Edit tour

Windows Analysis Report
http://aa5aa5aa5aa5aa44.app/

Overview

General Information

Sample URL:	http://aa5aa5aa5aa5aa44.app/
Analysis ID:	1520328
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

HTML body with high number of embedded images detected

Classification

Process Tree

System is w10x64

chrome.exe (PID: 6428 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 5340 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=2024,i,4110611763947970368,17166306496067060294,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 5828 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://aa5aa5aa5aa5aa44.app/" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

HTTP traffic detected: POST /stat.htm?id=1281366638&r=&lg=en-us&ntime=none&cnzz_eid=1701857660-1727417946-&showp=1280x1024&p=http%3A%2F%2Faa5aa5aa5aa5aa44.app%2F&t=%E7%88%B1%E7%88%B1%E7%BD%91&umuuid=19232220dae2bd-07a6196558f62e-26031e51-140000-19232220daf416&h=1 HTTP/1.1Host: z6.cnzz.comConnection: keep-aliveContent-Length: 0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: http://aa5aa5aa5aa5aa44.appSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: TengineContent-Type: text/plainContent-Length: 18Connection: closeDate: Fri, 27 Sep 2024 06:19:14 GMTAccess-Control-Allow-Credentials: falseAccess-Control-Allow-Headers: Access-Control-Allow-Methods: Access-Control-Allow-Origin: Access-Control-Expose-Headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers,Cache-Control,Content-Language,Content-Type,Expires,Last-Modified,Pragma,FooBarAccess-Control-Max-Age: 172800x-alicdn-da-ups-status: endOs,0,404Via: cache16.l2hk3[11,0], ens-cache2.de7[221,0]Timing-Allow-Origin: EagleId: a3b5839617274179544764956e
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: TengineContent-Type: text/plainContent-Length: 18Connection: closeDate: Fri, 27 Sep 2024 06:19:14 GMTAccess-Control-Allow-Credentials: falseAccess-Control-Allow-Headers: Access-Control-Allow-Methods: Access-Control-Allow-Origin: Access-Control-Expose-Headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers,Cache-Control,Content-Language,Content-Type,Expires,Last-Modified,Pragma,FooBarAccess-Control-Max-Age: 172800x-alicdn-da-ups-status: endOs,0,404Via: cache19.l2hk3[12,0], ens-cache7.de7[227,0]Timing-Allow-Origin: EagleId: a3b5839b17274179544908503e
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: TengineContent-Type: text/plainContent-Length: 18Connection: closeDate: Fri, 27 Sep 2024 06:19:14 GMTAccess-Control-Allow-Credentials: falseAccess-Control-Allow-Headers: Access-Control-Allow-Methods: Access-Control-Allow-Origin: Access-Control-Expose-Headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers,Cache-Control,Content-Language,Content-Type,Expires,Last-Modified,Pragma,FooBarAccess-Control-Max-Age: 172800x-alicdn-da-ups-status: endOs,0,404Via: cache22.l2hk3[12,0], ens-cache5.de7[221,0]Timing-Allow-Origin: EagleId: a3b5839917274179545051865e
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: TengineContent-Type: text/plainContent-Length: 18Connection: closeDate: Fri, 27 Sep 2024 06:19:14 GMTAccess-Control-Allow-Credentials: falseAccess-Control-Allow-Headers: Access-Control-Allow-Methods: Access-Control-Allow-Origin: Access-Control-Expose-Headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers,Cache-Control,Content-Language,Content-Type,Expires,Last-Modified,Pragma,FooBarAccess-Control-Max-Age: 172800x-alicdn-da-ups-status: endOs,0,404Via: cache7.l2hk3[11,0], ens-cache3.de7[228,0]Timing-Allow-Origin: EagleId: a3b5839717274179545063682e

Source: chromecache_117.4.dr, chromecache_101.4.dr	String found in binary or memory: http://gaode.com
Source: chromecache_117.4.dr, chromecache_101.4.dr	String found in binary or memory: http://m.amap.com
Source: chromecache_98.4.dr, chromecache_86.4.dr	String found in binary or memory: https://quanjing.cnzz.com
Source: chromecache_117.4.dr, chromecache_101.4.dr	String found in binary or memory: https://webapi.amap.com
Source: chromecache_98.4.dr, chromecache_86.4.dr	String found in binary or memory: https://www.cnzz.com/stat/website.php?web_id=

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49741 version: TLS 1.2

Source: classification engine

Classification label: mal56.win@16/74@41/15

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=2024,i,4110611763947970368,17166306496067060294,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://aa5aa5aa5aa5aa44.app/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=2024,i,4110611763947970368,17166306496067060294,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: chromecache_101.4.dr

Binary or memory string: (function(config){!function(global,factory){"object"==typeof exports&&"undefined"!=typeof module?module.exports=factory():"function"==typeof define&&define.amd?define(factory):(global=global||self).AMap=factory()}(this,function(){"use strict";var shared,worker,AMap;function define(_,chunk){var sharedChunk,workerBundleString;shared?worker?(workerBundleString='var sharedChunk = {key:"'+config[0]+'",db:"'+(config[14]||"")+'",nebulaVersion:"'+(config[15]||"")+'",movingDraw:'+Boolean(window.movingDraw)+',host:"'+config[2]+'",}; ('+shared+")(sharedChunk); ("+worker+")(sharedChunk);",sharedChunk={key:config[0],movingDraw:window.movingDraw},shared(sharedChunk),sharedChunk=chunk(sharedChunk),workerBundleString="undefined"!=typeof URL?window.URL.createObjectURL(new Blob([workerBundleString],{type:"text/javascript"})):"",(AMap=sharedChunk(config)).getConfig().workerUrl=workerBundleString):worker=chunk:shared=chunk}define(["exports"],function(exports){var extend=function(f){for(var t,r,i=Array.prototype.slice.call(arguments,1),o=0,n=i.length;o<n;o+=1)for(var a in t=i[o]||{})t.hasOwnProperty(a)&&("function"==typeof(r=t[a])&&f.prototype?f.prototype[a]=r:f[a]=r);return f};function isBrowser(){return"undefined"!=typeof window&&"undefined"!=typeof document}function isWasmSuppport(){try{if("object"==typeof WebAssembly&&"function"==typeof WebAssembly.instantiate&&TextDecoder&&TextEncoder){var f=new WebAssembly.Module(new Uint8Array([0,97,115,109,1,0,0,0]));if(f instanceof WebAssembly.Module)return new WebAssembly.Instance(f)instanceof WebAssembly.Instance}}catch(f){}return!1}var testWepP=function(f){var e=new Image;e.src="data:image/webp;base64,UklGRi4AAABXRUJQVlA4TCEAAAAvAUAAEB8wAiMwAgSSNtse/cXjxyCCmrYNWPwmHRH9jwMA",e.onload=e.onerror=function(){f(2===e.height)}};function isWorkerEnv(){try{return document,!1}catch(f){return!0}}function getSupport(f){function e(f){return-1!==r.indexOf(f)}var t={runSupport:(new Date).getTime()},j=isWasmSuppport(),r=navigator.userAgent.toLowerCase(),U=!0,i=e("macintosh"),F=e("ipad;")||e("ipad "),o=e("ipod touch;"),n=e("iphone;")||e("iphone "),o=n||F||o,a=(i||o)&&e("safari")&&e("version/"),l=e("macwechat"),s=e("windowswechat"),R={touch:!1,mac:i,Ue:!1,webkit:!1,$e:!1,scale:1,android:!1,DW:isWorkerEnv(),wasm:j,safari:a,AQ:l,gQ:s,amapRunTime:t};if(isBrowser()){var d=window,s=(l=document).documentElement,c=/([a-z0-9]*\d+[a-z0-9]*)/,D="google swiftshader;microsoft basic render driver;vmware svga 3d;Intel 965GM;Intel B43;Intel G41;Intel G45;Intel G965;Intel GMA 3600;Intel Mobile 4;Intel Mobile 45;Intel Mobile 965".split(";"),u="ActiveXObject"in d,y=0!=window.detectRetina&&("devicePixelRatio"in d&&1<d.devicePixelRatio||u&&"matchMedia"in d&&d.matchMedia("(min-resolution:144dpi)")&&d.matchMedia("(min-resolution:144dpi)").matches),B=e("windows nt"),b=(r.search(/windows nt [1-5]\./),r.search(/windows nt 5\.[12]/),e("windows nt 10"),e("windows phone")),G=e("Mb2345Browser"),V=(o&&r.search(/ os [456]_/),o&&r.search(/ os [4-8]_/),o&&r.search(/ os [7

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	1 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://aa5aa5aa5aa5aa44.app/	100%	Avira URL Cloud	malware

Source	Detection	Scanner	Label
https://aawapi-v3.trh999.com/msg_demo/v/pc/video/getAllCategoryVideos	0%	Avira URL Cloud	safe
http://collect-v6.51.la/v6/collect?dt=4	0%	Avira URL Cloud	safe
https://quanjing.cnzz.com	0%	Avira URL Cloud	safe
http://aa5aa5aa5aa5aa44.app/assets/index-fd1be804.css	100%	Avira URL Cloud	malware
http://aa5aa5aa5aa5aa44.app/assets/ColVideoItem-2396d821.css	100%	Avira URL Cloud	malware
http://aa5aa5aa5aa5aa44.app/assets/AdvertisementList.vue_vue_type_script_setup_true_name_AdvertisementList_lang-6c6de8d9.js	100%	Avira URL Cloud	malware
http://aa5aa5aa5aa5aa44.app/assets/Home-52354fe8.js	100%	Avira URL Cloud	malware
https://c.cnzz.com/c.js?web_id=1281366638&t=z	0%	Avira URL Cloud	safe
http://aa5aa5aa5aa5aa44.app/assets/SwiperBanner-cd8dc074.css	100%	Avira URL Cloud	malware
https://aawapi-v3.trh999.com/msg_demo/client_config/get	0%	Avira URL Cloud	safe
http://aa5aa5aa5aa5aa44.app/openIM.wasm	100%	Avira URL Cloud	malware
http://m.amap.com	0%	Avira URL Cloud	safe
http://aa5aa5aa5aa5aa44.app/favicon.ico	100%	Avira URL Cloud	malware
https://z6.cnzz.com/stat.htm?id=1281366638&r=&lg=en-us&ntime=none&cnzz_eid=1701857660-1727417946-&showp=1280x1024&p=http%3A%2F%2Faa5aa5aa5aa5aa44.app%2F&t=%E7%88%B1%E7%88%B1%E7%BD%91&umuuid=19232220dae2bd-07a6196558f62e-26031e51-140000-19232220daf416&h=1	0%	Avira URL Cloud	safe
http://gaode.com	0%	Avira URL Cloud	safe
https://aawapi-v3.trh999.com/msg_demo/v/pc/video/category	0%	Avira URL Cloud	safe
https://www.cnzz.com/stat/website.php?web_id=	0%	Avira URL Cloud	safe
https://v1.cnzz.com/z.js?id=1281366638&async=1	0%	Avira URL Cloud	safe
http://sdk.51.la/js-sdk-pro.min.js	0%	Avira URL Cloud	safe
https://webapi.amap.com	0%	Avira URL Cloud	safe
https://webapi.amap.com/maps?callback=___onAPILoaded&v=2.0&key=0f3e523aa49b944f6ae53c488cbae6c3&plugin=	0%	Avira URL Cloud	safe
http://aa5aa5aa5aa5aa44.app/assets/index-71f5a5dd.js	100%	Avira URL Cloud	malware
http://aa5aa5aa5aa5aa44.app/assets/worker-d3bc0bde.js	100%	Avira URL Cloud	malware
http://aa5aa5aa5aa5aa44.app/wasm_exec.js	100%	Avira URL Cloud	malware
http://aa5aa5aa5aa5aa44.app/assets/logo-b4e095e7.png	100%	Avira URL Cloud	malware
http://aa5aa5aa5aa5aa44.app/assets/qr_code-8c1a238d.jpg	100%	Avira URL Cloud	malware
http://aa5aa5aa5aa5aa44.app/assets/Home-f4762739.css	100%	Avira URL Cloud	malware
https://restapi.amap.com/v3/log/init?platform=JS&s=rsv3&logversion=2.0&product=JsInit&key=0f3e523aa49b944f6ae53c488cbae6c3&t=1727417949472&sdkversion=2.0&appname=http%253A%252F%252Faa5aa5aa5aa5aa44.app%252Fhome&csid=7EF5F9F4-A4F9-4234-B965-6AEE75896E1C&resolution=1280*1024&mob=0&vt=1&dpr=1&scale=1&detect=false&callback=jsonp_463776_1727417949473_	0%	Avira URL Cloud	safe
http://aa5aa5aa5aa5aa44.app/assets/ColVideoItem-07d4d17c.js	100%	Avira URL Cloud	malware
http://aa5aa5aa5aa5aa44.app/assets/SwiperBanner-530f3655.js	100%	Avira URL Cloud	malware
https://aawapi-v3.trh999.com/msg_demo/v/pc/video/adList	0%	Avira URL Cloud	safe
https://aawapi-v3.trh999.com/msg_demo/v/search/hotLists	0%	Avira URL Cloud	safe
http://aa5aa5aa5aa5aa44.app/console-ban.min.js	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
os30.wagbridge.ingress.amap.com	47.246.174.224	true	false	unknown
bg.microsoft.map.fastly.net	199.232.210.172	true	false	unknown
hcdnwsa120.v5.cdnhwczoy106.cn	148.153.240.75	true	false	unknown
all.cnzz.com.danuoyi.tbcache.com	122.225.212.209	true	false	unknown
www.google.com	142.250.184.196	true	false	unknown
aawapi-v3.trh999.com.w.cdngslb.com	163.181.131.212	true	false	unknown
aa5aa5aa5aa5aa44.app	134.122.200.173	true	false	unknown
restapi.amap.com.gds.alibabadns.com	59.82.132.217	true	false	unknown
g952bba.cdn.dakaiwangzhi.com	212.50.235.119	true	false	unknown
z.gds.cnzz.com	223.109.148.140	true	false	unknown
_3669._https.cos-v3.024kh.com	unknown	unknown	false	unknown
v1.cnzz.com	unknown	unknown	false	unknown
cos-v3.024kh.com	unknown	unknown	false	unknown
z6.cnzz.com	unknown	unknown	false	unknown
webapi.amap.com	unknown	unknown	false	unknown
c.cnzz.com	unknown	unknown	false	unknown
collect-v6.51.la	unknown	unknown	false	unknown
restapi.amap.com	unknown	unknown	false	unknown
sdk.51.la	unknown	unknown	false	unknown
aawapi-v3.trh999.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://aa5aa5aa5aa5aa44.app/assets/index-fd1be804.css	true	Avira URL Cloud: malware	unknown
https://aawapi-v3.trh999.com/msg_demo/client_config/get	false	Avira URL Cloud: safe	unknown
http://aa5aa5aa5aa5aa44.app/assets/SwiperBanner-cd8dc074.css	true	Avira URL Cloud: malware	unknown
http://aa5aa5aa5aa5aa44.app/assets/ColVideoItem-2396d821.css	true	Avira URL Cloud: malware	unknown
http://aa5aa5aa5aa5aa44.app/home	true		unknown
https://aawapi-v3.trh999.com/msg_demo/v/pc/video/getAllCategoryVideos	false	Avira URL Cloud: safe	unknown
https://c.cnzz.com/c.js?web_id=1281366638&t=z	false	Avira URL Cloud: safe	unknown
http://collect-v6.51.la/v6/collect?dt=4	false	Avira URL Cloud: safe	unknown
http://aa5aa5aa5aa5aa44.app/assets/Home-52354fe8.js	true	Avira URL Cloud: malware	unknown
http://aa5aa5aa5aa5aa44.app/assets/AdvertisementList.vue_vue_type_script_setup_true_name_AdvertisementList_lang-6c6de8d9.js	true	Avira URL Cloud: malware	unknown
https://v1.cnzz.com/z.js?id=1281366638&async=1	false	Avira URL Cloud: safe	unknown
http://sdk.51.la/js-sdk-pro.min.js	false	Avira URL Cloud: safe	unknown
http://aa5aa5aa5aa5aa44.app/openIM.wasm	true	Avira URL Cloud: malware	unknown
https://aawapi-v3.trh999.com/msg_demo/v/pc/video/category	false	Avira URL Cloud: safe	unknown
http://aa5aa5aa5aa5aa44.app/favicon.ico	true	Avira URL Cloud: malware	unknown
https://z6.cnzz.com/stat.htm?id=1281366638&r=&lg=en-us&ntime=none&cnzz_eid=1701857660-1727417946-&showp=1280x1024&p=http%3A%2F%2Faa5aa5aa5aa5aa44.app%2F&t=%E7%88%B1%E7%88%B1%E7%BD%91&umuuid=19232220dae2bd-07a6196558f62e-26031e51-140000-19232220daf416&h=1	false	Avira URL Cloud: safe	unknown
https://webapi.amap.com/maps?callback=___onAPILoaded&v=2.0&key=0f3e523aa49b944f6ae53c488cbae6c3&plugin=	false	Avira URL Cloud: safe	unknown
http://aa5aa5aa5aa5aa44.app/assets/index-71f5a5dd.js	true	Avira URL Cloud: malware	unknown
http://aa5aa5aa5aa5aa44.app/assets/worker-d3bc0bde.js	true	Avira URL Cloud: malware	unknown
http://aa5aa5aa5aa5aa44.app/wasm_exec.js	true	Avira URL Cloud: malware	unknown
http://aa5aa5aa5aa5aa44.app/assets/Home-f4762739.css	true	Avira URL Cloud: malware	unknown
http://aa5aa5aa5aa5aa44.app/assets/qr_code-8c1a238d.jpg	true	Avira URL Cloud: malware	unknown
http://aa5aa5aa5aa5aa44.app/assets/logo-b4e095e7.png	true	Avira URL Cloud: malware	unknown
http://aa5aa5aa5aa5aa44.app/assets/ColVideoItem-07d4d17c.js	true	Avira URL Cloud: malware	unknown
https://restapi.amap.com/v3/log/init?platform=JS&s=rsv3&logversion=2.0&product=JsInit&key=0f3e523aa49b944f6ae53c488cbae6c3&t=1727417949472&sdkversion=2.0&appname=http%253A%252F%252Faa5aa5aa5aa5aa44.app%252Fhome&csid=7EF5F9F4-A4F9-4234-B965-6AEE75896E1C&resolution=1280*1024&mob=0&vt=1&dpr=1&scale=1&detect=false&callback=jsonp_463776_1727417949473_	false	Avira URL Cloud: safe	unknown
http://aa5aa5aa5aa5aa44.app/assets/SwiperBanner-530f3655.js	true	Avira URL Cloud: malware	unknown
https://aawapi-v3.trh999.com/msg_demo/v/pc/video/adList	false	Avira URL Cloud: safe	unknown
http://aa5aa5aa5aa5aa44.app/	true		unknown
http://aa5aa5aa5aa5aa44.app/console-ban.min.js	true	Avira URL Cloud: malware	unknown
https://aawapi-v3.trh999.com/msg_demo/v/search/hotLists	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://quanjing.cnzz.com	chromecache_98.4.dr, chromecache_86.4.dr	false	Avira URL Cloud: safe	unknown
https://webapi.amap.com	chromecache_117.4.dr, chromecache_101.4.dr	false	Avira URL Cloud: safe	unknown
http://gaode.com	chromecache_117.4.dr, chromecache_101.4.dr	false	Avira URL Cloud: safe	unknown
http://m.amap.com	chromecache_117.4.dr, chromecache_101.4.dr	false	Avira URL Cloud: safe	unknown
https://www.cnzz.com/stat/website.php?web_id=	chromecache_98.4.dr, chromecache_86.4.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.184.196	www.google.com	United States	15169	GOOGLEUS	false
90.84.161.25	unknown	France	5511	OPENTRANSITFR	false
163.181.131.212	aawapi-v3.trh999.com.w.cdngslb.com	United States	24429	TAOBAOZhejiangTaobaoNetworkCoLtdCN	false
163.181.131.215	unknown	United States	24429	TAOBAOZhejiangTaobaoNetworkCoLtdCN	false
47.246.165.44	unknown	United States	45102	CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC	false
203.119.169.174	unknown	China	37963	CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	false
148.153.240.75	hcdnwsa120.v5.cdnhwczoy106.cn	United States	63199	CDSC-AS1US	false
122.225.212.209	all.cnzz.com.danuoyi.tbcache.com	China	58461	CT-HANGZHOU-IDCNo288Fu-chunRoadCN	false
59.82.132.217	restapi.amap.com.gds.alibabadns.com	China	37963	CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	false
212.50.235.119	g952bba.cdn.dakaiwangzhi.com	Netherlands	25820	IT7NETCA	false
223.109.148.140	z.gds.cnzz.com	China	56046	CMNET-JIANGSU-APChinaMobilecommunicationscorporationCN	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
47.246.174.224	os30.wagbridge.ingress.amap.com	United States	45102	CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC	false
134.122.200.173	aa5aa5aa5aa5aa44.app	United States	64050	BCPL-SGBGPNETGlobalASNSG	false

Private

IP
192.168.2.7

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1520328
Start date and time:	2024-09-27 08:17:58 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 36s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://aa5aa5aa5aa5aa44.app/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	16
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.win@16/74@41/15
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, sppsvc.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.163, 142.250.184.238, 173.194.76.84, 34.104.35.123, 4.175.87.197, 199.232.210.172, 20.3.187.198, 93.184.221.240, 13.95.31.18, 2.19.126.137, 2.19.126.163, 172.217.16.195, 142.250.184.206
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, clientservices.googleapis.com, time.windows.com, a767.dspw65.akamai.net, wu.azureedge.net, clients2.google.com, glb.cws.prod.dcat.dsp.trafficmanager.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net, clients1.google.com, fs.microsoft.com, accounts.google.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, fe3.delivery.mp.microsoft.com, edgedl.me.gvt1.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: http://aa5aa5aa5aa5aa44.app/

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 20181
Category:	downloaded
Size (bytes):	5289
Entropy (8bit):	7.961211959183101
Encrypted:	false
SSDEEP:	96:eejNCJ4LeKu6GpEzlUYkfMwH2ddHCbEkUjRF9oqBko26M6cnkgpaopL+iBjXTG8:eejAJ2ebezRk0m2ddHCb7UVgqBkouRXb
MD5:	4CD4A5CBD38F559D62AD6AF034EFAB9F
SHA1:	9F16B90722D51DF618C6860E7B1513AC5D7A7704
SHA-256:	22D3213A055E4FDDD2B344CDD870856E95AB9A11A4797DFB6CE7031C306A22F8
SHA-512:	117278E06AA7369580B4A6445B7E85C414A02C892C39C334686152F015ADB7EE44E50AF77B17164BF14E7B53BEEBB5C9B3DDB2EB172FC64A8CAE73540F7DAA2D
Malicious:	false
Reputation:	low
URL:	http://aa5aa5aa5aa5aa44.app/wasm_exec.js
Preview:	...........\.s.F....b\...".zXQl.).....sd....uiAbH"....y....u..0x.....]..$.3=.=.......t....P......V.S.bVL.,..Q..q.2..l...W{{..\.t..I..<.eC..i.....\g...`.\|....XD.fE.P'.YL.B..D.....$Pa..Z.}.....L..H.:.)..$.N...<oK.~..\|.....OU<..p.i..?./.Y8-.N.a.&.N.t...<L..3L.8M..7;.a...2<U.z...O.?.rE..s...5..}./..\..4..@g:8.....,...r{m...H...g./\|...W..`...J.#......o.$Ho..S....(.{{[..e...Q:.#uj...gwJG..)..h..zVA.+..,UL@.J..:.4.x}.z..$..?O. ....b?3%X.X..4S......c([...N<.]L.E.r.=/.e..WX.h.0....g..R..>.%.vv...=y..b.%.....e....?.-o#].tVLg.....1...'.1......R.?..w...'j...N~.]....}....g/>4o~x.........g.w....[......,..:0K.fa./.....;j0.YB.....S......_....h.lQB.VN.G~^..t~~7.z.K...x.@.~r...+.......l.U... /2o.G%.........E..3....t..t2.&..;./......Q...%.w.4.."L..X.(.@M]R.D.....~.....jYz`A.d.E.....(.Wg..RmFE.......~{....K..`r....I..../&;...n.-+.:.........1....C.Ei.{.!...E..(...."8.&j..S0.M..J.......Q...oD.J.J@-.,7;....<.1Q.....7.O....6$,......,...t..6."..?R.3...f!.Y.l=@.h.....G@....

Source: http://aa5aa5aa5aa5aa44.app/assets/index-fd1be804.css	Avira URL Cloud: Label: malware
Source: http://aa5aa5aa5aa5aa44.app/assets/ColVideoItem-2396d821.css	Avira URL Cloud: Label: malware
Source: http://aa5aa5aa5aa5aa44.app/assets/AdvertisementList.vue_vue_type_script_setup_true_name_AdvertisementList_lang-6c6de8d9.js	Avira URL Cloud: Label: malware
Source: http://aa5aa5aa5aa5aa44.app/assets/Home-52354fe8.js	Avira URL Cloud: Label: malware
Source: http://aa5aa5aa5aa5aa44.app/assets/SwiperBanner-cd8dc074.css	Avira URL Cloud: Label: malware
Source: http://aa5aa5aa5aa5aa44.app/openIM.wasm	Avira URL Cloud: Label: malware
Source: http://aa5aa5aa5aa5aa44.app/favicon.ico	Avira URL Cloud: Label: malware
Source: http://aa5aa5aa5aa5aa44.app/assets/index-71f5a5dd.js	Avira URL Cloud: Label: malware
Source: http://aa5aa5aa5aa5aa44.app/assets/worker-d3bc0bde.js	Avira URL Cloud: Label: malware
Source: http://aa5aa5aa5aa5aa44.app/wasm_exec.js	Avira URL Cloud: Label: malware
Source: http://aa5aa5aa5aa5aa44.app/assets/logo-b4e095e7.png	Avira URL Cloud: Label: malware
Source: http://aa5aa5aa5aa5aa44.app/assets/qr_code-8c1a238d.jpg	Avira URL Cloud: Label: malware
Source: http://aa5aa5aa5aa5aa44.app/assets/Home-f4762739.css	Avira URL Cloud: Label: malware
Source: http://aa5aa5aa5aa5aa44.app/assets/ColVideoItem-07d4d17c.js	Avira URL Cloud: Label: malware
Source: http://aa5aa5aa5aa5aa44.app/assets/SwiperBanner-530f3655.js	Avira URL Cloud: Label: malware
Source: http://aa5aa5aa5aa5aa44.app/console-ban.min.js	Avira URL Cloud: Label: malware

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 13.95.65.251
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: aa5aa5aa5aa5aa44.app
Source: global traffic	DNS traffic detected: DNS query: sdk.51.la
Source: global traffic	DNS traffic detected: DNS query: v1.cnzz.com
Source: global traffic	DNS traffic detected: DNS query: collect-v6.51.la
Source: global traffic	DNS traffic detected: DNS query: z6.cnzz.com
Source: global traffic	DNS traffic detected: DNS query: c.cnzz.com
Source: global traffic	DNS traffic detected: DNS query: webapi.amap.com
Source: global traffic	DNS traffic detected: DNS query: aawapi-v3.trh999.com
Source: global traffic	DNS traffic detected: DNS query: restapi.amap.com
Source: global traffic	DNS traffic detected: DNS query: cos-v3.024kh.com
Source: global traffic	DNS traffic detected: DNS query: _3669._https.cos-v3.024kh.com

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 27, 2024 08:19:02.301131010 CEST	192.168.2.7	1.1.1.1	0xfe63	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:19:02.301366091 CEST	192.168.2.7	1.1.1.1	0x8fca	Standard query (0)	www.google.com	65	IN (0x0001)	false
Sep 27, 2024 08:19:02.403811932 CEST	192.168.2.7	1.1.1.1	0x83db	Standard query (0)	aa5aa5aa5aa5aa44.app	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:19:02.404052019 CEST	192.168.2.7	1.1.1.1	0x6916	Standard query (0)	aa5aa5aa5aa5aa44.app	65	IN (0x0001)	false
Sep 27, 2024 08:19:03.408672094 CEST	192.168.2.7	1.1.1.1	0xcbfa	Standard query (0)	sdk.51.la	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:19:03.409194946 CEST	192.168.2.7	1.1.1.1	0xfaa4	Standard query (0)	sdk.51.la	65	IN (0x0001)	false
Sep 27, 2024 08:19:03.409857988 CEST	192.168.2.7	1.1.1.1	0x310b	Standard query (0)	v1.cnzz.com	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:19:03.410012007 CEST	192.168.2.7	1.1.1.1	0xf7cd	Standard query (0)	v1.cnzz.com	65	IN (0x0001)	false
Sep 27, 2024 08:19:04.307796955 CEST	192.168.2.7	1.1.1.1	0x8e4f	Standard query (0)	aa5aa5aa5aa5aa44.app	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:19:04.307985067 CEST	192.168.2.7	1.1.1.1	0x3f04	Standard query (0)	aa5aa5aa5aa5aa44.app	65	IN (0x0001)	false
Sep 27, 2024 08:19:04.637001991 CEST	192.168.2.7	1.1.1.1	0xba47	Standard query (0)	collect-v6.51.la	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:19:04.637130976 CEST	192.168.2.7	1.1.1.1	0xc6b1	Standard query (0)	collect-v6.51.la	65	IN (0x0001)	false
Sep 27, 2024 08:19:04.860780001 CEST	192.168.2.7	1.1.1.1	0xdcee	Standard query (0)	sdk.51.la	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:19:04.861449957 CEST	192.168.2.7	1.1.1.1	0xea75	Standard query (0)	sdk.51.la	65	IN (0x0001)	false
Sep 27, 2024 08:19:05.383677959 CEST	192.168.2.7	1.1.1.1	0x3400	Standard query (0)	v1.cnzz.com	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:19:05.384452105 CEST	192.168.2.7	1.1.1.1	0xc103	Standard query (0)	v1.cnzz.com	65	IN (0x0001)	false
Sep 27, 2024 08:19:05.889235973 CEST	192.168.2.7	1.1.1.1	0xfec4	Standard query (0)	collect-v6.51.la	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:19:05.889386892 CEST	192.168.2.7	1.1.1.1	0x7a09	Standard query (0)	collect-v6.51.la	65	IN (0x0001)	false
Sep 27, 2024 08:19:06.435470104 CEST	192.168.2.7	1.1.1.1	0x8d7a	Standard query (0)	z6.cnzz.com	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:19:06.436028004 CEST	192.168.2.7	1.1.1.1	0xc8d4	Standard query (0)	z6.cnzz.com	65	IN (0x0001)	false
Sep 27, 2024 08:19:06.784842014 CEST	192.168.2.7	1.1.1.1	0x2121	Standard query (0)	c.cnzz.com	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:19:06.785047054 CEST	192.168.2.7	1.1.1.1	0x5710	Standard query (0)	c.cnzz.com	65	IN (0x0001)	false
Sep 27, 2024 08:19:06.786698103 CEST	192.168.2.7	1.1.1.1	0x3dcd	Standard query (0)	webapi.amap.com	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:19:06.786927938 CEST	192.168.2.7	1.1.1.1	0x51f7	Standard query (0)	webapi.amap.com	65	IN (0x0001)	false
Sep 27, 2024 08:19:08.167531013 CEST	192.168.2.7	1.1.1.1	0xd5f9	Standard query (0)	aawapi-v3.trh999.com	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:19:08.176371098 CEST	192.168.2.7	1.1.1.1	0xcf23	Standard query (0)	aawapi-v3.trh999.com	65	IN (0x0001)	false
Sep 27, 2024 08:19:09.221421957 CEST	192.168.2.7	1.1.1.1	0x5072	Standard query (0)	aawapi-v3.trh999.com	65	IN (0x0001)	false
Sep 27, 2024 08:19:12.496682882 CEST	192.168.2.7	1.1.1.1	0xa4d5	Standard query (0)	restapi.amap.com	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:19:12.497175932 CEST	192.168.2.7	1.1.1.1	0x1926	Standard query (0)	restapi.amap.com	65	IN (0x0001)	false
Sep 27, 2024 08:19:12.513772964 CEST	192.168.2.7	1.1.1.1	0x6b45	Standard query (0)	cos-v3.024kh.com	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:19:12.513942003 CEST	192.168.2.7	1.1.1.1	0x8385	Standard query (0)	_3669._https.cos-v3.024kh.com	65	IN (0x0001)	false
Sep 27, 2024 08:19:12.899880886 CEST	192.168.2.7	1.1.1.1	0xe909	Standard query (0)	c.cnzz.com	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:19:12.900393963 CEST	192.168.2.7	1.1.1.1	0x8bd5	Standard query (0)	c.cnzz.com	65	IN (0x0001)	false
Sep 27, 2024 08:19:12.925700903 CEST	192.168.2.7	1.1.1.1	0x6168	Standard query (0)	webapi.amap.com	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:19:12.926130056 CEST	192.168.2.7	1.1.1.1	0x7b1f	Standard query (0)	webapi.amap.com	65	IN (0x0001)	false
Sep 27, 2024 08:19:12.937170982 CEST	192.168.2.7	1.1.1.1	0x50aa	Standard query (0)	aawapi-v3.trh999.com	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:19:12.937306881 CEST	192.168.2.7	1.1.1.1	0xd0ab	Standard query (0)	aawapi-v3.trh999.com	65	IN (0x0001)	false
Sep 27, 2024 08:19:14.133512020 CEST	192.168.2.7	1.1.1.1	0xaf33	Standard query (0)	restapi.amap.com	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:19:14.133971930 CEST	192.168.2.7	1.1.1.1	0x5b36	Standard query (0)	restapi.amap.com	65	IN (0x0001)	false
Sep 27, 2024 08:19:15.229682922 CEST	192.168.2.7	1.1.1.1	0xfa64	Standard query (0)	cos-v3.024kh.com	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:19:15.229837894 CEST	192.168.2.7	1.1.1.1	0xd46e	Standard query (0)	_3669._https.cos-v3.024kh.com	65	IN (0x0001)	false

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Sep 27, 2024 08:19:02.308985949 CEST	1.1.1.1	192.168.2.7	0xfe63	No error (0)	www.google.com		142.250.184.196	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:19:02.309798956 CEST	1.1.1.1	192.168.2.7	0x8fca	No error (0)	www.google.com			65	IN (0x0001)	false
Sep 27, 2024 08:19:02.451750040 CEST	1.1.1.1	192.168.2.7	0x83db	No error (0)	aa5aa5aa5aa5aa44.app		134.122.200.173	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:19:03.416299105 CEST	1.1.1.1	192.168.2.7	0xcbfa	No error (0)	sdk.51.la	sdk.51.la.d183e8b1.cdnhwcgqa21.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:19:03.416299105 CEST	1.1.1.1	192.168.2.7	0xcbfa	No error (0)	sdk.51.la.d183e8b1.cdnhwcgqa21.com	hcdnwsa120.v5.cdnhwczoy106.cn		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:19:03.416299105 CEST	1.1.1.1	192.168.2.7	0xcbfa	No error (0)	hcdnwsa120.v5.cdnhwczoy106.cn		148.153.240.75	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:19:03.416299105 CEST	1.1.1.1	192.168.2.7	0xcbfa	No error (0)	hcdnwsa120.v5.cdnhwczoy106.cn		90.84.161.25	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:19:03.609191895 CEST	1.1.1.1	192.168.2.7	0x310b	No error (0)	v1.cnzz.com	c.cnzz.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:19:03.609191895 CEST	1.1.1.1	192.168.2.7	0x310b	No error (0)	c.cnzz.com	all.cnzz.com.danuoyi.tbcache.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:19:03.609191895 CEST	1.1.1.1	192.168.2.7	0x310b	No error (0)	all.cnzz.com.danuoyi.tbcache.com		122.225.212.209	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:19:04.009063959 CEST	1.1.1.1	192.168.2.7	0xfaa4	No error (0)	sdk.51.la	sdk.51.la.d183e8b1.cdnhwcgqa21.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:19:04.009063959 CEST	1.1.1.1	192.168.2.7	0xfaa4	No error (0)	sdk.51.la.d183e8b1.cdnhwcgqa21.com	hcdnwsa120.v5.cdnhwczoy106.cn		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:19:04.088267088 CEST	1.1.1.1	192.168.2.7	0xf7cd	No error (0)	v1.cnzz.com	c.cnzz.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:19:04.088267088 CEST	1.1.1.1	192.168.2.7	0xf7cd	No error (0)	c.cnzz.com	all.cnzz.com.danuoyi.tbcache.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:19:04.344122887 CEST	1.1.1.1	192.168.2.7	0x8e4f	No error (0)	aa5aa5aa5aa5aa44.app		134.122.200.173	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:19:04.644227028 CEST	1.1.1.1	192.168.2.7	0xba47	No error (0)	collect-v6.51.la	collect-v6.51.la.d183e8b1.cdnhwcgqa21.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:19:04.644227028 CEST	1.1.1.1	192.168.2.7	0xba47	No error (0)	collect-v6.51.la.d183e8b1.cdnhwcgqa21.com	hcdnwsa120.v5.cdnhwczoy106.cn		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:19:04.644227028 CEST	1.1.1.1	192.168.2.7	0xba47	No error (0)	hcdnwsa120.v5.cdnhwczoy106.cn		148.153.240.75	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:19:04.644227028 CEST	1.1.1.1	192.168.2.7	0xba47	No error (0)	hcdnwsa120.v5.cdnhwczoy106.cn		90.84.161.25	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:19:05.113390923 CEST	1.1.1.1	192.168.2.7	0xc6b1	No error (0)	collect-v6.51.la	collect-v6.51.la.d183e8b1.cdnhwcgqa21.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:19:05.113390923 CEST	1.1.1.1	192.168.2.7	0xc6b1	No error (0)	collect-v6.51.la.d183e8b1.cdnhwcgqa21.com	hcdnwsa120.v5.cdnhwczoy106.cn		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:19:05.347599030 CEST	1.1.1.1	192.168.2.7	0xdcee	No error (0)	sdk.51.la	sdk.51.la.d183e8b1.cdnhwcgqa21.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:19:05.347599030 CEST	1.1.1.1	192.168.2.7	0xdcee	No error (0)	sdk.51.la.d183e8b1.cdnhwcgqa21.com	hcdnwsa120.v5.cdnhwczoy106.cn		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:19:05.347599030 CEST	1.1.1.1	192.168.2.7	0xdcee	No error (0)	hcdnwsa120.v5.cdnhwczoy106.cn		90.84.161.25	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:19:05.347599030 CEST	1.1.1.1	192.168.2.7	0xdcee	No error (0)	hcdnwsa120.v5.cdnhwczoy106.cn		148.153.240.75	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:19:05.569755077 CEST	1.1.1.1	192.168.2.7	0x3400	No error (0)	v1.cnzz.com	c.cnzz.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:19:05.569755077 CEST	1.1.1.1	192.168.2.7	0x3400	No error (0)	c.cnzz.com	all.cnzz.com.danuoyi.tbcache.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:19:05.569755077 CEST	1.1.1.1	192.168.2.7	0x3400	No error (0)	all.cnzz.com.danuoyi.tbcache.com		122.225.212.209	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:19:05.897727013 CEST	1.1.1.1	192.168.2.7	0xfec4	No error (0)	collect-v6.51.la	collect-v6.51.la.d183e8b1.cdnhwcgqa21.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:19:05.897727013 CEST	1.1.1.1	192.168.2.7	0xfec4	No error (0)	collect-v6.51.la.d183e8b1.cdnhwcgqa21.com	hcdnwsa120.v5.cdnhwczoy106.cn		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:19:05.897727013 CEST	1.1.1.1	192.168.2.7	0xfec4	No error (0)	hcdnwsa120.v5.cdnhwczoy106.cn		148.153.240.75	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:19:05.897727013 CEST	1.1.1.1	192.168.2.7	0xfec4	No error (0)	hcdnwsa120.v5.cdnhwczoy106.cn		90.84.161.25	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:19:05.899806023 CEST	1.1.1.1	192.168.2.7	0xc103	No error (0)	v1.cnzz.com	c.cnzz.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:19:05.899806023 CEST	1.1.1.1	192.168.2.7	0xc103	No error (0)	c.cnzz.com	all.cnzz.com.danuoyi.tbcache.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:19:06.053785086 CEST	1.1.1.1	192.168.2.7	0xea75	No error (0)	sdk.51.la	sdk.51.la.d183e8b1.cdnhwcgqa21.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:19:06.053785086 CEST	1.1.1.1	192.168.2.7	0xea75	No error (0)	sdk.51.la.d183e8b1.cdnhwcgqa21.com	hcdnwsa120.v5.cdnhwczoy106.cn		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:19:06.443398952 CEST	1.1.1.1	192.168.2.7	0x8d7a	No error (0)	z6.cnzz.com	z.cnzz.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:19:06.443398952 CEST	1.1.1.1	192.168.2.7	0x8d7a	No error (0)	z.cnzz.com	z.gds.cnzz.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:19:06.443398952 CEST	1.1.1.1	192.168.2.7	0x8d7a	No error (0)	z.gds.cnzz.com		223.109.148.140	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:19:06.492156982 CEST	1.1.1.1	192.168.2.7	0x7a09	No error (0)	collect-v6.51.la	collect-v6.51.la.d183e8b1.cdnhwcgqa21.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:19:06.492156982 CEST	1.1.1.1	192.168.2.7	0x7a09	No error (0)	collect-v6.51.la.d183e8b1.cdnhwcgqa21.com	hcdnwsa120.v5.cdnhwczoy106.cn		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:19:06.794213057 CEST	1.1.1.1	192.168.2.7	0x3dcd	No error (0)	webapi.amap.com	webapi.amap.com.gds.alibabadns.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:19:06.794213057 CEST	1.1.1.1	192.168.2.7	0x3dcd	No error (0)	webapi.amap.com.gds.alibabadns.com	os30.wagbridge.ingress.amap.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:19:06.794213057 CEST	1.1.1.1	192.168.2.7	0x3dcd	No error (0)	os30.wagbridge.ingress.amap.com		47.246.174.224	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:19:06.794213057 CEST	1.1.1.1	192.168.2.7	0x3dcd	No error (0)	os30.wagbridge.ingress.amap.com		47.246.165.44	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:19:06.794213057 CEST	1.1.1.1	192.168.2.7	0x3dcd	No error (0)	os30.wagbridge.ingress.amap.com		47.246.174.187	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:19:06.794213057 CEST	1.1.1.1	192.168.2.7	0x3dcd	No error (0)	os30.wagbridge.ingress.amap.com		47.246.174.241	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:19:06.794671059 CEST	1.1.1.1	192.168.2.7	0x51f7	No error (0)	webapi.amap.com	webapi.amap.com.gds.alibabadns.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:19:06.794671059 CEST	1.1.1.1	192.168.2.7	0x51f7	No error (0)	webapi.amap.com.gds.alibabadns.com	os30.wagbridge.ingress.amap.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:19:07.095252037 CEST	1.1.1.1	192.168.2.7	0x2121	No error (0)	c.cnzz.com	all.cnzz.com.danuoyi.tbcache.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:19:07.095252037 CEST	1.1.1.1	192.168.2.7	0x2121	No error (0)	all.cnzz.com.danuoyi.tbcache.com		122.225.212.209	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:19:07.179745913 CEST	1.1.1.1	192.168.2.7	0xc8d4	No error (0)	z6.cnzz.com	z.cnzz.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:19:07.179745913 CEST	1.1.1.1	192.168.2.7	0xc8d4	No error (0)	z.cnzz.com	z.gds.cnzz.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:19:07.199166059 CEST	1.1.1.1	192.168.2.7	0x5710	No error (0)	c.cnzz.com	all.cnzz.com.danuoyi.tbcache.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:19:08.882282972 CEST	1.1.1.1	192.168.2.7	0xd5f9	No error (0)	aawapi-v3.trh999.com	aawapi-v3.trh999.com.w.cdngslb.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:19:08.882282972 CEST	1.1.1.1	192.168.2.7	0xd5f9	No error (0)	aawapi-v3.trh999.com.w.cdngslb.com		163.181.131.212	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:19:08.882282972 CEST	1.1.1.1	192.168.2.7	0xd5f9	No error (0)	aawapi-v3.trh999.com.w.cdngslb.com		163.181.131.215	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:19:08.882282972 CEST	1.1.1.1	192.168.2.7	0xd5f9	No error (0)	aawapi-v3.trh999.com.w.cdngslb.com		163.181.131.216	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:19:08.882282972 CEST	1.1.1.1	192.168.2.7	0xd5f9	No error (0)	aawapi-v3.trh999.com.w.cdngslb.com		163.181.131.217	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:19:08.882282972 CEST	1.1.1.1	192.168.2.7	0xd5f9	No error (0)	aawapi-v3.trh999.com.w.cdngslb.com		163.181.131.208	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:19:08.882282972 CEST	1.1.1.1	192.168.2.7	0xd5f9	No error (0)	aawapi-v3.trh999.com.w.cdngslb.com		163.181.131.209	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:19:08.882282972 CEST	1.1.1.1	192.168.2.7	0xd5f9	No error (0)	aawapi-v3.trh999.com.w.cdngslb.com		163.181.131.210	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:19:08.882282972 CEST	1.1.1.1	192.168.2.7	0xd5f9	No error (0)	aawapi-v3.trh999.com.w.cdngslb.com		163.181.131.211	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:19:09.220480919 CEST	1.1.1.1	192.168.2.7	0xcf23	No error (0)	aawapi-v3.trh999.com	aawapi-v3.trh999.com.w.cdngslb.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:19:09.795561075 CEST	1.1.1.1	192.168.2.7	0x5072	No error (0)	aawapi-v3.trh999.com	aawapi-v3.trh999.com.w.cdngslb.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:19:12.504508018 CEST	1.1.1.1	192.168.2.7	0xa4d5	No error (0)	restapi.amap.com	restapi.amap.com.gds.alibabadns.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:19:12.504508018 CEST	1.1.1.1	192.168.2.7	0xa4d5	No error (0)	restapi.amap.com.gds.alibabadns.com		59.82.132.217	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:19:12.860920906 CEST	1.1.1.1	192.168.2.7	0x7816	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:19:12.860920906 CEST	1.1.1.1	192.168.2.7	0x7816	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:19:12.933120966 CEST	1.1.1.1	192.168.2.7	0x6168	No error (0)	webapi.amap.com	webapi.amap.com.gds.alibabadns.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:19:12.933120966 CEST	1.1.1.1	192.168.2.7	0x6168	No error (0)	webapi.amap.com.gds.alibabadns.com	os30.wagbridge.ingress.amap.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:19:12.933120966 CEST	1.1.1.1	192.168.2.7	0x6168	No error (0)	os30.wagbridge.ingress.amap.com		47.246.165.44	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:19:12.933120966 CEST	1.1.1.1	192.168.2.7	0x6168	No error (0)	os30.wagbridge.ingress.amap.com		47.246.174.241	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:19:12.933120966 CEST	1.1.1.1	192.168.2.7	0x6168	No error (0)	os30.wagbridge.ingress.amap.com		47.246.174.224	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:19:12.933120966 CEST	1.1.1.1	192.168.2.7	0x6168	No error (0)	os30.wagbridge.ingress.amap.com		47.246.174.187	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:19:12.933262110 CEST	1.1.1.1	192.168.2.7	0x1926	No error (0)	restapi.amap.com	restapi.amap.com.gds.alibabadns.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:19:12.933429003 CEST	1.1.1.1	192.168.2.7	0x7b1f	No error (0)	webapi.amap.com	webapi.amap.com.gds.alibabadns.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:19:12.933429003 CEST	1.1.1.1	192.168.2.7	0x7b1f	No error (0)	webapi.amap.com.gds.alibabadns.com	os30.wagbridge.ingress.amap.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:19:13.204797983 CEST	1.1.1.1	192.168.2.7	0x8bd5	No error (0)	c.cnzz.com	all.cnzz.com.danuoyi.tbcache.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:19:13.275892973 CEST	1.1.1.1	192.168.2.7	0xe909	No error (0)	c.cnzz.com	all.cnzz.com.danuoyi.tbcache.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:19:13.275892973 CEST	1.1.1.1	192.168.2.7	0xe909	No error (0)	all.cnzz.com.danuoyi.tbcache.com		122.225.212.209	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:19:13.404984951 CEST	1.1.1.1	192.168.2.7	0x6b45	No error (0)	cos-v3.024kh.com	79729ebb.dakaiwangzhi.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:19:13.404984951 CEST	1.1.1.1	192.168.2.7	0x6b45	No error (0)	79729ebb.dakaiwangzhi.com	g952bba.cdn.dakaiwangzhi.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:19:13.404984951 CEST	1.1.1.1	192.168.2.7	0x6b45	No error (0)	g952bba.cdn.dakaiwangzhi.com		212.50.235.119	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:19:13.528513908 CEST	1.1.1.1	192.168.2.7	0xd0ab	No error (0)	aawapi-v3.trh999.com	aawapi-v3.trh999.com.w.cdngslb.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:19:13.544622898 CEST	1.1.1.1	192.168.2.7	0x50aa	No error (0)	aawapi-v3.trh999.com	aawapi-v3.trh999.com.w.cdngslb.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:19:13.544622898 CEST	1.1.1.1	192.168.2.7	0x50aa	No error (0)	aawapi-v3.trh999.com.w.cdngslb.com		163.181.131.215	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:19:13.544622898 CEST	1.1.1.1	192.168.2.7	0x50aa	No error (0)	aawapi-v3.trh999.com.w.cdngslb.com		163.181.131.211	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:19:13.544622898 CEST	1.1.1.1	192.168.2.7	0x50aa	No error (0)	aawapi-v3.trh999.com.w.cdngslb.com		163.181.131.209	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:19:13.544622898 CEST	1.1.1.1	192.168.2.7	0x50aa	No error (0)	aawapi-v3.trh999.com.w.cdngslb.com		163.181.131.217	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:19:13.544622898 CEST	1.1.1.1	192.168.2.7	0x50aa	No error (0)	aawapi-v3.trh999.com.w.cdngslb.com		163.181.131.212	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:19:13.544622898 CEST	1.1.1.1	192.168.2.7	0x50aa	No error (0)	aawapi-v3.trh999.com.w.cdngslb.com		163.181.131.210	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:19:13.544622898 CEST	1.1.1.1	192.168.2.7	0x50aa	No error (0)	aawapi-v3.trh999.com.w.cdngslb.com		163.181.131.208	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:19:13.544622898 CEST	1.1.1.1	192.168.2.7	0x50aa	No error (0)	aawapi-v3.trh999.com.w.cdngslb.com		163.181.131.216	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:19:13.865123034 CEST	1.1.1.1	192.168.2.7	0x8385	Name error (3)	_3669._https.cos-v3.024kh.com	none	none	65	IN (0x0001)	false
Sep 27, 2024 08:19:14.140819073 CEST	1.1.1.1	192.168.2.7	0xaf33	No error (0)	restapi.amap.com	restapi.amap.com.gds.alibabadns.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:19:14.140819073 CEST	1.1.1.1	192.168.2.7	0xaf33	No error (0)	restapi.amap.com.gds.alibabadns.com		203.119.169.174	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:19:14.398050070 CEST	1.1.1.1	192.168.2.7	0x5b36	No error (0)	restapi.amap.com	restapi.amap.com.gds.alibabadns.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:19:16.003851891 CEST	1.1.1.1	192.168.2.7	0xd46e	Name error (3)	_3669._https.cos-v3.024kh.com	none	none	65	IN (0x0001)	false
Sep 27, 2024 08:19:16.068149090 CEST	1.1.1.1	192.168.2.7	0xfa64	No error (0)	cos-v3.024kh.com	79729ebb.dakaiwangzhi.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:19:16.068149090 CEST	1.1.1.1	192.168.2.7	0xfa64	No error (0)	79729ebb.dakaiwangzhi.com	g952bba.cdn.dakaiwangzhi.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:19:16.068149090 CEST	1.1.1.1	192.168.2.7	0xfa64	No error (0)	g952bba.cdn.dakaiwangzhi.com		212.50.235.119	A (IP address)	IN (0x0001)	false

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 08:19:02.458498001 CEST	435	OUT	GET / HTTP/1.1 Host: aa5aa5aa5aa5aa44.app Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Sep 27, 2024 08:19:03.340311050 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Sep 2024 06:19:03 GMT Content-Type: text/html Last-Modified: Sat, 24 Aug 2024 14:11:02 GMT Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding ETag: W/"66c9e9f6-87d" Content-Encoding: gzip Data Raw: 34 39 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 85 56 5f 6f 1b 45 10 7f ae 3f c5 e4 1e da 33 d8 7b 31 a5 25 c4 3e 57 49 9a 22 44 48 40 04 10 aa aa 68 7d 3b b6 37 b9 db 3d ed ee d9 71 6a 3f 21 04 2f fc 7b 40 3c f3 c6 0b 2a 88 07 5e e0 e3 14 da 6f c1 ec dd f9 4f aa 16 4e d6 dd ee ce ee cc 6f 66 7e 33 eb de d6 fd 93 83 d3 cf 3e 38 84 b1 cb d2 7e cf bf 21 e5 6a 14 a3 a2 19 72 d1 ef 65 e8 38 24 63 6e 2c ba f8 e3 d3 07 ed 9d 7a 4d f1 0c 63 83 43 34 06 0d 24 5a 39 54 2e 56 ba bd 5c eb f7 52 a9 2e c0 60 1a 4b 12 83 9b e5 18 cb 8c 8f 30 b2 93 d1 eb 97 64 6b 4c 7b e3 68 c8 27 7e 03 a3 d7 c6 99 8c 2b 39 44 eb ea 4d cb 29 3b b7 9a c0 6d b5 db 50 61 2b 71 04 13 89 d3 5c 1b 17 ac 90 04 53 29 dc 38 16 48 ca b1 5d 4e 5a 20 95 74 92 a7 6d 9b f0 14 e3 0e db 0e 20 ea 43 bb bd e9 d3 52 d5 7f 6a 7a 41 51 2b e3 97 32 2b b2 a5 e2 56 61 d1 94 13 3e 20 43 4a 07 9b 16 04 da c4 c8 dc 49 8a ca 32 70 c1 b5 1d 17 38 9b 6a 23 ec 35 b1 93 2e c5 fe 3f 5f fd e6 7f 7f 7d df 8b aa 85 46 af d2 d6 6f 6c 0d 0b 95 94 5a c3 bc 09 8f 21 20 14 [TRUNCATED] Data Ascii: 491V_oE?3{1%>WI"DH@h};7=qj?!/{@<^oONof~3>8~!jre8$cn,zMcC4$Z9T.V\R.`K0dkL{h'~+9DM);mPa+q\S)8H]NZ tm CRjzAQ+2+Va> CJI2p8j#5.?_}FolZ! `!u^:,0JiB'EFyH,oAB `2.v78Yih=DQd-`w:,mMX&%4h@!dA0E"Zfg\|tL_zyy/]t'B6xQ@5=%Ly?=;;89::<8s5-ieG{tP6a-(NK:lRRRF}%"}j"!&-1HANs"xehvhICgw9mZ2U)6nYG&+W]Iw{e&N@gd]*4nP_" frWnJRC_{#J\aD\Oq\c>\K Zl.1+uU$sGz[U u#uT_:B_!/){}(s:`8cm0!]5!HF8lZ^;BckVWuqy\0l
Sep 27, 2024 08:19:03.340348005 CEST	210	IN	Data Raw: 12 6b fb 15 8a a8 bc ef aa f1 40 8b 59 3d 14 72 42 15 15 f3 3c 27 53 34 a9 97 ab 7a a9 b0 4d b9 cd ce f0 12 93 97 e0 d9 dc e7 53 a8 53 6c 0f b8 aa 1b df 1a fd b2 ee a2 08 7c 86 a8 37 26 68 2d 43 35 61 c7 27 f7 0f cf 0e 8f 3f 81 2d 6a ba 01 dd 67 Data Ascii: k@Y=rB<'S4zMSSl\|7&h-C5a'?-jg@g_^9#i<{/~/~~o5Ma/hUT+i0qptvZboP/*P}0
Sep 27, 2024 08:19:03.359848976 CEST	334	OUT	GET /assets/index-71f5a5dd.js HTTP/1.1 Host: aa5aa5aa5aa5aa44.app Connection: keep-alive Origin: http://aa5aa5aa5aa5aa44.app User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Sep 27, 2024 08:19:03.670918941 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Sep 2024 06:19:03 GMT Content-Type: application/javascript Last-Modified: Sat, 24 Aug 2024 14:09:18 GMT Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding ETag: W/"66c9e98e-100c4a" Expires: Fri, 27 Sep 2024 18:19:03 GMT Cache-Control: max-age=43200 Content-Encoding: gzip Data Raw: 34 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 c4 bd 7b 57 1b 47 97 ef ff ff bc 0a e0 78 71 a4 b8 4d c0 c9 e4 f1 48 6e eb 60 8c 27 24 be c5 98 3c 76 18 1f 22 4b 0d 28 16 92 ac 0b 17 83 de fb ef f3 dd bb aa ba 25 70 e6 59 67 ad 59 bf 95 18 f5 a5 ba ae bb f6 7d ef aa 1d cf 06 9d 69 6f 38 a8 d5 af 3b c3 c1 64 ba 32 cd bb c3 ce ec ac 18 4c 37 3a e3 a2 3d 2d 76 fb 85 ee 6a 6b fd de e0 f3 5a 7d 63 5c f4 5f f4 26 d3 66 ef b8 36 5d 5f 9f 6e 4c 66 a3 d1 70 3c 9d 54 af 6b 6b 67 c3 ee ac 5f 8c 28 3c 6c 77 d7 ea f5 71 31 9d 8d 07 cd e3 e1 b8 e6 ed 0c 57 86 c7 2b a9 a9 2f b3 62 7c b5 5f f4 8b ce 74 38 de ee f7 6b ff 5b ad 1d f2 79 be 54 d5 c7 ff 4d 65 b5 61 bd 39 28 2e 56 5e ce a6 6d f5 fe f5 a7 49 31 3e 2f 78 9e 3f b9 2e db 98 a8 8d 61 9d 9e 4e 36 a6 57 a3 22 cf f3 b5 ce 69 af df d5 00 d6 ea 65 c1 b6 0a 4e 36 da dd 6e d1 7d 35 ec 16 93 7a 7b 63 da 3e 79 d5 3e b3 6f 5e ec bd fa 75 6d 7d bd ad b1 eb 7e 71 70 eb eb e3 5a bb 3e af 6f 0c bd 17 b5 38 aa ec 3a 35 d6 58 dd cc 26 b3 4f d3 71 51 70 39 af 37 e3 bc af 0c [TRUNCATED] Data Ascii: 4000{WGxqMHn`'$<v"K(%pYgY}io8;d2L7:=-vjkZ}c\_&f6]_nLfp<Tkkg_(<lwq1W+/b\|_t8k[yTMea9(.V^mI1>/x?.aN6W"ieN6n}5z{c>y>o^um}~qpZ>o8:5X&OqQp97KI~=oD7ziq2M~+o.q1~3:^v,>Wp2y=lR<`s&Zx[5n}WgogZc3`hey54(FVtn6^&fy\L;;eL>k}oYMWqOkG[0vl=>+Vhf:}tIr}llli=Iei{RoL/x=)jz\|S_l~>Zhg{v6"Rlt`=mY[xYxd>MOkkh8/vF{2?rz-._OX4/6Ee4N7O?6@d\|{<n_m&]~VhkCZ}KV/\|8z
Sep 27, 2024 08:19:03.670933008 CEST	1236	IN	Data Raw: be 81 17 40 01 6b 71 f5 d7 b2 df 96 5f 4d 80 9a c1 c9 5a f6 c5 7a 53 f9 66 72 75 f6 69 d8 07 cc 99 16 56 6d 35 cf 07 b3 7e 1f 34 59 56 eb 3d 5e cb f6 ac b3 b5 c9 80 a1 dc dc 3c 03 98 ea f5 f5 75 fd 6e 4c 4f 8b 41 bc ee b4 01 fe 7a f6 72 fb f6 14 Data Ascii: @kq_MZzSfruiVm5~4YV=^<unLOAzrNQU/gX7&[K7EkG=zm={"2`,gM,W)gip6GvStK8g~\d*9m$ I[M;\|'`
Sep 27, 2024 08:19:03.670942068 CEST	448	IN	Data Raw: 40 64 f0 fb e2 f8 18 76 70 22 66 da de 77 fa 45 7b 30 1b 95 0f 20 35 ac 60 fe eb 38 5b 05 0c 7e b5 4d ac 82 c6 c2 e6 b5 5f c7 1b b6 19 26 50 88 74 4d 6d f5 fa c6 68 36 39 b5 b2 75 38 a9 f9 09 fd f5 b6 91 a2 e3 26 ac f4 68 3e 9e 69 a1 b4 91 ab 1d Data Ascii: @dvp"fwE{0 5`8[~M_&PtMmh69u8&h>i-E;_OMk9txu\|>79=\|2l_66}0I?~w+6?3z#IVJ/MkO IgC"1zK[Ii
Sep 27, 2024 08:19:03.670984030 CEST	1236	IN	Data Raw: be 4d cd 37 a7 6c 93 c0 d9 30 4d 0e 8e a3 c9 e1 f4 a3 e0 73 b0 d1 19 9e 8d 66 c8 32 00 d7 ef 17 95 7b d8 11 1b 71 d9 8b 27 f9 8f f5 fa 27 30 ea 67 87 a8 6a 57 90 ed 23 74 56 1f 6f d6 b3 df e9 62 62 e4 6e d7 38 9f a4 09 61 37 2c 37 99 4f 5b 3f 36 Data Ascii: M7l0Msf2{q''0gjW#tVobbn8a7,7O[?66/=]DU{t7JOlJu"PIPU^%x@2M2IT/dS1@z#B/DZ_g+b(@2coe$ri]x-\|fp
Sep 27, 2024 08:19:03.670994997 CEST	1236	IN	Data Raw: fe 78 b9 40 e8 4f ac 60 65 b2 50 c1 b8 7d 91 de 8c 69 16 f2 3c 69 4d 1e 35 be 6e 37 26 ad 7b db 8d df b7 eb 61 ef dd dc 94 db 08 2d bb 5b cd cc c6 c6 67 77 bf 42 23 3c 6d f8 16 0e 8b 0a 31 32 66 4f e8 dc 8d ad ed f5 f5 3f a6 b5 c9 29 9c 4f 1c 01 Data Ascii: x@O`eP}i<iM5n7&{a-[gwB#<m12fO?)O:0]`StWRwmDutz5hcz}Z[3zNXk{pK*y{d_("aWDh@`^^Wzv4<omK;lu
Sep 27, 2024 08:19:03.671006918 CEST	1236	IN	Data Raw: 37 f3 f5 ff 5b c7 99 ce b0 57 0e 7d 87 66 6b 6e e6 46 6a 8d 3b 3b 5b de 08 49 16 9f 98 2c 8e 0b 0b 08 85 a9 35 c0 c9 06 e5 03 9b 99 cc 9c 5c 52 09 a9 26 17 4a d0 05 04 67 34 77 70 47 e3 8f ce 74 1f be bf c8 fe b8 c8 8a 47 d9 f4 d1 c7 5c 1b a1 64 Data Ascii: 7[W}fknFj;;[I,5\R&Jg4wpGtG\dzhX*ZG[\4_DLk6ckh,>woX`kJPp(C[(@.]4^\|$V3QKyoQUYNLPKZnGshPlY>l]!
Sep 27, 2024 08:19:03.671017885 CEST	672	IN	Data Raw: 58 cc 98 4c 1a b2 ee 26 b3 67 74 0f da 6a d9 c2 0a 66 1b 86 9a ca ba d3 8b 00 36 0a 05 58 80 5d ac 3f f0 6d 34 31 33 d4 23 ec 5d 89 91 83 a8 4d 7b c4 e1 75 08 bf f9 1f 70 df 4d fb e0 9f c9 b5 80 29 2f fd 5b c7 ad c2 15 32 0d e8 f6 dc 62 9a 2c fa Data Ascii: XL&gtjf6X]?m413#]M{upM)/[2b,Ewh=+'miDUs[aWbh5msR^;t2t"a_-rO!R^5-h{bsm\|=<h+.OBsw
Sep 27, 2024 08:19:03.671041965 CEST	1236	IN	Data Raw: c7 e5 32 ca 4f 3e 21 60 96 cd ad c7 66 3a 60 a1 dc e1 53 37 bd ae f9 12 ce 98 37 46 3b ed 0d 66 45 b3 1c 9a a2 62 b3 01 5e ae 28 fe ab 5a de e2 52 83 64 5f d1 c9 c0 02 a4 c9 92 ab 95 b0 fb 3e 0c c8 55 8f 18 91 09 01 f8 8a 3d c1 a9 ef 09 80 33 a8 Data Ascii: 2O>!`f:`S77F;fEb^(ZRd_>U=3?/\=F[XEkev)[+0ilvMqggnE`rgY#[8+u[kjfPi59g1jc7~,&~Z
Sep 27, 2024 08:19:03.671055079 CEST	1236	IN	Data Raw: 84 5a c8 b4 6e e4 02 a3 71 d5 e4 4e 84 d5 7a 5e af 4b 07 13 c2 c0 dd 42 45 8a 82 ed db 8c cf 82 fe 66 ec a1 e0 b5 d5 f7 5b f0 69 e0 29 c5 24 18 09 fe 8f 3a 94 17 9c 42 1b 03 24 01 6a 1e 27 19 6a a5 ca eb 5c 3a 7f 10 dd f3 ae 7d 63 8c 33 cb 39 04 Data Ascii: ZnqNz^KBEf[i)$:B$j'j\:}c39WiYa0mL,+"e#(v_p++HvmH6pO[_ vdjj>uI"Kz\h\|vxl}U^1?PHA'6Zr;iW{}o
Sep 27, 2024 08:19:03.671066999 CEST	1236	IN	Data Raw: cb 90 50 23 db 26 04 67 ab b6 1d 11 5c 76 99 5c e4 56 00 8c 16 e9 8c 1a 70 af 3e 91 d5 6e d2 41 7b ea 1a e8 4b 53 76 54 3b 1b 3e c9 4e 61 e8 5d dd b7 4b e3 25 fe 79 b9 c8 3c ae 84 6c 20 26 70 79 4a 29 b3 af 26 2d ea da c6 1a c2 f9 a5 c5 31 37 2c Data Ascii: P#&g\v\Vp>nA{KSvT;>Na]K%y<l &pyJ)&-17,dvnMv"6&[n@p( Xd_Q`Y.-*-Z["U'ARlbZq8JIBff;%W~v=q(P9iSPo(8F
Sep 27, 2024 08:19:04.825957060 CEST	670	OUT	GET /assets/worker-d3bc0bde.js HTTP/1.1 Host: aa5aa5aa5aa5aa44.app Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%221eac12e6-1eaf-5e53-a3f2-b84436421122%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201727419743727%2C%20%22ct%22%3A%201727417943727%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=dd8959f7-020d-5d87-92de-a14fa2ef4951; __51vuft__KQFtdGOd9WuFBLcO=1727417943730
Sep 27, 2024 08:19:05.141100883 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Sep 2024 06:19:04 GMT Content-Type: application/javascript Last-Modified: Sat, 24 Aug 2024 14:09:18 GMT Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding ETag: W/"66c9e98e-32d56" Expires: Fri, 27 Sep 2024 18:19:04 GMT Cache-Control: max-age=43200 Content-Encoding: gzip Data Raw: 34 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd fb 5a 1b 49 b2 2f fa f7 d9 8f 70 fe 92 eb b0 b0 6a 28 6b 00 77 7b 66 84 cb 1c 0c a2 8d 8d c1 e6 e2 cb d0 1c b5 90 4a 48 46 a8 d4 25 09 4c 83 d6 b3 ec 67 d9 4f 76 7e 11 79 a9 cc aa 2c 49 f8 d6 3d df b7 66 ed ed 46 55 59 99 91 91 71 8f c8 cc 72 7b dc 6f 8e ba 71 bf ec df 7a e3 61 54 1a 8e 92 6e 73 e4 ad 5d 35 92 d2 55 12 ee 9f 7d 8a 9a a3 4a 2b 6a 77 fb d1 9b 24 1e 44 c9 e8 26 38 73 bf e8 46 c3 e0 5a bf 3a 8f 46 fb d7 7d f5 cd 56 34 6c 26 dd c1 28 4e 86 c1 d1 48 f5 6b b7 39 bc b9 3c 8b 7b c3 a0 a6 fb 18 24 f1 28 1e dd 0c a2 4a a7 31 34 7a 0b 0e 1d 4d d0 98 c1 db 19 d6 fa e3 cb 28 69 9c f5 a2 e0 72 14 96 93 20 0a fa 7e f8 2c 2a 75 fb a5 64 fd 2a e1 27 b7 91 6e 55 7d b0 1c 34 e3 7e bb 7b 3e e6 af e8 f7 75 d2 1d a9 bf af 1a bd 71 54 ed 4f fc 6a 72 12 9d 86 fd a0 2e 7a 45 9f b7 ed 38 29 13 b2 fa d4 79 74 77 57 8e c2 db 89 ef d7 92 4a b3 d1 eb 95 69 e4 c5 c5 cb 11 86 ec 07 d1 49 ff d4 5f eb b6 cb 47 23 3f fd 2e 6e 97 8e 46 e5 c8 f7 0f 8b bf 49 a2 d1 38 [TRUNCATED] Data Ascii: 4000ZI/pj(kw{fJHF%LgOv~y,I=fFUYqr{oqzaTns]5U}J+jw$D&8sFZ:F}V4l&(NHk9<{$(J14zM(ir ~,ud'nU}4~{>uqTOjr.zE8)ytwWJiI_G#?.nFI8`>y\'ep,h5=![<JaQ=mv^U=^}\Fa<zqR(Q<y`z` gm6JQ}];zU?om>Y^I}:qGv<dk`bn^9N?[ynH@tW>Z{%wIWk U^\r[`%cu&VA^gU2Od;{hf?2sxJM36xi?K_?B!fjJEI#(C=_\|#z;NNNJ/:M\Yk4;3uVT*fHM&p@U`TXQ%K~pKPW d\JLvQZhbF$C+eMK9+3zP{&Gg5cPJ?a
Sep 27, 2024 08:19:06.787492990 CEST	837	OUT	GET /assets/Home-52354fe8.js HTTP/1.1 Host: aa5aa5aa5aa5aa44.app Connection: keep-alive Origin: http://aa5aa5aa5aa5aa44.app User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%221eac12e6-1eaf-5e53-a3f2-b84436421122%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201727419743727%2C%20%22ct%22%3A%201727417943727%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=dd8959f7-020d-5d87-92de-a14fa2ef4951; __51vuft__KQFtdGOd9WuFBLcO=1727417943730; UM_distinctid=19232220dae2bd-07a6196558f62e-26031e51-140000-19232220daf416; CNZZDATA1281366638=1701857660-1727417946-%7C1727417946
Sep 27, 2024 08:19:07.105535984 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Sep 2024 06:19:06 GMT Content-Type: application/javascript Last-Modified: Sat, 24 Aug 2024 14:09:18 GMT Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding ETag: W/"66c9e98e-e33" Expires: Fri, 27 Sep 2024 18:19:06 GMT Cache-Control: max-age=43200 Content-Encoding: gzip Data Raw: 36 31 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 97 4b 6f db 46 10 80 ef fd 15 0a eb 1a 24 30 a4 f5 b0 6c 47 06 5d c8 8f c4 4e 9c 38 89 13 e7 21 08 0c 45 2e a5 b5 29 92 59 2e 25 2b 02 2f 05 da bf 50 20 bd f4 d0 73 4f bd f4 07 25 bf a3 33 7c 58 0f 2b 8d 51 14 86 35 14 c9 d9 9d 9d c7 37 23 3e 8c 42 21 a7 e7 15 3b ae ec a7 9e 08 87 8a b1 71 3e e6 11 13 fb 76 10 30 a1 37 1b 55 af b1 d5 6c 1a 97 b1 b2 cb f3 d7 5d 7a 3d 02 41 62 02 09 89 53 08 49 8c a1 4f e2 04 6c 12 0c 1c 12 31 f4 48 48 18 93 f0 80 91 b0 e1 01 09 07 3c 12 2e 48 12 3d 18 90 08 c1 22 d1 06 4e e2 10 2e 49 ac 41 44 e2 09 5c 91 38 06 9f c4 53 38 22 71 06 43 12 cf 20 20 f1 b2 3c 08 0f 5c 76 ad 6f d7 bc a6 dd 74 dd f9 13 64 5a e7 b9 95 17 70 41 df 1e 94 5a 07 a1 7f c1 5d 16 9e 48 36 d4 ab db ee a6 5b db 76 e6 95 b3 03 3f 84 36 89 83 dc d4 17 a5 72 db 1d 31 21 79 cc 86 2c 90 a7 3c 96 c6 28 61 16 fd cb 49 c4 ac d8 11 3c 92 56 cc 64 12 59 52 e0 ed c0 1e 32 eb 96 96 e5 db 41 5f df 72 b6 5c b6 e3 de cf 36 77 c2 20 96 95 57 e6 d4 f1 ed 38 6e 29 9e cf [TRUNCATED] Data Ascii: 61cKoF$0lG]N8!E.)Y.%+/P sO%3\|X+Q57#>B!;q>v07Ul]z=AbSIOl1HH<.H="N.IAD\8S8"qC <\votdZpAZ]H6[v?6r1!y,<(aI<VdYR2A_r\6w W8n)+p\Z}]w+Cw6JI;L!cAc\&D-doG(-m3vK`v08stSrKKp`K<a\|6}Gy<Uj7F0^NT}nSx`dIjVoxNatWqK><yQ<0UXU\>Rt:i,'>kMRV@U_;Cm)d\|2;vv2z+6iY0Rzau"RSA $V&NSMMM_.63^}cT!(t~fiID=9%EjRaZZ;Q*dv("lQ,0b'.CSo6JO+PVR1cAe=C}bHX,wRgWll/$Dz

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 08:19:03.366513014 CEST	313	OUT	GET /assets/index-fd1be804.css HTTP/1.1 Host: aa5aa5aa5aa5aa44.app Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/css,/;q=0.1 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Sep 27, 2024 08:19:03.680989981 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Sep 2024 06:19:03 GMT Content-Type: text/css Last-Modified: Sat, 24 Aug 2024 14:09:18 GMT Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding ETag: W/"66c9e98e-7640f" Expires: Fri, 27 Sep 2024 18:19:03 GMT Cache-Control: max-age=43200 Content-Encoding: gzip Data Raw: 34 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac bd 07 af e3 48 b2 2e f8 57 0a 33 b8 c0 f4 aa 4f 8b 9e 52 15 1e 70 45 27 52 a4 48 89 94 48 51 0f 17 03 5a 91 12 bd 17 1b 0d ac f7 de be ae e9 59 ef bd f7 e6 1f ed 6f d8 94 8e e5 39 ac ee 37 ef 6e 15 d0 7d 0e 15 19 19 99 19 19 f1 85 a1 ea af 9d c0 2a 4a af fa f4 bb fd 8e 7b 98 fd ee cb e7 22 4d ab ef 3f 07 69 59 fd f8 f0 d0 58 c9 83 1d 59 ce e5 f3 a7 df 43 10 f4 e5 f1 49 1b 84 95 07 9e f8 be ff f4 e4 54 58 d7 07 f8 f6 88 f4 67 be f5 f6 29 72 7b 8a f8 a8 8f bf 7d 8a 82 a7 9e ed b9 fe 33 cf 3b 07 0c 3c 75 1d d7 f3 06 4f 71 f0 d4 99 39 73 c7 79 cb 81 00 4f e7 c4 9c 9c cf df 3e 25 c1 53 02 23 70 82 78 fb 74 06 9e a2 08 f8 8b 3e 3d 2d 3c f7 26 80 07 59 08 f6 f4 c8 8e ea db 9a e0 f9 6c fe b2 80 b4 b0 92 d3 e3 4a e7 24 f1 bc ac c7 a7 0f ae 55 dc b6 c5 73 09 0b 7a 96 ec e9 a3 28 3c 05 15 f8 0c 6c 90 ed cd 5e 24 f1 bc 04 3c 84 48 07 26 de 2c d0 0d bd a4 7a b8 4b 14 85 89 67 15 0f 60 2f ee 0f ff 50 a5 9f 8a 1b ab ef 6f ac 08 08 c5 c0 0f 8f 42 7f f7 ba bc c7 f1 [TRUNCATED] Data Ascii: 4000H.W3ORpE'RHHQZYo97n}J{"M?iYXYCITXg)r{}3;<uOq9syO>%S#pxt>=-<&YlJ$Usz(<l^$<H&,zKg`/PoB;&YdE[I?<\|=xeTU=S>=V#>d(wb(;r1#*,'?enXZv=nHg4/`!rV'=y~?><-`GO+?ZmAX2 0w~punvvogy<[Llo?um~IeP^DQh9@^xUXd~S}Z}IMJ8PO.>,S4+)?-ui'[+gS,xIXa G>0t8O:o`~@?nOO#H>l3+G6tji==z<=b<SZO<~Z
Sep 27, 2024 08:19:03.681081057 CEST	224	IN	Data Raw: b5 58 bf f7 f1 db df 27 f1 5f 3f b9 dd ee df 93 d0 ed ef c7 cf 6e 2e 11 73 6f 7f 47 97 fd 7b d4 02 7f 9f 1d cd d0 5e 0d 3f 7b 6b 71 de 78 ed a1 91 f9 3d ec 80 bf de f3 54 2f 46 ea e1 26 06 4a a2 04 6a ff 14 54 71 f4 e3 43 eb d9 97 b0 7a a8 ac ec Data Ascii: X'_?n.soG{^?{kqx=T/F&JjTqCz!ecYU?{8/[q]?(z07Sdu]WU\|]S@;Od}S.\|q/L~Nd?wng7~xu
Sep 27, 2024 08:19:03.681091070 CEST	1236	IN	Data Raw: 90 27 c3 09 96 14 85 25 b0 5d d5 35 7a 22 fc eb 8b 77 f5 0b 2b f6 4a 60 d7 93 87 32 0a 5d ef a1 ce 1e c0 66 78 c5 8f d0 5f fd 78 df 1d 3f 2d e2 cf f7 9f 22 ab f2 50 f7 0f d0 f7 30 04 fd d5 f7 d0 77 3f fd f4 2d 0e 11 b8 8f de 8f 55 fa 0f c8 c1 4d Data Ascii: '%]5z"w+J`2]fx_x?-"P0w?-UMxu1L~S`y~[<$~K$L~Co3- arSgNFG\|;~;0H+gC{\|rzz:}?<}]V8ya`+F
Sep 27, 2024 08:19:03.681106091 CEST	1236	IN	Data Raw: 3e e5 dd 12 6e 16 e4 65 0b 07 ea ff b8 69 8f 5e e0 f5 2a be 26 b9 bf fb e6 35 7d b5 4a df 3d 26 a9 ee d6 e1 e3 75 be d3 bd 5c e2 ef c6 2f c1 40 5e 90 06 7c c2 82 2f 32 fb 91 d7 7d b9 fd e7 c1 0d 0b ef 51 6b c1 b1 d6 71 f2 e5 6e 0a 1e 80 fe c7 e5 Data Ascii: >nei^*&5}J=&u\/@^\|/2}QkqngoW~Q<?A,H=<k8.~#$1`/M9KqOR\|yC>{Lna?18,m 3ywCoM~
Sep 27, 2024 08:19:03.681114912 CEST	1236	IN	Data Raw: 75 60 c5 b7 2e d0 0f 6b fd fa df 0c e8 ae 63 24 ff ed 80 24 01 c9 a8 51 4e ff dd 70 c6 cc 4a 46 25 fb fa df bf 9b 71 4c fc af ff c3 47 66 23 c2 ff 8f 6f a9 fc 30 ba 55 fc 47 36 e3 eb ff 34 a4 2b c6 56 f9 3f 0f 68 ac 30 1a 99 ef 7f 79 4f 53 8f b2 Data Ascii: u`.kc$$QNpJF%qLGf#o0UG64+V?h0yOS_O76(>u}<=(;yWFXS5f340q$9f40pOdc@:2oQ->pNQb@=2?f?x#3o`G{
Sep 27, 2024 08:19:03.681124926 CEST	1236	IN	Data Raw: 40 d8 80 d4 f2 d8 45 1d c0 c1 67 d9 46 37 70 00 07 1f a7 1d 11 6e 80 07 9f 5e 84 ff 48 f6 e7 01 1e 6c 3d 50 46 1b 5f ec 9f 07 68 f0 29 33 3f 1a 74 fc 79 80 09 9f 5f c1 1f 59 f2 9f 07 80 f0 91 e5 88 84 03 28 08 7a c5 6e 5e 74 6c 5f fe 3c 40 82 d7 Data Ascii: @EgF7pn^Hl=PF_h)3?ty_Y(zn^tl_<@o/J#\H&(DxWXkuble^P~}.#n}G<{vstV;5?/JZ%[#s.P4Ok;}{
Sep 27, 2024 08:19:03.681133986 CEST	896	IN	Data Raw: 83 6c a1 f5 c9 d2 72 03 59 f8 42 8a 2f 83 02 31 17 69 39 e3 27 97 c2 df a2 d2 8c 69 17 13 0e d6 b1 b5 e7 14 f3 95 8e 44 67 6d 3d 6d f7 fd d6 58 08 bb a8 4b 57 9a cf c6 7e 19 a2 08 5c b4 3c 8f ec ce 01 5b ef 37 27 79 55 4f 78 a7 ba e2 35 87 46 10 Data Ascii: lrYB/1i9'iDgm=mXKW~\<[7'yUOx5F}."<Y ^+t:{:~Y'\SK^bGW6<+&\G]!Fv+(n$9xD1E]y7S">\]wQ[d0+b"(aFlu2a;Q
Sep 27, 2024 08:19:03.681142092 CEST	1236	IN	Data Raw: e4 d0 4c f5 b5 e7 d3 9a bb d1 d7 a1 39 3b 03 a3 98 22 eb c5 06 8b 85 e9 a2 ba 82 d8 e2 92 c7 c2 42 4a 88 08 da e7 50 24 cc 48 4a 58 41 58 6f b6 6e 3e a9 f5 f3 91 ee 4c e4 ac 4f 8a 36 60 16 ed 69 0d aa 7a fd d1 82 70 cd e4 04 41 45 57 bc 3a 11 c4 Data Ascii: L9;"BJP$HJXAXon>LO6`izpAEW:.KKqZ+TTgi0}e]+y3DSQlVe$lpYD.F%7^bDn5z'I#Pjqkt=6 ^Qc>I
Sep 27, 2024 08:19:03.681152105 CEST	1236	IN	Data Raw: 2e ce 5b 69 2e e1 9a ed a3 a7 fd 64 49 2b eb 6e 42 af e6 6e 13 09 27 3c 0f 56 e6 29 aa a8 35 ef b0 e2 16 6b e7 0b 4b e7 3d 3b 39 ec 26 90 ea 6b 3e b6 d9 a4 d7 a9 92 ae b1 d6 bc 84 42 61 8b b4 7c 60 85 4e 9a 54 db 9d 1d 69 a4 1f ab de d4 dc 4f 13 Data Ascii: .[i.dI+nBn'<V)5kK=;9&k>Ba\|`NTiO8%9)LJX#5JlN!\|7jrR3qf;niGy'3nzDzuO\|ZKZ(}3--vzO+KiR@
Sep 27, 2024 08:19:03.681160927 CEST	1236	IN	Data Raw: a6 17 84 43 36 65 41 64 46 e1 40 b9 2a 60 14 7b e4 91 05 a5 38 36 1a e4 db db fe e7 67 99 9c ae 0b a2 84 04 69 2a 68 30 e2 28 f9 c9 cb 0b 6c 67 ac c4 a6 a2 7c 11 ae c9 44 94 90 8c a7 26 d9 76 82 8b c7 6a 29 68 0c bc e1 e4 ee 7c cd db 89 c1 cf 51 Data Ascii: C6eAdF@`{86gih0(lg\|D&vj)h\|QZl32SD-$"{eyv_~d9m00_@/g=.46H_kVbaf5C`j-dt{$Q][iLto%Q;Z']\ b/Ky.S_
Sep 27, 2024 08:19:03.686141014 CEST	1236	IN	Data Raw: 66 5f dc 12 c2 ab 39 88 ff 23 dc de 04 61 71 71 f1 a3 a3 2c c5 f6 78 69 21 60 23 96 78 65 41 20 02 85 41 6c d4 35 5d 6c 4a 95 6a 4d 84 7d d1 0b 9d cd 2d c5 43 4b 44 87 6a e3 c2 6b 90 4b 91 59 85 39 5f 38 81 6a 66 93 a5 13 1b 5c 8b f5 35 21 2c 2b Data Ascii: f_9#aqq,xi!`#xeA Al5]lJjM}-CKDjkKY9_8jf\5!,+&t1vYL1;[^0*42Evb!_NO!mic={D+mo6ap6<N#Gnp^Y$"c@di1mRN
Sep 27, 2024 08:19:06.787703037 CEST	845	OUT	GET /assets/SwiperBanner-530f3655.js HTTP/1.1 Host: aa5aa5aa5aa5aa44.app Connection: keep-alive Origin: http://aa5aa5aa5aa5aa44.app User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%221eac12e6-1eaf-5e53-a3f2-b84436421122%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201727419743727%2C%20%22ct%22%3A%201727417943727%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=dd8959f7-020d-5d87-92de-a14fa2ef4951; __51vuft__KQFtdGOd9WuFBLcO=1727417943730; UM_distinctid=19232220dae2bd-07a6196558f62e-26031e51-140000-19232220daf416; CNZZDATA1281366638=1701857660-1727417946-%7C1727417946
Sep 27, 2024 08:19:07.106775999 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Sep 2024 06:19:06 GMT Content-Type: application/javascript Last-Modified: Sat, 24 Aug 2024 14:09:18 GMT Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding ETag: W/"66c9e98e-2cb0" Expires: Fri, 27 Sep 2024 18:19:06 GMT Cache-Control: max-age=43200 Content-Encoding: gzip Data Raw: 31 33 30 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 bd 5a 69 73 da c8 d6 fe fe fe 0a 5b 37 43 b5 ee 34 0a d8 d9 46 89 4c c5 8e 93 38 5e 92 89 97 2c 14 45 04 6a 8c 6c 21 31 52 03 c6 98 ff 7e 9f d3 dd 5a c0 ce 2c b7 6e bd 1f ec 6e f5 7a fa ec 0b e1 68 9c a4 72 e1 77 37 fc 6c 63 28 78 2f a4 ce 2d 3a 87 d4 f9 88 ce 33 ea 8c d1 39 a2 ce 27 c1 53 6a 2f f9 81 fa e4 43 6a 30 7b 4c ed 40 70 d5 fe ce 7b 27 d4 5e 08 9e 50 db c5 82 df a8 f3 46 f0 8f d4 7e c6 c0 0d 75 ae 04 f7 9b d4 79 8b 11 35 f5 0e 23 5b d4 39 14 3c a0 f6 86 f7 1a d4 ce b1 e2 09 75 ce b1 82 da d7 bc 4f cd 47 7e 45 4d 2c f8 8c da f7 fc 33 35 7f 70 41 cd 23 7e 4a cd 1b 7e 41 cd 77 de a3 66 9f 8f a8 49 71 e0 7b ea 7c 11 fc 3b b5 42 f0 33 6a a7 82 7f e1 11 f5 6e 04 ff 46 ed a5 e0 e7 d4 f6 04 7f 4b ed 9e e0 03 6a 0f 04 97 d4 7e 15 fc 96 da 19 8e 7c 4a 9d 6f 82 7f a0 f6 03 60 55 28 fa 1d 1d 85 ca ef 58 a2 de f7 07 3a bb d4 11 92 8f a9 0d 30 f0 89 3a 52 f2 de ef d4 f1 25 df a7 36 93 5c 51 28 91 cb 41 9a 8c 2c e7 71 18 07 e2 a6 fe bc 39 78 ea 3f 0d 02 e7 [TRUNCATED] Data Ascii: 1309Zis[7C4FL8^,Ejl!1R~Z,nnzhrw7lc(x/-:39'Sj/Cj0{L@p{'^PF~uy5#[9<uOG~EM,35pA#~J~AwfIq{\|;B3jnFKj~\|Jo`U(X:0:R%6\Q(A,q9x?^0%E@Q<x4'>."a&F"Ga&DtOp,qW,/}$F*`0eGwAG'QO<IC^>i_MDaXGa;#n&I$XX'>%Ae~J2) XI&2I 1~&?5S,mIaR Ok$0?y0I$~]Xc{\:JhE!L,GFq7sv+%?\|K"FoOp{h<s#m7\|"=:G8cQ{T-IppDwMO()z57l~FhEOQy\|)mf(:;Y2Lz;8s"'"G&D"x8\O4[-

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 08:19:03.373548985 CEST	285	OUT	GET /wasm_exec.js HTTP/1.1 Host: aa5aa5aa5aa5aa44.app Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Sep 27, 2024 08:19:04.264110088 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Sep 2024 06:19:04 GMT Content-Type: application/javascript Last-Modified: Fri, 12 Jul 2024 05:38:31 GMT Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding ETag: W/"6690c157-4ed5" Expires: Fri, 27 Sep 2024 18:19:04 GMT Cache-Control: max-age=43200 Content-Encoding: gzip Data Raw: 31 34 61 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 5c eb 73 db 46 92 ff 9e bf 62 5c b5 bb 84 22 89 7a 58 51 6c ed 29 b7 8e ad f8 9c 73 64 95 e5 c4 b7 a5 75 69 41 62 48 22 c2 83 07 80 94 79 8e fe f7 fb 75 f7 0c 30 78 90 12 a9 dc de 5d d5 ea 83 24 00 33 3d dd 3d fd 9e 06 f6 f6 d4 cb 74 ba c8 c2 f1 a4 50 87 fb 07 cf d4 87 89 56 af 53 f5 62 56 4c d2 2c ef ab 17 51 a4 f8 71 ae 32 9d eb 6c ae 83 fe 57 7b 7b ea e7 5c ab 74 a4 8a 49 98 ab 3c 9d 65 43 ad 86 69 a0 15 2e c7 e9 5c 67 89 0e d4 60 a1 7c f5 fd e5 ab dd bc 58 44 9a 66 45 e1 50 27 98 59 4c fc 42 0d fd 44 0d b4 1a a5 b3 24 50 61 82 9b 5a bd 7d f3 f2 ec fc f2 4c 8d c2 48 f3 3a 7f 29 f2 dd 24 1d 4e f4 f0 e6 ab af 3c 6f 4b 9d 7e a7 be 7c a5 14 1e fd e4 4f 55 3c 8b 8a 70 1a 69 f5 a3 3f f7 2f 87 59 38 2d 94 4e e6 61 96 26 b1 4e 80 74 91 02 87 3c 4c c6 18 33 4c e3 38 4d d4 8b 8b 37 3b 02 61 9a e9 91 ce 32 3c 55 b7 7a a0 f2 c2 4f 02 3f 0b 72 45 14 a8 73 d0 d3 ff 35 a7 f1 7d 1e 2f 93 ce 5c f0 c3 34 c9 c3 40 67 3a 38 91 a7 bb ea fb 2c bd 05 a3 72 7b 6d c0 d8 [TRUNCATED] Data Ascii: 14a9\sFb\"zXQl)sduiAbH"yu0x]$3==tPVSbVL,Qq2lW{{\tI<eCi.\g`\|XDfEP'YLBD$PaZ}LH:)$N<oK~\|OU<pi?/Y8-Na&Nt<L3L8M7;a2<UzO?rEs5}/\4@g:8,r{mHg/\|.W`J#o$HoS({{[eQ:#ujgwJG)hzVA+,UL@J:4x}z$?O b?3%XX4Sc([N<]LEr=/eWXh0gR>%vv=yb%e?-o#]tVLg1'1R?w'jN~]}g/>4o~xgw[,:0Kfa/;j0YBS._hlQBVNG~^t~~7zK.x@~r.+lU /2oG%E3tt2.&;/Q%w4"LX(@M]RD~jYz`AdE(WgRmFE~{K`rI/&;n-+:1CEi.{!
Sep 27, 2024 08:19:04.264134884 CEST	1236	IN	Data Raw: d0 45 e2 ff 28 aa 00 87 c8 22 38 8f 26 6a 04 cf 53 30 a8 4d 89 ca ad 4a af 04 c0 92 d6 12 fb 51 91 cd 92 a1 6f 44 df 4a fb 4a 40 2d b9 2c 37 3b 12 b6 88 d8 3c 9a 31 51 98 dc 18 c9 a1 7f 37 e6 4f c4 0c 16 a4 36 24 2c be 09 c2 cc 80 98 ea 2c de 18 Data Ascii: E("8&jS0MJQoDJJ@-,7;<1Q7O6$,,t6"?R3f!Yl=@hG@JP,t=Gx%?RgwjVt9?=44K:/5Nh6F$mp{z-z-,M.[~n8
Sep 27, 2024 08:19:04.264144897 CEST	1236	IN	Data Raw: 07 1a e2 f0 51 c1 e5 fa 0a 23 c0 55 e1 aa 94 d6 e1 0b 99 8e 77 23 93 68 2c f7 89 bf 27 3d 42 b7 0f aa 89 24 a1 c6 c5 53 71 c0 ec b1 c9 62 0d c3 9f 7f 21 4a f0 cf f6 76 5d ab fc ab 90 54 bd 74 eb 9e 20 ba 8d 29 5f 2b 97 89 ad 0a bb 6f e5 ac e9 fa Data Ascii: Q#Uw#h,'=B$Sqb!Jv]Tt )_+ox{YeVo.B^KowFLT({sSk/BfrrX8A{3+37NS%>\|ruy,sxIJq: ?F72qzLPA<]*p\|'rXc(
Sep 27, 2024 08:19:04.264158964 CEST	1236	IN	Data Raw: ea 05 c8 ee 9d 92 b2 1a 2a 27 1e a3 8c bc 8d 6a 06 5b b4 67 ae ef 74 b6 ac 9c b1 de 86 55 b5 f8 2a 0a ae 8a 14 6b c8 16 e3 f9 9a ca 9f 84 24 a5 09 f7 e3 6c e7 ac 87 b2 6c 2a 39 c5 88 0a 04 10 66 ea 27 e6 92 73 55 aa 31 c9 02 b9 29 5b 71 11 62 90 Data Ascii: 'j[gtUk$ll*9f'sU1)[qb4LeNVV0GRIj:k;`a[loG}^vz,\l8~6czoBu?<-gf/BbQZA7[RBti)H`34n=SdHsjW6
Sep 27, 2024 08:19:04.264169931 CEST	707	IN	Data Raw: c8 70 ca 06 36 46 8c 21 dd 4e 34 7f a3 84 ce f7 21 72 78 2f 6f 9c f9 31 0b 9c 8c b6 7d 61 18 7b 41 2f 7c d1 07 64 e8 d4 1f af c7 a2 cd 32 1b a3 31 81 be 31 43 b7 9c 8f ce 40 94 b3 90 5e 41 e4 9d 73 14 90 da 01 e9 9b 0c c4 7d ac 19 d3 63 5a 9b c0 Data Ascii: p6F!N4!rx/o1}a{A/\|d211C@^As}cZ/l!y@7l*9wv5<ogtRKHmj#jm0K18Poc+1T^` <S`gV;2ah6$c)cu#-zV>A/??m>y
Sep 27, 2024 08:19:06.788136959 CEST	824	OUT	GET /assets/ColVideoItem-2396d821.css HTTP/1.1 Host: aa5aa5aa5aa5aa44.app Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/css,/;q=0.1 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%221eac12e6-1eaf-5e53-a3f2-b84436421122%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201727419743727%2C%20%22ct%22%3A%201727417943727%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=dd8959f7-020d-5d87-92de-a14fa2ef4951; __51vuft__KQFtdGOd9WuFBLcO=1727417943730; UM_distinctid=19232220dae2bd-07a6196558f62e-26031e51-140000-19232220daf416; CNZZDATA1281366638=1701857660-1727417946-%7C1727417946
Sep 27, 2024 08:19:07.101567984 CEST	1140	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Sep 2024 06:19:06 GMT Content-Type: text/css Last-Modified: Sat, 24 Aug 2024 14:09:18 GMT Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding ETag: W/"66c9e98e-85a" Expires: Fri, 27 Sep 2024 18:19:06 GMT Cache-Control: max-age=43200 Content-Encoding: gzip Data Raw: 33 31 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 85 55 4d 6f a3 30 10 bd ef af 40 aa 22 15 29 8e 20 e4 a3 85 cb ae ba ea b9 da 3d ae 56 91 03 86 b8 31 36 b2 9d 34 d9 28 ff 7d c7 06 12 70 48 ab 28 12 8c 67 3c 33 6f e6 3d 26 84 21 b5 25 8c 68 c1 4f 08 75 de 50 2a 98 90 f1 1e cb 47 6b cf 29 63 b5 cd 4f fa 8e 5a dc f7 45 19 96 5b 22 fd f3 f7 2d 39 e6 12 97 44 79 dd 24 4c e0 8c f2 e2 14 8c 4e 6b 9c 6e 0b 29 76 3c 43 95 50 54 53 c1 e3 30 08 46 de 3c 18 9d b5 18 3c 0f ec e1 79 d2 ed e2 83 66 7a 63 23 7b f6 d5 2a a7 52 69 c4 28 27 e3 6e c0 6a 55 61 89 0b 89 ab cd 69 43 68 b1 d1 71 b8 a8 0e 49 89 65 41 39 d2 a2 aa df af f5 5d 41 69 a1 6b 80 e9 25 9c 50 85 30 a7 25 d6 24 f3 fa 09 a9 26 65 a7 9f d8 d4 84 25 82 1a 32 4a b8 7e 7c 0e 32 52 8c 2f d0 3b 59 bc e9 7c 34 70 d8 8e c1 f7 a2 e5 d0 b9 9d a7 ef 2d a2 91 9f 74 b0 56 f4 1f 89 67 06 67 03 59 52 57 6c b0 1f 18 93 17 4e 66 30 3f ac 88 47 79 4e 39 f4 d1 c7 de d9 20 2a 53 46 90 cd 70 69 06 ef b1 86 5e 8d d1 77 06 e4 c2 72 0f 80 24 a3 aa 62 f8 18 53 6e 90 43 6b 26 d2 [TRUNCATED] Data Ascii: 31aUMo0@") =V164(}pH(g<3o=&!%hOuPGk)cOZE["-9Dy$LNkn)v<CPTS0F<<yfzc#{Ri('njUaiChqIeA9]Aik%P0%$&e%2J~\|2R/;Y\|4p-tVggYRWlNf0?GyN9 SFpi^wr$bSnCk&mZHdk?.(V-)sWN6nd1~`q++,BFrq"EC{h0\@{A0_Mef,&$n8bIDI`J3P4"9#3Zpdh}4 0ukO8pdxj_*Fepf<%(h1[.IN:$y^}.=G4}^I35pZH\|N!?@F8aLZaVdx.bM"B9\|WCokcb^x_s0>2s!K']QU0T3rBp5:{cZ0
Sep 27, 2024 08:19:07.337742090 CEST	909	OUT	GET /assets/AdvertisementList.vue_vue_type_script_setup_true_name_AdvertisementList_lang-6c6de8d9.js HTTP/1.1 Host: aa5aa5aa5aa5aa44.app Connection: keep-alive Origin: http://aa5aa5aa5aa5aa44.app User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%221eac12e6-1eaf-5e53-a3f2-b84436421122%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201727419743727%2C%20%22ct%22%3A%201727417943727%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=dd8959f7-020d-5d87-92de-a14fa2ef4951; __51vuft__KQFtdGOd9WuFBLcO=1727417943730; UM_distinctid=19232220dae2bd-07a6196558f62e-26031e51-140000-19232220daf416; CNZZDATA1281366638=1701857660-1727417946-%7C1727417946
Sep 27, 2024 08:19:07.646753073 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Sep 2024 06:19:07 GMT Content-Type: application/javascript Last-Modified: Sat, 24 Aug 2024 14:09:18 GMT Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding ETag: W/"66c9e98e-6d9" Expires: Fri, 27 Sep 2024 18:19:07 GMT Cache-Control: max-age=43200 Content-Encoding: gzip Data Raw: 33 62 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b5 55 cf 6f e3 44 14 be f3 57 b8 83 14 8d a5 17 93 94 66 5b b9 72 57 de 34 0b 2b 15 a5 6a 96 02 8a a2 c8 f1 8c e3 d9 4e 3c d6 78 d2 24 72 7c e4 c2 0d 0e dc b9 20 84 04 37 0e 7b 40 fc 35 5d b1 ff 05 6f ec 94 6d 0a 07 84 40 3e 7c f6 cc f7 7e cc fb de f3 88 45 ae b4 29 67 57 4e 54 38 4b 98 8d 2c 2e 60 f6 d2 62 08 cc 42 0a 91 05 06 31 24 f6 65 0e 33 0b 1a 56 16 32 e0 16 12 48 2d e4 90 5b 98 c2 73 0b 6b f8 cc c2 00 06 16 36 55 a2 d5 82 78 1f 88 8c f1 75 fb b8 9b f4 a2 1e 63 de ab 82 9c 8a 26 8f 3a d0 e8 9e d7 57 f2 5a 30 ae 5e 18 be 68 77 8e d9 11 eb 1e c7 35 fd 36 d2 ce 2a a0 3c 38 a3 7c cc bd 8f 87 9f 0c a6 97 e1 47 83 69 78 3e 0a 3a 93 80 ec ad 10 d8 27 f5 c3 ab e1 a7 a3 c1 45 cd ee ee b1 1f 6e 35 66 cf 06 cf 87 57 83 e9 f5 8b f3 c1 70 7a 79 11 7e 81 26 47 68 f3 d7 75 e4 bb 2e 5d 6d b7 65 e5 9e c6 2a 2b 8c 73 11 2c 28 c9 e3 cf 43 46 a0 2c 4c 64 b8 4f 5d 4c ba d4 3c d1 bc 48 45 36 f7 0f ba 10 b1 73 6e 22 21 8b 50 eb 68 e3 8f 27 95 0b 73 6e 0c d7 85 8f 66 4a [TRUNCATED] Data Ascii: 3b3UoDWf[rW4+jN<x$r\| 7{@5]om@>\|~E)gWNT8K,.`bB1$e3V2H-[sk6Uxuc&:WZ0^hw56<8\|Gix>:'En5fWpzy~&Ghu.]me+s,(CF,LdO]L<HE6sn"!Ph'snfJw\|<4Cyxy"8+%79,uAtZ-jFYe#\~~yw$O7?`Q{,_JniRQ<8v[/<XlnvKL3&}sLTjy98V[Ui\+LpWtFaP2=~'N\$IZeq2'0MDjYl1PhIbM(}/\|[(srlkyrrT/Q/-EZZ+l9TK@3e7vKDVZPM`wO)boNs` q[Ckp<uK/WvBF{Uw"jNc<#DHI@e})JkQQ&[`>AKT7/$o)H+LQ&r1O1xRJ81k%
Sep 27, 2024 08:19:07.646780968 CEST	71	IN	Data Raw: ff 9b 74 fa ff 75 3a 53 ff b0 82 6e e7 c3 c3 5d b6 40 76 b5 ab f3 c6 9f c6 61 ef 89 eb fa 03 4a 08 a0 b0 f5 34 f2 75 7d 75 d5 97 50 08 d7 cd b5 d3 dc 63 d5 e9 7b 7f 00 a6 5d c0 8e d9 06 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: tu:Sn]@vaJ4u}uPc{]0
Sep 27, 2024 08:19:08.192266941 CEST	865	OUT	GET /assets/qr_code-8c1a238d.jpg HTTP/1.1 Host: aa5aa5aa5aa5aa44.app Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%221eac12e6-1eaf-5e53-a3f2-b84436421122%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201727419743727%2C%20%22ct%22%3A%201727417943727%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=dd8959f7-020d-5d87-92de-a14fa2ef4951; __51vuft__KQFtdGOd9WuFBLcO=1727417943730; UM_distinctid=19232220dae2bd-07a6196558f62e-26031e51-140000-19232220daf416; CNZZDATA1281366638=1701857660-1727417946-%7C1727417946
Sep 27, 2024 08:19:08.501090050 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Sep 2024 06:19:08 GMT Content-Type: image/jpeg Content-Length: 6245 Last-Modified: Sat, 24 Aug 2024 14:09:18 GMT Connection: keep-alive ETag: "66c9e98e-1865" Expires: Sun, 27 Oct 2024 06:19:08 GMT Cache-Control: max-age=2592000 Accept-Ranges: bytes Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 83 10 00 28 00 28 00 28 00 28 00 2b 00 28 00 2d 00 32 00 32 00 2d 00 3f 00 44 00 3c 00 44 00 3f 00 5d 00 55 00 4e 00 4e 00 55 00 5d 00 8c 00 64 00 6c 00 64 00 6c 00 64 00 8c 00 d5 00 85 00 9b 00 85 00 85 00 9b 00 85 00 d5 00 bc 00 e4 00 b9 00 ad 00 b9 00 e4 00 bc 01 52 01 09 00 eb 00 eb 01 09 01 52 01 86 01 48 01 36 01 48 01 86 01 d9 01 a7 01 a7 01 d9 02 53 02 35 02 53 03 0a 03 0a 04 15 ff db 00 83 11 00 28 00 28 00 28 00 28 00 2b 00 28 00 2d 00 32 00 32 00 2d 00 3f 00 44 00 3c 00 44 00 3f 00 5d 00 55 00 4e 00 4e 00 55 00 5d 00 8c 00 64 00 6c 00 64 00 6c 00 64 00 8c 00 d5 00 85 00 9b 00 85 00 85 00 9b 00 85 00 d5 00 bc 00 e4 00 b9 00 ad 00 b9 00 e4 00 bc 01 52 01 09 00 eb 00 eb 01 09 01 52 01 86 01 48 01 36 01 48 01 86 01 d9 01 a7 01 a7 01 d9 02 53 02 35 02 53 03 0a 03 0a 04 15 ff c1 00 11 08 01 70 01 70 03 01 22 00 02 11 01 03 11 01 ff c4 00 1a 00 01 00 03 01 01 01 00 00 00 00 00 00 00 00 00 00 00 04 05 06 03 02 01 ff c4 00 2f 10 [TRUNCATED] Data Ascii: JFIF((((+(-22-?D<D?]UNNU]dldldRRH6HS5S((((+(-22-?D<D?]UNNU]dldldRRH6HS5Spp"/4Sr23QR!1"qABC""12qAQR#?4/wN/wN/wN/wN/wN/wNUCPU;iN8/w<1:^/w<1:^>UN=\0$HN'KON'KON'KON'KON'KON'KO8fdv.a]f&RR-R~0gH~0gH:r\.[7V]W~6&j^GgH~HCsUuck;RGwC{zIZ~0gH~0gHtJ
Sep 27, 2024 08:19:08.501142025 CEST	1236	IN	Data Raw: ac 45 7a 29 0c 0d 2d b3 28 9b d4 9c 41 b6 65 13 7a 93 80 00 00 00 00 10 ee d9 45 de 4c 21 dd b2 8b bc 0c c1 77 66 e7 98 a4 2e ec dc f3 01 70 01 57 5b 5b 35 34 c8 c6 01 68 0a 0c 5a ab b3 06 2d 55 d9 80 5f 82 83 16 aa ec c1 8b 55 76 60 17 e0 a3 86 Data Ascii: Ez)-(AezEL!wf.pW[[54hZ-U_Uv`PFEdeM&,.ue]=U\|N5p@&uc9\wu=ErU#40C[5DGdQ/;RT^MXlP)+/AUv`0Pb]1jt57
Sep 27, 2024 08:19:08.501154900 CEST	1236	IN	Data Raw: 28 fc c6 29 47 e6 65 80 16 57 1a 88 67 58 d6 35 2b 40 03 4b 6c ca 26 f5 27 10 6d 99 44 de a4 e0 00 00 00 00 07 0a a8 16 a2 15 62 2a 21 dc 01 4b 83 4b aa c1 83 4b aa c2 e8 01 4b 83 4b aa c1 83 4b aa c2 e8 01 4b 83 4b aa c1 83 4b aa c2 e8 01 4b 83 Data Ascii: ()GeWgX5+@Kl&'mDb*!KKKKKKKKKKKKKKKKKKzI#L]V@4,05SR"arGDTit&@cS6>;XWD~r &`GDiR :Tz!8KKKKKKKK
Sep 27, 2024 08:19:08.501166105 CEST	672	IN	Data Raw: f3 c9 22 4d 22 23 dc 88 8e 53 53 ef 43 aa cf b3 2d 3c 72 2c d2 2a 31 ca 8a e5 03 8f bb 2e a3 be ce 67 4f 6a 5d 37 7d 1c c0 fa 8a a8 bc 51 78 29 ef dd 97 51 df 67 84 45 55 e0 89 c5 4f 7e d4 ba 6e fa 03 e2 bd ee 4e 0e 7a a9 e0 e9 ed 4b a6 ef a1 ed Data Ascii: "M"#SSC-<r,*1.gOj]7}Qx)QgEUO~nNzKK9..2I+j+iSq4%&eM;++QH}f4}f4}fQQU}6Hf(ddU,{zJ(j U]e#jF,~F'BX
Sep 27, 2024 08:19:08.501358986 CEST	1236	IN	Data Raw: f4 ec 70 a8 45 f6 b8 ff 00 8f 51 f5 2a 22 e3 f9 f5 70 24 aa b2 b9 89 0c 29 e9 f4 8c 99 23 5a 84 72 64 8d 6a 14 c0 b5 c2 67 f3 61 12 a6 95 f4 ca d4 72 a1 9d 9d 14 d4 da f2 6c 32 c6 a6 d7 93 60 12 8c 9d 47 5e 5d ea 6b 0c 9d 47 5e 5d ea 07 00 7a 44 Data Ascii: pEQ*"p$)#Zrdjgarl2`G^]kG^]zD?Cq)^8TNv#\b7HOeJX@Kl&'mDZx}DP$II]II]II]II]II]II]k\V"
Sep 27, 2024 08:19:08.501394987 CEST	935	IN	Data Raw: 5d d9 b9 e6 29 0b bb 37 3c c0 5c 14 17 6c d2 6c 2f ca 0b b6 69 36 01 56 00 00 00 03 bd 3f 5e 2d e8 6b 0c 9d 3f 5e 2d e8 6b 00 8b 74 c9 bc cb 1a 9b a6 4d e6 58 0b 9b 37 56 5d 85 d1 4b 66 ea cb b0 ba 03 8c 95 10 c4 a8 8f 7a 22 8c 42 93 55 0a 8b bf Data Ascii: ])7<\ll/i6V?^-k?^-ktMX7V]Kfz"BU]5&C$"O%$UCX})5P5&#}4j*5z.5p5z5~X&xJ@61cP@eSq<](

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 08:19:03.373610973 CEST	291	OUT	GET /console-ban.min.js HTTP/1.1 Host: aa5aa5aa5aa5aa44.app Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Sep 27, 2024 08:19:04.266379118 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Sep 2024 06:19:04 GMT Content-Type: application/javascript Last-Modified: Fri, 12 Jul 2024 05:38:31 GMT Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding ETag: W/"6690c157-146d" Expires: Fri, 27 Sep 2024 18:19:04 GMT Cache-Control: max-age=43200 Content-Encoding: gzip Data Raw: 36 33 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 95 58 dd 6f db 36 10 7f cf 5f 41 3f 2c a2 6a 97 71 53 6c 0f 4e 83 62 eb 36 ac 40 8a 0e 5b de 82 60 a0 65 4a e6 26 8b 06 45 27 cd 5a ef 6f df 1d 29 4a a4 3e dc 46 30 6c 8b bc 3b fe 78 df e4 c5 8b d9 19 79 41 32 55 d5 aa 14 2f d7 bc 22 0f df b3 25 5b e2 28 cd 52 72 b9 bc 5c be 84 af d7 24 ff f7 87 1d 8e fe 21 4a c1 6b b1 21 87 6a 23 34 31 5b 41 3e bc bf 25 37 32 13 55 2d 18 90 5c 9c cd 68 7e a8 32 23 55 45 a8 58 10 93 92 cf 67 04 1e f3 b4 17 2a 27 e2 d3 5e 69 53 93 eb 6b 92 a8 f5 df 22 33 09 39 3f f7 b3 3b b5 39 94 82 cc 60 12 97 c8 65 25 36 89 65 c7 e7 2d 31 b4 e1 4f db c1 95 e7 75 e4 56 b0 47 60 45 bb 71 c6 77 9b 40 90 1b a4 77 49 23 2f b9 47 a8 a1 50 4a a9 20 d7 5e 78 51 aa 35 2f 6f b7 b2 ee 81 03 50 c1 dc 8a 08 f2 e5 0b a9 45 99 a7 ec 9d d3 ec 4f a0 d8 6b f2 f9 98 a6 67 c7 94 1a 10 b1 20 81 8a bc 7e 92 43 2d 48 6d b4 04 8d 58 1c 0f 1c 34 0c 9c 1d ad 27 c5 59 2d cc 41 83 8a 5b c8 38 48 81 3e 1a c0 c1 8f 56 cb 8c d7 b5 2c 2a 40 37 20 18 01 83 7c e1 93 2b [TRUNCATED] Data Ascii: 636Xo6_A?,jqSlNb6@[`eJ&E'Zo)J>F0l;xyA2U/"%[(Rr\$!Jk!j#41[A>%72U-\h~2#UEXg'^iSk"39?;9`e%6e-1OuVG`Eqw@wI#/GPJ ^xQ5/oPEOkg ~C-HmX4'Y-A[8H>V,@7 \|+M W"Y)l`3`')"aV]u(+wB'UT{4%t&c:.1P~_>5Vop_$0+2[.{"{+wbE^3mmlpe@*r 1AUA(u~NS&!?} QwB%TZ@Vb_Lg@Pq-ydyk1Wt199'u6vi}5,hj\|:L2`_M'$@>!ez7IBx$?sjJU,Xj(zn'~ZiLrOT/Hu\1rq0$@~<5s2=>5'5k.M#%ye0vh01A.5LcLJFj(9i}4Cq^
Sep 27, 2024 08:19:04.266465902 CEST	715	IN	Data Raw: d9 ec c9 fe b2 88 81 4a f7 ac 8e fb 0a 49 10 38 90 f5 7d 27 20 b3 7a 01 12 35 2d a9 01 02 44 87 69 22 af 07 a0 e2 d3 54 5e 1d 40 95 4f 53 59 ad 00 49 dd 4f 1d 88 7b bc d8 0b d6 15 40 bf a5 e9 6c 80 72 9c 22 1d 2d 26 2f ef a1 a3 dc c7 d8 ad fa de Data Ascii: JI8}' z5-Di"T^@OSYIO{@lr"-&/M;u}O}~CG7_Jh=a8Z)awyp1n04KB'1,T2B?v]`yNgvz_oxH6)dUp,s
Sep 27, 2024 08:19:06.787969112 CEST	845	OUT	GET /assets/ColVideoItem-07d4d17c.js HTTP/1.1 Host: aa5aa5aa5aa5aa44.app Connection: keep-alive Origin: http://aa5aa5aa5aa5aa44.app User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%221eac12e6-1eaf-5e53-a3f2-b84436421122%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201727419743727%2C%20%22ct%22%3A%201727417943727%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=dd8959f7-020d-5d87-92de-a14fa2ef4951; __51vuft__KQFtdGOd9WuFBLcO=1727417943730; UM_distinctid=19232220dae2bd-07a6196558f62e-26031e51-140000-19232220daf416; CNZZDATA1281366638=1701857660-1727417946-%7C1727417946
Sep 27, 2024 08:19:07.105360031 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Sep 2024 06:19:06 GMT Content-Type: application/javascript Last-Modified: Sat, 24 Aug 2024 14:09:18 GMT Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding ETag: W/"66c9e98e-eed" Expires: Fri, 27 Sep 2024 18:19:06 GMT Cache-Control: max-age=43200 Content-Encoding: gzip Data Raw: 37 66 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 57 db 6e db 48 12 7d df af 50 38 81 41 62 4a 8c e4 d8 4e 86 06 27 a0 64 c5 51 94 f8 1a 3b f1 08 82 d0 22 9b 14 6d 8a cd 69 36 25 3b 1a 3e 0e b0 c0 7e cc 3e ee bc cc df cc 02 f3 19 5b d5 24 e5 cb 66 b1 fb b0 06 cc 6a b2 2f 55 75 ea 74 55 29 5e 64 42 aa b5 6c b1 bc 75 04 82 c4 09 7c 24 71 00 6c 4a f2 1c 02 12 53 98 75 48 ce 80 91 48 c0 27 11 c3 35 89 01 cc 49 e4 e0 bf 24 39 82 cf 24 e6 70 4e 22 82 af 24 fa e0 ef 90 3c 83 b7 24 96 10 92 b8 83 2b 12 37 30 23 91 81 bf 4b 72 05 fe 1e c9 e7 30 db 26 79 0d b3 1e c9 4f 50 90 b8 00 a6 97 9f c2 90 c4 15 70 12 05 28 12 43 60 da b4 63 58 91 58 40 46 e2 16 6e 48 7c 05 a6 bd 79 0b 03 12 87 c0 f4 d6 77 c0 7e 20 f9 11 98 f6 ee 3d 68 d7 3f 94 a1 14 0b c3 7e 11 a7 01 bf 6d bf ea 86 bb 6c 37 08 ec eb dc d8 f7 45 9a ab d6 67 d7 64 20 dd 8e e5 fe b8 8e 43 53 ba 2e 8e 25 57 85 4c 5b ac 5e 93 ba 47 e6 b3 ae b5 9f 70 d5 12 6e a7 fe ea bb 26 6d 12 5b 5b 7e c2 99 fc 14 2f b8 28 94 29 2c 10 ee 0a f5 89 95 9d 73 d5 7c d6 6b 53 7b [TRUNCATED] Data Ascii: 7ffWnH}P8AbJN'dQ;"mi6%;>~>[$fj/UutU)^dBlu\|$qlJSuHH'5I$9$pN"$<$+70#Kr0&yOPp(C`cXX@FnH\|yw~ =h?~ml7Egd CS.%WL[^Gpn&m[[~/(),s\|kS{%H&7-K~v5KS<p.NO4#H[/TGbfgX\|YB"X:SKTQ_%1(?W}?B1%>>T,ReFzV('/'wjS1Ho8JCNrNmY\|MZW44zaA1S31-M#M#&-*5Jo^Xoy37Go)-<X,tkjyncc:c[citURigBA08k~;l I]L~gQ1jzA%ubBsx\|TTX87p[3dnD0@KH$;nb1"sP9n%x0\H7q}7FaYHRc~2uxhZHII5j8d
Sep 27, 2024 08:19:07.105370045 CEST	224	IN	Data Raw: 74 d2 d6 56 25 7f ec 22 dd fe 8b 39 68 6f 77 fb b5 85 0b 9f 70 6d 6f c7 da cc 41 77 0f b9 f8 10 99 3a a1 18 f0 dc ac c3 85 b9 63 03 ff 3d 4d 19 47 9e e6 df e6 e9 13 8a 0a ee 5e 9b 8c c3 fa e1 45 75 3c 64 4a c4 dd 4f a6 d7 50 39 e5 ae 11 30 c5 1c Data Ascii: tV%"9howpmoAw:c=MG^Eu<dJOP90^di?c9w\|#\|pp}dxyFIg;_G^w7V'aayzw:\|?<(9\x8Xxo
Sep 27, 2024 08:19:07.105381012 CEST	947	IN	Data Raw: 9d ef 87 72 38 ba 1b b0 c1 9e 77 2e 57 ef ce c3 dd 77 6c d0 db 66 d1 68 f4 7e 1e 7b a3 44 78 97 57 11 3f f6 66 62 ef fa 9d 17 76 47 d7 57 2f bd 03 6f 78 e6 bd be 0c 93 c4 cb 0b b2 d9 1b 24 6f 3f dd 9c 17 a7 8b 7e df 80 04 cb 06 b2 e6 23 a6 21 44 Data Ascii: r8w.Wwlfh~{DxW?fbvGW/ox$o?~#!Dlz9{gH9~GI/d.d;qlNv;iI9?jxZE=j9VY.BvRq;>fuy{eae)rm`k(p]W0'j%W
Sep 27, 2024 08:19:52.110572100 CEST	6	OUT	Data Raw: 00 Data Ascii:

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 08:19:03.443464041 CEST	279	OUT	GET /js-sdk-pro.min.js HTTP/1.1 Host: sdk.51.la Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Sep 27, 2024 08:19:04.237149000 CEST	1236	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 06:19:04 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Server: openresty Cache-Control: no-store Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: true via: EU-GER-frankfurt-EDGE7-CACHE3[164],EU-GER-frankfurt-EDGE7-CACHE3[ovl,163],EU-GER-frankfurt-EDGE5-CACHE3[ovl,162],CHN-HElangfang-GLOBAL6-CACHE122[ovl,20] X-CCDN-REQ-ID-46B1: ad1b33b23839d4400dcd097f794eb80d Data Raw: 61 35 39 0d 0a 2f 2a 21 0a 2a 20 35 31 4c 41 20 41 6e 61 6c 79 73 69 73 20 4a 61 76 61 73 63 72 69 70 74 20 53 6f 66 74 77 61 72 65 20 44 65 76 65 6c 6f 70 6d 65 6e 74 20 4b 69 74 0a 2a 20 6a 73 2d 73 64 6b 2d 70 72 6f 20 76 31 2e 35 38 2e 33 0a 2a 20 43 6f 70 79 72 69 67 68 74 20 c2 a9 20 32 30 31 36 2d 32 30 32 32 20 35 31 2e 6c 61 20 41 6c 6c 20 52 69 67 68 74 73 20 52 65 73 65 72 76 65 64 0a 2a 2f 0a 28 66 75 6e 63 74 69 6f 6e 28 63 29 7b 27 75 73 65 20 73 74 72 69 63 74 27 3b 76 61 72 20 65 3d 77 69 6e 64 6f 77 2c 67 3d 65 5b 27 64 6f 63 75 6d 65 6e 74 27 5d 2c 68 3d 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 2c 69 3d 41 28 27 4f 62 6a 65 63 74 27 29 2c 6a 3d 41 28 27 4e 75 6d 62 65 72 27 29 2c 6b 3d 41 28 27 53 74 72 69 6e 67 27 29 2c 6d 3d 41 28 27 41 72 72 61 79 27 29 2c 6e 3d 41 28 27 46 75 6e 63 74 69 6f 6e 27 29 2c 6f 3d 41 28 27 52 65 67 45 78 70 27 29 3b 66 75 6e 63 74 69 6f 6e 20 71 28 74 2c 75 29 7b 72 65 74 75 72 6e 20 76 6f 69 64 20 30 78 30 21 3d 3d 74 26 26 2d 30 78 31 [TRUNCATED] Data Ascii: a59/! 51LA Analysis Javascript Software Development Kit* js-sdk-pro v1.58.3* Copyright 2016-2022 51.la All Rights Reserved*/(function(c){'use strict';var e=window,g=e['document'],h=encodeURIComponent,i=A('Object'),j=A('Number'),k=A('String'),m=A('Array'),n=A('Function'),o=A('RegExp');function q(t,u){return void 0x0!==t&&-0x1!==t['indexOf'](u);}function v(w,x){for(var y=0x0,z=w['length'];y<z;y++)if(w[y]==x)return y;return-0x1;}function A(B){return function(C){return Object['prototype']['toString']['call'](C)==='[object\x20'['concat'](B,']');};}function D(){for(var E=0x0,F={};E<arguments['length'];E++){var G=arguments[E];for(var H in G)F[H]=G[H];}return F;}function I(J){return J['replace'](/&/g,'~_~');}function K(L){var M='';for(var N in
Sep 27, 2024 08:19:04.237160921 CEST	224	IN	Data Raw: 4c 29 27 27 21 3d 3d 4d 26 26 28 4d 2b 3d 27 26 27 29 2c 4d 2b 3d 4e 2b 27 3d 27 2b 68 28 68 28 49 28 53 74 72 69 6e 67 28 4c 5b 4e 5d 29 29 29 29 3b 72 65 74 75 72 6e 20 4d 3b 7d 66 75 6e 63 74 69 6f 6e 20 4f 28 50 29 7b 72 65 74 75 72 6e 20 50 Data Ascii: L)''!==M&&(M+='&'),M+=N+'='+h(h(I(String(L[N]))));return M;}function O(P){return P['replace'](/^\s+\|\s+$/g,'');}function Q(){return+new Date();}function R(S){var T=e['navigator']['userAgent'],U=new RegExp(/\b(?:Chrome\|CrMo\|C
Sep 27, 2024 08:19:04.237169981 CEST	1236	IN	Data Raw: 72 69 4f 53 29 5c 2f 28 5b 5c 64 2e 5d 2b 29 2f 29 5b 27 65 78 65 63 27 5d 28 54 29 3b 72 65 74 75 72 6e 21 28 55 26 26 55 5b 27 6c 65 6e 67 74 68 27 5d 26 26 55 5b 30 78 31 5d 29 7c 7c 70 61 72 73 65 49 6e 74 28 55 5b 30 78 31 5d 29 3e 53 3b 7d Data Ascii: riOS)\/([\d.]+)/)['exec'](T);return!(U&&U['length']&&U[0x1])\|\|parseInt(U[0x1])>S;}var V={'root':e,'doc':g,'NFKivY':i,'SkKBjD':j,'qQXzeL':n,'QauvcB':o,'jPvmCm':k,'pWExzw':m,'xdaPuS':q,'extend':D,'NOwfJP':K,'trim':O,'now':Q,'arrayIndexOf':v,'che
Sep 27, 2024 08:19:04.237181902 CEST	438	IN	Data Raw: 63 5b 27 6b 77 27 5d 3d 61 61 5b 61 64 5d 5b 27 63 6f 6e 74 65 6e 74 27 5d 29 2c 56 5b 27 78 64 61 50 75 53 27 5d 28 27 64 65 73 63 72 69 70 74 69 6f 6e 27 2c 61 39 29 26 26 28 61 63 5b 27 64 73 27 5d 3d 61 61 5b 61 64 5d 5b 27 63 6f 6e 74 65 6e Data Ascii: c['kw']=aa[ad]['content']),V['xdaPuS']('description',a9)&&(ac['ds']=aa[ad]['content']['slice'](0x0,0x1e)));return ac;}var ae={'ZNMTWj':W,'jcSWhb':a4,'getMeta1':a8},af=function(){var ag=String['fromCharCode'],ah={'dMsN':function(ai){return null
Sep 27, 2024 08:19:04.250530005 CEST	1236	IN	Data Raw: 33 66 66 61 0d 0a 3d 61 6c 5b 27 63 68 61 72 43 6f 64 65 41 74 27 5d 28 61 6e 29 3b 61 6d 5b 30 78 32 2a 61 6e 5d 3d 61 70 3e 3e 3e 30 78 38 2c 61 6d 5b 30 78 32 2a 61 6e 2b 30 78 31 5d 3d 61 70 25 30 78 31 30 30 3b 7d 72 65 74 75 72 6e 20 61 6d Data Ascii: 3ffa=al['charCodeAt'](an);am[0x2an]=ap>>>0x8,am[0x2an+0x1]=ap%0x100;}return am;},'zvqA':function(ag){return null==ag?'':ah['RCWS'](ag,0x6,function(ag){return'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-$'['charAt'](ag);
Sep 27, 2024 08:19:04.250572920 CEST	1236	IN	Data Raw: 48 2b 2b 29 2c 64 65 6c 65 74 65 20 61 42 5b 61 45 5d 3b 7d 65 6c 73 65 20 66 6f 72 28 61 79 3d 61 41 5b 61 45 5d 2c 61 78 3d 30 78 30 3b 61 78 3c 61 48 3b 61 78 2b 2b 29 61 4a 3d 61 4a 3c 3c 30 78 31 7c 30 78 31 26 61 79 2c 61 4b 3d 3d 61 68 2d Data Ascii: H++),delete aB[aE];}else for(ay=aA[aE],ax=0x0;ax<aH;ax++)aJ=aJ<<0x1\|0x1&ay,aK==ah-0x1?(aK=0x0,aI['push'](aw(aJ)),aJ=0x0):aK++,ay>>=0x1;0x0==--aF&&(aF=Math['pow'](0x2,aH),aH++),aA[aD]=aG++,aE=String(aC);}if(''!==aE){if(Object['prototype']['hasO
Sep 27, 2024 08:19:04.250585079 CEST	1236	IN	Data Raw: 65 6f 66 20 53 79 6d 62 6f 6c 5b 27 69 74 65 72 61 74 6f 72 27 5d 3f 66 75 6e 63 74 69 6f 6e 28 61 4d 29 7b 72 65 74 75 72 6e 20 74 79 70 65 6f 66 20 61 4d 3b 7d 3a 66 75 6e 63 74 69 6f 6e 28 61 4d 29 7b 72 65 74 75 72 6e 20 61 4d 26 26 27 66 75 Data Ascii: eof Symbol['iterator']?function(aM){return typeof aM;}:function(aM){return aM&&'function'==typeof Symbol&&aM['constructor']===Symbol&&aM!==Symbol['prototype']?'symbol':typeof aM;})(aM);}var aP={'parse':function gw(aV){return eval('('+aV+')');}
Sep 27, 2024 08:19:04.250623941 CEST	1236	IN	Data Raw: 79 26 26 6e 75 6c 6c 21 3d 3d 55 69 6e 74 38 41 72 72 61 79 29 7b 76 61 72 20 62 34 3d 55 69 6e 74 38 41 72 72 61 79 2c 62 35 3d 55 69 6e 74 31 36 41 72 72 61 79 2c 62 36 3d 55 69 6e 74 33 32 41 72 72 61 79 2c 62 37 3d 6e 65 77 20 62 34 28 5b 30 Data Ascii: y&&null!==Uint8Array){var b4=Uint8Array,b5=Uint16Array,b6=Uint32Array,b7=new b4([0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x1,0x1,0x1,0x1,0x2,0x2,0x2,0x2,0x3,0x3,0x3,0x3,0x4,0x4,0x4,0x4,0x5,0x5,0x5,0x5,0x0,0x0,0x0,0x0]),b8=new b4([0x0,0x0,0x0,0x0,0x1,0
Sep 27, 2024 08:19:04.250633001 CEST	1236	IN	Data Raw: 3c 3c 30 78 34 7c 62 34 5b 62 39 5d 2c 62 6c 3d 62 36 2d 62 34 5b 62 39 5d 2c 62 6e 3d 62 63 5b 62 34 5b 62 39 5d 2d 30 78 31 5d 2b 2b 3c 3c 62 6c 2c 62 6f 3d 62 6e 7c 28 30 78 31 3c 3c 62 6c 29 2d 30 78 31 3b 62 6e 3c 3d 62 6f 3b 2b 2b 62 6e 29 Data Ascii: <<0x4\|b4[b9],bl=b6-b4[b9],bn=bc[b4[b9]-0x1]++<<bl,bo=bn\|(0x1<<bl)-0x1;bn<=bo;++bn)bb[bm[bn]>>>bd]=bk;}else for(bb=new b5(b8),b9=0x0;b9<b8;++b9)b4[b9]&&(bb[b9]=bm[bc[b4[b9]-0x1]++]>>>0xf-b4[b9]);return bb;},bq=new b4(0x120);for(bn=0x0;bn<0x90;+
Sep 27, 2024 08:19:04.250648022 CEST	1236	IN	Data Raw: 30 78 36 31 61 39 7d 29 3b 76 61 72 20 62 64 3d 62 38 5b 30 78 30 5d 2c 62 6b 3d 62 38 5b 30 78 31 5d 2c 62 6c 3d 30 78 30 2c 62 6d 3d 30 78 31 2c 62 6e 3d 30 78 32 3b 66 6f 72 28 62 38 5b 30 78 30 5d 3d 7b 27 73 27 3a 2d 30 78 31 2c 27 66 27 3a Data Ascii: 0x61a9});var bd=b8[0x0],bk=b8[0x1],bl=0x0,bm=0x1,bn=0x2;for(b8[0x0]={'s':-0x1,'f':bd['f']+bk['f'],'l':bd,'r':bk};bm!=ba-0x1;)bd=b8[b8[bl]['f']<b8[bn]['f']?bl++:bn++],bk=b8[bl!=bm&&b8[bl]['f']<b8[bn]['f']?bl++:bn++],b8[bm++]={'s':-0x1,'f':bd['f
Sep 27, 2024 08:19:04.251355886 CEST	1236	IN	Data Raw: 28 62 39 29 2c 2d 2d 62 61 3b 62 61 3e 30 78 36 3b 62 61 2d 3d 30 78 36 29 62 62 28 30 78 32 30 37 30 29 3b 62 61 3e 30 78 32 26 26 28 62 62 28 62 61 2d 30 78 33 3c 3c 30 78 35 7c 30 78 32 30 31 30 29 2c 62 61 3d 30 78 30 29 3b 7d 66 6f 72 28 3b Data Ascii: (b9),--ba;ba>0x6;ba-=0x6)bb(0x2070);ba>0x2&&(bb(ba-0x3<<0x5\|0x2010),ba=0x0);}for(;ba--;)bb(b9);ba=0x1,b9=b4[bc];}return[b7['subarray'](0x0,b8),b6];},bO=function(b4,b5){for(var b6=0x0,b7=0x0;b7<b5['length'];++b7)b6+=b4[b7]*b5[b7];return b6;},bP

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, extended sequential, precision 8, 368x368, components 3
Category:	dropped
Size (bytes):	6245
Entropy (8bit):	7.637004284074754
Encrypted:	false
SSDEEP:	96:vCiwuA/71V89loJhbqRADKTf1vH0cYz5IP54wmkb7PhAGKBnB9d/AfFUVTf:Ux9JhhavH0c9b+GKnTUs
MD5:	ABB136A9FAE142D3E00508EBCD3561B1
SHA1:	A796F7AB06D2A39A7A54FAD9962A2B9BA2266012
SHA-256:	A154A154DF3CD9689974AB42DFDE252F2ABEC2881BC0D0F17443425771D4AA0E
SHA-512:	0B8AA028849BF6A9FD32C4DF307CEE7E61EAFEE9008DA220E2620D54EFAD4BB7A6BC8A45AC13874FB0561324E1530236B344113846A312274037C76B824CF290
Malicious:	false
Reputation:	low
Preview:	......JFIF................(.(.(.(.+.(.-.2.2.-.?.D.<.D.?.].U.N.N.U.]...d.l.d.l.d.................................R.........R...H.6.H...........S.5.S............(.(.(.(.+.(.-.2.2.-.?.D.<.D.?.].U.N.N.U.]...d.l.d.l.d.................................R.........R...H.6.H...........S.5.S............p.p.."....................................../........................4Sr.23QR....!1"qA.BC.............................."......................."12qAQR.#............?....................................................4........./w.N......./w.N......./w.N......./w.N......./w.N......./w.N......UCP..U;..i.....N8./w.<.1:^.../w.<.1:^.>..U...N......=\0$.H..N...'K..O..N...'K..O..N...'K..O..N...'K..O..N...'K..O..N...'K..O.8fd..........v...a..].f.&RR-R...........~.......0g..H......~.......0g..H.:.r.....\.....[7V]...W~.6.&...j^.G..g..H......~...H...C...s..U..uc.k.....;.R...Gw.C....{z..I..Z......~.......0g..H......~.......0g..H..t.J.Ez)..-.(..A.e.z.........E.L!.....wf......p.W[[54...h..Z...-U._..

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 08:19:04.638453007 CEST	285	OUT	GET /wasm_exec.js HTTP/1.1 Host: aa5aa5aa5aa5aa44.app Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Sep 27, 2024 08:19:05.501250029 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Sep 2024 06:19:05 GMT Content-Type: application/javascript Last-Modified: Fri, 12 Jul 2024 05:38:31 GMT Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding ETag: W/"6690c157-4ed5" Expires: Fri, 27 Sep 2024 18:19:05 GMT Cache-Control: max-age=43200 Content-Encoding: gzip Data Raw: 31 34 61 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 5c eb 73 db 46 92 ff 9e bf 62 5c b5 bb 84 22 89 7a 58 51 6c ed 29 b7 8e ad f8 9c 73 64 95 e5 c4 b7 a5 75 69 41 62 48 22 c2 83 07 80 94 79 8e fe f7 fb 75 f7 0c 30 78 90 12 a9 dc de 5d d5 ea 83 24 00 33 3d dd 3d fd 9e 06 f6 f6 d4 cb 74 ba c8 c2 f1 a4 50 87 fb 07 cf d4 87 89 56 af 53 f5 62 56 4c d2 2c ef ab 17 51 a4 f8 71 ae 32 9d eb 6c ae 83 fe 57 7b 7b ea e7 5c ab 74 a4 8a 49 98 ab 3c 9d 65 43 ad 86 69 a0 15 2e c7 e9 5c 67 89 0e d4 60 a1 7c f5 fd e5 ab dd bc 58 44 9a 66 45 e1 50 27 98 59 4c fc 42 0d fd 44 0d b4 1a a5 b3 24 50 61 82 9b 5a bd 7d f3 f2 ec fc f2 4c 8d c2 48 f3 3a 7f 29 f2 dd 24 1d 4e f4 f0 e6 ab af 3c 6f 4b 9d 7e a7 be 7c a5 14 1e fd e4 4f 55 3c 8b 8a 70 1a 69 f5 a3 3f f7 2f 87 59 38 2d 94 4e e6 61 96 26 b1 4e 80 74 91 02 87 3c 4c c6 18 33 4c e3 38 4d d4 8b 8b 37 3b 02 61 9a e9 91 ce 32 3c 55 b7 7a a0 f2 c2 4f 02 3f 0b 72 45 14 a8 73 d0 d3 ff 35 a7 f1 7d 1e 2f 93 ce 5c f0 c3 34 c9 c3 40 67 3a 38 91 a7 bb ea fb 2c bd 05 a3 72 7b 6d c0 d8 [TRUNCATED] Data Ascii: 14a9\sFb\"zXQl)sduiAbH"yu0x]$3==tPVSbVL,Qq2lW{{\tI<eCi.\g`\|XDfEP'YLBD$PaZ}LH:)$N<oK~\|OU<pi?/Y8-Na&Nt<L3L8M7;a2<UzO?rEs5}/\4@g:8,r{mHg/\|.W`J#o$HoS({{[eQ:#ujgwJG)hzVA+,UL@J:4x}z$?O b?3%XX4Sc([N<]LEr=/eWXh0gR>%vv=yb%e?-o#]tVLg1'1R?w'jN~]}g/>4o~xgw[,:0Kfa/;j0YBS._hlQBVNG~^t~~7zK.x@~r.+lU /2oG%E3tt2.&;/Q%w4"LX(@M]RD~jYz`AdE(WgRmFE~{K`rI/&;n-+:1CEi.{!
Sep 27, 2024 08:19:05.501272917 CEST	224	IN	Data Raw: d0 45 e2 ff 28 aa 00 87 c8 22 38 8f 26 6a 04 cf 53 30 a8 4d 89 ca ad 4a af 04 c0 92 d6 12 fb 51 91 cd 92 a1 6f 44 df 4a fb 4a 40 2d b9 2c 37 3b 12 b6 88 d8 3c 9a 31 51 98 dc 18 c9 a1 7f 37 e6 4f c4 0c 16 a4 36 24 2c be 09 c2 cc 80 98 ea 2c de 18 Data Ascii: E("8&jS0MJQoDJJ@-,7;<1Q7O6$,,t6"?R3f!Yl=@hG@JP,t=Gx%?RgwjVt9?=44K:/5Nh6F$mp{z-z-
Sep 27, 2024 08:19:05.501378059 CEST	1236	IN	Data Raw: e3 2c 9d 4d f3 1a 2e 12 83 5b 0b dc c2 7e 1a 06 6e 0c 38 6d 5c cf 62 3f bf 59 07 de f0 b6 ce 8a 7b 96 1f 4e 48 b3 5c 46 af 9c d0 bd ad c3 6c 31 2d 52 0b 64 59 d2 61 76 5b 06 53 42 41 69 00 d2 c0 30 f2 07 11 c4 6d 9a 46 0b e4 91 c8 5f f5 7f ce 42 Data Ascii: ,M.[~n8m\b?Y{NH\Fl1-RdYav[SBAi0mF_BhGL#KE+FiP[tUOAK]z?a$#}`$>Y?f8K8\|_JLY%J,h R3Q;fL>MiCgB
Sep 27, 2024 08:19:05.501390934 CEST	1236	IN	Data Raw: 09 c5 2a 70 7c a9 90 27 e3 a8 8e ff df 72 58 86 85 63 28 20 15 9c 71 18 98 a4 b3 3c 5a c0 d1 87 e3 31 d2 2d 9f 96 d3 1c e0 03 97 20 c2 f9 11 4e 94 b1 74 ec df 00 49 8b 0b 96 c0 59 a1 1e ce 70 58 67 4f 7e e3 30 c0 78 39 53 06 b6 cc 87 f2 d8 8a 6c Data Ascii: p\|'rXc( q<Z1- NtIYpXgO~0x9Sl268eFiA(#ogpeIc\k sv-:?Xib6@^^Mf9A)r$<hXhKME@q[?)TS=l2=;Qw5M4$`z
Sep 27, 2024 08:19:05.501405001 CEST	1236	IN	Data Raw: 53 8f 64 48 73 6a f3 57 8b b5 15 cd 36 e9 0f 94 e9 0d 18 f0 18 c1 6e 11 7b 8f 58 1f 1e ad c3 0d 2a ab 29 66 09 9d d9 5b 49 88 8d 91 a4 92 fa 38 47 00 41 3e 59 a1 eb 00 06 74 80 02 ce 32 ff 5c 02 5a 4f 3e 28 54 ff d2 10 81 ca 45 b6 54 bf ee 7c ad Data Ascii: SdHsjW6n{X*)f[I8GA>Yt2\ZO>(TET\|76]6acd&SJk?FX`^FuyZ-H~HAsk>M,45[>Sz?=-D/~\|o o UYDH!?\Xp!"Jo(
Sep 27, 2024 08:19:05.501415014 CEST	483	IN	Data Raw: ab 3e cf 41 2f c7 99 3f 9c a0 3f 1a 6d cd ee 3e d8 79 fd 29 9d 83 82 b9 00 42 a3 aa 6c eb ae c4 bb 3e 96 ea 38 35 14 6e 34 7f 0a 47 fa 82 fb 74 25 47 c1 90 ba ad 7e 8e 4e d9 aa 21 8a 1e 96 38 e1 e2 01 38 fd fd 0f 5f 30 f0 ee f4 0f 5f 44 53 92 f9 Data Ascii: >A/??m>y)Bl>85n4Gt%G~N!88_0_DS?}LY^py]6$Z:\^RhHN)DoE3?g\|4TDB_/>"U&\|zD$0hbqG/!h/tK6@wLAoc[eo
Sep 27, 2024 08:19:11.265202045 CEST	872	OUT	GET /assets/AdvertisementList.vue_vue_type_script_setup_true_name_AdvertisementList_lang-6c6de8d9.js HTTP/1.1 Host: aa5aa5aa5aa5aa44.app Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%221eac12e6-1eaf-5e53-a3f2-b84436421122%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201727419743727%2C%20%22ct%22%3A%201727417943727%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=dd8959f7-020d-5d87-92de-a14fa2ef4951; __51vuft__KQFtdGOd9WuFBLcO=1727417943730; UM_distinctid=19232220dae2bd-07a6196558f62e-26031e51-140000-19232220daf416; CNZZDATA1281366638=1701857660-1727417946-%7C1727417946
Sep 27, 2024 08:19:11.574315071 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Sep 2024 06:19:11 GMT Content-Type: application/javascript Last-Modified: Sat, 24 Aug 2024 14:09:18 GMT Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding ETag: W/"66c9e98e-6d9" Expires: Fri, 27 Sep 2024 18:19:11 GMT Cache-Control: max-age=43200 Content-Encoding: gzip Data Raw: 33 62 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b5 55 cf 6f e3 44 14 be f3 57 b8 83 14 8d a5 17 93 94 66 5b b9 72 57 de 34 0b 2b 15 a5 6a 96 02 8a a2 c8 f1 8c e3 d9 4e 3c d6 78 d2 24 72 7c e4 c2 0d 0e dc b9 20 84 04 37 0e 7b 40 fc 35 5d b1 ff 05 6f ec 94 6d 0a 07 84 40 3e 7c f6 cc f7 7e cc fb de f3 88 45 ae b4 29 67 57 4e 54 38 4b 98 8d 2c 2e 60 f6 d2 62 08 cc 42 0a 91 05 06 31 24 f6 65 0e 33 0b 1a 56 16 32 e0 16 12 48 2d e4 90 5b 98 c2 73 0b 6b f8 cc c2 00 06 16 36 55 a2 d5 82 78 1f 88 8c f1 75 fb b8 9b f4 a2 1e 63 de ab 82 9c 8a 26 8f 3a d0 e8 9e d7 57 f2 5a 30 ae 5e 18 be 68 77 8e d9 11 eb 1e c7 35 fd 36 d2 ce 2a a0 3c 38 a3 7c cc bd 8f 87 9f 0c a6 97 e1 47 83 69 78 3e 0a 3a 93 80 ec ad 10 d8 27 f5 c3 ab e1 a7 a3 c1 45 cd ee ee b1 1f 6e 35 66 cf 06 cf 87 57 83 e9 f5 8b f3 c1 70 7a 79 11 7e 81 26 47 68 f3 d7 75 e4 bb 2e 5d 6d b7 65 e5 9e c6 2a 2b 8c 73 11 2c 28 c9 e3 cf 43 46 a0 2c 4c 64 b8 4f 5d 4c ba d4 3c d1 bc 48 45 36 f7 0f ba 10 b1 73 6e 22 21 8b 50 eb 68 e3 8f 27 95 0b 73 6e 0c d7 85 8f 66 4a [TRUNCATED] Data Ascii: 3b3UoDWf[rW4+jN<x$r\| 7{@5]om@>\|~E)gWNT8K,.`bB1$e3V2H-[sk6Uxuc&:WZ0^hw56<8\|Gix>:'En5fWpzy~&Ghu.]me+s,(CF,LdO]L<HE6sn"!Ph'snfJw\|<4Cyxy"8+%79,uAtZ-jFYe#\~~yw$O7?`Q{,_JniRQ<8v[/<XlnvKL3&}sLTjy98V[Ui\+LpWtFaP2=~'N\$IZeq2'0MDjYl1PhIbM(}/\|[(srlkyrrT/Q/-EZZ+l9TK@3e7vKDVZPM`wO)boNs` q[Ckp<uK/WvBF{Uw"jNc<#DHI@e})JkQQ&[`>AKT7/$o)H+LQ&r1O1xRJ81k%
Sep 27, 2024 08:19:11.574335098 CEST	71	IN	Data Raw: ff 9b 74 fa ff 75 3a 53 ff b0 82 6e e7 c3 c3 5d b6 40 76 b5 ab f3 c6 9f c6 61 ef 89 eb fa 03 4a 08 a0 b0 f5 34 f2 75 7d 75 d5 97 50 08 d7 cd b5 d3 dc 63 d5 e9 7b 7f 00 a6 5d c0 8e d9 06 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: tu:Sn]@vaJ4u}uPc{]0
Sep 27, 2024 08:19:56.579372883 CEST	6	OUT	Data Raw: 00 Data Ascii:

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 08:19:04.638509035 CEST	291	OUT	GET /console-ban.min.js HTTP/1.1 Host: aa5aa5aa5aa5aa44.app Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Sep 27, 2024 08:19:05.534332037 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Sep 2024 06:19:05 GMT Content-Type: application/javascript Last-Modified: Fri, 12 Jul 2024 05:38:31 GMT Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding ETag: W/"6690c157-146d" Expires: Fri, 27 Sep 2024 18:19:05 GMT Cache-Control: max-age=43200 Content-Encoding: gzip Data Raw: 36 33 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 95 58 dd 6f db 36 10 7f cf 5f 41 3f 2c a2 6a 97 71 53 6c 0f 4e 83 62 eb 36 ac 40 8a 0e 5b de 82 60 a0 65 4a e6 26 8b 06 45 27 cd 5a ef 6f df 1d 29 4a a4 3e dc 46 30 6c 8b bc 3b fe 78 df e4 c5 8b d9 19 79 41 32 55 d5 aa 14 2f d7 bc 22 0f df b3 25 5b e2 28 cd 52 72 b9 bc 5c be 84 af d7 24 ff f7 87 1d 8e fe 21 4a c1 6b b1 21 87 6a 23 34 31 5b 41 3e bc bf 25 37 32 13 55 2d 18 90 5c 9c cd 68 7e a8 32 23 55 45 a8 58 10 93 92 cf 67 04 1e f3 b4 17 2a 27 e2 d3 5e 69 53 93 eb 6b 92 a8 f5 df 22 33 09 39 3f f7 b3 3b b5 39 94 82 cc 60 12 97 c8 65 25 36 89 65 c7 e7 2d 31 b4 e1 4f db c1 95 e7 75 e4 56 b0 47 60 45 bb 71 c6 77 9b 40 90 1b a4 77 49 23 2f b9 47 a8 a1 50 4a a9 20 d7 5e 78 51 aa 35 2f 6f b7 b2 ee 81 03 50 c1 dc 8a 08 f2 e5 0b a9 45 99 a7 ec 9d d3 ec 4f a0 d8 6b f2 f9 98 a6 67 c7 94 1a 10 b1 20 81 8a bc 7e 92 43 2d 48 6d b4 04 8d 58 1c 0f 1c 34 0c 9c 1d ad 27 c5 59 2d cc 41 83 8a 5b c8 38 48 81 3e 1a c0 c1 8f 56 cb 8c d7 b5 2c 2a 40 37 20 18 01 83 7c e1 93 2b [TRUNCATED] Data Ascii: 636Xo6_A?,jqSlNb6@[`eJ&E'Zo)J>F0l;xyA2U/"%[(Rr\$!Jk!j#41[A>%72U-\h~2#UEXg'^iSk"39?;9`e%6e-1OuVG`Eqw@wI#/GPJ ^xQ5/oPEOkg ~C-HmX4'Y-A[8H>V,@7 \|+M W"Y)l`3`')"aV]u(+wB'UT{4%t&c:.1P~_>5Vop_$0+2[.{"{+wbE^3mmlpe@*r 1AUA(u~NS&!?} QwB%TZ@Vb_Lg@Pq-ydyk1Wt199'u6vi}5,hj\|:L2`_M'$@>!ez7IBx$?sjJU,Xj(zn'~ZiLrOT/Hu\1rq0$@~<5s2=>5'5k.M#%ye0vh01A.5LcLJFj(9i}4Cq^
Sep 27, 2024 08:19:05.534346104 CEST	715	IN	Data Raw: d9 ec c9 fe b2 88 81 4a f7 ac 8e fb 0a 49 10 38 90 f5 7d 27 20 b3 7a 01 12 35 2d a9 01 02 44 87 69 22 af 07 a0 e2 d3 54 5e 1d 40 95 4f 53 59 ad 00 49 dd 4f 1d 88 7b bc d8 0b d6 15 40 bf a5 e9 6c 80 72 9c 22 1d 2d 26 2f ef a1 a3 dc c7 d8 ad fa de Data Ascii: JI8}' z5-Di"T^@OSYIO{@lr"-&/M;u}O}~CG7_Jh=a8Z)awyp1n04KB'1,T2B?v]`yNgvz_oxH6)dUp,s
Sep 27, 2024 08:19:11.265125036 CEST	808	OUT	GET /assets/SwiperBanner-530f3655.js HTTP/1.1 Host: aa5aa5aa5aa5aa44.app Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%221eac12e6-1eaf-5e53-a3f2-b84436421122%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201727419743727%2C%20%22ct%22%3A%201727417943727%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=dd8959f7-020d-5d87-92de-a14fa2ef4951; __51vuft__KQFtdGOd9WuFBLcO=1727417943730; UM_distinctid=19232220dae2bd-07a6196558f62e-26031e51-140000-19232220daf416; CNZZDATA1281366638=1701857660-1727417946-%7C1727417946
Sep 27, 2024 08:19:11.583476067 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Sep 2024 06:19:11 GMT Content-Type: application/javascript Last-Modified: Sat, 24 Aug 2024 14:09:18 GMT Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding ETag: W/"66c9e98e-2cb0" Expires: Fri, 27 Sep 2024 18:19:11 GMT Cache-Control: max-age=43200 Content-Encoding: gzip Data Raw: 31 33 30 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 bd 5a 69 73 da c8 d6 fe fe fe 0a 5b 37 43 b5 ee 34 0a d8 d9 46 89 4c c5 8e 93 38 5e 92 89 97 2c 14 45 04 6a 8c 6c 21 31 52 03 c6 98 ff 7e 9f d3 dd 5a c0 ce 2c b7 6e bd 1f ec 6e f5 7a fa ec 0b e1 68 9c a4 72 e1 77 37 fc 6c 63 28 78 2f a4 ce 2d 3a 87 d4 f9 88 ce 33 ea 8c d1 39 a2 ce 27 c1 53 6a 2f f9 81 fa e4 43 6a 30 7b 4c ed 40 70 d5 fe ce 7b 27 d4 5e 08 9e 50 db c5 82 df a8 f3 46 f0 8f d4 7e c6 c0 0d 75 ae 04 f7 9b d4 79 8b 11 35 f5 0e 23 5b d4 39 14 3c a0 f6 86 f7 1a d4 ce b1 e2 09 75 ce b1 82 da d7 bc 4f cd 47 7e 45 4d 2c f8 8c da f7 fc 33 35 7f 70 41 cd 23 7e 4a cd 1b 7e 41 cd 77 de a3 66 9f 8f a8 49 71 e0 7b ea 7c 11 fc 3b b5 42 f0 33 6a a7 82 7f e1 11 f5 6e 04 ff 46 ed a5 e0 e7 d4 f6 04 7f 4b ed 9e e0 03 6a 0f 04 97 d4 7e 15 fc 96 da 19 8e 7c 4a 9d 6f 82 7f a0 f6 03 60 55 28 fa 1d 1d 85 ca ef 58 a2 de f7 07 3a bb d4 11 92 8f a9 0d 30 f0 89 3a 52 f2 de ef d4 f1 25 df a7 36 93 5c 51 28 91 cb 41 9a 8c 2c e7 71 18 07 e2 a6 fe bc 39 78 ea 3f 0d 02 e7 [TRUNCATED] Data Ascii: 1309Zis[7C4FL8^,Ejl!1R~Z,nnzhrw7lc(x/-:39'Sj/Cj0{L@p{'^PF~uy5#[9<uOG~EM,35pA#~J~AwfIq{\|;B3jnFKj~\|Jo`U(X:0:R%6\Q(A,q9x?^0%E@Q<x4'>."a&F"Ga&DtOp,qW,/}$F*`0eGwAG'QO<IC^>i_MDaXGa;#n&I$XX'>%Ae~J2) XI&2I 1~&?5S,mIaR Ok$0?y0I$~]Xc{\:JhE!L,GFq7sv+%?\|K"FoOp{h<s#m7\|"=:G8cQ{T-IppDwMO()z57l~FhEOQy\|)mf(:;Y2Lz;8s"'"G&D"x8\O4[-
Sep 27, 2024 08:19:11.583523035 CEST	1236	IN	Data Raw: 93 d5 5a 18 a1 4d 1c dd 59 ba f9 c8 8f 47 8b 6b 0d e5 72 7c f3 83 13 0f 0c 22 b0 bc 35 0c 83 40 c4 16 28 1a 7b 03 05 fd a2 cb 24 a8 37 12 7c 21 53 3f 8c 20 f8 2e c4 11 24 cf 17 5c 99 05 36 df f3 b0 e1 4c 1f dc ca 74 fb ca 6b b6 24 fe b9 72 a7 89 Data Ascii: ZMYGkr\|"5@({$7\|!S? .$\6Ltk$r/X1FTXgf<Ee{'&cvwAK/@^jx@Doq95)YkMk<y{Yb/o\|js/xFP_e
Sep 27, 2024 08:19:11.583553076 CEST	448	IN	Data Raw: fc 66 14 c5 19 5c 5e 29 c7 ee e3 c7 b3 d9 cc 99 6d 3b 49 7a f9 78 ab d1 68 3c ce a6 97 16 07 79 33 0a 23 ad a6 d3 b4 78 a6 28 b5 08 0c 2b e8 18 12 10 8f a5 f7 88 59 50 6d 08 0b 49 4b f0 36 3e b5 4a b2 20 34 81 6b 21 d4 31 31 c9 fb 32 48 5b ea 75 Data Ascii: f\^)m;Izxh<y3#x(+YPmIK6>J 4k!112H[u",UEqi2I]a.)O;65 UK/p@Xv\V/wf8HPQ(37Q1'p-s0$Wp*R3#B"r Qhk&rWA
Sep 27, 2024 08:19:11.583583117 CEST	1236	IN	Data Raw: cd ca 53 54 15 94 de 3b 24 5f 83 53 08 31 7f b6 54 7b ec 58 08 62 e4 14 3b 62 8b 55 13 b9 c6 7d 20 1b 1b f2 01 7c 07 f6 1a 94 ff 08 65 17 4e a1 aa 52 31 e8 92 5a b5 48 64 2d 64 64 06 90 db 7e e4 67 99 fb 86 c1 5f 14 b8 a6 aa a5 dd 41 fb 79 07 41 Data Ascii: ST;$_S1T{Xb;bU} \|eNR1ZHd-dd~g_AyA55w'8TcLo[XNIk_n?QOop+[X0D[pDT]tcRP<^9O?iOd`@40:.z`Tx}a :r5L64oN(c>
Sep 27, 2024 08:19:11.583614111 CEST	1079	IN	Data Raw: 44 e1 5e 73 3f 0e 47 c8 21 20 27 75 06 d5 41 90 29 80 ca 63 74 1a 07 2a 18 c9 47 93 b6 03 2b aa 3a 2b 4d c1 33 23 f8 31 bb c8 b5 1b 0d 7f 86 db 8f 00 5d 59 18 dc 5b b9 c5 c4 e6 bd 0a 0c 95 80 7c b4 02 ff 8a 96 c9 1f 93 bf c1 84 db b8 4c 7b a9 87 Data Ascii: D^s?G! 'uA)ct*G+:+M3#1]Y[\|L{0 y"?:^4(8N<y_z3P7qw;HDZF0I(l9_o~[]^AXZHyvl_Mj}:(
Sep 27, 2024 08:19:11.977731943 CEST	1079	IN	Data Raw: 44 e1 5e 73 3f 0e 47 c8 21 20 27 75 06 d5 41 90 29 80 ca 63 74 1a 07 2a 18 c9 47 93 b6 03 2b aa 3a 2b 4d c1 33 23 f8 31 bb c8 b5 1b 0d 7f 86 db 8f 00 5d 59 18 dc 5b b9 c5 c4 e6 bd 0a 0c 95 80 7c b4 02 ff 8a 96 c9 1f 93 bf c1 84 db b8 4c 7b a9 87 Data Ascii: D^s?G! 'uA)ct*G+:+M3#1]Y[\|L{0 y"?:^4(8N<y_z3P7qw;HDZF0I(l9_o~[]^AXZHyvl_Mj}:(
Sep 27, 2024 08:19:12.889738083 CEST	801	OUT	GET /assets/logo-b4e095e7.png HTTP/1.1 Host: aa5aa5aa5aa5aa44.app Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%221eac12e6-1eaf-5e53-a3f2-b84436421122%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201727419743727%2C%20%22ct%22%3A%201727417943727%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=dd8959f7-020d-5d87-92de-a14fa2ef4951; __51vuft__KQFtdGOd9WuFBLcO=1727417943730; UM_distinctid=19232220dae2bd-07a6196558f62e-26031e51-140000-19232220daf416; CNZZDATA1281366638=1701857660-1727417946-%7C1727417946
Sep 27, 2024 08:19:13.206691980 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Sep 2024 06:19:13 GMT Content-Type: image/png Content-Length: 3726 Last-Modified: Sat, 24 Aug 2024 14:09:18 GMT Connection: keep-alive ETag: "66c9e98e-e8e" Expires: Sun, 27 Oct 2024 06:19:13 GMT Cache-Control: max-age=2592000 Accept-Ranges: bytes Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 f0 00 00 00 53 08 03 00 00 00 96 03 7a e0 00 00 00 ff 50 4c 54 45 47 70 4c dd 20 e3 ed 2a bd f5 2f ac da 1f e8 e4 24 d3 c4 26 b0 e2 26 d9 d9 1d ed e2 23 d8 33 33 33 ef 2b ba 32 32 32 f1 2c b7 f2 2c b8 ec 2a c1 32 32 32 e1 1f da f0 2c b8 df 22 dc 35 35 35 e9 28 c6 f3 2e af ee 2a bc e7 27 cb e4 25 d2 33 33 33 ee 2b bb de 21 df ef 2c bb 32 32 32 30 30 30 e7 26 ca 33 33 33 df 22 de 33 33 33 df 21 df f1 2c b6 e0 21 dc ee 2b bc 33 33 33 df 24 bd ec 29 c1 ec 28 c6 e4 24 d4 f3 2e b0 de 21 de ee 2b bc df 21 de ec 29 c2 33 33 33 eb 28 c3 f3 2e b1 db 1f e7 c5 1c a6 e5 25 d1 da 1f ea e0 23 db e2 24 d8 f3 2e b1 eb 29 c4 f5 2f ad df 22 de e3 24 d5 33 33 33 de 21 e1 ec 2a c1 f1 2d b5 f0 2c b9 e6 26 cf e7 27 cc dc 20 e6 e8 27 c9 ed 2b bf ea 28 c7 ee 2b bc dd 21 e3 d6 22 b9 c0 1b 9b ca 1e aa ac 15 83 b6 18 90 a3 12 78 9f 11 73 9b 10 6e 89 e0 dd a3 00 00 00 37 74 52 4e 53 00 9f 80 df bf 9f 11 20 bf 40 db 40 5e 10 20 30 bf 10 bf 60 23 50 60 70 df bf 98 df df 60 [TRUNCATED] Data Ascii: PNGIHDRSzPLTEGpL /$&&#333+222,,222,"555(.'%333+!,222000&333"333!,!+333$)($.!+!)333(.%#$.)/"$333!-,&' '+(+!"xsn7tRNS @@^ 0`#P`p``@op %`;$IDATx[W` (>ffVUwH=aIwwWEEx4dB{/~no;S]'\|6s!'uO.$bg\|#qn#j&pHA$V]HAGjhs$JM?ry6'DyDX]>~$?c>2[6\I;^R&wVK}b}RV pc"QHjO)^r$w53b^ a,wHOqj$ &^,H:r6\|]BVrDVZ3D!HoHcf6b3n`D"8}WZUk8K\|q#/CC@0UA]4v9CRkNT<\|#D?'-6>*#-]\p
Sep 27, 2024 08:19:13.206728935 CEST	224	IN	Data Raw: 29 29 0c 19 29 49 0c 85 29 3d 40 af 96 c2 28 b1 09 17 9f 1d dc 74 7f 96 b0 0f a6 3e 84 b7 21 c9 8b 28 2a 23 f6 68 e3 63 4c 4c 21 bf 02 45 62 ad 10 9b 70 95 a8 be 33 c6 91 97 2d 76 91 4e 25 43 a1 55 29 16 27 4c ee f6 96 14 23 96 31 11 86 67 51 39 Data Ascii: )))I)=@(t>!(#hcLL!Ebp3-vN%CU)'L#1gQ9No]\|B+)+jHH0/=IbRxdw6V!p9'>Dx. aR>UoCNAq3fv,S\|Xc30,">$0
Sep 27, 2024 08:19:13.207521915 CEST	1236	IN	Data Raw: a2 85 b7 cf 00 9f 6d 2c 60 c4 1a 77 36 3b 1e 31 a6 1f 21 bc e7 28 2f df e9 37 52 b5 b5 43 11 e5 19 29 50 8e 0f 03 51 50 9a 92 7f 32 99 4d 80 41 70 02 5c 3c 21 12 12 3e c6 e7 00 13 d0 8a 5a 06 ef 00 53 97 71 a0 4c 62 13 ae e2 51 67 c1 7e c8 f1 25 Data Ascii: m,`w6;1!(/7RC)PQP2MAp\<!>ZSqLbQg~%mx"b6r82L@BvFY8laZJ!k-gn1d-Sx@E7x9O[ a\|aeWV5bm;x8<BHHKf5&G
Sep 27, 2024 08:19:13.207575083 CEST	224	IN	Data Raw: 91 0d 43 28 f7 96 9d 9e aa 64 13 54 b5 8a 7b f3 47 61 a9 56 11 86 d2 e7 92 2e 8c 99 44 42 c3 28 81 f9 e7 f6 6d 0b 29 6c 91 05 97 e5 ca be ba d1 55 0c be bd 08 84 4b 58 e0 1d 7c f0 61 b1 65 a6 49 14 42 49 18 3c 0c 3e c6 18 d9 ac a1 53 1e 4b dd f3 Data Ascii: C(dT{GaV.DB(m)lUKX\|aeIBI<>SKVE>YU~@RoO{]?d%W}llsLcP%h"-JlW~1#904QrZ~X01N#v\4
Sep 27, 2024 08:19:13.207609892 CEST	1110	IN	Data Raw: 0d c2 18 9a 6a c8 0b 40 ea b0 f3 f5 ee ab 84 7d 04 3a ee ec 9f af ba a1 a4 e0 b2 7e d0 16 55 1e d9 2c 10 fe 1a 42 38 81 c1 00 3d 8e 05 ed e6 d9 7e 4c be 31 c6 36 5f 76 e3 fc 59 18 ec 3d 83 60 e8 09 18 1e c6 c3 c3 2d 5c ca 67 93 c1 f1 c5 25 dc 2f Data Ascii: j@}:~U,B8=~L16_vY=`-\g%/{!y&R4+17m@+?uf~}<q'G8VHx?:z,IFY1m?Z-%NCz_&J+{}$7(ho\%%;S5?B#cQB W]`=
Sep 27, 2024 08:19:16.085453033 CEST	788	OUT	GET /favicon.ico HTTP/1.1 Host: aa5aa5aa5aa5aa44.app Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%221eac12e6-1eaf-5e53-a3f2-b84436421122%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201727419743727%2C%20%22ct%22%3A%201727417943727%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=dd8959f7-020d-5d87-92de-a14fa2ef4951; __51vuft__KQFtdGOd9WuFBLcO=1727417943730; UM_distinctid=19232220dae2bd-07a6196558f62e-26031e51-140000-19232220daf416; CNZZDATA1281366638=1701857660-1727417946-%7C1727417946
Sep 27, 2024 08:19:16.497086048 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Sep 2024 06:19:16 GMT Content-Type: image/x-icon Content-Length: 15406 Last-Modified: Fri, 12 Jul 2024 05:38:31 GMT Connection: keep-alive ETag: "6690c157-3c2e" Accept-Ranges: bytes Data Raw: 00 00 01 00 03 00 10 10 00 00 01 00 20 00 68 04 00 00 36 00 00 00 20 20 00 00 01 00 20 00 28 11 00 00 9e 04 00 00 30 30 00 00 01 00 20 00 68 26 00 00 c6 15 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9f 30 ef 10 a0 31 f6 a6 a4 2f f4 f6 aa 2d f1 fe b0 2c ee fe b6 2a eb fe bc 29 e9 fe c2 27 e6 fe c8 25 e4 fe ce 24 e1 fe d4 22 de fe da 21 dc fe e0 1f d9 fe e5 1d d7 f6 eb 1c d4 a6 ef 20 cf 10 9a 33 f9 a6 9e 31 f6 fe a3 2f f2 ff ab 2e f1 fe c3 5f f2 ff bd 3f ed ff d2 6f ef ff d1 5d ec ff d9 6a eb ff d8 52 e7 ff dc 4d e4 ff db 26 dd fe e7 59 e3 ff e6 1d d7 fe eb 1c d3 ff f1 1a d2 a6 98 32 f8 f7 9d 31 f5 ff a4 2f f3 fe b4 47 f2 ff d3 89 f5 ff e9 c1 f9 ff c4 43 eb ff da 7f f0 ff e0 85 ef ff dc 64 e9 ff ea 95 ef ff ed 99 ee ff f0 99 ed ff e5 1d d6 ff ec 1c d4 fe f2 1a d1 f6 98 32 f9 fe 9e 30 f6 fe a4 2f f3 fe c0 66 f4 ff e6 bc f9 ff e3 ae f7 ff db 8a f2 ff ea b7 f6 ff ec b3 f5 ff eb a8 f3 ff ee a9 f2 ff f1 af f2 ff f2 a8 f0 ff [TRUNCATED] Data Ascii: h6 (00 h&( 01/-,)'%$"! 31/._?o]jRM&Y21/GCd20/f21/@noFabYZ\Z21/W'%&21/0:'%`_(20/-,!21/-fs!21/Ws8!21/;"!20/-,6i"!21/-,+^("!21/-,x%$"!31

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 08:19:04.665045977 CEST	597	OUT	POST /v6/collect?dt=4 HTTP/1.1 Host: collect-v6.51.la Connection: keep-alive Content-Length: 254 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Origin: http://aa5aa5aa5aa5aa44.app Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Data Raw: 1f 8b 08 00 57 4e f6 66 00 03 5d 50 31 4e 03 31 10 fc 4a e4 12 61 ce bb 5e c7 e7 94 14 a1 00 29 42 08 51 9b b3 0d 28 d1 71 ca d9 49 81 e8 69 79 0a 0f e0 3d 7c 83 5b 27 91 10 d2 16 a3 99 d1 78 c6 6f e2 25 88 c5 4c 5c df 2e 73 b8 5a 05 f7 50 96 97 37 dd 4a 9c cf c4 36 4f 0a 58 b4 04 d6 91 9e c0 44 66 26 c5 cf c7 17 df f7 27 fb d6 7b a6 18 85 f1 84 c6 43 2c 44 df 01 c6 b9 9c 40 92 26 1a 2d bd 4e 28 1f 5b 22 3d 27 04 40 64 7b 57 d8 fd 9c f3 b0 68 1a ef cd 9f 23 ba f0 c3 d0 b0 6b a8 ae 5a 6d 53 d3 b1 55 67 a0 90 98 da f8 fe 89 c9 d8 cb fb bb 9a 59 9b 96 7e dd bf ee 6b a5 1d 57 02 56 e2 09 30 83 c4 62 dd a5 78 c3 f6 08 ca 6e ec 8e be 72 58 13 42 eb 8c 4b 56 2a 54 41 9a d0 5a e9 30 44 e9 81 92 c7 98 c8 19 e0 97 4a fa f7 73 5a bd ff 02 28 b6 c6 7c 69 01 00 00 Data Ascii: WNf]P1N1Ja^)BQ(qIiy=\|['xo%L\.sZP7J6OXDf&'{C,D@&-N(["='@d{Wh#kZmSUgY~kWV0bxnrXBKV*TAZ0DJsZ(\|i
Sep 27, 2024 08:19:05.535056114 CEST	418	IN	HTTP/1.1 200 Date: Fri, 27 Sep 2024 06:19:05 GMT Content-Length: 0 Connection: keep-alive Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Access-Control-Allow-Origin: http://aa5aa5aa5aa5aa44.app Access-Control-Allow-Credentials: true via: EU-GER-frankfurt-EDGE7-CACHE4[248],EU-GER-frankfurt-EDGE7-CACHE4[ovl,246] X-CCDN-REQ-ID-46B1: 528a7f7e2256f2d548bc7385a8aaf9cf
Sep 27, 2024 08:19:50.548042059 CEST	6	OUT	Data Raw: 00 Data Ascii:

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 08:19:04.930926085 CEST	669	OUT	GET /assets/index-71f5a5dd.js HTTP/1.1 Host: aa5aa5aa5aa5aa44.app Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%221eac12e6-1eaf-5e53-a3f2-b84436421122%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201727419743727%2C%20%22ct%22%3A%201727417943727%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=dd8959f7-020d-5d87-92de-a14fa2ef4951; __51vuft__KQFtdGOd9WuFBLcO=1727417943730
Sep 27, 2024 08:19:05.809844971 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Sep 2024 06:19:05 GMT Content-Type: application/javascript Last-Modified: Sat, 24 Aug 2024 14:09:18 GMT Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding ETag: W/"66c9e98e-100c4a" Expires: Fri, 27 Sep 2024 18:19:05 GMT Cache-Control: max-age=43200 Content-Encoding: gzip Data Raw: 34 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 c4 bd 7b 57 1b 47 97 ef ff ff bc 0a e0 78 71 a4 b8 4d c0 c9 e4 f1 48 6e eb 60 8c 27 24 be c5 98 3c 76 18 1f 22 4b 0d 28 16 92 ac 0b 17 83 de fb ef f3 dd bb aa ba 25 70 e6 59 67 ad 59 bf 95 18 f5 a5 ba ae bb f6 7d ef aa 1d cf 06 9d 69 6f 38 a8 d5 af 3b c3 c1 64 ba 32 cd bb c3 ce ec ac 18 4c 37 3a e3 a2 3d 2d 76 fb 85 ee 6a 6b fd de e0 f3 5a 7d 63 5c f4 5f f4 26 d3 66 ef b8 36 5d 5f 9f 6e 4c 66 a3 d1 70 3c 9d 54 af 6b 6b 67 c3 ee ac 5f 8c 28 3c 6c 77 d7 ea f5 71 31 9d 8d 07 cd e3 e1 b8 e6 ed 0c 57 86 c7 2b a9 a9 2f b3 62 7c b5 5f f4 8b ce 74 38 de ee f7 6b ff 5b ad 1d f2 79 be 54 d5 c7 ff 4d 65 b5 61 bd 39 28 2e 56 5e ce a6 6d f5 fe f5 a7 49 31 3e 2f 78 9e 3f b9 2e db 98 a8 8d 61 9d 9e 4e 36 a6 57 a3 22 cf f3 b5 ce 69 af df d5 00 d6 ea 65 c1 b6 0a 4e 36 da dd 6e d1 7d 35 ec 16 93 7a 7b 63 da 3e 79 d5 3e b3 6f 5e ec bd fa 75 6d 7d bd ad b1 eb 7e 71 70 eb eb e3 5a bb 3e af 6f 0c bd 17 b5 38 aa ec 3a 35 d6 58 dd cc 26 b3 4f d3 71 51 70 39 af 37 e3 bc af 0c [TRUNCATED] Data Ascii: 4000{WGxqMHn`'$<v"K(%pYgY}io8;d2L7:=-vjkZ}c\_&f6]_nLfp<Tkkg_(<lwq1W+/b\|_t8k[yTMea9(.V^mI1>/x?.aN6W"ieN6n}5z{c>y>o^um}~qpZ>o8:5X&OqQp97KI~=oD7ziq2M~+o.q1~3:^v,>Wp2y=lR<`s&Zx[5n}WgogZc3`hey54(FVtn6^&fy\L;;eL>k}oYMWqOkG[0vl=>+Vhf:}tIr}llli=Iei{RoL/x=)jz\|S_l~>Zhg{v6"Rlt`=mY[xYxd>MOkkh8/vF{2?rz-._OX4/6Ee4N7O?6@d\|{<n_m&]~VhkCZ}KV/\|8z
Sep 27, 2024 08:19:05.809875965 CEST	1236	IN	Data Raw: be 81 17 40 01 6b 71 f5 d7 b2 df 96 5f 4d 80 9a c1 c9 5a f6 c5 7a 53 f9 66 72 75 f6 69 d8 07 cc 99 16 56 6d 35 cf 07 b3 7e 1f 34 59 56 eb 3d 5e cb f6 ac b3 b5 c9 80 a1 dc dc 3c 03 98 ea f5 f5 75 fd 6e 4c 4f 8b 41 bc ee b4 01 fe 7a f6 72 fb f6 14 Data Ascii: @kq_MZzSfruiVm5~4YV=^<unLOAzrNQU/gX7&[K7EkG=zm={"2`,gM,W)gip6GvStK8g~\d*9m$ I[M;\|'`
Sep 27, 2024 08:19:05.809885979 CEST	1236	IN	Data Raw: 40 64 f0 fb e2 f8 18 76 70 22 66 da de 77 fa 45 7b 30 1b 95 0f 20 35 ac 60 fe eb 38 5b 05 0c 7e b5 4d ac 82 c6 c2 e6 b5 5f c7 1b b6 19 26 50 88 74 4d 6d f5 fa c6 68 36 39 b5 b2 75 38 a9 f9 09 fd f5 b6 91 a2 e3 26 ac f4 68 3e 9e 69 a1 b4 91 ab 1d Data Ascii: @dvp"fwE{0 5`8[~M_&PtMmh69u8&h>i-E;_OMk9txu\|>79=\|2l_66}0I?~w+6?3z#IVJ/MkO IgC"1zK[Ii
Sep 27, 2024 08:19:05.809896946 CEST	1236	IN	Data Raw: 54 71 59 28 d3 0e 13 04 b6 67 7c 68 df d7 30 f4 04 b1 b2 55 20 5d 95 d5 79 d1 d8 5d 94 f4 b5 85 3a 9e b6 99 44 a4 42 81 e0 c2 8b af 5d a6 b7 69 44 bc 69 2d 38 ce 4c b2 eb ff 6b 35 ac e6 9a c4 d0 5b 0d aa 27 de de 7c 09 17 f4 85 0b 7a 75 14 cd a0 Data Ascii: TqY(g\|h0U ]y]:DB]iDi-8Lk5['\|zu~ci=3Fa^<[-A a\|5~GGYM0*4@hE/{O?uk'5K,@$L)>cY&_b"Z]'ItY5XtOac5
Sep 27, 2024 08:19:05.809919119 CEST	1236	IN	Data Raw: d6 ed b1 75 1b f0 56 b7 87 98 10 ad 1f 53 75 1b d2 93 ba bd f0 06 24 22 09 b3 2c e9 0d 40 21 a2 30 55 42 15 10 ea 93 1c f1 5a 91 f0 5a 65 a2 91 4b 4a 56 34 cd 2e f6 2e d3 a7 00 e8 9b ec 55 57 a8 8c e1 c2 c2 0c 01 3d 26 9d 05 19 2b 54 9c ea 1f 94 Data Ascii: uVSu$",@!0UBZZeKJV4..UW=&+T0*79q<+ >z6o6oOnonoiaYO+Dn^fH~15 j"D{Ywa\|qN{tRgkTz?W\|3x
Sep 27, 2024 08:19:05.809930086 CEST	1236	IN	Data Raw: 4d 4c d8 86 cc da 19 9d c8 a6 58 38 05 8b c1 2a e5 37 c1 67 06 0f 54 f4 09 ed 41 47 ce f6 ff dc 06 f7 06 cd 50 15 47 33 b3 12 fa 7f 94 3a 2a 34 15 06 16 ec af f2 c1 c4 e0 81 3f 4a a5 a7 68 dd be 81 2b 20 b4 a0 37 31 96 69 f2 ce 45 21 22 5a ff 55 Data Ascii: MLX87gTAGPG3:4?Jh+ 71iE!"ZU3)V+z]>2CDAo#6M#wa;T)\|UE=Kmg@{K77cTi}}Pwl@Rc~fSOumwxO*?e4V"Hpeg
Sep 27, 2024 08:19:05.809941053 CEST	1236	IN	Data Raw: a2 ff 98 af fb f5 e7 93 c3 dd b6 fc f8 ab 5b 2b 1a 30 ff 69 c2 6c 05 76 b6 be c7 4d 93 71 67 67 8f 6e 45 08 d3 b1 c2 ba e7 ae 08 f2 b7 60 72 e9 67 a1 59 93 f3 be cd 9e 23 8d 07 5b 86 38 c3 1b 2b 11 75 16 5b 11 fe 07 15 ce 6b 6a 93 66 98 02 50 17 Data Ascii: [+0ilvMqggnE`rgY#[8+u[kjfPi59g1jc7*~,&~ZT~P}jkn]N0TKon1;&)5B@JvUnBH!S9F:Hk-Y
Sep 27, 2024 08:19:05.809951067 CEST	108	IN	Data Raw: 14 76 96 b3 5f 9a 70 a9 ce 2b 93 ea 2b 48 76 1e 6d 01 48 c2 93 c0 c5 f5 d7 b7 36 1f fe 18 70 8d bf e6 d1 4f 11 f9 8c 5b c7 84 5f 20 18 76 64 16 6a eb eb fe fa a3 92 cf c0 c3 e6 6a d0 3e eb 75 d8 ee a3 49 92 cf 8f e1 d2 8e 1f cf 22 4b 7a 5c b2 68 Data Ascii: v_p++HvmH6pO[_ vdjj>uI"Kz\h\|vxl}U^1?PHA'6
Sep 27, 2024 08:19:05.809958935 CEST	1236	IN	Data Raw: 5a ee f7 72 3b ed 69 8a 57 7b cc 7d 6f e3 1e bc 11 96 06 08 c5 26 69 79 f2 bc 2d 8a 81 47 5b b5 b7 9b d6 e1 50 5f 25 6c 89 01 19 81 2f 65 81 ea 96 71 2e 37 32 84 f4 af fa b2 a8 87 11 95 f3 15 35 12 e2 4b 87 8f 93 c8 58 61 4a f1 b0 3a 84 25 65 c4 Data Ascii: Zr;iW{}o&iy-G[P_%l/eq.725KXaJ:%euKG<M~zTvZ~V:zn*;B9hwS6a%TJsY4uAR+RBSVhJY<9YX-h&)a(G 5E~>x\|"nTK<
Sep 27, 2024 08:19:05.809972048 CEST	1236	IN	Data Raw: 1e 53 b0 50 03 c1 cd ee ad 6f 28 b6 ae 0e 38 be 0b 46 a7 6f 24 a6 f2 b1 a5 24 6d 1a 98 3e 65 5c cb df 91 6b 48 8e 4f 16 46 8a 7a 2b 6a 58 94 2b 95 2f cc e8 26 9b 0c 21 17 21 1d 18 79 84 28 29 a6 c9 27 dc 1c 10 8b e5 ea e3 48 cb b9 fb 62 94 cf b5 Data Ascii: SPo(8Fo$$m>e\kHOFz+jX+/&!!y()'Hb)&wSHO.x315OZC\|3_#~MKd-#`+\|?40pGqMn(b3+-Dhf<@(Lahi2Sx#{}t6FL>Y
Sep 27, 2024 08:19:05.814893961 CEST	1236	IN	Data Raw: c0 19 db 87 2f 24 e1 a1 77 0a d8 43 0f 90 8e ec 79 81 8c bc 5f eb 6a 44 4f 19 d1 53 8d a8 d3 47 d5 2d f0 08 38 84 dd 7b 15 59 db c4 66 3c ab 28 b8 cc ee 24 44 0e 3f 5a 46 52 c8 48 01 d4 2b 41 ba eb d1 dd aa 57 61 ee a0 00 a5 16 d0 3e 46 52 8a a5 Data Ascii: /$wCy_jDOSG-8{Yf<($D?ZFRH+AWa>FR+P6VC$O&gKED~,MTG-M&;R;\|Qy!M&~:[{Drl}ToC6%DtV"O0NL:^uIjIuf)eS[`R
Sep 27, 2024 08:19:11.264625072 CEST	800	OUT	GET /assets/Home-52354fe8.js HTTP/1.1 Host: aa5aa5aa5aa5aa44.app Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%221eac12e6-1eaf-5e53-a3f2-b84436421122%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201727419743727%2C%20%22ct%22%3A%201727417943727%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=dd8959f7-020d-5d87-92de-a14fa2ef4951; __51vuft__KQFtdGOd9WuFBLcO=1727417943730; UM_distinctid=19232220dae2bd-07a6196558f62e-26031e51-140000-19232220daf416; CNZZDATA1281366638=1701857660-1727417946-%7C1727417946
Sep 27, 2024 08:19:11.578546047 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Sep 2024 06:19:11 GMT Content-Type: application/javascript Last-Modified: Sat, 24 Aug 2024 14:09:18 GMT Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding ETag: W/"66c9e98e-e33" Expires: Fri, 27 Sep 2024 18:19:11 GMT Cache-Control: max-age=43200 Content-Encoding: gzip Data Raw: 36 31 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 97 4b 6f db 46 10 80 ef fd 15 0a eb 1a 24 30 a4 f5 b0 6c 47 06 5d c8 8f c4 4e 9c 38 89 13 e7 21 08 0c 45 2e a5 b5 29 92 59 2e 25 2b 02 2f 05 da bf 50 20 bd f4 d0 73 4f bd f4 07 25 bf a3 33 7c 58 0f 2b 8d 51 14 86 35 14 c9 d9 9d 9d c7 37 23 3e 8c 42 21 a7 e7 15 3b ae ec a7 9e 08 87 8a b1 71 3e e6 11 13 fb 76 10 30 a1 37 1b 55 af b1 d5 6c 1a 97 b1 b2 cb f3 d7 5d 7a 3d 02 41 62 02 09 89 53 08 49 8c a1 4f e2 04 6c 12 0c 1c 12 31 f4 48 48 18 93 f0 80 91 b0 e1 01 09 07 3c 12 2e 48 12 3d 18 90 08 c1 22 d1 06 4e e2 10 2e 49 ac 41 44 e2 09 5c 91 38 06 9f c4 53 38 22 71 06 43 12 cf 20 20 f1 b2 3c 08 0f 5c 76 ad 6f d7 bc a6 dd 74 dd f9 13 64 5a e7 b9 95 17 70 41 df 1e 94 5a 07 a1 7f c1 5d 16 9e 48 36 d4 ab db ee a6 5b db 76 e6 95 b3 03 3f 84 36 89 83 dc d4 17 a5 72 db 1d 31 21 79 cc 86 2c 90 a7 3c 96 c6 28 61 16 fd cb 49 c4 ac d8 11 3c 92 56 cc 64 12 59 52 e0 ed c0 1e 32 eb 96 96 e5 db 41 5f df 72 b6 5c b6 e3 de cf 36 77 c2 20 96 95 57 e6 d4 f1 ed 38 6e 29 9e cf [TRUNCATED] Data Ascii: 61cKoF$0lG]N8!E.)Y.%+/P sO%3\|X+Q57#>B!;q>v07Ul]z=AbSIOl1HH<.H="N.IAD\8S8"qC <\votdZpAZ]H6[v?6r1!y,<(aI<VdYR2A_r\6w W8n)+p\Z}]w+Cw6JI;L!cAc\&D-doG(-m3vK`v08stSrKKp`K<a\|6}Gy<Uj7F0^NT}nSx`dIjVoxNatWqK><yQ<0UXU\>Rt:i,'>kMRV@U_;Cm)d\|2;vv2z+6iY0Rzau"RSA $V&NSMMM_.63^}cT!(t~fiID=9%EjRaZZ;Q*dv("lQ,0b'.CSo6JO+PVR1cAe=C}bHX,wRgWll/$Dz
Sep 27, 2024 08:19:12.891710997 CEST	804	OUT	GET /assets/qr_code-8c1a238d.jpg HTTP/1.1 Host: aa5aa5aa5aa5aa44.app Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%221eac12e6-1eaf-5e53-a3f2-b84436421122%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201727419743727%2C%20%22ct%22%3A%201727417943727%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=dd8959f7-020d-5d87-92de-a14fa2ef4951; __51vuft__KQFtdGOd9WuFBLcO=1727417943730; UM_distinctid=19232220dae2bd-07a6196558f62e-26031e51-140000-19232220daf416; CNZZDATA1281366638=1701857660-1727417946-%7C1727417946
Sep 27, 2024 08:19:13.213536024 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Sep 2024 06:19:13 GMT Content-Type: image/jpeg Content-Length: 6245 Last-Modified: Sat, 24 Aug 2024 14:09:18 GMT Connection: keep-alive ETag: "66c9e98e-1865" Expires: Sun, 27 Oct 2024 06:19:13 GMT Cache-Control: max-age=2592000 Accept-Ranges: bytes Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 83 10 00 28 00 28 00 28 00 28 00 2b 00 28 00 2d 00 32 00 32 00 2d 00 3f 00 44 00 3c 00 44 00 3f 00 5d 00 55 00 4e 00 4e 00 55 00 5d 00 8c 00 64 00 6c 00 64 00 6c 00 64 00 8c 00 d5 00 85 00 9b 00 85 00 85 00 9b 00 85 00 d5 00 bc 00 e4 00 b9 00 ad 00 b9 00 e4 00 bc 01 52 01 09 00 eb 00 eb 01 09 01 52 01 86 01 48 01 36 01 48 01 86 01 d9 01 a7 01 a7 01 d9 02 53 02 35 02 53 03 0a 03 0a 04 15 ff db 00 83 11 00 28 00 28 00 28 00 28 00 2b 00 28 00 2d 00 32 00 32 00 2d 00 3f 00 44 00 3c 00 44 00 3f 00 5d 00 55 00 4e 00 4e 00 55 00 5d 00 8c 00 64 00 6c 00 64 00 6c 00 64 00 8c 00 d5 00 85 00 9b 00 85 00 85 00 9b 00 85 00 d5 00 bc 00 e4 00 b9 00 ad 00 b9 00 e4 00 bc 01 52 01 09 00 eb 00 eb 01 09 01 52 01 86 01 48 01 36 01 48 01 86 01 d9 01 a7 01 a7 01 d9 02 53 02 35 02 53 03 0a 03 0a 04 15 ff c1 00 11 08 01 70 01 70 03 01 22 00 02 11 01 03 11 01 ff c4 00 1a 00 01 00 03 01 01 01 00 00 00 00 00 00 00 00 00 00 00 04 05 06 03 02 01 ff c4 00 2f 10 [TRUNCATED] Data Ascii: JFIF((((+(-22-?D<D?]UNNU]dldldRRH6HS5S((((+(-22-?D<D?]UNNU]dldldRRH6HS5Spp"/4Sr23QR!1"qABC""12qAQR#?4/wN/wN/wN/wN/wN/wNUCPU;iN8/w<1:^/w<1:^>UN=\0$HN'KON'KON'KON'KON'KON'KO8fdv.a]f&RR-R~0gH~0gH:r\.[7V]W~6&j^GgH~HCsUuck;RGwC{zIZ~0gH~0gHtJ
Sep 27, 2024 08:19:13.431406975 CEST	788	OUT	GET /openIM.wasm HTTP/1.1 Host: aa5aa5aa5aa5aa44.app Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%221eac12e6-1eaf-5e53-a3f2-b84436421122%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201727419743727%2C%20%22ct%22%3A%201727417943727%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=dd8959f7-020d-5d87-92de-a14fa2ef4951; __51vuft__KQFtdGOd9WuFBLcO=1727417943730; UM_distinctid=19232220dae2bd-07a6196558f62e-26031e51-140000-19232220daf416; CNZZDATA1281366638=1701857660-1727417946-%7C1727417946
Sep 27, 2024 08:19:13.744774103 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Sep 2024 06:19:13 GMT Content-Type: application/wasm Last-Modified: Fri, 12 Jul 2024 12:07:06 GMT Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding ETag: W/"66911c6a-1c29759" Expires: Sun, 27 Oct 2024 06:19:13 GMT Cache-Control: max-age=2592000 Content-Encoding: gzip Data Raw: 34 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec dc 55 b0 b5 4b 7a 1f f6 b3 98 99 99 99 99 bf 44 64 45 b6 2c cb 16 d8 71 c0 1a cd 1c 4b 23 cf cc 91 07 04 4e 22 6d 66 66 66 66 66 66 66 66 f8 f6 fe 36 33 63 ce 1c 59 15 45 aa f2 4d 6e 52 ae fd 5e bc d5 ab ff cf 7a ba fb b7 6a dd f6 57 df fb d9 8f 01 5f 7d fb 5c 79 79 79 7d 85 fc 93 6f b4 7f fc 8b 1f fe e8 07 3f fc c1 3b ff 37 bf e1 7f 37 e6 ff d6 af 3b f9 c2 5f b5 6b be f9 ed 9f fe e2 b7 2d df ff 17 bf fe fd 9f fc fa ef fc f8 af 7f ee d0 fd da cf ff f8 0f fe d9 bf ff 9d 6f 7e ed f7 fe fd 6f fc f4 37 7f e3 fb 7f f5 fd 1f ff 67 dd 3f fb 9d df fe e6 0f ff ec 9b bf 34 5b 8d 36 fd ef fe e4 df fd e4 0f fe f4 6b dd cf fe c5 ef fd eb df fd 83 ff f0 e7 3f b0 ff fe cf 7f f4 e7 bf f1 6f ff ec 3f fd ca cf 84 48 fe 3b a0 e7 97 eb a2 ff 08 f0 b7 80 bf fd f6 f5 d5 1f 81 ff e6 db 07 f0 37 7f 04 fa db bf fd e5 14 e8 ef 3e 01 ff e6 6f be fa a3 af be fa 23 e0 df 7e 5b f2 d5 2f e7 bf 8d bf fd f8 5d 29 e0 ff 04 fc 0d b0 c4 ff db 3e 0c e0 9f 7c 03 f9 c1 d7 7f fc 8b 3f f9 [TRUNCATED] Data Ascii: 4000UKzDdE,qK#N"mffffffff63cYEMnR^zjW_}\yyy}o?;77;_k-o~o7g?4[6k?o?H;7>o#~[/])>\|?_?~/7?_?/+}_~7K?\|'~9,{~_7*OILOO~zS?~#L.#g?'}A/n#$u+wn!?p5oOO][?oq=~{\|W%~'?~q~?_7' ULw/W\|\|w!P+BwqC\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 08:19:05.388828039 CEST	670	OUT	GET /assets/worker-d3bc0bde.js HTTP/1.1 Host: aa5aa5aa5aa5aa44.app Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%221eac12e6-1eaf-5e53-a3f2-b84436421122%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201727419743727%2C%20%22ct%22%3A%201727417943727%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=dd8959f7-020d-5d87-92de-a14fa2ef4951; __51vuft__KQFtdGOd9WuFBLcO=1727417943730
Sep 27, 2024 08:19:06.262064934 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Sep 2024 06:19:06 GMT Content-Type: application/javascript Last-Modified: Sat, 24 Aug 2024 14:09:18 GMT Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding ETag: W/"66c9e98e-32d56" Expires: Fri, 27 Sep 2024 18:19:06 GMT Cache-Control: max-age=43200 Content-Encoding: gzip Data Raw: 34 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd fb 5a 1b 49 b2 2f fa f7 d9 8f 70 fe 92 eb b0 b0 6a 28 6b 00 77 7b 66 84 cb 1c 0c a2 8d 8d c1 e6 e2 cb d0 1c b5 90 4a 48 46 a8 d4 25 09 4c 83 d6 b3 ec 67 d9 4f 76 7e 11 79 a9 cc aa 2c 49 f8 d6 3d df b7 66 ed ed 46 55 59 99 91 91 71 8f c8 cc 72 7b dc 6f 8e ba 71 bf ec df 7a e3 61 54 1a 8e 92 6e 73 e4 ad 5d 35 92 d2 55 12 ee 9f 7d 8a 9a a3 4a 2b 6a 77 fb d1 9b 24 1e 44 c9 e8 26 38 73 bf e8 46 c3 e0 5a bf 3a 8f 46 fb d7 7d f5 cd 56 34 6c 26 dd c1 28 4e 86 c1 d1 48 f5 6b b7 39 bc b9 3c 8b 7b c3 a0 a6 fb 18 24 f1 28 1e dd 0c a2 4a a7 31 34 7a 0b 0e 1d 4d d0 98 c1 db 19 d6 fa e3 cb 28 69 9c f5 a2 e0 72 14 96 93 20 0a fa 7e f8 2c 2a 75 fb a5 64 fd 2a e1 27 b7 91 6e 55 7d b0 1c 34 e3 7e bb 7b 3e e6 af e8 f7 75 d2 1d a9 bf af 1a bd 71 54 ed 4f fc 6a 72 12 9d 86 fd a0 2e 7a 45 9f b7 ed 38 29 13 b2 fa d4 79 74 77 57 8e c2 db 89 ef d7 92 4a b3 d1 eb 95 69 e4 c5 c5 cb 11 86 ec 07 d1 49 ff d4 5f eb b6 cb 47 23 3f fd 2e 6e 97 8e 46 e5 c8 f7 0f 8b bf 49 a2 d1 38 [TRUNCATED] Data Ascii: 4000ZI/pj(kw{fJHF%LgOv~y,I=fFUYqr{oqzaTns]5U}J+jw$D&8sFZ:F}V4l&(NHk9<{$(J14zM(ir ~,ud'nU}4~{>uqTOjr.zE8)ytwWJiI_G#?.nFI8`>y\'ep,h5=![<JaQ=mv^U=^}\Fa<zqR(Q<y`z` gm6JQ}];zU?om>Y^I}:qGv<dk`bn^9N?[ynH@tW>Z{%wIWk U^\r[`%cu&VA^gU2Od;{hf?2sxJM36xi?K_?B!fjJEI#(C=_\|#z;NNNJ/:M\Yk4;3uVT*fHM&p@U`TXQ%K~pKPW d\JLvQZhbF$C+eMK9+3zP{&Gg5cPJ?a
Sep 27, 2024 08:19:06.262090921 CEST	1236	IN	Data Raw: 32 d0 ce 00 67 12 5d 76 21 97 03 50 41 5f 91 52 1c de 32 91 41 8c 12 5d 40 27 04 92 6e 0d e2 16 44 6b 3c 28 c7 4e 4e f4 ab 82 1e e2 49 70 13 b6 99 a2 ef ee e2 e0 4c 90 ab 60 b6 75 49 dc 0c ab 64 c4 d0 53 5a db 13 43 89 e7 e5 1b f7 28 77 77 b7 93 Data Ascii: 2g]v!PA_R2A]@'nDk<(NNIpL`uIdSZC(ww=m$I(imbCbL7s `Tg)zBAB]EOB0S?N^mXAC_&q@V6-4Ws>k?C ]KDUaa79&O
Sep 27, 2024 08:19:06.262103081 CEST	1236	IN	Data Raw: cb 4a 4a fe 10 80 18 b6 65 c6 a6 b1 88 db b4 6b 84 55 23 e4 93 32 69 b3 62 1b c1 9e 2c a8 e0 1f 35 d5 a4 60 35 b2 0a 03 42 be 80 84 72 2d 73 c3 39 90 05 a1 69 02 25 ad 6a e5 c7 09 9a d2 a6 36 64 03 29 c8 9b 11 28 75 0d 16 e8 cd 28 f0 36 f7 b7 6a Data Ascii: JJekU#2ib,5`5Br-s9i%j6d)(u(6jl6*~JWW@h^$WK=/^7s?TMO.%lwJwGe^\|5VRg.:KFe7F)?,^DHh$X`P-(X6/~
Sep 27, 2024 08:19:06.262111902 CEST	1236	IN	Data Raw: ba bd aa f0 33 a6 de 41 78 45 38 56 94 30 d0 00 a8 0e 07 82 55 d0 23 02 ac 9a 82 41 bf 9a 98 19 19 f8 2d 0b 43 2e c2 e5 b5 8b a7 cf 65 30 68 ed 62 69 49 10 c3 55 f8 fc e4 e2 74 ed aa 92 ae 25 c6 4e 7f dc dd 21 aa 73 25 73 7e a2 2e 25 44 5d 8a 01 Data Ascii: 3AxE8V0U#A-C.e0hbiIUt%N!s%s~.%D]?\|UQu*x.8Wfp%m&?_\za?b;KruK@O&gPJ^-LRN_.d[ (Rq0ru%JyS^Y=X0=JI{,?j~n
Sep 27, 2024 08:19:06.262125969 CEST	896	IN	Data Raw: 40 5f 7e ae 7a 0b ae 4f 38 7c bd 81 7c 0f 12 9e 5c e4 72 08 94 f6 c4 84 b8 3f 84 ac d4 ef 03 d1 82 bc d5 aa f7 f0 a1 17 0c 23 4a a5 c2 2c ae 7a 25 fc e2 05 05 92 2e 1b 23 c2 02 53 46 ba 4e e8 6c 12 9c 57 44 3c e0 9d 39 47 94 b4 e1 85 2a 5d 30 5f Data Ascii: @_~zO8\|\|\r?#J,z%.#SFNlWD<9G]0_q6 J:$AO?4+p@HW-7PMD!\*t-oQ,,WfW7$KcF>r{peGZ]ArJQ]jcNX1?;'RENF9>
Sep 27, 2024 08:19:06.262135983 CEST	1236	IN	Data Raw: 0b 45 91 82 8e aa 10 c3 1a a4 19 75 19 34 d9 4d d7 1e 9d bf 4e 3e 33 7b 11 2d da c0 6a fa 10 cb d2 3c 6f 8a 20 01 b6 ff 18 4d 1f d4 d4 5b 88 1e 65 42 89 f7 3c 25 20 96 9d 25 0e 58 b9 f8 5d ca 78 b0 72 70 9d 77 88 e7 26 0d 39 cb f7 50 4b 90 52 05 Data Ascii: Eu4MN>3{-j<o M[eB<% %X]xrpw&9PKR+@+Y2VhmDALNjPHD`#kl^`Xg;m+nc}GM9\|}yw4#lz;rEcIJ"F%D+/=v0"2vBoxwKxXT
Sep 27, 2024 08:19:06.262146950 CEST	1236	IN	Data Raw: 4a ad e5 af a1 3f 90 83 63 51 66 84 e7 49 98 6d 22 21 37 5b 8c 91 4a 76 68 82 b9 c3 00 32 d7 28 33 79 9d 2f ce e4 05 e4 ea 4a cd 8b 5a 98 01 12 50 14 09 47 e5 05 3b 96 c1 00 bf c9 cd 55 d1 2e 60 4f 07 f5 39 90 84 4f 68 85 65 3c 55 24 df a6 65 eb Data Ascii: J?cQfIm"!7[Jvh2(3y/JZPG;U.`O9Ohe<U$e0 [Mv&j4%kq_B2qqVQr<=-qOS\|&~QL52>&CT3C:0BI #ty]MEXTb2V@
Sep 27, 2024 08:19:06.262159109 CEST	1236	IN	Data Raw: 82 2d c5 52 21 6c 54 a8 0a 19 45 2c 28 65 da 10 f6 32 7e c0 09 21 83 5e 65 e6 cd 8a 2e 79 d8 a1 20 4f e9 c1 50 17 a9 03 13 48 ab 8f 32 97 3f 4c b3 c3 13 69 56 b0 b5 50 ef ec 03 f2 5d d9 2e d0 3a 3c 16 59 5f 01 d2 df 21 d2 7f e9 22 7d 55 58 21 66 Data Ascii: -R!lTE,(e2~!^e.y OPH2?LiVP].:<Y_!"}UX!fOLEm/P"t-'p^(K)qBU1>Ht0pa#W\S\|A&d`?G^cl?P\|_&g_6H9R
Sep 27, 2024 08:19:06.262171030 CEST	1236	IN	Data Raw: 86 48 20 e2 55 2f dd 3b 0b b1 d5 0b 72 69 fb 1e 49 4d 1c c0 0c 3d db 14 b1 89 19 15 69 3f 50 75 b5 24 58 39 ba 54 86 1e 36 d6 2b d0 11 b7 99 3f b2 97 af 93 32 7a 5a f7 b6 76 0e 8f 76 f6 36 8f 4c 41 e0 ae 9e e2 33 d6 9f df cc a3 f2 bf 5f d4 fe 9c Data Ascii: H U/;riIM=i?Pu$X9T6+?2zZvv6LA3_(uVX\|,3o5xt`MGMOHCQwQr&~K[,a0ku=CXvI6okSbpB%g\F1n'J?iO8G,V8{gN.y
Sep 27, 2024 08:19:06.262181997 CEST	1236	IN	Data Raw: c5 d1 d6 81 35 6f 67 1f 24 ea 74 15 85 80 b4 4f 69 b1 04 a4 94 8e de 92 de 66 fc 3d 1c 48 e7 61 2f 2a 5a 29 aa 41 c4 a5 29 33 72 eb 83 6f 7e 8c 01 aa 93 08 8e 21 1d 3d 8b d4 9a a8 e5 98 b1 bf 4a 7d e3 22 bf fb 6c b3 c2 41 a0 2f f9 0a db f4 74 19 Data Ascii: 5og$tOif=Ha/*Z)A)3ro~!=J}"lA/tBu6%y'>7#g=k>q9k-u<m}6lI\|8nY@bP["3k%UW&E'W/92g8T=8T;{5dd
Sep 27, 2024 08:19:06.267083883 CEST	1236	IN	Data Raw: 37 2f ff 26 ef 78 da 21 f1 15 7d 19 66 7a 01 25 39 d3 53 bf c9 bb 2e c2 ce 0f bd ff d7 0b 16 dc d1 8b 2d 38 fb a9 db f0 5c fb 0d b8 2c ec 39 9d 04 72 7c b4 b9 0d a4 7f 8c 1a 49 19 fb ce 1e e1 f0 01 f5 fc 35 ee 20 eb e0 e1 8a 78 ae 1e 53 8f d4 14 Data Ascii: 7/&x!}fz%9S.-8\,9r\|I5 xS8T^@^Y5}G.<0$?EexhgqE-0-8R:@X^fa=H.GK_uT#P(UvRMUjz8y8#<
Sep 27, 2024 08:19:11.264755011 CEST	808	OUT	GET /assets/ColVideoItem-07d4d17c.js HTTP/1.1 Host: aa5aa5aa5aa5aa44.app Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%221eac12e6-1eaf-5e53-a3f2-b84436421122%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201727419743727%2C%20%22ct%22%3A%201727417943727%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=dd8959f7-020d-5d87-92de-a14fa2ef4951; __51vuft__KQFtdGOd9WuFBLcO=1727417943730; UM_distinctid=19232220dae2bd-07a6196558f62e-26031e51-140000-19232220daf416; CNZZDATA1281366638=1701857660-1727417946-%7C1727417946
Sep 27, 2024 08:19:11.574347019 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Sep 2024 06:19:11 GMT Content-Type: application/javascript Last-Modified: Sat, 24 Aug 2024 14:09:18 GMT Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding ETag: W/"66c9e98e-eed" Expires: Fri, 27 Sep 2024 18:19:11 GMT Cache-Control: max-age=43200 Content-Encoding: gzip Data Raw: 37 66 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 57 db 6e db 48 12 7d df af 50 38 81 41 62 4a 8c e4 d8 4e 86 06 27 a0 64 c5 51 94 f8 1a 3b f1 08 82 d0 22 9b 14 6d 8a cd 69 36 25 3b 1a 3e 0e b0 c0 7e cc 3e ee bc cc df cc 02 f3 19 5b d5 24 e5 cb 66 b1 fb b0 06 cc 6a b2 2f 55 75 ea 74 55 29 5e 64 42 aa b5 6c b1 bc 75 04 82 c4 09 7c 24 71 00 6c 4a f2 1c 02 12 53 98 75 48 ce 80 91 48 c0 27 11 c3 35 89 01 cc 49 e4 e0 bf 24 39 82 cf 24 e6 70 4e 22 82 af 24 fa e0 ef 90 3c 83 b7 24 96 10 92 b8 83 2b 12 37 30 23 91 81 bf 4b 72 05 fe 1e c9 e7 30 db 26 79 0d b3 1e c9 4f 50 90 b8 00 a6 97 9f c2 90 c4 15 70 12 05 28 12 43 60 da b4 63 58 91 58 40 46 e2 16 6e 48 7c 05 a6 bd 79 0b 03 12 87 c0 f4 d6 77 c0 7e 20 f9 11 98 f6 ee 3d 68 d7 3f 94 a1 14 0b c3 7e 11 a7 01 bf 6d bf ea 86 bb 6c 37 08 ec eb dc d8 f7 45 9a ab d6 67 d7 64 20 dd 8e e5 fe b8 8e 43 53 ba 2e 8e 25 57 85 4c 5b ac 5e 93 ba 47 e6 b3 ae b5 9f 70 d5 12 6e a7 fe ea bb 26 6d 12 5b 5b 7e c2 99 fc 14 2f b8 28 94 29 2c 10 ee 0a f5 89 95 9d 73 d5 7c d6 6b 53 7b [TRUNCATED] Data Ascii: 7ffWnH}P8AbJN'dQ;"mi6%;>~>[$fj/UutU)^dBlu\|$qlJSuHH'5I$9$pN"$<$+70#Kr0&yOPp(C`cXX@FnH\|yw~ =h?~ml7Egd CS.%WL[^Gpn&m[[~/(),s\|kS{%H&7-K~v5KS<p.NO4#H[/TGbfgX\|YB"X:SKTQ_%1(?W}?B1%>>T,ReFzV('/'wjS1Ho8JCNrNmY\|MZW44zaA1S31-M#M#&-*5Jo^Xoy37Go)-<X,tkjyncc:c[citURigBA08k~;l I]L~gQ1jzA%ubBsx\|TTX87p[3dnD0@KH$;nb1"sP9n%x0\H7q}7FaYHRc~2uxhZHII5j8d

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 08:19:05.425468922 CEST	279	OUT	GET /js-sdk-pro.min.js HTTP/1.1 Host: sdk.51.la Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Sep 27, 2024 08:19:06.211268902 CEST	1236	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 06:19:06 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Server: openresty Cache-Control: no-store Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: true via: EU-GER-frankfurt-EDGE5-CACHE2[172],EU-GER-frankfurt-EDGE5-CACHE2[ovl,171],CHN-HElangfang-GLOBAL6-CACHE139[ovl,16] X-CCDN-REQ-ID-46B1: 505477f83ff628ef41f3394fa4d1d5a9 Data Raw: 34 61 36 0d 0a 2f 2a 21 0a 2a 20 35 31 4c 41 20 41 6e 61 6c 79 73 69 73 20 4a 61 76 61 73 63 72 69 70 74 20 53 6f 66 74 77 61 72 65 20 44 65 76 65 6c 6f 70 6d 65 6e 74 20 4b 69 74 0a 2a 20 6a 73 2d 73 64 6b 2d 70 72 6f 20 76 31 2e 35 38 2e 33 0a 2a 20 43 6f 70 79 72 69 67 68 74 20 c2 a9 20 32 30 31 36 2d 32 30 32 32 20 35 31 2e 6c 61 20 41 6c 6c 20 52 69 67 68 74 73 20 52 65 73 65 72 76 65 64 0a 2a 2f 0a 28 66 75 6e 63 74 69 6f 6e 28 63 29 7b 27 75 73 65 20 73 74 72 69 63 74 27 3b 76 61 72 20 65 3d 77 69 6e 64 6f 77 2c 67 3d 65 5b 27 64 6f 63 75 6d 65 6e 74 27 5d 2c 68 3d 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 2c 69 3d 41 28 27 4f 62 6a 65 63 74 27 29 2c 6a 3d 41 28 27 4e 75 6d 62 65 72 27 29 2c 6b 3d 41 28 27 53 74 72 69 6e 67 27 29 2c 6d 3d 41 28 27 41 72 72 61 79 27 29 2c 6e 3d 41 28 27 46 75 6e 63 74 69 6f 6e 27 29 2c 6f 3d 41 28 27 52 65 67 45 78 70 27 29 3b 66 75 6e 63 74 69 6f 6e 20 71 28 74 2c 75 29 7b 72 65 74 75 72 6e 20 76 6f 69 64 20 30 78 30 21 3d 3d 74 26 26 2d 30 78 31 [TRUNCATED] Data Ascii: 4a6/! 51LA Analysis Javascript Software Development Kit* js-sdk-pro v1.58.3* Copyright 2016-2022 51.la All Rights Reserved*/(function(c){'use strict';var e=window,g=e['document'],h=encodeURIComponent,i=A('Object'),j=A('Number'),k=A('String'),m=A('Array'),n=A('Function'),o=A('RegExp');function q(t,u){return void 0x0!==t&&-0x1!==t['indexOf'](u);}function v(w,x){for(var y=0x0,z=w['length'];y<z;y++)if(w[y]==x)return y;return-0x1;}function A(B){return function(C){return Object['prototype']['toString']['call'](C)==='[object\x20'['concat'](B,']');};}function D(){for(var E=0x0,F={};E<arguments['length'];E++){var G=arguments[E];for(var H in G)F[H]=G[H];}return F;}function I(J){return J['replace'](/&/g,'~_~');}function K(L){var M='';for(var N in L)''!==M&&(M+='&'),M+=N+'='+h(h(I(Strin
Sep 27, 2024 08:19:06.211294889 CEST	400	IN	Data Raw: 67 28 4c 5b 4e 5d 29 29 29 29 3b 72 65 74 75 72 6e 20 4d 3b 7d 66 75 6e 63 74 69 6f 6e 20 4f 28 50 29 7b 72 65 74 75 72 6e 20 50 5b 27 72 65 70 6c 61 63 65 27 5d 28 2f 5e 5c 73 2b 7c 5c 73 2b 24 2f 67 2c 27 27 29 3b 7d 66 75 6e 63 74 69 6f 6e 20 Data Ascii: g(L[N]))));return M;}function O(P){return P['replace'](/^\s+\|\s+$/g,'');}function Q(){return+new Date();}function R(S){var T=e['navigator']['userAgent'],U=new RegExp(/\b(?:Chrome\|CrMo\|CriOS)\/([\d.]+)/)['exec'](T);return!(U&&U['length']&&U[0x1
Sep 27, 2024 08:19:06.211477995 CEST	1236	IN	Data Raw: 61 66 39 0d 0a 2c 27 6e 6f 77 27 3a 51 2c 27 61 72 72 61 79 49 6e 64 65 78 4f 66 27 3a 76 2c 27 63 68 65 63 6b 43 68 6f 72 6d 65 4d 6f 62 6c 69 65 27 3a 52 7d 2c 57 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 58 2c 59 3d 61 32 28 27 6d 65 74 Data Ascii: af9,'now':Q,'arrayIndexOf':v,'checkChormeMoblie':R},W=function(){var X,Y=a2('meta'),Z=a2('title'),a0={'kw':'','ds':''};a0['tt']=V['trim'](Z['length']?Z[0x0]['innerHTML']:''),a0['tt']=a0['tt']['slice'](0x0,0x3e8);for(var a1=0x0;a1<Y['length']
Sep 27, 2024 08:19:06.211492062 CEST	224	IN	Data Raw: 61 68 3d 7b 27 64 4d 73 4e 27 3a 66 75 6e 63 74 69 6f 6e 28 61 69 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 3d 3d 61 69 3f 27 27 3a 61 68 5b 27 52 43 57 53 27 5d 28 61 69 2c 30 78 66 2c 66 75 6e 63 74 69 6f 6e 28 61 68 29 7b 72 65 74 75 72 6e 20 61 Data Ascii: ah={'dMsN':function(ai){return null==ai?'':ah['RCWS'](ai,0xf,function(ah){return ag(ah+0x20);})+'\x20';},'QqPF':function(ag){for(var al=ah['Isoq'](ag),am=new Uint8Array(0x2*al['length']),an=0x0,ao=al['length'];an<ao;an++){va
Sep 27, 2024 08:19:06.215006113 CEST	1236	IN	Data Raw: 72 20 61 70 3d 61 6c 5b 27 63 68 61 72 43 6f 64 65 41 74 27 5d 28 61 6e 29 3b 61 6d 5b 30 78 32 2a 61 6e 5d 3d 61 70 3e 3e 3e 30 78 38 2c 61 6d 5b 30 78 32 2a 61 6e 2b 30 78 31 5d 3d 61 70 25 30 78 31 30 30 3b 7d 72 65 74 75 72 6e 20 61 6d 3b 7d Data Ascii: r ap=al['charCodeAt'](an);am[0x2an]=ap>>>0x8,am[0x2an+0x1]=ap%0x100;}return am;},'zvqA':function(ag){return null==ag?'':ah['RCWS'](ag,0x6,function(ag){return'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-$'['charAt'](ag);})
Sep 27, 2024 08:19:06.215023994 CEST	224	IN	Data Raw: 2b 29 2c 64 65 6c 65 74 65 20 61 42 5b 61 45 5d 3b 7d 65 6c 73 65 20 66 6f 72 28 61 79 3d 61 41 5b 61 45 5d 2c 61 78 3d 30 78 30 3b 61 78 3c 61 48 3b 61 78 2b 2b 29 61 4a 3d 61 4a 3c 3c 30 78 31 7c 30 78 31 26 61 79 2c 61 4b 3d 3d 61 68 2d 30 78 Data Ascii: +),delete aB[aE];}else for(ay=aA[aE],ax=0x0;ax<aH;ax++)aJ=aJ<<0x1\|0x1&ay,aK==ah-0x1?(aK=0x0,aI['push'](aw(aJ)),aJ=0x0)5ae:aK++,ay>>=0x1;0x0==--aF&&(aF=Math['pow'](0x2,aH),aH++),aA[aD]=aG++,aE=String(aC);}if(''!==aE){if(O
Sep 27, 2024 08:19:06.221069098 CEST	1236	IN	Data Raw: 62 6a 65 63 74 5b 27 70 72 6f 74 6f 74 79 70 65 27 5d 5b 27 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 27 5d 5b 27 63 61 6c 6c 27 5d 28 61 42 2c 61 45 29 29 7b 69 66 28 61 45 5b 27 63 68 61 72 43 6f 64 65 41 74 27 5d 28 30 78 30 29 3c 30 78 31 30 Data Ascii: bject['prototype']['hasOwnProperty']['call'](aB,aE)){if(aE['charCodeAt'](0x0)<0x100){for(ax=0x0;ax<aH;ax++)aJ<<=0x1,aK==ah-0x1?(aK=0x0,aI['push'](aw(aJ)),aJ=0x0):aK++;for(ay=aE['charCodeAt'](0x0),ax=0x0;ax<0x8;ax++)aJ=aJ<<0x1\|0x1&ay,aK==ah-0x1
Sep 27, 2024 08:19:06.221086025 CEST	1236	IN	Data Raw: 65 74 75 72 6e 20 65 76 61 6c 28 27 28 27 2b 61 56 2b 27 29 27 29 3b 7d 2c 27 73 74 72 69 6e 67 69 66 79 27 3a 28 61 51 3d 4f 62 6a 65 63 74 5b 27 70 72 6f 74 6f 74 79 70 65 27 5d 5b 27 74 6f 53 74 72 69 6e 67 27 5d 2c 61 52 3d 4f 62 6a 65 63 74 Data Ascii: eturn eval('('+aV+')');},'stringify':(aQ=Object['prototype']['toString'],aR=Object['prototype']['hasOwnProperty'],aS={'1c7c"':'\x5c\x22','\\':'\x5c\x5c','\b':'\x5cb','\f':'\x5cf','\n':'\x5cn','\r':'\x5cr','\t':'\x5ct'},aT=function(aW){retu
Sep 27, 2024 08:19:06.221107960 CEST	1236	IN	Data Raw: 62 38 3d 6e 65 77 20 62 34 28 5b 30 78 30 2c 30 78 30 2c 30 78 30 2c 30 78 30 2c 30 78 31 2c 30 78 31 2c 30 78 32 2c 30 78 32 2c 30 78 33 2c 30 78 33 2c 30 78 34 2c 30 78 34 2c 30 78 35 2c 30 78 35 2c 30 78 36 2c 30 78 36 2c 30 78 37 2c 30 78 37 Data Ascii: b8=new b4([0x0,0x0,0x0,0x0,0x1,0x1,0x2,0x2,0x3,0x3,0x4,0x4,0x5,0x5,0x6,0x6,0x7,0x7,0x8,0x8,0x9,0x9,0xa,0xa,0xb,0xb,0xc,0xc,0xd,0xd,0x0,0x0]),b9=new b4([0x10,0x11,0x12,0x0,0x8,0x7,0x9,0x6,0xa,0x5,0xb,0x4,0xc,0x3,0xd,0x2,0xe,0x1,0xf]),ba=functio
Sep 27, 2024 08:19:06.221122026 CEST	1236	IN	Data Raw: 77 20 62 34 28 30 78 31 32 30 29 3b 66 6f 72 28 62 6e 3d 30 78 30 3b 62 6e 3c 30 78 39 30 3b 2b 2b 62 6e 29 62 71 5b 62 6e 5d 3d 30 78 38 3b 66 6f 72 28 62 6e 3d 30 78 39 30 3b 62 6e 3c 30 78 31 30 30 3b 2b 2b 62 6e 29 62 71 5b 62 6e 5d 3d 30 78 Data Ascii: w b4(0x120);for(bn=0x0;bn<0x90;++bn)bq[bn]=0x8;for(bn=0x90;bn<0x100;++bn)bq[bn]=0x9;for(bn=0x100;bn<0x118;++bn)bq[bn]=0x7;for(bn=0x118;bn<0x120;++bn)bq[bn]=0x8;var bE=new b4(0x20);for(bn=0x0;bn<0x20;++bn)bE[bn]=0x5;var bF=bp(bq,0x9,0x0),bG=bp(
Sep 27, 2024 08:19:06.221137047 CEST	896	IN	Data Raw: 2b 2b 5d 2c 62 38 5b 62 6d 2b 2b 5d 3d 7b 27 73 27 3a 2d 30 78 31 2c 27 66 27 3a 62 64 5b 27 66 27 5d 2b 62 6b 5b 27 66 27 5d 2c 27 6c 27 3a 62 64 2c 27 72 27 3a 62 6b 7d 3b 76 61 72 20 62 6f 3d 62 62 5b 30 78 30 5d 5b 27 73 27 5d 3b 66 6f 72 28 Data Ascii: ++],b8[bm++]={'s':-0x1,'f':bd['f']+bk['f'],'l':bd,'r':bk};var bo=bb[0x0]['s'];for(b9=0x1;b9<ba;++b9)bb[b9]['s']>bo&&(bo=bb[b9]['s']);var bp=new b5(bo+0x1),bq=bM(b8[bm-0x1],bp,0x0);if(bq>b7){b9=0x0;var bE=0x0,bF=bq-b7,bG=0x1<<bF;for(bb['sort'](

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 08:19:05.916755915 CEST	284	OUT	GET /v6/collect?dt=4 HTTP/1.1 Host: collect-v6.51.la Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Sep 27, 2024 08:19:06.806716919 CEST	320	IN	HTTP/1.1 220 Date: Fri, 27 Sep 2024 06:19:06 GMT Content-Length: 0 Connection: keep-alive Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers via: EU-GER-frankfurt-EDGE7-CACHE3[239],EU-GER-frankfurt-EDGE7-CACHE3[ovl,235] X-CCDN-REQ-ID-46B1: 8c7f9d97142940aebd9baee7ce0b4138
Sep 27, 2024 08:19:51.813664913 CEST	6	OUT	Data Raw: 00 Data Ascii:

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 08:19:06.794451952 CEST	824	OUT	GET /assets/SwiperBanner-cd8dc074.css HTTP/1.1 Host: aa5aa5aa5aa5aa44.app Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/css,/;q=0.1 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%221eac12e6-1eaf-5e53-a3f2-b84436421122%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201727419743727%2C%20%22ct%22%3A%201727417943727%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=dd8959f7-020d-5d87-92de-a14fa2ef4951; __51vuft__KQFtdGOd9WuFBLcO=1727417943730; UM_distinctid=19232220dae2bd-07a6196558f62e-26031e51-140000-19232220daf416; CNZZDATA1281366638=1701857660-1727417946-%7C1727417946
Sep 27, 2024 08:19:07.661592960 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Sep 2024 06:19:07 GMT Content-Type: text/css Last-Modified: Sat, 24 Aug 2024 14:09:18 GMT Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding ETag: W/"66c9e98e-126e" Expires: Fri, 27 Sep 2024 18:19:07 GMT Cache-Control: max-age=43200 Content-Encoding: gzip Data Raw: 34 65 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 9d 58 ed 6e f3 26 14 fe bf ab b0 54 4d 8a b7 92 d7 4e d2 b4 b5 7f be 7f 76 05 93 a6 69 aa 88 c1 31 2b 31 11 26 fd b2 7a ef 3b 60 0c b1 b1 d3 74 ad 94 ba 09 9c cf e7 3c 3c 64 49 39 2a b0 14 a7 86 f2 16 a1 b3 ff 10 96 52 bc a2 52 d4 0a 35 ec 83 66 e9 ea f8 96 4f 2d 31 9f ae b7 33 9f ee 70 f1 bc 07 07 35 c9 e4 7e 87 17 eb f4 36 da dc dd 46 5b f8 bb 4c d3 78 d2 64 25 5e a8 44 17 b7 ae d6 e3 ad ac 26 ac c0 4a 48 f4 ca 88 aa b2 75 12 84 e4 97 54 94 ed 2b 95 85 39 f9 25 47 4c 08 ab f7 a8 12 92 7d 40 19 30 cf 36 17 2c f6 cb 21 72 05 71 f0 a9 82 79 e3 e2 a4 50 21 b8 90 d9 0b 96 0b 53 d6 9d 90 04 b2 36 ef 82 53 b0 13 e7 47 d1 30 c5 44 9d 49 ca b1 62 2f f4 73 79 de a3 b3 d8 6e 87 1f f4 51 b4 da 4e c9 c5 6b 56 31 42 68 3d d8 ff f4 54 e8 bc 58 4d 65 1b 78 ca 6d 89 d6 09 d4 71 b4 cd 60 a3 ed 02 ce 6a 51 d3 1c f2 e1 60 27 4b 72 5b 07 78 3a 60 b9 67 35 3c 58 4b 2e d3 1e 71 16 63 1a 40 71 de 35 ed f2 9a e2 24 1b 28 d9 51 b0 5a 51 99 2b 89 6b 5b 1f b7 cf bf 87 c8 49 42 cd [TRUNCATED] Data Ascii: 4edXn&TMNvi1+1&z;`t<<dI9RR5fO-13p5~6F[Lxd%^D&JHuT+9%GL}@06,!rqyP!S6SG0DIb/synQNkV1Bh=TXMexmq`jQ`'Kr[x:`g5<XK.qc@q5$(QZQ+k[IBDvjckQp~aw)7OJ]oYtB2t@(}Ssds#uQ[Q\|\|^zbT3T~R5RMk^gWez<:bEnd0iUKi04@(QPJC$t@!7]Na,.Xm}lDrdkQ0YA4}\|wtNoOO.m[qSrtR'x;%g#\M7IZpcX6`/fSOJX5<pNIu"sj{1saP-fqs:(]7cd(7-o4N\za%Aih]_,ofg^cDHJ)s_-f;DN,P"K8u d
Sep 27, 2024 08:19:07.661614895 CEST	372	IN	Data Raw: 4e 92 2f 6e 28 ff 69 ef 3a 7f 38 4d df 21 6a b0 c7 9f bc d3 9b ff b4 0a 3f 00 23 68 ac 09 f9 a1 8f 6d 2b 05 12 0b ae 34 01 4d 60 49 d8 3c 4f 92 cd 48 ba 3b 65 79 49 a4 a0 09 91 02 61 f9 f1 68 af 91 3a 97 ac d4 ec 00 27 38 54 d6 d7 ac 93 b7 5a de Data Ascii: N/n(i:8M!j?#hm+4M`I<OH;eyIah:'8TZDMQP$x\!/HivU#5fC;7@17H{JGK])lyTw? aTmNJ[VP\|"J+^}vjes
Sep 27, 2024 08:19:08.191680908 CEST	862	OUT	GET /assets/logo-b4e095e7.png HTTP/1.1 Host: aa5aa5aa5aa5aa44.app Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%221eac12e6-1eaf-5e53-a3f2-b84436421122%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201727419743727%2C%20%22ct%22%3A%201727417943727%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=dd8959f7-020d-5d87-92de-a14fa2ef4951; __51vuft__KQFtdGOd9WuFBLcO=1727417943730; UM_distinctid=19232220dae2bd-07a6196558f62e-26031e51-140000-19232220daf416; CNZZDATA1281366638=1701857660-1727417946-%7C1727417946
Sep 27, 2024 08:19:08.497767925 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Sep 2024 06:19:08 GMT Content-Type: image/png Content-Length: 3726 Last-Modified: Sat, 24 Aug 2024 14:09:18 GMT Connection: keep-alive ETag: "66c9e98e-e8e" Expires: Sun, 27 Oct 2024 06:19:08 GMT Cache-Control: max-age=2592000 Accept-Ranges: bytes Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 f0 00 00 00 53 08 03 00 00 00 96 03 7a e0 00 00 00 ff 50 4c 54 45 47 70 4c dd 20 e3 ed 2a bd f5 2f ac da 1f e8 e4 24 d3 c4 26 b0 e2 26 d9 d9 1d ed e2 23 d8 33 33 33 ef 2b ba 32 32 32 f1 2c b7 f2 2c b8 ec 2a c1 32 32 32 e1 1f da f0 2c b8 df 22 dc 35 35 35 e9 28 c6 f3 2e af ee 2a bc e7 27 cb e4 25 d2 33 33 33 ee 2b bb de 21 df ef 2c bb 32 32 32 30 30 30 e7 26 ca 33 33 33 df 22 de 33 33 33 df 21 df f1 2c b6 e0 21 dc ee 2b bc 33 33 33 df 24 bd ec 29 c1 ec 28 c6 e4 24 d4 f3 2e b0 de 21 de ee 2b bc df 21 de ec 29 c2 33 33 33 eb 28 c3 f3 2e b1 db 1f e7 c5 1c a6 e5 25 d1 da 1f ea e0 23 db e2 24 d8 f3 2e b1 eb 29 c4 f5 2f ad df 22 de e3 24 d5 33 33 33 de 21 e1 ec 2a c1 f1 2d b5 f0 2c b9 e6 26 cf e7 27 cc dc 20 e6 e8 27 c9 ed 2b bf ea 28 c7 ee 2b bc dd 21 e3 d6 22 b9 c0 1b 9b ca 1e aa ac 15 83 b6 18 90 a3 12 78 9f 11 73 9b 10 6e 89 e0 dd a3 00 00 00 37 74 52 4e 53 00 9f 80 df bf 9f 11 20 bf 40 db 40 5e 10 20 30 bf 10 bf 60 23 50 60 70 df bf 98 df df 60 [TRUNCATED] Data Ascii: PNGIHDRSzPLTEGpL /$&&#333+222,,222,"555(.'%333+!,222000&333"333!,!+333$)($.!+!)333(.%#$.)/"$333!-,&' '+(+!"xsn7tRNS @@^ 0`#P`p``@op %`;$IDATx[W` (>ffVUwH=aIwwWEEx4dB{/~no;S]'\|6s!'uO.$bg\|#qn#j&pHA$V]HAGjhs$JM?ry6'DyDX]>~$?c>2[6\I;^R&wVK}b}RV pc"QHjO)^r$w53b^ a,wHOqj$ &^,H:r6\|]BVrDVZ3D!HoHcf6b3n`D"8}WZUk8K\|q#/CC@0UA]4v9CRkNT<\|#D?'-6>*#-]\p
Sep 27, 2024 08:19:08.497809887 CEST	1236	IN	Data Raw: 29 29 0c 19 29 49 0c 85 29 3d 40 af 96 c2 28 b1 09 17 9f 1d dc 74 7f 96 b0 0f a6 3e 84 b7 21 c9 8b 28 2a 23 f6 68 e3 63 4c 4c 21 bf 02 45 62 ad 10 9b 70 95 a8 be 33 c6 91 97 2d 76 91 4e 25 43 a1 55 29 16 27 4c ee f6 96 14 23 96 31 11 86 67 51 39 Data Ascii: )))I)=@(t>!(#hcLL!Ebp3-vN%CU)'L#1gQ9No]\|B+)+jHH0/=IbRxdw6V!p9'>Dx. aR>UoCNAq3fv,S\|Xc30,">$0m,`w6;1!
Sep 27, 2024 08:19:08.497823000 CEST	1236	IN	Data Raw: 5a ac 43 cc c0 b9 cc 6c db 8a f5 4e 42 9a a3 6a af b3 72 e1 ad 63 88 6b 7a a7 52 93 0f e1 92 1d 4f c5 e4 1d a9 f2 90 c3 0a 08 af 56 2a 1f 23 ab 55 4d 87 24 8c 50 e5 6d 95 20 9b 60 80 25 30 21 1b 48 df d4 32 5e 3a d6 34 9d ed ee a4 7b 09 35 c3 d6 Data Ascii: ZClNBjrckzROV*#UM$Pm `%0!H2^:4{5 rlb^1OtbIE&kN&&H[VLYU{I[#ZsXY.+f\Q'O0Kl@tb#@CgL,=+L Eu^&}XMjC(dT{Ga
Sep 27, 2024 08:19:08.497834921 CEST	322	IN	Data Raw: fb cb 79 96 e3 0c 20 2d ad 50 27 f3 2b 90 9d db 2b e9 d6 91 4b 01 27 b1 86 34 cd 25 68 bf a3 60 c2 fb 72 57 2d b7 2b b0 3b c4 91 7d 2c e4 3c fb 2d 83 d0 9b 0d 4b e6 d3 69 19 f7 fa e6 5d b4 5a e9 13 bf e8 69 69 d1 62 0b 07 ae 15 db 08 7f e5 aa 5c Data Ascii: y -P'++K'4%h`rW-+;},<-Ki]Ziib\rhhs8C{z.4A1aUHIB[-\pW+q'S(j5\|~RQCcP6]z$gvo5^q&,Wyi1\|hRic#5BL>
Sep 27, 2024 08:19:53.501183987 CEST	6	OUT	Data Raw: 00 Data Ascii:

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 08:19:06.794533968 CEST	816	OUT	GET /assets/Home-f4762739.css HTTP/1.1 Host: aa5aa5aa5aa5aa44.app Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/css,/;q=0.1 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%221eac12e6-1eaf-5e53-a3f2-b84436421122%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201727419743727%2C%20%22ct%22%3A%201727417943727%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=dd8959f7-020d-5d87-92de-a14fa2ef4951; __51vuft__KQFtdGOd9WuFBLcO=1727417943730; UM_distinctid=19232220dae2bd-07a6196558f62e-26031e51-140000-19232220daf416; CNZZDATA1281366638=1701857660-1727417946-%7C1727417946
Sep 27, 2024 08:19:07.661884069 CEST	873	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Sep 2024 06:19:07 GMT Content-Type: text/css Content-Length: 573 Last-Modified: Sat, 24 Aug 2024 14:09:18 GMT Connection: keep-alive ETag: "66c9e98e-23d" Expires: Fri, 27 Sep 2024 18:19:07 GMT Cache-Control: max-age=43200 Accept-Ranges: bytes Data Raw: 2e 63 61 74 65 67 6f 72 79 42 75 74 74 6f 6e 5b 64 61 74 61 2d 76 2d 66 63 32 33 62 34 33 37 5d 7b 77 69 64 74 68 3a 31 32 30 70 78 3b 68 65 69 67 68 74 3a 33 32 70 78 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 33 34 70 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 65 66 65 66 65 66 3b 63 6f 6c 6f 72 3a 23 33 33 33 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 50 69 6e 67 46 61 6e 67 20 53 43 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 36 70 78 7d 2e 63 61 74 65 67 6f 72 79 42 75 74 74 6f 6e 5b 64 61 74 61 2d 76 2d 66 63 32 33 62 34 33 37 5d 3a 68 6f 76 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 35 65 36 66 31 3b 63 6f 6c 6f 72 3a 23 65 61 33 62 38 62 7d 2e 6d 6f 72 65 5b 64 61 74 61 2d 76 2d 34 32 [TRUNCATED] Data Ascii: .categoryButton[data-v-fc23b437]{width:120px;height:32px;border-radius:34px;display:flex;align-items:center;justify-content:center;background:#efefef;color:#333;font-family:PingFang SC;font-size:14px;font-style:normal;font-weight:400;line-height:16px}.categoryButton[data-v-fc23b437]:hover{background:#f5e6f1;color:#ea3b8b}.more[data-v-42a34c26]{color:#333;text-align:right;font-family:PingFang SC;font-size:16px;font-style:normal;font-weight:400;line-height:20px}.title[data-v-42a34c26]{color:#333;font-family:PingFang SC;font-size:24px;font-style:normal;font-weight:500}
Sep 27, 2024 08:19:07.826025009 CEST	788	OUT	GET /openIM.wasm HTTP/1.1 Host: aa5aa5aa5aa5aa44.app Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%221eac12e6-1eaf-5e53-a3f2-b84436421122%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201727419743727%2C%20%22ct%22%3A%201727417943727%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=dd8959f7-020d-5d87-92de-a14fa2ef4951; __51vuft__KQFtdGOd9WuFBLcO=1727417943730; UM_distinctid=19232220dae2bd-07a6196558f62e-26031e51-140000-19232220daf416; CNZZDATA1281366638=1701857660-1727417946-%7C1727417946
Sep 27, 2024 08:19:08.133136034 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Sep 2024 06:19:07 GMT Content-Type: application/wasm Last-Modified: Fri, 12 Jul 2024 12:07:06 GMT Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding ETag: W/"66911c6a-1c29759" Expires: Sun, 27 Oct 2024 06:19:07 GMT Cache-Control: max-age=2592000 Content-Encoding: gzip Data Raw: 34 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec dc 55 b0 b5 4b 7a 1f f6 b3 98 99 99 99 99 bf 44 64 45 b6 2c cb 16 d8 71 c0 1a cd 1c 4b 23 cf cc 91 07 04 4e 22 6d 66 66 66 66 66 66 66 66 f8 f6 fe 36 33 63 ce 1c 59 15 45 aa f2 4d 6e 52 ae fd 5e bc d5 ab ff cf 7a ba fb b7 6a dd f6 57 df fb d9 8f 01 5f 7d fb 5c 79 79 79 7d 85 fc 93 6f b4 7f fc 8b 1f fe e8 07 3f fc c1 3b ff 37 bf e1 7f 37 e6 ff d6 af 3b f9 c2 5f b5 6b be f9 ed 9f fe e2 b7 2d df ff 17 bf fe fd 9f fc fa ef fc f8 af 7f ee d0 fd da cf ff f8 0f fe d9 bf ff 9d 6f 7e ed f7 fe fd 6f fc f4 37 7f e3 fb 7f f5 fd 1f ff 67 dd 3f fb 9d df fe e6 0f ff ec 9b bf 34 5b 8d 36 fd ef fe e4 df fd e4 0f fe f4 6b dd cf fe c5 ef fd eb df fd 83 ff f0 e7 3f b0 ff fe cf 7f f4 e7 bf f1 6f ff ec 3f fd ca cf 84 48 fe 3b a0 e7 97 eb a2 ff 08 f0 b7 80 bf fd f6 f5 d5 1f 81 ff e6 db 07 f0 37 7f 04 fa db bf fd e5 14 e8 ef 3e 01 ff e6 6f be fa a3 af be fa 23 e0 df 7e 5b f2 d5 2f e7 bf 8d bf fd f8 5d 29 e0 ff 04 fc 0d b0 c4 ff db 3e 0c e0 9f 7c 03 f9 c1 d7 7f fc 8b 3f f9 [TRUNCATED] Data Ascii: 4000UKzDdE,qK#N"mffffffff63cYEMnR^zjW_}\yyy}o?;77;_k-o~o7g?4[6k?o?H;7>o#~[/])>\|?_?~/7?_?/+}_~7K?\|'~9,{~_7*OILOO~zS?~#L.#g?'}A/n#$u+wn!?p5oOO][?oq=~{\|W%~'?~q~?_7' ULw/W\|\|w!P+BwqC\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|
Sep 27, 2024 08:19:08.133167982 CEST	1236	IN	Data Raw: 08 7c 08 7c 08 7c 08 7c 08 7c 08 7c 08 7c 08 7c 08 7c 08 7c 08 7c 08 7c 08 7c 08 7c 08 7c 08 fc ff 55 00 1c f0 cb 2b 11 01 7f fe 55 4c 1b 00 e2 f7 dd f8 ab 39 10 b4 f8 97 23 f8 df 02 7e e5 2b d4 df 00 7e f5 bf f1 fa ae 04 96 fd cb 72 30 e8 db 5b Data Ascii: \|\|\|\|\|\|\|\|\|\|\|\|\|\|\|U+UL9#~+~r0[CLX\|{8_r2:py\|P$HerRhuzdXmv\|__g??/_7_???~o?
Sep 27, 2024 08:19:08.133178949 CEST	1236	IN	Data Raw: 48 20 24 08 12 0c 09 81 84 42 c2 20 e1 90 08 48 24 24 0a 12 0d 89 81 c4 42 e2 20 f1 90 04 48 22 24 09 92 0c 49 81 a4 42 d2 20 e9 90 0c 48 26 24 0b 92 0d c9 81 e4 42 f2 20 f9 90 02 48 21 a4 08 52 0c 29 81 94 42 ca 20 e5 90 0a 48 25 a4 0a 52 0d a9 Data Ascii: H $B H$$B H"$IB H&$B H!R)B H%RB H#iB H'B d2B $d2B "dYB &dB>C /!r9B %rB #yB /7C
Sep 27, 2024 08:19:08.133229017 CEST	672	IN	Data Raw: 32 32 05 99 8a 4c 43 a6 23 33 90 99 c8 2c 64 36 32 07 99 8b cc 43 e6 23 0b 90 85 c8 22 64 31 b2 04 59 8a 2c 43 96 23 2b 90 95 c8 2a 64 35 b2 06 59 8b ac 43 d6 23 1b 90 8d c8 26 64 33 b2 05 d9 8a 6c 43 b6 23 3b 90 9d c8 2e 64 37 b2 07 d9 8b ec 43 Data Ascii: 22LC#3,d62C#"d1Y,C#+d5YC#&d3lC#;.d7C#!0r9C#')4r9C#%2r\C#7-6rC# #1y<C#/+5yC#'3\|C#P(/@PT(@EPT,*J@%P
Sep 27, 2024 08:19:08.133241892 CEST	1236	IN	Data Raw: 3b da 0b e3 8d f1 c1 f8 62 fc 30 fe 98 00 4c 20 26 08 13 8c 09 c1 84 62 c2 30 e1 98 08 4c 24 26 0a 13 8d 89 c1 c4 62 e2 30 f1 98 04 4c 22 26 09 93 8c 49 c1 a4 62 d2 30 e9 98 0c 4c 26 26 0b 93 8d c9 c1 e4 62 f2 30 f9 98 02 4c 21 a6 08 53 8c 29 c1 Data Ascii: ;b0L &b0L$&b0L"&Ib0L&&b0L!S)b0L%Sb0L#ib0L'b0 f3b0$f3b0"fYb0&fb>c0/!s9b0%sb0#yb0/
Sep 27, 2024 08:19:08.133253098 CEST	1236	IN	Data Raw: 31 86 18 4b 8c 23 c6 13 13 88 89 c4 24 62 32 31 85 98 4a 4c 23 a6 13 33 88 99 c4 2c 62 36 31 87 98 4b cc 23 e6 13 0b 88 85 c4 22 62 31 b1 84 58 4a 2c 23 96 13 2b 88 95 c4 2a 62 35 b1 86 58 4b ac 23 d6 13 1b 88 8d c4 26 62 33 b1 85 d8 4a 6c 23 b6 Data Ascii: 1K#$b21JL#3,b61K#"b1XJ,#+*b5XK#&b3Jl#;.b7K#!0q8J#')4q8K#%2qJ\#7-6qKL##1xJ<#/+5xK#'3J\|#H$/O HR()N EHR
Sep 27, 2024 08:19:08.133264065 CEST	1236	IN	Data Raw: 8f 96 4f 2b a0 15 d2 8a 68 c5 b4 12 5a 29 ad 8c 56 4e ab a0 55 d2 aa 68 d5 b4 1a 5a 2d ad 8e 56 4f 6b a0 35 d2 9a 68 cd b4 16 5a 2b ad 8d d6 4e eb a0 75 d2 ba 68 dd b4 1e 5a 2f ad 8f d6 4f 1b a0 0d d2 86 68 c3 b4 11 da 28 6d 8c 36 4e 9b a0 4d d2 Data Ascii: O+hZ)VNUhZ-VOk5hZ+NuhZ/Oh(m6NMh,m6O[-h*mNmh.3mOB;h)vN]h-vO{=h+N{}t??=HC0z8=IGc8z<=HO'S4z:=Igs<z>
Sep 27, 2024 08:19:08.133275032 CEST	1236	IN	Data Raw: dd c8 6e 62 37 b3 5b d8 ad ec 36 76 3b bb 83 dd c9 ee 62 77 b3 7b d8 bd ec 3e 76 3f 7b 80 3d c8 1e 62 0f b3 47 d8 a3 ec 31 f6 38 7b 82 3d c9 9e 62 4f b3 67 d8 b3 ec 39 f6 3c 7b 81 bd c8 5e 62 2f b3 57 d8 ab ec 35 f6 3a 7b 83 bd c9 de 62 6f b3 77 Data Ascii: nb7[6v;bw{>v?{=bG18{=bOg9<{^b/W5:{bow=>}>bO39}b_o;=~b?_7;r8N 'r8N$'r8N"'Ir8N&'r8N!S)r8N%Sr8N#
Sep 27, 2024 08:19:08.133285999 CEST	1236	IN	Data Raw: 2c 18 11 8c 0a c6 04 e3 82 09 c1 a4 60 4a 30 2d 98 11 cc 0a e6 04 f3 82 05 c1 a2 60 49 b0 2c 58 11 ac 0a d6 04 eb 82 0d c1 a6 60 4b b0 2d d8 11 ec 0a 3e 0b f6 04 fb 82 2f 82 03 c1 a1 e0 48 70 2c 38 11 9c 0a ce 04 e7 82 0b c1 a5 e0 4a 70 2d b8 11 Data Ascii: ,`J0-`I,X`K->/Hp,8Jp-I,x/G+ a0D#(a0F+$a0EL3,a0G+"aDX,+aFX+&aE*l;.aG+!pD
Sep 27, 2024 08:19:08.133980036 CEST	1236	IN	Data Raw: 5d 93 ae 4b 37 a4 9b d2 2d e9 b6 74 47 ba 2b fd 2c dd 93 ee 4b bf 48 0f a4 87 d2 23 e9 b1 f4 44 7a 2a 3d 93 9e 4b 2f a4 97 d2 2b e9 b5 f4 46 7a 2b bd 93 de 4b 1f a4 8f d2 27 e9 b3 f4 45 fa 2a 7d 93 be 4b bd 64 de 32 1f 99 af cc 4f e6 2f 0b 90 05 Data Ascii: ]K7-tG+,KH#Dz=K/+Fz+K'E}Kd2O/dY,L.EdY,N/K%dY,M.edY,O/+dYLV.UdYNV/k5dYM.udYO/dlL6.MdlN6/[-dlM
Sep 27, 2024 08:19:08.134040117 CEST	1236	IN	Data Raw: 4c 75 ae ba 50 5d aa ae 54 d7 aa 1b d5 ad ea 4e 75 af 7a 50 3d aa 9e 54 cf aa 17 d5 ab ea 4d f5 ae f2 52 7b ab 7d d4 be 6a 3f b5 bf 3a 40 1d a8 0e 52 07 ab 43 d4 a1 ea 30 75 b8 3a 42 1d a9 8e 52 47 ab 63 d4 b1 ea 38 75 bc 3a 41 9d a8 4e 52 27 ab Data Ascii: LuP]TNuzP=TMR{}j?:@RC0u:BRGc8u:ANR'S4u:CRgs<u@].RK2uB]RWk:uAnR7[6uCRw{>uz@=RG1zB=ROg9zA^R/W5zCRow=@}>RO3
Sep 27, 2024 08:19:15.402400017 CEST	849	OUT	GET /favicon.ico HTTP/1.1 Host: aa5aa5aa5aa5aa44.app Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: __vtins__KQFtdGOd9WuFBLcO=%7B%22sid%22%3A%20%221eac12e6-1eaf-5e53-a3f2-b84436421122%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201727419743727%2C%20%22ct%22%3A%201727417943727%7D; __51uvsct__KQFtdGOd9WuFBLcO=1; __51vcke__KQFtdGOd9WuFBLcO=dd8959f7-020d-5d87-92de-a14fa2ef4951; __51vuft__KQFtdGOd9WuFBLcO=1727417943730; UM_distinctid=19232220dae2bd-07a6196558f62e-26031e51-140000-19232220daf416; CNZZDATA1281366638=1701857660-1727417946-%7C1727417946
Sep 27, 2024 08:19:15.708455086 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 27 Sep 2024 06:19:15 GMT Content-Type: image/x-icon Content-Length: 15406 Last-Modified: Fri, 12 Jul 2024 05:38:31 GMT Connection: keep-alive ETag: "6690c157-3c2e" Accept-Ranges: bytes Data Raw: 00 00 01 00 03 00 10 10 00 00 01 00 20 00 68 04 00 00 36 00 00 00 20 20 00 00 01 00 20 00 28 11 00 00 9e 04 00 00 30 30 00 00 01 00 20 00 68 26 00 00 c6 15 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9f 30 ef 10 a0 31 f6 a6 a4 2f f4 f6 aa 2d f1 fe b0 2c ee fe b6 2a eb fe bc 29 e9 fe c2 27 e6 fe c8 25 e4 fe ce 24 e1 fe d4 22 de fe da 21 dc fe e0 1f d9 fe e5 1d d7 f6 eb 1c d4 a6 ef 20 cf 10 9a 33 f9 a6 9e 31 f6 fe a3 2f f2 ff ab 2e f1 fe c3 5f f2 ff bd 3f ed ff d2 6f ef ff d1 5d ec ff d9 6a eb ff d8 52 e7 ff dc 4d e4 ff db 26 dd fe e7 59 e3 ff e6 1d d7 fe eb 1c d3 ff f1 1a d2 a6 98 32 f8 f7 9d 31 f5 ff a4 2f f3 fe b4 47 f2 ff d3 89 f5 ff e9 c1 f9 ff c4 43 eb ff da 7f f0 ff e0 85 ef ff dc 64 e9 ff ea 95 ef ff ed 99 ee ff f0 99 ed ff e5 1d d6 ff ec 1c d4 fe f2 1a d1 f6 98 32 f9 fe 9e 30 f6 fe a4 2f f3 fe c0 66 f4 ff e6 bc f9 ff e3 ae f7 ff db 8a f2 ff ea b7 f6 ff ec b3 f5 ff eb a8 f3 ff ee a9 f2 ff f1 af f2 ff f2 a8 f0 ff [TRUNCATED] Data Ascii: h6 (00 h&( 01/-,)'%$"! 31/._?o]jRM&Y21/GCd20/f21/@noFabYZ\Z21/W'%&21/0:'%`_(20/-,!21/-fs!21/Ws8!21/;"!20/-,6i"!21/-,+^("!21/-,x%$"!31

Timestamp	Bytes transferred	Direction	Data
2024-09-27 06:19:04 UTC	501	OUT	GET /z.js?id=1281366638&async=1 HTTP/1.1 Host: v1.cnzz.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-27 06:19:05 UTC	549	IN	HTTP/1.1 200 OK Server: Tengine Content-Type: application/javascript Content-Length: 10194 Connection: close cache-control: public, max-age=300 date: Fri, 27 Sep 2024 06:18:58 GMT Via: cache2.l2cn3130[80,80,304-0,H], cache20.l2cn3130[81,0], cache56.cn3960[0,0,200-0,H], cache92.cn3960[1,0] etag: W/"5117912790642215564" Age: 6 Ali-Swift-Global-Savetime: 1727417939 X-Cache: HIT TCP_MEM_HIT dirn:-2:-2 X-Swift-SaveTime: Fri, 27 Sep 2024 06:18:59 GMT X-Swift-CacheTime: 300 Timing-Allow-Origin: * EagleId: 7ae1d17017274179450148352e
2024-09-27 06:19:05 UTC	10194	IN	Data Raw: 21 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 2c 69 3d 22 68 74 74 70 3a 22 3d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 6f 72 28 76 61 72 20 74 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 22 73 63 72 69 70 74 22 29 2c 69 3d 30 2c 73 3d 74 2e 6c 65 6e 67 74 68 3b 69 3c 73 3b 69 2b 2b 29 7b 76 61 72 20 65 2c 68 3d 74 5b 69 5d 3b 69 66 28 68 2e 73 72 63 26 26 28 65 3d 2f 5e 28 68 74 74 70 73 3f 3a 29 5c 2f 5c 2f 5b 5c 77 5c 2e 5c 2d 5d 2b 5c 2e 63 6e 7a 7a 5c 2e 63 6f 6d 5c 2f 2f 69 2e 65 78 65 63 28 68 2e 73 72 63 29 29 29 72 65 74 75 72 6e 20 65 5b 31 5d 7d 72 65 74 75 72 6e 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 70 72 6f 74 6f 63 6f 6c 7d 28 29 3f 22 68 74 74 70 3a 22 3a 22 68 74 74 70 73 3a Data Ascii: !function(){var t,i="http:"==function(){for(var t=document.getElementsByTagName("script"),i=0,s=t.length;i<s;i++){var e,h=t[i];if(h.src&&(e=/^(https?:)\/\/[\w\.\-]+\.cnzz\.com\//i.exec(h.src)))return e[1]}return window.location.protocol}()?"http:":"https:

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://aa5aa5aa5aa5aa44.app/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Malware Analysis System Evasion

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 100

Chrome Cache Entry: 101

Chrome Cache Entry: 102

Chrome Cache Entry: 103

Chrome Cache Entry: 104

Chrome Cache Entry: 105

Chrome Cache Entry: 106

Chrome Cache Entry: 107

Chrome Cache Entry: 108

Chrome Cache Entry: 109

Chrome Cache Entry: 110

Chrome Cache Entry: 111

Chrome Cache Entry: 112

Chrome Cache Entry: 113

Chrome Cache Entry: 114

Chrome Cache Entry: 115

Chrome Cache Entry: 116

Chrome Cache Entry: 117

Chrome Cache Entry: 118

Chrome Cache Entry: 119

Chrome Cache Entry: 71

Chrome Cache Entry: 72

Chrome Cache Entry: 73

Chrome Cache Entry: 74

Chrome Cache Entry: 75

Chrome Cache Entry: 76

Windows Analysis Report
http://aa5aa5aa5aa5aa44.app/

Timestamp	Bytes transferred	Direction	Data
2024-09-27 06:19:06 UTC	361	OUT	GET /z.js?id=1281366638&async=1 HTTP/1.1 Host: v1.cnzz.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-27 06:19:07 UTC	550	IN	HTTP/1.1 200 OK Server: Tengine Content-Type: application/javascript Content-Length: 10194 Connection: close cache-control: public, max-age=300 date: Fri, 27 Sep 2024 06:18:58 GMT Via: cache2.l2cn3130[80,80,304-0,H], cache20.l2cn3130[81,0], cache56.cn3960[0,0,200-0,H], cache128.cn3960[0,0] etag: W/"5117912790642215564" Age: 7 Ali-Swift-Global-Savetime: 1727417939 X-Cache: HIT TCP_MEM_HIT dirn:-2:-2 X-Swift-SaveTime: Fri, 27 Sep 2024 06:18:59 GMT X-Swift-CacheTime: 300 Timing-Allow-Origin: * EagleId: 7ae1d19417274179469828862e
2024-09-27 06:19:07 UTC	2460	IN	Data Raw: 21 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 2c 69 3d 22 68 74 74 70 3a 22 3d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 6f 72 28 76 61 72 20 74 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 22 73 63 72 69 70 74 22 29 2c 69 3d 30 2c 73 3d 74 2e 6c 65 6e 67 74 68 3b 69 3c 73 3b 69 2b 2b 29 7b 76 61 72 20 65 2c 68 3d 74 5b 69 5d 3b 69 66 28 68 2e 73 72 63 26 26 28 65 3d 2f 5e 28 68 74 74 70 73 3f 3a 29 5c 2f 5c 2f 5b 5c 77 5c 2e 5c 2d 5d 2b 5c 2e 63 6e 7a 7a 5c 2e 63 6f 6d 5c 2f 2f 69 2e 65 78 65 63 28 68 2e 73 72 63 29 29 29 72 65 74 75 72 6e 20 65 5b 31 5d 7d 72 65 74 75 72 6e 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 70 72 6f 74 6f 63 6f 6c 7d 28 29 3f 22 68 74 74 70 3a 22 3a 22 68 74 74 70 73 3a Data Ascii: !function(){var t,i="http:"==function(){for(var t=document.getElementsByTagName("script"),i=0,s=t.length;i<s;i++){var e,h=t[i];if(h.src&&(e=/^(https?:)\/\/[\w\.\-]+\.cnzz\.com\//i.exec(h.src)))return e[1]}return window.location.protocol}()?"http:":"https:
2024-09-27 06:19:07 UTC	7734	IN	Data Raw: 2e 63 68 61 72 41 74 28 30 29 26 26 28 73 2b 3d 22 2f 22 29 2c 73 2b 3d 74 5b 32 5d 29 2c 74 68 69 73 2e 4d 2e 74 74 3d 73 7d 74 68 69 73 2e 69 74 28 29 2c 76 6f 69 64 20 30 21 3d 3d 74 68 69 73 2e 4d 2e 74 74 26 26 64 65 6c 65 74 65 20 74 68 69 73 2e 4d 2e 74 74 2c 76 6f 69 64 20 30 21 3d 3d 74 68 69 73 2e 4d 2e 58 26 26 64 65 6c 65 74 65 20 74 68 69 73 2e 4d 2e 58 7d 62 72 65 61 6b 3b 63 61 73 65 22 5f 74 72 61 63 6b 45 76 65 6e 74 22 3a 76 61 72 20 72 3d 5b 5d 3b 74 5b 31 5d 26 26 74 5b 32 5d 26 26 28 72 5b 76 5d 28 68 28 74 5b 31 5d 29 29 2c 72 5b 76 5d 28 68 28 74 5b 32 5d 29 29 2c 72 5b 76 5d 28 74 5b 33 5d 3f 68 28 74 5b 33 5d 29 3a 22 22 29 2c 74 5b 34 5d 3d 70 61 72 73 65 46 6c 6f 61 74 28 74 5b 34 5d 29 2c 72 5b 76 5d 28 69 73 4e 61 4e 28 74 5b Data Ascii: .charAt(0)&&(s+="/"),s+=t[2]),this.M.tt=s}this.it(),void 0!==this.M.tt&&delete this.M.tt,void 0!==this.M.X&&delete this.M.X}break;case"_trackEvent":var r=[];t[1]&&t[2]&&(r[v](h(t[1])),r[v](h(t[2])),r[v](t[3]?h(t[3]):""),t[4]=parseFloat(t[4]),r[v](isNaN(t[

Timestamp	Bytes transferred	Direction	Data
2024-09-27 06:19:07 UTC	558	OUT	GET /maps?callback=___onAPILoaded&v=2.0&key=0f3e523aa49b944f6ae53c488cbae6c3&plugin= HTTP/1.1 Host: webapi.amap.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-27 06:19:08 UTC	670	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 06:19:08 GMT Content-Type: application/javascript;charset=utf-8 Content-Length: 1132942 Connection: close Vary: Accept-Encoding Server: Tengine Vary: Accept-Encoding x-server-id: 72446e765a0ee479614554419edfe3ecf8e28af5064da114435127df6cb39499730a6faa850f76d4 Accept-Ranges: bytes Etag: W/e010439d2d274f53be7d70bd1725ae5e Cache-Control: max-age=0 x-readtime: 8 Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: * Strict-Transport-Security: max-age=0 Ups-Target-Key: webapi.vs.amap.com X-protocol: HTTP/1.1 EagleEye-TraceId: 2140c90117274179481423367e1d51 s-brt: 15
2024-09-27 06:19:08 UTC	3426	IN	Data Raw: 28 66 75 6e 63 74 69 6f 6e 28 63 6f 6e 66 69 67 29 7b 21 66 75 6e 63 74 69 6f 6e 28 67 6c 6f 62 61 6c 2c 66 61 63 74 6f 72 79 29 7b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 78 70 6f 72 74 73 26 26 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 66 61 63 74 6f 72 79 28 29 3a 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 64 65 66 69 6e 65 26 26 64 65 66 69 6e 65 2e 61 6d 64 3f 64 65 66 69 6e 65 28 66 61 63 74 6f 72 79 29 3a 28 67 6c 6f 62 61 6c 3d 67 6c 6f 62 61 6c 7c 7c 73 65 6c 66 29 2e 41 4d 61 70 3d 66 61 63 74 6f 72 79 28 29 7d 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 73 68 61 72 65 64 2c 77 Data Ascii: (function(config){!function(global,factory){"object"==typeof exports&&"undefined"!=typeof module?module.exports=factory():"function"==typeof define&&define.amd?define(factory):(global=global\|\|self).AMap=factory()}(this,function(){"use strict";var shared,w
2024-09-27 06:19:08 UTC	4096	IN	Data Raw: 65 28 22 64 69 6e 67 74 61 6c 6b 22 29 2c 4a 3d 65 28 22 6d 71 71 62 72 6f 77 73 65 72 22 29 2c 51 3d 65 28 22 62 61 69 64 75 62 72 6f 77 73 65 72 22 29 2c 6d 3d 65 28 22 63 72 69 6f 73 2f 22 29 2c 6b 3d 65 28 22 63 68 72 6f 6d 65 2f 22 29 2c 6d 3d 21 28 28 6b 7c 7c 6d 29 26 26 65 28 22 63 68 72 6f 6d 69 75 6d 22 29 29 26 26 28 6b 26 26 33 30 3c 70 61 72 73 65 49 6e 74 28 72 2e 73 70 6c 69 74 28 22 63 68 72 6f 6d 65 2f 22 29 5b 31 5d 29 7c 7c 6d 26 26 33 30 3c 70 61 72 73 65 49 6e 74 28 72 2e 73 70 6c 69 74 28 22 63 72 69 6f 73 2f 22 29 5b 31 5d 29 29 2c 66 66 3d 65 28 22 66 69 72 65 66 6f 78 22 29 2c 78 3d 66 66 26 26 32 37 3c 70 61 72 73 65 49 6e 74 28 72 2e 73 70 6c 69 74 28 22 66 69 72 65 66 6f 78 2f 22 29 5b 31 5d 29 2c 54 3d 61 26 26 37 3c 70 61 72 Data Ascii: e("dingtalk"),J=e("mqqbrowser"),Q=e("baidubrowser"),m=e("crios/"),k=e("chrome/"),m=!((k\|\|m)&&e("chromium"))&&(k&&30<parseInt(r.split("chrome/")[1])\|\|m&&30<parseInt(r.split("crios/")[1])),ff=e("firefox"),x=ff&&27<parseInt(r.split("firefox/")[1]),T=a&&7<par
2024-09-27 06:19:08 UTC	4096	IN	Data Raw: 66 28 22 67 6f 6f 67 6c 65 20 73 77 69 66 74 73 68 61 64 65 72 22 29 29 72 65 74 75 72 6e 20 55 3d 21 31 3b 69 66 28 2d 31 21 3d 3d 44 2e 69 6e 64 65 78 4f 66 28 6e 29 29 72 65 74 75 72 6e 21 31 7d 72 65 74 75 72 6e 20 49 3d 74 5b 69 5d 2c 21 30 7d 7d 72 65 74 75 72 6e 21 31 7d 29 28 29 2c 63 66 3d 76 6f 69 64 20 30 3d 3d 3d 66 5b 38 5d 7c 7c 66 5b 38 5d 2c 4c 3d 77 69 6e 64 6f 77 2e 55 69 6e 74 38 41 72 72 61 79 26 26 63 66 26 26 21 77 69 6e 64 6f 77 2e 66 6f 72 62 69 64 65 6e 57 65 62 47 4c 26 26 4c 26 26 28 77 69 6e 64 6f 77 2e 66 6f 72 63 65 57 65 62 47 4c 7c 7c 28 6d 7c 7c 78 7c 7c 54 7c 7c 67 7c 7c 5a 7c 7c 77 29 26 26 22 6f 74 68 65 72 22 21 3d 53 29 2c 6d 3d 77 69 6e 64 6f 77 2e 66 6f 72 63 65 57 65 62 47 4c 42 61 73 65 52 65 6e 64 65 72 7c 7c 4c Data Ascii: f("google swiftshader"))return U=!1;if(-1!==D.indexOf(n))return!1}return I=t[i],!0}}return!1})(),cf=void 0===f[8]\|\|f[8],L=window.Uint8Array&&cf&&!window.forbidenWebGL&&L&&(window.forceWebGL\|\|(m\|\|x\|\|T\|\|g\|\|Z\|\|w)&&"other"!=S),m=window.forceWebGLBaseRender\|\|L
2024-09-27 06:19:08 UTC	2492	IN	Data Raw: 66 28 69 73 53 79 6d 62 6f 6c 28 66 29 29 72 65 74 75 72 6e 20 4e 41 4e 3b 69 66 28 22 73 74 72 69 6e 67 22 21 3d 74 79 70 65 6f 66 28 66 3d 69 73 4f 62 6a 65 63 74 28 66 29 3f 69 73 4f 62 6a 65 63 74 28 65 3d 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 66 2e 76 61 6c 75 65 4f 66 3f 66 2e 76 61 6c 75 65 4f 66 28 29 3a 66 29 3f 65 2b 22 22 3a 65 3a 66 29 29 72 65 74 75 72 6e 20 30 3d 3d 3d 66 3f 66 3a 2b 66 3b 66 3d 62 61 73 65 54 72 69 6d 28 66 29 3b 76 61 72 20 65 3d 72 65 49 73 42 69 6e 61 72 79 2e 74 65 73 74 28 66 29 3b 72 65 74 75 72 6e 20 65 7c 7c 72 65 49 73 4f 63 74 61 6c 2e 74 65 73 74 28 66 29 3f 66 72 65 65 50 61 72 73 65 49 6e 74 28 66 2e 73 6c 69 63 65 28 32 29 2c 65 3f 32 3a 38 29 3a 72 65 49 73 42 61 64 48 65 78 2e 74 65 73 74 Data Ascii: f(isSymbol(f))return NAN;if("string"!=typeof(f=isObject(f)?isObject(e="function"==typeof f.valueOf?f.valueOf():f)?e+"":e:f))return 0===f?f:+f;f=baseTrim(f);var e=reIsBinary.test(f);return e\|\|reIsOctal.test(f)?freeParseInt(f.slice(2),e?2:8):reIsBadHex.test
2024-09-27 06:19:08 UTC	4096	IN	Data Raw: 30 3b 72 65 74 75 72 6e 20 74 2e 61 70 70 6c 79 28 76 6f 69 64 20 30 2c 61 72 67 75 6d 65 6e 74 73 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 63 6f 6e 73 74 61 6e 74 28 66 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 66 7d 7d 76 61 72 20 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 20 66 3d 67 65 74 4e 61 74 69 76 65 28 4f 62 6a 65 63 74 2c 22 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 22 29 3b 72 65 74 75 72 6e 20 66 28 7b 7d 2c 22 22 2c 7b 7d 29 2c 66 7d 63 61 74 63 68 28 66 29 7b 7d 7d 28 29 2c 62 61 73 65 53 65 74 54 6f 53 74 72 69 6e 67 3d 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 3f 66 75 6e 63 74 69 6f 6e 28 66 2c 65 29 7b 72 65 74 75 72 6e 20 64 65 66 69 6e 65 50 72 Data Ascii: 0;return t.apply(void 0,arguments)}}function constant(f){return function(){return f}}var defineProperty=function(){try{var f=getNative(Object,"defineProperty");return f({},"",{}),f}catch(f){}}(),baseSetToString=defineProperty?function(f,e){return definePr
2024-09-27 06:19:08 UTC	4096	IN	Data Raw: 70 65 64 41 72 72 61 79 28 66 29 7b 72 65 74 75 72 6e 20 69 73 4f 62 6a 65 63 74 4c 69 6b 65 28 66 29 26 26 69 73 4c 65 6e 67 74 68 28 66 2e 6c 65 6e 67 74 68 29 26 26 21 21 74 79 70 65 64 41 72 72 61 79 54 61 67 73 5b 62 61 73 65 47 65 74 54 61 67 28 66 29 5d 7d 66 75 6e 63 74 69 6f 6e 20 62 61 73 65 55 6e 61 72 79 28 65 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 66 29 7b 72 65 74 75 72 6e 20 65 28 66 29 7d 7d 74 79 70 65 64 41 72 72 61 79 54 61 67 73 5b 66 6c 6f 61 74 33 32 54 61 67 5d 3d 74 79 70 65 64 41 72 72 61 79 54 61 67 73 5b 66 6c 6f 61 74 36 34 54 61 67 5d 3d 74 79 70 65 64 41 72 72 61 79 54 61 67 73 5b 69 6e 74 38 54 61 67 5d 3d 74 79 70 65 64 41 72 72 61 79 54 61 67 73 5b 69 6e 74 31 36 54 61 67 5d 3d 74 79 70 65 64 41 72 72 61 79 Data Ascii: pedArray(f){return isObjectLike(f)&&isLength(f.length)&&!!typedArrayTags[baseGetTag(f)]}function baseUnary(e){return function(f){return e(f)}}typedArrayTags[float32Tag]=typedArrayTags[float64Tag]=typedArrayTags[int8Tag]=typedArrayTags[int16Tag]=typedArray
2024-09-27 06:19:08 UTC	4096	IN	Data Raw: 76 61 72 20 74 3d 66 2e 6c 65 6e 67 74 68 3b 74 2d 2d 3b 29 69 66 28 65 71 28 66 5b 74 5d 5b 30 5d 2c 65 29 29 72 65 74 75 72 6e 20 74 3b 72 65 74 75 72 6e 2d 31 7d 48 61 73 68 2e 70 72 6f 74 6f 74 79 70 65 2e 63 6c 65 61 72 3d 68 61 73 68 43 6c 65 61 72 2c 48 61 73 68 2e 70 72 6f 74 6f 74 79 70 65 2e 64 65 6c 65 74 65 3d 68 61 73 68 44 65 6c 65 74 65 2c 48 61 73 68 2e 70 72 6f 74 6f 74 79 70 65 2e 67 65 74 3d 68 61 73 68 47 65 74 2c 48 61 73 68 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 3d 68 61 73 68 48 61 73 2c 48 61 73 68 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 3d 68 61 73 68 53 65 74 3b 76 61 72 20 61 72 72 61 79 50 72 6f 74 6f 3d 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2c 73 70 6c 69 63 65 3d 61 72 72 61 79 50 72 6f 74 6f 2e 73 70 6c 69 63 65 Data Ascii: var t=f.length;t--;)if(eq(f[t][0],e))return t;return-1}Hash.prototype.clear=hashClear,Hash.prototype.delete=hashDelete,Hash.prototype.get=hashGet,Hash.prototype.has=hashHas,Hash.prototype.set=hashSet;var arrayProto=Array.prototype,splice=arrayProto.splice
2024-09-27 06:19:08 UTC	4096	IN	Data Raw: 6f 74 79 70 65 2e 73 65 74 3d 73 74 61 63 6b 53 65 74 3b 76 61 72 20 66 72 65 65 45 78 70 6f 72 74 73 24 32 3d 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 78 70 6f 72 74 73 26 26 65 78 70 6f 72 74 73 26 26 21 65 78 70 6f 72 74 73 2e 6e 6f 64 65 54 79 70 65 26 26 65 78 70 6f 72 74 73 2c 66 72 65 65 4d 6f 64 75 6c 65 24 32 3d 66 72 65 65 45 78 70 6f 72 74 73 24 32 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 6d 6f 64 75 6c 65 26 26 21 6d 6f 64 75 6c 65 2e 6e 6f 64 65 54 79 70 65 26 26 6d 6f 64 75 6c 65 2c 6d 6f 64 75 6c 65 45 78 70 6f 72 74 73 24 32 3d 66 72 65 65 4d 6f 64 75 6c 65 24 32 26 26 66 72 65 65 4d 6f 64 75 6c 65 24 32 2e 65 78 70 6f 72 74 73 3d 3d 3d 66 72 65 65 45 78 70 6f 72 74 73 24 32 2c 42 75 66 Data Ascii: otype.set=stackSet;var freeExports$2="object"==typeof exports&&exports&&!exports.nodeType&&exports,freeModule$2=freeExports$2&&"object"==typeof module&&module&&!module.nodeType&&module,moduleExports$2=freeModule$2&&freeModule$2.exports===freeExports$2,Buf
2024-09-27 06:19:08 UTC	4056	IN	Data Raw: 72 72 61 79 42 75 66 66 65 72 54 61 67 24 31 3a 72 65 74 75 72 6e 20 63 6c 6f 6e 65 41 72 72 61 79 42 75 66 66 65 72 28 66 29 3b 63 61 73 65 20 62 6f 6f 6c 54 61 67 24 31 3a 63 61 73 65 20 64 61 74 65 54 61 67 24 31 3a 72 65 74 75 72 6e 20 6e 65 77 20 72 28 2b 66 29 3b 63 61 73 65 20 64 61 74 61 56 69 65 77 54 61 67 24 32 3a 72 65 74 75 72 6e 20 63 6c 6f 6e 65 44 61 74 61 56 69 65 77 28 66 2c 74 29 3b 63 61 73 65 20 66 6c 6f 61 74 33 32 54 61 67 24 31 3a 63 61 73 65 20 66 6c 6f 61 74 36 34 54 61 67 24 31 3a 63 61 73 65 20 69 6e 74 38 54 61 67 24 31 3a 63 61 73 65 20 69 6e 74 31 36 54 61 67 24 31 3a 63 61 73 65 20 69 6e 74 33 32 54 61 67 24 31 3a 63 61 73 65 20 75 69 6e 74 38 54 61 67 24 31 3a 63 61 73 65 20 75 69 6e 74 38 43 6c 61 6d 70 65 64 54 61 67 24 Data Ascii: rrayBufferTag$1:return cloneArrayBuffer(f);case boolTag$1:case dateTag$1:return new r(+f);case dataViewTag$2:return cloneDataView(f,t);case float32Tag$1:case float64Tag$1:case int8Tag$1:case int16Tag$1:case int32Tag$1:case uint8Tag$1:case uint8ClampedTag$
2024-09-27 06:19:08 UTC	2920	IN	Data Raw: 79 70 65 2e 61 64 64 3d 53 65 74 43 61 63 68 65 2e 70 72 6f 74 6f 74 79 70 65 2e 70 75 73 68 3d 73 65 74 43 61 63 68 65 41 64 64 2c 53 65 74 43 61 63 68 65 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 3d 73 65 74 43 61 63 68 65 48 61 73 3b 76 61 72 20 43 4f 4d 50 41 52 45 5f 50 41 52 54 49 41 4c 5f 46 4c 41 47 3d 31 2c 43 4f 4d 50 41 52 45 5f 55 4e 4f 52 44 45 52 45 44 5f 46 4c 41 47 3d 32 3b 66 75 6e 63 74 69 6f 6e 20 65 71 75 61 6c 41 72 72 61 79 73 28 66 2c 65 2c 74 2c 72 2c 69 2c 6f 29 7b 76 61 72 20 6e 3d 74 26 43 4f 4d 50 41 52 45 5f 50 41 52 54 49 41 4c 5f 46 4c 41 47 2c 61 3d 66 2e 6c 65 6e 67 74 68 3b 69 66 28 61 21 3d 28 6c 3d 65 2e 6c 65 6e 67 74 68 29 26 26 21 28 6e 26 26 61 3c 6c 29 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 6c 3d 6f 2e 67 65 74 Data Ascii: ype.add=SetCache.prototype.push=setCacheAdd,SetCache.prototype.has=setCacheHas;var COMPARE_PARTIAL_FLAG=1,COMPARE_UNORDERED_FLAG=2;function equalArrays(f,e,t,r,i,o){var n=t&COMPARE_PARTIAL_FLAG,a=f.length;if(a!=(l=e.length)&&!(n&&a<l))return!1;var l=o.get

Timestamp	Bytes transferred	Direction	Data
2024-09-27 06:19:08 UTC	765	OUT	POST /stat.htm?id=1281366638&r=&lg=en-us&ntime=none&cnzz_eid=1701857660-1727417946-&showp=1280x1024&p=http%3A%2F%2Faa5aa5aa5aa5aa44.app%2F&t=%E7%88%B1%E7%88%B1%E7%BD%91&umuuid=19232220dae2bd-07a6196558f62e-26031e51-140000-19232220daf416&h=1 HTTP/1.1 Host: z6.cnzz.com Connection: keep-alive Content-Length: 0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Origin: http://aa5aa5aa5aa5aa44.app Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-27 06:19:09 UTC	183	IN	HTTP/1.1 200 OK Server: Tengine Date: Fri, 27 Sep 2024 06:19:08 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding
2024-09-27 06:19:09 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Timestamp	Bytes transferred	Direction	Data
2024-09-27 06:19:08 UTC	500	OUT	GET /c.js?web_id=1281366638&t=z HTTP/1.1 Host: c.cnzz.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-27 06:19:09 UTC	550	IN	HTTP/1.1 200 OK Server: Tengine Content-Type: application/javascript Content-Length: 906 Connection: close cache-control: public, max-age=321 date: Fri, 27 Sep 2024 06:17:25 GMT Via: cache59.l2cn3130[84,84,304-0,H], cache56.l2cn3130[85,0], cache80.cn3960[0,0,200-0,H], cache47.cn3960[0,0] etag: W/"8436624180817760094" Age: 103 Ali-Swift-Global-Savetime: 1727417845 X-Cache: HIT TCP_MEM_HIT dirn:-2:-2 X-Swift-SaveTime: Fri, 27 Sep 2024 06:17:25 GMT X-Swift-CacheTime: 321 Timing-Allow-Origin: * EagleId: 7ae1d14317274179488557750e
2024-09-27 06:19:09 UTC	906	IN	Data Raw: 21 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 5f 3d 22 68 74 74 70 3a 22 3d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 6f 72 28 76 61 72 20 5f 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 22 73 63 72 69 70 74 22 29 2c 74 3d 30 2c 65 3d 5f 2e 6c 65 6e 67 74 68 3b 74 3c 65 3b 74 2b 2b 29 7b 76 61 72 20 6e 2c 69 3d 5f 5b 74 5d 3b 69 66 28 69 2e 73 72 63 26 26 28 6e 3d 2f 5e 28 68 74 74 70 73 3f 3a 29 5c 2f 5c 2f 5b 5c 77 5c 2e 5c 2d 5d 2b 5c 2e 63 6e 7a 7a 5c 2e 63 6f 6d 5c 2f 2f 69 2e 65 78 65 63 28 69 2e 73 72 63 29 29 29 72 65 74 75 72 6e 20 6e 5b 31 5d 7d 72 65 74 75 72 6e 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 70 72 6f 74 6f 63 6f 6c 7d 28 29 3f 22 68 74 74 70 3a 22 3a 22 68 74 74 70 73 3a 22 2c Data Ascii: !function(){var _="http:"==function(){for(var _=document.getElementsByTagName("script"),t=0,e=_.length;t<e;t++){var n,i=_[t];if(i.src&&(n=/^(https?:)\/\/[\w\.\-]+\.cnzz\.com\//i.exec(i.src)))return n[1]}return window.location.protocol}()?"http:":"https:",

Timestamp	Bytes transferred	Direction	Data
2024-09-27 06:19:09 UTC	514	OUT	OPTIONS /msg_demo/v/pc/video/category HTTP/1.1 Host: aawapi-v3.trh999.com Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type,operationid Origin: http://aa5aa5aa5aa5aa44.app User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-27 06:19:10 UTC	655	IN	HTTP/1.1 200 OK Server: Tengine Content-Type: application/json Content-Length: 18 Connection: close Date: Fri, 27 Sep 2024 06:19:10 GMT Access-Control-Allow-Credentials: false Access-Control-Allow-Headers: * Access-Control-Allow-Methods: * Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers,Cache-Control,Content-Language,Content-Type,Expires,Last-Modified,Pragma,FooBar Access-Control-Max-Age: 172800 Strict-Transport-Security: max-age=31536000 Via: cache40.l2hk3[5,0], ens-cache8.de7[211,0] Timing-Allow-Origin: * EagleId: a3b5839c17274179501285403e
2024-09-27 06:19:10 UTC	18	IN	Data Raw: 22 4f 70 74 69 6f 6e 73 20 52 65 71 75 65 73 74 21 22 Data Ascii: "Options Request!"

Timestamp	Bytes transferred	Direction	Data
2024-09-27 06:19:09 UTC	526	OUT	OPTIONS /msg_demo/v/pc/video/getAllCategoryVideos HTTP/1.1 Host: aawapi-v3.trh999.com Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type,operationid Origin: http://aa5aa5aa5aa5aa44.app User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-27 06:19:10 UTC	655	IN	HTTP/1.1 200 OK Server: Tengine Content-Type: application/json Content-Length: 18 Connection: close Date: Fri, 27 Sep 2024 06:19:10 GMT Access-Control-Allow-Credentials: false Access-Control-Allow-Headers: * Access-Control-Allow-Methods: * Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers,Cache-Control,Content-Language,Content-Type,Expires,Last-Modified,Pragma,FooBar Access-Control-Max-Age: 172800 Strict-Transport-Security: max-age=31536000 Via: cache30.l2hk3[5,0], ens-cache6.de7[231,0] Timing-Allow-Origin: * EagleId: a3b5839a17274179501216414e
2024-09-27 06:19:10 UTC	18	IN	Data Raw: 22 4f 70 74 69 6f 6e 73 20 52 65 71 75 65 73 74 21 22 Data Ascii: "Options Request!"

Timestamp	Bytes transferred	Direction	Data
2024-09-27 06:19:09 UTC	512	OUT	OPTIONS /msg_demo/v/pc/video/adList HTTP/1.1 Host: aawapi-v3.trh999.com Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type,operationid Origin: http://aa5aa5aa5aa5aa44.app User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-27 06:19:10 UTC	656	IN	HTTP/1.1 200 OK Server: Tengine Content-Type: application/json Content-Length: 18 Connection: close Date: Fri, 27 Sep 2024 06:19:10 GMT Access-Control-Allow-Credentials: false Access-Control-Allow-Headers: * Access-Control-Allow-Methods: * Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers,Cache-Control,Content-Language,Content-Type,Expires,Last-Modified,Pragma,FooBar Access-Control-Max-Age: 172800 Strict-Transport-Security: max-age=31536000 Via: cache13.l2hk3[4,0], ens-cache10.de7[211,0] Timing-Allow-Origin: * EagleId: a3b5839e17274179501393192e
2024-09-27 06:19:10 UTC	18	IN	Data Raw: 22 4f 70 74 69 6f 6e 73 20 52 65 71 75 65 73 74 21 22 Data Ascii: "Options Request!"

Timestamp	Bytes transferred	Direction	Data
2024-09-27 06:19:09 UTC	512	OUT	OPTIONS /msg_demo/v/search/hotLists HTTP/1.1 Host: aawapi-v3.trh999.com Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type,operationid Origin: http://aa5aa5aa5aa5aa44.app User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-27 06:19:10 UTC	655	IN	HTTP/1.1 200 OK Server: Tengine Content-Type: application/json Content-Length: 18 Connection: close Date: Fri, 27 Sep 2024 06:19:10 GMT Access-Control-Allow-Credentials: false Access-Control-Allow-Headers: * Access-Control-Allow-Methods: * Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers,Cache-Control,Content-Language,Content-Type,Expires,Last-Modified,Pragma,FooBar Access-Control-Max-Age: 172800 Strict-Transport-Security: max-age=31536000 Via: cache20.l2hk3[7,0], ens-cache9.de7[233,0] Timing-Allow-Origin: * EagleId: a3b5839d17274179501514548e
2024-09-27 06:19:10 UTC	18	IN	Data Raw: 22 4f 70 74 69 6f 6e 73 20 52 65 71 75 65 73 74 21 22 Data Ascii: "Options Request!"

Timestamp	Bytes transferred	Direction	Data
2024-09-27 06:19:09 UTC	499	OUT	OPTIONS /msg_demo/client_config/get HTTP/1.1 Host: aawapi-v3.trh999.com Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: operationid Origin: http://aa5aa5aa5aa5aa44.app User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-27 06:19:10 UTC	655	IN	HTTP/1.1 200 OK Server: Tengine Content-Type: application/json Content-Length: 18 Connection: close Date: Fri, 27 Sep 2024 06:19:10 GMT Access-Control-Allow-Credentials: false Access-Control-Allow-Headers: * Access-Control-Allow-Methods: * Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers,Cache-Control,Content-Language,Content-Type,Expires,Last-Modified,Pragma,FooBar Access-Control-Max-Age: 172800 Strict-Transport-Security: max-age=31536000 Via: cache16.l2hk3[5,0], ens-cache1.de7[209,0] Timing-Allow-Origin: * EagleId: a3b5839517274179501424549e
2024-09-27 06:19:10 UTC	18	IN	Data Raw: 22 4f 70 74 69 6f 6e 73 20 52 65 71 75 65 73 74 21 22 Data Ascii: "Options Request!"

Timestamp	Bytes transferred	Direction	Data
2024-09-27 06:19:10 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-27 06:19:10 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF67) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=37624 Date: Fri, 27 Sep 2024 06:19:10 GMT Connection: close X-CID: 2