Edit tour

Windows Analysis Report
http://im20.net/

Overview

General Information

Sample URL:	http://im20.net/
Analysis ID:	1493583
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected non-DNS traffic on DNS port

Classification

Process Tree

System is w10x64

chrome.exe (PID: 4960 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5460 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=2044,i,15425770461339576517,7441177578250678950,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6400 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://im20.net/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

HTTP traffic detected: POST /report/v4?s=D74C6Ri2hcbzlYWO1zMF%2BrbjBmGz63w4gDy%2BBGGAkQ05B19VmPL97482QRGUWGn8fQu3ifqFvdBLrySnMKyMDYO7e%2BEyd4I7qM28Q5MjepusBMPitn2xdhem2A%3D%3D HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 406Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 15 Aug 2024 22:20:27 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCache-Control: max-age=14400CF-Cache-Status: EXPIREDReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D74C6Ri2hcbzlYWO1zMF%2BrbjBmGz63w4gDy%2BBGGAkQ05B19VmPL97482QRGUWGn8fQu3ifqFvdBLrySnMKyMDYO7e%2BEyd4I7qM28Q5MjepusBMPitn2xdhem2A%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8b3c926f8941429a-EWRalt-svc: h3=":443"; ma=86400

Source: chromecache_77.2.dr	String found in binary or memory: http://im142.mom/generate-qrcode
Source: chromecache_81.2.dr	String found in binary or memory: https://im142.mom/
Source: chromecache_79.2.dr	String found in binary or memory: https://tretwq.oss-accelerate.aliyuncs.com/jstz/imdx.js

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56218
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56218 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49744 version: TLS 1.2

Source: classification engine

Classification label: mal56.win@19/53@20/9

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=2044,i,15425770461339576517,7441177578250678950,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://im20.net/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=2044,i,15425770461339576517,7441177578250678950,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://im20.net/	100%	Avira URL Cloud	phishing

Source	Detection	Scanner	Label
https://im142.mom/images/menu.png	0%	Avira URL Cloud	safe
https://im142.mom/images/banner.png	0%	Avira URL Cloud	safe
https://im142.mom/images/apk-zh.png	0%	Avira URL Cloud	safe
https://im142.mom/images/alarm.png	0%	Avira URL Cloud	safe
https://im142.mom/favicon.ico	0%	Avira URL Cloud	safe
https://im142.mom/images/bdTokenLogo.png	0%	Avira URL Cloud	safe
https://im142.mom/images/ewm_icon.png	0%	Avira URL Cloud	safe
https://a.nel.cloudflare.com/report/v4?s=D74C6Ri2hcbzlYWO1zMF%2BrbjBmGz63w4gDy%2BBGGAkQ05B19VmPL97482QRGUWGn8fQu3ifqFvdBLrySnMKyMDYO7e%2BEyd4I7qM28Q5MjepusBMPitn2xdhem2A%3D%3D	0%	Avira URL Cloud	safe
https://im142.mom/images/bdapk.png	0%	Avira URL Cloud	safe
https://im142.mom/generate-qrcode	0%	Avira URL Cloud	safe
http://im142.mom/generate-qrcode	0%	Avira URL Cloud	safe
https://im142.mom/images/ccc8.css	0%	Avira URL Cloud	safe
https://im20.net/favicon.ico	100%	Avira URL Cloud	phishing
https://im142.mom/images/bdpg.png	0%	Avira URL Cloud	safe
https://im142.mom/images/google-play.png	0%	Avira URL Cloud	safe
https://im142.mom/images/111f.css	0%	Avira URL Cloud	safe
https://tretwq.oss-accelerate.aliyuncs.com/jstz/imdx.js	0%	Avira URL Cloud	safe
https://im142.mom/images/swiper.min.css	0%	Avira URL Cloud	safe
https://im142.mom/images/app-store.png	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
eu-central-1.oss-acc.aliyuncs.com	47.254.187.65	true	false	unknown
bg.microsoft.map.fastly.net	199.232.210.172	true	false	unknown
a.nel.cloudflare.com	35.190.80.1	true	false	unknown
www.google.com	142.250.186.68	true	false	unknown
im20.net	188.114.96.3	true	false	unknown
im142.mom	8.218.143.165	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown
tretwq.oss-accelerate.aliyuncs.com	unknown	unknown	false	unknown
56.126.166.20.in-addr.arpa	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://im142.mom/favicon.ico	false	Avira URL Cloud: safe	unknown
https://im142.mom/images/apk-zh.png	false	Avira URL Cloud: safe	unknown
https://im142.mom/images/bdTokenLogo.png	false	Avira URL Cloud: safe	unknown
https://im142.mom/images/ewm_icon.png	false	Avira URL Cloud: safe	unknown
https://im142.mom/images/banner.png	false	Avira URL Cloud: safe	unknown
https://im142.mom/images/menu.png	false	Avira URL Cloud: safe	unknown
https://a.nel.cloudflare.com/report/v4?s=D74C6Ri2hcbzlYWO1zMF%2BrbjBmGz63w4gDy%2BBGGAkQ05B19VmPL97482QRGUWGn8fQu3ifqFvdBLrySnMKyMDYO7e%2BEyd4I7qM28Q5MjepusBMPitn2xdhem2A%3D%3D	false	Avira URL Cloud: safe	unknown
https://im142.mom/download.html	false		unknown
https://im142.mom/images/alarm.png	false	Avira URL Cloud: safe	unknown
https://im142.mom/generate-qrcode	false	Avira URL Cloud: safe	unknown
https://im142.mom/images/bdapk.png	false	Avira URL Cloud: safe	unknown
https://im20.net/favicon.ico	false	Avira URL Cloud: phishing	unknown
https://im142.mom/images/bdpg.png	false	Avira URL Cloud: safe	unknown
https://im142.mom/images/ccc8.css	false	Avira URL Cloud: safe	unknown
https://im142.mom/images/111f.css	false	Avira URL Cloud: safe	unknown
https://im142.mom/images/swiper.min.css	false	Avira URL Cloud: safe	unknown
https://im142.mom/images/google-play.png	false	Avira URL Cloud: safe	unknown
https://im142.mom/	false		unknown
https://tretwq.oss-accelerate.aliyuncs.com/jstz/imdx.js	false	Avira URL Cloud: safe	unknown
https://im142.mom/images/app-store.png	false	Avira URL Cloud: safe	unknown
https://im20.net/	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://im142.mom/generate-qrcode	chromecache_77.2.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.68	www.google.com	United States	15169	GOOGLEUS	false
8.218.143.165	im142.mom	Singapore	45102	CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC	false
47.254.187.65	eu-central-1.oss-acc.aliyuncs.com	United States	45102	CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
188.114.96.3	im20.net	European Union	13335	CLOUDFLARENETUS	false
142.250.186.164	unknown	United States	15169	GOOGLEUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4
192.168.2.5

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1493583
Start date and time:	2024-08-16 00:19:16 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 49s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://im20.net/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.win@19/53@20/9
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Browse: https://im142.mom/download.html

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.18.3, 142.250.185.142, 142.251.179.84, 34.104.35.123, 13.85.23.86, 199.232.210.172, 20.242.39.171, 192.229.221.95, 20.3.187.198, 20.166.126.56, 52.165.165.26, 131.107.255.255, 20.114.59.183, 142.250.184.227, 216.58.206.78
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, ocsp.edge.digicert.com, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: http://im20.net/

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1000 x 1000, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	46217
Entropy (8bit):	7.964374741757792
Encrypted:	false
SSDEEP:	768:syGVt5SSk+GII7jfi0LOURWhIozDk1RCf9ytwVVuEosk7JAl30TVcEHhISVOL:syCkLpjfV26+Dk7W9Qwvu1s4JYkTVcqS
MD5:	2DB0958F039A4F4E27989DFAE2DB6C4B
SHA1:	B47948C1F52C4DDDB810CDF79BE4671CAAE95E13
SHA-256:	55BA14C1276411D66A855994595FF557C06BA879CB7861059D777F070CD82281
SHA-512:	94BF6634A5F2CC9C1545B8A25E3EA8E2FAF978642B2CAC18BDCDB354B0CCB7A2B6420958DD6721F52D403961A4E18B41DF7F9BE72FD4EBC5AD73EC2B7FA35E5E
Malicious:	false
Reputation:	low
URL:	https://im142.mom/images/banner.png
Preview:	.PNG........IHDR.............z}$.....PLTE.............................................G@j02FB.g....f.ia<.........................9..c................lf.U..Y[kh....+........CEO}}}Y.^.~..}J........c].OQb.y................................1...`..'u.........&.{......NPW}..............................{}.FHR...IKT..........Qj......UW`....._ai........QS\..........Z\e............rtz.....B...............#..mntghp...............................l..T..'..........P.s.....o+-/...wz....1..u.......SMt'(Edel.....P...~..<?SD..wx.ZV\|...=?@IK]...K........... $?.\|u.tm9..}......^`a25747L[........7...............L.........V........M..H..........d..9....1..\|...ohX.....)..k....BCER...uv.H....Ngm...:S]...hi.ju.........]l.A.....o.....us.=....%.zbevr.U..H..ix..Xp..._...cyA..O..g..........tRNS.`.!y.@...1.Z.....IDATx...N.@...!..9+..c$.p...@..P.U Q.}.(..[^....x..Sgvw..q..%$.......-....h.....O.,+....e{..v.0....."qh..i...[.v.....+.....w....O>.....D....\|h....Q)LF..

Source: global traffic	TCP traffic: 192.168.2.4:49731 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.4:56212 -> 162.159.36.2:53

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: im20.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jstz/imdx.js HTTP/1.1Host: tretwq.oss-accelerate.aliyuncs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://im20.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: im142.momConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://im20.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /jstz/imdx.js HTTP/1.1Host: tretwq.oss-accelerate.aliyuncs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/swiper.min.css HTTP/1.1Host: im142.momConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://im142.mom/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/ccc8.css HTTP/1.1Host: im142.momConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://im142.mom/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/111f.css HTTP/1.1Host: im142.momConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://im142.mom/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/bdTokenLogo.png HTTP/1.1Host: im142.momConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://im142.mom/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/menu.png HTTP/1.1Host: im142.momConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://im142.mom/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/alarm.png HTTP/1.1Host: im142.momConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://im142.mom/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/bdpg.png HTTP/1.1Host: im142.momConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://im142.mom/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/bdapk.png HTTP/1.1Host: im142.momConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://im142.mom/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/bdTokenLogo.png HTTP/1.1Host: im142.momConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/ewm_icon.png HTTP/1.1Host: im142.momConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://im142.mom/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /generate-qrcode HTTP/1.1Host: im142.momConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://im142.mom/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/menu.png HTTP/1.1Host: im142.momConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/app-store.png HTTP/1.1Host: im142.momConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://im142.mom/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/bdpg.png HTTP/1.1Host: im142.momConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/apk-zh.png HTTP/1.1Host: im142.momConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://im142.mom/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/google-play.png HTTP/1.1Host: im142.momConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://im142.mom/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/alarm.png HTTP/1.1Host: im142.momConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/banner.png HTTP/1.1Host: im142.momConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://im142.mom/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/bdapk.png HTTP/1.1Host: im142.momConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/ewm_icon.png HTTP/1.1Host: im142.momConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/app-store.png HTTP/1.1Host: im142.momConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /generate-qrcode HTTP/1.1Host: im142.momConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/google-play.png HTTP/1.1Host: im142.momConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/apk-zh.png HTTP/1.1Host: im142.momConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: im20.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://im20.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/banner.png HTTP/1.1Host: im142.momConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InEyQ21jek5Tc1BjbVJvcTlUTmJVMlE9PSIsInZhbHVlIjoiT2Z5Y3U4Wkdieng5ZTFjdWlvMEJJUXZEclNpVDByeS9QS29VU09pTnJTZGFVTUFqa3h5cG5PRENxc0JvN1lXWDBiK1FEenhjUU1LdUNKV0ZyVDFEbmU3NkxIS2JWREtiays2eHpXTnZWbENHUWFzZnVCQUdOeEJYMTVKNk5oa2EiLCJtYWMiOiI4Yjg1ODg3NWFiYTY0OTUxNGRmMzhkYzhiNTY5MzUzZGM1YTk4NTk5Yjc3MjQ2ODU5MmJlYzE0YzhmMDQyYjIxIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkhUZzU5MEJtb1c5TVh0Vk5peGlWanc9PSIsInZhbHVlIjoiVytSNy9ReXp5bzBId1VpSnNqZjU4eVRjM1JFcDhueFVDTUVXMThTMlJSQXVFcnZrQjlzUk03TGJIajh1eDBGZ1psKzhsZ0F4NFlNS2tYSkJSNXcvU01Wb2JBME14RWs4c2hqUlpIYVJYOGsvclVTR1AxZDJGb1RkZjlNZlM0S28iLCJtYWMiOiIzOTFkZjhhMjFlNzI0NTBjNzNkMGYyNjRlYmIxZWZjYjkxMjM5YmU0Njg0NmUwMTEyYTAzNjg0NjA5NjlkYmMyIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /download.html HTTP/1.1Host: im142.momConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InEyQ21jek5Tc1BjbVJvcTlUTmJVMlE9PSIsInZhbHVlIjoiT2Z5Y3U4Wkdieng5ZTFjdWlvMEJJUXZEclNpVDByeS9QS29VU09pTnJTZGFVTUFqa3h5cG5PRENxc0JvN1lXWDBiK1FEenhjUU1LdUNKV0ZyVDFEbmU3NkxIS2JWREtiays2eHpXTnZWbENHUWFzZnVCQUdOeEJYMTVKNk5oa2EiLCJtYWMiOiI4Yjg1ODg3NWFiYTY0OTUxNGRmMzhkYzhiNTY5MzUzZGM1YTk4NTk5Yjc3MjQ2ODU5MmJlYzE0YzhmMDQyYjIxIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkhUZzU5MEJtb1c5TVh0Vk5peGlWanc9PSIsInZhbHVlIjoiVytSNy9ReXp5bzBId1VpSnNqZjU4eVRjM1JFcDhueFVDTUVXMThTMlJSQXVFcnZrQjlzUk03TGJIajh1eDBGZ1psKzhsZ0F4NFlNS2tYSkJSNXcvU01Wb2JBME14RWs4c2hqUlpIYVJYOGsvclVTR1AxZDJGb1RkZjlNZlM0S28iLCJtYWMiOiIzOTFkZjhhMjFlNzI0NTBjNzNkMGYyNjRlYmIxZWZjYjkxMjM5YmU0Njg0NmUwMTEyYTAzNjg0NjA5NjlkYmMyIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: im142.momConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://im142.mom/download.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkFCQk1FWlpiRFM2NGFpZmg3NSticlE9PSIsInZhbHVlIjoiVzBCS3lmYXFodmx2QnR2dmkrN3RaQTFwMmoyenhmZTNUOFBHTjRzc25YT0Z1aUxVTjdHZGQ1cks5UHhOWUZ3bzVNTGdvTGxTWW1SZjRUSFR4SGdVTnhlUmdzYWdmY1hZa0NLVk9CREI5NW9oQ1RGb0JzK3F1YlpmMjVLUjMzYWoiLCJtYWMiOiI4YzQ5YTg2NWE3NzllM2M5YjcwODA2Mzg5MGQ0YTYyZGRiZjEwMWFkMjg0Y2ViMDJhZGMxZjBkMjU5OWE2Y2RmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImozaVk0THR6ZFVqNEQwaFBnOEVOV1E9PSIsInZhbHVlIjoiNVNYWWlpdjdwT2hpeUFTV24zcTBsOEMrUVNYRGpyVjNxUUxvMW1PanFhTU9uZEFPUng1Q2FxMGd1VWFiR0x5RExuT1ZyWFZKblMyWGNmbkliNW02anNzTHVGMmFwQUVDVHN1aFdhTlU0S3U1c3pqM2ZNQ0d0TVVrb1NBL3k1cG8iLCJtYWMiOiI0ODc1NTZiMDJlMjRmNDNlODU1MTEwMjA1ODMxOGYyOTU2MDk3MWNkZDY0MDExZDgyNTMwOTYxZDNkOGI1MTFkIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: im142.momConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkFCQk1FWlpiRFM2NGFpZmg3NSticlE9PSIsInZhbHVlIjoiVzBCS3lmYXFodmx2QnR2dmkrN3RaQTFwMmoyenhmZTNUOFBHTjRzc25YT0Z1aUxVTjdHZGQ1cks5UHhOWUZ3bzVNTGdvTGxTWW1SZjRUSFR4SGdVTnhlUmdzYWdmY1hZa0NLVk9CREI5NW9oQ1RGb0JzK3F1YlpmMjVLUjMzYWoiLCJtYWMiOiI4YzQ5YTg2NWE3NzllM2M5YjcwODA2Mzg5MGQ0YTYyZGRiZjEwMWFkMjg0Y2ViMDJhZGMxZjBkMjU5OWE2Y2RmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImozaVk0THR6ZFVqNEQwaFBnOEVOV1E9PSIsInZhbHVlIjoiNVNYWWlpdjdwT2hpeUFTV24zcTBsOEMrUVNYRGpyVjNxUUxvMW1PanFhTU9uZEFPUng1Q2FxMGd1VWFiR0x5RExuT1ZyWFZKblMyWGNmbkliNW02anNzTHVGMmFwQUVDVHN1aFdhTlU0S3U1c3pqM2ZNQ0d0TVVrb1NBL3k1cG8iLCJtYWMiOiI0ODc1NTZiMDJlMjRmNDNlODU1MTEwMjA1ODMxOGYyOTU2MDk3MWNkZDY0MDExZDgyNTMwOTYxZDNkOGI1MTFkIiwidGFnIjoiIn0%3D

Source: global traffic	DNS traffic detected: DNS query: im20.net
Source: global traffic	DNS traffic detected: DNS query: tretwq.oss-accelerate.aliyuncs.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: im142.mom
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: 56.126.166.20.in-addr.arpa

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 16, 2024 00:20:11.052216053 CEST	53	59656	1.1.1.1	192.168.2.4
Aug 16, 2024 00:20:11.052248001 CEST	53	52575	1.1.1.1	192.168.2.4
Aug 16, 2024 00:20:11.052309990 CEST	53	64706	1.1.1.1	192.168.2.4
Aug 16, 2024 00:20:12.089020967 CEST	53	55993	1.1.1.1	192.168.2.4
Aug 16, 2024 00:20:12.712702036 CEST	50527	53	192.168.2.4	1.1.1.1
Aug 16, 2024 00:20:12.712816954 CEST	65417	53	192.168.2.4	1.1.1.1
Aug 16, 2024 00:20:12.727025986 CEST	53	65417	1.1.1.1	192.168.2.4
Aug 16, 2024 00:20:12.732116938 CEST	60126	53	192.168.2.4	1.1.1.1
Aug 16, 2024 00:20:12.732254028 CEST	56721	53	192.168.2.4	1.1.1.1
Aug 16, 2024 00:20:12.747495890 CEST	53	60126	1.1.1.1	192.168.2.4
Aug 16, 2024 00:20:12.749283075 CEST	53	50527	1.1.1.1	192.168.2.4
Aug 16, 2024 00:20:12.774132013 CEST	53	56721	1.1.1.1	192.168.2.4
Aug 16, 2024 00:20:13.870059013 CEST	60176	53	192.168.2.4	1.1.1.1
Aug 16, 2024 00:20:13.870244980 CEST	53727	53	192.168.2.4	1.1.1.1
Aug 16, 2024 00:20:14.041838884 CEST	53	60176	1.1.1.1	192.168.2.4
Aug 16, 2024 00:20:14.048012972 CEST	53	53727	1.1.1.1	192.168.2.4
Aug 16, 2024 00:20:15.770236015 CEST	59737	53	192.168.2.4	1.1.1.1
Aug 16, 2024 00:20:15.770370007 CEST	50307	53	192.168.2.4	1.1.1.1
Aug 16, 2024 00:20:15.781220913 CEST	53	50307	1.1.1.1	192.168.2.4
Aug 16, 2024 00:20:15.781244993 CEST	53	59737	1.1.1.1	192.168.2.4
Aug 16, 2024 00:20:15.844079971 CEST	64753	53	192.168.2.4	1.1.1.1
Aug 16, 2024 00:20:15.844506025 CEST	51668	53	192.168.2.4	1.1.1.1
Aug 16, 2024 00:20:15.859407902 CEST	53	64753	1.1.1.1	192.168.2.4
Aug 16, 2024 00:20:15.860611916 CEST	53	51668	1.1.1.1	192.168.2.4
Aug 16, 2024 00:20:16.647284985 CEST	53081	53	192.168.2.4	1.1.1.1
Aug 16, 2024 00:20:16.647531986 CEST	65108	53	192.168.2.4	1.1.1.1
Aug 16, 2024 00:20:17.113919020 CEST	53	53081	1.1.1.1	192.168.2.4
Aug 16, 2024 00:20:17.178997993 CEST	53	65108	1.1.1.1	192.168.2.4
Aug 16, 2024 00:20:21.813929081 CEST	63948	53	192.168.2.4	1.1.1.1
Aug 16, 2024 00:20:21.814057112 CEST	64870	53	192.168.2.4	1.1.1.1
Aug 16, 2024 00:20:21.826639891 CEST	53	63948	1.1.1.1	192.168.2.4
Aug 16, 2024 00:20:21.830697060 CEST	53	64870	1.1.1.1	192.168.2.4
Aug 16, 2024 00:20:27.945153952 CEST	56392	53	192.168.2.4	1.1.1.1
Aug 16, 2024 00:20:27.945601940 CEST	56638	53	192.168.2.4	1.1.1.1
Aug 16, 2024 00:20:27.953738928 CEST	53	56392	1.1.1.1	192.168.2.4
Aug 16, 2024 00:20:27.953751087 CEST	53	56638	1.1.1.1	192.168.2.4
Aug 16, 2024 00:20:29.330491066 CEST	53	60091	1.1.1.1	192.168.2.4
Aug 16, 2024 00:20:29.598093987 CEST	138	138	192.168.2.4	192.168.2.255
Aug 16, 2024 00:20:39.317133904 CEST	63624	53	192.168.2.4	1.1.1.1
Aug 16, 2024 00:20:39.317308903 CEST	63951	53	192.168.2.4	1.1.1.1
Aug 16, 2024 00:20:39.330749989 CEST	53	63624	1.1.1.1	192.168.2.4
Aug 16, 2024 00:20:39.334758043 CEST	53	63951	1.1.1.1	192.168.2.4
Aug 16, 2024 00:20:41.782694101 CEST	53	59718	162.159.36.2	192.168.2.4
Aug 16, 2024 00:20:42.348642111 CEST	49970	53	192.168.2.4	1.1.1.1
Aug 16, 2024 00:20:42.356061935 CEST	53	49970	1.1.1.1	192.168.2.4
Aug 16, 2024 00:21:15.824620008 CEST	65283	53	192.168.2.4	1.1.1.1
Aug 16, 2024 00:21:16.053354025 CEST	53	65283	1.1.1.1	192.168.2.4

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Aug 16, 2024 00:20:12.749414921 CEST	192.168.2.4	1.1.1.1	c1fe	(Port unreachable)	Destination Unreachable
Aug 16, 2024 00:20:17.179080009 CEST	192.168.2.4	1.1.1.1	c2c2	(Port unreachable)	Destination Unreachable

Timestamp	Bytes transferred	Direction	Data
2024-08-15 22:20:13 UTC	651	OUT	GET / HTTP/1.1 Host: im20.net Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-15 22:20:13 UTC	619	IN	HTTP/1.1 200 OK Date: Thu, 15 Aug 2024 22:20:13 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Last-Modified: Thu, 18 Jul 2024 06:09:54 GMT Accept-Ranges: bytes CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ytUy0kus0evtWUQVmlRmTOkk0DGAfc64k%2FnSiiOLg8ZI%2FxhqBeppp8lakLrumUqpwBsqSUprxaVfYMN3CiSokMZ01raFoEcZBL81HdLlOxvJSmXXWfHfUzUz6Q%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b3c92175d401801-EWR alt-svc: h3=":443"; ma=86400
2024-08-15 22:20:13 UTC	640	IN	Data Raw: 32 37 39 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e e6 ad a3 e5 9c a8 e6 89 93 e5 bc 80 e7 ab 99 e7 82 b9 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 36 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 30 25 20 61 75 74 6f 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 30 66 30 66 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 32 25 20 35 25 3b Data Ascii: 279<!doctype html><html><head> <meta charset="utf-8"> <title></title> <style> .container { width: 60%; margin: 10% auto 0; background-color: #f0f0f0; padding: 2% 5%;
2024-08-15 22:20:13 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-08-15 22:20:14 UTC	538	OUT	GET /jstz/imdx.js HTTP/1.1 Host: tretwq.oss-accelerate.aliyuncs.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://im20.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-15 22:20:15 UTC	626	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Thu, 15 Aug 2024 22:20:15 GMT Content-Type: application/javascript Content-Length: 5913 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding x-oss-request-id: 66BE7F1F9A252644C455EF55 Accept-Ranges: bytes ETag: "6C1AF40FC33373FBCDDAF9B665871286" Last-Modified: Fri, 09 Aug 2024 13:11:55 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 2438675698980264332 x-oss-storage-class: Standard x-oss-ec: 0048-00000113 Content-Disposition: attachment x-oss-force-download: true Content-MD5: bBr0D8Mzc/vN2vm2ZYcShg== x-oss-server-time: 65
2024-08-15 22:20:15 UTC	3470	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 20 69 73 53 70 69 64 65 72 28 29 20 7b 0d 0a 20 20 20 20 76 61 72 20 66 6c 61 67 20 3d 20 66 61 6c 73 65 3b 0d 0a 20 20 20 20 76 61 72 20 73 70 69 64 65 72 20 3d 20 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3b 0d 0a 20 20 20 20 76 61 72 20 73 70 69 64 65 72 53 69 74 65 20 3d 20 5b 27 62 61 69 64 75 73 70 69 64 65 72 27 2c 20 27 62 61 69 64 75 2e 27 2c 20 27 33 36 30 53 70 69 64 65 72 27 2c 20 27 73 6f 67 6f 75 2e 27 2c 20 27 73 6f 73 6f 2e 27 2c 20 27 79 69 73 6f 75 73 70 69 64 65 72 27 2c 20 27 62 69 6e 67 62 6f 74 27 2c 20 27 62 69 6e 67 2e 27 2c 20 27 67 6f 6f 67 6c 65 2e 27 2c 20 27 67 6f 6f 67 6c 65 62 6f 74 27 5d 3b 0d 0a 20 20 20 20 66 6f 72 20 28 6c 65 74 20 69 20 3d Data Ascii: function isSpider() { var flag = false; var spider = navigator.userAgent.toLowerCase(); var spiderSite = ['baiduspider', 'baidu.', '360Spider', 'sogou.', 'soso.', 'yisouspider', 'bingbot', 'bing.', 'google.', 'googlebot']; for (let i =
2024-08-15 22:20:15 UTC	18	IN	Data Raw: 20 20 20 7d 20 63 61 74 63 68 20 28 65 29 20 7b 0d 0a Data Ascii: } catch (e) {
2024-08-15 22:20:15 UTC	2425	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 69 6e 64 52 65 61 64 79 28 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 20 35 29 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 7d 0d 0a 7d 29 28 29 3b 0d 0a 0d 0a 0d 0a 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 72 65 6d 6f 76 65 41 74 74 72 69 62 75 74 65 28 27 73 74 79 6c 65 27 29 3b 0d 0a 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 73 74 79 6c 65 2e 77 69 64 74 68 20 3d 20 27 31 30 30 25 27 3b 0d 0a 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 73 74 79 Data Ascii: return; } bindReady(); }, 5); } }})();ready(function () { document.body.removeAttribute('style'); document.body.style.width = '100%'; document.body.sty

Timestamp	Bytes transferred	Direction	Data
2024-08-15 22:20:16 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-08-15 22:20:17 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (paa/6F76) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=44156 Date: Thu, 15 Aug 2024 22:20:17 GMT Connection: close X-CID: 2

Timestamp	Bytes transferred	Direction	Data
2024-08-15 22:20:17 UTC	664	OUT	GET / HTTP/1.1 Host: im142.mom Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://im20.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-15 22:20:17 UTC	1197	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 15 Aug 2024 22:20:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Cache-Control: private, must-revalidate pragma: no-cache expires: -1 Set-Cookie: XSRF-TOKEN=eyJpdiI6Inc4NUJrRUtKdFpDUk5NK2lZU1dHVmc9PSIsInZhbHVlIjoiR2YzV2p5aW0xSStrd0RvMDNhNHkvWjFXSmU1dHlqbm5WUGwxT09PWkkrODNPR2N1MkhJc3VXUGVlZnB0bDkraHhPTGRpVGd5RnY4V09hNlV4eU51cC9yUVcwQTFKM2l6NnVER1V3ZnA1dW5TWUlLKzZSODNIVk5paER2WjM0RE8iLCJtYWMiOiI1MDE5Y2Y2Nzk2MDUxYTAwY2E1MDI0NTU5ZTA5MTI0YTA4MzUyNmEyMjgzM2I2Y2I5NTA2OGUzYWJmOTZiMGQ4IiwidGFnIjoiIn0%3D; expires=Fri, 16 Aug 2024 00:20:17 GMT; Max-Age=7200; path=/; samesite=lax Set-Cookie: laravel_session=eyJpdiI6Im5PcENRdGFyQ0lRbXF4UVJLWWk4SWc9PSIsInZhbHVlIjoiYlJaMHJzOHp6ZmJ0VFU3THdQVlFFcWRHdGp6RWtCWUdONHZ1THdjd3FUemtKYktJUlhFaVhkVnorZjM4Z3FITysrcFNzZGVrNkl5cm5MaXZaTHFYK0pMY3lUV1RyY0VqaFZyaUl3aTJ2VGxRUDZZaE8xUEdVTzEwTEVia0t1RDIiLCJtYWMiOiI0OGM3ODY2MGE3Y2I4Y2ExMzVlZDcyMDFmMTg0YjU1NzhmOWMzYjNiOWZhMWFiN2MzODBjNGZhNDZmZmRhNjY1IiwidGFnIjoiIn0%3D; expires=Fri, 16 Aug 2024 00:20:17 GMT; Max-Age=7200; path=/; httponly; samesite=lax Strict-Transport-Security: max-age=31536000
2024-08-15 22:20:17 UTC	6959	IN	Data Raw: 31 62 32 32 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 7a 68 2d 43 4e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 62 61 69 64 75 2d 73 69 74 65 2d 76 65 72 69 66 69 63 61 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 63 6f 64 65 2d 35 49 31 44 56 36 58 45 64 45 22 3e 3c 6d 65 74 61 20 6e 61 Data Ascii: 1b22<html lang="zh-CN"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no"><meta name="baidu-site-verification" content="code-5I1DV6XEdE"><meta na

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5698), with CRLF line terminators
Category:	downloaded
Size (bytes):	80757
Entropy (8bit):	5.005792842230702
Encrypted:	false
SSDEEP:	768:gbKMmczw0lPtuGZjzlL2PzW2NbMUx/3YmGNQscx:EKVcMStuGZjgzBCW/oJWJ
MD5:	847C0664353B3F30CFA9C440DD70C41C
SHA1:	9B27954A58DA023D2FDAB00B08DB31E363EF737D
SHA-256:	CB33021EFD71A3A62082C7AECCE8EA046B48BD1A96044A3FFDCECE1212F3BFE4
SHA-512:	9A2A10D86FBC8534C293E639FF50F6D3BC4256D349CB0785FBF42873D51F470196FBB42E6620287EF00F201C55E95AD7C41FA341A91171133F37FC00DF7F4C48
Malicious:	false
Reputation:	low
URL:	https://im142.mom/images/ccc8.css
Preview:	.ant-card{-webkit-box-sizing:border-box;box-sizing:border-box;margin:0;padding:0;color:rgba(0,0,0,0.65);font-size:14px;font-variant:tabular-nums;line-height:1.5;list-style:none;-webkit-font-feature-settings:'tnum';font-feature-settings:'tnum';position:relative;background:#fff;border-radius:2px;-webkit-transition:all .3s;transition:all .3s}.ant-card-hoverable{cursor:pointer}.ant-card-hoverable:hover{border-color:rgba(0,0,0,0.09);-webkit-box-shadow:0 2px 8px rgba(0,0,0,0.09);box-shadow:0 2px 8px rgba(0,0,0,0.09)}.ant-card-bordered{border:1px solid #e8e8e8}.ant-card-head{min-height:48px;margin-bottom:-1px;padding:0 24px;color:rgba(0,0,0,0.85);font-weight:500;font-size:16px;background:transparent;border-bottom:1px solid #e8e8e8;border-radius:2px 2px 0 0;zoom:1}.ant-card-head::before,.ant-card-head::after{display:table;content:''}.ant-card-head::after{clear:both}.ant-card-head-wrapper{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-i

Timestamp	Bytes transferred	Direction	Data
2024-08-15 22:20:18 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-08-15 22:20:18 UTC	514	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=66265 Date: Thu, 15 Aug 2024 22:20:18 GMT Content-Length: 55 Connection: close X-CID: 2
2024-08-15 22:20:18 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Timestamp	Bytes transferred	Direction	Data
2024-08-15 22:20:18 UTC	370	OUT	GET /jstz/imdx.js HTTP/1.1 Host: tretwq.oss-accelerate.aliyuncs.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-15 22:20:19 UTC	626	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Thu, 15 Aug 2024 22:20:18 GMT Content-Type: application/javascript Content-Length: 5913 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding x-oss-request-id: 66BE7F221748995F017674F6 Accept-Ranges: bytes ETag: "6C1AF40FC33373FBCDDAF9B665871286" Last-Modified: Fri, 09 Aug 2024 13:11:55 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 2438675698980264332 x-oss-storage-class: Standard x-oss-ec: 0048-00000113 Content-Disposition: attachment x-oss-force-download: true Content-MD5: bBr0D8Mzc/vN2vm2ZYcShg== x-oss-server-time: 29
2024-08-15 22:20:19 UTC	3470	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 20 69 73 53 70 69 64 65 72 28 29 20 7b 0d 0a 20 20 20 20 76 61 72 20 66 6c 61 67 20 3d 20 66 61 6c 73 65 3b 0d 0a 20 20 20 20 76 61 72 20 73 70 69 64 65 72 20 3d 20 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3b 0d 0a 20 20 20 20 76 61 72 20 73 70 69 64 65 72 53 69 74 65 20 3d 20 5b 27 62 61 69 64 75 73 70 69 64 65 72 27 2c 20 27 62 61 69 64 75 2e 27 2c 20 27 33 36 30 53 70 69 64 65 72 27 2c 20 27 73 6f 67 6f 75 2e 27 2c 20 27 73 6f 73 6f 2e 27 2c 20 27 79 69 73 6f 75 73 70 69 64 65 72 27 2c 20 27 62 69 6e 67 62 6f 74 27 2c 20 27 62 69 6e 67 2e 27 2c 20 27 67 6f 6f 67 6c 65 2e 27 2c 20 27 67 6f 6f 67 6c 65 62 6f 74 27 5d 3b 0d 0a 20 20 20 20 66 6f 72 20 28 6c 65 74 20 69 20 3d Data Ascii: function isSpider() { var flag = false; var spider = navigator.userAgent.toLowerCase(); var spiderSite = ['baiduspider', 'baidu.', '360Spider', 'sogou.', 'soso.', 'yisouspider', 'bingbot', 'bing.', 'google.', 'googlebot']; for (let i =
2024-08-15 22:20:19 UTC	18	IN	Data Raw: 20 20 20 7d 20 63 61 74 63 68 20 28 65 29 20 7b 0d 0a Data Ascii: } catch (e) {
2024-08-15 22:20:19 UTC	2425	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 69 6e 64 52 65 61 64 79 28 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 20 35 29 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 7d 0d 0a 7d 29 28 29 3b 0d 0a 0d 0a 0d 0a 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 72 65 6d 6f 76 65 41 74 74 72 69 62 75 74 65 28 27 73 74 79 6c 65 27 29 3b 0d 0a 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 73 74 79 6c 65 2e 77 69 64 74 68 20 3d 20 27 31 30 30 25 27 3b 0d 0a 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 73 74 79 Data Ascii: return; } bindReady(); }, 5); } }})();ready(function () { document.body.removeAttribute('style'); document.body.style.width = '100%'; document.body.sty

Timestamp	Bytes transferred	Direction	Data
2024-08-15 22:20:19 UTC	538	OUT	GET /images/swiper.min.css HTTP/1.1 Host: im142.mom Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://im142.mom/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-15 22:20:21 UTC	296	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 15 Aug 2024 22:20:20 GMT Content-Type: text/css Content-Length: 19552 Connection: close Vary: Accept-Encoding Last-Modified: Wed, 20 Mar 2024 09:21:13 GMT ETag: "65faaa89-4c60" Strict-Transport-Security: max-age=31536000 Accept-Ranges: bytes
2024-08-15 22:20:21 UTC	16088	IN	Data Raw: 0a 20 2e 73 77 69 70 65 72 2d 63 6f 6e 74 61 69 6e 65 72 7b 6d 61 72 67 69 6e 3a 30 20 61 75 74 6f 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 6c 69 73 74 2d 73 74 79 6c 65 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 30 3b 7a 2d 69 6e 64 65 78 3a 31 7d 2e 73 77 69 70 65 72 2d 63 6f 6e 74 61 69 6e 65 72 2d 6e 6f 2d 66 6c 65 78 62 6f 78 20 2e 73 77 69 70 65 72 2d 73 6c 69 64 65 7b 66 6c 6f 61 74 3a 6c 65 66 74 7d 2e 73 77 69 70 65 72 2d 63 6f 6e 74 61 69 6e 65 72 2d 76 65 72 74 69 63 61 6c 3e 2e 73 77 69 70 65 72 2d 77 72 61 70 70 65 72 7b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 76 65 72 74 69 63 61 6c 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d Data Ascii: .swiper-container{margin:0 auto;position:relative;overflow:hidden;list-style:none;padding:0;z-index:1}.swiper-container-no-flexbox .swiper-slide{float:left}.swiper-container-vertical>.swiper-wrapper{-webkit-box-orient:vertical;-webkit-box-direction:norm
2024-08-15 22:20:21 UTC	3464	IN	Data Raw: 78 6c 69 6e 6b 25 33 41 68 72 65 66 25 33 44 27 25 32 33 6c 27 25 32 30 6f 70 61 63 69 74 79 25 33 44 27 2e 33 37 27 25 32 30 74 72 61 6e 73 66 6f 72 6d 25 33 44 27 72 6f 74 61 74 65 28 31 38 30 25 32 30 36 30 25 32 43 36 30 29 27 25 32 46 25 33 45 25 33 43 75 73 65 25 32 30 78 6c 69 6e 6b 25 33 41 68 72 65 66 25 33 44 27 25 32 33 6c 27 25 32 30 6f 70 61 63 69 74 79 25 33 44 27 2e 34 36 27 25 32 30 74 72 61 6e 73 66 6f 72 6d 25 33 44 27 72 6f 74 61 74 65 28 32 31 30 25 32 30 36 30 25 32 43 36 30 29 27 25 32 46 25 33 45 25 33 43 75 73 65 25 32 30 78 6c 69 6e 6b 25 33 41 68 72 65 66 25 33 44 27 25 32 33 6c 27 25 32 30 6f 70 61 63 69 74 79 25 33 44 27 2e 35 36 27 25 32 30 74 72 61 6e 73 66 6f 72 6d 25 33 44 27 72 6f 74 61 74 65 28 32 34 30 25 32 30 36 30 25 Data Ascii: xlink%3Ahref%3D'%23l'%20opacity%3D'.37'%20transform%3D'rotate(180%2060%2C60)'%2F%3E%3Cuse%20xlink%3Ahref%3D'%23l'%20opacity%3D'.46'%20transform%3D'rotate(210%2060%2C60)'%2F%3E%3Cuse%20xlink%3Ahref%3D'%23l'%20opacity%3D'.56'%20transform%3D'rotate(240%2060%

Timestamp	Bytes transferred	Direction	Data
2024-08-15 22:20:19 UTC	532	OUT	GET /images/ccc8.css HTTP/1.1 Host: im142.mom Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://im142.mom/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-15 22:20:21 UTC	297	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 15 Aug 2024 22:20:20 GMT Content-Type: text/css Content-Length: 80757 Connection: close Vary: Accept-Encoding Last-Modified: Wed, 20 Mar 2024 09:21:07 GMT ETag: "65faaa83-13b75" Strict-Transport-Security: max-age=31536000 Accept-Ranges: bytes
2024-08-15 22:20:21 UTC	16087	IN	Data Raw: 2e 61 6e 74 2d 63 61 72 64 7b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 3b 63 6f 6c 6f 72 3a 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 36 35 29 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 66 6f 6e 74 2d 76 61 72 69 61 6e 74 3a 74 61 62 75 6c 61 72 2d 6e 75 6d 73 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 35 3b 6c 69 73 74 2d 73 74 79 6c 65 3a 6e 6f 6e 65 3b 2d 77 65 62 6b 69 74 2d 66 6f 6e 74 2d 66 65 61 74 75 72 65 2d 73 65 74 74 69 6e 67 73 3a 27 74 6e 75 6d 27 3b 66 6f 6e 74 2d 66 65 61 74 75 72 65 2d 73 65 74 74 69 6e 67 73 3a 27 74 6e 75 6d 27 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c Data Ascii: .ant-card{-webkit-box-sizing:border-box;box-sizing:border-box;margin:0;padding:0;color:rgba(0,0,0,0.65);font-size:14px;font-variant:tabular-nums;line-height:1.5;list-style:none;-webkit-font-feature-settings:'tnum';font-feature-settings:'tnum';position:rel
2024-08-15 22:20:21 UTC	16384	IN	Data Raw: 6e 2d 6c 65 66 74 20 2e 33 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 30 2e 36 34 35 2c 30 2e 30 34 35 2c 30 2e 33 35 35 2c 31 29 3b 77 69 6c 6c 2d 63 68 61 6e 67 65 3a 6d 61 72 67 69 6e 2d 6c 65 66 74 7d 2e 61 6e 74 2d 74 61 62 73 20 2e 61 6e 74 2d 74 61 62 73 2d 6c 65 66 74 2d 62 61 72 2c 2e 61 6e 74 2d 74 61 62 73 20 2e 61 6e 74 2d 74 61 62 73 2d 72 69 67 68 74 2d 62 61 72 7b 68 65 69 67 68 74 3a 31 30 30 25 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 30 7d 2e 61 6e 74 2d 74 61 62 73 20 2e 61 6e 74 2d 74 61 62 73 2d 6c 65 66 74 2d 62 61 72 20 2e 61 6e 74 2d 74 61 62 73 2d 74 61 62 2d 61 72 72 6f 77 2d 73 68 6f 77 2c 2e 61 6e 74 2d 74 61 62 73 20 2e 61 6e 74 2d 74 61 62 73 2d 72 69 67 68 74 2d 62 61 72 20 2e 61 6e 74 2d 74 61 62 73 2d 74 61 62 2d 61 Data Ascii: n-left .3s cubic-bezier(0.645,0.045,0.355,1);will-change:margin-left}.ant-tabs .ant-tabs-left-bar,.ant-tabs .ant-tabs-right-bar{height:100%;border-bottom:0}.ant-tabs .ant-tabs-left-bar .ant-tabs-tab-arrow-show,.ant-tabs .ant-tabs-right-bar .ant-tabs-tab-a
2024-08-15 22:20:23 UTC	16384	IN	Data Raw: 6f 6c 2d 78 73 2d 70 75 6c 6c 2d 32 33 7b 72 69 67 68 74 3a 39 35 2e 38 33 33 33 33 33 33 33 25 7d 2e 61 6e 74 2d 63 6f 6c 2d 78 73 2d 6f 66 66 73 65 74 2d 32 33 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 39 35 2e 38 33 33 33 33 33 33 33 25 7d 2e 61 6e 74 2d 63 6f 6c 2d 78 73 2d 6f 72 64 65 72 2d 32 33 7b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 64 69 6e 61 6c 2d 67 72 6f 75 70 3a 32 34 3b 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 32 33 3b 6f 72 64 65 72 3a 32 33 7d 2e 61 6e 74 2d 63 6f 6c 2d 78 73 2d 32 32 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 77 69 64 74 68 3a 39 31 2e 36 36 36 36 36 36 36 37 Data Ascii: ol-xs-pull-23{right:95.83333333%}.ant-col-xs-offset-23{margin-left:95.83333333%}.ant-col-xs-order-23{-webkit-box-ordinal-group:24;-ms-flex-order:23;order:23}.ant-col-xs-22{display:block;-webkit-box-sizing:border-box;box-sizing:border-box;width:91.66666667
2024-08-15 22:20:23 UTC	16384	IN	Data Raw: 66 73 65 74 2d 31 39 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 37 39 2e 31 36 36 36 36 36 36 37 25 7d 2e 61 6e 74 2d 63 6f 6c 2d 6d 64 2d 6f 72 64 65 72 2d 31 39 7b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 64 69 6e 61 6c 2d 67 72 6f 75 70 3a 32 30 3b 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 31 39 3b 6f 72 64 65 72 3a 31 39 7d 2e 61 6e 74 2d 63 6f 6c 2d 6d 64 2d 31 38 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 77 69 64 74 68 3a 37 35 25 7d 2e 61 6e 74 2d 63 6f 6c 2d 6d 64 2d 70 75 73 68 2d 31 38 7b 6c 65 66 74 3a 37 35 25 7d 2e 61 6e 74 2d 63 6f 6c 2d 6d 64 2d 70 75 6c 6c 2d 31 38 7b 72 69 67 68 74 Data Ascii: fset-19{margin-left:79.16666667%}.ant-col-md-order-19{-webkit-box-ordinal-group:20;-ms-flex-order:19;order:19}.ant-col-md-18{display:block;-webkit-box-sizing:border-box;box-sizing:border-box;width:75%}.ant-col-md-push-18{left:75%}.ant-col-md-pull-18{right
2024-08-15 22:20:23 UTC	15518	IN	Data Raw: 36 3b 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 31 35 3b 6f 72 64 65 72 3a 31 35 7d 2e 61 6e 74 2d 63 6f 6c 2d 78 6c 2d 31 34 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 77 69 64 74 68 3a 35 38 2e 33 33 33 33 33 33 33 33 25 7d 2e 61 6e 74 2d 63 6f 6c 2d 78 6c 2d 70 75 73 68 2d 31 34 7b 6c 65 66 74 3a 35 38 2e 33 33 33 33 33 33 33 33 25 7d 2e 61 6e 74 2d 63 6f 6c 2d 78 6c 2d 70 75 6c 6c 2d 31 34 7b 72 69 67 68 74 3a 35 38 2e 33 33 33 33 33 33 33 33 25 7d 2e 61 6e 74 2d 63 6f 6c 2d 78 6c 2d 6f 66 66 73 65 74 2d 31 34 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 35 38 2e 33 33 33 33 33 33 33 33 25 7d 2e 61 Data Ascii: 6;-ms-flex-order:15;order:15}.ant-col-xl-14{display:block;-webkit-box-sizing:border-box;box-sizing:border-box;width:58.33333333%}.ant-col-xl-push-14{left:58.33333333%}.ant-col-xl-pull-14{right:58.33333333%}.ant-col-xl-offset-14{margin-left:58.33333333%}.a

Timestamp	Bytes transferred	Direction	Data
2024-08-15 22:20:19 UTC	532	OUT	GET /images/111f.css HTTP/1.1 Host: im142.mom Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://im142.mom/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-15 22:20:21 UTC	298	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 15 Aug 2024 22:20:20 GMT Content-Type: text/css Content-Length: 230780 Connection: close Vary: Accept-Encoding Last-Modified: Wed, 20 Mar 2024 09:21:00 GMT ETag: "65faaa7c-3857c" Strict-Transport-Security: max-age=31536000 Accept-Ranges: bytes
2024-08-15 22:20:21 UTC	16086	IN	Data Raw: 62 6f 64 79 2c 68 74 6d 6c 7b 77 69 64 74 68 3a 31 30 30 25 3b 68 65 69 67 68 74 3a 31 30 30 25 7d 69 6e 70 75 74 3a 3a 2d 6d 73 2d 63 6c 65 61 72 2c 69 6e 70 75 74 3a 3a 2d 6d 73 2d 72 65 76 65 61 6c 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 2a 2c 3a 3a 61 66 74 65 72 2c 3a 3a 62 65 66 6f 72 65 7b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 7d 68 74 6d 6c 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 73 61 6e 73 2d 73 65 72 69 66 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 31 35 3b 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 31 30 30 25 3b 2d 6d 73 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 31 30 30 25 3b 2d 6d Data Ascii: body,html{width:100%;height:100%}input::-ms-clear,input::-ms-reveal{display:none}*,::after,::before{-webkit-box-sizing:border-box;box-sizing:border-box}html{font-family:sans-serif;line-height:1.15;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%;-m
2024-08-15 22:20:21 UTC	16384	IN	Data Raw: 30 66 66 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 30 20 30 20 23 31 38 39 30 66 66 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 30 20 30 20 36 70 78 20 76 61 72 28 2d 2d 61 6e 74 64 2d 77 61 76 65 2d 73 68 61 64 6f 77 2d 63 6f 6c 6f 72 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 30 20 30 20 36 70 78 20 76 61 72 28 2d 2d 61 6e 74 64 2d 77 61 76 65 2d 73 68 61 64 6f 77 2d 63 6f 6c 6f 72 29 7d 7d 40 2d 77 65 62 6b 69 74 2d 6b 65 79 66 72 61 6d 65 73 20 66 61 64 65 45 66 66 65 63 74 7b 31 30 30 25 7b 6f 70 61 63 69 74 79 3a 30 7d 7d 40 6b 65 79 66 72 61 6d 65 73 20 66 61 64 65 45 66 66 65 63 74 7b 31 30 30 25 7b 6f 70 61 63 69 74 79 3a 30 7d 7d 2e 73 6c 69 64 65 2d 75 70 2d 61 70 70 65 61 72 2c 2e 73 6c 69 64 65 2d 75 70 2d 65 6e 74 65 Data Ascii: 0ff;box-shadow:0 0 0 #1890ff;-webkit-box-shadow:0 0 0 6px var(--antd-wave-shadow-color);box-shadow:0 0 0 6px var(--antd-wave-shadow-color)}}@-webkit-keyframes fadeEffect{100%{opacity:0}}@keyframes fadeEffect{100%{opacity:0}}.slide-up-appear,.slide-up-ente
2024-08-15 22:20:21 UTC	16384	IN	Data Raw: 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 61 6e 74 5a 6f 6f 6d 4c 65 66 74 49 6e 3b 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 61 6e 74 5a 6f 6f 6d 4c 65 66 74 49 6e 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 70 6c 61 79 2d 73 74 61 74 65 3a 72 75 6e 6e 69 6e 67 3b 61 6e 69 6d 61 74 69 6f 6e 2d 70 6c 61 79 2d 73 74 61 74 65 3a 72 75 6e 6e 69 6e 67 7d 2e 7a 6f 6f 6d 2d 6c 65 66 74 2d 6c 65 61 76 65 2e 7a 6f 6f 6d 2d 6c 65 66 74 2d 6c 65 61 76 65 2d 61 63 74 69 76 65 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 61 6e 74 5a 6f 6f 6d 4c 65 66 74 4f 75 74 3b 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 61 6e 74 5a 6f 6f 6d 4c 65 66 74 4f 75 74 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 70 6c 61 Data Ascii: t-animation-name:antZoomLeftIn;animation-name:antZoomLeftIn;-webkit-animation-play-state:running;animation-play-state:running}.zoom-left-leave.zoom-left-leave-active{-webkit-animation-name:antZoomLeftOut;animation-name:antZoomLeftOut;-webkit-animation-pla
2024-08-15 22:20:21 UTC	16384	IN	Data Raw: 3a 70 6f 69 6e 74 65 72 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 2e 63 6f 6d 6d 6f 6e 2d 66 6f 6f 74 65 72 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6c 69 6e 6b 73 2d 69 74 65 6d 20 61 3a 68 6f 76 65 72 7b 63 6f 6c 6f 72 3a 23 31 39 31 63 31 65 7d 2e 73 75 62 73 63 72 69 62 65 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 70 78 7d 2e 73 75 62 73 63 72 69 62 65 20 2e 73 75 62 73 63 72 69 62 65 2d 69 6e 70 75 74 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 32 30 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 32 66 34 66 35 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 6f 75 74 6c 69 6e 65 3a 30 3b 70 61 64 64 69 6e 67 3a 30 20 34 30 70 78 20 30 20 32 30 70 78 3b 68 65 69 67 Data Ascii: :pointer;text-decoration:none}.common-footer .nav-links .links-item a:hover{color:#191c1e}.subscribe{position:relative;margin-top:10px}.subscribe .subscribe-input{border-radius:20px;background-color:#f2f4f5;border:none;outline:0;padding:0 40px 0 20px;heig
2024-08-15 22:20:21 UTC	16384	IN	Data Raw: 6f 6e 74 61 63 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 61 66 62 66 63 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 7d 2e 68 6f 6d 65 2d 70 61 67 65 20 2e 63 6f 6e 74 61 63 74 20 2e 63 6f 6e 74 61 63 74 2d 69 6e 6e 65 72 7b 77 69 64 74 68 3a 31 31 36 38 70 78 3b 6d 61 72 67 69 6e 3a 30 20 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 31 30 30 70 78 20 30 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 38 30 70 78 3b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 36 30 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 31 30 32 34 70 78 29 7b 2e 68 6f 6d 65 2d 70 61 67 65 20 2e 63 6f 6e 74 61 63 74 20 2e 63 6f 6e 74 61 63 74 2d 69 6e 6e 65 Data Ascii: ontact{width:100%;background-color:#fafbfc;background-color:#fff}.home-page .contact .contact-inner{width:1168px;margin:0 auto;padding:100px 0;padding-top:80px;padding-bottom:60px}@media only screen and (max-width:1024px){.home-page .contact .contact-inne
2024-08-15 22:20:21 UTC	16384	IN	Data Raw: 78 29 7b 2e 74 6f 6b 65 6e 6c 6f 6e 2d 70 61 67 65 20 2e 77 6f 72 6b 20 2e 77 6f 72 6b 2d 74 69 74 6c 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 32 70 78 3b 70 61 64 64 69 6e 67 3a 30 20 31 36 70 78 7d 7d 2e 74 6f 6b 65 6e 6c 6f 6e 2d 70 61 67 65 20 2e 77 6f 72 6b 20 2e 77 6f 72 6b 2d 63 6f 6e 74 61 69 6e 65 72 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 39 30 70 78 7d 2e 74 6f 6b 65 6e 6c 6f 6e 2d 70 61 67 65 20 2e 77 6f 72 6b 20 2e 77 6f 72 6b 2d 63 6f 6e 74 61 69 6e 65 72 20 2e 77 6f 72 6b 2d 70 69 63 74 75 72 65 2e 64 65 73 6b 74 6f 70 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 2e 74 6f 6b 65 6e 6c Data Ascii: x){.tokenlon-page .work .work-title{font-size:32px;padding:0 16px}}.tokenlon-page .work .work-container{display:flex;justify-content:center;align-items:center;margin-top:90px}.tokenlon-page .work .work-container .work-picture.desktop{display:block}.tokenl
2024-08-15 22:20:21 UTC	16384	IN	Data Raw: 33 70 78 3b 74 6f 70 3a 2d 33 70 78 3b 77 69 64 74 68 3a 35 70 78 3b 68 65 69 67 68 74 3a 35 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 35 30 25 7d 2e 61 62 6f 75 74 2d 70 61 67 65 20 2e 65 76 65 6e 74 73 20 2e 73 65 63 74 69 6f 6e 2d 69 6e 6e 65 72 20 2e 62 69 67 2d 65 76 65 6e 74 73 20 2e 65 76 65 6e 74 2d 6c 69 6e 65 20 2e 65 76 65 6e 74 2d 64 65 73 63 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 35 70 78 7d 2e 61 62 6f 75 74 2d 70 61 67 65 20 2e 65 76 65 6e 74 73 20 2e 73 65 63 74 69 6f 6e 2d 69 6e 6e 65 72 20 2e 62 69 67 2d 65 76 65 6e 74 73 20 2e 65 76 65 6e 74 2d 6c 69 6e 65 20 2e 65 76 65 6e 74 2d 64 65 73 63 20 2e 65 76 65 6e 74 2d 74 69 74 6c 65 7b 6d 61 78 2d 77 69 64 74 68 Data Ascii: 3px;top:-3px;width:5px;height:5px;background-color:#000;border-radius:50%}.about-page .events .section-inner .big-events .event-line .event-desc{padding-left:5px}.about-page .events .section-inner .big-events .event-line .event-desc .event-title{max-width
2024-08-15 22:20:21 UTC	16384	IN	Data Raw: 6f 7b 6f 70 61 63 69 74 79 3a 30 7d 7d 40 6b 65 79 66 72 61 6d 65 73 20 6d 6d 73 6c 69 64 65 49 6e 7b 66 72 6f 6d 7b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 59 28 31 35 25 29 7d 74 6f 7b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 59 28 30 29 7d 7d 40 6b 65 79 66 72 61 6d 65 73 20 6d 6d 73 6c 69 64 65 4f 75 74 7b 66 72 6f 6d 7b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 59 28 30 29 7d 74 6f 7b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 59 28 2d 31 30 25 29 7d 7d 2e 6d 69 63 72 6f 6d 6f 64 61 6c 2d 73 6c 69 64 65 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 2e 6d 69 63 72 6f 6d 6f 64 61 6c 2d 73 6c 69 64 65 2e 69 73 2d 6f 70 65 6e 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 2e 6d 69 63 72 6f 6d 6f 64 Data Ascii: o{opacity:0}}@keyframes mmslideIn{from{transform:translateY(15%)}to{transform:translateY(0)}}@keyframes mmslideOut{from{transform:translateY(0)}to{transform:translateY(-10%)}}.micromodal-slide{display:none}.micromodal-slide.is-open{display:block}.micromod
2024-08-15 22:20:21 UTC	16384	IN	Data Raw: 64 69 6e 67 3a 31 32 34 70 78 20 30 20 39 36 70 78 20 30 7d 2e 62 72 61 6e 64 2d 70 61 67 65 20 2e 64 65 73 63 2d 73 65 63 74 69 6f 6e 20 2e 64 65 73 63 2d 69 6e 6e 65 72 7b 77 69 64 74 68 3a 31 30 30 25 3b 6d 61 78 2d 77 69 64 74 68 3a 31 31 36 38 70 78 3b 6d 61 72 67 69 6e 3a 30 20 61 75 74 6f 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 2d 66 6c 6f 77 3a 72 6f 77 20 6e 6f 77 72 61 70 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 62 65 74 77 65 65 6e 7d 2e 62 72 61 6e 64 2d 70 61 67 65 20 2e 64 65 73 63 2d 73 65 63 74 69 6f 6e 20 2e 64 65 73 63 2d 69 6e 6e 65 72 20 2e 6f 2d 64 6f 77 6e 6c 6f 61 64 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 77 Data Ascii: ding:124px 0 96px 0}.brand-page .desc-section .desc-inner{width:100%;max-width:1168px;margin:0 auto;display:flex;flex-flow:row nowrap;align-items:center;justify-content:space-between}.brand-page .desc-section .desc-inner .o-download{display:inline-block;w
2024-08-15 22:20:21 UTC	16384	IN	Data Raw: 65 72 2c 2e 61 6e 74 2d 62 74 6e 5b 64 69 73 61 62 6c 65 64 5d 3e 61 3a 6f 6e 6c 79 2d 63 68 69 6c 64 3a 3a 61 66 74 65 72 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 30 3b 72 69 67 68 74 3a 30 3b 62 6f 74 74 6f 6d 3a 30 3b 6c 65 66 74 3a 30 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 30 20 30 3b 63 6f 6e 74 65 6e 74 3a 27 27 7d 2e 61 6e 74 2d 62 74 6e 2e 61 63 74 69 76 65 2c 2e 61 6e 74 2d 62 74 6e 3a 61 63 74 69 76 65 2c 2e 61 6e 74 2d 62 74 6e 3a 66 6f 63 75 73 2c 2e 61 6e 74 2d 62 74 6e 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 7d 2e 61 6e 74 2d 62 74 6e 3e 69 2c 2e 61 6e 74 2d 62 74 6e 3e 73 70 61 6e 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d Data Ascii: er,.ant-btn[disabled]>a:only-child::after{position:absolute;top:0;right:0;bottom:0;left:0;background:0 0;content:''}.ant-btn.active,.ant-btn:active,.ant-btn:focus,.ant-btn:hover{text-decoration:none;background:#fff}.ant-btn>i,.ant-btn>span{display:inline-

Timestamp	Bytes transferred	Direction	Data
2024-08-15 22:20:19 UTC	585	OUT	GET /images/bdTokenLogo.png HTTP/1.1 Host: im142.mom Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://im142.mom/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-15 22:20:21 UTC	295	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 15 Aug 2024 22:20:20 GMT Content-Type: image/png Content-Length: 2134 Connection: close Vary: Accept-Encoding Last-Modified: Wed, 20 Mar 2024 09:21:06 GMT ETag: "65faaa82-856" Strict-Transport-Security: max-age=31536000 Accept-Ranges: bytes
2024-08-15 22:20:21 UTC	2134	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 6d 00 00 00 12 08 06 00 00 00 51 8c 50 42 00 00 00 06 62 4b 47 44 00 ff 00 ff 00 ff a0 bd a7 93 00 00 07 e4 49 44 41 54 58 c3 ed 99 79 4c 54 47 1c c7 57 f6 7c ec bd 78 b4 6a 1b 63 3d f6 40 34 a5 ad f2 de c3 92 c6 d0 a2 35 31 b6 fe e1 95 b4 e9 91 5e 1e 28 9e 78 e0 ad 45 aa 52 0f 14 ef 5b d4 8a 1c cb b2 c0 2e a7 80 28 4a 8d 6d 9a b4 56 db f4 48 d5 a8 f5 4e 85 e9 6f de 9b b7 bc 7d b0 b0 80 06 4d 7c c9 64 77 67 e6 cd f5 99 ef 6f 7e bf 59 99 ec 71 3d 5e af c2 e4 a9 1d 6c f6 9e 9f 64 2a a9 9b 66 29 af fb d8 72 ea 02 2d 7b fe 3c 7d 8f ce 59 65 37 3a cf 6c 33 ba 6a af 1b 0b 6a 91 a9 08 92 f7 1c 32 95 9c 47 e6 b2 ba ab c1 b4 61 70 44 f5 b3 58 e9 4f cc 7d 23 8d 4f fb 7c 2d fd 86 1a 8c 56 36 d2 6c a3 c3 3b 7f Data Ascii: PNGIHDRmQPBbKGDIDATXyLTGW\|xjc=@451^(xER[.(JmVHNo}M\|dwgo~Yq=^ld*f)r-{<}Ye7:l3jj2GapDXO}#O\|-V6l;

Timestamp	Bytes transferred	Direction	Data
2024-08-15 22:20:22 UTC	578	OUT	GET /images/menu.png HTTP/1.1 Host: im142.mom Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://im142.mom/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-15 22:20:23 UTC	270	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 15 Aug 2024 22:20:23 GMT Content-Type: image/png Content-Length: 198 Connection: close Last-Modified: Wed, 20 Mar 2024 09:21:10 GMT ETag: "65faaa86-c6" Strict-Transport-Security: max-age=31536000 Accept-Ranges: bytes
2024-08-15 22:20:23 UTC	198	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 1a 00 00 00 1a 04 03 00 00 00 5b 64 51 fd 00 00 00 18 50 4c 54 45 00 00 00 36 3b 4e 36 3d 4c 36 3c 4d 36 3c 4d 36 3c 4d 36 3c 4d ff ff ff e0 ca aa 6c 00 00 00 06 74 52 4e 53 00 6c 75 77 88 e1 1b 6c 73 0b 00 00 00 01 62 4b 47 44 07 16 61 88 eb 00 00 00 23 49 44 41 54 18 d3 63 60 a0 0e 60 4d 83 81 00 06 da 00 46 63 18 10 00 f2 98 5c 60 40 81 46 f6 51 df 47 00 a9 3f 0c 39 db d5 8b 93 00 00 00 00 49 45 4e 44 ae 42 60 82 5b 5b 2a 41 54 2a 5d 38 30 30 46 46 44 43 31 44 30 32 46 34 36 43 41 38 31 35 32 46 41 30 31 32 39 44 31 37 45 41 30 Data Ascii: PNGIHDR[dQPLTE6;N6=L6<M6<M6<M6<MltRNSluwlsbKGDa#IDATc``MFc\`@FQG?9IENDB`[[AT]800FFDC1D02F46CA8152FA0129D17EA0

Timestamp	Bytes transferred	Direction	Data
2024-08-15 22:20:22 UTC	579	OUT	GET /images/alarm.png HTTP/1.1 Host: im142.mom Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://im142.mom/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-15 22:20:23 UTC	271	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 15 Aug 2024 22:20:23 GMT Content-Type: image/png Content-Length: 574 Connection: close Last-Modified: Wed, 20 Mar 2024 09:21:02 GMT ETag: "65faaa7e-23e" Strict-Transport-Security: max-age=31536000 Accept-Ranges: bytes
2024-08-15 22:20:23 UTC	574	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 18 00 00 00 18 08 03 00 00 00 d7 a9 cd ca 00 00 00 cf 50 4c 54 45 00 00 00 80 80 bf 80 aa aa 9f 9f 9f 8e aa aa 8b a2 a2 99 99 aa 92 9e aa 90 9b a6 99 99 a3 97 a1 aa 92 9b a4 91 a2 aa 97 9f a7 95 9d a6 92 9f a7 93 9d a8 94 9e a5 93 9f a6 94 9d a7 93 9e a6 94 9f a7 95 9d a5 94 9e a6 95 9f a7 94 9e a5 95 9e a6 94 9d a7 95 9e a5 94 9f a5 95 9d a6 93 9e a6 94 9e a7 95 9d a5 94 9e a6 95 9f a7 94 9e a6 94 9e a7 93 9d a6 94 9e a6 93 9e a6 94 9d a5 94 9e a5 95 9e a7 94 9e a6 94 9e a6 94 9e a7 94 9e a6 94 9e a5 95 9e a6 94 9e a6 94 9d a6 94 9e a6 94 9e a6 94 9e a5 94 9e a6 94 9e a6 94 9e a6 94 9e a6 94 9e a6 94 9e a6 94 9e a5 94 9e a6 94 9e a6 94 9e a6 94 9e a6 94 9e a6 94 9e a6 ff ff ff 11 0f 32 85 00 00 00 Data Ascii: PNGIHDRPLTE2

Timestamp	Bytes transferred	Direction	Data
2024-08-15 22:20:22 UTC	578	OUT	GET /images/bdpg.png HTTP/1.1 Host: im142.mom Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://im142.mom/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-15 22:20:23 UTC	295	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 15 Aug 2024 22:20:23 GMT Content-Type: image/png Content-Length: 1774 Connection: close Vary: Accept-Encoding Last-Modified: Wed, 20 Mar 2024 09:21:05 GMT ETag: "65faaa81-6ee" Strict-Transport-Security: max-age=31536000 Accept-Ranges: bytes
2024-08-15 22:20:23 UTC	1774	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 84 00 00 00 28 08 04 00 00 00 95 93 9a b9 00 00 00 02 62 4b 47 44 00 ff 87 8f cc bf 00 00 06 80 49 44 41 54 68 de ed da 7b 90 d6 55 19 c0 f1 67 d7 65 97 e4 22 ac 2c d8 a2 dc 1c b1 4c 44 20 2a c6 4a 4c a5 0c 74 0d c5 74 72 b8 1a 92 d4 b8 92 25 78 69 06 6d b8 e4 85 42 9d 35 33 51 61 43 21 21 f0 52 03 48 8a 06 88 a8 90 89 32 12 b9 a6 30 8b 97 dd d1 1a dc 5c f8 f4 c7 9e 7d 67 17 76 57 c3 25 19 77 cf f9 e7 fd 9d 73 9e e7 f7 fe be ef 79 9f db ef 44 d4 b4 41 71 53 6c 8a 9d 51 1d 5a 48 af 8e 9d f1 7c dc 18 83 22 d3 f2 e2 96 d8 d3 62 00 ec db f7 c4 2d 91 5b 03 a2 b4 c5 42 a8 ed b7 45 44 9c d6 e2 31 08 71 6a c4 dd ad 18 42 fc 36 e2 e5 56 0c 21 5e 8a a8 6c c5 10 a2 32 5a b0 bf a8 ef 4c 5b 21 24 27 7a a0 a2 59 Data Ascii: PNGIHDR(bKGDIDATh{Uge",LD *JLttr%ximB53QaC!!RH20\}gvW%wsyDAqSlQZH\|"b-[BED1qjB6V!^l2ZL[!$'zY

Timestamp	Bytes transferred	Direction	Data
2024-08-15 22:20:22 UTC	579	OUT	GET /images/bdapk.png HTTP/1.1 Host: im142.mom Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://im142.mom/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-15 22:20:23 UTC	295	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 15 Aug 2024 22:20:23 GMT Content-Type: image/png Content-Length: 2668 Connection: close Vary: Accept-Encoding Last-Modified: Wed, 20 Mar 2024 09:21:05 GMT ETag: "65faaa81-a6c" Strict-Transport-Security: max-age=31536000 Accept-Ranges: bytes
2024-08-15 22:20:23 UTC	2668	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 84 00 00 00 28 08 06 00 00 00 3f 9a 52 32 00 00 00 06 62 4b 47 44 00 ff 00 ff 00 ff a0 bd a7 93 00 00 09 fa 49 44 41 54 78 da ed 5c 67 50 15 59 16 26 67 09 92 51 10 14 10 90 2c 23 a2 ab 2e 23 82 5b 28 2a 8e 8a 5a 86 35 a1 b8 18 d7 35 8b 98 09 a3 e8 62 60 08 8e ba 06 cc 3a a6 d5 c5 9c 73 5a 63 99 ca b0 86 52 57 2d 7f ed 4c 9d 7d df 91 6e bb 1f 2f a0 08 94 63 bf aa af de eb db dd b7 bb ef f9 4e bc f7 b5 81 81 fc d3 54 85 5c 15 2e aa f0 1f 15 7e 55 81 14 fc ae f0 6b b9 6c 2f a8 90 53 2e f3 0a 1f 73 15 e6 ab f0 9b 32 60 df 1c 7e 2b 97 bd 99 94 10 ab 95 81 f9 e6 91 2f 90 21 56 19 0c 05 e5 68 03 42 94 28 03 a1 a0 1c c5 20 c4 0d 65 20 14 94 e3 3a 08 f1 5f 65 20 14 94 03 5c 50 32 0b 05 b2 94 b4 f6 6f c4 d3 Data Ascii: PNGIHDR(?R2bKGDIDATx\gPY&gQ,#.#[(*Z55b`:sZcRW-L}n/cNT\.~Ukl/S.s2`~+/!VhB( e :_e \P2o

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://im20.net/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 50

Chrome Cache Entry: 51

Chrome Cache Entry: 52

Chrome Cache Entry: 53

Chrome Cache Entry: 54

Chrome Cache Entry: 55

Chrome Cache Entry: 56

Chrome Cache Entry: 57

Chrome Cache Entry: 58

Chrome Cache Entry: 59

Chrome Cache Entry: 60

Chrome Cache Entry: 61

Chrome Cache Entry: 62

Chrome Cache Entry: 63

Chrome Cache Entry: 64

Chrome Cache Entry: 65

Chrome Cache Entry: 66

Chrome Cache Entry: 67

Chrome Cache Entry: 68

Chrome Cache Entry: 69

Chrome Cache Entry: 70

Chrome Cache Entry: 71

Chrome Cache Entry: 72

Chrome Cache Entry: 73

Chrome Cache Entry: 74

Chrome Cache Entry: 75

Chrome Cache Entry: 76

Windows Analysis Report
http://im20.net/

Timestamp	Bytes transferred	Direction	Data
2024-08-15 22:20:23 UTC	355	OUT	GET /images/bdTokenLogo.png HTTP/1.1 Host: im142.mom Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-15 22:20:24 UTC	295	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 15 Aug 2024 22:20:23 GMT Content-Type: image/png Content-Length: 2134 Connection: close Vary: Accept-Encoding Last-Modified: Wed, 20 Mar 2024 09:21:06 GMT ETag: "65faaa82-856" Strict-Transport-Security: max-age=31536000 Accept-Ranges: bytes
2024-08-15 22:20:24 UTC	2134	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 6d 00 00 00 12 08 06 00 00 00 51 8c 50 42 00 00 00 06 62 4b 47 44 00 ff 00 ff 00 ff a0 bd a7 93 00 00 07 e4 49 44 41 54 58 c3 ed 99 79 4c 54 47 1c c7 57 f6 7c ec bd 78 b4 6a 1b 63 3d f6 40 34 a5 ad f2 de c3 92 c6 d0 a2 35 31 b6 fe e1 95 b4 e9 91 5e 1e 28 9e 78 e0 ad 45 aa 52 0f 14 ef 5b d4 8a 1c cb b2 c0 2e a7 80 28 4a 8d 6d 9a b4 56 db f4 48 d5 a8 f5 4e 85 e9 6f de 9b b7 bc 7d b0 b0 80 06 4d 7c c9 64 77 67 e6 cd f5 99 ef 6f 7e bf 59 99 ec 71 3d 5e af c2 e4 a9 1d 6c f6 9e 9f 64 2a a9 9b 66 29 af fb d8 72 ea 02 2d 7b fe 3c 7d 8f ce 59 65 37 3a cf 6c 33 ba 6a af 1b 0b 6a 91 a9 08 92 f7 1c 32 95 9c 47 e6 b2 ba ab c1 b4 61 70 44 f5 b3 58 e9 4f cc 7d 23 8d 4f fb 7c 2d fd 86 1a 8c 56 36 d2 6c a3 c3 3b 7f Data Ascii: PNGIHDRmQPBbKGDIDATXyLTGW\|xjc=@451^(xER[.(JmVHNo}M\|dwgo~Yq=^ld*f)r-{<}Ye7:l3jj2GapDXO}#O\|-V6l;

Timestamp	Bytes transferred	Direction	Data
2024-08-15 22:20:23 UTC	582	OUT	GET /images/ewm_icon.png HTTP/1.1 Host: im142.mom Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://im142.mom/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-15 22:20:24 UTC	296	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 15 Aug 2024 22:20:23 GMT Content-Type: image/png Content-Length: 5040 Connection: close Vary: Accept-Encoding Last-Modified: Wed, 20 Mar 2024 09:21:08 GMT ETag: "65faaa84-13b0" Strict-Transport-Security: max-age=31536000 Accept-Ranges: bytes
2024-08-15 22:20:24 UTC	5040	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 c8 00 00 00 c8 08 06 00 00 00 ad 58 ae 9e 00 00 13 50 49 44 41 54 78 5e ed 9d 5d 72 13 c7 16 c7 4f 0f 15 ee 7d bb dc 15 c4 54 85 19 bf c5 3c 58 e4 0d bc 82 98 15 10 af 20 66 05 38 2b 08 ac 00 b3 82 98 15 60 bf 81 fc 10 f1 26 8d 53 15 79 05 31 6f 68 1c cf b9 d5 f2 28 e8 62 6b fa f4 c7 8c 7a a4 ff 54 a5 52 94 fb f3 7f fa d7 a7 bf d4 ad 08 1f 14 80 02 0b 15 50 d0 06 0a 40 81 c5 0a 00 10 b4 0e 28 50 a3 00 00 41 f3 80 02 00 04 6d 00 0a b8 29 00 0f e2 a6 1b 62 ad 89 02 00 64 4d 0c 8d 6a ba 29 00 40 dc 74 43 ac 35 51 00 80 ac 89 a1 51 4d 37 05 00 88 9b 6e 88 b5 26 0a 00 90 35 31 34 aa e9 a6 00 00 71 d3 0d b1 d6 44 81 c6 00 d9 dc fc 61 83 fe be fa 56 eb 58 26 ea c9 aa e8 a9 94 1a a8 ab f2 e2 4a d1 a7 b3 b3 Data Ascii: PNGIHDRXPIDATx^]rO}T<X f8+`&Sy1oh(bkzTRP@(PAm)bdMj)@tC5QQM7n&514qDaVX&J

Timestamp	Bytes transferred	Direction	Data
2024-08-15 22:20:24 UTC	578	OUT	GET /generate-qrcode HTTP/1.1 Host: im142.mom Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://im142.mom/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-15 22:20:25 UTC	1182	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 15 Aug 2024 22:20:24 GMT Content-Type: image/png Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Cache-Control: private, must-revalidate pragma: no-cache expires: -1 Set-Cookie: XSRF-TOKEN=eyJpdiI6IjB6YUcyaU5HODhPVDRMYjNraTk1MEE9PSIsInZhbHVlIjoiY0dPVFNqNEJ4clVaMkhUWi92RVc3SVh5VWpKRk1RYkw2bFp6MElXRitCWW9xRTBSaFdhZHRTZUwrano1SEdmZS94aGpKK1ZWakR6MURjVmVNQ0tzbStSaWd4bElqeFcwTERyRzROc1hPejQ4MHpoUi9VTGFmS3hha0ZsUVZGMHciLCJtYWMiOiI0NDY0NTg5NzNlMzhiOGEyNTQ3MmQxMzgyMzY1ZGJlZDAxYjRhZjUwZmNlN2EyNDMwNzJlZDQyNzRlNTczY2JlIiwidGFnIjoiIn0%3D; expires=Fri, 16 Aug 2024 00:20:24 GMT; Max-Age=7200; path=/; samesite=lax Set-Cookie: laravel_session=eyJpdiI6Im8rV1l1aW5vR1AxNUp0QjkxRVJCTlE9PSIsInZhbHVlIjoiQ2xzSm5oYVBzRTQ2YS9ITlJyZG8xZ2E5U2EwdlZtbHkrblFaQ0FNRmtnd0dNT21LRDJGNlFGNmc4ekk1U1RPWDdyRWFMb2FkSTJJZFhHWjhJYy9GZURUSmplb2VoTFE0NmNGMGRqaDl0bTdiMEVKMWp4V2kxUnRqTWtNalZxVXIiLCJtYWMiOiI3NTdhMzlkZmMxYjRhYzM0ZWU2YjJmYzcwMzJmZmVlNGQwZDBkZWYyYjhkODI2ZDU3NDM4ODgwN2VlNTJjYWM1IiwidGFnIjoiIn0%3D; expires=Fri, 16 Aug 2024 00:20:24 GMT; Max-Age=7200; path=/; httponly; samesite=lax Strict-Transport-Security: max-age=31536000
2024-08-15 22:20:25 UTC	408	IN	Data Raw: 31 38 63 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 c8 00 00 00 c8 01 00 00 00 00 85 23 93 33 00 00 00 20 63 48 52 4d 00 00 7a 26 00 00 80 84 00 00 fa 00 00 00 80 e8 00 00 75 30 00 00 ea 60 00 00 3a 98 00 00 17 70 9c ba 51 3c 00 00 00 02 62 4b 47 44 00 01 dd 8a 13 a4 00 00 01 19 49 44 41 54 58 c3 dd 97 5b 12 c3 20 08 45 d9 39 4b a7 1a 1e 5e 24 f9 87 3a 69 3a 7a 9c 4e 01 bd 00 91 0e 26 96 f5 c8 7a 51 1e 63 c9 7e 27 b2 37 3e db 83 e8 4a 73 62 d6 b0 9a e5 96 25 c2 ee 8a 41 24 82 52 09 13 c4 6e 16 79 b7 47 fe 83 d8 19 b5 1b a7 9f 74 7a 3b 12 d7 03 38 8f 45 29 26 12 42 5d d8 43 7c 68 f0 cc 03 7b de 99 9c 33 76 2e 57 d8 a7 24 54 7c 0c a1 62 0f 64 ab a3 87 1c 1e 69 4c 72 4a b5 47 d0 54 4b 57 3e 91 41 24 ae d2 da 12 a9 37 12 af c6 b4 37 a9 92 Data Ascii: 18cPNGIHDR#3 cHRMz&u0`:pQ<bKGDIDATX[ E9K^$:i:zN&zQc~'7>Jsb%A$RnyGtz;8E)&B]C\|h{3v.W$T\|bdiLrJGTKW>A$77

Timestamp	Bytes transferred	Direction	Data
2024-08-15 22:20:24 UTC	583	OUT	GET /images/app-store.png HTTP/1.1 Host: im142.mom Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://im142.mom/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-15 22:20:24 UTC	295	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 15 Aug 2024 22:20:24 GMT Content-Type: image/png Content-Length: 1774 Connection: close Vary: Accept-Encoding Last-Modified: Wed, 20 Mar 2024 09:21:03 GMT ETag: "65faaa7f-6ee" Strict-Transport-Security: max-age=31536000 Accept-Ranges: bytes
2024-08-15 22:20:24 UTC	1774	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 84 00 00 00 28 08 04 00 00 00 95 93 9a b9 00 00 00 02 62 4b 47 44 00 ff 87 8f cc bf 00 00 06 80 49 44 41 54 68 de ed da 7b 90 d6 55 19 c0 f1 67 d7 65 97 e4 22 ac 2c d8 a2 dc 1c b1 4c 44 20 2a c6 4a 4c a5 0c 74 0d c5 74 72 b8 1a 92 d4 b8 92 25 78 69 06 6d b8 e4 85 42 9d 35 33 51 61 43 21 21 f0 52 03 48 8a 06 88 a8 90 89 32 12 b9 a6 30 8b 97 dd d1 1a dc 5c f8 f4 c7 9e 7d 67 17 76 57 c3 25 19 77 cf f9 e7 fd 9d 73 9e e7 f7 fe be ef 79 9f db ef 44 d4 b4 41 71 53 6c 8a 9d 51 1d 5a 48 af 8e 9d f1 7c dc 18 83 22 d3 f2 e2 96 d8 d3 62 00 ec db f7 c4 2d 91 5b 03 a2 b4 c5 42 a8 ed b7 45 44 9c d6 e2 31 08 71 6a c4 dd ad 18 42 fc 36 e2 e5 56 0c 21 5e 8a a8 6c c5 10 a2 32 5a b0 bf a8 ef 4c 5b 21 24 27 7a a0 a2 59 Data Ascii: PNGIHDR(bKGDIDATh{Uge",LD *JLttr%ximB53QaC!!RH20\}gvW%wsyDAqSlQZH\|"b-[BED1qjB6V!^l2ZL[!$'zY

Timestamp	Bytes transferred	Direction	Data
2024-08-15 22:20:24 UTC	580	OUT	GET /images/apk-zh.png HTTP/1.1 Host: im142.mom Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://im142.mom/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-15 22:20:25 UTC	295	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 15 Aug 2024 22:20:24 GMT Content-Type: image/png Content-Length: 2668 Connection: close Vary: Accept-Encoding Last-Modified: Wed, 20 Mar 2024 09:21:02 GMT ETag: "65faaa7e-a6c" Strict-Transport-Security: max-age=31536000 Accept-Ranges: bytes
2024-08-15 22:20:25 UTC	2668	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 84 00 00 00 28 08 06 00 00 00 3f 9a 52 32 00 00 00 06 62 4b 47 44 00 ff 00 ff 00 ff a0 bd a7 93 00 00 09 fa 49 44 41 54 78 da ed 5c 67 50 15 59 16 26 67 09 92 51 10 14 10 90 2c 23 a2 ab 2e 23 82 5b 28 2a 8e 8a 5a 86 35 a1 b8 18 d7 35 8b 98 09 a3 e8 62 60 08 8e ba 06 cc 3a a6 d5 c5 9c 73 5a 63 99 ca b0 86 52 57 2d 7f ed 4c 9d 7d df 91 6e bb 1f 2f a0 08 94 63 bf aa af de eb db dd b7 bb ef f9 4e bc f7 b5 81 81 fc d3 54 85 5c 15 2e aa f0 1f 15 7e 55 81 14 fc ae f0 6b b9 6c 2f a8 90 53 2e f3 0a 1f 73 15 e6 ab f0 9b 32 60 df 1c 7e 2b 97 bd 99 94 10 ab 95 81 f9 e6 91 2f 90 21 56 19 0c 05 e5 68 03 42 94 28 03 a1 a0 1c c5 20 c4 0d 65 20 14 94 e3 3a 08 f1 5f 65 20 14 94 03 5c 50 32 0b 05 b2 94 b4 f6 6f c4 d3 Data Ascii: PNGIHDR(?R2bKGDIDATx\gPY&gQ,#.#[(*Z55b`:sZcRW-L}n/cNT\.~Ukl/S.s2`~+/!VhB( e :_e \P2o

Timestamp	Bytes transferred	Direction	Data
2024-08-15 22:20:24 UTC	585	OUT	GET /images/google-play.png HTTP/1.1 Host: im142.mom Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://im142.mom/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-15 22:20:25 UTC	295	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 15 Aug 2024 22:20:24 GMT Content-Type: image/png Content-Length: 3103 Connection: close Vary: Accept-Encoding Last-Modified: Wed, 20 Mar 2024 09:21:08 GMT ETag: "65faaa84-c1f" Strict-Transport-Security: max-age=31536000 Accept-Ranges: bytes
2024-08-15 22:20:25 UTC	3103	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 88 00 00 00 28 08 06 00 00 00 25 a6 b2 bc 00 00 00 06 62 4b 47 44 00 ff 00 ff 00 ff a0 bd a7 93 00 00 0b ad 49 44 41 54 78 da ed 9c 07 50 14 c9 1a c7 77 c9 41 cc 39 e7 80 22 e6 f4 4c 9c 09 ef 50 3c b5 cc 96 e1 99 43 a9 04 b5 cc 9e a5 67 4e 18 aa 0c e5 b3 e4 99 73 ce fa cc 98 9e 8a a0 22 7a 26 4c a7 9e 3e b3 32 fc df fc fb ec 71 76 59 10 15 0e 4f e6 ab fa 8a 9d de de 99 de 9e df 74 7f 89 35 99 3e ca 3f 54 dd a2 ea 13 55 61 68 9a d3 97 aa 1e 51 b5 9d c9 86 f4 54 35 d6 98 24 43 3f e8 22 55 cd 12 8e f2 06 1c 86 da d0 ee 12 90 25 c6 64 18 6a 43 2f 4b 40 22 8c c9 30 34 01 f5 20 20 37 8d 89 30 34 01 cd f3 b7 02 24 7b f6 ec f0 f5 f5 45 a6 4c 99 b4 b6 ac 59 b3 a2 78 f1 e2 9a 7a 78 78 58 1c 17 2d 5a 54 eb eb Data Ascii: PNGIHDR(%bKGDIDATxPwA9"LP<CgNs"z&L>2qvYOt5>?TUahQT5$C?"U%djC/K@"04 704${ELYxzxxX-ZT

Timestamp	Bytes transferred	Direction	Data
2024-08-15 22:20:24 UTC	580	OUT	GET /images/banner.png HTTP/1.1 Host: im142.mom Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://im142.mom/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-15 22:20:25 UTC	297	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 15 Aug 2024 22:20:25 GMT Content-Type: image/png Content-Length: 46217 Connection: close Vary: Accept-Encoding Last-Modified: Wed, 20 Mar 2024 09:21:04 GMT ETag: "65faaa80-b489" Strict-Transport-Security: max-age=31536000 Accept-Ranges: bytes
2024-08-15 22:20:25 UTC	16087	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 03 e8 00 00 03 e8 08 03 00 00 00 7a 7d 24 d6 00 00 02 fa 50 4c 54 45 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 06 92 c3 fb fb fc f9 f9 fa 47 40 6a 30 32 46 42 c6 67 2a 80 ea fa c1 66 e2 69 61 3c c6 8a fa fb fb fc fc fd f9 f9 fc f7 f8 fc fd fd fe f7 f8 fa 00 00 00 f9 fa fd 39 a6 d0 63 d1 a1 e8 87 81 f4 f5 fb f1 f3 fa 1f 1f 1f fb fc fe fb cd 85 6c 66 88 55 99 ee 59 5b 6b 68 d1 85 f5 f6 fb 2b a2 cc cc cc cc ee f1 f9 43 45 4f 7d 7d 7d 59 cf 9c 5e cf 7e fb ca 7d 4a 93 ed c9 ca ca ef ef f0 63 5d 80 4f 51 62 e6 80 79 f2 f3 f4 a8 a8 b5 df df e0 ed ed ef d9 d9 da ef f1 f4 f4 f4 f6 f4 f5 f8 e8 e8 ea e1 e2 e4 f4 b7 31 f6 f7 f8 60 b9 d8 27 75 ca b5 Data Ascii: PNGIHDRz}$PLTEG@j02FBg*fia<9clfUY[kh+CEO}}}Y^~}Jc]OQby1`'u
2024-08-15 22:20:26 UTC	16384	IN	Data Raw: af c8 1b 00 5e ca eb 23 b9 2d 8c b0 0d 67 87 38 51 77 49 11 80 ec 91 ae 7b ce 31 bf 46 4b 53 40 cd 68 06 bb ee 4d 80 68 16 b1 6d 02 68 0a 83 69 64 65 5f 1c 88 4d 39 f8 d8 75 36 b7 40 39 f8 16 29 7a 7c c3 cc 69 17 fd d2 9f 8a 1e 1d 8c 13 33 72 03 0e 79 5d 5d b8 6c 9a cb 95 b6 6a ce ce ea fc cb 4a c6 54 af 63 cd 34 33 cf 6e a8 99 24 f0 4c be b7 3c 77 5b 57 33 95 b6 69 e6 47 41 37 01 23 38 cd 90 6c 5b 33 2c 82 ef ec 9d 4d 6b 13 41 18 c7 55 14 94 87 2e 81 c0 64 98 78 13 c1 83 8c 50 2c 12 1b 5b 5b f6 60 89 c5 57 50 63 a3 d8 10 57 83 b6 0a cd a1 3d b4 a5 34 f4 56 0f 5b 2c 18 a8 c5 52 d4 de 8b 5e 2a 5e 4a af bd 7a 29 81 7e 03 3f 81 b3 2f 76 93 75 b3 9b d4 84 66 36 cf af 69 d3 dd ae 39 08 3f 9e ff 3e 33 b3 d3 27 1a 6c 5b 46 ef cd 69 c6 2d 6e 89 13 fd 42 ed 8f da Data Ascii: ^#-g8QwI{1FKS@hMhmhide_M9u6@9)z\|i3ry]]ljJTc43n$L<w[W3iGA7#8l[3,MkAU.dxP,[[`WPcW=4V[,R^*^Jz)~?/vuf6i9?>3'l[Fi-nB
2024-08-15 22:20:26 UTC	13746	IN	Data Raw: e4 77 20 51 14 c9 47 07 d1 c7 69 2d 1e 15 1d 3e f3 a5 77 97 45 ff f7 33 dc 5f 74 7b b0 96 ae f7 5e 5b 18 f7 5e e3 3d d2 27 d3 88 43 29 0a 09 fa 6b 8c 6c 8b 40 40 db 69 f2 7a 1c 85 c6 0a 00 2c 1d 87 81 11 3d 16 21 be 75 ab 34 55 f2 2a 7a b0 25 13 e3 03 57 fd 6e 0c 6e 15 ce 1f d0 4d 55 05 4b f5 05 7b 37 55 e0 dd 54 6f 43 ba 20 94 a2 23 8d b7 c3 5b 8d 1d 09 d4 42 15 0c b6 56 20 56 10 01 d2 45 11 4c 02 c5 97 00 2b a5 74 a3 91 40 4e db 6b d6 91 19 4f 2e c6 31 3e fd 17 e2 23 78 17 44 0f fd fb e1 13 58 b8 d3 1f 1d 8d fa a3 23 de 1f fd 96 48 ab c7 bf 8d b4 dd f9 a5 b1 13 6b 14 84 48 41 06 83 f5 92 61 f5 71 21 5f 50 81 b1 53 00 40 5b c7 a5 58 fa b8 84 9c 8e c0 52 44 4f 9e 8c e3 3c 02 2e 88 0e a8 2a 23 87 bb 2d 19 38 8e 68 8d 62 be 21 80 41 a2 34 03 20 14 d3 63 d1 Data Ascii: w QGi->wE3_t{^[^='C)kl@@iz,=!u4Uz%WnnMUK{7UToC #[BV VEL+t@NkO.1>#xDX#HkHAaq!_PS@[XRDO<.#-8hb!A4 c

Timestamp	Bytes transferred	Direction	Data
2024-08-15 22:20:27 UTC	572	OUT	GET /favicon.ico HTTP/1.1 Host: im20.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://im20.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-15 22:20:27 UTC	590	IN	HTTP/1.1 404 Not Found Date: Thu, 15 Aug 2024 22:20:27 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Cache-Control: max-age=14400 CF-Cache-Status: EXPIRED Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D74C6Ri2hcbzlYWO1zMF%2BrbjBmGz63w4gDy%2BBGGAkQ05B19VmPL97482QRGUWGn8fQu3ifqFvdBLrySnMKyMDYO7e%2BEyd4I7qM28Q5MjepusBMPitn2xdhem2A%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b3c926f8941429a-EWR alt-svc: h3=":443"; ma=86400
2024-08-15 22:20:27 UTC	555	IN	Data Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 Data Ascii: 224<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
2024-08-15 22:20:27 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-08-15 22:20:28 UTC	523	OUT	OPTIONS /report/v4?s=D74C6Ri2hcbzlYWO1zMF%2BrbjBmGz63w4gDy%2BBGGAkQ05B19VmPL97482QRGUWGn8fQu3ifqFvdBLrySnMKyMDYO7e%2BEyd4I7qM28Q5MjepusBMPitn2xdhem2A%3D%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://im20.net Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-15 22:20:28 UTC	336	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-max-age: 86400 access-control-allow-methods: OPTIONS, POST access-control-allow-origin: * access-control-allow-headers: content-length, content-type date: Thu, 15 Aug 2024 22:20:28 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Timestamp	Bytes transferred	Direction	Data
2024-08-15 22:20:29 UTC	472	OUT	POST /report/v4?s=D74C6Ri2hcbzlYWO1zMF%2BrbjBmGz63w4gDy%2BBGGAkQ05B19VmPL97482QRGUWGn8fQu3ifqFvdBLrySnMKyMDYO7e%2BEyd4I7qM28Q5MjepusBMPitn2xdhem2A%3D%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 406 Content-Type: application/reports+json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-15 22:20:29 UTC	406	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 30 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 31 31 37 36 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 69 6d 32 30 2e 6e 65 74 2f 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 38 38 2e 31 31 34 2e 39 36 2e 33 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 34 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f Data Ascii: [{"age":0,"body":{"elapsed_time":1176,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://im20.net/","sampling_fraction":1.0,"server_ip":"188.114.96.3","status_code":404,"type":"http.error"},"type":"network-error","url":"https:/
2024-08-15 22:20:29 UTC	168	IN	HTTP/1.1 200 OK Content-Length: 0 date: Thu, 15 Aug 2024 22:20:28 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close