r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 16803ffa29e10ee999c43eb4e4acfe92
a5ede865a388fa440f20994b43c417d403e9a493
08de8f6abb622e84d2cb6e88dee8fc7c408147ac43da9c24d4cde510ed36b53a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "08DE8F6ABB622E84D2CB6E88DEE8FC7C408147AC43DA9C24D4CDE510ED36B53A"
Last-Modified: Mon, 02 Jan 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13128
Expires: Wed, 04 Jan 2023 03:36:26 GMT
Date: Tue, 03 Jan 2023 23:57:38 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 97a9e292b1e09ac6fb7c784fe38d0065
6c2093595d87dd4429345da43d264b7321d50f38
f4de30ea042e3ed7f7d2f738e00120d13f301649744abeebb7dd0aef6c19188d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F4DE30EA042E3ED7F7D2F738E00120D13F301649744ABEEBB7DD0AEF6C19188D"
Last-Modified: Sun, 01 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9938
Expires: Wed, 04 Jan 2023 02:43:16 GMT
Date: Tue, 03 Jan 2023 23:57:38 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Type, Content-Length, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 03 Jan 2023 23:47:39 GMT
content-type: application/json
age: 599
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 225d42543c0190cdb3686bf236533f4f
13a0940800fce078487372b6b3ca614dd1ab6c31
766bbe15eb1642ac39e9b71669fbb44252471c8de5adb555cd1a76db44fbe7bc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "766BBE15EB1642AC39E9B71669FBB44252471C8DE5ADB555CD1A76DB44FBE7BC"
Last-Modified: Mon, 02 Jan 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6874
Expires: Wed, 04 Jan 2023 01:52:12 GMT
Date: Tue, 03 Jan 2023 23:57:38 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash b1fcd419a4245617397846e8d17233f6
2a037ce244587640b27ead9a0ec2af4f862d91b2
e059b6d834c06e58494c43fb2ff42acbc27c1a1d8f7f30e2f32ca0e167599e2f
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: J1silK6t163pbuCEm9riYHIF4WC2M2QIZR9IQP6MPgpTS1M6p20sc2yiks1Y0qisTuRAjzsdhPo=
x-amz-request-id: 8YCSXFMT2D411177
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 03 Jan 2023 23:01:05 GMT
age: 3393
last-modified: Tue, 20 Dec 2022 14:47:58 GMT
etag: "b1fcd419a4245617397846e8d17233f6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
cqhdy.com/oa/inc/oa.exe
50.2.85.58200 OK 3.8 kB IP 50.2.85.58:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF, LF line terminators
Hash 103af08ca102460047503aa50e0a39bc
37ec50fd2629e65a945bc0474af84ebd07a52096
a9df15322f3dab327576008ad69479f988a62e6662283fd4adf00741aafbeff7
Analyzer Verdict Alert fortinet Phishing
NIDS Severity Alert suricata medium ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
GET /oa/inc/oa.exe HTTP/1.1
Host: cqhdy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 03 Jan 2023 23:57:38 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 03 Jan 2023 23:57:38 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
cqhdy.com/jquery.bc.min.js
50.2.85.58301 Moved Permanently 178 B URL HTTP/1.1 cqhdy.com/jquery.bc.min.js
IP 50.2.85.58:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
Analyzer Verdict Alert fortinet Phishing
GET /jquery.bc.min.js HTTP/1.1
Host: cqhdy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cqhdy.com/oa/inc/oa.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Tue, 03 Jan 2023 23:57:39 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://www.cqhdy.com/jquery.bc.min.js
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, ETag, Pragma, Last-Modified, Expires, Alert, Content-Type, Retry-After, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 03 Jan 2023 23:08:11 GMT
age: 2968
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 49d6e3cef8f01f0261ff5644001d652b
03eca12234d73b1f3e8489939e4f6551914d29b2
bb680ef4d4989e9e1147da3a7d5ccc518f63108b4ed1f2367a2793db0f740f21
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5026
Cache-Control: max-age=124376
Content-Type: application/ocsp-response
Date: Tue, 03 Jan 2023 23:57:39 GMT
Etag: "63b3f029-1d7"
Expires: Thu, 05 Jan 2023 10:30:35 GMT
Last-Modified: Tue, 03 Jan 2023 09:06:49 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f750112707c21f0ae664c318b8387855
a9976eb970683168ec491042eebd7aee32264b8b
1da090bb016e33d3f5027c9c951b80f29b0d0c92661ce467a01856cfb9d114ea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1DA090BB016E33D3F5027C9C951B80F29B0D0C92661CE467A01856CFB9D114EA"
Last-Modified: Tue, 03 Jan 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Wed, 04 Jan 2023 05:57:39 GMT
Date: Tue, 03 Jan 2023 23:57:39 GMT
Connection: keep-alive
push.services.mozilla.com/
52.43.58.150101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.43.58.150:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: FY3C4ULxrzDN8qtKzy/uOQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: uNPBDKupyi3mPJ9/VcylOdxNbCo=
ocsp.globalsign.com/gsrsaovsslca2018
151.101.130.133200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 151.101.130.133:0
Hash a42f91bf8384822d645b257bdaf38200
c13308c75ab145cbb3ed650fb9202126f3c93a1b
5a973bf11c0fd0ce2380cfb379e6f3beb6f16ec018b558b5b2bb4db32135096a
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 1432
Server: nginx
Content-Type: application/ocsp-response
Expires: Sat, 07 Jan 2023 20:30:21 GMT
ETag: "c13308c75ab145cbb3ed650fb9202126f3c93a1b"
Last-Modified: Tue, 03 Jan 2023 20:30:22 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Tue, 03 Jan 2023 23:57:40 GMT
Age: 3886
X-Served-By: cache-qpg1278-QPG, cache-bma1675-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 6, 1
X-Timer: S1672790260.193923,VS0,VE11
www.cqhdy.com/jquery.bc.min.js
50.2.85.58200 OK 1.3 kB URL HTTP/1.1 www.cqhdy.com/jquery.bc.min.js
IP 50.2.85.58:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (1784), with CRLF line terminators
Hash 1612eb1712d51d6e8440a152b315d232
10846d191627164438707e32a7c73f62d5bde5e6
7fbdb6256e0fef4d4e961e2308472a11764dcf9cea38fb6d3b419350733d53c2
Analyzer Verdict Alert fortinet Phishing
GET /jquery.bc.min.js HTTP/1.1
Host: www.cqhdy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://cqhdy.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 03 Jan 2023 23:57:39 GMT
Content-Type: application/javascript
Last-Modified: Wed, 15 Jun 2022 02:25:35 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62a9431f-ad4"
Expires: Wed, 04 Jan 2023 00:57:39 GMT
Cache-Control: max-age=3600
Content-Encoding: gzip
p1.qhimg.com/d/_onebox/search.png
54.230.111.102200 OK 2.9 kB URL HTTP/1.1 p1.qhimg.com/d/_onebox/search.png
IP 54.230.111.102:0
File type PNG image data, 260 x 43, 8-bit colormap, non-interlaced\012- data
Hash 996729035d9ea7dbd1dcf49bf99e78d9
aba797d529929ca0c864eaf7d3261aee61f3ad78
f7b46e16e323b71d7e8308e8aa62ab36453dd3b57935424f4b4166947f0e5863
GET /d/_onebox/search.png HTTP/1.1
Host: p1.qhimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cqhdy.com/
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 2941
Connection: keep-alive
Date: Mon, 21 Nov 2022 18:05:46 GMT
Last-Modified: Tue, 05 Jan 2021 11:28:00 GMT
xzp: zhkbrquvsxaf
Expires: Sun, 19 Feb 2023 18:05:46 GMT
Cache-Control: max-age=7776000
Access-Control-Allow-Origin: *
XCS: HIT
KCS-Via: MISS from w-fc03.lato;MISS from w-sc02.bjyt
Accept-Ranges: bytes
X-Cache: Hit from cloudfront
Via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: hHJC7HDV2WNK8nsFlVF1vmYsU0TlqDaCaxsUntaosq9dOhbfg3DiCQ==
Age: 3736314
ocsp.globalsign.com/gsrsaovsslca2018
151.101.130.133200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 151.101.130.133:0
Hash 016db6a8bedd1c7de9f7e42b1500d4cb
d01112da673a612caae196289758dc32a087c981
30bb52f8d90205b1517c911b608dba72121a7542eef31ade308d9768f042b344
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 1432
Server: nginx
Content-Type: application/ocsp-response
Expires: Sat, 07 Jan 2023 22:59:13 GMT
ETag: "d01112da673a612caae196289758dc32a087c981"
Last-Modified: Tue, 03 Jan 2023 22:59:14 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Tue, 03 Jan 2023 23:57:40 GMT
Age: 1121
X-Served-By: cache-qpg1274-QPG, cache-bma1675-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 21, 1
X-Timer: S1672790261.518332,VS0,VE1
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8bb0dd0726fab02b58e6bbff6008f77e
6c7785fbf1f41bca757b65f63b50a88ef8f8e055
37392ead65dc76c0e05db4189c414efb0d17b05df2e11dbd7c2aa9d9219f4864
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "37392EAD65DC76C0E05DB4189C414EFB0D17B05DF2E11DBD7C2AA9D9219F4864"
Last-Modified: Sun, 01 Jan 2023 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12512
Expires: Wed, 04 Jan 2023 03:26:12 GMT
Date: Tue, 03 Jan 2023 23:57:40 GMT
Connection: keep-alive
www.sogou.com/web/index/images/logo_440x140.v.4.png
119.28.109.132200 OK 3.0 kB URL HTTP/1.1 www.sogou.com/web/index/images/logo_440x140.v.4.png
IP 119.28.109.132:0
ASN #132203 Tencent Building, Kejizhongyi Avenue
File type PNG image data, 440 x 140, 8-bit colormap, non-interlaced\012- data
Hash 31de1d2fa7d918fab2f59984391db1c8
4f4b78796b3fbf19971f182175bcd92b01ee470f
29f87d6615f36a54e3edc8c7f05eb9b480d1f2989dec8da68e82747d060aea85
GET /web/index/images/logo_440x140.v.4.png HTTP/1.1
Host: www.sogou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cqhdy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 03 Jan 2023 23:57:40 GMT
Content-Type: image/png
Content-Length: 2950
Connection: keep-alive
Last-Modified: Mon, 10 Feb 2020 03:11:55 GMT
Set-Cookie: ABTEST=7|1672790260|v17; expires=Thu, 02-Feb-23 23:57:40 GMT; path=/
IPLOC=NO; expires=Wed, 03-Jan-24 23:57:40 GMT; domain=.sogou.com; path=/
SUID=9A2A5A5B1431A40A0000000063B4C0F4; expires=Mon, 29-Dec-2042 23:57:40 GMT; domain=.sogou.com; path=/
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
ETag: "5e40c9fb-b86"
Expires: Sun, 02 Jul 2023 23:57:40 GMT
Cache-Control: max-age=15552000
UUID: 162359da-f714-44f2-918c-3ca5b9b34e2a
Accept-Ranges: bytes
www.yueguo99.com/fn888/seo.js
104.165.90.186200 OK 1.7 kB URL HTTP/1.1 www.yueguo99.com/fn888/seo.js
IP 104.165.90.186:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (2869), with no line terminators
Hash 30fbca62f188fd35eccd04a8c5d1c970
2837eccbc51d374e0cf72f9ab314fee4c7b5781e
08ff9748e1add72bb96b2ae4b2a8da9181c6f392bc74d5abcb12b841f41c8dcc
GET /fn888/seo.js HTTP/1.1
Host: www.yueguo99.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cqhdy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 03 Jan 2023 23:57:40 GMT
Content-Type: application/javascript
Last-Modified: Thu, 12 May 2022 11:24:29 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"627cee6d-b38"
Content-Encoding: gzip
www.baidu.com/img/baidu_jgylogo3.gif
104.193.88.123200 OK 705 B URL HTTP/1.1 www.baidu.com/img/baidu_jgylogo3.gif
IP 104.193.88.123:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 117 x 38\012- data
Hash 803bb46a6acef395ed9353de2dcf26f5
684764e45ebb267a15c337a6eb671047c7873ead
dc506b4253e2bb145e5b370f6088842382a8c2bd0632d9b265744f706727f7f5
GET /img/baidu_jgylogo3.gif HTTP/1.1
Host: www.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cqhdy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=315360000
Content-Length: 705
Content-Type: image/gif
Date: Tue, 03 Jan 2023 23:57:40 GMT
Etag: "2c1-4a6473f6030c0"
Expires: Fri, 31 Dec 2032 23:57:40 GMT
Last-Modified: Wed, 22 Jun 2011 06:40:43 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Server: Apache
Set-Cookie: BAIDUID=4C7E49712BB591172968E8C5B7DD8A41:FG=1; expires=Wed, 03-Jan-24 23:57:40 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c4719f10b16aa492c5dbdb8a1bfc20af
21831c11bfc9679c9f0ebc1f6a39284a5d16be56
c8682ee9e025254ee9cd1d9c663a40707cb170c141a328a7de07ded8de06f787
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8682EE9E025254EE9CD1D9C663A40707CB170C141A328A7DE07DED8DE06F787"
Last-Modified: Sun, 01 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13091
Expires: Wed, 04 Jan 2023 03:35:52 GMT
Date: Tue, 03 Jan 2023 23:57:41 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c4719f10b16aa492c5dbdb8a1bfc20af
21831c11bfc9679c9f0ebc1f6a39284a5d16be56
c8682ee9e025254ee9cd1d9c663a40707cb170c141a328a7de07ded8de06f787
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8682EE9E025254EE9CD1D9C663A40707CB170C141A328A7DE07DED8DE06F787"
Last-Modified: Sun, 01 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13091
Expires: Wed, 04 Jan 2023 03:35:52 GMT
Date: Tue, 03 Jan 2023 23:57:41 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c4719f10b16aa492c5dbdb8a1bfc20af
21831c11bfc9679c9f0ebc1f6a39284a5d16be56
c8682ee9e025254ee9cd1d9c663a40707cb170c141a328a7de07ded8de06f787
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8682EE9E025254EE9CD1D9C663A40707CB170C141A328A7DE07DED8DE06F787"
Last-Modified: Sun, 01 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13091
Expires: Wed, 04 Jan 2023 03:35:52 GMT
Date: Tue, 03 Jan 2023 23:57:41 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c4719f10b16aa492c5dbdb8a1bfc20af
21831c11bfc9679c9f0ebc1f6a39284a5d16be56
c8682ee9e025254ee9cd1d9c663a40707cb170c141a328a7de07ded8de06f787
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8682EE9E025254EE9CD1D9C663A40707CB170C141A328A7DE07DED8DE06F787"
Last-Modified: Sun, 01 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13091
Expires: Wed, 04 Jan 2023 03:35:52 GMT
Date: Tue, 03 Jan 2023 23:57:41 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feddefc5f-f18f-4fa5-8a85-2901ccb91df8.jpeg
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feddefc5f-f18f-4fa5-8a85-2901ccb91df8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7c7c14fa7fe29c36e5bd58a3860ee09f
0347e99565ad7ed28c6eefa4169efa4730430766
de81626ffc61c8058735aa5041d24058af5f0c173fffecb632ad96848fa13f84
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feddefc5f-f18f-4fa5-8a85-2901ccb91df8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8894
x-amzn-requestid: 30a8d308-21e3-4801-8b7f-929335ccd0a7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eL3HtHYSoAMFgYA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b49efd-1712690766a0c610426f735b;Sampled=0
x-amzn-remapped-date: Tue, 03 Jan 2023 21:32:46 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ANTOonfpJ9f4e-AqjZmvbX3D1s25yedAhdOgApBmDPUWPEYAJpvCvA==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 03 Jan 2023 21:50:13 GMT
age: 7648
etag: "0347e99565ad7ed28c6eefa4169efa4730430766"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe1e7ae45-d7bc-45ee-b5cf-e5f349c76c4e.jpeg
34.120.237.76200 OK 7.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe1e7ae45-d7bc-45ee-b5cf-e5f349c76c4e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1debd0fa88aad972c29c52a1e9957ccd
23d96a350188af576789a17d4c3d8dd49ae013ff
066e3a682b655aa0a181887d74d51b6a46cb9a77a6ca33c7062cb30d4efef3b8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe1e7ae45-d7bc-45ee-b5cf-e5f349c76c4e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7655
x-amzn-requestid: d972df9b-3a43-4352-9a7a-057e6bb7a17b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eL3I4H3_oAMFjBA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b49f05-464fc6182f45c555787f10e7;Sampled=0
x-amzn-remapped-date: Tue, 03 Jan 2023 21:32:53 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: EWN1t8MkyIQzM29O214hR652QfjSuYQZk16PrQoMQBHSD4sykn4IEw==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Tue, 03 Jan 2023 21:56:12 GMT
age: 7289
etag: "23d96a350188af576789a17d4c3d8dd49ae013ff"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe9ecc719-60f0-4a52-b964-f7ba1917dff9.jpeg
34.120.237.76200 OK 7.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe9ecc719-60f0-4a52-b964-f7ba1917dff9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 48315ea620c3dc9697a816f0f9354052
62d5ba126490fb38ed2a8f6ea0fe43b0b4302fc4
6b37b106c6b1cc612a3704a99223bab98123da3031f8967f92a06f243b05da3a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe9ecc719-60f0-4a52-b964-f7ba1917dff9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7165
x-amzn-requestid: b1b9736b-f624-44e0-81ae-89b67b1888b7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eDR3EFT4IAMFwzg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b1302d-0143e93a6ae1b1636a9d0450;Sampled=0
x-amzn-remapped-date: Sun, 01 Jan 2023 07:03:09 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 92zBbGBQ_ITUCOhk3KT3skYxXN3Y07KbY4TuxE8J_eYlFDr4GlkayA==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Tue, 03 Jan 2023 09:29:44 GMT
age: 52077
etag: "62d5ba126490fb38ed2a8f6ea0fe43b0b4302fc4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2fb1a6c7-1739-4b4c-ae46-a2d718fb6c34.jpeg
34.120.237.76200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2fb1a6c7-1739-4b4c-ae46-a2d718fb6c34.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e628ac1e25757ac0177f4a392d6b7ddb
d457e65190f24dce30af852e07b2d55f1fe5d808
b51790825ceb10ba7d5ec69081c098b7c82e72e4128dc1c23fa4f45495fbfa65
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2fb1a6c7-1739-4b4c-ae46-a2d718fb6c34.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5684
x-amzn-requestid: a8295357-6fcf-436d-8884-cbc529f3cba4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dxSEVGMcIAMFdXQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a9fd4e-3067d9957e1e512174ab34bc;Sampled=0
x-amzn-remapped-date: Mon, 26 Dec 2022 20:00:14 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Q_lmKQecidAIpR-iDb_c9BHbyBBKWq4Pk0BOhSAQlqiYiOfJUs77HQ==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 03 Jan 2023 13:39:38 GMT
age: 37083
etag: "d457e65190f24dce30af852e07b2d55f1fe5d808"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9d5478bc-c11a-4c6a-a2b7-8f5e15c284d5.jpeg
34.120.237.76200 OK 6.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9d5478bc-c11a-4c6a-a2b7-8f5e15c284d5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b0c06fd3d64e07573d40ac25a2ded456
688d1a6ca6fc7b0cd0af69c9be5c510188b18e5c
c2ae9ce00584a69524f224411cd57e53525b1a67c22adb62991d561d62f8eb07
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9d5478bc-c11a-4c6a-a2b7-8f5e15c284d5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6054
x-amzn-requestid: eb63944a-45e0-411e-91e2-18392d4822da
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eL33bGFgoAMF4Lw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b4a02f-1f9476ef6baadfc116a3071c;Sampled=0
x-amzn-remapped-date: Tue, 03 Jan 2023 21:37:51 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ULKqouvzHO5rpmNYwzFua0GMecSTkg4l1ISfgmEz5kAdQ8qHGuKaxA==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Tue, 03 Jan 2023 22:18:24 GMT
age: 5957
etag: "688d1a6ca6fc7b0cd0af69c9be5c510188b18e5c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc03ececd-3935-4a1b-ae41-45a5aea9ebe3.jpeg
34.120.237.76200 OK 5.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc03ececd-3935-4a1b-ae41-45a5aea9ebe3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash af78916e285d0f6c5c5a5ff33894e108
96df0d8c10c666811cfeb98187ca93e65480c2ff
7bcb20dc641e46d033dee76b3d92b701b31aecfbf88241a5a95dfdc1c5e95885
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc03ececd-3935-4a1b-ae41-45a5aea9ebe3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5018
x-amzn-requestid: 7a68cfb1-dedd-4f08-8d99-4678c1087422
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eL3HtFHkoAMFwYQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b49efd-7880e5f93c99cc794f9a03bb;Sampled=0
x-amzn-remapped-date: Tue, 03 Jan 2023 21:32:45 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: MvV5dXthUr0Qo499_5eG6Z_yW0gmflen3kRBrse7ngQjUgOVA0OMvg==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 03 Jan 2023 21:50:49 GMT
age: 7612
etag: "96df0d8c10c666811cfeb98187ca93e65480c2ff"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.globalsign.com/gsgccr3dvtlsca2020
151.101.130.133200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsgccr3dvtlsca2020
IP 151.101.130.133:0
Hash 82f22efbca2c86c4118ef944069301c0
729a1c7ff692f853a8386ce48cc01216a043ce84
0cada62c03d102537a8d875ef321369e6c449af698213b20626d7c6f2b7ebac5
POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 1414
Server: nginx
Content-Type: application/ocsp-response
Expires: Sat, 07 Jan 2023 22:59:36 GMT
ETag: "729a1c7ff692f853a8386ce48cc01216a043ce84"
Last-Modified: Tue, 03 Jan 2023 22:59:37 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Tue, 03 Jan 2023 23:57:41 GMT
Age: 3483
X-Served-By: cache-qpg1230-QPG, cache-bma1675-BMA
X-Cache: HIT, MISS
X-Cache-Hits: 17, 0
X-Timer: S1672790261.137679,VS0,VE186
js.users.51.la/21179529.js
103.143.19.103200 OK 2.4 kB URL HTTP/1.1 js.users.51.la/21179529.js
IP 103.143.19.103:0
ASN #4837 CHINA UNICOM China169 Backbone
File type HTML document, ASCII text, with very long lines (5068)
Hash 569092e327eff97c74695cc796fabb5c
a0af829fc8f248ec45248069c8d7a4cf0d7e62ff
e31baa1af0de66454e63577c1be7ef1d20f38a873788ef241e3a6acae4d128e9
GET /21179529.js HTTP/1.1
Host: js.users.51.la
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cqhdy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: CloudWAF
Date: Tue, 03 Jan 2023 23:57:41 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: HWWAFSESID=8714131cb7219139222; path=/
HWWAFSESTIME=1672790258062; path=/
Cache-Control: max-age=360000
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
www.yueguo99.com/nlp/fn888.php?keyword=js6038%E5%A4%87%E7%94%A8%E7%BD%91%E5%9D%80-www.js6038.com%7CApp%20Store&from=pc&originurl=http%3A%2F%2Fcqhdy.com%2Foa%2Finc%2Foa.exe&referer=&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&v=1745
104.165.90.186200 OK 1.3 kB URL HTTP/1.1 www.yueguo99.com/nlp/fn888.php?keyword=js6038%E5%A4%87%E7%94%A8%E7%BD%91%E5%9D%80-www.js6038.com%7CApp%20Store&from=pc&originurl=http%3A%2F%2Fcqhdy.com%2Foa%2Finc%2Foa.exe&referer=&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&v=1745
IP 104.165.90.186:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 384c3966e8272ae18e3c81ac9e57bc88
998bc1205e1fddea28c0c77b042c110f7382fb04
a0ab04f7194d691f8fe6b9219746d66484aad789d6c3f0eecbd1203f5f72eb85
GET /nlp/fn888.php?keyword=js6038%E5%A4%87%E7%94%A8%E7%BD%91%E5%9D%80-www.js6038.com%7CApp%20Store&from=pc&originurl=http%3A%2F%2Fcqhdy.com%2Foa%2Finc%2Foa.exe&referer=&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&v=1745 HTTP/1.1
Host: www.yueguo99.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://cqhdy.com
Connection: keep-alive
Referer: http://cqhdy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 03 Jan 2023 23:57:41 GMT
Content-Type: text/css;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Access-Control-Allow-Origin: *
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 73dcbc4ba101a030df17bbbf0b600229
59ac99d64f4b892a3dee00c7b9e0455b6ceee854
cb4d465fd53655070b5259c4deb110596d58ff0dda6b334780ddc63a99b65eba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CB4D465FD53655070B5259C4DEB110596D58FF0DDA6B334780DDC63A99B65EBA"
Last-Modified: Sun, 01 Jan 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8482
Expires: Wed, 04 Jan 2023 02:19:04 GMT
Date: Tue, 03 Jan 2023 23:57:42 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a250304cb54df6817a5c287833e2e29a
e95c168f0c9b3a451baa5256a5777941c35874d7
a46e9669c3485936ad1037c55b1ebf31b1d5f028613fecbc58482d74d93ace8a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A46E9669C3485936AD1037C55B1EBF31B1D5F028613FECBC58482D74D93ACE8A"
Last-Modified: Mon, 02 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8487
Expires: Wed, 04 Jan 2023 02:19:09 GMT
Date: Tue, 03 Jan 2023 23:57:42 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 73dcbc4ba101a030df17bbbf0b600229
59ac99d64f4b892a3dee00c7b9e0455b6ceee854
cb4d465fd53655070b5259c4deb110596d58ff0dda6b334780ddc63a99b65eba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CB4D465FD53655070B5259C4DEB110596D58FF0DDA6B334780DDC63A99B65EBA"
Last-Modified: Sun, 01 Jan 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Wed, 04 Jan 2023 05:57:42 GMT
Date: Tue, 03 Jan 2023 23:57:42 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 73dcbc4ba101a030df17bbbf0b600229
59ac99d64f4b892a3dee00c7b9e0455b6ceee854
cb4d465fd53655070b5259c4deb110596d58ff0dda6b334780ddc63a99b65eba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CB4D465FD53655070B5259C4DEB110596D58FF0DDA6B334780DDC63A99B65EBA"
Last-Modified: Sun, 01 Jan 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21570
Expires: Wed, 04 Jan 2023 05:57:12 GMT
Date: Tue, 03 Jan 2023 23:57:42 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a250304cb54df6817a5c287833e2e29a
e95c168f0c9b3a451baa5256a5777941c35874d7
a46e9669c3485936ad1037c55b1ebf31b1d5f028613fecbc58482d74d93ace8a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A46E9669C3485936AD1037C55B1EBF31B1D5F028613FECBC58482D74D93ACE8A"
Last-Modified: Mon, 02 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Wed, 04 Jan 2023 05:57:42 GMT
Date: Tue, 03 Jan 2023 23:57:42 GMT
Connection: keep-alive
cqhdy.com/oa/inc/site.css
50.2.85.58200 OK 3.8 kB URL HTTP/1.1 cqhdy.com/oa/inc/site.css
IP 50.2.85.58:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF, LF line terminators
Hash e3a0d09da2ac7f745b2ef2256aac31c1
2855b75cdb2324b90187bd3aefd6f1be04bf8945
dadbd2c472bdc166bc0ad4947269cf5c5d6ec1350793810eab5e4f8caf4d81db
GET /oa/inc/site.css HTTP/1.1
Host: cqhdy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cqhdy.com/oa/inc/oa.exe
Cookie: __tins__21179529=%7B%22sid%22%3A%201672790252586%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201672792052586%7D; __51cke__=; __51laig__=1
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 03 Jan 2023 23:57:42 GMT
Content-Type: text/css;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip
cqhdy.com/oa/inc/index.css
50.2.85.58200 OK 3.8 kB URL HTTP/1.1 cqhdy.com/oa/inc/index.css
IP 50.2.85.58:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF, LF line terminators
Hash 08d59d5075fca391003d6854da46bbb7
a236a52cdfcd05994597cd6a0377c43297232e7a
5bdef7e33c6c50a1fda21145d5bacd215c712df37b8b3eea8cf9405486be7f68
GET /oa/inc/index.css HTTP/1.1
Host: cqhdy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cqhdy.com/oa/inc/oa.exe
Cookie: __tins__21179529=%7B%22sid%22%3A%201672790252586%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201672792052586%7D; __51cke__=; __51laig__=1
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 03 Jan 2023 23:57:42 GMT
Content-Type: text/css;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.41
Content-Encoding: gzip
www.whjcpet.com/zhuye/jquery.la.min.js
104.165.90.55200 OK 718 B URL HTTP/1.1 www.whjcpet.com/zhuye/jquery.la.min.js
IP 104.165.90.55:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (554), with CRLF line terminators
Hash 7508aa9626ca42f55395e1c730ca2a42
5844f42d5773ebe2818c487f59364d5bfc6add82
6d04d2e22711ab44cfc76138b4d5f02521d57ff0e7a2a41eb4fe31698e990990
GET /zhuye/jquery.la.min.js HTTP/1.1
Host: www.whjcpet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cqhdy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 03 Jan 2023 23:57:42 GMT
Content-Type: application/javascript
Content-Length: 718
Last-Modified: Thu, 12 May 2022 19:29:56 GMT
Connection: keep-alive
ETag: "627d6034-2ce"
Accept-Ranges: bytes
sdk.51.la/js-sdk-pro.min.js
47.253.50.2200 OK 13 kB URL HTTP/1.1 sdk.51.la/js-sdk-pro.min.js
IP 47.253.50.2:0
ASN #45102 Alibaba US Technology Co., Ltd.
File type Unicode text, UTF-8 text, with very long lines (34373)
Hash 1390e823e4464795cd66ac593d94809a
208e2903bbe19109c7781db997395111d09b0c2b
8812cbab04c1444c5cb9f012f72b9c45ef827b91f933925de28011b9a65701af
GET /js-sdk-pro.min.js HTTP/1.1
Host: sdk.51.la
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cqhdy.com/
HTTP/1.1 200 OK
Server: openresty
Date: Tue, 03 Jan 2023 23:57:42 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 03 Jan 2023 09:37:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"63b3f756-8724"
Cache-Control: max-age=1296000
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
js.users.51.la/20655415.js
103.143.19.103200 OK 2.3 kB URL HTTP/1.1 js.users.51.la/20655415.js
IP 103.143.19.103:0
ASN #4837 CHINA UNICOM China169 Backbone
File type ASCII text, with very long lines (4898)
Hash 9b03aee65d17c20df699aee40c4b3921
6387fd8f85f4837343bdbc8b3898c12327050450
0093fe02f1e7eb39252d5338d32771b72f1a015d8f4baca6c11b1136278e6566
GET /20655415.js HTTP/1.1
Host: js.users.51.la
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cqhdy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: CloudWAF
Date: Tue, 03 Jan 2023 23:57:42 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: HWWAFSESID=871413fdb7219139222; path=/
HWWAFSESTIME=1672790258062; path=/
Cache-Control: max-age=360000
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
www.whjcpet.com/zhuye/img/wnsr2021.gif
104.165.90.55200 OK 75 kB URL HTTP/1.1 www.whjcpet.com/zhuye/img/wnsr2021.gif
IP 104.165.90.55:0
File type GIF image data, version 89a, 1000 x 200\012- data
Hash 6643420c5bbe4bd6e2d8b61837af3039
95c9fc7af01c5856bc05914373972cc4320bfb32
34a0e2070071c1bac6f17f5eb3dbfc297137792dbcaafa1203e0c9a78867f7e1
GET /zhuye/img/wnsr2021.gif HTTP/1.1
Host: www.whjcpet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cqhdy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 03 Jan 2023 23:57:42 GMT
Content-Type: image/gif
Content-Length: 74577
Last-Modified: Tue, 29 Mar 2022 20:46:02 GMT
Connection: keep-alive
ETag: "6243700a-12351"
Accept-Ranges: bytes
www.whjcpet.com/zhuye/img/xpj2021.gif
104.165.90.55200 OK 88 kB URL HTTP/1.1 www.whjcpet.com/zhuye/img/xpj2021.gif
IP 104.165.90.55:0
File type GIF image data, version 89a, 1000 x 200\012- data
Hash d03cd26d74296657fe5035f3920849b8
9be05d96796fa7f44616c5223bdf287b2df8dfcb
9314c2cb13cf470c9e1776355a6f03674a374c2ff566f02ecdde4be513477085
GET /zhuye/img/xpj2021.gif HTTP/1.1
Host: www.whjcpet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cqhdy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 03 Jan 2023 23:57:42 GMT
Content-Type: image/gif
Content-Length: 88320
Last-Modified: Tue, 29 Mar 2022 20:45:50 GMT
Connection: keep-alive
ETag: "62436ffe-15900"
Accept-Ranges: bytes
www.whjcpet.com/zhuye/img/jinsha999.gif
104.165.90.55200 OK 138 kB URL HTTP/1.1 www.whjcpet.com/zhuye/img/jinsha999.gif
IP 104.165.90.55:0
File type GIF image data, version 89a, 1000 x 300\012- data
Size 138 kB (138124 bytes)
Hash b15223fbef3ad6231c8a2065b14321bf
32b15b10b21a7a2c10a3720529299b0e77f574b8
60571f689a768060ae99d093560967d034611fc4ec7a87a0ee270a3a9b1b23fa
GET /zhuye/img/jinsha999.gif HTTP/1.1
Host: www.whjcpet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cqhdy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 03 Jan 2023 23:57:42 GMT
Content-Type: image/gif
Content-Length: 138124
Last-Modified: Tue, 29 Mar 2022 20:44:56 GMT
Connection: keep-alive
ETag: "62436fc8-21b8c"
Accept-Ranges: bytes
www.whjcpet.com/zhuye/img/manbetx2021.jpg
104.165.90.55200 OK 28 kB URL HTTP/1.1 www.whjcpet.com/zhuye/img/manbetx2021.jpg
IP 104.165.90.55:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1000x206, components 3\012- data
Hash e87ed328e88c78e459fb6263e79430f0
90757590c16296d8f63c74a4121c875bfcb8fc6b
fa3234ef626d29676fccb7643a5a3fc66ecc850acd4f19eb865239e73613ee83
GET /zhuye/img/manbetx2021.jpg HTTP/1.1
Host: www.whjcpet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cqhdy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 03 Jan 2023 23:57:43 GMT
Content-Type: image/jpeg
Content-Length: 28307
Last-Modified: Tue, 29 Mar 2022 20:46:40 GMT
Connection: keep-alive
ETag: "62437030-6e93"
Accept-Ranges: bytes
www.whjcpet.com/zhuye/img/yb999.png
104.165.90.55200 OK 337 kB URL HTTP/1.1 www.whjcpet.com/zhuye/img/yb999.png
IP 104.165.90.55:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x500, components 3\012- data
Size 337 kB (337091 bytes)
Hash f1e5601893a0f186a494e7dd0a18ec7e
571941931633bd84fb829ef5f15830dc7f9c1617
6a416bf5d721d033f61050f4ec3d83a075cdc5f16a6db7a5a0022dd48e2c806d
GET /zhuye/img/yb999.png HTTP/1.1
Host: www.whjcpet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cqhdy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 03 Jan 2023 23:57:42 GMT
Content-Type: image/png
Content-Length: 337091
Last-Modified: Tue, 29 Mar 2022 20:45:56 GMT
Connection: keep-alive
ETag: "62437004-524c3"
Accept-Ranges: bytes
ocsp.globalsign.com/gsgccr3dvtlsca2020
151.101.130.133200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsgccr3dvtlsca2020
IP 151.101.130.133:0
Hash 4b950545d1b6ea01f4d473b5b77174fc
89231b91fe504530b0b959870b41c661638543b4
23add6c02bd3ce21805b259ff2f466fe18a42df2727b48222c9fc7e62752e5bf
POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 1414
Server: nginx
Content-Type: application/ocsp-response
Expires: Sat, 07 Jan 2023 23:27:16 GMT
ETag: "89231b91fe504530b0b959870b41c661638543b4"
Last-Modified: Tue, 03 Jan 2023 23:27:17 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Tue, 03 Jan 2023 23:57:43 GMT
Age: 1826
X-Served-By: cache-qpg1233-QPG, cache-bma1675-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 10, 1
X-Timer: S1672790264.543490,VS0,VE1
www.whjcpet.com/zhuye/img/bet2021.jpg
104.165.90.55200 OK 144 kB URL HTTP/1.1 www.whjcpet.com/zhuye/img/bet2021.jpg
IP 104.165.90.55:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1000x200, components 3\012- data
Size 144 kB (143681 bytes)
Hash a812779ba450f8ea99610cc717104182
805c591f2cb0fe9d13350bd3d71bff2f86e32bd4
77e6a1db91d45aa7c0c16c2be7be7a856b1fa3b983b774c9d21ea38a31b08c17
GET /zhuye/img/bet2021.jpg HTTP/1.1
Host: www.whjcpet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cqhdy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 03 Jan 2023 23:57:43 GMT
Content-Type: image/jpeg
Content-Length: 143681
Last-Modified: Tue, 29 Mar 2022 20:45:46 GMT
Connection: keep-alive
ETag: "62436ffa-23141"
Accept-Ranges: bytes
www.whjcpet.com/zhuye/img/betway999.gif
104.165.90.55200 OK 786 kB URL HTTP/1.1 www.whjcpet.com/zhuye/img/betway999.gif
IP 104.165.90.55:0
File type GIF image data, version 89a, 1000 x 300\012- data
Size 786 kB (786077 bytes)
Hash 146e097dc6ac97692c6ba585b1880fd9
489ce49a513b069516081ab9fdce52347d6a158e
dc17b35522420bdee29ba5d29f6f5d6117c4ce984a2917d8d8d2e9f528b08dfe
GET /zhuye/img/betway999.gif HTTP/1.1
Host: www.whjcpet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cqhdy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 03 Jan 2023 23:57:42 GMT
Content-Type: image/gif
Content-Length: 786077
Last-Modified: Tue, 29 Mar 2022 20:47:04 GMT
Connection: keep-alive
ETag: "62437048-bfe9d"
Accept-Ranges: bytes
www.whjcpet.com/zhuye/img/yongli2021.gif
104.165.90.55200 OK 79 kB URL HTTP/1.1 www.whjcpet.com/zhuye/img/yongli2021.gif
IP 104.165.90.55:0
File type GIF image data, version 89a, 1000 x 200\012- data
Hash 9a081484d733800559f1e70616dd2bd1
cb60345f940d2a4cb6112b7048308cc400269bdd
a50032aeffd59b3b8387739e373855aa95385c19f567644aa720cff69c71f0ea
GET /zhuye/img/yongli2021.gif HTTP/1.1
Host: www.whjcpet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cqhdy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 03 Jan 2023 23:57:43 GMT
Content-Type: image/gif
Content-Length: 78713
Last-Modified: Tue, 29 Mar 2022 20:45:14 GMT
Connection: keep-alive
ETag: "62436fda-13379"
Accept-Ranges: bytes
www.whjcpet.com/zhuye/img/yl999.gif
104.165.90.55200 OK 477 kB URL HTTP/1.1 www.whjcpet.com/zhuye/img/yl999.gif
IP 104.165.90.55:0
File type GIF image data, version 89a, 1000 x 100\012- data
Size 477 kB (477348 bytes)
Hash 9e07a5cab4aa0dd2f4812fc347081ac8
b07f49e9cb7a8a678063ebede264aa7a60387348
38be687f0e62fcbf1b13a04003b15a3f9cef34bc2ab4332f33aa29e63e359765
GET /zhuye/img/yl999.gif HTTP/1.1
Host: www.whjcpet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cqhdy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 03 Jan 2023 23:57:42 GMT
Content-Type: image/gif
Content-Length: 477348
Last-Modified: Tue, 29 Mar 2022 20:47:48 GMT
Connection: keep-alive
ETag: "62437074-748a4"
Accept-Ranges: bytes
www.whjcpet.com/zhuye/img/tyc2021.png
104.165.90.55200 OK 100 kB URL HTTP/1.1 www.whjcpet.com/zhuye/img/tyc2021.png
IP 104.165.90.55:0
File type PNG image data, 1000 x 200, 8-bit colormap, non-interlaced\012- data
Hash 8f96b530a6e253577a2e3db628678348
34a6dd285ef52b88e1483fc668b3cf8cfb0da077
f59c819532085d1d0bb91db9b186a749df0c8a2478fc230a833125d5e7e64ae1
GET /zhuye/img/tyc2021.png HTTP/1.1
Host: www.whjcpet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cqhdy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 03 Jan 2023 23:57:43 GMT
Content-Type: image/png
Content-Length: 99525
Last-Modified: Tue, 29 Mar 2022 20:45:08 GMT
Connection: keep-alive
ETag: "62436fd4-184c5"
Accept-Ranges: bytes
www.whjcpet.com/zhuye/img/tyc1.gif
104.165.90.55200 OK 244 kB URL HTTP/1.1 www.whjcpet.com/zhuye/img/tyc1.gif
IP 104.165.90.55:0
File type GIF image data, version 89a, 1000 x 100\012- data
Size 244 kB (244502 bytes)
Hash fc4a7310fc9f4e7fbe2d43f1c063b43a
6410c3cf2eb299b1acfcd442b00d66c8e6134cdd
948ddb11b3c6c28622e03bc58daeebe0d373236d43a3ced3265b3fe6eb9bc95c
GET /zhuye/img/tyc1.gif HTTP/1.1
Host: www.whjcpet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cqhdy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 03 Jan 2023 23:57:43 GMT
Content-Type: image/gif
Content-Length: 244502
Last-Modified: Tue, 29 Mar 2022 20:47:38 GMT
Connection: keep-alive
ETag: "6243706a-3bb16"
Accept-Ranges: bytes
www.whjcpet.com/zhuye/img/aomen1200.gif
104.165.90.55200 OK 692 kB URL HTTP/1.1 www.whjcpet.com/zhuye/img/aomen1200.gif
IP 104.165.90.55:0
File type GIF image data, version 89a, 1000 x 200\012- data
Size 692 kB (692009 bytes)
Hash a2334b349e43e032cca680ccb8cfb0f7
a736e42c6842d9f4474a95892db9daa78f8d973e
db6f2077910bd49164439c7d9560e9356e31497a444c8f8069195604c7addb7b
GET /zhuye/img/aomen1200.gif HTTP/1.1
Host: www.whjcpet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cqhdy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 03 Jan 2023 23:57:43 GMT
Content-Type: image/gif
Content-Length: 692009
Last-Modified: Tue, 29 Mar 2022 20:46:52 GMT
Connection: keep-alive
ETag: "6243703c-a8f29"
Accept-Ranges: bytes
collect-v6.51.la/v6/collect?dt=4
103.143.19.103200 0 B URL HTTP/1.1 collect-v6.51.la/v6/collect?dt=4
IP 103.143.19.103:0
ASN #4837 CHINA UNICOM China169 Backbone
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /v6/collect?dt=4 HTTP/1.1
Host: collect-v6.51.la
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Length: 295
Origin: http://cqhdy.com
Connection: keep-alive
Referer: http://cqhdy.com/
HTTP/1.1 200
Server: CloudWAF
Date: Tue, 03 Jan 2023 23:57:43 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: HWWAFSESID=125f24cf3b8b53406e0; path=/
HWWAFSESTIME=1672790261348; path=/
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Origin: http://cqhdy.com
Access-Control-Allow-Credentials: true
ia.51.la/go1?id=20655415&rt=1672790253782&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=&ing=2&ekc=&sid=1672790253782&tt=js6038%25E5%25A4%2587%25E7%2594%25A8%25E7%25BD%2591%25E5%259D%2580-www.js6038.com%257CApp%2520Store&kw=&cu=http%253A%252F%252Fcqhdy.com%252Foa%252Finc%252Foa.exe&pu=
103.143.19.103200 0 B URL HTTP/1.1 ia.51.la/go1?id=20655415&rt=1672790253782&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=&ing=2&ekc=&sid=1672790253782&tt=js6038%25E5%25A4%2587%25E7%2594%25A8%25E7%25BD%2591%25E5%259D%2580-www.js6038.com%257CApp%2520Store&kw=&cu=http%253A%252F%252Fcqhdy.com%252Foa%252Finc%252Foa.exe&pu=
IP 103.143.19.103:0
ASN #4837 CHINA UNICOM China169 Backbone
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /go1?id=20655415&rt=1672790253782&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=&ing=2&ekc=&sid=1672790253782&tt=js6038%25E5%25A4%2587%25E7%2594%25A8%25E7%25BD%2591%25E5%259D%2580-www.js6038.com%257CApp%2520Store&kw=&cu=http%253A%252F%252Fcqhdy.com%252Foa%252Finc%252Foa.exe&pu= HTTP/1.1
Host: ia.51.la
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cqhdy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200
Server: CloudWAF
Date: Tue, 03 Jan 2023 23:57:43 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: HWWAFSESID=5434184d19b4ca7f04a; path=/
HWWAFSESTIME=1672790259650; path=/
collect-v6-alqy.51.la/v6/collect?dt=4
120.78.77.218200 0 B URL HTTP/1.1 collect-v6-alqy.51.la/v6/collect?dt=4
IP 120.78.77.218:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /v6/collect?dt=4 HTTP/1.1
Host: collect-v6-alqy.51.la
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Length: 295
Origin: http://cqhdy.com
Connection: keep-alive
Referer: http://cqhdy.com/
HTTP/1.1 200
Server: nginx
Date: Tue, 03 Jan 2023 23:57:44 GMT
Content-Length: 0
Connection: keep-alive
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Origin: http://cqhdy.com
Access-Control-Allow-Credentials: true
hm.baidu.com/hm.js?8d7d4cfa6b46e49eb91bf0e7e0306291
103.235.46.191200 OK 0 B URL HTTP/1.1 hm.baidu.com/hm.js?8d7d4cfa6b46e49eb91bf0e7e0306291
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
GET /hm.js?8d7d4cfa6b46e49eb91bf0e7e0306291 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cqhdy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11254
Content-Type: application/javascript
Date: Tue, 03 Jan 2023 23:57:41 GMT
Etag: 5b25de14a2cc648e81a3e1726bce29cb
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=8B7BADC116184636; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800