r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2d2e7649ce9e9ba6fc8b68aa89352e3c
0153d1d3d830a457043e16bb40d48a0b9ddef4b8
8eed57c91b42ef7b2d5eff1309e306e23e13c3de21219af24a693cbf3e8977fc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8EED57C91B42EF7B2D5EFF1309E306E23E13C3DE21219AF24A693CBF3E8977FC"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11237
Expires: Thu, 01 Dec 2022 08:43:51 GMT
Date: Thu, 01 Dec 2022 05:36:34 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash f3cf023c797da81728c0ac84c8759331
fa07c5e39e4b0741ea484101cccb2202acea9d9c
5206a0bac8bf78d6b84322519271a1ece2c1039a0090e583de6d6192d88873d0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5073
Cache-Control: max-age=109158
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 05:36:34 GMT
Etag: "638730f7-1d7"
Expires: Fri, 02 Dec 2022 11:55:52 GMT
Last-Modified: Wed, 30 Nov 2022 10:31:19 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6d9d34c96b9a826ae5676640c966469c
8052a16d41a637e420478b7de1ff5a2dc951fccd
f18ac558cb786126bb7efb159e03353d268d5f5796bcfd2691a349dfc68d863c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F18AC558CB786126BB7EFB159E03353D268D5F5796BCFD2691A349DFC68D863C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4406
Expires: Thu, 01 Dec 2022 06:50:00 GMT
Date: Thu, 01 Dec 2022 05:36:34 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 01 Dec 2022 05:18:07 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1107
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: cqv1P0MEK4mFUBqHPIRl7BoMNE7f9mUHiXPT4MVRofZwUCuj0HGxCtBWEBY8TXXZKGTul4WkpSE=
x-amz-request-id: 8NEHAV6RGXGZRPXB
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 01 Dec 2022 04:45:31 GMT
age: 3063
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 05:36:34 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, ETag, Alert, Expires, Cache-Control, Backoff, Content-Length, Content-Type, Pragma, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 01 Dec 2022 05:11:15 GMT
cache-control: public,max-age=3600
age: 1520
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash cfdd00e67ee6ca21712b867eb5288ab6
b61d5d6ec3b7ad71619e13e32c87f2d01871b88a
f740cac6dfedc1bf0f82efb10dac4f6ffb22f9bb5d4a9b68a4cd971dd2f65793
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5061
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 05:36:35 GMT
Last-Modified: Thu, 01 Dec 2022 04:12:14 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471
gdzwcs.com/
47.96.195.102301 Moved Permanently 239 B IP 47.96.195.102:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 67194376ec810b1466000b45b043ab94
b5b0840425f5602244750801336e7e8b9efd022f
39e3595d59216b98e54c6f089954d1397d9eb7f75a2a85914881cec2eef07164
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: gdzwcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: Tengine
Date: Thu, 01 Dec 2022 05:36:35 GMT
Content-Type: text/html
Content-Length: 239
Connection: keep-alive
Location: https://gdzwcs.com/
push.services.mozilla.com/
54.188.211.138101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.188.211.138:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: F7zVrTRZjXZqBaRIu0C+Zg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: jA+Lu+gaT5jSUf+KjsAqU1uww20=
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash cca6c2fddcf0be1971880721d22b5ce7
782f45956704e4bcca3b661cff271e96323fda4d
b247ea42721b11885586b31cf018d177290f7f2ae2ddacb05756961b3997a314
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=133583
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 05:36:36 GMT
Etag: "6387a433-1d7"
Expires: Fri, 02 Dec 2022 18:42:59 GMT
Last-Modified: Wed, 30 Nov 2022 18:42:59 GMT
Server: nginx
Content-Length: 471
gdzwcs.com/
47.96.195.102200 OK 18 kB IP 47.96.195.102:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (648), with CRLF line terminators
Hash 3b4c68dbf19847db6120a328e86a1ffb
203a734dd18f088fd7f358af9c29efadf6ce691b
8427261d0ffab341b9bf92b7787ef4c293c4ae64c7668efd4aa0a4167bcd31a0
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: gdzwcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 05:36:36 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 18179
Connection: keep-alive
Set-Cookie: acw_tc=781bad2d16698729964847133e2a76b6656fae86c48fd0ac69595b8823384b;path=/;HttpOnly;Max-Age=1800
Cache-Control: private, s-maxage=0
Content-Encoding: gzip
Vary: Accept-Encoding
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type,Access-Token,MallAppConfig
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Strict-Transport-Security: max-age=31536000
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15621
Expires: Thu, 01 Dec 2022 09:56:58 GMT
Date: Thu, 01 Dec 2022 05:36:37 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F051e025a-c892-4a7d-8a1d-95f6d77ebb3c.jpeg
34.120.237.76200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F051e025a-c892-4a7d-8a1d-95f6d77ebb3c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d2dd5a4bcfd47db8f38544bf39ce3031
fa2217bae05b7beca2e12597eaad835298276b82
3266004f5e73af5359b71622eea31f1e28abb4bbc443b5f9e481b5a8b2e9249e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F051e025a-c892-4a7d-8a1d-95f6d77ebb3c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4762
x-amzn-requestid: 52b09ca3-705b-4c86-9f56-172637553f87
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cP7TVG58oAMFQTw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63830c15-4577a47243ad190672f8ac89;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 07:04:53 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Y0-NAp2LMMG5TjQQ9ENHwDyKXLObKTYqzPPOWvZhs7Y9WJIC6LoblQ==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 08:50:17 GMT
age: 74780
etag: "fa2217bae05b7beca2e12597eaad835298276b82"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2bbca075-74f3-4647-8b00-66430fff5397.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2bbca075-74f3-4647-8b00-66430fff5397.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 70afa08b7d0b64772b90ae190689e6c1
527cf32104041423176fadd3cfc2120fe63f6bfc
31ebf9decb53b8180922c4b10d0427aba95a802246a5ced8ec368d814a33b843
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2bbca075-74f3-4647-8b00-66430fff5397.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9993
x-amzn-requestid: 7d7febbc-2bdf-44e9-9727-9c56b5bcb138
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cb1VNFZiIAMFV-g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387cf54-1f89231026a9b5c467324134;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:47:00 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Zc0QAEb9prX_ZBUYuD-407TwT2ATljy_OTmUNq31I9udG16Dx3JWtw==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 22:00:48 GMT
age: 27349
etag: "527cf32104041423176fadd3cfc2120fe63f6bfc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15621
Expires: Thu, 01 Dec 2022 09:56:58 GMT
Date: Thu, 01 Dec 2022 05:36:37 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F38aeadfb-098c-4e6a-8abc-40288efe2526.jpeg
34.120.237.76200 OK 3.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F38aeadfb-098c-4e6a-8abc-40288efe2526.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 609419f1a2c58ae67febde5e2cb91c9f
bfb37735a2500848338a8fa12f28516a1ad9b5ba
32a4a65c8bd4da715b5331537bd606bab2767ad8c07af3b8aebbe5cad5591812
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F38aeadfb-098c-4e6a-8abc-40288efe2526.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3751
x-amzn-requestid: 80396218-5515-4f77-9d57-95b323e1f1c0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cbzNHHGGoAMF8mA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387cbed-09f83d1a5b7f65175fb137ab;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:32:29 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: _mQdH9J5CaTiYNIQf5xVn-HGUP5tKhW_1foVDdpsVIoG_NKb9wZOJg==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:49:45 GMT
age: 28012
etag: "bfb37735a2500848338a8fa12f28516a1ad9b5ba"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15621
Expires: Thu, 01 Dec 2022 09:56:58 GMT
Date: Thu, 01 Dec 2022 05:36:37 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15621
Expires: Thu, 01 Dec 2022 09:56:58 GMT
Date: Thu, 01 Dec 2022 05:36:37 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F02cf22ee-ded9-4b9d-b5d8-ee6690ac9f45.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F02cf22ee-ded9-4b9d-b5d8-ee6690ac9f45.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f07f254d44ff2fb86ee22cee39ef3eb0
0660a548a491d4a58ca2246f094f0553437c3f61
859b2416d638b1dc91ff563800517124b38d45b4c5db99e21539c1700829dbe4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F02cf22ee-ded9-4b9d-b5d8-ee6690ac9f45.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10985
x-amzn-requestid: ef9e5eb9-b7b3-41e9-9837-a5979ab35d94
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cV91OFzsoAMFcew=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63857687-53b152c0027d26e52383e27e;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 03:03:35 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: F_ZBWwAOPbEjvMD1ChrgN9QYUyyFYdtRT6CcX6gviowmeinPRgVtnA==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 04:19:21 GMT
age: 4636
etag: "0660a548a491d4a58ca2246f094f0553437c3f61"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15621
Expires: Thu, 01 Dec 2022 09:56:58 GMT
Date: Thu, 01 Dec 2022 05:36:37 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc551f651-39d0-4021-90ed-915a79168ea0.jpeg
34.120.237.76200 OK 4.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc551f651-39d0-4021-90ed-915a79168ea0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b8802d5080eb35e4052ef31cf7658650
1e78566f2e69268c5f753fb49112ab07aae3eccf
9c96906ee1dea353198c9069fa7e42b100e4fa766e5be8e4d8db036033961086
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc551f651-39d0-4021-90ed-915a79168ea0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4409
x-amzn-requestid: cb422842-e955-4749-8b2a-3c028a09c20f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cbz7XEE2IAMFY3A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387cd15-3c4d1a6d4d542e81179ea8ba;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:37:25 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: zYLCQ4DUQtMklG-T-ATot22PDIUMjnN1wpVkoHBh4Oa3TAyNzTv86g==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:49:45 GMT
age: 28012
etag: "1e78566f2e69268c5f753fb49112ab07aae3eccf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff1df312f-7c86-4a62-be1e-1a72c9b2d228.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff1df312f-7c86-4a62-be1e-1a72c9b2d228.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 72735620afafb0d8d91b6d83cf292298
9de2fd7c375e92fd60444dc677cf09428393eff3
9dd40d4adf9e3dacb962cc6e1bd00d38473125567eb2b57eef643be972dfe69f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff1df312f-7c86-4a62-be1e-1a72c9b2d228.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8660
x-amzn-requestid: 9474178d-c342-498a-996d-1ef3b804f1a7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cWh0hEx_oAMFjmQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6385b01c-33e27513010fdec8627942be;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 07:09:16 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 4R5jPnETZnbrWCUXoWvq3FTs_NOJMQWCaHbK321P4qqRgv05JtR1kA==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 07:18:56 GMT
age: 80261
etag: "9de2fd7c375e92fd60444dc677cf09428393eff3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
gdzwcs.com/Content/Plugins/layer/skin/layer.css?v=258
47.96.195.102200 OK 4.2 kB URL HTTP/1.1 gdzwcs.com/Content/Plugins/layer/skin/layer.css?v=258
IP 47.96.195.102:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type Unicode text, UTF-8 text, with very long lines (333), with CRLF line terminators
Hash 0dd05cea875e71ccd5c3620bc256eb48
faa9df0905602f9763ed0259aeb1eeab724541fb
1e25055c6ab74eab7182f57fe64346e853aae62be56f1c15f71c7beeda37a1d9
GET /Content/Plugins/layer/skin/layer.css?v=258 HTTP/1.1
Host: gdzwcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gdzwcs.com/
Cookie: acw_tc=781bad2d16698729964847133e2a76b6656fae86c48fd0ac69595b8823384b
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 05:36:37 GMT
Content-Type: text/css
Content-Length: 4168
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Thu, 12 Nov 2020 12:12:36 GMT
Accept-Ranges: bytes
ETag: "2fd4bb1bedb8d61:0"
Vary: Accept-Encoding
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type,Access-Token,MallAppConfig
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Strict-Transport-Security: max-age=31536000
gdzwcs.com/Content/Css/hover-min.css?v=258
47.96.195.102200 OK 12 kB URL HTTP/1.1 gdzwcs.com/Content/Css/hover-min.css?v=258
IP 47.96.195.102:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type ASCII text, with very long lines (65192), with CRLF line terminators
Hash c09db9c40e2ad260d84b829e1922a7e5
2599107e0ab883c4528945d21619df844ab7b78d
4ca440399ad8391cd7cbe97819924416f09365c21fbdead5d7b562df92048559
Analyzer Verdict Alert fortinet Malware
GET /Content/Css/hover-min.css?v=258 HTTP/1.1
Host: gdzwcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gdzwcs.com/
Cookie: acw_tc=781bad2d16698729964847133e2a76b6656fae86c48fd0ac69595b8823384b
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 05:36:36 GMT
Content-Type: text/css
Content-Length: 12096
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Thu, 12 Nov 2020 12:12:36 GMT
Accept-Ranges: bytes
ETag: "dd569b1bedb8d61:0"
Vary: Accept-Encoding
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type,Access-Token,MallAppConfig
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Strict-Transport-Security: max-age=31536000
gdzwcs.com/Content/Css/order_index.css?258
47.96.195.102200 OK 3.7 kB URL HTTP/1.1 gdzwcs.com/Content/Css/order_index.css?258
IP 47.96.195.102:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 2716555b975fa6c9a8acd88d1bfa19ba
f1cef675af010b9f151ea71719f7f74fab623a8a
dde17a98ea5fc6582db205634884e0e27e1402706ece92d451f38aece4515457
GET /Content/Css/order_index.css?258 HTTP/1.1
Host: gdzwcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gdzwcs.com/
Cookie: acw_tc=781bad2d16698729964847133e2a76b6656fae86c48fd0ac69595b8823384b
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 05:36:37 GMT
Content-Type: text/css
Content-Length: 3698
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Fri, 25 Mar 2022 13:23:35 GMT
Accept-Ranges: bytes
ETag: "9438bb874b40d81:0"
Vary: Accept-Encoding
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type,Access-Token,MallAppConfig
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Strict-Transport-Security: max-age=31536000
gdzwcs.com/Content/Plugins/select2/css/select2.min.css?v=258
47.96.195.102200 OK 2.8 kB URL HTTP/1.1 gdzwcs.com/Content/Plugins/select2/css/select2.min.css?v=258
IP 47.96.195.102:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type ASCII text, with very long lines (15179), with CRLF line terminators
Hash 7fea9bcc427b8ecfc1fb3e30d02679e0
c204b8df371568567ab48b17e355f93267dcbe4e
6570ecccb534605ddbacff026a6a1a6d8a8fe70e86223aa1bc76b7ace40022d8
Analyzer Verdict Alert fortinet Malware
GET /Content/Plugins/select2/css/select2.min.css?v=258 HTTP/1.1
Host: gdzwcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gdzwcs.com/
Cookie: acw_tc=781bad2d16698729964847133e2a76b6656fae86c48fd0ac69595b8823384b
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 05:36:37 GMT
Content-Type: text/css
Content-Length: 2822
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Thu, 12 Nov 2020 12:12:36 GMT
Accept-Ranges: bytes
ETag: "8516c21bedb8d61:0"
Vary: Accept-Encoding
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type,Access-Token,MallAppConfig
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Strict-Transport-Security: max-age=31536000
gdzwcs.com/Content/Plugins/swiper/swiper.min.css?v=258
47.96.195.102200 OK 4.0 kB URL HTTP/1.1 gdzwcs.com/Content/Plugins/swiper/swiper.min.css?v=258
IP 47.96.195.102:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type ASCII text, with very long lines (19512), with CRLF line terminators
Hash 0aa6e016345c278bf1008bac35f1cfe6
5019ccf08a2be777838fc59a6f2215c335cd8de1
2f02a330f7abe923dd2ccef945ebd5b0e79005f5c72c6b0ebcaab891eafc2ee0
Analyzer Verdict Alert fortinet Malware
GET /Content/Plugins/swiper/swiper.min.css?v=258 HTTP/1.1
Host: gdzwcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gdzwcs.com/
Cookie: acw_tc=781bad2d16698729964847133e2a76b6656fae86c48fd0ac69595b8823384b
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 05:36:37 GMT
Content-Type: text/css
Content-Length: 4020
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Thu, 12 Nov 2020 12:12:36 GMT
Accept-Ranges: bytes
ETag: "989ec41bedb8d61:0"
Vary: Accept-Encoding
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type,Access-Token,MallAppConfig
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Strict-Transport-Security: max-age=31536000
gdzwcs.com/Content/Plugins/template.js?v=258
47.96.195.102200 OK 3.2 kB URL HTTP/1.1 gdzwcs.com/Content/Plugins/template.js?v=258
IP 47.96.195.102:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type exported SGML document, ASCII text, with very long lines (5251), with CRLF line terminators
Hash 015aa9353be436c58e1d914ed4306470
08d4533d6f77b4d2b805d5cae242a7ed6b35a569
dd98f691ca4af5fceeb59458487c43ca59035d65e89b3b79404c75c20b06bad2
GET /Content/Plugins/template.js?v=258 HTTP/1.1
Host: gdzwcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gdzwcs.com/
Cookie: acw_tc=781bad2d16698729964847133e2a76b6656fae86c48fd0ac69595b8823384b
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 05:36:37 GMT
Content-Type: application/javascript
Content-Length: 3157
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Thu, 12 Nov 2020 12:12:36 GMT
Accept-Ranges: bytes
ETag: "bebc41bedb8d61:0"
Vary: Accept-Encoding
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type,Access-Token,MallAppConfig
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Strict-Transport-Security: max-age=31536000
gdzwcs.com/Content/Plugins/layui/css/layui.css?v=258
47.96.195.102200 OK 18 kB URL HTTP/1.1 gdzwcs.com/Content/Plugins/layui/css/layui.css?v=258
IP 47.96.195.102:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type ASCII text, with very long lines (65478), with CRLF line terminators
Hash bb103a0492bcec0e7d46c57e725bba8d
a40c0de52ee26fa0ce65d6caafd599d07c86f787
6411810614b78c6dff814de642a321e3b846aaa90959456da3f2458b20a068b8
Analyzer Verdict Alert fortinet Malware
GET /Content/Plugins/layui/css/layui.css?v=258 HTTP/1.1
Host: gdzwcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gdzwcs.com/
Cookie: acw_tc=781bad2d16698729964847133e2a76b6656fae86c48fd0ac69595b8823384b
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 05:36:37 GMT
Content-Type: text/css
Content-Length: 17496
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Thu, 12 Nov 2020 12:12:36 GMT
Accept-Ranges: bytes
ETag: "5df9bb1bedb8d61:0"
Vary: Accept-Encoding
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type,Access-Token,MallAppConfig
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Strict-Transport-Security: max-age=31536000
ocsp.globalsign.com/gsrsaovsslca2018
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.20.226:0
Hash 4f34ebe8d9033ebc182fe2426245f7df
e6e75becae2a17923376850c95005b0977b80431
48cedabec4c33f0960f31a4b84fe7ceb1aea8e7afcc70f1402771299acd5d75d
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 05:36:38 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Mon, 05 Dec 2022 03:44:48 GMT
ETag: "e6e75becae2a17923376850c95005b0977b80431"
Last-Modified: Thu, 01 Dec 2022 03:44:49 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2210
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7729775f1e2bb500-OSL
gdzwcs.com/Content/Plugins/fonts/hgpicon/iconfont.css?v=258
47.96.195.102200 OK 42 kB URL HTTP/1.1 gdzwcs.com/Content/Plugins/fonts/hgpicon/iconfont.css?v=258
IP 47.96.195.102:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type ASCII text, with very long lines (36697), with CRLF line terminators
Hash bd6dc7fc60d4d4f9356c922ec58124e0
ae9cb4b25619c617d70e75d61aea8f9db1bd0f15
9f87615db7af43154cad40761d4d4cb22a2fb101eeaa24765b9eafd39cf1af83
GET /Content/Plugins/fonts/hgpicon/iconfont.css?v=258 HTTP/1.1
Host: gdzwcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gdzwcs.com/
Cookie: acw_tc=781bad2d16698729964847133e2a76b6656fae86c48fd0ac69595b8823384b
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 05:36:37 GMT
Content-Type: text/css
Content-Length: 42159
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Thu, 12 Nov 2020 12:12:36 GMT
Accept-Ranges: bytes
ETag: "c143ae1bedb8d61:0"
Vary: Accept-Encoding
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type,Access-Token,MallAppConfig
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Strict-Transport-Security: max-age=31536000
gdzwcs.com/Content/Plugins/layui/layui.js?v=258
47.96.195.102200 OK 3.5 kB URL HTTP/1.1 gdzwcs.com/Content/Plugins/layui/layui.js?v=258
IP 47.96.195.102:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type Unicode text, UTF-8 text, with very long lines (6596), with CRLF line terminators
Hash 6c7509c637989a335cfdc9768c77cc2c
db93948a8e9475ccbad4b5109b5cd5dc4aa64f44
1187fbffa5520ec4714ae0849e8e7fefe205c9db6f9f82b1d58c5d28baf1720c
GET /Content/Plugins/layui/layui.js?v=258 HTTP/1.1
Host: gdzwcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gdzwcs.com/
Cookie: acw_tc=781bad2d16698729964847133e2a76b6656fae86c48fd0ac69595b8823384b
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 05:36:38 GMT
Content-Type: application/javascript
Content-Length: 3466
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Thu, 12 Nov 2020 12:12:36 GMT
Accept-Ranges: bytes
ETag: "dc7dc11bedb8d61:0"
Vary: Accept-Encoding
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type,Access-Token,MallAppConfig
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Strict-Transport-Security: max-age=31536000
gdzwcs.com/Content/Css/common.css?v=258
47.96.195.102200 OK 61 kB URL HTTP/1.1 gdzwcs.com/Content/Css/common.css?v=258
IP 47.96.195.102:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type troff or preprocessor input, Unicode text, UTF-8 text, with CRLF line terminators
Hash 7c9c8a74381cfbd2a33f7d264f0e8c7e
1bc6c303b144fe359545c101b0582fe8e32e8d3b
a3ee5dfaff3930d669bae89dc5f8e821e84d590ab50b9709ec3d6aa9cddd042e
Analyzer Verdict Alert fortinet Malware
GET /Content/Css/common.css?v=258 HTTP/1.1
Host: gdzwcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gdzwcs.com/
Cookie: acw_tc=781bad2d16698729964847133e2a76b6656fae86c48fd0ac69595b8823384b
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 05:36:37 GMT
Content-Type: text/css
Content-Length: 61133
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Fri, 18 Nov 2022 13:01:54 GMT
Accept-Ranges: bytes
ETag: "9bb28fee4dfbd81:0"
Vary: Accept-Encoding
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type,Access-Token,MallAppConfig
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Strict-Transport-Security: max-age=31536000
gdzwcs.com/Content/Plugins/layer/layer.js?v=258
47.96.195.102200 OK 10 kB URL HTTP/1.1 gdzwcs.com/Content/Plugins/layer/layer.js?v=258
IP 47.96.195.102:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type ASCII text, with very long lines (1145), with CRLF line terminators
Hash eb2cdafd94d9753f10044a45a16ca070
a2f2fff06af9a41fc8d69e8ea7799a3142505e46
b84c4a1fdcfca2e242ef4e5e852f953f2fd4d0e6aee9ef319b8cc938c3f8bbd2
GET /Content/Plugins/layer/layer.js?v=258 HTTP/1.1
Host: gdzwcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gdzwcs.com/
Cookie: acw_tc=781bad2d16698729964847133e2a76b6656fae86c48fd0ac69595b8823384b
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 05:36:38 GMT
Content-Type: application/javascript
Content-Length: 10322
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Thu, 12 Nov 2020 12:12:36 GMT
Accept-Ranges: bytes
ETag: "b761bb1bedb8d61:0"
Vary: Accept-Encoding
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type,Access-Token,MallAppConfig
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Strict-Transport-Security: max-age=31536000
gdzwcs.com/Content/Plugins/jquery/jquery.lazyload.min.js?v=258
47.96.195.102200 OK 1.6 kB URL HTTP/1.1 gdzwcs.com/Content/Plugins/jquery/jquery.lazyload.min.js?v=258
IP 47.96.195.102:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type ASCII text, with very long lines (3309), with CRLF line terminators
Hash 10ec0a4024bd74006859137d37024463
e6367380b2bb7959b1e47a57d89300e35c75227a
bc47ca21a7429b57709d1cc85db8f3821a3e6cea9d80b261807fa6d0324e8ded
GET /Content/Plugins/jquery/jquery.lazyload.min.js?v=258 HTTP/1.1
Host: gdzwcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gdzwcs.com/
Cookie: acw_tc=781bad2d16698729964847133e2a76b6656fae86c48fd0ac69595b8823384b
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 05:36:38 GMT
Content-Type: application/javascript
Content-Length: 1592
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Thu, 12 Nov 2020 12:12:36 GMT
Accept-Ranges: bytes
ETag: "c130ba1bedb8d61:0"
Vary: Accept-Encoding
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type,Access-Token,MallAppConfig
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Strict-Transport-Security: max-age=31536000
ocsp2.globalsign.com/gsorganizationvalsha2g2
104.18.21.226200 OK 1.5 kB URL HTTP/1.1 ocsp2.globalsign.com/gsorganizationvalsha2g2
IP 104.18.21.226:0
Hash 299a749cd7461324bbd3f73c128814eb
3025d94475d9fdd2b9cffa6180bfc2a0bdbc7c4e
b5eeb925c4276fbb86ab2c6be79bc99b627924ff481562dac7fa5c01a764336b
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 05:36:38 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Mon, 05 Dec 2022 03:11:46 GMT
ETag: "3025d94475d9fdd2b9cffa6180bfc2a0bdbc7c4e"
Last-Modified: Thu, 01 Dec 2022 03:11:47 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1162
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7729776119bb1bfe-OSL
gdzwcs.com/Content/Plugins/echo/echo.min.js?v=258
47.96.195.102200 OK 1.1 kB URL HTTP/1.1 gdzwcs.com/Content/Plugins/echo/echo.min.js?v=258
IP 47.96.195.102:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type ASCII text, with very long lines (1835), with CRLF line terminators
Hash dbe5016ac051a55cfcea1169082886d9
5971419c9d8564510cdd6c8dbd86ed0a905bb414
643b40c31648ddeb6e87815003b5c5d0e4c6252938b196795f8945dbf2ed9c65
Analyzer Verdict Alert fortinet Malware
GET /Content/Plugins/echo/echo.min.js?v=258 HTTP/1.1
Host: gdzwcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gdzwcs.com/
Cookie: acw_tc=781bad2d16698729964847133e2a76b6656fae86c48fd0ac69595b8823384b
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 05:36:38 GMT
Content-Type: application/javascript
Content-Length: 1082
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Thu, 12 Nov 2020 12:12:36 GMT
Accept-Ranges: bytes
ETag: "3b8aaa1bedb8d61:0"
Vary: Accept-Encoding
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type,Access-Token,MallAppConfig
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Strict-Transport-Security: max-age=31536000
gdzwcs.com/Content/json/footData.js?v=258
47.96.195.102200 OK 274 B URL HTTP/1.1 gdzwcs.com/Content/json/footData.js?v=258
IP 47.96.195.102:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 2783a35da8921717ec1a093f9b1ae4ad
16e2c1223e0e5cf18649f4daf33d9676112ddcfd
8e5b0210af8e277eb681048c4008f922453f3fb49753c991cb101b5ac4fabc90
GET /Content/json/footData.js?v=258 HTTP/1.1
Host: gdzwcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gdzwcs.com/
Cookie: acw_tc=781bad2d16698729964847133e2a76b6656fae86c48fd0ac69595b8823384b
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 05:36:38 GMT
Content-Type: application/javascript
Content-Length: 274
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Fri, 27 Nov 2020 15:16:01 GMT
Accept-Ranges: bytes
ETag: "c83a8737d0c4d61:0"
Vary: Accept-Encoding
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type,Access-Token,MallAppConfig
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Strict-Transport-Security: max-age=31536000
gdzwcs.com/Scripts/vue-resource.min.js?v=258
47.96.195.102200 OK 6.5 kB URL HTTP/1.1 gdzwcs.com/Scripts/vue-resource.min.js?v=258
IP 47.96.195.102:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type ASCII text, with very long lines (14449), with CRLF line terminators
Hash 473290a97866197c254672ce1324f6d0
af71eeafb5de6266c9df1af04d19c6087be36f6f
e0956e3dbc4b84281cdadd366c58f722b0782f396262b6db1a561aa606ed546b
GET /Scripts/vue-resource.min.js?v=258 HTTP/1.1
Host: gdzwcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gdzwcs.com/
Cookie: acw_tc=781bad2d16698729964847133e2a76b6656fae86c48fd0ac69595b8823384b
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 05:36:38 GMT
Content-Type: application/javascript
Content-Length: 6454
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Thu, 12 Nov 2020 12:12:36 GMT
Accept-Ranges: bytes
ETag: "cd12d31bedb8d61:0"
Vary: Accept-Encoding
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type,Access-Token,MallAppConfig
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Strict-Transport-Security: max-age=31536000
api.map.baidu.com/api?v=2.0&ak=ikdKsGIjylkYLwb1f5mctBv5KxxakAB5
103.235.46.245200 OK 262 B URL HTTP/1.1 api.map.baidu.com/api?v=2.0&ak=ikdKsGIjylkYLwb1f5mctBv5KxxakAB5
IP 103.235.46.245:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type HTML document, ASCII text, with no line terminators
Hash 52f6727b43e1c8e8b73c9af453c6a890
9171615a5bfa1272c33a69dd5e284e14e00211b1
4232901b70eed59bc98e897309bf802dc88e697844d738ad4f693c3a8ecd9491
GET /api?v=2.0&ak=ikdKsGIjylkYLwb1f5mctBv5KxxakAB5 HTTP/1.1
Host: api.map.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gdzwcs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=86400
Connection: keep-alive
Content-Length: 262
Content-Type: text/javascript;charset=utf-8
Date: Thu, 01 Dec 2022 05:36:38 GMT
Expires: Fri, 02 Dec 2022 05:36:38 GMT
Http_x_bd_logid: 2198619327
Http_x_bd_logid64: 2198619013616771338
Http_x_bd_product: map
Http_x_bd_subsys: apimap
P3p: CP=" OTI DSP COR IVA OUR IND COM ", CP=" OTI DSP COR IVA OUR IND COM "
Server: apache
Set-Cookie: BAIDUID=B4CD99772AC5C5E89BF3D3D2D7DA2265:FG=1; expires=Fri, 01-Dec-23 05:36:38 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1
BAIDUID=A0ECDA6DB09213FF0C2C9B907EFEC647:FG=1; expires=Fri, 01-Dec-23 05:36:38 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1
Tracecode: 21986193270701217290120113
gdzwcs.com/Content/js/requestConfig.js?v=258
47.96.195.102200 OK 1.7 kB URL HTTP/1.1 gdzwcs.com/Content/js/requestConfig.js?v=258
IP 47.96.195.102:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash a60c0e894de5e4a1096135b5dcfb8ead
4912fe6e9a4f3d35ab41afeab78bd61cbc1a4413
a1b4204fb35991860cf6c52cd4a4c020d16f3c09166509d9ce590ed8292cba88
GET /Content/js/requestConfig.js?v=258 HTTP/1.1
Host: gdzwcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gdzwcs.com/
Cookie: acw_tc=781bad2d16698729964847133e2a76b6656fae86c48fd0ac69595b8823384b
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 05:36:38 GMT
Content-Type: application/javascript
Content-Length: 1721
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Fri, 16 Apr 2021 17:45:28 GMT
Accept-Ranges: bytes
ETag: "5b99d749e832d71:0"
Vary: Accept-Encoding
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type,Access-Token,MallAppConfig
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Strict-Transport-Security: max-age=31536000
gdzwcs.com/Scripts/vue.min.js?v=258
47.96.195.102200 OK 34 kB URL HTTP/1.1 gdzwcs.com/Scripts/vue.min.js?v=258
IP 47.96.195.102:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type ASCII text, with very long lines (32070), with CRLF line terminators
Hash c7fafa7872335e399279eedda33c740d
9717983507cd5f39ea7cf9292ef9fef9a727a79c
b23fbeedb9723edbea5866eb5c75709445140c1cb871f6687141db4ab542b863
GET /Scripts/vue.min.js?v=258 HTTP/1.1
Host: gdzwcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gdzwcs.com/
Cookie: acw_tc=781bad2d16698729964847133e2a76b6656fae86c48fd0ac69595b8823384b
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 05:36:38 GMT
Content-Type: application/javascript
Content-Length: 33813
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Thu, 12 Nov 2020 12:12:36 GMT
Accept-Ranges: bytes
ETag: "aaaad31bedb8d61:0"
Vary: Accept-Encoding
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type,Access-Token,MallAppConfig
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Strict-Transport-Security: max-age=31536000
gdzwcs.com/Scripts/enum-data.js?v=258
47.96.195.102200 OK 17 kB URL HTTP/1.1 gdzwcs.com/Scripts/enum-data.js?v=258
IP 47.96.195.102:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash c35af3bec07d4c72b063a872122012f4
a7ac15e7e19f9c275091bb4e5dea630f37347bb2
6438a3a624cd06f7c0fc7b0828c3916151a50261e05764569368cb460493544e
Analyzer Verdict Alert fortinet Malware
GET /Scripts/enum-data.js?v=258 HTTP/1.1
Host: gdzwcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gdzwcs.com/
Cookie: acw_tc=781bad2d16698729964847133e2a76b6656fae86c48fd0ac69595b8823384b
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 05:36:38 GMT
Content-Type: application/javascript
Content-Length: 17171
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Fri, 25 Nov 2022 12:37:06 GMT
Accept-Ranges: bytes
ETag: "f049aa0ca0d91:0"
Vary: Accept-Encoding
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type,Access-Token,MallAppConfig
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Strict-Transport-Security: max-age=31536000
gdzwcs.com/Content/Plugins/jquery/jquery-1.10.2.min.js?v=258
47.96.195.102200 OK 42 kB URL HTTP/1.1 gdzwcs.com/Content/Plugins/jquery/jquery-1.10.2.min.js?v=258
IP 47.96.195.102:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type ASCII text, with very long lines (32072), with CRLF line terminators
Hash 143396abada24d79bbe1cb6ddd9ecf87
f129ee2f30777b3d148a4eb88ad41632834d7fd9
83032c48cf8a97aee3c6e1c860b469947f8eba57859833a269a802ef6323c266
Analyzer Verdict Alert fortinet Malware
GET /Content/Plugins/jquery/jquery-1.10.2.min.js?v=258 HTTP/1.1
Host: gdzwcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gdzwcs.com/
Cookie: acw_tc=781bad2d16698729964847133e2a76b6656fae86c48fd0ac69595b8823384b
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 05:36:37 GMT
Content-Type: application/javascript
Content-Length: 41706
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Thu, 12 Nov 2020 12:12:36 GMT
Accept-Ranges: bytes
ETag: "ee97b91bedb8d61:0"
Vary: Accept-Encoding
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type,Access-Token,MallAppConfig
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Strict-Transport-Security: max-age=31536000
gdzwcs.com/Content/js/baseunit.js?v=258
47.96.195.102200 OK 6.7 kB URL HTTP/1.1 gdzwcs.com/Content/js/baseunit.js?v=258
IP 47.96.195.102:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 6a7842cd0ff5b56b5d8f2dfd0a44b450
3cebd327a8a825a8876c171193579eae43e782b3
e8e58cf499a1014a4d39a0bdf7bbbb4141f90a5ce98254f143c45641168f8bdf
Analyzer Verdict Alert fortinet Malware
GET /Content/js/baseunit.js?v=258 HTTP/1.1
Host: gdzwcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gdzwcs.com/
Cookie: acw_tc=781bad2d16698729964847133e2a76b6656fae86c48fd0ac69595b8823384b
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 05:36:38 GMT
Content-Type: application/javascript
Content-Length: 6739
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Thu, 30 Dec 2021 15:02:35 GMT
Accept-Ranges: bytes
ETag: "158564478efdd71:0"
Vary: Accept-Encoding
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type,Access-Token,MallAppConfig
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Strict-Transport-Security: max-age=31536000
gdzwcs.com/Content/js/utility.js?v=258
47.96.195.102200 OK 23 kB URL HTTP/1.1 gdzwcs.com/Content/js/utility.js?v=258
IP 47.96.195.102:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 40c70e2fca1f6ee331e31371d6edc7ec
fc4b55fe0531751fdff43efafcad66a3f0c33910
1b4d7b34f64df4706c2984d092d9284e2c540f81b7e8ac0510123ffbc09bff52
GET /Content/js/utility.js?v=258 HTTP/1.1
Host: gdzwcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gdzwcs.com/
Cookie: acw_tc=781bad2d16698729964847133e2a76b6656fae86c48fd0ac69595b8823384b
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 05:36:38 GMT
Content-Type: application/javascript
Content-Length: 23033
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Fri, 28 Oct 2022 12:45:44 GMT
Accept-Ranges: bytes
ETag: "764bcc31cbead81:0"
Vary: Accept-Encoding
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type,Access-Token,MallAppConfig
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Strict-Transport-Security: max-age=31536000
gdzwcs.com/Content/js/common.js?v=258
47.96.195.102200 OK 43 kB URL HTTP/1.1 gdzwcs.com/Content/js/common.js?v=258
IP 47.96.195.102:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash 70863cc727942c50862652e429b1dd3f
38bda889c7496d894499e6d58c26576d4b736952
de67c891120068fa0aa7a78d860f1a7fc66194007141e38755904b1b4e79ca51
Analyzer Verdict Alert fortinet Malware
GET /Content/js/common.js?v=258 HTTP/1.1
Host: gdzwcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gdzwcs.com/
Cookie: acw_tc=781bad2d16698729964847133e2a76b6656fae86c48fd0ac69595b8823384b
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 05:36:38 GMT
Content-Type: application/javascript
Content-Length: 42732
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Fri, 28 Oct 2022 12:45:44 GMT
Accept-Ranges: bytes
ETag: "b2d7cb31cbead81:0"
Vary: Accept-Encoding
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type,Access-Token,MallAppConfig
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Strict-Transport-Security: max-age=31536000
gdzwcs.com/Content/Plugins/app/html5shiv.js?v=258
47.96.195.102200 OK 1.6 kB URL HTTP/1.1 gdzwcs.com/Content/Plugins/app/html5shiv.js?v=258
IP 47.96.195.102:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type HTML document, ASCII text, with very long lines (645), with CRLF line terminators
Hash 9e7e532dfb442740ed7be68fa2c69fc4
e58cb86fe87d9fa3fb87bcac0f843abf1a69c19e
899a4b0d542690c05a45e0e0341b5dcdea7e9845de54fc7da6f35c2a8f56c47c
Analyzer Verdict Alert fortinet Malware
GET /Content/Plugins/app/html5shiv.js?v=258 HTTP/1.1
Host: gdzwcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gdzwcs.com/
Cookie: acw_tc=781bad2d16698729964847133e2a76b6656fae86c48fd0ac69595b8823384b
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 05:36:39 GMT
Content-Type: application/javascript
Content-Length: 1574
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Thu, 12 Nov 2020 12:12:36 GMT
Accept-Ranges: bytes
ETag: "b61a81bedb8d61:0"
Vary: Accept-Encoding
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type,Access-Token,MallAppConfig
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Strict-Transport-Security: max-age=31536000
gdzwcs.com/Content/Plugins/clipboard/clipboard.js
47.96.195.102200 OK 9.8 kB URL HTTP/1.1 gdzwcs.com/Content/Plugins/clipboard/clipboard.js
IP 47.96.195.102:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type Unicode text, UTF-8 (with BOM) text, with very long lines (580), with CRLF line terminators
Hash bb7ab54db3d5cfdef9df23776d48a6b2
3b9f2670495b3994be42eb0988bfd0a2b95736ad
942c004cc79530aaabc10f2db6f67a05d57140979f5bb8052aedc17f87e68922
Analyzer Verdict Alert fortinet Malware
GET /Content/Plugins/clipboard/clipboard.js HTTP/1.1
Host: gdzwcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gdzwcs.com/
Cookie: acw_tc=781bad2d16698729964847133e2a76b6656fae86c48fd0ac69595b8823384b
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 05:36:39 GMT
Content-Type: application/javascript
Content-Length: 9820
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Thu, 12 Nov 2020 12:12:36 GMT
Accept-Ranges: bytes
ETag: "facba91bedb8d61:0"
Vary: Accept-Encoding
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type,Access-Token,MallAppConfig
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Strict-Transport-Security: max-age=31536000
gdzwcs.com/Content/js/webim.7moor.js?v=258
47.96.195.102200 OK 3.6 kB URL HTTP/1.1 gdzwcs.com/Content/js/webim.7moor.js?v=258
IP 47.96.195.102:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash dbca30724b506fa87b70e3c85e70db0d
f628cbd413b9d660f9d560b8f4682d03906360b5
3e2a3c182da8f332e4b084659a8fdf7cad9c394233224c9ff0cc65b26a82d642
Analyzer Verdict Alert fortinet Malware
GET /Content/js/webim.7moor.js?v=258 HTTP/1.1
Host: gdzwcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gdzwcs.com/
Cookie: acw_tc=781bad2d16698729964847133e2a76b6656fae86c48fd0ac69595b8823384b
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 05:36:39 GMT
Content-Type: application/javascript
Content-Length: 3589
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Fri, 28 Oct 2022 12:45:44 GMT
Accept-Ranges: bytes
ETag: "8b72cc31cbead81:0"
Vary: Accept-Encoding
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type,Access-Token,MallAppConfig
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Strict-Transport-Security: max-age=31536000
gdzwcs.com/Content/Plugins/layer/skin/layer.css?v=500
47.96.195.102200 OK 4.2 kB URL HTTP/1.1 gdzwcs.com/Content/Plugins/layer/skin/layer.css?v=500
IP 47.96.195.102:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type Unicode text, UTF-8 text, with very long lines (333), with CRLF line terminators
Hash 0dd05cea875e71ccd5c3620bc256eb48
faa9df0905602f9763ed0259aeb1eeab724541fb
1e25055c6ab74eab7182f57fe64346e853aae62be56f1c15f71c7beeda37a1d9
GET /Content/Plugins/layer/skin/layer.css?v=500 HTTP/1.1
Host: gdzwcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gdzwcs.com/
Cookie: acw_tc=781bad2d16698729964847133e2a76b6656fae86c48fd0ac69595b8823384b
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 05:36:39 GMT
Content-Type: text/css
Content-Length: 4168
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Thu, 12 Nov 2020 12:12:36 GMT
Accept-Ranges: bytes
ETag: "2fd4bb1bedb8d61:0"
Vary: Accept-Encoding
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type,Access-Token,MallAppConfig
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Strict-Transport-Security: max-age=31536000
gdzwcs.com/Content/js/top.js?v=258
47.96.195.102200 OK 40 kB URL HTTP/1.1 gdzwcs.com/Content/js/top.js?v=258
IP 47.96.195.102:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type Unicode text, UTF-8 (with BOM) text, with very long lines (52905), with CRLF line terminators
Hash 0dcbde9dcb815ec7cb8d4fab0404567d
42991af60fba555ced5e57f388e65c7b7c898674
8e14a7aeb38e7af0eb8d6bc145267f085dfc62f58b1c7b9d7979352f3fcac9e2
Analyzer Verdict Alert fortinet Malware
GET /Content/js/top.js?v=258 HTTP/1.1
Host: gdzwcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gdzwcs.com/
Cookie: acw_tc=781bad2d16698729964847133e2a76b6656fae86c48fd0ac69595b8823384b
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 05:36:39 GMT
Content-Type: application/javascript
Content-Length: 40204
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Fri, 18 Nov 2022 13:01:54 GMT
Accept-Ranges: bytes
ETag: "9bb28fee4dfbd81:0"
Vary: Accept-Encoding
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type,Access-Token,MallAppConfig
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Strict-Transport-Security: max-age=31536000
gdzwcs.com/Content/Css/home_index.css?v=258
47.96.195.102200 OK 7.2 kB URL HTTP/1.1 gdzwcs.com/Content/Css/home_index.css?v=258
IP 47.96.195.102:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type Unicode text, UTF-8 (with BOM) text, with very long lines (384), with CRLF line terminators
Hash 34e58a40ab0aa119a4f528e386862e86
b17915b33246ae374969dac4808311aba432b5db
590091771508a498f7e3ff0b14787ba610c74ab3446aa9154061d2f2c2a00069
Analyzer Verdict Alert fortinet Malware
GET /Content/Css/home_index.css?v=258 HTTP/1.1
Host: gdzwcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gdzwcs.com/
Cookie: acw_tc=781bad2d16698729964847133e2a76b6656fae86c48fd0ac69595b8823384b
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 05:36:39 GMT
Content-Type: text/css
Content-Length: 7221
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Fri, 08 Jan 2021 13:22:35 GMT
Accept-Ranges: bytes
ETag: "46f03f54c1e5d61:0"
Vary: Accept-Encoding
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type,Access-Token,MallAppConfig
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Strict-Transport-Security: max-age=31536000
gdzwcs.com/Content/Plugins/swiper/swiper.min.js?v=258
47.96.195.102200 OK 41 kB URL HTTP/1.1 gdzwcs.com/Content/Plugins/swiper/swiper.min.js?v=258
IP 47.96.195.102:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type ASCII text, with very long lines (65264), with CRLF line terminators
Hash cdff4c20c4845290a21e24696dca95dc
cc460def502bcd44d327f8646196724efb92e901
56e77e9265922216b5cd11ba6ca4d13ce4fe1f6ed964fb2f8eedd235d0e8364c
GET /Content/Plugins/swiper/swiper.min.js?v=258 HTTP/1.1
Host: gdzwcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gdzwcs.com/
Cookie: acw_tc=781bad2d16698729964847133e2a76b6656fae86c48fd0ac69595b8823384b
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 05:36:39 GMT
Content-Type: application/javascript
Content-Length: 41380
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Thu, 12 Nov 2020 12:12:36 GMT
Accept-Ranges: bytes
ETag: "50c4c41bedb8d61:0"
Vary: Accept-Encoding
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type,Access-Token,MallAppConfig
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Strict-Transport-Security: max-age=31536000
gdzwcs.com/Content/js/home_index.js?v=258
47.96.195.102200 OK 5.3 kB URL HTTP/1.1 gdzwcs.com/Content/js/home_index.js?v=258
IP 47.96.195.102:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 64bde67ae2dff1bd01b6bc0177ed635c
e7a3628cdb5559d21d078560de383480e77d761a
5c95178d1789e6f396185ee6b57793d1c641e3efbd20e4eaddbfe8f266c16254
GET /Content/js/home_index.js?v=258 HTTP/1.1
Host: gdzwcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gdzwcs.com/
Cookie: acw_tc=781bad2d16698729964847133e2a76b6656fae86c48fd0ac69595b8823384b
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 05:36:39 GMT
Content-Type: application/javascript
Content-Length: 5276
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Fri, 26 Nov 2021 12:13:41 GMT
Accept-Ranges: bytes
ETag: "7046e3cbfe2d71:0"
Vary: Accept-Encoding
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type,Access-Token,MallAppConfig
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Strict-Transport-Security: max-age=31536000
gdzwcs.com/Content/js/area.js?v=258
47.96.195.102200 OK 64 kB URL HTTP/1.1 gdzwcs.com/Content/js/area.js?v=258
IP 47.96.195.102:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 518d6caab6bd3410c95ce12710fa79d2
e34e81b6c3a10b2cbb6712ab37a391371531c102
3ad9398e6cd3509e93654f4a99dbe65995b05f206450f746069b1929539e2a5a
GET /Content/js/area.js?v=258 HTTP/1.1
Host: gdzwcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gdzwcs.com/
Cookie: acw_tc=781bad2d16698729964847133e2a76b6656fae86c48fd0ac69595b8823384b
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 05:36:38 GMT
Content-Type: application/javascript
Content-Length: 64022
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Fri, 12 Mar 2021 13:01:12 GMT
Accept-Ranges: bytes
ETag: "49d266c73f17d71:0"
Vary: Accept-Encoding
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type,Access-Token,MallAppConfig
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Strict-Transport-Security: max-age=31536000
gdzwcs.com/Content/Image/noticeColse.png
47.96.195.102200 OK 1.6 kB URL HTTP/1.1 gdzwcs.com/Content/Image/noticeColse.png
IP 47.96.195.102:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type PNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced\012- data
Hash f2675dd5e3efd9e775724248f7d585b4
b480848bbc2718dc3eee6ab6cabaef3eb7f0b2b6
5b9df5753a96e190a7785b2b2de66513ef99d9999aeb33f2a34666b452671810
GET /Content/Image/noticeColse.png HTTP/1.1
Host: gdzwcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gdzwcs.com/
Cookie: acw_tc=781bad2d16698729964847133e2a76b6656fae86c48fd0ac69595b8823384b
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 05:36:40 GMT
Content-Type: image/png
Content-Length: 1574
Connection: keep-alive
Last-Modified: Thu, 12 Nov 2020 12:12:36 GMT
Accept-Ranges: bytes
ETag: "4994a41bedb8d61:0"
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type,Access-Token,MallAppConfig
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Strict-Transport-Security: max-age=31536000
gdzwcs.com/Content/Image/product_default_pic.png
47.96.195.102200 OK 1.8 kB URL HTTP/1.1 gdzwcs.com/Content/Image/product_default_pic.png
IP 47.96.195.102:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type PNG image data, 180 x 135, 8-bit/color RGBA, non-interlaced\012- data
Hash c1a1e76398e8284b2506e37dd31d5b93
ec12431adf0a0a5ced53aa9fab9c9b9dc10cad91
cc1334c609f149f282a56c6abaea93a97af7140099517a8f0e0327f78b570443
GET /Content/Image/product_default_pic.png HTTP/1.1
Host: gdzwcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gdzwcs.com/
Cookie: acw_tc=781bad2d16698729964847133e2a76b6656fae86c48fd0ac69595b8823384b
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 05:36:40 GMT
Content-Type: image/png
Content-Length: 1755
Connection: keep-alive
Last-Modified: Thu, 12 Nov 2020 12:12:36 GMT
Accept-Ranges: bytes
ETag: "ab11a61bedb8d61:0"
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type,Access-Token,MallAppConfig
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Strict-Transport-Security: max-age=31536000
gdzwcs.com/Api/Tenant/Key?tenantKey=gdzwcs
47.96.195.102200 OK 223 B URL HTTP/1.1 gdzwcs.com/Api/Tenant/Key?tenantKey=gdzwcs
IP 47.96.195.102:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type JSON data\012- , Unicode text, UTF-8 text, with no line terminators
Hash a385b0f2946c78554e8b57fa423f7917
b2a87e7712505beedd992fbdb881b6da021034e3
7647bbe8db86666396a78928d2cb4e20c560568c082c9fee1e5b5bf791b9fa5e
Analyzer Verdict Alert fortinet Malware
GET /Api/Tenant/Key?tenantKey=gdzwcs HTTP/1.1
Host: gdzwcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://gdzwcs.com/
Cookie: acw_tc=781bad2d16698729964847133e2a76b6656fae86c48fd0ac69595b8823384b
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 05:36:40 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 223
Connection: keep-alive
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Set-Cookie: ASP.NET_SessionId=a05jyu20ck41xaj1hghqffa5; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type,Access-Token,MallAppConfig
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Strict-Transport-Security: max-age=31536000
ocsp2.globalsign.com/gsorganizationvalsha2g2
104.18.21.226200 OK 1.5 kB URL HTTP/1.1 ocsp2.globalsign.com/gsorganizationvalsha2g2
IP 104.18.21.226:0
Hash 2dfbc8c9c8c864a55178eef1b1a46926
b152da84083809bdb3d39188f0e49cca01b9a6f3
56c98398a72ae920ba6c5774d966b9a68852255be9388cbc3788a628f850f855
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 05:36:40 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Mon, 05 Dec 2022 05:24:17 GMT
ETag: "b152da84083809bdb3d39188f0e49cca01b9a6f3"
Last-Modified: Thu, 01 Dec 2022 05:24:18 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 79
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7729776d4e521bfe-OSL
hgp-public.oss-cn-hangzhou.aliyuncs.com/PrivateMallBanner/Tenant_29685/35/PrivateMall_BannerPicture_35_26582877-2b34-4a44-887b-95c0c8dd1b9d.png
47.110.178.119200 OK 7.4 kB URL HTTP/1.1 hgp-public.oss-cn-hangzhou.aliyuncs.com/PrivateMallBanner/Tenant_29685/35/PrivateMall_BannerPicture_35_26582877-2b34-4a44-887b-95c0c8dd1b9d.png
IP 47.110.178.119:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type PNG image data, 220 x 190, 8-bit/color RGBA, non-interlaced\012- data
Hash 78d2519a3d138a23cb72916aace9cca1
96081866eabc9993c2b0efd6019a75e007f5f4dc
be4aa70d9aa763326a0ac810c0492fb2a48b48e83ed4370ec4ecac3e9e47e850
GET /PrivateMallBanner/Tenant_29685/35/PrivateMall_BannerPicture_35_26582877-2b34-4a44-887b-95c0c8dd1b9d.png HTTP/1.1
Host: hgp-public.oss-cn-hangzhou.aliyuncs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gdzwcs.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: AliyunOSS
Date: Thu, 01 Dec 2022 05:36:40 GMT
Content-Type: image/png
Content-Length: 7427
Connection: keep-alive
x-oss-request-id: 63883D68DC81703038306F49
Accept-Ranges: bytes
ETag: "78D2519A3D138A23CB72916AACE9CCA1"
Last-Modified: Wed, 04 Aug 2021 06:58:05 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 16177446089458832116
x-oss-storage-class: Standard
Content-MD5: eNJRmj0TiiPLcpFqrOnMoQ==
x-oss-server-time: 8
hgp-public.oss-cn-hangzhou.aliyuncs.com/PrivateMallBanner/Tenant_-1/35/PrivateMall_BannerPicture_35_4e31f172-7be8-4b6a-a3f4-642cbf8e7226.png
47.110.178.119200 OK 11 kB URL HTTP/1.1 hgp-public.oss-cn-hangzhou.aliyuncs.com/PrivateMallBanner/Tenant_-1/35/PrivateMall_BannerPicture_35_4e31f172-7be8-4b6a-a3f4-642cbf8e7226.png
IP 47.110.178.119:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type PNG image data, 400 x 134, 8-bit/color RGBA, non-interlaced\012- data
Hash 9bfea7396543229bac30cf6af15afbdd
f2f5e9c10bdb0341a7a32982af4373b64b3fd333
2a38776a13e09f170b85cfad1461a5ab341767fe76b218e860ab95426ab7a9b2
GET /PrivateMallBanner/Tenant_-1/35/PrivateMall_BannerPicture_35_4e31f172-7be8-4b6a-a3f4-642cbf8e7226.png HTTP/1.1
Host: hgp-public.oss-cn-hangzhou.aliyuncs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gdzwcs.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: AliyunOSS
Date: Thu, 01 Dec 2022 05:36:40 GMT
Content-Type: image/png
Content-Length: 11150
Connection: keep-alive
x-oss-request-id: 63883D684CAB813531841424
Accept-Ranges: bytes
ETag: "9BFEA7396543229BAC30CF6AF15AFBDD"
Last-Modified: Wed, 04 Aug 2021 03:21:33 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 8447798884768333512
x-oss-storage-class: Standard
Content-MD5: m/6nOWVDIpusMM9q8Vr73Q==
x-oss-server-time: 7
hgp-public.oss-cn-hangzhou.aliyuncs.com/PrivateMallBanner/Tenant_29685/35/PrivateMall_BannerPicture_35_048e132a-1366-4e3e-95a1-16d418caf452.png
47.110.178.119200 OK 7.5 kB URL HTTP/1.1 hgp-public.oss-cn-hangzhou.aliyuncs.com/PrivateMallBanner/Tenant_29685/35/PrivateMall_BannerPicture_35_048e132a-1366-4e3e-95a1-16d418caf452.png
IP 47.110.178.119:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type PNG image data, 220 x 190, 8-bit/color RGBA, non-interlaced\012- data
Hash 7e9a38395d165931706fd8a05482ba5d
f77ba09c6184e258f1988ef913be146338adb0a3
fd45acb58ca31d17907cd15468577c711d86a57fd67eb61910024a5b771598ea
GET /PrivateMallBanner/Tenant_29685/35/PrivateMall_BannerPicture_35_048e132a-1366-4e3e-95a1-16d418caf452.png HTTP/1.1
Host: hgp-public.oss-cn-hangzhou.aliyuncs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gdzwcs.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: AliyunOSS
Date: Thu, 01 Dec 2022 05:36:40 GMT
Content-Type: image/png
Content-Length: 7505
Connection: keep-alive
x-oss-request-id: 63883D68D4FE7D30395458D3
Accept-Ranges: bytes
ETag: "7E9A38395D165931706FD8A05482BA5D"
Last-Modified: Wed, 04 Aug 2021 06:57:31 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 10994197205726196387
x-oss-storage-class: Standard
Content-MD5: fpo4OV0WWTFwb9igVIK6XQ==
x-oss-server-time: 25
hm.baidu.com/hm.js?43b7f84e75cb0e2591d6ff4e55fd438c
103.235.46.191200 OK 12 kB URL HTTP/1.1 hm.baidu.com/hm.js?43b7f84e75cb0e2591d6ff4e55fd438c
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (1643)
Hash 9737ff08f8346af6dfaf81e28ff1205d
fde494d8c48c8a4933c2084e4f196692158b1572
418f2941cbb0c3e98e8107bca90e2e5c8035cd7c21783ee2bff9e2e2542084cd
GET /hm.js?43b7f84e75cb0e2591d6ff4e55fd438c HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gdzwcs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 12281
Content-Type: application/javascript
Date: Thu, 01 Dec 2022 05:36:41 GMT
Etag: 1dd4905e7622923ba0dcd0e98ad89bd1
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=8820A58828E19F96; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1810172629&si=43b7f84e75cb0e2591d6ff4e55fd438c&v=1.3.0&lv=1&sn=41200&r=0&ww=1280&u=https%3A%2F%2Fgdzwcs.com%2F&tt=%E5%9B%BA%E5%BE%B7%E5%BF%AB%E8%B4%AD
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1810172629&si=43b7f84e75cb0e2591d6ff4e55fd438c&v=1.3.0&lv=1&sn=41200&r=0&ww=1280&u=https%3A%2F%2Fgdzwcs.com%2F&tt=%E5%9B%BA%E5%BE%B7%E5%BF%AB%E8%B4%AD
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1810172629&si=43b7f84e75cb0e2591d6ff4e55fd438c&v=1.3.0&lv=1&sn=41200&r=0&ww=1280&u=https%3A%2F%2Fgdzwcs.com%2F&tt=%E5%9B%BA%E5%BE%B7%E5%BF%AB%E8%B4%AD HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gdzwcs.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Thu, 01 Dec 2022 05:36:41 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=67BFCC50FC2C268F; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
api.map.baidu.com/getscript?v=2.0&ak=ikdKsGIjylkYLwb1f5mctBv5KxxakAB5&services=&t=20221108111515
103.235.46.245200 OK 74 kB URL HTTP/1.1 api.map.baidu.com/getscript?v=2.0&ak=ikdKsGIjylkYLwb1f5mctBv5KxxakAB5&services=&t=20221108111515
IP 103.235.46.245:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (65536), with no line terminators
Hash 76baa0ebb73f3b88277d7dca943c86a4
4c0e9433ceafc0535ba3c28b68406a3073c053a1
7d5b0fbb0e0abde47c71d4b681a298541bfa4d1c1b641035140a474e8e648c62
GET /getscript?v=2.0&ak=ikdKsGIjylkYLwb1f5mctBv5KxxakAB5&services=&t=20221108111515 HTTP/1.1
Host: api.map.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gdzwcs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=86400
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/javascript;charset=utf-8
Date: Thu, 01 Dec 2022 05:36:40 GMT
Expires: Fri, 02 Dec 2022 05:36:40 GMT
Http_x_bd_logid: 2200196505
Http_x_bd_logid64: 2200196820259356938
Http_x_bd_product: map
Http_x_bd_subsys: apimap
P3p: CP=" OTI DSP COR IVA OUR IND COM ", CP=" OTI DSP COR IVA OUR IND COM "
Server: apache
Set-Cookie: BAIDUID=95B2F13F4F528D4D557270A4D18355B0:FG=1; expires=Fri, 01-Dec-23 05:36:40 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1
BAIDUID=D92F56FAABFC48A84BD4482D5001CAF9:FG=1; expires=Fri, 01-Dec-23 05:36:40 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1
Tracecode: 22001965053499461898120113
Vary: Accept-Encoding
Transfer-Encoding: chunked
hgp-public.oss-cn-hangzhou.aliyuncs.com/PrivateMallBanner/Tenant_29685/35/PrivateMall_BannerPicture_35_910fc2ac-3c6c-46ac-878f-4e3e9369235b.jpg
47.110.178.119200 OK 390 kB URL HTTP/1.1 hgp-public.oss-cn-hangzhou.aliyuncs.com/PrivateMallBanner/Tenant_29685/35/PrivateMall_BannerPicture_35_910fc2ac-3c6c-46ac-878f-4e3e9369235b.jpg
IP 47.110.178.119:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC (Macintosh), datetime=2021:08:04 16:32:06], baseline, precision 8, 2160x960, components 3\012- data
Size 390 kB (390095 bytes)
Hash 323f7eaee2730ea7cbdc17eea0a10f1c
ddf5bb97478a8336e646fc16cd0029a58e4e4e56
4f245ef1d7179458f95f13d34cc7e968bc37bf25abad7c2109449d394ee752ef
GET /PrivateMallBanner/Tenant_29685/35/PrivateMall_BannerPicture_35_910fc2ac-3c6c-46ac-878f-4e3e9369235b.jpg HTTP/1.1
Host: hgp-public.oss-cn-hangzhou.aliyuncs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gdzwcs.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: AliyunOSS
Date: Thu, 01 Dec 2022 05:36:41 GMT
Content-Type: image/jpeg
Content-Length: 390095
Connection: keep-alive
x-oss-request-id: 63883D6863EA8B3439E8ABDF
Accept-Ranges: bytes
ETag: "323F7EAEE2730EA7CBDC17EEA0A10F1C"
Last-Modified: Wed, 04 Aug 2021 08:35:21 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 16823516426296716809
x-oss-storage-class: Standard
Content-MD5: Mj9+ruJzDqfL3BfuoKEPHA==
x-oss-server-time: 30
hgp-public.oss-cn-hangzhou.aliyuncs.com/PrivateMallBanner/Tenant_29685/35/PrivateMall_BannerPicture_35_6a9b9aa2-0d9a-43ab-adce-706c7026f90f.png
47.110.178.119200 OK 6.4 kB URL HTTP/1.1 hgp-public.oss-cn-hangzhou.aliyuncs.com/PrivateMallBanner/Tenant_29685/35/PrivateMall_BannerPicture_35_6a9b9aa2-0d9a-43ab-adce-706c7026f90f.png
IP 47.110.178.119:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced\012- data
Hash 2695250a6c56fa1e73f7d6a485cbd565
f59ea6f7d03b425f916c9d16ce807e8c5a989934
ecfcd1c4cebbda82c10631ea83385ecffc6d5dab656801e4960ccb70f00fcd4c
GET /PrivateMallBanner/Tenant_29685/35/PrivateMall_BannerPicture_35_6a9b9aa2-0d9a-43ab-adce-706c7026f90f.png HTTP/1.1
Host: hgp-public.oss-cn-hangzhou.aliyuncs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gdzwcs.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: AliyunOSS
Date: Thu, 01 Dec 2022 05:36:42 GMT
Content-Type: image/png
Content-Length: 6444
Connection: keep-alive
x-oss-request-id: 63883D6A4CAB813531812324
Accept-Ranges: bytes
ETag: "2695250A6C56FA1E73F7D6A485CBD565"
Last-Modified: Wed, 04 Aug 2021 06:59:25 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 18133817196855151871
x-oss-storage-class: Standard
Content-MD5: JpUlCmxW+h5z99akhcvVZQ==
x-oss-server-time: 9
gdzwcs.com/Api/TenantImage?codes=B004,B006,B014,B013,B012
47.96.195.102200 OK 1.6 kB URL HTTP/1.1 gdzwcs.com/Api/TenantImage?codes=B004,B006,B014,B013,B012
IP 47.96.195.102:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (1611), with no line terminators
Hash e1af48de4b4cc6f556f1a10572730edc
d803367d08d8dad02688652adedf4a939a0846f4
e66fa6e6325241c6d822f3b2ce930e43b4a3e4c290f28bb92ed6472779c106be
POST /Api/TenantImage?codes=B004,B006,B014,B013,B012 HTTP/1.1
Host: gdzwcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
MallAppConfig: {"AppKey":"","AppSource":3,"AppType":"PUBLIC-MALL","Version":"1.0.1"}
X-Requested-With: XMLHttpRequest
Content-Type: application/json;charset=utf-8
Origin: https://gdzwcs.com
Connection: keep-alive
Referer: https://gdzwcs.com/
Cookie: acw_tc=781bad2d16698729964847133e2a76b6656fae86c48fd0ac69595b8823384b; ASP.NET_SessionId=a05jyu20ck41xaj1hghqffa5; Hm_lvt_43b7f84e75cb0e2591d6ff4e55fd438c=1669873000; Hm_lpvt_43b7f84e75cb0e2591d6ff4e55fd438c=1669873000
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Content-Length: 0
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 05:36:42 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 1649
Connection: keep-alive
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type,Access-Token,MallAppConfig
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Strict-Transport-Security: max-age=31536000
gdzwcs.com/Content/Image/police_logo.png
47.96.195.102200 OK 19 kB URL HTTP/1.1 gdzwcs.com/Content/Image/police_logo.png
IP 47.96.195.102:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced\012- data
Hash d0289dc0a46fc5b15b3363ffa78cf6c7
29c400bc3b89f6085766dac4e0330ded5cb73d52
a20583c81805fe64f7fa210851ce29754af9d25fd6aa5a3225a9557529602513
GET /Content/Image/police_logo.png HTTP/1.1
Host: gdzwcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gdzwcs.com/Content/Css/common.css?v=258
Cookie: acw_tc=781bad2d16698729964847133e2a76b6656fae86c48fd0ac69595b8823384b; ASP.NET_SessionId=a05jyu20ck41xaj1hghqffa5; Hm_lvt_43b7f84e75cb0e2591d6ff4e55fd438c=1669873000; Hm_lpvt_43b7f84e75cb0e2591d6ff4e55fd438c=1669873000
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 05:36:42 GMT
Content-Type: image/png
Content-Length: 19256
Connection: keep-alive
Last-Modified: Thu, 12 Nov 2020 12:12:36 GMT
Accept-Ranges: bytes
ETag: "80eba51bedb8d61:0"
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type,Access-Token,MallAppConfig
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Strict-Transport-Security: max-age=31536000
gdzwcs.com/Api/TenantImage?codes=B014,B013,B012,B025
47.96.195.102200 OK 1.6 kB URL HTTP/1.1 gdzwcs.com/Api/TenantImage?codes=B014,B013,B012,B025
IP 47.96.195.102:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (1611), with no line terminators
Hash 1725241d8034c0b29a2a2bbb7d209b9e
7eb882860bfc21deaea99e36614da21724d9f5d7
8e50de48779d4e57d1dc7bc975719b2c05f3565c59d731b218becdb07a68a2ed
POST /Api/TenantImage?codes=B014,B013,B012,B025 HTTP/1.1
Host: gdzwcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
MallAppConfig: {"AppKey":"","AppSource":3,"AppType":"PUBLIC-MALL","Version":"1.0.1"}
X-Requested-With: XMLHttpRequest
Content-Type: application/json;charset=utf-8
Origin: https://gdzwcs.com
Connection: keep-alive
Referer: https://gdzwcs.com/
Cookie: acw_tc=781bad2d16698729964847133e2a76b6656fae86c48fd0ac69595b8823384b; ASP.NET_SessionId=a05jyu20ck41xaj1hghqffa5; Hm_lvt_43b7f84e75cb0e2591d6ff4e55fd438c=1669873000; Hm_lpvt_43b7f84e75cb0e2591d6ff4e55fd438c=1669873000
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Content-Length: 0
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 05:36:42 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 1649
Connection: keep-alive
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type,Access-Token,MallAppConfig
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Strict-Transport-Security: max-age=31536000
gdzwcs.com/Api/GetMallPageSettingByPC
47.96.195.102200 OK 569 B URL HTTP/1.1 gdzwcs.com/Api/GetMallPageSettingByPC
IP 47.96.195.102:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (491), with no line terminators
Hash 9f84924359c4725b995018353350b2a3
3cc2c3734308d21ff1bd63cc46217f2761668ca8
bf0e38284c81cc3818400ac82caafe0fc233be2117def23311b9439b5b67db67
Analyzer Verdict Alert fortinet Malware
GET /Api/GetMallPageSettingByPC HTTP/1.1
Host: gdzwcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
MallAppConfig: {"AppKey":"","AppSource":3,"AppType":"PUBLIC-MALL","Version":"1.0.1"}
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://gdzwcs.com/
Cookie: acw_tc=781bad2d16698729964847133e2a76b6656fae86c48fd0ac69595b8823384b; ASP.NET_SessionId=a05jyu20ck41xaj1hghqffa5; Hm_lvt_43b7f84e75cb0e2591d6ff4e55fd438c=1669873000; Hm_lpvt_43b7f84e75cb0e2591d6ff4e55fd438c=1669873000
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 05:36:42 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 569
Connection: keep-alive
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type,Access-Token,MallAppConfig
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Strict-Transport-Security: max-age=31536000
hgp-public.oss-cn-hangzhou.aliyuncs.com/PrivateMallBanner/Tenant_29685/35/PrivateMall_BannerPicture_35_0dddac15-56f0-4fc9-8239-199b9a24323a.png
47.110.178.119200 OK 11 kB URL HTTP/1.1 hgp-public.oss-cn-hangzhou.aliyuncs.com/PrivateMallBanner/Tenant_29685/35/PrivateMall_BannerPicture_35_0dddac15-56f0-4fc9-8239-199b9a24323a.png
IP 47.110.178.119:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type PNG image data, 400 x 400, 8-bit/color RGB, non-interlaced\012- data
Hash 75f17a96858d7b1decdb4491bef2e4ef
b04a6f4955b26b29f6a80df18b3bc7c0db70e1ab
3632ddda8fc24578d80d814ebf24fa26d05cd619e4b7469839175bc45ff71265
GET /PrivateMallBanner/Tenant_29685/35/PrivateMall_BannerPicture_35_0dddac15-56f0-4fc9-8239-199b9a24323a.png HTTP/1.1
Host: hgp-public.oss-cn-hangzhou.aliyuncs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gdzwcs.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: AliyunOSS
Date: Thu, 01 Dec 2022 05:36:43 GMT
Content-Type: image/png
Content-Length: 10772
Connection: keep-alive
x-oss-request-id: 63883D6BD8BCF03934E7B97F
Accept-Ranges: bytes
ETag: "75F17A96858D7B1DECDB4491BEF2E4EF"
Last-Modified: Tue, 10 Aug 2021 02:20:20 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 10198287500742740727
x-oss-storage-class: Standard
Content-MD5: dfF6loWNex3s20SRvvLk7w==
x-oss-server-time: 9
webapi.amap.com/maps/modules?v=1.4.20&key=85026e6233e04ef41d9e3f9fe978da88&m=AMap.Geolocation&vrs=1656665904502&mode=1
47.246.167.91200 OK 4.1 kB URL HTTP/2 webapi.amap.com/maps/modules?v=1.4.20&key=85026e6233e04ef41d9e3f9fe978da88&m=AMap.Geolocation&vrs=1656665904502&mode=1
IP 47.246.167.91:0
ASN #45102 Alibaba US Technology Co., Ltd.
File type ASCII text, with very long lines (12675), with no line terminators
Hash 175432b9fe4a770c9935340a2f65d37f
1fcbf815aa5be7dc8b766b48e7a9980b27fb7b25
639c232fe8f33782d8824e30c1afaf007fd766713c1b27fb30bd5b249922174f
GET /maps/modules?v=1.4.20&key=85026e6233e04ef41d9e3f9fe978da88&m=AMap.Geolocation&vrs=1656665904502&mode=1 HTTP/1.1
Host: webapi.amap.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gdzwcs.com
Connection: keep-alive
Referer: https://gdzwcs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 05:36:43 GMT
content-type: application/javascript;charset=utf-8
content-length: 4143
x-server-id: 72446e765a0ee479614554419edfe3ec044290696545148863b97ae87f5a4a6a84a5d848ba9f3278a30891e97ac3cbae
accept-ranges: bytes
content-encoding: gzip
etag: W/31da9d238dcd651a8870a1c765cf7ff7
cache-control: max-age=0
x-readtime: 1
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: *
server: Tengine/Aserver
eagleeye-traceid: 2102f56d16698730031326585e9c6e
strict-transport-security: max-age=0
timing-allow-origin: *
X-Firefox-Spdy: h2
api.map.baidu.com/images/blank.gif?product=jsapi&sub_product=jsapi&v=2.0&sub_product_v=2.0&t=5170665&code=5000&da_src=5000&device_pixel_ratio=1&platform=Linux%20x86_64
103.235.46.245200 OK 49 B URL HTTP/1.1 api.map.baidu.com/images/blank.gif?product=jsapi&sub_product=jsapi&v=2.0&sub_product_v=2.0&t=5170665&code=5000&da_src=5000&device_pixel_ratio=1&platform=Linux%20x86_64
IP 103.235.46.245:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash 21ab56428956fa0823bbf6df5f556247
1788a399030f630679895f9510d7712a70e401d2
e8d53268d4346841c6a057ce97739a8d27edeb858132c57b6eb2865acc5609e4
GET /images/blank.gif?product=jsapi&sub_product=jsapi&v=2.0&sub_product_v=2.0&t=5170665&code=5000&da_src=5000&device_pixel_ratio=1&platform=Linux%20x86_64 HTTP/1.1
Host: api.map.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gdzwcs.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=86400
Connection: keep-alive
Content-Length: 49
Content-Type: image/gif
Date: Thu, 01 Dec 2022 05:36:43 GMT
Etag: "637f353e-31"
Expires: Fri, 02 Dec 2022 05:36:43 GMT
Http_x_bd_logid: 2203144012
Http_x_bd_logid64: 2203144600264217354
Http_x_bd_product: map
Http_x_bd_subsys: apimap
Last-Modified: Thu, 24 Nov 2022 09:11:26 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Server: apache
Set-Cookie: BAIDUID=2A0C25A0AAF312515769E4A139957AE5:FG=1; expires=Fri, 01-Dec-23 05:36:43 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1
api.map.baidu.com/?qt=verify&v=2.1&ak=ikdKsGIjylkYLwb1f5mctBv5KxxakAB5&callback=BMap._rd._cbk96594&seckey=-1%2C-1&timeStamp=1669873001094&sign=56940dcfee2b
103.235.46.245200 OK 57 B URL HTTP/1.1 api.map.baidu.com/?qt=verify&v=2.1&ak=ikdKsGIjylkYLwb1f5mctBv5KxxakAB5&callback=BMap._rd._cbk96594&seckey=-1%2C-1&timeStamp=1669873001094&sign=56940dcfee2b
IP 103.235.46.245:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with no line terminators
Hash e1bf44552e20a726cd180e02ba7ed437
7ff802571721b3a92c244ef18f23e05e5fe7459a
b6f244199ea137ca1a25596b8d7f217c18e3214453dd634ba695c8719c9c0cd5
GET /?qt=verify&v=2.1&ak=ikdKsGIjylkYLwb1f5mctBv5KxxakAB5&callback=BMap._rd._cbk96594&seckey=-1%2C-1&timeStamp=1669873001094&sign=56940dcfee2b HTTP/1.1
Host: api.map.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gdzwcs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=86400
Connection: keep-alive
Content-Type: application/javascript;charset=utf-8
Date: Thu, 01 Dec 2022 05:36:43 GMT
Expires: Fri, 02 Dec 2022 05:36:43 GMT
Http_x_bd_logid: 2203139743
Http_x_bd_logid64: 2203139220300317706
Http_x_bd_product: map
Http_x_bd_subsys: apimap
P3p: CP=" OTI DSP COR IVA OUR IND COM ", CP=" OTI DSP COR IVA OUR IND COM "
Server: apache
Set-Cookie: BAIDUID=135FFDE6EC33BACDDC696AA3199BA596:FG=1; expires=Fri, 01-Dec-23 05:36:43 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1
BAIDUID=C62DF38F89EF267F38533BE8504ED2F7:FG=1; expires=Fri, 01-Dec-23 05:36:43 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1
Tracecode: 22031397432582586378120113
Content-Length: 57
hgp-public.oss-cn-hangzhou.aliyuncs.com/Standard/Fastener/Standard/098da0a2523699fc148e3f158463230bff2c2e02.png?x-oss-process=image/resize,m_fixed,w_360
47.110.178.119200 OK 62 kB URL HTTP/1.1 hgp-public.oss-cn-hangzhou.aliyuncs.com/Standard/Fastener/Standard/098da0a2523699fc148e3f158463230bff2c2e02.png?x-oss-process=image/resize,m_fixed,w_360
IP 47.110.178.119:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type PNG image data, 360 x 270, 8-bit/color RGBA, non-interlaced\012- data
Hash 3c58213248206da65e9df43fdf465f8c
ac072e6b6e41bacfa52d4e5ea802ff816a76270f
1053f9b9ae8151d37262b410f1164ef8e24968156bbbd8d3010928019328050d
GET /Standard/Fastener/Standard/098da0a2523699fc148e3f158463230bff2c2e02.png?x-oss-process=image/resize,m_fixed,w_360 HTTP/1.1
Host: hgp-public.oss-cn-hangzhou.aliyuncs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gdzwcs.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: AliyunOSS
Date: Thu, 01 Dec 2022 05:36:43 GMT
Content-Type: image/png
Content-Length: 62458
Connection: keep-alive
x-oss-request-id: 63883D6B63EA8B343998BCDF
ETag: "92553927A492331DB9E02E674DA995DD"
Last-Modified: Mon, 21 Feb 2022 03:02:49 GMT
x-oss-object-type: Normal
x-oss-storage-class: Standard
x-oss-server-time: 89
x-oss-hash-crc64ecma: 8543930620179737321
gdzwcs.com/Home/GetMallCustomrManagers
47.96.195.102200 OK 263 B URL HTTP/1.1 gdzwcs.com/Home/GetMallCustomrManagers
IP 47.96.195.102:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type JSON data\012- , Unicode text, UTF-8 text, with no line terminators
Hash 08befd45b5ba5b95d37710a115a92f15
fe6c4b83667173e8ec9ac091f97335d784e220d4
6c5b2940cd87accb0c47b839057427adc8ef2b17b5b89b2493847d021a377029
Analyzer Verdict Alert fortinet Malware
GET /Home/GetMallCustomrManagers HTTP/1.1
Host: gdzwcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
MallAppConfig: {"AppKey":"","AppSource":3,"AppType":"PUBLIC-MALL","Version":"1.0.1"}
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://gdzwcs.com/
Cookie: acw_tc=781bad2d16698729964847133e2a76b6656fae86c48fd0ac69595b8823384b; ASP.NET_SessionId=a05jyu20ck41xaj1hghqffa5; Hm_lvt_43b7f84e75cb0e2591d6ff4e55fd438c=1669873000; Hm_lpvt_43b7f84e75cb0e2591d6ff4e55fd438c=1669873000
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 05:36:43 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 263
Connection: keep-alive
Cache-Control: private, s-maxage=0
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type,Access-Token,MallAppConfig
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Strict-Transport-Security: max-age=31536000
gdzwcs.com/api/common/category
47.96.195.102200 OK 12 kB URL HTTP/1.1 gdzwcs.com/api/common/category
IP 47.96.195.102:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type Unicode text, UTF-8 text, with very long lines (10800), with no line terminators
Hash e44162c917e84d348a8750721824842b
4bd89a213b557539b56cd7261072f24212fa0dce
dfcde278bb46caaf81d1c8460e9c50505deab2b51ea1b3845923def6cdb84bf3
Analyzer Verdict Alert fortinet Malware
POST /api/common/category HTTP/1.1
Host: gdzwcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
MallAppConfig: {"AppKey":"","AppSource":3,"AppType":"PUBLIC-MALL","Version":"1.0.1"}
X-Requested-With: XMLHttpRequest
Origin: https://gdzwcs.com
Connection: keep-alive
Referer: https://gdzwcs.com/
Cookie: acw_tc=781bad2d16698729964847133e2a76b6656fae86c48fd0ac69595b8823384b; ASP.NET_SessionId=a05jyu20ck41xaj1hghqffa5; Hm_lvt_43b7f84e75cb0e2591d6ff4e55fd438c=1669873000; Hm_lpvt_43b7f84e75cb0e2591d6ff4e55fd438c=1669873000; mallPageSetting=%7B%22MallName%22%3A%22%u56FA%u5FB7%u5FEB%u8D2D%22%2C%22Welcomes%22%3A%22%u6C5F%u82CF%u56FA%u5FB7%uFF0C%u6B22%u8FCE%u60A8%uFF01%22%2C%22RecordNumber%22%3A%2232098202000179%22%2C%22RecordDomian%22%3A%22%u82CF%u516C%u7F51%u5B89%u5907%2032098202000179%u53F7%22%2C%22RecordICP%22%3A%22%u82CFICP%u590716062195%u53F7-3%22%2C%22RecordCopyright%22%3A%22%u6C5F%u82CF%u56FA%u5FB7%u5EFA%u7B51%u673A%u68B0%u6709%u9650%u516C%u53F8%22%2C%22CustomerServicePhone%22%3A%220515-83858990%22%2C%22ServiceTimeDescription%22%3A%22%u5468%u4E00%u81F3%u5468%u65E5%20%208%3A00-18%3A00%22%2C%22Domian%22%3A%22www.gdzwcs.com%22%2C%22LogoType%22%3A1%2C%22CopyrightStartTime%22%3A%222021%22%2C%22AppUrl%22%3A%22%22%2C%22IsOnlineCustomerSerivice%22%3Afalse%2C%22Setting%22%3A%7B%22IsAllowCreateOrderByPrivateMallNoCustomer%22%3Atrue%2C%22IsShowPriceForPrivateMall%22%3Afalse%2C%22IsBindCustomer%22%3Afalse%7D%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Content-Length: 0
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 05:36:43 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12390
Connection: keep-alive
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type,Access-Token,MallAppConfig
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Strict-Transport-Security: max-age=31536000
webapi.amap.com/maps/modules?v=1.4.20&key=85026e6233e04ef41d9e3f9fe978da88&vrs=1656665904502&m=mouse,vectorlayer,overlay,cgl,sync
47.246.167.91200 OK 33 kB URL HTTP/2 webapi.amap.com/maps/modules?v=1.4.20&key=85026e6233e04ef41d9e3f9fe978da88&vrs=1656665904502&m=mouse,vectorlayer,overlay,cgl,sync
IP 47.246.167.91:0
ASN #45102 Alibaba US Technology Co., Ltd.
File type ASCII text, with very long lines (65536), with no line terminators
Hash edf7ae0d81ba9870a0e1e438b68f40b4
c9f4b7f2f37ec20a1e54d507da3228446db29f9f
22e6f906fdf9eb7786dfde8089233093676fec70bb05f45e35c2facf48f3775a
GET /maps/modules?v=1.4.20&key=85026e6233e04ef41d9e3f9fe978da88&vrs=1656665904502&m=mouse,vectorlayer,overlay,cgl,sync HTTP/1.1
Host: webapi.amap.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gdzwcs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 05:36:43 GMT
content-type: application/javascript;charset=utf-8
content-length: 32944
x-server-id: 72446e765a0ee479614554419edfe3ec044290696545148894130d9927bf334984a5d848ba9f3278a30891e97ac3cbae
accept-ranges: bytes
content-encoding: gzip
etag: W/31da9d238dcd651a8870a1c765cf7ff7
cache-control: max-age=0
x-readtime: 1
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: *
server: Tengine/Aserver
eagleeye-traceid: 2102f56d16698730031306584e9c6e
strict-transport-security: max-age=0
timing-allow-origin: *
X-Firefox-Spdy: h2
webapi.amap.com/maps/ipLocation?key=85026e6233e04ef41d9e3f9fe978da88&callback=jsonp_487035_&platform=JS&logversion=2.0&appname=https%3A%2F%2Fgdzwcs.com%2F&csid=44469EDD-FC03-43D5-B91A-5DD9C77DCC76&sdkversion=1.4.20
47.246.167.91200 OK 54 B URL HTTP/2 webapi.amap.com/maps/ipLocation?key=85026e6233e04ef41d9e3f9fe978da88&callback=jsonp_487035_&platform=JS&logversion=2.0&appname=https%3A%2F%2Fgdzwcs.com%2F&csid=44469EDD-FC03-43D5-B91A-5DD9C77DCC76&sdkversion=1.4.20
IP 47.246.167.91:0
ASN #45102 Alibaba US Technology Co., Ltd.
File type ASCII text, with no line terminators
Hash ebc58b251ca22d22cba7826b56723610
20441732732019c94943a58cf5388bd7f34f44bc
5e3cdf55e7c496d7f7811a5481d64332d0ac1ff61d8cd4e2774f205cd4e996dd
GET /maps/ipLocation?key=85026e6233e04ef41d9e3f9fe978da88&callback=jsonp_487035_&platform=JS&logversion=2.0&appname=https%3A%2F%2Fgdzwcs.com%2F&csid=44469EDD-FC03-43D5-B91A-5DD9C77DCC76&sdkversion=1.4.20 HTTP/1.1
Host: webapi.amap.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gdzwcs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 05:36:43 GMT
content-type: application/javascript;charset=utf-8
content-length: 54
x-server-id: 72446e765a0ee479614554419edfe3ec0442906965451488e513e106e1f58b9584a5d848ba9f3278a30891e97ac3cbae
accept-ranges: bytes
cache-control: no-store
x-readtime: 44
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: *
server: Tengine/Aserver
eagleeye-traceid: 2102f56d16698730034116598e9c6e
strict-transport-security: max-age=0
timing-allow-origin: *
X-Firefox-Spdy: h2
hgp-public.oss-cn-hangzhou.aliyuncs.com/Standard/Fastener/Standard/0eb4d0424b425e6b19d611821e0ef1b2344b8218.png?x-oss-process=image/resize,m_fixed,w_360
47.110.178.119200 OK 65 kB URL HTTP/1.1 hgp-public.oss-cn-hangzhou.aliyuncs.com/Standard/Fastener/Standard/0eb4d0424b425e6b19d611821e0ef1b2344b8218.png?x-oss-process=image/resize,m_fixed,w_360
IP 47.110.178.119:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type PNG image data, 360 x 270, 8-bit/color RGBA, non-interlaced\012- data
Hash 786393fecc5175786d7d47d20d2d8f9a
269340781dd94f9caef90a0092ce7039c110d689
316498a997c6648e767282a189c7a0e87b4ee711dde4a33cdde6424a8e09015e
GET /Standard/Fastener/Standard/0eb4d0424b425e6b19d611821e0ef1b2344b8218.png?x-oss-process=image/resize,m_fixed,w_360 HTTP/1.1
Host: hgp-public.oss-cn-hangzhou.aliyuncs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gdzwcs.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: AliyunOSS
Date: Thu, 01 Dec 2022 05:36:43 GMT
Content-Type: image/png
Content-Length: 65185
Connection: keep-alive
x-oss-request-id: 63883D6B4CAB813531372624
ETag: "B1769710F97294660CCD566FE1DFC89C"
Last-Modified: Mon, 21 Feb 2022 02:54:33 GMT
x-oss-object-type: Normal
x-oss-storage-class: Standard
x-oss-server-time: 40
x-oss-hash-crc64ecma: 2624679558072600364
hgp-public.oss-cn-hangzhou.aliyuncs.com/Standard/Fastener/Standard/8ec34dc203a93893c87cf568e10f01943443b715.png?x-oss-process=image/resize,m_fixed,w_360
47.110.178.119200 OK 82 kB URL HTTP/1.1 hgp-public.oss-cn-hangzhou.aliyuncs.com/Standard/Fastener/Standard/8ec34dc203a93893c87cf568e10f01943443b715.png?x-oss-process=image/resize,m_fixed,w_360
IP 47.110.178.119:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type PNG image data, 360 x 270, 8-bit/color RGBA, non-interlaced\012- data
Hash 0fcab40d22c61b360f968d9c312bb279
1077b41459c267a8a42d9b990710b56f457cd99d
d076f67d95b218fd33ff801d9ce64b6f0a48c348a1b9c19f8a761f4558165816
GET /Standard/Fastener/Standard/8ec34dc203a93893c87cf568e10f01943443b715.png?x-oss-process=image/resize,m_fixed,w_360 HTTP/1.1
Host: hgp-public.oss-cn-hangzhou.aliyuncs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gdzwcs.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: AliyunOSS
Date: Thu, 01 Dec 2022 05:36:43 GMT
Content-Type: image/png
Content-Length: 82259
Connection: keep-alive
x-oss-request-id: 63883D6BD4FE7D3039BE68D3
ETag: "9D33DC252BBFEE7A40809F84BED2097D"
Last-Modified: Thu, 09 Aug 2018 02:32:07 GMT
x-oss-object-type: Normal
x-oss-storage-class: Standard
x-oss-server-time: 46
x-oss-hash-crc64ecma: 1531241576720543825
gdzwcs.com/api/common/isenablecustomcategory
47.96.195.102200 OK 5 B URL HTTP/1.1 gdzwcs.com/api/common/isenablecustomcategory
IP 47.96.195.102:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type ASCII text, with no line terminators
Hash 68934a3e9455fa72420237eb05902327
7cb6efb98ba5972a9b5090dc2e517fe14d12cb04
fcbcf165908dd18a9e49f7ff27810176db8e9f63b4352213741664245224f8aa
Analyzer Verdict Alert fortinet Malware
GET /api/common/isenablecustomcategory HTTP/1.1
Host: gdzwcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
MallAppConfig: {"AppKey":"","AppSource":3,"AppType":"PUBLIC-MALL","Version":"1.0.1"}
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://gdzwcs.com/
Cookie: acw_tc=781bad2d16698729964847133e2a76b6656fae86c48fd0ac69595b8823384b; ASP.NET_SessionId=a05jyu20ck41xaj1hghqffa5; Hm_lvt_43b7f84e75cb0e2591d6ff4e55fd438c=1669873000; Hm_lpvt_43b7f84e75cb0e2591d6ff4e55fd438c=1669873000; mallPageSetting=%7B%22MallName%22%3A%22%u56FA%u5FB7%u5FEB%u8D2D%22%2C%22Welcomes%22%3A%22%u6C5F%u82CF%u56FA%u5FB7%uFF0C%u6B22%u8FCE%u60A8%uFF01%22%2C%22RecordNumber%22%3A%2232098202000179%22%2C%22RecordDomian%22%3A%22%u82CF%u516C%u7F51%u5B89%u5907%2032098202000179%u53F7%22%2C%22RecordICP%22%3A%22%u82CFICP%u590716062195%u53F7-3%22%2C%22RecordCopyright%22%3A%22%u6C5F%u82CF%u56FA%u5FB7%u5EFA%u7B51%u673A%u68B0%u6709%u9650%u516C%u53F8%22%2C%22CustomerServicePhone%22%3A%220515-83858990%22%2C%22ServiceTimeDescription%22%3A%22%u5468%u4E00%u81F3%u5468%u65E5%20%208%3A00-18%3A00%22%2C%22Domian%22%3A%22www.gdzwcs.com%22%2C%22LogoType%22%3A1%2C%22CopyrightStartTime%22%3A%222021%22%2C%22AppUrl%22%3A%22%22%2C%22IsOnlineCustomerSerivice%22%3Afalse%2C%22Setting%22%3A%7B%22IsAllowCreateOrderByPrivateMallNoCustomer%22%3Atrue%2C%22IsShowPriceForPrivateMall%22%3Afalse%2C%22IsBindCustomer%22%3Afalse%7D%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 05:36:43 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 5
Connection: keep-alive
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type,Access-Token,MallAppConfig
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Strict-Transport-Security: max-age=31536000
webapi.amap.com/maps?v=1.4.14&key=85026e6233e04ef41d9e3f9fe978da88
47.246.167.91200 OK 0 B URL HTTP/2 webapi.amap.com/maps?v=1.4.14&key=85026e6233e04ef41d9e3f9fe978da88
IP 47.246.167.91:0
ASN #45102 Alibaba US Technology Co., Ltd.
GET /maps?v=1.4.14&key=85026e6233e04ef41d9e3f9fe978da88 HTTP/1.1
Host: webapi.amap.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gdzwcs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 05:36:39 GMT
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
x-server-id: 72446e765a0ee479614554419edfe3ec15581c9f5ba7852ccf31945d6f96f4b084a5d848ba9f3278a30891e97ac3cbae
etag: W/116f5b67d4cebbe06eb4c82cde4dea46
cache-control: max-age=0
x-readtime: 2
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: *
content-encoding: gzip
server: Tengine/Aserver
eagleeye-traceid: 2102f56d16698729990586381e9c6e
strict-transport-security: max-age=0
timing-allow-origin: *
X-Firefox-Spdy: h2
hgp-public.oss-cn-hangzhou.aliyuncs.com/PrivateMallBanner/Tenant_29685/35/PrivateMall_BannerPicture_35_dd77797e-9ebc-4a1c-b7db-d549218078e2.jpg
47.110.178.119200 OK 0 B URL HTTP/1.1 hgp-public.oss-cn-hangzhou.aliyuncs.com/PrivateMallBanner/Tenant_29685/35/PrivateMall_BannerPicture_35_dd77797e-9ebc-4a1c-b7db-d549218078e2.jpg
IP 47.110.178.119:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
GET /PrivateMallBanner/Tenant_29685/35/PrivateMall_BannerPicture_35_dd77797e-9ebc-4a1c-b7db-d549218078e2.jpg HTTP/1.1
Host: hgp-public.oss-cn-hangzhou.aliyuncs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gdzwcs.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: AliyunOSS
Date: Thu, 01 Dec 2022 05:36:43 GMT
Content-Type: image/jpeg
Content-Length: 151421
Connection: keep-alive
x-oss-request-id: 63883D6BDC81703038488049
Accept-Ranges: bytes
ETag: "140991CF1E10E63D0CF9A94845871159"
Last-Modified: Tue, 10 Aug 2021 02:19:27 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 17271597019437243267
x-oss-storage-class: Standard
Content-MD5: FAmRzx4Q5j0M+alIRYcRWQ==
x-oss-server-time: 15
hgp-public.oss-cn-hangzhou.aliyuncs.com/PrivateMallBanner/Tenant_29685/35/PrivateMall_BannerPicture_35_9e01ecee-c930-40c3-88d4-1d52a88903d4.jpg
47.110.178.119200 OK 0 B URL HTTP/1.1 hgp-public.oss-cn-hangzhou.aliyuncs.com/PrivateMallBanner/Tenant_29685/35/PrivateMall_BannerPicture_35_9e01ecee-c930-40c3-88d4-1d52a88903d4.jpg
IP 47.110.178.119:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
GET /PrivateMallBanner/Tenant_29685/35/PrivateMall_BannerPicture_35_9e01ecee-c930-40c3-88d4-1d52a88903d4.jpg HTTP/1.1
Host: hgp-public.oss-cn-hangzhou.aliyuncs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gdzwcs.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: AliyunOSS
Date: Thu, 01 Dec 2022 05:36:43 GMT
Content-Type: image/jpeg
Content-Length: 281411
Connection: keep-alive
x-oss-request-id: 63883D6BD9478C32399517F3
Accept-Ranges: bytes
ETag: "B6BB5B887D6E9608D1B7896277284674"
Last-Modified: Tue, 10 Aug 2021 02:20:00 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 4301641724148055095
x-oss-storage-class: Standard
Content-MD5: trtbiH1ulgjRt4lidyhGdA==
x-oss-server-time: 15