r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash cfec3d7283a9b66d2be426ce54d210f3
808c1feb1ba918951d1928c1f6bfc0c253262774
1bad6c06aa3e88dcbc125fc98a6cb753eb2b18d2c8dd61da21d12209aeeda3f9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1BAD6C06AA3E88DCBC125FC98A6CB753EB2B18D2C8DD61DA21D12209AEEDA3F9"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6577
Expires: Tue, 06 Dec 2022 13:49:30 GMT
Date: Tue, 06 Dec 2022 11:59:53 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1ea206ac3c440825741687351f8c6e4e
2f38dafd8c43dcce2411a0590bc5c02cd6286735
7d7232c8c91bcd18161ba2c9d23e3bff159604e058bd5b3fc1c7fcbcd03a7ee3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6646
Expires: Tue, 06 Dec 2022 13:50:39 GMT
Date: Tue, 06 Dec 2022 11:59:53 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash f83c5e33ba42e312ee398848bbb711f5
caa1fd23b1fbbe883292ded04404c1cfd861eb09
106d08fba45f1e13f85b4b5abc456594878494238933e54b6a06e21ed8a52bc9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4672
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 11:59:53 GMT
Last-Modified: Tue, 06 Dec 2022 10:42:01 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 2aI9rO+Uwz7qWe4eECu97gHIWGIuEaF3IWB+PEw2quH5W5Jxts5GYy3NY72uzveTEWa/Ynlt7Lw=
x-amz-request-id: XRDQBD1RZRS5J0A4
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 06 Dec 2022 11:47:05 GMT
age: 768
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 06 Dec 2022 11:18:38 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2475
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 06 Dec 2022 11:59:53 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
www.06wi.com/
172.67.201.219200 OK 4.6 kB IP 172.67.201.219:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (312), with CRLF, LF line terminators
Hash 7caf7c333a401c87e3e1a59dce57cfbd
06bf89416647c4da1a69b90dec8630d8b1b57293
26935a8a1a73c5bdfc150583b43ddf0919b367757c6befe62715b9a5d48a24a1
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: www.06wi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 11:59:53 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 04 Dec 2022 08:15:10 GMT
Vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Mc4a3U%2BCiTKRxeAq8xuRdVpNfcMJq4H39v1tlNHdbcok00GOqUx2S5dSgOJvV8Pm%2FsUgMxUEimZUarw6wGWvAFa7j6bCNZpJAC5kqj25qjOnAOXetil4kSWiKHAVwgc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7754dba469e7b50f-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash aca476e73eaa4bace34e07c83c5c0754
349e685ece51bf95cc7019763ed1400132f30a0c
e43a0c9781ea15687d67d319339dc5a0c49683707e274792ead12f49ec7e9543
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "E43A0C9781EA15687D67D319339DC5A0C49683707E274792EAD12F49EC7E9543"
Last-Modified: Mon, 05 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8148
Expires: Tue, 06 Dec 2022 14:15:41 GMT
Date: Tue, 06 Dec 2022 11:59:53 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash aca476e73eaa4bace34e07c83c5c0754
349e685ece51bf95cc7019763ed1400132f30a0c
e43a0c9781ea15687d67d319339dc5a0c49683707e274792ead12f49ec7e9543
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "E43A0C9781EA15687D67D319339DC5A0C49683707E274792EAD12F49EC7E9543"
Last-Modified: Mon, 05 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8148
Expires: Tue, 06 Dec 2022 14:15:41 GMT
Date: Tue, 06 Dec 2022 11:59:53 GMT
Connection: keep-alive
fmtu.sltusl.com/upload/vod/20221107-1/7a49da4fa8f018735866b9cccb3ada79.jpg
104.22.76.185200 OK 9.3 kB URL HTTP/2 fmtu.sltusl.com/upload/vod/20221107-1/7a49da4fa8f018735866b9cccb3ada79.jpg
IP 104.22.76.185:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1708x2277, segment length 16, progressive, precision 8, 240x320, components 3\012- data
Hash 66578363dcff958b9d76c780a9fb8824
0882b5f22b44e648ab24acac8ff1121e1d2ad718
ccf05de2b3b17220f3db9ccdd38aff5d383e634648d9a55085443da0d58d59f2
GET /upload/vod/20221107-1/7a49da4fa8f018735866b9cccb3ada79.jpg HTTP/1.1
Host: fmtu.sltusl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.06wi.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 06 Dec 2022 11:59:53 GMT
content-type: image/jpeg
content-length: 9348
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=9789, status=webp_bigger
etag: "6368ded0-263d"
last-modified: Mon, 07 Nov 2022 10:32:48 GMT
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: HIT
age: 581
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7754dba86fb198f1-ARN
X-Firefox-Spdy: h2
fmtu.sltusl.com/upload/vod/20221107-1/bb5e41058ed195b339a480805512c067.jpg
104.22.76.185200 OK 5.8 kB URL HTTP/2 fmtu.sltusl.com/upload/vod/20221107-1/bb5e41058ed195b339a480805512c067.jpg
IP 104.22.76.185:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 61x56, segment length 16, progressive, precision 8, 320x240, components 3\012- data
Hash b2771fa9c2c8c54b34f1dc25ab118b35
43e7c438669707b81dd9e22e2b42844fe20b7c41
192f471c77cd14687890cac4d63e1baa39ccbca066f07fc356a636a6d53f2838
GET /upload/vod/20221107-1/bb5e41058ed195b339a480805512c067.jpg HTTP/1.1
Host: fmtu.sltusl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.06wi.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 06 Dec 2022 11:59:53 GMT
content-type: image/jpeg
content-length: 5803
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=6199, status=webp_bigger
etag: "6368ded3-1837"
last-modified: Mon, 07 Nov 2022 10:32:51 GMT
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: HIT
age: 581
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7754dba86fb398f1-ARN
X-Firefox-Spdy: h2
fmtu.sltusl.com/upload/vod/20221107-1/438dbc8d2c8d3563cc6a3b962ccaa5ea.jpg
104.22.76.185200 OK 7.9 kB URL HTTP/2 fmtu.sltusl.com/upload/vod/20221107-1/438dbc8d2c8d3563cc6a3b962ccaa5ea.jpg
IP 104.22.76.185:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x240, components 3\012- data
Hash 7ac9aaa3d9a4ff4b37607b876fc1ebdf
ad6f5698813d1315b9422acec97525bf6afa5f3a
75931650afef4eaaad378f69cd5b42b4e3c17e3a0cc7296dce969181b68f8958
GET /upload/vod/20221107-1/438dbc8d2c8d3563cc6a3b962ccaa5ea.jpg HTTP/1.1
Host: fmtu.sltusl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.06wi.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 06 Dec 2022 11:59:53 GMT
content-type: image/jpeg
content-length: 7877
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=8416, status=webp_bigger
etag: "6368ded7-20e0"
last-modified: Mon, 07 Nov 2022 10:32:55 GMT
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: HIT
age: 581
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7754dba86fb298f1-ARN
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 06 Dec 2022 11:08:58 GMT
cache-control: public,max-age=3600
age: 3055
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
fmtu.sltusl.com/upload/vod/20221203-1/a7024a29af97324588b12b8b3884a9c7.jpg
104.22.76.185200 OK 63 kB URL HTTP/2 fmtu.sltusl.com/upload/vod/20221203-1/a7024a29af97324588b12b8b3884a9c7.jpg
IP 104.22.76.185:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 720x1280, components 3\012- data
Hash 055463bbaa14921ed1bcb52d48d5073d
a865da2622cf363e42c31ba8789dd5173911e727
fd1720340119959e32eb229f14e9b2a68b59850163485c6e6e9c4a28072fbe82
GET /upload/vod/20221203-1/a7024a29af97324588b12b8b3884a9c7.jpg HTTP/1.1
Host: fmtu.sltusl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.06wi.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 06 Dec 2022 11:59:53 GMT
content-type: image/jpeg
content-length: 63403
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=65290, status=webp_bigger
etag: "638b1d1c-ff0a"
last-modified: Sat, 03 Dec 2022 09:55:40 GMT
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4522
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7754dba86fb498f1-ARN
X-Firefox-Spdy: h2
fmtu.sltusl.com/upload/vod/20221203-1/6232f47be518656bec66d82f76fad5f9.jpg
104.22.76.185200 OK 49 kB URL HTTP/2 fmtu.sltusl.com/upload/vod/20221203-1/6232f47be518656bec66d82f76fad5f9.jpg
IP 104.22.76.185:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 720x1280, components 3\012- data
Hash 53bbf399b8a80c72fa30707ad76e9e3d
6598a7f07c7cb4b160a6882fcc5604f66b57e741
9bb98700b71e7e62cbfbff5de526c46da96c21f94a0ca22087cda9500ae5abca
GET /upload/vod/20221203-1/6232f47be518656bec66d82f76fad5f9.jpg HTTP/1.1
Host: fmtu.sltusl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.06wi.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 06 Dec 2022 11:59:53 GMT
content-type: image/jpeg
content-length: 48677
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=48784, status=webp_bigger
etag: "638b1d18-be90"
last-modified: Sat, 03 Dec 2022 09:55:36 GMT
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: HIT
age: 3535
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7754dba86fb598f1-ARN
X-Firefox-Spdy: h2
fmtu.sltusl.com/upload/vod/20221203-1/57040edd245d9c710bae4d45f0c8633b.jpg
104.22.76.185200 OK 435 kB URL HTTP/2 fmtu.sltusl.com/upload/vod/20221203-1/57040edd245d9c710bae4d45f0c8633b.jpg
IP 104.22.76.185:0
File type RIFF (little-endian) data, Web/P image\012- data
Size 435 kB (435344 bytes)
Hash 612a2f6ad39bc60452269c16aceabe67
54dfe3fa9de3b3aa4d894a532c5c418535a91904
cab80930cb83cdd507942b689f236df30b19a95bfc5a3c0025c21f93452bff77
GET /upload/vod/20221203-1/57040edd245d9c710bae4d45f0c8633b.jpg HTTP/1.1
Host: fmtu.sltusl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.06wi.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 06 Dec 2022 11:59:53 GMT
content-type: image/webp
content-length: 435344
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=860543
content-disposition: inline; filename="57040edd245d9c710bae4d45f0c8633b.webp"
etag: "638b1d18-d217f"
last-modified: Sat, 03 Dec 2022 09:55:36 GMT
vary: Accept
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: HIT
age: 3535
accept-ranges: bytes
server: cloudflare
cf-ray: 7754dba86fb798f1-ARN
X-Firefox-Spdy: h2
fmtu.sltusl.com/upload/vod/20221203-1/ade524800d38cdd542d91cb84cdd8054.jpg
104.22.76.185200 OK 62 kB URL HTTP/2 fmtu.sltusl.com/upload/vod/20221203-1/ade524800d38cdd542d91cb84cdd8054.jpg
IP 104.22.76.185:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 608x1080, components 3\012- data
Hash 26a94d98d0a0e6aa0038705db7cdd81f
3a60eb741fdeb12baa3236808b139b3c625fa3b6
e1be32f2dc969134ee71dc366ef0d9e1431392c53b33021ca10f78d316578ac6
GET /upload/vod/20221203-1/ade524800d38cdd542d91cb84cdd8054.jpg HTTP/1.1
Host: fmtu.sltusl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.06wi.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 06 Dec 2022 11:59:53 GMT
content-type: image/jpeg
content-length: 62523
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=63785, status=webp_bigger
etag: "638b1d23-f929"
last-modified: Sat, 03 Dec 2022 09:55:47 GMT
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: HIT
age: 6359
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7754dba87fc398f1-ARN
X-Firefox-Spdy: h2
fmtu.sltusl.com/upload/vod/20221203-1/914485da3998a5ed158eed817d092c74.jpg
104.22.76.185200 OK 52 kB URL HTTP/2 fmtu.sltusl.com/upload/vod/20221203-1/914485da3998a5ed158eed817d092c74.jpg
IP 104.22.76.185:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1280x720, components 3\012- data
Hash 697e129b5ee3356b8bc52f8e11e7d47b
0ba9e860337ebddf3ba3a6693dbc1f992bf02a25
24e4cb8da36c7cd2ca4b4a0f5de36a337b84279752744338d641e0da56d01650
GET /upload/vod/20221203-1/914485da3998a5ed158eed817d092c74.jpg HTTP/1.1
Host: fmtu.sltusl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.06wi.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 06 Dec 2022 11:59:53 GMT
content-type: image/jpeg
content-length: 52020
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=52872, status=webp_bigger
etag: "638b1d11-ce88"
last-modified: Sat, 03 Dec 2022 09:55:29 GMT
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: HIT
age: 581
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7754dba87fc898f1-ARN
X-Firefox-Spdy: h2
fmtu.sltusl.com/upload/vod/20221203-1/c47f004c22e5e12592c74ff3118dcdc7.jpg
104.22.76.185200 OK 7.9 kB URL HTTP/2 fmtu.sltusl.com/upload/vod/20221203-1/c47f004c22e5e12592c74ff3118dcdc7.jpg
IP 104.22.76.185:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 240x320, components 3\012- data
Hash 666f3ea2ccd4a4c23e94f0c35473886a
7fb4de414ceed7e5225994abda23d904ccfd2717
64b2068c59c2cee97c0f936ca45a0ff7ea271ef8e96214406463362f163248cd
GET /upload/vod/20221203-1/c47f004c22e5e12592c74ff3118dcdc7.jpg HTTP/1.1
Host: fmtu.sltusl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.06wi.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 06 Dec 2022 11:59:53 GMT
content-type: image/jpeg
content-length: 7869
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=8352, status=webp_bigger
etag: "638b1d1c-20a0"
last-modified: Sat, 03 Dec 2022 09:55:40 GMT
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: HIT
age: 581
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7754dba87fc998f1-ARN
X-Firefox-Spdy: h2
fmtu.sltusl.com/upload/vod/20221203-1/e7e0845b993a11f1396c1b57a183b2f1.jpg
104.22.76.185200 OK 23 kB URL HTTP/2 fmtu.sltusl.com/upload/vod/20221203-1/e7e0845b993a11f1396c1b57a183b2f1.jpg
IP 104.22.76.185:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 385x234, components 3\012- data
Hash c136792c43ae5c11a5687f08adf7da4e
260911a52aeea2a8c24c1567dbdb09ab585da13d
df645d4a95c6f622d50df15d7f4692b5755dea7544ae643a30ca9a822bfa0d6a
GET /upload/vod/20221203-1/e7e0845b993a11f1396c1b57a183b2f1.jpg HTTP/1.1
Host: fmtu.sltusl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.06wi.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 06 Dec 2022 11:59:53 GMT
content-type: image/jpeg
content-length: 22565
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=22897, status=webp_bigger
etag: "638b1d0a-5971"
last-modified: Sat, 03 Dec 2022 09:55:22 GMT
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: HIT
age: 581
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7754dba87fcf98f1-ARN
X-Firefox-Spdy: h2
fmtu.sltusl.com/upload/vod/20221107-1/67db2cc4c736fbfb8109348ed5a44dfa.jpg
104.22.76.185200 OK 8.8 kB URL HTTP/2 fmtu.sltusl.com/upload/vod/20221107-1/67db2cc4c736fbfb8109348ed5a44dfa.jpg
IP 104.22.76.185:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, progressive, precision 8, 320x240, components 3\012- data
Hash bc2f56188fb0582af18a62eb69b5b4fc
bfcf52440ac55aa648c286168f8ee25230ba9906
de5ed22e5da7efcef6bbab288adea5fb3207290cc23b3487c985892e0a00c137
GET /upload/vod/20221107-1/67db2cc4c736fbfb8109348ed5a44dfa.jpg HTTP/1.1
Host: fmtu.sltusl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.06wi.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 06 Dec 2022 11:59:53 GMT
content-type: image/jpeg
content-length: 8810
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=9354, status=webp_bigger
etag: "6368ded3-248a"
last-modified: Mon, 07 Nov 2022 10:32:51 GMT
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: HIT
age: 581
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7754dba87fd198f1-ARN
X-Firefox-Spdy: h2
fmtu.sltusl.com/upload/vod/20221203-1/03301834f84714a89425698061c754ee.jpg
104.22.76.185200 OK 88 kB URL HTTP/2 fmtu.sltusl.com/upload/vod/20221203-1/03301834f84714a89425698061c754ee.jpg
IP 104.22.76.185:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 720x1280, components 3\012- data
Hash 50939e6ba28f424e2ef5a69eec7dc0fa
640e2cd9aa06c2c8533ee71fb9442660740354af
c79751ebc09580d5c0e45de385ed659a0e847d2400e1a863cf4cae6006fde34f
GET /upload/vod/20221203-1/03301834f84714a89425698061c754ee.jpg HTTP/1.1
Host: fmtu.sltusl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.06wi.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 06 Dec 2022 11:59:53 GMT
content-type: image/jpeg
content-length: 87551
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=88877, status=webp_bigger
etag: "638b1d0a-15b2d"
last-modified: Sat, 03 Dec 2022 09:55:22 GMT
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: HIT
age: 2948
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7754dba87fd298f1-ARN
X-Firefox-Spdy: h2
fmtu.sltusl.com/upload/vod/20221203-1/386337b47abf81065fd4debd9933ab20.jpg
104.22.76.185200 OK 25 kB URL HTTP/2 fmtu.sltusl.com/upload/vod/20221203-1/386337b47abf81065fd4debd9933ab20.jpg
IP 104.22.76.185:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 368x480, components 3\012- data
Hash ba075c28159a77859148168c1770b6e8
a7d6681397c09e661d35a5f53f986e85aeeeef96
98ed97d1b3ed85d50f5b8e175fcbbe331c79b32882096e1acb368290203a7c12
GET /upload/vod/20221203-1/386337b47abf81065fd4debd9933ab20.jpg HTTP/1.1
Host: fmtu.sltusl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.06wi.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 06 Dec 2022 11:59:53 GMT
content-type: image/jpeg
content-length: 24692
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=26397, status=webp_bigger
etag: "638b1d07-671d"
last-modified: Sat, 03 Dec 2022 09:55:19 GMT
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: HIT
age: 3368
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7754dba87fd498f1-ARN
X-Firefox-Spdy: h2
fmtu.sltusl.com/upload/vod/20221203-1/c47080378412da3148ce50aa4b794c9a.jpg
104.22.76.185200 OK 91 kB URL HTTP/2 fmtu.sltusl.com/upload/vod/20221203-1/c47080378412da3148ce50aa4b794c9a.jpg
IP 104.22.76.185:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1000x592, components 3\012- data
Hash 6515ac2d6ce3d6f5a5be91b54f341c1c
b5963159d0c93bb78b66125c0a354e4299bbbb28
f90c3b2cdcef716063df50016a86fdb1a227c575ee179d5885110cf58a408edd
GET /upload/vod/20221203-1/c47080378412da3148ce50aa4b794c9a.jpg HTTP/1.1
Host: fmtu.sltusl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.06wi.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 06 Dec 2022 11:59:53 GMT
content-type: image/jpeg
content-length: 91233
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=91869, status=webp_bigger
etag: "638b1d1f-166dd"
last-modified: Sat, 03 Dec 2022 09:55:43 GMT
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: HIT
age: 1160
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7754dba86fb698f1-ARN
X-Firefox-Spdy: h2
fmtu.sltusl.com/upload/vod/20221203-1/4d8f6b1a82d25c9970e36186803d2aa5.jpg
104.22.76.185200 OK 42 kB URL HTTP/2 fmtu.sltusl.com/upload/vod/20221203-1/4d8f6b1a82d25c9970e36186803d2aa5.jpg
IP 104.22.76.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 656x373, components 3\012- data
Hash 599c3180df876a40745ee3f74666635e
90e5aba53ac2499bdb8265bf08c89d69e52a71e0
40d4185e246ffd98b6626b73670680e8a915c1f246633a19516a5a023039f520
GET /upload/vod/20221203-1/4d8f6b1a82d25c9970e36186803d2aa5.jpg HTTP/1.1
Host: fmtu.sltusl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.06wi.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 06 Dec 2022 11:59:53 GMT
content-type: image/jpeg
content-length: 42012
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=44094, status=webp_bigger
etag: "638b1d1f-ac3e"
last-modified: Sat, 03 Dec 2022 09:55:43 GMT
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: HIT
age: 1160
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7754dba86fb998f1-ARN
X-Firefox-Spdy: h2
fmtu.sltusl.com/upload/vod/20221203-1/3ee59458db650a38c69fb573cef767d5.jpg
104.22.76.185200 OK 72 kB URL HTTP/2 fmtu.sltusl.com/upload/vod/20221203-1/3ee59458db650a38c69fb573cef767d5.jpg
IP 104.22.76.185:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1276x686, components 3\012- data
Hash 90aaabf92f957447d0cf3276d13e50e5
6134ce9b3ff637ecefaf8e1ce93ab4f6001644ca
36b0658e9f55112803a155cb139cfeb543d435a0e4b256efca46a8489a570911
GET /upload/vod/20221203-1/3ee59458db650a38c69fb573cef767d5.jpg HTTP/1.1
Host: fmtu.sltusl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.06wi.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 06 Dec 2022 11:59:53 GMT
content-type: image/jpeg
content-length: 71759
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=73363, status=webp_bigger
etag: "638b1d18-11e93"
last-modified: Sat, 03 Dec 2022 09:55:36 GMT
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: HIT
age: 581
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7754dba87fc598f1-ARN
X-Firefox-Spdy: h2
fmtu.sltusl.com/upload/vod/20221107-1/169e8b6b50baece078f7f86c948905c6.jpg
104.22.76.185200 OK 227 kB URL HTTP/2 fmtu.sltusl.com/upload/vod/20221107-1/169e8b6b50baece078f7f86c948905c6.jpg
IP 104.22.76.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 800x538, components 3\012- data
Size 227 kB (226677 bytes)
Hash 82a91ac92b0b9e26d9f090ccb66c5767
c9e4590074e8695f5effb9a3ed0f4e97a3399d40
b8d723e8ce1dbf9a6de7e71e1b7b2847dd75616039e98d46a6304359fd33676d
GET /upload/vod/20221107-1/169e8b6b50baece078f7f86c948905c6.jpg HTTP/1.1
Host: fmtu.sltusl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.06wi.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 06 Dec 2022 11:59:53 GMT
content-type: image/jpeg
content-length: 226677
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=241710, status=webp_bigger
etag: "6368ded7-3b02e"
last-modified: Mon, 07 Nov 2022 10:32:55 GMT
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: HIT
age: 581
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7754dba87fcc98f1-ARN
X-Firefox-Spdy: h2
fmtu.sltusl.com/upload/vod/20221203-1/b8725ba954c19ffe28bcbf176a799157.jpg
104.22.76.185200 OK 76 kB URL HTTP/2 fmtu.sltusl.com/upload/vod/20221203-1/b8725ba954c19ffe28bcbf176a799157.jpg
IP 104.22.76.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 800x702, components 3\012- data
Hash b30121007a18f9fbb7711e3e99bc45a4
011c62849ca1b4c163dbe925c67cd3d007d0785c
3055915be29567b1eb2190867645e948b3043f41288624a2287e010f46f65bd9
GET /upload/vod/20221203-1/b8725ba954c19ffe28bcbf176a799157.jpg HTTP/1.1
Host: fmtu.sltusl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.06wi.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 06 Dec 2022 11:59:53 GMT
content-type: image/jpeg
content-length: 76492
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=78435, status=webp_bigger
etag: "638b1d18-13263"
last-modified: Sat, 03 Dec 2022 09:55:36 GMT
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4522
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7754dba87fc698f1-ARN
X-Firefox-Spdy: h2
fmtu.sltusl.com/upload/vod/20221203-1/57a1889f44cbc646630dc9af271b9d37.jpg
104.22.76.185200 OK 32 kB URL HTTP/2 fmtu.sltusl.com/upload/vod/20221203-1/57a1889f44cbc646630dc9af271b9d37.jpg
IP 104.22.76.185:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 544x960, components 3\012- data
Hash 93b03e76c067d61e676e5e3dd8277cf2
6be2d8b649d96f750ec5cc6750bacf2392f708b1
4c0232785c37127edec4ba1b86c4f0c5c78535c371764e65a990df7d8adef3be
GET /upload/vod/20221203-1/57a1889f44cbc646630dc9af271b9d37.jpg HTTP/1.1
Host: fmtu.sltusl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.06wi.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 06 Dec 2022 11:59:53 GMT
content-type: image/jpeg
content-length: 32517
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=32520, status=webp_bigger
etag: "638b1d23-7f08"
last-modified: Sat, 03 Dec 2022 09:55:47 GMT
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: HIT
age: 581
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7754dba87fca98f1-ARN
X-Firefox-Spdy: h2
fmtu.sltusl.com/upload/vod/20221107-1/5e8b95c9ae746ae9c1a1013655f9667b.jpg
104.22.76.185200 OK 122 kB URL HTTP/2 fmtu.sltusl.com/upload/vod/20221107-1/5e8b95c9ae746ae9c1a1013655f9667b.jpg
IP 104.22.76.185:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 378x538, components 3\012- data
Size 122 kB (122000 bytes)
Hash 963a4344213d6ed3850c6ccc370570f5
fa018ab50b4a0990501874c12a0526e6555d39c9
12c2bccff77327bbf78ddbeb5c2d75222a72dbd34673b010f768b5b473d58053
GET /upload/vod/20221107-1/5e8b95c9ae746ae9c1a1013655f9667b.jpg HTTP/1.1
Host: fmtu.sltusl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.06wi.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 06 Dec 2022 11:59:53 GMT
content-type: image/jpeg
content-length: 122000
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=139771, status=webp_bigger
etag: "6368ded0-221fb"
last-modified: Mon, 07 Nov 2022 10:32:48 GMT
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: HIT
age: 581
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7754dba87fcb98f1-ARN
X-Firefox-Spdy: h2
fmtu.sltusl.com/upload/vod/20221203-1/803e5dafd2f0da923e834bf9347d7a9f.jpg
104.22.76.185200 OK 78 kB URL HTTP/2 fmtu.sltusl.com/upload/vod/20221203-1/803e5dafd2f0da923e834bf9347d7a9f.jpg
IP 104.22.76.185:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 703x467, components 3\012- data
Hash 86f6b05d98aea57c1ca42538ba8d46d0
cbac1d3fbc8bc26724f9bb8477a9028a2154614e
206fc94a2fc67eef93a6803bf6c22e45e37617ddadd1ad12d1a7ca2421afd655
GET /upload/vod/20221203-1/803e5dafd2f0da923e834bf9347d7a9f.jpg HTTP/1.1
Host: fmtu.sltusl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.06wi.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 06 Dec 2022 11:59:53 GMT
content-type: image/jpeg
content-length: 78275
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=82307, status=webp_bigger
etag: "638b1d11-14183"
last-modified: Sat, 03 Dec 2022 09:55:29 GMT
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: HIT
age: 581
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7754dba87fcd98f1-ARN
X-Firefox-Spdy: h2
fmtu.sltusl.com/upload/vod/20221203-1/c68dc02d7330da0cb82cb6cbfc52c1fa.jpg
104.22.76.185200 OK 39 kB URL HTTP/2 fmtu.sltusl.com/upload/vod/20221203-1/c68dc02d7330da0cb82cb6cbfc52c1fa.jpg
IP 104.22.76.185:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 852x480, components 3\012- data
Hash 709c183b0294473540d9f7dbc5ffa4d7
1e37df353ad7ae13ece4424faa180eff19ca75aa
e1f2053854658be74a040ea174949636cb93f3bb6e97fc0decb2fba1102c0f58
GET /upload/vod/20221203-1/c68dc02d7330da0cb82cb6cbfc52c1fa.jpg HTTP/1.1
Host: fmtu.sltusl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.06wi.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 06 Dec 2022 11:59:53 GMT
content-type: image/jpeg
content-length: 38598
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=38906, status=webp_bigger
etag: "638b1d07-97fa"
last-modified: Sat, 03 Dec 2022 09:55:19 GMT
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: HIT
age: 581
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7754dba87fce98f1-ARN
X-Firefox-Spdy: h2
fmtu.sltusl.com/upload/vod/20221203-1/742948470af5cba6bf17dabeca4fc4d7.jpg
104.22.76.185200 OK 36 kB URL HTTP/2 fmtu.sltusl.com/upload/vod/20221203-1/742948470af5cba6bf17dabeca4fc4d7.jpg
IP 104.22.76.185:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 406x405, segment length 16, progressive, precision 8, 720x406, components 3\012- data
Hash 113efef38ead37abc787af47cf8eab7e
10459cb11aeb80701c4d2e0d352cdb3e624b72e5
6bc363095bda2c9ef8f52763e144e9472756b1ca7b5ae4eb969761f87404fe87
GET /upload/vod/20221203-1/742948470af5cba6bf17dabeca4fc4d7.jpg HTTP/1.1
Host: fmtu.sltusl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.06wi.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 06 Dec 2022 11:59:53 GMT
content-type: image/jpeg
content-length: 35945
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=37688, status=webp_bigger
etag: "638b1d0a-9338"
last-modified: Sat, 03 Dec 2022 09:55:22 GMT
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: HIT
age: 581
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7754dba87fd598f1-ARN
X-Firefox-Spdy: h2
fmtu.sltusl.com/upload/vod/20221107-1/4487bc7c2373d776d9c65d65df8780a9.jpg
104.22.76.185200 OK 6.3 kB URL HTTP/2 fmtu.sltusl.com/upload/vod/20221107-1/4487bc7c2373d776d9c65d65df8780a9.jpg
IP 104.22.76.185:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1281x964, segment length 16, progressive, precision 8, 320x240, components 3\012- data
Hash 04d06be3343e5a425f9fc2b905a7f9de
9f43e48eddece14ccecc46dffde01a524032e4a4
63528063d9ce1046e7b50583947161fb8377d568839b9baa22898c619f82b455
GET /upload/vod/20221107-1/4487bc7c2373d776d9c65d65df8780a9.jpg HTTP/1.1
Host: fmtu.sltusl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.06wi.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 06 Dec 2022 11:59:53 GMT
content-type: image/jpeg
content-length: 6326
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=6728, status=webp_bigger
etag: "6368ded0-1a48"
last-modified: Mon, 07 Nov 2022 10:32:48 GMT
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: HIT
age: 581
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7754dba87fd998f1-ARN
X-Firefox-Spdy: h2
fmtu.sltusl.com/upload/vod/20221107-1/1cfd728453ebda2b69e6d60f86eb48f4.jpg
104.22.76.185200 OK 11 kB URL HTTP/2 fmtu.sltusl.com/upload/vod/20221107-1/1cfd728453ebda2b69e6d60f86eb48f4.jpg
IP 104.22.76.185:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 427x320, segment length 16, progressive, precision 8, 320x240, components 3\012- data
Hash 6fbdaa8430bc0e254671332b0b28d80d
f9f724b715b11eb331cdbd230bc8b1f15434af3a
757701b00d41684b6fd8a6b729fb84536bd342c8e3a6af8bc990a014b6095fc3
GET /upload/vod/20221107-1/1cfd728453ebda2b69e6d60f86eb48f4.jpg HTTP/1.1
Host: fmtu.sltusl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.06wi.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 06 Dec 2022 11:59:53 GMT
content-type: image/jpeg
content-length: 11108
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=11585, status=webp_bigger
etag: "6368ded0-2d41"
last-modified: Mon, 07 Nov 2022 10:32:48 GMT
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: HIT
age: 581
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7754dba87fdc98f1-ARN
X-Firefox-Spdy: h2
fmtu.sltusl.com/upload/vod/20221107-1/bf96ed05ab2e5a67118cc8424f2653ad.jpg
104.22.76.185200 OK 8.1 kB URL HTTP/2 fmtu.sltusl.com/upload/vod/20221107-1/bf96ed05ab2e5a67118cc8424f2653ad.jpg
IP 104.22.76.185:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 240x181, segment length 16, progressive, precision 8, 320x240, components 3\012- data
Hash e017e3e03e1b8765edfadec75cbbf18d
3baf3c40681cc0bf841273beb14143c7481ceb0b
dfb71a4c94c86072d8502b9094782357b81a933f2972e380d41ed2578e678651
GET /upload/vod/20221107-1/bf96ed05ab2e5a67118cc8424f2653ad.jpg HTTP/1.1
Host: fmtu.sltusl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.06wi.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 06 Dec 2022 11:59:53 GMT
content-type: image/jpeg
content-length: 8139
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=8661, status=webp_bigger
etag: "6368ded3-21d5"
last-modified: Mon, 07 Nov 2022 10:32:51 GMT
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: HIT
age: 581
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7754dba87fdd98f1-ARN
X-Firefox-Spdy: h2
fmtu.sltusl.com/upload/vod/20221203-1/0aab235380bf4a157af94c3e97257745.jpg
104.22.76.185200 OK 114 kB URL HTTP/2 fmtu.sltusl.com/upload/vod/20221203-1/0aab235380bf4a157af94c3e97257745.jpg
IP 104.22.76.185:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x1080, components 3\012- data
Size 114 kB (113834 bytes)
Hash 80942b981d9c6ace81a5f7f7a276637e
2fa5b7952417f1b03abc2ba27373bf6f13487ac1
8c7851571c8331d1029094df1429e51485f34d5dab2bb22d509e186e6174fb7e
GET /upload/vod/20221203-1/0aab235380bf4a157af94c3e97257745.jpg HTTP/1.1
Host: fmtu.sltusl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.06wi.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 06 Dec 2022 11:59:53 GMT
content-type: image/jpeg
content-length: 113834
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=115060, status=webp_bigger
etag: "638b1d18-1c174"
last-modified: Sat, 03 Dec 2022 09:55:36 GMT
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4522
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7754dba87fc798f1-ARN
X-Firefox-Spdy: h2
www.06wi.com/templets/sdgsdgsdg111/images/static/js/jquery.lazyload.min.js
172.67.201.219200 OK 1.3 kB URL HTTP/1.1 www.06wi.com/templets/sdgsdgsdg111/images/static/js/jquery.lazyload.min.js
IP 172.67.201.219:0
File type ASCII text, with very long lines (3309)
Hash 62d0260bdd78825fb7e249cd382c2e09
902ca48d91e7fd41d0af16e601f467963ee3f97f
2bbb81cc4d5e2b05338ef7a7b464d5ffbe86dc95b8f5a7ef8157ea51c68dee3c
Analyzer Verdict Alert fortinet Malware
GET /templets/sdgsdgsdg111/images/static/js/jquery.lazyload.min.js HTTP/1.1
Host: www.06wi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.06wi.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 11:59:53 GMT
Content-Type: application/javascript
Content-Length: 1298
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Wed, 02 Jun 2021 11:05:02 GMT
ETag: "08371229f57d71:0"
Vary: Accept-Encoding
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=puz7iO5xf4OmrDFCOOiyaKSoibW1t8cN7qBf8pdUqXU%2Byi6UksRX1SZ3Q92S5rf70UUuZszLWXoJCOhsq9ypco7BY4vqsUIg2jpIci2NIcrYckYkysTPWr64yjUSOCY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7754dba7ce45b50f-OSL
alt-svc: h2=":443"; ma=60
fmtu.sltusl.com/upload/vod/20221107-1/ff0400b82ff8eab1ace3b91ef0e69d70.jpg
104.22.76.185200 OK 85 kB URL HTTP/2 fmtu.sltusl.com/upload/vod/20221107-1/ff0400b82ff8eab1ace3b91ef0e69d70.jpg
IP 104.22.76.185:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 380x540, components 3\012- data
Hash 51284e836dbed51ca0d60a7faae7f523
edbdc8b915f7d679c7084365bfda2a3d5eb5b110
e0777d45d5faf4eed0c596c2bfba09baaf483a9063e59c7742f71ff0b5be8d5d
GET /upload/vod/20221107-1/ff0400b82ff8eab1ace3b91ef0e69d70.jpg HTTP/1.1
Host: fmtu.sltusl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.06wi.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 06 Dec 2022 11:59:53 GMT
content-type: image/jpeg
content-length: 85366
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=93685, status=webp_bigger
etag: "6368ded7-16df5"
last-modified: Mon, 07 Nov 2022 10:32:55 GMT
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: HIT
age: 581
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7754dba87fd698f1-ARN
X-Firefox-Spdy: h2
fmtu.sltusl.com/upload/vod/20221203-1/181e62ce17b3b327992e2e8e8c8f4680.jpg
104.22.76.185200 OK 41 kB URL HTTP/2 fmtu.sltusl.com/upload/vod/20221203-1/181e62ce17b3b327992e2e8e8c8f4680.jpg
IP 104.22.76.185:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1280x720, components 3\012- data
Hash 19fc2e8d0ae44feb06f39a4c4aac5ea9
1ea1460be27619f659e8155916b73c9840d6452d
2563dda59fd12d535cabe00631eba8a6fc59c72ef848470c746ab4443b589671
GET /upload/vod/20221203-1/181e62ce17b3b327992e2e8e8c8f4680.jpg HTTP/1.1
Host: fmtu.sltusl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.06wi.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 06 Dec 2022 11:59:53 GMT
content-type: image/jpeg
content-length: 40901
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=41366, status=webp_bigger
etag: "638b1d07-a196"
last-modified: Sat, 03 Dec 2022 09:55:19 GMT
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: HIT
age: 581
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7754dba87fda98f1-ARN
X-Firefox-Spdy: h2
fmtu.sltusl.com/upload/vod/20221203-1/e3c5122dd68f8f02aa1e1fcf1a21dec0.jpg
104.22.76.185200 OK 175 kB URL HTTP/2 fmtu.sltusl.com/upload/vod/20221203-1/e3c5122dd68f8f02aa1e1fcf1a21dec0.jpg
IP 104.22.76.185:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1687x1000, components 3\012- data
Size 175 kB (175130 bytes)
Hash c844c29a9b06f809309a2d941d6dc652
4525bdf05d2af1a531f579e0535f487260456fe7
a1f636c227c2a91162022065d70ebaa27dee5e70bed94907f3105110286da992
GET /upload/vod/20221203-1/e3c5122dd68f8f02aa1e1fcf1a21dec0.jpg HTTP/1.1
Host: fmtu.sltusl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.06wi.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 06 Dec 2022 11:59:53 GMT
content-type: image/jpeg
content-length: 175130
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=176821, status=webp_bigger
etag: "638b1d1c-2b2b5"
last-modified: Sat, 03 Dec 2022 09:55:40 GMT
access-control-allow-credentials: true
cache-control: max-age=31536000
cf-cache-status: HIT
age: 1160
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7754dba87fdb98f1-ARN
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0f7dcaa590e32cfd1c075255188d5f06
d4bb4954fefdb3b59560b54adf500e806e252e39
195795c2511b31519134f5eb4442d8708918ecaff72f8e821a5473ad7c97c448
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4659
Cache-Control: max-age=167076
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 11:59:53 GMT
Etag: "638f062a-1d7"
Expires: Thu, 08 Dec 2022 10:24:29 GMT
Last-Modified: Tue, 06 Dec 2022 09:06:50 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471
4-bb.com/new/xxx/zyq.js
198.2.196.129200 OK 456 B IP 198.2.196.129:0
File type HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash 2279f901d4c61184697da22322448ed0
28a1effcd6b0ac7ea6ead75bbaf836ad6660bea8
7a93307220452a905b7e635ddf713e179c6c4f1be59efc09fae349e872eeac9f
GET /new/xxx/zyq.js HTTP/1.1
Host: 4-bb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.06wi.com/
HTTP/1.1 200 OK
Content-Type: application/javascript
Last-Modified: Sun, 27 Nov 2022 04:41:28 GMT
Accept-Ranges: bytes
ETag: "658bb1831a2d91:0"
Server: Microsoft-IIS/10.0
Date: Tue, 06 Dec 2022 11:59:53 GMT
Content-Length: 456
4-bb.com/new/xxx/foot.js
198.2.196.129200 OK 852 B IP 198.2.196.129:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 977d58f12961ea6c00567c60dea38026
c81cfebea4d00c1324bf1be83a33b538091b633e
82a87a017a70d61fdca20fc6fd24a5a8b289ce03d26ac13e7f84fd65e22d5129
GET /new/xxx/foot.js HTTP/1.1
Host: 4-bb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.06wi.com/
HTTP/1.1 200 OK
Content-Type: application/javascript
Last-Modified: Sun, 04 Dec 2022 08:29:17 GMT
Accept-Ranges: bytes
ETag: "2487be7fba7d91:0"
Server: Microsoft-IIS/10.0
Date: Tue, 06 Dec 2022 11:59:53 GMT
Content-Length: 852
4-bb.com/tj/tj.js
198.2.196.129200 OK 258 B IP 198.2.196.129:0
File type ASCII text, with CRLF line terminators
Hash 661074991b628a3d458acc5aa742cd6b
9a26470c7547ef41405306dd2f087c6d3c5ede37
2f2f138619088e485a1d16e864500ceebbadc62cdd17725729d647e55257d793
GET /tj/tj.js HTTP/1.1
Host: 4-bb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.06wi.com/
HTTP/1.1 200 OK
Content-Type: application/javascript
Last-Modified: Thu, 24 Nov 2022 14:35:20 GMT
Accept-Ranges: bytes
ETag: "8ec8b9fa110d91:0"
Server: Microsoft-IIS/10.0
Date: Tue, 06 Dec 2022 11:59:53 GMT
Content-Length: 258
4-bb.com/new/xxx/vva.js
198.2.196.129200 OK 2.4 kB IP 198.2.196.129:0
File type HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash d54575214a71afd181823e02e34df32f
13543a6e9d96053e6d12e68738122fce161c0006
74065906b06f28b9793f9616a581fdfd0a32ca654c982e6cb5350a1f88b91562
GET /new/xxx/vva.js HTTP/1.1
Host: 4-bb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.06wi.com/
HTTP/1.1 200 OK
Content-Type: application/javascript
Last-Modified: Thu, 24 Nov 2022 14:56:26 GMT
Accept-Ranges: bytes
ETag: "7a506eed140d91:0"
Server: Microsoft-IIS/10.0
Date: Tue, 06 Dec 2022 11:59:53 GMT
Content-Length: 2438
4-bb.com/new/xxx/top.js
198.2.196.129200 OK 842 B IP 198.2.196.129:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 50c27980f86f19715955e6a02110547a
06167659ac12bc567d8c523e13c073f2b2428b4e
6091834d2241a01d142934847e72d69f47681068797668ee42f767b9e99b3d66
GET /new/xxx/top.js HTTP/1.1
Host: 4-bb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.06wi.com/
HTTP/1.1 200 OK
Content-Type: application/javascript
Last-Modified: Sun, 04 Dec 2022 08:29:46 GMT
Accept-Ranges: bytes
ETag: "f5971c91ba7d91:0"
Server: Microsoft-IIS/10.0
Date: Tue, 06 Dec 2022 11:59:53 GMT
Content-Length: 842
4-bb.com/new/xxx/alltop.js
198.2.196.129200 OK 965 B URL HTTP/1.1 4-bb.com/new/xxx/alltop.js
IP 198.2.196.129:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 1436addb0696b86ba27dc3b9162bb708
d9cf8a1ed37a24880469c21c16ffadfa09d5e809
6477f7eb66ce57e63d0e8a94da99f90adea6a060b0117ed412fb625bbf353896
GET /new/xxx/alltop.js HTTP/1.1
Host: 4-bb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.06wi.com/
HTTP/1.1 200 OK
Content-Type: application/javascript
Last-Modified: Mon, 05 Dec 2022 04:42:54 GMT
Accept-Ranges: bytes
ETag: "b5c148a648d91:0"
Server: Microsoft-IIS/10.0
Date: Tue, 06 Dec 2022 11:59:53 GMT
Content-Length: 965
www.06wi.com/templets/sdgsdgsdg111/images/static/css/swiper.min.css
172.67.201.219200 OK 2.8 kB URL HTTP/1.1 www.06wi.com/templets/sdgsdgsdg111/images/static/css/swiper.min.css
IP 172.67.201.219:0
File type ASCII text, with very long lines (17459)
Hash 9e9f68e47d6fec81ac7c11659f1a465a
a7822ebe0349bfd3e312b98de4333171a3ef90ac
219c86d122d8861125c0686f8b7692b1dd9f6741c4603caf62acc59274172f3f
GET /templets/sdgsdgsdg111/images/static/css/swiper.min.css HTTP/1.1
Host: www.06wi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.06wi.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 11:59:54 GMT
Content-Type: text/css
Content-Length: 2842
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Wed, 02 Jun 2021 11:04:56 GMT
ETag: "0fcdd1e9f57d71:0"
Vary: Accept-Encoding
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tIa9703HHdoCx1FeI%2B8gRsasq0ZhuqK2yntUh9Np0PpZlcsabc33vSOSuZpVCUbGljqYqbLga5FTUGvOYjAQQeUF9wGlxv9exm0aIyoGOJzb39NIf5lOJtEnj0%2BDL8w%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7754dba7ceaeb4f1-OSL
alt-svc: h2=":443"; ma=60
www.06wi.com/js/seajump.js
172.67.201.219200 OK 564 B URL HTTP/1.1 www.06wi.com/js/seajump.js
IP 172.67.201.219:0
File type ASCII text, with CRLF line terminators
Hash c34fe705ac2b7857af0016ade91dee8a
4486705b87c5d78b68068f59852f0d8f17873d2e
77e8083a1fa087f7f0b284db274be54debe98835b19780d85c8df8a74daf1caf
Analyzer Verdict Alert fortinet Malware
GET /js/seajump.js HTTP/1.1
Host: www.06wi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.06wi.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 11:59:54 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 07 Nov 2022 15:30:53 GMT
ETag: W/"80346ecbdf2d81:0"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ffwkr0OEdRXB3rkTQTKajcFafe2fS3lJpKd97IVds%2BdYJ9UwGhyr8tsgXxyttmuMNt8znywwTKLrZiTOmNvdlHr8rwtBiCvtEKJ6zQXJpdvfECkQY4dVFrZUTxxo8lU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7754dba7ce3bb50f-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.06wi.com/templets/sdgsdgsdg111/images/static/js/bootstrap.min.js
172.67.201.219200 OK 11 kB URL HTTP/1.1 www.06wi.com/templets/sdgsdgsdg111/images/static/js/bootstrap.min.js
IP 172.67.201.219:0
File type ASCII text, with very long lines (39553)
Hash dbc18ae27127afa1f06646df85495ff5
f4ba19e5bf3be87288a1ba196428a8a8c776cc52
de8cc1e95a20abfbfbc66a2fa4e6f0c27d6bfbcaff7e93d95b8393bca0485168
Analyzer Verdict Alert fortinet Malware
GET /templets/sdgsdgsdg111/images/static/js/bootstrap.min.js HTTP/1.1
Host: www.06wi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.06wi.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 11:59:54 GMT
Content-Type: application/javascript
Content-Length: 10939
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Wed, 02 Jun 2021 11:05:02 GMT
ETag: "08371229f57d71:0"
Vary: Accept-Encoding
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eziFFa9XK8Yg%2FAqcrkdtTo0LUUH37eKCDHc5%2FG1jFrxBDKEjYWajCxh40e%2Bx7Y9JaqSahGMm1CP%2FRXkEIeUC7lNvhSPDeVLv%2ByVUXXOOTzPLos%2F86uomxNcRsE7HHV4%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7754dba7cd491c02-OSL
alt-svc: h2=":443"; ma=60
www.06wi.com/templets/sdgsdgsdg111/images/static/css/bootstrap.min.css
172.67.201.219200 OK 20 kB URL HTTP/1.1 www.06wi.com/templets/sdgsdgsdg111/images/static/css/bootstrap.min.css
IP 172.67.201.219:0
File type ASCII text, with very long lines (65369)
Hash 5150ac678bdd86e895f51be0036f6c6d
5cc4cc17c2f0582241e4191838de33c695ccf1a1
7626c3d83a5680a87e09bd9b6aa232f97e58a2dd0730b10224959c610fdfbc14
GET /templets/sdgsdgsdg111/images/static/css/bootstrap.min.css HTTP/1.1
Host: www.06wi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.06wi.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 11:59:54 GMT
Content-Type: text/css
Content-Length: 19623
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Wed, 02 Jun 2021 11:04:56 GMT
ETag: "0fcdd1e9f57d71:0"
Vary: Accept-Encoding
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fe3Y6thoxNhzUXM4W662bVVMir6FSEiw9Hygq3JXp%2F%2BHafP6s7Jdic5HUDeVwm0FFlCPMiJGfkyLof6uLpJBAqWeRLRU0frPtHHKdr6ZVuopBxUo3PO1UaYkU4EyJe8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7754dba9789bb50f-OSL
alt-svc: h2=":443"; ma=60
push.services.mozilla.com/
35.163.114.208101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.163.114.208:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 8R83OIzRjWBuyfy1arYgig==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: p23jHIrvqpEn/9YvAczQIia7jTA=
www.06wi.com/templets/sdgsdgsdg111/images/static/js/swiper.min.js
172.67.201.219200 OK 24 kB URL HTTP/1.1 www.06wi.com/templets/sdgsdgsdg111/images/static/js/swiper.min.js
IP 172.67.201.219:0
File type ASCII text, with very long lines (31999)
Hash 36cf98d2993469052d81fee7d2b4d12e
44965e52bdfe2347997e1fb0e40313398638c317
cd1ae5d3723d4cbc3c5f7e263a5da5c775461c6a38339159685037e0c54da798
Analyzer Verdict Alert fortinet Malware
GET /templets/sdgsdgsdg111/images/static/js/swiper.min.js HTTP/1.1
Host: www.06wi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.06wi.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 11:59:54 GMT
Content-Type: application/javascript
Content-Length: 23554
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Wed, 02 Jun 2021 11:04:58 GMT
ETag: "029f209f57d71:0"
Vary: Accept-Encoding
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wjThol5%2Bdq5XhehzNenMUWDum%2FBfplqPWFOKwyjNOF2b3WH%2Fhs1NH4vBZqkRAIJ6jMUMguupwmGLV6rRjBwDPm1mZBGa6DsSUWIrvN1U8bT0rB1P74jxPkcKFjdJCDE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7754dba7ce42b50f-OSL
alt-svc: h2=":443"; ma=60
www.06wi.com/templets/sdgsdgsdg111/images/static/js/jquery.min.js
172.67.201.219200 OK 34 kB URL HTTP/1.1 www.06wi.com/templets/sdgsdgsdg111/images/static/js/jquery.min.js
IP 172.67.201.219:0
File type ASCII text, with very long lines (32077)
Hash 3034dfef3be998797b2c6ea14bf28488
16316d40042a722179c181b6a18158da2595ab07
965cf71172af327c5009b79b760ae7750bff643ef1960459eff1fd07270e161a
Analyzer Verdict Alert fortinet Malware
GET /templets/sdgsdgsdg111/images/static/js/jquery.min.js HTTP/1.1
Host: www.06wi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.06wi.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 11:59:54 GMT
Content-Type: application/javascript
Content-Length: 33836
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Thu, 24 Nov 2022 05:28:32 GMT
ETag: "005597c5ffd81:0"
Vary: Accept-Encoding
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s3ryaiKcVva4epFZJKndKiHwZc7OTLTk3aElv7%2BiD%2FTXTzOBbNMOSbxWLQL7sAnt8NPAiZ2%2BUP6feJNgwOvrxCRUSFq1fbMvGFG2Wb9baOUyrWxKYT%2Bc5dYFVP3vuas%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7754dba7cb42b523-OSL
alt-svc: h2=":443"; ma=60
www.06wi.com/templets/sdgsdgsdg111/images/static/css/style.css
172.67.201.219200 OK 7.6 kB URL HTTP/1.1 www.06wi.com/templets/sdgsdgsdg111/images/static/css/style.css
IP 172.67.201.219:0
File type assembler source, Unicode text, UTF-8 text, with very long lines (367)
Hash b3647e527addd6dff6139c15f3c6034e
e2bb9ab40e4263808326dd0f9e2e82b786d6660e
7d26d71b66847eeb3add5248861b2c66b37af14ede2f8e78688c6384e30f2393
GET /templets/sdgsdgsdg111/images/static/css/style.css HTTP/1.1
Host: www.06wi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.06wi.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 11:59:54 GMT
Content-Type: text/css
Content-Length: 7630
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Thu, 03 Jun 2021 01:54:22 GMT
ETag: "05b7b5f1b58d71:0"
Vary: Accept-Encoding
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8jhWpQ7t71GmnVjRKCo4AtXqeXLCk9%2BrvHdCnidu8t7ZVnUoLEEMZZO6nQmesSjjm4%2FfAxPo3iD4z3BNrD3ttIDVAqEAhoGentq3Lu4s6bCwlPnIdpTxFWzi2EqaUBY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7754dbaac8021c02-OSL
alt-svc: h2=":443"; ma=60
www.06wi.com/templets/sdgsdgsdg111/images/static/css/common.css
172.67.201.219200 OK 1.5 kB URL HTTP/1.1 www.06wi.com/templets/sdgsdgsdg111/images/static/css/common.css
IP 172.67.201.219:0
Hash 2f89f600431d1bca3511f5cdcef333fd
d7f8606e33dc833837d1757633a83e78cf52c326
81e75c56d679fd0f5c96ce6c1e9437aff50e4eecd4c9621c5fbb39991fa71ffb
GET /templets/sdgsdgsdg111/images/static/css/common.css HTTP/1.1
Host: www.06wi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.06wi.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 11:59:54 GMT
Content-Type: text/css
Content-Length: 1469
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Wed, 02 Jun 2021 11:04:56 GMT
ETag: "0fcdd1e9f57d71:0"
Vary: Accept-Encoding
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EC5k%2F3qLsX6rcChd17TaEs1MHNeSzR%2FCxUetjk1E4mgWGfQ3vT%2B4XdjgUxPyJLAqN1mUhNpL1g4UVPyMAzWYRfbLTJfj6L%2FN4UoWL08j5bQeH9GTUge8mCEkbHQxeBU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7754dbaa9a4fb4f1-OSL
alt-svc: h2=":443"; ma=60
www.06wi.com/templets/sdgsdgsdg111/images/static/js/global.js
172.67.201.219200 OK 158 B URL HTTP/1.1 www.06wi.com/templets/sdgsdgsdg111/images/static/js/global.js
IP 172.67.201.219:0
Hash 2e3763e1bccca9a8d1cd2818a703d4d2
da8bcfdd32bac5ab6a0771615135d552e6dc1005
c058a3553134d1f55e55601b070687caaa3574ef5fce77f0c1f7ffdfdc4d37be
Analyzer Verdict Alert fortinet Malware
GET /templets/sdgsdgsdg111/images/static/js/global.js HTTP/1.1
Host: www.06wi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.06wi.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 11:59:54 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 02 Jun 2021 11:04:58 GMT
ETag: W/"029f209f57d71:0"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y5j%2Bkaato14NVMwrJRfs1J9cJBAinqqPdny2WyP3FNAW9b%2F46iqGdCr3C5CyC9ZXCV1kp%2BCpqkgx6o9SlfmZ6nTAT8wavKHsjdFROoSSwvoAwV1xiRzPLePYHkE5z8g%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7754dbaaaa09b50f-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
niubixxx.com/seo/tw.js
104.21.48.40200 OK 186 B IP 104.21.48.40:0
File type HTML document, ASCII text
Hash 2767f4ad5dc30a372492a60adb64fd4a
9a3961ac51c5f2618c098c9bd395f9c4ec0a995f
886c500b0fc7208bfc115621e50cb139f962f41485f715f23e76f4fc1ecf4ccd
GET /seo/tw.js HTTP/1.1
Host: niubixxx.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.06wi.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 11:59:54 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 09:23:40 GMT
Cache-Control: max-age=1800
CF-Cache-Status: HIT
Age: 1161
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uv2BDo%2FjYKOFw236HYRzZeDH0OE8Dny5etc2%2BzhXZWqic%2Bqnz1ilMP%2FrdwUK2pST7T3U5k2xj%2BNH6CG0V6ibmwQEhoTx%2FFSF8UpXrCX0L2XuHlM%2BOGeBzlhRKOk%2FIkU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7754dbaded11b529-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
niubixxx.xyz/img/tv2.gif
188.114.97.1200 OK 63 kB IP 188.114.97.1:0
File type GIF image data, version 89a, 980 x 100\012- data
Hash fffae0809d4489dcb6623cecbab2027b
a944da8ab6bd31839d34c34b77f0e5fa8c93b9f0
c0b59b45c8faa70b7e31e522711a144fba97f4e4dfe9ada14053edd9ec2fe32e
GET /img/tv2.gif HTTP/1.1
Host: niubixxx.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.06wi.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 11:59:54 GMT
Content-Type: image/gif
Content-Length: 62865
Connection: keep-alive
Last-Modified: Mon, 04 Jul 2022 10:49:21 GMT
Cache-Control: max-age=1800
CF-Cache-Status: HIT
Age: 1160
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2jMN2AmByaw68Z48ciAr4CfNfR9zcG1%2FLNj43M36FS81%2FLglH5LpvUvcOJipV0zdz4ezecNA8fIBkS4cIuZa8iikD%2F0DDUuu8Y8B0xYPZM4cE9%2FUJku20mKd%2B8KHlm4%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7754dbae0def1c0a-OSL
alt-svc: h2=":443"; ma=60
niubixxx.xyz/img/mh1.gif
188.114.97.1200 OK 124 kB IP 188.114.97.1:0
File type GIF image data, version 89a, 980 x 100\012- data
Size 124 kB (124485 bytes)
Hash a977a3f42d94ebcb297fd0a76fe383dc
7fd45cc60fedd278d6ad595950ae0d04431e0f5c
933e6aecd66d958b3f037a521d35f96848df877ae04d9f27fc5d39aea1c484a9
GET /img/mh1.gif HTTP/1.1
Host: niubixxx.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.06wi.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 11:59:54 GMT
Content-Type: image/gif
Content-Length: 124485
Connection: keep-alive
Last-Modified: Mon, 04 Jul 2022 10:49:21 GMT
Cache-Control: max-age=1800
CF-Cache-Status: HIT
Age: 1160
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KzfqRrbO15HVSFdKkY40pqJF6kgw9WI7XHLFYlbXphoPoU0SYwIx9KBjb%2FaGOXWpKl4ccYpAhX%2Bj%2FPY7%2F8EtjjUDkkYNrt3qN7k2UDoLcHI5dQGG6hLfgyK0FSNVnAI%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7754dbae1db60af6-OSL
alt-svc: h2=":443"; ma=60
niubixxx.xyz/img/yx1.gif
188.114.97.1200 OK 136 kB IP 188.114.97.1:0
File type GIF image data, version 89a, 980 x 100\012- data
Size 136 kB (136313 bytes)
Hash 8209fd74507a94c123140a8701611aec
4c2e999ef536bd383c9b8b0830e474ead9e4e581
2b40ec29e7bdc1f30f11043e8f1d5a84acd0e6aff3a3399e999b1907cbf3c172
GET /img/yx1.gif HTTP/1.1
Host: niubixxx.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.06wi.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 11:59:54 GMT
Content-Type: image/gif
Content-Length: 136313
Connection: keep-alive
Last-Modified: Mon, 04 Jul 2022 10:49:22 GMT
Cache-Control: max-age=1800
CF-Cache-Status: HIT
Age: 1159
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BeFT3cIOjoOZ%2BuQ6zS2Sh9nd0rA2oBQZdStW4GAb7FQ8ZxgcHqZEyx%2BL6cnuKGXJs5qq1WVkv%2B2gC8ZmnVvgdOGzB%2BuNzzz9WL%2BIg5l%2BYBdISCKYnGU610u8N25NZwk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7754dbae0df7b518-OSL
alt-svc: h2=":443"; ma=60
4-bb.com/new/xxx/sxx.js
198.2.196.129200 OK 3.1 kB IP 198.2.196.129:0
File type ASCII text, with very long lines (6238), with CRLF line terminators
Hash 34f0ab70b586b508481de6c40ebd492a
c49b56dc7385cbf4dcbc8fa9974c7a39df087029
7ca3af8fd8c457e441334ca962f2c1f53924e26a1ddc2851b56c7f4337e5f5ed
GET /new/xxx/sxx.js HTTP/1.1
Host: 4-bb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.06wi.com/
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 26 Nov 2022 09:28:04 GMT
Accept-Ranges: bytes
ETag: "0aa8962791d91:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Tue, 06 Dec 2022 11:59:54 GMT
Content-Length: 3120
www.06wi.com/templets/sdgsdgsdg111/images/static/fonts/9a493d426e0448e59e470e76ff1be0a0.woff
172.67.201.219404 Not Found 1.2 kB URL HTTP/1.1 www.06wi.com/templets/sdgsdgsdg111/images/static/fonts/9a493d426e0448e59e470e76ff1be0a0.woff
IP 172.67.201.219:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ISO-8859 text, with CRLF line terminators
Hash 8363acaeab9cbb099b59b78a44127ca6
aef448ce5500e3734059ec285cf6ec0b547075f2
9b342ae7f25d65bdb817d8c995f3211ac398e41575fc5d149d994c1dcb008f0a
Analyzer Verdict Alert fortinet Malware
GET /templets/sdgsdgsdg111/images/static/fonts/9a493d426e0448e59e470e76ff1be0a0.woff HTTP/1.1
Host: www.06wi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.06wi.com/templets/sdgsdgsdg111/images/static/css/style.css
HTTP/1.1 404 Not Found
Date: Tue, 06 Dec 2022 11:59:55 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GkhOlYp%2FDSEY2LrqsHZ4wqQJUWHy96Ycb6jTBjgGtownEVFhwRZ8aHc0WbiEcio5X8%2BMJKWd7n9DK3mtXKMvuOP27esBxCtwvA0BffwL7HQxEG7r3uxjJljWMq4Lflo%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7754dbaf6e49b523-OSL
alt-svc: h2=":443"; ma=60
ocsp2.globalsign.com/gsorganizationvalsha2g2
104.18.21.226200 OK 1.5 kB URL HTTP/1.1 ocsp2.globalsign.com/gsorganizationvalsha2g2
IP 104.18.21.226:0
Hash 9dfb45413ecb57417ee22a8c00a29814
4edd3126164153895bba79162aeefad8b5e6c1f8
a53e8256c066a781e18a9972eb846950964714797bcd24fd0c2606fcb437b56d
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 11:59:55 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Sat, 10 Dec 2022 08:19:08 GMT
ETag: "4edd3126164153895bba79162aeefad8b5e6c1f8"
Last-Modified: Tue, 06 Dec 2022 08:19:09 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2718
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7754dbb23bb2b521-OSL
ocsp.sectigochina.com/
104.18.33.217200 OK 600 B IP 104.18.33.217:0
Hash 928ed0b8f5cddf6ee44b0bc1fbc60f24
6f3d57d9d5a5f3c5a0e0a76b16f624c0ecdd80fb
706e83d103677e3c87f0abc178628d1e15a6f44602553fb56da0545c2412ceac
POST / HTTP/1.1
Host: ocsp.sectigochina.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 11:59:55 GMT
Content-Type: application/ocsp-response
Content-Length: 600
Connection: keep-alive
Last-Modified: Sun, 04 Dec 2022 02:28:41 GMT
Expires: Sun, 11 Dec 2022 02:28:40 GMT
Etag: "6f3d57d9d5a5f3c5a0e0a76b16f624c0ecdd80fb"
Cache-Control: max-age=397124,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7754dbb21b120b65-OSL
ocsp.globalsign.com/gsrsaovsslca2018
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.21.226:0
Hash 5d3f610bd72772be1bcd8a3f15ac8169
60aead76a3591542f2d936984cb6d48f3af5042f
0474425979e25ee91f72f3e8a2534c34297e19d3ed57939cf9bbae7519cffceb
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 11:59:55 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Sat, 10 Dec 2022 09:34:25 GMT
ETag: "60aead76a3591542f2d936984cb6d48f3af5042f"
Last-Modified: Tue, 06 Dec 2022 09:34:26 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1936
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7754dbb26ad90b41-OSL
zerossl.ocsp.sectigo.com/
104.18.32.68200 OK 727 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 104.18.32.68:0
Hash 8e5e234315b20816ff4c28c2ab606019
8158391f504092c1258c6a27ae0fb2617d34d54f
96f8395757f7160d495dabf32869246d0c5c30fa647e35a553f3a07d46682370
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 11:59:55 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Tue, 06 Dec 2022 05:36:53 GMT
Expires: Tue, 13 Dec 2022 05:36:52 GMT
Etag: "8158391f504092c1258c6a27ae0fb2617d34d54f"
Cache-Control: max-age=581216,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7754dbb17a41b50f-OSL
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3848
Expires: Tue, 06 Dec 2022 13:04:03 GMT
Date: Tue, 06 Dec 2022 11:59:55 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3848
Expires: Tue, 06 Dec 2022 13:04:03 GMT
Date: Tue, 06 Dec 2022 11:59:55 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3848
Expires: Tue, 06 Dec 2022 13:04:03 GMT
Date: Tue, 06 Dec 2022 11:59:55 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffbcb6f9-483c-4254-9451-927fa2fc2294.jpeg
34.120.237.76200 OK 4.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffbcb6f9-483c-4254-9451-927fa2fc2294.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9838b65dde746487c806ee9739f8b222
1c95a1e47e903cc6775df2c5ed3f2f58cca42dc8
cf3ddc240b33d0f588d5acb30593b6846874a192bff9f5b69455877d7f63be53
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffbcb6f9-483c-4254-9451-927fa2fc2294.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3968
x-amzn-requestid: 55111bc4-d002-44a0-855a-533251b144fb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSveGo_IAMFQvA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64c9-28e0a83d7f9f1ffc7544bb3d;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:17 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: _Hf2XblY73dHIIWTqWgeDzJJalBo6ooCAit1eQ8G8n4385ORBBDakA==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:47:06 GMT
etag: "1c95a1e47e903cc6775df2c5ed3f2f58cca42dc8"
content-type: image/jpeg
age: 51169
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d735c66-8946-4145-a67f-e17dd48087bc.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d735c66-8946-4145-a67f-e17dd48087bc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 38b97436af942d5eb1111ca7043259a0
0234fe32c84c4711f0619714f3ac6d3db1b717d3
a76a7721355abbaecd5c8cb5218e7e4626dc345eb26e7541c71bf4ceaa7ae5d8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d735c66-8946-4145-a67f-e17dd48087bc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11175
x-amzn-requestid: 9c93ddca-1247-44af-a364-e617f69ace26
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSzYEnEoAMFa2A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64e2-7d38ea383725901524bc2ca0;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: fNsYsKfPUM8QaG7-F1tSBDdsNit1BfYpWddNssXwyFO2HgdA0RpjAQ==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:54:21 GMT
age: 50734
etag: "0234fe32c84c4711f0619714f3ac6d3db1b717d3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffaf0de04-19bf-4944-9ac5-5178afafb192.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffaf0de04-19bf-4944-9ac5-5178afafb192.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7f2c354a00ab51d4a41221b6bf191c10
01ceb7233fe05ad8dff3a0a43eef879ea2b83ec4
7d3c8417e1db0db41ceb8b4bf3f506864392dd1ad29319a06a8a6055f6f2ed12
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffaf0de04-19bf-4944-9ac5-5178afafb192.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11352
x-amzn-requestid: 7c3fc7bb-eb1f-46ec-8e92-b6ffc6261848
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSwuF1ToAMFiIA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64d1-7c53152a279f00595b9886bd;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:25 GMT
x-amz-cf-pop: SFO5-P2, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: EQorA5VTb0s2BEIWBkdkhDho-bLdLVvu8LnAIQsQqsIjgBLneYqCzg==
via: 1.1 b6d577696b14c86cbfeb5b3459f38c50.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:48:22 GMT
age: 51093
etag: "01ceb7233fe05ad8dff3a0a43eef879ea2b83ec4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b15136d60fd0a5e0f657a4f5c75d540f
36082b7329d473829178f280cb71a83b1531e486
79478269b1f5dcfd1e45ccd4264fa44805b37c5c8fec820bcbd2fa1689dfbbd8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11224
x-amzn-requestid: 938de0b8-1055-4416-9ad7-162ab5f4db9f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csUINEwdoAMFuOw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e6701-38b079ef341bb17e567de773;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:47:45 GMT
x-amz-cf-pop: YVR50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: tGtiCE9C3j0BUruNaFN2j1mKxCSouLmocmTXpmLMBJaLNyVwkXu1gQ==
via: 1.1 f0ac467993db44dbfc36b778dfcaf73c.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:09:28 GMT
age: 49827
etag: "36082b7329d473829178f280cb71a83b1531e486"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7663e5fc-37de-4be8-9be7-49805622f85d.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7663e5fc-37de-4be8-9be7-49805622f85d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 99d1ff8fa2e095dcf2bda3d1e1af1221
f914f04a0e1fb45a221d31d2105bfc73015b03e6
90325d4299a44dbd213857ada6f6880db8c33ad61685cfcb60c4a2455a84cf87
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7663e5fc-37de-4be8-9be7-49805622f85d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10183
x-amzn-requestid: 0cdea572-aab4-4d52-948b-976170a787a4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: co_uLHQZoAMF4hA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d1327-7948052f39c4f6071b4a0e0d;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 21:37:43 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: WDqUFMBT59kulx4WLxNh5XTsHzr4_u524juvZJnGMYBH-mUaJclnTg==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:49:44 GMT
age: 51011
etag: "f914f04a0e1fb45a221d31d2105bfc73015b03e6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0b9928a3-5708-47a4-8d92-f3af8d54a81d.png
34.120.237.76200 OK 18 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0b9928a3-5708-47a4-8d92-f3af8d54a81d.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f4bbfe2037fd1658cad81b5b8e4d885c
9487451d24db59cc0f426410da2b55f94f3bb34b
2a124c75c6c90c5633f3538c8b84422262f81cb35d8f4cf4ed0032cc897a5ab9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0b9928a3-5708-47a4-8d92-f3af8d54a81d.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 18490
x-amzn-requestid: f01c056f-b0bc-4833-9934-d0c37f4d701c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csS4wE5NIAMFQmQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e6504-1111ee0221c3c4165a9ef2ab;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:39:16 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: L83k-5N1ntWkhPbKsReH19NWajYEVyQSBQIKM6aSZSovDKHTYeXhUQ==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:30:52 GMT
age: 48543
etag: "9487451d24db59cc0f426410da2b55f94f3bb34b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sectigochina.com/
104.18.33.217200 OK 599 B IP 104.18.33.217:0
Hash ba6f935697df611659a3f50de8693048
87e161816c2bc90c50f952d9479749126def3e73
91a0e858fbfe42654be9b19eef2f09eb701dcd6024612ae031724f14b34c4cac
POST / HTTP/1.1
Host: ocsp.sectigochina.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 11:59:55 GMT
Content-Type: application/ocsp-response
Content-Length: 599
Connection: keep-alive
Last-Modified: Sat, 03 Dec 2022 06:59:57 GMT
Expires: Sat, 10 Dec 2022 06:59:56 GMT
Etag: "87e161816c2bc90c50f952d9479749126def3e73"
Cache-Control: max-age=327000,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7754dbb2ab6f0b65-OSL
www.06wi.com/templets/sdgsdgsdg111/images/static/fonts/iconfont.woff
172.67.201.219200 OK 2.9 kB URL HTTP/1.1 www.06wi.com/templets/sdgsdgsdg111/images/static/fonts/iconfont.woff
IP 172.67.201.219:0
File type Web Open Font Format, TrueType, length 2924, version 1.0\012- data
Hash 1b05b2b67ca6e3fe976ed8d2d1aa31d5
c7055832382daf713a911d67501e26873db045f8
ac1718a88630db8d2fd67997ad9796acdc8a6a88361b2b7058832caeec4fb22d
Analyzer Verdict Alert fortinet Malware
GET /templets/sdgsdgsdg111/images/static/fonts/iconfont.woff HTTP/1.1
Host: www.06wi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.06wi.com/templets/sdgsdgsdg111/images/static/css/style.css
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 11:59:55 GMT
Content-Type: font/x-woff
Content-Length: 2924
Connection: keep-alive
Last-Modified: Wed, 02 Jun 2021 11:04:58 GMT
ETag: "029f209f57d71:0"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dVceJdJK25XSb87sK9qOHTg69FgJdjdtRhVA3NINZYkhn0a8AfFSo6wRMquNhrVkVsSA54hBOhpcJEroIKlLutRNJn6LrrB58qFGyFZx9oaYN%2BnrwzluSdkpjqukmjo%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7754dbb22a18b523-OSL
alt-svc: h2=":443"; ma=60
4-bb.com/new/img/bt365.gif
198.2.196.129200 OK 911 kB URL HTTP/1.1 4-bb.com/new/img/bt365.gif
IP 198.2.196.129:0
File type GIF image data, version 89a, 980 x 80\012- data
Size 911 kB (911259 bytes)
Hash cbc6df5083b158e2a3d8bbf113c890d9
9c26ec88b7f3a3a0dcb8d32e72610570366b9a5e
d22a9b77428e9e62beaaada52964d0037864744046d6581603f5366aea908fee
GET /new/img/bt365.gif HTTP/1.1
Host: 4-bb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.06wi.com/
HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Sun, 27 Nov 2022 07:35:34 GMT
Accept-Ranges: bytes
ETag: "027a3d5322d91:0"
Server: Microsoft-IIS/10.0
Date: Tue, 06 Dec 2022 11:59:54 GMT
Content-Length: 911259
dg.mzxvib.com/sc/2443?n=crujwzoq
113.1.0.117200 OK 10 kB URL HTTP/1.1 dg.mzxvib.com/sc/2443?n=crujwzoq
IP 113.1.0.117:0
ASN #4837 CHINA UNICOM China169 Backbone
File type ASCII text, with very long lines (10447), with no line terminators
Hash c38de022d570fc2461e67d874cf133fb
1af8c321a4186f947df2b3abebae8b01d4720cf5
cb2339d142a48d1db326046cf32d7fac657e72a1e0ad645d495e06ed26e6db11
GET /sc/2443?n=crujwzoq HTTP/1.1
Host: dg.mzxvib.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.06wi.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Tue, 06 Dec 2022 10:51:00 GMT
Content-Type: text/javascript; charset=utf-8
X-Powered-By: PHP/5.6.31
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Access-Control-Allow-Origin: *
Pragma: max-age=1800
Cache-Control: max-age=1800
Age: 2053
Content-Length: 10447
Accept-Ranges: bytes
X-NWS-LOG-UUID: 12086517065852538399
Connection: keep-alive
X-Cache-Lookup: Cache Hit
kg.ijtomh.com/sc/1942?n=vrrlwmvo
119.167.147.250200 OK 10 kB URL HTTP/1.1 kg.ijtomh.com/sc/1942?n=vrrlwmvo
IP 119.167.147.250:0
ASN #4837 CHINA UNICOM China169 Backbone
File type ASCII text, with very long lines (10548), with no line terminators
Hash 8eda63fb46851d5dd2548a3100fb9f35
c1c3f74092d9ba14b5456a8f1aee51cce32023bf
012addd53dd4f5ffa49291cb41e123973ca23fbfe316a60742c38bf5086070cf
GET /sc/1942?n=vrrlwmvo HTTP/1.1
Host: kg.ijtomh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.06wi.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Tue, 06 Dec 2022 10:54:38 GMT
Content-Type: text/javascript; charset=utf-8
X-Powered-By: PHP/5.6.31
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Access-Control-Allow-Origin: *
Pragma: max-age=1800
Accept-Ranges: bytes
Cache-Control: max-age=1800
Age: 1800
Content-Length: 10548
X-NWS-LOG-UUID: 12096251899722328148
Connection: keep-alive
X-Cache-Lookup: Cache Hit, Hit From Inner Cluster
hm.baidu.com/hm.js?178ef977e2b7e3d33841b2985aea156f
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?178ef977e2b7e3d33841b2985aea156f
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (618)
Hash 007b9c08d3d2359957dca2aa482d9788
40146b2af190985cb953aaeb43179dd5eaf53fe3
5d26aa15e456e7ecdfd140ad010f05d317fc2d6d26c94fe597c2906130c71b5e
GET /hm.js?178ef977e2b7e3d33841b2985aea156f HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.06wi.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11256
Content-Type: application/javascript
Date: Tue, 06 Dec 2022 11:59:55 GMT
Etag: bbafd17ca90e9a61131ba302efdec668
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=ADFDD90CA033E3F0; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
www.06wi.com/favicon.ico
172.67.201.219404 Not Found 703 B IP 172.67.201.219:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ISO-8859 text, with CRLF line terminators
Hash 83a18ba508f9a5a5287f37b8527457f3
11b2fd2dd6a9a8be73bd0987926501bd83666487
6a5cc95658be081e311a624ca2628132549ff2fdc9852c87d4fea0d9f12ad4a0
GET /favicon.ico HTTP/1.1
Host: www.06wi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.06wi.com/
HTTP/1.1 404 Not Found
Date: Tue, 06 Dec 2022 11:59:56 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=he17Rb39sqbBdowjxxigoK9mx7hazTYo2X67FcpIMEtQEjsPm2sOcN849ddCULr5iu9KLe8LDyVeMWgbw2MGaLz9dG6yLgecRQchfom2OodC4AY0QilTDsas9IFVu%2F0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7754dbb87a39b523-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=717378325&si=178ef977e2b7e3d33841b2985aea156f&v=1.3.0&lv=1&sn=37451&r=0&ww=1280&u=http%3A%2F%2Fwww.06wi.com%2F&tt=%E4%BA%9A%E6%B4%B2%E4%B8%80%E5%8C%BA%E4%BA%8C%E5%8C%BA%E4%B8%89%E5%8C%BA%E9%AB%98%E6%B8%85%E5%9C%A8%E7%BA%BF%E8%A7%82%E7%9C%8B%EF%BC%8C%E5%9B%BD%E4%BA%A7%E6%97%A5%E4%BA%A7%E6%AC%A7%E6%B4%B2%E6%97%A0%E7%A0%81%E8%A7%86%E9%A2%91%E7%B2%BE%E5%93%81%EF%BC%8C%E4%B9%85%E4%B9%85%E4%B9%85%E6%97%A0%E7%A0%81%E7%B2%BE%E5%93%81%E4%BA%9A%E6%B4%B2%E6%97%A5%E9%9F%A9%E4%B9%B1%E7%A0%81
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=717378325&si=178ef977e2b7e3d33841b2985aea156f&v=1.3.0&lv=1&sn=37451&r=0&ww=1280&u=http%3A%2F%2Fwww.06wi.com%2F&tt=%E4%BA%9A%E6%B4%B2%E4%B8%80%E5%8C%BA%E4%BA%8C%E5%8C%BA%E4%B8%89%E5%8C%BA%E9%AB%98%E6%B8%85%E5%9C%A8%E7%BA%BF%E8%A7%82%E7%9C%8B%EF%BC%8C%E5%9B%BD%E4%BA%A7%E6%97%A5%E4%BA%A7%E6%AC%A7%E6%B4%B2%E6%97%A0%E7%A0%81%E8%A7%86%E9%A2%91%E7%B2%BE%E5%93%81%EF%BC%8C%E4%B9%85%E4%B9%85%E4%B9%85%E6%97%A0%E7%A0%81%E7%B2%BE%E5%93%81%E4%BA%9A%E6%B4%B2%E6%97%A5%E9%9F%A9%E4%B9%B1%E7%A0%81
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=717378325&si=178ef977e2b7e3d33841b2985aea156f&v=1.3.0&lv=1&sn=37451&r=0&ww=1280&u=http%3A%2F%2Fwww.06wi.com%2F&tt=%E4%BA%9A%E6%B4%B2%E4%B8%80%E5%8C%BA%E4%BA%8C%E5%8C%BA%E4%B8%89%E5%8C%BA%E9%AB%98%E6%B8%85%E5%9C%A8%E7%BA%BF%E8%A7%82%E7%9C%8B%EF%BC%8C%E5%9B%BD%E4%BA%A7%E6%97%A5%E4%BA%A7%E6%AC%A7%E6%B4%B2%E6%97%A0%E7%A0%81%E8%A7%86%E9%A2%91%E7%B2%BE%E5%93%81%EF%BC%8C%E4%B9%85%E4%B9%85%E4%B9%85%E6%97%A0%E7%A0%81%E7%B2%BE%E5%93%81%E4%BA%9A%E6%B4%B2%E6%97%A5%E9%9F%A9%E4%B9%B1%E7%A0%81 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.06wi.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Tue, 06 Dec 2022 11:59:56 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=E11A9DF42E250F60; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
static.qwahk.com/960x60.gif
210.65.162.32200 OK 477 kB URL HTTP/1.1 static.qwahk.com/960x60.gif
IP 210.65.162.32:0
ASN #3462 Data Communication Business Group
File type GIF image data, version 89a, 960 x 60\012- data
Size 477 kB (477289 bytes)
Hash 760cc21f91ee02e848650627ffa47ae2
22df8e62d12977ffd032aba17e5fd7632032633f
2b36a60cb734e5ebcaa9ad4d93f914157e563da89c4e08231bd02b72678875bd
GET /960x60.gif HTTP/1.1
Host: static.qwahk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.06wi.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Length: 477289
Content-Type: image/gif;charset=UTF-8
Date: Tue, 06 Dec 2022 11:06:25 GMT
ETag: "1670324897"
Last-Modified: Tue, 06 Dec 2022 11:08:17 GMT
Server: PWS/8.3.1.0.8
Via: 1.1 PStwtbTPE1ci72:19 (W)
X-Cache: HIT, server, memory
X-Px: ms PStwtbTPE1ci72TPE(origin)
X-Reqid: 201921416722818020221206190625NQOXACDxsampled
X-Ws-Request-Id: 638f2230_PStwtbTPE1zr73_26397-11659
p.qlogo.cn/qqmail_head/EVPtJJ9TsHzH9flljZXyh4VZUKn6u1hjrouYDALkAlDrmTV9sQTbhvI1O8DsahInYJpE6A5ugCY/0
43.154.254.32200 OK 310 kB URL HTTP/2 p.qlogo.cn/qqmail_head/EVPtJJ9TsHzH9flljZXyh4VZUKn6u1hjrouYDALkAlDrmTV9sQTbhvI1O8DsahInYJpE6A5ugCY/0
IP 43.154.254.32:0
ASN #132203 Tencent Building, Kejizhongyi Avenue
File type GIF image data, version 89a, 960 x 100\012- data
Size 310 kB (309565 bytes)
Hash 14dca7fd26cbde8deac61def3c2b3cf6
7473c356bfea96082e91338c3ee174e64b955046
1066b57c47c87c42beabb941a472ab43e34133d44b05c1687740bc015c22801e
GET /qqmail_head/EVPtJJ9TsHzH9flljZXyh4VZUKn6u1hjrouYDALkAlDrmTV9sQTbhvI1O8DsahInYJpE6A5ugCY/0 HTTP/1.1
Host: p.qlogo.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.06wi.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Qnginx/1.4.4
date: Tue, 06 Dec 2022 11:59:55 GMT
content-type: image/gif
content-length: 309565
vary: Accept,Origin
last-modified: Thu, 24 Nov 2022 10:52:16 GMT
cache-control: max-age=2592000
x-delay: 54753 us
x-info: real data
x-bcheck: 0_1
x-cpt: filename=0
user-returncode: 0
x-datasrc: 9
x-reqgue: 0
size: 309565
chid: 0
fid: 0
x-nws-log-uuid: 34d2f79d-e21e-4eed-a53a-e3f66fa9adee
X-Firefox-Spdy: h2