r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3bbb845b153026fc5332dd4506585b57
3cad200fac28fd00f34ce6ef79373e661e188743
6035871c0de6ff2d120921461207cfa32bc286e1fe78849ce74815ffbb9ff950
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6035871C0DE6FF2D120921461207CFA32BC286E1FE78849CE74815FFBB9FF950"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17296
Expires: Fri, 02 Dec 2022 13:51:58 GMT
Date: Fri, 02 Dec 2022 09:03:42 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0c748388899e8a8d3680355da2ea5020
903c620cd137613daafb0da0508c37b2f4a67212
39eab80e022a9a1732872d9926b0ace80f818ec5c535e36a18b539ea63786fb2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4906
Cache-Control: max-age=96556
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 09:03:42 GMT
Etag: "63888270-1d7"
Expires: Sat, 03 Dec 2022 11:52:58 GMT
Last-Modified: Thu, 01 Dec 2022 10:31:12 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 55b4c61a1e99001307750e3647fe1102
7559f9f6770b7d3f45b723167062096312641e08
39f6bb64420bcfc8f0b010168fd35b67732984cd0698409f04d5ae40410422aa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39F6BB64420BCFC8F0B010168FD35B67732984CD0698409F04D5AE40410422AA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14209
Expires: Fri, 02 Dec 2022 13:00:31 GMT
Date: Fri, 02 Dec 2022 09:03:42 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 02 Dec 2022 08:18:11 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2731
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: Wi2uzNK3QXMIxisfE7resMjMtkuqPifLSKiXxwwi0ZZ/4GcvUQ3uMEh1rP5GMV/Wfhc7JOxAXnc=
x-amz-request-id: KJDP7NMTCV4DDPW1
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 02 Dec 2022 08:46:03 GMT
age: 1059
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 09:03:42 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
pkwater.cc/
39.108.108.210301 Moved Permanently 230 B IP 39.108.108.210:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 928eb85c55f7889896e2ea1ed02f4a7a
1ff1847883c2393a81b029a17decea88e9a0f32d
e008de49b8aab424fe9081bd92dcdd294aa65e885380927c152ffc8326532843
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: pkwater.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Fri, 02 Dec 2022 09:03:43 GMT
Server: Apache/2.4.23 (Win32) OpenSSL/1.0.2j PHP/5.4.45
Location: http://www.pkwater.cc/
Content-Length: 230
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 02 Dec 2022 08:11:15 GMT
cache-control: public,max-age=3600
age: 3148
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 1f88399f3fdd89dbb9ca1229cb67143a
325c9dbfd932cf9a6fb9fab2dd8e27083f55a9a3
831ecd45dcd2d5ae2ae86cd63ea5e94ecd85281b7e51054af5df9a6386fb8d79
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4901
Cache-Control: max-age=91487
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 09:03:43 GMT
Etag: "63886ea9-1d7"
Expires: Sat, 03 Dec 2022 10:28:30 GMT
Last-Modified: Thu, 01 Dec 2022 09:06:49 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
54.149.149.164101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.149.149.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: l6H97PrgK6H7Q6svUy+4TA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 0h8JEAFLM80WrZGaLVHOjAZwIvk=
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15799
Expires: Fri, 02 Dec 2022 13:27:03 GMT
Date: Fri, 02 Dec 2022 09:03:44 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15799
Expires: Fri, 02 Dec 2022 13:27:03 GMT
Date: Fri, 02 Dec 2022 09:03:44 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15799
Expires: Fri, 02 Dec 2022 13:27:03 GMT
Date: Fri, 02 Dec 2022 09:03:44 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15799
Expires: Fri, 02 Dec 2022 13:27:03 GMT
Date: Fri, 02 Dec 2022 09:03:44 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg
34.120.237.76200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b986f9fcbeca91ed5c8d58fbfaf47d19
6e6c8bd2bce144cc4da1cd7be375b046b60dca79
07a8938d2841f8c13bd646f4e79e41e46acd6463aa019cd70871b3741f12bb4f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6174
x-amzn-requestid: f78f1e9d-8c0c-495d-a862-61838f8297e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cZ0iyH2WoAMFQdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63870144-45442a8544259930564f685b;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 07:07:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: QIOz71_Kr08pIIwOm2GUkWr421fO7-UyUI7LYld0JBaGnYQ0j3IDFg==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 06:00:48 GMT
age: 10976
etag: "6e6c8bd2bce144cc4da1cd7be375b046b60dca79"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa07af64d-c287-4b0a-9677-9a1000422afc.jpeg
34.120.237.76200 OK 7.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa07af64d-c287-4b0a-9677-9a1000422afc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 498ab4412ed5cf977bc23e4e870894b0
23753fe8af09ec8ffa10eed4d201a71833885c99
036042656f15e42b4d1537c45f5b8e7190c70305fa9a69c1287c6739ad0b7122
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa07af64d-c287-4b0a-9677-9a1000422afc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7334
x-amzn-requestid: a6b8b420-8394-496b-8be8-26dee52e3887
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGeoHJOoAMF75g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-0b38d07f518c8b3134457df2;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: tuKmV_nb4HVbqkhtCnZY3b33VB-bB6UxaBl6HsY_JgWesbUB8SPt-g==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 22:09:38 GMT
age: 39246
etag: "23753fe8af09ec8ffa10eed4d201a71833885c99"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F356e23df-cb76-452a-b299-da5410086837.png
34.120.237.76200 OK 16 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F356e23df-cb76-452a-b299-da5410086837.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 82ea44d6cb116fb1f5752ce9bb87e345
f799dfd89a4f5a452dc837b8616549f578fb4184
e9087e7fce332289d67d4d5646d0233c2f2d871cc88dc1c51d5ea1e9f2fb5abd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F356e23df-cb76-452a-b299-da5410086837.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 15495
x-amzn-requestid: 977cdbce-3a9c-4006-a5a1-5c4c82bd4a94
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfHDIFxzIAMFzEw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891ee0-4b2cb3a16ca745537a8caf8c;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:38:40 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: KnOx0PJ8BR9OoAzXfuWk_Je_yawqzY4isC0hYTZRvJ74YiVs8jqyIQ==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 22:25:42 GMT
age: 38282
etag: "f799dfd89a4f5a452dc837b8616549f578fb4184"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcca8556b-b044-489f-bc74-086aad62b062.webp
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcca8556b-b044-489f-bc74-086aad62b062.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d147ccb10bda82b153a596c3c967cd6a
ffd0763f997e71a8c1458523fc17cafe8849dfdf
1cfeb90a4ba027195f903d938d4a0aac418a1c2f0b52215ec023263f15905971
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcca8556b-b044-489f-bc74-086aad62b062.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7591
x-amzn-requestid: e179862e-f840-4e50-a9dc-09f325479b9a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGgMFRZIAMFl7g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891e01-676a1571459f2d83488f2765;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:57 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: oB5K_ZCWWwCltMx8FQSjDdXRMzSTSyRLSYSLAooQXuCrUxadLUiWkA==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:48:51 GMT
age: 40493
etag: "ffd0763f997e71a8c1458523fc17cafe8849dfdf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg
34.120.237.76200 OK 2.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b47431190f34eccf0a6efb98e2a32b7d
9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704
08d3b6be354cafb70c20e6865788cb375adbf88d47711651fe1a3b855094daf2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 2942
x-amzn-requestid: ed26679f-cd56-477f-9914-f9afbcaaeea6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGeoGFYoAMFWgA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-4ec6bebe21656d5026456994;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Fw6nrporwF27NW0-vXpaolW79nDXLF2RyS-lqhhp1osHt7q98VpI3g==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:49:56 GMT
age: 40428
etag: "9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F449f29d0-f60b-4dec-8b5b-0a1971bab406.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F449f29d0-f60b-4dec-8b5b-0a1971bab406.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4c7113338bc3310b13d23ca415c177e2
2cb4edc6b161c6d2d5b47aa498ae54e677966466
3a83adce869dd7eb064c583bf7ff93c57fabd7ea2da872f7d1f7d868b8a492e9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F449f29d0-f60b-4dec-8b5b-0a1971bab406.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10270
x-amzn-requestid: ac2d2825-2ec4-435e-9921-3ea6524df1dc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfG1nEvYoAMFliA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891e8a-4419423112b5723e3dba46ea;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:37:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 2ihxuuXiECC4oX11t_vswhnLF0UpqDuboPLkrhpWwp-vfCR5pxGGxw==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:53:50 GMT
age: 40194
etag: "2cb4edc6b161c6d2d5b47aa498ae54e677966466"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.pkwater.cc/THome/Template/cn/js/main.js
39.108.108.210200 OK 1.4 kB URL HTTP/1.1 www.pkwater.cc/THome/Template/cn/js/main.js
IP 39.108.108.210:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash a848c2891a4312c58f95abc49badc4dd
8147500c2f0635fa8286794295f589c0bcdb43cc
09c64376889564a5f24ca01e8d8316499951873c2d8916aee934c12a9c1b1756
Analyzer Verdict Alert fortinet Malware
GET /THome/Template/cn/js/main.js HTTP/1.1
Host: www.pkwater.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.pkwater.cc/
Cookie: ZC_think_template=%22Template%22; PHPSESSID=mloqsfqgl827j465dquoq0l152; ZC_think_language=%22cn%22; ZC_onlineid=%223abcdace19231fc82341e6adf5df0d0f%22
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 09:03:45 GMT
Server: Apache/2.4.23 (Win32) OpenSSL/1.0.2j PHP/5.4.45
Last-Modified: Tue, 22 Aug 2017 01:52:56 GMT
ETag: "56a-5574ddaa68e00"
Accept-Ranges: bytes
Content-Length: 1386
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
www.pkwater.cc/
39.108.108.210200 OK 21 kB IP 39.108.108.210:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (438), with CRLF line terminators
Hash db1d0602701201c73ed51c5852ceab6b
cc1d833fb4ac6e05783bf73d26c04bc3f8bca7fd
42d919ffe56d8004085bfc721aa00555f96d1b795210497038b9a3cc8d60e0e5
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: www.pkwater.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 09:03:43 GMT
Server: Apache/2.4.23 (Win32) OpenSSL/1.0.2j PHP/5.4.45
X-Powered-By: ThinkPHP
Set-Cookie: ZC_think_template=%22Template%22; path=/
PHPSESSID=mloqsfqgl827j465dquoq0l152; path=/
ZC_think_language=%22cn%22; path=/
ZC_onlineid=%223abcdace19231fc82341e6adf5df0d0f%22; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: private
Pragma: no-cache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
www.pkwater.cc/THome/Template/cn/js/jqImgThumb.js
39.108.108.210200 OK 3.3 kB URL HTTP/1.1 www.pkwater.cc/THome/Template/cn/js/jqImgThumb.js
IP 39.108.108.210:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash c38eb75951e52d020f0d25ad22965dca
dd7a349d4d204b36c17030d5e97a7bf93dc92886
be605bb0c16caa8b5f74b1c43d49c806e3db4b14ea0f837692a0679504854987
Analyzer Verdict Alert fortinet Malware
GET /THome/Template/cn/js/jqImgThumb.js HTTP/1.1
Host: www.pkwater.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.pkwater.cc/
Cookie: ZC_think_template=%22Template%22; PHPSESSID=mloqsfqgl827j465dquoq0l152; ZC_think_language=%22cn%22; ZC_onlineid=%223abcdace19231fc82341e6adf5df0d0f%22
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 09:03:45 GMT
Server: Apache/2.4.23 (Win32) OpenSSL/1.0.2j PHP/5.4.45
Last-Modified: Wed, 17 Aug 2016 02:55:08 GMT
ETag: "cc5-53a3b97cf9b00"
Accept-Ranges: bytes
Content-Length: 3269
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
www.pkwater.cc/cyphp/Tpl/Zcomnon/css/comnon.css
39.108.108.210200 OK 719 B URL HTTP/1.1 www.pkwater.cc/cyphp/Tpl/Zcomnon/css/comnon.css
IP 39.108.108.210:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash b3e8a198e3f464cbdaf01f1bf032dd63
50d9a221f71b3cab4c048f43d17afed162f34eeb
07e69d94a682e4ee6a9ef1d7f2059a854bbb742fab61f1b07e07d66afbbc0603
GET /cyphp/Tpl/Zcomnon/css/comnon.css HTTP/1.1
Host: www.pkwater.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.pkwater.cc/
Cookie: ZC_think_template=%22Template%22; PHPSESSID=mloqsfqgl827j465dquoq0l152; ZC_think_language=%22cn%22; ZC_onlineid=%223abcdace19231fc82341e6adf5df0d0f%22
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 09:03:45 GMT
Server: Apache/2.4.23 (Win32) OpenSSL/1.0.2j PHP/5.4.45
Last-Modified: Thu, 28 Sep 2017 03:16:24 GMT
ETag: "2cf-55a375555f846"
Accept-Ranges: bytes
Content-Length: 719
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
www.pkwater.cc/THome/Template/cn/css/style.css
39.108.108.210200 OK 22 kB URL HTTP/1.1 www.pkwater.cc/THome/Template/cn/css/style.css
IP 39.108.108.210:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash a3ca71cf4ddec423f4208d2d37193b61
eebf9d3538debb2b8141a8932916a9bd6e0f7766
a8bcdef999900bac5c5f8daffc7c58b2d2723bcc6730731fce917e088e0e6f35
GET /THome/Template/cn/css/style.css HTTP/1.1
Host: www.pkwater.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.pkwater.cc/
Cookie: ZC_think_template=%22Template%22; PHPSESSID=mloqsfqgl827j465dquoq0l152; ZC_think_language=%22cn%22; ZC_onlineid=%223abcdace19231fc82341e6adf5df0d0f%22
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 09:03:45 GMT
Server: Apache/2.4.23 (Win32) OpenSSL/1.0.2j PHP/5.4.45
Last-Modified: Fri, 01 Sep 2017 06:44:24 GMT
ETag: "54b6-5581b176e0200"
Accept-Ranges: bytes
Content-Length: 21686
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
www.pkwater.cc/THome/Template/cn/js/jquery.SuperSlide.2.1.1.js
39.108.108.210200 OK 11 kB URL HTTP/1.1 www.pkwater.cc/THome/Template/cn/js/jquery.SuperSlide.2.1.1.js
IP 39.108.108.210:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type Unicode text, UTF-8 text, with very long lines (11013), with CRLF line terminators
Hash cd674d9e02f20426d9acf1d11c85539b
74ab51a432e33698a7a627f05baf749472b72cc3
496bdf2635c9f9494f51d0ba63c8a43e5b6dfb7c88b4426e6a56f577d945e3e9
Analyzer Verdict Alert fortinet Malware
GET /THome/Template/cn/js/jquery.SuperSlide.2.1.1.js HTTP/1.1
Host: www.pkwater.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.pkwater.cc/
Cookie: ZC_think_template=%22Template%22; PHPSESSID=mloqsfqgl827j465dquoq0l152; ZC_think_language=%22cn%22; ZC_onlineid=%223abcdace19231fc82341e6adf5df0d0f%22
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 09:03:45 GMT
Server: Apache/2.4.23 (Win32) OpenSSL/1.0.2j PHP/5.4.45
Last-Modified: Thu, 11 Jul 2013 01:59:02 GMT
ETag: "2c9e-4e132bcfaa580"
Accept-Ranges: bytes
Content-Length: 11422
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
www.pkwater.cc/THome/Template/cn/js/jquery-1.12.4.min.js
39.108.108.210200 OK 97 kB URL HTTP/1.1 www.pkwater.cc/THome/Template/cn/js/jquery-1.12.4.min.js
IP 39.108.108.210:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type ASCII text, with very long lines (32077)
Hash 4f252523d4af0b478c810c2547a63e19
5a9dcfbef655a2668e78baebeaa8dc6f41d8dabb
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
Analyzer Verdict Alert fortinet Malware
GET /THome/Template/cn/js/jquery-1.12.4.min.js HTTP/1.1
Host: www.pkwater.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.pkwater.cc/
Cookie: ZC_think_template=%22Template%22; PHPSESSID=mloqsfqgl827j465dquoq0l152; ZC_think_language=%22cn%22; ZC_onlineid=%223abcdace19231fc82341e6adf5df0d0f%22
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 09:03:45 GMT
Server: Apache/2.4.23 (Win32) OpenSSL/1.0.2j PHP/5.4.45
Last-Modified: Thu, 22 Sep 2016 06:23:28 GMT
ETag: "17b8b-53d12b327f800"
Accept-Ranges: bytes
Content-Length: 97163
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
www.pkwater.cc/THome/Template/cn/images/header_home_ico.png
39.108.108.210200 OK 1.4 kB URL HTTP/1.1 www.pkwater.cc/THome/Template/cn/images/header_home_ico.png
IP 39.108.108.210:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type PNG image data, 19 x 20, 8-bit/color RGBA, non-interlaced\012- data
Hash 334769da64b255464d031f466670d9dc
e96fa4ea826d0a0b96401403c985370658468acc
8541b7245ccfbec6a9bffaeff1967b3dba5453986a95bc703ad7b6715c6e50dc
GET /THome/Template/cn/images/header_home_ico.png HTTP/1.1
Host: www.pkwater.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.pkwater.cc/THome/Template/cn/css/style.css
Cookie: ZC_think_template=%22Template%22; PHPSESSID=mloqsfqgl827j465dquoq0l152; ZC_think_language=%22cn%22; ZC_onlineid=%223abcdace19231fc82341e6adf5df0d0f%22
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 09:03:47 GMT
Server: Apache/2.4.23 (Win32) OpenSSL/1.0.2j PHP/5.4.45
Last-Modified: Fri, 11 Aug 2017 03:19:28 GMT
ETag: "54b-55671c7dd1000"
Accept-Ranges: bytes
Content-Length: 1355
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png
www.pkwater.cc/THome/Template/cn/images/header_soso_ico.png
39.108.108.210200 OK 1.2 kB URL HTTP/1.1 www.pkwater.cc/THome/Template/cn/images/header_soso_ico.png
IP 39.108.108.210:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type PNG image data, 11 x 9, 8-bit/color RGBA, non-interlaced\012- data
Hash 24644def625065b2b2664ba4c6471242
d8c6b26907efc422eb2a1f5eba556ed9fc51329f
c5600991effe03bda18234a1aba2281c82c84e40b6faf8f58fb8dd8c954e165f
GET /THome/Template/cn/images/header_soso_ico.png HTTP/1.1
Host: www.pkwater.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.pkwater.cc/THome/Template/cn/css/style.css
Cookie: ZC_think_template=%22Template%22; PHPSESSID=mloqsfqgl827j465dquoq0l152; ZC_think_language=%22cn%22; ZC_onlineid=%223abcdace19231fc82341e6adf5df0d0f%22
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 09:03:47 GMT
Server: Apache/2.4.23 (Win32) OpenSSL/1.0.2j PHP/5.4.45
Last-Modified: Fri, 11 Aug 2017 03:19:54 GMT
ETag: "487-55671c969ca80"
Accept-Ranges: bytes
Content-Length: 1159
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png
www.pkwater.cc/THome/Template/cn/images/fot_ewm.jpg
39.108.108.210200 OK 37 kB URL HTTP/1.1 www.pkwater.cc/THome/Template/cn/images/fot_ewm.jpg
IP 39.108.108.210:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC 2019 (Windows), datetime=2020:04:09 13:39:38], baseline, precision 8, 115x116, components 3\012- data
Hash 01cdb48440cd12429219e2a6ca674f5f
b0a4b328914290946b34846500c110192bf9d80f
656231b822b2a48df013f964e69c638cf2c357b15031f82ebbaca23071b14792
GET /THome/Template/cn/images/fot_ewm.jpg HTTP/1.1
Host: www.pkwater.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.pkwater.cc/
Cookie: ZC_think_template=%22Template%22; PHPSESSID=mloqsfqgl827j465dquoq0l152; ZC_think_language=%22cn%22; ZC_onlineid=%223abcdace19231fc82341e6adf5df0d0f%22
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 09:03:47 GMT
Server: Apache/2.4.23 (Win32) OpenSSL/1.0.2j PHP/5.4.45
Last-Modified: Thu, 09 Apr 2020 05:39:40 GMT
ETag: "90dc-5a2d50b10e041"
Accept-Ranges: bytes
Content-Length: 37084
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/jpeg
www.pkwater.cc/THome/Template/cn/images/logo.png
39.108.108.210200 OK 9.1 kB URL HTTP/1.1 www.pkwater.cc/THome/Template/cn/images/logo.png
IP 39.108.108.210:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type PNG image data, 174 x 61, 8-bit/color RGBA, non-interlaced\012- data
Hash 4e9eb90c5031b6e5095d3b0788d462f2
9ed405ba031bdb6c6bfbdf911ff02dd32515f9cf
77bad5e2e33628f0f00d54aa2f3d4a862e76b38da82166026f43089f5c90b22a
GET /THome/Template/cn/images/logo.png HTTP/1.1
Host: www.pkwater.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.pkwater.cc/
Cookie: ZC_think_template=%22Template%22; PHPSESSID=mloqsfqgl827j465dquoq0l152; ZC_think_language=%22cn%22; ZC_onlineid=%223abcdace19231fc82341e6adf5df0d0f%22
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 09:03:47 GMT
Server: Apache/2.4.23 (Win32) OpenSSL/1.0.2j PHP/5.4.45
Last-Modified: Sat, 10 Oct 2020 01:48:14 GMT
ETag: "23a5-5b14742255310"
Accept-Ranges: bytes
Content-Length: 9125
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png
ocsp.globalsign.com/gsrsaovsslca2018
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.20.226:0
Hash e666f3431c6b8be7b12979de090325c7
6a5fe62290814b39d8584253b863f1c835490725
ff02e1fa0c848a8b614a040fcf6567efc8cedacb955c54366223bbd0f19d274b
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 09:03:47 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Tue, 06 Dec 2022 06:07:34 GMT
ETag: "6a5fe62290814b39d8584253b863f1c835490725"
Last-Modified: Fri, 02 Dec 2022 06:07:35 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3344
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7732e433284bb51e-OSL
www.pkwater.cc/Uploads/20220929/6334eaa312374.jpg
39.108.108.210200 OK 322 kB URL HTTP/1.1 www.pkwater.cc/Uploads/20220929/6334eaa312374.jpg
IP 39.108.108.210:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=422, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=700], baseline, precision 8, 700x422, components 3\012- data
Size 322 kB (322308 bytes)
Hash ca571128d9a78e13ed30719525fe0669
3835526a4e149eee12cef76d4fb98dac692f373f
f4aefc78fc3df2c9ca8c66fdbb43de9c3c4a0d6fab93b9ee3e0cc7727704786c
GET /Uploads/20220929/6334eaa312374.jpg HTTP/1.1
Host: www.pkwater.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.pkwater.cc/
Cookie: ZC_think_template=%22Template%22; PHPSESSID=mloqsfqgl827j465dquoq0l152; ZC_think_language=%22cn%22; ZC_onlineid=%223abcdace19231fc82341e6adf5df0d0f%22
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 09:03:47 GMT
Server: Apache/2.4.23 (Win32) OpenSSL/1.0.2j PHP/5.4.45
Last-Modified: Thu, 29 Sep 2022 00:45:22 GMT
ETag: "4eb04-5e9c631369f77"
Accept-Ranges: bytes
Content-Length: 322308
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/jpeg
www.pkwater.cc/Uploads/20181022/5bcd8a8f94392.jpg
39.108.108.210200 OK 73 kB URL HTTP/1.1 www.pkwater.cc/Uploads/20181022/5bcd8a8f94392.jpg
IP 39.108.108.210:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 240x180, components 3\012- data
Hash ae3525a20a756b9fb60cc81beaba4d39
332e0a760c8c4909339ae7c6c919cbb4aa100cd1
93418dc9ead5dfee2ae977b1ae7960d75a224d54ca7e4d3ebd743cddadc33e1a
GET /Uploads/20181022/5bcd8a8f94392.jpg HTTP/1.1
Host: www.pkwater.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.pkwater.cc/
Cookie: ZC_think_template=%22Template%22; PHPSESSID=mloqsfqgl827j465dquoq0l152; ZC_think_language=%22cn%22; ZC_onlineid=%223abcdace19231fc82341e6adf5df0d0f%22
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 09:03:47 GMT
Server: Apache/2.4.23 (Win32) OpenSSL/1.0.2j PHP/5.4.45
Last-Modified: Mon, 22 Oct 2018 08:30:06 GMT
ETag: "11e7a-578cd0f7551de"
Accept-Ranges: bytes
Content-Length: 73338
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/jpeg
www.pkwater.cc/Uploads/20200303/5e5e086c6666e.jpg
39.108.108.210200 OK 59 kB URL HTTP/1.1 www.pkwater.cc/Uploads/20200303/5e5e086c6666e.jpg
IP 39.108.108.210:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 21.0 (Windows), datetime=2020:03:03 15:33:36], baseline, precision 8, 160x93, components 3\012- data
Hash aa31598737bdf02f5dd1e368e030980d
d964a7f7a668937667c4c29171ffcf6abc26d19f
65c61c4136d34d4d1f82ad1bfe510c744648453f933909ed6e515bb9edd54d25
GET /Uploads/20200303/5e5e086c6666e.jpg HTTP/1.1
Host: www.pkwater.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.pkwater.cc/
Cookie: ZC_think_template=%22Template%22; PHPSESSID=mloqsfqgl827j465dquoq0l152; ZC_think_language=%22cn%22; ZC_onlineid=%223abcdace19231fc82341e6adf5df0d0f%22
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 09:03:48 GMT
Server: Apache/2.4.23 (Win32) OpenSSL/1.0.2j PHP/5.4.45
Last-Modified: Tue, 03 Mar 2020 07:34:03 GMT
ETag: "e6b8-59fee53f76bef"
Accept-Ranges: bytes
Content-Length: 59064
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/jpeg
www.pkwater.cc/Uploads/20221201/638872260eb94.jpg
39.108.108.210200 OK 47 kB URL HTTP/1.1 www.pkwater.cc/Uploads/20221201/638872260eb94.jpg
IP 39.108.108.210:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC 2019 (Windows), datetime=2022:05:23 09:46:56], progressive, precision 8, 412x106, components 3\012- data
Hash 7158973bde1f06bc45e4a0e67378b7bc
584b911b48d50e06f7ce76047cfe9cc64cc434f3
2bd8e9eab6466d772d3e905de8724d4c2fc740da95b18c2541e02a537c19cb2f
GET /Uploads/20221201/638872260eb94.jpg HTTP/1.1
Host: www.pkwater.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.pkwater.cc/
Cookie: ZC_think_template=%22Template%22; PHPSESSID=mloqsfqgl827j465dquoq0l152; ZC_think_language=%22cn%22; ZC_onlineid=%223abcdace19231fc82341e6adf5df0d0f%22
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 09:03:47 GMT
Server: Apache/2.4.23 (Win32) OpenSSL/1.0.2j PHP/5.4.45
Last-Modified: Thu, 01 Dec 2022 09:21:41 GMT
ETag: "b8a1-5eec0bfb521d7"
Accept-Ranges: bytes
Content-Length: 47265
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/jpeg
www.pkwater.cc/Uploads/20220218/620f5c9ad9ff0.jpg
39.108.108.210200 OK 6.5 kB URL HTTP/1.1 www.pkwater.cc/Uploads/20220218/620f5c9ad9ff0.jpg
IP 39.108.108.210:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 160x93, components 3\012- data
Hash 4a59a6e84b48da95ce8f1b561db8f24f
f1ba3c79accba299a63151f3e405f99c8d9be7ca
eb3b34755c0c441938037e7ac45a5a0821eeb0f362c58f6b46e0daaa5e547148
GET /Uploads/20220218/620f5c9ad9ff0.jpg HTTP/1.1
Host: www.pkwater.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.pkwater.cc/
Cookie: ZC_think_template=%22Template%22; PHPSESSID=mloqsfqgl827j465dquoq0l152; ZC_think_language=%22cn%22; ZC_onlineid=%223abcdace19231fc82341e6adf5df0d0f%22
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 09:03:48 GMT
Server: Apache/2.4.23 (Win32) OpenSSL/1.0.2j PHP/5.4.45
Last-Modified: Fri, 18 Feb 2022 08:45:13 GMT
ETag: "196f-5d846e6ba4820"
Accept-Ranges: bytes
Content-Length: 6511
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/jpeg
s22.cnzz.com/z_stat.php?id=1266174308&show=pic
119.96.204.250200 OK 20 B URL HTTP/1.1 s22.cnzz.com/z_stat.php?id=1266174308&show=pic
IP 119.96.204.250:0
ASN #58563 CHINANET Hubei province network
Hash 7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
GET /z_stat.php?id=1266174308&show=pic HTTP/1.1
Host: s22.cnzz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.pkwater.cc/
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Date: Fri, 02 Dec 2022 09:03:48 GMT
Vary: Accept-Encoding
X-Powered-By: PHP/5.5.25
Last-Modified: Fri, 02 Dec 2022 09:03:48 GMT
Cache-Control: max-age=1800,s-maxage=3600
Content-Encoding: gzip
Ali-Swift-Global-Savetime: 1669971828
Via: cache23.l2cn1807[73,72,200-0,M], cache39.l2cn1807[75,0], cache5.cn6[111,110,200-0,M], cache23.cn6[112,0]
X-Cache: MISS TCP_REFRESH_MISS dirn:11:209508519
X-Swift-SaveTime: Fri, 02 Dec 2022 09:03:48 GMT
X-Swift-CacheTime: 3600
Timing-Allow-Origin: *
EagleId: 7760cc9916699718283355468e
www.pkwater.cc/Uploads/20181022/5bcd53d85a8ec.jpg
39.108.108.210200 OK 64 kB URL HTTP/1.1 www.pkwater.cc/Uploads/20181022/5bcd53d85a8ec.jpg
IP 39.108.108.210:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC 2018 (Windows), datetime=2018:10:22 12:36:25], progressive, precision 8, 240x180, components 3\012- data
Hash 6f85a238fd3695fc6d2cfee6b700dbe6
ac9175a543670ac243063952e868d97b94164fb3
43aafcf1134ec286f5b92f8b72f8a3320c457c31f00fb96b4999ba581217d1f0
GET /Uploads/20181022/5bcd53d85a8ec.jpg HTTP/1.1
Host: www.pkwater.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.pkwater.cc/
Cookie: ZC_think_template=%22Template%22; PHPSESSID=mloqsfqgl827j465dquoq0l152; ZC_think_language=%22cn%22; ZC_onlineid=%223abcdace19231fc82341e6adf5df0d0f%22
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 09:03:47 GMT
Server: Apache/2.4.23 (Win32) OpenSSL/1.0.2j PHP/5.4.45
Last-Modified: Mon, 22 Oct 2018 04:36:39 GMT
ETag: "fa23-578c9cc8f2440"
Accept-Ranges: bytes
Content-Length: 64035
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/jpeg
hm.baidu.com/hm.js?13d7e5989c955d49c93e243757952451
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?13d7e5989c955d49c93e243757952451
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (627)
Hash a2529cfad21e09493b5e360b8f5e1157
7f69ed74907c9f25b0b321989b4f959d2e36787d
775f2d04f2fe2b05780615dd690c9f9023db6752bd0e2be62b46d0441f0eede5
GET /hm.js?13d7e5989c955d49c93e243757952451 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.pkwater.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11265
Content-Type: application/javascript
Date: Fri, 02 Dec 2022 09:03:48 GMT
Etag: 74f82667a20df072a2dc9c0519447d9f
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=F04377D2F9248BA2; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1508106536&si=13d7e5989c955d49c93e243757952451&v=1.3.0&lv=1&sn=8957&r=0&ww=1280&u=http%3A%2F%2Fwww.pkwater.cc%2F&tt=%E8%A3%85%E9%85%8D%E5%BC%8F%E6%B1%A1%E6%B0%B4%E5%8E%82%E5%BC%80%E5%88%9B%E8%80%85_%E5%86%9C%E6%9D%91%E7%94%9F%E6%B4%BB%E6%B1%A1%E6%B0%B4%E5%A4%84%E7%90%86_%E6%B2%B3%E9%81%93%E6%B0%B4%E5%A4%84%E7%90%86_%E5%86%9C%E6%9D%91%E5%AE%89%E5%85%A8%E9%A5%AE%E6%B0%B4%E5%B7%A5%E7%A8%8B_%E9%B9%8F%E5%87%AF%E7%8E%AF%E5%A2%83%E7%A7%91%E6%8A%80%E8%82%A1%E4%BB%BD%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1508106536&si=13d7e5989c955d49c93e243757952451&v=1.3.0&lv=1&sn=8957&r=0&ww=1280&u=http%3A%2F%2Fwww.pkwater.cc%2F&tt=%E8%A3%85%E9%85%8D%E5%BC%8F%E6%B1%A1%E6%B0%B4%E5%8E%82%E5%BC%80%E5%88%9B%E8%80%85_%E5%86%9C%E6%9D%91%E7%94%9F%E6%B4%BB%E6%B1%A1%E6%B0%B4%E5%A4%84%E7%90%86_%E6%B2%B3%E9%81%93%E6%B0%B4%E5%A4%84%E7%90%86_%E5%86%9C%E6%9D%91%E5%AE%89%E5%85%A8%E9%A5%AE%E6%B0%B4%E5%B7%A5%E7%A8%8B_%E9%B9%8F%E5%87%AF%E7%8E%AF%E5%A2%83%E7%A7%91%E6%8A%80%E8%82%A1%E4%BB%BD%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1508106536&si=13d7e5989c955d49c93e243757952451&v=1.3.0&lv=1&sn=8957&r=0&ww=1280&u=http%3A%2F%2Fwww.pkwater.cc%2F&tt=%E8%A3%85%E9%85%8D%E5%BC%8F%E6%B1%A1%E6%B0%B4%E5%8E%82%E5%BC%80%E5%88%9B%E8%80%85_%E5%86%9C%E6%9D%91%E7%94%9F%E6%B4%BB%E6%B1%A1%E6%B0%B4%E5%A4%84%E7%90%86_%E6%B2%B3%E9%81%93%E6%B0%B4%E5%A4%84%E7%90%86_%E5%86%9C%E6%9D%91%E5%AE%89%E5%85%A8%E9%A5%AE%E6%B0%B4%E5%B7%A5%E7%A8%8B_%E9%B9%8F%E5%87%AF%E7%8E%AF%E5%A2%83%E7%A7%91%E6%8A%80%E8%82%A1%E4%BB%BD%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.pkwater.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Fri, 02 Dec 2022 09:03:49 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=5E478AB967EFFBBD; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
www.pkwater.cc/Uploads/20191224/5e01ae4b33358.jpg
39.108.108.210200 OK 56 kB URL HTTP/1.1 www.pkwater.cc/Uploads/20191224/5e01ae4b33358.jpg
IP 39.108.108.210:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 21.0 (Windows), datetime=2019:12:24 14:08:53], baseline, precision 8, 160x93, components 3\012- data
Hash 323ac9de31d60f518e3dcbad52113713
603f6eef58b1c19fb59df05b841eebdb40f64984
615a4bf6cac27427c64922245b20bcbe49ecefa160ffd181f65aa389de62129d
GET /Uploads/20191224/5e01ae4b33358.jpg HTTP/1.1
Host: www.pkwater.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.pkwater.cc/
Cookie: ZC_think_template=%22Template%22; PHPSESSID=mloqsfqgl827j465dquoq0l152; ZC_think_language=%22cn%22; ZC_onlineid=%223abcdace19231fc82341e6adf5df0d0f%22
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 09:03:47 GMT
Server: Apache/2.4.23 (Win32) OpenSSL/1.0.2j PHP/5.4.45
Last-Modified: Tue, 24 Dec 2019 06:20:58 GMT
ETag: "da95-59a6d25b1b480"
Accept-Ranges: bytes
Content-Length: 55957
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/jpeg
goutong.baidu.com/site/913/13d7e5989c955d49c93e243757952451/b.js?siteId=12317845
14.215.177.164200 OK 8.3 kB URL HTTP/2 goutong.baidu.com/site/913/13d7e5989c955d49c93e243757952451/b.js?siteId=12317845
IP 14.215.177.164:0
File type Unicode text, UTF-8 text, with very long lines (7998), with no line terminators
Hash 7828c652e2f28ce0d94715c79e18324c
583ddb9bb26012ec6fcf7e6cb9fe4407201119e9
7fdf8af4f122ac9b4648cac72b6a93ed9adef975712c51f3c10b849b4244a064
GET /site/913/13d7e5989c955d49c93e243757952451/b.js?siteId=12317845 HTTP/1.1
Host: goutong.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.pkwater.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: no-cache
content-type: text/javascript; charset=utf-8
date: Fri, 02 Dec 2022 09:03:50 GMT
pragma: no-cache
server: Apache
x-envoy-decorator-operation: im-icon.meg-crm-prod.svc.cluster.local:2333/*
x-envoy-upstream-service-time: 471
x-protected-by: OpenRASP
x-request-id: de78adeb908b4c8394ac1f38eed8ed55
content-length: 8250
X-Firefox-Spdy: h2
www.pkwater.cc/favicon.ico
39.108.108.210404 Not Found 209 B URL HTTP/1.1 www.pkwater.cc/favicon.ico
IP 39.108.108.210:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 18ffb59b61525f781cf9251045be575d
bd7318b00b15b7a1c8a48524419fa2e5c27a5b6d
b6682cab65d3243b5b75efb7279dbf49491957484780f2ba0a87632cc0e25642
GET /favicon.ico HTTP/1.1
Host: www.pkwater.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.pkwater.cc/
Cookie: ZC_think_template=%22Template%22; PHPSESSID=mloqsfqgl827j465dquoq0l152; ZC_think_language=%22cn%22; ZC_onlineid=%223abcdace19231fc82341e6adf5df0d0f%22; Hm_lvt_13d7e5989c955d49c93e243757952451=1669971827; Hm_lpvt_13d7e5989c955d49c93e243757952451=1669971827
HTTP/1.1 404 Not Found
Date: Fri, 02 Dec 2022 09:03:50 GMT
Server: Apache/2.4.23 (Win32) OpenSSL/1.0.2j PHP/5.4.45
Content-Length: 209
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
www.pkwater.cc/THome/Template/cn/images/main_product_bg.jpg
39.108.108.210200 OK 145 kB URL HTTP/1.1 www.pkwater.cc/THome/Template/cn/images/main_product_bg.jpg
IP 39.108.108.210:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 2000x626, components 3\012- data
Size 145 kB (145126 bytes)
Hash 8b390d7fb06aab60d77c9aae19e9c0c4
e0e41ebc032d6d23c06a4f7ab7f917726a9a066f
0b340963adfc086a0ae3efb3646aeb9c51611f7698386ea7cd10958f660c6e04
GET /THome/Template/cn/images/main_product_bg.jpg HTTP/1.1
Host: www.pkwater.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.pkwater.cc/THome/Template/cn/css/style.css
Cookie: ZC_think_template=%22Template%22; PHPSESSID=mloqsfqgl827j465dquoq0l152; ZC_think_language=%22cn%22; ZC_onlineid=%223abcdace19231fc82341e6adf5df0d0f%22
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 09:03:48 GMT
Server: Apache/2.4.23 (Win32) OpenSSL/1.0.2j PHP/5.4.45
Last-Modified: Mon, 14 Aug 2017 01:52:04 GMT
ETag: "236e6-556ace8d21900"
Accept-Ranges: bytes
Content-Length: 145126
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/jpeg
www.pkwater.cc/Uploads/20170819/5997d3257e160.jpg
39.108.108.210200 OK 49 kB URL HTTP/1.1 www.pkwater.cc/Uploads/20170819/5997d3257e160.jpg
IP 39.108.108.210:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2017:08:18 12:17:52], baseline, precision 8, 160x93, components 3\012- data
Hash beb0211217b2bae8b9ccf3328634df6b
f0c71e53923a9fc314abc364bed726848611df7a
ba7798b262ee4269b69b0aa826e89794ff585f4bec15582db025c737c353d0d1
GET /Uploads/20170819/5997d3257e160.jpg HTTP/1.1
Host: www.pkwater.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.pkwater.cc/
Cookie: ZC_think_template=%22Template%22; PHPSESSID=mloqsfqgl827j465dquoq0l152; ZC_think_language=%22cn%22; ZC_onlineid=%223abcdace19231fc82341e6adf5df0d0f%22
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 09:03:48 GMT
Server: Apache/2.4.23 (Win32) OpenSSL/1.0.2j PHP/5.4.45
Last-Modified: Sat, 19 Aug 2017 05:56:54 GMT
ETag: "be80-55714e99e9580"
Accept-Ranges: bytes
Content-Length: 48768
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/jpeg
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1250c1e7-37f4-4697-8233-d05f398cb066.jpeg
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1250c1e7-37f4-4697-8233-d05f398cb066.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f0fc684e61682c4078a82ee3d901ae52
ea65ad98933ec58afa3fa5c7642491d77db7e6c2
5e953012dba2b85cfda5befe2448ab87fbc2432a071e11a33b44be4f5148a4a4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1250c1e7-37f4-4697-8233-d05f398cb066.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 6752
x-amzn-requestid: f398ce98-353e-4783-aa42-dbf1ad036ab7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGepE6roAMF4zw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-0753d209291e197e7c6422a6;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: yQ2Oc2viJ7EoRW4QSMG30tsGK73zxYQsXKKcWP3vleI0CTBVRfB1Fg==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 22:31:16 GMT
age: 37955
etag: "ea65ad98933ec58afa3fa5c7642491d77db7e6c2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.pkwater.cc/Uploads/images/s_599aa8ef43bba.png
39.108.108.210200 OK 0 B URL HTTP/1.1 www.pkwater.cc/Uploads/images/s_599aa8ef43bba.png
IP 39.108.108.210:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
GET /Uploads/images/s_599aa8ef43bba.png HTTP/1.1
Host: www.pkwater.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.pkwater.cc/
Cookie: ZC_think_template=%22Template%22; PHPSESSID=mloqsfqgl827j465dquoq0l152; ZC_think_language=%22cn%22; ZC_onlineid=%223abcdace19231fc82341e6adf5df0d0f%22
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 09:03:48 GMT
Server: Apache/2.4.23 (Win32) OpenSSL/1.0.2j PHP/5.4.45
Last-Modified: Mon, 21 Aug 2017 09:33:36 GMT
ETag: "1522f-557402c481c00"
Accept-Ranges: bytes
Content-Length: 86575
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
www.pkwater.cc/Uploads/20200619/5eec7d693453a.jpg
39.108.108.210200 OK 0 B URL HTTP/1.1 www.pkwater.cc/Uploads/20200619/5eec7d693453a.jpg
IP 39.108.108.210:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
GET /Uploads/20200619/5eec7d693453a.jpg HTTP/1.1
Host: www.pkwater.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.pkwater.cc/
Cookie: ZC_think_template=%22Template%22; PHPSESSID=mloqsfqgl827j465dquoq0l152; ZC_think_language=%22cn%22; ZC_onlineid=%223abcdace19231fc82341e6adf5df0d0f%22
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 09:03:49 GMT
Server: Apache/2.4.23 (Win32) OpenSSL/1.0.2j PHP/5.4.45
Last-Modified: Fri, 19 Jun 2020 08:55:04 GMT
ETag: "1d211-5a86c0c8dc3fb"
Accept-Ranges: bytes
Content-Length: 119313
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/jpeg
www.pkwater.cc/Uploads/20211125/619f3effce923.jpg
39.108.108.210200 OK 0 B URL HTTP/1.1 www.pkwater.cc/Uploads/20211125/619f3effce923.jpg
IP 39.108.108.210:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
GET /Uploads/20211125/619f3effce923.jpg HTTP/1.1
Host: www.pkwater.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.pkwater.cc/
Cookie: ZC_think_template=%22Template%22; PHPSESSID=mloqsfqgl827j465dquoq0l152; ZC_think_language=%22cn%22; ZC_onlineid=%223abcdace19231fc82341e6adf5df0d0f%22
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 09:03:47 GMT
Server: Apache/2.4.23 (Win32) OpenSSL/1.0.2j PHP/5.4.45
Last-Modified: Thu, 25 Nov 2021 07:45:02 GMT
ETag: "12f367-5d19826fab67b"
Accept-Ranges: bytes
Content-Length: 1241959
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/jpeg
www.pkwater.cc/Uploads/20211125/619f44c91a774.jpg
39.108.108.210200 OK 0 B URL HTTP/1.1 www.pkwater.cc/Uploads/20211125/619f44c91a774.jpg
IP 39.108.108.210:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
GET /Uploads/20211125/619f44c91a774.jpg HTTP/1.1
Host: www.pkwater.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.pkwater.cc/
Cookie: ZC_think_template=%22Template%22; PHPSESSID=mloqsfqgl827j465dquoq0l152; ZC_think_language=%22cn%22; ZC_onlineid=%223abcdace19231fc82341e6adf5df0d0f%22
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 09:03:49 GMT
Server: Apache/2.4.23 (Win32) OpenSSL/1.0.2j PHP/5.4.45
Last-Modified: Thu, 25 Nov 2021 08:09:44 GMT
ETag: "12fa03-5d1987f453855"
Accept-Ranges: bytes
Content-Length: 1243651
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/jpeg
www.pkwater.cc/Uploads/20211125/619f4df4ea472.jpg
39.108.108.210200 OK 0 B URL HTTP/1.1 www.pkwater.cc/Uploads/20211125/619f4df4ea472.jpg
IP 39.108.108.210:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
GET /Uploads/20211125/619f4df4ea472.jpg HTTP/1.1
Host: www.pkwater.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.pkwater.cc/
Cookie: ZC_think_template=%22Template%22; PHPSESSID=mloqsfqgl827j465dquoq0l152; ZC_think_language=%22cn%22; ZC_onlineid=%223abcdace19231fc82341e6adf5df0d0f%22
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 09:03:51 GMT
Server: Apache/2.4.23 (Win32) OpenSSL/1.0.2j PHP/5.4.45
Last-Modified: Thu, 25 Nov 2021 08:48:51 GMT
ETag: "ec4e6-5d1990b3695fe"
Accept-Ranges: bytes
Content-Length: 967910
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/jpeg
www.pkwater.cc/Uploads/pkhj.mp4
39.108.108.210206 Partial Content 0 B URL HTTP/1.1 www.pkwater.cc/Uploads/pkhj.mp4
IP 39.108.108.210:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
Analyzer Verdict Alert fortinet Malware
GET /Uploads/pkhj.mp4 HTTP/1.1
Host: www.pkwater.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: http://www.pkwater.cc/
Cookie: ZC_think_template=%22Template%22; PHPSESSID=mloqsfqgl827j465dquoq0l152; ZC_think_language=%22cn%22; ZC_onlineid=%223abcdace19231fc82341e6adf5df0d0f%22
HTTP/1.1 206 Partial Content
Date: Fri, 02 Dec 2022 09:03:48 GMT
Server: Apache/2.4.23 (Win32) OpenSSL/1.0.2j PHP/5.4.45
Last-Modified: Mon, 09 Aug 2021 02:48:59 GMT
ETag: "300fbf3-5c9176d544180"
Accept-Ranges: bytes
Content-Length: 50396147
Content-Range: bytes 0-50396146/50396147
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: video/mp4