Overview

URLapps.sfcdn.org/apk/com.longrundmt.baitingtv.a3ae4bd4fa4eee3374539d2aaad173c5.apk
IP 116.163.45.35 (China)
ASN#4837 CHINA UNICOM China169 Backbone
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-11-17 17:31:34 UTC
StatusLoading report..
IDS alerts0
Blocklist alert1
urlquery alerts No alerts detected
Tags None

Domain Summary (8)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-11-17 05:55:20 UTC 34.117.237.239
push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2020-05-03 10:09:39 UTC 52.89.136.7
img-getpocket.cdn.mozilla.net (6) 1631 2018-06-21 23:36:00 UTC 2020-02-19 04:43:25 UTC 34.120.237.76
apps.sfcdn.org (1) 0 2018-10-02 05:36:21 UTC 2020-03-25 00:27:58 UTC 116.163.45.35 Domain (sfcdn.org) ranked at: 754720
r3.o.lencr.org (7) 344 No data No data 23.36.76.226
ocsp.digicert.com (2) 86 2012-05-21 07:02:23 UTC 2020-05-02 20:58:10 UTC 93.184.220.29
firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-11-17 05:55:30 UTC 34.102.187.140

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-11-17 2 apps.sfcdn.org/apk/com.longrundmt.baitingtv.a3ae4bd4fa4eee3374539d2aaad173c5.apk Malware

mnemonic secure dns
 No alerts detected

Quad9 DNS
 No alerts detected


Files

URL apps.sfcdn.org/apk/com.longrundmt.baitingtv.a3ae4bd4fa4eee3374539d2aaad173c5.apk
IP  116.163.45.35
Magic Java archive data (JAR)\012- data
Size 6386676
MD5 a3ae4bd4fa4eee3374539d2aaad173c5
SHA1 910f74657c2e48722d5e6776e5966d756370cd48
SHA256 bf6c171cb2960c430415d17985f585d392c5cf8e51effca6e0b3793e4740b53a
Analyzer Analysed Verdict Comment
VirusTotal 2022-11-17 00:05:13 0/66  VirusTotal Report

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 116.163.45.35
Date UQ / IDS / BL URL IP
2023-01-14 00:59:46 +0000 0 - 0 - 1 apps.sfcdn.org/apk/com.guagua.school.295d3c84 (...) 116.163.45.35
2023-01-11 10:44:33 +0000 0 - 0 - 1 apps.sfcdn.org/apk/cn.com.wasu.main.60d98dae9 (...) 116.163.45.35
2023-01-08 17:21:48 +0000 0 - 1 - 1 instpkg.cmcmcdn.com/kdllrepair/kdllrepair_20_ (...) 116.163.45.35
2023-01-06 19:05:12 +0000 0 - 1 - 0 dl.maxthon.cn/mx6/maxthon_7.0.0.1000_x86.exe 116.163.45.35
2023-01-06 19:03:39 +0000 0 - 1 - 0 dl.maxthon.cn/mx6/maxthon_7.0.0.1000_x64.exe 116.163.45.35


Last 5 reports on ASN: CHINA UNICOM China169 Backbone
Date UQ / IDS / BL URL IP
2023-02-01 09:07:59 +0000 0 - 1 - 0 img0.img.9xiuzb.com/download/9xiu_game/9ShowG (...) 101.75.231.200
2023-02-01 08:53:46 +0000 0 - 1 - 1 src1.minibai.com/uploads/thirdupload/5d3e8177 (...) 116.163.24.247
2023-02-01 08:52:47 +0000 0 - 2 - 0 d1.udashi.com/soft/wlyy/11070/%E6%9A%97%E5%B7 (...) 14.204.51.114
2023-02-01 08:32:37 +0000 0 - 1 - 0 xt.lykj988.com/down/fileren.exe 116.177.248.113
2023-02-01 07:45:49 +0000 0 - 1 - 0 360down7.miiyun.cn/2019/06/12/PathwayBuilderT (...) 211.91.76.9


Last 5 reports on domain: sfcdn.org
Date UQ / IDS / BL URL IP
2023-01-14 00:59:46 +0000 0 - 0 - 1 apps.sfcdn.org/apk/com.guagua.school.295d3c84 (...) 116.163.45.35
2023-01-11 10:44:33 +0000 0 - 0 - 1 apps.sfcdn.org/apk/cn.com.wasu.main.60d98dae9 (...) 116.163.45.35
2022-12-31 04:35:06 +0000 0 - 0 - 1 apps.sfcdn.org/apk/com.tv.movie.launcher.id35 (...) 116.163.45.35
2022-12-23 20:37:27 +0000 0 - 0 - 1 apps.sfcdn.org/apk/com.wyt.iexuetang.tv.xxtb. (...) 116.163.45.35
2022-12-23 13:46:37 +0000 0 - 0 - 1 apps.sfcdn.org/apk/cn.jmake.karaoke.box.open. (...) 116.163.45.35


Last 5 reports with similar screenshot
Date UQ / IDS / BL URL IP
2023-02-01 06:06:05 +0000 0 - 0 - 2 hookupshotshots.com/maxcdn.bootstrapcdn.com.zip 162.213.251.220
2023-02-01 06:03:18 +0000 0 - 1 - 0 www.simple-help.com/media/static/SimpleSetup/ (...) 139.59.202.110
2023-02-01 04:01:07 +0000 0 - 2 - 1 dl.dropboxusercontent.com/s/qcp536pg8pzommq/B (...) 162.125.71.15
2023-02-01 02:13:59 +0000 0 - 1 - 1 www.ks.cn/kss/c113124/202105/cad26105a78b4ba6 (...) 121.32.243.81
2023-02-01 01:43:43 +0000 0 - 1 - 0 www.imfiles.com/allfiles/pal_install117b618.exe 69.164.210.29

JavaScript

Executed Scripts (0)

Executed Evals (0)

Executed Writes (0)


HTTP Transactions (21)


Request Response
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C15644F69FBFEB99074C7E9711DFC9452EE164FA78EB981B6BAE4FB7E3585F2A"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4395
Expires: Thu, 17 Nov 2022 18:44:37 GMT
Date: Thu, 17 Nov 2022 17:31:22 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 6090
Cache-Control: max-age=153691
Date: Thu, 17 Nov 2022 17:31:22 GMT
Etag: "63760d7b-1d7"
Expires: Sat, 19 Nov 2022 12:12:53 GMT
Last-Modified: Thu, 17 Nov 2022 10:31:23 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "8B4040A645CEC1841A00A22765EB3A74978559DAF15C54BD4B41B6B48AAB7F95"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10456
Expires: Thu, 17 Nov 2022 20:25:38 GMT
Date: Thu, 17 Nov 2022 17:31:22 GMT
Connection: keep-alive

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Type, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 17 Nov 2022 16:44:44 GMT
cache-control: public,max-age=3600
age: 2798
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    d130218d0e2841f39c99610fe1a2ab90
Sha1:   29fbe1e177ee55c7a61ae0a206afff271cf5f945
Sha256: 6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: 194vCMJvx4maRLjqCFuzgJUYmg+mBqHoQFnQR2kKvEL4I18XzzxLN33vk+b9pOfb3IYgIXFQI20=
x-amz-request-id: NEDRHXTG2D40F9H6
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 17 Nov 2022 16:52:33 GMT
age: 2329
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    67d5a988edcda47bc3b3b3f65d32b4b6
Sha1:   d4f0e0da8b3690cc7da925026d3414b68c7d954f
Sha256: 55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Thu, 17 Nov 2022 17:31:22 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: ETag, Content-Type, Content-Length, Last-Modified, Alert, Backoff, Pragma, Expires, Retry-After, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 17 Nov 2022 17:25:01 GMT
cache-control: public,max-age=3600
age: 382
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 1953
Cache-Control: max-age=144485
Date: Thu, 17 Nov 2022 17:31:23 GMT
Etag: "6375f9af-1d7"
Expires: Sat, 19 Nov 2022 09:39:28 GMT
Last-Modified: Thu, 17 Nov 2022 09:06:55 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: dS/q9vk5hdalNY1cdsGEHg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         52.89.136.7
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: OMjpAcBCpXVxShpy09E5eumcEfM=

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "209A0520D5FB1EEB6DFA7D2F4C334A7109CC885CF4BE8605BFE5A8F52232306D"
Last-Modified: Tue, 15 Nov 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8613
Expires: Thu, 17 Nov 2022 19:54:58 GMT
Date: Thu, 17 Nov 2022 17:31:25 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "209A0520D5FB1EEB6DFA7D2F4C334A7109CC885CF4BE8605BFE5A8F52232306D"
Last-Modified: Tue, 15 Nov 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8613
Expires: Thu, 17 Nov 2022 19:54:58 GMT
Date: Thu, 17 Nov 2022 17:31:25 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "209A0520D5FB1EEB6DFA7D2F4C334A7109CC885CF4BE8605BFE5A8F52232306D"
Last-Modified: Tue, 15 Nov 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8613
Expires: Thu, 17 Nov 2022 19:54:58 GMT
Date: Thu, 17 Nov 2022 17:31:25 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "209A0520D5FB1EEB6DFA7D2F4C334A7109CC885CF4BE8605BFE5A8F52232306D"
Last-Modified: Tue, 15 Nov 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8613
Expires: Thu, 17 Nov 2022 19:54:58 GMT
Date: Thu, 17 Nov 2022 17:31:25 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "209A0520D5FB1EEB6DFA7D2F4C334A7109CC885CF4BE8605BFE5A8F52232306D"
Last-Modified: Tue, 15 Nov 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8613
Expires: Thu, 17 Nov 2022 19:54:58 GMT
Date: Thu, 17 Nov 2022 17:31:25 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c125d22-7470-46da-85af-7621027dbe03.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8027
x-amzn-requestid: 9c8f833a-bc10-4899-aafb-b6068751f15d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bn08wGsOoAMFaSQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637301eb-75b862d5320dfa553466860c;Sampled=0
x-amzn-remapped-date: Tue, 15 Nov 2022 03:05:15 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: fbMtJC2Dfg8rDQl7nw16eZf1C1aMGv-3VtcXARXUaZV80TGvps3aAA==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 5954c6394458ffb44c970b3819d7ff2a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 03:51:12 GMT
age: 49213
etag: "e63af885fa20dbd2a49ee44397d8f8c595b1cbcf"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8027
Md5:    785c079072174860502c277b03f7743d
Sha1:   e63af885fa20dbd2a49ee44397d8f8c595b1cbcf
Sha256: f4d748e2e7b16f41af16e3f2450a4823af56dacaacaa7f1a9537f41186c64148
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5b2f2035-e536-45fc-90d6-5a76f2b7a8f9.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 12337
x-amzn-requestid: 783b124b-1f0e-445d-b19d-78ed9358c717
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bX6VnGCBoAMFx8Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636ca423-6767360524d1bb9a7cf259fb;Sampled=0
x-amzn-remapped-date: Thu, 10 Nov 2022 07:11:31 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: xi0co5JQdy62MidhB6aUpqt8_18pj-ytLday1_6XauQ4v4B1K3qW0w==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Wed, 16 Nov 2022 21:57:12 GMT
age: 70453
etag: "fc4b5a6f389cf683c16e6c229e72b5bfdf9f00ed"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   12337
Md5:    2bd274d60bc239b0328fe30a442ef2d9
Sha1:   fc4b5a6f389cf683c16e6c229e72b5bfdf9f00ed
Sha256: f32dab0bb88b93fe3fe49c0b0974cb14e6bdca88d2eaab2d8b9fc42d36ee0dc0
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a667acc-25d7-4d63-8fab-1711f6b4988c.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8235
x-amzn-requestid: e8a91ec0-fa93-45b6-8dc8-a405c00242fb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bqY4_HANoAMFSvw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63740839-3ebbd38b0e3e774923ad019e;Sampled=0
x-amzn-remapped-date: Tue, 15 Nov 2022 21:44:25 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: QoxGYkibw1jcAuQl98jD4TlKooUlL6ojdOVzQ7khiF0pMwY4_0IO9Q==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 b8c4a4ca04bb1976e020396d211bc8dc.cloudfront.net (CloudFront), 1.1 google
date: Wed, 16 Nov 2022 21:49:13 GMT
age: 70932
etag: "87e277a627c1085cad5c6e38bdd5100aa0a9ecee"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8235
Md5:    98802857df59f8eacd9211811cc59ae6
Sha1:   87e277a627c1085cad5c6e38bdd5100aa0a9ecee
Sha256: 102e73f690a972da6d3ab609ffab5f29884185d85c4230a19ec74d74c7320cf1
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa5e6ba2a-6046-47f6-8da2-f2c9ea6dd2b8.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9362
x-amzn-requestid: 859ecb2a-831d-48df-a769-4bd9e21941fa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: brWuSF8hoAMFtVA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63746b28-737fcd2d0c4d85eb71bfc452;Sampled=0
x-amzn-remapped-date: Wed, 16 Nov 2022 04:46:32 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: UcWX7UUT0MOlHaUX-wJpnTCTUyngMOWWh10l7O7qIuJ-0lGeYRWSdw==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 2ab6211e66998c8b58132661a7e3cade.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 05:27:03 GMT
age: 43462
etag: "ae4692dccf90fa1a30119c95a1539ed8163e574f"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9362
Md5:    7e2a2d21ac149d7cf783628b5e815702
Sha1:   ae4692dccf90fa1a30119c95a1539ed8163e574f
Sha256: 5e1ebb536daa764e1c906c60a7a36c0f67aa476e12bf9fe1fda07bf87bc1f299
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3f1b43b0-5ba1-4c6c-9a53-bfae9befdd7d.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6344
x-amzn-requestid: cac35b04-be3b-4ae1-bb5e-8cedcd7a7db4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: btqOVFCXIAMFcOg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63755728-45c28fa333b748520be29b57;Sampled=0
x-amzn-remapped-date: Wed, 16 Nov 2022 21:33:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: mhgNSp1_LsVmn00ULm116flMHpnfE6G6JABrJwXH5i4q-isv_W1-Ig==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 f313d3df80c4dab8f5399614116801cc.cloudfront.net (CloudFront), 1.1 google
date: Wed, 16 Nov 2022 21:34:18 GMT
age: 71827
etag: "4cb2141b1ef1e5bf19a3b355995dcd8fa36f695e"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6344
Md5:    a9d32fa3866dd741de610a61a93ad893
Sha1:   4cb2141b1ef1e5bf19a3b355995dcd8fa36f695e
Sha256: 4492338de536cfae6fb42fd37170c60f4fbc281a2a924efe6d2b5af352cd102c
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92501a28-163f-4c6e-aed7-d31c29354d1e.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11667
x-amzn-requestid: ae092a0a-1709-4497-9f07-0348a28d2491
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bqZOIEN7oAMFlaA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637408c0-5ac595df302a8f1d3703ad8d;Sampled=0
x-amzn-remapped-date: Tue, 15 Nov 2022 21:46:40 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: c_SJMaV3uYSUysTSOFV--jQqDUxw-fBp8cXWWUZw9vUjt0d6PsOpxA==
via: 1.1 0bb842bd5868b86440983b936bb0adee.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 02:49:36 GMT
age: 52909
etag: "dd4fd6c803a9b333bace9a541c6bd183d0c56bb9"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11667
Md5:    032386e5c9dffff1ba1ee5e8a322d438
Sha1:   dd4fd6c803a9b333bace9a541c6bd183d0c56bb9
Sha256: 0e9f559a0aa7e114c5810a27ba243c0da7b44dc0bf7aec2b7ab32b8f0e2b536c
                                        
                                            GET /apk/com.longrundmt.baitingtv.a3ae4bd4fa4eee3374539d2aaad173c5.apk HTTP/1.1 
Host: apps.sfcdn.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         116.163.45.35
HTTP/1.1 200 OK
Content-Type: application/octet-stream
                                        
Server: openresty
Date: Thu, 17 Nov 2022 17:31:24 GMT
Content-Length: 6386676
Connection: keep-alive
Last-Modified: Wed, 12 Oct 2022 18:30:40 GMT
ETag: "634707d0-6173f4"
Expires: Sun, 15 Jan 2023 16:09:36 GMT
Cache-Control: max-age=5184000
X-Cache: MISS from sal-tln-jsnt-p1-230-139, EXPIRED from SAL-CNC-HUNZS-P2-45-51, HIT from sal-cnc-hunzs-n-45-35
Accept-Ranges: bytes


--- Additional Info ---
Magic:  Java archive data (JAR)\012- data
Size:   6386676
Md5:    a3ae4bd4fa4eee3374539d2aaad173c5
Sha1:   910f74657c2e48722d5e6776e5966d756370cd48
Sha256: bf6c171cb2960c430415d17985f585d392c5cf8e51effca6e0b3793e4740b53a

Alerts:
  Blocklists:
    - fortinet: Malware
  File Analyzers:
    - virustotal: 0/66