Edit tour

Windows Analysis Report
https://logistics.sheincorp.cn/#/login

Overview

General Information

Sample URL:	https://logistics.sheincorp.cn/#/login
Analysis ID:	1579206
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

HTML body contains low number of good links

HTML body contains password input but no form action

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 6368 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7032 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=1928,i,12982781466010807217,10862676086767556600,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 8048 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5696 --field-trial-handle=1928,i,12982781466010807217,10862676086767556600,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 72 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://logistics.sheincorp.cn/#/login" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

AI detected phishing page

Source: https://logistics.sheincorp.cn/#/login

Joe Sandbox AI: Score: 8 Reasons: The brand 'Shein' is a well-known online fashion retailer., The legitimate domain for Shein is 'shein.com'., The provided URL 'logistics.sheincorp.cn' does not match the legitimate domain., The use of 'sheincorp.cn' is suspicious as it adds 'corp' and uses a '.cn' domain, which is not the standard domain for Shein., The presence of input fields for email and password on a non-legitimate domain increases the risk of phishing. DOM: 1.5.pages.csv

Source: https://logistics.sheincorp.cn/#/login

HTTP Parser: Number of links: 0

Source: https://logistics.sheincorp.cn/#/login

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: https://logistics.sheincorp.cn/#/login

HTTP Parser: <input type="password" .../> found

Source: https://logistics.sheincorp.cn/login

HTTP Parser: No favicon

Source: https://logistics.sheincorp.cn/#/login	HTTP Parser: No <meta name="author".. found
Source: https://logistics.sheincorp.cn/#/login	HTTP Parser: No <meta name="author".. found

Source: https://logistics.sheincorp.cn/#/login	HTTP Parser: No <meta name="copyright".. found
Source: https://logistics.sheincorp.cn/#/login	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: unknown

HTTPS traffic detected: 15.197.220.58:443 -> 192.168.2.16:49732 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.0
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.0
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.0
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.0
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: logistics.sheincorp.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/public/revision/time HTTP/1.1Host: monitor-web.dotfashion.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://logistics.sheincorp.cnSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://logistics.sheincorp.cn/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /burypoint/analysis.js?id=9267ad00-b78e-594b-93af-116047d0c20a HTTP/1.1Host: monitor-web.dotfashion.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _cfuvid=efTPOc8VWkTYa6cx2wYNMuF.HpoD9ZlBk4ZmPflhn1o-1734752272324-0.0.1.1-604800000
Source: global traffic	HTTP traffic detected: GET /api/public/revision/time HTTP/1.1Host: monitor-web.dotfashion.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _cfuvid=efTPOc8VWkTYa6cx2wYNMuF.HpoD9ZlBk4ZmPflhn1o-1734752272324-0.0.1.1-604800000
Source: global traffic	HTTP traffic detected: GET /trans/api/snapVersion?npid=65 HTTP/1.1Host: cloud-now.sheincorp.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://logistics.sheincorp.cnSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://logistics.sheincorp.cn/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/public/revision/time HTTP/1.1Host: monitor-web.dotfashion.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://logistics.sheincorp.cnSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://logistics.sheincorp.cn/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /trans/api/snapVersion?npid=65 HTTP/1.1Host: cloud-now.sheincorp.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://logistics.sheincorp.cnSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://logistics.sheincorp.cn/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/public/revision/time HTTP/1.1Host: monitor-web.dotfashion.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _cfuvid=efTPOc8VWkTYa6cx2wYNMuF.HpoD9ZlBk4ZmPflhn1o-1734752272324-0.0.1.1-604800000
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /trans/api/snapVersion?npid=65 HTTP/1.1Host: cloud-now.sheincorp.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /login HTTP/1.1Host: logistics.sheincorp.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: logistics.sheincorp.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://logistics.sheincorp.cn/loginAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /trans/api/snapVersion?npid=65 HTTP/1.1Host: cloud-now.sheincorp.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://logistics.sheincorp.cnSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://logistics.sheincorp.cn/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /burypoint/analysis.js?id=9267ad00-b78e-594b-93af-116047d0c20a HTTP/1.1Host: monitor-web.dotfashion.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _cfuvid=efTPOc8VWkTYa6cx2wYNMuF.HpoD9ZlBk4ZmPflhn1o-1734752272324-0.0.1.1-604800000If-None-Match: https://assets.dotfashion.cn/unpkg/@shein/apm-burypoint@1.1.0-rc.84/dist/analysis.js?pluginHash=
Source: global traffic	HTTP traffic detected: GET /api/public/revision/time HTTP/1.1Host: monitor-web.dotfashion.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://logistics.sheincorp.cnSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://logistics.sheincorp.cn/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /trans/api/snapVersion?npid=65 HTTP/1.1Host: cloud-now.sheincorp.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/public/revision/time HTTP/1.1Host: monitor-web.dotfashion.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _cfuvid=efTPOc8VWkTYa6cx2wYNMuF.HpoD9ZlBk4ZmPflhn1o-1734752272324-0.0.1.1-604800000
Source: global traffic	HTTP traffic detected: GET /trans/api/translation?npid=65&callback=i18n_callback HTTP/1.1Host: cloud-now.sheincorp.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://logistics.sheincorp.cnSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://logistics.sheincorp.cn/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api-lcps/api/v1/captcha/api?language=zh HTTP/1.1Host: logistics.sheincorp.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Authorization: Bearer nullx-req-zone-id: Etc/GMT-8x-req-system: pcContent-Type: application/jsonsec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://logistics.sheincorp.cn/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api-lcps/api/v1/captcha/api?language=zh HTTP/1.1Host: logistics.sheincorp.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /trans/api/translation?npid=65&callback=i18n_callback HTTP/1.1Host: cloud-now.sheincorp.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api-lcps/api/geetest/get.php HTTP/1.1Host: logistics.sheincorp.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api-lcps/api/geetest/ajax.php HTTP/1.1Host: logistics.sheincorp.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api-lcps/api/v1/captcha/api?language=zh HTTP/1.1Host: logistics.sheincorp.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Authorization: Bearer nullx-req-zone-id: Etc/GMT-8x-req-system: pcContent-Type: application/jsonsec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://logistics.sheincorp.cn/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api-lcps/api/geetest/get.php HTTP/1.1Host: logistics.sheincorp.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api-lcps/api/v1/captcha/api?language=zh HTTP/1.1Host: logistics.sheincorp.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api-lcps/api/geetest/get.php HTTP/1.1Host: logistics.sheincorp.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api-lcps/api/geetest/ajax.php HTTP/1.1Host: logistics.sheincorp.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api-lcps/api/geetest/get.php HTTP/1.1Host: logistics.sheincorp.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /gen204?nca=te_li&client=te_lib&logld=vTE_20241216 HTTP/1.1Host: translate.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://logistics.sheincorp.cn/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /gen204?sl=auto&tl=en&textlen=12&ttt=5325&ttl=3327&ttf=3136&sr=1&nca=te_time&client=te_lib&logld=vTE_20241216 HTTP/1.1Host: translate.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://logistics.sheincorp.cn/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=520=aC_6j3-tXzHno5sXfPNK0Y-ZdtAM6BUtTTQj3rdp3JYcri-6IMuS2irIN2iZAcNc92kLAuGLpg6MdoGOhTGMN6tEiu2f_3UH-43UCUT7lqkYYd6cqgBN9Zf0AkJVi-ZIRn_olhIT4E0rXMIAYXYnUsw3u0a_VwjF0TsgkS7Q-IbJykzsmsHmbz4l

Source: global traffic	DNS traffic detected: DNS query: logistics.sheincorp.cn
Source: global traffic	DNS traffic detected: DNS query: assets2.dotfashion.cn
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: monitor-web.dotfashion.cn
Source: global traffic	DNS traffic detected: DNS query: assets.dotfashion.cn
Source: global traffic	DNS traffic detected: DNS query: cloud-now.sheincorp.cn
Source: global traffic	DNS traffic detected: DNS query: sheinsz.ltwebstatic.com
Source: global traffic	DNS traffic detected: DNS query: shein.ltwebstatic.com
Source: global traffic	DNS traffic detected: DNS query: translate.google.com

Source: unknown

HTTP traffic detected: POST /api-lcps/api/geetest/get.php HTTP/1.1Host: logistics.sheincorp.cnConnection: keep-aliveContent-Length: 339sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/jsonContent-Type: text/plain;charset=UTF-8sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://logistics.sheincorp.cnSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://logistics.sheincorp.cn/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 21 Dec 2024 03:38:33 GMTContent-Type: text/html; charset=UTF-8Content-Length: 552Connection: closeVia-Shein-Gateway: lcps-front-master
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 21 Dec 2024 03:38:33 GMTContent-Type: text/html; charset=UTF-8Content-Length: 552Connection: closeVia-Shein-Gateway: lcps-front-master

Source: chromecache_198.1.dr, chromecache_168.1.dr	String found in binary or memory: http://127.0.0.1:8998/login?auth=$
Source: chromecache_152.1.dr	String found in binary or memory: http://auth.shein.com
Source: chromecache_152.1.dr	String found in binary or memory: http://authtest.shein.com
Source: chromecache_191.1.dr, chromecache_155.1.dr	String found in binary or memory: http://fb.me/use-check-prop-types
Source: chromecache_131.1.dr, chromecache_169.1.dr	String found in binary or memory: http://feross.org
Source: chromecache_206.1.dr, chromecache_161.1.dr	String found in binary or memory: http://jedwatson.github.io/classnames
Source: chromecache_206.1.dr, chromecache_161.1.dr	String found in binary or memory: http://underscorejs.org/LICENSE
Source: chromecache_201.1.dr, chromecache_139.1.dr	String found in binary or memory: http://www.broofa.com
Source: chromecache_152.1.dr	String found in binary or memory: https://assets.dotfashion.cn/unpkg/
Source: chromecache_192.1.dr	String found in binary or memory: https://assets2.dotfashion.cn/unpkg/babel-polyfill
Source: chromecache_192.1.dr	String found in binary or memory: https://assets2.dotfashion.cn/unpkg/prop-types
Source: chromecache_192.1.dr	String found in binary or memory: https://assets2.dotfashion.cn/unpkg/react
Source: chromecache_192.1.dr	String found in binary or memory: https://assets2.dotfashion.cn/unpkg/react-dom
Source: chromecache_192.1.dr	String found in binary or memory: https://assets2.dotfashion.cn/unpkg/shineout
Source: chromecache_192.1.dr	String found in binary or memory: https://assets2.dotfashion.cn/unpkg/shineout-mobile
Source: chromecache_145.1.dr, chromecache_195.1.dr	String found in binary or memory: https://assets2.dotfashion.cn/webassets/lcpsFront/9602/7681/statics/6e3200491ac6394398ce.svg
Source: chromecache_198.1.dr, chromecache_168.1.dr	String found in binary or memory: https://assets2.dotfashion.cn/webassets/lcpsFront/9602/7681/statics/c975360d287cbea2291d.png
Source: chromecache_192.1.dr	String found in binary or memory: https://assets2.dotfashion.cn/webassets/lcpsFront/9602/7681/statics/main.5d194fde20d7.js
Source: chromecache_192.1.dr	String found in binary or memory: https://assets2.dotfashion.cn/webassets/lcpsFront/9602/7681/statics/vendors-node_modules_pnpm_shein-
Source: chromecache_176.1.dr	String found in binary or memory: https://fb.me/react-polyfills
Source: chromecache_131.1.dr, chromecache_169.1.dr	String found in binary or memory: https://feross.org/opensource
Source: chromecache_201.1.dr, chromecache_139.1.dr	String found in binary or memory: https://fonts.googleapis.com
Source: chromecache_201.1.dr, chromecache_139.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/translate/v14/24px.svg
Source: chromecache_145.1.dr, chromecache_195.1.dr	String found in binary or memory: https://github.com/uuidjs/uuid#getrandomvalues-not-supported
Source: chromecache_206.1.dr, chromecache_161.1.dr	String found in binary or memory: https://lodash.com/
Source: chromecache_206.1.dr, chromecache_161.1.dr	String found in binary or memory: https://lodash.com/license
Source: chromecache_179.1.dr, chromecache_200.1.dr	String found in binary or memory: https://logistics.sheincorp.cn/api-lcps/api/geetest
Source: chromecache_192.1.dr	String found in binary or memory: https://monitor-web.dotfashion.cn/burypoint/analysis.js?id=
Source: chromecache_206.1.dr, chromecache_161.1.dr	String found in binary or memory: https://openjsf.org/
Source: chromecache_139.1.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_144.1.dr, chromecache_210.1.dr, chromecache_135.1.dr, chromecache_176.1.dr	String found in binary or memory: https://reactjs.org/docs/error-decoder.html?invariant=
Source: chromecache_179.1.dr, chromecache_200.1.dr	String found in binary or memory: https://sheinsz.ltwebstatic.com/she_dist/libs/geetest
Source: chromecache_139.1.dr	String found in binary or memory: https://translate.google.com
Source: chromecache_201.1.dr, chromecache_139.1.dr	String found in binary or memory: https://translate.googleapis.com/element/log?format=json&hasfast=true
Source: chromecache_152.1.dr	String found in binary or memory: https://ulp.sheincorp.cn
Source: chromecache_204.1.dr, chromecache_151.1.dr	String found in binary or memory: https://wiki.dotfashion.cn/pages/viewpage.action?pageId=1204246557
Source: chromecache_139.1.dr	String found in binary or memory: https://www.google.com/images/cleardot.gif
Source: chromecache_201.1.dr, chromecache_139.1.dr	String found in binary or memory: https://www.google.com/support/translate
Source: chromecache_139.1.dr	String found in binary or memory: https://www.gstatic.com/images/branding/googlelogo/1x/googlelogo_color_42x16dp.png
Source: chromecache_201.1.dr, chromecache_139.1.dr	String found in binary or memory: https://www.gstatic.com/images/branding/googlelogo/1x/googlelogo_color_68x28dp.png
Source: chromecache_201.1.dr, chromecache_139.1.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/1x/translate_24dp.png

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49697
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49697 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702

Source: unknown

HTTPS traffic detected: 15.197.220.58:443 -> 192.168.2.16:49732 version: TLS 1.2

Source: classification engine

Classification label: mal48.phis.win@21/145@36/8

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=1928,i,12982781466010807217,10862676086767556600,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://logistics.sheincorp.cn/#/login"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5696 --field-trial-handle=1928,i,12982781466010807217,10862676086767556600,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=1928,i,12982781466010807217,10862676086767556600,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5696 --field-trial-handle=1928,i,12982781466010807217,10862676086767556600,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	3 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Name	IP	Active	Malicious	Reputation
logistics.sheincorp.cn	47.106.181.133	true	false	high
monitor-web-as.dotfashion.cn	15.197.220.58	true	false	unknown
www3.l.google.com	216.58.208.238	true	false	high
www.google.com	142.250.181.132	true	false	high
cloud-now-as.sheincorp.cn	3.33.242.225	true	false	unknown
assets.dotfashion.cn	unknown	unknown	false	high
sheinsz.ltwebstatic.com	unknown	unknown	false	high
translate.google.com	unknown	unknown	false	high
monitor-web.dotfashion.cn	unknown	unknown	false	high
shein.ltwebstatic.com	unknown	unknown	false	high
assets2.dotfashion.cn	unknown	unknown	false	high
cloud-now.sheincorp.cn	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
https://translate.google.com/gen204?nca=te_li&client=te_lib&logld=vTE_20241216	false	high
https://logistics.sheincorp.cn/api-lcps/api/geetest/ajax.php	false	unknown
https://cloud-now.sheincorp.cn/trans/api/translation?npid=65&callback=i18n_callback	false	high
https://translate.google.com/gen204?sl=auto&tl=en&textlen=12&ttt=5325&ttl=3327&ttf=3136&sr=1&nca=te_time&client=te_lib&logld=vTE_20241216	false	high
https://logistics.sheincorp.cn/#/login	true	unknown
https://logistics.sheincorp.cn/api-lcps/api/v1/captcha/api?language=zh	false	unknown
https://logistics.sheincorp.cn/favicon.ico	false	unknown
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high
https://logistics.sheincorp.cn/	false	unknown
https://logistics.sheincorp.cn/login	false	unknown
https://monitor-web.dotfashion.cn/burypoint/analysis.js?id=9267ad00-b78e-594b-93af-116047d0c20a	false	high
https://monitor-web.dotfashion.cn/api/public/revision/time	false	high
https://cloud-now.sheincorp.cn/trans/api/snapVersion?npid=65	false	high
https://logistics.sheincorp.cn/api-lcps/api/geetest/get.php	false	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
http://www.broofa.com	chromecache_201.1.dr, chromecache_139.1.dr	false	high
https://wiki.dotfashion.cn/pages/viewpage.action?pageId=1204246557	chromecache_204.1.dr, chromecache_151.1.dr	false	unknown
https://www.google.com/images/cleardot.gif	chromecache_139.1.dr	false	high
http://authtest.shein.com	chromecache_152.1.dr	false	unknown
https://www.google.com/support/translate	chromecache_201.1.dr, chromecache_139.1.dr	false	high
https://assets2.dotfashion.cn/unpkg/prop-types	chromecache_192.1.dr	false	high
https://assets2.dotfashion.cn/webassets/lcpsFront/9602/7681/statics/6e3200491ac6394398ce.svg	chromecache_145.1.dr, chromecache_195.1.dr	false	high
http://127.0.0.1:8998/login?auth=$	chromecache_198.1.dr, chromecache_168.1.dr	false	unknown
https://assets.dotfashion.cn/unpkg/	chromecache_152.1.dr	false	high
https://assets2.dotfashion.cn/webassets/lcpsFront/9602/7681/statics/vendors-node_modules_pnpm_shein-	chromecache_192.1.dr	false	high
https://monitor-web.dotfashion.cn/burypoint/analysis.js?id=	chromecache_192.1.dr	false	high
https://openjsf.org/	chromecache_206.1.dr, chromecache_161.1.dr	false	high
https://assets2.dotfashion.cn/unpkg/babel-polyfill	chromecache_192.1.dr	false	high
https://sheinsz.ltwebstatic.com/she_dist/libs/geetest	chromecache_179.1.dr, chromecache_200.1.dr	false	high
https://assets2.dotfashion.cn/unpkg/shineout-mobile	chromecache_192.1.dr	false	high
https://ulp.sheincorp.cn	chromecache_152.1.dr	false	unknown
http://jedwatson.github.io/classnames	chromecache_206.1.dr, chromecache_161.1.dr	false	high
http://auth.shein.com	chromecache_152.1.dr	false	unknown
https://lodash.com/	chromecache_206.1.dr, chromecache_161.1.dr	false	high
https://logistics.sheincorp.cn/api-lcps/api/geetest	chromecache_179.1.dr, chromecache_200.1.dr	false	unknown
https://reactjs.org/docs/error-decoder.html?invariant=	chromecache_144.1.dr, chromecache_210.1.dr, chromecache_135.1.dr, chromecache_176.1.dr	false	high
https://assets2.dotfashion.cn/webassets/lcpsFront/9602/7681/statics/main.5d194fde20d7.js	chromecache_192.1.dr	false	high
https://translate.google.com	chromecache_139.1.dr	false	high
https://assets2.dotfashion.cn/unpkg/react	chromecache_192.1.dr	false	high
http://fb.me/use-check-prop-types	chromecache_191.1.dr, chromecache_155.1.dr	false	high
https://assets2.dotfashion.cn/webassets/lcpsFront/9602/7681/statics/c975360d287cbea2291d.png	chromecache_198.1.dr, chromecache_168.1.dr	false	high
http://underscorejs.org/LICENSE	chromecache_206.1.dr, chromecache_161.1.dr	false	high
https://play.google.com/log?format=json&hasfast=true	chromecache_139.1.dr	false	high
https://feross.org/opensource	chromecache_131.1.dr, chromecache_169.1.dr	false	high
https://assets2.dotfashion.cn/unpkg/react-dom	chromecache_192.1.dr	false	high
https://lodash.com/license	chromecache_206.1.dr, chromecache_161.1.dr	false	high
https://fb.me/react-polyfills	chromecache_176.1.dr	false	high
https://assets2.dotfashion.cn/unpkg/shineout	chromecache_192.1.dr	false	high
http://feross.org	chromecache_131.1.dr, chromecache_169.1.dr	false	high
https://github.com/uuidjs/uuid#getrandomvalues-not-supported	chromecache_145.1.dr, chromecache_195.1.dr	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
47.106.166.73	unknown	China	37963	CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	false
216.58.208.238	www3.l.google.com	United States	15169	GOOGLEUS	false
15.197.220.58	monitor-web-as.dotfashion.cn	United States	7430	TANDEMUS	false
142.250.181.132	www.google.com	United States	15169	GOOGLEUS	false
47.106.181.133	logistics.sheincorp.cn	China	37963	CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
3.33.242.225	cloud-now-as.sheincorp.cn	United States	8987	AMAZONEXPANSIONGB	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1579206
Start date and time:	2024-12-21 04:37:12 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 24s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://logistics.sheincorp.cn/#/login
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	15
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.phis.win@21/145@36/8
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, audiodg.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.17.78, 64.233.164.84, 142.250.181.99, 172.217.17.46, 104.18.14.15, 104.18.15.15, 104.18.28.83, 104.18.29.83, 172.217.17.35, 172.217.19.170, 142.250.181.42, 172.217.17.42, 172.217.17.74, 142.250.181.10, 172.217.19.234, 142.250.181.138, 172.217.19.202, 142.250.181.106, 216.58.208.234, 142.250.181.74, 172.217.19.206, 172.217.21.42, 172.217.19.10, 142.250.181.3, 142.250.181.67, 184.30.17.174, 4.245.163.56
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, sheinsz.ltwebstatic.com.cdn.cloudflare.net, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, fonts.gstatic.com, clientservices.googleapis.com, www.googleapis.com, translate-pa.googleapis.com, fe3cr.delivery.mp.microsoft.com, shein.ltwebstatic.com.cdn.cloudflare.net, assets.dotfashion.cn.cdn.cloudflare.net, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, translate.googleapis.com, update.googleapis.com, clients.l.google.com, www.gstatic.com, assets2.dotfashion.cn.cdn.cloudflare.net
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://logistics.sheincorp.cn/#/login

Input	Output
URL: https://logistics.sheincorp.cn Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": true, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": true, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: https://logistics.sheincorp.cn
URL: https://logistics.sheincorp.cn/#/login... Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": "The provided JavaScript snippet appears to be setting configuration variables for the SHEIN environment, which is likely a legitimate use case. There are no high-risk indicators, such as dynamic code execution, data exfiltration, or suspicious redirects. The code seems to be setting environment-specific variables, which is a common practice in web development. Overall, this snippet does not demonstrate any malicious behavior and can be considered low risk." }
window.shein_env_config = {}; window.shein_env_config['CI_COMMIT_SHA']='fed8abef51ab2a025d3f96ce2f3362375b7ce2c5'; window.shein_env_config['CI_COMMIT_REF_NAME']='master';
URL: https://logistics.sheincorp.cn/#/login... Model: Joe Sandbox AI	{ "risk_score": 3, "reasoning": "The provided JavaScript snippet appears to be a browser compatibility check, which is a common practice to ensure the website functions correctly on different browsers. The script checks the user agent string to detect mobile devices, iPads, and modern versions of Chrome and Edge browsers. While it redirects users to an error page if the browser is not compatible, this behavior is likely for legitimate purposes and does not demonstrate any high-risk indicators. The script uses standard browser APIs and does not exhibit any suspicious activities, such as dynamic code execution, data exfiltration, or malicious redirects. Therefore, the overall risk score is low." }
function browserCheck() { var ua = navigator.userAgent.toLowerCase(); // if (window.screen.width < 500 \|\| !!ua.match(/(iphone\|android\|mobi)/i)) { return true; } // ipad if (!!ua.match(/(ipad\|macintosh)/i)) { return true; } function isRight(browser) { var index = ua.indexOf(browser); if (index >= 0) { var version = parseInt( ua.substring(+index + +browser.length, ua.indexOf('.', index)), 10, ); if (version >= 79) { return true; } } return false; } try { if (window.chrome) { return isRight('chrome/') \|\| isRight('edge/'); } return false; } catch (e) { console.log('err:', e); return false; } } if (!browserCheck()) { window.location.replace('/error.html'); }
URL: https://logistics.sheincorp.cn/#/login Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "", "text_input_field_labels": [ "", "" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": true, "contains_fake_security_alerts": false }

URL: https://logistics.sheincorp.cn/#/login Model: Joe Sandbox AI	{ "brands": [ "Shein" ] }
	{ "brands": [ "Shein" ] }
URL: https://logistics.sheincorp.cn/#/login Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": [ "", "" ], "pdf_icon_visible": false, "has_visible_captcha": true, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": true, "contains_fake_security_alerts": false }

URL: https://logistics.sheincorp.cn/#/login Model: Joe Sandbox AI	```json{ "legit_domain": "shein.com", "classification": "wellknown", "reasons": [ "The brand 'Shein' is a well-known online fashion retailer.", "The legitimate domain for Shein is 'shein.com'.", "The provided URL 'logistics.sheincorp.cn' does not match the legitimate domain.", "The use of 'sheincorp.cn' is suspicious as it adds 'corp' and uses a '.cn' domain, which is not the standard domain for Shein.", "The presence of input fields for email and password on a non-legitimate domain increases the risk of phishing." ], "riskscore": 8} Google indexed: False
URL: logistics.sheincorp.cn Brands: Shein Input Fields: ,
URL: https://logistics.sheincorp.cn/#/login Model: Joe Sandbox AI	{ "brands": [ "Shein" ] }
	{ "brands": [ "Shein" ] }
URL: https://logistics.sheincorp.cn/#/login Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "", "text_input_field_labels": [ "", "" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": true, "contains_fake_security_alerts": false }

URL: https://logistics.sheincorp.cn/#/login Model: Joe Sandbox AI	{ "brands": [ "Shein" ] }
	{ "brands": [ "Shein" ] }
URL: https://logistics.sheincorp.cn/#/login Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Step 1: , ", "prominent_button_name": "", "text_input_field_labels": [ "fdasfas", "sda" ], "pdf_icon_visible": false, "has_visible_captcha": true, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": true, "contains_fake_security_alerts": false }

URL: https://logistics.sheincorp.cn/#/login Model: Joe Sandbox AI	{ "brands": [ "Shein" ] }
	{ "brands": [ "Shein" ] }
URL: https://logistics.sheincorp.cn/#/login Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": true, "contains_fake_security_alerts": false }

URL: https://logistics.sheincorp.cn/#/login Model: Joe Sandbox AI	{ "brands": [ "Shein" ] }
	{ "brands": [ "Shein" ] }
URL: https://logistics.sheincorp.cn/login Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://logistics.sheincorp.cn/login Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Dec 21 02:37:48 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9903842361008763
Encrypted:	false
SSDEEP:	48:8XtTdQTUUnHEidAKZdA1FehwiZUklqehuy+3:8IPKZy
MD5:	1F889026D3AEFCC7E8249159528235A9
SHA1:	7819550DBF98621F60CE44AE5E88EF8C76AA7AE0
SHA-256:	51DCA4A9F13FD6D14D6469E6C7FD9987F358A5437BC682FA01F2EB2300192BD9
SHA-512:	E686FB453CB95E0B3C01B10F72782EC53782872897420FE2A45B5D9E6B4A3C59AC376ADF867676D76C8F94E67ACCFEC4DD8FD66F36474A973E4228CC303F1209
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......R.YS..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 21, 2024 04:37:46.214684010 CET	53	63906	1.1.1.1	192.168.2.16
Dec 21, 2024 04:37:46.223980904 CET	53	59055	1.1.1.1	192.168.2.16
Dec 21, 2024 04:37:47.017198086 CET	59547	53	192.168.2.16	1.1.1.1
Dec 21, 2024 04:37:47.017427921 CET	50890	53	192.168.2.16	1.1.1.1
Dec 21, 2024 04:37:47.391464949 CET	53	59547	1.1.1.1	192.168.2.16
Dec 21, 2024 04:37:47.393731117 CET	53	50890	1.1.1.1	192.168.2.16
Dec 21, 2024 04:37:49.270711899 CET	53	50310	1.1.1.1	192.168.2.16
Dec 21, 2024 04:37:50.222625971 CET	54231	53	192.168.2.16	1.1.1.1
Dec 21, 2024 04:37:50.222804070 CET	56636	53	192.168.2.16	1.1.1.1
Dec 21, 2024 04:37:50.897629023 CET	56873	53	192.168.2.16	1.1.1.1
Dec 21, 2024 04:37:50.898562908 CET	59460	53	192.168.2.16	1.1.1.1
Dec 21, 2024 04:37:51.034543991 CET	53	56873	1.1.1.1	192.168.2.16
Dec 21, 2024 04:37:51.035146952 CET	53	59460	1.1.1.1	192.168.2.16
Dec 21, 2024 04:37:52.547977924 CET	60955	53	192.168.2.16	1.1.1.1
Dec 21, 2024 04:37:52.548800945 CET	60931	53	192.168.2.16	1.1.1.1
Dec 21, 2024 04:37:54.027473927 CET	57320	53	192.168.2.16	1.1.1.1
Dec 21, 2024 04:37:54.027600050 CET	59761	53	192.168.2.16	1.1.1.1
Dec 21, 2024 04:37:54.292845011 CET	53	59761	1.1.1.1	192.168.2.16
Dec 21, 2024 04:37:54.315510988 CET	53	57320	1.1.1.1	192.168.2.16
Dec 21, 2024 04:37:56.943562984 CET	58300	53	192.168.2.16	1.1.1.1
Dec 21, 2024 04:37:56.943783998 CET	51511	53	192.168.2.16	1.1.1.1
Dec 21, 2024 04:37:57.082039118 CET	53	58300	1.1.1.1	192.168.2.16
Dec 21, 2024 04:37:57.084559917 CET	53	51511	1.1.1.1	192.168.2.16
Dec 21, 2024 04:37:59.456003904 CET	63783	53	192.168.2.16	1.1.1.1
Dec 21, 2024 04:37:59.456271887 CET	61940	53	192.168.2.16	1.1.1.1
Dec 21, 2024 04:38:00.066983938 CET	50576	53	192.168.2.16	1.1.1.1
Dec 21, 2024 04:38:00.067209959 CET	59036	53	192.168.2.16	1.1.1.1
Dec 21, 2024 04:38:00.346187115 CET	53	59036	1.1.1.1	192.168.2.16
Dec 21, 2024 04:38:00.381649017 CET	53	50576	1.1.1.1	192.168.2.16
Dec 21, 2024 04:38:01.601731062 CET	51399	53	192.168.2.16	1.1.1.1
Dec 21, 2024 04:38:01.601912022 CET	50502	53	192.168.2.16	1.1.1.1
Dec 21, 2024 04:38:01.959399939 CET	58609	53	192.168.2.16	1.1.1.1
Dec 21, 2024 04:38:01.959578991 CET	51731	53	192.168.2.16	1.1.1.1
Dec 21, 2024 04:38:02.180099964 CET	53	51731	1.1.1.1	192.168.2.16
Dec 21, 2024 04:38:03.844232082 CET	59258	53	192.168.2.16	1.1.1.1
Dec 21, 2024 04:38:03.845339060 CET	57804	53	192.168.2.16	1.1.1.1
Dec 21, 2024 04:38:03.991959095 CET	53	57804	1.1.1.1	192.168.2.16
Dec 21, 2024 04:38:06.080878019 CET	53	60940	1.1.1.1	192.168.2.16
Dec 21, 2024 04:38:23.996131897 CET	52744	53	192.168.2.16	1.1.1.1
Dec 21, 2024 04:38:23.996278048 CET	51707	53	192.168.2.16	1.1.1.1
Dec 21, 2024 04:38:24.135287046 CET	53	52744	1.1.1.1	192.168.2.16
Dec 21, 2024 04:38:24.138010979 CET	53	51707	1.1.1.1	192.168.2.16
Dec 21, 2024 04:38:25.050229073 CET	53	61798	1.1.1.1	192.168.2.16
Dec 21, 2024 04:38:46.182574034 CET	53	65454	1.1.1.1	192.168.2.16
Dec 21, 2024 04:38:47.865804911 CET	53	53825	1.1.1.1	192.168.2.16
Dec 21, 2024 04:38:48.388351917 CET	57486	53	192.168.2.16	1.1.1.1
Dec 21, 2024 04:38:48.388530016 CET	57450	53	192.168.2.16	1.1.1.1
Dec 21, 2024 04:38:48.525434971 CET	53	57486	1.1.1.1	192.168.2.16
Dec 21, 2024 04:38:48.526031971 CET	53	57450	1.1.1.1	192.168.2.16
Dec 21, 2024 04:38:48.610073090 CET	138	138	192.168.2.16	192.168.2.255
Dec 21, 2024 04:38:48.665762901 CET	53	64355	1.1.1.1	192.168.2.16
Dec 21, 2024 04:39:10.394685984 CET	50394	53	192.168.2.16	1.1.1.1
Dec 21, 2024 04:39:10.395107985 CET	52778	53	192.168.2.16	1.1.1.1
Dec 21, 2024 04:39:10.535357952 CET	53	52778	1.1.1.1	192.168.2.16
Dec 21, 2024 04:39:13.036545038 CET	50080	53	192.168.2.16	1.1.1.1
Dec 21, 2024 04:39:13.036693096 CET	55141	53	192.168.2.16	1.1.1.1
Dec 21, 2024 04:39:13.174113989 CET	53	55141	1.1.1.1	192.168.2.16
Dec 21, 2024 04:39:15.859683990 CET	52026	53	192.168.2.16	1.1.1.1
Dec 21, 2024 04:39:15.859841108 CET	54146	53	192.168.2.16	1.1.1.1
Dec 21, 2024 04:39:15.999618053 CET	53	54146	1.1.1.1	192.168.2.16
Dec 21, 2024 04:39:16.763220072 CET	53	57910	1.1.1.1	192.168.2.16
Dec 21, 2024 04:39:17.740293980 CET	63556	53	192.168.2.16	1.1.1.1
Dec 21, 2024 04:39:17.740545988 CET	52417	53	192.168.2.16	1.1.1.1
Dec 21, 2024 04:39:17.877893925 CET	53	52417	1.1.1.1	192.168.2.16
Dec 21, 2024 04:39:18.774127007 CET	53	59729	1.1.1.1	192.168.2.16
Dec 21, 2024 04:39:26.382514000 CET	53	55769	1.1.1.1	192.168.2.16
Dec 21, 2024 04:39:36.711687088 CET	53	63434	1.1.1.1	192.168.2.16
Dec 21, 2024 04:39:39.806982040 CET	53	58145	1.1.1.1	192.168.2.16
Dec 21, 2024 04:39:39.808116913 CET	53	58583	1.1.1.1	192.168.2.16
Dec 21, 2024 04:39:43.000339031 CET	63081	53	192.168.2.16	1.1.1.1
Dec 21, 2024 04:39:43.000595093 CET	57692	53	192.168.2.16	1.1.1.1
Dec 21, 2024 04:39:43.099426031 CET	53	60322	1.1.1.1	192.168.2.16
Dec 21, 2024 04:39:43.138055086 CET	53	57692	1.1.1.1	192.168.2.16
Dec 21, 2024 04:39:43.139082909 CET	53	63081	1.1.1.1	192.168.2.16
Dec 21, 2024 04:39:45.272718906 CET	53	60248	1.1.1.1	192.168.2.16
Dec 21, 2024 04:39:50.552656889 CET	53	49985	1.1.1.1	192.168.2.16

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Dec 21, 2024 04:39:16.129082918 CET	192.168.2.16	1.1.1.1	c23f	(Port unreachable)	Destination Unreachable
Dec 21, 2024 04:39:36.711812019 CET	192.168.2.16	1.1.1.1	c233	(Port unreachable)	Destination Unreachable

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Dec 21, 2024 04:37:55.967140913 CET	15.197.220.58	443	192.168.2.16	49732	CN=*.dotfashion.cn CN=Encryption Everywhere DV TLS CA - G1, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=Encryption Everywhere DV TLS CA - G1, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Sep 18 02:00:00 CEST 2024 Mon Nov 27 13:46:10 CET 2017	Thu Sep 18 01:59:59 CEST 2025 Sat Nov 27 13:46:10 CET 2027	771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,65281-45-18-0-11-27-16-13-35-43-5-23-51-17513-10-65037,29-23-24,0	b9ca4104b3649f15eb16c715883fabe2
Dec 21, 2024 04:37:55.967140913 CET	15.197.220.58	443	192.168.2.16	49732	CN=Encryption Everywhere DV TLS CA - G1, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Mon Nov 27 13:46:10 CET 2017	Sat Nov 27 13:46:10 CET 2027		b9ca4104b3649f15eb16c715883fabe2

Timestamp	Bytes transferred	Direction	Data
2024-12-21 03:37:49 UTC	665	OUT	GET / HTTP/1.1 Host: logistics.sheincorp.cn Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-21 03:37:50 UTC	312	IN	HTTP/1.1 200 OK Date: Sat, 21 Dec 2024 03:37:49 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 5484 Connection: close Vary: Accept-Encoding Last-Modified: Thu, 19 Dec 2024 03:37:35 GMT Vary: Accept-Encoding ETag: "676394ff-156c" Accept-Ranges: bytes Via-Shein-Gateway: lcps-front-master
2024-12-21 03:37:50 UTC	3947	IN	Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 7a 68 2d 43 4e 22 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 5f 5f 4c 45 47 4f 5f 5f 56 45 52 53 49 4f 4e 5f 5f 3d 22 30 2e 32 35 2e 35 22 3c 2f 73 63 72 69 70 74 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 74 69 74 6c 65 3e 53 48 45 49 4e e7 89 a9 e6 b5 81 e9 97 a8 e6 88 b7 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 73 73 65 74 73 32 2e 64 6f 74 66 61 73 68 69 6f 6e 2e 63 6e 2f 75 6e 70 6b 67 2f 73 68 69 6e 65 6f 75 74 40 32 2e 30 2e 31 35 2d 62 65 74 61 2e 31 2f 64 69 73 74 2f 74 68 65 6d 65 2e 73 68 69 6e 65 6f 75 74 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 Data Ascii: <!doctype html><html lang="zh-CN"><head><script>window.__LEGO__VERSION__="0.25.5"</script><meta charset="UTF-8"><title>SHEIN</title><link href="https://assets2.dotfashion.cn/unpkg/shineout@2.0.15-beta.1/dist/theme.shineout.css" rel="stylesheet
2024-12-21 03:37:50 UTC	1537	IN	Data Raw: 20 28 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 6e 2e 63 61 6c 6c 4d 65 74 68 6f 64 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3f 20 6e 2e 63 61 6c 6c 4d 65 74 68 6f 64 2e 61 70 70 6c 79 28 6e 2c 20 61 72 67 75 6d 65 6e 74 73 29 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3a 20 6e 2e 71 75 65 75 65 2e 70 75 73 68 28 61 72 67 75 6d 65 6e 74 73 29 3b 0a 20 20 20 20 20 20 20 20 7d 3b 0a 20 20 20 20 20 20 20 20 6e 2e 70 75 73 68 20 3d 20 6e 3b 0a 20 20 20 20 20 20 20 20 6e 2e 6c 6f 61 64 65 64 20 3d 20 21 30 3b 0a 20 20 20 20 20 20 20 20 6e 2e 76 65 72 73 69 6f 6e 20 3d 20 22 32 2e 30 22 3b 0a 20 20 20 20 20 20 20 20 6e 2e 71 75 65 75 65 20 3d 20 5b 5d 3b 0a 0a 20 20 20 20 20 20 20 20 74 20 3d 20 62 2e 63 72 65 61 74 65 45 6c 65 6d Data Ascii: () { n.callMethod ? n.callMethod.apply(n, arguments) : n.queue.push(arguments); }; n.push = n; n.loaded = !0; n.version = "2.0"; n.queue = []; t = b.createElem

Timestamp	Bytes transferred	Direction	Data
2024-12-21 03:37:58 UTC	591	OUT	GET /api/public/revision/time HTTP/1.1 Host: monitor-web.dotfashion.cn Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Origin: https://logistics.sheincorp.cn Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://logistics.sheincorp.cn/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-21 03:37:59 UTC	272	IN	HTTP/1.1 200 OK Server: openresty Date: Sat, 21 Dec 2024 03:37:59 GMT Content-Type: application/json; charset=utf-8 Content-Length: 45 Connection: close Vary: Origin Access-Control-Allow-Origin: https://logistics.sheincorp.cn Via-Shein-Gateway: monitor-web!apm
2024-12-21 03:37:59 UTC	45	IN	Data Raw: 7b 22 74 69 6d 65 32 22 3a 31 37 33 34 37 35 32 32 37 39 31 36 39 2c 22 74 69 6d 65 33 22 3a 31 37 33 34 37 35 32 32 37 39 31 36 39 7d Data Ascii: {"time2":1734752279169,"time3":1734752279169}

Timestamp	Bytes transferred	Direction	Data
2024-12-21 03:37:59 UTC	503	OUT	GET /burypoint/analysis.js?id=9267ad00-b78e-594b-93af-116047d0c20a HTTP/1.1 Host: monitor-web.dotfashion.cn Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: _cfuvid=efTPOc8VWkTYa6cx2wYNMuF.HpoD9ZlBk4ZmPflhn1o-1734752272324-0.0.1.1-604800000
2024-12-21 03:37:59 UTC	403	IN	HTTP/1.1 200 OK Server: openresty Date: Sat, 21 Dec 2024 03:37:59 GMT Content-Type: application/javascript; charset=utf-8 Content-Length: 297664 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Origin Access-Control-Allow-Origin: * Cache-Control: private, max-age=30 ETag: https://assets.dotfashion.cn/unpkg/@shein/apm-burypoint@1.1.0-rc.84/dist/analysis.js?pluginHash=
2024-12-21 03:37:59 UTC	15981	IN	Data Raw: 21 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 3d 7b 37 37 35 37 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 74 2e 65 78 70 6f 72 74 73 3d 6e 28 35 36 36 36 29 7d 2c 38 32 33 33 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 73 65 6c 66 2c 74 2e 65 78 70 6f 72 74 73 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 3d 7b 32 33 38 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 76 61 72 20 72 3b 21 66 75 6e 63 74 69 6f 6e 28 61 2c 69 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 6f 3d 22 66 75 6e 63 74 69 6f 6e 22 2c 73 3d 22 75 6e 64 65 66 69 6e 65 64 22 2c 75 3d 22 6f 62 6a 65 63 74 22 2c 63 3d 22 73 74 72 69 6e 67 22 2c 6c 3d 22 6d 61 6a 6f 72 22 2c 68 3d 22 6d 6f 64 65 6c 22 2c 66 3d 22 6e 61 6d 65 22 2c 64 3d 22 74 79 70 65 22 2c 70 Data Ascii: !function(){var t={7757:function(t,e,n){t.exports=n(5666)},8233:function(t){self,t.exports=function(){var t={238:function(t,e,n){var r;!function(a,i){"use strict";var o="function",s="undefined",u="object",c="string",l="major",h="model",f="name",d="type",p
2024-12-21 03:37:59 UTC	16384	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 7b 75 61 3a 74 68 69 73 2e 67 65 74 55 41 28 29 2c 62 72 6f 77 73 65 72 3a 74 68 69 73 2e 67 65 74 42 72 6f 77 73 65 72 28 29 2c 65 6e 67 69 6e 65 3a 74 68 69 73 2e 67 65 74 45 6e 67 69 6e 65 28 29 2c 6f 73 3a 74 68 69 73 2e 67 65 74 4f 53 28 29 2c 64 65 76 69 63 65 3a 74 68 69 73 2e 67 65 74 44 65 76 69 63 65 28 29 2c 63 70 75 3a 74 68 69 73 2e 67 65 74 43 50 55 28 29 7d 7d 2c 74 68 69 73 2e 67 65 74 55 41 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 72 7d 2c 74 68 69 73 2e 73 65 74 55 41 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 72 3d 74 79 70 65 6f 66 20 74 3d 3d 3d 63 26 26 74 2e 6c 65 6e 67 74 68 3e 33 35 30 3f 71 28 74 2c 33 35 30 29 3a 74 2c 74 68 69 73 7d 2c 74 68 69 Data Ascii: function(){return{ua:this.getUA(),browser:this.getBrowser(),engine:this.getEngine(),os:this.getOS(),device:this.getDevice(),cpu:this.getCPU()}},this.getUA=function(){return r},this.setUA=function(t){return r=typeof t===c&&t.length>350?q(t,350):t,this},thi
2024-12-21 03:37:59 UTC	16384	IN	Data Raw: 69 6c 5f 6f 75 74 26 26 28 73 2e 6f 75 74 70 75 74 3d 6e 65 77 20 61 2e 42 75 66 38 28 63 29 2c 73 2e 6e 65 78 74 5f 6f 75 74 3d 30 2c 73 2e 61 76 61 69 6c 5f 6f 75 74 3d 63 29 2c 31 21 3d 3d 28 6e 3d 72 2e 64 65 66 6c 61 74 65 28 73 2c 6f 29 29 26 26 30 21 3d 3d 6e 29 72 65 74 75 72 6e 20 74 68 69 73 2e 6f 6e 45 6e 64 28 6e 29 2c 74 68 69 73 2e 65 6e 64 65 64 3d 21 30 2c 21 31 3b 30 21 3d 3d 73 2e 61 76 61 69 6c 5f 6f 75 74 26 26 28 30 21 3d 3d 73 2e 61 76 61 69 6c 5f 69 6e 7c 7c 34 21 3d 3d 6f 26 26 32 21 3d 3d 6f 29 7c 7c 28 22 73 74 72 69 6e 67 22 3d 3d 3d 74 68 69 73 2e 6f 70 74 69 6f 6e 73 2e 74 6f 3f 74 68 69 73 2e 6f 6e 44 61 74 61 28 69 2e 62 75 66 32 62 69 6e 73 74 72 69 6e 67 28 61 2e 73 68 72 69 6e 6b 42 75 66 28 73 2e 6f 75 74 70 75 74 2c 73 Data Ascii: il_out&&(s.output=new a.Buf8(c),s.next_out=0,s.avail_out=c),1!==(n=r.deflate(s,o))&&0!==n)return this.onEnd(n),this.ended=!0,!1;0!==s.avail_out&&(0!==s.avail_in\|\|4!==o&&2!==o)\|\|("string"===this.options.to?this.onData(i.buf2binstring(a.shrinkBuf(s.output,s
2024-12-21 03:37:59 UTC	16384	IN	Data Raw: 3f 32 3a 61 2e 73 74 72 61 74 65 67 79 3e 3d 32 7c 7c 61 2e 6c 65 76 65 6c 3c 32 3f 34 3a 30 29 2c 62 28 61 2c 33 29 2c 61 2e 73 74 61 74 75 73 3d 64 29 3b 65 6c 73 65 7b 76 61 72 20 68 3d 38 2b 28 61 2e 77 5f 62 69 74 73 2d 38 3c 3c 34 29 3c 3c 38 3b 68 7c 3d 28 61 2e 73 74 72 61 74 65 67 79 3e 3d 32 7c 7c 61 2e 6c 65 76 65 6c 3c 32 3f 30 3a 61 2e 6c 65 76 65 6c 3c 36 3f 31 3a 36 3d 3d 3d 61 2e 6c 65 76 65 6c 3f 32 3a 33 29 3c 3c 36 2c 30 21 3d 3d 61 2e 73 74 72 73 74 61 72 74 26 26 28 68 7c 3d 33 32 29 2c 68 2b 3d 33 31 2d 68 25 33 31 2c 61 2e 73 74 61 74 75 73 3d 64 2c 79 28 61 2c 68 29 2c 30 21 3d 3d 61 2e 73 74 72 73 74 61 72 74 26 26 28 79 28 61 2c 74 2e 61 64 6c 65 72 3e 3e 3e 31 36 29 2c 79 28 61 2c 36 35 35 33 35 26 74 2e 61 64 6c 65 72 29 29 2c Data Ascii: ?2:a.strategy>=2\|\|a.level<2?4:0),b(a,3),a.status=d);else{var h=8+(a.w_bits-8<<4)<<8;h\|=(a.strategy>=2\|\|a.level<2?0:a.level<6?1:6===a.level?2:3)<<6,0!==a.strstart&&(h\|=32),h+=31-h%31,a.status=d,y(a,h),0!==a.strstart&&(y(a,t.adler>>>16),y(a,65535&t.adler)),
2024-12-21 03:37:59 UTC	16384	IN	Data Raw: 5f 29 2c 5f 2d 3d 53 2c 6e 2e 6c 65 6e 67 74 68 2d 3d 53 3b 64 6f 7b 64 5b 76 2b 2b 5d 3d 4f 5b 7a 2b 2b 5d 7d 77 68 69 6c 65 28 2d 2d 53 29 3b 30 3d 3d 3d 6e 2e 6c 65 6e 67 74 68 26 26 28 6e 2e 6d 6f 64 65 3d 32 31 29 3b 62 72 65 61 6b 3b 63 61 73 65 20 32 36 3a 69 66 28 30 3d 3d 3d 5f 29 62 72 65 61 6b 20 74 3b 64 5b 76 2b 2b 5d 3d 6e 2e 6c 65 6e 67 74 68 2c 5f 2d 2d 2c 6e 2e 6d 6f 64 65 3d 32 31 3b 62 72 65 61 6b 3b 63 61 73 65 20 32 37 3a 69 66 28 6e 2e 77 72 61 70 29 7b 66 6f 72 28 3b 67 3c 33 32 3b 29 7b 69 66 28 30 3d 3d 3d 6d 29 62 72 65 61 6b 20 74 3b 6d 2d 2d 2c 77 7c 3d 66 5b 70 2b 2b 5d 3c 3c 67 2c 67 2b 3d 38 7d 69 66 28 78 2d 3d 5f 2c 74 2e 74 6f 74 61 6c 5f 6f 75 74 2b 3d 78 2c 6e 2e 74 6f 74 61 6c 2b 3d 78 2c 78 26 26 28 74 2e 61 64 6c 65 Data Ascii: _),_-=S,n.length-=S;do{d[v++]=O[z++]}while(--S);0===n.length&&(n.mode=21);break;case 26:if(0===_)break t;d[v++]=n.length,_--,n.mode=21;break;case 27:if(n.wrap){for(;g<32;){if(0===m)break t;m--,w\|=f[p++]<<g,g+=8}if(x-=_,t.total_out+=x,n.total+=x,x&&(t.adle
2024-12-21 03:38:00 UTC	16384	IN	Data Raw: 3d 6a 2c 41 2e 70 72 6f 74 6f 74 79 70 65 3d 7b 63 6f 6e 73 74 72 75 63 74 6f 72 3a 41 2c 72 65 73 65 74 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 69 66 28 74 68 69 73 2e 70 72 65 76 3d 30 2c 74 68 69 73 2e 6e 65 78 74 3d 30 2c 74 68 69 73 2e 73 65 6e 74 3d 74 68 69 73 2e 5f 73 65 6e 74 3d 65 2c 74 68 69 73 2e 64 6f 6e 65 3d 21 31 2c 74 68 69 73 2e 64 65 6c 65 67 61 74 65 3d 6e 75 6c 6c 2c 74 68 69 73 2e 6d 65 74 68 6f 64 3d 22 6e 65 78 74 22 2c 74 68 69 73 2e 61 72 67 3d 65 2c 74 68 69 73 2e 74 72 79 45 6e 74 72 69 65 73 2e 66 6f 72 45 61 63 68 28 45 29 2c 21 74 29 66 6f 72 28 76 61 72 20 6e 20 69 6e 20 74 68 69 73 29 22 74 22 3d 3d 3d 6e 2e 63 68 61 72 41 74 28 30 29 26 26 72 2e 63 61 6c 6c 28 74 68 69 73 2c 6e 29 26 26 21 69 73 4e 61 4e 28 2b 6e 2e 73 6c Data Ascii: =j,A.prototype={constructor:A,reset:function(t){if(this.prev=0,this.next=0,this.sent=this._sent=e,this.done=!1,this.delegate=null,this.method="next",this.arg=e,this.tryEntries.forEach(E),!t)for(var n in this)"t"===n.charAt(0)&&r.call(this,n)&&!isNaN(+n.sl
2024-12-21 03:38:00 UTC	16384	IN	Data Raw: 6e 28 74 29 7b 72 65 74 75 72 6e 5b 22 49 6e 74 22 2c 22 55 69 6e 74 22 2c 22 46 6c 6f 61 74 22 5d 2e 6d 61 70 28 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 2b 74 2b 22 41 72 72 61 79 22 7d 29 29 7d 29 29 29 29 2e 66 69 6c 74 65 72 28 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 42 74 5b 74 5d 7d 29 29 2e 6d 61 70 28 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 42 74 5b 74 5d 7d 29 29 3b 66 75 6e 63 74 69 6f 6e 20 65 65 28 74 29 7b 69 66 28 21 74 7c 7c 22 6f 62 6a 65 63 74 22 21 3d 74 79 70 65 6f 66 20 74 29 72 65 74 75 72 6e 20 74 3b 76 61 72 20 65 3b 69 66 28 6a 74 28 74 29 29 7b 65 3d 5b 5d 3b 66 6f 72 28 76 61 72 20 6e 3d 30 2c 72 3d 74 2e 6c 65 6e 67 74 68 3b 6e 3c 72 3b 2b 2b 6e 29 65 2e 70 75 73 68 Data Ascii: n(t){return["Int","Uint","Float"].map((function(e){return e+t+"Array"}))})))).filter((function(t){return Bt[t]})).map((function(t){return Bt[t]}));function ee(t){if(!t\|\|"object"!=typeof t)return t;var e;if(jt(t)){e=[];for(var n=0,r=t.length;n<r;++n)e.push
2024-12-21 03:38:00 UTC	16384	IN	Data Raw: 68 3e 30 7c 7c 6f 2e 63 68 61 6e 67 65 2e 6c 65 6e 67 74 68 3e 30 29 26 26 6e 2e 63 68 61 6e 67 65 2e 70 75 73 68 28 6f 29 7d 7d 65 6c 73 65 20 6e 2e 61 64 64 2e 70 75 73 68 28 5b 72 2c 69 5d 29 7d 72 65 74 75 72 6e 20 6e 7d 28 72 2c 61 29 3b 69 66 28 6f 2e 61 64 64 2e 66 6f 72 45 61 63 68 28 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 43 28 6e 2c 74 5b 30 5d 2c 74 5b 31 5d 2e 70 72 69 6d 4b 65 79 2c 74 5b 31 5d 2e 69 6e 64 65 78 65 73 29 7d 29 29 2c 6f 2e 63 68 61 6e 67 65 2e 66 6f 72 45 61 63 68 28 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 69 66 28 74 2e 72 65 63 72 65 61 74 65 29 74 68 72 6f 77 20 6e 65 77 20 79 65 2e 55 70 67 72 61 64 65 28 22 4e 6f 74 20 79 65 74 20 73 75 70 70 6f 72 74 20 66 6f 72 20 63 68 61 6e 67 69 6e 67 20 70 72 69 6d 61 72 79 20 6b 65 Data Ascii: h>0\|\|o.change.length>0)&&n.change.push(o)}}else n.add.push([r,i])}return n}(r,a);if(o.add.forEach((function(t){C(n,t[0],t[1].primKey,t[1].indexes)})),o.change.forEach((function(t){if(t.recreate)throw new ye.Upgrade("Not yet support for changing primary ke
2024-12-21 03:38:00 UTC	16384	IN	Data Raw: 65 79 73 22 29 3b 69 66 28 65 26 26 65 2e 6c 65 6e 67 74 68 21 3d 3d 74 2e 6c 65 6e 67 74 68 29 74 68 72 6f 77 20 6e 65 77 20 79 65 2e 49 6e 76 61 6c 69 64 41 72 67 75 6d 65 6e 74 28 22 41 72 67 75 6d 65 6e 74 73 20 6f 62 6a 65 63 74 73 20 61 6e 64 20 6b 65 79 73 20 6d 75 73 74 20 68 61 76 65 20 74 68 65 20 73 61 6d 65 20 6c 65 6e 67 74 68 22 29 3b 69 66 28 30 3d 3d 3d 74 2e 6c 65 6e 67 74 68 29 72 65 74 75 72 6e 20 61 28 29 3b 66 75 6e 63 74 69 6f 6e 20 75 28 74 29 7b 30 3d 3d 3d 66 2e 6c 65 6e 67 74 68 3f 61 28 74 29 3a 69 28 6e 65 77 20 77 65 28 6e 2e 6e 61 6d 65 2b 22 2e 62 75 6c 6b 41 64 64 28 29 3a 20 22 2b 66 2e 6c 65 6e 67 74 68 2b 22 20 6f 66 20 22 2b 64 2b 22 20 6f 70 65 72 61 74 69 6f 6e 73 20 66 61 69 6c 65 64 22 2c 66 29 29 7d 76 61 72 20 63 Data Ascii: eys");if(e&&e.length!==t.length)throw new ye.InvalidArgument("Arguments objects and keys must have the same length");if(0===t.length)return a();function u(t){0===f.length?a(t):i(new we(n.name+".bulkAdd(): "+f.length+" of "+d+" operations failed",f))}var c
2024-12-21 03:38:00 UTC	16384	IN	Data Raw: 6f 6e 73 75 63 63 65 73 73 28 6e 2e 76 61 6c 75 65 29 7d 29 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 70 3d 21 30 2c 67 28 29 7d 29 2c 77 2c 6f 29 7d 29 29 7d 2c 64 65 6c 65 74 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 3d 74 68 69 73 2c 65 3d 74 68 69 73 2e 5f 63 74 78 2c 6e 3d 65 2e 72 61 6e 67 65 2c 72 3d 65 2e 74 61 62 6c 65 2e 68 6f 6f 6b 2e 64 65 6c 65 74 69 6e 67 2e 66 69 72 65 2c 61 3d 72 21 3d 3d 53 65 3b 69 66 28 21 61 26 26 5a 28 65 29 26 26 28 65 2e 69 73 50 72 69 6d 4b 65 79 26 26 21 24 6e 7c 7c 21 6e 29 29 72 65 74 75 72 6e 20 74 68 69 73 2e 5f 77 72 69 74 65 28 28 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 72 29 7b 76 61 72 20 61 3d 6e 72 28 65 29 2c 69 3d 6e 3f 72 2e 63 6f 75 6e 74 28 6e 29 3a 72 2e 63 6f 75 6e 74 28 29 3b 69 2e 6f 6e Data Ascii: onsuccess(n.value)}),(function(){p=!0,g()}),w,o)}))},delete:function(){var t=this,e=this._ctx,n=e.range,r=e.table.hook.deleting.fire,a=r!==Se;if(!a&&Z(e)&&(e.isPrimKey&&!$n\|\|!n))return this._write((function(t,e,r){var a=nr(e),i=n?r.count(n):r.count();i.on

Timestamp	Bytes transferred	Direction	Data
2024-12-21 03:38:01 UTC	466	OUT	GET /api/public/revision/time HTTP/1.1 Host: monitor-web.dotfashion.cn Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: _cfuvid=efTPOc8VWkTYa6cx2wYNMuF.HpoD9ZlBk4ZmPflhn1o-1734752272324-0.0.1.1-604800000
2024-12-21 03:38:01 UTC	243	IN	HTTP/1.1 200 OK Server: openresty Date: Sat, 21 Dec 2024 03:38:01 GMT Content-Type: application/json; charset=utf-8 Content-Length: 45 Connection: close Vary: Origin Access-Control-Allow-Origin: * Via-Shein-Gateway: monitor-web!apm
2024-12-21 03:38:01 UTC	45	IN	Data Raw: 7b 22 74 69 6d 65 32 22 3a 31 37 33 34 37 35 32 32 38 31 36 33 36 2c 22 74 69 6d 65 33 22 3a 31 37 33 34 37 35 32 32 38 31 36 33 36 7d Data Ascii: {"time2":1734752281636,"time3":1734752281636}

Timestamp	Bytes transferred	Direction	Data
2024-12-21 03:38:23 UTC	591	OUT	GET /api/public/revision/time HTTP/1.1 Host: monitor-web.dotfashion.cn Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Origin: https://logistics.sheincorp.cn Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://logistics.sheincorp.cn/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-21 03:38:23 UTC	272	IN	HTTP/1.1 200 OK Server: openresty Date: Sat, 21 Dec 2024 03:38:23 GMT Content-Type: application/json; charset=utf-8 Content-Length: 45 Connection: close Vary: Origin Access-Control-Allow-Origin: https://logistics.sheincorp.cn Via-Shein-Gateway: monitor-web!apm
2024-12-21 03:38:23 UTC	45	IN	Data Raw: 7b 22 74 69 6d 65 32 22 3a 31 37 33 34 37 35 32 33 30 33 34 34 33 2c 22 74 69 6d 65 33 22 3a 31 37 33 34 37 35 32 33 30 33 34 34 33 7d Data Ascii: {"time2":1734752303443,"time3":1734752303443}

Timestamp	Bytes transferred	Direction	Data
2024-12-21 03:38:23 UTC	592	OUT	GET /trans/api/snapVersion?npid=65 HTTP/1.1 Host: cloud-now.sheincorp.cn Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Origin: https://logistics.sheincorp.cn Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://logistics.sheincorp.cn/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-21 03:38:23 UTC	396	IN	HTTP/1.1 200 OK Server: openresty Date: Sat, 21 Dec 2024 03:38:23 GMT Content-Type: application/json; charset=utf-8 Content-Length: 64 Connection: close Vary: Origin Access-Control-Allow-Origin: * Timing-Allow-Origin: * traceId: 1067e4513498a525 x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff x-download-options: noopen x-readtime: 8
2024-12-21 03:38:23 UTC	64	IN	Data Raw: 7b 22 63 6f 64 65 22 3a 30 2c 22 64 61 74 61 22 3a 7b 22 76 65 72 73 69 6f 6e 22 3a 22 58 79 6f 36 36 46 37 55 56 22 2c 22 6c 61 6e 67 75 61 67 65 22 3a 5b 22 43 4e 22 2c 22 55 53 22 5d 7d 7d Data Ascii: {"code":0,"data":{"version":"Xyo66F7UV","language":["CN","US"]}}

Timestamp	Bytes transferred	Direction	Data
2024-12-21 03:38:25 UTC	466	OUT	GET /api/public/revision/time HTTP/1.1 Host: monitor-web.dotfashion.cn Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: _cfuvid=efTPOc8VWkTYa6cx2wYNMuF.HpoD9ZlBk4ZmPflhn1o-1734752272324-0.0.1.1-604800000
2024-12-21 03:38:26 UTC	243	IN	HTTP/1.1 200 OK Server: openresty Date: Sat, 21 Dec 2024 03:38:25 GMT Content-Type: application/json; charset=utf-8 Content-Length: 45 Connection: close Vary: Origin Access-Control-Allow-Origin: * Via-Shein-Gateway: monitor-web!apm
2024-12-21 03:38:26 UTC	45	IN	Data Raw: 7b 22 74 69 6d 65 32 22 3a 31 37 33 34 37 35 32 33 30 35 39 32 31 2c 22 74 69 6d 65 33 22 3a 31 37 33 34 37 35 32 33 30 35 39 32 31 7d Data Ascii: {"time2":1734752305921,"time3":1734752305921}

Timestamp	Bytes transferred	Direction	Data
2024-12-21 03:38:25 UTC	613	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-21 03:38:26 UTC	1266	IN	HTTP/1.1 200 OK Date: Sat, 21 Dec 2024 03:38:26 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-CBbbZcI-Jo6b4ER88aFJEw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-21 03:38:26 UTC	124	IN	Data Raw: 33 36 37 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 75 73 61 61 20 66 65 64 65 72 61 6c 20 73 61 76 69 6e 67 73 20 62 61 6e 6b 22 2c 22 66 69 72 65 20 63 6f 75 6e 74 72 79 20 65 70 69 73 6f 64 65 73 20 73 65 61 73 6f 6e 20 33 20 65 70 69 73 6f 64 65 20 39 22 2c 22 62 65 6e 20 6a 6f 68 6e 73 6f 6e 20 63 61 6c 65 62 20 77 69 6c 6c 69 61 6d 73 20 63 68 69 63 61 67 6f 20 62 65 Data Ascii: 367)]}'["",["usaa federal savings bank","fire country episodes season 3 episode 9","ben johnson caleb williams chicago be
2024-12-21 03:38:26 UTC	754	IN	Data Raw: 61 72 73 22 2c 22 6d 6f 6e 6f 70 6f 6c 79 20 67 6f 20 67 72 65 65 74 69 6e 67 20 6a 6f 75 72 6e 65 79 20 72 65 77 61 72 64 73 22 2c 22 77 6f 6d 61 6e 20 6d 69 73 73 69 6e 67 20 67 72 61 6e 64 20 63 61 6e 79 6f 6e 22 2c 22 70 61 72 74 79 20 63 69 74 79 20 63 6c 6f 73 69 6e 67 20 73 74 6f 72 65 73 22 2c 22 6b 61 72 61 74 65 22 2c 22 64 61 6e 64 61 64 61 6e 20 61 6e 69 6d 65 20 65 70 69 73 6f 64 65 73 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 Data Ascii: ars","monopoly go greeting journey rewards","woman missing grand canyon","party city closing stores","karate","dandadan anime episodes"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpb
2024-12-21 03:38:26 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-12-21 03:38:32 UTC	670	OUT	GET /login HTTP/1.1 Host: logistics.sheincorp.cn Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-21 03:38:33 UTC	181	IN	HTTP/1.1 404 Not Found Date: Sat, 21 Dec 2024 03:38:33 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 552 Connection: close Via-Shein-Gateway: lcps-front-master
2024-12-21 03:38:33 UTC	552	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chr

Timestamp	Bytes transferred	Direction	Data
2024-12-21 03:38:33 UTC	605	OUT	GET /favicon.ico HTTP/1.1 Host: logistics.sheincorp.cn Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://logistics.sheincorp.cn/login Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-21 03:38:33 UTC	181	IN	HTTP/1.1 404 Not Found Date: Sat, 21 Dec 2024 03:38:33 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 552 Connection: close Via-Shein-Gateway: lcps-front-master
2024-12-21 03:38:33 UTC	552	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chr

Timestamp	Bytes transferred	Direction	Data
2024-12-21 03:38:42 UTC	592	OUT	GET /trans/api/snapVersion?npid=65 HTTP/1.1 Host: cloud-now.sheincorp.cn Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Origin: https://logistics.sheincorp.cn Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://logistics.sheincorp.cn/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-21 03:38:43 UTC	394	IN	HTTP/1.1 200 OK Server: openresty Date: Sat, 21 Dec 2024 03:38:43 GMT Content-Type: application/json; charset=utf-8 Content-Length: 64 Connection: close Vary: Origin Access-Control-Allow-Origin: * Timing-Allow-Origin: * traceId: c4210bc8417aad x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff x-download-options: noopen x-readtime: 7
2024-12-21 03:38:43 UTC	64	IN	Data Raw: 7b 22 63 6f 64 65 22 3a 30 2c 22 64 61 74 61 22 3a 7b 22 76 65 72 73 69 6f 6e 22 3a 22 58 79 6f 36 36 46 37 55 56 22 2c 22 6c 61 6e 67 75 61 67 65 22 3a 5b 22 43 4e 22 2c 22 55 53 22 5d 7d 7d Data Ascii: {"code":0,"data":{"version":"Xyo66F7UV","language":["CN","US"]}}

Timestamp	Bytes transferred	Direction	Data
2024-12-21 03:38:45 UTC	375	OUT	GET /trans/api/snapVersion?npid=65 HTTP/1.1 Host: cloud-now.sheincorp.cn Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-21 03:38:45 UTC	364	IN	HTTP/1.1 200 OK Server: openresty Date: Sat, 21 Dec 2024 03:38:45 GMT Content-Type: application/json; charset=utf-8 Content-Length: 64 Connection: close Vary: Origin Timing-Allow-Origin: * traceId: 80ff8d7ef2f00f39 x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff x-download-options: noopen x-readtime: 7
2024-12-21 03:38:45 UTC	64	IN	Data Raw: 7b 22 63 6f 64 65 22 3a 30 2c 22 64 61 74 61 22 3a 7b 22 76 65 72 73 69 6f 6e 22 3a 22 58 79 6f 36 36 46 37 55 56 22 2c 22 6c 61 6e 67 75 61 67 65 22 3a 5b 22 43 4e 22 2c 22 55 53 22 5d 7d 7d Data Ascii: {"code":0,"data":{"version":"Xyo66F7UV","language":["CN","US"]}}

Timestamp	Bytes transferred	Direction	Data
2024-12-21 03:38:45 UTC	466	OUT	GET /api/public/revision/time HTTP/1.1 Host: monitor-web.dotfashion.cn Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: _cfuvid=efTPOc8VWkTYa6cx2wYNMuF.HpoD9ZlBk4ZmPflhn1o-1734752272324-0.0.1.1-604800000
2024-12-21 03:38:46 UTC	243	IN	HTTP/1.1 200 OK Server: openresty Date: Sat, 21 Dec 2024 03:38:46 GMT Content-Type: application/json; charset=utf-8 Content-Length: 45 Connection: close Vary: Origin Access-Control-Allow-Origin: * Via-Shein-Gateway: monitor-web!apm
2024-12-21 03:38:46 UTC	45	IN	Data Raw: 7b 22 74 69 6d 65 32 22 3a 31 37 33 34 37 35 32 33 32 36 31 30 38 2c 22 74 69 6d 65 33 22 3a 31 37 33 34 37 35 32 33 32 36 31 30 38 7d Data Ascii: {"time2":1734752326108,"time3":1734752326108}

Timestamp	Bytes transferred	Direction	Data
2024-12-21 03:38:47 UTC	615	OUT	GET /trans/api/translation?npid=65&callback=i18n_callback HTTP/1.1 Host: cloud-now.sheincorp.cn Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Origin: https://logistics.sheincorp.cn Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://logistics.sheincorp.cn/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-21 03:38:48 UTC	572	IN	HTTP/1.1 200 OK Server: openresty Date: Sat, 21 Dec 2024 03:38:47 GMT Content-Type: application/javascript; charset=utf-8 Content-Length: 412086 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Origin Access-Control-Allow-Origin: * Timing-Allow-Origin: * ETag: 5624914da87b440b85fa19a83b9de4ec Cache-Control: public, max-age=7200, must-revalidate content-version: 206699 x-content-type-options: nosniff traceId: 61dc5ba61deebc00 x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-download-options: noopen x-readtime: 96
2024-12-21 03:38:48 UTC	15812	IN	Data Raw: 2f 2a 2a 2f 20 74 79 70 65 6f 66 20 69 31 38 6e 5f 63 61 6c 6c 62 61 63 6b 20 3d 3d 3d 20 27 66 75 6e 63 74 69 6f 6e 27 20 26 26 20 69 31 38 6e 5f 63 61 6c 6c 62 61 63 6b 28 7b 22 31 31 22 3a 7b 22 55 53 22 3a 22 31 31 22 2c 22 43 4e 22 3a 22 31 31 22 2c 22 6e 69 64 22 3a 33 38 30 37 39 38 7d 2c 22 33 34 32 22 3a 7b 22 55 53 22 3a 22 33 34 32 22 2c 22 43 4e 22 3a 22 33 34 32 22 2c 22 6e 69 64 22 3a 32 39 37 30 35 36 7d 2c 22 e8 af b7 e8 be 93 e5 85 a5 e7 94 a8 e6 88 b7 e5 90 8d ef bc 81 22 3a 7b 22 55 53 22 3a 22 70 6c 65 61 73 65 20 65 6e 74 65 72 20 75 73 65 72 6e 61 6d 65 21 22 2c 22 43 4e 22 3a 22 e8 af b7 e8 be 93 e5 85 a5 e7 94 a8 e6 88 b7 e5 90 8d ef bc 81 22 2c 22 6e 69 64 22 3a 38 36 34 36 31 7d 2c 22 e7 a1 ae e5 ae 9a 22 3a 7b 22 55 53 22 3a 22 Data Ascii: /**/ typeof i18n_callback === 'function' && i18n_callback({"11":{"US":"11","CN":"11","nid":380798},"342":{"US":"342","CN":"342","nid":297056},"":{"US":"please enter username!","CN":"","nid":86461},"":{"US":"
2024-12-21 03:38:48 UTC	16384	IN	Data Raw: a6 e5 8d 95 e6 96 87 e4 bb b6 e6 89 80 e5 af b9 e5 ba 94 e7 9a 84 e8 b4 a6 e5 8d 95 e7 b1 bb e5 9e 8b 22 2c 22 6e 69 64 22 3a 31 30 39 30 32 37 7d 2c 22 e6 b3 a8 e6 84 8f ef bc 9a e5 ba 94 e4 bb 98 e8 b4 a6 e5 8d 95 e6 98 af e6 8c 87 53 48 45 49 4e e9 9c 80 e8 a6 81 e4 bb 98 e6 ac be ef bc 8c e5 ba 94 e6 94 b6 e8 b4 a6 e5 8d 95 e6 98 af e6 8c 87 53 48 45 49 4e e9 9c 80 e8 a6 81 e6 94 b6 e6 ac be 22 3a 7b 22 55 53 22 3a 22 50 6c 65 61 73 65 20 6e 6f 74 65 3a 20 70 61 79 61 62 6c 65 20 73 74 61 74 65 6d 65 6e 74 73 20 72 65 66 65 72 20 74 6f 20 53 48 45 49 4e 20 27 6e 65 65 64 73 20 74 6f 20 70 61 79 27 2c 20 72 65 63 65 69 76 61 62 6c 65 20 73 74 61 74 65 6d 65 6e 74 73 20 72 65 66 65 72 20 74 6f 20 53 48 45 49 4e 20 27 6e 65 65 64 73 20 74 6f 20 63 6f 6c Data Ascii: ","nid":109027},"SHEINSHEIN":{"US":"Please note: payable statements refer to SHEIN 'needs to pay', receivable statements refer to SHEIN 'needs to col
2024-12-21 03:38:48 UTC	16384	IN	Data Raw: 31 7d 2c 22 e8 af b7 e5 a1 ab e5 86 99 e7 8a b6 e6 80 81 22 3a 7b 22 55 53 22 3a 22 70 6c 65 61 73 65 20 69 6e 70 75 74 20 73 74 61 74 75 73 22 2c 22 43 4e 22 3a 22 e8 af b7 e5 a1 ab e5 86 99 e7 8a b6 e6 80 81 22 2c 22 6e 69 64 22 3a 31 31 30 34 30 32 7d 2c 22 e5 85 ac e5 8f b8 e5 90 8d e7 a7 b0 22 3a 7b 22 55 53 22 3a 22 43 6f 6d 70 61 6e 79 20 4e 61 6d 65 22 2c 22 43 4e 22 3a 22 e5 85 ac e5 8f b8 e5 90 8d e7 a7 b0 22 2c 22 6e 69 64 22 3a 31 31 30 34 30 33 7d 2c 22 e7 bb 9f e4 b8 80 e7 a4 be e4 bc 9a e4 bf a1 e7 94 a8 e4 bb a3 e7 a0 81 2f e5 85 ac e5 8f b8 e6 b3 a8 e5 86 8c e5 8f b7 22 3a 7b 22 55 53 22 3a 22 55 6e 69 66 69 65 64 20 73 6f 63 69 61 6c 20 63 72 65 64 69 74 20 63 6f 64 65 2f 43 6f 6d 70 61 6e 79 20 72 65 67 69 73 74 72 61 74 69 6f 6e 20 6e Data Ascii: 1},"":{"US":"please input status","CN":"","nid":110402},"":{"US":"Company Name","CN":"","nid":110403},"/":{"US":"Unified social credit code/Company registration n
2024-12-21 03:38:48 UTC	16384	IN	Data Raw: 20 6c 65 74 74 65 72 73 2e 22 2c 22 43 4e 22 3a 22 e7 bb 9f e4 b8 80 e7 a4 be e4 bc 9a e4 bf a1 e7 94 a8 e4 bb a3 e7 a0 81 2f e5 85 ac e5 8f b8 e6 b3 a8 e5 86 8c e5 8f b7 20 e5 ad 97 e6 ae b5 e5 8f aa e6 94 af e6 8c 81 e6 95 b0 e5 ad 97 2b e5 ad 97 e6 af 8d 22 2c 22 6e 69 64 22 3a 31 31 32 31 35 32 7d 2c 22 e5 bf ab e9 80 92 e6 9c 8d e5 8a a1 22 3a 7b 22 55 53 22 3a 22 45 78 70 72 65 73 73 20 53 65 72 76 69 63 65 22 2c 22 43 4e 22 3a 22 e5 bf ab e9 80 92 e6 9c 8d e5 8a a1 22 2c 22 6e 69 64 22 3a 31 31 32 31 37 34 7d 2c 22 e9 87 8d e7 bd ae e5 af 86 e7 a0 81 22 3a 7b 22 55 53 22 3a 22 4e 65 78 74 22 2c 22 43 4e 22 3a 22 e9 87 8d e7 bd ae e5 af 86 e7 a0 81 22 2c 22 6e 69 64 22 3a 31 31 32 31 37 35 7d 2c 22 e6 98 af e5 90 a6 e6 94 af e6 8c 81 e9 a2 84 e4 bb Data Ascii: letters.","CN":"/ +","nid":112152},"":{"US":"Express Service","CN":"","nid":112174},"":{"US":"Next","CN":"","nid":112175},"
2024-12-21 03:38:48 UTC	16384	IN	Data Raw: 6e 69 64 22 3a 32 37 37 34 37 34 7d 2c 22 e6 95 b0 e6 8d ae e4 b8 8d e5 ad 98 e5 9c a8 22 3a 7b 22 55 53 22 3a 22 44 61 74 61 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 22 2c 22 43 4e 22 3a 22 e6 95 b0 e6 8d ae e4 b8 8d e5 ad 98 e5 9c a8 22 2c 22 6e 69 64 22 3a 32 37 37 34 37 35 7d 2c 22 e7 94 a8 e6 88 b7 e5 90 8d ef bc 8c 33 20 7e 20 32 30 e4 bd 8d e5 a4 a7 e5 b0 8f e5 86 99 e5 ad 97 e6 af 8d e6 88 96 e6 95 b0 e5 ad 97 22 3a 7b 22 55 53 22 3a 22 55 73 65 72 6e 61 6d 65 22 2c 22 43 4e 22 3a 22 e7 94 a8 e6 88 b7 e5 90 8d ef bc 8c 33 20 7e 20 32 30 e4 bd 8d e5 a4 a7 e5 b0 8f e5 86 99 e5 ad 97 e6 af 8d e6 88 96 e6 95 b0 e5 ad 97 22 2c 22 6e 69 64 22 3a 32 39 31 38 39 33 7d 2c 22 e5 af 86 e7 a0 81 ef bc 8c 38 20 7e 20 32 30 e4 bd 8d e5 a4 a7 e5 b0 8f e5 86 Data Ascii: nid":277474},"":{"US":"Data does not exist","CN":"","nid":277475},"3 ~ 20":{"US":"Username","CN":"3 ~ 20","nid":291893},"8 ~ 20
2024-12-21 03:38:48 UTC	16384	IN	Data Raw: ba a4 e5 95 a6 22 2c 22 6e 69 64 22 3a 32 39 32 30 31 37 7d 2c 22 e6 b3 a8 ef bc 9a e8 af b7 e5 8b bf e9 a2 91 e7 b9 81 e6 93 8d e4 bd 9c e6 8f 90 e4 ba a4 ef bc 8c 35 e5 88 86 e9 92 9f e5 86 85 e7 b3 bb e7 bb 9f e6 9c 80 e5 a4 9a e6 94 af e6 8c 81 e6 8f 90 e4 ba a4 35 e6 ac a1 ef bc 8c e5 90 a6 e5 88 99 e7 b3 bb e7 bb 9f e4 bc 9a e6 8f 90 e7 a4 ba ef bc 9a e2 80 9c 7b 7d e2 80 9d ef bc 8c e8 b0 a2 e8 b0 a2 e7 90 86 e8 a7 a3 e4 b8 8e e6 94 af e6 8c 81 e3 80 82 22 3a 7b 22 55 53 22 3a 22 4e 6f 74 65 3a 20 50 6c 65 61 73 65 20 64 6f 20 6e 6f 74 20 73 75 62 6d 69 74 20 66 72 65 71 75 65 6e 74 6c 79 2c 20 74 68 65 20 73 79 73 74 65 6d 20 73 75 70 70 6f 72 74 73 20 75 70 20 74 6f 20 35 20 73 75 62 6d 69 73 73 69 6f 6e 73 20 77 69 74 68 69 6e 20 35 20 6d 69 6e Data Ascii: ","nid":292017},"55{}":{"US":"Note: Please do not submit frequently, the system supports up to 5 submissions within 5 min
2024-12-21 03:38:48 UTC	16384	IN	Data Raw: 8f e5 8f b7 22 3a 7b 22 55 53 22 3a 22 22 2c 22 43 4e 22 3a 22 e5 95 86 e5 93 81 e5 ba 8f e5 8f b7 22 2c 22 6e 69 64 22 3a 32 39 35 39 38 33 7d 2c 22 e5 a4 87 e6 a1 88 e5 ba 8f e5 8f b7 22 3a 7b 22 55 53 22 3a 22 22 2c 22 43 4e 22 3a 22 e5 a4 87 e6 a1 88 e5 ba 8f e5 8f b7 22 2c 22 6e 69 64 22 3a 32 39 35 39 38 34 7d 2c 22 e7 94 b3 e6 8a a5 e5 8d 95 e4 bb b7 22 3a 7b 22 55 53 22 3a 22 22 2c 22 43 4e 22 3a 22 e7 94 b3 e6 8a a5 e5 8d 95 e4 bb b7 22 2c 22 6e 69 64 22 3a 32 39 35 39 38 35 7d 2c 22 e7 94 b3 e6 8a a5 e6 80 bb e4 bb b7 22 3a 7b 22 55 53 22 3a 22 22 2c 22 43 4e 22 3a 22 e7 94 b3 e6 8a a5 e6 80 bb e4 bb b7 22 2c 22 6e 69 64 22 3a 32 39 35 39 38 36 7d 2c 22 e5 be 81 e5 85 8d e6 96 b9 e5 bc 8f 22 3a 7b 22 55 53 22 3a 22 22 2c 22 43 4e 22 3a 22 e5 be Data Ascii: ":{"US":"","CN":"","nid":295983},"":{"US":"","CN":"","nid":295984},"":{"US":"","CN":"","nid":295985},"":{"US":"","CN":"","nid":295986},"":{"US":"","CN":"
2024-12-21 03:38:48 UTC	16384	IN	Data Raw: 64 22 3a 32 39 38 31 35 36 7d 2c 22 e8 b5 b7 e9 a3 9e e5 bb b6 e8 af af 22 3a 7b 22 55 53 22 3a 22 74 61 6b 65 20 6f 66 66 20 64 65 6c 61 79 22 2c 22 43 4e 22 3a 22 e8 b5 b7 e9 a3 9e e5 bb b6 e8 af af 22 2c 22 6e 69 64 22 3a 32 39 38 31 35 37 7d 2c 22 e8 88 aa e7 8f ad e5 bb b6 e8 bf 9f 22 3a 7b 22 55 53 22 3a 22 66 6c 69 67 68 74 20 64 65 6c 61 79 22 2c 22 43 4e 22 3a 22 e8 88 aa e7 8f ad e5 bb b6 e8 bf 9f 22 2c 22 6e 69 64 22 3a 32 39 38 31 35 38 7d 2c 22 e5 8f aa e6 94 af e6 8c 81 e4 b8 8a e4 bc a0 e4 bb a5 e4 b8 8b e6 a0 bc e5 bc 8f e6 96 87 e4 bb b6 ef bc 9a 2e 72 61 72 2f 2e 7a 69 70 2f 2e 70 6e 67 2f 2e 6a 70 67 2f 2e 70 64 66 22 3a 7b 22 55 53 22 3a 22 4f 6e 6c 79 20 73 75 70 70 6f 72 74 73 20 75 70 6c 6f 61 64 69 6e 67 20 66 69 6c 65 73 20 69 6e Data Ascii: d":298156},"":{"US":"take off delay","CN":"","nid":298157},"":{"US":"flight delay","CN":"","nid":298158},".rar/.zip/.png/.jpg/.pdf":{"US":"Only supports uploading files in
2024-12-21 03:38:48 UTC	16384	IN	Data Raw: 55 53 22 3a 22 68 69 6e 74 22 2c 22 43 4e 22 3a 22 e6 8f 90 e7 a4 ba 22 2c 22 6e 69 64 22 3a 33 38 30 37 37 38 7d 2c 22 e6 b7 b1 e5 9c b3 e5 8d 95 e4 b8 80 e7 aa 97 e5 8f a3 22 3a 7b 22 55 53 22 3a 22 53 68 65 6e 7a 68 65 6e 20 53 69 6e 67 6c 65 20 57 69 6e 64 6f 77 22 2c 22 43 4e 22 3a 22 e6 b7 b1 e5 9c b3 e5 8d 95 e4 b8 80 e7 aa 97 e5 8f a3 22 2c 22 6e 69 64 22 3a 33 38 30 37 37 39 7d 2c 22 e6 9c aa e5 a1 ab e5 86 99 22 3a 7b 22 55 53 22 3a 22 75 6e 66 69 6c 6c 65 64 22 2c 22 43 4e 22 3a 22 e6 9c aa e5 a1 ab e5 86 99 22 2c 22 6e 69 64 22 3a 33 38 30 37 38 30 7d 2c 22 e4 b8 8a e6 b5 b7 e5 8d 95 e4 b8 80 e7 aa 97 e5 8f a3 22 3a 7b 22 55 53 22 3a 22 53 68 61 6e 67 68 61 69 20 53 69 6e 67 6c 65 20 57 69 6e 64 6f 77 22 2c 22 43 4e 22 3a 22 e4 b8 8a e6 b5 b7 Data Ascii: US":"hint","CN":"","nid":380778},"":{"US":"Shenzhen Single Window","CN":"","nid":380779},"":{"US":"unfilled","CN":"","nid":380780},"":{"US":"Shanghai Single Window","CN":"
2024-12-21 03:38:48 UTC	16384	IN	Data Raw: 22 2c 22 6e 69 64 22 3a 35 34 33 33 32 37 7d 2c 22 e5 85 ac e5 91 8a e5 88 97 e8 a1 a8 22 3a 7b 22 55 53 22 3a 22 41 6e 6e 6f 75 6e 63 65 6d 65 6e 74 20 6c 69 73 74 22 2c 22 43 4e 22 3a 22 e5 85 ac e5 91 8a e5 88 97 e8 a1 a8 22 2c 22 6e 69 64 22 3a 35 34 34 32 30 37 7d 2c 22 e6 a6 82 e5 86 b5 22 3a 7b 22 55 53 22 3a 22 4f 76 65 72 76 69 65 77 22 2c 22 43 4e 22 3a 22 e6 a6 82 e5 86 b5 22 2c 22 6e 69 64 22 3a 35 34 34 32 30 38 7d 2c 22 e5 85 ac e5 91 8a e9 80 9a e7 9f a5 22 3a 7b 22 55 53 22 3a 22 41 6e 6e 6f 75 6e 63 65 6d 65 6e 74 20 4e 6f 74 69 63 65 22 2c 22 43 4e 22 3a 22 e5 85 ac e5 91 8a e9 80 9a e7 9f a5 22 2c 22 6e 69 64 22 3a 35 34 34 32 30 39 7d 2c 22 e5 85 ac e5 91 8a e8 af a6 e6 83 85 22 3a 7b 22 55 53 22 3a 22 41 6e 6e 6f 75 6e 63 65 6d 65 6e Data Ascii: ","nid":543327},"":{"US":"Announcement list","CN":"","nid":544207},"":{"US":"Overview","CN":"","nid":544208},"":{"US":"Announcement Notice","CN":"","nid":544209},"":{"US":"Announcemen

Timestamp	Bytes transferred	Direction	Data
2024-12-21 03:38:47 UTC	668	OUT	GET /api-lcps/api/v1/captcha/api?language=zh HTTP/1.1 Host: logistics.sheincorp.cn Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Authorization: Bearer null x-req-zone-id: Etc/GMT-8 x-req-system: pc Content-Type: application/json sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://logistics.sheincorp.cn/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-21 03:38:48 UTC	229	IN	HTTP/1.1 200 OK Date: Sat, 21 Dec 2024 03:38:48 GMT Content-Type: application/json Transfer-Encoding: chunked Connection: close vary: accept-encoding Via-Shein-Gateway: lcps-front-master!lcps-java Vary: Accept-Encoding
2024-12-21 03:38:48 UTC	490	IN	Data Raw: 31 65 33 0d 0a 7b 22 63 6f 64 65 22 3a 22 30 22 2c 22 6d 73 67 22 3a 22 4f 4b 22 2c 22 69 6e 66 6f 22 3a 7b 22 74 79 70 65 22 3a 31 2c 22 69 6d 67 22 3a 6e 75 6c 6c 2c 22 6b 65 79 22 3a 22 38 37 36 30 61 37 33 64 36 66 61 30 33 32 34 30 65 32 31 32 33 32 36 33 32 61 64 33 61 65 34 34 22 2c 22 73 65 6e 73 69 74 69 76 65 22 3a 66 61 6c 73 65 2c 22 63 6f 6e 66 69 67 22 3a 7b 22 61 70 69 5f 73 65 72 76 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 73 74 69 63 73 2e 73 68 65 69 6e 63 6f 72 70 2e 63 6e 2f 61 70 69 2d 6c 63 70 73 2f 61 70 69 2f 67 65 65 74 65 73 74 22 2c 22 63 68 61 6c 6c 65 6e 67 65 22 3a 22 38 37 36 30 61 37 33 64 36 66 61 30 33 32 34 30 65 32 31 32 33 32 36 33 32 61 64 33 61 65 34 34 22 2c 22 63 69 64 22 3a 22 65 33 30 36 61 38 31 63 64 Data Ascii: 1e3{"code":"0","msg":"OK","info":{"type":1,"img":null,"key":"8760a73d6fa03240e21232632ad3ae44","sensitive":false,"config":{"api_server":"https://logistics.sheincorp.cn/api-lcps/api/geetest","challenge":"8760a73d6fa03240e21232632ad3ae44","cid":"e306a81cd
2024-12-21 03:38:48 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-12-21 03:38:50 UTC	385	OUT	GET /api-lcps/api/v1/captcha/api?language=zh HTTP/1.1 Host: logistics.sheincorp.cn Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-21 03:38:51 UTC	229	IN	HTTP/1.1 200 OK Date: Sat, 21 Dec 2024 03:38:51 GMT Content-Type: application/json Transfer-Encoding: chunked Connection: close vary: accept-encoding Via-Shein-Gateway: lcps-front-master!lcps-java Vary: Accept-Encoding
2024-12-21 03:38:51 UTC	490	IN	Data Raw: 31 65 33 0d 0a 7b 22 63 6f 64 65 22 3a 22 30 22 2c 22 6d 73 67 22 3a 22 4f 4b 22 2c 22 69 6e 66 6f 22 3a 7b 22 74 79 70 65 22 3a 31 2c 22 69 6d 67 22 3a 6e 75 6c 6c 2c 22 6b 65 79 22 3a 22 39 35 63 64 64 36 35 64 35 37 38 37 66 66 65 36 62 31 35 32 65 34 37 66 38 66 37 30 31 61 35 64 22 2c 22 73 65 6e 73 69 74 69 76 65 22 3a 66 61 6c 73 65 2c 22 63 6f 6e 66 69 67 22 3a 7b 22 61 70 69 5f 73 65 72 76 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 73 74 69 63 73 2e 73 68 65 69 6e 63 6f 72 70 2e 63 6e 2f 61 70 69 2d 6c 63 70 73 2f 61 70 69 2f 67 65 65 74 65 73 74 22 2c 22 63 68 61 6c 6c 65 6e 67 65 22 3a 22 39 35 63 64 64 36 35 64 35 37 38 37 66 66 65 36 62 31 35 32 65 34 37 66 38 66 37 30 31 61 35 64 22 2c 22 63 69 64 22 3a 22 65 33 30 36 61 38 31 63 64 Data Ascii: 1e3{"code":"0","msg":"OK","info":{"type":1,"img":null,"key":"95cdd65d5787ffe6b152e47f8f701a5d","sensitive":false,"config":{"api_server":"https://logistics.sheincorp.cn/api-lcps/api/geetest","challenge":"95cdd65d5787ffe6b152e47f8f701a5d","cid":"e306a81cd
2024-12-21 03:38:51 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-12-21 03:38:53 UTC	668	OUT	POST /api-lcps/api/geetest/get.php HTTP/1.1 Host: logistics.sheincorp.cn Connection: keep-alive Content-Length: 339 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: application/json Content-Type: text/plain;charset=UTF-8 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: https://logistics.sheincorp.cn Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://logistics.sheincorp.cn/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-21 03:38:53 UTC	339	OUT	Data Raw: 7b 22 77 22 3a 22 66 7a 6a 73 6b 6d 4c 34 6e 31 59 66 37 45 41 62 68 34 58 4c 45 47 72 4a 67 61 45 6f 59 49 6a 31 41 6f 46 44 36 74 42 47 65 52 41 6f 68 71 58 4b 63 6b 6b 6a 72 64 72 39 57 68 4c 6f 6a 7a 6f 35 6f 4a 72 4e 71 53 58 45 6e 77 6b 74 67 66 2f 69 75 4a 63 67 43 32 6f 55 6b 4b 62 35 51 4e 4b 75 31 57 78 4c 43 48 74 72 46 7a 42 31 6b 76 57 51 50 66 72 4c 57 77 4b 34 2b 48 44 67 51 61 6b 4c 48 64 44 2f 4d 6b 50 32 74 52 79 78 77 46 68 50 42 71 44 69 61 70 35 63 71 59 48 73 48 63 47 36 75 42 2f 62 65 70 45 4f 6d 67 43 66 79 42 54 6e 47 6d 4e 74 54 35 55 79 74 55 49 77 47 49 55 4b 68 49 57 78 39 63 55 50 47 4f 33 6a 73 69 4e 6f 6f 4e 66 48 4d 30 34 78 63 56 34 52 68 2f 51 43 38 52 5a 30 55 6f 52 38 69 77 59 49 54 6f 30 37 73 36 32 4f 37 4f 62 6a 6c Data Ascii: {"w":"fzjskmL4n1Yf7EAbh4XLEGrJgaEoYIj1AoFD6tBGeRAohqXKckkjrdr9WhLojzo5oJrNqSXEnwktgf/iuJcgC2oUkKb5QNKu1WxLCHtrFzB1kvWQPfrLWwK4+HDgQakLHdD/MkP2tRyxwFhPBqDiap5cqYHsHcG6uB/bepEOmgCfyBTnGmNtT5UytUIwGIUKhIWx9cUPGO3jsiNooNfHM04xcV4Rh/QC8RZ0UoR8iwYITo07s62O7Objl
2024-12-21 03:38:53 UTC	229	IN	HTTP/1.1 200 OK Date: Sat, 21 Dec 2024 03:38:53 GMT Content-Type: application/json Transfer-Encoding: chunked Connection: close vary: accept-encoding Via-Shein-Gateway: lcps-front-master!lcps-java Vary: Accept-Encoding
2024-12-21 03:38:53 UTC	984	IN	Data Raw: 33 64 31 0d 0a 7b 22 64 61 74 61 22 3a 7b 22 66 65 65 64 62 61 63 6b 22 3a 22 22 2c 22 61 73 70 65 63 74 5f 72 61 64 69 6f 22 3a 7b 22 76 6f 69 63 65 22 3a 31 32 38 2c 22 73 6c 69 64 65 22 3a 31 30 33 2c 22 63 6c 69 63 6b 22 3a 31 32 38 7d 2c 22 76 6f 69 63 65 22 3a 22 77 77 77 2f 6a 73 2f 76 6f 69 63 65 2e 31 2e 30 2e 33 2e 6a 73 22 2c 22 63 73 73 22 3a 22 77 77 77 2f 63 73 73 2f 77 69 6e 64 2f 73 74 79 6c 65 2e 31 2e 30 2e 30 2e 63 73 73 22 2c 22 73 74 61 74 69 63 5f 73 65 72 76 65 72 73 22 3a 5b 22 68 74 74 70 73 3a 2f 2f 73 68 65 69 6e 73 7a 2e 6c 74 77 65 62 73 74 61 74 69 63 2e 63 6f 6d 2f 73 68 65 5f 64 69 73 74 2f 6c 69 62 73 2f 67 65 65 74 65 73 74 22 5d 2c 22 69 31 38 6e 5f 6c 61 62 65 6c 73 22 3a 7b 22 6e 65 78 74 22 3a 22 e6 ad a3 e5 9c a8 e5 Data Ascii: 3d1{"data":{"feedback":"","aspect_radio":{"voice":128,"slide":103,"click":128},"voice":"www/js/voice.1.0.3.js","css":"www/css/wind/style.1.0.0.css","static_servers":["https://sheinsz.ltwebstatic.com/she_dist/libs/geetest"],"i18n_labels":{"next":"
2024-12-21 03:38:53 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://logistics.sheincorp.cn/#/login

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 129

Chrome Cache Entry: 130

Chrome Cache Entry: 131

Chrome Cache Entry: 132

Chrome Cache Entry: 133

Chrome Cache Entry: 134

Chrome Cache Entry: 135

Chrome Cache Entry: 136

Chrome Cache Entry: 137

Chrome Cache Entry: 138

Chrome Cache Entry: 139

Chrome Cache Entry: 140

Chrome Cache Entry: 141

Chrome Cache Entry: 142

Chrome Cache Entry: 143

Chrome Cache Entry: 144

Chrome Cache Entry: 145

Chrome Cache Entry: 146

Chrome Cache Entry: 147

Chrome Cache Entry: 148

Chrome Cache Entry: 149

Windows Analysis Report
https://logistics.sheincorp.cn/#/login

Timestamp	Bytes transferred	Direction	Data
2024-12-21 03:38:55 UTC	374	OUT	GET /api-lcps/api/geetest/get.php HTTP/1.1 Host: logistics.sheincorp.cn Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-21 03:38:56 UTC	273	IN	HTTP/1.1 200 OK Date: Sat, 21 Dec 2024 03:38:56 GMT Content-Type: application/json Transfer-Encoding: chunked Connection: close Content-Disposition: inline;filename=f.txt vary: accept-encoding Via-Shein-Gateway: lcps-front-master!lcps-java Vary: Accept-Encoding
2024-12-21 03:38:56 UTC	67	IN	Data Raw: 33 64 0d 0a 7b 22 63 6f 64 65 22 3a 22 32 30 30 30 30 30 22 2c 22 6d 73 67 22 3a 22 e7 b3 bb e7 bb 9f e5 bc 82 e5 b8 b8 22 2c 22 69 6e 66 6f 22 3a 6e 75 6c 6c 2c 22 62 62 6c 22 3a 6e 75 6c 6c 7d 0d 0a Data Ascii: 3d{"code":"200000","msg":"","info":null,"bbl":null}
2024-12-21 03:38:56 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-12-21 03:39:09 UTC	670	OUT	POST /api-lcps/api/geetest/ajax.php HTTP/1.1 Host: logistics.sheincorp.cn Connection: keep-alive Content-Length: 6783 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: application/json Content-Type: text/plain;charset=UTF-8 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: https://logistics.sheincorp.cn Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://logistics.sheincorp.cn/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-21 03:39:09 UTC	6783	OUT	Data Raw: 7b 22 77 22 3a 22 48 6a 6c 53 51 37 75 38 57 52 6c 57 64 64 66 45 66 76 4e 44 57 44 5a 72 66 73 4c 78 4f 7a 42 43 2b 36 63 54 30 44 30 73 59 34 79 6f 45 73 46 54 4e 2b 4e 41 79 66 33 4a 57 51 56 2b 44 70 63 4b 4e 58 36 69 77 48 32 6d 39 42 64 47 48 39 74 48 52 71 36 43 32 58 72 31 64 33 4a 57 38 65 41 74 54 75 36 56 65 50 51 6c 55 6f 64 42 38 65 7a 6a 6b 57 78 4c 6d 49 43 37 30 49 43 58 36 53 46 56 72 69 69 68 61 74 6f 59 54 2f 53 4c 5a 49 4f 73 49 4d 36 48 50 45 50 6e 6b 6b 4f 46 33 73 31 6c 35 53 68 4c 6c 30 54 44 2b 64 52 48 2b 6d 2f 52 5a 6e 72 4f 30 6f 58 79 50 57 52 46 77 53 4f 75 4d 4b 31 59 54 79 4d 71 6b 37 42 75 78 44 68 6a 41 4a 46 75 56 72 5a 4d 4d 59 52 4e 74 48 45 6d 64 65 42 4c 66 55 64 4c 50 77 31 5a 6c 46 39 36 39 77 45 2b 4e 44 35 79 77 Data Ascii: {"w":"HjlSQ7u8WRlWddfEfvNDWDZrfsLxOzBC+6cT0D0sY4yoEsFTN+NAyf3JWQV+DpcKNX6iwH2m9BdGH9tHRq6C2Xr1d3JW8eAtTu6VePQlUodB8ezjkWxLmIC70ICX6SFVriihatoYT/SLZIOsIM6HPEPnkkOF3s1l5ShLl0TD+dRH+m/RZnrO0oXyPWRFwSOuMK1YTyMqk7BuxDhjAJFuVrZMMYRNtHEmdeBLfUdLPw1ZlF969wE+ND5yw
2024-12-21 03:39:10 UTC	229	IN	HTTP/1.1 200 OK Date: Sat, 21 Dec 2024 03:39:10 GMT Content-Type: application/json Transfer-Encoding: chunked Connection: close vary: accept-encoding Via-Shein-Gateway: lcps-front-master!lcps-java Vary: Accept-Encoding
2024-12-21 03:39:10 UTC	65	IN	Data Raw: 33 62 0d 0a 7b 22 64 61 74 61 22 3a 7b 22 72 65 73 75 6c 74 22 3a 22 73 75 63 63 65 73 73 22 2c 22 73 75 62 5f 74 79 70 65 22 3a 22 73 6c 69 64 65 22 7d 2c 22 73 74 61 74 75 73 22 3a 30 7d 0d 0a Data Ascii: 3b{"data":{"result":"success","sub_type":"slide"},"status":0}
2024-12-21 03:39:10 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-12-21 03:39:12 UTC	375	OUT	GET /api-lcps/api/geetest/ajax.php HTTP/1.1 Host: logistics.sheincorp.cn Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-21 03:39:13 UTC	273	IN	HTTP/1.1 200 OK Date: Sat, 21 Dec 2024 03:39:12 GMT Content-Type: application/json Transfer-Encoding: chunked Connection: close Content-Disposition: inline;filename=f.txt vary: accept-encoding Via-Shein-Gateway: lcps-front-master!lcps-java Vary: Accept-Encoding
2024-12-21 03:39:13 UTC	67	IN	Data Raw: 33 64 0d 0a 7b 22 63 6f 64 65 22 3a 22 32 30 30 30 30 30 22 2c 22 6d 73 67 22 3a 22 e7 b3 bb e7 bb 9f e5 bc 82 e5 b8 b8 22 2c 22 69 6e 66 6f 22 3a 6e 75 6c 6c 2c 22 62 62 6c 22 3a 6e 75 6c 6c 7d 0d 0a Data Ascii: 3d{"code":"200000","msg":"","info":null,"bbl":null}
2024-12-21 03:39:13 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-12-21 03:39:14 UTC	668	OUT	POST /api-lcps/api/geetest/get.php HTTP/1.1 Host: logistics.sheincorp.cn Connection: keep-alive Content-Length: 339 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: application/json Content-Type: text/plain;charset=UTF-8 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: https://logistics.sheincorp.cn Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://logistics.sheincorp.cn/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-21 03:39:14 UTC	339	OUT	Data Raw: 7b 22 77 22 3a 22 30 75 42 31 74 6a 2b 43 50 38 6a 56 45 53 44 49 45 54 33 72 4b 48 48 6b 6b 47 61 42 77 74 79 4c 54 65 79 4e 63 4e 67 6f 70 44 62 63 73 6a 64 5a 42 74 6b 77 65 44 35 32 5a 64 49 62 49 4a 49 4f 75 7a 67 30 6b 67 77 34 34 65 45 67 79 76 67 53 42 34 43 4b 4d 50 6e 43 33 53 57 63 56 7a 58 78 55 6a 61 62 2f 6f 38 4d 75 47 68 55 71 56 43 58 67 43 53 43 70 74 73 41 58 31 33 6a 65 75 54 74 62 44 52 6a 41 35 5a 4c 6c 67 79 4c 4c 6c 6d 49 71 6e 72 68 7a 32 78 47 78 32 37 4a 52 53 49 4f 57 44 38 79 49 4a 4f 5a 57 30 30 54 55 2b 67 6e 70 78 63 6a 33 36 71 50 46 77 42 6d 33 62 66 43 6e 71 35 4a 46 38 74 2f 44 71 52 68 64 37 68 6f 2b 37 30 75 70 57 65 68 78 6c 6f 41 57 76 6b 4e 6d 63 31 47 33 77 4c 51 62 39 64 6f 4e 42 78 64 2b 46 5a 6c 72 59 54 74 6b Data Ascii: {"w":"0uB1tj+CP8jVESDIET3rKHHkkGaBwtyLTeyNcNgopDbcsjdZBtkweD52ZdIbIJIOuzg0kgw44eEgyvgSB4CKMPnC3SWcVzXxUjab/o8MuGhUqVCXgCSCptsAX13jeuTtbDRjA5ZLlgyLLlmIqnrhz2xGx27JRSIOWD8yIJOZW00TU+gnpxcj36qPFwBm3bfCnq5JF8t/DqRhd7ho+70upWehxloAWvkNmc1G3wLQb9doNBxd+FZlrYTtk
2024-12-21 03:39:15 UTC	229	IN	HTTP/1.1 200 OK Date: Sat, 21 Dec 2024 03:39:15 GMT Content-Type: application/json Transfer-Encoding: chunked Connection: close vary: accept-encoding Via-Shein-Gateway: lcps-front-master!lcps-java Vary: Accept-Encoding
2024-12-21 03:39:15 UTC	1078	IN	Data Raw: 34 32 66 0d 0a 7b 22 64 61 74 61 22 3a 7b 22 73 68 6f 77 5f 64 65 6c 61 79 22 3a 31 30 30 30 2c 22 63 73 73 22 3a 22 77 77 77 2f 63 73 73 2f 61 6e 74 2f 73 74 79 6c 65 2e 31 2e 30 2e 30 2e 63 73 73 22 2c 22 79 70 6f 73 22 3a 36 30 2c 22 78 70 6f 73 22 3a 30 2c 22 62 67 22 3a 22 77 77 77 2f 61 73 73 65 73 74 73 2f 32 30 2f 73 6c 69 64 65 2f 62 67 2f 35 66 30 35 65 64 36 31 34 2e 6a 70 67 22 2c 22 66 75 6c 6c 62 67 22 3a 22 77 77 77 2f 61 73 73 65 73 74 73 2f 32 30 2f 73 6c 69 64 65 2f 66 75 6c 6c 2f 39 37 39 37 63 32 35 62 36 2e 6a 70 67 22 2c 22 73 74 61 74 69 63 5f 73 65 72 76 65 72 73 22 3a 5b 22 68 74 74 70 73 3a 2f 2f 73 68 65 69 6e 73 7a 2e 6c 74 77 65 62 73 74 61 74 69 63 2e 63 6f 6d 2f 73 68 65 5f 64 69 73 74 2f 6c 69 62 73 2f 67 65 65 74 65 73 74 Data Ascii: 42f{"data":{"show_delay":1000,"css":"www/css/ant/style.1.0.0.css","ypos":60,"xpos":0,"bg":"www/assests/20/slide/bg/5f05ed614.jpg","fullbg":"www/assests/20/slide/full/9797c25b6.jpg","static_servers":["https://sheinsz.ltwebstatic.com/she_dist/libs/geetest
2024-12-21 03:39:15 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-12-21 03:39:16 UTC	668	OUT	GET /api-lcps/api/v1/captcha/api?language=zh HTTP/1.1 Host: logistics.sheincorp.cn Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Authorization: Bearer null x-req-zone-id: Etc/GMT-8 x-req-system: pc Content-Type: application/json sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://logistics.sheincorp.cn/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-21 03:39:17 UTC	229	IN	HTTP/1.1 200 OK Date: Sat, 21 Dec 2024 03:39:17 GMT Content-Type: application/json Transfer-Encoding: chunked Connection: close vary: accept-encoding Via-Shein-Gateway: lcps-front-master!lcps-java Vary: Accept-Encoding
2024-12-21 03:39:17 UTC	490	IN	Data Raw: 31 65 33 0d 0a 7b 22 63 6f 64 65 22 3a 22 30 22 2c 22 6d 73 67 22 3a 22 4f 4b 22 2c 22 69 6e 66 6f 22 3a 7b 22 74 79 70 65 22 3a 31 2c 22 69 6d 67 22 3a 6e 75 6c 6c 2c 22 6b 65 79 22 3a 22 64 32 65 32 39 34 39 32 34 66 31 62 64 66 62 65 62 37 38 64 61 33 64 30 34 39 34 31 32 37 31 61 22 2c 22 73 65 6e 73 69 74 69 76 65 22 3a 66 61 6c 73 65 2c 22 63 6f 6e 66 69 67 22 3a 7b 22 61 70 69 5f 73 65 72 76 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 73 74 69 63 73 2e 73 68 65 69 6e 63 6f 72 70 2e 63 6e 2f 61 70 69 2d 6c 63 70 73 2f 61 70 69 2f 67 65 65 74 65 73 74 22 2c 22 63 68 61 6c 6c 65 6e 67 65 22 3a 22 64 32 65 32 39 34 39 32 34 66 31 62 64 66 62 65 62 37 38 64 61 33 64 30 34 39 34 31 32 37 31 61 22 2c 22 63 69 64 22 3a 22 65 33 30 36 61 38 31 63 64 Data Ascii: 1e3{"code":"0","msg":"OK","info":{"type":1,"img":null,"key":"d2e294924f1bdfbeb78da3d04941271a","sensitive":false,"config":{"api_server":"https://logistics.sheincorp.cn/api-lcps/api/geetest","challenge":"d2e294924f1bdfbeb78da3d04941271a","cid":"e306a81cd
2024-12-21 03:39:17 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-12-21 03:39:17 UTC	374	OUT	GET /api-lcps/api/geetest/get.php HTTP/1.1 Host: logistics.sheincorp.cn Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-21 03:39:18 UTC	273	IN	HTTP/1.1 200 OK Date: Sat, 21 Dec 2024 03:39:18 GMT Content-Type: application/json Transfer-Encoding: chunked Connection: close Content-Disposition: inline;filename=f.txt vary: accept-encoding Via-Shein-Gateway: lcps-front-master!lcps-java Vary: Accept-Encoding
2024-12-21 03:39:18 UTC	67	IN	Data Raw: 33 64 0d 0a 7b 22 63 6f 64 65 22 3a 22 32 30 30 30 30 30 22 2c 22 6d 73 67 22 3a 22 e7 b3 bb e7 bb 9f e5 bc 82 e5 b8 b8 22 2c 22 69 6e 66 6f 22 3a 6e 75 6c 6c 2c 22 62 62 6c 22 3a 6e 75 6c 6c 7d 0d 0a Data Ascii: 3d{"code":"200000","msg":"","info":null,"bbl":null}
2024-12-21 03:39:18 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-12-21 03:39:19 UTC	385	OUT	GET /api-lcps/api/v1/captcha/api?language=zh HTTP/1.1 Host: logistics.sheincorp.cn Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-21 03:39:20 UTC	229	IN	HTTP/1.1 200 OK Date: Sat, 21 Dec 2024 03:39:20 GMT Content-Type: application/json Transfer-Encoding: chunked Connection: close vary: accept-encoding Via-Shein-Gateway: lcps-front-master!lcps-java Vary: Accept-Encoding
2024-12-21 03:39:20 UTC	490	IN	Data Raw: 31 65 33 0d 0a 7b 22 63 6f 64 65 22 3a 22 30 22 2c 22 6d 73 67 22 3a 22 4f 4b 22 2c 22 69 6e 66 6f 22 3a 7b 22 74 79 70 65 22 3a 31 2c 22 69 6d 67 22 3a 6e 75 6c 6c 2c 22 6b 65 79 22 3a 22 38 62 32 65 62 30 66 38 62 63 31 38 39 38 36 34 36 66 63 34 32 64 38 66 62 35 66 63 62 39 61 61 22 2c 22 73 65 6e 73 69 74 69 76 65 22 3a 66 61 6c 73 65 2c 22 63 6f 6e 66 69 67 22 3a 7b 22 61 70 69 5f 73 65 72 76 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 73 74 69 63 73 2e 73 68 65 69 6e 63 6f 72 70 2e 63 6e 2f 61 70 69 2d 6c 63 70 73 2f 61 70 69 2f 67 65 65 74 65 73 74 22 2c 22 63 68 61 6c 6c 65 6e 67 65 22 3a 22 38 62 32 65 62 30 66 38 62 63 31 38 39 38 36 34 36 66 63 34 32 64 38 66 62 35 66 63 62 39 61 61 22 2c 22 63 69 64 22 3a 22 65 33 30 36 61 38 31 63 64 Data Ascii: 1e3{"code":"0","msg":"OK","info":{"type":1,"img":null,"key":"8b2eb0f8bc1898646fc42d8fb5fcb9aa","sensitive":false,"config":{"api_server":"https://logistics.sheincorp.cn/api-lcps/api/geetest","challenge":"8b2eb0f8bc1898646fc42d8fb5fcb9aa","cid":"e306a81cd
2024-12-21 03:39:20 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-12-21 03:39:22 UTC	374	OUT	GET /api-lcps/api/geetest/get.php HTTP/1.1 Host: logistics.sheincorp.cn Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-21 03:39:23 UTC	273	IN	HTTP/1.1 200 OK Date: Sat, 21 Dec 2024 03:39:23 GMT Content-Type: application/json Transfer-Encoding: chunked Connection: close Content-Disposition: inline;filename=f.txt vary: accept-encoding Via-Shein-Gateway: lcps-front-master!lcps-java Vary: Accept-Encoding
2024-12-21 03:39:23 UTC	67	IN	Data Raw: 33 64 0d 0a 7b 22 63 6f 64 65 22 3a 22 32 30 30 30 30 30 22 2c 22 6d 73 67 22 3a 22 e7 b3 bb e7 bb 9f e5 bc 82 e5 b8 b8 22 2c 22 69 6e 66 6f 22 3a 6e 75 6c 6c 2c 22 62 62 6c 22 3a 6e 75 6c 6c 7d 0d 0a Data Ascii: 3d{"code":"200000","msg":"","info":null,"bbl":null}
2024-12-21 03:39:23 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-12-21 03:39:34 UTC	670	OUT	POST /api-lcps/api/geetest/ajax.php HTTP/1.1 Host: logistics.sheincorp.cn Connection: keep-alive Content-Length: 7339 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: application/json Content-Type: text/plain;charset=UTF-8 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: https://logistics.sheincorp.cn Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://logistics.sheincorp.cn/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-21 03:39:34 UTC	7339	OUT	Data Raw: 7b 22 77 22 3a 22 57 6c 76 34 37 42 55 54 6e 74 61 4d 6d 33 48 49 6d 34 45 6a 6b 65 52 6e 66 59 41 68 72 34 36 43 76 62 75 43 31 65 39 72 39 34 34 79 76 74 59 4e 66 2b 50 4f 53 75 56 35 49 68 78 32 68 43 66 56 74 46 4c 53 2b 67 6c 51 48 4f 31 45 4e 32 47 39 50 4a 73 53 46 2f 2b 36 65 79 6d 6b 4d 69 6a 48 42 6f 66 6a 6f 34 58 73 74 6f 58 32 63 6b 63 69 6d 78 36 79 4f 57 51 4a 36 44 69 41 41 54 34 79 68 45 58 64 4e 31 32 32 77 59 49 79 59 77 55 6d 44 63 37 4e 71 64 57 52 45 72 79 51 78 54 61 6d 4c 53 72 59 66 71 55 77 6d 4b 73 68 43 47 59 44 70 63 47 39 71 65 58 45 35 6b 6f 43 43 73 58 69 77 78 59 34 76 2b 76 4c 74 52 76 69 45 47 41 39 76 64 57 72 5a 35 6a 6f 35 4b 77 69 6f 55 52 65 52 66 6e 4c 48 62 67 70 35 75 47 79 34 78 77 2b 74 53 70 4d 6e 4c 6e 4e 79 Data Ascii: {"w":"Wlv47BUTntaMm3HIm4EjkeRnfYAhr46CvbuC1e9r944yvtYNf+POSuV5Ihx2hCfVtFLS+glQHO1EN2G9PJsSF/+6eymkMijHBofjo4XstoX2ckcimx6yOWQJ6DiAAT4yhEXdN122wYIyYwUmDc7NqdWREryQxTamLSrYfqUwmKshCGYDpcG9qeXE5koCCsXiwxY4v+vLtRviEGA9vdWrZ5jo5KwioUReRfnLHbgp5uGy4xw+tSpMnLnNy
2024-12-21 03:39:34 UTC	229	IN	HTTP/1.1 200 OK Date: Sat, 21 Dec 2024 03:39:34 GMT Content-Type: application/json Transfer-Encoding: chunked Connection: close vary: accept-encoding Via-Shein-Gateway: lcps-front-master!lcps-java Vary: Accept-Encoding
2024-12-21 03:39:34 UTC	65	IN	Data Raw: 33 62 0d 0a 7b 22 64 61 74 61 22 3a 7b 22 72 65 73 75 6c 74 22 3a 22 73 75 63 63 65 73 73 22 2c 22 73 75 62 5f 74 79 70 65 22 3a 22 73 6c 69 64 65 22 7d 2c 22 73 74 61 74 75 73 22 3a 30 7d 0d 0a Data Ascii: 3b{"data":{"result":"success","sub_type":"slide"},"status":0}
2024-12-21 03:39:34 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-12-21 03:39:36 UTC	668	OUT	POST /api-lcps/api/geetest/get.php HTTP/1.1 Host: logistics.sheincorp.cn Connection: keep-alive Content-Length: 339 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: application/json Content-Type: text/plain;charset=UTF-8 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: https://logistics.sheincorp.cn Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://logistics.sheincorp.cn/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-21 03:39:36 UTC	339	OUT	Data Raw: 7b 22 77 22 3a 22 57 47 51 42 31 6e 4d 46 49 4b 6d 4d 4f 2f 51 76 2b 6b 77 59 66 7a 74 54 75 6d 33 4d 51 30 2f 54 70 38 62 70 49 58 73 73 57 77 6d 34 44 71 55 78 52 4c 4b 33 33 43 73 75 6b 46 54 4c 4a 53 71 70 6a 75 39 30 5a 6a 70 57 4a 35 50 6a 75 6c 45 76 38 41 53 67 63 7a 57 6b 69 73 4b 50 36 53 38 63 50 6b 69 2b 4a 69 66 77 2f 56 43 30 4f 69 6c 2b 6a 47 47 77 68 30 50 6d 34 36 71 34 48 6d 6c 2b 58 74 7a 2f 35 4d 6e 45 71 37 38 55 6d 59 50 44 66 43 6a 32 38 44 34 7a 54 6d 39 46 70 30 51 48 35 6c 36 4f 6d 2b 62 79 58 74 48 4e 37 66 37 33 5a 6d 57 36 64 2b 50 35 4d 66 6a 69 77 68 68 57 76 30 70 58 6b 2b 33 65 73 55 6e 66 47 47 33 69 44 4a 69 73 6b 57 57 2b 46 59 36 59 69 72 2b 74 74 37 4d 4c 54 79 62 70 65 64 79 44 38 33 69 61 6f 62 75 37 67 69 6f 31 38 Data Ascii: {"w":"WGQB1nMFIKmMO/Qv+kwYfztTum3MQ0/Tp8bpIXssWwm4DqUxRLK33CsukFTLJSqpju90ZjpWJ5PjulEv8ASgczWkisKP6S8cPki+Jifw/VC0Oil+jGGwh0Pm46q4Hml+Xtz/5MnEq78UmYPDfCj28D4zTm9Fp0QH5l6Om+byXtHN7f73ZmW6d+P5MfjiwhhWv0pXk+3esUnfGG3iDJiskWW+FY6Yir+tt7MLTybpedyD83iaobu7gio18
2024-12-21 03:39:37 UTC	229	IN	HTTP/1.1 200 OK Date: Sat, 21 Dec 2024 03:39:37 GMT Content-Type: application/json Transfer-Encoding: chunked Connection: close vary: accept-encoding Via-Shein-Gateway: lcps-front-master!lcps-java Vary: Accept-Encoding
2024-12-21 03:39:37 UTC	1078	IN	Data Raw: 34 32 66 0d 0a 7b 22 64 61 74 61 22 3a 7b 22 73 68 6f 77 5f 64 65 6c 61 79 22 3a 31 30 30 30 2c 22 63 73 73 22 3a 22 77 77 77 2f 63 73 73 2f 61 6e 74 2f 73 74 79 6c 65 2e 31 2e 30 2e 30 2e 63 73 73 22 2c 22 79 70 6f 73 22 3a 38 38 2c 22 78 70 6f 73 22 3a 30 2c 22 62 67 22 3a 22 77 77 77 2f 61 73 73 65 73 74 73 2f 32 30 2f 73 6c 69 64 65 2f 62 67 2f 65 35 33 64 64 30 37 36 36 2e 6a 70 67 22 2c 22 66 75 6c 6c 62 67 22 3a 22 77 77 77 2f 61 73 73 65 73 74 73 2f 32 30 2f 73 6c 69 64 65 2f 66 75 6c 6c 2f 66 36 33 34 65 64 66 30 33 2e 6a 70 67 22 2c 22 73 74 61 74 69 63 5f 73 65 72 76 65 72 73 22 3a 5b 22 68 74 74 70 73 3a 2f 2f 73 68 65 69 6e 73 7a 2e 6c 74 77 65 62 73 74 61 74 69 63 2e 63 6f 6d 2f 73 68 65 5f 64 69 73 74 2f 6c 69 62 73 2f 67 65 65 74 65 73 74 Data Ascii: 42f{"data":{"show_delay":1000,"css":"www/css/ant/style.1.0.0.css","ypos":88,"xpos":0,"bg":"www/assests/20/slide/bg/e53dd0766.jpg","fullbg":"www/assests/20/slide/full/f634edf03.jpg","static_servers":["https://sheinsz.ltwebstatic.com/she_dist/libs/geetest
2024-12-21 03:39:37 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0