r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a2104f935c638b4767ca5ae0d738ef23
85c6af15af749be0ceeae6de17c36925b750f166
5d4789a3696bd7faa9916768cb627bbc89bf70a756d80e53860cbac13c2bc8b1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5D4789A3696BD7FAA9916768CB627BBC89BF70A756D80E53860CBAC13C2BC8B1"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14264
Expires: Sat, 28 Jan 2023 22:40:57 GMT
Date: Sat, 28 Jan 2023 18:43:13 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3eb88dea4fe00db1182370e72683c3ab
ca520abf1e91bfd2aef40c6a1270a911071e8922
d8083ee567c7b3023111dc30f32c94237df7db30d4d2daaea0a569e8a3069ad7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D8083EE567C7B3023111DC30F32C94237DF7DB30D4D2DAAEA0A569E8A3069AD7"
Last-Modified: Sat, 28 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15048
Expires: Sat, 28 Jan 2023 22:54:01 GMT
Date: Sat, 28 Jan 2023 18:43:13 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 28 Jan 2023 18:35:31 GMT
content-type: application/json
age: 462
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 03092d1a1bc7ac91ee342a1a7ab2a562
52db06ce1fd2c74ddd36b6a0a7aee1b5c891600a
03b8ff2629abac9fc30ebec059c2e2018fcbc41646ad5f71c965ff630fbf1ffd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "03B8FF2629ABAC9FC30EBEC059C2E2018FCBC41646AD5F71C965FF630FBF1FFD"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9383
Expires: Sat, 28 Jan 2023 21:19:36 GMT
Date: Sat, 28 Jan 2023 18:43:13 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: mcdkvGbHuR7qwcibakZDcDZDzE1I7iBa6I1WlFDtsRxgqFRbqj+ObHgfmQ2Tth+7HHcRKSXPRDc=
x-amz-request-id: KKV2BD72HMAC2V5B
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 28 Jan 2023 18:21:04 GMT
age: 1329
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
www.cq6y.com/soft/136101.html
154.23.235.191200 OK 6.2 kB URL HTTP/1.1 www.cq6y.com/soft/136101.html
IP 154.23.235.191:0
ASN #140224 STARCLOUD GLOBAL PTE., LTD.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (431), with CRLF, LF line terminators
Hash 0a1732cf754050c0c520c5bd05437a1f
04239dab633e35707f7b611efb8acd2933525e34
1a1c53dc1a16d302759b0d1bb1996166713d39b0cc416c11b8bf0a4e123f3148
Analyzer Verdict Alert fortinet Malware
GET /soft/136101.html HTTP/1.1
Host: www.cq6y.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 28 Jan 2023 18:37:03 GMT
Content-Type: text/html
Last-Modified: Sat, 20 Aug 2022 10:46:05 GMT
Vary: Accept-Encoding
ETag: "6300bb6d-5f59"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Xss-Protection: 1;mod=block
Content-Length: 6190
Content-Encoding: gzip
Connection: keep-alive
X-Cache: HIT
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 18:43:13 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
www.cq6y.com/statics/v1/css/down.css
154.23.235.191200 OK 8.4 kB URL HTTP/1.1 www.cq6y.com/statics/v1/css/down.css
IP 154.23.235.191:0
ASN #140224 STARCLOUD GLOBAL PTE., LTD.
File type CSV text\012- , Unicode text, UTF-8 text
Hash d817eaaa666ffa2eaa206b032cfc988e
441f79ee31eefb7eea2ecd2019ca07cf7966f75b
21398f15224df4b4cf795aefbf4fc033ee4fb4f369ceadbce98378a25045da6a
GET /statics/v1/css/down.css HTTP/1.1
Host: www.cq6y.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.cq6y.com/soft/136101.html
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 28 Jan 2023 03:04:15 GMT
Content-Type: text/css
Last-Modified: Fri, 10 Jun 2022 09:06:27 GMT
Transfer-Encoding: chunked
Vary: Accept-Encoding
ETag: W/"62a30993-8dad"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Xss-Protection: 1;mod=block
Content-Encoding: gzip
Connection: keep-alive
X-Cache: HIT
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Last-Modified, ETag, Content-Length, Expires, Cache-Control, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 28 Jan 2023 17:49:03 GMT
age: 3251
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
www.cq6y.com/statics/v1/js/jquery-1.8.0.min.js
154.23.235.191200 OK 38 kB URL HTTP/1.1 www.cq6y.com/statics/v1/js/jquery-1.8.0.min.js
IP 154.23.235.191:0
ASN #140224 STARCLOUD GLOBAL PTE., LTD.
File type Unicode text, UTF-8 text, with very long lines (65480)
Hash c837233d13720d83e2cf847c77fed47a
544b2c0b9b9b1874d347416f16d07b7d97391c99
3547826d335679bc5d716943e79b596604383c6dc9cbc265fd01fc073005995a
Analyzer Verdict Alert fortinet Malware
GET /statics/v1/js/jquery-1.8.0.min.js HTTP/1.1
Host: www.cq6y.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.cq6y.com/soft/136101.html
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 28 Jan 2023 03:04:15 GMT
Content-Type: application/javascript
Last-Modified: Thu, 02 Jun 2022 06:48:20 GMT
Transfer-Encoding: chunked
Vary: Accept-Encoding
ETag: W/"62985d34-175ac"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Xss-Protection: 1;mod=block
Content-Encoding: gzip
Connection: keep-alive
X-Cache: HIT
www.cq6y.com/statics/v1/js/mobile.js
154.23.235.191200 OK 398 B URL HTTP/1.1 www.cq6y.com/statics/v1/js/mobile.js
IP 154.23.235.191:0
ASN #140224 STARCLOUD GLOBAL PTE., LTD.
File type ASCII text, with very long lines (398), with no line terminators
Hash e6297886e5663b2b311849624970e5d7
dc2f5fbdf2c05707febf51d537431562ff4eda88
92e58a3e1cf546174b62fe2dd2d69283307a2177cc42f5be42b143e22fa393cb
Analyzer Verdict Alert fortinet Malware
GET /statics/v1/js/mobile.js HTTP/1.1
Host: www.cq6y.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.cq6y.com/soft/136101.html
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 28 Jan 2023 03:02:45 GMT
Content-Type: application/javascript
Content-Length: 398
Last-Modified: Wed, 21 Jul 2021 02:07:39 GMT
ETag: "60f7816b-18e"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Xss-Protection: 1;mod=block
Connection: keep-alive
X-Cache: HIT
www.cq6y.com/statics/v1/js/show_comment.js
154.23.235.191200 OK 6.1 kB URL HTTP/1.1 www.cq6y.com/statics/v1/js/show_comment.js
IP 154.23.235.191:0
ASN #140224 STARCLOUD GLOBAL PTE., LTD.
File type HTML document, Unicode text, UTF-8 text, with very long lines (348)
Hash 54ca79f0ba3eb62c06e515dc1b0b6b51
db88652173966845ba52a3d0aa82d18c7c83b54b
888fd2230312e60887a46f9922261d683376ccf0a33fe9d4fe2980efd2785d9e
Analyzer Verdict Alert fortinet Malware
GET /statics/v1/js/show_comment.js HTTP/1.1
Host: www.cq6y.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.cq6y.com/soft/136101.html
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 28 Jan 2023 03:04:15 GMT
Content-Type: application/javascript
Last-Modified: Wed, 21 Jul 2021 02:07:40 GMT
Transfer-Encoding: chunked
Vary: Accept-Encoding
ETag: W/"60f7816c-4ee3"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Xss-Protection: 1;mod=block
Content-Encoding: gzip
Connection: keep-alive
X-Cache: HIT
www.cq6y.com/statics/v1/js/baidu.js
154.23.235.191200 OK 304 B URL HTTP/1.1 www.cq6y.com/statics/v1/js/baidu.js
IP 154.23.235.191:0
ASN #140224 STARCLOUD GLOBAL PTE., LTD.
File type HTML document text\012- HTML document, ASCII text
Hash 2b32fbe7305b78f53c0f37d504e8b0e7
f3dbce027e6c95288fb31b8a3cff0b06984acfa5
870a4cfac3afc52815818ac3cf7e221e8f15d24e069deac931245ab1203da509
Analyzer Verdict Alert fortinet Malware
GET /statics/v1/js/baidu.js HTTP/1.1
Host: www.cq6y.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.cq6y.com/soft/136101.html
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 28 Jan 2023 03:02:45 GMT
Content-Type: application/javascript
Last-Modified: Sun, 26 Sep 2021 09:17:37 GMT
ETag: "61503ab1-23b"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Xss-Protection: 1;mod=block
Content-Length: 304
Content-Encoding: gzip
Vary: Accept-Encoding
Connection: keep-alive
X-Cache: HIT
www.cq6y.com/api.php?op=count&id=136101&modelid=2
154.23.235.191200 OK 41 B URL HTTP/1.1 www.cq6y.com/api.php?op=count&id=136101&modelid=2
IP 154.23.235.191:0
ASN #140224 STARCLOUD GLOBAL PTE., LTD.
File type ASCII text, with no line terminators
Hash d958eb6da091fb7a33acf21b13152565
b1102ab2e02f263e7c0956e134d9720bbac7108e
0425e628c5f7ca359a1c709345b41678abc25218aaca9306e5c414a26bd48f61
GET /api.php?op=count&id=136101&modelid=2 HTTP/1.1
Host: www.cq6y.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.cq6y.com/soft/136101.html
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 28 Jan 2023 18:43:13 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Xss-Protection: 1;mod=block
X-Cache: MISS
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 16a7b6a7128312e2f985d30df18c4487
6017bff79ffb525d9c7f9f32b999b74b5dc69602
663fd12209627f08e759c2ed1c76278a5da79dae1e0b46082dd1bb44775f7a16
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "663FD12209627F08E759C2ED1C76278A5DA79DAE1E0B46082DD1BB44775F7A16"
Last-Modified: Fri, 27 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13748
Expires: Sat, 28 Jan 2023 22:32:22 GMT
Date: Sat, 28 Jan 2023 18:43:14 GMT
Connection: keep-alive
www.cq6y.com/uploadfile/2021/1228/20211228051210109.jpg
154.23.235.191302 Moved Temporarily 138 B URL HTTP/1.1 www.cq6y.com/uploadfile/2021/1228/20211228051210109.jpg
IP 154.23.235.191:0
ASN #140224 STARCLOUD GLOBAL PTE., LTD.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash aff950cab4c0265e21d401db15f1026d
f03e18461817f7a6546c8bf8fa8d686d7e30aca0
753e0dd54f28c4f7009b9c0b18a68aed175416bd8b7d134858264586eaac56f0
GET /uploadfile/2021/1228/20211228051210109.jpg HTTP/1.1
Host: www.cq6y.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.cq6y.com/soft/136101.html
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Sat, 28 Jan 2023 18:43:14 GMT
Content-Type: text/html
Content-Length: 138
Connection: keep-alive
Location: http://42.200.211.25:61022/uploadfile/2021/1228/20211228051210109.jpg
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Xss-Protection: 1;mod=block
X-Cache: MISS
www.cq6y.com/uploadfile/2021/1228/20211228051137717.jpg
154.23.235.191302 Moved Temporarily 138 B URL HTTP/1.1 www.cq6y.com/uploadfile/2021/1228/20211228051137717.jpg
IP 154.23.235.191:0
ASN #140224 STARCLOUD GLOBAL PTE., LTD.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash aff950cab4c0265e21d401db15f1026d
f03e18461817f7a6546c8bf8fa8d686d7e30aca0
753e0dd54f28c4f7009b9c0b18a68aed175416bd8b7d134858264586eaac56f0
GET /uploadfile/2021/1228/20211228051137717.jpg HTTP/1.1
Host: www.cq6y.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.cq6y.com/soft/136101.html
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Sat, 28 Jan 2023 18:43:14 GMT
Content-Type: text/html
Content-Length: 138
Connection: keep-alive
Location: http://42.200.211.25:61022/uploadfile/2021/1228/20211228051137717.jpg
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Xss-Protection: 1;mod=block
X-Cache: MISS
www.cq6y.com/uploadfile/2021/1228/20211228051137183.jpg
154.23.235.191302 Moved Temporarily 138 B URL HTTP/1.1 www.cq6y.com/uploadfile/2021/1228/20211228051137183.jpg
IP 154.23.235.191:0
ASN #140224 STARCLOUD GLOBAL PTE., LTD.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash aff950cab4c0265e21d401db15f1026d
f03e18461817f7a6546c8bf8fa8d686d7e30aca0
753e0dd54f28c4f7009b9c0b18a68aed175416bd8b7d134858264586eaac56f0
GET /uploadfile/2021/1228/20211228051137183.jpg HTTP/1.1
Host: www.cq6y.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.cq6y.com/soft/136101.html
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Sat, 28 Jan 2023 18:43:14 GMT
Content-Type: text/html
Content-Length: 138
Connection: keep-alive
Location: http://42.200.211.25:61022/uploadfile/2021/1228/20211228051137183.jpg
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Xss-Protection: 1;mod=block
X-Cache: MISS
www.cq6y.com/statics/v1/images/face/1.gif
154.23.235.191200 OK 1.8 kB URL HTTP/1.1 www.cq6y.com/statics/v1/images/face/1.gif
IP 154.23.235.191:0
ASN #140224 STARCLOUD GLOBAL PTE., LTD.
File type GIF image data, version 89a, 24 x 24\012- data
Hash db43f69d2445682946de87faeca3f320
30dc8d95835d92c61efca0888f2b5eccc80f5006
a13508c4a175b6d972857fc2fe1e718fab4fc0d4ba5d7f4c66aa6933dfdf0824
GET /statics/v1/images/face/1.gif HTTP/1.1
Host: www.cq6y.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.cq6y.com/soft/136101.html
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 28 Jan 2023 03:04:18 GMT
Content-Type: image/gif
Content-Length: 1810
Last-Modified: Wed, 21 Jul 2021 02:07:55 GMT
ETag: "60f7817b-712"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Xss-Protection: 1;mod=block
Accept-Ranges: bytes
Connection: keep-alive
X-Cache: HIT
www.cq6y.com/uploadfile/2021/1228/20211228051137409.jpg
154.23.235.191302 Moved Temporarily 138 B URL HTTP/1.1 www.cq6y.com/uploadfile/2021/1228/20211228051137409.jpg
IP 154.23.235.191:0
ASN #140224 STARCLOUD GLOBAL PTE., LTD.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash aff950cab4c0265e21d401db15f1026d
f03e18461817f7a6546c8bf8fa8d686d7e30aca0
753e0dd54f28c4f7009b9c0b18a68aed175416bd8b7d134858264586eaac56f0
GET /uploadfile/2021/1228/20211228051137409.jpg HTTP/1.1
Host: www.cq6y.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.cq6y.com/soft/136101.html
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Sat, 28 Jan 2023 18:43:14 GMT
Content-Type: text/html
Content-Length: 138
Connection: keep-alive
Location: http://42.200.211.25:61022/uploadfile/2021/1228/20211228051137409.jpg
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Xss-Protection: 1;mod=block
X-Cache: MISS
www.cq6y.com/statics/v1/images/logo.png
154.23.235.191200 OK 16 kB URL HTTP/1.1 www.cq6y.com/statics/v1/images/logo.png
IP 154.23.235.191:0
ASN #140224 STARCLOUD GLOBAL PTE., LTD.
File type PNG image data, 552 x 180, 8-bit/color RGBA, non-interlaced\012- data
Hash c46b3579404b54b7b9184a9dc3194893
56f89e629cce093e93f5872be4401d2640d45f10
a926507929bf9c6d99de1d56fb76e42cea5bd9d0bb27b01b6e88d0deb3955957
GET /statics/v1/images/logo.png HTTP/1.1
Host: www.cq6y.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.cq6y.com/soft/136101.html
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 28 Jan 2023 03:02:45 GMT
Content-Type: image/png
Content-Length: 16410
Last-Modified: Wed, 21 Jul 2021 06:24:29 GMT
ETag: "60f7bd9d-401a"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Xss-Protection: 1;mod=block
Accept-Ranges: bytes
Connection: keep-alive
X-Cache: HIT
www.cq6y.com/uploadfile/2021/1228/20211228051122630.jpg
154.23.235.191302 Moved Temporarily 138 B URL HTTP/1.1 www.cq6y.com/uploadfile/2021/1228/20211228051122630.jpg
IP 154.23.235.191:0
ASN #140224 STARCLOUD GLOBAL PTE., LTD.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash aff950cab4c0265e21d401db15f1026d
f03e18461817f7a6546c8bf8fa8d686d7e30aca0
753e0dd54f28c4f7009b9c0b18a68aed175416bd8b7d134858264586eaac56f0
GET /uploadfile/2021/1228/20211228051122630.jpg HTTP/1.1
Host: www.cq6y.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.cq6y.com/soft/136101.html
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Sat, 28 Jan 2023 18:43:14 GMT
Content-Type: text/html
Content-Length: 138
Connection: keep-alive
Location: http://42.200.211.25:61022/uploadfile/2021/1228/20211228051122630.jpg
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Xss-Protection: 1;mod=block
X-Cache: MISS
www.cq6y.com/statics/v1/images/star.png
154.23.235.191200 OK 3.4 kB URL HTTP/1.1 www.cq6y.com/statics/v1/images/star.png
IP 154.23.235.191:0
ASN #140224 STARCLOUD GLOBAL PTE., LTD.
File type PNG image data, 160 x 150, 8-bit/color RGBA, non-interlaced\012- data
Hash 43b693f6e77973ac075db614f567d0eb
e8227105721597d41732cadc346d438f9054fad5
344f19cfdf2047fdd72cc7030a3515ac818a2edfafd9d0ca9f0e4ad1a708811c
GET /statics/v1/images/star.png HTTP/1.1
Host: www.cq6y.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.cq6y.com/statics/v1/css/down.css
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 28 Jan 2023 03:04:15 GMT
Content-Type: image/png
Content-Length: 3419
Last-Modified: Wed, 21 Jul 2021 02:07:38 GMT
ETag: "60f7816a-d5b"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Xss-Protection: 1;mod=block
Accept-Ranges: bytes
Connection: keep-alive
X-Cache: HIT
push.services.mozilla.com/
35.164.100.136101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.164.100.136:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: tTJa2lwSEhmL+X/MflZ6Nw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: mEfnvDAR2fJICakOSyYGyVDnwcA=
www.cq6y.com/statics/v1/images/dspr.png
154.23.235.191200 OK 8.9 kB URL HTTP/1.1 www.cq6y.com/statics/v1/images/dspr.png
IP 154.23.235.191:0
ASN #140224 STARCLOUD GLOBAL PTE., LTD.
File type PNG image data, 36 x 550, 8-bit/color RGBA, non-interlaced\012- data
Hash 30af04cde6197de12e9b8053f3febb80
65872643d90b1e697390bb6a3fe0e2254c5ed74d
3c295bd739ad30413cc414be1cb517ee3b0a266776ae12b8ee2784b872d5807c
GET /statics/v1/images/dspr.png HTTP/1.1
Host: www.cq6y.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.cq6y.com/statics/v1/css/down.css
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 28 Jan 2023 03:04:15 GMT
Content-Type: image/png
Content-Length: 8940
Last-Modified: Wed, 21 Jul 2021 02:07:37 GMT
ETag: "60f78169-22ec"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Xss-Protection: 1;mod=block
Accept-Ranges: bytes
Connection: keep-alive
X-Cache: HIT
www.cq6y.com/statics/v1/images/mstar.png
154.23.235.191200 OK 2.7 kB URL HTTP/1.1 www.cq6y.com/statics/v1/images/mstar.png
IP 154.23.235.191:0
ASN #140224 STARCLOUD GLOBAL PTE., LTD.
File type PNG image data, 116 x 110, 8-bit/color RGBA, non-interlaced\012- data
Hash 3f44b319f9546c45d900c9cbd1aaa1b0
6a235380ff17fe67fb9ccc4aa0981fbd5205533a
00d854e46e56ee428fb82616784e52de80b21789bfd8622ecf76855030732fdb
GET /statics/v1/images/mstar.png HTTP/1.1
Host: www.cq6y.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.cq6y.com/statics/v1/css/down.css
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 28 Jan 2023 03:04:19 GMT
Content-Type: image/png
Content-Length: 2706
Last-Modified: Wed, 21 Jul 2021 02:07:38 GMT
ETag: "60f7816a-a92"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Xss-Protection: 1;mod=block
Accept-Ranges: bytes
Connection: keep-alive
X-Cache: HIT
www.cq6y.com/statics/v1/js/down.js
154.23.235.191200 OK 50 kB URL HTTP/1.1 www.cq6y.com/statics/v1/js/down.js
IP 154.23.235.191:0
ASN #140224 STARCLOUD GLOBAL PTE., LTD.
File type ASCII text, with very long lines (1966)
Hash 990d936225330dc5a004daf767414316
d42acdd1092666169b61b25cd4cdb6ed85380a49
6630dc3c024ec946b90f235cee5881767a2ae6a0a476d57f63b0f7d005493165
Analyzer Verdict Alert fortinet Malware
GET /statics/v1/js/down.js HTTP/1.1
Host: www.cq6y.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.cq6y.com/soft/136101.html
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 28 Jan 2023 03:04:15 GMT
Content-Type: application/javascript
Last-Modified: Thu, 13 Jan 2022 05:38:09 GMT
Transfer-Encoding: chunked
Vary: Accept-Encoding
ETag: W/"61dfbac1-23ee0"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Xss-Protection: 1;mod=block
Content-Encoding: gzip
Connection: keep-alive
X-Cache: HIT
www.cq6y.com/uploadfile/2021/1024/20211024062710849.jpg
154.23.235.191302 Moved Temporarily 138 B URL HTTP/1.1 www.cq6y.com/uploadfile/2021/1024/20211024062710849.jpg
IP 154.23.235.191:0
ASN #140224 STARCLOUD GLOBAL PTE., LTD.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash aff950cab4c0265e21d401db15f1026d
f03e18461817f7a6546c8bf8fa8d686d7e30aca0
753e0dd54f28c4f7009b9c0b18a68aed175416bd8b7d134858264586eaac56f0
GET /uploadfile/2021/1024/20211024062710849.jpg HTTP/1.1
Host: www.cq6y.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.cq6y.com/soft/136101.html
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Sat, 28 Jan 2023 18:43:14 GMT
Content-Type: text/html
Content-Length: 138
Connection: keep-alive
Location: http://42.200.211.25:61022/uploadfile/2021/1024/20211024062710849.jpg
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Xss-Protection: 1;mod=block
X-Cache: MISS
www.cq6y.com/uploadfile/2021/0823/20210823113526446.jpg
154.23.235.191302 Moved Temporarily 138 B URL HTTP/1.1 www.cq6y.com/uploadfile/2021/0823/20210823113526446.jpg
IP 154.23.235.191:0
ASN #140224 STARCLOUD GLOBAL PTE., LTD.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash aff950cab4c0265e21d401db15f1026d
f03e18461817f7a6546c8bf8fa8d686d7e30aca0
753e0dd54f28c4f7009b9c0b18a68aed175416bd8b7d134858264586eaac56f0
GET /uploadfile/2021/0823/20210823113526446.jpg HTTP/1.1
Host: www.cq6y.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.cq6y.com/soft/136101.html
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Sat, 28 Jan 2023 18:43:14 GMT
Content-Type: text/html
Content-Length: 138
Connection: keep-alive
Location: http://42.200.211.25:61022/uploadfile/2021/0823/20210823113526446.jpg
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Xss-Protection: 1;mod=block
X-Cache: MISS
www.cq6y.com/uploadfile/2022/0612/20220612100539601.jpg
154.23.235.191302 Moved Temporarily 138 B URL HTTP/1.1 www.cq6y.com/uploadfile/2022/0612/20220612100539601.jpg
IP 154.23.235.191:0
ASN #140224 STARCLOUD GLOBAL PTE., LTD.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash aff950cab4c0265e21d401db15f1026d
f03e18461817f7a6546c8bf8fa8d686d7e30aca0
753e0dd54f28c4f7009b9c0b18a68aed175416bd8b7d134858264586eaac56f0
GET /uploadfile/2022/0612/20220612100539601.jpg HTTP/1.1
Host: www.cq6y.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.cq6y.com/soft/136101.html
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Sat, 28 Jan 2023 18:43:14 GMT
Content-Type: text/html
Content-Length: 138
Connection: keep-alive
Location: http://42.200.211.25:61022/uploadfile/2022/0612/20220612100539601.jpg
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Xss-Protection: 1;mod=block
X-Cache: MISS
www.cq6y.com/uploadfile/2021/1018/20211018054336911.png
154.23.235.191302 Moved Temporarily 138 B URL HTTP/1.1 www.cq6y.com/uploadfile/2021/1018/20211018054336911.png
IP 154.23.235.191:0
ASN #140224 STARCLOUD GLOBAL PTE., LTD.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash aff950cab4c0265e21d401db15f1026d
f03e18461817f7a6546c8bf8fa8d686d7e30aca0
753e0dd54f28c4f7009b9c0b18a68aed175416bd8b7d134858264586eaac56f0
GET /uploadfile/2021/1018/20211018054336911.png HTTP/1.1
Host: www.cq6y.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.cq6y.com/soft/136101.html
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Sat, 28 Jan 2023 18:43:14 GMT
Content-Type: text/html
Content-Length: 138
Connection: keep-alive
Location: http://42.200.211.25:61022/uploadfile/2021/1018/20211018054336911.png
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Xss-Protection: 1;mod=block
X-Cache: MISS
www.cq6y.com/uploadfile/2021/1102/20211102103315702.png
154.23.235.191302 Moved Temporarily 138 B URL HTTP/1.1 www.cq6y.com/uploadfile/2021/1102/20211102103315702.png
IP 154.23.235.191:0
ASN #140224 STARCLOUD GLOBAL PTE., LTD.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash aff950cab4c0265e21d401db15f1026d
f03e18461817f7a6546c8bf8fa8d686d7e30aca0
753e0dd54f28c4f7009b9c0b18a68aed175416bd8b7d134858264586eaac56f0
GET /uploadfile/2021/1102/20211102103315702.png HTTP/1.1
Host: www.cq6y.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.cq6y.com/soft/136101.html
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Sat, 28 Jan 2023 18:43:14 GMT
Content-Type: text/html
Content-Length: 138
Connection: keep-alive
Location: http://42.200.211.25:61022/uploadfile/2021/1102/20211102103315702.png
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Xss-Protection: 1;mod=block
X-Cache: MISS
www.cq6y.com/uploadfile/2021/1111/20211111055238955.jpg
154.23.235.191302 Moved Temporarily 138 B URL HTTP/1.1 www.cq6y.com/uploadfile/2021/1111/20211111055238955.jpg
IP 154.23.235.191:0
ASN #140224 STARCLOUD GLOBAL PTE., LTD.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash aff950cab4c0265e21d401db15f1026d
f03e18461817f7a6546c8bf8fa8d686d7e30aca0
753e0dd54f28c4f7009b9c0b18a68aed175416bd8b7d134858264586eaac56f0
GET /uploadfile/2021/1111/20211111055238955.jpg HTTP/1.1
Host: www.cq6y.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.cq6y.com/soft/136101.html
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Sat, 28 Jan 2023 18:43:14 GMT
Content-Type: text/html
Content-Length: 138
Connection: keep-alive
Location: http://42.200.211.25:61022/uploadfile/2021/1111/20211111055238955.jpg
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Xss-Protection: 1;mod=block
X-Cache: MISS
www.cq6y.com/uploadfile/2021/1105/20211105115447712.jpg
154.23.235.191302 Moved Temporarily 138 B URL HTTP/1.1 www.cq6y.com/uploadfile/2021/1105/20211105115447712.jpg
IP 154.23.235.191:0
ASN #140224 STARCLOUD GLOBAL PTE., LTD.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash aff950cab4c0265e21d401db15f1026d
f03e18461817f7a6546c8bf8fa8d686d7e30aca0
753e0dd54f28c4f7009b9c0b18a68aed175416bd8b7d134858264586eaac56f0
GET /uploadfile/2021/1105/20211105115447712.jpg HTTP/1.1
Host: www.cq6y.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.cq6y.com/soft/136101.html
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Sat, 28 Jan 2023 18:43:14 GMT
Content-Type: text/html
Content-Length: 138
Connection: keep-alive
Location: http://42.200.211.25:61022/uploadfile/2021/1105/20211105115447712.jpg
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Xss-Protection: 1;mod=block
X-Cache: MISS
www.cq6y.com/uploadfile/2021/1113/20211113111324871.jpg
154.23.235.191302 Moved Temporarily 138 B URL HTTP/1.1 www.cq6y.com/uploadfile/2021/1113/20211113111324871.jpg
IP 154.23.235.191:0
ASN #140224 STARCLOUD GLOBAL PTE., LTD.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash aff950cab4c0265e21d401db15f1026d
f03e18461817f7a6546c8bf8fa8d686d7e30aca0
753e0dd54f28c4f7009b9c0b18a68aed175416bd8b7d134858264586eaac56f0
GET /uploadfile/2021/1113/20211113111324871.jpg HTTP/1.1
Host: www.cq6y.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.cq6y.com/soft/136101.html
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Sat, 28 Jan 2023 18:43:14 GMT
Content-Type: text/html
Content-Length: 138
Connection: keep-alive
Location: http://42.200.211.25:61022/uploadfile/2021/1113/20211113111324871.jpg
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Xss-Protection: 1;mod=block
X-Cache: MISS
www.cq6y.com/uploadfile/2021/1114/20211114083836597.png
154.23.235.191302 Moved Temporarily 138 B URL HTTP/1.1 www.cq6y.com/uploadfile/2021/1114/20211114083836597.png
IP 154.23.235.191:0
ASN #140224 STARCLOUD GLOBAL PTE., LTD.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash aff950cab4c0265e21d401db15f1026d
f03e18461817f7a6546c8bf8fa8d686d7e30aca0
753e0dd54f28c4f7009b9c0b18a68aed175416bd8b7d134858264586eaac56f0
GET /uploadfile/2021/1114/20211114083836597.png HTTP/1.1
Host: www.cq6y.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.cq6y.com/soft/136101.html
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Sat, 28 Jan 2023 18:43:14 GMT
Content-Type: text/html
Content-Length: 138
Connection: keep-alive
Location: http://42.200.211.25:61022/uploadfile/2021/1114/20211114083836597.png
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Xss-Protection: 1;mod=block
X-Cache: MISS
www.cq6y.com/uploadfile/2021/1102/20211102043010312.jpg
154.23.235.191302 Moved Temporarily 138 B URL HTTP/1.1 www.cq6y.com/uploadfile/2021/1102/20211102043010312.jpg
IP 154.23.235.191:0
ASN #140224 STARCLOUD GLOBAL PTE., LTD.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash aff950cab4c0265e21d401db15f1026d
f03e18461817f7a6546c8bf8fa8d686d7e30aca0
753e0dd54f28c4f7009b9c0b18a68aed175416bd8b7d134858264586eaac56f0
GET /uploadfile/2021/1102/20211102043010312.jpg HTTP/1.1
Host: www.cq6y.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.cq6y.com/soft/136101.html
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Sat, 28 Jan 2023 18:43:14 GMT
Content-Type: text/html
Content-Length: 138
Connection: keep-alive
Location: http://42.200.211.25:61022/uploadfile/2021/1102/20211102043010312.jpg
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Xss-Protection: 1;mod=block
X-Cache: MISS
www.cq6y.com/statics/v1/images/face/2.gif
154.23.235.191200 OK 1.6 kB URL HTTP/1.1 www.cq6y.com/statics/v1/images/face/2.gif
IP 154.23.235.191:0
ASN #140224 STARCLOUD GLOBAL PTE., LTD.
File type GIF image data, version 89a, 24 x 24\012- data
Hash a3bcb2ade2211ac9cc5aecf67448ed58
dbd863c7325b15a851dab877b4d5914040b2d554
35c9c1ae4c3df9a7f113edf895afee54e4908a1995c5254d4858c8bc470db8d0
GET /statics/v1/images/face/2.gif HTTP/1.1
Host: www.cq6y.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.cq6y.com/soft/136101.html
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 28 Jan 2023 03:04:18 GMT
Content-Type: image/gif
Content-Length: 1582
Last-Modified: Wed, 21 Jul 2021 02:07:56 GMT
ETag: "60f7817c-62e"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Xss-Protection: 1;mod=block
Accept-Ranges: bytes
Connection: keep-alive
X-Cache: HIT
www.cq6y.com/statics/v1/images/face/3.gif
154.23.235.191200 OK 1.8 kB URL HTTP/1.1 www.cq6y.com/statics/v1/images/face/3.gif
IP 154.23.235.191:0
ASN #140224 STARCLOUD GLOBAL PTE., LTD.
File type GIF image data, version 89a, 24 x 24\012- data
Hash 91f2feec64292b805884d328247f2fa3
c1e377b90064f32a56d44980456f2ca288e486d4
97a99e100778059aca0bd2216cef21af553a0f7cb0191143e027267c03a0e16e
GET /statics/v1/images/face/3.gif HTTP/1.1
Host: www.cq6y.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.cq6y.com/soft/136101.html
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 28 Jan 2023 03:04:18 GMT
Content-Type: image/gif
Content-Length: 1804
Last-Modified: Wed, 21 Jul 2021 02:07:56 GMT
ETag: "60f7817c-70c"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Xss-Protection: 1;mod=block
Accept-Ranges: bytes
Connection: keep-alive
X-Cache: HIT
www.cq6y.com/statics/v1/images/face/4.gif
154.23.235.191200 OK 1.9 kB URL HTTP/1.1 www.cq6y.com/statics/v1/images/face/4.gif
IP 154.23.235.191:0
ASN #140224 STARCLOUD GLOBAL PTE., LTD.
File type GIF image data, version 89a, 24 x 24\012- data
Hash 412ef07e55fb415f12f7f5b890d11b5e
1d4687ee7912407d455aa9b0456486030512de9d
4d62ea9136712b4ffebf8aae4a3c72e72f25f8c5ba2f429182dd38891962f441
GET /statics/v1/images/face/4.gif HTTP/1.1
Host: www.cq6y.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.cq6y.com/soft/136101.html
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 28 Jan 2023 03:04:18 GMT
Content-Type: image/gif
Content-Length: 1852
Last-Modified: Wed, 21 Jul 2021 02:07:57 GMT
ETag: "60f7817d-73c"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Xss-Protection: 1;mod=block
Accept-Ranges: bytes
Connection: keep-alive
X-Cache: HIT
www.cq6y.com/statics/v1/images/face/5.gif
154.23.235.191200 OK 4.7 kB URL HTTP/1.1 www.cq6y.com/statics/v1/images/face/5.gif
IP 154.23.235.191:0
ASN #140224 STARCLOUD GLOBAL PTE., LTD.
File type GIF image data, version 89a, 24 x 24\012- data
Hash e4af98b89fe904a510cab4ee4d9769e6
9105969a0ca43fefbe0da2e26b6f5ca54e99a3d8
06ef22546c74ff4000a34e2d55add5233151ca3a5b37c50e6eee7daede56eab1
GET /statics/v1/images/face/5.gif HTTP/1.1
Host: www.cq6y.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.cq6y.com/soft/136101.html
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 28 Jan 2023 03:04:18 GMT
Content-Type: image/gif
Content-Length: 4668
Last-Modified: Wed, 21 Jul 2021 02:07:58 GMT
ETag: "60f7817e-123c"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Xss-Protection: 1;mod=block
Accept-Ranges: bytes
Connection: keep-alive
X-Cache: HIT
www.cq6y.com/statics/v1/images/face/6.gif
154.23.235.191200 OK 3.2 kB URL HTTP/1.1 www.cq6y.com/statics/v1/images/face/6.gif
IP 154.23.235.191:0
ASN #140224 STARCLOUD GLOBAL PTE., LTD.
File type GIF image data, version 89a, 24 x 24\012- data
Hash 3611810332b72bcc42730259151309d2
71f870a9b8caee5494865ccd10e2822bc5510240
ff28517958e3da476e3a422ad6ae1a358c7b3e45302d23b4cc9b239d0920fe97
GET /statics/v1/images/face/6.gif HTTP/1.1
Host: www.cq6y.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.cq6y.com/soft/136101.html
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 28 Jan 2023 03:04:18 GMT
Content-Type: image/gif
Content-Length: 3222
Last-Modified: Wed, 21 Jul 2021 02:07:58 GMT
ETag: "60f7817e-c96"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Xss-Protection: 1;mod=block
Accept-Ranges: bytes
Connection: keep-alive
X-Cache: HIT
www.cq6y.com/statics/v1/images/face/7.gif
154.23.235.191200 OK 4.0 kB URL HTTP/1.1 www.cq6y.com/statics/v1/images/face/7.gif
IP 154.23.235.191:0
ASN #140224 STARCLOUD GLOBAL PTE., LTD.
File type GIF image data, version 89a, 24 x 24\012- data
Hash 898e0e993a5ab9c5ba77e158611ab698
efa18b5e9ac69143d4c748f09620173384788bec
2a260946ba4712d2486bbc7c7aaecace955861fadbb3191591d6e4c2e0e6fdd7
GET /statics/v1/images/face/7.gif HTTP/1.1
Host: www.cq6y.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.cq6y.com/soft/136101.html
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 28 Jan 2023 03:04:18 GMT
Content-Type: image/gif
Content-Length: 3952
Last-Modified: Wed, 21 Jul 2021 02:07:59 GMT
ETag: "60f7817f-f70"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Xss-Protection: 1;mod=block
Accept-Ranges: bytes
Connection: keep-alive
X-Cache: HIT
www.cq6y.com/statics/v1/images/face/8.gif
154.23.235.191200 OK 5.0 kB URL HTTP/1.1 www.cq6y.com/statics/v1/images/face/8.gif
IP 154.23.235.191:0
ASN #140224 STARCLOUD GLOBAL PTE., LTD.
File type GIF image data, version 89a, 24 x 24\012- data
Hash e16239bfc439a5afa69b2774cfff78d3
546ec0540185c68e7bf28821adeb7f3228669053
6c813ea0c5e40673c9a5040635e44230d2a688474bc36855e426081667a5bbf7
GET /statics/v1/images/face/8.gif HTTP/1.1
Host: www.cq6y.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.cq6y.com/soft/136101.html
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 28 Jan 2023 03:04:18 GMT
Content-Type: image/gif
Content-Length: 4993
Last-Modified: Wed, 21 Jul 2021 02:08:00 GMT
ETag: "60f78180-1381"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Xss-Protection: 1;mod=block
Accept-Ranges: bytes
Connection: keep-alive
X-Cache: HIT
www.cq6y.com/statics/v1/images/face/9.gif
154.23.235.191200 OK 3.4 kB URL HTTP/1.1 www.cq6y.com/statics/v1/images/face/9.gif
IP 154.23.235.191:0
ASN #140224 STARCLOUD GLOBAL PTE., LTD.
File type GIF image data, version 89a, 24 x 24\012- data
Hash 0e6bb76c58782830cdf442598b7af5dc
010892df5a4947351696ae37f5ea54783d05b85c
29c0ef5ab2d6df4bbce3486256be8a0fc89966908b00f3aaf53f83b8d16d5424
GET /statics/v1/images/face/9.gif HTTP/1.1
Host: www.cq6y.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.cq6y.com/soft/136101.html
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 28 Jan 2023 03:04:18 GMT
Content-Type: image/gif
Content-Length: 3408
Last-Modified: Wed, 21 Jul 2021 02:08:00 GMT
ETag: "60f78180-d50"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Xss-Protection: 1;mod=block
Accept-Ranges: bytes
Connection: keep-alive
X-Cache: HIT
s.ssl.qhres2.com/ssl/ab77b6ea7f3fbf79.js
54.230.111.78200 OK 478 B URL HTTP/2 s.ssl.qhres2.com/ssl/ab77b6ea7f3fbf79.js
IP 54.230.111.78:0
File type ASCII text, with very long lines (478), with no line terminators
Hash 5dd27f8f2b042194c3cdabd62fd80110
c035036a939799d4c29b9c0f7229ae1953d03109
928131ab2183d971cdbfe2ed1329200212d0021db70574a35c89ae169c0f6e0a
GET /ssl/ab77b6ea7f3fbf79.js HTTP/1.1
Host: s.ssl.qhres2.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.cq6y.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
content-length: 478
date: Fri, 06 Jan 2023 02:40:18 GMT
x-qstatic-hit: 1
last-modified: Mon, 01 Jan 2018 00:00:00 GMT
etag: W/"67d74adaac6d2f43"
access-control-allow-origin: *
cache-control: max-age=315360000, immutable
expires: Mon, 03 Jan 2033 02:40:18 GMT
kcs-via: HIT from w-fc03.lato;MISS from w-sc01.lato
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 b2b04ca80b95df6bc86478a1bf96b7cc.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: DlMo85WdvqI6lVlGzK67oJqL-t89YkgcZR4wGOP1igmpcZsUrP9YJQ==
age: 1958577
X-Firefox-Spdy: h2
www.cq6y.com/statics/v1/images/face/10.gif
154.23.235.191200 OK 3.8 kB URL HTTP/1.1 www.cq6y.com/statics/v1/images/face/10.gif
IP 154.23.235.191:0
ASN #140224 STARCLOUD GLOBAL PTE., LTD.
File type GIF image data, version 89a, 24 x 24\012- data
Hash 3d61ab37b039824a104d58d15cdb93f4
3e18b7827c25cb133f2755db15817b329fc5432f
3d83e9c94493629c76a9e919230e2e4dd47c97256050d34c7cce1d2a4f684a98
GET /statics/v1/images/face/10.gif HTTP/1.1
Host: www.cq6y.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.cq6y.com/soft/136101.html
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 28 Jan 2023 03:04:18 GMT
Content-Type: image/gif
Content-Length: 3834
Last-Modified: Wed, 21 Jul 2021 02:07:55 GMT
ETag: "60f7817b-efa"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Xss-Protection: 1;mod=block
Accept-Ranges: bytes
Connection: keep-alive
X-Cache: HIT
www.cq6y.com/statics/v1/images/face/11.gif
154.23.235.191200 OK 8.0 kB URL HTTP/1.1 www.cq6y.com/statics/v1/images/face/11.gif
IP 154.23.235.191:0
ASN #140224 STARCLOUD GLOBAL PTE., LTD.
File type GIF image data, version 89a, 24 x 24\012- data
Hash ae2bb1ad58cd2a251279992be3129798
70c8ac383d1146fa08ae77621580067fdbe84100
4c2cf1b884f877847a5a361cbe7a799a6727193c518eac90db1d0c14af9807aa
GET /statics/v1/images/face/11.gif HTTP/1.1
Host: www.cq6y.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.cq6y.com/soft/136101.html
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 28 Jan 2023 03:04:18 GMT
Content-Type: image/gif
Content-Length: 8033
Last-Modified: Wed, 21 Jul 2021 02:07:55 GMT
ETag: "60f7817b-1f61"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Xss-Protection: 1;mod=block
Accept-Ranges: bytes
Connection: keep-alive
X-Cache: HIT
www.cq6y.com/statics/v1/images/face/12.gif
154.23.235.191200 OK 2.2 kB URL HTTP/1.1 www.cq6y.com/statics/v1/images/face/12.gif
IP 154.23.235.191:0
ASN #140224 STARCLOUD GLOBAL PTE., LTD.
File type GIF image data, version 89a, 24 x 24\012- data
Hash 301cf1b333e201d1adfe8b9ae6ff277a
8375c2cca4b62dc5b3fadb3414ab62132bbd7d21
68468695ea380d5e0c57877be68215502621206714b077f3723a8f81aa5bd270
GET /statics/v1/images/face/12.gif HTTP/1.1
Host: www.cq6y.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.cq6y.com/soft/136101.html
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 28 Jan 2023 03:04:18 GMT
Content-Type: image/gif
Content-Length: 2247
Last-Modified: Wed, 21 Jul 2021 02:07:55 GMT
ETag: "60f7817b-8c7"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Xss-Protection: 1;mod=block
Accept-Ranges: bytes
Connection: keep-alive
X-Cache: HIT
www.cq6y.com/statics/v1/images/icon.gif
154.23.235.191200 OK 242 B URL HTTP/1.1 www.cq6y.com/statics/v1/images/icon.gif
IP 154.23.235.191:0
ASN #140224 STARCLOUD GLOBAL PTE., LTD.
File type GIF image data, version 89a, 30 x 50\012- data
Hash a4733c05050143e2a50905ab238adf77
25fea488847ad30fe6bf8f44f0a2497089ceaed6
84699ab5b1643c0caa8b36af7101b0a2b3ae268271746d6a9ea137e9272bce8a
GET /statics/v1/images/icon.gif HTTP/1.1
Host: www.cq6y.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.cq6y.com/statics/v1/css/down.css
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 28 Jan 2023 03:04:19 GMT
Content-Type: image/gif
Content-Length: 242
Last-Modified: Wed, 21 Jul 2021 02:07:37 GMT
ETag: "60f78169-f2"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Xss-Protection: 1;mod=block
Accept-Ranges: bytes
Connection: keep-alive
X-Cache: HIT
www.cq6y.com/api.php?op=checkcode&code_len=4&font_size=20&width=130&height=50&font_color=&background=
154.23.235.191200 OK 2.5 kB URL HTTP/1.1 www.cq6y.com/api.php?op=checkcode&code_len=4&font_size=20&width=130&height=50&font_color=&background=
IP 154.23.235.191:0
ASN #140224 STARCLOUD GLOBAL PTE., LTD.
File type PNG image data, 112 x 40, 8-bit/color RGB, non-interlaced\012- data
Hash 6ffb686957ba508cc05b150825cf8b79
3a7af9a6a04489de3926e0abf380670b4509b7cb
e976cab72071eb373e47c1f4fb3cfc31aae17c7f478cb45f2f219cec16bbc10a
GET /api.php?op=checkcode&code_len=4&font_size=20&width=130&height=50&font_color=&background= HTTP/1.1
Host: www.cq6y.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.cq6y.com/soft/136101.html
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 28 Jan 2023 18:43:15 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=kcvcaq35c6njv12n2earf0qa83; path=/; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Xss-Protection: 1;mod=block
X-Cache: MISS
www.cq6y.com/uploadfile/2021/0731/20210731120735911.jpg
154.23.235.191302 Moved Temporarily 138 B URL HTTP/1.1 www.cq6y.com/uploadfile/2021/0731/20210731120735911.jpg
IP 154.23.235.191:0
ASN #140224 STARCLOUD GLOBAL PTE., LTD.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash aff950cab4c0265e21d401db15f1026d
f03e18461817f7a6546c8bf8fa8d686d7e30aca0
753e0dd54f28c4f7009b9c0b18a68aed175416bd8b7d134858264586eaac56f0
GET /uploadfile/2021/0731/20210731120735911.jpg HTTP/1.1
Host: www.cq6y.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.cq6y.com/soft/136101.html
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Sat, 28 Jan 2023 18:43:15 GMT
Content-Type: text/html
Content-Length: 138
Connection: keep-alive
Location: http://42.200.211.25:61022/uploadfile/2021/0731/20210731120735911.jpg
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Xss-Protection: 1;mod=block
X-Cache: MISS
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2648
Expires: Sat, 28 Jan 2023 19:27:23 GMT
Date: Sat, 28 Jan 2023 18:43:15 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2648
Expires: Sat, 28 Jan 2023 19:27:23 GMT
Date: Sat, 28 Jan 2023 18:43:15 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2648
Expires: Sat, 28 Jan 2023 19:27:23 GMT
Date: Sat, 28 Jan 2023 18:43:15 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdeb12df7-074b-4044-bdbe-0e07bccbc8e9.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdeb12df7-074b-4044-bdbe-0e07bccbc8e9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0ed1a0bd725b2078b4cfe4ed83877901
62493ca03be9870aac2341e033611a6d56bd322a
706e84bc63fd98acaeb72789239af3210ae6e3910e6589d92a25899dc9059dfc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdeb12df7-074b-4044-bdbe-0e07bccbc8e9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12397
x-amzn-requestid: e8436997-696d-483a-b03a-a84e7ca614ea
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_T5HbzoAMFXsw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d445b2-1c2ccd0a187d0a3e2f6a59cc;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:44:18 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: lmLHc8fKQYUpq9B-GyOQ0FKzhxi0ToTEPA7cu6JnQftgDFDNV8USvw==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:56:37 GMT
etag: "62493ca03be9870aac2341e033611a6d56bd322a"
content-type: image/jpeg
age: 74798
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ed7c466-ac98-4e05-89cf-f0abf56e8d98.jpeg
34.120.237.76200 OK 5.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ed7c466-ac98-4e05-89cf-f0abf56e8d98.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c982569d070f24dba1259603091c22e3
0f93acb5bee53670cc4ef486922f7333d96a2f4e
9a5a2d8a181a763ee6f60c27b396a0e3d7b1527e5177b2aff8d511db250753ed
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ed7c466-ac98-4e05-89cf-f0abf56e8d98.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4975
x-amzn-requestid: 633350b7-4686-40d5-8c9d-3c097f8e2d34
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa-EBGuaoAMFbSw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d443b3-4201212c1a0eb2a65d3f494c;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:35:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: M4VR-I89SGD0-FLzHhZ88PJJJmdWTEi0UrBnAmCBCQAdjRsssqnSzw==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:49:06 GMT
age: 75249
etag: "0f93acb5bee53670cc4ef486922f7333d96a2f4e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ea24bcba583bd8bd139559448a343e68
b9d37c2b14f890d41983a59f352e8f7caa9c94bb
e5ef5975eec964ae1684deb424f00833f2d217bdc7e6c385320ed3adeb6bc1c4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7585
x-amzn-requestid: bfb52acb-e0d7-482d-8be9-be5db1c16cac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_vkE5roAMF0Hw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d44663-2d38d314177e0ac40d4c8240;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:47:15 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: K9YWM9eaEc1DQ6wtEEuADnG1U-ahRBXDaiHIAm20dkWMOxPWBlJidw==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 22:46:13 GMT
age: 71822
etag: "b9d37c2b14f890d41983a59f352e8f7caa9c94bb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b7a0759c043594fbe85af422b59b8227
a05cfaad16078f42218dae233da38f6f5dff8487
e898d6ef1b3998fb9322a8fc190069ec5f7b3582bfe8397a2367497d84a27549
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11568
x-amzn-requestid: 79b70f1f-a157-4dd4-8743-825714195b3c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e9T3UGA3oAMFSlQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c86695-36e60aba09c152c73b8aefcb;Sampled=0
x-amzn-remapped-date: Wed, 18 Jan 2023 21:37:25 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: zt4bgV2C6Wb_Ufa5mZ7-UDTfCvhXJggPJw9668v5DEmyBnWZ-aNrCg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 23:03:41 GMT
age: 70774
etag: "a05cfaad16078f42218dae233da38f6f5dff8487"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
34.120.237.76200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4205d8106659e00fff1cbe9262918b8c
ab4f6528594a1725934727dc7d834c028a79c609
31f1a28602a194bd0856495d4d81d5c72cd7ff4e5bad6bdd1a31ec3041f4a2cc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4475
x-amzn-requestid: b7b272d6-3089-4f33-89b5-5cb388640e10
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_e6HsaIAMF5Lg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d445f8-1789f7f4264270916da323db;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:45:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hAzO-IMqc1CFpiBAlRl8seIYL9UonyrBMATibovyFq5kEuaweY_VyA==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:56:46 GMT
age: 74789
etag: "ab4f6528594a1725934727dc7d834c028a79c609"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f884785-3b60-4d1a-b7b9-f58e73d6d819.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f884785-3b60-4d1a-b7b9-f58e73d6d819.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b4afa01d2ffe17f8378e4c0b5afd4608
f5c7e2137efa07a207427a6b6fe1df541f85ea25
84fc0c05d25d674b5594b54720017332b86d391f66c7136d76cfce3e884e8e12
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f884785-3b60-4d1a-b7b9-f58e73d6d819.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13375
x-amzn-requestid: 372fcbe8-85a1-4be2-a006-31fb9289c5e9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa-CxF6BoAMFyGg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d443ab-4b9860545c612cc416cbe599;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:35:39 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: otEuPlfCL7DeVwGZiGJuMjxjVyGdMwxPWeCz5T_mpXboi-oRujKhBw==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:48:58 GMT
age: 75257
etag: "f5c7e2137efa07a207427a6b6fe1df541f85ea25"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.cq6y.com/statics/v1/images/litterStar.png
154.23.235.191200 OK 1.7 kB URL HTTP/1.1 www.cq6y.com/statics/v1/images/litterStar.png
IP 154.23.235.191:0
ASN #140224 STARCLOUD GLOBAL PTE., LTD.
File type PNG image data, 73 x 143, 8-bit colormap, non-interlaced\012- data
Hash d130270dc6abd41d1d40acbe01e36739
5dec8c0c88e9c3dfb13cbfc7d1d9818baa7ee96c
8b31f0ef117010f8ad5e5c8c73ede7468072e1cb08f994fce90ada97f461b59b
GET /statics/v1/images/litterStar.png HTTP/1.1
Host: www.cq6y.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.cq6y.com/statics/v1/css/down.css
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 28 Jan 2023 03:04:18 GMT
Content-Type: image/png
Content-Length: 1706
Last-Modified: Wed, 21 Jul 2021 02:07:37 GMT
ETag: "60f78169-6aa"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Xss-Protection: 1;mod=block
Accept-Ranges: bytes
Connection: keep-alive
X-Cache: HIT
ocsp.globalsign.com/gsrsaovsslca2018
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.20.226:0
Hash 2396ad0e7ca1831ca353dccce7980589
16c5a642e3d7865d60a12c9a3f47c2627fa7694e
33ac56e323ceb7f8499c717f92602cc7ecd2d81959d4d86e64b2c7ed7faa0934
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 18:43:16 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Wed, 01 Feb 2023 17:35:29 GMT
ETag: "16c5a642e3d7865d60a12c9a3f47c2627fa7694e"
Last-Modified: Sat, 28 Jan 2023 17:35:30 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1404
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 790bdf69e931fac4-OSL
hm.baidu.com/hm.js?4d0b0a716e240b2c27e6e84c1155e8f9
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?4d0b0a716e240b2c27e6e84c1155e8f9
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (618)
Hash 5c7beee05fa946f133b06466f9c633a0
c356ff188cd0ffeccd30734b7ae2bb13cc343099
3624c7565fa5c5e392d132bd37f8c875ccdff21d4f4dd1abc9eb60bbdfe2b832
GET /hm.js?4d0b0a716e240b2c27e6e84c1155e8f9 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.cq6y.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11256
Content-Type: application/javascript
Date: Sat, 28 Jan 2023 18:43:16 GMT
Etag: 7ffba2f5338d836972e0d4c54bdada4f
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=B3EB1DF476C95890; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=368156731&si=4d0b0a716e240b2c27e6e84c1155e8f9&v=1.3.0&lv=1&sn=53406&r=0&ww=1280&u=http%3A%2F%2Fwww.cq6y.com%2Fsoft%2F136101.html&tt=%E6%90%9E%E7%AC%91%E6%98%9F%E7%90%83%E7%94%A8%E6%88%B7%E7%89%88app%E4%B8%8B%E8%BD%BD-%E6%90%9E%E7%AC%91%E6%98%9F%E7%90%832021%E5%AE%89%E5%8D%93%E7%89%88%E4%B8%8B%E8%BD%BDv1.4.3%E5%AE%9A%E5%88%B6%E7%89%88(%E6%9A%82%E6%97%A0%E8%B5%84%E6%BA%90)-%E7%AC%AC%E5%85%AD%E4%B8%8B%E8%BD%BD%E7%AB%99
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=368156731&si=4d0b0a716e240b2c27e6e84c1155e8f9&v=1.3.0&lv=1&sn=53406&r=0&ww=1280&u=http%3A%2F%2Fwww.cq6y.com%2Fsoft%2F136101.html&tt=%E6%90%9E%E7%AC%91%E6%98%9F%E7%90%83%E7%94%A8%E6%88%B7%E7%89%88app%E4%B8%8B%E8%BD%BD-%E6%90%9E%E7%AC%91%E6%98%9F%E7%90%832021%E5%AE%89%E5%8D%93%E7%89%88%E4%B8%8B%E8%BD%BDv1.4.3%E5%AE%9A%E5%88%B6%E7%89%88(%E6%9A%82%E6%97%A0%E8%B5%84%E6%BA%90)-%E7%AC%AC%E5%85%AD%E4%B8%8B%E8%BD%BD%E7%AB%99
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=368156731&si=4d0b0a716e240b2c27e6e84c1155e8f9&v=1.3.0&lv=1&sn=53406&r=0&ww=1280&u=http%3A%2F%2Fwww.cq6y.com%2Fsoft%2F136101.html&tt=%E6%90%9E%E7%AC%91%E6%98%9F%E7%90%83%E7%94%A8%E6%88%B7%E7%89%88app%E4%B8%8B%E8%BD%BD-%E6%90%9E%E7%AC%91%E6%98%9F%E7%90%832021%E5%AE%89%E5%8D%93%E7%89%88%E4%B8%8B%E8%BD%BDv1.4.3%E5%AE%9A%E5%88%B6%E7%89%88(%E6%9A%82%E6%97%A0%E8%B5%84%E6%BA%90)-%E7%AC%AC%E5%85%AD%E4%B8%8B%E8%BD%BD%E7%AB%99 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.cq6y.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sat, 28 Jan 2023 18:43:17 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=2E4B01D5511AA8FC; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
www.cq6y.com/favicon.ico
154.23.235.191200 OK 6.3 kB IP 154.23.235.191:0
ASN #140224 STARCLOUD GLOBAL PTE., LTD.
File type PNG image data, 64 x 64, 8-bit/color RGB, non-interlaced\012- data
Hash ade3ffc2d235702cf4595ba0f3e771b9
f623f73173afc398f385fa55c69e31605a9140a3
64b03f2c8467077f37f224e3f892722e6f7e04adb0667765c4636181b9acb61a
GET /favicon.ico HTTP/1.1
Host: www.cq6y.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.cq6y.com/soft/136101.html
Cookie: PHPSESSID=kcvcaq35c6njv12n2earf0qa83; Hm_lvt_4d0b0a716e240b2c27e6e84c1155e8f9=1674931401; Hm_lpvt_4d0b0a716e240b2c27e6e84c1155e8f9=1674931401
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 28 Jan 2023 03:02:46 GMT
Content-Type: image/x-icon
Content-Length: 6312
Last-Modified: Wed, 21 Jul 2021 06:24:31 GMT
ETag: "60f7bd9f-18a8"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Xss-Protection: 1;mod=block
Accept-Ranges: bytes
Connection: keep-alive
X-Cache: HIT