r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3bbb845b153026fc5332dd4506585b57
3cad200fac28fd00f34ce6ef79373e661e188743
6035871c0de6ff2d120921461207cfa32bc286e1fe78849ce74815ffbb9ff950
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6035871C0DE6FF2D120921461207CFA32BC286E1FE78849CE74815FFBB9FF950"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6983
Expires: Sat, 03 Dec 2022 13:17:50 GMT
Date: Sat, 03 Dec 2022 11:21:27 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 7439fb99a444b66db1e68ffbfaa38451
4b7742d7956485906f1c392c478515ff89a46184
636327ce88f733e5a1d39af212f97242717a39ce20edaef330fafea238e3a309
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6566
Cache-Control: max-age=89954
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 11:21:27 GMT
Etag: "6389d3f3-1d7"
Expires: Sun, 04 Dec 2022 12:20:41 GMT
Last-Modified: Fri, 02 Dec 2022 10:31:15 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 55b4c61a1e99001307750e3647fe1102
7559f9f6770b7d3f45b723167062096312641e08
39f6bb64420bcfc8f0b010168fd35b67732984cd0698409f04d5ae40410422aa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39F6BB64420BCFC8F0B010168FD35B67732984CD0698409F04D5AE40410422AA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5734
Expires: Sat, 03 Dec 2022 12:57:01 GMT
Date: Sat, 03 Dec 2022 11:21:27 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 03 Dec 2022 11:18:15 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 192
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: fWNnALuSb2l2pwYtD4E+IPqAzcPchmE84oOFNg5wLauAIAfJUO5xaO4zJPERT08+9cJRuT7wNOU=
x-amz-request-id: NPBD7AEXDVA0BJAV
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 03 Dec 2022 10:47:05 GMT
age: 2062
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 03 Dec 2022 11:21:27 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 03 Dec 2022 11:08:58 GMT
cache-control: public,max-age=3600
age: 750
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a151c326c67e1abb747847c1427db76f
80885d30ef8ba867bf33c40b861976958a27493a
de2b573ee1c8af980e593352e0c331b2595f62bd4499300ace30821d20814760
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 561
Cache-Control: max-age=165284
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 11:21:28 GMT
Etag: "638b11ab-1d7"
Expires: Mon, 05 Dec 2022 09:16:12 GMT
Last-Modified: Sat, 03 Dec 2022 09:06:51 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
52.38.198.114101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.38.198.114:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: EU3jTcxY4V9Dkxj9xCVVIA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: /XOUIvgQEzT5uAib2mTPi04+zDQ=
wap.glaaforum.com/go5o/
164.155.189.134200 OK 5.7 kB IP 164.155.189.134:0
ASN #140224 STARCLOUD GLOBAL PTE., LTD.
Hash fad2be2b44ee682c5f5bf4ed202e826f
c68557acb6700a2993572d195611d89dbee0de62
1470a817fa6c5902c390bd97dcd4364d4d2f95dfd1bf09e2ab9617f8c3b2a0a9
Analyzer Verdict Alert fortinet Malware
GET /go5o/ HTTP/1.1
Host: wap.glaaforum.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Dec 2022 11:21:28 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
wap.glaaforum.com/template/company_mobile/default/css/style.css
164.155.189.134200 OK 2.3 kB URL HTTP/1.1 wap.glaaforum.com/template/company_mobile/default/css/style.css
IP 164.155.189.134:0
ASN #140224 STARCLOUD GLOBAL PTE., LTD.
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash d89520ece430b4031e2f980dd2f8945c
2128a52d2541c116bd5fe83981e9276cc519dd9d
cb496c52d5eceb7bedc928bf08e8ff890de65d53e7bbb1a79c7b947114aa2200
GET /template/company_mobile/default/css/style.css HTTP/1.1
Host: wap.glaaforum.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://wap.glaaforum.com/go5o/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Dec 2022 11:21:29 GMT
Content-Type: text/css
Last-Modified: Wed, 01 May 2019 15:05:18 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5cc9b5ae-1da7"
Content-Encoding: gzip
sdk.51.la/js-sdk-pro.min.js
47.253.50.2200 OK 13 kB URL HTTP/1.1 sdk.51.la/js-sdk-pro.min.js
IP 47.253.50.2:0
ASN #45102 Alibaba US Technology Co., Ltd.
File type Unicode text, UTF-8 text, with very long lines (34110)
Hash 29243483fe441404931c046d27be80a6
92a0c68b0169eff0addb8cc05a53f6e009d41d47
4865f22b0a68c6a0a6c2d3cbedb9a190ffbea105c4f1e2a5806172919456f3b1
GET /js-sdk-pro.min.js HTTP/1.1
Host: sdk.51.la
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://wap.glaaforum.com/
HTTP/1.1 200 OK
Server: openresty
Date: Sat, 03 Dec 2022 11:21:29 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Fri, 15 Jul 2022 04:05:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"62d0e7a4-861a"
Cache-Control: max-age=1296000
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
wap.glaaforum.com/js/orsxg5a.script
164.155.189.134200 OK 151 B URL HTTP/1.1 wap.glaaforum.com/js/orsxg5a.script
IP 164.155.189.134:0
ASN #140224 STARCLOUD GLOBAL PTE., LTD.
File type ASCII text, with no line terminators
Hash 414a1309ff8303d0700d41b2e5527aba
e426a1a938e45800557444f2fbff1ed336fb3c9d
650d8f70f3fd1104abe89fabf37e9b41c23cfcd00e18dc23ca6d671292d8ed01
Analyzer Verdict Alert fortinet Malware
GET /js/orsxg5a.script HTTP/1.1
Host: wap.glaaforum.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://wap.glaaforum.com/go5o/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Dec 2022 11:21:29 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
wap.glaaforum.com/template/company_mobile/default/js/touchScroll.js
164.155.189.134200 OK 11 kB URL HTTP/1.1 wap.glaaforum.com/template/company_mobile/default/js/touchScroll.js
IP 164.155.189.134:0
ASN #140224 STARCLOUD GLOBAL PTE., LTD.
File type ISO-8859 text, with CRLF line terminators
Hash 831a0f56b2a2e6df1470a4ef77d667bd
a46e75fc68f5606d04a57109cb062256582a3369
5556b4544decaab8e3ee0df1296198727118e18b2c96bed595db015b423ebf6d
Analyzer Verdict Alert fortinet Malware
GET /template/company_mobile/default/js/touchScroll.js HTTP/1.1
Host: wap.glaaforum.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://wap.glaaforum.com/go5o/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Dec 2022 11:21:29 GMT
Content-Type: application/javascript
Last-Modified: Wed, 01 May 2019 13:16:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5cc99c48-863f"
Content-Encoding: gzip
wap.glaaforum.com/template/company_mobile/default/js/js.js
164.155.189.134200 OK 3.4 kB URL HTTP/1.1 wap.glaaforum.com/template/company_mobile/default/js/js.js
IP 164.155.189.134:0
ASN #140224 STARCLOUD GLOBAL PTE., LTD.
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash f6ff9630a5ec36e0f8116309f6fa1b3e
8a2418dcdc227b8d5592dd2ec4d6379d8bbd435b
52af9949547923fbe3f05da6f760fd85c3f3f1e930ea304768312b4efc7530c6
Analyzer Verdict Alert fortinet Malware
GET /template/company_mobile/default/js/js.js HTTP/1.1
Host: wap.glaaforum.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://wap.glaaforum.com/go5o/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Dec 2022 11:21:29 GMT
Content-Type: application/javascript
Last-Modified: Wed, 01 May 2019 13:16:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5cc99c48-26ab"
Content-Encoding: gzip
wap.glaaforum.com/template/company_mobile/default/js/ks-switch.pack.js
164.155.189.134200 OK 862 B URL HTTP/1.1 wap.glaaforum.com/template/company_mobile/default/js/ks-switch.pack.js
IP 164.155.189.134:0
ASN #140224 STARCLOUD GLOBAL PTE., LTD.
File type ASCII text, with very long lines (1378), with no line terminators
Hash 99e39fda89975cad148836aa5447a644
fd8a6fe5ee7451bab68a8419465c77b8bab74917
a2834fc3cdc7bcc2ba1931e8981cc5d8983b20cf355cbc37dc7edc1323ec1e09
Analyzer Verdict Alert fortinet Malware
GET /template/company_mobile/default/js/ks-switch.pack.js HTTP/1.1
Host: wap.glaaforum.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://wap.glaaforum.com/go5o/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Dec 2022 11:21:29 GMT
Content-Type: application/javascript
Last-Modified: Wed, 01 May 2019 13:16:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5cc99c48-562"
Content-Encoding: gzip
ocsp.globalsign.com/gsrsaovsslca2018
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.21.226:0
Hash 1cc4255090101f5f955f72589e096b58
49fff1030670824d9628b3d9f54a4b7d309e128e
abc185d85e7250d758f18e928d09660e27b6c7fe3612cb224307f9f2dd3b8496
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 11:21:29 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Wed, 07 Dec 2022 08:35:30 GMT
ETag: "49fff1030670824d9628b3d9f54a4b7d309e128e"
Last-Modified: Sat, 03 Dec 2022 08:35:31 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 773beb46cf22b505-OSL
ocsp.globalsign.com/gsrsaovsslca2018
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.21.226:0
Hash 1cc4255090101f5f955f72589e096b58
49fff1030670824d9628b3d9f54a4b7d309e128e
abc185d85e7250d758f18e928d09660e27b6c7fe3612cb224307f9f2dd3b8496
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 11:21:29 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Wed, 07 Dec 2022 08:35:30 GMT
ETag: "49fff1030670824d9628b3d9f54a4b7d309e128e"
Last-Modified: Sat, 03 Dec 2022 08:35:31 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 773beb46ca4efab8-OSL
wap.glaaforum.com/template/company_mobile/default/js/jquery-1.4.2.min.js
164.155.189.134200 OK 30 kB URL HTTP/1.1 wap.glaaforum.com/template/company_mobile/default/js/jquery-1.4.2.min.js
IP 164.155.189.134:0
ASN #140224 STARCLOUD GLOBAL PTE., LTD.
File type ASCII text, with very long lines (820), with CRLF line terminators
Hash 7369b82e79b6997696b6cae1ba70a8f0
50ad85d7a7fb8d9c13377e02bb9ada91392ef26e
681182fc9f4ffbe8edf0836410f6db3e837c03708c54c1aee435c48db4a21402
Analyzer Verdict Alert fortinet Malware
GET /template/company_mobile/default/js/jquery-1.4.2.min.js HTTP/1.1
Host: wap.glaaforum.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://wap.glaaforum.com/go5o/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Dec 2022 11:21:29 GMT
Content-Type: application/javascript
Last-Modified: Wed, 01 May 2019 13:16:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5cc99c48-13999"
Content-Encoding: gzip
image11.m1905.cn/mdb/uploadfile/2018/0425/thumb_1_128_176_20180425092835670449.jpg
163.171.140.79200 OK 19 kB URL HTTP/1.1 image11.m1905.cn/mdb/uploadfile/2018/0425/thumb_1_128_176_20180425092835670449.jpg
IP 163.171.140.79:0
ASN #54994 QUANTILNETWORKS
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v90), quality = 95", baseline, precision 8, 128x176, components 3\012- data
Hash d029a72e53099c70af97f97c1cfe9b70
d29ddd7187bfa53934cf3c39ac2f0bb08b6f23ec
84919a3d6b9e7b419139a39036895b092f504ef02981d81421b787921b7d7d0a
GET /mdb/uploadfile/2018/0425/thumb_1_128_176_20180425092835670449.jpg HTTP/1.1
Host: image11.m1905.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://wap.glaaforum.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 11:21:29 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Fri, 13 Oct 2023 14:06:16 GMT
Server: nginx
Cache-Control: max-age=31104000
Last-Modified: Mon, 28 Sep 2020 19:43:04 GMT
Content-Encoding: gzip
Age: 1
X-Via: 1.1 PSbjwjBGP2rw177:9 (Cdn Cache Server V2.0), 1.1 PS-WNZ-019yF119:5 (Cdn Cache Server V2.0), 1.1 PShlamstdAMS1cc96:9 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638b3139_PShlamstdAMS1cc96_10340-26684
Ws-S2h-Acc-Level: 3
image11.m1905.cn/mdb/uploadfile/2018/0205/thumb_1_128_176_20180205034316543261.jpg
163.171.140.79200 OK 23 kB URL HTTP/1.1 image11.m1905.cn/mdb/uploadfile/2018/0205/thumb_1_128_176_20180205034316543261.jpg
IP 163.171.140.79:0
ASN #54994 QUANTILNETWORKS
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v90), quality = 95", baseline, precision 8, 128x176, components 3\012- data
Hash 54c9318d72c79177d2fc4cd528db0feb
1c3c7cb46642e49df68d1943c8df1c406ac4daaf
16810bdeeead993819c5f1bca563e0ff553fb4f0ccb26df5e3353066305be316
GET /mdb/uploadfile/2018/0205/thumb_1_128_176_20180205034316543261.jpg HTTP/1.1
Host: image11.m1905.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://wap.glaaforum.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 11:21:29 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Tue, 24 Oct 2023 12:16:52 GMT
Server: nginx
Cache-Control: max-age=31104000
Last-Modified: Wed, 30 Sep 2020 05:22:54 GMT
Content-Encoding: gzip
Age: 1
X-Via: 1.1 PSbjwjBGP2rw177:6 (Cdn Cache Server V2.0), 1.1 PS-WNZ-019yF119:0 (Cdn Cache Server V2.0), 1.1 PShlamstdAMS1cc96:18 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638b3139_PShlamstdAMS1cc96_10340-26683
Ws-S2h-Acc-Level: 3
image11.m1905.cn/uploadfile/2009/1106/thumb_1_150_205_20091106112357202.jpg
163.171.140.79200 OK 20 kB URL HTTP/1.1 image11.m1905.cn/uploadfile/2009/1106/thumb_1_150_205_20091106112357202.jpg
IP 163.171.140.79:0
ASN #54994 QUANTILNETWORKS
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 95", baseline, precision 8, 150x205, components 3\012- data
Hash 1df52207137758ba443a2552b17ffbb9
7ca4ee818e2c78a051e50b77e53b236baf380323
a7b92b92bb5be4b92c18662997b14f8557c99decf9de7bc5e47a03a124c371c0
GET /uploadfile/2009/1106/thumb_1_150_205_20091106112357202.jpg HTTP/1.1
Host: image11.m1905.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://wap.glaaforum.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 11:21:29 GMT
Content-Type: image/jpeg
Content-Length: 20246
Connection: keep-alive
Expires: Fri, 21 Jul 2023 15:29:25 GMT
Server: nginx
Cache-Control: max-age=31104000
Last-Modified: Tue, 02 Feb 2016 11:32:03 GMT
Age: 1
X-Via: 1.1 sx237:5 (Cdn Cache Server V2.0), 1.1 PS-WNZ-014ke13:3 (Cdn Cache Server V2.0), 1.1 PShlamstdAMS1se91:6 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638b3139_PShlamstdAMS1cc96_10340-26686
Ws-S2h-Acc-Level: 3
image11.m1905.cn/mdb/uploadfile/2018/0201/thumb_1_128_176_20180201024047264842.jpg
163.171.140.79200 OK 19 kB URL HTTP/1.1 image11.m1905.cn/mdb/uploadfile/2018/0201/thumb_1_128_176_20180201024047264842.jpg
IP 163.171.140.79:0
ASN #54994 QUANTILNETWORKS
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v90), quality = 95", baseline, precision 8, 128x176, components 3\012- data
Hash 91d4ae6e32eccb9b78cd304436c976ce
1dc659ced7c1bf42f42f6ce95b9338079d9ff3dd
709b6f8017eb0277d7bf188de97f6e338c2f541485dd59e949eaf10b255d0665
GET /mdb/uploadfile/2018/0201/thumb_1_128_176_20180201024047264842.jpg HTTP/1.1
Host: image11.m1905.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://wap.glaaforum.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 11:21:29 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 28 Sep 2023 20:12:09 GMT
Server: nginx
Cache-Control: max-age=31104000
Last-Modified: Mon, 28 Sep 2020 16:53:55 GMT
Content-Encoding: gzip
Age: 1
X-Via: 1.1 PS-000-01OZJ23:13 (Cdn Cache Server V2.0), 1.1 PS-WNZ-01bfq121:8 (Cdn Cache Server V2.0), 1.1 PShlamstdAMS1cc96:6 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638b3139_PShlamstdAMS1cc96_10149-49024
Ws-S2h-Acc-Level: 3
image11.m1905.cn/mdb/uploadfile/2018/0306/thumb_1_128_176_20180306112147224395.jpg
163.171.140.79200 OK 18 kB URL HTTP/1.1 image11.m1905.cn/mdb/uploadfile/2018/0306/thumb_1_128_176_20180306112147224395.jpg
IP 163.171.140.79:0
ASN #54994 QUANTILNETWORKS
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v90), quality = 95", baseline, precision 8, 128x176, components 3\012- data
Hash d79e77f9a37a90c058aded22392f73f6
4563000508807d4376f49e8fe716490684093402
c930e0bfb06e18c29717158835e06669a4675f3c7ebd104ac181437c1fb6a349
GET /mdb/uploadfile/2018/0306/thumb_1_128_176_20180306112147224395.jpg HTTP/1.1
Host: image11.m1905.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://wap.glaaforum.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 11:21:29 GMT
Content-Type: image/jpeg
Content-Length: 18255
Connection: keep-alive
Expires: Tue, 24 Oct 2023 12:45:28 GMT
Server: nginx
Cache-Control: max-age=31104000
Last-Modified: Thu, 01 Oct 2020 01:12:03 GMT
Age: 1
X-Via: 1.1 PSbjwjBGP2yt134:8 (Cdn Cache Server V2.0), 1.1 PS-WNZ-019yF119:8 (Cdn Cache Server V2.0), 1.1 PShlamstdAMS1wt94:13 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638b3139_PShlamstdAMS1cc96_9909-58126
Ws-S2h-Acc-Level: 3
image11.m1905.cn/mdb/uploadfile/2018/0223/thumb_1_128_176_20180223042327696616.jpg
163.171.140.79200 OK 8.9 kB URL HTTP/1.1 image11.m1905.cn/mdb/uploadfile/2018/0223/thumb_1_128_176_20180223042327696616.jpg
IP 163.171.140.79:0
ASN #54994 QUANTILNETWORKS
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v90), quality = 95", baseline, precision 8, 128x176, components 3\012- data
Hash 9e14a156763f674328b61639bc262c78
c39e6450543ecf2fbb6101e4f40ef932135b3dfb
05639d1533e7da4fc9ad0c2f3053a5e3b31c2738e54dc3ce4672d3a11dc24897
GET /mdb/uploadfile/2018/0223/thumb_1_128_176_20180223042327696616.jpg HTTP/1.1
Host: image11.m1905.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://wap.glaaforum.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 11:21:29 GMT
Content-Type: image/jpeg
Content-Length: 8947
Connection: keep-alive
Expires: Tue, 24 Oct 2023 12:05:12 GMT
Server: nginx
Cache-Control: max-age=31104000
Last-Modified: Thu, 03 Dec 2020 14:43:28 GMT
Age: 1
X-Via: 1.1 PSjsczsx2ng18:3 (Cdn Cache Server V2.0), 1.1 PS-WNZ-01bfq121:2 (Cdn Cache Server V2.0), 1.1 PShlamstdAMS1vj92:11 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638b3139_PShlamstdAMS1cc96_9637-62769
Ws-S2h-Acc-Level: 3
image11.m1905.cn/uploadfile/2016/1107/thumb_1_150_85_20161107092445977617.jpg
163.171.140.79200 OK 8.8 kB URL HTTP/1.1 image11.m1905.cn/uploadfile/2016/1107/thumb_1_150_85_20161107092445977617.jpg
IP 163.171.140.79:0
ASN #54994 QUANTILNETWORKS
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 95", baseline, precision 8, 150x85, components 3\012- data
Hash d358813956f85f2f9d1db7c96559d080
e9a2837f30a7ab282bde16eb5b7125e13fd7dc31
2b5491418f214fa7a3d59c9ad080c800a88d5cf30abfb97bf2a93483be18e5e4
GET /uploadfile/2016/1107/thumb_1_150_85_20161107092445977617.jpg HTTP/1.1
Host: image11.m1905.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://wap.glaaforum.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 11:21:29 GMT
Content-Type: image/jpeg
Content-Length: 8759
Connection: keep-alive
Expires: Mon, 20 Nov 2023 21:17:54 GMT
Server: nginx
Cache-Control: max-age=31104000
Last-Modified: Mon, 08 Jan 2018 07:33:04 GMT
Age: 1
X-Via: 1.1 PS-000-015df33:7 (Cdn Cache Server V2.0), 1.1 PS-WNZ-019yF119:9 (Cdn Cache Server V2.0), 1.1 PShlamstdAMS1se91:2 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638b3139_PShlamstdAMS1cc96_10512-36810
Ws-S2h-Acc-Level: 3
image11.m1905.cn/uploadfile/2009/1221/thumb_1_150_205_20091221110446347.jpg
163.171.140.79200 OK 24 kB URL HTTP/1.1 image11.m1905.cn/uploadfile/2009/1221/thumb_1_150_205_20091221110446347.jpg
IP 163.171.140.79:0
ASN #54994 QUANTILNETWORKS
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v90), quality = 95", baseline, precision 8, 150x205, components 3\012- data
Hash 1f1d537a664198a76b615b5e1820b1a9
b438dfbb111bdf14a55e734ea6e83ca6c04dd283
9a488b16bf0120203d4483009b8733d9111055b44cdfccb4d68292e7214b7874
GET /uploadfile/2009/1221/thumb_1_150_205_20091221110446347.jpg HTTP/1.1
Host: image11.m1905.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://wap.glaaforum.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 11:21:29 GMT
Content-Type: image/jpeg
Content-Length: 24330
Connection: keep-alive
Expires: Mon, 20 Nov 2023 21:17:55 GMT
Server: nginx
Cache-Control: max-age=31104000
Last-Modified: Wed, 15 Dec 2021 00:08:10 GMT
Age: 1
X-Via: 1.1 zhshx16:10 (Cdn Cache Server V2.0), 1.1 PS-WNZ-018KZ7:14 (Cdn Cache Server V2.0), 1.1 PShlamstdAMS1cc96:17 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638b3139_PShlamstdAMS1cc96_10340-26687
Ws-S2h-Acc-Level: 3
image11.m1905.cn/mdb/uploadfile/2018/0619/thumb_1_128_176_20180619012938747590.jpg
163.171.140.79200 OK 17 kB URL HTTP/1.1 image11.m1905.cn/mdb/uploadfile/2018/0619/thumb_1_128_176_20180619012938747590.jpg
IP 163.171.140.79:0
ASN #54994 QUANTILNETWORKS
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v90), quality = 95", baseline, precision 8, 128x176, components 3\012- data
Hash 543f88700c5e541870af8cf2120b0767
c6015dbf5f0b6b014ed95c2d2d917c266799cd4f
e16274cc0117c80ad4b3e2b526db0350e836aac5d979f22ee5685b568b9e9dc9
GET /mdb/uploadfile/2018/0619/thumb_1_128_176_20180619012938747590.jpg HTTP/1.1
Host: image11.m1905.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://wap.glaaforum.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 11:21:29 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Tue, 10 Oct 2023 02:10:47 GMT
Server: nginx
Cache-Control: max-age=31104000
Last-Modified: Wed, 30 Sep 2020 18:47:49 GMT
Content-Encoding: gzip
Age: 1
X-Via: 1.1 PSbjwjBGP2rw177:8 (Cdn Cache Server V2.0), 1.1 PS-WNZ-019yF119:9 (Cdn Cache Server V2.0), 1.1 PShlamstdAMS1se91:2 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638b3139_PShlamstdAMS1cc96_10340-26688
Ws-S2h-Acc-Level: 3
wap.glaaforum.com/uploads/images/logo.png?n=5gu3x2njvts3vf7fxcboln5f4s4jv2fox3s2jb7frc3otafa4whie&w=200
164.155.189.134200 OK 2.8 kB URL HTTP/1.1 wap.glaaforum.com/uploads/images/logo.png?n=5gu3x2njvts3vf7fxcboln5f4s4jv2fox3s2jb7frc3otafa4whie&w=200
IP 164.155.189.134:0
ASN #140224 STARCLOUD GLOBAL PTE., LTD.
File type PNG image data, 200 x 66, 8-bit colormap, non-interlaced\012- data
Hash 787aa4edcf1f57350e42168f47e630a9
8ec97105ee2d6fcc7614affc535d98bf31694ab8
4e341dc53871b6953fc892b9e15c01c63b5a8efcf63e7fe86059f73a3f8d0014
GET /uploads/images/logo.png?n=5gu3x2njvts3vf7fxcboln5f4s4jv2fox3s2jb7frc3otafa4whie&w=200 HTTP/1.1
Host: wap.glaaforum.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://wap.glaaforum.com/go5o/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Dec 2022 11:21:29 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14846
Expires: Sat, 03 Dec 2022 15:28:55 GMT
Date: Sat, 03 Dec 2022 11:21:29 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14846
Expires: Sat, 03 Dec 2022 15:28:55 GMT
Date: Sat, 03 Dec 2022 11:21:29 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14846
Expires: Sat, 03 Dec 2022 15:28:55 GMT
Date: Sat, 03 Dec 2022 11:21:29 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14846
Expires: Sat, 03 Dec 2022 15:28:55 GMT
Date: Sat, 03 Dec 2022 11:21:29 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg
34.120.237.76200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b986f9fcbeca91ed5c8d58fbfaf47d19
6e6c8bd2bce144cc4da1cd7be375b046b60dca79
07a8938d2841f8c13bd646f4e79e41e46acd6463aa019cd70871b3741f12bb4f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6174
x-amzn-requestid: f78f1e9d-8c0c-495d-a862-61838f8297e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cZ0iyH2WoAMFQdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63870144-45442a8544259930564f685b;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 07:07:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: QIOz71_Kr08pIIwOm2GUkWr421fO7-UyUI7LYld0JBaGnYQ0j3IDFg==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 00:57:24 GMT
age: 37445
etag: "6e6c8bd2bce144cc4da1cd7be375b046b60dca79"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg
34.120.237.76200 OK 2.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b47431190f34eccf0a6efb98e2a32b7d
9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704
08d3b6be354cafb70c20e6865788cb375adbf88d47711651fe1a3b855094daf2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 2942
x-amzn-requestid: ed26679f-cd56-477f-9914-f9afbcaaeea6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGeoGFYoAMFWgA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-4ec6bebe21656d5026456994;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XvG2dAUeB914GQ1qJwQRHovAtra8OSjG-CsXeR8UOBq5r8qVjEbPBQ==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 05:02:08 GMT
age: 22761
etag: "9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F57219d7e-330b-4d3f-a472-55cd262c7dc1.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F57219d7e-330b-4d3f-a472-55cd262c7dc1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash dbee75c6c314655f738b57b828bef016
bb36d39c7adf764e8a7dcf7f91125001623975b4
fd40949b9711db01be746d1723f78c2bb04d356063c6249b8b5ae1470532367a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F57219d7e-330b-4d3f-a472-55cd262c7dc1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10877
x-amzn-requestid: bebc4f7f-7349-4973-99f5-d6c3b8a27072
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ciZN1G2uIAMFryg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638a6f25-0637a1a946db78074bc19dc3;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 21:33:25 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: WKEeqfEv-NjZr_39K27vuE9FrqYcJCI5oQk0_JIl_HuO3iA0f57_vw==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 21:49:27 GMT
etag: "bb36d39c7adf764e8a7dcf7f91125001623975b4"
content-type: image/jpeg
age: 48722
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F528dcb40-0960-4efd-98b7-a07004a61b22.jpeg
34.120.237.76200 OK 7.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F528dcb40-0960-4efd-98b7-a07004a61b22.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3abdcce275bb9723b4ac1d0c38cc8891
91f0d888c38db0899f106b652e3dcac062648099
ff411fc0d5abaf519d6600961ec51ad71ad9a02e23cc02ad818e27f0324b3d1e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F528dcb40-0960-4efd-98b7-a07004a61b22.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7657
x-amzn-requestid: c0dbd862-41cf-4fa8-ab6b-256763c63fbf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ciZN1Fo6IAMF9EQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638a6f25-554ffbc83fd70c557437120f;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 21:33:25 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: V_7_ohQr9ENIjOvdvy65ZpJqg2OI9gzRdiuxCTJzl4qwXe2Nmu_tAQ==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 21:49:27 GMT
etag: "91f0d888c38db0899f106b652e3dcac062648099"
content-type: image/jpeg
age: 48722
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F627a3f86-b7fa-44c4-a119-2e3d23eb8b6a.jpeg
34.120.237.76200 OK 5.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F627a3f86-b7fa-44c4-a119-2e3d23eb8b6a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1e74254b3fdce7d6b84a71a7aff43789
65c8b4abf957f9b54d99d0f78559e639adb29efb
f278c3cc6734da7188862a8c651c803e7ac1fda82234e191761453cb1359d3ee
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F627a3f86-b7fa-44c4-a119-2e3d23eb8b6a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5354
x-amzn-requestid: 3d58ffea-3433-4c5c-a60b-17f6de3a33e5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cSsnvG44oAMFfyQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638427ca-63b375f04189b7ce7d84cd5d;Sampled=0
x-amzn-remapped-date: Mon, 28 Nov 2022 03:15:22 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: -AurmlKwF0QgfsWBsV3ZN9ZyDhw1Zo82zUqrpkBbvbCfh0j7evV2Tg==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 11:01:04 GMT
age: 1225
etag: "65c8b4abf957f9b54d99d0f78559e639adb29efb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F73b53015-e415-4fff-9252-8a16bbe000f5.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F73b53015-e415-4fff-9252-8a16bbe000f5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 45182367fd4f8b6dd234eef1022acdb1
d4b3052021ff3ad1dc4134fa25eb12a98e7c17da
a57fadaf74db2fb457cfe761314d56f021d22146f5bdb6a8bf11b6519e8a558d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F73b53015-e415-4fff-9252-8a16bbe000f5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9715
x-amzn-requestid: c8102cfa-78dc-4d81-ad6a-e16b9132e238
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ciZO2HQKIAMF8IA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638a6f2b-350c586b568e6565763376bd;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 21:33:31 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 0QkVKyYm9UwlF5FEeli9UsRAQwEi3-c3bMR-QSJxIKRQe7WWT76dGQ==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 21:51:06 GMT
age: 48623
etag: "d4b3052021ff3ad1dc4134fa25eb12a98e7c17da"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
wap.glaaforum.com/favicon.ico
164.155.189.134200 OK 0 B URL HTTP/1.1 wap.glaaforum.com/favicon.ico
IP 164.155.189.134:0
ASN #140224 STARCLOUD GLOBAL PTE., LTD.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: wap.glaaforum.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://wap.glaaforum.com/go5o/
Cookie: __vtins__Jpm09Q5RmLGCqXbS=%7B%22sid%22%3A%20%2215ab24f9-054b-58ff-bb8c-8493effbd972%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201670068287626%2C%20%22ct%22%3A%201670066487626%7D; __51uvsct__Jpm09Q5RmLGCqXbS=1; __51vcke__Jpm09Q5RmLGCqXbS=a484d4f0-eb68-57f3-8305-8cf960f982db; __51vuft__Jpm09Q5RmLGCqXbS=1670066487631
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Dec 2022 11:21:30 GMT
Content-Type: image/x-icon
Content-Length: 0
Last-Modified: Tue, 30 Jul 2019 15:51:36 GMT
Connection: keep-alive
ETag: "5d406788-0"
Accept-Ranges: bytes
collect-v6.51.la/v6/collect?dt=4
103.143.19.103200 0 B URL HTTP/1.1 collect-v6.51.la/v6/collect?dt=4
IP 103.143.19.103:0
ASN #4837 CHINA UNICOM China169 Backbone
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /v6/collect?dt=4 HTTP/1.1
Host: collect-v6.51.la
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Length: 350
Origin: http://wap.glaaforum.com
Connection: keep-alive
Referer: http://wap.glaaforum.com/
HTTP/1.1 200
Server: CloudWAF
Date: Sat, 03 Dec 2022 11:21:30 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: HWWAFSESID=5dc34a0f3b93155844f; path=/
HWWAFSESTIME=1670066487063; path=/
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Origin: http://wap.glaaforum.com
Access-Control-Allow-Credentials: true
ocsp.globalsign.com/gsrsaovsslca2018
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.21.226:0
Hash 98a96979290d0eef677894be60299aad
5c3786a34d587b40a70235505cac3747b0cdcaef
e678d08ddb56adaa9a1f85d5bef274cc950e1a418cb50de731fa34688a64c2b7
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 11:21:30 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Wed, 07 Dec 2022 08:24:41 GMT
ETag: "5c3786a34d587b40a70235505cac3747b0cdcaef"
Last-Modified: Sat, 03 Dec 2022 08:24:42 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 422
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 773beb4fe9acb505-OSL
ocsp.globalsign.com/gsrsaovsslca2018
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.21.226:0
Hash 98a96979290d0eef677894be60299aad
5c3786a34d587b40a70235505cac3747b0cdcaef
e678d08ddb56adaa9a1f85d5bef274cc950e1a418cb50de731fa34688a64c2b7
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 11:21:30 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Wed, 07 Dec 2022 08:24:41 GMT
ETag: "5c3786a34d587b40a70235505cac3747b0cdcaef"
Last-Modified: Sat, 03 Dec 2022 08:24:42 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 422
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 773beb4ff819fab8-OSL
push.zhanzhang.baidu.com/push.js
182.61.201.93200 OK 227 B URL HTTP/1.1 push.zhanzhang.baidu.com/push.js
IP 182.61.201.93:0
ASN #38365 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with no line terminators
Hash e548b6ce15bb616c2bfba36e9cfbf307
a348285d9928a6548a57569f1fb9d62bdd747f33
7be3e4c53cc47ce5cfa40a5e79b42848a90acee0d7ff71f10ac31a49c81aead5
GET /push.js HTTP/1.1
Host: push.zhanzhang.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://wap.glaaforum.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Length: 227
Content-Type: text/javascript
Date: Sat, 03 Dec 2022 11:21:30 GMT
Etag: "4078521116"
Expires: Sun, 03 Dec 2023 11:21:30 GMT
Last-Modified: Wed, 25 Nov 2015 07:47:55 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Server: apache
Set-Cookie: BAIDUID=C0BFBB665B961EFB8D937E78CC653E01:FG=1; max-age=31536000; expires=Sun, 03-Dec-23 11:21:30 GMT; domain=.baidu.com; path=/; version=1
Vary: Accept-Encoding
hm.baidu.com/hm.js?da07a36c57d5e527a7db71f6c8c7a3b4
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?da07a36c57d5e527a7db71f6c8c7a3b4
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (621)
Hash c76dbcb82d953ba93ae5b52a138fcccd
67fa7c3b8ae1de9fb10ed92e7991329c0815add8
b24cd76dfc106c083894eb8bbcbcac2613f35a028b76df99953bb75cf70f9730
GET /hm.js?da07a36c57d5e527a7db71f6c8c7a3b4 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://wap.glaaforum.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11259
Content-Type: application/javascript
Date: Sat, 03 Dec 2022 11:21:31 GMT
Etag: 00a84f29056c6736914bccbc800023c6
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=3DE41DE9B473A1D2; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.js?db1f361a1d1a6d3b9098f74d3cec1cc0
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?db1f361a1d1a6d3b9098f74d3cec1cc0
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (618)
Hash 84f64975cdaf1a3938753f6028f9a01b
8fbe757ce20266686a71daa3faa27f6792d3dfca
e296607606be43fdfaf1c395b7367bedbe14cf3b213c967de834c97ea45286dc
GET /hm.js?db1f361a1d1a6d3b9098f74d3cec1cc0 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://wap.glaaforum.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11256
Content-Type: application/javascript
Date: Sat, 03 Dec 2022 11:21:31 GMT
Etag: 1f0a5cd5a8e09470928f214652d8895f
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=EE54AA95C9596C57; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=284833537&si=da07a36c57d5e527a7db71f6c8c7a3b4&v=1.3.0&lv=1&sn=38085&r=0&ww=1280&u=http%3A%2F%2Fwap.glaaforum.com%2Fgo5o%2F&tt=AOA%E4%BD%93%E8%82%B2%7C%E4%B8%AD%E5%9B%BD%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8%E5%AE%98%E7%BD%91
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=284833537&si=da07a36c57d5e527a7db71f6c8c7a3b4&v=1.3.0&lv=1&sn=38085&r=0&ww=1280&u=http%3A%2F%2Fwap.glaaforum.com%2Fgo5o%2F&tt=AOA%E4%BD%93%E8%82%B2%7C%E4%B8%AD%E5%9B%BD%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8%E5%AE%98%E7%BD%91
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=284833537&si=da07a36c57d5e527a7db71f6c8c7a3b4&v=1.3.0&lv=1&sn=38085&r=0&ww=1280&u=http%3A%2F%2Fwap.glaaforum.com%2Fgo5o%2F&tt=AOA%E4%BD%93%E8%82%B2%7C%E4%B8%AD%E5%9B%BD%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8%E5%AE%98%E7%BD%91 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://wap.glaaforum.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sat, 03 Dec 2022 11:21:31 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=08833B3CC6DFD63C; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
api.share.baidu.com/s.gif?l=http://wap.glaaforum.com/go5o/
182.61.201.94200 OK 0 B URL HTTP/1.1 api.share.baidu.com/s.gif?l=http://wap.glaaforum.com/go5o/
IP 182.61.201.94:0
ASN #38365 Beijing Baidu Netcom Science and Technology Co., Ltd.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s.gif?l=http://wap.glaaforum.com/go5o/ HTTP/1.1
Host: api.share.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://wap.glaaforum.com/
HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/plain; charset=utf-8
Date: Sat, 03 Dec 2022 11:21:32 GMT
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=675273598&si=db1f361a1d1a6d3b9098f74d3cec1cc0&v=1.3.0&lv=1&sn=38085&r=0&ww=1280&u=http%3A%2F%2Fwap.glaaforum.com%2Fgo5o%2F&tt=AOA%E4%BD%93%E8%82%B2%7C%E4%B8%AD%E5%9B%BD%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8%E5%AE%98%E7%BD%91
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=675273598&si=db1f361a1d1a6d3b9098f74d3cec1cc0&v=1.3.0&lv=1&sn=38085&r=0&ww=1280&u=http%3A%2F%2Fwap.glaaforum.com%2Fgo5o%2F&tt=AOA%E4%BD%93%E8%82%B2%7C%E4%B8%AD%E5%9B%BD%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8%E5%AE%98%E7%BD%91
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=675273598&si=db1f361a1d1a6d3b9098f74d3cec1cc0&v=1.3.0&lv=1&sn=38085&r=0&ww=1280&u=http%3A%2F%2Fwap.glaaforum.com%2Fgo5o%2F&tt=AOA%E4%BD%93%E8%82%B2%7C%E4%B8%AD%E5%9B%BD%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8%E5%AE%98%E7%BD%91 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://wap.glaaforum.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sat, 03 Dec 2022 11:21:32 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=FA9E7D96CF9C0327; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff