Overview

URL aatgroup-th.com/login.php
IP45.200.232.204
ASNABCDE GROUP COMPANY LIMITED
Location Hong Kong
Report completed2022-09-23 01:42:19 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-09-23 2 aatgroup-th.com/login.php Phishing
2022-09-23 2 www.aatgroup-th.com/login.php Phishing
2022-09-23 2 www.aatgroup-th.com/template/company/moban263/js/jquery.easydropdown.js Phishing
2022-09-23 2 www.aatgroup-th.com/js/orsxg5a.script Phishing
2022-09-23 2 www.aatgroup-th.com/template/company/moban263/js/nav.js Phishing
2022-09-23 2 www.aatgroup-th.com/template/company/moban263/js/jquery.min.js Phishing
mnemonic secure dns  No alerts detected
Quad9 DNS  No alerts detected


Files

No files detected



Passive DNS (18)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS r3.o.lencr.org (8) 344 2020-12-02 08:52:13 UTC 2022-09-22 04:32:00 UTC 23.36.76.226
mnemonic passive DNS www.aatgroup-th.com (9) 0 2017-09-19 12:28:25 UTC 2022-08-22 07:33:16 UTC 45.200.232.204 Unknown ranking
mnemonic passive DNS zerossl.ocsp.sectigo.com (2) 4049 2020-05-09 19:05:29 UTC 2022-09-22 06:30:10 UTC 104.18.32.68
mnemonic passive DNS 1e3c3bfront.zcdiks.com (2) 0 2022-08-21 01:44:51 UTC 2022-08-22 07:33:20 UTC 163.171.140.79 Unknown ranking
mnemonic passive DNS hm.baidu.com (2) 8254 2012-05-26 08:38:45 UTC 2022-09-22 06:19:11 UTC 103.235.46.191
mnemonic passive DNS 1e3c3bfront.yhkma.com (1) 0 No data No data 140.249.90.182 Unknown ranking
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-09-22 05:24:31 UTC 34.160.144.191
mnemonic passive DNS img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-09-22 14:28:12 UTC 34.120.237.76
mnemonic passive DNS ocsp.globalsign.com (1) 2075 2012-05-25 06:20:55 UTC 2022-09-22 04:42:02 UTC 104.18.20.226
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-09-22 20:22:27 UTC 143.204.55.115
mnemonic passive DNS aatgroup-th.com (1) 0 2017-09-19 12:28:25 UTC 2022-09-17 11:16:21 UTC 45.200.232.204 Unknown ranking
mnemonic passive DNS ocsp.digicert.com (1) 86 2012-05-21 07:02:23 UTC 2022-09-22 21:38:01 UTC 93.184.220.29
mnemonic passive DNS 1e3c3bfront.hwlingjing.com (42) 0 2022-07-19 03:46:45 UTC 2022-08-22 07:33:20 UTC 163.171.140.79 Unknown ranking
mnemonic passive DNS ocsp.pki.goog (2) 175 2017-06-14 07:23:31 UTC 2022-09-22 04:32:28 UTC 142.250.74.3
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-09-22 04:34:04 UTC 34.117.237.239
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-09-22 05:01:22 UTC 54.187.146.10
mnemonic passive DNS www.918cce.com (22) 0 2019-07-15 05:30:50 UTC 2022-08-22 07:33:19 UTC 103.118.81.7 Unknown ranking
mnemonic passive DNS www.googletagmanager.com (1) 75 2012-12-25 14:52:06 UTC 2022-09-22 04:31:50 UTC 172.217.21.168


Recent reports on same IP/ASN/Domain/Screenshot

Last 3 reports on IP: 45.200.232.204

Date UQ / IDS / BL URL IP
2022-11-25 02:41:11 +0000
0 - 0 - 9 aatgroup-th.com/login.php 45.200.232.204
2022-09-24 00:31:37 +0000
0 - 0 - 6 aatgroup-th.com/login.php 45.200.232.204
2022-09-23 01:42:19 +0000
0 - 0 - 6 aatgroup-th.com/login.php 45.200.232.204

Last 5 reports on ASN: ABCDE GROUP COMPANY LIMITED

Date UQ / IDS / BL URL IP
2022-12-03 19:11:46 +0000
0 - 0 - 3 logln-blockchalne.com/ 156.224.193.125
2022-12-02 12:48:23 +0000
0 - 0 - 5 techsupperclub.com/ 154.220.100.33
2022-12-02 12:47:12 +0000
0 - 0 - 7 020jinhuo.com/ 156.250.4.217
2022-12-02 04:45:18 +0000
0 - 0 - 4 g0f7j.xyz/ 154.204.211.230
2022-12-01 20:52:53 +0000
0 - 0 - 21 bjxdoor.com/ 156.226.105.239

Last 3 reports on domain: aatgroup-th.com

Date UQ / IDS / BL URL IP
2022-11-25 02:41:11 +0000
0 - 0 - 9 aatgroup-th.com/login.php 45.200.232.204
2022-09-24 00:31:37 +0000
0 - 0 - 6 aatgroup-th.com/login.php 45.200.232.204
2022-09-23 01:42:19 +0000
0 - 0 - 6 aatgroup-th.com/login.php 45.200.232.204

No other reports with similar screenshot



JavaScript

Executed Scripts (29)


Executed Evals (1)

#1 JavaScript::Eval (size: 24, repeated: 1) - SHA256: 74867c5a2cf408b090752d3cb8767bb46fdb4a0529bc959d96f51aeb2607d7e3

                                        require('buffer').Buffer
                                    

Executed Writes (2)

#1 JavaScript::Write (size: 292, repeated: 1) - SHA256: e4088c81e5823f34fd8a4eb45b50033ac8dedfca6602a97898aa6c21ec5da9f3

                                        < iframe id = "showcloneshengxiaon"
width = "100%"
height = "100%"
style = "position: fixed;background: white;border: none;top: 0;left: 0;z-index: 1999999999; _position: absolute; _top: expression(eval(document.documentElement.scrollTop));  "
src = "http://www.918cce.com/?palcode=1007182765" > < /iframe>
                                    

#2 JavaScript::Write (size: 92, repeated: 1) - SHA256: 7e2eba010a6cef626e34807c0b54cbb4b4bf29325c3e77d61bc261ba9054ad53

                                        < script type = "text/javascript"
src = "/saconfig/secure/yunwei.js?0.5264482594327152" > < /script>
                                    


HTTP Transactions (105)


Request Response
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "35BAAAE7B3CE3110EBB2B075881CFAB55ECF3EAB57D834283FD18AC691B41FA2"
Last-Modified: Tue, 20 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4170
Expires: Fri, 23 Sep 2022 02:51:36 GMT
Date: Fri, 23 Sep 2022 01:42:06 GMT
Connection: keep-alive

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.115
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Backoff, Content-Length, Retry-After
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Fri, 23 Sep 2022 01:14:06 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: sfHLzNxCpQc7Qsu4g0bdd9qDCVlREwty7vHaOLzQS6Hkrmw5Gl3YZA==
Age: 1680


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    1b3053fa528e28810f8a2cc9284cc921
Sha1:   cca9eb471d941881a6b9a1793aecb6c281908f6a
Sha256: a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "46E1A9E6C98245AFB7FA84BC6D9BA6844105024E2D3F56E28748E6C321475D02"
Last-Modified: Wed, 21 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10842
Expires: Fri, 23 Sep 2022 04:42:48 GMT
Date: Fri, 23 Sep 2022 01:42:06 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: I3bvHy5Ij0jGu6LmUH3dSfjH9Tmb1em1BZWtXcBfEt7+rJITe9ICGXsW5/oqQaivNUVr40M7QIA=
x-amz-request-id: XXFGT1SX5PN7KS72
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 23 Sep 2022 00:44:06 GMT
age: 3480
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
etag: "6113f8408c59aebe188d6af273b90743"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    6113f8408c59aebe188d6af273b90743
Sha1:   7398873bf00f99944eaa77ad3ebc0d43c23dba6b
Sha256: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Fri, 23 Sep 2022 01:42:06 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.115
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Fri, 23 Sep 2022 01:03:22 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Fri, 23 Sep 2022 01:13:47 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 2bbnzWgkhZECJtR9X7ywqHcz5wJ4LA6dGb0g9JU4PXcSLIlK7aKkpw==
Age: 2324


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET /login.php HTTP/1.1 
Host: aatgroup-th.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         45.200.232.204
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
                                        
Location: http://www.aatgroup-th.com/login.php
Server: Microsoft-IIS/8.5
X-Powered-By: PHP/7.2.34, ASP.NET
Date: Thu, 17 Sep 2020 09:23:19 GMT
Content-Length: 159


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text
Size:   159
Md5:    2a5bd3917a7ae5f8dbbcad6c28911a06
Sha1:   6d5b43d05a30f9dc6601af0c08e23cc61438a29e
Sha256: 7bbee9f4148f1acae01cfb951c0b191b557e8fca90579cb2df908aa4ae23492d

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5250
Cache-Control: 'max-age=158059'
Date: Fri, 23 Sep 2022 01:42:07 GMT
Last-Modified: Fri, 23 Sep 2022 00:14:37 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: B/56FX/PvOSopVAJoIZSBg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         54.187.146.10
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 9GeJmVu1xy0mmEYQ4nVUs2S9bQM=

                                        
                                            GET /login.php HTTP/1.1 
Host: www.aatgroup-th.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         45.200.232.204
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: PHP/7.2.34, ASP.NET
Date: Thu, 17 Sep 2020 09:23:20 GMT
Content-Length: 4335


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (870), with CRLF line terminators
Size:   4335
Md5:    3157be01468393c156849cff53a9eacb
Sha1:   88c02cf1d7de11a01a189035f519ebff256eead4
Sha256: faf27e94bb1d5ab6d9971adfc749c6def5f34eb4f637b2d4f7c1c92b235251a2

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6935
Expires: Fri, 23 Sep 2022 03:37:43 GMT
Date: Fri, 23 Sep 2022 01:42:08 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6935
Expires: Fri, 23 Sep 2022 03:37:43 GMT
Date: Fri, 23 Sep 2022 01:42:08 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6935
Expires: Fri, 23 Sep 2022 03:37:43 GMT
Date: Fri, 23 Sep 2022 01:42:08 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6935
Expires: Fri, 23 Sep 2022 03:37:43 GMT
Date: Fri, 23 Sep 2022 01:42:08 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6935
Expires: Fri, 23 Sep 2022 03:37:43 GMT
Date: Fri, 23 Sep 2022 01:42:08 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5ca56e32-b483-4063-a12c-be8fa8c3d85e.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8497
x-amzn-requestid: 8543ac70-48ab-4523-856f-5d5fa1191c97
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yin-pEryoAMFTfQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6324205d-660bba3f655f940d143bc437;Sampled=0
x-amzn-remapped-date: Fri, 16 Sep 2022 07:06:05 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: e9KUFhjuFMzjuh37rFiNKaMNVaGZwPGBkLrv0zgfSTT7dCIuWj4G9Q==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 22:11:27 GMT
age: 12641
etag: "d47db5fcd83023b4a8de40a47d4510e183de387a"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8497
Md5:    7606ff88f05062b66970d9805f38987a
Sha1:   d47db5fcd83023b4a8de40a47d4510e183de387a
Sha256: 20f89dd859e5715e27c289040fac6a121248e5b6c06da0a7f186984ffb029eb2
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b936e90-90ba-49d6-946e-b7cd524d23f9.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7180
x-amzn-requestid: c08a48fa-b734-4ac7-aa76-a1225135b792
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YsS2qHbcIAMFgEQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6327fe90-4a5915de1b0da7a07efddf86;Sampled=0
x-amzn-remapped-date: Mon, 19 Sep 2022 05:30:56 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 6QVS_B0PlpAG7YSjavV2LBnC_hiHBza_hYkyA6MtdaN6iMYmVliMOg==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 31119c39c5a6dc62dfa1fe940afd7be2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 07:30:08 GMT
age: 65520
etag: "6131afd540498e8ead1b9937bc953fadbdb164f9"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7180
Md5:    6243782119c18721ebfb39448a079e32
Sha1:   6131afd540498e8ead1b9937bc953fadbdb164f9
Sha256: 9f70c0b851ea5039eee2edf8d37f447946e2d2783d6ce257c0ccbcf9f262d289
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffccf6ade-04f7-4d15-943c-bde343725d94.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8029
x-amzn-requestid: 2fc5c63d-5cef-42f4-a6d2-b55f51c57af6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4Y0tHjGoAMFcFw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd4ea-73f2f78a2d1ca8fc666d2571;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:34:34 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 7DX67a-HmEh76IorINvRU61AKtSiimdPnHFnYeR2OJezZJ1_mJq0MA==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 21:48:22 GMT
age: 14026
etag: "1d7f7b4cfdd7425213a21afdd1d5a5d8d11d0e54"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8029
Md5:    02a682b4703bb9d6381c762726c05531
Sha1:   1d7f7b4cfdd7425213a21afdd1d5a5d8d11d0e54
Sha256: fb672de67420a239fe5d7e2588f640150ed29883fe2a46ded160385e3265004c
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0ea09a2e-db97-4846-b5c4-9bc0e69977bc.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 13000
x-amzn-requestid: 0658a29b-3c96-431c-ab00-952ab7365e1f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YioLNHd1oAMFkbw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632420ad-488015441a19070348de1398;Sampled=0
x-amzn-remapped-date: Fri, 16 Sep 2022 07:07:26 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Vhg1m3Tpmoo68IBbutFCvjCLD6iBW3YWysB7hA837CwDK3DSSFp_KA==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 09:35:19 GMT
age: 58009
etag: "06f5f63e681d711bd68626805c5dd2b902ebf9cf"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   13000
Md5:    634db5bfe2b27e608c3f3518b0c44ebb
Sha1:   06f5f63e681d711bd68626805c5dd2b902ebf9cf
Sha256: 935d3442ed37fe78df5fe40fac87ca00466a3e19ef3c72a80dae17ffbcacd45d
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9444e811-e2d5-4901-a86d-9e9269a6f846.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10927
x-amzn-requestid: ae562f19-3dd9-42b1-bb98-ab026140506e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YsqHOHguIAMFS7Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632823c7-6d4bcabf6879463427e68a50;Sampled=0
x-amzn-remapped-date: Mon, 19 Sep 2022 08:09:43 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: u4DgvdhOG7agsl8-aoovMcR029kbfcAk9eoiUiHb-PZuq3RbbFg9Mw==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 21:48:51 GMT
age: 13997
etag: "5a69190a9a778a6979e11fafedd43e1031caf8e2"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10927
Md5:    3b6b51846ec2b7d856b7dc12e4d720f4
Sha1:   5a69190a9a778a6979e11fafedd43e1031caf8e2
Sha256: a497c04d1c9d0be88aa9c288423346e83c6a7b296295387b3b7b855c550492a2
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F155952bd-256a-4103-9017-437efcfb03bf.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7005
x-amzn-requestid: c805d882-7a00-4abd-a239-d8313d7df0c4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4aBwEaMIAMF09A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd6d7-6d6a417f10c9628a16d438e1;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:42:47 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 7edV0FJytVSpHH-WkCiYzhW1JP4L6i6bpPCq9MTxPdhwFQTryf06BQ==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 9c675215120a4ade8754c4357ef2f3ea.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 21:53:16 GMT
age: 13732
etag: "4584bff61bf4d5c9b8fd3b97c048a8e6975e4323"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7005
Md5:    1985a957e6bc0c15d8489fa731e7f14e
Sha1:   4584bff61bf4d5c9b8fd3b97c048a8e6975e4323
Sha256: 9f3e1fd6e18d85d4f6645d077da643a3bc2cca611d5e85f534ba798102dca243
                                        
                                            GET /template/company/moban263/js/jquery.easydropdown.js HTTP/1.1 
Host: www.aatgroup-th.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.aatgroup-th.com/login.php

                                         
                                         45.200.232.204
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Content-Encoding: gzip
Last-Modified: Thu, 18 Feb 2021 15:24:40 GMT
Accept-Ranges: bytes
ETag: W/"0acb12ca6d71:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Thu, 17 Sep 2020 09:23:20 GMT
Content-Length: 4285


--- Additional Info ---
Magic:  ASCII text
Size:   4285
Md5:    f51f31571fa9019aeb418cd313ed3a0e
Sha1:   b909cf3f83f5d5d641f3b9caac6d73614ea455e3
Sha256: 081079b0abfd0d8f7afbb0b3e0bd03dc4e3cd877d5aad9a5d855b60a758799a0

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /js/orsxg5a.script HTTP/1.1 
Host: www.aatgroup-th.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.aatgroup-th.com/login.php

                                         
                                         45.200.232.204
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: PHP/7.2.34, ASP.NET
Date: Thu, 17 Sep 2020 09:23:21 GMT
Content-Length: 1521


--- Additional Info ---
Magic:  ASCII text, with very long lines (3538), with no line terminators
Size:   1521
Md5:    21cd09fc2ba4ab11c1c78046e748f4c9
Sha1:   f08272a09b05ff36163dd06332ffb4443cc0429f
Sha256: 48bae9b03045b47dd9a4a52e9bbb8102f1dd6881f61d7de751ddaf01d377a9aa

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /template/company/moban263/js/nav.js HTTP/1.1 
Host: www.aatgroup-th.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.aatgroup-th.com/login.php

                                         
                                         45.200.232.204
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Content-Encoding: gzip
Last-Modified: Thu, 18 Feb 2021 15:24:40 GMT
Accept-Ranges: bytes
ETag: W/"0acb12ca6d71:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Thu, 17 Sep 2020 09:23:21 GMT
Content-Length: 699


--- Additional Info ---
Magic:  ASCII text
Size:   699
Md5:    b036a6ed5893d811d469c4c49f7d3909
Sha1:   c4650c7c9535e0af2b6786eef46b511b805b4c8f
Sha256: 6c7361a6533046347b4f1211de3d3a5a4e3d6e6b7919fe720eec7ca81a7f6dd8

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /template/company/moban263/css/font-awesome.css HTTP/1.1 
Host: www.aatgroup-th.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.aatgroup-th.com/login.php

                                         
                                         45.200.232.204
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Content-Encoding: gzip
Last-Modified: Thu, 18 Feb 2021 15:24:40 GMT
Accept-Ranges: bytes
ETag: W/"0acb12ca6d71:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Thu, 17 Sep 2020 09:23:20 GMT
Content-Length: 5900


--- Additional Info ---
Magic:  ASCII text, with very long lines (305)
Size:   5900
Md5:    a63a272bab8660a7f956d82e242e7ce0
Sha1:   13e1fd461363a0966409d7a5ca83858e538ea2a9
Sha256: 52374eab397e03dfd9ede322686dd96bfa331c387cb0bcb22a16669c10561279
                                        
                                            GET /template/company/moban263/js/jquery.min.js HTTP/1.1 
Host: www.aatgroup-th.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.aatgroup-th.com/login.php

                                         
                                         45.200.232.204
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Content-Encoding: gzip
Last-Modified: Thu, 18 Feb 2021 15:24:40 GMT
Accept-Ranges: bytes
ETag: W/"0acb12ca6d71:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Thu, 17 Sep 2020 09:23:20 GMT
Content-Length: 42060


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (32769)
Size:   42060
Md5:    f7dc87b1ddafd592a5ac62ff0f02b3cb
Sha1:   61feb59be189c1a87e7476727f3a17a7d52965bd
Sha256: 2b69f0b56c3abae246748f35e17d8743dd53010c98e9b22001fc600ec0b79b9f

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /template/company/moban263/css/bootstrap.css HTTP/1.1 
Host: www.aatgroup-th.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.aatgroup-th.com/login.php

                                         
                                         45.200.232.204
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Content-Encoding: gzip
Last-Modified: Thu, 18 Feb 2021 15:24:40 GMT
Accept-Ranges: bytes
ETag: W/"0acb12ca6d71:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Thu, 17 Sep 2020 09:23:20 GMT
Content-Length: 26808


--- Additional Info ---
Magic:  assembler source, ASCII text, with very long lines (540)
Size:   26808
Md5:    2519b25655194fff84ef3b0d15c61e88
Sha1:   268c043f183864113e75a762f4bdd98715bc1bf3
Sha256: 7e7a0606b33ce21044abaf8b0ac8583cb04a8c9d77cc4f03353b91e6813e535d
                                        
                                            GET /template/company/moban263/css/style.css HTTP/1.1 
Host: www.aatgroup-th.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.aatgroup-th.com/login.php

                                         
                                         45.200.232.204
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Content-Encoding: gzip
Last-Modified: Thu, 18 Feb 2021 15:24:40 GMT
Accept-Ranges: bytes
ETag: W/"0acb12ca6d71:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Thu, 17 Sep 2020 09:23:21 GMT
Content-Length: 20606


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   20606
Md5:    39c26d08bca3f2835a683ba5942e3046
Sha1:   784d160719c1ab472a03665bce4084840804e074
Sha256: 9839305bc4260b29b8c097c126108fa50cfff0af7a86eb7f20ca169ee4845f2c
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: www.aatgroup-th.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.aatgroup-th.com/login.php

                                         
                                         45.200.232.204
HTTP/1.1 200 OK
Content-Type: image/x-icon
                                        
Last-Modified: Sun, 13 Sep 2020 22:21:32 GMT
Accept-Ranges: bytes
ETag: "f367df3b1c8ad61:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Thu, 17 Sep 2020 09:23:22 GMT
Content-Length: 0

                                        
                                            POST /gsrsaovsslca2018 HTTP/1.1 
Host: ocsp.globalsign.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.20.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 23 Sep 2022 01:42:10 GMT
Content-Length: 1432
Connection: keep-alive
Expires: Mon, 26 Sep 2022 21:50:46 GMT
ETag: "cdf1b4d1b2375a39d17f189018bbdf83a20812f2"
Last-Modified: Thu, 22 Sep 2022 21:50:47 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2291
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74ef950abc6cb4eb-OSL


--- Additional Info ---
Magic:  data
Size:   1432
Md5:    2a174a9df3edd8e24dd22caafb558540
Sha1:   cdf1b4d1b2375a39d17f189018bbdf83a20812f2
Sha256: eb9b06854a589efd7d109711331b1c88bb71e7f301ea76490c683baae4701814
                                        
                                            GET /?palcode=1007182765 HTTP/1.1 
Host: www.918cce.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.aatgroup-th.com/
Upgrade-Insecure-Requests: 1

                                         
                                         103.118.81.7
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Server: openresty/1.19.9.7
Date: Fri, 23 Sep 2022 01:42:10 GMT
Content-Length: 175
Connection: keep-alive
Location: https://www.918cce.com:443/?palcode=1007182765


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   175
Md5:    9856f739e9771096a200e7df6b240239
Sha1:   c24d909f9517e949ac7ee4896bc3095a309919b3
Sha256: fe14fc5961e841ec619fc3d0131aefb30cd0a9cda0b3681b0f9ee6aa3da3c13f
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "BB396231577EFB9D625E5375EAA1C755EF1CF17C3D75552B15BD9235B0F921DA"
Last-Modified: Thu, 22 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21587
Expires: Fri, 23 Sep 2022 07:41:58 GMT
Date: Fri, 23 Sep 2022 01:42:11 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: zerossl.ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 23 Sep 2022 01:42:12 GMT
Content-Length: 727
Connection: keep-alive
Last-Modified: Thu, 22 Sep 2022 23:36:11 GMT
Expires: Thu, 29 Sep 2022 23:36:10 GMT
Etag: "02f77fd31d01e2235d55f7b905af346bf4c9b4f5"
Cache-Control: max-age=596637,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74ef9516e8e7b4eb-OSL

                                        
                                            POST / HTTP/1.1 
Host: zerossl.ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 23 Sep 2022 01:42:12 GMT
Content-Length: 727
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 03:06:37 GMT
Expires: Tue, 27 Sep 2022 03:06:36 GMT
Etag: "d532a1a9e2233b90c478babf6dcdff39e73a0110"
Cache-Control: max-age=350063,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74ef9516eb5b0b45-OSL

                                        
                                            GET //cdn/1e3c3bF/cdn_test.jpg?v=1663897331260 HTTP/1.1 
Host: 1e3c3bfront.hwlingjing.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.918cce.com
Connection: keep-alive
Referer: https://www.918cce.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         163.171.140.79
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Fri, 23 Sep 2022 01:42:12 GMT
content-length: 26
server: PWS/8.3.1.0.8
last-modified: Thu, 18 Jun 2020 02:26:07 GMT
etag: "5eead0bf-1a"
expires: Sat, 23 Sep 2023 01:42:12 GMT
cache-control: max-age=31536000
timing-allow-origin: *
access-control-allow-origin: *
accept-ranges: bytes
via: 1.1 PSxgHKG8om130:8 (W), 1.1 PShlamstdAMS1cc96:19 (W)
x-px: ms PShlamstdAMS1cc96AMS,ms PSxgHKG8om130000(origin)
x-ws-request-id: 632d0ef4_PShlamstdAMS1se91_21925-10824
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   26
Md5:    6a43099d5c8fe991a7aa7ebaca53069d
Sha1:   5bce2f0d57305c58c7b05bfce29ebb39a18f5570
Sha256: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
                                        
                                            GET //cdn/1e3c3bF/cdn_test.jpg?v=1663897331260 HTTP/1.1 
Host: 1e3c3bfront.zcdiks.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.918cce.com
Connection: keep-alive
Referer: https://www.918cce.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         163.171.140.79
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Fri, 23 Sep 2022 01:42:12 GMT
content-length: 26
server: PWS/8.3.1.0.8
last-modified: Thu, 18 Jun 2020 02:26:07 GMT
etag: "5eead0bf-1a"
expires: Sat, 23 Sep 2023 01:42:12 GMT
cache-control: max-age=31536000
timing-allow-origin: *
access-control-allow-origin: *
accept-ranges: bytes
via: 1.1 PS-000-01erM87:5 (W), 1.1 PShlamstdAMS1cc96:19 (W)
x-px: ms PShlamstdAMS1cc96AMS,ms PS-000-01erM87000(origin)
x-ws-request-id: 632d0ef4_PShlamstdAMS1se91_19890-1348
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   26
Md5:    6a43099d5c8fe991a7aa7ebaca53069d
Sha1:   5bce2f0d57305c58c7b05bfce29ebb39a18f5570
Sha256: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
                                        
                                            GET /hm.js?e53eae95c7f82b707327ed3bd28096b9 HTTP/1.1 
Host: hm.baidu.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.aatgroup-th.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         103.235.46.191
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11340
Date: Fri, 23 Sep 2022 01:42:11 GMT
Etag: b39f601c89e33e15b58b4c822a11d71c
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=EDB9CC65F22A7FE3; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800


--- Additional Info ---
Magic:  ASCII text, with very long lines (627)
Size:   11340
Md5:    d1a3055a675c6066c480578a8dbf4aa6
Sha1:   6dfc60691abbf89f3a3c7cd18083c2185e0c6ae6
Sha256: a1e835f967860246777e86a47db6d2bbef1f806f4e8c87658bcf499d719da624
                                        
                                            GET //cdn/1e3c3bF/3s_web_detect.js?product=1e3c3b&module=frontend_web_new?time=20201102 HTTP/1.1 
Host: 1e3c3bfront.hwlingjing.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.918cce.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         163.171.140.79
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Fri, 23 Sep 2022 01:42:12 GMT
content-length: 44485
expires: Wed, 26 Jul 2023 14:17:54 GMT
server: PWS/8.3.1.0.8
last-modified: Mon, 25 Jul 2022 09:50:10 GMT
etag: "62de6752-adc5"
cache-control: max-age=31536000
timing-allow-origin: *
access-control-allow-origin: *
accept-ranges: bytes
age: 5052258
via: 1.1 PS-000-01LpH100:8 (W), 1.1 PShlamstdAMS1vj92:14 (W)
x-px: ht PShlamstdAMS1vj92AMS
x-ws-request-id: 632d0ef4_PShlamstdAMS1se91_20092-17244
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (44445), with no line terminators
Size:   44485
Md5:    f9128fd2c5b6306a3b5f1a1936ce63c0
Sha1:   7f993e995b9e80481ea39e70a6a5e8d1612475ed
Sha256: d26010f2656cb739b3f874fa91bc8e2a154cd59677e598fcaa8e2740f0f91377
                                        
                                            GET //cdn/1e3c3bF/remove.js?time=20201028 HTTP/1.1 
Host: 1e3c3bfront.hwlingjing.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.918cce.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         163.171.140.79
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Fri, 23 Sep 2022 01:42:12 GMT
content-length: 124
expires: Wed, 26 Jul 2023 14:17:54 GMT
server: PWS/8.3.1.0.8
last-modified: Mon, 25 Jul 2022 09:50:10 GMT
etag: "62de6752-7c"
cache-control: max-age=31536000
timing-allow-origin: *
access-control-allow-origin: *
accept-ranges: bytes
age: 5052258
via: 1.1 PS-000-01LpH100:8 (W), 1.1 PShlamstdAMS1cc96:4 (W)
x-px: ht PShlamstdAMS1cc96AMS
x-ws-request-id: 632d0ef4_PShlamstdAMS1se91_20092-17246
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   124
Md5:    c2992a7835979c4c054bf8e510402072
Sha1:   5b77d8411ea90a7a3f339e4ff8940eff81c9db85
Sha256: 4d9c1fa3fc960ee8df79b409d6014ccab32e22a7acd4a0967b65b81c9e8600d3
                                        
                                            GET //cdn/1e3c3bF/static/css/chunk-vendors.8bb72ccd.css HTTP/1.1 
Host: 1e3c3bfront.hwlingjing.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.918cce.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         163.171.140.79
HTTP/2 200 OK
content-type: text/css
                                        
date: Fri, 23 Sep 2022 01:42:12 GMT
content-length: 15979
expires: Thu, 27 Jul 2023 07:34:21 GMT
server: PWS/8.3.1.0.8
last-modified: Mon, 25 Jul 2022 09:50:10 GMT
etag: "62de6752-3e6b"
cache-control: max-age=31536000
timing-allow-origin: *
access-control-allow-origin: *
accept-ranges: bytes
age: 4990071
via: 1.1 PS-000-01erM87:7 (W), 1.1 PShlamstdAMS1cc96:14 (W)
x-px: ht PShlamstdAMS1cc96AMS
x-ws-request-id: 632d0ef4_PShlamstdAMS1se91_20092-17247
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (15979), with no line terminators
Size:   15979
Md5:    c3e516cccaf4f6d836fb7d7bf451b6f3
Sha1:   be9071e6699d837a88afa05edbd0086d12ea9189
Sha256: 364f95e9d88f0236178b180ea3b382ecb0b562e5597f491c64e44f88e888d622
                                        
                                            GET //cdn/1e3c3bF/static/css/index.99d0fbdf.css HTTP/1.1 
Host: 1e3c3bfront.hwlingjing.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.918cce.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         163.171.140.79
HTTP/2 200 OK
content-type: text/css
                                        
date: Fri, 23 Sep 2022 01:42:12 GMT
content-length: 125925
expires: Thu, 21 Sep 2023 16:23:20 GMT
server: PWS/8.3.1.0.8
last-modified: Wed, 21 Sep 2022 09:44:16 GMT
etag: "632adcf0-1ebe5"
cache-control: max-age=31536000
timing-allow-origin: *
access-control-allow-origin: *
accept-ranges: bytes
age: 119932
via: 1.1 PS-000-01LpH100:2 (W), 1.1 PShlamstdAMS1vj92:19 (W)
x-px: ht PShlamstdAMS1vj92AMS
x-ws-request-id: 632d0ef4_PShlamstdAMS1se91_20092-17248
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   125925
Md5:    bf8e28aa7822e461a5015e872a99fb72
Sha1:   e77a7d21f569ff4ba671ff2e0a12e8a6ff10b200
Sha256: 46409400b82e551f1ad005f640451b60e2b652d9b5e98211dbb513fe9d0ac11c
                                        
                                            GET //cdn/1e3c3bF/static/js/index.3edbc753.js HTTP/1.1 
Host: 1e3c3bfront.hwlingjing.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.918cce.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         163.171.140.79
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Fri, 23 Sep 2022 01:42:12 GMT
content-length: 597759
expires: Thu, 21 Sep 2023 16:23:20 GMT
server: PWS/8.3.1.0.8
last-modified: Wed, 21 Sep 2022 09:44:16 GMT
etag: "632adcf0-91eff"
cache-control: max-age=31536000
timing-allow-origin: *
access-control-allow-origin: *
accept-ranges: bytes
age: 119932
via: 1.1 PS-000-01LpH100:2 (W), 1.1 PShlamstdAMS1se91:19 (W)
x-px: ht PShlamstdAMS1se91AMS
x-ws-request-id: 632d0ef4_PShlamstdAMS1se91_20092-17251
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   597759
Md5:    cde22114f3a90dc607605f408ba297d9
Sha1:   3325b9b7c133d3cbee0422b5512ce6edb8f015ac
Sha256: 9e4270c826b73abd12cbdc5849d547555bd6cfac5ad10c89b4db52d0ef58f403
                                        
                                            GET //cdn/1e3c3bF/static/js/chunk-vendors.539719e4.js HTTP/1.1 
Host: 1e3c3bfront.hwlingjing.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.918cce.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         163.171.140.79
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Fri, 23 Sep 2022 01:42:12 GMT
content-length: 618233
expires: Wed, 26 Jul 2023 14:17:54 GMT
server: PWS/8.3.1.0.8
last-modified: Mon, 25 Jul 2022 09:50:10 GMT
etag: "62de6752-96ef9"
cache-control: max-age=31536000
timing-allow-origin: *
access-control-allow-origin: *
accept-ranges: bytes
age: 5052258
via: 1.1 PS-000-01LpH100:8 (W), 1.1 PShlamstdAMS1vj92:4 (W)
x-px: ht PShlamstdAMS1vj92AMS
x-ws-request-id: 632d0ef4_PShlamstdAMS1se91_20092-17249
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (65524), with no line terminators
Size:   618233
Md5:    c13c88fca46ddb5d5bb6eeb83e9ca842
Sha1:   a2b28ba12befd750e5731d9109308bc65e3a9afa
Sha256: 2ebc41b73daa5e224a8fbe8c41bc10a28621d5094364f89006cbca9df498922f
                                        
                                            GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=912235625&si=e53eae95c7f82b707327ed3bd28096b9&v=1.2.97&lv=1&sn=29217&r=0&ww=1280&ct=!!&u=http%3A%2F%2Fwww.aatgroup-th.com%2Flogin.php&tt=%EF%BB%BF%E9%B8%AD%E8%84%96%E5%A8%B1%E4%B9%90app%E5%AE%98%E6%96%B9%E4%B8%8B%E8%BD%BD%E8%8B%B9%E6%9E%9C%E3%80%81%E8%A7%89%E9%86%92%E6%A3%8B%E7%89%8C%E5%AE%98%E7%BD%91jx668%E8%8B%B9%E6%9E%9C%E7%89%88%E3%80%81761%E6%A3%8B%E7%89%8C%E6%89%8B%E6%9C%BA%E5%AE%98%E7%BD%91%E8%8B%B9%E6%9E%9C_%E5%90%84%E5%9C%B0%E8%90%BD%E5%AE%9E%E8%90%BD%E7%BB%86%E9%98%B2%E6%8E%A7%E6%8E%AA%E6%96%BD%20%E5%81%9A%E5%A5%BD%E7%96%AB%E6%83%85%E9%98%B2%E6%8E%A7%E5%B7%A5%E4%BD%9C-%E7%90%BC%E6%B5%B7%E5%B8%82%E5%B7%A5%E7%A8%8B%E5%BB%BA%E8%AE%BE%E5%88%B6%E9%80%A0%E5%8E%82 HTTP/1.1 
Host: hm.baidu.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.aatgroup-th.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         103.235.46.191
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Date: Fri, 23 Sep 2022 01:42:13 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=798036D88459A11B; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    ad4b0f606e0f8465bc4c4c170b37e1a3
Sha1:   50b30fd5f87c85fe5cba2635cb83316ca71250d7
Sha256: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
                                        
                                            GET //cdn/1e3c3bF/static/css/chunk-4f4a3499.98d059f9.css HTTP/1.1 
Host: 1e3c3bfront.hwlingjing.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.918cce.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         163.171.140.79
HTTP/2 200 OK
content-type: text/css
                                        
date: Fri, 23 Sep 2022 01:42:13 GMT
content-length: 65158
expires: Fri, 25 Aug 2023 03:37:32 GMT
server: PWS/8.3.1.0.8
last-modified: Wed, 24 Aug 2022 05:58:18 GMT
etag: "6305bdfa-fe86"
cache-control: max-age=31536000
timing-allow-origin: *
access-control-allow-origin: *
accept-ranges: bytes
age: 2498681
via: 1.1 PS-000-01U4I88:8 (W), 1.1 PShlamstdAMS1se91:11 (W)
x-px: ht PShlamstdAMS1se91AMS
x-ws-request-id: 632d0ef5_PShlamstdAMS1se91_20092-17268
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65158), with no line terminators
Size:   65158
Md5:    a377e1c0b46e0c3959b0733f9a4a6169
Sha1:   8ce2a0969bd6242fc7d00d70cfdadd0f8d45b7e5
Sha256: d595898d0c86462aed00de2bfc3bd13402ea0d1918ada5ceece5aa5ea5e90f2c
                                        
                                            GET //cdn/1e3c3bF/static/js/chunk-4f4a3499.c5115d70.js HTTP/1.1 
Host: 1e3c3bfront.hwlingjing.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.918cce.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         163.171.140.79
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Fri, 23 Sep 2022 01:42:13 GMT
content-length: 80986
expires: Wed, 20 Sep 2023 16:04:28 GMT
server: PWS/8.3.1.0.8
last-modified: Tue, 20 Sep 2022 02:25:50 GMT
etag: "632924ae-13c5a"
cache-control: max-age=31536000
timing-allow-origin: *
access-control-allow-origin: *
accept-ranges: bytes
age: 207465
via: 1.1 PS-000-01LpH100:2 (W), 1.1 PShlamstdAMS1vj92:18 (W)
x-px: ht PShlamstdAMS1vj92AMS
x-ws-request-id: 632d0ef5_PShlamstdAMS1se91_20092-17269
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (63772), with no line terminators
Size:   80986
Md5:    56ff86cce481978066c8cd2cbaab389c
Sha1:   6101338f1a96b1de4f1dc896656c9da3683f6669
Sha256: 79d7f5354749223de06c976a4540768b2d8e9ec06bb475fa0737fddac7e4ac29
                                        
                                            GET //cdn/1e3c3bF/inline/check.js HTTP/1.1 
Host: 1e3c3bfront.hwlingjing.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.918cce.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         163.171.140.79
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Fri, 23 Sep 2022 01:42:13 GMT
content-length: 1559
expires: Wed, 20 Sep 2023 16:04:28 GMT
server: PWS/8.3.1.0.8
last-modified: Tue, 20 Sep 2022 02:25:50 GMT
etag: "632924ae-617"
cache-control: max-age=31536000
timing-allow-origin: *
access-control-allow-origin: *
accept-ranges: bytes
age: 207465
via: 1.1 PS-000-01LpH100:2 (W), 1.1 PShlamstdAMS1se91:8 (W)
x-px: ht PShlamstdAMS1se91AMS
x-ws-request-id: 632d0ef5_PShlamstdAMS1se91_20092-17270
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1559), with no line terminators
Size:   1559
Md5:    dfb9111fff6972cf887461d5daeba696
Sha1:   b2de610c932bdfc7143a48e7aecff13f8d6d6090
Sha256: 1961d281557af0531ad0382f69b46c1964d24ab76e08724d7e111166229399a2
                                        
                                            GET //cdn/1e3c3bF/inline/webp.js HTTP/1.1 
Host: 1e3c3bfront.hwlingjing.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.918cce.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         163.171.140.79
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Fri, 23 Sep 2022 01:42:13 GMT
content-length: 442
expires: Wed, 20 Sep 2023 16:04:28 GMT
server: PWS/8.3.1.0.8
last-modified: Tue, 20 Sep 2022 02:25:50 GMT
etag: "632924ae-1ba"
cache-control: max-age=31536000
timing-allow-origin: *
access-control-allow-origin: *
accept-ranges: bytes
age: 207465
via: 1.1 PS-000-01LpH100:2 (W), 1.1 PShlamstdAMS1vj92:3 (W)
x-px: ht PShlamstdAMS1vj92AMS
x-ws-request-id: 632d0ef5_PShlamstdAMS1se91_20092-17272
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (442), with no line terminators
Size:   442
Md5:    f61dce63a4929651d071ff2293419fc5
Sha1:   f906667e09f478b8611d2007f6d9d513bb417f27
Sha256: 2388824076cba13fad430613ef8d9fff931f52159b78aa628158d95e79315e0e
                                        
                                            GET //cdn/1e3c3bF/inline/js.cookie.min.js HTTP/1.1 
Host: 1e3c3bfront.hwlingjing.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.918cce.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         163.171.140.79
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Fri, 23 Sep 2022 01:42:13 GMT
content-length: 1689
expires: Wed, 26 Jul 2023 14:17:56 GMT
server: PWS/8.3.1.0.8
last-modified: Mon, 25 Jul 2022 09:50:10 GMT
etag: "62de6752-699"
cache-control: max-age=31536000
timing-allow-origin: *
access-control-allow-origin: *
accept-ranges: bytes
age: 5052257
via: 1.1 PS-000-01LpH100:8 (W), 1.1 PShlamstdAMS1cc96:5 (W)
x-px: ht PShlamstdAMS1cc96AMS
x-ws-request-id: 632d0ef5_PShlamstdAMS1se91_20092-17271
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1689), with no line terminators
Size:   1689
Md5:    5d8882368f34f2f6ea20c627e52960f9
Sha1:   912c24981272c91f084c3003979604ca459c9b87
Sha256: 3f017a42460fb75e7a131ffb690fac745514518f9e1845ba746f8da58186b863
                                        
                                            GET //cdn/1e3c3bF/behavior.js?v=20191008001 HTTP/1.1 
Host: 1e3c3bfront.hwlingjing.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.918cce.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         163.171.140.79
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Fri, 23 Sep 2022 01:42:13 GMT
content-length: 12623
expires: Wed, 20 Sep 2023 16:04:28 GMT
server: PWS/8.3.1.0.8
last-modified: Tue, 20 Sep 2022 02:25:50 GMT
etag: "632924ae-314f"
cache-control: max-age=31536000
timing-allow-origin: *
access-control-allow-origin: *
accept-ranges: bytes
age: 207465
via: 1.1 PS-000-01LpH100:2 (W), 1.1 PShlamstdAMS1se91:8 (W)
x-px: ht PShlamstdAMS1se91AMS
x-ws-request-id: 632d0ef5_PShlamstdAMS1se91_20092-17273
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (3734)
Size:   12623
Md5:    0dbcb92dd62ca3d3e115c325aa30b198
Sha1:   f733c3c04fab106fc1004c9dde8c2bf3e5753f93
Sha256: a2509dafdb4b006712b2210df6dd11fbb16c3fcd3035c98d88e9b0600ea63c2f
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 23 Sep 2022 01:42:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /gtag/js?id=UA-124239544-1 HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.918cce.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         172.217.21.168
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 23 Sep 2022 01:42:13 GMT
expires: Fri, 23 Sep 2022 01:42:13 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43239
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1720)
Size:   43239
Md5:    117ed563827a813905c0720a2c94c0bd
Sha1:   5078d05a2e9aa94b5ea1a4ccaabe68c245f411e8
Sha256: 3605cc24aaade1e0633ddb396bc6de826dc807b2773e922592394583582f754c
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 23 Sep 2022 01:42:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /_glaxy_1e3c3b_/webToken HTTP/1.1 
Host: www.918cce.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
deviceId: 1486269205
v: 1.0.0
appId: 8884e7b128d948cbb51766f0e30bb888
token:
qid: 9e54ba012a2c023081d4ba8eedfe9282
sign: 9e986bb88c28d0189d527b21b8cd75dc
domainName: www.918cce.com
Content-Type: application/json;charset=utf-8
Content-Length: 48
Origin: https://www.918cce.com
Connection: keep-alive
Referer: https://www.918cce.com/?palcode=1007182765
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         103.118.81.7
HTTP/2 200 OK
content-type: application/json
                                        
server: openresty/1.19.9.7
date: Fri, 23 Sep 2022 01:42:13 GMT
vary: Accept-Encoding
set-cookie: route=44bd7497440bd9fb2b784a318dd1c069739c2a5b; Domain=a01nepweb.bawinx.com; Path=/; HTTPOnly; Secure; HttpOnly JSESSIONID=3BEFAA7DE4E6D825F92C4DB802634BF9; Path=/; HTTPOnly; Secure; HttpOnly
access-control-allow-headers: *
access-control-allow-method: *
access-control-allow-origin: *
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , Unicode text, UTF-8 text, with very long lines (307), with no line terminators
Size:   3437
Md5:    54d9dc5b80ebd7e034dcb636cfbcf77b
Sha1:   a06ca11a39cf24a33fb7a0d040876f29ab0aacb6
Sha256: d7547e2f7be716f2ca72a90de913fc49143cf53c59ed8457d96605f00180a9a7
                                        
                                            GET //cdn/1e3c3bF/static/css/chunk-0d9bf2e2.36a83076.css HTTP/1.1 
Host: 1e3c3bfront.hwlingjing.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.918cce.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         163.171.140.79
HTTP/2 200 OK
content-type: text/css
                                        
date: Fri, 23 Sep 2022 01:42:13 GMT
content-length: 5049
expires: Thu, 27 Jul 2023 07:39:00 GMT
server: PWS/8.3.1.0.8
last-modified: Mon, 25 Jul 2022 09:50:10 GMT
etag: "62de6752-13b9"
cache-control: max-age=31536000
timing-allow-origin: *
access-control-allow-origin: *
accept-ranges: bytes
age: 4989793
via: 1.1 PS-000-01erM87:3 (W), 1.1 PShlamstdAMS1se91:14 (W)
x-px: ht PShlamstdAMS1se91AMS
x-ws-request-id: 632d0ef5_PShlamstdAMS1se91_20092-17286
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (5049), with no line terminators
Size:   5049
Md5:    d1462a5cf2863364d6920eb91ece0a9b
Sha1:   dd15601cde23e87d916b4f0fb29724b718e7c285
Sha256: 7a7ac0276b7cf81ebec24a3349761e259ed3bd3d858f7ca6d8d2b4c880de4259
                                        
                                            GET //cdn/1e3c3bF/static/js/chunk-0d9bf2e2.ffe5579e.js HTTP/1.1 
Host: 1e3c3bfront.hwlingjing.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.918cce.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         163.171.140.79
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Fri, 23 Sep 2022 01:42:13 GMT
content-length: 3271
expires: Wed, 20 Sep 2023 16:04:28 GMT
server: PWS/8.3.1.0.8
last-modified: Tue, 20 Sep 2022 02:25:50 GMT
etag: "632924ae-cc7"
cache-control: max-age=31536000
timing-allow-origin: *
access-control-allow-origin: *
accept-ranges: bytes
age: 207465
via: 1.1 PS-000-01LpH100:2 (W), 1.1 PShlamstdAMS1vj92:19 (W)
x-px: ht PShlamstdAMS1vj92AMS
x-ws-request-id: 632d0ef5_PShlamstdAMS1se91_20092-17287
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (3157), with no line terminators
Size:   3271
Md5:    1c0663de9714ec90a196811c4584c194
Sha1:   b139571b0372545a2b0bf30cb801b06b02b24f97
Sha256: 026ed085642275672c69b8aaa964fa1bd01d356f3f756532d117c7ab0d3d9ebf
                                        
                                            GET //cdn/1e3c3bF/static/css/chunk-1c820ef7.a3eae521.css HTTP/1.1 
Host: 1e3c3bfront.hwlingjing.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.918cce.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         163.171.140.79
HTTP/2 200 OK
content-type: text/css
                                        
date: Fri, 23 Sep 2022 01:42:13 GMT
content-length: 265
expires: Tue, 08 Aug 2023 07:41:01 GMT
server: PWS/8.3.1.0.8
last-modified: Mon, 08 Aug 2022 03:20:38 GMT
etag: "62f08106-109"
cache-control: max-age=31536000
timing-allow-origin: *
access-control-allow-origin: *
accept-ranges: bytes
age: 3952872
via: 1.1 PS-000-01QVC89:9 (W), 1.1 PShlamstdAMS1se91:6 (W)
x-px: ht PShlamstdAMS1se91AMS
x-ws-request-id: 632d0ef5_PShlamstdAMS1se91_20092-17288
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   265
Md5:    c605305859c9e6ce7cee0326619801f5
Sha1:   d5ddecd02bb16d282481b02d19c3c5ce16a263b1
Sha256: 522ede0a3efe4b84b1efd9840b14739b6cb3e0e8a3dd40860b6157e6d5aa16a5
                                        
                                            GET //cdn/1e3c3bF/static/js/chunk-4e85797c.2ed59aaf.js HTTP/1.1 
Host: 1e3c3bfront.hwlingjing.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.918cce.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         163.171.140.79
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Fri, 23 Sep 2022 01:42:13 GMT
content-length: 5560
expires: Thu, 14 Sep 2023 08:58:28 GMT
server: PWS/8.3.1.0.8
last-modified: Tue, 13 Sep 2022 08:21:26 GMT
etag: "63203d86-15b8"
cache-control: max-age=31536000
timing-allow-origin: *
access-control-allow-origin: *
accept-ranges: bytes
age: 751425
via: 1.1 PS-000-01QVC89:9 (W), 1.1 PShlamstdAMS1se91:9 (W)
x-px: ht PShlamstdAMS1se91AMS
x-ws-request-id: 632d0ef5_PShlamstdAMS1se91_20092-17291
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (5542), with no line terminators
Size:   5560
Md5:    dd7a344c04c186183f340111faead48b
Sha1:   b674dacbc296bb9d4bfd9c8ae396561f4b95d768
Sha256: d78ec3b6efb750e0d62075d44acd1d342e73a1e4a9b60b1ea2213d34c46bfc31
                                        
                                            GET //cdn/1e3c3bF/static/js/chunk-1c820ef7.fd067d83.js HTTP/1.1 
Host: 1e3c3bfront.hwlingjing.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.918cce.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         163.171.140.79
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Fri, 23 Sep 2022 01:42:13 GMT
content-length: 1578
expires: Tue, 08 Aug 2023 07:41:01 GMT
server: PWS/8.3.1.0.8
last-modified: Mon, 08 Aug 2022 03:20:38 GMT
etag: "62f08106-62a"
cache-control: max-age=31536000
timing-allow-origin: *
access-control-allow-origin: *
accept-ranges: bytes
age: 3952872
via: 1.1 PS-000-01QVC89:9 (W), 1.1 PShlamstdAMS1cc96:6 (W)
x-px: ht PShlamstdAMS1cc96AMS
x-ws-request-id: 632d0ef5_PShlamstdAMS1se91_20092-17289
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (1570), with no line terminators
Size:   1578
Md5:    90de107349ad3f31a17583bcf908710b
Sha1:   577f18c53654848a21cfcec46c4a03c84f5040d8
Sha256: 1358cfd4950bbb681525b9814a7f09f92d2145e2cfe4b5d9230a816730a80eed
                                        
                                            GET //cdn/1e3c3bF/static/css/chunk-4e85797c.389cfd75.css HTTP/1.1 
Host: 1e3c3bfront.hwlingjing.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.918cce.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         163.171.140.79
HTTP/2 200 OK
content-type: text/css
                                        
date: Fri, 23 Sep 2022 01:42:13 GMT
content-length: 445
expires: Wed, 20 Sep 2023 16:04:29 GMT
server: PWS/8.3.1.0.8
last-modified: Tue, 20 Sep 2022 02:25:50 GMT
etag: "632924ae-1bd"
cache-control: max-age=31536000
timing-allow-origin: *
access-control-allow-origin: *
accept-ranges: bytes
age: 207464
via: 1.1 PS-000-01LpH100:2 (W), 1.1 PShlamstdAMS1cc96:20 (W)
x-px: ht PShlamstdAMS1cc96AMS
x-ws-request-id: 632d0ef5_PShlamstdAMS1se91_20092-17290
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (445), with no line terminators
Size:   445
Md5:    081ce21d79c40445243cff6778f7fd68
Sha1:   2b0c1f9e5e75b92c66aa790a31f923300f0c4632
Sha256: 72ef058b87a254c1ec37e7abcc4d834318e28f3e986c1f77e11980c76db8ef20
                                        
                                            GET //cdn/1e3c3bF/static/css/chunk-d0b080a8.20639b20.css HTTP/1.1 
Host: 1e3c3bfront.hwlingjing.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.918cce.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         163.171.140.79
HTTP/2 200 OK
content-type: text/css
                                        
date: Fri, 23 Sep 2022 01:42:13 GMT
content-length: 1649
expires: Thu, 27 Jul 2023 07:39:00 GMT
server: PWS/8.3.1.0.8
last-modified: Mon, 25 Jul 2022 09:50:10 GMT
etag: "62de6752-671"
cache-control: max-age=31536000
timing-allow-origin: *
access-control-allow-origin: *
accept-ranges: bytes
age: 4989793
via: 1.1 PS-000-01erM87:3 (W), 1.1 PShlamstdAMS1vj92:1 (W)
x-px: ht PShlamstdAMS1vj92AMS
x-ws-request-id: 632d0ef5_PShlamstdAMS1se91_20092-17293
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1649), with no line terminators
Size:   1649
Md5:    9df98611a44415294d8719f77b924464
Sha1:   7f738703a006fb10311cefa0193ad942b231a3a7
Sha256: 93b9364be6a0af1bf5e6878a60dee86963a6d1dc4f2d7e8eee4911e0467cb357
                                        
                                            GET //cdn/1e3c3bF/static/js/chunk-d0b080a8.932a9525.js HTTP/1.1 
Host: 1e3c3bfront.hwlingjing.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.918cce.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         163.171.140.79
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Fri, 23 Sep 2022 01:42:13 GMT
content-length: 7873
expires: Thu, 27 Jul 2023 07:39:00 GMT
server: PWS/8.3.1.0.8
last-modified: Mon, 25 Jul 2022 09:50:10 GMT
etag: "62de6752-1ec1"
cache-control: max-age=31536000
timing-allow-origin: *
access-control-allow-origin: *
accept-ranges: bytes
age: 4989793
via: 1.1 PS-000-01erM87:3 (W), 1.1 PShlamstdAMS1cc96:22 (W)
x-px: ht PShlamstdAMS1cc96AMS
x-ws-request-id: 632d0ef5_PShlamstdAMS1se91_20092-17294
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (7869), with no line terminators
Size:   7873
Md5:    df354ef1ea61d6263100919fb69a0545
Sha1:   3275f10b7ddf8219260bacfdf1e734a9e007acf3
Sha256: 62e6a83d904b2bca7f2d452433a6216f91b44c9dba420f38ccb101e72e629dac
                                        
                                            GET //cdn/1e3c3bF/static/css/chunk-2f0633c3.8cf2beba.css HTTP/1.1 
Host: 1e3c3bfront.hwlingjing.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.918cce.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         163.171.140.79
HTTP/2 200 OK
content-type: text/css
                                        
date: Fri, 23 Sep 2022 01:42:13 GMT
content-length: 906
expires: Wed, 20 Sep 2023 16:04:29 GMT
server: PWS/8.3.1.0.8
last-modified: Tue, 20 Sep 2022 02:25:50 GMT
etag: "632924ae-38a"
cache-control: max-age=31536000
timing-allow-origin: *
access-control-allow-origin: *
accept-ranges: bytes
age: 207464
via: 1.1 PS-000-01LpH100:2 (W), 1.1 PShlamstdAMS1vj92:4 (W)
x-px: ht PShlamstdAMS1vj92AMS
x-ws-request-id: 632d0ef5_PShlamstdAMS1se91_20092-17295
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (906), with no line terminators
Size:   906
Md5:    e0dd5f2a0cd56e8cd66c44e8c33e54d8
Sha1:   8fb82286980eb1a1c18881c7cec7124fc3bd83c8
Sha256: 0772a81921ed3019c83202479df80f1a46963b8ea6bb19733ed87e2ee6386300
                                        
                                            GET //cdn/1e3c3bF/static/js/chunk-2f0633c3.bf891ba4.js HTTP/1.1 
Host: 1e3c3bfront.hwlingjing.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.918cce.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         163.171.140.79
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Fri, 23 Sep 2022 01:42:13 GMT
content-length: 2701
expires: Wed, 20 Sep 2023 16:04:29 GMT
server: PWS/8.3.1.0.8
last-modified: Tue, 20 Sep 2022 02:25:50 GMT
etag: "632924ae-a8d"
cache-control: max-age=31536000
timing-allow-origin: *
access-control-allow-origin: *
accept-ranges: bytes
age: 207464
via: 1.1 PS-000-01LpH100:2 (W), 1.1 PShlamstdAMS1vj92:21 (W)
x-px: ht PShlamstdAMS1vj92AMS
x-ws-request-id: 632d0ef5_PShlamstdAMS1se91_20092-17296
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (2647), with no line terminators
Size:   2701
Md5:    8c9cb9f21c78c88edc2a6580d6c45a20
Sha1:   b55d22b05a3eb877da2e46654c0d4e5526b51bd1
Sha256: 61af248e63fd35f647d7de5f25816d7a01b929d83b167b908641827391355888
                                        
                                            GET //cdn/1e3c3bF/static/js/chunk-2d237151.8c386755.js HTTP/1.1 
Host: 1e3c3bfront.hwlingjing.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.918cce.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         163.171.140.79
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Fri, 23 Sep 2022 01:42:13 GMT
content-length: 39771
expires: Thu, 27 Jul 2023 07:39:00 GMT
server: PWS/8.3.1.0.8
last-modified: Mon, 25 Jul 2022 09:50:10 GMT
etag: "62de6752-9b5b"
cache-control: max-age=31536000
timing-allow-origin: *
access-control-allow-origin: *
accept-ranges: bytes
age: 4989793
via: 1.1 PS-000-01erM87:3 (W), 1.1 PShlamstdAMS1vj92:22 (W)
x-px: ht PShlamstdAMS1vj92AMS
x-ws-request-id: 632d0ef5_PShlamstdAMS1se91_20092-17297
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (39766), with no line terminators
Size:   39771
Md5:    7a49de15f086793e3b32af71b826a665
Sha1:   6765b29d411d378a5d6c3324314a43e3519d5f8a
Sha256: 4267dda5a16fe1a7fe882aeea281b4d984de6dcc4ee44921ae797ad7cba7ad7b
                                        
                                            GET //cdn/1e3c3bF/static/css/chunk-0b4c08a4.44674f73.css HTTP/1.1 
Host: 1e3c3bfront.hwlingjing.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.918cce.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         163.171.140.79
HTTP/2 200 OK
content-type: text/css
                                        
date: Fri, 23 Sep 2022 01:42:13 GMT
content-length: 13960
expires: Thu, 27 Jul 2023 07:39:00 GMT
server: PWS/8.3.1.0.8
last-modified: Mon, 25 Jul 2022 09:50:10 GMT
etag: "62de6752-3688"
cache-control: max-age=31536000
timing-allow-origin: *
access-control-allow-origin: *
accept-ranges: bytes
age: 4989793
via: 1.1 PS-000-01erM87:3 (W), 1.1 PShlamstdAMS1se91:8 (W)
x-px: ht PShlamstdAMS1se91AMS
x-ws-request-id: 632d0ef5_PShlamstdAMS1se91_20092-17298
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (13960), with no line terminators
Size:   13960
Md5:    bf8eac4af177391310229f3114f49d30
Sha1:   1671a516fbdca95692c5ba86b2a96443fdbabefe
Sha256: 64c30b9cd78368df22c6a4126da4494adf72f7df22357e54f9c8b042b938f8bd
                                        
                                            GET //cdn/1e3c3bF/static/js/chunk-0b4c08a4.b585a632.js HTTP/1.1 
Host: 1e3c3bfront.hwlingjing.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.918cce.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         163.171.140.79
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Fri, 23 Sep 2022 01:42:13 GMT
content-length: 6982
expires: Thu, 14 Sep 2023 08:58:28 GMT
server: PWS/8.3.1.0.8
last-modified: Tue, 13 Sep 2022 08:21:25 GMT
etag: "63203d85-1b46"
cache-control: max-age=31536000
timing-allow-origin: *
access-control-allow-origin: *
accept-ranges: bytes
age: 751425
via: 1.1 PS-000-01QVC89:9 (W), 1.1 PShlamstdAMS1vj92:9 (W)
x-px: ht PShlamstdAMS1vj92AMS
x-ws-request-id: 632d0ef5_PShlamstdAMS1se91_20092-17299
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (6758), with no line terminators
Size:   6982
Md5:    fef38431189be0dcfa73e6173a509d05
Sha1:   ef344362507c57b0c74bc7e22f219433902536b8
Sha256: fe7bea5a1be122a08bc5ea872d99b9ae5adc538eecc0dde2449ac386d2659a7a
                                        
                                            GET //cdn/1e3c3bF/site/sport/ysbty590.jpg HTTP/1.1 
Host: 1e3c3bfront.hwlingjing.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.918cce.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         163.171.140.79
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Fri, 23 Sep 2022 01:42:14 GMT
content-length: 38965
expires: Thu, 14 Sep 2023 08:58:28 GMT
server: PWS/8.3.1.0.8
last-modified: Tue, 13 Sep 2022 08:21:26 GMT
etag: "63203d86-9835"
cache-control: max-age=31536000
timing-allow-origin: *
access-control-allow-origin: *
accept-ranges: bytes
age: 751426
via: 1.1 PS-000-01QVC89:9 (W), 1.1 PShlamstdAMS1vj92:10 (W)
x-px: ht PShlamstdAMS1vj92AMS
x-ws-request-id: 632d0ef6_PShlamstdAMS1se91_20092-17302
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 590x192, components 3\012- data
Size:   38965
Md5:    5d504319ace6a3b3c1a64e8b9c4042d9
Sha1:   a01e9d12e314b20affa835dca36521cbf6ca55e1
Sha256: 352ea90fbbcc949e4534397ca4a1e16b2a61f04110bfbd0584df84477b7293e3
                                        
                                            GET //cdn/1e3c3bF/static/img/sprite-icons1.66dcc1e6.png HTTP/1.1 
Host: 1e3c3bfront.hwlingjing.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1e3c3bfront.hwlingjing.com//cdn/1e3c3bF/static/css/index.99d0fbdf.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         163.171.140.79
HTTP/2 200 OK
content-type: image/png
                                        
date: Fri, 23 Sep 2022 01:42:14 GMT
content-length: 17016
expires: Thu, 27 Jul 2023 07:39:00 GMT
server: PWS/8.3.1.0.8
last-modified: Mon, 25 Jul 2022 09:50:10 GMT
etag: "62de6752-4278"
cache-control: max-age=31536000
timing-allow-origin: *
access-control-allow-origin: *
accept-ranges: bytes
age: 4989794
via: 1.1 PS-000-01erM87:3 (W), 1.1 PShlamstdAMS1vj92:6 (W)
x-px: ht PShlamstdAMS1vj92AMS
x-ws-request-id: 632d0ef6_PShlamstdAMS1se91_20092-17303
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 348 x 236, 8-bit colormap, non-interlaced\012- data
Size:   17016
Md5:    66dcc1e635b198f8c4c6900cc801e273
Sha1:   f1e1dc8a051d4fae85a121cf6d7a8b89ade77c18
Sha256: 6c247ba5c5bea0d4d54632dea6c176b6debd89f70a40740260c44800855f8e8c
                                        
                                            GET //cdn/1e3c3bF/static/img/title-bg.73043606.png HTTP/1.1 
Host: 1e3c3bfront.hwlingjing.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1e3c3bfront.hwlingjing.com//cdn/1e3c3bF/static/css/chunk-4f4a3499.98d059f9.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         163.171.140.79
HTTP/2 200 OK
content-type: image/png
                                        
date: Fri, 23 Sep 2022 01:42:14 GMT
content-length: 4813
expires: Thu, 14 Sep 2023 08:58:28 GMT
server: PWS/8.3.1.0.8
last-modified: Tue, 13 Sep 2022 08:21:25 GMT
etag: "63203d85-12cd"
cache-control: max-age=31536000
timing-allow-origin: *
access-control-allow-origin: *
accept-ranges: bytes
age: 751426
via: 1.1 PS-000-01QVC89:9 (W), 1.1 PShlamstdAMS1vj92:21 (W)
x-px: ht PShlamstdAMS1vj92AMS
x-ws-request-id: 632d0ef6_PShlamstdAMS1se91_20092-17306
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 138 x 45, 8-bit/color RGBA, non-interlaced\012- data
Size:   4813
Md5:    73043606ca6c7b690eaf3cc50a3b14dc
Sha1:   b1cab7956db5c4859793b5cc17d9cb4cea5fc72b
Sha256: e26ee1a486c4eab53c72d4d640dec2cdbad8d83c9617ac5eb6cc2b73a554e342
                                        
                                            GET //cdn/1e3c3bF/static/img/sprite-common.148cc972.png HTTP/1.1 
Host: 1e3c3bfront.hwlingjing.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1e3c3bfront.hwlingjing.com//cdn/1e3c3bF/static/css/index.99d0fbdf.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         163.171.140.79
HTTP/2 200 OK
content-type: image/png
                                        
date: Fri, 23 Sep 2022 01:42:14 GMT
content-length: 9368
expires: Thu, 27 Jul 2023 07:39:00 GMT
server: PWS/8.3.1.0.8
last-modified: Mon, 25 Jul 2022 09:50:10 GMT
etag: "62de6752-2498"
cache-control: max-age=31536000
timing-allow-origin: *
access-control-allow-origin: *
accept-ranges: bytes
age: 4989794
via: 1.1 PS-000-01erM87:3 (W), 1.1 PShlamstdAMS1cc96:2 (W)
x-px: ht PShlamstdAMS1cc96AMS
x-ws-request-id: 632d0ef6_PShlamstdAMS1se91_20092-17307
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 140 x 304, 8-bit colormap, non-interlaced\012- data
Size:   9368
Md5:    148cc972dc5fed0f071066f0bef23fe1
Sha1:   feb7348e71a75bb6b1ef5032604d928e110fd2bb
Sha256: 2a8af608fd29dad3a3c7c7ebbc969360346e027833a5fad6ddb8dc01021e4d8e
                                        
                                            GET //cdn/1e3c3bF/static/img/loading.5ea07d2c.gif HTTP/1.1 
Host: 1e3c3bfront.hwlingjing.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.918cce.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         163.171.140.79
HTTP/2 200 OK
content-type: image/gif
                                        
date: Fri, 23 Sep 2022 01:42:14 GMT
content-length: 29139
expires: Wed, 20 Sep 2023 16:04:29 GMT
server: PWS/8.3.1.0.8
last-modified: Tue, 20 Sep 2022 02:25:50 GMT
etag: "632924ae-71d3"
cache-control: max-age=31536000
timing-allow-origin: *
access-control-allow-origin: *
accept-ranges: bytes
age: 207465
via: 1.1 PS-000-01LpH100:2 (W), 1.1 PShlamstdAMS1vj92:19 (W)
x-px: ht PShlamstdAMS1vj92AMS
x-ws-request-id: 632d0ef6_PShlamstdAMS1se91_20092-17308
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 84 x 84\012- data
Size:   29139
Md5:    5ea07d2ce6905d7874cb4c9b81f0b14a
Sha1:   dc53b38ada479032dc2e6751019ec80e8f6335e4
Sha256: d1c4c7b87fc154e2fe3a3190f3d949159ed4cb9e775aba4858f4729c954a0587
                                        
                                            GET //cdn/1e3c3bF/site/home/home-logout-qj.jpg_.webp HTTP/1.1 
Host: 1e3c3bfront.hwlingjing.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.918cce.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         163.171.140.79
HTTP/2 200 OK
content-type: image/webp
                                        
date: Fri, 23 Sep 2022 01:42:14 GMT
content-length: 7750
expires: Wed, 20 Sep 2023 16:35:45 GMT
server: PWS/8.3.1.0.8
last-modified: Tue, 20 Sep 2022 02:25:50 GMT
etag: "632924ae-1e46"
cache-control: max-age=31536000
timing-allow-origin: *
access-control-allow-origin: *
accept-ranges: bytes
age: 205589
via: 1.1 PS-000-01LpH100:2 (W), 1.1 PShlamstdAMS1cc96:5 (W)
x-px: ht PShlamstdAMS1cc96AMS
x-ws-request-id: 632d0ef6_PShlamstdAMS1se91_20092-17310
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image, VP8 encoding, 412x261, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size:   7750
Md5:    9e56ff85c2b5b1e053e55960746ff9b8
Sha1:   086a75a6252978589ff687f08b7b00e767b15419
Sha256: 6a263b19fd552171c7980117b10c304510f0091eb4698a30778d7bd2cbe998a6
                                        
                                            GET //cdn/1e3c3bF/static/img/home-sprite-icon.259c7109.png HTTP/1.1 
Host: 1e3c3bfront.hwlingjing.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1e3c3bfront.hwlingjing.com//cdn/1e3c3bF/static/css/chunk-4f4a3499.98d059f9.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         163.171.140.79
HTTP/2 200 OK
content-type: image/png
                                        
date: Fri, 23 Sep 2022 01:42:14 GMT
content-length: 10075
expires: Thu, 14 Sep 2023 08:58:28 GMT
server: PWS/8.3.1.0.8
last-modified: Tue, 13 Sep 2022 08:21:25 GMT
etag: "63203d85-275b"
cache-control: max-age=31536000
timing-allow-origin: *
access-control-allow-origin: *
accept-ranges: bytes
age: 751426
via: 1.1 PS-000-01QVC89:9 (W), 1.1 PShlamstdAMS1vj92:20 (W)
x-px: ht PShlamstdAMS1vj92AMS
x-ws-request-id: 632d0ef6_PShlamstdAMS1se91_20092-17311
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 289 x 286, 8-bit colormap, non-interlaced\012- data
Size:   10075
Md5:    259c7109f9909604ced5c1c3423bfe9c
Sha1:   7358db64bde122003c1d04ca434c99d0a31bf2f8
Sha256: fe067e3caacdd849f741ec2eb4f02f886902651a47de2dbfb5f0ebe0fc419f41
                                        
                                            GET //cdn/1e3c3bF/site/sport/sbty590.png HTTP/1.1 
Host: 1e3c3bfront.hwlingjing.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.918cce.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         163.171.140.79
HTTP/2 200 OK
content-type: image/png
                                        
date: Fri, 23 Sep 2022 01:42:14 GMT
content-length: 45611
server: PWS/8.3.1.0.8
last-modified: Thu, 25 Aug 2022 04:31:32 GMT
etag: "6306fb24-b22b"
expires: Sat, 23 Sep 2023 01:42:14 GMT
cache-control: max-age=31536000
timing-allow-origin: *
access-control-allow-origin: *
accept-ranges: bytes
via: 1.1 PSxgHKG8om130:8 (W), 1.1 PShlamstdAMS1vj92:8 (W)
x-px: ms PShlamstdAMS1vj92AMS,ms PSxgHKG8om130000(origin)
x-ws-request-id: 632d0ef6_PShlamstdAMS1se91_20092-17301
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 590 x 192, 8-bit colormap, non-interlaced\012- data
Size:   45611
Md5:    4cb8dc04520aa13e49ca13d060b9800e
Sha1:   f4e080c588c3a808d03f0d07ac6ebcef5bc863dc
Sha256: 3705db6c6f73cebe9460205f77856ea60edd2c03df3ad2c3422f065cfa093250
                                        
                                            GET //cdn/1e3c3bF/cdn_test.jpg?v=1663897331260 HTTP/1.1 
Host: 1e3c3bfront.yhkma.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.918cce.com
Connection: keep-alive
Referer: https://www.918cce.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         140.249.90.182
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Fri, 23 Sep 2022 01:42:11 GMT
content-length: 26
expires: Fri, 23 Sep 2022 01:42:11 GMT
server: nginx
last-modified: Thu, 18 Jun 2020 02:26:07 GMT
etag: "5eead0bf-1a"
cache-control: max-age=31536000
timing-allow-origin: *
access-control-allow-origin: *
accept-ranges: bytes
x-cc-via: 119_HK-xianggang-xianggang-4-cache-2[M,5],14_dx-lt-yd-obgp-zhejiang-hangzhou-11-cache-2[M,41],161_dx-shandong-qingdao-6-cache-2[M,61]
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   26
Md5:    6a43099d5c8fe991a7aa7ebaca53069d
Sha1:   5bce2f0d57305c58c7b05bfce29ebb39a18f5570
Sha256: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
                                        
                                            GET //cdn/1e3c3bF/site/home/home-logout-gj.jpg_.webp HTTP/1.1 
Host: 1e3c3bfront.hwlingjing.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.918cce.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         163.171.140.79
HTTP/2 200 OK
content-type: image/webp
                                        
date: Fri, 23 Sep 2022 01:42:14 GMT
content-length: 5886
expires: Thu, 27 Jul 2023 07:39:03 GMT
server: PWS/8.3.1.0.8
last-modified: Mon, 25 Jul 2022 09:50:10 GMT
etag: "62de6752-16fe"
cache-control: max-age=31536000
timing-allow-origin: *
access-control-allow-origin: *
accept-ranges: bytes
age: 4989791
via: 1.1 PS-000-01erM87:3 (W), 1.1 PShlamstdAMS1se91:6 (W)
x-px: ht PShlamstdAMS1se91AMS
x-ws-request-id: 632d0ef6_PShlamstdAMS1se91_20092-17312
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image\012- data
Size:   5886
Md5:    7976409ee3d5a6255f8e75fd7196c2bd
Sha1:   15b44fa2794873d9cc84ed3ab12c059ae6910149
Sha256: 704f0ba97cb2de363bb38ea225235676116713e0e5d25f8d8caa01a23bc42bc3
                                        
                                            GET //cdn/1e3c3bF/site/home/home-logout-by.jpg_.webp HTTP/1.1 
Host: 1e3c3bfront.hwlingjing.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.918cce.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         163.171.140.79
HTTP/2 200 OK
content-type: image/webp
                                        
date: Fri, 23 Sep 2022 01:42:14 GMT
content-length: 6326
expires: Wed, 20 Sep 2023 16:35:45 GMT
server: PWS/8.3.1.0.8
last-modified: Tue, 20 Sep 2022 02:25:50 GMT
etag: "632924ae-18b6"
cache-control: max-age=31536000
timing-allow-origin: *
access-control-allow-origin: *
accept-ranges: bytes
age: 205589
via: 1.1 PS-000-01LpH100:2 (W), 1.1 PShlamstdAMS1se91:6 (W)
x-px: ht PShlamstdAMS1se91AMS
x-ws-request-id: 632d0ef6_PShlamstdAMS1se91_20092-17313
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image\012- data
Size:   6326
Md5:    daf9a0106b56a1cf04914a1c0375b13d
Sha1:   37e41094835e5ed730b8e6aec45a9da1214f2c49
Sha256: ff1f172fb46950c1ff768067298ee10a493299024e32f7bc9e1490bd9041feb2
                                        
                                            GET //cdn/1e3c3bF/site/home/login/h-login-dz-ttg.jpg_.webp HTTP/1.1 
Host: 1e3c3bfront.hwlingjing.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.918cce.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         163.171.140.79
HTTP/2 200 OK
content-type: image/webp
                                        
date: Fri, 23 Sep 2022 01:42:14 GMT
content-length: 14976
expires: Fri, 28 Jul 2023 05:07:36 GMT
server: PWS/8.3.1.0.8
last-modified: Mon, 25 Jul 2022 09:50:10 GMT
etag: "62de6752-3a80"
cache-control: max-age=31536000
timing-allow-origin: *
access-control-allow-origin: *
accept-ranges: bytes
age: 4912478
via: 1.1 PS-000-01cZq86:0 (W), 1.1 PShlamstdAMS1cc96:3 (W)
x-px: ht PShlamstdAMS1cc96AMS
x-ws-request-id: 632d0ef6_PShlamstdAMS1se91_20092-17314
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image, VP8 encoding, 386x147, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size:   14976
Md5:    63ced18814078cec24fd7ed53899d6f8
Sha1:   ad661b9e4146886f717f38531711a3b84a8efc0c
Sha256: e7c2ad2abf393b70612021666ad8caec7be60b50aa825ceefb756f314e4d506c
                                        
                                            GET //cdn/1e3c3bF/site/home/login/h-login-dz-pt.jpg_.webp HTTP/1.1 
Host: 1e3c3bfront.hwlingjing.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.918cce.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         163.171.140.79
HTTP/2 200 OK
content-type: image/webp
                                        
date: Fri, 23 Sep 2022 01:42:14 GMT
content-length: 13926
expires: Wed, 13 Sep 2023 15:22:24 GMT
server: PWS/8.3.1.0.8
last-modified: Tue, 13 Sep 2022 08:21:26 GMT
etag: "63203d86-3666"
cache-control: max-age=31536000
timing-allow-origin: *
access-control-allow-origin: *
accept-ranges: bytes
age: 814790
via: 1.1 PS-000-01U4I88:7 (W), 1.1 PShlamstdAMS1se91:2 (W)
x-px: ht PShlamstdAMS1se91AMS
x-ws-request-id: 632d0ef6_PShlamstdAMS1se91_20092-17315
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image, VP8 encoding, 386x148, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size:   13926
Md5:    340cc30694a2648c385af22148befacf
Sha1:   41548b74fb02e0f2efcf8eee6667d4eab8dcc5c0
Sha256: 132074201fdc95b8b90cf948fd242f636d20d5258e96c44538f96325bf4c7107
                                        
                                            GET //cdn/1e3c3bF/site/home/login/h-login-dz-fish.jpg_.webp HTTP/1.1 
Host: 1e3c3bfront.hwlingjing.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.918cce.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         163.171.140.79
HTTP/2 200 OK
content-type: image/webp
                                        
date: Fri, 23 Sep 2022 01:42:14 GMT
content-length: 9352
expires: Fri, 28 Jul 2023 05:07:36 GMT
server: PWS/8.3.1.0.8
last-modified: Mon, 25 Jul 2022 09:50:10 GMT
etag: "62de6752-2488"
cache-control: max-age=31536000
timing-allow-origin: *
access-control-allow-origin: *
accept-ranges: bytes
age: 4912478
via: 1.1 PS-000-01cZq86:0 (W), 1.1 PShlamstdAMS1se91:18 (W)
x-px: ht PShlamstdAMS1se91AMS
x-ws-request-id: 632d0ef6_PShlamstdAMS1se91_20092-17316
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image, VP8 encoding, 386x148, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size:   9352
Md5:    33d772c1348a1830e3da0a425be12373
Sha1:   2db90b1ee5077411bf7c67193d54baecb05da2b5
Sha256: abf2f1e090a4d33412bb8166fd65542a01214935dedc9e517e90a41fde8bdec1
                                        
                                            GET //cdn/1e3c3bF/static/js/chunk-429099ec.cd59d960.js HTTP/1.1 
Host: 1e3c3bfront.hwlingjing.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.918cce.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         163.171.140.79
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Fri, 23 Sep 2022 01:42:14 GMT
content-length: 7761
server: PWS/8.3.1.0.8
last-modified: Thu, 22 Sep 2022 09:36:24 GMT
etag: "632c2c98-1e51"
expires: Sat, 23 Sep 2023 01:42:14 GMT
cache-control: max-age=31536000
timing-allow-origin: *
access-control-allow-origin: *
accept-ranges: bytes
via: 1.1 PS-000-01erM87:5 (W), 1.1 PShlamstdAMS1se91:22 (W)
x-px: ms PShlamstdAMS1se91AMS,ms PS-000-01erM87000(origin)
x-ws-request-id: 632d0ef5_PShlamstdAMS1se91_20092-17285
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (7761), with no line terminators
Size:   7761
Md5:    d0734d4246df69b91e4944fb2e72365e
Sha1:   5b17bcc9444d3c48fca13e1e42305b004a3c4073
Sha256: 3808eaa3c7a768c0d786cb69928edcaecf00b6076a31394826b3a3cfa51faa3c
                                        
                                            GET //cdn/1e3c3bF/static/img/PC%E5%AF%BC%E8%88%AA%E8%A3%85%E9%A5%B0.9e232949.gif HTTP/1.1 
Host: 1e3c3bfront.hwlingjing.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.918cce.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         163.171.140.79
HTTP/2 200 OK
content-type: image/gif
                                        
date: Fri, 23 Sep 2022 01:42:14 GMT
content-length: 1293869
server: PWS/8.3.1.0.8
last-modified: Thu, 08 Sep 2022 05:32:33 GMT
etag: "63197e71-13be2d"
expires: Sat, 23 Sep 2023 01:42:14 GMT
cache-control: max-age=31536000
timing-allow-origin: *
access-control-allow-origin: *
accept-ranges: bytes
via: 1.1 PSxgHKG8om130:8 (W), 1.1 PShlamstdAMS1cc96:19 (W)
x-px: ms PShlamstdAMS1cc96AMS,ms PSxgHKG8om130000(origin)
x-ws-request-id: 632d0ef6_PShlamstdAMS1se91_20092-17304
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1920 x 75\012- data
Size:   1293869
Md5:    c3def2e35b722a51ad5c5bce7e4450e4
Sha1:   4210d3b65a03a37a97ddd3e1e7f18d052c8cdea1
Sha256: 38fb5870538b14d6588fb1d5afe2fe0b808cc18be3d57ee7ccdd2f2f3c7b93d7
                                        
                                            GET //cdn/1e3c3bF/static/css/chunk-f73bb5d4.4afddd82.css HTTP/1.1 
Host: 1e3c3bfront.hwlingjing.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.918cce.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         163.171.140.79
HTTP/2 200 OK
content-type: text/css
                                        
date: Fri, 23 Sep 2022 01:42:15 GMT
content-length: 251
expires: Wed, 20 Sep 2023 16:28:51 GMT
server: PWS/8.3.1.0.8
last-modified: Tue, 20 Sep 2022 02:25:50 GMT
etag: "632924ae-fb"
cache-control: max-age=31536000
timing-allow-origin: *
access-control-allow-origin: *
accept-ranges: bytes
age: 206004
via: 1.1 PS-000-01LpH100:2 (W), 1.1 PShlamstdAMS1cc96:9 (W)
x-px: ht PShlamstdAMS1cc96AMS
x-ws-request-id: 632d0ef7_PShlamstdAMS1se91_20092-17338
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   251
Md5:    8a866f34f2005ac6f0e304a39a39fa16
Sha1:   15f8d8c7fd4f92122e0cdeb96ea34e193524693b
Sha256: 7de2c964f8535f20d141689ab2966ca1535a316f9b85345d9ef48cf6a67c4a5c
                                        
                                            POST /_glaxy_1e3c3b_/queryVIPLine HTTP/1.1 
Host: www.918cce.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
deviceId: 1486269205
v: 1.0.0
appId: 8884e7b128d948cbb51766f0e30bb888
token: 6sNvgv4wu0IvEovfodzBMQp/kO9ipodfig19UphzUfiPBtXgIc5h6RfItikUmF1Vt2dvXc5FUxk7S8w2El82jo+ILOHemKkJRNrub7Q2hMJgqxbyw7tYBQ==
qid: 1b5f0ecc9f43c7d1ba11612d89540210
sign: 8c29e6492bb1cad487aa7ac7a8f1c2fc
domainName: www.918cce.com
Content-Type: application/json;charset=utf-8
Content-Length: 48
Origin: https://www.918cce.com
Connection: keep-alive
Referer: https://www.918cce.com/home?palcode=1007182765
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         103.118.81.7
HTTP/2 200 OK
content-type: application/json
                                        
server: openresty/1.19.9.7
date: Fri, 23 Sep 2022 01:42:14 GMT
vary: Accept-Encoding
set-cookie: route=98703b16c2533d2508f294194d49b283db3000b3; Domain=a01nepweb.bawinx.com; Path=/; HTTPOnly; Secure; HttpOnly
access-control-allow-headers: *
access-control-allow-method: *
access-control-allow-origin: *
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , Unicode text, UTF-8 text, with no line terminators
Size:   16357
Md5:    aa2bd5f25f84ca519ab0d2837ac328da
Sha1:   0962b147c0189a519115829ca87ce4ea0e416535
Sha256: 999a296375aa967e5004e794a24504ca90174c5d023278a88af034efa6e72b8c
                                        
                                            GET /cdn/A01FP/externals/img/_wms/_l/form/form-2454-0-0ac3d25a85ef07619151f2e05a766529.png HTTP/1.1 
Host: 1e3c3bfront.zcdiks.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

                                         
                                         163.171.140.79
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Fri, 23 Sep 2022 01:42:15 GMT
Content-Length: 8025
Connection: keep-alive
Expires: Wed, 20 Sep 2023 15:38:57 GMT
Server: PWS/8.3.1.0.8
Last-Modified: Thu, 30 Sep 2021 02:42:13 GMT
ETag: "61552405-1f59"
Cache-Control: max-age=31536000
Timing-Allow-Origin: *
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Age: 208998
Via: 1.1 PS-000-01LpH100:2 (W), 1.1 PShlamstdAMS1vj92:14 (W)
X-Px: ht PShlamstdAMS1vj92AMS
X-Ws-Request-Id: 632d0ef7_PShlamstdAMS1cc96_28477-56443


--- Additional Info ---
Magic:  PNG image data, 154 x 145, 8-bit colormap, non-interlaced\012- data
Size:   8025
Md5:    0ac3d25a85ef07619151f2e05a766529
Sha1:   c4e6521a8171c70f5d214be3c68b90c6a01a1d57
Sha256: 7de60a1ba2c054f17d680b656fc8afa311c680eaa6895987b19703d24a7c8562
                                        
                                            POST /_glaxy_1e3c3b_/_extra_/api/v1/serverTime HTTP/1.1 
Host: www.918cce.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
deviceId: 1486269205
v: 1.0.0
appId: 8884e7b128d948cbb51766f0e30bb888
token: 6sNvgv4wu0IvEovfodzBMQp/kO9ipodfig19UphzUfiPBtXgIc5h6RfItikUmF1Vt2dvXc5FUxk7S8w2El82jo+ILOHemKkJRNrub7Q2hMJgqxbyw7tYBQ==
qid: 4035eced84092b2df96d9a1f29610aea
sign: 4c300f3ca7aef08b4a820093ec5325a4
domainName: www.918cce.com
Content-Type: application/json;charset=utf-8
Content-Length: 48
Origin: https://www.918cce.com
Connection: keep-alive
Referer: https://www.918cce.com/home?palcode=1007182765
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         103.118.81.7
HTTP/2 200 OK
content-type: application/json
                                        
server: openresty/1.19.9.7
date: Fri, 23 Sep 2022 01:42:14 GMT
x-powered-by:
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-methods: POST, GET, OPTIONS, PUT, PATCH, DELETE
access-control-expose-headers: Authorization, authenticated
access-control-allow-credentials: true
access-control-allow-headers: *, *
access-control-allow-method: *
access-control-allow-origin: *, *
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , Unicode text, UTF-8 text, with no line terminators
Size:   1165
Md5:    4642b8c1e8eb55bdefdfe93ad729407c
Sha1:   09d0065df045891bce2fbcd0d4bbecdb2a63fb17
Sha256: 206f25ed393a228e0fc9a7b1ce609bea6b54d08aaf5e483f3ed51d919ae2db59
                                        
                                            POST /_glaxy_1e3c3b_/_extra_/api/v1/qr-code HTTP/1.1 
Host: www.918cce.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
deviceId: 1486269205
v: 1.0.0
appId: 8884e7b128d948cbb51766f0e30bb888
token: 6sNvgv4wu0IvEovfodzBMQp/kO9ipodfig19UphzUfiPBtXgIc5h6RfItikUmF1Vt2dvXc5FUxk7S8w2El82jo+ILOHemKkJRNrub7Q2hMJgqxbyw7tYBQ==
qid: cceebbf270b8dbfefe5a29daec6fd727
sign: 7269c50ca7ca1dfe4cc9add87c6dea30
domainName: www.918cce.com
Content-Type: application/json;charset=utf-8
Content-Length: 111
Origin: https://www.918cce.com
Connection: keep-alive
Referer: https://www.918cce.com/home?palcode=1007182765
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         103.118.81.7
HTTP/2 200 OK
content-type: application/json
                                        
server: openresty/1.19.9.7
date: Fri, 23 Sep 2022 01:42:14 GMT
x-powered-by:
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-methods: POST, GET, OPTIONS, PUT, PATCH, DELETE
access-control-expose-headers: Authorization, authenticated
access-control-allow-credentials: true
access-control-allow-headers: *, *
access-control-allow-method: *
access-control-allow-origin: *, *
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            POST /_glaxy_1e3c3b_/_extra_/api/v1/qr-code HTTP/1.1 
Host: www.918cce.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
deviceId: 1486269205
v: 1.0.0
appId: 8884e7b128d948cbb51766f0e30bb888
token: 6sNvgv4wu0IvEovfodzBMQp/kO9ipodfig19UphzUfiPBtXgIc5h6RfItikUmF1Vt2dvXc5FUxk7S8w2El82jo+ILOHemKkJRNrub7Q2hMJgqxbyw7tYBQ==
qid: 7cb347b828802cb0164e1a368c48640b
sign: 1de11e532869dfdbcf58e8558190d639
domainName: www.918cce.com
Content-Type: application/json;charset=utf-8
Content-Length: 111
Origin: https://www.918cce.com
Connection: keep-alive
Referer: https://www.918cce.com/home?palcode=1007182765
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         103.118.81.7
HTTP/2 200 OK
content-type: application/json
                                        
server: openresty/1.19.9.7
date: Fri, 23 Sep 2022 01:42:14 GMT
x-powered-by:
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-methods: POST, GET, OPTIONS, PUT, PATCH, DELETE
access-control-expose-headers: Authorization, authenticated
access-control-allow-credentials: true
set-cookie: NSC_JOwdw5eyc2u5h0sbcnafg3evdpzxfdB=ffffffff09f814a145525d5f4f58455e445a4a421488; Version=1; Max-Age=1200; path=/; HTTPOnly; Secure; httponly
access-control-allow-headers: *, *
access-control-allow-method: *
access-control-allow-origin: *, *
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            POST /_glaxy_1e3c3b_/_extra_/api/v1/activity/common-window/window-floating HTTP/1.1 
Host: www.918cce.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
deviceId: 1486269205
v: 1.0.0
appId: 8884e7b128d948cbb51766f0e30bb888
token: 6sNvgv4wu0IvEovfodzBMQp/kO9ipodfig19UphzUfiPBtXgIc5h6RfItikUmF1Vt2dvXc5FUxk7S8w2El82jo+ILOHemKkJRNrub7Q2hMJgqxbyw7tYBQ==
qid: 2c36aeb6f8c0b9d6f71f1aee48ae3603
sign: 5b5a0ee31cb8c6df88e5a281b318d95a
domainName: www.918cce.com
Content-Type: application/json;charset=utf-8
Content-Length: 48
Origin: https://www.918cce.com
Connection: keep-alive
Referer: https://www.918cce.com/home?palcode=1007182765
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         103.118.81.7
HTTP/2 200 OK
content-type: application/json
                                        
server: openresty/1.19.9.7
date: Fri, 23 Sep 2022 01:42:14 GMT
x-powered-by:
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-methods: POST, GET, OPTIONS, PUT, PATCH, DELETE
access-control-expose-headers: Authorization, authenticated
access-control-allow-credentials: true
set-cookie: NSC_JOwdw5eyc2u5h0sbcnafg3evdpzxfdB=ffffffff09f814a145525d5f4f58455e445a4a421488; Version=1; Max-Age=1200; path=/; HTTPOnly; Secure; httponly
access-control-allow-headers: *, *
access-control-allow-method: *
access-control-allow-origin: *, *
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            POST /_glaxy_1e3c3b_/_extra_/api/v1/getOTCStatus HTTP/1.1 
Host: www.918cce.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
deviceId: 1486269205
v: 1.0.0
appId: 8884e7b128d948cbb51766f0e30bb888
token: 6sNvgv4wu0IvEovfodzBMQp/kO9ipodfig19UphzUfiPBtXgIc5h6RfItikUmF1Vt2dvXc5FUxk7S8w2El82jo+ILOHemKkJRNrub7Q2hMJgqxbyw7tYBQ==
qid: 0aef6c37405d674a89b93ef3f7bffb44
sign: c3d7aca63a5d7c7314bbccc88289f183
domainName: www.918cce.com
Content-Type: application/json;charset=utf-8
Content-Length: 48
Origin: https://www.918cce.com
Connection: keep-alive
Referer: https://www.918cce.com/home?palcode=1007182765
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         103.118.81.7
HTTP/2 200 OK
content-type: application/json
                                        
server: openresty/1.19.9.7
date: Fri, 23 Sep 2022 01:42:14 GMT
x-powered-by:
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-methods: POST, GET, OPTIONS, PUT, PATCH, DELETE
access-control-expose-headers: Authorization, authenticated
access-control-allow-credentials: true
set-cookie: NSC_JOwdw5eyc2u5h0sbcnafg3evdpzxfdB=ffffffff09f814a145525d5f4f58455e445a4a421488; Version=1; Max-Age=1200; path=/; HTTPOnly; Secure; httponly
access-control-allow-headers: *, *
access-control-allow-method: *
access-control-allow-origin: *, *
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            POST /_glaxy_1e3c3b_/_extra_/api/v1/activity/money-rain/info HTTP/1.1 
Host: www.918cce.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
deviceId: 1486269205
v: 1.0.0
appId: 8884e7b128d948cbb51766f0e30bb888
token: 6sNvgv4wu0IvEovfodzBMQp/kO9ipodfig19UphzUfiPBtXgIc5h6RfItikUmF1Vt2dvXc5FUxk7S8w2El82jo+ILOHemKkJRNrub7Q2hMJgqxbyw7tYBQ==
qid: ffb281ad8531058a1a8990fd220698de
sign: 1adc6a352d94f67fa305a8051f5121dc
domainName: www.918cce.com
Content-Type: application/json;charset=utf-8
Content-Length: 48
Origin: https://www.918cce.com
Connection: keep-alive
Referer: https://www.918cce.com/home?palcode=1007182765
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         103.118.81.7
HTTP/2 200 OK
content-type: application/json
                                        
server: openresty/1.19.9.7
date: Fri, 23 Sep 2022 01:42:14 GMT
x-powered-by:
x-debug-activity-info-cache-key: ACTIVITY_INFO_CACHE_avrc5v3fldY
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-methods: POST, GET, OPTIONS, PUT, PATCH, DELETE
access-control-expose-headers: Authorization, authenticated
access-control-allow-credentials: true
access-control-allow-headers: *, *
access-control-allow-method: *
access-control-allow-origin: *, *
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            POST /_glaxy_1e3c3b_/_extra_/api/v1/other/announcement/sports HTTP/1.1 
Host: www.918cce.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
deviceId: 1486269205
v: 1.0.0
appId: 8884e7b128d948cbb51766f0e30bb888
token: 6sNvgv4wu0IvEovfodzBMQp/kO9ipodfig19UphzUfiPBtXgIc5h6RfItikUmF1Vt2dvXc5FUxk7S8w2El82jo+ILOHemKkJRNrub7Q2hMJgqxbyw7tYBQ==
qid: ed563c6998bd8e69019347a8d69fb9a3
sign: 82934a0b89dba7745fe40b89e26baeb0
domainName: www.918cce.com
Content-Type: application/json;charset=utf-8
Content-Length: 48
Origin: https://www.918cce.com
Connection: keep-alive
Referer: https://www.918cce.com/home?palcode=1007182765
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         103.118.81.7
HTTP/2 200 OK
content-type: application/json
                                        
server: openresty/1.19.9.7
date: Fri, 23 Sep 2022 01:42:14 GMT
x-powered-by:
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-methods: POST, GET, OPTIONS, PUT, PATCH, DELETE
access-control-expose-headers: Authorization, authenticated
access-control-allow-credentials: true
set-cookie: NSC_JOwdw5eyc2u5h0sbcnafg3evdpzxfdB=ffffffff09f8141d45525d5f4f58455e445a4a421488; Version=1; Max-Age=1200; path=/; HTTPOnly; Secure; httponly
access-control-allow-headers: *, *
access-control-allow-method: *
access-control-allow-origin: *, *
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            POST /_glaxy_1e3c3b_/_extra_/api/v1/qr-code HTTP/1.1 
Host: www.918cce.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
deviceId: 1486269205
v: 1.0.0
appId: 8884e7b128d948cbb51766f0e30bb888
token: 6sNvgv4wu0IvEovfodzBMQp/kO9ipodfig19UphzUfiPBtXgIc5h6RfItikUmF1Vt2dvXc5FUxk7S8w2El82jo+ILOHemKkJRNrub7Q2hMJgqxbyw7tYBQ==
qid: 6e88939000378aa39f271769188d92e9
sign: 73b1656c3fd2e5620bf5a766352857a6
domainName: www.918cce.com
Content-Type: application/json;charset=utf-8
Content-Length: 109
Origin: https://www.918cce.com
Connection: keep-alive
Referer: https://www.918cce.com/home?palcode=1007182765
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         103.118.81.7
HTTP/2 200 OK
content-type: application/json
                                        
server: openresty/1.19.9.7
date: Fri, 23 Sep 2022 01:42:14 GMT
x-powered-by:
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-methods: POST, GET, OPTIONS, PUT, PATCH, DELETE
access-control-expose-headers: Authorization, authenticated
access-control-allow-credentials: true
set-cookie: NSC_JOwdw5eyc2u5h0sbcnafg3evdpzxfdB=ffffffff09f814a145525d5f4f58455e445a4a421488; Version=1; Max-Age=1200; path=/; HTTPOnly; Secure; httponly
access-control-allow-headers: *, *
access-control-allow-method: *
access-control-allow-origin: *, *
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            POST /_glaxy_1e3c3b_/_extra_/api/v1/activity/common-window/window-popup HTTP/1.1 
Host: www.918cce.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
deviceId: 1486269205
v: 1.0.0
appId: 8884e7b128d948cbb51766f0e30bb888
token: 6sNvgv4wu0IvEovfodzBMQp/kO9ipodfig19UphzUfiPBtXgIc5h6RfItikUmF1Vt2dvXc5FUxk7S8w2El82jo+ILOHemKkJRNrub7Q2hMJgqxbyw7tYBQ==
qid: 87387c5e4815ff6c0d9b85b328973b50
sign: 55fb95f4c5365673b32f42cae7d2e2c7
domainName: www.918cce.com
Content-Type: application/json;charset=utf-8
Content-Length: 48
Origin: https://www.918cce.com
Connection: keep-alive
Referer: https://www.918cce.com/home?palcode=1007182765
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         103.118.81.7
HTTP/2 200 OK
content-type: application/json
                                        
server: openresty/1.19.9.7
date: Fri, 23 Sep 2022 01:42:14 GMT
x-powered-by:
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-methods: POST, GET, OPTIONS, PUT, PATCH, DELETE
access-control-expose-headers: Authorization, authenticated
access-control-allow-credentials: true
set-cookie: NSC_JOwdw5eyc2u5h0sbcnafg3evdpzxfdB=ffffffff09f8141d45525d5f4f58455e445a4a421488; Version=1; Max-Age=1200; path=/; HTTPOnly; Secure; httponly
access-control-allow-headers: *, *
access-control-allow-method: *
access-control-allow-origin: *, *
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            POST /_glaxy_1e3c3b_/_extra_/api/v1/qr-code HTTP/1.1 
Host: www.918cce.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
deviceId: 1486269205
v: 1.0.0
appId: 8884e7b128d948cbb51766f0e30bb888
token: 6sNvgv4wu0IvEovfodzBMQp/kO9ipodfig19UphzUfiPBtXgIc5h6RfItikUmF1Vt2dvXc5FUxk7S8w2El82jo+ILOHemKkJRNrub7Q2hMJgqxbyw7tYBQ==
qid: 1e9430a86dbb9d7c50126b3666666c9e
sign: c524754d03336d3fd9473cbaf00a9d80
domainName: www.918cce.com
Content-Type: application/json;charset=utf-8
Content-Length: 108
Origin: https://www.918cce.com
Connection: keep-alive
Referer: https://www.918cce.com/home?palcode=1007182765
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         103.118.81.7
HTTP/2 200 OK
content-type: application/json
                                        
server: openresty/1.19.9.7
date: Fri, 23 Sep 2022 01:42:14 GMT
x-powered-by:
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-methods: POST, GET, OPTIONS, PUT, PATCH, DELETE
access-control-expose-headers: Authorization, authenticated
access-control-allow-credentials: true
access-control-allow-headers: *, *
access-control-allow-method: *
access-control-allow-origin: *, *
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            POST /_glaxy_1e3c3b_/_extra_/api/v1/other/tiger/total-lottery-pool HTTP/1.1 
Host: www.918cce.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
deviceId: 1486269205
v: 1.0.0
appId: 8884e7b128d948cbb51766f0e30bb888
token: 6sNvgv4wu0IvEovfodzBMQp/kO9ipodfig19UphzUfiPBtXgIc5h6RfItikUmF1Vt2dvXc5FUxk7S8w2El82jo+ILOHemKkJRNrub7Q2hMJgqxbyw7tYBQ==
qid: 3f1d64049bb00096a024f975f09dc29f
sign: 11ddab5620a1f4f09a981326f1ef5e32
domainName: www.918cce.com
Content-Type: application/json;charset=utf-8
Content-Length: 60
Origin: https://www.918cce.com
Connection: keep-alive
Referer: https://www.918cce.com/home?palcode=1007182765
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         103.118.81.7
HTTP/2 200 OK
content-type: application/json
                                        
server: openresty/1.19.9.7
date: Fri, 23 Sep 2022 01:42:15 GMT
x-powered-by:
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-methods: POST, GET, OPTIONS, PUT, PATCH, DELETE
access-control-expose-headers: Authorization, authenticated
access-control-allow-credentials: true
access-control-allow-headers: *, *
access-control-allow-method: *
access-control-allow-origin: *, *
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            POST /_glaxy_1e3c3b_/_extra_/api/v1/wms/version HTTP/1.1 
Host: www.918cce.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
deviceId: 1486269205
v: 1.0.0
appId: 8884e7b128d948cbb51766f0e30bb888
token: 6sNvgv4wu0IvEovfodzBMQp/kO9ipodfig19UphzUfiPBtXgIc5h6RfItikUmF1Vt2dvXc5FUxk7S8w2El82jo+ILOHemKkJRNrub7Q2hMJgqxbyw7tYBQ==
qid: 194f22e0964cce43b4efda0791989b6d
sign: db86bae4ba04575e09725345a46042dc
domainName: www.918cce.com
Content-Type: application/json;charset=utf-8
Content-Length: 87
Origin: https://www.918cce.com
Connection: keep-alive
Referer: https://www.918cce.com/home?palcode=1007182765
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         103.118.81.7
HTTP/2 200 OK
content-type: application/json
                                        
server: openresty/1.19.9.7
date: Fri, 23 Sep 2022 01:42:14 GMT
x-powered-by:
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-methods: POST, GET, OPTIONS, PUT, PATCH, DELETE
access-control-expose-headers: Authorization, authenticated
access-control-allow-credentials: true
set-cookie: NSC_JOwdw5eyc2u5h0sbcnafg3evdpzxfdB=ffffffff09f814a145525d5f4f58455e445a4a421488; Version=1; Max-Age=1200; path=/; HTTPOnly; Secure; httponly
access-control-allow-headers: *, *
access-control-allow-method: *
access-control-allow-origin: *, *
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            POST /_glaxy_1e3c3b_/_extra_/api/v1/qr-code HTTP/1.1 
Host: www.918cce.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
deviceId: 1486269205
v: 1.0.0
appId: 8884e7b128d948cbb51766f0e30bb888
token: 6sNvgv4wu0IvEovfodzBMQp/kO9ipodfig19UphzUfiPBtXgIc5h6RfItikUmF1Vt2dvXc5FUxk7S8w2El82jo+ILOHemKkJRNrub7Q2hMJgqxbyw7tYBQ==
qid: a8e584f9c80a8767c37d299654a33dd7
sign: 0526a67f9c3c64bb1bef5fc712983b03
domainName: www.918cce.com
Content-Type: application/json;charset=utf-8
Content-Length: 109
Origin: https://www.918cce.com
Connection: keep-alive
Referer: https://www.918cce.com/home?palcode=1007182765
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         103.118.81.7
HTTP/2 200 OK
content-type: application/json
                                        
server: openresty/1.19.9.7
date: Fri, 23 Sep 2022 01:42:14 GMT
x-powered-by:
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-methods: POST, GET, OPTIONS, PUT, PATCH, DELETE
access-control-expose-headers: Authorization, authenticated
access-control-allow-credentials: true
access-control-allow-headers: *, *
access-control-allow-method: *
access-control-allow-origin: *, *
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            POST /_glaxy_1e3c3b_/pointExchange/checkPointExchange HTTP/1.1 
Host: www.918cce.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
deviceId: 1486269205
v: 1.0.0
appId: 8884e7b128d948cbb51766f0e30bb888
token: 6sNvgv4wu0IvEovfodzBMQp/kO9ipodfig19UphzUfiPBtXgIc5h6RfItikUmF1Vt2dvXc5FUxk7S8w2El82jo+ILOHemKkJRNrub7Q2hMJgqxbyw7tYBQ==
qid: 8b9ca4cc13a736b118672786ae01ffa7
sign: 9d76c3570e3d8cd685b43b087711d8d9
domainName: www.918cce.com
Content-Type: application/json;charset=utf-8
Content-Length: 79
Origin: https://www.918cce.com
Connection: keep-alive
Referer: https://www.918cce.com/home?palcode=1007182765
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         103.118.81.7
HTTP/2 200 OK
content-type: application/json
                                        
server: openresty/1.19.9.7
date: Fri, 23 Sep 2022 01:42:14 GMT
vary: Accept-Encoding
set-cookie: route=03e86f17cb62a8b85eb6674479fc88edd19086e0; Domain=a01nepweb.bawinx.com; Path=/; HTTPOnly; Secure; HttpOnly
access-control-allow-headers: *
access-control-allow-method: *
access-control-allow-origin: *
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            POST /_glaxy_1e3c3b_/_extra_/api/v1/qr-code HTTP/1.1 
Host: www.918cce.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
deviceId: 1486269205
v: 1.0.0
appId: 8884e7b128d948cbb51766f0e30bb888
token: 6sNvgv4wu0IvEovfodzBMQp/kO9ipodfig19UphzUfiPBtXgIc5h6RfItikUmF1Vt2dvXc5FUxk7S8w2El82jo+ILOHemKkJRNrub7Q2hMJgqxbyw7tYBQ==
qid: acd1be32c2400654becf4a475c46453e
sign: 2a4a5cd6321f8dbea5f2a9fd49ea8bbf
domainName: www.918cce.com
Content-Type: application/json;charset=utf-8
Content-Length: 109
Origin: https://www.918cce.com
Connection: keep-alive
Referer: https://www.918cce.com/home?palcode=1007182765
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         103.118.81.7
HTTP/2 200 OK
content-type: application/json
                                        
server: openresty/1.19.9.7
date: Fri, 23 Sep 2022 01:42:14 GMT
x-powered-by:
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-methods: POST, GET, OPTIONS, PUT, PATCH, DELETE
access-control-expose-headers: Authorization, authenticated
access-control-allow-credentials: true
access-control-allow-headers: *, *
access-control-allow-method: *
access-control-allow-origin: *, *
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /?palcode=1007182765 HTTP/1.1 
Host: www.918cce.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.aatgroup-th.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         103.118.81.7
HTTP/2 200 OK
content-type: text/html; charset=utf-8
                                        
server: openresty/1.19.9.7
date: Fri, 23 Sep 2022 01:42:11 GMT
last-modified: Wed, 21 Sep 2022 10:24:08 GMT
vary: Accept-Encoding, Accept-Encoding
etag: W/"632ae648-3103"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
timing-allow-origin: *
access-control-allow-origin: *
magic_string: 178aa526b36126fd25b8d3446d0c1d25
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            POST /_glaxy_1e3c3b_/_extra_/api/v1/qr-code HTTP/1.1 
Host: www.918cce.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
deviceId: 1486269205
v: 1.0.0
appId: 8884e7b128d948cbb51766f0e30bb888
token: 6sNvgv4wu0IvEovfodzBMQp/kO9ipodfig19UphzUfiPBtXgIc5h6RfItikUmF1Vt2dvXc5FUxk7S8w2El82jo+ILOHemKkJRNrub7Q2hMJgqxbyw7tYBQ==
qid: a599263926af97bbceba2e8a9345f3ca
sign: df658b477ee922da690428cc10b5c04a
domainName: www.918cce.com
Content-Type: application/json;charset=utf-8
Content-Length: 109
Origin: https://www.918cce.com
Connection: keep-alive
Referer: https://www.918cce.com/home?palcode=1007182765
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         103.118.81.7
HTTP/2 200 OK
content-type: application/json
                                        
server: openresty/1.19.9.7
date: Fri, 23 Sep 2022 01:42:14 GMT
x-powered-by:
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-methods: POST, GET, OPTIONS, PUT, PATCH, DELETE
access-control-expose-headers: Authorization, authenticated
access-control-allow-credentials: true
access-control-allow-headers: *, *
access-control-allow-method: *
access-control-allow-origin: *, *
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            POST /_glaxy_1e3c3b_/message/queryAnnounces HTTP/1.1 
Host: www.918cce.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
deviceId: 1486269205
v: 1.0.0
appId: 8884e7b128d948cbb51766f0e30bb888
token: 6sNvgv4wu0IvEovfodzBMQp/kO9ipodfig19UphzUfiPBtXgIc5h6RfItikUmF1Vt2dvXc5FUxk7S8w2El82jo+ILOHemKkJRNrub7Q2hMJgqxbyw7tYBQ==
qid: 562a2607eec88fcb2f704fe6d9821a03
sign: cdc65cd30cd4a66d9a5b90b08515f867
domainName: www.918cce.com
Content-Type: application/json;charset=utf-8
Content-Length: 48
Origin: https://www.918cce.com
Connection: keep-alive
Referer: https://www.918cce.com/home?palcode=1007182765
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         103.118.81.7
HTTP/2 200 OK
content-type: application/json
                                        
server: openresty/1.19.9.7
date: Fri, 23 Sep 2022 01:42:14 GMT
vary: Accept-Encoding
set-cookie: route=b3615e93c4ae972aaa77dbb1e3585786866af550; Domain=a01nepweb.bawinx.com; Path=/; HTTPOnly; Secure; HttpOnly
access-control-allow-headers: *
access-control-allow-method: *
access-control-allow-origin: *
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            POST /_glaxy_1e3c3b_/liveChatAddressOCSS HTTP/1.1 
Host: www.918cce.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
deviceId: 1486269205
v: 1.0.0
appId: 8884e7b128d948cbb51766f0e30bb888
token: 6sNvgv4wu0IvEovfodzBMQp/kO9ipodfig19UphzUfiPBtXgIc5h6RfItikUmF1Vt2dvXc5FUxk7S8w2El82jo+ILOHemKkJRNrub7Q2hMJgqxbyw7tYBQ==
qid: 15f84e18f943a7af6c79a293dc650237
sign: 77b7ede1369ca5d34bbccefd5f24f084
domainName: www.918cce.com
Content-Type: application/json;charset=utf-8
Content-Length: 48
Origin: https://www.918cce.com
Connection: keep-alive
Referer: https://www.918cce.com/home?palcode=1007182765
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         103.118.81.7
HTTP/2 200 OK
content-type: application/json
                                        
server: openresty/1.19.9.7
date: Fri, 23 Sep 2022 01:42:14 GMT
vary: Accept-Encoding
set-cookie: route=e9d92007ff91a32a0f2e7f7affa4878d158f35b8; Domain=a01nepweb.bawinx.com; Path=/; HTTPOnly; Secure; HttpOnly
access-control-allow-headers: *
access-control-allow-method: *
access-control-allow-origin: *
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---