blackmoon | cb80c32d2f1bf7d590263d50e98bf726d130e957542689fda9671f55b732ec7d

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 05:45 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cb80c32d2f1bf7d590263d50e98bf726d130e957542689fda9671f55b732ec7d.exe
Size

1.4MB
MD5

f069af3bf6f9bc95b863ef6520c482cb
SHA1

ad6b1a78b2c29fc33585c7a8e714fc60825be268
SHA256

cb80c32d2f1bf7d590263d50e98bf726d130e957542689fda9671f55b732ec7d
SHA512

8d37e7bb797047ce6b1ad6998ea0e4fb515be153ac3a5608b1da8e2bd318f549764d564509b15c964ab8fa31fb92ccb02424ad7891100b669f34eb1ff45f7ba0
SSDEEP

24576:nG5MAvRLUD9S0mgqDvn7UwOEhVQw0Ogp1O9y2XX2rHwECF4:GXYM0mgqDDcw0pgyK2Xw

Score

10^/10

blackmoon banker trojan upx

Malware Config

Signatures

Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
trojan banker blackmoon

Detect Blackmoon payload 3 IoCs

resource	yara_rule
behavioral2/memory/2592-137-0x0000000000400000-0x000000000075C000-memory.dmp	family_blackmoon
behavioral2/memory/2592-140-0x0000000000400000-0x000000000075C000-memory.dmp	family_blackmoon
behavioral2/memory/2592-144-0x0000000000400000-0x000000000075C000-memory.dmp	family_blackmoon

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2592-133-0x0000000010000000-0x0000000010020000-memory.dmp	upx
behavioral2/memory/2592-135-0x0000000010000000-0x0000000010020000-memory.dmp	upx
behavioral2/memory/2592-136-0x0000000010000000-0x0000000010020000-memory.dmp	upx
behavioral2/memory/2592-139-0x0000000010000000-0x0000000010020000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2664	msedge.exe
2664	msedge.exe
3068	msedge.exe
3068	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2592	cb80c32d2f1bf7d590263d50e98bf726d130e957542689fda9671f55b732ec7d.exe
2592	cb80c32d2f1bf7d590263d50e98bf726d130e957542689fda9671f55b732ec7d.exe
2592	cb80c32d2f1bf7d590263d50e98bf726d130e957542689fda9671f55b732ec7d.exe
2592	cb80c32d2f1bf7d590263d50e98bf726d130e957542689fda9671f55b732ec7d.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2592 wrote to memory of 3068	2592	cb80c32d2f1bf7d590263d50e98bf726d130e957542689fda9671f55b732ec7d.exe	80
PID 2592 wrote to memory of 3068	2592	cb80c32d2f1bf7d590263d50e98bf726d130e957542689fda9671f55b732ec7d.exe	80
PID 3068 wrote to memory of 4976	3068	msedge.exe	81
PID 3068 wrote to memory of 4976	3068	msedge.exe	81
PID 3068 wrote to memory of 224	3068	msedge.exe	84
PID 3068 wrote to memory of 224	3068	msedge.exe	84
PID 3068 wrote to memory of 224	3068	msedge.exe	84
PID 3068 wrote to memory of 224	3068	msedge.exe	84
PID 3068 wrote to memory of 224	3068	msedge.exe	84
PID 3068 wrote to memory of 224	3068	msedge.exe	84
PID 3068 wrote to memory of 224	3068	msedge.exe	84
PID 3068 wrote to memory of 224	3068	msedge.exe	84
PID 3068 wrote to memory of 224	3068	msedge.exe	84
PID 3068 wrote to memory of 224	3068	msedge.exe	84
PID 3068 wrote to memory of 224	3068	msedge.exe	84
PID 3068 wrote to memory of 224	3068	msedge.exe	84
PID 3068 wrote to memory of 224	3068	msedge.exe	84
PID 3068 wrote to memory of 224	3068	msedge.exe	84
PID 3068 wrote to memory of 224	3068	msedge.exe	84
PID 3068 wrote to memory of 224	3068	msedge.exe	84
PID 3068 wrote to memory of 224	3068	msedge.exe	84
PID 3068 wrote to memory of 224	3068	msedge.exe	84
PID 3068 wrote to memory of 224	3068	msedge.exe	84
PID 3068 wrote to memory of 224	3068	msedge.exe	84
PID 3068 wrote to memory of 224	3068	msedge.exe	84
PID 3068 wrote to memory of 224	3068	msedge.exe	84
PID 3068 wrote to memory of 224	3068	msedge.exe	84
PID 3068 wrote to memory of 224	3068	msedge.exe	84
PID 3068 wrote to memory of 224	3068	msedge.exe	84
PID 3068 wrote to memory of 224	3068	msedge.exe	84
PID 3068 wrote to memory of 224	3068	msedge.exe	84
PID 3068 wrote to memory of 224	3068	msedge.exe	84
PID 3068 wrote to memory of 224	3068	msedge.exe	84
PID 3068 wrote to memory of 224	3068	msedge.exe	84
PID 3068 wrote to memory of 224	3068	msedge.exe	84
PID 3068 wrote to memory of 224	3068	msedge.exe	84
PID 3068 wrote to memory of 224	3068	msedge.exe	84
PID 3068 wrote to memory of 224	3068	msedge.exe	84
PID 3068 wrote to memory of 224	3068	msedge.exe	84
PID 3068 wrote to memory of 224	3068	msedge.exe	84
PID 3068 wrote to memory of 224	3068	msedge.exe	84
PID 3068 wrote to memory of 224	3068	msedge.exe	84
PID 3068 wrote to memory of 224	3068	msedge.exe	84
PID 3068 wrote to memory of 224	3068	msedge.exe	84
PID 3068 wrote to memory of 2664	3068	msedge.exe	85
PID 3068 wrote to memory of 2664	3068	msedge.exe	85
PID 3068 wrote to memory of 3548	3068	msedge.exe	87
PID 3068 wrote to memory of 3548	3068	msedge.exe	87
PID 3068 wrote to memory of 3548	3068	msedge.exe	87
PID 3068 wrote to memory of 3548	3068	msedge.exe	87
PID 3068 wrote to memory of 3548	3068	msedge.exe	87
PID 3068 wrote to memory of 3548	3068	msedge.exe	87
PID 3068 wrote to memory of 3548	3068	msedge.exe	87
PID 3068 wrote to memory of 3548	3068	msedge.exe	87
PID 3068 wrote to memory of 3548	3068	msedge.exe	87
PID 3068 wrote to memory of 3548	3068	msedge.exe	87
PID 3068 wrote to memory of 3548	3068	msedge.exe	87
PID 3068 wrote to memory of 3548	3068	msedge.exe	87
PID 3068 wrote to memory of 3548	3068	msedge.exe	87
PID 3068 wrote to memory of 3548	3068	msedge.exe	87
PID 3068 wrote to memory of 3548	3068	msedge.exe	87
PID 3068 wrote to memory of 3548	3068	msedge.exe	87
PID 3068 wrote to memory of 3548	3068	msedge.exe	87
PID 3068 wrote to memory of 3548	3068	msedge.exe	87

C:\Users\Admin\AppData\Local\Temp\cb80c32d2f1bf7d590263d50e98bf726d130e957542689fda9671f55b732ec7d.exe
"C:\Users\Admin\AppData\Local\Temp\cb80c32d2f1bf7d590263d50e98bf726d130e957542689fda9671f55b732ec7d.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.3gri.com/
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:3068
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff3e0246f8,0x7fff3e024708,0x7fff3e024718
    3⤵
    PID:4976
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,9249851185817722873,4302255683015279718,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
    3⤵
    PID:224
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,9249851185817722873,4302255683015279718,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2664
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,9249851185817722873,4302255683015279718,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
    3⤵
    PID:3548
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,9249851185817722873,4302255683015279718,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3860 /prefetch:1
    3⤵
    PID:3712
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,9249851185817722873,4302255683015279718,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3916 /prefetch:1
    3⤵
    PID:1876
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2128,9249851185817722873,4302255683015279718,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4672 /prefetch:8
    3⤵
    PID:1508
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,9249851185817722873,4302255683015279718,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
    3⤵
    PID:2952
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,9249851185817722873,4302255683015279718,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
    3⤵
    PID:1788

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3676

Network

DNS

hi.baidu.com

cb80c32d2f1bf7d590263d50e98bf726d130e957542689fda9671f55b732ec7d.exe

Remote address:

8.8.8.8:53

Request

hi.baidu.com

IN A

Response

hi.baidu.com

IN CNAME

im.n.shifen.com

im.n.shifen.com

IN CNAME

in.m.wshifen.com

in.m.wshifen.com

IN A

104.193.88.126

in.m.wshifen.com

IN A

104.193.88.125
DNS

dns.google

msedge.exe

Remote address:

8.8.8.8:53

Request

dns.google

IN A

Response

dns.google

IN A

8.8.4.4

dns.google

IN A

8.8.8.8
GET

https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

msedge.exe

Remote address:

8.8.4.4:443

Request

GET /dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
GET

https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

msedge.exe

Remote address:

8.8.4.4:443

Request

GET /dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
GET

https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

msedge.exe

Remote address:

8.8.4.4:443

Request

GET /dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
GET

https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

msedge.exe

Remote address:

8.8.4.4:443

Request

GET /dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
GET

https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwRiaW5nA2NvbQAAAQABAAApEAAAAAAAAFcADABTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

msedge.exe

Remote address:

8.8.4.4:443

Request

GET /dns-query?dns=AAABAAABAAAAAAABA3d3dwRiaW5nA2NvbQAAAQABAAApEAAAAAAAAFcADABTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
DNS

nav.smartscreen.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

nav.smartscreen.microsoft.com

IN A

Response

nav.smartscreen.microsoft.com

IN CNAME

wd-prod-ss.trafficmanager.net

wd-prod-ss.trafficmanager.net

IN CNAME

wd-prod-ss-eu-north-2-fe.northeurope.cloudapp.azure.com

wd-prod-ss-eu-north-2-fe.northeurope.cloudapp.azure.com

IN A

20.82.250.189
POST

https://nav.smartscreen.microsoft.com/api/browser/edge/actions

msedge.exe

Remote address:

20.82.250.189:443

Request

POST /api/browser/edge/actions HTTP/1.1
Connection: Keep-Alive
Content-Type: application/json
Authorization: SmartScreenHash eyJhdXRoSWQiOiIzODFkZGQxZS1lNjAwLTQyZGUtOTRlZC04YzM0YmY3M2YxNmQiLCJoYXNoIjoiNXE2eFJBT2FEaUU9Iiwia2V5IjoicEN5eUFqZFVoYmUrTTJ2NXpObzlrZz09In0=
User-Agent: SmartScreen/281479409565696
Content-Length: 897
Host: nav.smartscreen.microsoft.com

Response

HTTP/1.1 200 OK

Cache-Control: max-age=0, private
Content-Length: 3874
Content-Type: application/json; charset=utf-8
Server: Microsoft-HTTPAPI/2.0
X-SmartScreen-Flight-Vector: enableProxyLeniency,IsArsFmsIntegrationEnabled,IsCurfId0LoggingEnabled,isCurfTstEnabled,isNpPIOverrideBlockEnabled,ListApiE5V2Enabled,npSettings2004,SendGeoMapInSettingsToNewAnaheimClient,SrcEOPEnabled,topTrafficV2Enabled,UpdateOnMissingEtagEnabled,updateSigningCert,updateSigningCertForRS3RS4
Date: Fri, 09 Dec 2022 07:57:03 GMT
Connection: close
DNS

smartscreen-prod.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

smartscreen-prod.microsoft.com

IN A

Response

smartscreen-prod.microsoft.com

IN CNAME

wd-prod-ss.trafficmanager.net

wd-prod-ss.trafficmanager.net

IN CNAME

wd-prod-ss-eu-west-2-fe.westeurope.cloudapp.azure.com

wd-prod-ss-eu-west-2-fe.westeurope.cloudapp.azure.com

IN A

20.86.249.62
POST

https://smartscreen-prod.microsoft.com/api/browser/edge/data/settings

msedge.exe

Remote address:

20.86.249.62:443

Request

POST /api/browser/edge/data/settings HTTP/1.1
Connection: Keep-Alive
Content-Type: application/json; charset=utf-8
Accept: application/x-patch-bsdiff, application/octet-stream
Authorization: SmartScreenHash eyJhdXRoSWQiOiIzODFkZGQxZS1lNjAwLTQyZGUtOTRlZC04YzM0YmY3M2YxNmQiLCJoYXNoIjoiNXE2eFJBT2FEaUU9Iiwia2V5IjoicEN5eUFqZFVoYmUrTTJ2NXpObzlrZz09In0=
If-None-Match: "2.0-0"
User-Agent: SmartScreen/281479409565696
Content-Length: 897
Host: smartscreen-prod.microsoft.com

Response

HTTP/1.1 200 OK

Content-Length: 129085
Content-Type: application/octet-stream
ETag: "2.0-2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1"
Server: Microsoft-HTTPAPI/2.0
X-SmartScreen-Flight-Vector: enableProxyLeniency,IsArsFmsIntegrationEnabled,IsCurfId0LoggingEnabled,isCurfTstEnabled,isNpPIOverrideBlockEnabled,ListApiE5V2Enabled,npSettings2004,SendGeoMapInSettingsToNewAnaheimClient,SrcEOPEnabled,topTrafficV2Enabled,UpdateOnMissingEtagEnabled,updateSigningCert,updateSigningCertForRS3RS4
Date: Fri, 09 Dec 2022 07:57:04 GMT
Connection: close
GET

https://smartscreen-prod.microsoft.com/windows/browser/edge/data/toptraffic?pushCert=false&os=10.0.19041.1288.vb_release&flight=%7B%22ETag%22%3A%22%5C%22SR06wDvlcotAkLHs%2FanIptf%2FMEBWEfenzY%2F0XUTx93w%3D%5C%22%22%2C%22Ids%22%3A%5B%22P-R-1021007-4-5%2CP-R-99770-9-32%2CP-R-73000-4-30%2CP-R-72999-7-29%2CP-R-70204-3-18%2CP-R-69385-1-5%2CP-R-68026-3-37%2CP-R-68490-1-3%2CP-R-68172-2-4%2CP-R-68175-1-6%2CP-R-68176-2-8%2CP-R-68179-1-3%2CP-R-68306-1-20%2CP-R-68307-1-3%2CP-D-68194-1-2%22%5D%2C%22Settings%22%3A%7B%22Names%22%3Anull%2C%22Ring%22%3A0%2C%22Models%22%3Anull%2C%22ServiceClientModelDetonate%22%3Afalse%2C%22WdsiFeedback%22%3Afalse%2C%22NPFeedbackUriOverride%22%3Anull%2C%22NetworkFilterDetonate%22%3Afalse%2C%22ServicePhishDetonate%22%3Afalse%2C%22ServicePhishDetonateLegacy%22%3Afalse%2C%22ServiceAdhocDetonate%22%3Afalse%2C%22NpSettings2004%22%3Atrue%2C%22UpdateSigningCert%22%3Atrue%2C%22UpdateSigningCertForRS3RS4%22%3Atrue%2C%22NpSettings2004Value%22%3A0%2C%22IsCOCOBlockEnabled%22%3Afalse%2C%22NpIpBlockOverrideValue%22%3A0%2C%22TopTrafficV2Enabled%22%3Atrue%2C%22ListApiE5V2Enabled%22%3Atrue%2C%22IsNpPIOverrideBlockEnabled%22%3Atrue%2C%22TopTrafficV2MobileFlightEnabled%22%3Afalse%2C%22BloomFilterDeltaFlag%22%3A1%2C%22SrcEOPEnabled%22%3Atrue%2C%22IsCurfId0LoggingEnabled%22%3Atrue%2C%22IsCurfId0BlockingEnabled%22%3Afalse%2C%22UpdateOnMissingEtagEnabled%22%3Atrue%2C%22EnableProxyLeniency%22%3Atrue%2C%22IsArsFmsIntegrationEnabled%22%3Atrue%2C%22EnableNsHumorMatch%22%3Afalse%2C%22ApplyNsHumorVerdict%22%3Afalse%2C%22EnableNpSkipNonWeb%22%3Afalse%2C%22SendGeoMapInSettingsToNewAnaheimClient%22%3Atrue%2C%22UmsSrcPhishBNRTEnabled%22%3Afalse%2C%22MTDThrottleFactor%22%3A0.0%2C%22UnsilenceModelGuid%22%3Anull%7D%7D

msedge.exe

Remote address:

20.86.249.62:443

Request

GET /windows/browser/edge/data/toptraffic?pushCert=false&os=10.0.19041.1288.vb_release&flight=%7B%22ETag%22%3A%22%5C%22SR06wDvlcotAkLHs%2FanIptf%2FMEBWEfenzY%2F0XUTx93w%3D%5C%22%22%2C%22Ids%22%3A%5B%22P-R-1021007-4-5%2CP-R-99770-9-32%2CP-R-73000-4-30%2CP-R-72999-7-29%2CP-R-70204-3-18%2CP-R-69385-1-5%2CP-R-68026-3-37%2CP-R-68490-1-3%2CP-R-68172-2-4%2CP-R-68175-1-6%2CP-R-68176-2-8%2CP-R-68179-1-3%2CP-R-68306-1-20%2CP-R-68307-1-3%2CP-D-68194-1-2%22%5D%2C%22Settings%22%3A%7B%22Names%22%3Anull%2C%22Ring%22%3A0%2C%22Models%22%3Anull%2C%22ServiceClientModelDetonate%22%3Afalse%2C%22WdsiFeedback%22%3Afalse%2C%22NPFeedbackUriOverride%22%3Anull%2C%22NetworkFilterDetonate%22%3Afalse%2C%22ServicePhishDetonate%22%3Afalse%2C%22ServicePhishDetonateLegacy%22%3Afalse%2C%22ServiceAdhocDetonate%22%3Afalse%2C%22NpSettings2004%22%3Atrue%2C%22UpdateSigningCert%22%3Atrue%2C%22UpdateSigningCertForRS3RS4%22%3Atrue%2C%22NpSettings2004Value%22%3A0%2C%22IsCOCOBlockEnabled%22%3Afalse%2C%22NpIpBlockOverrideValue%22%3A0%2C%22TopTrafficV2Enabled%22%3Atrue%2C%22ListApiE5V2Enabled%22%3Atrue%2C%22IsNpPIOverrideBlockEnabled%22%3Atrue%2C%22TopTrafficV2MobileFlightEnabled%22%3Afalse%2C%22BloomFilterDeltaFlag%22%3A1%2C%22SrcEOPEnabled%22%3Atrue%2C%22IsCurfId0LoggingEnabled%22%3Atrue%2C%22IsCurfId0BlockingEnabled%22%3Afalse%2C%22UpdateOnMissingEtagEnabled%22%3Atrue%2C%22EnableProxyLeniency%22%3Atrue%2C%22IsArsFmsIntegrationEnabled%22%3Atrue%2C%22EnableNsHumorMatch%22%3Afalse%2C%22ApplyNsHumorVerdict%22%3Afalse%2C%22EnableNpSkipNonWeb%22%3Afalse%2C%22SendGeoMapInSettingsToNewAnaheimClient%22%3Atrue%2C%22UmsSrcPhishBNRTEnabled%22%3Afalse%2C%22MTDThrottleFactor%22%3A0.0%2C%22UnsilenceModelGuid%22%3Anull%7D%7D HTTP/1.1
Connection: Keep-Alive
Accept: application/x-patch-bsdiff, application/octet-stream
Authorization: SmartScreenPlain eyJhdXRoSWQiOiIzODFkZGQxZS1lNjAwLTQyZGUtOTRlZC04YzM0YmY3M2YxNmQifQ==
If-None-Match: "170540185939602997400506234197983529371"
User-Agent: SmartScreen/281479409565696
Host: smartscreen-prod.microsoft.com

Response

HTTP/1.1 200 OK

Cache-Control: max-age=86400
Content-Length: 460992
Content-Type: application/octet-stream
ETag: "638004170464094982"
Server: Microsoft-HTTPAPI/2.0
X-SmartScreen-Flight-Vector: EnableProxyLeniency,IsArsFmsIntegrationEnabled,IsCurfId0LoggingEnabled,IsNpPIOverrideBlockEnabled,ListApiE5V2Enabled,NpSettings2004,SendGeoMapInSettingsToNewAnaheimClient,SrcEOPEnabled,TopTrafficV2Enabled,UpdateOnMissingEtagEnabled,UpdateSigningCert,UpdateSigningCertForRS3RS4
Date: Fri, 09 Dec 2022 07:57:04 GMT
Connection: close
GET

https://smartscreen-prod.microsoft.com/windows/browser/edge/data/bloomfilter/x?pushCert=false&flight=%7B%22ETag%22%3A%22%5C%22SR06wDvlcotAkLHs%2FanIptf%2FMEBWEfenzY%2F0XUTx93w%3D%5C%22%22%2C%22Ids%22%3A%5B%22P-R-1021007-4-5%2CP-R-99770-9-32%2CP-R-73000-4-30%2CP-R-72999-7-29%2CP-R-70204-3-18%2CP-R-69385-1-5%2CP-R-68026-3-37%2CP-R-68490-1-3%2CP-R-68172-2-4%2CP-R-68175-1-6%2CP-R-68176-2-8%2CP-R-68179-1-3%2CP-R-68306-1-20%2CP-R-68307-1-3%2CP-D-68194-1-2%22%5D%2C%22Settings%22%3A%7B%22Names%22%3Anull%2C%22Ring%22%3A0%2C%22Models%22%3Anull%2C%22ServiceClientModelDetonate%22%3Afalse%2C%22WdsiFeedback%22%3Afalse%2C%22NPFeedbackUriOverride%22%3Anull%2C%22NetworkFilterDetonate%22%3Afalse%2C%22ServicePhishDetonate%22%3Afalse%2C%22ServicePhishDetonateLegacy%22%3Afalse%2C%22ServiceAdhocDetonate%22%3Afalse%2C%22NpSettings2004%22%3Atrue%2C%22UpdateSigningCert%22%3Atrue%2C%22UpdateSigningCertForRS3RS4%22%3Atrue%2C%22NpSettings2004Value%22%3A0%2C%22IsCOCOBlockEnabled%22%3Afalse%2C%22NpIpBlockOverrideValue%22%3A0%2C%22TopTrafficV2Enabled%22%3Atrue%2C%22ListApiE5V2Enabled%22%3Atrue%2C%22IsNpPIOverrideBlockEnabled%22%3Atrue%2C%22TopTrafficV2MobileFlightEnabled%22%3Afalse%2C%22BloomFilterDeltaFlag%22%3A1%2C%22SrcEOPEnabled%22%3Atrue%2C%22IsCurfId0LoggingEnabled%22%3Atrue%2C%22IsCurfId0BlockingEnabled%22%3Afalse%2C%22UpdateOnMissingEtagEnabled%22%3Atrue%2C%22EnableProxyLeniency%22%3Atrue%2C%22IsArsFmsIntegrationEnabled%22%3Atrue%2C%22EnableNsHumorMatch%22%3Afalse%2C%22ApplyNsHumorVerdict%22%3Afalse%2C%22EnableNpSkipNonWeb%22%3Afalse%2C%22SendGeoMapInSettingsToNewAnaheimClient%22%3Atrue%2C%22UmsSrcPhishBNRTEnabled%22%3Afalse%2C%22MTDThrottleFactor%22%3A0.0%2C%22UnsilenceModelGuid%22%3Anull%7D%7D&os=10.0.19041.1288.vb_release

msedge.exe

Remote address:

20.86.249.62:443

Request

GET /windows/browser/edge/data/bloomfilter/x?pushCert=false&flight=%7B%22ETag%22%3A%22%5C%22SR06wDvlcotAkLHs%2FanIptf%2FMEBWEfenzY%2F0XUTx93w%3D%5C%22%22%2C%22Ids%22%3A%5B%22P-R-1021007-4-5%2CP-R-99770-9-32%2CP-R-73000-4-30%2CP-R-72999-7-29%2CP-R-70204-3-18%2CP-R-69385-1-5%2CP-R-68026-3-37%2CP-R-68490-1-3%2CP-R-68172-2-4%2CP-R-68175-1-6%2CP-R-68176-2-8%2CP-R-68179-1-3%2CP-R-68306-1-20%2CP-R-68307-1-3%2CP-D-68194-1-2%22%5D%2C%22Settings%22%3A%7B%22Names%22%3Anull%2C%22Ring%22%3A0%2C%22Models%22%3Anull%2C%22ServiceClientModelDetonate%22%3Afalse%2C%22WdsiFeedback%22%3Afalse%2C%22NPFeedbackUriOverride%22%3Anull%2C%22NetworkFilterDetonate%22%3Afalse%2C%22ServicePhishDetonate%22%3Afalse%2C%22ServicePhishDetonateLegacy%22%3Afalse%2C%22ServiceAdhocDetonate%22%3Afalse%2C%22NpSettings2004%22%3Atrue%2C%22UpdateSigningCert%22%3Atrue%2C%22UpdateSigningCertForRS3RS4%22%3Atrue%2C%22NpSettings2004Value%22%3A0%2C%22IsCOCOBlockEnabled%22%3Afalse%2C%22NpIpBlockOverrideValue%22%3A0%2C%22TopTrafficV2Enabled%22%3Atrue%2C%22ListApiE5V2Enabled%22%3Atrue%2C%22IsNpPIOverrideBlockEnabled%22%3Atrue%2C%22TopTrafficV2MobileFlightEnabled%22%3Afalse%2C%22BloomFilterDeltaFlag%22%3A1%2C%22SrcEOPEnabled%22%3Atrue%2C%22IsCurfId0LoggingEnabled%22%3Atrue%2C%22IsCurfId0BlockingEnabled%22%3Afalse%2C%22UpdateOnMissingEtagEnabled%22%3Atrue%2C%22EnableProxyLeniency%22%3Atrue%2C%22IsArsFmsIntegrationEnabled%22%3Atrue%2C%22EnableNsHumorMatch%22%3Afalse%2C%22ApplyNsHumorVerdict%22%3Afalse%2C%22EnableNpSkipNonWeb%22%3Afalse%2C%22SendGeoMapInSettingsToNewAnaheimClient%22%3Atrue%2C%22UmsSrcPhishBNRTEnabled%22%3Afalse%2C%22MTDThrottleFactor%22%3A0.0%2C%22UnsilenceModelGuid%22%3Anull%7D%7D&os=10.0.19041.1288.vb_release HTTP/1.1
Connection: Keep-Alive
Accept: application/x-patch-bsdiff, application/octet-stream
Authorization: SmartScreenPlain eyJhdXRoSWQiOiIzODFkZGQxZS1lNjAwLTQyZGUtOTRlZC04YzM0YmY3M2YxNmQifQ==
If-None-Match: "636976985063396749.rel.v2"
User-Agent: SmartScreen/281479409565696
Host: smartscreen-prod.microsoft.com

Response

HTTP/1.1 200 OK

Cache-Control: max-age=86400
Content-Length: 3366
Content-Type: application/octet-stream
ETag: "638061667890235224"
Server: Microsoft-HTTPAPI/2.0
X-SmartScreen-Flight-Vector: EnableProxyLeniency,IsArsFmsIntegrationEnabled,IsCurfId0LoggingEnabled,IsNpPIOverrideBlockEnabled,ListApiE5V2Enabled,NpSettings2004,SendGeoMapInSettingsToNewAnaheimClient,SrcEOPEnabled,TopTrafficV2Enabled,UpdateOnMissingEtagEnabled,UpdateSigningCert,UpdateSigningCertForRS3RS4
Date: Fri, 09 Dec 2022 07:57:04 GMT
Connection: close
DNS

www.3gri.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.3gri.com

IN A

Response

www.3gri.com

IN A

107.163.188.215
GET

http://www.3gri.com/static/home/dist/css/swiper.min.css

msedge.exe

Remote address:

107.163.188.215:80

Request

GET /static/home/dist/css/swiper.min.css HTTP/1.1
Host: www.3gri.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/css,*/*;q=0.1
Referer: http://www.3gri.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx
Date: Fri, 09 Dec 2022 07:56:58 GMT
Content-Type: text/css
Last-Modified: Sat, 16 Jul 2022 11:07:38 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62d29bfa-4d42"
Expires: Wed, 14 Dec 2022 07:56:58 GMT
Cache-Control: max-age=432000
Content-Encoding: gzip
GET

http://www.3gri.com/static/home/css/menu.css

msedge.exe

Remote address:

107.163.188.215:80

Request

GET /static/home/css/menu.css HTTP/1.1
Host: www.3gri.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/css,*/*;q=0.1
Referer: http://www.3gri.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx
Date: Fri, 09 Dec 2022 07:56:58 GMT
Content-Type: text/css
Last-Modified: Sat, 16 Jul 2022 11:07:38 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62d29bfa-56e"
Expires: Wed, 14 Dec 2022 07:56:58 GMT
Cache-Control: max-age=432000
Content-Encoding: gzip
GET

http://www.3gri.com/tj.js

msedge.exe

Remote address:

107.163.188.215:80

Request

GET /tj.js HTTP/1.1
Host: www.3gri.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Referer: http://www.3gri.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx
Date: Fri, 09 Dec 2022 07:56:58 GMT
Content-Type: application/x-javascript
Content-Length: 495
Connection: keep-alive
GET

http://www.3gri.com/static/home/kefu/kefu.css

msedge.exe

Remote address:

107.163.188.215:80

Request

GET /static/home/kefu/kefu.css HTTP/1.1
Host: www.3gri.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/css,*/*;q=0.1
Referer: http://www.3gri.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx
Date: Fri, 09 Dec 2022 07:56:58 GMT
Content-Type: text/css
Last-Modified: Sat, 16 Jul 2022 11:07:38 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62d29bfa-1e4b"
Expires: Wed, 14 Dec 2022 07:56:58 GMT
Cache-Control: max-age=432000
Content-Encoding: gzip
GET

http://www.3gri.com/uploads/admin/system/20210705/44c6841f9f6a15cc21db69197b55a903.jpg

msedge.exe

Remote address:

107.163.188.215:80

Request

GET /uploads/admin/system/20210705/44c6841f9f6a15cc21db69197b55a903.jpg HTTP/1.1
Host: www.3gri.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.3gri.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx
Date: Fri, 09 Dec 2022 07:56:58 GMT
Content-Type: image/jpeg
Content-Length: 8831
Last-Modified: Sat, 16 Jul 2022 11:07:40 GMT
Connection: keep-alive
ETag: "62d29bfc-227f"
Expires: Wed, 14 Dec 2022 07:56:58 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
GET

http://www.3gri.com/uploads/admin/focus/20210705/df3685ef9ae768dbee3e3f61dea1273a.jpg

msedge.exe

Remote address:

107.163.188.215:80

Request

GET /uploads/admin/focus/20210705/df3685ef9ae768dbee3e3f61dea1273a.jpg HTTP/1.1
Host: www.3gri.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.3gri.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx
Date: Fri, 09 Dec 2022 07:56:58 GMT
Content-Type: image/jpeg
Content-Length: 183705
Last-Modified: Sat, 16 Jul 2022 11:07:40 GMT
Connection: keep-alive
ETag: "62d29bfc-2cd99"
Expires: Wed, 14 Dec 2022 07:56:58 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
GET

http://www.3gri.com/uploads/admin/focus/20210705/6e48c1b031729b2e3a46e15c30fc1bbf.jpg

msedge.exe

Remote address:

107.163.188.215:80

Request

GET /uploads/admin/focus/20210705/6e48c1b031729b2e3a46e15c30fc1bbf.jpg HTTP/1.1
Host: www.3gri.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.3gri.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx
Date: Fri, 09 Dec 2022 07:56:59 GMT
Content-Type: image/jpeg
Content-Length: 163935
Last-Modified: Sat, 16 Jul 2022 11:07:40 GMT
Connection: keep-alive
ETag: "62d29bfc-2805f"
Expires: Wed, 14 Dec 2022 07:56:59 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
GET

http://www.3gri.com/static/home/images/more_r.jpg

msedge.exe

Remote address:

107.163.188.215:80

Request

GET /static/home/images/more_r.jpg HTTP/1.1
Host: www.3gri.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.3gri.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx
Date: Fri, 09 Dec 2022 07:56:59 GMT
Content-Type: image/jpeg
Content-Length: 21185
Last-Modified: Sat, 16 Jul 2022 11:07:41 GMT
Connection: keep-alive
ETag: "62d29bfd-52c1"
Expires: Wed, 14 Dec 2022 07:56:59 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
GET

http://www.3gri.com/uploads/article/20210705/79e721141e7725e0c5114f5ca07dcebc.jpg

msedge.exe

Remote address:

107.163.188.215:80

Request

GET /uploads/article/20210705/79e721141e7725e0c5114f5ca07dcebc.jpg HTTP/1.1
Host: www.3gri.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.3gri.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx
Date: Fri, 09 Dec 2022 07:57:00 GMT
Content-Type: image/jpeg
Content-Length: 17629
Last-Modified: Sat, 16 Jul 2022 11:07:41 GMT
Connection: keep-alive
ETag: "62d29bfd-44dd"
Expires: Wed, 14 Dec 2022 07:57:00 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
GET

http://www.3gri.com/static/layui/font/iconfont.woff?v=240

msedge.exe

Remote address:

107.163.188.215:80

Request

GET /static/layui/font/iconfont.woff?v=240 HTTP/1.1
Host: www.3gri.com
Connection: keep-alive
Origin: http://www.3gri.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Referer: http://www.3gri.com/static/layui/css/layui.css
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx
Date: Fri, 09 Dec 2022 07:57:00 GMT
Content-Type: text/html
Content-Length: 484
Connection: keep-alive
GET

http://www.3gri.com/uploads/qrcode/20220716190738.png

msedge.exe

Remote address:

107.163.188.215:80

Request

GET /uploads/qrcode/20220716190738.png HTTP/1.1
Host: www.3gri.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.3gri.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx
Date: Fri, 09 Dec 2022 07:57:00 GMT
Content-Type: image/png
Content-Length: 356
Last-Modified: Sat, 16 Jul 2022 11:07:40 GMT
Connection: keep-alive
ETag: "62d29bfc-164"
Expires: Wed, 14 Dec 2022 07:57:00 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
GET

http://www.3gri.com/uploads/article/20210705/b6b55b8d02c4d06ee8713b85e534cf94.jpg

msedge.exe

Remote address:

107.163.188.215:80

Request

GET /uploads/article/20210705/b6b55b8d02c4d06ee8713b85e534cf94.jpg HTTP/1.1
Host: www.3gri.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.3gri.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: __vtins__JgriHL8SZwCEIWXU=%7B%22sid%22%3A%20%223ca3c30d-9931-5ec7-a3b7-db882507e012%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201670578032209%2C%20%22ct%22%3A%201670576232209%7D; __51uvsct__JgriHL8SZwCEIWXU=1; __51vcke__JgriHL8SZwCEIWXU=48fdaa80-b370-5491-907d-4828d9543184; __51vuft__JgriHL8SZwCEIWXU=1670576232231

Response

HTTP/1.1 200 OK

Server: nginx
Date: Fri, 09 Dec 2022 07:57:00 GMT
Content-Type: image/jpeg
Content-Length: 98609
Last-Modified: Sat, 16 Jul 2022 11:07:42 GMT
Connection: keep-alive
ETag: "62d29bfe-18131"
Expires: Wed, 14 Dec 2022 07:57:00 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
GET

http://www.3gri.com/uploads/article/20210705/6ea90d6637f83547676c514d3ee458ae.jpg

msedge.exe

Remote address:

107.163.188.215:80

Request

GET /uploads/article/20210705/6ea90d6637f83547676c514d3ee458ae.jpg HTTP/1.1
Host: www.3gri.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.3gri.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: __vtins__JgriHL8SZwCEIWXU=%7B%22sid%22%3A%20%223ca3c30d-9931-5ec7-a3b7-db882507e012%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201670578032209%2C%20%22ct%22%3A%201670576232209%7D; __51uvsct__JgriHL8SZwCEIWXU=1; __51vcke__JgriHL8SZwCEIWXU=48fdaa80-b370-5491-907d-4828d9543184; __51vuft__JgriHL8SZwCEIWXU=1670576232231

Response

HTTP/1.1 200 OK

Server: nginx
Date: Fri, 09 Dec 2022 07:57:00 GMT
Content-Type: image/jpeg
Content-Length: 142308
Last-Modified: Sat, 16 Jul 2022 11:07:42 GMT
Connection: keep-alive
ETag: "62d29bfe-22be4"
Expires: Wed, 14 Dec 2022 07:57:00 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
GET

http://www.3gri.com/uploads/article/20210705/8f86aabde6e9867fe882bc68243b4a79.jpg

msedge.exe

Remote address:

107.163.188.215:80

Request

GET /uploads/article/20210705/8f86aabde6e9867fe882bc68243b4a79.jpg HTTP/1.1
Host: www.3gri.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.3gri.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: __vtins__JgriHL8SZwCEIWXU=%7B%22sid%22%3A%20%223ca3c30d-9931-5ec7-a3b7-db882507e012%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201670578032209%2C%20%22ct%22%3A%201670576232209%7D; __51uvsct__JgriHL8SZwCEIWXU=1; __51vcke__JgriHL8SZwCEIWXU=48fdaa80-b370-5491-907d-4828d9543184; __51vuft__JgriHL8SZwCEIWXU=1670576232231

Response

HTTP/1.1 200 OK

Server: nginx
Date: Fri, 09 Dec 2022 07:57:00 GMT
Content-Type: image/jpeg
Content-Length: 113691
Last-Modified: Sat, 16 Jul 2022 11:07:43 GMT
Connection: keep-alive
ETag: "62d29bff-1bc1b"
Expires: Wed, 14 Dec 2022 07:57:00 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
GET

http://www.3gri.com/uploads/article/20210705/c1d4f6a5b40d18bfe21cc4f24c389707.jpg

msedge.exe

Remote address:

107.163.188.215:80

Request

GET /uploads/article/20210705/c1d4f6a5b40d18bfe21cc4f24c389707.jpg HTTP/1.1
Host: www.3gri.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.3gri.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: __vtins__JgriHL8SZwCEIWXU=%7B%22sid%22%3A%20%223ca3c30d-9931-5ec7-a3b7-db882507e012%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201670578032209%2C%20%22ct%22%3A%201670576232209%7D; __51uvsct__JgriHL8SZwCEIWXU=1; __51vcke__JgriHL8SZwCEIWXU=48fdaa80-b370-5491-907d-4828d9543184; __51vuft__JgriHL8SZwCEIWXU=1670576232231

Response

HTTP/1.1 200 OK

Server: nginx
Date: Fri, 09 Dec 2022 07:57:01 GMT
Content-Type: image/jpeg
Content-Length: 22170
Last-Modified: Sat, 16 Jul 2022 11:07:43 GMT
Connection: keep-alive
ETag: "62d29bff-569a"
Expires: Wed, 14 Dec 2022 07:57:01 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
GET

http://www.3gri.com/static/home/images/ionline.png

msedge.exe

Remote address:

107.163.188.215:80

Request

GET /static/home/images/ionline.png HTTP/1.1
Host: www.3gri.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.3gri.com/static/home/css/my.css
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: __vtins__JgriHL8SZwCEIWXU=%7B%22sid%22%3A%20%223ca3c30d-9931-5ec7-a3b7-db882507e012%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201670578032209%2C%20%22ct%22%3A%201670576232209%7D; __51uvsct__JgriHL8SZwCEIWXU=1; __51vcke__JgriHL8SZwCEIWXU=48fdaa80-b370-5491-907d-4828d9543184; __51vuft__JgriHL8SZwCEIWXU=1670576232231

Response

HTTP/1.1 200 OK

Server: nginx
Date: Fri, 09 Dec 2022 07:57:01 GMT
Content-Type: image/png
Content-Length: 6572
Last-Modified: Sat, 16 Jul 2022 11:07:43 GMT
Connection: keep-alive
ETag: "62d29bff-19ac"
Expires: Wed, 14 Dec 2022 07:57:01 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
GET

http://www.3gri.com/

msedge.exe

Remote address:

107.163.188.215:80

Request

GET / HTTP/1.1
Host: www.3gri.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx
Date: Fri, 09 Dec 2022 07:56:57 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
GET

http://www.3gri.com/static/home/css/reset.css

msedge.exe

Remote address:

107.163.188.215:80

Request

GET /static/home/css/reset.css HTTP/1.1
Host: www.3gri.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/css,*/*;q=0.1
Referer: http://www.3gri.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx
Date: Fri, 09 Dec 2022 07:56:58 GMT
Content-Type: text/css
Last-Modified: Sat, 16 Jul 2022 11:07:38 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62d29bfa-63a"
Expires: Wed, 14 Dec 2022 07:56:58 GMT
Cache-Control: max-age=432000
Content-Encoding: gzip
GET

http://www.3gri.com/static/home/css/my.css

msedge.exe

Remote address:

107.163.188.215:80

Request

GET /static/home/css/my.css HTTP/1.1
Host: www.3gri.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/css,*/*;q=0.1
Referer: http://www.3gri.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx
Date: Fri, 09 Dec 2022 07:56:58 GMT
Content-Type: text/css
Last-Modified: Sat, 16 Jul 2022 11:07:38 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62d29bfa-53e9"
Expires: Wed, 14 Dec 2022 07:56:58 GMT
Cache-Control: max-age=432000
Content-Encoding: gzip
GET

http://www.3gri.com/static/home/css/common.css

msedge.exe

Remote address:

107.163.188.215:80

Request

GET /static/home/css/common.css HTTP/1.1
Host: www.3gri.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/css,*/*;q=0.1
Referer: http://www.3gri.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx
Date: Fri, 09 Dec 2022 07:56:58 GMT
Content-Type: text/css
Last-Modified: Sat, 16 Jul 2022 11:07:38 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62d29bfa-d38"
Expires: Wed, 14 Dec 2022 07:56:58 GMT
Cache-Control: max-age=432000
Content-Encoding: gzip
GET

http://www.3gri.com/common.js

msedge.exe

Remote address:

107.163.188.215:80

Request

GET /common.js HTTP/1.1
Host: www.3gri.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Referer: http://www.3gri.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx
Date: Fri, 09 Dec 2022 07:56:58 GMT
Content-Type: application/x-javascript
Content-Length: 776
Connection: keep-alive
GET

http://www.3gri.com/static/layui/css/layui.css

msedge.exe

Remote address:

107.163.188.215:80

Request

GET /static/layui/css/layui.css HTTP/1.1
Host: www.3gri.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/css,*/*;q=0.1
Referer: http://www.3gri.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx
Date: Fri, 09 Dec 2022 07:56:58 GMT
Content-Type: text/css
Last-Modified: Sat, 16 Jul 2022 11:07:38 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62d29bfa-10f94"
Expires: Wed, 14 Dec 2022 07:56:58 GMT
Cache-Control: max-age=432000
Content-Encoding: gzip
GET

http://www.3gri.com/uploads/admin/focus/20210705/9480682652f599c43a1de09144f47b45.jpg

msedge.exe

Remote address:

107.163.188.215:80

Request

GET /uploads/admin/focus/20210705/9480682652f599c43a1de09144f47b45.jpg HTTP/1.1
Host: www.3gri.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.3gri.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx
Date: Fri, 09 Dec 2022 07:56:58 GMT
Content-Type: image/jpeg
Content-Length: 250395
Last-Modified: Sat, 16 Jul 2022 11:07:40 GMT
Connection: keep-alive
ETag: "62d29bfc-3d21b"
Expires: Wed, 14 Dec 2022 07:56:58 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
GET

http://www.3gri.com/uploads/admin/focus/20210705/0c1148fabaf3a44f59d8c5855b526cab.jpg

msedge.exe

Remote address:

107.163.188.215:80

Request

GET /uploads/admin/focus/20210705/0c1148fabaf3a44f59d8c5855b526cab.jpg HTTP/1.1
Host: www.3gri.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.3gri.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx
Date: Fri, 09 Dec 2022 07:56:59 GMT
Content-Type: image/jpeg
Content-Length: 135583
Last-Modified: Sat, 16 Jul 2022 11:07:40 GMT
Connection: keep-alive
ETag: "62d29bfc-2119f"
Expires: Wed, 14 Dec 2022 07:56:59 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
GET

http://www.3gri.com/uploads/article/20210705/9de10706c2ba8b846fad8ddd1d55f75f.jpg

msedge.exe

Remote address:

107.163.188.215:80

Request

GET /uploads/article/20210705/9de10706c2ba8b846fad8ddd1d55f75f.jpg HTTP/1.1
Host: www.3gri.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.3gri.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx
Date: Fri, 09 Dec 2022 07:56:59 GMT
Content-Type: image/jpeg
Content-Length: 65062
Last-Modified: Sat, 16 Jul 2022 11:07:40 GMT
Connection: keep-alive
ETag: "62d29bfc-fe26"
Expires: Wed, 14 Dec 2022 07:56:59 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
GET

http://www.3gri.com/uploads/article/20210705/97aa5b83fc9c9b8c502c9b56cb578e81.jpg

msedge.exe

Remote address:

107.163.188.215:80

Request

GET /uploads/article/20210705/97aa5b83fc9c9b8c502c9b56cb578e81.jpg HTTP/1.1
Host: www.3gri.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.3gri.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx
Date: Fri, 09 Dec 2022 07:56:59 GMT
Content-Type: image/jpeg
Content-Length: 19606
Last-Modified: Sat, 16 Jul 2022 11:07:41 GMT
Connection: keep-alive
ETag: "62d29bfd-4c96"
Expires: Wed, 14 Dec 2022 07:56:59 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
GET

http://www.3gri.com/uploads/article/20210705/988a44de01f815e4805f17bb959bcc0a.jpg

msedge.exe

Remote address:

107.163.188.215:80

Request

GET /uploads/article/20210705/988a44de01f815e4805f17bb959bcc0a.jpg HTTP/1.1
Host: www.3gri.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.3gri.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx
Date: Fri, 09 Dec 2022 07:57:00 GMT
Content-Type: image/jpeg
Content-Length: 105950
Last-Modified: Sat, 16 Jul 2022 11:07:42 GMT
Connection: keep-alive
ETag: "62d29bfe-19dde"
Expires: Wed, 14 Dec 2022 07:57:00 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
GET

http://www.3gri.com/uploads/admin/system/20210706/4f1fa75c3c44fca88088a3396d384407.png

msedge.exe

Remote address:

107.163.188.215:80

Request

GET /uploads/admin/system/20210706/4f1fa75c3c44fca88088a3396d384407.png HTTP/1.1
Host: www.3gri.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.3gri.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx
Date: Fri, 09 Dec 2022 07:57:00 GMT
Content-Type: image/png
Content-Length: 61640
Last-Modified: Sat, 16 Jul 2022 11:07:41 GMT
Connection: keep-alive
ETag: "62d29bfd-f0c8"
Expires: Wed, 14 Dec 2022 07:57:00 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
GET

http://www.3gri.com/uploads/article/20210705/f17c6fc0fb5cd20cfa5babffb59b4ddf.jpg

msedge.exe

Remote address:

107.163.188.215:80

Request

GET /uploads/article/20210705/f17c6fc0fb5cd20cfa5babffb59b4ddf.jpg HTTP/1.1
Host: www.3gri.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.3gri.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: __vtins__JgriHL8SZwCEIWXU=%7B%22sid%22%3A%20%223ca3c30d-9931-5ec7-a3b7-db882507e012%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201670578032209%2C%20%22ct%22%3A%201670576232209%7D; __51uvsct__JgriHL8SZwCEIWXU=1; __51vcke__JgriHL8SZwCEIWXU=48fdaa80-b370-5491-907d-4828d9543184; __51vuft__JgriHL8SZwCEIWXU=1670576232231

Response

HTTP/1.1 200 OK

Server: nginx
Date: Fri, 09 Dec 2022 07:57:00 GMT
Content-Type: image/jpeg
Content-Length: 127085
Last-Modified: Sat, 16 Jul 2022 11:07:42 GMT
Connection: keep-alive
ETag: "62d29bfe-1f06d"
Expires: Wed, 14 Dec 2022 07:57:00 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
GET

http://www.3gri.com/uploads/article/20210705/307d2b98806bff332bc6169754666b17.jpg

msedge.exe

Remote address:

107.163.188.215:80

Request

GET /uploads/article/20210705/307d2b98806bff332bc6169754666b17.jpg HTTP/1.1
Host: www.3gri.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.3gri.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: __vtins__JgriHL8SZwCEIWXU=%7B%22sid%22%3A%20%223ca3c30d-9931-5ec7-a3b7-db882507e012%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201670578032209%2C%20%22ct%22%3A%201670576232209%7D; __51uvsct__JgriHL8SZwCEIWXU=1; __51vcke__JgriHL8SZwCEIWXU=48fdaa80-b370-5491-907d-4828d9543184; __51vuft__JgriHL8SZwCEIWXU=1670576232231

Response

HTTP/1.1 200 OK

Server: nginx
Date: Fri, 09 Dec 2022 07:57:00 GMT
Content-Type: image/jpeg
Content-Length: 141183
Last-Modified: Sat, 16 Jul 2022 11:07:43 GMT
Connection: keep-alive
ETag: "62d29bff-2277f"
Expires: Wed, 14 Dec 2022 07:57:00 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
GET

http://www.3gri.com/static/home/images/jiao.png

msedge.exe

Remote address:

107.163.188.215:80

Request

GET /static/home/images/jiao.png HTTP/1.1
Host: www.3gri.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.3gri.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: __vtins__JgriHL8SZwCEIWXU=%7B%22sid%22%3A%20%223ca3c30d-9931-5ec7-a3b7-db882507e012%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201670578032209%2C%20%22ct%22%3A%201670576232209%7D; __51uvsct__JgriHL8SZwCEIWXU=1; __51vcke__JgriHL8SZwCEIWXU=48fdaa80-b370-5491-907d-4828d9543184; __51vuft__JgriHL8SZwCEIWXU=1670576232231

Response

HTTP/1.1 200 OK

Server: nginx
Date: Fri, 09 Dec 2022 07:57:01 GMT
Content-Type: image/png
Content-Length: 1595
Last-Modified: Sat, 16 Jul 2022 11:07:43 GMT
Connection: keep-alive
ETag: "62d29bff-63b"
Expires: Wed, 14 Dec 2022 07:57:01 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
GET

http://www.3gri.com/static/home/images/c_r.png

msedge.exe

Remote address:

107.163.188.215:80

Request

GET /static/home/images/c_r.png HTTP/1.1
Host: www.3gri.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.3gri.com/static/home/css/my.css
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: __vtins__JgriHL8SZwCEIWXU=%7B%22sid%22%3A%20%223ca3c30d-9931-5ec7-a3b7-db882507e012%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201670578032209%2C%20%22ct%22%3A%201670576232209%7D; __51uvsct__JgriHL8SZwCEIWXU=1; __51vcke__JgriHL8SZwCEIWXU=48fdaa80-b370-5491-907d-4828d9543184; __51vuft__JgriHL8SZwCEIWXU=1670576232231

Response

HTTP/1.1 200 OK

Server: nginx
Date: Fri, 09 Dec 2022 07:57:01 GMT
Content-Type: image/png
Content-Length: 20602
Last-Modified: Sat, 16 Jul 2022 11:07:43 GMT
Connection: keep-alive
ETag: "62d29bff-507a"
Expires: Wed, 14 Dec 2022 07:57:01 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
POST

https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2

msedge.exe

Remote address:

20.82.250.189:443

Request

POST /api/browser/edge/navigate/2 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/json
Authorization: SmartScreenHash eyJhdXRoSWQiOiIzODFkZGQxZS1lNjAwLTQyZGUtOTRlZC04YzM0YmY3M2YxNmQiLCJoYXNoIjoiTXBNbHFyc2FERkU9Iiwia2V5IjoiSVFrKzNrOHVCK3JDRWtHSkt0elo0QT09In0=
User-Agent: SmartScreen/281479409565696
Content-Length: 1314
Host: nav.smartscreen.microsoft.com

Response

HTTP/1.1 200 OK

Cache-Control: max-age=0, private
Content-Length: 808
Content-Type: application/json; charset=utf-8
Server: Microsoft-HTTPAPI/2.0
X-SmartScreen-Flight-Vector: enableProxyLeniency,IsArsFmsIntegrationEnabled,IsCurfId0LoggingEnabled,isCurfTstEnabled,isNpPIOverrideBlockEnabled,ListApiE5V2Enabled,npSettings2004,SendGeoMapInSettingsToNewAnaheimClient,SrcEOPEnabled,topTrafficV2Enabled,UpdateOnMissingEtagEnabled,updateSigningCert,updateSigningCertForRS3RS4
Date: Fri, 09 Dec 2022 07:57:08 GMT
Connection: close
GET

https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

msedge.exe

Remote address:

8.8.4.4:443

Request

GET /dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
GET

http://45.199.28.200/zhuan/tz.html

msedge.exe

Remote address:

45.199.28.200:80

Request

GET /zhuan/tz.html HTTP/1.1
Host: 45.199.28.200
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://www.3gri.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx
Date: Fri, 09 Dec 2022 07:57:11 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
GET

http://www.3gri.com/uploads/article/20210705/31454f0153e560a96f64390c20cfd001.jpg

msedge.exe

Remote address:

107.163.188.215:80

Request

GET /uploads/article/20210705/31454f0153e560a96f64390c20cfd001.jpg HTTP/1.1
Host: www.3gri.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.3gri.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx
Date: Fri, 09 Dec 2022 07:57:00 GMT
Content-Type: image/jpeg
Content-Length: 17250
Last-Modified: Sat, 16 Jul 2022 11:07:41 GMT
Connection: keep-alive
ETag: "62d29bfd-4362"
Expires: Wed, 14 Dec 2022 07:57:00 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
GET

http://www.3gri.com/uploads/article/20210705/891d693e76f15d0b4757d77237092f82.jpg

msedge.exe

Remote address:

107.163.188.215:80

Request

GET /uploads/article/20210705/891d693e76f15d0b4757d77237092f82.jpg HTTP/1.1
Host: www.3gri.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.3gri.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx
Date: Fri, 09 Dec 2022 07:57:00 GMT
Content-Type: image/jpeg
Content-Length: 112517
Last-Modified: Sat, 16 Jul 2022 11:07:42 GMT
Connection: keep-alive
ETag: "62d29bfe-1b785"
Expires: Wed, 14 Dec 2022 07:57:00 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
GET

http://www.3gri.com/uploads/article/20210705/3d68987378c94301b72d9d7c3ead65c7.jpg

msedge.exe

Remote address:

107.163.188.215:80

Request

GET /uploads/article/20210705/3d68987378c94301b72d9d7c3ead65c7.jpg HTTP/1.1
Host: www.3gri.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.3gri.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: __vtins__JgriHL8SZwCEIWXU=%7B%22sid%22%3A%20%223ca3c30d-9931-5ec7-a3b7-db882507e012%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201670578032209%2C%20%22ct%22%3A%201670576232209%7D; __51uvsct__JgriHL8SZwCEIWXU=1; __51vcke__JgriHL8SZwCEIWXU=48fdaa80-b370-5491-907d-4828d9543184; __51vuft__JgriHL8SZwCEIWXU=1670576232231

Response

HTTP/1.1 200 OK

Server: nginx
Date: Fri, 09 Dec 2022 07:57:01 GMT
Content-Type: image/jpeg
Content-Length: 16424
Last-Modified: Sat, 16 Jul 2022 11:07:43 GMT
Connection: keep-alive
ETag: "62d29bff-4028"
Expires: Wed, 14 Dec 2022 07:57:01 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
GET

http://www.3gri.com/static/home/images/topi.png

msedge.exe

Remote address:

107.163.188.215:80

Request

GET /static/home/images/topi.png HTTP/1.1
Host: www.3gri.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.3gri.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: __vtins__JgriHL8SZwCEIWXU=%7B%22sid%22%3A%20%223ca3c30d-9931-5ec7-a3b7-db882507e012%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201670578032209%2C%20%22ct%22%3A%201670576232209%7D; __51uvsct__JgriHL8SZwCEIWXU=1; __51vcke__JgriHL8SZwCEIWXU=48fdaa80-b370-5491-907d-4828d9543184; __51vuft__JgriHL8SZwCEIWXU=1670576232231

Response

HTTP/1.1 200 OK

Server: nginx
Date: Fri, 09 Dec 2022 07:57:01 GMT
Content-Type: image/png
Content-Length: 20437
Last-Modified: Sat, 16 Jul 2022 11:07:43 GMT
Connection: keep-alive
ETag: "62d29bff-4fd5"
Expires: Wed, 14 Dec 2022 07:57:01 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
GET

http://www.3gri.com/uploads/article/20210705/46b2bc1903f241487333f040f422db5c.jpg

msedge.exe

Remote address:

107.163.188.215:80

Request

GET /uploads/article/20210705/46b2bc1903f241487333f040f422db5c.jpg HTTP/1.1
Host: www.3gri.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.3gri.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx
Date: Fri, 09 Dec 2022 07:57:00 GMT
Content-Type: image/jpeg
Content-Length: 17593
Last-Modified: Sat, 16 Jul 2022 11:07:41 GMT
Connection: keep-alive
ETag: "62d29bfd-44b9"
Expires: Wed, 14 Dec 2022 07:57:00 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
GET

http://www.3gri.com/uploads/article/20210705/5f84141e50b10872324fb1c41b54e205.jpg

msedge.exe

Remote address:

107.163.188.215:80

Request

GET /uploads/article/20210705/5f84141e50b10872324fb1c41b54e205.jpg HTTP/1.1
Host: www.3gri.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.3gri.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx
Date: Fri, 09 Dec 2022 07:57:00 GMT
Content-Type: image/jpeg
Content-Length: 125635
Last-Modified: Sat, 16 Jul 2022 11:07:42 GMT
Connection: keep-alive
ETag: "62d29bfe-1eac3"
Expires: Wed, 14 Dec 2022 07:57:00 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
GET

http://www.3gri.com/uploads/article/20210705/db754bd30cbe3d4ef4afbbcbefb3a2f4.jpg

msedge.exe

Remote address:

107.163.188.215:80

Request

GET /uploads/article/20210705/db754bd30cbe3d4ef4afbbcbefb3a2f4.jpg HTTP/1.1
Host: www.3gri.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.3gri.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: __vtins__JgriHL8SZwCEIWXU=%7B%22sid%22%3A%20%223ca3c30d-9931-5ec7-a3b7-db882507e012%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201670578032209%2C%20%22ct%22%3A%201670576232209%7D; __51uvsct__JgriHL8SZwCEIWXU=1; __51vcke__JgriHL8SZwCEIWXU=48fdaa80-b370-5491-907d-4828d9543184; __51vuft__JgriHL8SZwCEIWXU=1670576232231

Response

HTTP/1.1 200 OK

Server: nginx
Date: Fri, 09 Dec 2022 07:57:01 GMT
Content-Type: image/jpeg
Content-Length: 19031
Last-Modified: Sat, 16 Jul 2022 11:07:43 GMT
Connection: keep-alive
ETag: "62d29bff-4a57"
Expires: Wed, 14 Dec 2022 07:57:01 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
GET

http://www.3gri.com/static/home/images/kf_msg.png

msedge.exe

Remote address:

107.163.188.215:80

Request

GET /static/home/images/kf_msg.png HTTP/1.1
Host: www.3gri.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.3gri.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: __vtins__JgriHL8SZwCEIWXU=%7B%22sid%22%3A%20%223ca3c30d-9931-5ec7-a3b7-db882507e012%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201670578032209%2C%20%22ct%22%3A%201670576232209%7D; __51uvsct__JgriHL8SZwCEIWXU=1; __51vcke__JgriHL8SZwCEIWXU=48fdaa80-b370-5491-907d-4828d9543184; __51vuft__JgriHL8SZwCEIWXU=1670576232231

Response

HTTP/1.1 200 OK

Server: nginx
Date: Fri, 09 Dec 2022 07:57:01 GMT
Content-Type: image/png
Content-Length: 708
Last-Modified: Sat, 16 Jul 2022 11:07:41 GMT
Connection: keep-alive
ETag: "62d29bfd-2c4"
Expires: Wed, 14 Dec 2022 07:57:01 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
GET

http://www.3gri.com/static/home/images/wx_bg.png

msedge.exe

Remote address:

107.163.188.215:80

Request

GET /static/home/images/wx_bg.png HTTP/1.1
Host: www.3gri.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.3gri.com/static/home/css/my.css
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: __vtins__JgriHL8SZwCEIWXU=%7B%22sid%22%3A%20%223ca3c30d-9931-5ec7-a3b7-db882507e012%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201670578032209%2C%20%22ct%22%3A%201670576232209%7D; __51uvsct__JgriHL8SZwCEIWXU=1; __51vcke__JgriHL8SZwCEIWXU=48fdaa80-b370-5491-907d-4828d9543184; __51vuft__JgriHL8SZwCEIWXU=1670576232231

Response

HTTP/1.1 200 OK

Server: nginx
Date: Fri, 09 Dec 2022 07:57:01 GMT
Content-Type: image/png
Content-Length: 21410
Last-Modified: Sat, 16 Jul 2022 11:07:43 GMT
Connection: keep-alive
ETag: "62d29bff-53a2"
Expires: Wed, 14 Dec 2022 07:57:01 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
GET

http://www.3gri.com/uploads/article/20210705/2f97849a1367b7ce0f2dc82c843cf32c.jpg

msedge.exe

Remote address:

107.163.188.215:80

Request

GET /uploads/article/20210705/2f97849a1367b7ce0f2dc82c843cf32c.jpg HTTP/1.1
Host: www.3gri.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.3gri.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx
Date: Fri, 09 Dec 2022 07:57:00 GMT
Content-Type: image/jpeg
Content-Length: 22347
Last-Modified: Sat, 16 Jul 2022 11:07:42 GMT
Connection: keep-alive
ETag: "62d29bfe-574b"
Expires: Wed, 14 Dec 2022 07:57:00 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
GET

http://www.3gri.com/uploads/article/20210705/1d19e1b134b90a1bf199f3a42c374ec0.jpg

msedge.exe

Remote address:

107.163.188.215:80

Request

GET /uploads/article/20210705/1d19e1b134b90a1bf199f3a42c374ec0.jpg HTTP/1.1
Host: www.3gri.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.3gri.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx
Date: Fri, 09 Dec 2022 07:57:00 GMT
Content-Type: image/jpeg
Content-Length: 140969
Last-Modified: Sat, 16 Jul 2022 11:07:42 GMT
Connection: keep-alive
ETag: "62d29bfe-226a9"
Expires: Wed, 14 Dec 2022 07:57:00 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
GET

http://www.3gri.com/uploads/article/20210705/303df98a5b9397f62a4721d645f6aa9b.jpg

msedge.exe

Remote address:

107.163.188.215:80

Request

GET /uploads/article/20210705/303df98a5b9397f62a4721d645f6aa9b.jpg HTTP/1.1
Host: www.3gri.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.3gri.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: __vtins__JgriHL8SZwCEIWXU=%7B%22sid%22%3A%20%223ca3c30d-9931-5ec7-a3b7-db882507e012%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201670578032209%2C%20%22ct%22%3A%201670576232209%7D; __51uvsct__JgriHL8SZwCEIWXU=1; __51vcke__JgriHL8SZwCEIWXU=48fdaa80-b370-5491-907d-4828d9543184; __51vuft__JgriHL8SZwCEIWXU=1670576232231

Response

HTTP/1.1 200 OK

Server: nginx
Date: Fri, 09 Dec 2022 07:57:01 GMT
Content-Type: image/jpeg
Content-Length: 16637
Last-Modified: Sat, 16 Jul 2022 11:07:43 GMT
Connection: keep-alive
ETag: "62d29bff-40fd"
Expires: Wed, 14 Dec 2022 07:57:01 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
GET

http://www.3gri.com/static/home/images/qq_1.jpg

msedge.exe

Remote address:

107.163.188.215:80

Request

GET /static/home/images/qq_1.jpg HTTP/1.1
Host: www.3gri.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.3gri.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: __vtins__JgriHL8SZwCEIWXU=%7B%22sid%22%3A%20%223ca3c30d-9931-5ec7-a3b7-db882507e012%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201670578032209%2C%20%22ct%22%3A%201670576232209%7D; __51uvsct__JgriHL8SZwCEIWXU=1; __51vcke__JgriHL8SZwCEIWXU=48fdaa80-b370-5491-907d-4828d9543184; __51vuft__JgriHL8SZwCEIWXU=1670576232231

Response

HTTP/1.1 200 OK

Server: nginx
Date: Fri, 09 Dec 2022 07:57:01 GMT
Content-Type: image/jpeg
Content-Length: 21144
Last-Modified: Sat, 16 Jul 2022 11:07:41 GMT
Connection: keep-alive
ETag: "62d29bfd-5298"
Expires: Wed, 14 Dec 2022 07:57:01 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
GET

http://www.3gri.com/static/home/images/wx_bg2.png

msedge.exe

Remote address:

107.163.188.215:80

Request

GET /static/home/images/wx_bg2.png HTTP/1.1
Host: www.3gri.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.3gri.com/static/home/css/my.css
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: __vtins__JgriHL8SZwCEIWXU=%7B%22sid%22%3A%20%223ca3c30d-9931-5ec7-a3b7-db882507e012%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201670578032209%2C%20%22ct%22%3A%201670576232209%7D; __51uvsct__JgriHL8SZwCEIWXU=1; __51vcke__JgriHL8SZwCEIWXU=48fdaa80-b370-5491-907d-4828d9543184; __51vuft__JgriHL8SZwCEIWXU=1670576232231

Response

HTTP/1.1 200 OK

Server: nginx
Date: Fri, 09 Dec 2022 07:57:01 GMT
Content-Type: image/png
Content-Length: 21102
Last-Modified: Sat, 16 Jul 2022 11:07:43 GMT
Connection: keep-alive
ETag: "62d29bff-526e"
Expires: Wed, 14 Dec 2022 07:57:01 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
GET

http://www.3gri.com/uploads/article/20210705/2ef1a0e63454cab31ea0f48fd9a109c7.jpg

msedge.exe

Remote address:

107.163.188.215:80

Request

GET /uploads/article/20210705/2ef1a0e63454cab31ea0f48fd9a109c7.jpg HTTP/1.1
Host: www.3gri.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.3gri.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx
Date: Fri, 09 Dec 2022 07:57:00 GMT
Content-Type: image/jpeg
Content-Length: 19368
Last-Modified: Sat, 16 Jul 2022 11:07:41 GMT
Connection: keep-alive
ETag: "62d29bfd-4ba8"
Expires: Wed, 14 Dec 2022 07:57:00 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
GET

http://www.3gri.com/static/layui/font/iconfont.ttf?v=240

msedge.exe

Remote address:

107.163.188.215:80

Request

GET /static/layui/font/iconfont.ttf?v=240 HTTP/1.1
Host: www.3gri.com
Connection: keep-alive
Origin: http://www.3gri.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Referer: http://www.3gri.com/static/layui/css/layui.css
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx
Date: Fri, 09 Dec 2022 07:57:00 GMT
Content-Type: text/html
Content-Length: 480
Connection: keep-alive
GET

http://www.3gri.com/uploads/article/20210705/dff2dbdfcd6ef9bb6b2cec8c8983d064.jpg

msedge.exe

Remote address:

107.163.188.215:80

Request

GET /uploads/article/20210705/dff2dbdfcd6ef9bb6b2cec8c8983d064.jpg HTTP/1.1
Host: www.3gri.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.3gri.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: __vtins__JgriHL8SZwCEIWXU=%7B%22sid%22%3A%20%223ca3c30d-9931-5ec7-a3b7-db882507e012%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201670578032209%2C%20%22ct%22%3A%201670576232209%7D; __51uvsct__JgriHL8SZwCEIWXU=1; __51vcke__JgriHL8SZwCEIWXU=48fdaa80-b370-5491-907d-4828d9543184; __51vuft__JgriHL8SZwCEIWXU=1670576232231

Response

HTTP/1.1 200 OK

Server: nginx
Date: Fri, 09 Dec 2022 07:57:00 GMT
Content-Type: image/jpeg
Content-Length: 80789
Last-Modified: Sat, 16 Jul 2022 11:07:42 GMT
Connection: keep-alive
ETag: "62d29bfe-13b95"
Expires: Wed, 14 Dec 2022 07:57:00 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
GET

http://www.3gri.com/static/home/images/kf_ri.png

msedge.exe

Remote address:

107.163.188.215:80

Request

GET /static/home/images/kf_ri.png HTTP/1.1
Host: www.3gri.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.3gri.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: __vtins__JgriHL8SZwCEIWXU=%7B%22sid%22%3A%20%223ca3c30d-9931-5ec7-a3b7-db882507e012%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201670578032209%2C%20%22ct%22%3A%201670576232209%7D; __51uvsct__JgriHL8SZwCEIWXU=1; __51vcke__JgriHL8SZwCEIWXU=48fdaa80-b370-5491-907d-4828d9543184; __51vuft__JgriHL8SZwCEIWXU=1670576232231

Response

HTTP/1.1 200 OK

Server: nginx
Date: Fri, 09 Dec 2022 07:57:01 GMT
Content-Type: image/png
Content-Length: 21173
Last-Modified: Sat, 16 Jul 2022 11:07:41 GMT
Connection: keep-alive
ETag: "62d29bfd-52b5"
Expires: Wed, 14 Dec 2022 07:57:01 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
GET

http://www.3gri.com/static/home/images/c_l.png

msedge.exe

Remote address:

107.163.188.215:80

Request

GET /static/home/images/c_l.png HTTP/1.1
Host: www.3gri.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.3gri.com/static/home/css/my.css
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: __vtins__JgriHL8SZwCEIWXU=%7B%22sid%22%3A%20%223ca3c30d-9931-5ec7-a3b7-db882507e012%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201670578032209%2C%20%22ct%22%3A%201670576232209%7D; __51uvsct__JgriHL8SZwCEIWXU=1; __51vcke__JgriHL8SZwCEIWXU=48fdaa80-b370-5491-907d-4828d9543184; __51vuft__JgriHL8SZwCEIWXU=1670576232231

Response

HTTP/1.1 200 OK

Server: nginx
Date: Fri, 09 Dec 2022 07:57:01 GMT
Content-Type: image/png
Content-Length: 20610
Last-Modified: Sat, 16 Jul 2022 11:07:43 GMT
Connection: keep-alive
ETag: "62d29bff-5082"
Expires: Wed, 14 Dec 2022 07:57:01 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
DNS

nav.smartscreen.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

nav.smartscreen.microsoft.com

IN A

Response

nav.smartscreen.microsoft.com

IN CNAME

wd-prod-ss.trafficmanager.net

wd-prod-ss.trafficmanager.net

IN CNAME

wd-prod-ss-eu-north-1-fe.northeurope.cloudapp.azure.com

wd-prod-ss-eu-north-1-fe.northeurope.cloudapp.azure.com

IN A

20.67.219.150
POST

https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2

msedge.exe

Remote address:

20.67.219.150:443

Request

POST /api/browser/edge/navigate/2 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/json
Authorization: SmartScreenHash eyJhdXRoSWQiOiIzODFkZGQxZS1lNjAwLTQyZGUtOTRlZC04YzM0YmY3M2YxNmQiLCJoYXNoIjoiNVNMVXViRm10Rjg9Iiwia2V5IjoiRmdYOS8wZXRwN056MitsYm0wSnVtQT09In0=
User-Agent: SmartScreen/281479409565696
Content-Length: 1377
Host: nav.smartscreen.microsoft.com

Response

HTTP/1.1 200 OK

Cache-Control: max-age=0, private
Content-Length: 883
Content-Type: application/json; charset=utf-8
Server: Microsoft-HTTPAPI/2.0
X-SmartScreen-Flight-Vector: enableProxyLeniency,IsArsFmsIntegrationEnabled,IsCurfId0LoggingEnabled,isCurfTstEnabled,isNpPIOverrideBlockEnabled,ListApiE5V2Enabled,npSettings2004,SendGeoMapInSettingsToNewAnaheimClient,SrcEOPEnabled,topTrafficV2Enabled,UpdateOnMissingEtagEnabled,updateSigningCert,updateSigningCertForRS3RS4
Date: Fri, 09 Dec 2022 07:57:12 GMT
Connection: close
GET

http://www.cunsongbiaodai.net:2022/

msedge.exe

Remote address:

154.216.67.117:2022

Request

GET / HTTP/1.1
Host: www.cunsongbiaodai.net:2022
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://45.199.28.200/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx
Date: Fri, 09 Dec 2022 07:57:13 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: PHPSESSID=i24p52spbhql163na6litr01m9; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Encoding: gzip
GET

http://www.cunsongbiaodai.net:2022/template/1147/images/style.css

msedge.exe

Remote address:

154.216.67.117:2022

Request

GET /template/1147/images/style.css HTTP/1.1
Host: www.cunsongbiaodai.net:2022
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/css,*/*;q=0.1
Referer: http://www.cunsongbiaodai.net:2022/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx
Date: Fri, 09 Dec 2022 07:57:13 GMT
Content-Type: text/css
Last-Modified: Wed, 15 Jun 2022 10:02:08 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62a9ae20-8ecc"
Expires: Fri, 09 Dec 2022 19:57:13 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
GET

http://www.cunsongbiaodai.net:2022/template/1147/images/a1.jpg

msedge.exe

Remote address:

154.216.67.117:2022

Request

GET /template/1147/images/a1.jpg HTTP/1.1
Host: www.cunsongbiaodai.net:2022
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.cunsongbiaodai.net:2022/template/1147/images/style.css
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx
Date: Fri, 09 Dec 2022 07:57:14 GMT
Content-Type: image/jpeg
Content-Length: 1388
Last-Modified: Thu, 26 Dec 2019 11:31:24 GMT
Connection: keep-alive
ETag: "5e049a0c-56c"
Expires: Sun, 08 Jan 2023 07:57:14 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
GET

http://www.cunsongbiaodai.net:2022/template/1147/images/a1-link2.jpg

msedge.exe

Remote address:

154.216.67.117:2022

Request

GET /template/1147/images/a1-link2.jpg HTTP/1.1
Host: www.cunsongbiaodai.net:2022
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.cunsongbiaodai.net:2022/template/1147/images/style.css
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx
Date: Fri, 09 Dec 2022 07:57:14 GMT
Content-Type: image/jpeg
Content-Length: 1407
Last-Modified: Thu, 26 Dec 2019 11:31:24 GMT
Connection: keep-alive
ETag: "5e049a0c-57f"
Expires: Sun, 08 Jan 2023 07:57:14 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
POST

https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2

msedge.exe

Remote address:

20.67.219.150:443

Request

POST /api/browser/edge/navigate/2 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/json
Authorization: SmartScreenHash eyJhdXRoSWQiOiIzODFkZGQxZS1lNjAwLTQyZGUtOTRlZC04YzM0YmY3M2YxNmQiLCJoYXNoIjoiUVRwUkN4WWRIT1k9Iiwia2V5IjoiU1BLc3R5T1hLbFlPTGZCekxvTXE3QT09In0=
User-Agent: SmartScreen/281479409565696
Content-Length: 1454
Host: nav.smartscreen.microsoft.com

Response

HTTP/1.1 200 OK

Cache-Control: max-age=0, private
Content-Length: 899
Content-Type: application/json; charset=utf-8
Server: Microsoft-HTTPAPI/2.0
X-SmartScreen-Flight-Vector: enableProxyLeniency,IsArsFmsIntegrationEnabled,IsCurfId0LoggingEnabled,isCurfTstEnabled,isNpPIOverrideBlockEnabled,ListApiE5V2Enabled,npSettings2004,SendGeoMapInSettingsToNewAnaheimClient,SrcEOPEnabled,topTrafficV2Enabled,UpdateOnMissingEtagEnabled,updateSigningCert,updateSigningCertForRS3RS4
Date: Fri, 09 Dec 2022 07:57:12 GMT
Connection: close
GET

http://www.cunsongbiaodai.net:2022/template/1147/js/jquery.js

msedge.exe

Remote address:

154.216.67.117:2022

Request

GET /template/1147/js/jquery.js HTTP/1.1
Host: www.cunsongbiaodai.net:2022
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Referer: http://www.cunsongbiaodai.net:2022/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx
Date: Fri, 09 Dec 2022 07:57:13 GMT
Content-Type: application/javascript
Last-Modified: Sat, 25 Jun 2022 08:54:59 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62b6cd63-169d5"
Expires: Fri, 09 Dec 2022 19:57:13 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
GET

http://www.cunsongbiaodai.net:2022/template/1147/images/button2-bg.jpg

msedge.exe

Remote address:

154.216.67.117:2022

Request

GET /template/1147/images/button2-bg.jpg HTTP/1.1
Host: www.cunsongbiaodai.net:2022
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.cunsongbiaodai.net:2022/template/1147/images/style.css
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx
Date: Fri, 09 Dec 2022 07:57:14 GMT
Content-Type: image/jpeg
Content-Length: 1406
Last-Modified: Thu, 26 Dec 2019 11:31:24 GMT
Connection: keep-alive
ETag: "5e049a0c-57e"
Expires: Sun, 08 Jan 2023 07:57:14 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
GET

http://sdk.51.la/js-sdk-pro.min.js

msedge.exe

Remote address:

47.253.50.2:80

Request

GET /js-sdk-pro.min.js HTTP/1.1
Host: sdk.51.la
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Referer: http://www.3gri.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: openresty
Date: Fri, 09 Dec 2022 07:57:13 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Fri, 15 Jul 2022 04:05:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"62d0e7a4-861a"
Cache-Control: max-age=1296000
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
GET

http://sdk.51.la/js-sdk-pro.min.js

msedge.exe

Remote address:

47.253.50.2:80

Request

GET /js-sdk-pro.min.js HTTP/1.1
Host: sdk.51.la
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Referer: http://www.cunsongbiaodai.net:2022/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: openresty
Date: Fri, 09 Dec 2022 07:57:14 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Fri, 15 Jul 2022 04:05:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"62d0e7a4-861a"
Cache-Control: max-age=1296000
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
POST

http://collect-v6.51.la/v6/collect?dt=4

msedge.exe

Remote address:

103.143.19.103:80

Request

POST /v6/collect?dt=4 HTTP/1.1
Host: collect-v6.51.la
Connection: keep-alive
Content-Length: 535
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: http://www.3gri.com
Referer: http://www.3gri.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200

Server: CloudWAF
Date: Fri, 09 Dec 2022 07:57:14 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: HWWAFSESID=9a1b85ad79d18243795; path=/
Set-Cookie: HWWAFSESTIME=1670572633068; path=/
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Access-Control-Allow-Origin: http://www.3gri.com
Access-Control-Allow-Credentials: true
POST

http://collect-v6.51.la/v6/collect?dt=4

msedge.exe

Remote address:

103.143.19.103:80

Request

POST /v6/collect?dt=4 HTTP/1.1
Host: collect-v6.51.la
Connection: keep-alive
Content-Length: 269
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Origin: http://www.cunsongbiaodai.net:2022
Referer: http://www.cunsongbiaodai.net:2022/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200

Server: CloudWAF
Date: Fri, 09 Dec 2022 07:57:17 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: HWWAFSESID=9a1b8178679d18243795; path=/
Set-Cookie: HWWAFSESTIME=1670572633068; path=/
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Access-Control-Allow-Origin: http://www.cunsongbiaodai.net:2022
Access-Control-Allow-Credentials: true
GET

http://push.zhanzhang.baidu.com/push.js

msedge.exe

Remote address:

182.61.240.101:80

Request

GET /push.js HTTP/1.1
Host: push.zhanzhang.baidu.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Referer: http://www.3gri.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Length: 227
Content-Type: text/javascript
Date: Fri, 09 Dec 2022 07:57:14 GMT
Etag: "4078521116"
Expires: Sat, 09 Dec 2023 07:57:14 GMT
Last-Modified: Wed, 25 Nov 2015 07:47:55 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Server: apache
Set-Cookie: BAIDUID=E8CA70B21DEEF6696EE420596A491F6F:FG=1; max-age=31536000; expires=Sat, 09-Dec-23 07:57:14 GMT; domain=.baidu.com; path=/; version=1
Vary: Accept-Encoding
GET

http://push.zhanzhang.baidu.com/push.js

msedge.exe

Remote address:

182.61.240.101:80

Request

GET /push.js HTTP/1.1
Host: push.zhanzhang.baidu.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Referer: http://www.cunsongbiaodai.net:2022/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Length: 227
Content-Type: text/javascript
Date: Fri, 09 Dec 2022 07:57:15 GMT
Etag: "4078521116"
Expires: Sat, 09 Dec 2023 07:57:15 GMT
Last-Modified: Wed, 25 Nov 2015 07:47:55 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Server: apache
Set-Cookie: BAIDUID=C0D64BACE0EF00FA255DBCB04D480C07:FG=1; max-age=31536000; expires=Sat, 09-Dec-23 07:57:15 GMT; domain=.baidu.com; path=/; version=1
Vary: Accept-Encoding
GET

http://www.cunsongbiaodai.net:2022/template/1147/images/rating-good.png

msedge.exe

Remote address:

154.216.67.117:2022

Request

GET /template/1147/images/rating-good.png HTTP/1.1
Host: www.cunsongbiaodai.net:2022
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.cunsongbiaodai.net:2022/template/1147/images/style.css
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx
Date: Fri, 09 Dec 2022 07:57:14 GMT
Content-Type: image/png
Content-Length: 1090
Last-Modified: Thu, 26 Dec 2019 11:31:24 GMT
Connection: keep-alive
ETag: "5e049a0c-442"
Expires: Sun, 08 Jan 2023 07:57:14 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
GET

http://www.cunsongbiaodai.net:2022/static/images/nopic.gif

msedge.exe

Remote address:

154.216.67.117:2022

Request

GET /static/images/nopic.gif HTTP/1.1
Host: www.cunsongbiaodai.net:2022
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.cunsongbiaodai.net:2022/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx
Date: Fri, 09 Dec 2022 07:57:15 GMT
Content-Type: image/gif
Content-Length: 7126
Last-Modified: Mon, 08 Jul 2019 02:09:48 GMT
Connection: keep-alive
ETag: "5d22a5ec-1bd6"
Expires: Sun, 08 Jan 2023 07:57:15 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
GET

https://7780tp.com/7780/980x60.gif

msedge.exe

Remote address:

156.232.91.99:443

Request

GET /7780/980x60.gif HTTP/1.1
Host: 7780tp.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: http://www.cunsongbiaodai.net:2022/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: openresty
Date: Fri, 09 Dec 2022 07:57:15 GMT
Content-Type: image/gif
Content-Length: 208558
Connection: keep-alive
Last-Modified: Fri, 25 Nov 2022 06:44:11 GMT
ETag: "6380643b-32eae"
Expires: Sun, 25 Dec 2022 06:44:23 GMT
Cache-Control: max-age=2592000
Via: 156.232.91.98
CDN-Cache: HIT
Accept-Ranges: bytes
GET

https://7780tp.com/7780/200x200.gif

msedge.exe

Remote address:

156.232.91.99:443

Request

GET /7780/200x200.gif HTTP/1.1
Host: 7780tp.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: http://www.cunsongbiaodai.net:2022/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: openresty
Date: Fri, 09 Dec 2022 07:57:15 GMT
Content-Type: image/gif
Content-Length: 138064
Connection: keep-alive
Last-Modified: Tue, 28 Jun 2022 06:19:45 GMT
ETag: "62ba9d81-21b50"
Expires: Mon, 17 Oct 2022 09:06:56 GMT
Cache-Control: max-age=2592000
Via: 156.232.91.98
CDN-Cache: HIT
Accept-Ranges: bytes
GET

https://kzeaa.com/92f0c144d76dd785f7c04f84ae149b33.gif

msedge.exe

Remote address:

45.154.215.92:443

Request

GET /92f0c144d76dd785f7c04f84ae149b33.gif HTTP/2.0
host: kzeaa.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: http://www.cunsongbiaodai.net:2022/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 301

server: nginx
date: Fri, 09 Dec 2022 07:57:15 GMT
content-type: text/html
content-length: 162
location: https://max007.top/92f0c144d76dd785f7c04f84ae149b33.gif
strict-transport-security: max-age=31536000
GET

https://65688qp.com/tp/980x60s.gif

msedge.exe

Remote address:

154.83.27.196:443

Request

GET /tp/980x60s.gif HTTP/1.1
Host: 65688qp.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: http://www.cunsongbiaodai.net:2022/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: openresty
Date: Fri, 09 Dec 2022 07:57:15 GMT
Content-Type: image/gif
Content-Length: 363154
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 10:00:00 GMT
ETag: "63887b20-58a92"
Expires: Fri, 06 Jan 2023 07:13:34 GMT
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000
Via: 154.83.27.194
CDN-Cache: HIT
Accept-Ranges: bytes
GET

https://678tktp.com/tp/980x60.gif

msedge.exe

Remote address:

154.83.24.157:443

Request

GET /tp/980x60.gif HTTP/1.1
Host: 678tktp.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: http://www.cunsongbiaodai.net:2022/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: openresty
Date: Fri, 09 Dec 2022 07:57:15 GMT
Content-Type: image/gif
Content-Length: 46393
Connection: keep-alive
Last-Modified: Sun, 20 Nov 2022 12:07:57 GMT
ETag: "637a189d-b539"
Expires: Fri, 23 Dec 2022 08:46:32 GMT
Cache-Control: max-age=2592000
Via: 154.83.24.154
CDN-Cache: HIT
Accept-Ranges: bytes
GET

http://xx.9820668.com/9820/960-80A.gif

msedge.exe

Remote address:

134.122.133.169:80

Request

GET /9820/960-80A.gif HTTP/1.1
Host: xx.9820668.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.cunsongbiaodai.net:2022/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: image/gif
Last-Modified: Thu, 24 Nov 2022 07:31:33 GMT
Accept-Ranges: bytes
ETag: "b0270c7d6ffd81:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Fri, 09 Dec 2022 08:05:40 GMT
Content-Length: 29935
GET

http://www.tongji-badu.cc/5564/vdiojp.js?v=122022128

msedge.exe

Remote address:

188.114.96.0:80

Request

GET /5564/vdiojp.js?v=122022128 HTTP/1.1
Host: www.tongji-badu.cc
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Referer: http://www.cunsongbiaodai.net:2022/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Date: Fri, 09 Dec 2022 07:57:15 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 09 Dec 2022 07:03:23 GMT
Vary: Accept-Encoding
ETag: W/"6392ddbb-696"
Expires: Fri, 09 Dec 2022 19:57:15 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VYB%2BeW6AE%2Fa6%2FQYyDpXOBeVWYE5Rh2yJtjqPloimcbUAadNJDztcWKxBPd8ruxmTKPd%2FlIheXW2I4QbuRL0Q%2BsqcaWCAn8gkEXg4nFNcBdTtFjpqZz1gs9o2QmV040E99hWTaFc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 776c30589a451c93-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET

https://65688qp.com/tp/93200s.gif

msedge.exe

Remote address:

154.83.27.196:443

Request

GET /tp/93200s.gif HTTP/1.1
Host: 65688qp.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: http://www.cunsongbiaodai.net:2022/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: openresty
Date: Fri, 09 Dec 2022 07:57:15 GMT
Content-Type: image/gif
Content-Length: 211192
Connection: keep-alive
Last-Modified: Thu, 24 Nov 2022 05:11:45 GMT
ETag: "637efd11-338f8"
Expires: Fri, 06 Jan 2023 07:13:36 GMT
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000
Via: 154.83.27.194
CDN-Cache: HIT
Accept-Ranges: bytes
GET

http://api.share.baidu.com/s.gif?l=http://www.3gri.com/

msedge.exe

Remote address:

182.61.201.93:80

Request

GET /s.gif?l=http://www.3gri.com/ HTTP/1.1
Host: api.share.baidu.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.3gri.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 0
Content-Type: text/plain; charset=utf-8
Date: Fri, 09 Dec 2022 07:57:15 GMT
GET

http://api.share.baidu.com/s.gif?r=http%3A%2F%2F45.199.28.200%2F&l=http://www.cunsongbiaodai.net:2022/

msedge.exe

Remote address:

182.61.201.93:80

Request

GET /s.gif?r=http%3A%2F%2F45.199.28.200%2F&l=http://www.cunsongbiaodai.net:2022/ HTTP/1.1
Host: api.share.baidu.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.cunsongbiaodai.net:2022/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 0
Content-Type: text/plain; charset=utf-8
Date: Fri, 09 Dec 2022 07:57:16 GMT
GET

https://6651tp.com/980x60.gif

msedge.exe

Remote address:

173.82.163.115:443

Request

GET /980x60.gif HTTP/2.0
host: 6651tp.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: http://www.cunsongbiaodai.net:2022/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: openresty
date: Fri, 09 Dec 2022 07:57:15 GMT
content-type: image/gif
content-length: 111582
last-modified: Fri, 25 Nov 2022 07:34:34 GMT
etag: "6380700a-1b3de"
expires: Sun, 25 Dec 2022 07:34:58 GMT
cache-control: max-age=2592000
via: 173.82.78.234
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-cache: HIT
accept-ranges: bytes
GET

https://6651tp.com/51201.gif

msedge.exe

Remote address:

173.82.163.115:443

Request

GET /51201.gif HTTP/2.0
host: 6651tp.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: http://www.cunsongbiaodai.net:2022/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: openresty
date: Fri, 09 Dec 2022 07:57:15 GMT
content-type: image/gif
content-length: 69137
last-modified: Fri, 10 Jun 2022 08:07:02 GMT
etag: "62a2fba6-10e11"
expires: Sun, 11 Dec 2022 18:39:49 GMT
cache-control: max-age=2592000
via: 173.82.78.234
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-cache: HIT
accept-ranges: bytes
GET

https://kjimg10.360buyimg.com/ott/jfs/t1/182609/5/30676/315400/6380d0eeE6d07d2ae/93cc2b27e4f04ca4.gif

msedge.exe

Remote address:

112.13.110.3:443

Request

GET /ott/jfs/t1/182609/5/30676/315400/6380d0eeE6d07d2ae/93cc2b27e4f04ca4.gif HTTP/2.0
host: kjimg10.360buyimg.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: http://www.cunsongbiaodai.net:2022/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Fri, 09 Dec 2022 07:57:16 GMT
content-type: image/gif
content-length: 315400
cache-control: max-age=315360000
expires: Mon, 22 Nov 2032 14:28:51 GMT
last-modified: Fri, 25 Nov 2022 14:27:58 GMT
age: 1186105
via: http/1.1 ORI-CLOUD-HUZ-MIX-19 (jcs [cRs f ]), http/1.1 HAZ-CM-2-MIX-16 (jcs [cRs f ])
access-control-allow-origin: *
timing-allow-origin: *
x-trace: 200-1669386531656-0-0-0-9-9;200;200-1669390054378-0-0-0-0-0;200-1670572636196-0-0-0-1-1
GET

https://kjimg10.360buyimg.com/ott/jfs/t1/120993/16/33030/1021535/6380d2dbE2ee6e05e/c45dd20fdac2727b.gif

msedge.exe

Remote address:

112.13.110.3:443

Request

GET /ott/jfs/t1/120993/16/33030/1021535/6380d2dbE2ee6e05e/c45dd20fdac2727b.gif HTTP/2.0
host: kjimg10.360buyimg.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: http://www.cunsongbiaodai.net:2022/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Fri, 09 Dec 2022 07:57:16 GMT
content-type: image/gif
content-length: 1021535
cache-control: max-age=315360000
expires: Mon, 22 Nov 2032 14:38:15 GMT
last-modified: Fri, 25 Nov 2022 14:36:11 GMT
age: 1185541
via: http/1.1 ORI-CLOUD-HUZ-MIX-11 (jcs [cHs f ]), http/1.1 HAZ-CM-2-MIX-20 (jcs [cRs f ])
access-control-allow-origin: *
timing-allow-origin: *
x-trace: 200-1669387095531-0-0-2-15-15;200;200-1669797714979-0-0-0-9-9;200-1670572636197-0-0-0-0-0
GET

https://kjimg10.360buyimg.com/ott/jfs/t1/222610/4/20743/688878/6380d41fEdd27fc60/810ef977e1cd11c0.gif

msedge.exe

Remote address:

112.13.110.3:443

Request

GET /ott/jfs/t1/222610/4/20743/688878/6380d41fEdd27fc60/810ef977e1cd11c0.gif HTTP/2.0
host: kjimg10.360buyimg.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: http://www.cunsongbiaodai.net:2022/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Fri, 09 Dec 2022 07:57:16 GMT
content-type: image/gif
content-length: 688878
cache-control: max-age=315360000
expires: Mon, 22 Nov 2032 14:41:39 GMT
last-modified: Fri, 25 Nov 2022 14:41:35 GMT
age: 1185338
via: http/1.1 ORI-CLOUD-HUZ-MIX-27 (jcs [cHs f ]), http/1.1 HAZ-CM-2-MIX-20 (jcs [cRs f ])
access-control-allow-origin: *
timing-allow-origin: *
x-trace: 200-1669387299986-0-0-2-9-9;200;200-1669520737099-0-0-0-5-5;200-1670572636197-0-0-0-2-2
GET

https://kveww.com/99462c01e85acc1311bebac224df6cce.gif

msedge.exe

Remote address:

137.175.11.239:443

Request

GET /99462c01e85acc1311bebac224df6cce.gif HTTP/2.0
host: kveww.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: http://www.cunsongbiaodai.net:2022/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 301

server: nginx
date: Fri, 09 Dec 2022 15:57:00 GMT
content-type: text/html
content-length: 162
location: https://kvhxxx.top/99462c01e85acc1311bebac224df6cce.gif
strict-transport-security: max-age=31536000
GET

https://kvezz.com/95ca29ec3907b3bf2d8a24b35e3eda22.gif

msedge.exe

Remote address:

104.143.94.110:443

Request

GET /95ca29ec3907b3bf2d8a24b35e3eda22.gif HTTP/2.0
host: kvezz.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: http://www.cunsongbiaodai.net:2022/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 301

server: nginx
date: Fri, 09 Dec 2022 07:57:15 GMT
content-type: text/html
content-length: 162
location: https://kvkmmm.top/95ca29ec3907b3bf2d8a24b35e3eda22.gif
strict-transport-security: max-age=31536000
GET

http://www.duyao1.com/xtb.gif

msedge.exe

Remote address:

216.83.58.14:80

Request

GET /xtb.gif HTTP/1.1
Host: www.duyao1.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.cunsongbiaodai.net:2022/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: Tengine
Date: Fri, 09 Dec 2022 07:57:16 GMT
Content-Type: image/gif
Content-Length: 311408
Last-Modified: Fri, 28 Oct 2022 17:45:15 GMT
Connection: keep-alive
ETag: "635c152b-4c070"
Expires: Sun, 08 Jan 2023 07:57:16 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
GET

https://8644aaw.com/a.gif

msedge.exe

Remote address:

60.244.96.178:443

Request

GET /a.gif HTTP/2.0
host: 8644aaw.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: http://www.cunsongbiaodai.net:2022/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Fri, 09 Dec 2022 07:57:06 GMT
content-type: image/gif
content-length: 397051
last-modified: Wed, 05 Oct 2022 08:47:42 GMT
etag: "633d44ae-60efb"
expires: Sun, 08 Jan 2023 07:57:06 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
GET

https://kvhmm.com/19b37b6adb0139b1398282e2e5b2e562.gif

msedge.exe

Remote address:

137.175.13.78:443

Request

GET /19b37b6adb0139b1398282e2e5b2e562.gif HTTP/2.0
host: kvhmm.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: http://www.cunsongbiaodai.net:2022/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 301

server: nginx
date: Fri, 09 Dec 2022 07:57:23 GMT
content-type: text/html
content-length: 162
location: https://kvtfff.top/19b37b6adb0139b1398282e2e5b2e562.gif
strict-transport-security: max-age=31536000
GET

https://kzepp.com/387aa3cb8bec96e607972d99d3ac1058.gif

msedge.exe

Remote address:

45.154.215.92:443

Request

GET /387aa3cb8bec96e607972d99d3ac1058.gif HTTP/2.0
host: kzepp.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: http://www.cunsongbiaodai.net:2022/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 301

server: nginx
date: Fri, 09 Dec 2022 07:57:15 GMT
content-type: text/html
content-length: 162
location: https://kvthhh.top/387aa3cb8bec96e607972d99d3ac1058.gif
strict-transport-security: max-age=31536000
DNS

apps.identrust.com

msedge.exe

Remote address:

8.8.8.8:53

Request

apps.identrust.com

IN A

Response

apps.identrust.com

IN CNAME

identrust.edgesuite.net

identrust.edgesuite.net

IN CNAME

a1952.dscq.akamai.net

a1952.dscq.akamai.net

IN A

104.109.143.91

a1952.dscq.akamai.net

IN A

104.109.143.75
GET

http://apps.identrust.com/roots/dstrootcax3.p7c

msedge.exe

Remote address:

104.109.143.91:80

Request

GET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: apps.identrust.com

Response

HTTP/1.1 200 OK

X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15768000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' *.identrust.com
Last-Modified: Mon, 20 Jun 2022 20:24:00 GMT
ETag: "37d-5e1e6e25c9800"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Fri, 09 Dec 2022 08:57:15 GMT
Date: Fri, 09 Dec 2022 07:57:15 GMT
Connection: keep-alive
GET

http://apps.identrust.com/roots/dstrootcax3.p7c

msedge.exe

Remote address:

104.109.143.91:80

Request

GET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: apps.identrust.com

Response

HTTP/1.1 200 OK

X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15768000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' *.identrust.com
Last-Modified: Mon, 20 Jun 2022 20:24:00 GMT
ETag: "37d-5e1e6e25c9800"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Fri, 09 Dec 2022 08:57:15 GMT
Date: Fri, 09 Dec 2022 07:57:15 GMT
Connection: keep-alive
GET

http://apps.identrust.com/roots/dstrootcax3.p7c

msedge.exe

Remote address:

104.109.143.91:80

Request

GET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: apps.identrust.com

Response

HTTP/1.1 200 OK

X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15768000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' *.identrust.com
Last-Modified: Mon, 20 Jun 2022 20:24:00 GMT
ETag: "37d-5e1e6e25c9800"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Fri, 09 Dec 2022 08:57:15 GMT
Date: Fri, 09 Dec 2022 07:57:15 GMT
Connection: keep-alive
GET

http://apps.identrust.com/roots/dstrootcax3.p7c

msedge.exe

Remote address:

104.109.143.91:80

Request

GET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: apps.identrust.com

Response

HTTP/1.1 200 OK

X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15768000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' *.identrust.com
Last-Modified: Mon, 20 Jun 2022 20:24:00 GMT
ETag: "37d-5e1e6e25c9800"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Fri, 09 Dec 2022 08:57:15 GMT
Date: Fri, 09 Dec 2022 07:57:15 GMT
Connection: keep-alive
GET

http://apps.identrust.com/roots/dstrootcax3.p7c

msedge.exe

Remote address:

104.109.143.91:80

Request

GET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: apps.identrust.com

Response

HTTP/1.1 200 OK

X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15768000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' *.identrust.com
Last-Modified: Mon, 20 Jun 2022 20:24:00 GMT
ETag: "37d-5e1e6e25c9800"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Fri, 09 Dec 2022 08:57:15 GMT
Date: Fri, 09 Dec 2022 07:57:15 GMT
Connection: keep-alive
GET

https://gg72a1.com/gg/960x60-2.gif

msedge.exe

Remote address:

198.2.213.130:443

Request

GET /gg/960x60-2.gif HTTP/2.0
host: gg72a1.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: http://www.cunsongbiaodai.net:2022/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Fri, 09 Dec 2022 07:57:15 GMT
content-type: image/gif
content-length: 566629
last-modified: Tue, 01 Nov 2022 07:49:47 GMT
etag: "6360cf9b-8a565"
expires: Sun, 08 Jan 2023 07:57:15 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
GET

https://kvhxxx.top/99462c01e85acc1311bebac224df6cce.gif

msedge.exe

Remote address:

104.21.235.31:443

Request

GET /99462c01e85acc1311bebac224df6cce.gif HTTP/2.0
host: kvhxxx.top
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: http://www.cunsongbiaodai.net:2022/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 09 Dec 2022 07:57:18 GMT
content-type: image/gif
content-length: 845326
last-modified: Mon, 15 Aug 2022 06:10:27 GMT
etag: "62f9e353-ce60e"
expires: Thu, 05 Jan 2023 11:00:18 GMT
cache-control: max-age=2678400
cf-cache-status: HIT
age: 248217
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dbrlyAiSQv5X2gtX0MU6Nsa9hSDvhrjfIrHfdm%2FZ0bHYRA4GFhBmP42Dl1%2FsGhAzlrV4LsDPTa7FHRBzzY1Ewy5wGRVDrHmhdAxeDSjCjk3oIEGWABi%2BqJt1aR9s"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 776c305edf49b89d-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET

https://kvkmmm.top/95ca29ec3907b3bf2d8a24b35e3eda22.gif

msedge.exe

Remote address:

188.114.96.0:443

Request

GET /95ca29ec3907b3bf2d8a24b35e3eda22.gif HTTP/2.0
host: kvkmmm.top
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: http://www.cunsongbiaodai.net:2022/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 09 Dec 2022 07:57:15 GMT
content-type: image/gif
content-length: 400264
last-modified: Mon, 02 May 2022 19:22:39 GMT
etag: "62702f7f-61b88"
expires: Sat, 10 Dec 2022 11:31:41 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 2492734
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yWwiz5D423d2rC1JnPgcGPkT5Mn1qd2fD2OWPzyOHfA7xl2kT0v%2FhmKKFxXE1yQ9SGvbRhUScyCofn1BpTaQzbJ8YZ4gcyuJxuTKgtETCWicW%2B9v0MYAY5DsFcED"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 776c305ebbd90eb0-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET

https://592773xgg.com/b8f4ca3ef0114a5c95b8ebb31ef7dbcc.gif

msedge.exe

Remote address:

45.61.212.229:443

Request

GET /b8f4ca3ef0114a5c95b8ebb31ef7dbcc.gif HTTP/1.1
Host: 592773xgg.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: http://www.cunsongbiaodai.net:2022/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Cache-Control: max-age=604800
ETag: "63765257-636a0"
Date: Tue, 29 Nov 2022 13:36:48 GMT
Content-Type: image/gif
Server: nginx
Last-Modified: Thu, 17 Nov 2022 15:25:11 GMT
Accept-Ranges: bytes
X-Cache: HIT from cloud-us3-cdnb-29
Content-Length: 407200
GET

https://max007.top/92f0c144d76dd785f7c04f84ae149b33.gif

msedge.exe

Remote address:

188.114.96.0:443

Request

GET /92f0c144d76dd785f7c04f84ae149b33.gif HTTP/2.0
host: max007.top
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: http://www.cunsongbiaodai.net:2022/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 09 Dec 2022 07:57:16 GMT
content-type: image/gif
content-length: 354278
last-modified: Fri, 02 Dec 2022 09:18:24 GMT
etag: "6389c2e0-567e6"
expires: Sun, 01 Jan 2023 09:30:20 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 599216
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KleB%2FWXAxWG3reG8Ywxfus3A6ok8BBE0iUlRyCXXjr6mpAQX7mmMtTl8glXP5t1Xej4qyJ3cwPJbn5EimeWcDp2CTVgQcEGK%2BWhxHbAec9mDPl5dCL0bcKs4PZdk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 776c305f9fb00bc0-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
POST

https://nav.smartscreen.microsoft.com/api/browser/edge/telemetry

msedge.exe

Remote address:

20.67.219.150:443

Request

POST /api/browser/edge/telemetry HTTP/1.1
Connection: Keep-Alive
Content-Type: application/json
Authorization: SmartScreenHash eyJhdXRoSWQiOiIzODFkZGQxZS1lNjAwLTQyZGUtOTRlZC04YzM0YmY3M2YxNmQiLCJoYXNoIjoiN0xyWU1kMkxCd0E9Iiwia2V5IjoiWUhlbUJYdXVOMVZYYUljK0xVVjYzdz09In0=
User-Agent: SmartScreen/281479409565696
Content-Length: 2581
Host: nav.smartscreen.microsoft.com

Response

HTTP/1.1 200 OK

Cache-Control: max-age=0, private
Content-Length: 0
Server: Microsoft-HTTPAPI/2.0
X-SmartScreen-Flight-Vector: enableProxyLeniency,IsArsFmsIntegrationEnabled,IsCurfId0LoggingEnabled,isCurfTstEnabled,isNpPIOverrideBlockEnabled,ListApiE5V2Enabled,npSettings2004,SendGeoMapInSettingsToNewAnaheimClient,SrcEOPEnabled,topTrafficV2Enabled,UpdateOnMissingEtagEnabled,updateSigningCert,updateSigningCertForRS3RS4
Date: Fri, 09 Dec 2022 07:57:15 GMT
Connection: close
GET

https://kvthhh.top/387aa3cb8bec96e607972d99d3ac1058.gif

msedge.exe

Remote address:

104.21.235.66:443

Request

GET /387aa3cb8bec96e607972d99d3ac1058.gif HTTP/2.0
host: kvthhh.top
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: http://www.cunsongbiaodai.net:2022/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 09 Dec 2022 07:57:16 GMT
content-type: image/gif
content-length: 217499
last-modified: Mon, 29 Aug 2022 07:44:30 GMT
etag: "630c6e5e-3519b"
expires: Sat, 07 Jan 2023 07:46:03 GMT
cache-control: max-age=16070400
cf-cache-status: HIT
age: 87073
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jALdshux%2FV5t1vRpmQN3m4TXWZF57RGqlXvdY9IZ%2FaqoP6iL5yB8%2BgUH%2BDZ%2BsALokeFdbaCS4rzSqhNGBTqv%2Bx1gDDe8TtBE3PGxp3DLjiIcSnjYqZhfHGlqK%2FlH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 776c3060cb580c81-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET

https://kvtfff.top/19b37b6adb0139b1398282e2e5b2e562.gif

msedge.exe

Remote address:

104.21.233.216:443

Request

GET /19b37b6adb0139b1398282e2e5b2e562.gif HTTP/2.0
host: kvtfff.top
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: http://www.cunsongbiaodai.net:2022/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 09 Dec 2022 07:57:16 GMT
content-type: image/gif
content-length: 392902
last-modified: Wed, 26 Oct 2022 07:56:54 GMT
etag: "6358e846-5fec6"
expires: Sun, 08 Jan 2023 05:44:53 GMT
cache-control: max-age=5356800
cf-cache-status: HIT
age: 7943
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7SFiykr8S6a4zkvVFE81pJ33e%2FdIam4kJQ%2FdpAzv9Z3eZFyHefuRuw3%2BZU%2Bj7SDyYO355tOfbhEIwOt8BPT5t1Txb4D7bh%2FrLurZbgNe5558pe3X5fIvWeEEo3IG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 776c3060cc18b8d2-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET

https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

msedge.exe

Remote address:

8.8.4.4:443

Request

GET /dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity

209.197.3.8:80

52 B
1
209.197.3.8:80

260 B
5
104.193.88.126:80

hi.baidu.com

cb80c32d2f1bf7d590263d50e98bf726d130e957542689fda9671f55b732ec7d.exe

260 B
5
104.193.88.125:80

hi.baidu.com

cb80c32d2f1bf7d590263d50e98bf726d130e957542689fda9671f55b732ec7d.exe

260 B
5
93.184.220.29:80

322 B
7
93.184.220.29:80

322 B
7
8.253.225.254:80

322 B
7
8.253.225.254:80

322 B
7
209.197.3.8:80

260 B
5
209.197.3.8:80

260 B
5
8.8.4.4:443

dns.google

tls

msedge.exe

907 B
5.3kB
7
8
8.8.4.4:443

dns.google

tls, https

msedge.exe

999 B
6.3kB
9
8
8.8.4.4:443

dns.google

tls, https

msedge.exe

999 B
6.3kB
9
8
8.8.4.4:443

https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwRiaW5nA2NvbQAAAQABAAApEAAAAAAAAFcADABTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

tls, http2

msedge.exe

2.8kB
10.6kB
24
28

HTTP Request

GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

HTTP Request

GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

HTTP Request

GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

HTTP Request

GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

HTTP Request

GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwRiaW5nA2NvbQAAAQABAAApEAAAAAAAAFcADABTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
8.8.4.4:443

dns.google

tls, https

msedge.exe

999 B
6.3kB
9
8
8.8.4.4:443

dns.google

tls, https

msedge.exe

999 B
6.3kB
9
8
8.8.4.4:443

dns.google

tls, https

msedge.exe

999 B
6.3kB
9
8
209.197.3.8:80

322 B
7
20.82.250.189:443

https://nav.smartscreen.microsoft.com/api/browser/edge/actions

tls, http

msedge.exe

2.3kB
12.2kB
14
14

HTTP Request

POST https://nav.smartscreen.microsoft.com/api/browser/edge/actions

HTTP Response

200
20.86.249.62:443

https://smartscreen-prod.microsoft.com/api/browser/edge/data/settings

tls, http

msedge.exe

6.5kB
141.5kB
84
109

HTTP Request

POST https://smartscreen-prod.microsoft.com/api/browser/edge/data/settings

HTTP Response

200
20.86.249.62:443

https://smartscreen-prod.microsoft.com/windows/browser/edge/data/toptraffic?pushCert=false&os=10.0.19041.1288.vb_release&flight=%7B%22ETag%22%3A%22%5C%22SR06wDvlcotAkLHs%2FanIptf%2FMEBWEfenzY%2F0XUTx93w%3D%5C%22%22%2C%22Ids%22%3A%5B%22P-R-1021007-4-5%2CP-R-99770-9-32%2CP-R-73000-4-30%2CP-R-72999-7-29%2CP-R-70204-3-18%2CP-R-69385-1-5%2CP-R-68026-3-37%2CP-R-68490-1-3%2CP-R-68172-2-4%2CP-R-68175-1-6%2CP-R-68176-2-8%2CP-R-68179-1-3%2CP-R-68306-1-20%2CP-R-68307-1-3%2CP-D-68194-1-2%22%5D%2C%22Settings%22%3A%7B%22Names%22%3Anull%2C%22Ring%22%3A0%2C%22Models%22%3Anull%2C%22ServiceClientModelDetonate%22%3Afalse%2C%22WdsiFeedback%22%3Afalse%2C%22NPFeedbackUriOverride%22%3Anull%2C%22NetworkFilterDetonate%22%3Afalse%2C%22ServicePhishDetonate%22%3Afalse%2C%22ServicePhishDetonateLegacy%22%3Afalse%2C%22ServiceAdhocDetonate%22%3Afalse%2C%22NpSettings2004%22%3Atrue%2C%22UpdateSigningCert%22%3Atrue%2C%22UpdateSigningCertForRS3RS4%22%3Atrue%2C%22NpSettings2004Value%22%3A0%2C%22IsCOCOBlockEnabled%22%3Afalse%2C%22NpIpBlockOverrideValue%22%3A0%2C%22TopTrafficV2Enabled%22%3Atrue%2C%22ListApiE5V2Enabled%22%3Atrue%2C%22IsNpPIOverrideBlockEnabled%22%3Atrue%2C%22TopTrafficV2MobileFlightEnabled%22%3Afalse%2C%22BloomFilterDeltaFlag%22%3A1%2C%22SrcEOPEnabled%22%3Atrue%2C%22IsCurfId0LoggingEnabled%22%3Atrue%2C%22IsCurfId0BlockingEnabled%22%3Afalse%2C%22UpdateOnMissingEtagEnabled%22%3Atrue%2C%22EnableProxyLeniency%22%3Atrue%2C%22IsArsFmsIntegrationEnabled%22%3Atrue%2C%22EnableNsHumorMatch%22%3Afalse%2C%22ApplyNsHumorVerdict%22%3Afalse%2C%22EnableNpSkipNonWeb%22%3Afalse%2C%22SendGeoMapInSettingsToNewAnaheimClient%22%3Atrue%2C%22UmsSrcPhishBNRTEnabled%22%3Afalse%2C%22MTDThrottleFactor%22%3A0.0%2C%22UnsilenceModelGuid%22%3Anull%7D%7D

tls, http

msedge.exe

10.8kB
483.6kB
183
350

HTTP Request

GET https://smartscreen-prod.microsoft.com/windows/browser/edge/data/toptraffic?pushCert=false&os=10.0.19041.1288.vb_release&flight=%7B%22ETag%22%3A%22%5C%22SR06wDvlcotAkLHs%2FanIptf%2FMEBWEfenzY%2F0XUTx93w%3D%5C%22%22%2C%22Ids%22%3A%5B%22P-R-1021007-4-5%2CP-R-99770-9-32%2CP-R-73000-4-30%2CP-R-72999-7-29%2CP-R-70204-3-18%2CP-R-69385-1-5%2CP-R-68026-3-37%2CP-R-68490-1-3%2CP-R-68172-2-4%2CP-R-68175-1-6%2CP-R-68176-2-8%2CP-R-68179-1-3%2CP-R-68306-1-20%2CP-R-68307-1-3%2CP-D-68194-1-2%22%5D%2C%22Settings%22%3A%7B%22Names%22%3Anull%2C%22Ring%22%3A0%2C%22Models%22%3Anull%2C%22ServiceClientModelDetonate%22%3Afalse%2C%22WdsiFeedback%22%3Afalse%2C%22NPFeedbackUriOverride%22%3Anull%2C%22NetworkFilterDetonate%22%3Afalse%2C%22ServicePhishDetonate%22%3Afalse%2C%22ServicePhishDetonateLegacy%22%3Afalse%2C%22ServiceAdhocDetonate%22%3Afalse%2C%22NpSettings2004%22%3Atrue%2C%22UpdateSigningCert%22%3Atrue%2C%22UpdateSigningCertForRS3RS4%22%3Atrue%2C%22NpSettings2004Value%22%3A0%2C%22IsCOCOBlockEnabled%22%3Afalse%2C%22NpIpBlockOverrideValue%22%3A0%2C%22TopTrafficV2Enabled%22%3Atrue%2C%22ListApiE5V2Enabled%22%3Atrue%2C%22IsNpPIOverrideBlockEnabled%22%3Atrue%2C%22TopTrafficV2MobileFlightEnabled%22%3Afalse%2C%22BloomFilterDeltaFlag%22%3A1%2C%22SrcEOPEnabled%22%3Atrue%2C%22IsCurfId0LoggingEnabled%22%3Atrue%2C%22IsCurfId0BlockingEnabled%22%3Afalse%2C%22UpdateOnMissingEtagEnabled%22%3Atrue%2C%22EnableProxyLeniency%22%3Atrue%2C%22IsArsFmsIntegrationEnabled%22%3Atrue%2C%22EnableNsHumorMatch%22%3Afalse%2C%22ApplyNsHumorVerdict%22%3Afalse%2C%22EnableNpSkipNonWeb%22%3Afalse%2C%22SendGeoMapInSettingsToNewAnaheimClient%22%3Atrue%2C%22UmsSrcPhishBNRTEnabled%22%3Afalse%2C%22MTDThrottleFactor%22%3A0.0%2C%22UnsilenceModelGuid%22%3Anull%7D%7D

HTTP Response

200
20.86.249.62:443

https://smartscreen-prod.microsoft.com/windows/browser/edge/data/bloomfilter/x?pushCert=false&flight=%7B%22ETag%22%3A%22%5C%22SR06wDvlcotAkLHs%2FanIptf%2FMEBWEfenzY%2F0XUTx93w%3D%5C%22%22%2C%22Ids%22%3A%5B%22P-R-1021007-4-5%2CP-R-99770-9-32%2CP-R-73000-4-30%2CP-R-72999-7-29%2CP-R-70204-3-18%2CP-R-69385-1-5%2CP-R-68026-3-37%2CP-R-68490-1-3%2CP-R-68172-2-4%2CP-R-68175-1-6%2CP-R-68176-2-8%2CP-R-68179-1-3%2CP-R-68306-1-20%2CP-R-68307-1-3%2CP-D-68194-1-2%22%5D%2C%22Settings%22%3A%7B%22Names%22%3Anull%2C%22Ring%22%3A0%2C%22Models%22%3Anull%2C%22ServiceClientModelDetonate%22%3Afalse%2C%22WdsiFeedback%22%3Afalse%2C%22NPFeedbackUriOverride%22%3Anull%2C%22NetworkFilterDetonate%22%3Afalse%2C%22ServicePhishDetonate%22%3Afalse%2C%22ServicePhishDetonateLegacy%22%3Afalse%2C%22ServiceAdhocDetonate%22%3Afalse%2C%22NpSettings2004%22%3Atrue%2C%22UpdateSigningCert%22%3Atrue%2C%22UpdateSigningCertForRS3RS4%22%3Atrue%2C%22NpSettings2004Value%22%3A0%2C%22IsCOCOBlockEnabled%22%3Afalse%2C%22NpIpBlockOverrideValue%22%3A0%2C%22TopTrafficV2Enabled%22%3Atrue%2C%22ListApiE5V2Enabled%22%3Atrue%2C%22IsNpPIOverrideBlockEnabled%22%3Atrue%2C%22TopTrafficV2MobileFlightEnabled%22%3Afalse%2C%22BloomFilterDeltaFlag%22%3A1%2C%22SrcEOPEnabled%22%3Atrue%2C%22IsCurfId0LoggingEnabled%22%3Atrue%2C%22IsCurfId0BlockingEnabled%22%3Afalse%2C%22UpdateOnMissingEtagEnabled%22%3Atrue%2C%22EnableProxyLeniency%22%3Atrue%2C%22IsArsFmsIntegrationEnabled%22%3Atrue%2C%22EnableNsHumorMatch%22%3Afalse%2C%22ApplyNsHumorVerdict%22%3Afalse%2C%22EnableNpSkipNonWeb%22%3Afalse%2C%22SendGeoMapInSettingsToNewAnaheimClient%22%3Atrue%2C%22UmsSrcPhishBNRTEnabled%22%3Afalse%2C%22MTDThrottleFactor%22%3A0.0%2C%22UnsilenceModelGuid%22%3Anull%7D%7D&os=10.0.19041.1288.vb_release

tls, http

msedge.exe

5.1kB
11.8kB
15
15

HTTP Request

GET https://smartscreen-prod.microsoft.com/windows/browser/edge/data/bloomfilter/x?pushCert=false&flight=%7B%22ETag%22%3A%22%5C%22SR06wDvlcotAkLHs%2FanIptf%2FMEBWEfenzY%2F0XUTx93w%3D%5C%22%22%2C%22Ids%22%3A%5B%22P-R-1021007-4-5%2CP-R-99770-9-32%2CP-R-73000-4-30%2CP-R-72999-7-29%2CP-R-70204-3-18%2CP-R-69385-1-5%2CP-R-68026-3-37%2CP-R-68490-1-3%2CP-R-68172-2-4%2CP-R-68175-1-6%2CP-R-68176-2-8%2CP-R-68179-1-3%2CP-R-68306-1-20%2CP-R-68307-1-3%2CP-D-68194-1-2%22%5D%2C%22Settings%22%3A%7B%22Names%22%3Anull%2C%22Ring%22%3A0%2C%22Models%22%3Anull%2C%22ServiceClientModelDetonate%22%3Afalse%2C%22WdsiFeedback%22%3Afalse%2C%22NPFeedbackUriOverride%22%3Anull%2C%22NetworkFilterDetonate%22%3Afalse%2C%22ServicePhishDetonate%22%3Afalse%2C%22ServicePhishDetonateLegacy%22%3Afalse%2C%22ServiceAdhocDetonate%22%3Afalse%2C%22NpSettings2004%22%3Atrue%2C%22UpdateSigningCert%22%3Atrue%2C%22UpdateSigningCertForRS3RS4%22%3Atrue%2C%22NpSettings2004Value%22%3A0%2C%22IsCOCOBlockEnabled%22%3Afalse%2C%22NpIpBlockOverrideValue%22%3A0%2C%22TopTrafficV2Enabled%22%3Atrue%2C%22ListApiE5V2Enabled%22%3Atrue%2C%22IsNpPIOverrideBlockEnabled%22%3Atrue%2C%22TopTrafficV2MobileFlightEnabled%22%3Afalse%2C%22BloomFilterDeltaFlag%22%3A1%2C%22SrcEOPEnabled%22%3Atrue%2C%22IsCurfId0LoggingEnabled%22%3Atrue%2C%22IsCurfId0BlockingEnabled%22%3Afalse%2C%22UpdateOnMissingEtagEnabled%22%3Atrue%2C%22EnableProxyLeniency%22%3Atrue%2C%22IsArsFmsIntegrationEnabled%22%3Atrue%2C%22EnableNsHumorMatch%22%3Afalse%2C%22ApplyNsHumorVerdict%22%3Afalse%2C%22EnableNpSkipNonWeb%22%3Afalse%2C%22SendGeoMapInSettingsToNewAnaheimClient%22%3Atrue%2C%22UmsSrcPhishBNRTEnabled%22%3Afalse%2C%22MTDThrottleFactor%22%3A0.0%2C%22UnsilenceModelGuid%22%3Anull%7D%7D&os=10.0.19041.1288.vb_release

HTTP Response

200
8.8.4.4:443

dns.google

tls, https

msedge.exe

999 B
6.3kB
9
8
8.8.4.4:443

dns.google

tls, https

msedge.exe

999 B
6.3kB
9
8
107.163.188.215:80

http://www.3gri.com/static/home/images/ionline.png

http

msedge.exe

22.9kB
814.3kB
320
605

HTTP Request

GET http://www.3gri.com/static/home/dist/css/swiper.min.css

HTTP Response

200

HTTP Request

GET http://www.3gri.com/static/home/css/menu.css

HTTP Response

200

HTTP Request

GET http://www.3gri.com/tj.js

HTTP Response

200

HTTP Request

GET http://www.3gri.com/static/home/kefu/kefu.css

HTTP Response

200

HTTP Request

GET http://www.3gri.com/uploads/admin/system/20210705/44c6841f9f6a15cc21db69197b55a903.jpg

HTTP Response

200

HTTP Request

GET http://www.3gri.com/uploads/admin/focus/20210705/df3685ef9ae768dbee3e3f61dea1273a.jpg

HTTP Response

200

HTTP Request

GET http://www.3gri.com/uploads/admin/focus/20210705/6e48c1b031729b2e3a46e15c30fc1bbf.jpg

HTTP Response

200

HTTP Request

GET http://www.3gri.com/static/home/images/more_r.jpg

HTTP Response

200

HTTP Request

GET http://www.3gri.com/uploads/article/20210705/79e721141e7725e0c5114f5ca07dcebc.jpg

HTTP Response

200

HTTP Request

GET http://www.3gri.com/static/layui/font/iconfont.woff?v=240

HTTP Response

200

HTTP Request

GET http://www.3gri.com/uploads/qrcode/20220716190738.png

HTTP Response

200

HTTP Request

GET http://www.3gri.com/uploads/article/20210705/b6b55b8d02c4d06ee8713b85e534cf94.jpg

HTTP Response

200

HTTP Request

GET http://www.3gri.com/uploads/article/20210705/6ea90d6637f83547676c514d3ee458ae.jpg

HTTP Response

200

HTTP Request

GET http://www.3gri.com/uploads/article/20210705/8f86aabde6e9867fe882bc68243b4a79.jpg

HTTP Response

200

HTTP Request

GET http://www.3gri.com/uploads/article/20210705/c1d4f6a5b40d18bfe21cc4f24c389707.jpg

HTTP Response

200

HTTP Request

GET http://www.3gri.com/static/home/images/ionline.png

HTTP Response

200
107.163.188.215:80

http://www.3gri.com/static/home/images/c_r.png

http

msedge.exe

27.2kB
1.0MB
408
748

HTTP Request

GET http://www.3gri.com/

HTTP Response

200

HTTP Request

GET http://www.3gri.com/static/home/css/reset.css

HTTP Response

200

HTTP Request

GET http://www.3gri.com/static/home/css/my.css

HTTP Response

200

HTTP Request

GET http://www.3gri.com/static/home/css/common.css

HTTP Response

200

HTTP Request

GET http://www.3gri.com/common.js

HTTP Response

200

HTTP Request

GET http://www.3gri.com/static/layui/css/layui.css

HTTP Response

200

HTTP Request

GET http://www.3gri.com/uploads/admin/focus/20210705/9480682652f599c43a1de09144f47b45.jpg

HTTP Response

200

HTTP Request

GET http://www.3gri.com/uploads/admin/focus/20210705/0c1148fabaf3a44f59d8c5855b526cab.jpg

HTTP Response

200

HTTP Request

GET http://www.3gri.com/uploads/article/20210705/9de10706c2ba8b846fad8ddd1d55f75f.jpg

HTTP Response

200

HTTP Request

GET http://www.3gri.com/uploads/article/20210705/97aa5b83fc9c9b8c502c9b56cb578e81.jpg

HTTP Response

200

HTTP Request

GET http://www.3gri.com/uploads/article/20210705/988a44de01f815e4805f17bb959bcc0a.jpg

HTTP Response

200

HTTP Request

GET http://www.3gri.com/uploads/admin/system/20210706/4f1fa75c3c44fca88088a3396d384407.png

HTTP Response

200

HTTP Request

GET http://www.3gri.com/uploads/article/20210705/f17c6fc0fb5cd20cfa5babffb59b4ddf.jpg

HTTP Response

200

HTTP Request

GET http://www.3gri.com/uploads/article/20210705/307d2b98806bff332bc6169754666b17.jpg

HTTP Response

200

HTTP Request

GET http://www.3gri.com/static/home/images/jiao.png

HTTP Response

200

HTTP Request

GET http://www.3gri.com/static/home/images/c_r.png

HTTP Response

200
20.82.250.189:443

https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2

tls, http

msedge.exe

2.7kB
9.1kB
12
12

HTTP Request

POST https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2

HTTP Response

200
8.8.4.4:443

https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

tls, http2

msedge.exe

1.7kB
2.8kB
12
12

HTTP Request

GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
131.253.33.200:443

www.bing.com

tls

msedge.exe

3.9kB
96.6kB
56
89
45.199.28.200:80

http://45.199.28.200/zhuan/tz.html

http

msedge.exe

757 B
822 B
6
5

HTTP Request

GET http://45.199.28.200/zhuan/tz.html

HTTP Response

200
107.163.188.215:80

http://www.3gri.com/static/home/images/topi.png

http

msedge.exe

5.6kB
173.0kB
69
128

HTTP Request

GET http://www.3gri.com/uploads/article/20210705/31454f0153e560a96f64390c20cfd001.jpg

HTTP Response

200

HTTP Request

GET http://www.3gri.com/uploads/article/20210705/891d693e76f15d0b4757d77237092f82.jpg

HTTP Response

200

HTTP Request

GET http://www.3gri.com/uploads/article/20210705/3d68987378c94301b72d9d7c3ead65c7.jpg

HTTP Response

200

HTTP Request

GET http://www.3gri.com/static/home/images/topi.png

HTTP Response

200
107.163.188.215:80

http://www.3gri.com/static/home/images/wx_bg.png

http

msedge.exe

6.7kB
191.6kB
77
142

HTTP Request

GET http://www.3gri.com/uploads/article/20210705/46b2bc1903f241487333f040f422db5c.jpg

HTTP Response

200

HTTP Request

GET http://www.3gri.com/uploads/article/20210705/5f84141e50b10872324fb1c41b54e205.jpg

HTTP Response

200

HTTP Request

GET http://www.3gri.com/uploads/article/20210705/db754bd30cbe3d4ef4afbbcbefb3a2f4.jpg

HTTP Response

200

HTTP Request

GET http://www.3gri.com/static/home/images/kf_msg.png

HTTP Response

200

HTTP Request

GET http://www.3gri.com/static/home/images/wx_bg.png

HTTP Response

200
107.163.188.215:80

http://www.3gri.com/static/home/images/wx_bg2.png

http

msedge.exe

7.4kB
230.5kB
91
169

HTTP Request

GET http://www.3gri.com/uploads/article/20210705/2f97849a1367b7ce0f2dc82c843cf32c.jpg

HTTP Response

200

HTTP Request

GET http://www.3gri.com/uploads/article/20210705/1d19e1b134b90a1bf199f3a42c374ec0.jpg

HTTP Response

200

HTTP Request

GET http://www.3gri.com/uploads/article/20210705/303df98a5b9397f62a4721d645f6aa9b.jpg

HTTP Response

200

HTTP Request

GET http://www.3gri.com/static/home/images/qq_1.jpg

HTTP Response

200

HTTP Request

GET http://www.3gri.com/static/home/images/wx_bg2.png

HTTP Response

200
107.163.188.215:80

http://www.3gri.com/static/home/images/c_l.png

http

msedge.exe

6.0kB
148.2kB
62
111

HTTP Request

GET http://www.3gri.com/uploads/article/20210705/2ef1a0e63454cab31ea0f48fd9a109c7.jpg

HTTP Response

200

HTTP Request

GET http://www.3gri.com/static/layui/font/iconfont.ttf?v=240

HTTP Response

200

HTTP Request

GET http://www.3gri.com/uploads/article/20210705/dff2dbdfcd6ef9bb6b2cec8c8983d064.jpg

HTTP Response

200

HTTP Request

GET http://www.3gri.com/static/home/images/kf_ri.png

HTTP Response

200

HTTP Request

GET http://www.3gri.com/static/home/images/c_l.png

HTTP Response

200
20.67.219.150:443

https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2

tls, http

msedge.exe

4.2kB
9.2kB
14
13

HTTP Request

POST https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2

HTTP Response

200
154.216.67.117:2022

http://www.cunsongbiaodai.net:2022/template/1147/images/a1-link2.jpg

http

msedge.exe

2.6kB
25.3kB
18
25

HTTP Request

GET http://www.cunsongbiaodai.net:2022/

HTTP Response

200

HTTP Request

GET http://www.cunsongbiaodai.net:2022/template/1147/images/style.css

HTTP Response

200

HTTP Request

GET http://www.cunsongbiaodai.net:2022/template/1147/images/a1.jpg

HTTP Response

200

HTTP Request

GET http://www.cunsongbiaodai.net:2022/template/1147/images/a1-link2.jpg

HTTP Response

200
20.67.219.150:443

https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2

tls, http

msedge.exe

2.8kB
9.1kB
13
12

HTTP Request

POST https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2

HTTP Response

200
154.216.67.117:2022

http://www.cunsongbiaodai.net:2022/template/1147/images/button2-bg.jpg

http

msedge.exe

1.8kB
40.2kB
21
34

HTTP Request

GET http://www.cunsongbiaodai.net:2022/template/1147/js/jquery.js

HTTP Response

200

HTTP Request

GET http://www.cunsongbiaodai.net:2022/template/1147/images/button2-bg.jpg

HTTP Response

200
47.253.50.2:80

http://sdk.51.la/js-sdk-pro.min.js

http

msedge.exe

1.4kB
27.5kB
16
24

HTTP Request

GET http://sdk.51.la/js-sdk-pro.min.js

HTTP Response

200

HTTP Request

GET http://sdk.51.la/js-sdk-pro.min.js

HTTP Response

200
131.253.33.239:443

edge.microsoft.com

tls

msedge.exe

1.9kB
7.3kB
12
16
103.143.19.103:80

http://collect-v6.51.la/v6/collect?dt=4

http

msedge.exe

3.5kB
2.4kB
12
9

HTTP Request

POST http://collect-v6.51.la/v6/collect?dt=4

HTTP Response

200

HTTP Request

POST http://collect-v6.51.la/v6/collect?dt=4

HTTP Response

200
103.143.19.103:80

msedge.exe

196 B
52 B
4
1
182.61.240.101:80

http://push.zhanzhang.baidu.com/push.js

http

msedge.exe

1.2kB
3.4kB
11
10

HTTP Request

GET http://push.zhanzhang.baidu.com/push.js

HTTP Response

200

HTTP Request

GET http://push.zhanzhang.baidu.com/push.js

HTTP Response

200
182.61.240.101:80

msedge.exe

328 B
252 B
7
6
204.79.197.200:443

98 B
52 B
2
1
154.216.67.117:2022

msedge.exe

190 B
144 B
4
3
154.216.67.117:2022

http://www.cunsongbiaodai.net:2022/static/images/nopic.gif

http

msedge.exe

1.3kB
9.3kB
10
12

HTTP Request

GET http://www.cunsongbiaodai.net:2022/template/1147/images/rating-good.png

HTTP Response

200

HTTP Request

GET http://www.cunsongbiaodai.net:2022/static/images/nopic.gif

HTTP Response

200
185.239.226.87:443

msedge.exe

260 B
5
182.61.201.93:80

msedge.exe

426 B
252 B
9
6
185.239.226.87:443

img.1134555.com

tls

msedge.exe

2.3kB
5.5kB
15
19
156.232.91.99:443

https://7780tp.com/7780/980x60.gif

tls, http

msedge.exe

5.2kB
221.4kB
88
165

HTTP Request

GET https://7780tp.com/7780/980x60.gif

HTTP Response

200
156.232.91.99:443

https://7780tp.com/7780/200x200.gif

tls, http

msedge.exe

4.0kB
148.8kB
62
113

HTTP Request

GET https://7780tp.com/7780/200x200.gif

HTTP Response

200
45.154.215.92:443

https://kzeaa.com/92f0c144d76dd785f7c04f84ae149b33.gif

tls, http2

msedge.exe

1.7kB
6.2kB
13
14

HTTP Request

GET https://kzeaa.com/92f0c144d76dd785f7c04f84ae149b33.gif

HTTP Response

301
154.83.27.196:443

https://65688qp.com/tp/980x60s.gif

tls, http

msedge.exe

7.8kB
380.9kB
145
279

HTTP Request

GET https://65688qp.com/tp/980x60s.gif

HTTP Response

200
5.180.83.51:443

pt1.putaozy.info

tls

msedge.exe

8.8kB
142.7kB
68
112
5.180.83.51:443

pt1.putaozy.info

tls

msedge.exe

11.8kB
375.8kB
160
291
5.180.83.51:443

pt1.putaozy.info

tls

msedge.exe

11.1kB
295.6kB
132
232
5.180.83.51:443

pt1.putaozy.info

tls

msedge.exe

8.7kB
215.5kB
94
163
5.180.83.51:443

pt1.putaozy.info

tls

msedge.exe

9.5kB
251.0kB
110
196
5.180.83.51:443

pt1.putaozy.info

tls

msedge.exe

10.3kB
311.4kB
128
232
154.83.24.157:443

https://678tktp.com/tp/980x60.gif

tls, http

msedge.exe

2.5kB
54.3kB
28
46

HTTP Request

GET https://678tktp.com/tp/980x60.gif

HTTP Response

200
134.122.133.169:80

http://xx.9820668.com/9820/960-80A.gif

http

msedge.exe

1.1kB
31.2kB
16
25

HTTP Request

GET http://xx.9820668.com/9820/960-80A.gif

HTTP Response

200
188.114.96.0:80

http://www.tongji-badu.cc/5564/vdiojp.js?v=122022128

http

msedge.exe

639 B
1.9kB
6
6

HTTP Request

GET http://www.tongji-badu.cc/5564/vdiojp.js?v=122022128

HTTP Response

200
154.83.27.196:443

https://65688qp.com/tp/93200s.gif

tls, http

msedge.exe

5.3kB
224.2kB
89
167

HTTP Request

GET https://65688qp.com/tp/93200s.gif

HTTP Response

200
23.224.136.90:443

data1.huakuibf1.com

tls

msedge.exe

863 B
3.7kB
7
7
23.224.136.90:443

data1.huakuibf1.com

tls

msedge.exe

863 B
3.7kB
7
7
23.224.136.90:443

data1.huakuibf1.com

tls

msedge.exe

863 B
3.7kB
7
7
23.224.136.90:443

data1.huakuibf1.com

tls

msedge.exe

863 B
3.7kB
7
7
23.224.136.90:443

data1.huakuibf1.com

tls

msedge.exe

863 B
3.7kB
7
7
23.224.136.90:443

data1.huakuibf1.com

tls

msedge.exe

863 B
3.7kB
7
7
134.122.133.131:443

www.9304hhh999.vip

tls

msedge.exe

2.5kB
51.9kB
26
41
182.61.201.93:80

http://api.share.baidu.com/s.gif?r=http%3A%2F%2F45.199.28.200%2F&l=http://www.cunsongbiaodai.net:2022/

http

msedge.exe

1.4kB
916 B
11
11

HTTP Request

GET http://api.share.baidu.com/s.gif?l=http://www.3gri.com/

HTTP Response

200

HTTP Request

GET http://api.share.baidu.com/s.gif?r=http%3A%2F%2F45.199.28.200%2F&l=http://www.cunsongbiaodai.net:2022/

HTTP Response

200
47.75.19.39:443

kaiyuan-advertising.oss-cn-hongkong.aliyuncs.com

tls

msedge.exe

3.6kB
4.6kB
11
11
173.82.163.115:443

6651tp.com

tls, https

msedge.exe

1.1kB
6.1kB
12
11
173.82.163.115:443

https://6651tp.com/51201.gif

tls, http2

msedge.exe

5.0kB
193.5kB
83
149

HTTP Request

GET https://6651tp.com/980x60.gif

HTTP Request

GET https://6651tp.com/51201.gif

HTTP Response

200

HTTP Response

200
173.82.163.115:443

6651tp.com

tls

msedge.exe

1.1kB
6.0kB
11
10
134.122.133.169:80

msedge.exe

144 B
104 B
3
2
134.122.133.131:443

www.9304hhh999.vip

tls

msedge.exe

1.0kB
3.7kB
8
6
47.75.19.39:443

kaiyuan-advertising.oss-cn-hongkong.aliyuncs.com

tls

msedge.exe

7.2kB
271.5kB
107
203
112.13.110.3:443

kjimg10.360buyimg.com

tls, https

msedge.exe

1.1kB
6.2kB
11
11
112.13.110.3:443

kjimg10.360buyimg.com

tls, https

msedge.exe

1.1kB
6.2kB
11
11
112.13.110.3:443

https://kjimg10.360buyimg.com/ott/jfs/t1/222610/4/20743/688878/6380d41fEdd27fc60/810ef977e1cd11c0.gif

tls, http2

msedge.exe

37.2kB
2.1MB
778
1508

HTTP Request

GET https://kjimg10.360buyimg.com/ott/jfs/t1/182609/5/30676/315400/6380d0eeE6d07d2ae/93cc2b27e4f04ca4.gif

HTTP Request

GET https://kjimg10.360buyimg.com/ott/jfs/t1/120993/16/33030/1021535/6380d2dbE2ee6e05e/c45dd20fdac2727b.gif

HTTP Request

GET https://kjimg10.360buyimg.com/ott/jfs/t1/222610/4/20743/688878/6380d41fEdd27fc60/810ef977e1cd11c0.gif

HTTP Response

200

HTTP Response

200

HTTP Response

200
185.239.226.87:443

img.u1662.com

tls

msedge.exe

2.3kB
5.4kB
14
17
43.129.255.47:443

p.qlogo.cn

tls

msedge.exe

5.5kB
220.4kB
93
167
137.175.11.239:443

https://kveww.com/99462c01e85acc1311bebac224df6cce.gif

tls, http2

msedge.exe

1.8kB
6.3kB
15
17

HTTP Request

GET https://kveww.com/99462c01e85acc1311bebac224df6cce.gif

HTTP Response

301
104.143.94.110:443

https://kvezz.com/95ca29ec3907b3bf2d8a24b35e3eda22.gif

tls, http2

msedge.exe

1.7kB
6.1kB
12
14

HTTP Request

GET https://kvezz.com/95ca29ec3907b3bf2d8a24b35e3eda22.gif

HTTP Response

301
216.83.58.14:80

http://www.duyao1.com/xtb.gif

http

msedge.exe

6.0kB
321.1kB
121
234

HTTP Request

GET http://www.duyao1.com/xtb.gif

HTTP Response

200
60.244.96.178:443

https://8644aaw.com/a.gif

tls, http2

msedge.exe

8.7kB
416.0kB
166
307

HTTP Request

GET https://8644aaw.com/a.gif

HTTP Response

200
137.175.13.78:443

https://kvhmm.com/19b37b6adb0139b1398282e2e5b2e562.gif

tls, http2

msedge.exe

1.7kB
3.5kB
13
14

HTTP Request

GET https://kvhmm.com/19b37b6adb0139b1398282e2e5b2e562.gif

HTTP Response

301
45.154.215.92:443

https://kzepp.com/387aa3cb8bec96e607972d99d3ac1058.gif

tls, http2

msedge.exe

1.7kB
3.4kB
12
12

HTTP Request

GET https://kzepp.com/387aa3cb8bec96e607972d99d3ac1058.gif

HTTP Response

301
185.239.226.87:443

img.1151555.com

tls

msedge.exe

2.3kB
5.5kB
14
19
23.224.136.90:443

data1.huakuibf1.com

tls

msedge.exe

863 B
3.7kB
7
7
23.224.136.90:443

data1.huakuibf1.com

tls

msedge.exe

863 B
3.7kB
7
6
23.224.136.90:443

data1.huakuibf1.com

tls

msedge.exe

863 B
3.7kB
7
7
104.109.143.91:80

http://apps.identrust.com/roots/dstrootcax3.p7c

http

msedge.exe

416 B
1.7kB
6
5

HTTP Request

GET http://apps.identrust.com/roots/dstrootcax3.p7c

HTTP Response

200
104.109.143.91:80

http://apps.identrust.com/roots/dstrootcax3.p7c

http

msedge.exe

416 B
1.7kB
6
5

HTTP Request

GET http://apps.identrust.com/roots/dstrootcax3.p7c

HTTP Response

200
104.109.143.91:80

http://apps.identrust.com/roots/dstrootcax3.p7c

http

msedge.exe

416 B
1.7kB
6
5

HTTP Request

GET http://apps.identrust.com/roots/dstrootcax3.p7c

HTTP Response

200
104.109.143.91:80

http://apps.identrust.com/roots/dstrootcax3.p7c

http

msedge.exe

416 B
1.7kB
6
5

HTTP Request

GET http://apps.identrust.com/roots/dstrootcax3.p7c

HTTP Response

200
104.109.143.91:80

http://apps.identrust.com/roots/dstrootcax3.p7c

http

msedge.exe

416 B
1.7kB
6
5

HTTP Request

GET http://apps.identrust.com/roots/dstrootcax3.p7c

HTTP Response

200
43.129.255.47:443

p.qlogo.cn

tls

msedge.exe

1.0kB
5.0kB
8
10
104.143.94.110:443

kvezz.com

tls, https

msedge.exe

1.1kB
5.8kB
10
13
112.13.110.3:443

kjimg10.360buyimg.com

tls, https

msedge.exe

1.6kB
6.2kB
11
11
60.244.96.178:443

8644aaw.com

tls, https

msedge.exe

1.0kB
5.8kB
9
12
198.2.213.130:443

https://gg72a1.com/gg/960x60-2.gif

tls, http2

msedge.exe

13.3kB
591.2kB
257
433

HTTP Request

GET https://gg72a1.com/gg/960x60-2.gif

HTTP Response

200
23.224.145.196:443

sm45t.com

tls

msedge.exe

5.9kB
241.6kB
102
184
172.247.109.205:443

8499583.com

tls

msedge.exe

4.8kB
182.6kB
78
139
172.247.109.205:443

8499583.com

tls

msedge.exe

1.1kB
6.0kB
10
9
198.2.213.130:443

gg72a1.com

tls, https

msedge.exe

1.0kB
5.9kB
9
12
23.224.145.196:443

sm45t.com

tls

msedge.exe

1.1kB
5.4kB
11
13
172.247.109.205:443

8499583.com

tls

msedge.exe

1.1kB
6.2kB
10
12
104.21.235.31:443

https://kvhxxx.top/99462c01e85acc1311bebac224df6cce.gif

tls, http2

msedge.exe

16.3kB
808.2kB
330
615

HTTP Request

GET https://kvhxxx.top/99462c01e85acc1311bebac224df6cce.gif

HTTP Response

200
188.114.96.0:443

https://kvkmmm.top/95ca29ec3907b3bf2d8a24b35e3eda22.gif

tls, http2

msedge.exe

8.5kB
420.0kB
160
306

HTTP Request

GET https://kvkmmm.top/95ca29ec3907b3bf2d8a24b35e3eda22.gif

HTTP Response

200
45.61.212.229:443

https://592773xgg.com/b8f4ca3ef0114a5c95b8ebb31ef7dbcc.gif

tls, http

msedge.exe

8.7kB
427.7kB
163
314

HTTP Request

GET https://592773xgg.com/b8f4ca3ef0114a5c95b8ebb31ef7dbcc.gif

HTTP Response

200
188.114.96.0:443

https://max007.top/92f0c144d76dd785f7c04f84ae149b33.gif

tls, http2

msedge.exe

7.9kB
372.3kB
149
277

HTTP Request

GET https://max007.top/92f0c144d76dd785f7c04f84ae149b33.gif

HTTP Response

200
20.67.219.150:443

https://nav.smartscreen.microsoft.com/api/browser/edge/telemetry

tls, http

msedge.exe

4.0kB
8.2kB
13
11

HTTP Request

POST https://nav.smartscreen.microsoft.com/api/browser/edge/telemetry

HTTP Response

200
47.246.48.230:443

p3.douyinpic.com

tls

msedge.exe

1.0kB
4.5kB
9
8
47.246.48.230:443

p3.douyinpic.com

tls

msedge.exe

40.0kB
1.4MB
682
1007
47.246.48.230:443

p3.douyinpic.com

tls

msedge.exe

1.0kB
4.5kB
9
8
45.61.212.229:443

592773xgg.com

tls

msedge.exe

1.1kB
7.4kB
11
13
104.21.235.66:443

https://kvthhh.top/387aa3cb8bec96e607972d99d3ac1058.gif

tls, http2

msedge.exe

6.7kB
231.3kB
118
173

HTTP Request

GET https://kvthhh.top/387aa3cb8bec96e607972d99d3ac1058.gif

HTTP Response

200
104.21.233.216:443

https://kvtfff.top/19b37b6adb0139b1398282e2e5b2e562.gif

tls, http2

msedge.exe

8.4kB
412.1kB
159
302

HTTP Request

GET https://kvtfff.top/19b37b6adb0139b1398282e2e5b2e562.gif

HTTP Response

200
47.75.19.145:443

528791725.com

tls

msedge.exe

13.7kB
725.6kB
271
527
47.75.19.145:443

528791725.com

tls

msedge.exe

1.0kB
6.8kB
9
11
8.8.4.4:443

https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

tls, http2

msedge.exe

1.5kB
7.5kB
13
14

HTTP Request

GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

8.8.8.8:53

hi.baidu.com

dns

cb80c32d2f1bf7d590263d50e98bf726d130e957542689fda9671f55b732ec7d.exe

58 B
143 B
1
1

DNS Request

hi.baidu.com

DNS Response

104.193.88.126

104.193.88.125
8.8.8.8:53

dns.google

dns

msedge.exe

56 B
88 B
1
1

DNS Request

dns.google

DNS Response

8.8.4.4

8.8.8.8
8.8.8.8:53

nav.smartscreen.microsoft.com

dns

msedge.exe

75 B
200 B
1
1

DNS Request

nav.smartscreen.microsoft.com

DNS Response

20.82.250.189
8.8.8.8:53

smartscreen-prod.microsoft.com

dns

msedge.exe

76 B
199 B
1
1

DNS Request

smartscreen-prod.microsoft.com

DNS Response

20.86.249.62
8.8.8.8:53

www.3gri.com

dns

msedge.exe

58 B
74 B
1
1

DNS Request

www.3gri.com

DNS Response

107.163.188.215
224.0.0.251:5353

1.0kB
16
8.8.4.4:443

dns.google

https

msedge.exe

24.9kB
51.1kB
187
223
8.8.8.8:53

nav.smartscreen.microsoft.com

dns

msedge.exe

75 B
200 B
1
1

DNS Request

nav.smartscreen.microsoft.com

DNS Response

20.67.219.150
8.8.8.8:53

apps.identrust.com

dns

msedge.exe

64 B
165 B
1
1

DNS Request

apps.identrust.com

DNS Response

104.109.143.91

104.109.143.75

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2592-137-0x0000000000400000-0x000000000075C000-memory.dmp

Filesize
3.4MB

Download
memory/2592-139-0x0000000010000000-0x0000000010020000-memory.dmp

Filesize
128KB

Download
memory/2592-140-0x0000000000400000-0x000000000075C000-memory.dmp

Filesize
3.4MB

Download
memory/2592-141-0x0000000000D00000-0x0000000000D8D000-memory.dmp

Filesize
564KB

Download
memory/2592-138-0x0000000000D00000-0x0000000000D8D000-memory.dmp

Filesize
564KB

Download
memory/2592-144-0x0000000000400000-0x000000000075C000-memory.dmp

Filesize
3.4MB

Download
memory/2592-136-0x0000000010000000-0x0000000010020000-memory.dmp

Filesize
128KB

Download
memory/2592-135-0x0000000010000000-0x0000000010020000-memory.dmp

Filesize
128KB

Download
memory/2592-132-0x0000000000400000-0x000000000075C000-memory.dmp

Filesize
3.4MB

Download
memory/2592-133-0x0000000010000000-0x0000000010020000-memory.dmp

Filesize
128KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response