r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bea3185dd820a31c1981317f37c3456d
1a548a5d27270fc11df9011837a7149571cedd78
469b97bf9f57401b3c9571039483589f2815f4794212b75c7c85cfefe0ae71e9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "469B97BF9F57401B3C9571039483589F2815F4794212B75C7C85CFEFE0AE71E9"
Last-Modified: Wed, 22 Mar 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2853
Expires: Thu, 23 Mar 2023 04:54:50 GMT
Date: Thu, 23 Mar 2023 04:07:17 GMT
Connection: keep-alive
www.qidumeiyu.com/
50.2.85.76302 Moved Temporarily 154 B IP 50.2.85.76:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cfbeaf604823f038b8b46f0ac862b98c
7b9eb1dac48e74fa5f418bc456cb410f88b81d98
20c1ab602462b7fc0d5b4cbd555cacf127b69a07a737579598ebcbc0f5b21319
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: www.qidumeiyu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Thu, 23 Mar 2023 04:07:17 GMT
Content-Type: text/html
Content-Length: 154
Connection: close
Location: https://www.qidumeiyu.com/
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 210a2a42cfc4f4aced144f5de9babcc6
ece6ecfb2db8d036c3bfc7f02f8ea387e3f965db
59553a312d3fb34f1f0aea469f7e7cc810ff9993481ddbd73ea5d461cf97ed51
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "59553A312D3FB34F1F0AEA469F7E7CC810FF9993481DDBD73EA5D461CF97ED51"
Last-Modified: Wed, 22 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12644
Expires: Thu, 23 Mar 2023 07:38:01 GMT
Date: Thu, 23 Mar 2023 04:07:17 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 51a5d4696a6090c295850554508b51ce
c44e143c2223546e64b19f543b8101aaf3b11e97
8794223d5e8d4d276c35e2fdcc24bf99694240634dd749cd9b5bf874dec055cf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8794223D5E8D4D276C35E2FDCC24BF99694240634DD749CD9B5BF874DEC055CF"
Last-Modified: Wed, 22 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15434
Expires: Thu, 23 Mar 2023 08:24:31 GMT
Date: Thu, 23 Mar 2023 04:07:17 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bc86ef2a0cee04915bc360f5821adc8f
3658f9028cce204d38f7f48fcfaa2a8e4f54383a
aeecd718d03811322457de4f20828bdba86b277e7e0e328cae9c0a8075638454
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Backoff, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 23 Mar 2023 03:15:05 GMT
content-type: application/json
age: 3132
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: dc60VbxEpSZe/QfuDGmgS6WJEW0OQDaKwl3vDQ4dSsxKPsbPC0zB0u3fUsL+SbEpFd8hXESWRTk=
x-amz-request-id: G613PM0MFQFGDHC4
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 23 Mar 2023 03:53:54 GMT
age: 803
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 04:07:17 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Last-Modified, Retry-After, Content-Length, Alert, Cache-Control, Expires, Content-Type, Backoff, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 23 Mar 2023 03:14:33 GMT
age: 3164
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5185bf3fa260754e4dd29eb93457d72e
25394d278bf1ac6d5b2fdad30e136afdb846585c
8ad59dad5050d03a635195fc6646fa500113042925f158af3298f561cd513c91
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8AD59DAD5050D03A635195FC6646FA500113042925F158AF3298F561CD513C91"
Last-Modified: Mon, 20 Mar 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21594
Expires: Thu, 23 Mar 2023 10:07:11 GMT
Date: Thu, 23 Mar 2023 04:07:17 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 050ca4dc2182e0a27573b0d9f32b7834
bec14dc5af0d0b32210470673511acd8db404308
b6129b9d1848f75265dca4446c5399927bdaf15c7b49c083765847b0fe276eaf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B6129B9D1848F75265DCA4446C5399927BDAF15C7B49C083765847B0FE276EAF"
Last-Modified: Wed, 22 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10084
Expires: Thu, 23 Mar 2023 06:55:22 GMT
Date: Thu, 23 Mar 2023 04:07:18 GMT
Connection: keep-alive
www.qidumeiyu.com/
50.2.85.76200 OK 7.6 kB IP 50.2.85.76:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (633), with CRLF, LF line terminators
Hash 606acc5a56fcec0156155cd053cd19c2
4a559191dcdad4dd43377a7ff0ef4f9f7f95144f
446a2d4111fc1d89d9473ceb610374a656d0cc97582a992ee1d63e170b532c5e
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: www.qidumeiyu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 23 Mar 2023 04:07:17 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip
push.services.mozilla.com/
34.216.229.28101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.216.229.28:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: SldhL68kEkelH1NlpoXW0Q==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 6f8x51R2rdPdwznYc75/BzoPdKk=
www.qidumeiyu.com/template_files/2/hdui/app/css/bootstrap.min.css
50.2.85.76200 OK 24 kB URL HTTP/1.1 www.qidumeiyu.com/template_files/2/hdui/app/css/bootstrap.min.css
IP 50.2.85.76:0
File type DOS executable (COM)\012- , Unicode text, UTF-8 text, with very long lines (65368)
Hash 081d820b53ab633f949c960aeefcd428
dc26a2fe2771177aeaa350b92684a37d1befdad7
6a04d753014d90dd53184352e42ce55ec3f3bb0a28e5f0918b6dc6ffa23b317e
GET /template_files/2/hdui/app/css/bootstrap.min.css HTTP/1.1
Host: www.qidumeiyu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.qidumeiyu.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 23 Mar 2023 04:07:18 GMT
Content-Type: text/css;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip
www.qidumeiyu.com/template_files/2/hdimg/bas/css/swiper_min.css
50.2.85.76200 OK 3.5 kB URL HTTP/1.1 www.qidumeiyu.com/template_files/2/hdimg/bas/css/swiper_min.css
IP 50.2.85.76:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (19512)
Hash 6333ce32196dbd0fdd5ff815bad3cf01
f1ab16d809dcd9e348aadd9b16e8c7e8b4361b77
811ee1609fc85c63e2d395255fecc252d3a9f9998508527b8e2858cf8a4256cb
GET /template_files/2/hdimg/bas/css/swiper_min.css HTTP/1.1
Host: www.qidumeiyu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.qidumeiyu.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 23 Mar 2023 04:07:18 GMT
Content-Type: text/css;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip
www.qidumeiyu.com/_sitegray/_sitegray.js
50.2.85.76200 OK 98 B URL HTTP/1.1 www.qidumeiyu.com/_sitegray/_sitegray.js
IP 50.2.85.76:0
Hash a376d309afacc17fc6ec22935cc1e958
612062f672fee038b568702cf5535bcc031c568d
bea51bdbce54ba8a0aae154d28b8aa9bc171258fb1b98662668a3953e552d9c1
Analyzer Verdict Alert fortinet Phishing
GET /_sitegray/_sitegray.js HTTP/1.1
Host: www.qidumeiyu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.qidumeiyu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 23 Mar 2023 04:07:18 GMT
Content-Type: application/javascript;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip
www.qidumeiyu.com/index.vsb.css
50.2.85.76200 OK 90 B URL HTTP/1.1 www.qidumeiyu.com/index.vsb.css
IP 50.2.85.76:0
Hash 8a44e9b7e6875440656baa2bfdb2c945
ec1f6cb4c2d33f978912dfe4d30592735b59535b
2555c7e6ddc66b31c9415737ed426eecb4ac5e97911569e4441642dead7277b1
GET /index.vsb.css HTTP/1.1
Host: www.qidumeiyu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.qidumeiyu.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 23 Mar 2023 04:07:18 GMT
Content-Type: text/css;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip
www.qidumeiyu.com/template_files/2/hdimg/bas/js/dynclicks.js
50.2.85.76200 OK 1.1 kB URL HTTP/1.1 www.qidumeiyu.com/template_files/2/hdimg/bas/js/dynclicks.js
IP 50.2.85.76:0
Hash 29ac9d868254f0118390b3980be1763d
55d6aa6d5d22a6f68eff8c5f98abebe4626fc48a
31f92a87a1a4187b89249f507719b89f88d6301b24210a3634dc7e94ea3a6f85
Analyzer Verdict Alert fortinet Phishing
GET /template_files/2/hdimg/bas/js/dynclicks.js HTTP/1.1
Host: www.qidumeiyu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.qidumeiyu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 23 Mar 2023 04:07:18 GMT
Content-Type: application/javascript;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip
www.qidumeiyu.com/system/resource/js/counter.js
50.2.85.76200 OK 754 B URL HTTP/1.1 www.qidumeiyu.com/system/resource/js/counter.js
IP 50.2.85.76:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (831)
Hash e54e27a21f25d9c25af37f93c94b6430
76418ce8042ec52c73c7bf7d2071fcaef11a5e15
1a3076bce0bf195cab6168fce2c4c8153dbb76177d3f49017a717f2d8094a6ff
Analyzer Verdict Alert fortinet Phishing
GET /system/resource/js/counter.js HTTP/1.1
Host: www.qidumeiyu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.qidumeiyu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 23 Mar 2023 04:07:18 GMT
Content-Type: application/javascript;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip
www.qidumeiyu.com/_sitegray/_sitegray_d.css
50.2.85.76200 OK 40 B URL HTTP/1.1 www.qidumeiyu.com/_sitegray/_sitegray_d.css
IP 50.2.85.76:0
File type ASCII text, with no line terminators
Hash cb2b33a5575d38237dba313af5ac3092
6e5716b27a4554091963aa34f5433b8ed01a9e4a
a02d3811e026b580db29333b7d91849abcffe86635092557cd4bfc5b21d6b219
GET /_sitegray/_sitegray_d.css HTTP/1.1
Host: www.qidumeiyu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.qidumeiyu.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 23 Mar 2023 04:07:18 GMT
Content-Type: text/css;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip
www.qidumeiyu.com/template_files/2/hdimg/bas/css/hdcss.css
50.2.85.76200 OK 7.5 kB URL HTTP/1.1 www.qidumeiyu.com/template_files/2/hdimg/bas/css/hdcss.css
IP 50.2.85.76:0
File type Unicode text, UTF-8 text, with very long lines (502)
Hash 577a227b1e965a39814c25ef9e1da609
57ac4f59c36b7ca8d4e6e9354df3c60692f4c000
3a4394395fc656592bcce1c03af23ef04c8658f71150d07f6028b856f22126b3
GET /template_files/2/hdimg/bas/css/hdcss.css HTTP/1.1
Host: www.qidumeiyu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.qidumeiyu.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 23 Mar 2023 04:07:18 GMT
Content-Type: text/css;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip
www.qidumeiyu.com/jquery.bc.min.js
50.2.85.76200 OK 1.3 kB URL HTTP/1.1 www.qidumeiyu.com/jquery.bc.min.js
IP 50.2.85.76:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (1784), with CRLF line terminators
Hash 1612eb1712d51d6e8440a152b315d232
10846d191627164438707e32a7c73f62d5bde5e6
7fbdb6256e0fef4d4e961e2308472a11764dcf9cea38fb6d3b419350733d53c2
Analyzer Verdict Alert fortinet Phishing
GET /jquery.bc.min.js HTTP/1.1
Host: www.qidumeiyu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.qidumeiyu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 23 Mar 2023 04:07:18 GMT
Content-Type: application/javascript
Last-Modified: Thu, 26 May 2022 02:48:28 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"628eea7c-ad4"
Expires: Thu, 23 Mar 2023 05:07:18 GMT
Cache-Control: max-age=3600
Content-Encoding: gzip
www.qidumeiyu.com/system/resource/js/openlink.js
50.2.85.76200 OK 292 B URL HTTP/1.1 www.qidumeiyu.com/system/resource/js/openlink.js
IP 50.2.85.76:0
File type Unicode text, UTF-8 (with BOM) text
Hash 2cbf7093f993a5733d3c097b8cdc293a
5089015c30a1d8b6973023bf1223f61a99fed46e
726ec4346aee2f86dd958c43619d82e108aaf07b1876db9bf18da9bdc715539b
Analyzer Verdict Alert fortinet Phishing
GET /system/resource/js/openlink.js HTTP/1.1
Host: www.qidumeiyu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.qidumeiyu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 23 Mar 2023 04:07:19 GMT
Content-Type: application/javascript;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip
www.qidumeiyu.com/system/resource/js/dynclicks.js
50.2.85.76200 OK 1.1 kB URL HTTP/1.1 www.qidumeiyu.com/system/resource/js/dynclicks.js
IP 50.2.85.76:0
File type Unicode text, UTF-8 (with BOM) text
Hash 9442c4c190c9cdfe1017f0372c0be305
f9286c77ceaef09d0f2329e2619fbd83027ab61e
53cc9c79d3b9ab116e168e56eed1c7cdc978fa5e9fa44d33aa28ba6ca839f1b2
Analyzer Verdict Alert fortinet Phishing
GET /system/resource/js/dynclicks.js HTTP/1.1
Host: www.qidumeiyu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.qidumeiyu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 23 Mar 2023 04:07:19 GMT
Content-Type: application/javascript;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip
www.qidumeiyu.com/template_files/2//hdui/app/js/b.min.js
50.2.85.76200 OK 11 kB URL HTTP/1.1 www.qidumeiyu.com/template_files/2//hdui/app/js/b.min.js
IP 50.2.85.76:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (32033)
Hash ef02fafe55ac498222e243de3eb90c5e
aaa04b3a88dd8e36ba6314517a8e1a8eaec62c2c
8b7cd6ac936a7dd965ce945259e9ecd844703a4f2d696994223d15e27bfb3c64
Analyzer Verdict Alert fortinet Phishing
GET /template_files/2//hdui/app/js/b.min.js HTTP/1.1
Host: www.qidumeiyu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.qidumeiyu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 23 Mar 2023 04:07:19 GMT
Content-Type: application/javascript;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip
www.qidumeiyu.com/system/resource/js/ajax.js
50.2.85.76200 OK 2.3 kB URL HTTP/1.1 www.qidumeiyu.com/system/resource/js/ajax.js
IP 50.2.85.76:0
File type Unicode text, UTF-8 (with BOM) text
Hash 6faff064ccb5dcbc60f09268063f61b2
64773e937c9a44998dae6682512fba46856c8190
69f41fafc01a0b409645bf08d3d0a19a4a953d4dab2adb8716ae1c69d2713fae
Analyzer Verdict Alert fortinet Phishing
GET /system/resource/js/ajax.js HTTP/1.1
Host: www.qidumeiyu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.qidumeiyu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 23 Mar 2023 04:07:19 GMT
Content-Type: application/javascript;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip
www.qidumeiyu.com/template_files/2/hdui/app/js/j.min.js
50.2.85.76200 OK 34 kB URL HTTP/1.1 www.qidumeiyu.com/template_files/2/hdui/app/js/j.min.js
IP 50.2.85.76:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (32065)
Hash f1820c599b2a7b1b307c4b1f95b0b997
67a853ff49b2979f728442ddc819cfc24843a74a
ef95b8fc22fb1376b1f8236bf793aff8bfae8460a460667187636a0239752b34
Analyzer Verdict Alert fortinet Phishing
GET /template_files/2/hdui/app/js/j.min.js HTTP/1.1
Host: www.qidumeiyu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.qidumeiyu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 23 Mar 2023 04:07:19 GMT
Content-Type: application/javascript;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a0d3d7099bbc5fed74a6e78e1a3096bf
96afaf8b3ac053577c56aca5f4a20d8655ecb771
c8ff32c6809a506d4c656d3200dbfc6682c156c3de0647d13ab8f07a6f9a38ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA"
Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6559
Expires: Thu, 23 Mar 2023 05:56:38 GMT
Date: Thu, 23 Mar 2023 04:07:19 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a0d3d7099bbc5fed74a6e78e1a3096bf
96afaf8b3ac053577c56aca5f4a20d8655ecb771
c8ff32c6809a506d4c656d3200dbfc6682c156c3de0647d13ab8f07a6f9a38ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA"
Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6559
Expires: Thu, 23 Mar 2023 05:56:38 GMT
Date: Thu, 23 Mar 2023 04:07:19 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a0d3d7099bbc5fed74a6e78e1a3096bf
96afaf8b3ac053577c56aca5f4a20d8655ecb771
c8ff32c6809a506d4c656d3200dbfc6682c156c3de0647d13ab8f07a6f9a38ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA"
Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6559
Expires: Thu, 23 Mar 2023 05:56:38 GMT
Date: Thu, 23 Mar 2023 04:07:19 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a0d3d7099bbc5fed74a6e78e1a3096bf
96afaf8b3ac053577c56aca5f4a20d8655ecb771
c8ff32c6809a506d4c656d3200dbfc6682c156c3de0647d13ab8f07a6f9a38ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA"
Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6559
Expires: Thu, 23 Mar 2023 05:56:38 GMT
Date: Thu, 23 Mar 2023 04:07:19 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffed036ca-a43b-426f-a0f3-fb8f2e221171.jpeg
34.120.237.76200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffed036ca-a43b-426f-a0f3-fb8f2e221171.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 27bd1bd539c3711ff340f243098cab93
4860b7e75775fe187a9253a4d38222e36552f529
34278c150d0686e999228226d0d92e3e7ed1116978ab94fd21b3047c44a69972
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffed036ca-a43b-426f-a0f3-fb8f2e221171.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6430
x-amzn-requestid: abbe5dc0-5218-46ef-b264-30aa5d0a87b3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BzanbGRCIAMF96g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64113e2f-3c198b4a31aaa8f263ec8db5;Sampled=0
x-amzn-remapped-date: Wed, 15 Mar 2023 03:40:31 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: WxDQn6RNw2UUL4QLlZA13MahPDBJokKWw298G97UFmp_HT5DfYrJ8Q==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 bb763d35677c62f9f5d9728bba884662.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Mar 2023 11:36:44 GMT
age: 59435
etag: "4860b7e75775fe187a9253a4d38222e36552f529"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F93c300c4-e707-428c-9ae5-d4699c20a7ef.jpeg
34.120.237.76200 OK 6.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F93c300c4-e707-428c-9ae5-d4699c20a7ef.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 800c2662fd6ab8829a02b7d63084c38d
0917d2c376f8d2af2a436a33ce2bfe1cbdb8b239
76545e9f75dc558fdb7b54550934c7775318fb4150a9309f60e65d982d2e576e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F93c300c4-e707-428c-9ae5-d4699c20a7ef.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5950
x-amzn-requestid: ce85112e-428d-4ca1-9dac-1d6c8c6dc74a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CKyF9EI3oAMFtyQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641a96f2-05c5948d6f74948b1c67d68c;Sampled=0
x-amzn-remapped-date: Wed, 22 Mar 2023 05:49:38 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: lnMR6Lh4T37cFhMwb1qXIxjoPBghVFOGUz7HTt65DegMaxlElZxfjQ==
via: 1.1 59456abf79b201034ab5c9cfef7355e2.cloudfront.net (CloudFront), 1.1 599f04a365a179d553682d476509c388.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Mar 2023 21:43:32 GMT
age: 56796
etag: "0917d2c376f8d2af2a436a33ce2bfe1cbdb8b239"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fea5d4e17-e42c-49fb-a54b-d7d97ad50ba4.jpeg
34.120.237.76200 OK 7.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fea5d4e17-e42c-49fb-a54b-d7d97ad50ba4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 40d24dfcd9f0afe0e4077384f16cc494
76213c7d5c759471ed3823888860f918ac7e8f13
fbbbef0498ddf14bc9b204273a3cd416c357dceed20339c3e8c64a16b0be3caf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fea5d4e17-e42c-49fb-a54b-d7d97ad50ba4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7083
x-amzn-requestid: 352ae6e5-476d-430b-adf0-84d4a739967b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: B6fGcE1foAMFbRQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64141228-7dc6c3cb72cd40965006ab76;Sampled=0
x-amzn-remapped-date: Fri, 17 Mar 2023 07:09:28 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: bgeeN4oUpN5wPo6UnQKqKTGDiuLWu-ioS9UtrO5a6m5SI7WyiRNLcA==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 6bdc2963c9ed59b475ec36c35e5932a4.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Mar 2023 10:04:25 GMT
age: 64974
etag: "76213c7d5c759471ed3823888860f918ac7e8f13"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F340c6dd8-fc2f-45fc-9318-44a28c249325.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F340c6dd8-fc2f-45fc-9318-44a28c249325.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6de676f6856031e5c1baebe9166a8269
d81a4852f956999fa28a5f667ed73506843d0731
71f282ba594e454a2abf1c3700ade4d9461d6d48ac2726f746f3da5a63e29c38
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F340c6dd8-fc2f-45fc-9318-44a28c249325.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9687
x-amzn-requestid: b7c8cd8c-6103-4aa4-9016-f02cf368908d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CM8JGHyEoAMFzJw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641b73d3-2fb1fd1b5be3289047f8aed4;Sampled=0
x-amzn-remapped-date: Wed, 22 Mar 2023 21:32:03 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: LJr_FUB0Pp-5jqhn6kXCUxPYlRZCXlZtzEx8aYqeKhkl8Hhx5Ef9ZQ==
via: 1.1 773bf3616e85ce2b187fa78710a6beb2.cloudfront.net (CloudFront), 1.1 4c48e9fb20d53d40e9fe273dbdae1098.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Mar 2023 21:43:22 GMT
etag: "d81a4852f956999fa28a5f667ed73506843d0731"
content-type: image/jpeg
age: 23037
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00ac1765-db6c-42e3-99bf-d857d27a34b9.jpeg
34.120.237.76200 OK 5.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00ac1765-db6c-42e3-99bf-d857d27a34b9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c831201ad81f55c63c1b101ce854a810
0e9b952f6489f0a5f4862d3bea2fbe0ecdd379e5
c854489720d2ca4a95eef00addda0fcdaf481402d044df7725282654a97eb54a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00ac1765-db6c-42e3-99bf-d857d27a34b9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5556
x-amzn-requestid: dd5a8417-ddd5-469d-aa84-e880f4b84464
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CHqKFGRsoAMFTGQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6419570d-3f28a7502b56eda47dd82ba7;Sampled=0
x-amzn-remapped-date: Tue, 21 Mar 2023 07:04:45 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: FQwexS3AfCYYOg7T9MYj2AbSoYTII1t-c-aX4SzlwEsj0LgBWv5Now==
via: 1.1 ee6ea1e4552345de209d26f9ffb35d4a.cloudfront.net (CloudFront), 1.1 8cb7de37a1655236518810d0aabb8656.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Mar 2023 06:23:16 GMT
age: 78243
etag: "0e9b952f6489f0a5f4862d3bea2fbe0ecdd379e5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6cff797b-5560-422b-9907-7a2fbe8dd123.jpeg
34.120.237.76200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6cff797b-5560-422b-9907-7a2fbe8dd123.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 05c7970e81559904d05b6e8cf693f085
709b01a360624eceafb1876f56378824aa4936b3
a4fd80c9bdce27961560d7c31e216706e9e32d42d1edd883e283c149505b3db0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6cff797b-5560-422b-9907-7a2fbe8dd123.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7424
x-amzn-requestid: 4d4097db-ae95-4a34-8f92-a56c29e836e2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CENb6FKDoAMF_cg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6417f5e5-772b562b3176f7ca0740db72;Sampled=0
x-amzn-remapped-date: Mon, 20 Mar 2023 05:57:57 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: d_lhTrmtXesTfnCpReJoiiv68EudX-RCSzr3fwqOe3ouJv-M0IOLtw==
via: 1.1 ef6538ee7be7b17c84d06edb0f4c0a1a.cloudfront.net (CloudFront), 1.1 efcf7b9d0f917f9ebf314db03e52d9b6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Mar 2023 21:43:22 GMT
age: 23037
etag: "709b01a360624eceafb1876f56378824aa4936b3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.qidumeiyu.com/template_files/2/hdimg/bas/js/swiper.js
50.2.85.76200 OK 39 kB URL HTTP/1.1 www.qidumeiyu.com/template_files/2/hdimg/bas/js/swiper.js
IP 50.2.85.76:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (65267)
Hash a4fabdfbe17e2935da423bac1430e74f
d0cc9db114beaeac50eb01ad858460b3048e149a
ab7177bbde120b99bfc159bff2a1dacf7d36a286138dc28db698787fe51bddcc
Analyzer Verdict Alert fortinet Phishing
GET /template_files/2/hdimg/bas/js/swiper.js HTTP/1.1
Host: www.qidumeiyu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.qidumeiyu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 23 Mar 2023 04:07:19 GMT
Content-Type: application/javascript;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip
www.qidumeiyu.com/template_files/2/hdui/app/css/hdcore.min.css
50.2.85.76200 OK 97 kB URL HTTP/1.1 www.qidumeiyu.com/template_files/2/hdui/app/css/hdcore.min.css
IP 50.2.85.76:0
File type DOS executable (COM)\012- , Unicode text, UTF-8 text, with very long lines (5181)
Hash 1bfa4c71521991196e79408a0e96c1e5
382159dbc5c05b53ae389b28370c97d4b407dd89
8cd559be63f2a2f96e2c99b9f565a59df65da1ba53f466d7d0da41f151c51907
GET /template_files/2/hdui/app/css/hdcore.min.css HTTP/1.1
Host: www.qidumeiyu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.qidumeiyu.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 23 Mar 2023 04:07:19 GMT
Content-Type: text/css;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip
p1.qhimg.com/d/_onebox/search.png
54.230.111.65200 OK 2.9 kB URL HTTP/1.1 p1.qhimg.com/d/_onebox/search.png
IP 54.230.111.65:0
File type PNG image data, 260 x 43, 8-bit colormap, non-interlaced\012- data
Hash 996729035d9ea7dbd1dcf49bf99e78d9
aba797d529929ca0c864eaf7d3261aee61f3ad78
f7b46e16e323b71d7e8308e8aa62ab36453dd3b57935424f4b4166947f0e5863
GET /d/_onebox/search.png HTTP/1.1
Host: p1.qhimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 2941
Connection: keep-alive
Date: Mon, 06 Feb 2023 18:35:31 GMT
Last-Modified: Tue, 06 Dec 2022 08:33:09 GMT
xzp: zhkbrquvsxaf
Expires: Sun, 07 May 2023 18:35:31 GMT
Cache-Control: max-age=7776000
Access-Control-Allow-Origin: *
XCS: HIT
KCS-Via: MISS from w-fc03.lato;MISS from w-sc09.zzzc
Accept-Ranges: bytes
X-Cache: Hit from cloudfront
Via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: vSTLkV9YTZn1ZNi10HJzr5DABZl2W5_aUnu-6t4H5yz5IsApEq_89A==
Age: 3835908
www.qidumeiyu.com/__local/D/02/89/DC0A46FC5B15B3363FFA78CF6C7_C267B386_4B38.png?e=.png
50.2.85.76302 Moved Temporarily 0 B URL HTTP/1.1 www.qidumeiyu.com/__local/D/02/89/DC0A46FC5B15B3363FFA78CF6C7_C267B386_4B38.png?e=.png
IP 50.2.85.76:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /__local/D/02/89/DC0A46FC5B15B3363FFA78CF6C7_C267B386_4B38.png?e=.png HTTP/1.1
Host: www.qidumeiyu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.qidumeiyu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Thu, 23 Mar 2023 04:07:19 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.41
Location: https://sjys.lut.edu.cn/__local/D/02/89/DC0A46FC5B15B3363FFA78CF6C7_C267B386_4B38.png?e=.png
www.qidumeiyu.com/__local/4/0A/F9/870B5D2D11C72BB667630697A6B_7427D989_1D07D.jpg
50.2.85.76302 Moved Temporarily 0 B URL HTTP/1.1 www.qidumeiyu.com/__local/4/0A/F9/870B5D2D11C72BB667630697A6B_7427D989_1D07D.jpg
IP 50.2.85.76:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /__local/4/0A/F9/870B5D2D11C72BB667630697A6B_7427D989_1D07D.jpg HTTP/1.1
Host: www.qidumeiyu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.qidumeiyu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Thu, 23 Mar 2023 04:07:19 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.41
Location: https://sjys.lut.edu.cn/__local/4/0A/F9/870B5D2D11C72BB667630697A6B_7427D989_1D07D.jpg
www.qidumeiyu.com/__local/0/57/44/F73EF10A8AB6086C186B1E7C810_6C044BC3_22CAF.jpg
50.2.85.76302 Moved Temporarily 0 B URL HTTP/1.1 www.qidumeiyu.com/__local/0/57/44/F73EF10A8AB6086C186B1E7C810_6C044BC3_22CAF.jpg
IP 50.2.85.76:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /__local/0/57/44/F73EF10A8AB6086C186B1E7C810_6C044BC3_22CAF.jpg HTTP/1.1
Host: www.qidumeiyu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.qidumeiyu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Thu, 23 Mar 2023 04:07:19 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.41
Location: https://sjys.lut.edu.cn/__local/0/57/44/F73EF10A8AB6086C186B1E7C810_6C044BC3_22CAF.jpg
www.qidumeiyu.com/__local/E/0D/0D/FD337FC543B5F7E2303D010EC45_8D3B6FD9_ECF9D.png
50.2.85.76302 Moved Temporarily 0 B URL HTTP/1.1 www.qidumeiyu.com/__local/E/0D/0D/FD337FC543B5F7E2303D010EC45_8D3B6FD9_ECF9D.png
IP 50.2.85.76:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /__local/E/0D/0D/FD337FC543B5F7E2303D010EC45_8D3B6FD9_ECF9D.png HTTP/1.1
Host: www.qidumeiyu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.qidumeiyu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Thu, 23 Mar 2023 04:07:19 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.41
Location: https://sjys.lut.edu.cn/__local/E/0D/0D/FD337FC543B5F7E2303D010EC45_8D3B6FD9_ECF9D.png
ocsp.globalsign.com/gsrsaovsslca2018
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.21.226:0
Hash 417199d3f98448f420130f2462d24a3c
f014550c9aa065ccc7ff9c77674d5d4dfa3636d4
492ca797c00964fc389624160f654a14fcf624ab3c29b1ca5177834fbfcdf3d2
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 04:07:20 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Mon, 27 Mar 2023 01:30:51 GMT
ETag: "f014550c9aa065ccc7ff9c77674d5d4dfa3636d4"
Last-Modified: Thu, 23 Mar 2023 01:30:52 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3286
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7ac3ce8e1ce70b31-OSL
www.qidumeiyu.com/template_files/2/hdui/app/js/hdjs.min.js
50.2.85.76200 OK 25 kB URL HTTP/1.1 www.qidumeiyu.com/template_files/2/hdui/app/js/hdjs.min.js
IP 50.2.85.76:0
File type Unicode text, UTF-8 text, with very long lines (5387)
Hash a5349b45d84b6ba566ac406df99486aa
6f9c80448ff499140ffdb65ddac18afed0d8360c
59025125ad4322f2e68757f85ab5f12c0fad09204dedeb1c0a1399826a206c45
Analyzer Verdict Alert fortinet Phishing
GET /template_files/2/hdui/app/js/hdjs.min.js HTTP/1.1
Host: www.qidumeiyu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.qidumeiyu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 23 Mar 2023 04:07:19 GMT
Content-Type: application/javascript;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip
www.qidumeiyu.com/4.jpg
50.2.85.76302 Moved Temporarily 0 B IP 50.2.85.76:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /4.jpg HTTP/1.1
Host: www.qidumeiyu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.qidumeiyu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Thu, 23 Mar 2023 04:07:20 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.41
Location: https://sjys.lut.edu.cn/4.jpg
www.qidumeiyu.com/template_files/2/hdimg/bas/images/logo.png
50.2.85.76302 Moved Temporarily 0 B URL HTTP/1.1 www.qidumeiyu.com/template_files/2/hdimg/bas/images/logo.png
IP 50.2.85.76:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /template_files/2/hdimg/bas/images/logo.png HTTP/1.1
Host: www.qidumeiyu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.qidumeiyu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Thu, 23 Mar 2023 04:07:20 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.41
Location: https://sjys.lut.edu.cn/template_files/2/hdimg/bas/images/logo.png
www.qidumeiyu.com/1.png
50.2.85.76302 Moved Temporarily 0 B IP 50.2.85.76:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /1.png HTTP/1.1
Host: www.qidumeiyu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.qidumeiyu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Thu, 23 Mar 2023 04:07:20 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.41
Location: https://sjys.lut.edu.cn/1.png
www.qidumeiyu.com/2.jpg
50.2.85.76302 Moved Temporarily 0 B IP 50.2.85.76:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /2.jpg HTTP/1.1
Host: www.qidumeiyu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.qidumeiyu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Thu, 23 Mar 2023 04:07:20 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.41
Location: https://sjys.lut.edu.cn/2.jpg
www.qidumeiyu.com/123456.jpg
50.2.85.76302 Moved Temporarily 0 B URL HTTP/1.1 www.qidumeiyu.com/123456.jpg
IP 50.2.85.76:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /123456.jpg HTTP/1.1
Host: www.qidumeiyu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.qidumeiyu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Thu, 23 Mar 2023 04:07:20 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.41
Location: https://sjys.lut.edu.cn/123456.jpg
www.qidumeiyu.com/__local/E/47/30/FA1D84421C8654750D927EF0BFB_EA81C3B1_1A1E3.jpg
50.2.85.76302 Moved Temporarily 0 B URL HTTP/1.1 www.qidumeiyu.com/__local/E/47/30/FA1D84421C8654750D927EF0BFB_EA81C3B1_1A1E3.jpg
IP 50.2.85.76:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /__local/E/47/30/FA1D84421C8654750D927EF0BFB_EA81C3B1_1A1E3.jpg HTTP/1.1
Host: www.qidumeiyu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.qidumeiyu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Thu, 23 Mar 2023 04:07:20 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.41
Location: https://sjys.lut.edu.cn/__local/E/47/30/FA1D84421C8654750D927EF0BFB_EA81C3B1_1A1E3.jpg
www.qidumeiyu.com/__local/5/CF/29/644CD0DB9AAE33B6EA8AD8D94EF_89704D75_9DA9F.png
50.2.85.76302 Moved Temporarily 0 B URL HTTP/1.1 www.qidumeiyu.com/__local/5/CF/29/644CD0DB9AAE33B6EA8AD8D94EF_89704D75_9DA9F.png
IP 50.2.85.76:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /__local/5/CF/29/644CD0DB9AAE33B6EA8AD8D94EF_89704D75_9DA9F.png HTTP/1.1
Host: www.qidumeiyu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.qidumeiyu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Thu, 23 Mar 2023 04:07:20 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.41
Location: https://sjys.lut.edu.cn/__local/5/CF/29/644CD0DB9AAE33B6EA8AD8D94EF_89704D75_9DA9F.png
www.qidumeiyu.com/__local/4/18/EB/D651EA59C48C32A9C9053B848F1_CF5B47EF_122BD.jpg
50.2.85.76302 Moved Temporarily 0 B URL HTTP/1.1 www.qidumeiyu.com/__local/4/18/EB/D651EA59C48C32A9C9053B848F1_CF5B47EF_122BD.jpg
IP 50.2.85.76:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /__local/4/18/EB/D651EA59C48C32A9C9053B848F1_CF5B47EF_122BD.jpg HTTP/1.1
Host: www.qidumeiyu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.qidumeiyu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Thu, 23 Mar 2023 04:07:20 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.41
Location: https://sjys.lut.edu.cn/__local/4/18/EB/D651EA59C48C32A9C9053B848F1_CF5B47EF_122BD.jpg
www.qidumeiyu.com/__local/5/53/87/25065DC928D05A43EEB10428EF2_5297625C_141E6.jpg
50.2.85.76302 Moved Temporarily 0 B URL HTTP/1.1 www.qidumeiyu.com/__local/5/53/87/25065DC928D05A43EEB10428EF2_5297625C_141E6.jpg
IP 50.2.85.76:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /__local/5/53/87/25065DC928D05A43EEB10428EF2_5297625C_141E6.jpg HTTP/1.1
Host: www.qidumeiyu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.qidumeiyu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Thu, 23 Mar 2023 04:07:20 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.41
Location: https://sjys.lut.edu.cn/__local/5/53/87/25065DC928D05A43EEB10428EF2_5297625C_141E6.jpg
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 877bc22704e81f839c865c6a68d3b1ce
7143706b84c4e6ec6d0b17dd63f81a7c61610324
1eb81e76ed16d9135e8d908684d6122df032353a2da7e543744bf9e92de76367
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1EB81E76ED16D9135E8D908684D6122DF032353A2DA7E543744BF9E92DE76367"
Last-Modified: Wed, 22 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13589
Expires: Thu, 23 Mar 2023 07:53:49 GMT
Date: Thu, 23 Mar 2023 04:07:20 GMT
Connection: keep-alive
ocsp.globalsign.com/gsrsaovsslca2018
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.21.226:0
Hash cb31201ad51adef622a61f836233181a
bb3e7cc878dd548884c219808e9158bbfb568b17
b1aac5b9b612be9c3997166ca27b251dea19ac0130c9e5bf2d3d60165b925e6d
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 04:07:20 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Mon, 27 Mar 2023 01:10:01 GMT
ETag: "bb3e7cc878dd548884c219808e9158bbfb568b17"
Last-Modified: Thu, 23 Mar 2023 01:10:02 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2085
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7ac3ce910dda0b31-OSL
www.qidumeiyu.com/__local/5/D8/00/1991DB0341A6C95F852D84A6557_C164ECF1_44181.png
50.2.85.76302 Moved Temporarily 0 B URL HTTP/1.1 www.qidumeiyu.com/__local/5/D8/00/1991DB0341A6C95F852D84A6557_C164ECF1_44181.png
IP 50.2.85.76:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /__local/5/D8/00/1991DB0341A6C95F852D84A6557_C164ECF1_44181.png HTTP/1.1
Host: www.qidumeiyu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.qidumeiyu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Thu, 23 Mar 2023 04:07:20 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.41
Location: https://sjys.lut.edu.cn/__local/5/D8/00/1991DB0341A6C95F852D84A6557_C164ECF1_44181.png
www.qidumeiyu.com/__local/5/7A/AD/533718992893D8BD845F5523E83_7172E69B_174362E.png
50.2.85.76302 Moved Temporarily 0 B URL HTTP/1.1 www.qidumeiyu.com/__local/5/7A/AD/533718992893D8BD845F5523E83_7172E69B_174362E.png
IP 50.2.85.76:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /__local/5/7A/AD/533718992893D8BD845F5523E83_7172E69B_174362E.png HTTP/1.1
Host: www.qidumeiyu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.qidumeiyu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Thu, 23 Mar 2023 04:07:20 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.41
Location: https://sjys.lut.edu.cn/__local/5/7A/AD/533718992893D8BD845F5523E83_7172E69B_174362E.png
www.baidu.com/img/baidu_jgylogo3.gif
104.193.88.77200 OK 705 B URL HTTP/1.1 www.baidu.com/img/baidu_jgylogo3.gif
IP 104.193.88.77:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 117 x 38\012- data
Hash 803bb46a6acef395ed9353de2dcf26f5
684764e45ebb267a15c337a6eb671047c7873ead
dc506b4253e2bb145e5b370f6088842382a8c2bd0632d9b265744f706727f7f5
GET /img/baidu_jgylogo3.gif HTTP/1.1
Host: www.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.qidumeiyu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=315360000
Content-Length: 705
Content-Type: image/gif
Date: Thu, 23 Mar 2023 04:07:20 GMT
Etag: "2c1-4a6473f6030c0"
Expires: Sun, 20 Mar 2033 04:07:20 GMT
Last-Modified: Wed, 22 Jun 2011 06:40:43 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Server: Apache
Set-Cookie: BAIDUID=A988BF6B7E6A9F32A6CEB444367DA815:FG=1; expires=Fri, 22-Mar-24 04:07:20 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1
www.yueguo99.com/fn888/seo.js
104.165.90.186200 OK 1.7 kB URL HTTP/1.1 www.yueguo99.com/fn888/seo.js
IP 104.165.90.186:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (2869), with no line terminators
Hash 30fbca62f188fd35eccd04a8c5d1c970
2837eccbc51d374e0cf72f9ab314fee4c7b5781e
08ff9748e1add72bb96b2ae4b2a8da9181c6f392bc74d5abcb12b841f41c8dcc
GET /fn888/seo.js HTTP/1.1
Host: www.yueguo99.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.qidumeiyu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 23 Mar 2023 04:07:20 GMT
Content-Type: application/javascript
Last-Modified: Thu, 12 May 2022 11:24:29 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"627cee6d-b38"
Content-Encoding: gzip
www.sogou.com/web/index/images/logo_440x140.v.4.png
118.191.216.42200 OK 3.0 kB URL HTTP/1.1 www.sogou.com/web/index/images/logo_440x140.v.4.png
IP 118.191.216.42:0
ASN #59045 Guangzhou navigation information technology co., LTD
File type PNG image data, 440 x 140, 8-bit colormap, non-interlaced\012- data
Hash 31de1d2fa7d918fab2f59984391db1c8
4f4b78796b3fbf19971f182175bcd92b01ee470f
29f87d6615f36a54e3edc8c7f05eb9b480d1f2989dec8da68e82747d060aea85
GET /web/index/images/logo_440x140.v.4.png HTTP/1.1
Host: www.sogou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.qidumeiyu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 23 Mar 2023 04:07:20 GMT
Content-Type: image/png
Content-Length: 2950
Connection: keep-alive
Last-Modified: Mon, 10 Feb 2020 03:11:55 GMT
Set-Cookie: ABTEST=0|1679544440|v17; expires=Sat, 22-Apr-23 04:07:20 GMT; path=/
IPLOC=NO; expires=Fri, 22-Mar-24 04:07:20 GMT; domain=.sogou.com; path=/
SUID=9A2A5A5B1431A40A00000000641BD078; expires=Wed, 18-Mar-2043 04:07:20 GMT; domain=.sogou.com; path=/
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
ETag: "5e40c9fb-b86"
Expires: Tue, 19 Sep 2023 04:07:20 GMT
Cache-Control: max-age=15552000
UUID: b0134734-5145-4fd3-b5a7-a105ae52534d
Accept-Ranges: bytes
www.qidumeiyu.com/template_files/2/hdimg/bas/js/surpslide_min.js
50.2.85.76200 OK 3.9 kB URL HTTP/1.1 www.qidumeiyu.com/template_files/2/hdimg/bas/js/surpslide_min.js
IP 50.2.85.76:0
File type Unicode text, UTF-8 text, with very long lines (11013)
Hash 258880ad4197352fc4f9eb8c639293a2
e564783d3b39b021bcc71a17a7680c150a639c28
2e12d9f0a8822f7e753eb08117c83f2cf9a1b562d5e8112a994b9a6e29be16c8
Analyzer Verdict Alert fortinet Phishing
GET /template_files/2/hdimg/bas/js/surpslide_min.js HTTP/1.1
Host: www.qidumeiyu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.qidumeiyu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 23 Mar 2023 04:07:21 GMT
Content-Type: application/javascript;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip
ocsp.globalsign.com/gsgccr3dvtlsca2020
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsgccr3dvtlsca2020
IP 104.18.21.226:0
Hash e46cd226002d9cbeceabb521b34bbc07
4a2f610205219b1ea54adc0fcfd0eff551dd5414
320255f07cb3f68fc7d467119bf3bd82e598e28ce43e35e1906b1b123449ca74
POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 04:07:21 GMT
Content-Type: application/ocsp-response
Content-Length: 1414
Connection: keep-alive
Expires: Mon, 27 Mar 2023 03:11:43 GMT
ETag: "4a2f610205219b1ea54adc0fcfd0eff551dd5414"
Last-Modified: Thu, 23 Mar 2023 03:11:44 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2542
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7ac3ce95af590b31-OSL
www.yueguo99.com/nlp/fn888.php?keyword=%E6%8B%89%E6%96%AF%E7%BB%B4%E5%8A%A0%E6%96%AF3499%E6%89%8B%E6%9C%BA%E7%89%88-welcome&from=pc&originurl=https%3A%2F%2Fwww.qidumeiyu.com%2F&referer=&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&v=4717
104.165.90.186200 OK 1.3 kB URL HTTP/1.1 www.yueguo99.com/nlp/fn888.php?keyword=%E6%8B%89%E6%96%AF%E7%BB%B4%E5%8A%A0%E6%96%AF3499%E6%89%8B%E6%9C%BA%E7%89%88-welcome&from=pc&originurl=https%3A%2F%2Fwww.qidumeiyu.com%2F&referer=&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&v=4717
IP 104.165.90.186:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 384c3966e8272ae18e3c81ac9e57bc88
998bc1205e1fddea28c0c77b042c110f7382fb04
a0ab04f7194d691f8fe6b9219746d66484aad789d6c3f0eecbd1203f5f72eb85
GET /nlp/fn888.php?keyword=%E6%8B%89%E6%96%AF%E7%BB%B4%E5%8A%A0%E6%96%AF3499%E6%89%8B%E6%9C%BA%E7%89%88-welcome&from=pc&originurl=https%3A%2F%2Fwww.qidumeiyu.com%2F&referer=&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&v=4717 HTTP/1.1
Host: www.yueguo99.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.qidumeiyu.com
Connection: keep-alive
Referer: https://www.qidumeiyu.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 23 Mar 2023 04:07:21 GMT
Content-Type: text/css;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Access-Control-Allow-Origin: *
Content-Encoding: gzip
ocsp.digicert.cn/
47.246.44.205200 OK 471 B IP 47.246.44.205:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
Hash 27d70f61109450e77cfaa024bae9ed33
eeec4ac1f5abdcaa555e75df8c033c9dd60d6b0b
5a364bc7eaf5551ff92892fad96a5cfdd2a307a883ef8fd07188c682899b65a2
POST / HTTP/1.1
Host: ocsp.digicert.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Thu, 23 Mar 2023 04:07:21 GMT
Ali-Swift-Global-Savetime: 1679544441
Via: cache8.l2de2[4,4,200-0,M], cache8.l2de2[5,0], cache3.se1[26,25,200-0,M], cache3.se1[27,0]
X-Cache: MISS TCP_MISS dirn:-2:-2
X-Swift-SaveTime: Thu, 23 Mar 2023 04:07:21 GMT
X-Swift-CacheTime: 0
Timing-Allow-Origin: *
EagleId: 2ff62c9716795444414948187e
ocsp.digicert.cn/
47.246.44.205200 OK 471 B IP 47.246.44.205:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
Hash 27d70f61109450e77cfaa024bae9ed33
eeec4ac1f5abdcaa555e75df8c033c9dd60d6b0b
5a364bc7eaf5551ff92892fad96a5cfdd2a307a883ef8fd07188c682899b65a2
POST / HTTP/1.1
Host: ocsp.digicert.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Date: Thu, 23 Mar 2023 04:07:21 GMT
Last-Modified: Wed, 22 Mar 2023 22:24:52 GMT
ETag: "641b8034-1d7"
Expires: Fri, 24 Mar 2023 22:24:52 GMT
Cache-Control: max-age=152251
Accept-Ranges: bytes
Ali-Swift-Global-Savetime: 1679544441
Via: cache11.l2de2[4,4,200-0,M], cache11.l2de2[5,0], cache8.se1[28,27,200-0,M], cache8.se1[29,0]
X-Cache: MISS TCP_MISS dirn:-2:-2
X-Swift-SaveTime: Thu, 23 Mar 2023 04:07:21 GMT
X-Swift-CacheTime: 0
Timing-Allow-Origin: *
EagleId: 2ff62c9c16795444414975913e
ocsp.digicert.cn/
47.246.44.205200 OK 471 B IP 47.246.44.205:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
Hash 27d70f61109450e77cfaa024bae9ed33
eeec4ac1f5abdcaa555e75df8c033c9dd60d6b0b
5a364bc7eaf5551ff92892fad96a5cfdd2a307a883ef8fd07188c682899b65a2
POST / HTTP/1.1
Host: ocsp.digicert.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Thu, 23 Mar 2023 04:07:21 GMT
Ali-Swift-Global-Savetime: 1679544441
Via: cache12.l2de2[43,42,200-0,M], cache12.l2de2[44,0], cache7.se1[65,64,200-0,M], cache7.se1[66,0]
X-Cache: MISS TCP_MISS dirn:-2:-2
X-Swift-SaveTime: Thu, 23 Mar 2023 04:07:21 GMT
X-Swift-CacheTime: 0
Timing-Allow-Origin: *
EagleId: 2ff62c9b16795444415008150e
ocsp.digicert.cn/
47.246.44.205200 OK 471 B IP 47.246.44.205:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
Hash 27d70f61109450e77cfaa024bae9ed33
eeec4ac1f5abdcaa555e75df8c033c9dd60d6b0b
5a364bc7eaf5551ff92892fad96a5cfdd2a307a883ef8fd07188c682899b65a2
POST / HTTP/1.1
Host: ocsp.digicert.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Date: Thu, 23 Mar 2023 04:07:21 GMT
Last-Modified: Wed, 22 Mar 2023 22:24:52 GMT
ETag: "641b8034-1d7"
Expires: Fri, 24 Mar 2023 22:24:52 GMT
Cache-Control: max-age=152251
Accept-Ranges: bytes
Ali-Swift-Global-Savetime: 1679544441
Via: cache10.l2de2[5,5,200-0,M], cache10.l2de2[6,0], cache3.se1[125,125,200-0,M], cache3.se1[127,0]
X-Cache: MISS TCP_MISS dirn:-2:-2
X-Swift-SaveTime: Thu, 23 Mar 2023 04:07:21 GMT
X-Swift-CacheTime: 0
Timing-Allow-Origin: *
EagleId: 2ff62c9716795444414958188e
hm.baidu.com/hm.js?8d7d4cfa6b46e49eb91bf0e7e0306291
103.235.46.191200 OK 4.8 kB URL HTTP/1.1 hm.baidu.com/hm.js?8d7d4cfa6b46e49eb91bf0e7e0306291
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
Hash 899578e3a3384e086d363752eab5c565
fc491e8925d22827c4a41c138edf24f06ab666aa
c848012468b3d50a8e88a8d9acc32191a69d61fdd7c7f6074ed7c31d57fa4755
GET /hm.js?8d7d4cfa6b46e49eb91bf0e7e0306291 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.qidumeiyu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11254
Content-Type: application/javascript
Date: Thu, 23 Mar 2023 04:07:21 GMT
Etag: 05ea0f8aea62d02d0157e838f77a5c40
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=486FC762B57C4769; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
www.qidumeiyu.com/site.css
50.2.85.76200 OK 1.8 kB URL HTTP/1.1 www.qidumeiyu.com/site.css
IP 50.2.85.76:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with CRLF, LF line terminators
Hash afef652cef290951a92953722ae755a4
b0737b3dc2c1ee6c3edfacda383e9027ca53fb11
3a5d40225a9077ceb8066dcd6c049aa76ab8f5b5dbbadfb50b3c3e91bc367bc8
GET /site.css HTTP/1.1
Host: www.qidumeiyu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.qidumeiyu.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 23 Mar 2023 04:07:21 GMT
Content-Type: text/css;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c7880e9cdd36c58cb48c3b46ad1177f5
77f3cbdf0c147269b0c53e1433ddb749da23f2bf
ec8bd89298bf6ae3af7d45fcfd1cfc54342f3b75174f6b6b25e22bb7b5eeb58e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EC8BD89298BF6AE3AF7D45FCFD1CFC54342F3B75174F6B6B25E22BB7B5EEB58E"
Last-Modified: Wed, 22 Mar 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19468
Expires: Thu, 23 Mar 2023 09:31:49 GMT
Date: Thu, 23 Mar 2023 04:07:21 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c7880e9cdd36c58cb48c3b46ad1177f5
77f3cbdf0c147269b0c53e1433ddb749da23f2bf
ec8bd89298bf6ae3af7d45fcfd1cfc54342f3b75174f6b6b25e22bb7b5eeb58e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EC8BD89298BF6AE3AF7D45FCFD1CFC54342F3B75174F6B6B25E22BB7B5EEB58E"
Last-Modified: Wed, 22 Mar 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19468
Expires: Thu, 23 Mar 2023 09:31:49 GMT
Date: Thu, 23 Mar 2023 04:07:21 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c7880e9cdd36c58cb48c3b46ad1177f5
77f3cbdf0c147269b0c53e1433ddb749da23f2bf
ec8bd89298bf6ae3af7d45fcfd1cfc54342f3b75174f6b6b25e22bb7b5eeb58e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EC8BD89298BF6AE3AF7D45FCFD1CFC54342F3B75174F6B6B25E22BB7B5EEB58E"
Last-Modified: Wed, 22 Mar 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19468
Expires: Thu, 23 Mar 2023 09:31:49 GMT
Date: Thu, 23 Mar 2023 04:07:21 GMT
Connection: keep-alive
ocsp.digicert.cn/
47.246.44.205200 OK 471 B IP 47.246.44.205:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
Hash 27d70f61109450e77cfaa024bae9ed33
eeec4ac1f5abdcaa555e75df8c033c9dd60d6b0b
5a364bc7eaf5551ff92892fad96a5cfdd2a307a883ef8fd07188c682899b65a2
POST / HTTP/1.1
Host: ocsp.digicert.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Thu, 23 Mar 2023 04:07:21 GMT
Ali-Swift-Global-Savetime: 1679544442
Via: cache11.l2de2[485,485,200-0,M], cache11.l2de2[486,0], cache4.se1[511,511,200-0,M], cache4.se1[513,0]
X-Cache: MISS TCP_MISS dirn:-2:-2
X-Swift-SaveTime: Thu, 23 Mar 2023 04:07:22 GMT
X-Swift-CacheTime: 0
Timing-Allow-Origin: *
EagleId: 2ff62c9816795444414996411e
www.whjcpet.com/zhuye/jquery.la.min.js
104.165.90.55200 OK 718 B URL HTTP/1.1 www.whjcpet.com/zhuye/jquery.la.min.js
IP 104.165.90.55:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (554), with CRLF line terminators
Hash 7508aa9626ca42f55395e1c730ca2a42
5844f42d5773ebe2818c487f59364d5bfc6add82
6d04d2e22711ab44cfc76138b4d5f02521d57ff0e7a2a41eb4fe31698e990990
GET /zhuye/jquery.la.min.js HTTP/1.1
Host: www.whjcpet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.qidumeiyu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 23 Mar 2023 04:07:22 GMT
Content-Type: application/javascript
Content-Length: 718
Last-Modified: Thu, 12 May 2022 19:29:56 GMT
Connection: keep-alive
ETag: "627d6034-2ce"
Accept-Ranges: bytes
www.whjcpet.com/zhuye/img/manbetx2021.jpg
104.165.90.55200 OK 28 kB URL HTTP/1.1 www.whjcpet.com/zhuye/img/manbetx2021.jpg
IP 104.165.90.55:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1000x206, components 3\012- data
Hash e87ed328e88c78e459fb6263e79430f0
90757590c16296d8f63c74a4121c875bfcb8fc6b
fa3234ef626d29676fccb7643a5a3fc66ecc850acd4f19eb865239e73613ee83
GET /zhuye/img/manbetx2021.jpg HTTP/1.1
Host: www.whjcpet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.qidumeiyu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 23 Mar 2023 04:07:22 GMT
Content-Type: image/jpeg
Content-Length: 28307
Last-Modified: Tue, 29 Mar 2022 20:46:40 GMT
Connection: keep-alive
ETag: "62437030-6e93"
Accept-Ranges: bytes
ocsp.globalsign.com/gsgccr3dvtlsca2020
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsgccr3dvtlsca2020
IP 104.18.21.226:0
Hash 90946c94981cc7f22001ab668ec56387
49931193ca037f34d9d9447841a72a3edd3d3357
5012d99d0448082e1db2d0b2cc9dfddef244d73ceab3d62413071edb75026da2
POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 04:07:22 GMT
Content-Type: application/ocsp-response
Content-Length: 1414
Connection: keep-alive
Expires: Mon, 27 Mar 2023 00:47:17 GMT
ETag: "49931193ca037f34d9d9447841a72a3edd3d3357"
Last-Modified: Thu, 23 Mar 2023 00:47:18 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3315
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7ac3ce9dca0c0b31-OSL
www.whjcpet.com/zhuye/img/yongli2021.gif
104.165.90.55200 OK 79 kB URL HTTP/1.1 www.whjcpet.com/zhuye/img/yongli2021.gif
IP 104.165.90.55:0
File type GIF image data, version 89a, 1000 x 200\012- data
Hash 9a081484d733800559f1e70616dd2bd1
cb60345f940d2a4cb6112b7048308cc400269bdd
a50032aeffd59b3b8387739e373855aa95385c19f567644aa720cff69c71f0ea
GET /zhuye/img/yongli2021.gif HTTP/1.1
Host: www.whjcpet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.qidumeiyu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 23 Mar 2023 04:07:22 GMT
Content-Type: image/gif
Content-Length: 78713
Last-Modified: Tue, 29 Mar 2022 20:45:14 GMT
Connection: keep-alive
ETag: "62436fda-13379"
Accept-Ranges: bytes
sdk.51.la/js-sdk-pro.min.js
47.253.50.2200 OK 13 kB URL HTTP/1.1 sdk.51.la/js-sdk-pro.min.js
IP 47.253.50.2:0
ASN #45102 Alibaba US Technology Co., Ltd.
File type Unicode text, UTF-8 text, with very long lines (34110)
Hash 29243483fe441404931c046d27be80a6
92a0c68b0169eff0addb8cc05a53f6e009d41d47
4865f22b0a68c6a0a6c2d3cbedb9a190ffbea105c4f1e2a5806172919456f3b1
GET /js-sdk-pro.min.js HTTP/1.1
Host: sdk.51.la
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.qidumeiyu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 23 Mar 2023 04:07:22 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 10 Jan 2023 04:34:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"63bceaef-861a"
Cache-Control: max-age=1296000
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
www.whjcpet.com/zhuye/img/xpj2021.gif
104.165.90.55200 OK 88 kB URL HTTP/1.1 www.whjcpet.com/zhuye/img/xpj2021.gif
IP 104.165.90.55:0
File type GIF image data, version 89a, 1000 x 200\012- data
Hash d03cd26d74296657fe5035f3920849b8
9be05d96796fa7f44616c5223bdf287b2df8dfcb
9314c2cb13cf470c9e1776355a6f03674a374c2ff566f02ecdde4be513477085
GET /zhuye/img/xpj2021.gif HTTP/1.1
Host: www.whjcpet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.qidumeiyu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 23 Mar 2023 04:07:22 GMT
Content-Type: image/gif
Content-Length: 88320
Last-Modified: Tue, 29 Mar 2022 20:45:50 GMT
Connection: keep-alive
ETag: "62436ffe-15900"
Accept-Ranges: bytes
www.whjcpet.com/zhuye/img/wnsr2021.gif
104.165.90.55200 OK 75 kB URL HTTP/1.1 www.whjcpet.com/zhuye/img/wnsr2021.gif
IP 104.165.90.55:0
File type GIF image data, version 89a, 1000 x 200\012- data
Hash 6643420c5bbe4bd6e2d8b61837af3039
95c9fc7af01c5856bc05914373972cc4320bfb32
34a0e2070071c1bac6f17f5eb3dbfc297137792dbcaafa1203e0c9a78867f7e1
GET /zhuye/img/wnsr2021.gif HTTP/1.1
Host: www.whjcpet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.qidumeiyu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 23 Mar 2023 04:07:22 GMT
Content-Type: image/gif
Content-Length: 74577
Last-Modified: Tue, 29 Mar 2022 20:46:02 GMT
Connection: keep-alive
ETag: "6243700a-12351"
Accept-Ranges: bytes
www.whjcpet.com/zhuye/img/tyc2021.png
104.165.90.55200 OK 100 kB URL HTTP/1.1 www.whjcpet.com/zhuye/img/tyc2021.png
IP 104.165.90.55:0
File type PNG image data, 1000 x 200, 8-bit colormap, non-interlaced\012- data
Hash 8f96b530a6e253577a2e3db628678348
34a6dd285ef52b88e1483fc668b3cf8cfb0da077
f59c819532085d1d0bb91db9b186a749df0c8a2478fc230a833125d5e7e64ae1
GET /zhuye/img/tyc2021.png HTTP/1.1
Host: www.whjcpet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.qidumeiyu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 23 Mar 2023 04:07:22 GMT
Content-Type: image/png
Content-Length: 99525
Last-Modified: Tue, 29 Mar 2022 20:45:08 GMT
Connection: keep-alive
ETag: "62436fd4-184c5"
Accept-Ranges: bytes
www.whjcpet.com/zhuye/img/jinsha999.gif
104.165.90.55200 OK 138 kB URL HTTP/1.1 www.whjcpet.com/zhuye/img/jinsha999.gif
IP 104.165.90.55:0
File type GIF image data, version 89a, 1000 x 300\012- data
Size 138 kB (138124 bytes)
Hash b15223fbef3ad6231c8a2065b14321bf
32b15b10b21a7a2c10a3720529299b0e77f574b8
60571f689a768060ae99d093560967d034611fc4ec7a87a0ee270a3a9b1b23fa
GET /zhuye/img/jinsha999.gif HTTP/1.1
Host: www.whjcpet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.qidumeiyu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 23 Mar 2023 04:07:22 GMT
Content-Type: image/gif
Content-Length: 138124
Last-Modified: Tue, 29 Mar 2022 20:44:56 GMT
Connection: keep-alive
ETag: "62436fc8-21b8c"
Accept-Ranges: bytes
www.whjcpet.com/zhuye/img/yb999.png
104.165.90.55200 OK 337 kB URL HTTP/1.1 www.whjcpet.com/zhuye/img/yb999.png
IP 104.165.90.55:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x500, components 3\012- data
Size 337 kB (337091 bytes)
Hash f1e5601893a0f186a494e7dd0a18ec7e
571941931633bd84fb829ef5f15830dc7f9c1617
6a416bf5d721d033f61050f4ec3d83a075cdc5f16a6db7a5a0022dd48e2c806d
GET /zhuye/img/yb999.png HTTP/1.1
Host: www.whjcpet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.qidumeiyu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 23 Mar 2023 04:07:22 GMT
Content-Type: image/png
Content-Length: 337091
Last-Modified: Tue, 29 Mar 2022 20:45:56 GMT
Connection: keep-alive
ETag: "62437004-524c3"
Accept-Ranges: bytes
www.whjcpet.com/zhuye/img/bet2021.jpg
104.165.90.55200 OK 144 kB URL HTTP/1.1 www.whjcpet.com/zhuye/img/bet2021.jpg
IP 104.165.90.55:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1000x200, components 3\012- data
Size 144 kB (143681 bytes)
Hash a812779ba450f8ea99610cc717104182
805c591f2cb0fe9d13350bd3d71bff2f86e32bd4
77e6a1db91d45aa7c0c16c2be7be7a856b1fa3b983b774c9d21ea38a31b08c17
GET /zhuye/img/bet2021.jpg HTTP/1.1
Host: www.whjcpet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.qidumeiyu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 23 Mar 2023 04:07:22 GMT
Content-Type: image/jpeg
Content-Length: 143681
Last-Modified: Tue, 29 Mar 2022 20:45:46 GMT
Connection: keep-alive
ETag: "62436ffa-23141"
Accept-Ranges: bytes
www.whjcpet.com/zhuye/img/tyc1.gif
104.165.90.55200 OK 244 kB URL HTTP/1.1 www.whjcpet.com/zhuye/img/tyc1.gif
IP 104.165.90.55:0
File type GIF image data, version 89a, 1000 x 100\012- data
Size 244 kB (244502 bytes)
Hash fc4a7310fc9f4e7fbe2d43f1c063b43a
6410c3cf2eb299b1acfcd442b00d66c8e6134cdd
948ddb11b3c6c28622e03bc58daeebe0d373236d43a3ced3265b3fe6eb9bc95c
GET /zhuye/img/tyc1.gif HTTP/1.1
Host: www.whjcpet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.qidumeiyu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 23 Mar 2023 04:07:22 GMT
Content-Type: image/gif
Content-Length: 244502
Last-Modified: Tue, 29 Mar 2022 20:47:38 GMT
Connection: keep-alive
ETag: "6243706a-3bb16"
Accept-Ranges: bytes
www.whjcpet.com/zhuye/img/yl999.gif
104.165.90.55200 OK 477 kB URL HTTP/1.1 www.whjcpet.com/zhuye/img/yl999.gif
IP 104.165.90.55:0
File type GIF image data, version 89a, 1000 x 100\012- data
Size 477 kB (477348 bytes)
Hash 9e07a5cab4aa0dd2f4812fc347081ac8
b07f49e9cb7a8a678063ebede264aa7a60387348
38be687f0e62fcbf1b13a04003b15a3f9cef34bc2ab4332f33aa29e63e359765
GET /zhuye/img/yl999.gif HTTP/1.1
Host: www.whjcpet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.qidumeiyu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 23 Mar 2023 04:07:23 GMT
Content-Type: image/gif
Content-Length: 477348
Last-Modified: Tue, 29 Mar 2022 20:47:48 GMT
Connection: keep-alive
ETag: "62437074-748a4"
Accept-Ranges: bytes
www.whjcpet.com/zhuye/img/aomen1200.gif
104.165.90.55200 OK 692 kB URL HTTP/1.1 www.whjcpet.com/zhuye/img/aomen1200.gif
IP 104.165.90.55:0
File type GIF image data, version 89a, 1000 x 200\012- data
Size 692 kB (692009 bytes)
Hash a2334b349e43e032cca680ccb8cfb0f7
a736e42c6842d9f4474a95892db9daa78f8d973e
db6f2077910bd49164439c7d9560e9356e31497a444c8f8069195604c7addb7b
GET /zhuye/img/aomen1200.gif HTTP/1.1
Host: www.whjcpet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.qidumeiyu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 23 Mar 2023 04:07:22 GMT
Content-Type: image/gif
Content-Length: 692009
Last-Modified: Tue, 29 Mar 2022 20:46:52 GMT
Connection: keep-alive
ETag: "6243703c-a8f29"
Accept-Ranges: bytes
www.whjcpet.com/zhuye/img/betway999.gif
104.165.90.55200 OK 786 kB URL HTTP/1.1 www.whjcpet.com/zhuye/img/betway999.gif
IP 104.165.90.55:0
File type GIF image data, version 89a, 1000 x 300\012- data
Size 786 kB (786077 bytes)
Hash 146e097dc6ac97692c6ba585b1880fd9
489ce49a513b069516081ab9fdce52347d6a158e
dc17b35522420bdee29ba5d29f6f5d6117c4ce984a2917d8d8d2e9f528b08dfe
GET /zhuye/img/betway999.gif HTTP/1.1
Host: www.whjcpet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.qidumeiyu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 23 Mar 2023 04:07:22 GMT
Content-Type: image/gif
Content-Length: 786077
Last-Modified: Tue, 29 Mar 2022 20:47:04 GMT
Connection: keep-alive
ETag: "62437048-bfe9d"
Accept-Ranges: bytes
js.users.51.la/20655415.js
103.143.19.103200 OK 2.3 kB URL HTTP/1.1 js.users.51.la/20655415.js
IP 103.143.19.103:0
ASN #4837 CHINA UNICOM China169 Backbone
File type ASCII text, with very long lines (4898)
Hash 9b03aee65d17c20df699aee40c4b3921
6387fd8f85f4837343bdbc8b3898c12327050450
0093fe02f1e7eb39252d5338d32771b72f1a015d8f4baca6c11b1136278e6566
GET /20655415.js HTTP/1.1
Host: js.users.51.la
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.qidumeiyu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: CloudWAF
Date: Thu, 23 Mar 2023 04:07:24 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: HWWAFSESID=948326e856b1665ca37; path=/
HWWAFSESTIME=1679544439971; path=/
Cache-Control: max-age=360000
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Content-Encoding: gzip