Analysis
-
max time kernel
177s -
max time network
202s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
-
submitted
01/12/2022, 10:40 UTC
General
-
Target
b34dd74c6dc826efff4334860757369476105c19a4d4e3f1e217e5c0f9759abe.exe
-
Size
1.7MB
-
MD5
99331247e1309357488aad9f724832cb
-
SHA1
0f9bb543716dd4586c1bf900f88bbbcf470f136e
-
SHA256
b34dd74c6dc826efff4334860757369476105c19a4d4e3f1e217e5c0f9759abe
-
SHA512
9f57e49efee6d21547a3976d3fc012dae206ae8c584ffa383608550d6b5a8e5111d0eba8a67cc8c013604d2ec74cd9843f353d3da8a9d891932f6103382a6a60
-
SSDEEP
24576:0ZE3QpzG6QICxXmFu9Gv0DCHV9eWfQJ3KJlNdjJuLFkEEap6qLVooLh5xkYqLVoM:0mXmb0DIsW6anjZU5HS5eQ
Score
7/10
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies Internet Explorer settings 1 TTPs 64 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 7 IoCs
-
Suspicious use of SetWindowsHookEx 34 IoCs
-
Suspicious use of WriteProcessMemory 35 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b34dd74c6dc826efff4334860757369476105c19a4d4e3f1e217e5c0f9759abe.exe"C:\Users\Admin\AppData\Local\Temp\b34dd74c6dc826efff4334860757369476105c19a4d4e3f1e217e5c0f9759abe.exe"1⤵
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://user.qzone.qq.com/1052260930/infocenter#home2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4288 CREDAT:17410 /prefetch:23⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://www.zxf6101.cccpan.com/2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2436 CREDAT:17410 /prefetch:23⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://www.zxf6101.cccpan.com/2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4196 CREDAT:17410 /prefetch:23⤵
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://www.zxf6101.cccpan.com/2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4728 CREDAT:17410 /prefetch:23⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://www.zxf6101.cccpan.com/2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3128 CREDAT:17410 /prefetch:23⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://v.youku.com/v_show/id_XNTc1NzM5NDg0.html2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:224 CREDAT:17410 /prefetch:23⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://v.youku.com/v_show/id_XNTc1NzM5NDg0.html2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:32 CREDAT:17410 /prefetch:23⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x40c 0x3001⤵
- Suspicious use of AdjustPrivilegeToken
Network
-
DNSwww.dnf2020.comRemote address:8.8.8.8:53Requestwww.dnf2020.comIN AResponsewww.dnf2020.comIN A199.59.243.222 -
DNSv.youku.comRemote address:8.8.8.8:53Requestv.youku.comIN AResponsev.youku.comIN CNAMEsecgw-ipv6-aserver-heyi.m.taobao.comsecgw-ipv6-aserver-heyi.m.taobao.comIN CNAMEsecgw-ipv6-aserver-heyi.m.taobao.com.gds.alibabadns.comsecgw-ipv6-aserver-heyi.m.taobao.com.gds.alibabadns.comIN A47.246.99.254
-
DNSwww.zxf6101.cccpan.comRemote address:8.8.8.8:53Requestwww.zxf6101.cccpan.comIN AResponsewww.zxf6101.cccpan.comIN CNAMEyjs-any.cccpan.com.cname.yunjiasu-cdn.netyjs-any.cccpan.com.cname.yunjiasu-cdn.netIN A121.12.125.134
-
DNSuser.qzone.qq.comRemote address:8.8.8.8:53Requestuser.qzone.qq.comIN AResponseuser.qzone.qq.comIN A203.205.254.103
-
DNSwww.zxf6101.cccpan.comRemote address:8.8.8.8:53Requestwww.zxf6101.cccpan.comIN AResponsewww.zxf6101.cccpan.comIN CNAMEyjs-any.cccpan.com.cname.yunjiasu-cdn.netyjs-any.cccpan.com.cname.yunjiasu-cdn.netIN A121.12.125.134
-
GEThttp://user.qzone.qq.com/1052260930/infocenterRemote address:203.205.254.103:80RequestGET /1052260930/infocenter HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: user.qzone.qq.com
Connection: Keep-Alive
ResponseHTTP/1.1 302 Moved Temporarily
Server: stgw
Date: Sat, 03 Dec 2022 17:32:31 GMT
Content-Type: text/html
Content-Length: 137
Connection: keep-alive
Location: https://user.qzone.qq.com/1052260930/infocenter
-
GEThttp://v.youku.com/v_show/id_XNTc1NzM5NDg0.htmlRemote address:47.246.99.254:80RequestGET /v_show/id_XNTc1NzM5NDg0.html HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: v.youku.com
Connection: Keep-Alive
ResponseHTTP/1.1 301 Moved Permanently
Date: Sat, 03 Dec 2022 17:32:32 GMT
Content-Type: text/html
Content-Length: 357
Connection: keep-alive
Location: https://v.youku.com/v_show/id_XNTc1NzM5NDg0.html
Server: Tengine/Aserver
EagleEye-TraceId: 2100dd0816700887523823522e57b5
Timing-Allow-Origin: *
s-rt: 0
EagleEye-TraceId: 2100dd0816700887523823522e57b5
-
GEThttp://v.youku.com/v_show/id_XNTc1NzM5NDg0.htmlRemote address:47.246.99.254:80RequestGET /v_show/id_XNTc1NzM5NDg0.html HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: v.youku.com
Connection: Keep-Alive
ResponseHTTP/1.1 301 Moved Permanently
Date: Sat, 03 Dec 2022 17:32:39 GMT
Content-Type: text/html
Content-Length: 357
Connection: keep-alive
Location: https://v.youku.com/v_show/id_XNTc1NzM5NDg0.html
Server: Tengine/Aserver
EagleEye-TraceId: 2100dd0616700887594086597e6dc5
Timing-Allow-Origin: *
s-rt: 0
EagleEye-TraceId: 2100dd0616700887594086597e6dc5
-
GEThttps://v.youku.com/v_show/id_XNTc1NzM5NDg0.htmlRemote address:47.246.99.254:443RequestGET /v_show/id_XNTc1NzM5NDg0.html HTTP/2.0
host: v.youku.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
date: Sat, 03 Dec 2022 17:33:14 GMT
content-type: text/html;charset=UTF-8
vary: Accept-Encoding
cache-control: no-store
access-control-allow-credentials: true
bxuuid: c9d73f30ac6b38fca269730302c8b2ce
set-cookie: x5secdata=xbc9d73f30ac6b38fca269730302c8b2ce1670088794a-1168998890a-1982070654abaac2aaa__bx__v.youku.com%3A443%2Fv_show%2Fid_XNTc1NzM5NDg0.html; Max-Age=20; Expires=Sat, 03-Dec-2022 17:33:34 GMT; Domain=youku.com; Path=/
bxpunish: 1
server: Tengine/Aserver
eagleeye-traceid: 2100dc1a16700887947477010ed192
strict-transport-security: max-age=31536000
timing-allow-origin: *
s-rt: 160
eagleeye-traceid: 2100dc1a16700887947477010ed192
content-encoding: gzip
-
GEThttps://v.youku.com/v_show/id_XNTc1NzM5NDg0.htmlRemote address:47.246.99.254:443RequestGET /v_show/id_XNTc1NzM5NDg0.html HTTP/2.0
host: v.youku.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
date: Sat, 03 Dec 2022 17:33:36 GMT
content-type: text/html;charset=UTF-8
vary: Accept-Encoding
cache-control: no-store
access-control-allow-credentials: true
bxuuid: 93c8a746adc4655031310746c975c0cc
set-cookie: x5secdata=xb93c8a746adc4655031310746c975c0cc1670088816a-1168998890a-1982070654abaac2aaa__bx__v.youku.com%3A443%2Fv_show%2Fid_XNTc1NzM5NDg0.html; Max-Age=20; Expires=Sat, 03-Dec-2022 17:33:56 GMT; Domain=youku.com; Path=/
bxpunish: 1
server: Tengine/Aserver
eagleeye-traceid: 2100dd0816700888164912770e57a9
strict-transport-security: max-age=31536000
timing-allow-origin: *
s-rt: 133
eagleeye-traceid: 2100dd0816700888164912770e57a9
content-encoding: gzip
-
GEThttps://user.qzone.qq.com/1052260930/infocenterRemote address:203.205.254.103:443RequestGET /1052260930/infocenter HTTP/2.0
host: user.qzone.qq.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 302
date: Sat, 03 Dec 2022 17:33:15 GMT
content-type: text/html
server: QZHTTP-2.38.18
content-encoding: gzip
set-cookie: uin=; PATH=/; DOMAIN=qq.com
set-cookie: skey=; PATH=/; DOMAIN=qq.com
set-cookie: zzpaneluin=; PATH=/; DOMAIN=qzone.qq.com
set-cookie: zzpanelkey=; PATH=/; DOMAIN=qzone.qq.com
set-cookie: p_skey=; PATH=/; DOMAIN=qzone.qq.com; Secure
set-cookie: pt4_token=; PATH=/; DOMAIN=qzone.qq.com
set-cookie: p_uin=; PATH=/; DOMAIN=qzone.qq.com
set-cookie: qzone_check=; EXPIRES=Fri, 02-Jan-1970 00:00:00 GMT; PATH=/; DOMAIN=qq.com
set-cookie: _qz_referrer=; expires=Mon, 26 Jul 1997 05:00:00 GMT; PATH=/; DOMAIN=qq.com
location: http://i.qq.com?s_url=http%3A%2F%2Fuser.qzone.qq.com%2F1052260930%2Finfocenter
strict-transport-security: max-age=2592000
-
DNSwww.zxf6101.cccpan.comRemote address:8.8.8.8:53Requestwww.zxf6101.cccpan.comIN AResponse
-
DNS97.97.242.52.in-addr.arpaRemote address:8.8.8.8:53Request97.97.242.52.in-addr.arpaIN PTRResponse
-
DNSocsp.digicert.cnRemote address:8.8.8.8:53Requestocsp.digicert.cnIN AResponseocsp.digicert.cnIN CNAMEocsp.digicert.cn.w.cdngslb.comocsp.digicert.cn.w.cdngslb.comIN A47.246.48.205
-
GEThttp://ocsp.digicert.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbJNRrm8KxusAb7DCqnMkE%3DRemote address:47.246.48.205:80RequestGET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbJNRrm8KxusAb7DCqnMkE%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: ocsp.digicert.cn
ResponseHTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Date: Sat, 03 Dec 2022 16:38:15 GMT
Last-Modified: Sat, 03 Dec 2022 16:13:26 GMT
ETag: "638b75a6-1d7"
Expires: Mon, 05 Dec 2022 16:13:26 GMT
Cache-Control: max-age=171311
Accept-Ranges: bytes
Ali-Swift-Global-Savetime: 1670085495
Via: cache2.l2de2[0,0,200-0,H], cache26.l2de2[1,0], cache5.nl2[0,0,200-0,H], cache5.nl2[2,0]
Age: 3298
X-Cache: HIT TCP_MEM_HIT dirn:1:388598131
X-Swift-SaveTime: Sat, 03 Dec 2022 16:38:17 GMT
X-Swift-CacheTime: 3598
Timing-Allow-Origin: *
EagleId: 2ff6309916700887937625776e
-
GEThttp://ocsp.digicert.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQhnxEBNL9LgIhfSsTcHsrTt204QgQURNnISjOO01KNp5KUYR%2BayKW37MsCEAZ%2FqcNk5BTgJ5FxQ0NvGeY%3DRemote address:47.246.48.205:80RequestGET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQhnxEBNL9LgIhfSsTcHsrTt204QgQURNnISjOO01KNp5KUYR%2BayKW37MsCEAZ%2FqcNk5BTgJ5FxQ0NvGeY%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: ocsp.digicert.cn
ResponseHTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Date: Sat, 03 Dec 2022 17:33:15 GMT
Last-Modified: Sat, 03 Dec 2022 15:43:20 GMT
ETag: "638b6e98-1d7"
Expires: Mon, 05 Dec 2022 15:43:20 GMT
Cache-Control: max-age=166205
Accept-Ranges: bytes
Ali-Swift-Global-Savetime: 1670088795
Via: cache14.l2de2[187,187,304-0,M], cache11.l2de2[188,0], cache8.nl2[1256,1255,200-0,H], cache5.nl2[1258,0]
Age: 0
X-Cache: HIT TCP_REFRESH_HIT dirn:1:135908730
X-Swift-SaveTime: Sat, 03 Dec 2022 17:33:15 GMT
X-Swift-CacheTime: 3600
Timing-Allow-Origin: *
EagleId: 2ff6309916700887938345916e
-
GEThttp://ocsp.digicert.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQhnxEBNL9LgIhfSsTcHsrTt204QgQURNnISjOO01KNp5KUYR%2BayKW37MsCEANpcoVsvR%2BbNEE0YLq9Pak%3DRemote address:47.246.48.205:80RequestGET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQhnxEBNL9LgIhfSsTcHsrTt204QgQURNnISjOO01KNp5KUYR%2BayKW37MsCEANpcoVsvR%2BbNEE0YLq9Pak%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: ocsp.digicert.cn
ResponseHTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Sat, 03 Dec 2022 16:40:26 GMT
Ali-Swift-Global-Savetime: 1670085626
Via: cache3.l2de2[4,4,200-0,M], cache17.l2de2[6,0], cache8.nl2[0,0,200-0,H], cache5.nl2[1,0]
Age: 3170
X-Cache: HIT TCP_MEM_HIT dirn:1:138069299
X-Swift-SaveTime: Sat, 03 Dec 2022 16:40:26 GMT
X-Swift-CacheTime: 3600
Timing-Allow-Origin: *
EagleId: 2ff6309916700887968113824e
-
GEThttp://ocsp.digicert.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQhnxEBNL9LgIhfSsTcHsrTt204QgQURNnISjOO01KNp5KUYR%2BayKW37MsCEA2RIn8DYIha6RSjswjOUU8%3DRemote address:47.246.48.205:80RequestGET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQhnxEBNL9LgIhfSsTcHsrTt204QgQURNnISjOO01KNp5KUYR%2BayKW37MsCEA2RIn8DYIha6RSjswjOUU8%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: ocsp.digicert.cn
ResponseHTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Date: Sat, 03 Dec 2022 17:27:20 GMT
Last-Modified: Sat, 03 Dec 2022 03:06:38 GMT
ETag: "638abd3e-1d7"
Expires: Mon, 05 Dec 2022 03:06:38 GMT
Cache-Control: max-age=121158
Accept-Ranges: bytes
Ali-Swift-Global-Savetime: 1670088440
Via: cache25.l2de2[0,0,200-0,H], cache3.l2de2[1,0], cache3.nl2[0,0,200-0,H], cache5.nl2[1,0]
Age: 358
X-Cache: HIT TCP_MEM_HIT dirn:3:177261797
X-Swift-SaveTime: Sat, 03 Dec 2022 17:28:38 GMT
X-Swift-CacheTime: 3522
Timing-Allow-Origin: *
EagleId: 2ff6309916700887987527495e
-
DNSg.alicdn.comRemote address:8.8.8.8:53Requestg.alicdn.comIN AResponseg.alicdn.comIN CNAMEg.alicdn.com.danuoyi.alicdn.comg.alicdn.com.danuoyi.alicdn.comIN A47.246.48.252g.alicdn.com.danuoyi.alicdn.comIN A47.246.48.251
-
DNSi.qq.comRemote address:8.8.8.8:53Requesti.qq.comIN AResponsei.qq.comIN A203.205.254.103
-
GEThttps://g.alicdn.com/secdev/entry/index.jsRemote address:47.246.48.252:443RequestGET /secdev/entry/index.js HTTP/2.0
host: g.alicdn.com
accept: application/javascript, */*;q=0.8
referer: https://v.youku.com/v_show/id_XNTc1NzM5NDg0.html
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
origin: https://v.youku.com
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
server: Tengine
content-type: application/javascript
content-length: 2125
date: Sat, 03 Dec 2022 16:33:19 GMT
vary: Accept-Encoding
x-oss-request-id: 638B7A4F10A93F32355EBA15
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 9403457710961289238
x-oss-storage-class: Standard
cache-control: max-age=7200,s-maxage=3600
content-md5: 9hDv2l6tv2gE74ewjPYZFA==
x-oss-server-time: 1
content-encoding: gzip
access-control-allow-origin: *
x-bucket-code: 3
ali-swift-global-savetime: 1670085199
via: cache21.l2de2[8,8,200-0,M], cache17.l2de2[10,0], cache17.l2de2[11,0], cache3.nl2[0,0,200-0,H], cache3.nl2[5,0]
age: 3596
x-cache: HIT TCP_MEM_HIT dirn:8:286078201
x-swift-savetime: Sat, 03 Dec 2022 16:33:19 GMT
x-swift-cachetime: 3600
timing-allow-origin: *
eagleid: 2ff6309716700887956564721e
-
GEThttps://g.alicdn.com/mtb/lib-flexible/0.3.2/flexible.jsRemote address:47.246.48.252:443RequestGET /mtb/lib-flexible/0.3.2/flexible.js HTTP/2.0
host: g.alicdn.com
accept: application/javascript, */*;q=0.8
referer: https://v.youku.com/v_show/id_XNTc1NzM5NDg0.html
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
origin: https://v.youku.com
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
server: Tengine
content-type: application/javascript
content-length: 929
date: Sat, 03 Dec 2022 16:51:13 GMT
vary: Accept-Encoding
x-oss-request-id: 638B7E810A184B33322E6FF4
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 3796639399158809320
x-oss-storage-class: Standard
content-md5: jxYQDLqBIXaICwY1d3EXVQ==
x-oss-server-time: 20
content-encoding: gzip
cache-control: max-age=2592000,s-maxage=3600
access-control-allow-origin: *
x-bucket-code: 3
ali-swift-global-savetime: 1670086273
via: cache14.l2de2[0,0,200-0,H], cache6.l2de2[0,0], cache6.l2de2[0,0], cache5.nl2[0,0,200-0,H], cache3.nl2[5,0]
age: 2522
x-cache: HIT TCP_MEM_HIT dirn:1:393712953
x-swift-savetime: Sat, 03 Dec 2022 16:51:42 GMT
x-swift-cachetime: 3571
timing-allow-origin: *
eagleid: 2ff6309716700887956564722e
-
GEThttps://g.alicdn.com/code/lib/qrcodejs/1.0.0/qrcode.min.jsRemote address:47.246.48.252:443RequestGET /code/lib/qrcodejs/1.0.0/qrcode.min.js HTTP/2.0
host: g.alicdn.com
accept: application/javascript, */*;q=0.8
referer: https://v.youku.com/v_show/id_XNTc1NzM5NDg0.html
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
origin: https://v.youku.com
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
server: Tengine
content-type: application/javascript
content-length: 7007
date: Sat, 03 Dec 2022 16:40:53 GMT
vary: Accept-Encoding
x-oss-request-id: 638B7C1544E4D03535605E8F
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 17632674935737242381
x-oss-storage-class: Standard
content-md5: UXtV02iM6e8QhaPZYyvLlw==
x-oss-server-time: 4
content-encoding: gzip
cache-control: max-age=2592000,s-maxage=3600
access-control-allow-origin: *
x-bucket-code: 3
ali-swift-global-savetime: 1670085653
via: cache1.l2de2[0,0,200-0,H], cache21.l2de2[0,0], cache21.l2de2[0,0], cache5.nl2[0,0,200-0,H], cache3.nl2[3,0]
age: 3142
x-cache: HIT TCP_MEM_HIT dirn:5:65486193
x-swift-savetime: Sat, 03 Dec 2022 16:41:09 GMT
x-swift-cachetime: 3584
timing-allow-origin: *
eagleid: 2ff6309716700887956584723e
-
GEThttps://g.alicdn.com/mtb/lib-windvane/3.0.6/windvane.jsRemote address:47.246.48.252:443RequestGET /mtb/lib-windvane/3.0.6/windvane.js HTTP/2.0
host: g.alicdn.com
accept: application/javascript, */*;q=0.8
referer: https://v.youku.com/v_show/id_XNTc1NzM5NDg0.html
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
origin: https://v.youku.com
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
server: Tengine
content-type: application/javascript
content-length: 23162
date: Sat, 03 Dec 2022 06:50:14 GMT
vary: Accept-Encoding
x-oss-request-id: 638AF1A6ED81AC303792BE26
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 18288468273426292823
x-oss-storage-class: Standard
cache-control: max-age=2592000,s-maxage=86400
content-md5: muYav53nUQFUrgW4MDtUAg==
x-oss-server-time: 232
content-encoding: gzip
access-control-allow-origin: *
x-bucket-code: 3
ali-swift-global-savetime: 1670050214
via: cache21.l2de2[0,0,200-0,H], cache2.l2de2[0,0], cache2.l2de2[1,0], cache8.nl2[0,0,200-0,H], cache3.nl2[3,0]
age: 38581
x-cache: HIT TCP_MEM_HIT dirn:1:397836749
x-swift-savetime: Sat, 03 Dec 2022 06:51:18 GMT
x-swift-cachetime: 86336
timing-allow-origin: *
eagleid: 2ff6309716700887956584729e
-
GEThttps://g.alicdn.com/mtb/lib-mtop/2.6.3/mtop.jsRemote address:47.246.48.252:443RequestGET /mtb/lib-mtop/2.6.3/mtop.js HTTP/2.0
host: g.alicdn.com
accept: application/javascript, */*;q=0.8
referer: https://v.youku.com/v_show/id_XNTc1NzM5NDg0.html
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
origin: https://v.youku.com
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
server: Tengine
content-type: application/javascript
content-length: 9217
date: Sat, 03 Dec 2022 07:53:33 GMT
vary: Accept-Encoding
x-oss-request-id: 638B007DED81AC3337F52651
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 1968437436908963894
x-oss-storage-class: Standard
cache-control: max-age=2592000,s-maxage=86400
content-md5: 6OrbrBnBcwyI72qR7Xu7YA==
x-oss-server-time: 3
content-encoding: gzip
access-control-allow-origin: *
x-bucket-code: 3
ali-swift-global-savetime: 1670054013
via: cache3.l2de2[0,0,200-0,H], cache10.l2de2[1,0], cache10.l2de2[1,0], cache2.nl2[0,0,200-0,H], cache3.nl2[3,0]
age: 34782
x-cache: HIT TCP_MEM_HIT dirn:2:324060383
x-swift-savetime: Sat, 03 Dec 2022 07:53:55 GMT
x-swift-cachetime: 86378
timing-allow-origin: *
eagleid: 2ff6309716700887956584726e
-
GEThttps://g.alicdn.com/bsop-static/sufei-punish/0.1.11/build/main.cssRemote address:47.246.48.252:443RequestGET /bsop-static/sufei-punish/0.1.11/build/main.css HTTP/2.0
host: g.alicdn.com
accept: text/css, */*
referer: https://v.youku.com/v_show/id_XNTc1NzM5NDg0.html
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
server: Tengine
content-type: application/javascript
content-length: 1876
date: Sat, 03 Dec 2022 16:49:09 GMT
vary: Accept-Encoding
x-oss-request-id: 638B7E05F22B2D323207D43B
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 1652282053768547989
x-oss-storage-class: Standard
content-md5: NzdpIV8+WJdCet0ptuTL6A==
x-oss-server-time: 2
content-encoding: gzip
cache-control: max-age=2592000,s-maxage=3600
access-control-allow-origin: *
x-bucket-code: 3
ali-swift-global-savetime: 1670086149
via: cache11.l2de2[0,-1,200-0,H], cache9.l2de2[1,0], cache9.l2de2[1,0], cache2.nl2[0,0,200-0,H], cache3.nl2[4,0]
age: 2646
x-cache: HIT TCP_MEM_HIT dirn:4:445322511
x-swift-savetime: Sat, 03 Dec 2022 16:49:46 GMT
x-swift-cachetime: 3563
timing-allow-origin: *
eagleid: 2ff6309716700887956584724e
-
GEThttps://g.alicdn.com/bsop-static/sufei-punish/0.1.11/build/punishpage.min.jsRemote address:47.246.48.252:443RequestGET /bsop-static/sufei-punish/0.1.11/build/punishpage.min.js HTTP/2.0
host: g.alicdn.com
accept: application/javascript, */*;q=0.8
referer: https://v.youku.com/v_show/id_XNTc1NzM5NDg0.html
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
origin: https://v.youku.com
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
server: Tengine
content-type: text/css
content-length: 2545
date: Sat, 03 Dec 2022 06:50:51 GMT
vary: Accept-Encoding
x-oss-request-id: 638AF1CBED81AC3336942327
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 7914468666341628843
x-oss-storage-class: Standard
cache-control: max-age=2592000,s-maxage=86400
content-md5: QfseHeMPehIKedRwMS8vsQ==
x-oss-server-time: 27
content-encoding: gzip
access-control-allow-origin: *
x-bucket-code: 3
ali-swift-global-savetime: 1670050251
via: cache21.l2de2[0,0,200-0,H], cache4.l2de2[0,0], cache4.l2de2[1,0], cache5.nl2[0,0,200-0,H], cache3.nl2[4,0]
age: 38544
x-cache: HIT TCP_MEM_HIT dirn:11:297597110
x-swift-savetime: Sat, 03 Dec 2022 06:51:18 GMT
x-swift-cachetime: 86373
timing-allow-origin: *
eagleid: 2ff6309716700887956584727e
-
GEThttps://g.alicdn.com/dt/tracker/4.0.0/??tracker.Tracker.js,tracker.interfaceTrackerPlugin.js,tracker.performanceTrackerPlugin.jsRemote address:47.246.48.252:443RequestGET /dt/tracker/4.0.0/??tracker.Tracker.js,tracker.interfaceTrackerPlugin.js,tracker.performanceTrackerPlugin.js HTTP/2.0
host: g.alicdn.com
accept: application/javascript, */*;q=0.8
referer: https://v.youku.com/v_show/id_XNTc1NzM5NDg0.html
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
origin: https://v.youku.com
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
server: Tengine
content-type: application/javascript
content-length: 8367
date: Sat, 03 Dec 2022 16:51:40 GMT
vary: Accept-Encoding
x-oss-request-id: 638B7E9C0A184B3338EFD5F4
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 12461918412381825562
x-oss-storage-class: Standard
content-md5: UeOyN1THVectWTlCy1JSxg==
x-oss-server-time: 2
cache-control: max-age=2592000,s-maxage=3600
access-control-allow-origin: *
x-bucket-code: 3
content-encoding: gzip
ali-swift-global-savetime: 1670086300
via: cache8.l2de2[0,0,200-0,H], cache11.l2de2[1,0], cache11.l2de2[1,0], cache2.nl2[0,0,200-0,H], cache3.nl2[4,0]
age: 2495
x-cache: HIT TCP_MEM_HIT dirn:4:445887857
x-swift-savetime: Sat, 03 Dec 2022 16:51:42 GMT
x-swift-cachetime: 3598
timing-allow-origin: *
eagleid: 2ff6309716700887956584731e
-
GEThttps://g.alicdn.com/secdev/sufei_data/3.9.10/index.jsRemote address:47.246.48.252:443RequestGET /secdev/sufei_data/3.9.10/index.js HTTP/2.0
host: g.alicdn.com
accept: application/javascript, */*;q=0.8
referer: https://v.youku.com/v_show/id_XNTc1NzM5NDg0.html
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
origin: https://v.youku.com
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
server: Tengine
content-type: application/javascript
content-length: 7571
date: Sat, 03 Dec 2022 04:33:31 GMT
vary: Accept-Encoding
x-oss-request-id: 638AD19B34A3EC34316AE96E
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 13500841233386616122
x-oss-storage-class: Standard
cache-control: max-age=2592000,s-maxage=86400
content-md5: CtQlEVirudc6Vat90k+/Zg==
x-oss-server-time: 51
content-encoding: gzip
access-control-allow-origin: *
x-bucket-code: 3
ali-swift-global-savetime: 1670042011
via: cache21.l2de2[0,0,200-0,H], cache26.l2de2[0,0], cache26.l2de2[1,0], cache4.nl2[0,0,200-0,H], cache3.nl2[1,0]
age: 46785
x-cache: HIT TCP_MEM_HIT dirn:1:318175286
x-swift-savetime: Sat, 03 Dec 2022 04:33:42 GMT
x-swift-cachetime: 86389
timing-allow-origin: *
eagleid: 2ff6309716700887960465395e
-
GEThttps://g.alicdn.com/??xlly/spl/rp.js,secdev/nsv/1.0.87/ns_f_95_3_n.js?v=1Remote address:47.246.48.252:443RequestGET /??xlly/spl/rp.js,secdev/nsv/1.0.87/ns_f_95_3_n.js?v=1 HTTP/2.0
host: g.alicdn.com
accept: application/javascript, */*;q=0.8
referer: https://v.youku.com/v_show/id_XNTc1NzM5NDg0.html
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
origin: https://v.youku.com
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
server: Tengine
content-type: application/javascript
content-length: 58497
date: Sat, 03 Dec 2022 03:35:28 GMT
vary: Accept-Encoding
x-oss-request-id: 638AC400601F6239388BEF91
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 12800617583171053160
x-oss-storage-class: Standard
cache-control: max-age=86400,s-maxage=86400
content-md5: tdHs2vb8MWxdmyWdkGWDug==
x-oss-server-time: 4
access-control-allow-origin: *
x-bucket-code: 3
content-encoding: gzip
ali-swift-global-savetime: 1670038528
via: cache23.l2de2[0,0,200-0,H], cache19.l2de2[1,0], cache19.l2de2[1,0], cache7.nl2[0,0,200-0,H], cache3.nl2[2,0]
age: 50268
x-cache: HIT TCP_MEM_HIT dirn:2:217146072
x-swift-savetime: Sat, 03 Dec 2022 03:35:43 GMT
x-swift-cachetime: 86385
timing-allow-origin: *
eagleid: 2ff6309716700887960995498e
-
GEThttps://g.alicdn.com/AWSC/et/1.62.7/et_n.jsRemote address:47.246.48.252:443RequestGET /AWSC/et/1.62.7/et_n.js HTTP/2.0
host: g.alicdn.com
accept: application/javascript, */*;q=0.8
referer: https://v.youku.com/v_show/id_XNTc1NzM5NDg0.html
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
origin: https://v.youku.com
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
server: Tengine
content-type: application/javascript
content-length: 37291
date: Sat, 03 Dec 2022 04:58:43 GMT
vary: Accept-Encoding
x-oss-request-id: 638AD783CE97E53736E1DE5D
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 8759877793609080201
x-oss-storage-class: Standard
cache-control: max-age=2592000,s-maxage=86400
content-md5: l7bGHibbCMMFIFtozfaKyA==
x-oss-server-time: 20
content-encoding: gzip
access-control-allow-origin: *
x-bucket-code: 3
ali-swift-global-savetime: 1670043523
via: cache19.l2de2[0,0,200-0,H], cache19.l2de2[0,0], cache19.l2de2[0,0], cache8.nl2[0,0,200-0,H], cache3.nl2[2,0]
age: 45273
x-cache: HIT TCP_MEM_HIT dirn:11:15802380
x-swift-savetime: Sat, 03 Dec 2022 04:59:03 GMT
x-swift-cachetime: 86380
timing-allow-origin: *
eagleid: 2ff6309716700887964306069e
-
GEThttps://g.alicdn.com/alilog/mlog/aplus_v2.jsRemote address:47.246.48.252:443RequestGET /alilog/mlog/aplus_v2.js HTTP/2.0
host: g.alicdn.com
accept: application/javascript, */*;q=0.8
referer: https://v.youku.com/v_show/id_XNTc1NzM5NDg0.html
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
server: Tengine
content-type: application/javascript
content-length: 6469
date: Sat, 03 Dec 2022 17:06:51 GMT
vary: Accept-Encoding
x-oss-request-id: 638B822BED81AC3937A2A633
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 2159095792374447506
x-oss-storage-class: Standard
cache-control: max-age=3600,s-maxage=1800
content-md5: a59g31IIku10wCabeoidjw==
x-oss-server-time: 2
content-encoding: gzip
access-control-allow-origin: *
x-bucket-code: 3
ali-swift-global-savetime: 1670087211
via: cache2.l2de2[0,0,200-0,H], cache21.l2de2[1,0], cache21.l2de2[1,0], cache3.nl2[0,0,200-0,H], cache3.nl2[2,0]
age: 1586
x-cache: HIT TCP_MEM_HIT dirn:11:243286499
x-swift-savetime: Sat, 03 Dec 2022 17:06:51 GMT
x-swift-cachetime: 1800
timing-allow-origin: *
eagleid: 2ff6309716700887976138163e
-
GEThttp://i.qq.com/?s_url=http%3A%2F%2Fuser.qzone.qq.com%2F1052260930%2FinfocenterRemote address:203.205.254.103:80RequestGET /?s_url=http%3A%2F%2Fuser.qzone.qq.com%2F1052260930%2Finfocenter HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Host: i.qq.com
Cookie: uin=; skey=
ResponseHTTP/1.1 302 Moved Temporarily
Server: stgw
Date: Sat, 03 Dec 2022 17:33:16 GMT
Content-Type: text/html
Content-Length: 137
Connection: keep-alive
Location: https://i.qq.com/?s_url=http%3A%2F%2Fuser.qzone.qq.com%2F1052260930%2Finfocenter
-
GEThttps://i.qq.com/?s_url=http%3A%2F%2Fuser.qzone.qq.com%2F1052260930%2FinfocenterRemote address:203.205.254.103:443RequestGET /?s_url=http%3A%2F%2Fuser.qzone.qq.com%2F1052260930%2Finfocenter HTTP/2.0
host: i.qq.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: uin=; skey=
ResponseHTTP/2.0 200
date: Sat, 03 Dec 2022 17:33:17 GMT
content-type: text/html; charset=UTF-8
server: openresty/1.16.1.1
x-powered-by: TSW/Node.js
cache-control: no-cache
vary: Origin, Accept
mod-map: platform_loginQzone:hybrid/app/platform/loginQzone/sync/sync.js
strict-transport-security: max-age=172800
cache-offline: false
content-encoding: gzip
x-request-time: 0.114
x-whistle-client-id: -,
-
DNSfourier.taobao.comRemote address:8.8.8.8:53Requestfourier.taobao.comIN AResponsefourier.taobao.comIN CNAMEfourier.taobao.com.gds.alibabadns.comfourier.taobao.com.gds.alibabadns.comIN CNAMEdualstack-na61-na62.wagbridge.alibaba.taobao.comdualstack-na61-na62.wagbridge.alibaba.taobao.comIN CNAMEdualstack-na61-na62.wagbridge.alibaba.taobao.com.gds.alibabadns.comdualstack-na61-na62.wagbridge.alibaba.taobao.com.gds.alibabadns.comIN A203.119.169.6
-
GEThttps://fourier.taobao.com/rp?ext=51&data=jm_null&random=6345090255013714&href=https%3A%2F%2Fv.youku.com%2Fv_show%2Fid_XNTc1NzM5NDg0.html&protocol=https:Remote address:203.119.169.6:443RequestGET /rp?ext=51&data=jm_null&random=6345090255013714&href=https%3A%2F%2Fv.youku.com%2Fv_show%2Fid_XNTc1NzM5NDg0.html&protocol=https: HTTP/2.0
host: fourier.taobao.com
accept: application/javascript, */*;q=0.8
referer: https://v.youku.com/v_show/id_XNTc1NzM5NDg0.html
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
date: Sat, 03 Dec 2022 17:33:36 GMT
content-type: image/gif
content-length: 0
server: Tengine/Aserver
eagleeye-traceid: 212bcc7816700888165217632e1089
strict-transport-security: max-age=31536000
timing-allow-origin: *
-
GEThttps://fourier.taobao.com/ts?url=&token=BENDt3c7JCGXIehV8w0OzZiV2gftuNf6IyadOHUgn6IZNGNW_YhnSiGiql56jy_y&cna=&ext=1Remote address:203.119.169.6:443RequestGET /ts?url=&token=BENDt3c7JCGXIehV8w0OzZiV2gftuNf6IyadOHUgn6IZNGNW_YhnSiGiql56jy_y&cna=&ext=1 HTTP/2.0
host: fourier.taobao.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://v.youku.com/v_show/id_XNTc1NzM5NDg0.html
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
date: Sat, 03 Dec 2022 17:33:36 GMT
content-type: application/javascript;charset=UTF-8
content-length: 1023
x5-punish-cache: miss
cache-control: no-store
access-control-allow-credentials: true
bxuuid: 6597edab84a010508719aa415cb8af82
use-raw: true
bxuuid: {"login-token":"6597edab84a010508719aa415cb8af82___null___2c9c35e653463612f291fa461c5abdd5"}
set-cookie: x5secdata=xb6597edab84a010508719aa415cb8af821670088816a-717315356a1993109894abazc2aaa__bx__fourier.taobao.com%3A443%2Frp; Max-Age=20; Expires=Sat, 03-Dec-2022 17:33:56 GMT; Domain=taobao.com; Path=/
bxpunish: 1
server: Tengine/Aserver
eagleeye-traceid: 212bcc7816700888165207631e1089
strict-transport-security: max-age=31536000
timing-allow-origin: *
-
DNSqzonestyle.gtimg.cnRemote address:8.8.8.8:53Requestqzonestyle.gtimg.cnIN AResponseqzonestyle.gtimg.cnIN CNAMEqzonestyle.gtimg.cn.cloud.tc.qq.comqzonestyle.gtimg.cn.cloud.tc.qq.comIN CNAMEqzonestyle.mid.tdnsv6.comqzonestyle.mid.tdnsv6.comIN CNAMEqzonestyle.gtimg.cn.sched.legopic2.tdnsv6.comqzonestyle.gtimg.cn.sched.legopic2.tdnsv6.comIN A203.205.136.77qzonestyle.gtimg.cn.sched.legopic2.tdnsv6.comIN A119.28.164.142qzonestyle.gtimg.cn.sched.legopic2.tdnsv6.comIN A203.205.136.105qzonestyle.gtimg.cn.sched.legopic2.tdnsv6.comIN A203.205.136.243qzonestyle.gtimg.cn.sched.legopic2.tdnsv6.comIN A119.28.164.143qzonestyle.gtimg.cn.sched.legopic2.tdnsv6.comIN A203.205.137.234
-
DNStajs.qq.comRemote address:8.8.8.8:53Requesttajs.qq.comIN AResponse
-
GEThttps://qzonestyle.gtimg.cn/qzone_v6/proj_qzonelogin/qzonelogin.css?20130306Remote address:203.205.136.77:443RequestGET /qzone_v6/proj_qzonelogin/qzonelogin.css?20130306 HTTP/2.0
host: qzonestyle.gtimg.cn
accept: text/css, */*
referer: https://i.qq.com/?s_url=http%3A%2F%2Fuser.qzone.qq.com%2F1052260930%2Finfocenter
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
last-modified: Mon, 16 May 2022 10:38:27 GMT
content-encoding: gzip
etag: "864ab4777d98b856cfb0b88e2da588fb"
content-type: application/x-javascript
content-length: 408
accept-ranges: bytes
x-nws-log-uuid: 18363331144551653148
server: Lego Server
date: Sat, 03 Dec 2022 17:33:18 GMT
x-cache-lookup: Cache Hit
access-control-expose-headers: x-client-proto-ver
alt-svc: quic=":443";ma=86400;v="39,38,37,36,35"
vary: Origin,Accept
access-control-expose-headers: X-Client-Ip
access-control-expose-headers: X-Server-Ip
access-control-expose-headers: X-Upstream-IP
x-client-ip: 154.61.71.13
x-server-ip: 203.205.136.77_eth0
x-upstream-ip: $upstream_server
x-real-ip: 154.61.71.13
-
GEThttps://qzonestyle.gtimg.cn/qzone/qzactStatics/configSystem/data/179/config1.jsRemote address:203.205.136.77:443RequestGET /qzone/qzactStatics/configSystem/data/179/config1.js HTTP/2.0
host: qzonestyle.gtimg.cn
accept: application/javascript, */*;q=0.8
referer: https://i.qq.com/?s_url=http%3A%2F%2Fuser.qzone.qq.com%2F1052260930%2Finfocenter
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
content-type: text/css
x-datasrc: 2
x-reqgue: 0
accept-ranges: bytes
server: Lego Server
date: Sat, 03 Dec 2022 17:33:18 GMT
x-cache-lookup: Cache Hit
last-modified: Sat, 01 Apr 2017 18:36:52 GMT
content-encoding: gzip
cache-control: max-age=3600
age: 137
content-length: 3025
x-nws-log-uuid: 9011186330447827739
x-cache-lookup: Hit From Inner Cluster
access-control-expose-headers: x-client-proto-ver
alt-svc: quic=":443";ma=86400;v="39,38,37,36,35"
vary: Origin,Accept
access-control-expose-headers: X-Client-Ip
access-control-expose-headers: X-Server-Ip
access-control-expose-headers: X-Upstream-IP
x-client-ip: 154.61.71.13
x-server-ip: 203.205.136.77_eth0
x-upstream-ip: $upstream_server
x-real-ip: 154.61.71.13
-
DNScrl.globalsign.netRemote address:8.8.8.8:53Requestcrl.globalsign.netIN AResponsecrl.globalsign.netIN CNAMEglobal.prd.cdn.globalsign.comglobal.prd.cdn.globalsign.comIN CNAMEcdn.globalsigncdn.com.cdn.cloudflare.netcdn.globalsigncdn.com.cdn.cloudflare.netIN A104.18.20.226cdn.globalsigncdn.com.cdn.cloudflare.netIN A104.18.21.226
-
GEThttp://crl.globalsign.net/root.crlRemote address:104.18.20.226:80RequestGET /root.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: crl.globalsign.net
ResponseHTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 17:33:27 GMT
Content-Type: application/pkix-crl
Content-Length: 1739
Connection: keep-alive
Last-Modified: Fri, 07 Oct 2022 00:00:00 GMT
ETag: 57
Expires: Sun, 15 Jan 2023 00:00:00 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2686
Accept-Ranges: bytes
Server: cloudflare
CF-RAY: 773e0c262e360a4c-AMS
-
GEThttp://ocsp.globalsign.com/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8EJHRemote address:104.18.20.226:80RequestGET /rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8EJH HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: ocsp.globalsign.com
ResponseHTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 17:33:34 GMT
Content-Type: application/ocsp-response
Content-Length: 1442
Connection: keep-alive
Expires: Wed, 07 Dec 2022 14:48:45 GMT
ETag: "01970bab2294d762220b7ba9e832d971e468ff04"
Last-Modified: Sat, 03 Dec 2022 14:48:46 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 300
Accept-Ranges: bytes
Server: cloudflare
CF-RAY: 773e0c507db01c8e-AMS
-
DNScrl.globalsign.comRemote address:8.8.8.8:53Requestcrl.globalsign.comIN AResponsecrl.globalsign.comIN CNAMEglobal.prd.cdn.globalsign.comglobal.prd.cdn.globalsign.comIN CNAMEcdn.globalsigncdn.com.cdn.cloudflare.netcdn.globalsigncdn.com.cdn.cloudflare.netIN A104.18.20.226cdn.globalsigncdn.com.cdn.cloudflare.netIN A104.18.21.226
-
GEThttp://crl.globalsign.com/gs/gsorganizationvalsha2g2.crlRemote address:104.18.20.226:80RequestGET /gs/gsorganizationvalsha2g2.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: crl.globalsign.com
ResponseHTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 17:33:36 GMT
Content-Type: application/pkix-crl
Content-Length: 1142
Connection: keep-alive
Last-Modified: Sat, 03 Dec 2022 00:31:50 GMT
ETag: EC70
Expires: Sat, 10 Dec 2022 00:31:49 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1972
Accept-Ranges: bytes
Server: cloudflare
CF-RAY: 773e0c5e3aa70bbf-AMS
-
GEThttps://g.alicdn.com/secdev/entry/index.jsRemote address:47.246.48.252:443RequestGET /secdev/entry/index.js HTTP/2.0
host: g.alicdn.com
accept: application/javascript, */*;q=0.8
referer: https://v.youku.com/v_show/id_XNTc1NzM5NDg0.html
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
origin: https://v.youku.com
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
server: Tengine
content-type: application/javascript
content-length: 2125
date: Sat, 03 Dec 2022 17:33:19 GMT
vary: Accept-Encoding
x-oss-request-id: 638B885F34A3EC33301744DE
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 9403457710961289238
x-oss-storage-class: Standard
cache-control: max-age=7200,s-maxage=3600
content-md5: 9hDv2l6tv2gE74ewjPYZFA==
x-oss-server-time: 1
content-encoding: gzip
access-control-allow-origin: *
x-bucket-code: 3
ali-swift-global-savetime: 1670088799
via: cache21.l2de2[0,0,200-0,H], cache4.l2de2[0,0], cache4.l2de2[1,0], cache3.nl2[0,0,200-0,H], cache7.nl2[1,0]
age: 17
x-cache: HIT TCP_MEM_HIT dirn:3:178966555
x-swift-savetime: Sat, 03 Dec 2022 17:33:19 GMT
x-swift-cachetime: 3600
timing-allow-origin: *
eagleid: 2ff6309b16700888169196154e
-
GEThttps://g.alicdn.com/alilog/mlog/aplus_v2.jsRemote address:47.246.48.252:443RequestGET /alilog/mlog/aplus_v2.js HTTP/2.0
host: g.alicdn.com
accept: application/javascript, */*;q=0.8
referer: https://v.youku.com/v_show/id_XNTc1NzM5NDg0.html
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
server: Tengine
content-type: application/javascript
content-length: 6469
date: Sat, 03 Dec 2022 17:06:51 GMT
vary: Accept-Encoding
x-oss-request-id: 638B822BED81AC3937A2A633
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 2159095792374447506
x-oss-storage-class: Standard
cache-control: max-age=3600,s-maxage=1800
content-md5: a59g31IIku10wCabeoidjw==
x-oss-server-time: 2
content-encoding: gzip
access-control-allow-origin: *
x-bucket-code: 3
ali-swift-global-savetime: 1670087211
via: cache2.l2de2[0,0,200-0,H], cache21.l2de2[1,0], cache21.l2de2[1,0], cache3.nl2[0,0,200-0,H], cache7.nl2[3,0]
age: 1605
x-cache: HIT TCP_MEM_HIT dirn:11:243286499
x-swift-savetime: Sat, 03 Dec 2022 17:06:51 GMT
x-swift-cachetime: 1800
timing-allow-origin: *
eagleid: 2ff6309b16700888169706239e
-
GEThttps://fourier.taobao.com/rp?ext=51&data=jm_null&random=6032127685217852&href=https%3A%2F%2Fv.youku.com%2Fv_show%2Fid_XNTc1NzM5NDg0.html&protocol=https:Remote address:203.119.169.6:443RequestGET /rp?ext=51&data=jm_null&random=6032127685217852&href=https%3A%2F%2Fv.youku.com%2Fv_show%2Fid_XNTc1NzM5NDg0.html&protocol=https: HTTP/2.0
host: fourier.taobao.com
accept: application/javascript, */*;q=0.8
referer: https://v.youku.com/v_show/id_XNTc1NzM5NDg0.html
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: x5secdata=xb6597edab84a010508719aa415cb8af821670088816a-717315356a1993109894abazc2aaa__bx__fourier.taobao.com%3A443%2Frp
ResponseHTTP/2.0 200
date: Sat, 03 Dec 2022 17:33:44 GMT
content-type: application/javascript;charset=UTF-8
content-length: 1023
x5-punish-cache: miss
cache-control: no-store
access-control-allow-credentials: true
bxuuid: 6f56778ece0957d14a85096909db5ad2
use-raw: true
bxuuid: {"login-token":"6f56778ece0957d14a85096909db5ad2___null___237773bac75cf44fca9c0d8405f51386"}
set-cookie: x5secdata=xb6f56778ece0957d14a85096909db5ad21670088824a-717315356a1993109894abazc2aaa__bx__fourier.taobao.com%3A443%2Frp; Max-Age=20; Expires=Sat, 03-Dec-2022 17:34:04 GMT; Domain=taobao.com; Path=/
bxpunish: 1
server: Tengine/Aserver
eagleeye-traceid: 21313e3716700888246321637e111a
strict-transport-security: max-age=31536000
timing-allow-origin: *
-
8.238.20.126:80
-
88.221.25.154:80
-
88.221.25.154:80
-
104.80.225.205:443
-
20.50.73.9:443
-
8.248.7.254:80
-
8.248.7.254:80
-
8.248.7.254:80
-
8.248.7.254:80
-
199.59.243.222:80www.dnf2020.com
-
67.27.153.254:80
-
8.238.20.126:80
-
52.152.108.96:443
-
203.205.254.103:80user.qzone.qq.com
-
203.205.254.103:80http://user.qzone.qq.com/1052260930/infocenterhttp
HTTP Request
GET http://user.qzone.qq.com/1052260930/infocenterHTTP Response
302 -
121.12.125.134:80www.zxf6101.cccpan.com
-
121.12.125.134:80www.zxf6101.cccpan.com
-
121.12.125.134:80www.zxf6101.cccpan.com
-
121.12.125.134:80www.zxf6101.cccpan.com
-
121.12.125.134:80www.zxf6101.cccpan.com
-
121.12.125.134:80www.zxf6101.cccpan.com
-
47.246.99.254:80v.youku.com
-
47.246.99.254:80v.youku.com
-
47.246.99.254:80http://v.youku.com/v_show/id_XNTc1NzM5NDg0.htmlhttp
HTTP Request
GET http://v.youku.com/v_show/id_XNTc1NzM5NDg0.htmlHTTP Response
301 -
47.246.99.254:80v.youku.com
-
121.12.125.134:80www.zxf6101.cccpan.com
-
121.12.125.134:80www.zxf6101.cccpan.com
-
47.246.99.254:443v.youku.com
-
203.205.254.103:443user.qzone.qq.com
-
121.12.125.134:80www.zxf6101.cccpan.com
-
121.12.125.134:80www.zxf6101.cccpan.com
-
121.12.125.134:80www.zxf6101.cccpan.com
-
121.12.125.134:80www.zxf6101.cccpan.com
-
47.246.99.254:80v.youku.com
-
121.12.125.134:80www.zxf6101.cccpan.com
-
47.246.99.254:80http://v.youku.com/v_show/id_XNTc1NzM5NDg0.htmlhttp
HTTP Request
GET http://v.youku.com/v_show/id_XNTc1NzM5NDg0.htmlHTTP Response
301 -
121.12.125.134:80www.zxf6101.cccpan.com
-
47.246.99.254:443https://v.youku.com/v_show/id_XNTc1NzM5NDg0.htmltls, http2
HTTP Request
GET https://v.youku.com/v_show/id_XNTc1NzM5NDg0.htmlHTTP Response
200 -
47.246.99.254:443https://v.youku.com/v_show/id_XNTc1NzM5NDg0.htmltls, http2
HTTP Request
GET https://v.youku.com/v_show/id_XNTc1NzM5NDg0.htmlHTTP Response
200 -
203.205.254.103:443https://user.qzone.qq.com/1052260930/infocentertls, http2
HTTP Request
GET https://user.qzone.qq.com/1052260930/infocenterHTTP Response
302 -
47.246.48.205:80http://ocsp.digicert.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQhnxEBNL9LgIhfSsTcHsrTt204QgQURNnISjOO01KNp5KUYR%2BayKW37MsCEA2RIn8DYIha6RSjswjOUU8%3Dhttp
HTTP Request
GET http://ocsp.digicert.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbJNRrm8KxusAb7DCqnMkE%3DHTTP Response
200HTTP Request
GET http://ocsp.digicert.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQhnxEBNL9LgIhfSsTcHsrTt204QgQURNnISjOO01KNp5KUYR%2BayKW37MsCEAZ%2FqcNk5BTgJ5FxQ0NvGeY%3DHTTP Response
200HTTP Request
GET http://ocsp.digicert.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQhnxEBNL9LgIhfSsTcHsrTt204QgQURNnISjOO01KNp5KUYR%2BayKW37MsCEANpcoVsvR%2BbNEE0YLq9Pak%3DHTTP Response
200HTTP Request
GET http://ocsp.digicert.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQhnxEBNL9LgIhfSsTcHsrTt204QgQURNnISjOO01KNp5KUYR%2BayKW37MsCEA2RIn8DYIha6RSjswjOUU8%3DHTTP Response
200 -
47.246.48.252:443g.alicdn.comtls, http2
-
47.246.48.252:443g.alicdn.comtls, http2
-
47.246.48.252:443g.alicdn.comtls, http2
-
47.246.48.252:443g.alicdn.comtls, http2
-
47.246.48.252:443g.alicdn.comtls, http2
-
47.246.48.252:443https://g.alicdn.com/alilog/mlog/aplus_v2.jstls, http2
HTTP Request
GET https://g.alicdn.com/secdev/entry/index.jsHTTP Request
GET https://g.alicdn.com/mtb/lib-flexible/0.3.2/flexible.jsHTTP Request
GET https://g.alicdn.com/code/lib/qrcodejs/1.0.0/qrcode.min.jsHTTP Request
GET https://g.alicdn.com/mtb/lib-windvane/3.0.6/windvane.jsHTTP Request
GET https://g.alicdn.com/mtb/lib-mtop/2.6.3/mtop.jsHTTP Request
GET https://g.alicdn.com/bsop-static/sufei-punish/0.1.11/build/main.cssHTTP Request
GET https://g.alicdn.com/bsop-static/sufei-punish/0.1.11/build/punishpage.min.jsHTTP Request
GET https://g.alicdn.com/dt/tracker/4.0.0/??tracker.Tracker.js,tracker.interfaceTrackerPlugin.js,tracker.performanceTrackerPlugin.jsHTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Request
GET https://g.alicdn.com/secdev/sufei_data/3.9.10/index.jsHTTP Response
200HTTP Request
GET https://g.alicdn.com/??xlly/spl/rp.js,secdev/nsv/1.0.87/ns_f_95_3_n.js?v=1HTTP Response
200HTTP Request
GET https://g.alicdn.com/AWSC/et/1.62.7/et_n.jsHTTP Response
200HTTP Request
GET https://g.alicdn.com/alilog/mlog/aplus_v2.jsHTTP Response
200 -
203.205.254.103:80i.qq.com
-
203.205.254.103:80http://i.qq.com/?s_url=http%3A%2F%2Fuser.qzone.qq.com%2F1052260930%2Finfocenterhttp
HTTP Request
GET http://i.qq.com/?s_url=http%3A%2F%2Fuser.qzone.qq.com%2F1052260930%2FinfocenterHTTP Response
302 -
203.205.254.103:443https://i.qq.com/?s_url=http%3A%2F%2Fuser.qzone.qq.com%2F1052260930%2Finfocentertls, http2
HTTP Request
GET https://i.qq.com/?s_url=http%3A%2F%2Fuser.qzone.qq.com%2F1052260930%2FinfocenterHTTP Response
200 -
203.119.169.6:443https://fourier.taobao.com/ts?url=&token=BENDt3c7JCGXIehV8w0OzZiV2gftuNf6IyadOHUgn6IZNGNW_YhnSiGiql56jy_y&cna=&ext=1tls, http2
HTTP Request
GET https://fourier.taobao.com/rp?ext=51&data=jm_null&random=6345090255013714&href=https%3A%2F%2Fv.youku.com%2Fv_show%2Fid_XNTc1NzM5NDg0.html&protocol=https:HTTP Request
GET https://fourier.taobao.com/ts?url=&token=BENDt3c7JCGXIehV8w0OzZiV2gftuNf6IyadOHUgn6IZNGNW_YhnSiGiql56jy_y&cna=&ext=1HTTP Response
200HTTP Response
200 -
203.119.169.6:443fourier.taobao.comtls, http2
-
203.205.136.77:443qzonestyle.gtimg.cntls, http2
-
203.205.136.77:443https://qzonestyle.gtimg.cn/qzone/qzactStatics/configSystem/data/179/config1.jstls, http2
HTTP Request
GET https://qzonestyle.gtimg.cn/qzone_v6/proj_qzonelogin/qzonelogin.css?20130306HTTP Request
GET https://qzonestyle.gtimg.cn/qzone/qzactStatics/configSystem/data/179/config1.jsHTTP Response
200HTTP Response
200 -
104.18.20.226:80http://crl.globalsign.net/root.crlhttp
HTTP Request
GET http://crl.globalsign.net/root.crlHTTP Response
200 -
104.18.20.226:80http://ocsp.globalsign.com/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8EJHhttp
HTTP Request
GET http://ocsp.globalsign.com/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8EJHHTTP Response
200 -
104.18.20.226:80http://crl.globalsign.com/gs/gsorganizationvalsha2g2.crlhttp
HTTP Request
GET http://crl.globalsign.com/gs/gsorganizationvalsha2g2.crlHTTP Response
200 -
47.246.48.252:443g.alicdn.comtls, http2
-
47.246.48.252:443https://g.alicdn.com/alilog/mlog/aplus_v2.jstls, http2
HTTP Request
GET https://g.alicdn.com/secdev/entry/index.jsHTTP Response
200HTTP Request
GET https://g.alicdn.com/alilog/mlog/aplus_v2.jsHTTP Response
200 -
203.119.169.6:443fourier.taobao.comtls, http2
-
203.119.169.6:443https://fourier.taobao.com/rp?ext=51&data=jm_null&random=6032127685217852&href=https%3A%2F%2Fv.youku.com%2Fv_show%2Fid_XNTc1NzM5NDg0.html&protocol=https:tls, http2
HTTP Request
GET https://fourier.taobao.com/rp?ext=51&data=jm_null&random=6032127685217852&href=https%3A%2F%2Fv.youku.com%2Fv_show%2Fid_XNTc1NzM5NDg0.html&protocol=https:HTTP Response
200 -
204.79.197.200:443ieonline.microsoft.comtls, http2
-
8.238.20.126:80
-
8.248.7.254:80
-
8.8.8.8:53www.dnf2020.comdns
DNS Request
www.dnf2020.com
DNS Response
199.59.243.222
-
8.8.8.8:53v.youku.comdns
DNS Request
v.youku.com
DNS Response
47.246.99.254
-
8.8.8.8:53www.zxf6101.cccpan.comdns
DNS Request
www.zxf6101.cccpan.com
DNS Response
121.12.125.134
-
8.8.8.8:53user.qzone.qq.comdns
DNS Request
user.qzone.qq.com
DNS Response
203.205.254.103
-
8.8.8.8:53www.zxf6101.cccpan.comdns
DNS Request
www.zxf6101.cccpan.com
DNS Response
121.12.125.134
-
8.8.8.8:53www.zxf6101.cccpan.comdns
DNS Request
www.zxf6101.cccpan.com
-
8.8.8.8:5397.97.242.52.in-addr.arpadns
DNS Request
97.97.242.52.in-addr.arpa
-
8.8.8.8:53ocsp.digicert.cndns
DNS Request
ocsp.digicert.cn
DNS Response
47.246.48.205
-
8.8.8.8:53g.alicdn.comdns
DNS Request
g.alicdn.com
DNS Response
47.246.48.25247.246.48.251
-
8.8.8.8:53i.qq.comdns
DNS Request
i.qq.com
DNS Response
203.205.254.103
-
8.8.8.8:53fourier.taobao.comdns
DNS Request
fourier.taobao.com
DNS Response
203.119.169.6
-
8.8.8.8:53qzonestyle.gtimg.cndns
DNS Request
qzonestyle.gtimg.cn
DNS Response
203.205.136.77119.28.164.142203.205.136.105203.205.136.243119.28.164.143203.205.137.234
-
8.8.8.8:53tajs.qq.comdns
DNS Request
tajs.qq.com
-
8.8.8.8:53crl.globalsign.netdns
DNS Request
crl.globalsign.net
DNS Response
104.18.20.226104.18.21.226
-
8.8.8.8:53crl.globalsign.comdns
DNS Request
crl.globalsign.com
DNS Response
104.18.20.226104.18.21.226
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5f609891d140f6dd92c6776e6e130bb1a
SHA1a5bbfdc89876bc31b7b969c8c3765a5f704e55e0
SHA256f452008e384d3adcc0da3df9116995eb4f3b184318cab73c2fdec34d1ab8362b
SHA5128d9aa0f7a9c50df0550cd0c155e57c987db9f362ed94dbaf559a802acf90094227d5e985bee7c8a57e57f8cf096e2413eb6d9c6d89adc115729f32309a269162
-
Filesize
1KB
MD5a74da3e56dc21e7e37f081517e3ee11e
SHA1e815971ea65c1a3d1bdf548d7b7ee715ad1c5a4e
SHA25616bcc9fdb0e5096d5e5277b55959e55a523c1f64d0e7f704031f525785800bd0
SHA512d1283d573ca9b49f3b3b3d017d2cbf59374db1b6ea76f02c1a21d84d60c2f7f0998d82296871ac8bc24495ce2dec517233e23e91f109e947b4316ab45bd54233
-
Filesize
1KB
MD566b36fb3a62522db85fe223500e551a0
SHA14eb408f100b3d63a06f369e1fa4a94edaebcf88e
SHA25698ece3ecb58a4f4d1b960b2b592d45c7e3579e1411bddb71de4a9dc4b5ca580c
SHA512e1ce254022228bacfb5111ba514c9f0201ce719b234f7fcad4260371e943c47cca6df9e74abc93c15e15e9ef532e1c8707fcf8dced2effe087fe597c741abc36
-
Filesize
1KB
MD5e9e7373e05cb8f0f4f021798092f3b8c
SHA1b3507a125c80cf9dc6fe12cfbe29c7282bb33422
SHA256d197aaddce315f4e06b014f798ca0fb1982a978cc606cc77d7bbe7d15248e8df
SHA512de5f260320f5db3fc88e8427103f391a65abd9fae0f0640c6fa072c4e9a63edab56f11bc071a093a5ee9f5109e46fcb67dbbdce5bf1e9127f535d40f79ab12bd
-
Filesize
536B
MD5ebd90a3f443169a2f6514456fdd90f6d
SHA1d0e811464cb5ac4b1700675de84c59c8be05093a
SHA2560d0894db9f5b275223307cf6178375167ba1f15c06173eaa9f56207d7f5cc9e8
SHA512b8e571aa3fb86671b2892b91508d5aad23c09d0fc91755a511ea8ca59b084e7fd41cd439c827ca169f7d8f35e7d9c3d48fa113d83208392671eb06b397ab54e5
-
Filesize
536B
MD5aee5a976461cbf67c55a27c50cd11eec
SHA14bf3ec23ba21cf6641dc3ec6eebdcd88a33597d8
SHA256f092516efd150d4693284b384adfd59fa48458a78c224e0a0ff790b055ae1c79
SHA5120ea94b6e132336bd0e9ddbc10094047f679d85bc783d5e597a408fc742963488d8ff5bedb707fe59e0e474a1c9aef8a98da73b4581b799d4c3ec737933502220
-
Filesize
532B
MD5558ff48b78cd06220fd1bae88a3f6049
SHA1004976af1f5d42f202dee8c53df40c596acedb10
SHA256a2b8019114f799611dd363bef968b336e01e4f42c5aed33ab4333ae88072e864
SHA5126ad4313319a8f25dd10263ad50bfc4abe465224a8dbadb38ca8a78a5394f1d6474785675c67e0b36306f903ed988fbe9960989ae281857245824b8ab3b7c49cd
-
Filesize
492B
MD5c27d3ec91435f0d3381c09c76cab899d
SHA17f3341da3a1881c75400a07484a00b3385ffdb1d
SHA256fe7b871f3d1bff39c726036677e757a3c11453aadbb34e1f7a869356c4bdb2f3
SHA512ecab00615f5e776369331b8328d3cf09129e51d3d8f38d1603d455b1362378cbdb8e664a1cd6a63543f8a3d8d2248019f53381157f1c67cfeaadc071d68061b8
-
Filesize
13B
MD5c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA135e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA5126be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed
-
Filesize
4KB
MD5f05438a9debb8eeb18b82e7ff1f62f65
SHA11e28ee34d54c40a0ac50c8a1416921f7e5c2f7d8
SHA256aa958a493e5e6e964714cd64688f458894c8bd698364682e3eb44705d6a7e950
SHA512a664c1d883e3fae9b1e000dc371e4bc345baa363d3f7df16d4a8b4d57b65327b45cbe00f8cdc780ba20254b5c197438e76e6699d8ce8583aebfd5a81024cec13
-
Filesize
3KB
MD51b83dcfc0c5d20e82ac72b9e3999ed11
SHA14c437bf2716a365c4e154d1188d39c1c9675cf78
SHA256a93102cd31b31ea6d26539aaca458c22038dc90bdaa95399f7787418e0b77638
SHA51225960b34aec846a73fd60959f79d66c942536d5216e2829d5766b7e93dbe8ef7fe1cfb3471c24c49e487a2ec12d8419fd4e74ce4348a170a97b54d95da66fdb7
-
Filesize
3KB
MD5c0384c4f8edcfb2c1c5ae46c03fe3958
SHA1e0804014b4eba73f22310ce554d139c0136d73a4
SHA256a9cc6f47e2b75130916cd01fa661376552ac7837ab431dd8df14be5876bdd23b
SHA51262764bfbd9589a2480062ceae94ddd57b805b0282b9aab81df7926c6a65842ae9ec3ef2d7886b8e80ade07c385830f0306f91713ce402c7cdb1e2f4fe01c3320
-
Filesize
5KB
MD5830780442a669c7bbfd1dda5139dd39d
SHA16a6a7e73b143c4cf844e35bfc9a0a3439b16fde2
SHA256cb3f635a99b1cd5e20fae7452f94ee8995674dc856e40ef9a1174a1c36b5c13c
SHA512b9fbbda83f7b573a52789d8e35ab29ff0b516d69f2242766e0e349b762a71759cebe6a0a96692f3065b5efe0b0cee60c217fa23ffb98887bc5c199021b448a36
-
Filesize
1KB
MD58f16100cba812176880b063577711755
SHA156f94b7f150ce8926a3e77a51622910843e3dcea
SHA256e1dbb2115ee1deca2ad6e503e132e9429722f04c3bca42f3d4b87439f9f8ad86
SHA5128c8f5252c16b21332de9ca1cd4180e10b83f68d15ad0df533d3ab8b570fc7961aabcedad9b8959161dc538ecbf8a5e686843da47308bf39ecdd5afaf7537e2f6
-
Filesize
4KB
MD5f610efda5eadbf6804ef87b08cf61914
SHA107d39ba7fa9a2f803c430ed1c02de745495cc300
SHA256a23ac114b772a4bae1498d203e5dd2beac4292777bc5689091a30d6083c151d3
SHA51254864e70ac193159c757720dcc606af0f6b5b4e7f291c4c2139fa3f5e8d6622991ad9686d2fa20fda86fc10971cdd558c7095ecc93d9b28c40f15139ab84a766
-
Filesize
17KB
MD50ad4251158abb9d73a55ab7dd24fbf66
SHA1350d23bc2e5036ac20a9513d7d30a8e7391916c4
SHA2568a978233505986e37cf952a7656e6c31f4a8d13902d76c68f28de30bf9f1d57c
SHA512193d027c8680bb5fc8e0324d45cd460e968a8b4d04455b61fa4dd23af35706bc9d1b070c44f182bdc74314ab7cff88765501141b3458d4b914643462e1554602
-
Filesize
16KB
MD56b9f60df520892ed74c0269b7a889d8f
SHA1b1d48a016863f1091d7bdd3ddc362f414531cea9
SHA2568d2f36dc4a8342a131cdb45770b5280375fa26d7ff4dffd782f7e9b727c423b6
SHA512655db2e1ba60043c7289f3fb81f776aa91b9819ba7e4913da72d6d94c2e92eed109c2943c9c5fd253db24c69cf5004b65819c7f43feb31ad19c3a9353881998f
-
Filesize
10KB
MD541fb1e1de30f7a120a79d470312f2fb1
SHA1c8801b4b6b2d9602171f6c474154dedda20bb83f
SHA256b52046f8f692681e1bc8384c1f78c58a587cab9568264d8fefe9a90d4327df4f
SHA51278c6f5586c34460be005df420f5a310b808ba554a87dc836a64475d836ffe332eb403a16e68cdb4d75523c529283b76e273239591a03e222e026a0e7d7aeaf59
-
Filesize
4KB
MD5373769215f3e5897427add29b6e4cbe8
SHA16189c92ca2e4fd75c320634c0f81bfffe3e3c22f
SHA2564511bc1cea24dc32d06ac80351921246ecb0f61014fbeb07ec627442df296d18
SHA512adbdabc3b779fc2b84595baa94a0c064a24887737953e341785c4fb3e0e2fbc9bbf60e586b801fe80ab773b0ca79c4fbdae80846ffacb1542a68b9dc761ebf30
-
Filesize
23KB
MD58278f7f8302be776c6d455efc2441314
SHA19248715071d9abd90614c1045bffa112d358a8da
SHA256ef414b84f50c2220f2bf36bd0378f02a70b15be9b1e92e4cbf75a056d0f6162b
SHA512c7c784ea84ce950a478959c99f545f720e8bf7ad93a1ed9e973117eee0775932de4927ad7cc5d53af70714442f161baae8f22cedf3b505542c2612c1e0296779
-
Filesize
109KB
MD597b6c61e26db08c305205b68cdf68ac8
SHA1ae0a900042897de3cdb8a6e8317bc19686bcea6f
SHA25623efaab0233a71426cdfe8398921fae6c9d19b43db05f5e61800141dc90d449d
SHA512de76bfe377d92322613066424af031815b1930a97cca42224975e4c40b99cc63593f7360b1a7fe6ee29319a485c6cec7335c53579fa0d0cbef2442dd161bb64b
-
Filesize
25KB
MD5e8eadbac19c1730c88ef6a91ed7bbb60
SHA18f734f5183135bb4be0e88599c073ffe5b2b54c5
SHA256094bcd47a37cd9cd07ff462821c897ba1dbc277c4e7dbfce4b0c89b44bb9566f
SHA512a032088c2f5cd15dd5bc7f99a3b33ce2b28076daff4610b1841fe86fc01336e68d6d16260840791ccafc7482aea64aa919e489ea98996de1a6059c07e8f757a4
-
Filesize
147KB
MD52033d8acbdd8bd51fdff71594b250adf
SHA15bd1e4e857471258dab3b1e0e068607f7e1891f4
SHA256894e4398b9e3e379c26b07fff7c048b2e30b486151a8c456c8f9cae14467f177
SHA51217ad6b8087e9797912f184906effe51083a7b6698f9cc8a2bf4bbefeec09264086c4cb5458d182a884e4b8d3d4c3659a29ee8a874831c6c517cb8ce2797f6308
-
Filesize
72KB
MD59ae61abf9de7510154ae05b8303b5402
SHA179986199d14e9c958814ce89eb1e905c258a26e7
SHA2567f1f2f0a26b4f0215cd2e6dfca2215b2d31dd191f132e25800cf2ade1a13c681
SHA51227ec370dc088d5053d04542bcf2c6acbdb7014e6be22b96590142fc7b6c7d8afaa9befa042ca0572b0e2c03a714c9f595add1c4acb09aaa70771fac11a885d0a
-
Filesize
19KB
MD5517b55d3688ce9ef1085a3d9632bcb97
SHA12d06c1f823f34c19981c6ae0b0eb0f5861c5e14b
SHA256c541ef06327885a8415bca8df6071e14189b4855336def4f36db54bde8484f36
SHA51208d80845e706a3b9e985b799d3849cd7791ad3ba5aa9d793bb4591d4833890d7299810144874905f416c94d8530da74be0ee520066a91ade05a1da8bf0ccb498