www.fineartscreensavers.com/VanGoghScreensaverInstall.exe
149.30.229.136 1.2 kB URL www.fineartscreensavers.com/VanGoghScreensaverInstall.exe
IP 149.30.229.136:0
ASN #133199 SonderCloud Limited
File type JavaScript source, Unicode text, UTF-8 text, with very long lines (375)
Hash 3733c25f46889b9399f5fb1fc65df4d6
d8106e2a92f9494cf5faab7b3a289c02d611aa20
d94c1a2702c0980a94303a27b84f0db908fa9a59f4813b815970c0626d97d1ce
GET /VanGoghScreensaverInstall.exe HTTP/1.1
Host: www.fineartscreensavers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 07 May 2024 09:08:33 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
img.alicdn.com/tps/TB1iyqBJVXXXXa8XFXXXXXXXXXX-58-51.png
47.246.44.251 834 B URL img.alicdn.com/tps/TB1iyqBJVXXXXa8XFXXXXXXXXXX-58-51.png
IP 47.246.44.251:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
Hash df056831537e3c6dba4ebe84c746dd2b
7bb7f2a437e634fa0d90ef4896aa569091a9a3cb
841b2254ffd3e845335e043ce27ba019b998fdb520e67d61124c9b1beb190dfa
GET /tps/TB1iyqBJVXXXXa8XFXXXXXXXXXX-58-51.png HTTP/1.1
Host: img.alicdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.fineartscreensavers.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: Tengine
content-type: image/avif
content-length: 834
date: Fri, 29 Mar 2024 09:09:46 GMT
picasso-ret-code: SUCCESS
picasso-cache-info: HIT
request-time: 0.003
traceid: a3b5839617117033866145400e
x-powered-by: Picasso
picasso-image-type: normal
picasso-fmt: png2avif
cache-control: max-age=31536000
ali-swift-global-savetime: 1711703386
via: cache25.l2us1[0,0,200-0,H], cache23.l2us1[1,0], ens-cache3.se2[0,0,200-0,H], ens-cache20.se2[1,0]
access-control-allow-origin: *
age: 3369538
x-cache: HIT TCP_HIT dirn:9:16429074
x-swift-savetime: Fri, 29 Mar 2024 13:16:04 GMT
x-swift-cachetime: 31521222
s-rt: 2
vary: Accept
timing-allow-origin: *
eagleid: 2ff62ca817150729245266447e
X-Firefox-Spdy: h2
push.zhanzhang.baidu.com/push.js
182.61.244.229 227 B URL push.zhanzhang.baidu.com/push.js
IP 182.61.244.229:0
ASN #38365 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with no line terminators
Hash 1bb5a3267c9865ad4abe8d937734b62b
b5478dd2edb3e64242eced1db2dbd945ef81f592
674bc0c70f98d627b8a7e1d278a1f21ffe33815565f7d5371bf0275da57571b2
GET /push.js HTTP/1.1
Host: push.zhanzhang.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.fineartscreensavers.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Length: 227
Content-Type: text/javascript
Date: Tue, 07 May 2024 09:08:44 GMT
Etag: "4078521116"
Expires: Wed, 07 May 2025 09:08:44 GMT
Last-Modified: Wed, 25 Nov 2015 07:47:55 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Server: apache
Set-Cookie: BAIDUID=5BF6E76CC179907953EF52E2B423E23F:FG=1; max-age=31536000; expires=Wed, 07-May-25 09:08:44 GMT; domain=.baidu.com; path=/; version=1
Vary: Accept-Encoding
api.share.baidu.com/s.gif?l=http://www.fineartscreensavers.com/VanGoghScreensaverInstall.exe
112.34.113.148 0 B URL api.share.baidu.com/s.gif?l=http://www.fineartscreensavers.com/VanGoghScreensaverInstall.exe
IP 112.34.113.148:0
ASN #9808 China Mobile Communications Group Co., Ltd.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s.gif?l=http://www.fineartscreensavers.com/VanGoghScreensaverInstall.exe HTTP/1.1
Host: api.share.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.fineartscreensavers.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/plain; charset=utf-8
Date: Tue, 07 May 2024 09:08:45 GMT
www.fineartscreensavers.com/public/tj.js?v=321
149.30.229.136 640 B URL www.fineartscreensavers.com/public/tj.js?v=321
IP 149.30.229.136:0
ASN #133199 SonderCloud Limited
File type HTML document, Unicode text, UTF-8 text, with very long lines (556)
Hash c9baf77cbdb937d2ed4f916897402897
aabe109b58338307cd8db01cc0c06c1e5534fdbe
90be8182e6052b3575b369449a17a48de707746880b6ce3a8645543640719477
GET /public/tj.js?v=321 HTTP/1.1
Host: www.fineartscreensavers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.fineartscreensavers.com/VanGoghScreensaverInstall.exe
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 07 May 2024 09:08:35 GMT
Content-Type: application/javascript
Last-Modified: Sun, 28 Apr 2024 17:13:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"662e83d4-691"
Expires: Tue, 07 May 2024 21:08:35 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
sdk.51.la/js-sdk-pro.min.js
47.246.44.202 13 kB URL sdk.51.la/js-sdk-pro.min.js
IP 47.246.44.202:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
File type JavaScript source, Unicode text, UTF-8 text, with very long lines (34110)
Hash 24bb520e9517f2ed3ed987b46aeaf723
846723563d7dd2bff3954f93633b11af0103adc8
d1f1bfe698f2ffb7b3e7a885a301d58f9554d45df0a31c3e8b53c84b33c80d27
GET /js-sdk-pro.min.js HTTP/1.1
Host: sdk.51.la
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.fineartscreensavers.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/javascript
Content-Length: 12846
Connection: keep-alive
Date: Mon, 06 May 2024 10:11:17 GMT
x-oss-request-id: 6638ACC52A75193730E0DF2D
x-oss-cdn-auth: success
Accept-Ranges: bytes
x-oss-object-type: Normal
x-oss-storage-class: Standard
Content-MD5: JLtSDpUX8u0+2Ye0aur3Iw==
x-oss-server-time: 3
Ali-Swift-Global-Savetime: 1714990277
Via: cache15.l2de2[0,0,304-0,H], cache26.l2de2[1,0], ens-cache18.se2[0,0,200-0,H], ens-cache2.se2[1,0]
Vary: Accept-Encoding
Last-Modified: Thu, 08 Jun 2023 02:24:34 GMT
x-oss-hash-crc64ecma: 5143829838470429443
Content-Encoding: gzip
Age: 82649
X-Cache: HIT TCP_MEM_HIT dirn:-2:-2
X-Swift-SaveTime: Mon, 06 May 2024 10:11:19 GMT
X-Swift-CacheTime: 1295998
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
EagleId: 2ff62c9617150729263238216e
www.fineartscreensavers.com/favicon.ico
149.30.229.136 1.2 kB URL www.fineartscreensavers.com/favicon.ico
IP 149.30.229.136:0
ASN #133199 SonderCloud Limited
File type JavaScript source, Unicode text, UTF-8 text, with very long lines (375)
Hash 3733c25f46889b9399f5fb1fc65df4d6
d8106e2a92f9494cf5faab7b3a289c02d611aa20
d94c1a2702c0980a94303a27b84f0db908fa9a59f4813b815970c0626d97d1ce
GET /favicon.ico HTTP/1.1
Host: www.fineartscreensavers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.fineartscreensavers.com/VanGoghScreensaverInstall.exe
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 07 May 2024 09:08:36 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
collect-v6.51.la/v6/collect?dt=4
203.107.86.226 0 B URL collect-v6.51.la/v6/collect?dt=4
IP 203.107.86.226:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /v6/collect?dt=4 HTTP/1.1
Host: collect-v6.51.la
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Length: 311
Origin: http://www.fineartscreensavers.com
DNT: 1
Connection: keep-alive
Referer: http://www.fineartscreensavers.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403
Date: Tue, 07 May 2024 09:08:46 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: aliyungf_tc=5182aa8662131666b197654fca451ee97f4bfc22b0055512ff84531909f55952; Path=/; HttpOnly
acw_tc=ac11000117150729268043904ee5ff07e7942bab30563210115f3acc46c708;path=/;HttpOnly;Max-Age=1800
Server: nginx
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Origin: http://www.fineartscreensavers.com
Access-Control-Allow-Credentials: true
207.148.41.244/mwwatchs.html
207.148.41.244 1.0 kB URL User Request GET 207.148.41.244/mwwatchs.html
IP 207.148.41.244:0
ASN #59371 Dimension Network & Communication Limited
File type HTML document, ASCII text
Hash afd3275a2749b93a90a037c12fe354d2
4c5eb53e7e1fbc3a563a1f9fbffd4d65a36e318e
eebb63fd9061a5f1d58a8a62399882a8682613c6189034aa2f000835a26cd28d
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /mwwatchs.html HTTP/1.1
Host: 207.148.41.244
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.fineartscreensavers.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 07 May 2024 09:08:48 GMT
Content-Type: text/html
Content-Length: 1021
Last-Modified: Mon, 06 May 2024 14:55:27 GMT
Connection: keep-alive
ETag: "6638ef5f-3fd"
Accept-Ranges: bytes
207.148.41.244/favicon.ico
207.148.41.244404 Not Found 146 B URL GET HTTP/1.1 207.148.41.244/favicon.ico
IP 207.148.41.244:80
ASN #59371 Dimension Network & Communication Limited
Requested by http://207.148.41.244/mwwatchs.html
File type HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /favicon.ico HTTP/1.1
Host: 207.148.41.244
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://207.148.41.244/mwwatchs.html
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Server: nginx
Date: Tue, 07 May 2024 09:08:49 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive
zerossl.ocsp.sectigo.com/
104.18.38.233 315 B URL zerossl.ocsp.sectigo.com/
IP 104.18.38.233:0
Hash 8653eb5f387c6abebb3b5224e460e6d7
01bbaa7348cacc1a614921afbe0a62acfda03015
5d67780fe8373418a4f4408428e4b5711eae37f291e4d3d107530538f52796a3
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 07 May 2024 09:08:49 GMT
Content-Type: application/ocsp-response
Content-Length: 315
Connection: keep-alive
Last-Modified: Sun, 05 May 2024 20:03:14 GMT
Expires: Sun, 12 May 2024 20:03:13 GMT
Etag: "01bbaa7348cacc1a614921afbe0a62acfda03015"
Cache-Control: max-age=470663,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 88001153fe2ab52d-OSL
hm.baidu.com/hm.js?816c865636841e141be435e108292b17
14.215.183.79200 OK 11 kB URL GET HTTP/1.1 hm.baidu.com/hm.js?816c865636841e141be435e108292b17
IP 14.215.183.79:443
Requested by http://207.148.41.244/mwwatchs.html
Certificate IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT
File type JavaScript source, ASCII text, with very long lines (621)
Hash 2f62d7f95eb170b86e3ca5c8be715e1d
230549cdeb94565b27ddda711b4194c2b66de6ff
43b74cc06c8b0f9d33b567d69d331d722090fde9b0c4f986e073785370ae8286
GET /hm.js?816c865636841e141be435e108292b17 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://207.148.41.244/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11259
Content-Type: application/javascript
Date: Tue, 07 May 2024 09:08:50 GMT
Etag: 8c046490ba299bd827e876b28bc7be65
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=040FDBF1ED1DBEFC; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1014784062&si=816c865636841e141be435e108292b17&su=http%3A%2F%2Fwww.fineartscreensavers.com%2F&v=1.3.0&lv=1&sn=21980&r=0&ww=1280&u=http%3A%2F%2F207.148.41.244%2Fmwwatchs.html&tt=bww18.com
14.215.183.79200 OK 43 B URL GET HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1014784062&si=816c865636841e141be435e108292b17&su=http%3A%2F%2Fwww.fineartscreensavers.com%2F&v=1.3.0&lv=1&sn=21980&r=0&ww=1280&u=http%3A%2F%2F207.148.41.244%2Fmwwatchs.html&tt=bww18.com
IP 14.215.183.79:443
Requested by http://207.148.41.244/mwwatchs.html
Certificate IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT
File type GIF image data, version 89a, 1 x 1
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1014784062&si=816c865636841e141be435e108292b17&su=http%3A%2F%2Fwww.fineartscreensavers.com%2F&v=1.3.0&lv=1&sn=21980&r=0&ww=1280&u=http%3A%2F%2F207.148.41.244%2Fmwwatchs.html&tt=bww18.com HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://207.148.41.244/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Tue, 07 May 2024 09:08:50 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=3C3D6AA719FBE166; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
hm.baidu.com/hm.js?c1e3e5a2e417fddcc09a3ebe32da9233
14.215.183.79200 OK 11 kB URL GET HTTP/1.1 hm.baidu.com/hm.js?c1e3e5a2e417fddcc09a3ebe32da9233
IP 14.215.183.79:443
Requested by http://207.148.41.244/mwwatchs.html
Certificate IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT
File type JavaScript source, ASCII text, with very long lines (621)
Hash 52dad68aafa2c1c4fc8d0ae9c436f9e8
9f00fea9b3de7f5eab5df038cc939551d2ad25b1
c636303aae6fa3efa8a8dfcde62c89d9eefc2979085b024ca6e087b2d2d92435
GET /hm.js?c1e3e5a2e417fddcc09a3ebe32da9233 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://207.148.41.244/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11259
Content-Type: application/javascript
Date: Tue, 07 May 2024 09:08:50 GMT
Etag: 5b6478cf6eb591ccb6dc470e32e2c9e2
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=1D3C42BBE8FAC7E9; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
mw1cwfiexcejo.xyz/main.html
23.224.193.140200 OK 27 kB URL GET HTTP/2 mw1cwfiexcejo.xyz/main.html
IP 23.224.193.140:443
Requested by http://207.148.41.244/mwwatchs.html
Certificate IssuerZeroSSL
Subjectmw1cwfiexcejo.xyz
Fingerprint35:05:F8:B7:F6:94:BA:F2:3C:62:48:64:B2:05:E2:53:8F:79:15:DC
ValiditySat, 04 May 2024 00:00:00 GMT - Fri, 02 Aug 2024 23:59:59 GMT
File type HTML document, Unicode text, UTF-8 text, with very long lines (10241), with CRLF, LF line terminators
Hash ccee9422a7fb4ed1fef88fac7e14083e
97bf5a46c799821fb20ce26e712b1aa6235fb167
45eb80575e3823afcbf0dcf9bac36c9b27b9fb97819cd514f9b6bcd35ecea365
GET /main.html HTTP/1.1
Host: mw1cwfiexcejo.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://207.148.41.244/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 09:08:50 GMT
content-type: text/html
last-modified: Mon, 06 May 2024 16:35:15 GMT
vary: Accept-Encoding
etag: W/"663906c3-d806"
content-encoding: gzip
X-Firefox-Spdy: h2
imagecloub.com:1443/c1e6a4a80e0b701937167d91c2b3c27a.gif
5.180.146.180 81 kB URL GET imagecloub.com:1443/c1e6a4a80e0b701937167d91c2b3c27a.gif
IP 5.180.146.180:0
Requested by https://mw1cwfiexcejo.xyz/main.html
Certificate IssuerZeroSSL
Subjectimagecloub.com
FingerprintA1:E1:02:F5:B7:9C:25:08:17:54:06:BB:1B:5E:96:B7:E1:E8:A2:EA
ValidityFri, 23 Feb 2024 00:00:00 GMT - Thu, 23 May 2024 23:59:59 GMT
File type GIF image data, version 89a, 960 x 80
Hash 436afd9bc005f3b7c85b3e67172fd49b
0cad58733ed51033dc631130c364af0e4cdc39ef
20f8f2dc3c678d4d187d22123b7e1fbb4fc20f47050a432c48a503c98cd9d3ea
GET /c1e6a4a80e0b701937167d91c2b3c27a.gif HTTP/1.1
Host: imagecloub.com:1443
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mw1cwfiexcejo.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 07 May 2024 09:08:51 GMT
Content-Type: image/gif
Last-Modified: Sat, 03 Feb 2024 19:02:37 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"65be8dcd-4c4b40"
Strict-Transport-Security: max-age=86400; includeSubdomains; always
X-XSS-Protection: 1; mode=block
Content-Encoding: gzip
imagecloub.com:1443/d23d2c8197a28a905763d40705fa9099.gif
5.180.146.180 61 kB URL GET imagecloub.com:1443/d23d2c8197a28a905763d40705fa9099.gif
IP 5.180.146.180:0
Requested by https://mw1cwfiexcejo.xyz/main.html
Certificate IssuerZeroSSL
Subjectimagecloub.com
FingerprintA1:E1:02:F5:B7:9C:25:08:17:54:06:BB:1B:5E:96:B7:E1:E8:A2:EA
ValidityFri, 23 Feb 2024 00:00:00 GMT - Thu, 23 May 2024 23:59:59 GMT
File type GIF image data, version 89a, 960 x 60
Hash 36c04e99d1daec1735215faf40d36f05
ff9d2295a8afa6049b66baa70afd908004c037a0
5291c095e64d14d46172c5ce5c9e417af0a3ecd017c5f6d964733fb3b3513212
GET /d23d2c8197a28a905763d40705fa9099.gif HTTP/1.1
Host: imagecloub.com:1443
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mw1cwfiexcejo.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 07 May 2024 09:08:51 GMT
Content-Type: image/gif
Last-Modified: Wed, 06 Dec 2023 18:28:51 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6570bd63-4c4b40"
Strict-Transport-Security: max-age=86400; includeSubdomains; always
X-XSS-Protection: 1; mode=block
Content-Encoding: gzip
mw1cwfiexcejo.xyz/static/css/main.css
23.224.193.140200 OK 14 kB URL GET HTTP/2 mw1cwfiexcejo.xyz/static/css/main.css
IP 23.224.193.140:443
Requested by https://mw1cwfiexcejo.xyz/main.html
Certificate IssuerZeroSSL
Subjectmw1cwfiexcejo.xyz
Fingerprint35:05:F8:B7:F6:94:BA:F2:3C:62:48:64:B2:05:E2:53:8F:79:15:DC
ValiditySat, 04 May 2024 00:00:00 GMT - Fri, 02 Aug 2024 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (622)
Hash e0fddce943e44011ee4c47b5f00a97a4
6533cd40a141a7f9e6d4520a7f712a2199e6b779
ff7704c75deb8ee62e6abab36f96f2f42cf6cad97fab422ef336d458e26fde18
GET /static/css/main.css HTTP/1.1
Host: mw1cwfiexcejo.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mw1cwfiexcejo.xyz/main.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 09:08:50 GMT
content-type: text/css
last-modified: Mon, 06 May 2024 16:35:16 GMT
vary: Accept-Encoding
etag: W/"663906c4-33c9"
content-encoding: gzip
X-Firefox-Spdy: h2
hm.baidu.com/hm.js?4d0a62c56fb61655820d10f343280134
14.215.183.79200 OK 11 kB URL GET HTTP/1.1 hm.baidu.com/hm.js?4d0a62c56fb61655820d10f343280134
IP 14.215.183.79:443
Requested by https://mw1cwfiexcejo.xyz/main.html
Certificate IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT
File type JavaScript source, ASCII text, with very long lines (621)
Hash 3508155d732d1c26c86a426a0a1cf3d3
987e2031b1f416035fe4d2d75de21dfaaabf7a79
052f3c8527b7c24905834822ef5fbac17266e6d8b653600eb35a0e4e44e3585a
GET /hm.js?4d0a62c56fb61655820d10f343280134 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mw1cwfiexcejo.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11259
Content-Type: application/javascript
Date: Tue, 07 May 2024 09:08:51 GMT
Etag: 3eb45b73c341ce080d24451a4c843b76
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=7241044F4E212B74; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
imagecloub.com:1443/092018f59af0764473f442e5a0f07855.gif
5.180.146.180 188 kB URL GET imagecloub.com:1443/092018f59af0764473f442e5a0f07855.gif
IP 5.180.146.180:0
Requested by https://mw1cwfiexcejo.xyz/main.html
Certificate IssuerZeroSSL
Subjectimagecloub.com
FingerprintA1:E1:02:F5:B7:9C:25:08:17:54:06:BB:1B:5E:96:B7:E1:E8:A2:EA
ValidityFri, 23 Feb 2024 00:00:00 GMT - Thu, 23 May 2024 23:59:59 GMT
File type GIF image data, version 89a, 960 x 80
Size 188 kB (188085 bytes)
Hash 297499d261269303cbad602aa00b627a
d9c2833849bef209f11f070949c9892bf4a17abd
711f98072a4cce44d010b0806df5990912027d8c7730c5980e55cdfae2652e62
GET /092018f59af0764473f442e5a0f07855.gif HTTP/1.1
Host: imagecloub.com:1443
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mw1cwfiexcejo.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 07 May 2024 09:08:51 GMT
Content-Type: image/gif
Last-Modified: Tue, 16 Apr 2024 17:05:09 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"661eafc5-4c4b40"
Strict-Transport-Security: max-age=86400; includeSubdomains; always
X-XSS-Protection: 1; mode=block
Content-Encoding: gzip
imagecloub.com:1443/124dc445f0070647bb27d4431d3c708f.gif
5.180.146.180 269 kB URL GET imagecloub.com:1443/124dc445f0070647bb27d4431d3c708f.gif
IP 5.180.146.180:0
Requested by https://mw1cwfiexcejo.xyz/main.html
Certificate IssuerZeroSSL
Subjectimagecloub.com
FingerprintA1:E1:02:F5:B7:9C:25:08:17:54:06:BB:1B:5E:96:B7:E1:E8:A2:EA
ValidityFri, 23 Feb 2024 00:00:00 GMT - Thu, 23 May 2024 23:59:59 GMT
File type GIF image data, version 89a, 960 x 400
Size 269 kB (268931 bytes)
Hash 015e6cef26900ae49532f1329862e0fa
03a66be7c857b2c0967f8548a17fd014d7f1a1bf
5593ede908bcbd1625abd1b65c79d8c2bf9a4214dd437c6fa6aa4f7238f9e4b2
GET /124dc445f0070647bb27d4431d3c708f.gif HTTP/1.1
Host: imagecloub.com:1443
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mw1cwfiexcejo.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 07 May 2024 09:08:51 GMT
Content-Type: image/gif
Last-Modified: Wed, 06 Dec 2023 18:28:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6570bd4a-4c4b40"
Strict-Transport-Security: max-age=86400; includeSubdomains; always
X-XSS-Protection: 1; mode=block
Content-Encoding: gzip
imagecloub.com:1443/4890b0d9d4d6c8c9f267aa56eb27fff2.gif
5.180.146.180 310 kB URL GET imagecloub.com:1443/4890b0d9d4d6c8c9f267aa56eb27fff2.gif
IP 5.180.146.180:0
Requested by https://mw1cwfiexcejo.xyz/main.html
Certificate IssuerZeroSSL
Subjectimagecloub.com
FingerprintA1:E1:02:F5:B7:9C:25:08:17:54:06:BB:1B:5E:96:B7:E1:E8:A2:EA
ValidityFri, 23 Feb 2024 00:00:00 GMT - Thu, 23 May 2024 23:59:59 GMT
File type GIF image data, version 89a, 960 x 80
Size 310 kB (309685 bytes)
Hash 161a51aa67ddb4adb357b4e123abff73
5cdd40238374188944dbb2313b04ad8e09b26984
30a5029b5f05da6a6783897c04e77313e68dc782a0c1d23ce363fb6424317a91
GET /4890b0d9d4d6c8c9f267aa56eb27fff2.gif HTTP/1.1
Host: imagecloub.com:1443
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mw1cwfiexcejo.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 07 May 2024 09:08:51 GMT
Content-Type: image/gif
Last-Modified: Thu, 25 Apr 2024 09:22:02 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"662a20ba-4c4b40"
Strict-Transport-Security: max-age=86400; includeSubdomains; always
X-XSS-Protection: 1; mode=block
Content-Encoding: gzip
mw1cwfiexcejo.xyz/static/css/style.css
23.224.193.140200 OK 12 kB URL GET HTTP/2 mw1cwfiexcejo.xyz/static/css/style.css
IP 23.224.193.140:443
Requested by https://mw1cwfiexcejo.xyz/main.html
Certificate IssuerZeroSSL
Subjectmw1cwfiexcejo.xyz
Fingerprint35:05:F8:B7:F6:94:BA:F2:3C:62:48:64:B2:05:E2:53:8F:79:15:DC
ValiditySat, 04 May 2024 00:00:00 GMT - Fri, 02 Aug 2024 23:59:59 GMT
File type JavaScript source, Unicode text, UTF-8 (with BOM) text, with very long lines (621)
Hash 7389efb169ab110e0b07df01a4a885e1
eb12df64435044af660b51cb1168d41f17602f45
29d575c8f56644c7ce3fbde5fd36bba8df06a173dba5adee1d806aa8708b534d
GET /static/css/style.css HTTP/1.1
Host: mw1cwfiexcejo.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mw1cwfiexcejo.xyz/main.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 09:08:50 GMT
content-type: text/css
last-modified: Mon, 06 May 2024 16:35:16 GMT
vary: Accept-Encoding
etag: W/"663906c4-67f"
content-encoding: gzip
X-Firefox-Spdy: h2
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1448347746&si=c1e3e5a2e417fddcc09a3ebe32da9233&su=http%3A%2F%2Fwww.fineartscreensavers.com%2F&v=1.3.0&lv=1&sn=21981&r=0&ww=1280&u=http%3A%2F%2F207.148.41.244%2Fmwwatchs.html&tt=bww18.com
111.45.3.198200 OK 43 B URL GET HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1448347746&si=c1e3e5a2e417fddcc09a3ebe32da9233&su=http%3A%2F%2Fwww.fineartscreensavers.com%2F&v=1.3.0&lv=1&sn=21981&r=0&ww=1280&u=http%3A%2F%2F207.148.41.244%2Fmwwatchs.html&tt=bww18.com
IP 111.45.3.198:443
ASN #56040 China Mobile communications corporation
Requested by http://207.148.41.244/mwwatchs.html
Certificate IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT
File type GIF image data, version 89a, 1 x 1
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1448347746&si=c1e3e5a2e417fddcc09a3ebe32da9233&su=http%3A%2F%2Fwww.fineartscreensavers.com%2F&v=1.3.0&lv=1&sn=21981&r=0&ww=1280&u=http%3A%2F%2F207.148.41.244%2Fmwwatchs.html&tt=bww18.com HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://207.148.41.244/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Tue, 07 May 2024 09:08:52 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=00DFBEDE898AB311; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
hm.baidu.com/hm.gif?cc=0&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1462899577&si=880a5d265bdbb52f6e50d3e3065f4020&su=http%3A%2F%2F207.148.41.244%2F&v=1.3.0&lv=1&sn=21981&r=0&ww=1280&u=https%3A%2F%2Fmw1cwfiexcejo.xyz%2Fmain.html&tt=%E5%B0%A4%E9%85%B8%E4%B9%B3%E8%A7%86%E9%A2%91
14.215.183.79200 OK 43 B URL GET HTTP/1.1 hm.baidu.com/hm.gif?cc=0&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1462899577&si=880a5d265bdbb52f6e50d3e3065f4020&su=http%3A%2F%2F207.148.41.244%2F&v=1.3.0&lv=1&sn=21981&r=0&ww=1280&u=https%3A%2F%2Fmw1cwfiexcejo.xyz%2Fmain.html&tt=%E5%B0%A4%E9%85%B8%E4%B9%B3%E8%A7%86%E9%A2%91
IP 14.215.183.79:443
Requested by https://mw1cwfiexcejo.xyz/main.html
Certificate IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT
File type GIF image data, version 89a, 1 x 1
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=0&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1462899577&si=880a5d265bdbb52f6e50d3e3065f4020&su=http%3A%2F%2F207.148.41.244%2F&v=1.3.0&lv=1&sn=21981&r=0&ww=1280&u=https%3A%2F%2Fmw1cwfiexcejo.xyz%2Fmain.html&tt=%E5%B0%A4%E9%85%B8%E4%B9%B3%E8%A7%86%E9%A2%91 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mw1cwfiexcejo.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Tue, 07 May 2024 09:08:55 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=1E7C9A615F8AD481; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
hm.baidu.com/hm.gif?cc=0&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1439642131&si=3fd03517bee57becb034bf7c9f767a6a&su=http%3A%2F%2F207.148.41.244%2F&v=1.3.0&lv=1&sn=21983&r=0&ww=1280&u=https%3A%2F%2Fmw1cwfiexcejo.xyz%2Fmain.html&tt=%E5%B0%A4%E9%85%B8%E4%B9%B3%E8%A7%86%E9%A2%91
14.215.183.79200 OK 43 B URL GET HTTP/1.1 hm.baidu.com/hm.gif?cc=0&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1439642131&si=3fd03517bee57becb034bf7c9f767a6a&su=http%3A%2F%2F207.148.41.244%2F&v=1.3.0&lv=1&sn=21983&r=0&ww=1280&u=https%3A%2F%2Fmw1cwfiexcejo.xyz%2Fmain.html&tt=%E5%B0%A4%E9%85%B8%E4%B9%B3%E8%A7%86%E9%A2%91
IP 14.215.183.79:443
Requested by https://mw1cwfiexcejo.xyz/main.html
Certificate IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT
File type GIF image data, version 89a, 1 x 1
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=0&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1439642131&si=3fd03517bee57becb034bf7c9f767a6a&su=http%3A%2F%2F207.148.41.244%2F&v=1.3.0&lv=1&sn=21983&r=0&ww=1280&u=https%3A%2F%2Fmw1cwfiexcejo.xyz%2Fmain.html&tt=%E5%B0%A4%E9%85%B8%E4%B9%B3%E8%A7%86%E9%A2%91 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mw1cwfiexcejo.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Tue, 07 May 2024 09:08:55 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=6B40E18D8BEF5C48; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
hm.baidu.com/hm.js?0360821bfd0b3c67bba0648aa2aa2472
111.45.3.198200 OK 11 kB URL GET HTTP/1.1 hm.baidu.com/hm.js?0360821bfd0b3c67bba0648aa2aa2472
IP 111.45.3.198:443
ASN #56040 China Mobile communications corporation
Requested by https://mw1cwfiexcejo.xyz/main.html
Certificate IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT
File type JavaScript source, ASCII text, with very long lines (621)
Hash b37c72cfd7e2408042f15d44e8dcc738
9d843e43a7312a3127933ec4c07b5b7844ac6785
189da0cdf5c7727e6bdf2330c22bdf8475e39d69056f6581f361b2ee2043d00b
GET /hm.js?0360821bfd0b3c67bba0648aa2aa2472 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mw1cwfiexcejo.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11259
Content-Type: application/javascript
Date: Tue, 07 May 2024 09:08:55 GMT
Etag: d5d476c6b9094c967d0cf0587ae8a1f1
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=DAAB65B99A44B8B8; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.js?907644c02f26c7faa8766ef52d39f685
111.45.3.198200 OK 11 kB URL GET HTTP/1.1 hm.baidu.com/hm.js?907644c02f26c7faa8766ef52d39f685
IP 111.45.3.198:443
ASN #56040 China Mobile communications corporation
Requested by https://mw1cwfiexcejo.xyz/main.html
Certificate IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT
File type JavaScript source, ASCII text, with very long lines (621)
Hash c336372f00e6050a7e419132d4c11541
c38e477dce07da0668ce6436b345ac23752e1445
7d64aaed5708fea357efedc269077988ed170a6ac0d83e48b63ce7787079b3c7
GET /hm.js?907644c02f26c7faa8766ef52d39f685 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mw1cwfiexcejo.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11259
Content-Type: application/javascript
Date: Tue, 07 May 2024 09:08:55 GMT
Etag: 1edef01280dd5fa44b936040f05d5821
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=A5168569AF0562B7; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.gif?cc=0&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=492454949&si=4d0a62c56fb61655820d10f343280134&su=http%3A%2F%2F207.148.41.244%2F&v=1.3.0&lv=1&sn=21983&r=0&ww=1280&u=https%3A%2F%2Fmw1cwfiexcejo.xyz%2Fmain.html&tt=%E5%B0%A4%E9%85%B8%E4%B9%B3%E8%A7%86%E9%A2%91
111.45.3.198200 OK 43 B URL GET HTTP/1.1 hm.baidu.com/hm.gif?cc=0&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=492454949&si=4d0a62c56fb61655820d10f343280134&su=http%3A%2F%2F207.148.41.244%2F&v=1.3.0&lv=1&sn=21983&r=0&ww=1280&u=https%3A%2F%2Fmw1cwfiexcejo.xyz%2Fmain.html&tt=%E5%B0%A4%E9%85%B8%E4%B9%B3%E8%A7%86%E9%A2%91
IP 111.45.3.198:443
ASN #56040 China Mobile communications corporation
Requested by https://mw1cwfiexcejo.xyz/main.html
Certificate IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT
File type GIF image data, version 89a, 1 x 1
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=0&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=492454949&si=4d0a62c56fb61655820d10f343280134&su=http%3A%2F%2F207.148.41.244%2F&v=1.3.0&lv=1&sn=21983&r=0&ww=1280&u=https%3A%2F%2Fmw1cwfiexcejo.xyz%2Fmain.html&tt=%E5%B0%A4%E9%85%B8%E4%B9%B3%E8%A7%86%E9%A2%91 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mw1cwfiexcejo.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Tue, 07 May 2024 09:08:55 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=96E0630E82BEFDFD; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
hm.baidu.com/hm.gif?cc=0&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=230869346&si=907644c02f26c7faa8766ef52d39f685&su=http%3A%2F%2F207.148.41.244%2F&v=1.3.0&lv=1&sn=21986&r=0&ww=1280&u=https%3A%2F%2Fmw1cwfiexcejo.xyz%2Fmain.html&tt=%E5%B0%A4%E9%85%B8%E4%B9%B3%E8%A7%86%E9%A2%91
14.215.183.79200 OK 43 B URL GET HTTP/1.1 hm.baidu.com/hm.gif?cc=0&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=230869346&si=907644c02f26c7faa8766ef52d39f685&su=http%3A%2F%2F207.148.41.244%2F&v=1.3.0&lv=1&sn=21986&r=0&ww=1280&u=https%3A%2F%2Fmw1cwfiexcejo.xyz%2Fmain.html&tt=%E5%B0%A4%E9%85%B8%E4%B9%B3%E8%A7%86%E9%A2%91
IP 14.215.183.79:443
Requested by https://mw1cwfiexcejo.xyz/main.html
Certificate IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT
File type GIF image data, version 89a, 1 x 1
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=0&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=230869346&si=907644c02f26c7faa8766ef52d39f685&su=http%3A%2F%2F207.148.41.244%2F&v=1.3.0&lv=1&sn=21986&r=0&ww=1280&u=https%3A%2F%2Fmw1cwfiexcejo.xyz%2Fmain.html&tt=%E5%B0%A4%E9%85%B8%E4%B9%B3%E8%A7%86%E9%A2%91 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mw1cwfiexcejo.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Tue, 07 May 2024 09:08:55 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=996138E4F49EA571; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
hm.baidu.com/hm.gif?cc=0&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1893028947&si=0360821bfd0b3c67bba0648aa2aa2472&su=http%3A%2F%2F207.148.41.244%2F&v=1.3.0&lv=1&sn=21986&r=0&ww=1280&u=https%3A%2F%2Fmw1cwfiexcejo.xyz%2Fmain.html&tt=%E5%B0%A4%E9%85%B8%E4%B9%B3%E8%A7%86%E9%A2%91
14.215.183.79200 OK 43 B URL GET HTTP/1.1 hm.baidu.com/hm.gif?cc=0&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1893028947&si=0360821bfd0b3c67bba0648aa2aa2472&su=http%3A%2F%2F207.148.41.244%2F&v=1.3.0&lv=1&sn=21986&r=0&ww=1280&u=https%3A%2F%2Fmw1cwfiexcejo.xyz%2Fmain.html&tt=%E5%B0%A4%E9%85%B8%E4%B9%B3%E8%A7%86%E9%A2%91
IP 14.215.183.79:443
Requested by https://mw1cwfiexcejo.xyz/main.html
Certificate IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT
File type GIF image data, version 89a, 1 x 1
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=0&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1893028947&si=0360821bfd0b3c67bba0648aa2aa2472&su=http%3A%2F%2F207.148.41.244%2F&v=1.3.0&lv=1&sn=21986&r=0&ww=1280&u=https%3A%2F%2Fmw1cwfiexcejo.xyz%2Fmain.html&tt=%E5%B0%A4%E9%85%B8%E4%B9%B3%E8%A7%86%E9%A2%91 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mw1cwfiexcejo.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Tue, 07 May 2024 09:08:55 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=0DF7F2C2A2A4AF8B; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
hm.baidu.com/hm.gif?cc=0&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1237247521&si=9aa3ae463ac19f863cb5e2611cc75704&su=http%3A%2F%2F207.148.41.244%2F&v=1.3.0&lv=1&sn=21985&r=0&ww=1280&u=https%3A%2F%2Fmw1cwfiexcejo.xyz%2Fmain.html&tt=%E5%B0%A4%E9%85%B8%E4%B9%B3%E8%A7%86%E9%A2%91
111.45.3.198200 OK 43 B URL GET HTTP/1.1 hm.baidu.com/hm.gif?cc=0&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1237247521&si=9aa3ae463ac19f863cb5e2611cc75704&su=http%3A%2F%2F207.148.41.244%2F&v=1.3.0&lv=1&sn=21985&r=0&ww=1280&u=https%3A%2F%2Fmw1cwfiexcejo.xyz%2Fmain.html&tt=%E5%B0%A4%E9%85%B8%E4%B9%B3%E8%A7%86%E9%A2%91
IP 111.45.3.198:443
ASN #56040 China Mobile communications corporation
Requested by https://mw1cwfiexcejo.xyz/main.html
Certificate IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT
File type GIF image data, version 89a, 1 x 1
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=0&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1237247521&si=9aa3ae463ac19f863cb5e2611cc75704&su=http%3A%2F%2F207.148.41.244%2F&v=1.3.0&lv=1&sn=21985&r=0&ww=1280&u=https%3A%2F%2Fmw1cwfiexcejo.xyz%2Fmain.html&tt=%E5%B0%A4%E9%85%B8%E4%B9%B3%E8%A7%86%E9%A2%91 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mw1cwfiexcejo.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Tue, 07 May 2024 09:08:56 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=BB6E6143D3109330; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
mw1cwfiexcejo.xyz/lib/js/clipboard.min.js
23.224.193.140200 OK 11 kB URL GET HTTP/2 mw1cwfiexcejo.xyz/lib/js/clipboard.min.js
IP 23.224.193.140:443
Requested by https://mw1cwfiexcejo.xyz/main.html
Certificate IssuerZeroSSL
Subjectmw1cwfiexcejo.xyz
Fingerprint35:05:F8:B7:F6:94:BA:F2:3C:62:48:64:B2:05:E2:53:8F:79:15:DC
ValiditySat, 04 May 2024 00:00:00 GMT - Fri, 02 Aug 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /lib/js/clipboard.min.js HTTP/1.1
Host: mw1cwfiexcejo.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mw1cwfiexcejo.xyz/main.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 09:08:50 GMT
content-type: application/javascript
last-modified: Mon, 06 May 2024 16:35:16 GMT
vary: Accept-Encoding
etag: W/"663906c4-29a5"
content-encoding: gzip
X-Firefox-Spdy: h2
hm.baidu.com/hm.js?9aa3ae463ac19f863cb5e2611cc75704
111.45.3.198200 OK 30 kB URL GET HTTP/1.1 hm.baidu.com/hm.js?9aa3ae463ac19f863cb5e2611cc75704
IP 111.45.3.198:443
ASN #56040 China Mobile communications corporation
Requested by https://mw1cwfiexcejo.xyz/main.html
Certificate IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT
File type JavaScript source, ASCII text, with very long lines (621)
Hash 2207f9b2f3a891554db18279df7479ea
21aa8722f1652224bfb274efdcae48c79add637a
71f0a34d42b62577bb2ca1644f6d47afd78173e65f7c2c3e2a36c723a92bfed1
GET /hm.js?9aa3ae463ac19f863cb5e2611cc75704 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mw1cwfiexcejo.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11259
Content-Type: application/javascript
Date: Tue, 07 May 2024 09:08:51 GMT
Etag: 03594555755af385d8944ae0312b3504
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=6433CE3C1F334378; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hb.userpicimage.com/33b8a2b1ee84v.jpg
0.0.0.0 0 B URL GET hb.userpicimage.com/33b8a2b1ee84v.jpg
IP 0.0.0.0:0
Requested by https://mw1cwfiexcejo.xyz/main.html
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /33b8a2b1ee84v.jpg HTTP/1.1
Host: hb.userpicimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mw1cwfiexcejo.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
mw1cwfiexcejo.xyz/lib/js/renderAds.js
23.224.193.140200 OK 3.0 kB URL GET HTTP/2 mw1cwfiexcejo.xyz/lib/js/renderAds.js
IP 23.224.193.140:443
Requested by https://mw1cwfiexcejo.xyz/main.html
Certificate IssuerZeroSSL
Subjectmw1cwfiexcejo.xyz
Fingerprint35:05:F8:B7:F6:94:BA:F2:3C:62:48:64:B2:05:E2:53:8F:79:15:DC
ValiditySat, 04 May 2024 00:00:00 GMT - Fri, 02 Aug 2024 23:59:59 GMT
File type JavaScript source, Unicode text, UTF-8 text, with very long lines (3490), with no line terminators
Hash badec84f0867f6dfb19c26796ee724a6
8337f6fd856510fe492a4b1ad82bfc79d8ab60f9
bb0bd0dc48b1c2b326957a1f421a5d58418bec7b287dfb0000cfc2b4e5355d8e
GET /lib/js/renderAds.js HTTP/1.1
Host: mw1cwfiexcejo.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mw1cwfiexcejo.xyz/main.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 09:08:50 GMT
content-type: application/javascript
last-modified: Mon, 06 May 2024 16:35:16 GMT
vary: Accept-Encoding
etag: W/"663906c4-bb2"
content-encoding: gzip
X-Firefox-Spdy: h2
mw1cwfiexcejo.xyz/lib/js/LazyLoad.js
23.224.193.140200 OK 9.5 kB URL GET HTTP/2 mw1cwfiexcejo.xyz/lib/js/LazyLoad.js
IP 23.224.193.140:443
Requested by https://mw1cwfiexcejo.xyz/main.html
Certificate IssuerZeroSSL
Subjectmw1cwfiexcejo.xyz
Fingerprint35:05:F8:B7:F6:94:BA:F2:3C:62:48:64:B2:05:E2:53:8F:79:15:DC
ValiditySat, 04 May 2024 00:00:00 GMT - Fri, 02 Aug 2024 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (9845), with no line terminators
Hash 7b4204d5723ddb96562f1754fc662e98
9bef86125cb94a1ba1ece97ef9179fc18abe0e06
eced9cc48d2d75308a2d6b9271130c60970210bb06f6df0568efb313bb721f2d
GET /lib/js/LazyLoad.js HTTP/1.1
Host: mw1cwfiexcejo.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mw1cwfiexcejo.xyz/main.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 09:08:50 GMT
content-type: application/javascript
last-modified: Mon, 06 May 2024 16:35:16 GMT
vary: Accept-Encoding
etag: W/"663906c4-2519"
content-encoding: gzip
X-Firefox-Spdy: h2
mw1cwfiexcejo.xyz/lib/js/swiper.min.js
23.224.193.140200 OK 141 kB URL GET HTTP/2 mw1cwfiexcejo.xyz/lib/js/swiper.min.js
IP 23.224.193.140:443
Requested by https://mw1cwfiexcejo.xyz/main.html
Certificate IssuerZeroSSL
Subjectmw1cwfiexcejo.xyz
Fingerprint35:05:F8:B7:F6:94:BA:F2:3C:62:48:64:B2:05:E2:53:8F:79:15:DC
ValiditySat, 04 May 2024 00:00:00 GMT - Fri, 02 Aug 2024 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (65284)
Size 141 kB (140929 bytes)
Hash 10ad6473484630a85272174de546fa21
ea40634dc07be2074345cdc14f6844d3cf3f02bd
36231d9ccbf4581029b3733c99c07b587ce56a7113b74ae7c0c0a083aec38029
GET /lib/js/swiper.min.js HTTP/1.1
Host: mw1cwfiexcejo.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mw1cwfiexcejo.xyz/main.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 09:08:50 GMT
content-type: application/javascript
last-modified: Mon, 06 May 2024 16:35:16 GMT
vary: Accept-Encoding
etag: W/"663906c4-22681"
content-encoding: gzip
X-Firefox-Spdy: h2
uu11661.com/75decde0a39737d5f3f923551135cd96.gif
0.0.0.0 0 B URL GET uu11661.com/75decde0a39737d5f3f923551135cd96.gif
IP 0.0.0.0:0
Requested by https://mw1cwfiexcejo.xyz/main.html
Certificate IssuerLet's Encrypt
Subjectuu11661.com
FingerprintD3:8C:FB:80:BE:AB:8C:FD:88:EF:40:96:F9:4D:78:B1:9E:26:01:3D
ValiditySun, 28 Apr 2024 15:53:25 GMT - Sat, 27 Jul 2024 15:53:24 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /75decde0a39737d5f3f923551135cd96.gif HTTP/1.1
Host: uu11661.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mw1cwfiexcejo.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: max-age=2592000
content-encoding: gzip
content-type: image/gif
date: Tue, 07 May 2024 08:33:13 GMT
etag: W/"645e287b-47a29"
expires: Thu, 06 Jun 2024 08:33:13 GMT
last-modified: Tue, 07 May 2024 08:58:58 GMT
server: nginx
vary: Accept-Encoding
x-cache: HIT, policy, memory
X-Firefox-Spdy: h2
vip.helloimg.com/i/2024/04/27/662ca16922ce5.gif
110.42.66.240200 OK 926 B URL GET HTTP/2 vip.helloimg.com/i/2024/04/27/662ca16922ce5.gif
IP 110.42.66.240:443
ASN #136188 NINGBO, ZHEJIANG Province, P.R.China.
Requested by https://mw1cwfiexcejo.xyz/main.html
Certificate IssuerZeroSSL
Subject*.helloimg.com
Fingerprint5C:08:8C:25:51:5B:C6:35:EA:97:07:1B:71:44:12:CC:C1:3C:4B:99
ValidityMon, 29 Apr 2024 00:00:00 GMT - Tue, 29 Apr 2025 23:59:59 GMT
File type HTML document, Unicode text, UTF-8 text, with very long lines (915), with no line terminators
Hash 4e583fa1a30d5bf07af7c3d8a8e51b0b
d6791ab3c961ab0731b995b2e586921bc0b34ba4
f4ad65b2a872c51131c2671654ebae3311bc117b37809768aa696acee507d2b9
GET /i/2024/04/27/662ca16922ce5.gif HTTP/1.1
Host: vip.helloimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mw1cwfiexcejo.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 01:08:52 GMT
content-type: text/html;charset=utf8
cache-control: no-cache
server: ciyunCDN
X-Firefox-Spdy: h2
hb.userpicimage.com/535f4831a092v.jpg
0.0.0.0 0 B URL GET hb.userpicimage.com/535f4831a092v.jpg
IP 0.0.0.0:0
Requested by https://mw1cwfiexcejo.xyz/main.html
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /535f4831a092v.jpg HTTP/1.1
Host: hb.userpicimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mw1cwfiexcejo.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
hb.userpicimage.com/ae465fdc831av.jpg
0.0.0.0 0 B URL GET hb.userpicimage.com/ae465fdc831av.jpg
IP 0.0.0.0:0
Requested by https://mw1cwfiexcejo.xyz/main.html
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ae465fdc831av.jpg HTTP/1.1
Host: hb.userpicimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mw1cwfiexcejo.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
mw1cwfiexcejo.xyz/lib/js/swiper.min.css
23.224.193.140200 OK 14 kB URL GET HTTP/2 mw1cwfiexcejo.xyz/lib/js/swiper.min.css
IP 23.224.193.140:443
Requested by https://mw1cwfiexcejo.xyz/main.html
Certificate IssuerZeroSSL
Subjectmw1cwfiexcejo.xyz
Fingerprint35:05:F8:B7:F6:94:BA:F2:3C:62:48:64:B2:05:E2:53:8F:79:15:DC
ValiditySat, 04 May 2024 00:00:00 GMT - Fri, 02 Aug 2024 23:59:59 GMT
File type ASCII text, with very long lines (13425)
Hash 24f21657c5465ed6e144fb4401350e07
1a7b8f26e33feabc257ecc8e954cc3f0e1f7ac60
906ba97c9e3365be3f9b418f3d56349e0ec5c128d99b5134c0c586d5a4586f09
GET /lib/js/swiper.min.css HTTP/1.1
Host: mw1cwfiexcejo.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mw1cwfiexcejo.xyz/main.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 09:08:50 GMT
content-type: text/css
last-modified: Mon, 06 May 2024 16:35:16 GMT
vary: Accept-Encoding
etag: W/"663906c4-356d"
content-encoding: gzip
X-Firefox-Spdy: h2
hm.baidu.com/hm.js?880a5d265bdbb52f6e50d3e3065f4020
111.45.3.198200 OK 30 kB URL GET HTTP/1.1 hm.baidu.com/hm.js?880a5d265bdbb52f6e50d3e3065f4020
IP 111.45.3.198:443
ASN #56040 China Mobile communications corporation
Requested by https://mw1cwfiexcejo.xyz/main.html
Certificate IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT
File type JavaScript source, ASCII text, with very long lines (621)
Hash 7fbfdae01a11ca88681912d374a1ae03
119931331fab4d27c4f31e2d76c886bb3fe5cf91
216b9443f872fc6e7c83edbf7ec72523db5c6ffbc00a421759e47acea958b73c
GET /hm.js?880a5d265bdbb52f6e50d3e3065f4020 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mw1cwfiexcejo.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11259
Content-Type: application/javascript
Date: Tue, 07 May 2024 09:08:51 GMT
Etag: daa1a2d112acb46938fbcd9fa7c99c13
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=35F587D9D72A8806; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hmjt.webpicimage.com/a3ea98e5d1cb.jpg
0.0.0.0 0 B URL GET hmjt.webpicimage.com/a3ea98e5d1cb.jpg
IP 0.0.0.0:0
Requested by https://mw1cwfiexcejo.xyz/main.html
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /a3ea98e5d1cb.jpg HTTP/1.1
Host: hmjt.webpicimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mw1cwfiexcejo.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
mw1cwfiexcejo.xyz/lib/js/myjs.js
23.224.193.140200 OK 6.6 kB URL GET HTTP/2 mw1cwfiexcejo.xyz/lib/js/myjs.js
IP 23.224.193.140:443
Requested by https://mw1cwfiexcejo.xyz/main.html
Certificate IssuerZeroSSL
Subjectmw1cwfiexcejo.xyz
Fingerprint35:05:F8:B7:F6:94:BA:F2:3C:62:48:64:B2:05:E2:53:8F:79:15:DC
ValiditySat, 04 May 2024 00:00:00 GMT - Fri, 02 Aug 2024 23:59:59 GMT
File type JavaScript source, Unicode text, UTF-8 text, with very long lines (6762), with no line terminators
Hash a1ef09cf7316650eb0781712592a2e81
b145b4213011817276b5565e3f628d425e6bda03
125419656241ac90177e02988d526b184ff9067dfcc49218ad15250a53de8a24
GET /lib/js/myjs.js HTTP/1.1
Host: mw1cwfiexcejo.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mw1cwfiexcejo.xyz/main.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 09:08:50 GMT
content-type: application/javascript
last-modified: Mon, 06 May 2024 16:35:16 GMT
vary: Accept-Encoding
etag: W/"663906c4-19c6"
content-encoding: gzip
X-Firefox-Spdy: h2
hm.baidu.com/hm.js?3fd03517bee57becb034bf7c9f767a6a
14.215.183.79200 OK 30 kB URL GET HTTP/1.1 hm.baidu.com/hm.js?3fd03517bee57becb034bf7c9f767a6a
IP 14.215.183.79:443
Requested by https://mw1cwfiexcejo.xyz/main.html
Certificate IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT
File type JavaScript source, ASCII text, with very long lines (621)
Hash 428501f4f3beb4f9b5a7158fa26aab5d
348900efdedc8d260fd77c7fb49fc91b2f392317
65204c951d34e9e680b5a694dac66b4aa1344f6759ba91b3c960f165a240cf7f
GET /hm.js?3fd03517bee57becb034bf7c9f767a6a HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mw1cwfiexcejo.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11259
Content-Type: application/javascript
Date: Tue, 07 May 2024 09:08:51 GMT
Etag: fb6603b71a5592a5e05fea0ee803c7f1
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=3203A6A6F8C2FFD8; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
mw1cwfiexcejo.xyz/lib/js/qrcode.min.js
23.224.193.140200 OK 20 kB URL GET HTTP/2 mw1cwfiexcejo.xyz/lib/js/qrcode.min.js
IP 23.224.193.140:443
Requested by https://mw1cwfiexcejo.xyz/main.html
Certificate IssuerZeroSSL
Subjectmw1cwfiexcejo.xyz
Fingerprint35:05:F8:B7:F6:94:BA:F2:3C:62:48:64:B2:05:E2:53:8F:79:15:DC
ValiditySat, 04 May 2024 00:00:00 GMT - Fri, 02 Aug 2024 23:59:59 GMT
File type ASCII text, with very long lines (19927), with no line terminators
Hash 517b55d3688ce9ef1085a3d9632bcb97
2d06c1f823f34c19981c6ae0b0eb0f5861c5e14b
c541ef06327885a8415bca8df6071e14189b4855336def4f36db54bde8484f36
GET /lib/js/qrcode.min.js HTTP/1.1
Host: mw1cwfiexcejo.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mw1cwfiexcejo.xyz/main.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 09:08:50 GMT
content-type: application/javascript
last-modified: Mon, 06 May 2024 16:35:16 GMT
vary: Accept-Encoding
etag: W/"663906c4-4dd7"
content-encoding: gzip
X-Firefox-Spdy: h2
hmjt.webpicimage.com/f2db90278d1d.jpg
0.0.0.0 0 B URL GET hmjt.webpicimage.com/f2db90278d1d.jpg
IP 0.0.0.0:0
Requested by https://mw1cwfiexcejo.xyz/main.html
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /f2db90278d1d.jpg HTTP/1.1
Host: hmjt.webpicimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mw1cwfiexcejo.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
mw1cwfiexcejo.xyz/lib/js/jquery-1.11.3.min.js
23.224.193.140200 OK 96 kB URL GET HTTP/2 mw1cwfiexcejo.xyz/lib/js/jquery-1.11.3.min.js
IP 23.224.193.140:443
Requested by https://mw1cwfiexcejo.xyz/main.html
Certificate IssuerZeroSSL
Subjectmw1cwfiexcejo.xyz
Fingerprint35:05:F8:B7:F6:94:BA:F2:3C:62:48:64:B2:05:E2:53:8F:79:15:DC
ValiditySat, 04 May 2024 00:00:00 GMT - Fri, 02 Aug 2024 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (32038)
Hash 895323ed2f7258af4fae2c738c8aea49
276c87ff3e1e3155679c318938e74e5c1b76d809
ecb916133a9376911f10bc5c659952eb0031e457f5df367cde560edbfba38fb8
GET /lib/js/jquery-1.11.3.min.js HTTP/1.1
Host: mw1cwfiexcejo.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mw1cwfiexcejo.xyz/main.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 09:08:50 GMT
content-type: application/javascript
last-modified: Mon, 06 May 2024 16:35:16 GMT
vary: Accept-Encoding
etag: W/"663906c4-176d5"
content-encoding: gzip
X-Firefox-Spdy: h2
mw1cwfiexcejo.xyz/lib/css/ads.css
23.224.193.140200 OK 2.2 kB URL GET HTTP/2 mw1cwfiexcejo.xyz/lib/css/ads.css
IP 23.224.193.140:443
Requested by https://mw1cwfiexcejo.xyz/main.html
Certificate IssuerZeroSSL
Subjectmw1cwfiexcejo.xyz
Fingerprint35:05:F8:B7:F6:94:BA:F2:3C:62:48:64:B2:05:E2:53:8F:79:15:DC
ValiditySat, 04 May 2024 00:00:00 GMT - Fri, 02 Aug 2024 23:59:59 GMT
File type ASCII text, with very long lines (2376), with no line terminators
Hash ed18ae006a15c1451a9fc1a3941721f0
c9dc1f7c7d0d6ee38e74472938aa99085ec18061
23f57016146547c12989f68e8193d32025a60ad9ac0d7c577f1ff0dbbb565130
GET /lib/css/ads.css HTTP/1.1
Host: mw1cwfiexcejo.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mw1cwfiexcejo.xyz/main.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 09:08:50 GMT
content-type: text/css
last-modified: Mon, 06 May 2024 16:35:16 GMT
vary: Accept-Encoding
etag: W/"663906c4-8a5"
content-encoding: gzip
X-Firefox-Spdy: h2