479440dc93fc328300a9d

Request headers

Referer
http://ggyq288.cn/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 11 Aug 2020 00:32:43 GMT
Last-Modified
Thu, 27 Jun 2019 20:04:42 GMT
Server
Apache
ETag
"808ee-661-58c53ac278a80"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=194
Content-Length
1633

Redirect headers

Location
https://www.firstcitizens.com/img/icon_reloadcaptcha.png
Date
Tue, 11 Aug 2020 00:32:43 GMT
Server
Nginx Microsoft-HTTPAPI/2.0
X-Powered-By
Nginx
Transfer-Encoding
chunked
hm.js
hm.baidu.com/ 		38 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hm.baidu.com/hm.js?f40eb5beddc40dc453155dba4d5fad7b
Requested by
Host: ggyq288.cn
URL: http://ggyq288.cn/js/8f0cc8c1-a758-427f-bd6c-4ac925829c0a.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.235.46.191 , Hong Kong, ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN),
Reverse DNS
Software
apache /
Resource Hash
07bf900408b45f6289ba90f5a250e99409b9e4f7a86e5efdc2b7f7cc1c18c057
Security Headers
Name Value
Strict-Transport-Security max-age=172800

Request headers

Referer
http://ggyq288.cn/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 11 Aug 2020 00:32:40 GMT
Content-Encoding
gzip
Server
apache
Etag
c0d70dbe2df568e51c15170c1f58c5ad
Strict-Transport-Security
max-age=172800
P3p
CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Cache-Control
max-age=0, must-revalidate
Content-Type
application/javascript
Content-Length
13856
hm.js
hm.baidu.com/ 		38 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hm.baidu.com/hm.js?2aef6ef7b56092215d4a9690661eca72
Requested by
Host: ggyq288.cn
URL: http://ggyq288.cn/js/8f0cc8c1-a758-427f-bd6c-4ac925829c0a.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.235.46.191 , Hong Kong, ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN),
Reverse DNS
Software
apache /
Resource Hash
4c7c0800bc4f0bfd5160520363a7befc0611757d78d5dbd947ad85b9797093af
Security Headers
Name Value
Strict-Transport-Security max-age=172800

Request headers

Referer
http://ggyq288.cn/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 11 Aug 2020 00:32:40 GMT
Content-Encoding
gzip
Server
apache
Etag
2cdd638c45b7061a1f73cb25a6233d09
Strict-Transport-Security
max-age=172800
P3p
CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Cache-Control
max-age=0, must-revalidate
Content-Type
application/javascript
Content-Length
13862
/
www.qqwwddffvvaadas13da5s4d5as7d86.vip/sd/ Frame 7664
Redirect Chain
  • http://www.qqwwddffvvaadas13da5s4d5as7d86.vip/sd
  • http://www.qqwwddffvvaadas13da5s4d5as7d86.vip/sd/
0
0 		Document
General
Check archive.org
Download Go to
Full URL
http://www.qqwwddffvvaadas13da5s4d5as7d86.vip/sd/
Requested by
Host: ggyq288.cn
URL: http://ggyq288.cn/
Protocol
HTTP/1.1
Server
202.79.171.227 , Hong Kong, ASN64050 (BCPL-SG BGPNET Global ASN, SG),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Host
www.qqwwddffvvaadas13da5s4d5as7d86.vip
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://ggyq288.cn/
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
http://ggyq288.cn/

Response headers

Server
nginx
Date
Tue, 11 Aug 2020 00:32:40 GMT
Content-Type
text/html
Last-Modified
Mon, 27 Jul 2020 07:58:13 GMT
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
ETag
W/"5f1e8915-43c"
Content-Encoding
gzip

Redirect headers

Server
nginx
Date
Tue, 11 Aug 2020 00:32:40 GMT
Content-Type
text/html
Content-Length
162
Location
http://www.qqwwddffvvaadas13da5s4d5as7d86.vip/sd/
Connection
keep-alive
myfontswebfontskit.css
www.firstcitizens.com/fonts/
Redirect Chain
  • http://ggyq288.cn/fonts/MyFontsWebfontsKit.css
  • https://www.firstcitizens.com/fonts/myfontswebfontskit.css
0
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.firstcitizens.com/fonts/myfontswebfontskit.css
Requested by
Host: ggyq288.cn
URL: http://ggyq288.cn/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.89.129.19 , United States, ASN22976 (FIRST-CITIZENS-01, US),
Reverse DNS
m.guarantybank.com
Software
/
Resource Hash

Request headers

Referer
http://ggyq288.cn/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Redirect headers

Location
https://www.firstcitizens.com/fonts/myfontswebfontskit.css
Date
Tue, 11 Aug 2020 00:32:38 GMT
Server
Nginx Microsoft-HTTPAPI/2.0
X-Powered-By
Nginx
Transfer-Encoding
chunked
hm.gif
hm.baidu.com/ 		43 B
299 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1600x1200&vl=1200&et=0&ja=0&ln=en-us&lo=0&rnd=949103480&si=f40eb5beddc40dc453155dba4d5fad7b&v=1.2.75&lv=1&sn=18011&r=0&ww=1600&ct=!!&tt=%E5%A4%A7%E5%8F%9191%E6%A3%8B%E7%89%8C%E6%B8%B8%E6%88%8F%E5%AE%98%E7%BD%91%E7%89%88%7C%20%E9%A1%B5%E9%9D%A2%E5%85%A5%E5%8F%A3
Requested by
Host: ggyq288.cn
URL: http://ggyq288.cn/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.235.46.191 , Hong Kong, ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN),
Reverse DNS
Software
apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
Strict-Transport-Security max-age=172800
X-Content-Type-Options nosniff

Request headers

Referer
http://ggyq288.cn/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 11 Aug 2020 00:32:41 GMT
X-Content-Type-Options
nosniff
Server
apache
Strict-Transport-Security
max-age=172800
Content-Type
image/gif
Cache-Control
private, max-age=0, no-cache
Content-Length
43
hm.gif
hm.baidu.com/ 		43 B
299 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1600x1200&vl=1200&et=0&ja=0&ln=en-us&lo=0&rnd=479350562&si=2aef6ef7b56092215d4a9690661eca72&v=1.2.75&lv=1&sn=18011&r=0&ww=1600&ct=!!&tt=%E5%A4%A7%E5%8F%9191%E6%A3%8B%E7%89%8C%E6%B8%B8%E6%88%8F%E5%AE%98%E7%BD%91%E7%89%88%7C%20%E9%A1%B5%E9%9D%A2%E5%85%A5%E5%8F%A3
Requested by
Host: ggyq288.cn
URL: http://ggyq288.cn/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.235.46.191 , Hong Kong, ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN),
Reverse DNS
Software
apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
Strict-Transport-Security max-age=172800
X-Content-Type-Options nosniff

Request headers

Referer
http://ggyq288.cn/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 11 Aug 2020 00:32:41 GMT
X-Content-Type-Options
nosniff
Server
apache
Strict-Transport-Security
max-age=172800
Content-Type
image/gif
Cache-Control
private, max-age=0, no-cache
Content-Length
43
mDv7.js
trk.ggyq288.cn/aprs/ 		0
0
tab_divider.png
www.firstcitizens.com/img/
Redirect Chain
  • http://ggyq288.cn/img/tab_divider.png
  • https://www.firstcitizens.com/img/tab_divider.png
987 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.firstcitizens.com/img/tab_divider.png
Requested by
Host: ggyq288.cn
URL: http://ggyq288.cn/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.89.129.19 , United States, ASN22976 (FIRST-CITIZENS-01, US),
Reverse DNS
m.guarantybank.com
Software
Apache /
Resource Hash
3f2644fa504faca7f76ee9f7496bf1cf217a8a4ca269526486878f7b958aa439

Request headers

Referer
http://ggyq288.cn/css/fcb-header.css?v=110719
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 11 Aug 2020 00:32:52 GMT
Last-Modified
Thu, 27 Jun 2019 20:04:42 GMT
Server
Apache
ETag
"2bd3-3db-58c53ac278a80"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=193
Content-Length
987

Redirect headers

Location
https://www.firstcitizens.com/img/tab_divider.png
Date
Tue, 11 Aug 2020 00:32:52 GMT
Server
Nginx Microsoft-HTTPAPI/2.0
X-Powered-By
Nginx
Transfer-Encoding
chunked
icon_planning.png
www.firstcitizens.com/img/
Redirect Chain
  • http://ggyq288.cn/img/icon_planning.png
  • https://www.firstcitizens.com/img/icon_planning.png
1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.firstcitizens.com/img/icon_planning.png
Requested by
Host: ggyq288.cn
URL: http://ggyq288.cn/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.89.129.19 , United States, ASN22976 (FIRST-CITIZENS-01, US),
Reverse DNS
m.guarantybank.com
Software
Apache /
Resource Hash
94f73db6c87e1b6f045ea0ae25368cfbb86672058eb0687db987ec1c5194c017

Request headers

Referer
http://ggyq288.cn/css/fcb-header.css?v=110719
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 11 Aug 2020 00:32:52 GMT
Last-Modified
Thu, 27 Jun 2019 20:04:42 GMT
Server
Apache
ETag
"918-50a-58c53ac278a80"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=196
Content-Length
1290

Redirect headers

Location
https://www.firstcitizens.com/img/icon_planning.png
Date
Tue, 11 Aug 2020 00:32:52 GMT
Server
Nginx Microsoft-HTTPAPI/2.0
X-Powered-By
Nginx
Transfer-Encoding
chunked
icon_expand_arrow_dk_blue.png
www.firstcitizens.com/img/
Redirect Chain
  • http://ggyq288.cn/img/icon_expand_arrow_dk_blue.png
  • https://www.firstcitizens.com/img/icon_expand_arrow_dk_blue.png
1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.firstcitizens.com/img/icon_expand_arrow_dk_blue.png
Requested by
Host: ggyq288.cn
URL: http://ggyq288.cn/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.89.129.19 , United States, ASN22976 (FIRST-CITIZENS-01, US),
Reverse DNS
m.guarantybank.com
Software
Apache /
Resource Hash
01c7f15d0462e4a00bc0a64fe1f8eca95fc5d0718f9bc2df7baa2db36c3f670d

Request headers

Referer
http://ggyq288.cn/css/fcb-style.css?v=032020
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 11 Aug 2020 00:32:52 GMT
Last-Modified
Thu, 27 Jun 2019 20:04:41 GMT
Server
Apache
ETag
"8f4-435-58c53ac184840"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=194
Content-Length
1077

Redirect headers

Location
https://www.firstcitizens.com/img/icon_expand_arrow_dk_blue.png
Date
Tue, 11 Aug 2020 00:32:52 GMT
Server
Nginx Microsoft-HTTPAPI/2.0
X-Powered-By
Nginx
Transfer-Encoding
chunked
bg_fold.png
www.ggyq288.cn/img/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.ggyq288.cn/img/bg_fold.png
Requested by
Host: ggyq288.cn
URL: http://ggyq288.cn/
Protocol
HTTP/1.1
Server
142.252.28.7 San Jose, United States, ASN18779 (EGIHOSTING, US),
Reverse DNS
Software
Nginx Microsoft-HTTPAPI/2.0 / Nginx
Resource Hash
2c499cb74a2b49d47e2c58a8ba9c08ef19935fd66fad1822c0abf1c474546318

Request headers

Referer
http://www.ggyq288.cn/css/fcb-main.css?v=072820
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 11 Aug 2020 00:32:52 GMT
Cache-Control
public,max-age=31536000
Server
Nginx Microsoft-HTTPAPI/2.0
accept-ranges
bytes
X-Powered-By
Nginx
Content-Length
1255
Content-Type
image/png
bg_productindicator.png
www.ggyq288.cn/img/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.ggyq288.cn/img/bg_productindicator.png
Requested by
Host: ggyq288.cn
URL: http://ggyq288.cn/
Protocol
HTTP/1.1
Server
142.252.28.7 San Jose, United States, ASN18779 (EGIHOSTING, US),
Reverse DNS
Software
Nginx Microsoft-HTTPAPI/2.0 / Nginx
Resource Hash
2b659506953d78f4d881301cd6ec31bd90cab69cd15236176fbcc153a855f121

Request headers

Referer
http://www.ggyq288.cn/css/fcb-main.css?v=072820
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 11 Aug 2020 00:32:52 GMT
Cache-Control
public,max-age=31536000
Server
Nginx Microsoft-HTTPAPI/2.0
accept-ranges
bytes
X-Powered-By
Nginx
Content-Length
2553
Content-Type
image/png
icon_check_green.png
www.ggyq288.cn/img/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.ggyq288.cn/img/icon_check_green.png
Requested by
Host: ggyq288.cn
URL: http://ggyq288.cn/
Protocol
HTTP/1.1
Server
142.252.28.7 San Jose, United States, ASN18779 (EGIHOSTING, US),
Reverse DNS
Software
Nginx Microsoft-HTTPAPI/2.0 / Nginx
Resource Hash
4c1f1cc194b45d60eae9060a8c6e105b102813c822c9634739506d29d966a537

Request headers

Referer
http://www.ggyq288.cn/css/fcb-main.css?v=072820
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 11 Aug 2020 00:32:52 GMT
Cache-Control
public,max-age=31536000
Server
Nginx Microsoft-HTTPAPI/2.0
accept-ranges
bytes
X-Powered-By
Nginx
Content-Length
2998
Content-Type
image/png
icon_listbullet.png
www.ggyq288.cn/img/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.ggyq288.cn/img/icon_listbullet.png
Requested by
Host: ggyq288.cn
URL: http://ggyq288.cn/
Protocol
HTTP/1.1
Server
142.252.28.7 San Jose, United States, ASN18779 (EGIHOSTING, US),
Reverse DNS
Software
Nginx Microsoft-HTTPAPI/2.0 / Nginx
Resource Hash
9d8f76ec3fdf7612430689c2dff469577ca94c09a9dc22200681d91dbaa2746a

Request headers

Referer
http://www.ggyq288.cn/css/fcb-main.css?v=072820
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 11 Aug 2020 00:32:52 GMT
Cache-Control
public,max-age=31536000
Server
Nginx Microsoft-HTTPAPI/2.0
accept-ranges
bytes
X-Powered-By
Nginx
Content-Length
2808
Content-Type
image/png
s.gif
api.share.baidu.com/ 		0
116 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://api.share.baidu.com/s.gif?l=http://ggyq288.cn/
Requested by
Host: ggyq288.cn
URL: http://ggyq288.cn/
Protocol
HTTP/1.1
Server
39.156.68.163 , China, ASN9808 (CMNET-GD Guangdong Mobile Communication Co.Ltd., CN),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://ggyq288.cn/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 11 Aug 2020 00:32:52 GMT
Content-Length
0
Content-Type
text/plain; charset=utf-8
/
zndhwk2nlgcbvdel3-firstcitizensbank.siteintercept.qualtrics.com/WRSiteInterceptEngine/
Redirect Chain
  • http://zndhwk2nlgcbvdel3-firstcitizensbank.siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_ZID=ZN_dhWK2NLgcbvdeL3&t=1597105973001
  • https://zndhwk2nlgcbvdel3-firstcitizensbank.siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_ZID=ZN_dhWK2NLgcbvdeL3&t=1597105973001
51 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://zndhwk2nlgcbvdel3-firstcitizensbank.siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_ZID=ZN_dhWK2NLgcbvdeL3&t=1597105973001
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.209.240 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
be8d6608f871603e86aec1189ec90be62a86b57345e597904cb2dcb2de3bd008
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
http://ggyq288.cn/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 11 Aug 2020 00:32:53 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
400262
cf-polished
origSize=53500
status
200
edge-control
max-age=604800
vary
Accept-Encoding
cf-request-id
047c883f7c0000086f322f8200000001
cf-bgj
minify
server
cloudflare
x-powered-by
Express
etag
W/"d0fc-4NM8X1V9JzwUXr3OBTrGcHmcnFw"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=3600, s-maxage=604800
cf-ray
5c0ddcabfd99086f-CDG
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept

Redirect headers

Date
Tue, 11 Aug 2020 00:32:53 GMT
X-Content-Type-Options
nosniff
Server
cloudflare
Vary
Accept-Encoding
Location
https://zndhwk2nlgcbvdel3-firstcitizensbank.siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_ZID=ZN_dhWK2NLgcbvdeL3&t=1597105973001
Cache-Control
max-age=3600
Transfer-Encoding
chunked
Connection
keep-alive
CF-RAY
5c0ddcab79cb691e-CDG
cf-request-id
047c883f290000691e2c3bc200000001
Expires
Tue, 11 Aug 2020 01:32:53 GMT
Targeting.php
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 		3 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_dhWK2NLgcbvdeL3&Q_CLIENTVERSION=1.31.3&Q_CLIENTTYPE=web
Requested by
Host: zndhwk2nlgcbvdel3-firstcitizensbank.siteintercept.qualtrics.com
URL: https://zndhwk2nlgcbvdel3-firstcitizensbank.siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_ZID=ZN_dhWK2NLgcbvdeL3&t=1597105973001
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.209.240 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2c31fcea85a928ad793a397f64dece9c531e168208ce30ae7a2cbeae0beed033
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
http://ggyq288.cn/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Tue, 11 Aug 2020 00:32:53 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
server
cloudflare
status
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/json
access-control-allow-origin
http://ggyq288.cn
cache-control
no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials
true
cf-ray
5c0ddcac5df9086f-CDG
vary
Accept-Encoding
cf-request-id
047c883fbb0000086f32302200000001
CoreModule.js
siteintercept.qualtrics.com/dxjsmodule/ 		87 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://siteintercept.qualtrics.com/dxjsmodule/CoreModule.js?Q_CLIENTVERSION=1.31.3&Q_CLIENTTYPE=web
Requested by
Host: zndhwk2nlgcbvdel3-firstcitizensbank.siteintercept.qualtrics.com
URL: https://zndhwk2nlgcbvdel3-firstcitizensbank.siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_ZID=ZN_dhWK2NLgcbvdeL3&t=1597105973001
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.209.240 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
695a90257ebaa0d4053d262d7da44710544c15d1f8da70080ac200fa7cacb1de
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
http://ggyq288.cn/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 11 Aug 2020 00:32:53 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
416703
cf-polished
origSize=89652
status
200
edge-control
max-age=604800
vary
Accept-Encoding
cf-request-id
047c88404a0000086f3230a200000001
last-modified
Wed, 29 Jul 2020 20:50:37 GMT
server
cloudflare
x-powered-by
Express
etag
W/"15e34-1739c575948"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=604800, s-maxage=604800
cf-ray
5c0ddcad4ef4086f-CDG
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
cf-bgj
minify
12.0da2f5012e49e065e383.chunk.js
siteintercept.qualtrics.com/dxjsmodule/ 		2 KB
877 B 		Script
General
Check archive.org
Download Go to
Full URL
https://siteintercept.qualtrics.com/dxjsmodule/12.0da2f5012e49e065e383.chunk.js?Q_CLIENTVERSION=1.31.3&Q_CLIENTTYPE=web
Requested by
Host: zndhwk2nlgcbvdel3-firstcitizensbank.siteintercept.qualtrics.com
URL: https://zndhwk2nlgcbvdel3-firstcitizensbank.siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_ZID=ZN_dhWK2NLgcbvdeL3&t=1597105973001
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.209.240 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
70bf6b2e8fbb9f31e314cc3ff4df9f34f453ada4d0bb7b4362591e30799c74de
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
http://ggyq288.cn/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 11 Aug 2020 00:32:53 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
416703
cf-polished
origSize=2639
status
200
edge-control
max-age=604800
vary
Accept-Encoding
cf-request-id
047c88407d0000086f3230d200000001
last-modified
Wed, 29 Jul 2020 20:50:37 GMT
server
cloudflare
x-powered-by
Express
etag
W/"a4f-1739c575948"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=604800, s-maxage=604800
cf-ray
5c0ddcad9f42086f-CDG
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
cf-bgj
minify
1.2d7df593a54f23d86743.chunk.js
siteintercept.qualtrics.com/dxjsmodule/ 		25 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://siteintercept.qualtrics.com/dxjsmodule/1.2d7df593a54f23d86743.chunk.js?Q_CLIENTVERSION=1.31.3&Q_CLIENTTYPE=web
Requested by
Host: zndhwk2nlgcbvdel3-firstcitizensbank.siteintercept.qualtrics.com
URL: https://zndhwk2nlgcbvdel3-firstcitizensbank.siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_ZID=ZN_dhWK2NLgcbvdeL3&t=1597105973001
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.209.240 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
6823a0f37f2714ae274b147668fe526449deda0d791f6f08505b6e71e21fe4a7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
http://ggyq288.cn/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 11 Aug 2020 00:32:53 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
416702
cf-polished
origSize=26960
status
200
edge-control
max-age=604800
vary
Accept-Encoding
cf-request-id
047c88407d0000086f3230e200000001
last-modified
Wed, 29 Jul 2020 20:50:37 GMT
server
cloudflare
x-powered-by
Express
etag
W/"6950-1739c575948"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=604800, s-maxage=604800
cf-ray
5c0ddcad9f43086f-CDG
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
cf-bgj
minify
FeedbackLinkModule.js
siteintercept.qualtrics.com/dxjsmodule/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://siteintercept.qualtrics.com/dxjsmodule/FeedbackLinkModule.js?Q_CLIENTVERSION=1.31.3&Q_CLIENTTYPE=web
Requested by
Host: zndhwk2nlgcbvdel3-firstcitizensbank.siteintercept.qualtrics.com
URL: https://zndhwk2nlgcbvdel3-firstcitizensbank.siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_ZID=ZN_dhWK2NLgcbvdeL3&t=1597105973001
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.209.240 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
90c8c49df9363f906709ff1407e338b965b70a1eed9f3e573a4306fd267f1c0c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
http://ggyq288.cn/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 11 Aug 2020 00:32:53 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
416690
cf-polished
origSize=3600
status
200
edge-control
max-age=604800
vary
Accept-Encoding
cf-request-id
047c88407e0000086f3230f200000001
last-modified
Wed, 29 Jul 2020 20:50:37 GMT
server
cloudflare
x-powered-by
Express
etag
W/"e10-1739c575948"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=604800, s-maxage=604800
cf-ray
5c0ddcad9f44086f-CDG
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
cf-bgj
minify
Asset.php
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 		3 KB
1002 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_eJ48Af1F9QvNIXz&Version=8&Q_ORIGIN=http://ggyq288.cn&Q_CLIENTVERSION=1.31.3&Q_CLIENTTYPE=web
Requested by
Host: zndhwk2nlgcbvdel3-firstcitizensbank.siteintercept.qualtrics.com
URL: https://zndhwk2nlgcbvdel3-firstcitizensbank.siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_ZID=ZN_dhWK2NLgcbvdeL3&t=1597105973001
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.209.240 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
de2b2f95e54da612c891a67b9c92c6494534f74e47ab4a746c8d57487eb3d76a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
http://ggyq288.cn/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 11 Aug 2020 00:32:53 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
p3p
CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
status
200
edge-control
max-age=604800
vary
Accept-Encoding
cf-request-id
047c8840ab0000ee6ddd932200000001
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/json
access-control-allow-origin
*
cache-control
public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials
false
cf-ray
5c0ddcadd84cee6d-CDG
servershortname
expires
Fri, 09 Aug 2030 00:32:53 GMT
Asset.php
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 		325 B
842 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_5zh6eATBdRQjX8x&Version=5&Q_InterceptID=SI_eJ48Af1F9QvNIXz&Q_ORIGIN=http://ggyq288.cn&Q_CLIENTVERSION=1.31.3&Q_CLIENTTYPE=web
Requested by
Host: zndhwk2nlgcbvdel3-firstcitizensbank.siteintercept.qualtrics.com
URL: https://zndhwk2nlgcbvdel3-firstcitizensbank.siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_ZID=ZN_dhWK2NLgcbvdeL3&t=1597105973001
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.209.240 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e1cc10d4ff9404d907346776ed7b6c0cfa012a3a150a001fdfc4b5469a3364ca
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
http://ggyq288.cn/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 11 Aug 2020 00:32:53 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
p3p
CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
status
200
edge-control
max-age=604800
vary
Accept-Encoding
cf-request-id
047c8840ab0000ee6ddd933200000001
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/json
access-control-allow-origin
*
cache-control
public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials
false
cf-ray
5c0ddcadd84dee6d-CDG
servershortname
expires
Fri, 09 Aug 2030 00:32:53 GMT
/
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 		45 B
213 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_Impress=1&Q_CID=CR_5zh6eATBdRQjX8x&Q_SIID=SI_eJ48Af1F9QvNIXz&Q_ASID=AS_92073623&Q_CLIENTVERSION=1.31.3&Q_CLIENTTYPE=web&r=1597105973570
Requested by
Host: siteintercept.qualtrics.com
URL: https://siteintercept.qualtrics.com/dxjsmodule/CoreModule.js?Q_CLIENTVERSION=1.31.3&Q_CLIENTTYPE=web
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.209.240 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f47f21063dfdcbdeffed3d97689b45efae7a52401cd7fc5b8d07c42d2f232ab9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
http://ggyq288.cn/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Tue, 11 Aug 2020 00:32:53 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
server
cloudflare
status
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/plain; charset=UTF-8
access-control-allow-origin
http://ggyq288.cn
cache-control
no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials
true
cf-ray
5c0ddcaed92fee6d-CDG
vary
Accept-Encoding
cf-request-id
047c8841490000ee6ddd938200000001
feedback-dkblue-right.png
siteintercept.qualtrics.com/WRQualtricsShared/Graphics//siteintercept/
Redirect Chain
  • http://siteintercept.qualtrics.com/WRQualtricsShared/Graphics//siteintercept/feedback-dkblue-right.png
  • https://siteintercept.qualtrics.com/WRQualtricsShared/Graphics//siteintercept/feedback-dkblue-right.png
432 B
778 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://siteintercept.qualtrics.com/WRQualtricsShared/Graphics//siteintercept/feedback-dkblue-right.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.209.240 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7dcb667f75d411ddebaa4439005be1585cc489ac18c1822b7adbbd07ad6e8609
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
http://ggyq288.cn/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 11 Aug 2020 00:32:53 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
x-b3-traceid
a3c90ea1f2410a2f
age
22793059
cf-polished
pngoptimizer, origSize=484
p3p
CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
status
200
cf-bgj
imgq:85
vary
Accept-Encoding
content-length
432
cf-request-id
047c88414f0000086f32316200000001
last-modified
Wed, 13 Nov 2019 00:06:48 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
image/png
cache-control
max-age=315360000, public
x-b3-spanid
cbefa77331dc5ffb
x-b3-sampled
0
accept-ranges
bytes
cf-ray
5c0ddcaee895086f-CDG
servershortname
expires
Sun, 18 Nov 2029 05:08:34 GMT

Redirect headers

Location
https://siteintercept.qualtrics.com/WRQualtricsShared/Graphics//siteintercept/feedback-dkblue-right.png
Non-Authoritative-Reason
HSTS

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
trk.ggyq288.cn
URL
http://trk.ggyq288.cn/aprs/mDv7.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: First Citizens Bank (Banking)

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| _hmt function| goPAGE boolean| _bdhm_loaded_f40eb5beddc40dc453155dba4d5fad7b object| mini_tangram_log_eruki9 boolean| _bdhm_loaded_2aef6ef7b56092215d4a9690661eca72 object| mini_tangram_log_e5j2gl function| captchaSubmit string| V_PATH object| QSI object| WAFQualtricsWebpackJsonP-cloud-1.31.3 object| _qsie

0 Cookies

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.share.baidu.com
ggyq288.cn
hm.baidu.com
siteintercept.qualtrics.com
trk.ggyq288.cn
www.firstcitizens.com
www.ggyq288.cn
www.qqwwddffvvaadas13da5s4d5as7d86.vip
zndhwk2nlgcbvdel3-firstcitizensbank.siteintercept.qualtrics.com
trk.ggyq288.cn
103.235.46.191
104.17.209.240
142.252.28.7
202.79.171.227
39.156.68.163
69.89.129.19
01901e279b8d2acdf453d4d0c08e226a352c45eb0c64d5cd0536d4158a722d82
01c7f15d0462e4a00bc0a64fe1f8eca95fc5d0718f9bc2df7baa2db36c3f670d
07bf900408b45f6289ba90f5a250e99409b9e4f7a86e5efdc2b7f7cc1c18c057
16803f6846220db90e926b98b8ea6481717d0f2ef85c4ef7785c7db3d0ba5f7e
1fe87e9c1dae6c019087c1eccc664eb45ff4a5969c2aee938d75e76ed25f607e
214a0e116cca5f1af965b942fe7addff9ea251cd2546b2082329be46a2393c3e
25dacd29b5c16a99e504eba2b2f80d5ef8c2430b8d5479440dc93fc328300a9d
261fd945e63082ace0bab0ea288dddbc5aef48fbc27b876a3eb610becfbff649
2a64c58dac28744d49b8b0360550948b94e06ab3496db5d179f01176ce783715
2b659506953d78f4d881301cd6ec31bd90cab69cd15236176fbcc153a855f121
2c31fcea85a928ad793a397f64dece9c531e168208ce30ae7a2cbeae0beed033
2c499cb74a2b49d47e2c58a8ba9c08ef19935fd66fad1822c0abf1c474546318
2f233e39fe1abd557a821cefc3c761ba846c8c0c1130dea087ffb87a83820cd7
3f2644fa504faca7f76ee9f7496bf1cf217a8a4ca269526486878f7b958aa439
4ad8b1261cb071210486bca7c49983d0598759e7dbd7236179e37f04246b6978
4c1f1cc194b45d60eae9060a8c6e105b102813c822c9634739506d29d966a537
4c7c0800bc4f0bfd5160520363a7befc0611757d78d5dbd947ad85b9797093af
5f07db4687620404f32d52d780e77ab5359ce688f703085093cdd4b17ab31c94
61fdb4081561c160653f09bf5678a9a47e0844fcb57b4b217f8fcd6394af9eae
6823a0f37f2714ae274b147668fe526449deda0d791f6f08505b6e71e21fe4a7
695a90257ebaa0d4053d262d7da44710544c15d1f8da70080ac200fa7cacb1de
6e57107808017fcc49750db2e4ad359eab0cea9464cb523ad34d8ab849c32580
70bf6b2e8fbb9f31e314cc3ff4df9f34f453ada4d0bb7b4362591e30799c74de
71ec1fef01b25e040a2208ad5c3641a10b4faedecf76e3e0e466ae77d3b2f12a
7285ae6888dc58090592292d6980a062bd7694ca5a856602236dfcc6b6b2d8cd
7dcb667f75d411ddebaa4439005be1585cc489ac18c1822b7adbbd07ad6e8609
8ec384c7d34a1372d621fe6bc69f73f53e7ab3b3c124341ede5f63c8e42f5d73
8f82976b46f7ba14f455fb06a8cbe0e2152eb8cbe8647f47ca2dc9c567324264
90c8c49df9363f906709ff1407e338b965b70a1eed9f3e573a4306fd267f1c0c
94f73db6c87e1b6f045ea0ae25368cfbb86672058eb0687db987ec1c5194c017
985b67b9ace7c3f438e02e21e51f460635221e40939450cdc0b46790ccd2e87c
9d8f76ec3fdf7612430689c2dff469577ca94c09a9dc22200681d91dbaa2746a
a5bf2103eeeb4297952f732b2babd2c88ccfa4e422477586cae8fd33d5132317
be8d6608f871603e86aec1189ec90be62a86b57345e597904cb2dcb2de3bd008
c256719730fbd3529f413c559398c9aa57d4cd96a04972fb90b7919b2817d877
ce06c39578dab4c69b173f706b845412b4978270bab8cfaf47ac10c06e554add
ced3cf09e6e86c8aa187ca6d5a4c1da82ff0ce264bfc3f438a7d9fc5fa8f80f2
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
de2b2f95e54da612c891a67b9c92c6494534f74e47ab4a746c8d57487eb3d76a
e1cc10d4ff9404d907346776ed7b6c0cfa012a3a150a001fdfc4b5469a3364ca
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f47f21063dfdcbdeffed3d97689b45efae7a52401cd7fc5b8d07c42d2f232ab9