r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 30c30d01178fc74ac5266ee64c3ee85b
c0c2af8a864c00aa85a8775d55f85ab107150a3b
c15644f69fbfeb99074c7e9711dfc9452ee164fa78eb981b6bae4fb7e3585f2a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C15644F69FBFEB99074C7E9711DFC9452EE164FA78EB981B6BAE4FB7E3585F2A"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16833
Expires: Fri, 18 Nov 2022 20:24:38 GMT
Date: Fri, 18 Nov 2022 15:44:05 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 67f53a639d57dd6237b5be86fe4f6c1b
287f09532dc331228d09c20b75f4160e91e9800a
41913a8af366685c42af59e9d8e02fccedbe68a3313d2d9fe353deb0c1019075
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2973
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 15:44:06 GMT
Etag: "63775eeb-1d7"
Last-Modified: Fri, 18 Nov 2022 14:54:33 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3a38b6dd8a4cc335c026aebf2ed348b6
8a386e0ccb0ca4dc502746c45b2ebc3aa3f83cf8
8b4040a645cec1841a00a22765eb3a74978559daf15c54bd4b41b6b48aab7f95
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8B4040A645CEC1841A00A22765EB3A74978559DAF15C54BD4B41B6B48AAB7F95"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2674
Expires: Fri, 18 Nov 2022 16:28:40 GMT
Date: Fri, 18 Nov 2022 15:44:06 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: bFAUhDXvp5Jf07Q2RZaW2K0UwKo2q98ox18F/FCHwmvZUNIXFkkCWon4BB2mLAm9QpiUFV4QXN0=
x-amz-request-id: GH58QVMG7VDQKDCF
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 18 Nov 2022 14:52:57 GMT
age: 3069
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 4d7e4eed097b9c4e5d509419f1cfc85a
290bb3d428a7c6330e2e3d73a952b16f820896c8
0dc9ca0f57af15adcd416035e92794711434e3d53a1feff21d8481d6d500986c
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 18 Nov 2022 14:45:03 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 3543
alt-svc: clear
X-Firefox-Spdy: h2
mail.makeupuccino.com/
47.246.165.52200 OK 5.1 kB IP 47.246.165.52:0
ASN #45102 Alibaba US Technology Co., Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (441), with CRLF, LF line terminators
Hash aa67b10f1034a23692d74ced6beb50ac
0a9590ca90e3a958dc72f28e73d9647f5eab9969
fd39a5ccf2f977e221d32d28214efb6806f9897809b4e0b6acf577f28e503d78
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
GET / HTTP/1.1
Host: mail.makeupuccino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: Tengine
Date: Fri, 18 Nov 2022 15:44:06 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Cache-Control: no-cache
X-Robots-Tag: noindex, nofollow
Content-Security-Policy-Report-Only: base-uri 'self';script-src https://*.cnzz.com https://*.tbcdn.cn https://*.alicdn.com http://alimei-sub.sg.aliyun.com https://g.alicdn.com http://*.alicdn.com http://*.tbcdn.cn https://alimei-sub.sg.aliyun.com https://*.alibaba-inc.com http://*.mxhichina.com https://*.tdum.alibaba.com https://*.mxhichina.com http://ynuf.aliapp.org http://*.cnzz.com https://alimail-web-assets.oss-cn-hangzhou.aliyuncs.com http://*.alibaba-inc.com https://alimei-sub.alibaba.com 'nonce-dC02NjA2MS1BRnYzS3A6026' 'self' 'unsafe-eval' 'unsafe-inline' 'unsafe-hashes' 'sha256-5ZESDry5Jdgh27TvZdoin5zkV6TF0poectvQPYNk56c=';object-src 'self';frame-src https://*.aliyun.com https://*.alibaba-inc.com http://*.mxhichina.com https://*.mxhichina.com http://*.alibaba.com http://*.alibaba-inc.com http://*.aliyun.com https://*.alibaba.com https://*.alibabacloud.com 'self';report-uri /alimail/browser_csp_result
Set-Cookie: alimail_browser_instance=dC02NjA2MS1BRnYzS3A6026; Path=/
alimail_sid=JS566MC1-RMR5L43F8QDO3B1LSZP53-RCS8OMAL-WBD1; Path=/; HttpOnly
alimail_session_template_key=; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
alimail_local_session_key=; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
alimail_ccweb_session_key=; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
alimail_aliguest_session_key=; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
alimail_b2b_session_key=; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
alimail_buc_session_key=; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
alimail_core_session_key=; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
alimail_havana_session_key=; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
alimail_client_session_key=; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
alimail_auth_session_key=; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
alimail_admin_local_session_key=; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
alimail_admin_local_session_webmail=; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
alimail_admin_local_session_aliyun=; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
_csrf_token_=; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
at=; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
alimail_force_lang=; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
alimail_token_invalid_time=; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
core_heart_beat=; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
core_token=; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
alimail_sdata0=a24zos5gOAbHitWQr5w%2FAIM4UTgt9pc9mgzsObnCeySfLHcViOPu3Ij%2F1vL27fzX8iLfw76CcQ584APb6sJmL6FQsM%2FCcvtpocG6bwEeMIy1gGilVpunpT8sGOd24V7Nzc834kbhRLFRyciTUvMpYA%3D%3D; Path=/; HttpOnly
Content-Language: zh-CN
Content-Encoding: gzip
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 18 Nov 2022 15:44:06 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
mail.makeupuccino.com/static/0.1.39/login/default/styles/login.css
47.246.165.52200 OK 1.8 kB URL HTTP/1.1 mail.makeupuccino.com/static/0.1.39/login/default/styles/login.css
IP 47.246.165.52:0
ASN #45102 Alibaba US Technology Co., Ltd.
File type ASCII text, with very long lines (7049), with no line terminators
Hash 58cb8c539f6ae270641df5cf963aec3c
f7bd6aa11b8d088a8f942d4e1e8ee8d3c8b61e91
608e4f4e4fb3b119d7bf21edfd039957e814354ad9288bca462ad7a6623db73a
Analyzer Verdict Alert mnemonic_dns Sinkholed
GET /static/0.1.39/login/default/styles/login.css HTTP/1.1
Host: mail.makeupuccino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.makeupuccino.com/
Cookie: alimail_browser_instance=dC02NjA2MS1BRnYzS3A6026; alimail_sid=JS566MC1-RMR5L43F8QDO3B1LSZP53-RCS8OMAL-WBD1; alimail_sdata0=a24zos5gOAbHitWQr5w%2FAIM4UTgt9pc9mgzsObnCeySfLHcViOPu3Ij%2F1vL27fzX8iLfw76CcQ584APb6sJmL6FQsM%2FCcvtpocG6bwEeMIy1gGilVpunpT8sGOd24V7Nzc834kbhRLFRyciTUvMpYA%3D%3D
HTTP/1.1 200 OK
Server: Tengine
Date: Fri, 18 Nov 2022 15:44:06 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"7049-1668764333000"
Last-Modified: Fri, 18 Nov 2022 09:38:53 GMT
Content-Encoding: gzip
mail.makeupuccino.com/static/blank.html
47.246.165.52200 OK 62 B URL HTTP/1.1 mail.makeupuccino.com/static/blank.html
IP 47.246.165.52:0
ASN #45102 Alibaba US Technology Co., Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash af614c7bc77274d1ab19ae0e68cb9e1d
0ddd5aa0cf1cc35162ca576230cc1374e8b85614
a36238b206f39437474b3e268e1607b85b5caadebe8c536d24ed623ed7d126c9
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
GET /static/blank.html HTTP/1.1
Host: mail.makeupuccino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.makeupuccino.com/
Cookie: alimail_browser_instance=dC02NjA2MS1BRnYzS3A6026; alimail_sid=JS566MC1-RMR5L43F8QDO3B1LSZP53-RCS8OMAL-WBD1; alimail_sdata0=a24zos5gOAbHitWQr5w%2FAIM4UTgt9pc9mgzsObnCeySfLHcViOPu3Ij%2F1vL27fzX8iLfw76CcQ584APb6sJmL6FQsM%2FCcvtpocG6bwEeMIy1gGilVpunpT8sGOd24V7Nzc834kbhRLFRyciTUvMpYA%3D%3D
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: Tengine
Date: Fri, 18 Nov 2022 15:44:06 GMT
Content-Type: text/html
Content-Length: 62
Connection: keep-alive
Accept-Ranges: bytes
ETag: W/"62-1668764330000"
Last-Modified: Fri, 18 Nov 2022 09:38:50 GMT
mail.makeupuccino.com/static/0.1.39/images/forSgNetCN/logo.png
47.246.165.52200 OK 8.6 kB URL HTTP/1.1 mail.makeupuccino.com/static/0.1.39/images/forSgNetCN/logo.png
IP 47.246.165.52:0
ASN #45102 Alibaba US Technology Co., Ltd.
File type PNG image data, 300 x 96, 8-bit/color RGBA, non-interlaced\012- data
Hash 9e74051c4b6cee5688c24a2b13cc82cb
f26ef7c153a990cb9561c3e50c27cf46d6c2fd57
3f4cf6212d6940fce0e63ccc9030983fecf553d24cc98acfa3a8cbf6cb2475a0
Analyzer Verdict Alert mnemonic_dns Sinkholed
GET /static/0.1.39/images/forSgNetCN/logo.png HTTP/1.1
Host: mail.makeupuccino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.makeupuccino.com/
Cookie: alimail_browser_instance=dC02NjA2MS1BRnYzS3A6026; alimail_sid=JS566MC1-RMR5L43F8QDO3B1LSZP53-RCS8OMAL-WBD1; alimail_sdata0=a24zos5gOAbHitWQr5w%2FAIM4UTgt9pc9mgzsObnCeySfLHcViOPu3Ij%2F1vL27fzX8iLfw76CcQ584APb6sJmL6FQsM%2FCcvtpocG6bwEeMIy1gGilVpunpT8sGOd24V7Nzc834kbhRLFRyciTUvMpYA%3D%3D
HTTP/1.1 200 OK
Server: Tengine
Date: Fri, 18 Nov 2022 15:44:06 GMT
Content-Type: image/png
Content-Length: 8558
Connection: keep-alive
Accept-Ranges: bytes
ETag: W/"8558-1668764333000"
Last-Modified: Fri, 18 Nov 2022 09:38:53 GMT
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Cache-Control, ETag, Pragma, Expires, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 18 Nov 2022 15:25:01 GMT
cache-control: public,max-age=3600
age: 1145
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
mail.makeupuccino.com/static/0.1.39/dist/sqm-dom.js
47.246.165.52200 OK 34 kB URL HTTP/1.1 mail.makeupuccino.com/static/0.1.39/dist/sqm-dom.js
IP 47.246.165.52:0
ASN #45102 Alibaba US Technology Co., Ltd.
File type Unicode text, UTF-8 text, with very long lines (65532), with no line terminators
Hash b0a0a4bffc14b997f08cb66296053e95
d255287c8a3e9b2b253b6e820be94972835b0d92
20ea86403d35f58b9b0f093bfc12ad9231d11507fc61480e77eb00b9192342ac
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
GET /static/0.1.39/dist/sqm-dom.js HTTP/1.1
Host: mail.makeupuccino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.makeupuccino.com/
Cookie: alimail_browser_instance=dC02NjA2MS1BRnYzS3A6026; alimail_sid=JS566MC1-RMR5L43F8QDO3B1LSZP53-RCS8OMAL-WBD1; alimail_sdata0=a24zos5gOAbHitWQr5w%2FAIM4UTgt9pc9mgzsObnCeySfLHcViOPu3Ij%2F1vL27fzX8iLfw76CcQ584APb6sJmL6FQsM%2FCcvtpocG6bwEeMIy1gGilVpunpT8sGOd24V7Nzc834kbhRLFRyciTUvMpYA%3D%3D
HTTP/1.1 200 OK
Server: Tengine
Date: Fri, 18 Nov 2022 15:44:06 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"102552-1668764332000"
Last-Modified: Fri, 18 Nov 2022 09:38:52 GMT
Content-Encoding: gzip
mail.makeupuccino.com/alimail/browser_csp_result
47.246.165.52200 OK 0 B URL HTTP/1.1 mail.makeupuccino.com/alimail/browser_csp_result
IP 47.246.165.52:0
ASN #45102 Alibaba US Technology Co., Ltd.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
POST /alimail/browser_csp_result HTTP/1.1
Host: mail.makeupuccino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/csp-report
Content-Length: 1101
Origin: http://mail.makeupuccino.com
Connection: keep-alive
HTTP/1.1 200 OK
Server: Tengine
Date: Fri, 18 Nov 2022 15:44:06 GMT
Content-Length: 0
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fe40cc6ea871d80382b6082111393fbe
281f75d0a35dc8ef908bb0500e57abd86bd5388e
6d15422cdf7a6d72d06497188f27af893682314e82ac8a189a0ee2d798cb62d7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3591
Cache-Control: max-age=152561
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 15:44:06 GMT
Etag: "63774b30-1d7"
Expires: Sun, 20 Nov 2022 10:06:47 GMT
Last-Modified: Fri, 18 Nov 2022 09:06:56 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 471
mail.makeupuccino.com/alimail/error/browserLog?_timestamp_=1668786245105
47.246.165.52200 OK 204 B URL HTTP/1.1 mail.makeupuccino.com/alimail/error/browserLog?_timestamp_=1668786245105
IP 47.246.165.52:0
ASN #45102 Alibaba US Technology Co., Ltd.
File type HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 54b3f0ea2a2d0a341968e111ad83480f
e9d50e2d07dcdf8e8f80cee278d23e87e5d4de45
23241e1b0178f9cfbf7b4072c903c3e202ae813b44f2d1003a7daee2f3f7fa3f
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
POST /alimail/error/browserLog?_timestamp_=1668786245105 HTTP/1.1
Host: mail.makeupuccino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 183
Origin: http://mail.makeupuccino.com
Connection: keep-alive
Referer: http://mail.makeupuccino.com/
Cookie: alimail_browser_instance=dC02NjA2MS1BRnYzS3A6026; alimail_sid=JS566MC1-RMR5L43F8QDO3B1LSZP53-RCS8OMAL-WBD1; alimail_sdata0=a24zos5gOAbHitWQr5w%2FAIM4UTgt9pc9mgzsObnCeySfLHcViOPu3Ij%2F1vL27fzX8iLfw76CcQ584APb6sJmL6FQsM%2FCcvtpocG6bwEeMIy1gGilVpunpT8sGOd24V7Nzc834kbhRLFRyciTUvMpYA%3D%3D
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: Tengine
Date: Fri, 18 Nov 2022 15:44:07 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 204
Connection: keep-alive
X-Content-Type-Options: nosniff
Cache-Control: no-cache
X-Robots-Tag: noindex, nofollow
Content-Security-Policy-Report-Only: base-uri 'self';script-src https://*.cnzz.com https://*.tbcdn.cn https://*.alicdn.com http://alimei-sub.sg.aliyun.com https://g.alicdn.com http://*.alicdn.com http://*.tbcdn.cn https://alimei-sub.sg.aliyun.com https://*.alibaba-inc.com http://*.mxhichina.com https://*.tdum.alibaba.com https://*.mxhichina.com http://ynuf.aliapp.org http://*.cnzz.com https://alimail-web-assets.oss-cn-hangzhou.aliyuncs.com http://*.alibaba-inc.com https://alimei-sub.alibaba.com 'nonce-dC02NjA2MS1BRnYzS3A6026' 'self' 'unsafe-eval' 'unsafe-inline' 'unsafe-hashes' 'sha256-5ZESDry5Jdgh27TvZdoin5zkV6TF0poectvQPYNk56c=';object-src 'self';frame-src https://*.aliyun.com https://*.alibaba-inc.com http://*.mxhichina.com https://*.mxhichina.com http://*.alibaba.com http://*.alibaba-inc.com http://*.aliyun.com https://*.alibaba.com https://*.alibabacloud.com 'self';report-uri /alimail/browser_csp_result
Content-Language: zh-CN
push.services.mozilla.com/
35.161.136.21101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.161.136.21:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: B4E4ZvBECrqvRML6CkqcOw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 2JqNt/P+n6L3DrDE8AYj0fM1wyk=
mail.makeupuccino.com/static/0.1.39/images/favicon.ico
47.246.165.52200 OK 4.3 kB URL HTTP/1.1 mail.makeupuccino.com/static/0.1.39/images/favicon.ico
IP 47.246.165.52:0
ASN #45102 Alibaba US Technology Co., Ltd.
File type MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel\012- data
Hash 223aeabe61716fb81536e91494af9f18
3b89ec206627bc23cf4f93aa9db72e41bd996fa6
bae7943aa5043a645ebee02ea409536571efd498a96ce2ae2d830ad8fd8b1968
Analyzer Verdict Alert mnemonic_dns Sinkholed
GET /static/0.1.39/images/favicon.ico HTTP/1.1
Host: mail.makeupuccino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.makeupuccino.com/
Cookie: alimail_browser_instance=dC02NjA2MS1BRnYzS3A6026; alimail_sid=JS566MC1-RMR5L43F8QDO3B1LSZP53-RCS8OMAL-WBD1; alimail_sdata0=a24zos5gOAbHitWQr5w%2FAIM4UTgt9pc9mgzsObnCeySfLHcViOPu3Ij%2F1vL27fzX8iLfw76CcQ584APb6sJmL6FQsM%2FCcvtpocG6bwEeMIy1gGilVpunpT8sGOd24V7Nzc834kbhRLFRyciTUvMpYA%3D%3D
HTTP/1.1 200 OK
Server: Tengine
Date: Fri, 18 Nov 2022 15:44:07 GMT
Content-Type: image/x-icon
Content-Length: 4286
Connection: keep-alive
Accept-Ranges: bytes
ETag: W/"4286-1668764334000"
Last-Modified: Fri, 18 Nov 2022 09:38:54 GMT
ocsp2.globalsign.com/gsorganizationvalsha2g2
104.18.20.226200 OK 1.5 kB URL HTTP/1.1 ocsp2.globalsign.com/gsorganizationvalsha2g2
IP 104.18.20.226:0
Hash 96158ae190f01d193254637b0408ea47
be48361ba33ee9b98b8fd17fcc3201538b3408ad
bfd0a15dddff82518b0e60c7e0e7e17c375b264c365ce3872956c75046a78338
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 15:44:07 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Tue, 22 Nov 2022 15:44:06 GMT
ETag: "be48361ba33ee9b98b8fd17fcc3201538b3408ad"
Last-Modified: Fri, 18 Nov 2022 15:44:07 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: EXPIRED
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76c1d35f6ea9b500-OSL
ocsp2.globalsign.com/gsorganizationvalsha2g2
104.18.20.226200 OK 1.5 kB URL HTTP/1.1 ocsp2.globalsign.com/gsorganizationvalsha2g2
IP 104.18.20.226:0
Hash 96158ae190f01d193254637b0408ea47
be48361ba33ee9b98b8fd17fcc3201538b3408ad
bfd0a15dddff82518b0e60c7e0e7e17c375b264c365ce3872956c75046a78338
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 15:44:07 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Tue, 22 Nov 2022 15:44:06 GMT
ETag: "be48361ba33ee9b98b8fd17fcc3201538b3408ad"
Last-Modified: Fri, 18 Nov 2022 15:44:07 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 0
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76c1d360ca750b61-OSL
mailsso.sg.aliyun.com/dingdinglogin/loginByDingQrCode.htm?app_code=smartmail&domain_name=makeupuccino.com&lang=en&network_env=1&redirect_url=http%3A%2F%2Fmail.makeupuccino.com%2Falimail%2Fauth%2FcallbackForCore%3Freurl%3D%252Falimail%252F&sign=7c9370dcce93fbe374a2485323c1c08e
47.246.110.147200 OK 2.3 kB URL HTTP/1.1 mailsso.sg.aliyun.com/dingdinglogin/loginByDingQrCode.htm?app_code=smartmail&domain_name=makeupuccino.com&lang=en&network_env=1&redirect_url=http%3A%2F%2Fmail.makeupuccino.com%2Falimail%2Fauth%2FcallbackForCore%3Freurl%3D%252Falimail%252F&sign=7c9370dcce93fbe374a2485323c1c08e
IP 47.246.110.147:0
ASN #45102 Alibaba US Technology Co., Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 9bc9e3482a823dc6bb5ed09f2c36f790
215c3a169788070dba269b488d7b681fe6c50cf1
e1ff045173b9a9c8dad0be91c253b2491c53709df4d7a88575c925cb14b5ce7e
GET /dingdinglogin/loginByDingQrCode.htm?app_code=smartmail&domain_name=makeupuccino.com&lang=en&network_env=1&redirect_url=http%3A%2F%2Fmail.makeupuccino.com%2Falimail%2Fauth%2FcallbackForCore%3Freurl%3D%252Falimail%252F&sign=7c9370dcce93fbe374a2485323c1c08e HTTP/1.1
Host: mailsso.sg.aliyun.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.makeupuccino.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Fri, 18 Nov 2022 15:44:08 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: alimail_sso_device_id=f892d7e736eb4354a3bfbab78c3d76ff; Expires=Thu, 14-Aug-2025 15:44:08 GMT; Path=/; Path=/; HttpOnly; Secure; SameSite=None;
alimail_sso_td=N2RkMzQ2Mzg1OGYzNGUwNzg0M2I3NmQ0ZWYwZjc3YzQ=; Expires=Sun, 18-Dec-2022 15:44:08 GMT; Path=/; Path=/; HttpOnly; Secure; SameSite=None;
JSESSIONID=Z9766391-F9O5O0AL7E08D5MVC1U32-U0U8OMAL-DI7; Path=/; HttpOnly
tmp0=z9iJo4G16CIJAagZ7lKwaFfJkfZE0mqg2RHFZZ3g8UoZocpVKsQLULxIIx1rOcZN9VGOxES9ZK0jiHKQ%2Bzyf12KEDv0ePvr%2FUheo4ZjMtqDCGujv4XZom1VHlQh50w0ipzkx2j0ztFfe5rTN4M%2F7gF5OuSclBjo2R7kCKpF8A2s%3D; Path=/; HttpOnly
Content-Language: zh-CN
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f7c5da16d7c4384a4c2454d6b0d84710
69fd80fdf2f1ce27b25617589c867cd1c6e5d2ab
a80d1b813523e44d2e59d7c2edd6919c0354873637bb15bccc88f66f5c24e05d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A80D1B813523E44D2E59D7C2EDD6919C0354873637BB15BCCC88F66F5C24E05D"
Last-Modified: Thu, 17 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15089
Expires: Fri, 18 Nov 2022 19:55:37 GMT
Date: Fri, 18 Nov 2022 15:44:08 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f7c5da16d7c4384a4c2454d6b0d84710
69fd80fdf2f1ce27b25617589c867cd1c6e5d2ab
a80d1b813523e44d2e59d7c2edd6919c0354873637bb15bccc88f66f5c24e05d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A80D1B813523E44D2E59D7C2EDD6919C0354873637BB15BCCC88F66F5C24E05D"
Last-Modified: Thu, 17 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15089
Expires: Fri, 18 Nov 2022 19:55:37 GMT
Date: Fri, 18 Nov 2022 15:44:08 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f7c5da16d7c4384a4c2454d6b0d84710
69fd80fdf2f1ce27b25617589c867cd1c6e5d2ab
a80d1b813523e44d2e59d7c2edd6919c0354873637bb15bccc88f66f5c24e05d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A80D1B813523E44D2E59D7C2EDD6919C0354873637BB15BCCC88F66F5C24E05D"
Last-Modified: Thu, 17 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15089
Expires: Fri, 18 Nov 2022 19:55:37 GMT
Date: Fri, 18 Nov 2022 15:44:08 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92501a28-163f-4c6e-aed7-d31c29354d1e.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92501a28-163f-4c6e-aed7-d31c29354d1e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 032386e5c9dffff1ba1ee5e8a322d438
dd4fd6c803a9b333bace9a541c6bd183d0c56bb9
0e9f559a0aa7e114c5810a27ba243c0da7b44dc0bf7aec2b7ab32b8f0e2b536c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92501a28-163f-4c6e-aed7-d31c29354d1e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11667
x-amzn-requestid: ae092a0a-1709-4497-9f07-0348a28d2491
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bqZOIEN7oAMFlaA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637408c0-5ac595df302a8f1d3703ad8d;Sampled=0
x-amzn-remapped-date: Tue, 15 Nov 2022 21:46:40 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: c_SJMaV3uYSUysTSOFV--jQqDUxw-fBp8cXWWUZw9vUjt0d6PsOpxA==
via: 1.1 0bb842bd5868b86440983b936bb0adee.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 18:45:44 GMT
age: 75504
etag: "dd4fd6c803a9b333bace9a541c6bd183d0c56bb9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feb1ea6fe-f968-42eb-9bb6-5965ae4e6ce6.jpeg
34.120.237.76200 OK 7.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feb1ea6fe-f968-42eb-9bb6-5965ae4e6ce6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e5fb6d72b647aabea33ab4017f4a0847
ed93ac946111340a254b92f8ce27e8be93ae87e8
0782ed4ffaea8f9487461d5a9b0c241d30dfe057676753b24e180d0a94efad99
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feb1ea6fe-f968-42eb-9bb6-5965ae4e6ce6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7045
x-amzn-requestid: e8dace8b-0cc8-4ea0-b47a-e42a66576f72
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bw-K3EuCIAMFsmQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6376aa45-71c191e462be52006858817b;Sampled=0
x-amzn-remapped-date: Thu, 17 Nov 2022 21:40:21 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: S0Sq8vuP-MbcuYVx_WFXTkmrY966mBTY1Qpowx_E_to1tDk1b8R-Bw==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 21:52:11 GMT
age: 64317
etag: "ed93ac946111340a254b92f8ce27e8be93ae87e8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3f1b43b0-5ba1-4c6c-9a53-bfae9befdd7d.jpeg
34.120.237.76200 OK 6.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3f1b43b0-5ba1-4c6c-9a53-bfae9befdd7d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a9d32fa3866dd741de610a61a93ad893
4cb2141b1ef1e5bf19a3b355995dcd8fa36f695e
4492338de536cfae6fb42fd37170c60f4fbc281a2a924efe6d2b5af352cd102c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3f1b43b0-5ba1-4c6c-9a53-bfae9befdd7d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6344
x-amzn-requestid: cac35b04-be3b-4ae1-bb5e-8cedcd7a7db4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: btqOVFCXIAMFcOg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63755728-45c28fa333b748520be29b57;Sampled=0
x-amzn-remapped-date: Wed, 16 Nov 2022 21:33:28 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: mhgNSp1_LsVmn00ULm116flMHpnfE6G6JABrJwXH5i4q-isv_W1-Ig==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 f313d3df80c4dab8f5399614116801cc.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 21:34:18 GMT
age: 65390
etag: "4cb2141b1ef1e5bf19a3b355995dcd8fa36f695e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20ddb38f-d459-45e6-9351-068a5306b3a1.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20ddb38f-d459-45e6-9351-068a5306b3a1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7d16e5ff718353c095d266b080fe547f
fa7c5c9a1d16355859196271f3d13f3850931888
9a94d8eb20cc56d0898b1e2b80c0006ebbef75c15ad94e907050c5be4e19a960
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20ddb38f-d459-45e6-9351-068a5306b3a1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10349
x-amzn-requestid: fc85e078-a81a-4fed-899e-15249961f59c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bw-7tHGLIAMF00Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6376ab7d-4224d193517794684fcdc0ad;Sampled=0
x-amzn-remapped-date: Thu, 17 Nov 2022 21:45:34 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: UK-XD_8EcfPwfLb-QVwfLr8aG-sqVBoUJcbPb5hKAlQS68eOxdgM5g==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 22:03:27 GMT
age: 63641
etag: "fa7c5c9a1d16355859196271f3d13f3850931888"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e93b023-2729-4761-a4ea-05612c0917fb.jpeg
34.120.237.76200 OK 3.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e93b023-2729-4761-a4ea-05612c0917fb.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5d0b6106f00f9fd8b89c2d484a559a1a
399ac393209dcdac7d2188d7aa8d95f04570ef7c
5d8151c9eb558f4a2b8bd2952c6845606ddb0c27e36f6e49aca7e60908cd9fe4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e93b023-2729-4761-a4ea-05612c0917fb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3759
x-amzn-requestid: 8c91ac59-89dc-4218-b69f-0cebb29f301b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bw-wJHgxoAMF-hQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6376ab33-4dac305614a92bc52c038222;Sampled=0
x-amzn-remapped-date: Thu, 17 Nov 2022 21:44:19 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Mb2-PTjNmt06Wd5jOjQ5WoLY-0NgI80CKPXtwgzBt4n5km8Pu_WN0Q==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 21:50:49 GMT
age: 64399
etag: "399ac393209dcdac7d2188d7aa8d95f04570ef7c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9672fb80-baaa-4ab8-b080-dc8c1ce94400.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9672fb80-baaa-4ab8-b080-dc8c1ce94400.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 05289172c1455c4134e496c6f4606efd
ce1bb33256b0754f9acc01e7e9f3e5dc85f89244
a8b4411a0310cc376efe2aec7c0830b8d3b63b8827631b0ff43ec092f1f80f82
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9672fb80-baaa-4ab8-b080-dc8c1ce94400.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12065
x-amzn-requestid: 45c97153-71c7-4985-a1ad-fc21a509d153
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bw-K5FyVIAMFtDg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6376aa45-0f9d22dd544a4580570f3089;Sampled=0
x-amzn-remapped-date: Thu, 17 Nov 2022 21:40:21 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: dxT2WJB7m5tUhgBn2PwTIN4Zskzm3X7CW-29hl1nCyNPbKt5j6q5iA==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 21:55:27 GMT
age: 64121
etag: "ce1bb33256b0754f9acc01e7e9f3e5dc85f89244"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
mailsso.sg.aliyun.com/home/css/webmail_login.css
47.246.110.147200 OK 1.8 kB URL HTTP/1.1 mailsso.sg.aliyun.com/home/css/webmail_login.css
IP 47.246.110.147:0
ASN #45102 Alibaba US Technology Co., Ltd.
File type ASCII text, with very long lines (7013), with no line terminators
Hash 745c5d8a30d42ff49e5391b645c58651
2bb1104521b4884d982d541608239a2ac54c8586
f0ca5d8d64fc030cf48ce6b89c593e61e08ddbce2f9c7180d5293ded7b3dd4a8
GET /home/css/webmail_login.css HTTP/1.1
Host: mailsso.sg.aliyun.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mailsso.sg.aliyun.com/dingdinglogin/loginByDingQrCode.htm?app_code=smartmail&domain_name=makeupuccino.com&lang=en&network_env=1&redirect_url=http%3A%2F%2Fmail.makeupuccino.com%2Falimail%2Fauth%2FcallbackForCore%3Freurl%3D%252Falimail%252F&sign=7c9370dcce93fbe374a2485323c1c08e
Cookie: alimail_sso_device_id=f892d7e736eb4354a3bfbab78c3d76ff; alimail_sso_td=N2RkMzQ2Mzg1OGYzNGUwNzg0M2I3NmQ0ZWYwZjc3YzQ=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Tengine
Date: Fri, 18 Nov 2022 15:44:08 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"7013-1668413085000"
Last-Modified: Mon, 14 Nov 2022 08:04:45 GMT
Content-Encoding: gzip
mail.makeupuccino.com/attachment/download_docstore?fileID=6cbdd81f-982b-41a9-9830-64ecbf5cca1f
47.246.165.52200 OK 192 kB URL HTTP/1.1 mail.makeupuccino.com/attachment/download_docstore?fileID=6cbdd81f-982b-41a9-9830-64ecbf5cca1f
IP 47.246.165.52:0
ASN #45102 Alibaba US Technology Co., Ltd.
File type PNG image data, 1280 x 500, 8-bit colormap, non-interlaced\012- data
Size 192 kB (191943 bytes)
Hash f1b03042107a5a2a9f420f06b2c3f748
bef50297888a5202a33d0a2fe0c585dcb9644ac4
0f0ee7151cd68a34b500a6ee186fab89706afc31b81a7a3f99ced54b6763112d
Analyzer Verdict Alert mnemonic_dns Sinkholed
GET /attachment/download_docstore?fileID=6cbdd81f-982b-41a9-9830-64ecbf5cca1f HTTP/1.1
Host: mail.makeupuccino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.makeupuccino.com/
Cookie: alimail_browser_instance=dC02NjA2MS1BRnYzS3A6026; alimail_sid=JS566MC1-RMR5L43F8QDO3B1LSZP53-RCS8OMAL-WBD1; alimail_sdata0=a24zos5gOAbHitWQr5w%2FAIM4UTgt9pc9mgzsObnCeySfLHcViOPu3Ij%2F1vL27fzX8iLfw76CcQ584APb6sJmL6FQsM%2FCcvtpocG6bwEeMIy1gGilVpunpT8sGOd24V7Nzc834kbhRLFRyciTUvMpYA%3D%3D
HTTP/1.1 200 OK
Server: Tengine
Date: Fri, 18 Nov 2022 15:44:07 GMT
Content-Type: application/octet-stream
Transfer-Encoding: chunked
Connection: keep-alive
Content-Disposition: inline; filename="/mail/6cbdd81f-982b-41a9-9830-64ecbf5cca1f"
mailsso.sg.aliyun.com/home/js/jquery.1.5.2.min.js
47.246.110.147200 OK 30 kB URL HTTP/1.1 mailsso.sg.aliyun.com/home/js/jquery.1.5.2.min.js
IP 47.246.110.147:0
ASN #45102 Alibaba US Technology Co., Ltd.
File type ASCII text, with very long lines (65169)
Hash 451fc2bd57d998ae53550f98ead5502c
0ec24c91b70d076b0fd43726f56d962150eba479
6f7b62d3e30c37ec008d7dc4b9234a1a972a55ed5e4ed9d2c8b7ae6491a6fd2d
GET /home/js/jquery.1.5.2.min.js HTTP/1.1
Host: mailsso.sg.aliyun.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mailsso.sg.aliyun.com/dingdinglogin/loginByDingQrCode.htm?app_code=smartmail&domain_name=makeupuccino.com&lang=en&network_env=1&redirect_url=http%3A%2F%2Fmail.makeupuccino.com%2Falimail%2Fauth%2FcallbackForCore%3Freurl%3D%252Falimail%252F&sign=7c9370dcce93fbe374a2485323c1c08e
Cookie: alimail_sso_device_id=f892d7e736eb4354a3bfbab78c3d76ff; alimail_sso_td=N2RkMzQ2Mzg1OGYzNGUwNzg0M2I3NmQ0ZWYwZjc3YzQ=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Tengine
Date: Fri, 18 Nov 2022 15:44:08 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"85924-1668413085000"
Last-Modified: Mon, 14 Nov 2022 08:04:45 GMT
Content-Encoding: gzip
mailsso.sg.aliyun.com/login.htm?app_code=smartmail&lang=en&redirect_url=http%3A%2F%2Fmail.makeupuccino.com%2Falimail%2Fauth%2FcallbackForCore%3Freurl%3D%252Falimail%252F&network_env=1&sign=7c9370dcce93fbe374a2485323c1c08e&device_id=f892d7e736eb4354a3bfbab78c3d76ff&domain_name=makeupuccino.com
47.246.110.147200 OK 8.0 kB URL HTTP/1.1 mailsso.sg.aliyun.com/login.htm?app_code=smartmail&lang=en&redirect_url=http%3A%2F%2Fmail.makeupuccino.com%2Falimail%2Fauth%2FcallbackForCore%3Freurl%3D%252Falimail%252F&network_env=1&sign=7c9370dcce93fbe374a2485323c1c08e&device_id=f892d7e736eb4354a3bfbab78c3d76ff&domain_name=makeupuccino.com
IP 47.246.110.147:0
ASN #45102 Alibaba US Technology Co., Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash aee7086c6513f8e710673350fefed74f
ee0a19aa15a76e17c1a676ff8c615d353b2b0874
49962d017593fe570d418220d7137467a6d2fcfbb76dc969533275b6a7cdf671
GET /login.htm?app_code=smartmail&lang=en&redirect_url=http%3A%2F%2Fmail.makeupuccino.com%2Falimail%2Fauth%2FcallbackForCore%3Freurl%3D%252Falimail%252F&network_env=1&sign=7c9370dcce93fbe374a2485323c1c08e&device_id=f892d7e736eb4354a3bfbab78c3d76ff&domain_name=makeupuccino.com HTTP/1.1
Host: mailsso.sg.aliyun.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mailsso.sg.aliyun.com/dingdinglogin/loginByDingQrCode.htm?app_code=smartmail&domain_name=makeupuccino.com&lang=en&network_env=1&redirect_url=http%3A%2F%2Fmail.makeupuccino.com%2Falimail%2Fauth%2FcallbackForCore%3Freurl%3D%252Falimail%252F&sign=7c9370dcce93fbe374a2485323c1c08e
Cookie: alimail_sso_device_id=f892d7e736eb4354a3bfbab78c3d76ff; alimail_sso_td=N2RkMzQ2Mzg1OGYzNGUwNzg0M2I3NmQ0ZWYwZjc3YzQ=
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Tengine
Date: Fri, 18 Nov 2022 15:44:09 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
P3P: CP=CAO PSA OUR
Pragma: No-cache
Cache-Control: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Set-Cookie: alimail_sso_lang=en; Expires=Thu, 14-Aug-2025 15:44:09 GMT; Path=/; Secure; SameSite=None;
alimail_sso_context=eyJhcHBDb2RlIjoic21hcnRtYWlsIiwiZGV2aWNlSWQiOiJmODkyZDdlNzM2ZWI0MzU0YTNiZmJhYjc4YzNkNzZmZiIsImRvbWFpbiI6Im1haWwubWFrZXVwdWNjaW5vLmNvbSIsImxhbmciOiJlbiIsInJlZGlyZWN0VXJsIjoiaHR0cDovL21haWwubWFrZXVwdWNjaW5vLmNvbS9hbGltYWlsL2F1dGgvY2FsbGJhY2tGb3JDb3JlP3JldXJsPSUyRmFsaW1haWwlMkYiLCJ1cmxSZWFsRG9tYWluIjpmYWxzZX0=; Path=/; Path=/; HttpOnly; Secure; SameSite=None;
JSESSIONID=Z9766391-F9O5O0AL7E08D5MVC1U32-XPU8OMAL-EI7; Path=/; HttpOnly
tmp0=z9iJo4G16CIJAagZ7lKwaFfJkfZE0mqg2RHFZZ3g8UoZocpVKsQLULxIIx1rOcZNrWe4nbM4CJ5wGIYT5yn9NOZwG9w6TZRPPL70%2B07EhpeIjMo39LqeCI0PJnUCWkWk6A6Ha2C%2BrwKTJcS5RUZhctD%2BAdUObw9QWU5b42Ih6Ic%3D; Path=/; HttpOnly
Content-Language: zh-CN
Content-Encoding: gzip
mailsso.sg.aliyun.com/home/css/common.css
47.246.110.147200 OK 957 B URL HTTP/1.1 mailsso.sg.aliyun.com/home/css/common.css
IP 47.246.110.147:0
ASN #45102 Alibaba US Technology Co., Ltd.
File type assembler source, Unicode text, UTF-8 text
Hash 69c01ad341f05c4e64d2869b5b3bf612
5a8065463c126399e113ab9dbb9ff6af2c598009
1343efbe6930adfd68bda3c6e04d03c7a02538b8574a451c9b925346c86de2ac
GET /home/css/common.css HTTP/1.1
Host: mailsso.sg.aliyun.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mailsso.sg.aliyun.com/login.htm?app_code=smartmail&lang=en&redirect_url=http%3A%2F%2Fmail.makeupuccino.com%2Falimail%2Fauth%2FcallbackForCore%3Freurl%3D%252Falimail%252F&network_env=1&sign=7c9370dcce93fbe374a2485323c1c08e&device_id=f892d7e736eb4354a3bfbab78c3d76ff&domain_name=makeupuccino.com
Cookie: alimail_sso_device_id=f892d7e736eb4354a3bfbab78c3d76ff; alimail_sso_td=N2RkMzQ2Mzg1OGYzNGUwNzg0M2I3NmQ0ZWYwZjc3YzQ=; alimail_sso_lang=en; alimail_sso_context=eyJhcHBDb2RlIjoic21hcnRtYWlsIiwiZGV2aWNlSWQiOiJmODkyZDdlNzM2ZWI0MzU0YTNiZmJhYjc4YzNkNzZmZiIsImRvbWFpbiI6Im1haWwubWFrZXVwdWNjaW5vLmNvbSIsImxhbmciOiJlbiIsInJlZGlyZWN0VXJsIjoiaHR0cDovL21haWwubWFrZXVwdWNjaW5vLmNvbS9hbGltYWlsL2F1dGgvY2FsbGJhY2tGb3JDb3JlP3JldXJsPSUyRmFsaW1haWwlMkYiLCJ1cmxSZWFsRG9tYWluIjpmYWxzZX0=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Tengine
Date: Fri, 18 Nov 2022 15:44:09 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"2586-1668413085000"
Last-Modified: Mon, 14 Nov 2022 08:04:45 GMT
Content-Encoding: gzip
mailsso.sg.aliyun.com/home/css/guide.css?t=20210720
47.246.110.147200 OK 695 B URL HTTP/1.1 mailsso.sg.aliyun.com/home/css/guide.css?t=20210720
IP 47.246.110.147:0
ASN #45102 Alibaba US Technology Co., Ltd.
Hash 342931364acd1ab304df8ba970c2cbb4
5f1e7526719bf5b1b14856079d6015dcb95ab04c
78ac3bea4d1b5612c5834a8c494237744183e671e12b21ebda0236561c5c0228
GET /home/css/guide.css?t=20210720 HTTP/1.1
Host: mailsso.sg.aliyun.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mailsso.sg.aliyun.com/login.htm?app_code=smartmail&lang=en&redirect_url=http%3A%2F%2Fmail.makeupuccino.com%2Falimail%2Fauth%2FcallbackForCore%3Freurl%3D%252Falimail%252F&network_env=1&sign=7c9370dcce93fbe374a2485323c1c08e&device_id=f892d7e736eb4354a3bfbab78c3d76ff&domain_name=makeupuccino.com
Cookie: alimail_sso_device_id=f892d7e736eb4354a3bfbab78c3d76ff; alimail_sso_td=N2RkMzQ2Mzg1OGYzNGUwNzg0M2I3NmQ0ZWYwZjc3YzQ=; alimail_sso_lang=en; alimail_sso_context=eyJhcHBDb2RlIjoic21hcnRtYWlsIiwiZGV2aWNlSWQiOiJmODkyZDdlNzM2ZWI0MzU0YTNiZmJhYjc4YzNkNzZmZiIsImRvbWFpbiI6Im1haWwubWFrZXVwdWNjaW5vLmNvbSIsImxhbmciOiJlbiIsInJlZGlyZWN0VXJsIjoiaHR0cDovL21haWwubWFrZXVwdWNjaW5vLmNvbS9hbGltYWlsL2F1dGgvY2FsbGJhY2tGb3JDb3JlP3JldXJsPSUyRmFsaW1haWwlMkYiLCJ1cmxSZWFsRG9tYWluIjpmYWxzZX0=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Tengine
Date: Fri, 18 Nov 2022 15:44:09 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"2320-1668413085000"
Last-Modified: Mon, 14 Nov 2022 08:04:45 GMT
Content-Encoding: gzip
mailsso.sg.aliyun.com/home/images/blank.gif
47.246.110.147200 OK 49 B URL HTTP/1.1 mailsso.sg.aliyun.com/home/images/blank.gif
IP 47.246.110.147:0
ASN #45102 Alibaba US Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ed280a0ea3cc38f3cbbc747acfbef47d
6bdcb32ee75e957a5085c010f4dfd0c716bfdadc
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
GET /home/images/blank.gif HTTP/1.1
Host: mailsso.sg.aliyun.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mailsso.sg.aliyun.com/login.htm?app_code=smartmail&lang=en&redirect_url=http%3A%2F%2Fmail.makeupuccino.com%2Falimail%2Fauth%2FcallbackForCore%3Freurl%3D%252Falimail%252F&network_env=1&sign=7c9370dcce93fbe374a2485323c1c08e&device_id=f892d7e736eb4354a3bfbab78c3d76ff&domain_name=makeupuccino.com
Cookie: alimail_sso_device_id=f892d7e736eb4354a3bfbab78c3d76ff; alimail_sso_td=N2RkMzQ2Mzg1OGYzNGUwNzg0M2I3NmQ0ZWYwZjc3YzQ=; alimail_sso_lang=en; alimail_sso_context=eyJhcHBDb2RlIjoic21hcnRtYWlsIiwiZGV2aWNlSWQiOiJmODkyZDdlNzM2ZWI0MzU0YTNiZmJhYjc4YzNkNzZmZiIsImRvbWFpbiI6Im1haWwubWFrZXVwdWNjaW5vLmNvbSIsImxhbmciOiJlbiIsInJlZGlyZWN0VXJsIjoiaHR0cDovL21haWwubWFrZXVwdWNjaW5vLmNvbS9hbGltYWlsL2F1dGgvY2FsbGJhY2tGb3JDb3JlP3JldXJsPSUyRmFsaW1haWwlMkYiLCJ1cmxSZWFsRG9tYWluIjpmYWxzZX0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Tengine
Date: Fri, 18 Nov 2022 15:44:09 GMT
Content-Type: image/gif
Content-Length: 49
Connection: keep-alive
Accept-Ranges: bytes
ETag: W/"49-1668413085000"
Last-Modified: Mon, 14 Nov 2022 08:04:45 GMT
mailsso.sg.aliyun.com/home/images/main.png
47.246.110.147200 OK 3.5 kB URL HTTP/1.1 mailsso.sg.aliyun.com/home/images/main.png
IP 47.246.110.147:0
ASN #45102 Alibaba US Technology Co., Ltd.
File type PNG image data, 158 x 35, 8-bit/color RGBA, non-interlaced\012- data
Hash 434d4af6314c4f75480362c7a88833d8
78843ca3eb97b07cb2d4afee7acd4cd2d2f791ec
09cb7150b4aa839c5ac8ba7efd7424b79e3bfea5e4fdd173991ba951b0ad525b
GET /home/images/main.png HTTP/1.1
Host: mailsso.sg.aliyun.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mailsso.sg.aliyun.com/login.htm?app_code=smartmail&lang=en&redirect_url=http%3A%2F%2Fmail.makeupuccino.com%2Falimail%2Fauth%2FcallbackForCore%3Freurl%3D%252Falimail%252F&network_env=1&sign=7c9370dcce93fbe374a2485323c1c08e&device_id=f892d7e736eb4354a3bfbab78c3d76ff&domain_name=makeupuccino.com
Cookie: alimail_sso_device_id=f892d7e736eb4354a3bfbab78c3d76ff; alimail_sso_td=N2RkMzQ2Mzg1OGYzNGUwNzg0M2I3NmQ0ZWYwZjc3YzQ=; alimail_sso_lang=en; alimail_sso_context=eyJhcHBDb2RlIjoic21hcnRtYWlsIiwiZGV2aWNlSWQiOiJmODkyZDdlNzM2ZWI0MzU0YTNiZmJhYjc4YzNkNzZmZiIsImRvbWFpbiI6Im1haWwubWFrZXVwdWNjaW5vLmNvbSIsImxhbmciOiJlbiIsInJlZGlyZWN0VXJsIjoiaHR0cDovL21haWwubWFrZXVwdWNjaW5vLmNvbS9hbGltYWlsL2F1dGgvY2FsbGJhY2tGb3JDb3JlP3JldXJsPSUyRmFsaW1haWwlMkYiLCJ1cmxSZWFsRG9tYWluIjpmYWxzZX0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Tengine
Date: Fri, 18 Nov 2022 15:44:09 GMT
Content-Type: image/png
Content-Length: 3493
Connection: keep-alive
Accept-Ranges: bytes
ETag: W/"3493-1668413085000"
Last-Modified: Mon, 14 Nov 2022 08:04:45 GMT
mailsso.sg.aliyun.com/home/js/jsencrypt.js
47.246.110.147200 OK 18 kB URL HTTP/1.1 mailsso.sg.aliyun.com/home/js/jsencrypt.js
IP 47.246.110.147:0
ASN #45102 Alibaba US Technology Co., Ltd.
File type Unicode text, UTF-8 text, with very long lines (14011)
Hash cb1e440ccec12470cb4d9e22d1d94eb1
3ba306c4c8f97eb074e87b062a12ee3559574f12
3574755929ce84edb7a515c3a7c2bb2401544912969b63c718f2364457e04ca0
GET /home/js/jsencrypt.js HTTP/1.1
Host: mailsso.sg.aliyun.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mailsso.sg.aliyun.com/login.htm?app_code=smartmail&lang=en&redirect_url=http%3A%2F%2Fmail.makeupuccino.com%2Falimail%2Fauth%2FcallbackForCore%3Freurl%3D%252Falimail%252F&network_env=1&sign=7c9370dcce93fbe374a2485323c1c08e&device_id=f892d7e736eb4354a3bfbab78c3d76ff&domain_name=makeupuccino.com
Cookie: alimail_sso_device_id=f892d7e736eb4354a3bfbab78c3d76ff; alimail_sso_td=N2RkMzQ2Mzg1OGYzNGUwNzg0M2I3NmQ0ZWYwZjc3YzQ=; alimail_sso_lang=en; alimail_sso_context=eyJhcHBDb2RlIjoic21hcnRtYWlsIiwiZGV2aWNlSWQiOiJmODkyZDdlNzM2ZWI0MzU0YTNiZmJhYjc4YzNkNzZmZiIsImRvbWFpbiI6Im1haWwubWFrZXVwdWNjaW5vLmNvbSIsImxhbmciOiJlbiIsInJlZGlyZWN0VXJsIjoiaHR0cDovL21haWwubWFrZXVwdWNjaW5vLmNvbS9hbGltYWlsL2F1dGgvY2FsbGJhY2tGb3JDb3JlP3JldXJsPSUyRmFsaW1haWwlMkYiLCJ1cmxSZWFsRG9tYWluIjpmYWxzZX0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Tengine
Date: Fri, 18 Nov 2022 15:44:10 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"56201-1668413085000"
Last-Modified: Mon, 14 Nov 2022 08:04:45 GMT
Content-Encoding: gzip
mailsso.sg.aliyun.com/home/images/smart/sq.png
47.246.110.147200 OK 1.3 kB URL HTTP/1.1 mailsso.sg.aliyun.com/home/images/smart/sq.png
IP 47.246.110.147:0
ASN #45102 Alibaba US Technology Co., Ltd.
File type PNG image data, 42 x 42, 8-bit/color RGB, non-interlaced\012- data
Hash 79ab718bbdc02fd437adf4c703f4e264
43ca5c8272af2560ec9622610ecd983564a4a18c
291f38753c3396355b06d8d00960d4ff7a35a333417d425cf10a6d0f3c990718
GET /home/images/smart/sq.png HTTP/1.1
Host: mailsso.sg.aliyun.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mailsso.sg.aliyun.com/login.htm?app_code=smartmail&lang=en&redirect_url=http%3A%2F%2Fmail.makeupuccino.com%2Falimail%2Fauth%2FcallbackForCore%3Freurl%3D%252Falimail%252F&network_env=1&sign=7c9370dcce93fbe374a2485323c1c08e&device_id=f892d7e736eb4354a3bfbab78c3d76ff&domain_name=makeupuccino.com
Cookie: alimail_sso_device_id=f892d7e736eb4354a3bfbab78c3d76ff; alimail_sso_td=N2RkMzQ2Mzg1OGYzNGUwNzg0M2I3NmQ0ZWYwZjc3YzQ=; alimail_sso_lang=en; alimail_sso_context=eyJhcHBDb2RlIjoic21hcnRtYWlsIiwiZGV2aWNlSWQiOiJmODkyZDdlNzM2ZWI0MzU0YTNiZmJhYjc4YzNkNzZmZiIsImRvbWFpbiI6Im1haWwubWFrZXVwdWNjaW5vLmNvbSIsImxhbmciOiJlbiIsInJlZGlyZWN0VXJsIjoiaHR0cDovL21haWwubWFrZXVwdWNjaW5vLmNvbS9hbGltYWlsL2F1dGgvY2FsbGJhY2tGb3JDb3JlP3JldXJsPSUyRmFsaW1haWwlMkYiLCJ1cmxSZWFsRG9tYWluIjpmYWxzZX0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Tengine
Date: Fri, 18 Nov 2022 15:44:10 GMT
Content-Type: image/png
Content-Length: 1272
Connection: keep-alive
Accept-Ranges: bytes
ETag: W/"1272-1668413085000"
Last-Modified: Mon, 14 Nov 2022 08:04:45 GMT
ocsp2.globalsign.com/gsorganizationvalsha2g2
104.18.20.226200 OK 1.5 kB URL HTTP/1.1 ocsp2.globalsign.com/gsorganizationvalsha2g2
IP 104.18.20.226:0
Hash d962512d22327fda24ef3cf3e2c4afda
5b1aeacd6d3580dfaf1a844d2c0691a729a0edc3
431c95fe6278f7decc32c9038dcea36a7200a9ab59af4cbe8220d1732bc577fe
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 15:44:11 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Tue, 22 Nov 2022 14:02:44 GMT
ETag: "5b1aeacd6d3580dfaf1a844d2c0691a729a0edc3"
Last-Modified: Fri, 18 Nov 2022 14:02:45 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1181
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76c1d3789decb500-OSL
mailsso.aliyun.com/home/images/blank.gif
140.205.135.3200 OK 49 B URL HTTP/2 mailsso.aliyun.com/home/images/blank.gif
IP 140.205.135.3:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ed280a0ea3cc38f3cbbc747acfbef47d
6bdcb32ee75e957a5085c010f4dfd0c716bfdadc
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
GET /home/images/blank.gif HTTP/1.1
Host: mailsso.aliyun.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mailsso.sg.aliyun.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
server: Tengine
date: Fri, 18 Nov 2022 15:44:12 GMT
content-type: image/gif
content-length: 49
accept-ranges: bytes
etag: W/"49-1668413085000"
last-modified: Mon, 14 Nov 2022 08:04:45 GMT
eagleeye-traceid: 0be3e0be16687862520047639e7976
strict-transport-security: max-age=0
timing-allow-origin: *
X-Firefox-Spdy: h2